def setup_listeners(self):
no_ssl = [elb.Listener(
LoadBalancerPort=80,
Protocol='HTTP',
InstancePort=80,
InstanceProtocol='HTTP'
)]
# Choose proper certificate source
acm_cert = Join("", [
"arn:aws:acm:", Ref("AWS::Region"), ":", Ref("AWS::AccountId"),
":certificate/", Ref("ELBCertName")])
iam_cert = Join("", [
"arn:aws:iam::", Ref("AWS::AccountId"), ":server-certificate/",
Ref("ELBCertName")])
cert_id = If("UseIAMCert", iam_cert, acm_cert)
with_ssl = copy.deepcopy(no_ssl)
with_ssl.append(elb.Listener(
LoadBalancerPort=443,
InstancePort=80,
Protocol='HTTPS',
InstanceProtocol="HTTP",
SSLCertificateId=cert_id))
listeners = If("UseSSL", with_ssl, no_ssl)
return listeners
def create_replication_group(self):
t = self.template
availability_zones = If("DefinedAvailabilityZones",
Ref("PreferredCacheClusterAZs"),
Ref("AWS::NoValue"))
t.add_resource(
ReplicationGroup(
REPLICATION_GROUP,
AutomaticFailoverEnabled=Ref("AutomaticFailoverEnabled"),
AutoMinorVersionUpgrade=Ref("AutoMinorVersionUpgrade"),
CacheNodeType=Ref("CacheNodeType"),
CacheParameterGroupName=Ref(PARAMETER_GROUP),
CacheSubnetGroupName=Ref(SUBNET_GROUP),
Engine=self.engine() or Ref("Engine"),
EngineVersion=Ref("EngineVersion"),
NotificationTopicArn=If("DefinedNotificationArn",
Ref("NotificationTopicArn"),
Ref("AWS::NoValue")),
NumCacheClusters=Ref("NumCacheClusters"),
Port=If("DefinedPort", Ref("Port"), Ref("AWS::NoValue")),
PreferredCacheClusterAZs=availability_zones,
PreferredMaintenanceWindow=Ref("PreferredMaintenanceWindow"),
ReplicationGroupDescription=self.name,
SecurityGroupIds=[
Ref(SECURITY_GROUP),
],
SnapshotArns=If("DefinedSnapshotArns", Ref("SnapshotArns"),
Ref("AWS::NoValue")),
SnapshotRetentionLimit=Ref("SnapshotRetentionLimit"),
SnapshotWindow=If("DefinedSnapshotWindow",
Ref("SnapshotWindow"), Ref("AWS::NoValue")),
))
def setup_listeners(self):
no_ssl = [
elb.Listener(LoadBalancerPort=80,
Protocol="TCP",
InstancePort=8081,
InstanceProtocol="TCP")
]
acm_cert = Join("", [
"arn:aws:acm:",
Ref("AWS::Region"), ":",
Ref("AWS::AccountId"), ":certificate/",
Ref("ELBCertName")
])
iam_cert = Join("", [
"arn:aws:iam::",
Ref("AWS::AccountId"), ":server-certificate/",
Ref("ELBCertName")
])
cert_id = If("UseIAMCert", iam_cert, acm_cert)
with_ssl = []
with_ssl.append(
elb.Listener(LoadBalancerPort=443,
InstancePort=8081,
Protocol="SSL",
InstanceProtocol="TCP",
SSLCertificateId=cert_id))
listeners = If("UseHTTPS", with_ssl, no_ssl)
return listeners
def add_resources(self):
"""Add resources to template."""
template = self.template
variables = self.get_variables()
template.add_condition(
'ProtoIsHttps', Equals(variables['ListeningProtocol'].ref,
'HTTPS'))
listener = template.add_resource(
elasticloadbalancingv2.Listener(
'AlbListener',
Certificates=If('ProtoIsHttps', [
elasticloadbalancingv2.Certificate(
CertificateArn=variables['AcmCertArn'].ref)
], Ref('AWS::NoValue')),
DefaultActions=[
elasticloadbalancingv2.Action(
TargetGroupArn=variables['DefaultTargetGroupArn'].ref,
Type='forward')
],
LoadBalancerArn=variables['AlbArn'].ref,
Port=variables['ListeningPort'].ref,
Protocol=variables['ListeningProtocol'].ref,
SslPolicy=If('ProtoIsHttps', variables['SslPolicy'].ref,
Ref('AWS::NoValue'))))
template.add_output(
Output("{}Arn".format(listener.title),
Description="ARN of the Listener",
Value=Ref(listener),
Export=Export(
Sub('${AWS::StackName}-%sArn' % listener.title))))
def create_db_subnet_group(template, conditional=False):
"""
Function to create a subnet group
:param troposphere.Template template: the template to add the subnet group to.
:param bool conditional: Whether or not the object should have a Condition for creation in CFN
:return: group, the DB Subnets Group
:rtype: troposphere.rds.DBSubnetGroup
"""
group = DBSubnetGroup(
CLUSTER_SUBNET_GROUP,
template=template,
DBSubnetGroupName=If(
cfn_conditions.USE_STACK_NAME_CON_T,
Sub("db-subnet-group-${AWS::StackName}"),
Sub(f"db-subnet-group-${{{ROOT_STACK_NAME_T}}}"),
),
DBSubnetGroupDescription=If(
cfn_conditions.USE_STACK_NAME_CON_T,
Sub("DB Subnet group for ${AWS::StackName}"),
Sub(f"DB Subnet group for ${{{ROOT_STACK_NAME_T}}}"),
),
SubnetIds=Ref(STORAGE_SUBNETS),
)
if conditional:
setattr(group, "Condition", rds_conditions.DBS_SUBNET_GROUP_CON_T)
return group
def add_service_default_sg(self):
"""
Adds a default security group for the microservice.
"""
sg = self.template.add_resource(
SecurityGroup(
SG_T,
GroupDescription=If(
USE_STACK_NAME_CON_T,
Sub(f"SG for ${{{SERVICE_NAME_T}}} - ${{AWS::StackName}}"),
Sub(f"SG for ${{{SERVICE_NAME_T}}} - ${{{ROOT_STACK_NAME_T}}}"
),
),
Tags=Tags({
"Name":
If(
USE_STACK_NAME_CON_T,
Sub(f"${{{SERVICE_NAME_T}}}-${{AWS::StackName}}"),
Sub(f"${{{SERVICE_NAME_T}}}-${{{ROOT_STACK_NAME_T}}}"),
),
"StackName":
Ref(AWS_STACK_NAME),
"MicroserviceName":
Ref(SERVICE_NAME),
}),
VpcId=Ref(VPC_ID),
))
return sg
def handle_key_settings(template, key, key_def):
"""
Function to add to the template for additional KMS key related resources.
:param troposphere.Template template:
:param key: the KMS key
:param dict key_def:
:return:
"""
if keyisset("Settings", key_def) and keyisset("Alias", key_def["Settings"]):
alias_name = key_def["Settings"]["Alias"]
if not (alias_name.startswith("alias/") or alias_name.startswith("aws")):
alias_name = If(
USE_STACK_NAME_CON_T,
Sub(f"alias/${{AWS::StackName}}/{alias_name}"),
Sub(f"alias/${{{ROOT_STACK_NAME.title}}}/{alias_name}"),
)
elif alias_name.startswith("alias/aws") or alias_name.startswith("aws"):
raise ValueError(f"Alias {alias_name} cannot start with alias/aws.")
Alias(
f"{key.title}Alias",
template=template,
AliasName=alias_name,
TargetKeyId=Ref(key),
Metadata=metadata,
)
def test_allow_string_cluster(self):
spot = "2"
withSpotPrice = "WithSpotPrice"
cluster = emr.Cluster(
'Cluster',
# AdditionalInfo="Additional Info",
Applications=[
emr.Application(Name="Hadoop"),
emr.Application(Name="Hive"),
emr.Application(Name="Mahout"),
emr.Application(Name="Pig"),
emr.Application(Name="Spark")
],
BootstrapActions=[
emr.BootstrapActionConfig(
Name='Dummy bootstrap action',
ScriptBootstrapAction=emr.ScriptBootstrapActionConfig(
Path='file:/usr/share/aws/emr/scripts/install-hue',
Args=["dummy", "parameter"]))
],
Configurations=[
emr.Configuration(Classification="core-site",
ConfigurationProperties={
'hadoop.security.groups.cache.secs':
'250'
})
],
Instances=emr.JobFlowInstancesConfig(
Ec2KeyName="KeyName",
Ec2SubnetId="SubnetId",
MasterInstanceGroup=emr.InstanceGroupConfigProperty(
InstanceCount="1",
InstanceType=M4_LARGE,
AutoScalingPolicy=emr.AutoScalingPolicy(
Constraints=emr.ScalingConstraints(MinCapacity="1",
MaxCapacity="3"),
Rules=self.generate_rules("MasterAutoScalingPolicy")),
),
CoreInstanceGroup=emr.InstanceGroupConfigProperty(
Name="Core Instance",
BidPrice=If(withSpotPrice, Ref(spot), Ref("AWS::NoValue")),
Market=If(withSpotPrice, "SPOT", "ON_DEMAND"),
InstanceCount="1",
InstanceType=M4_LARGE,
AutoScalingPolicy=emr.AutoScalingPolicy(
Constraints=emr.ScalingConstraints(MinCapacity="1",
MaxCapacity="3"),
Rules=self.generate_rules("CoreAutoScalingPolicy"),
)),
),
JobFlowRole="EMRJobFlowRole",
LogUri="s3://cluster-logs",
Name="EMR Cluster",
ReleaseLabel="emr-5.5.0",
ServiceRole="EMRServiceRole",
AutoScalingRole="EMR_AutoScaling_DefaultRole",
VisibleToAllUsers="true",
Tags=Tags(Name="EMR Sample Cluster"))
cluster.to_dict()
def create_rds(self):
t = self.template
t.add_resource(
DBInstance(DBINSTANCE,
StorageType=If("HasStorageType", Ref("StorageType"),
Ref("AWS::NoValue")),
Iops=If("HasProvisionedIOPS", Ref("IOPS"),
Ref("AWS::NoValue")),
**self.get_common_attrs()))
def add_vpc_core(template, vpc_cidr):
"""
Function to create the core resources of the VPC
and add them to the core VPC template
:param template: VPC Template()
:param vpc_cidr: str of the VPC CIDR i.e. 192.168.0.0/24
:return: tuple() with the vpc and igw object
"""
vpc = VPCType(
VPC_T,
template=template,
CidrBlock=vpc_cidr,
EnableDnsHostnames=True,
EnableDnsSupport=True,
Tags=Tags(
Name=If(USE_STACK_NAME_CON_T, Ref("AWS::StackName"),
Ref(ROOT_STACK_NAME)),
EnvironmentName=If(USE_STACK_NAME_CON_T, Ref("AWS::StackName"),
Ref(ROOT_STACK_NAME)),
),
Metadata=metadata,
)
igw = InternetGateway(IGW_T, template=template)
VPCGatewayAttachment(
"VPCGatewayAttachement",
template=template,
InternetGatewayId=Ref(igw),
VpcId=Ref(vpc),
Metadata=metadata,
)
dhcp_opts = DHCPOptions(
"VpcDhcpOptions",
template=template,
DomainName=If(
USE_STACK_NAME_CON_T,
Sub(f"svc.${{AWS::StackName}}.${{{PRIVATE_DNS_ZONE_NAME.title}}} "
f"${{AWS::StackName}}.${{{PRIVATE_DNS_ZONE_NAME.title}}}"),
Sub(f"svc.${{{ROOT_STACK_NAME_T}}}.${{{PRIVATE_DNS_ZONE_NAME.title}}} "
f"${{{ROOT_STACK_NAME_T}}}.${{{PRIVATE_DNS_ZONE_NAME.title}}}"
),
),
DomainNameServers=["AmazonProvidedDNS"],
Tags=Tags(Name=Sub(f"dhcp-${{{vpc.title}}}")),
Metadata=metadata,
)
VPCDHCPOptionsAssociation(
"VpcDhcpOptionsAssociate",
template=template,
DhcpOptionsId=Ref(dhcp_opts),
VpcId=Ref(vpc),
Metadata=metadata,
)
return (vpc, igw)
def test_no_validation_method(self):
route = Route('Route66',
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref('RouteTable66'),
InstanceId=If('UseNat', Ref('AWS::NoValue'),
Ref('UseNat')),
NatGatewayId=If('UseNat', Ref('UseNat'),
Ref('AWS::NoValue'))).no_validation()
t = Template()
t.add_resource(route)
t.to_json()
def test_no_validation_method(self):
route = Route(
"Route66",
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref("RouteTable66"),
InstanceId=If("UseNat", Ref("AWS::NoValue"), Ref("UseNat")),
NatGatewayId=If("UseNat", Ref("UseNat"), Ref("AWS::NoValue")),
).no_validation()
t = Template()
t.add_resource(route)
t.to_json()
def test_validation(self):
route = Route('Route66',
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref('RouteTable66'),
InstanceId=If('UseNat', Ref('AWS::NoValue'),
Ref('UseNat')),
NatGatewayId=If('UseNat', Ref('UseNat'),
Ref('AWS::NoValue')))
t = Template()
t.add_resource(route)
with self.assertRaises(ValueError):
t.to_json()
def test_validation(self):
route = Route(
"Route66",
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref("RouteTable66"),
InstanceId=If("UseNat", Ref("AWS::NoValue"), Ref("UseNat")),
NatGatewayId=If("UseNat", Ref("UseNat"), Ref("AWS::NoValue")),
)
t = Template()
t.add_resource(route)
with self.assertRaises(ValueError):
t.to_json()
def build_tags_list(t):
has_conditions = []
tags_list = []
for x in range(1, 11):
name = t.add_parameter(
Parameter(
"Tag%sName" % x,
Type="String",
Default="-NONE-",
))
value = t.add_parameter(
Parameter(
"Tag%sValue" % x,
Type="String",
Default="-NONE-",
))
t.add_condition(
"HasTag%s" % x,
Not(
Or(
Equals(Ref(name), "-NONE-"),
Equals(Ref(value), "-NONE-"),
), ),
)
has_conditions.append({"Fn::Condition": "HasTag%s" % x})
tags_list.append(
If(
"HasTag%s" % x,
{
"Key": Ref(name),
"Value": Ref(value),
},
NoValue,
), )
t.add_condition(
"HasTags",
Or(*has_conditions),
)
return If(
"HasTags",
TagsList(*tags_list),
NoValue,
)
def generate_service_definition(self, family: ComposeFamily) -> None:
"""
Function to generate the Service definition.
This is the last step in defining the service, after all other settings have been prepared.
:param ecs_composex.ecs.ecs_family.ComposeFamily family:
:param ecs_composex.common.settings.ComposeXSettings settings:
"""
from .helpers import set_service_default_tags_labels
props = {}
define_deployment_options(self.family, props)
self.ecs_service = Service(
ecs_params.SERVICE_T,
template=self.family.template,
TaskDefinition=Ref(self.family.task_definition),
Cluster=Ref(ecs_params.CLUSTER_NAME),
DeploymentController=DeploymentController(Type="ECS"),
LaunchType=family.service_compute.cfn_launch_type,
CapacityProviderStrategy=NoValue,
EnableECSManagedTags=True,
DesiredCount=If(
ecs_conditions.SERVICE_COUNT_ZERO_AND_FARGATE_CON_T,
1,
If(
ecs_conditions.USE_FARGATE_CON_T,
Ref(ecs_params.SERVICE_COUNT),
If(
ecs_conditions.SERVICE_COUNT_ZERO_CON_T,
NoValue,
Ref(ecs_params.SERVICE_COUNT),
),
),
),
SchedulingStrategy=NoValue,
PlacementStrategies=define_placement_strategies(),
NetworkConfiguration=family.service_networking.ecs_network_config,
LoadBalancers=use_external_lt_con(NoValue, self.lbs),
ServiceRegistries=use_external_lt_con(NoValue, self.registries),
Tags=set_service_default_tags_labels(self.family),
PropagateTags="SERVICE",
PlatformVersion=If(
ecs_conditions.USE_FARGATE_CON_T,
Ref(ecs_params.FARGATE_VERSION),
NoValue,
),
**props,
)
def rds_adder(self,
instance_identifier,
allocated_storage,
db_subnet_group,
rds_group,
db_size,
db_name='MyDB',
storage_type='gp2',
engine_version='5.5.40a',
storage_engine='MySQL',
publicly_accessible=False):
db_names = ''
db_asf = (db_name.upper(), 'DNS')
if publicly_accessible is False:
publicly_accessible = "false"
else:
publicly_accessible = "true"
dbinstance = rds.DBInstance(
db_name,
DBInstanceIdentifier=instance_identifier,
Engine=storage_engine,
EngineVersion=engine_version,
MasterUsername=If("NotRestoringFromSnapshot", Ref("RDSDBUser"),
Ref("AWS::NoValue")),
MasterUserPassword=If("NotRestoringFromSnapshot",
Ref("RDSDBPassword"), Ref("AWS::NoValue")),
AllocatedStorage=allocated_storage,
DBSnapshotIdentifier=If("NotRestoringFromSnapshot",
Ref("AWS::NoValue"), Ref("RDSSnapshot")),
StorageType=storage_type,
DBSubnetGroupName=db_subnet_group,
PubliclyAccessible=publicly_accessible,
VPCSecurityGroups=rds_group,
DBInstanceClass=db_size,
StorageEncrypted=If("NotRestoringFromSnapshot", True,
Ref("AWS::NoValue")))
dbdnsrecord = RecordSetType(
db_names.join(db_asf),
HostedZoneName=Join("", [Ref("RDSDNSDomain"), "."]),
Name=Join("", [Ref("RDSDNSName"), ".",
Ref("RDSDNSDomain"), "."]),
Type="CNAME",
TTL="900",
ResourceRecords=[GetAtt(dbinstance, "Endpoint.Address")],
)
self.template.add_resource(dbinstance)
self.template.add_resource(dbdnsrecord)
def create_nat_instance(self, zone_id, subnet_name):
t = self.template
suffix = zone_id
nat_instance = t.add_resource(
ec2.Instance(NAT_INSTANCE_NAME % suffix,
Condition="UseNatInstances",
ImageId=FindInMap('AmiMap', Ref("AWS::Region"),
Ref("ImageName")),
SecurityGroupIds=[Ref(DEFAULT_SG),
Ref(NAT_SG)],
SubnetId=Ref(subnet_name),
InstanceType=Ref('InstanceType'),
SourceDestCheck=False,
KeyName=Ref('SshKeyName'),
Tags=[ec2.Tag('Name', 'nat-gw%s' % suffix)],
DependsOn=GW_ATTACH))
eip = t.add_resource(
ec2.EIP('NATExternalIp%s' % suffix,
Domain='vpc',
InstanceId=If("UseNatInstances", Ref(nat_instance),
Ref("AWS::NoValue")),
DependsOn=GW_ATTACH))
t.add_resource(
ec2.NatGateway(
NAT_GATEWAY_NAME % suffix,
Condition="UseNatGateway",
AllocationId=GetAtt(eip, 'AllocationId'),
SubnetId=Ref(subnet_name),
))
return nat_instance
def reset_for_single_main_container(sidecar_used_memory: int,
family: ComposeFamily,
container_definition) -> None:
"""
When we have managed containers and a single application container, it is safe to
assume that our managed sidecars have limits on CPU and RAM (because we defined it).
In case we are then left with memory or CPU to spare, we want then to allow the final
container of the task definition to have access to all the task remaining CPU and RAM
If the container had memory limit and that is smaller than the memory that is left
to use for a Fargate task, we set the limit as the new reservation.
:param int sidecar_used_memory: The amount of RAM used by the sidecars
:param ComposeFamily family: The family to update the settings for.
"""
if isinstance(container_definition.Memory,
int) and container_definition.Memory < (
family.task_compute.fargate_ram - sidecar_used_memory):
setattr(
container_definition,
"MemoryReservation",
If(USE_FARGATE_CON_T, (container_definition.Memory + 0), NoValue),
)
setattr(container_definition, "Memory", NoValue)
setattr(container_definition, "Cpu", NoValue)
def add_service_to_map(self):
"""
Method to create a new Service into CloudMap to represent the current service and add entry into the registry
"""
registries = []
if not self.config.ports:
return registries
sd_service = SdService(
f"{self.resource_name}DiscoveryService",
template=self.template,
Description=Ref(SERVICE_NAME),
NamespaceId=Ref(PRIVATE_DNS_ZONE_ID),
HealthCheckCustomConfig=SdHealthCheckCustomConfig(
FailureThreshold=1.0),
DnsConfig=SdDnsConfig(
RoutingPolicy="MULTIVALUE",
NamespaceId=Ref(AWS_NO_VALUE),
DnsRecords=[
SdDnsRecord(TTL="15", Type="A"),
SdDnsRecord(TTL="15", Type="SRV"),
],
),
Name=If(USE_HOSTNAME_CON_T, Ref(SERVICE_HOSTNAME),
Ref(SERVICE_NAME)),
)
for port in self.config.ports:
registry = ServiceRegistry(
f"ServiceRegistry{port['published']}",
RegistryArn=GetAtt(sd_service, "Arn"),
Port=port["published"],
)
registries.append(registry)
break
return registries
def define_port_mappings(self) -> list:
"""
Define the list of port mappings to use for either AWS VPC deployments or else (bridge etc).
Not in use atm as AWS VPC is made mandatory
"""
service_port_mappings = (getattr(self.container_definition,
"PortMappings")
if self.container_definition else [])
for protocol, mappings in self.ingress_mappings.items():
for target_port, published_ports in mappings.items():
if published_ports:
for port in published_ports:
service_port_mappings.append(
PortMapping(
ContainerPort=target_port,
HostPort=If(USE_FARGATE_CON_T, NoValue, port),
Protocol=protocol.lower(),
))
else:
service_port_mappings.append(
PortMapping(
ContainerPort=target_port,
HostPort=NoValue,
Protocol=protocol.lower(),
))
self.handle_expose_ports(service_port_mappings)
return service_port_mappings
def create_log_group_template():
template = Template(
Description="Child stack to maintain Lambda@Edge log groups")
log_group_name = template.add_parameter(
Parameter("LogGroupName", Type="String"))
log_retention_days = template.add_parameter(
Parameter(
"LogRetentionDays",
Type="Number",
Description=
"Days to keep Lambda@Edge logs. 0 means indefinite retention.",
AllowedValues=[0] + CLOUDWATCH_LOGS_RETENTION_OPTIONS,
))
retention_defined = add_condition(template, "RetentionDefined",
Not(Equals(Ref(log_retention_days), 0)))
template.add_resource(
LogGroup(
"EdgeLambdaLogGroup",
LogGroupName=Ref(log_group_name),
RetentionInDays=If(retention_defined, Ref(log_retention_days),
NoValue),
))
return template
def test_helperfn_as_updatepolicy(self):
update_policy = UpdatePolicy(
AutoScalingRollingUpdate=AutoScalingRollingUpdate(
PauseTime='PT5M',
MinInstancesInService="1",
MaxBatchSize='1',
WaitOnResourceSignals=True))
group = AutoScalingGroup(
'mygroup',
AvailabilityZones=['eu-west-1a', 'eu-west-1b'],
LaunchConfigurationName="I'm a test",
MaxSize=If("isstage", "1", "5"),
MinSize="1",
UpdatePolicy=If("UseUpdatePolicy", update_policy,
Ref("AWS::NoValue")))
self.assertTrue(group.validate())
def set_services_mount_points(family):
"""
Method to set the mount points to the Container Definition of the defined service
if the volume["volume"] is none, this is not a shared volume, which then works only
when not using Fargate (i.e. EC2 host/ ECS Anywhere)
"""
for service in family.services:
mount_points = []
if not hasattr(service.container_definition, "MountPoints"):
setattr(service.container_definition, "MountPoints", mount_points)
else:
mount_points = getattr(service.container_definition, "MountPoints")
for volume in service.volumes:
if keyisset("volume", volume):
mnt_point = MountPoint(
ContainerPath=volume["target"],
ReadOnly=volume["read_only"],
SourceVolume=volume["volume"].volume_name,
)
else:
mnt_point = If(
USE_FARGATE_CON_T,
NoValue,
MountPoint(
ContainerPath=volume["target"],
ReadOnly=volume["read_only"],
SourceVolume=NONALPHANUM.sub("", volume["target"]),
),
)
if not mount_point_exists(mount_points, mnt_point, family,
service):
mount_points.append(mnt_point)
def define_cluster(root_stack, cluster_def):
"""
Function to create the cluster from provided properties.
:param dict cluster_def:
:param ecs_composex.common.stacks.ComposeXStack root_stack:
:return: cluster
:rtype: troposphere.ecs.Cluster
"""
cluster_params = {}
if not keyisset("Properties", cluster_def):
return get_default_cluster_config()
props = cluster_def["Properties"]
if keyisset("ClusterName", props):
root_stack.Parameters.update({CLUSTER_NAME_T: props["ClusterName"]})
if not keyisset("CapacityProviders", props):
LOG.warning("No capacity providers defined. Setting it to default.")
cluster_params["CapacityProviders"] = DEFAULT_PROVIDERS
else:
cluster_params["CapacityProviders"] = props["CapacityProviders"]
if not keyisset("DefaultCapacityProviderStrategy", props):
LOG.warning("No Default Strategy set. Setting to default.")
cluster_params["DefaultCapacityProviderStrategy"] = DEFAULT_STRATEGY
else:
cluster_params[
"DefaultCapacityProviderStrategy"] = import_capacity_strategy(
props["DefaultCapacityProviderStrategy"])
cluster_params["Metadata"] = metadata
cluster_params["ClusterName"] = If(GENERATED_CLUSTER_NAME_CON_T,
Ref(AWS_STACK_NAME),
Ref(CLUSTER_NAME_T))
cluster = Cluster(CLUSTER_T, **cluster_params)
return cluster
def create_new_vpc(vpc_xkey, settings, default=False):
if not default:
create_settings = define_create_settings(
settings.compose_content[vpc_xkey]["Create"])
else:
create_settings = {
VPC_CIDR.title: DEFAULT_VPC_CIDR,
VPC_SINGLE_NAT.title: True,
"Endpoints": {
"AwsServices": [{
"service": "ecr.dkr"
}, {
"service": "ecr.api"
}]
},
}
vpc_stack = VpcStack(RES_KEY, settings, create_settings)
vpc_stack.add_parameter({
dns_params.PRIVATE_DNS_ZONE_NAME.title:
If(
dns_conditions.USE_DEFAULT_ZONE_NAME_CON_T,
dns_params.DEFAULT_PRIVATE_DNS_ZONE,
Ref(dns_params.PRIVATE_DNS_ZONE_NAME),
),
})
return vpc_stack
def generate_seed_contents(self):
seed = [
"EMPIRE_HOSTGROUP=controller\n", "EMPIRE_ECS_SERVICE_ROLE=",
Ref("ecsServiceRole"), "\n", "EMPIRE_ELB_SG_PRIVATE=",
Ref("PrivateEmpireAppELBSG"), "\n", "EMPIRE_ELB_SG_PUBLIC=",
Ref("PublicEmpireAppELBSG"), "\n", "EMPIRE_EC2_SUBNETS_PRIVATE=",
Join(",",
Ref("PrivateSubnets")), "\n", "EMPIRE_EC2_SUBNETS_PUBLIC=",
Join(",", Ref("PublicSubnets")), "\n", "EMPIRE_DATABASE_USER="******"EmpireDatabaseUser"), "\n", "EMPIRE_DATABASE_PASSWORD="******"EmpireDatabasePassword"), "\n", "EMPIRE_DATABASE_HOST=",
Ref("EmpireDatabaseHost"), "\n",
"EMPIRE_ROUTE53_INTERNAL_ZONE_ID=",
Ref("InternalZoneId"), "\n", "ECS_CLUSTER=",
Ref("EmpireMinionCluster"), "\n", "EMPIRE_GITHUB_CLIENT_ID=",
Ref("EmpireGithubClientId"), "\n", "EMPIRE_GITHUB_CLIENT_SECRET=",
Ref("EmpireGithubClientSecret"), "\n",
"EMPIRE_GITHUB_ORGANIZATION=",
Ref("EmpireGithubOrganization"), "\n", "EMPIRE_TOKEN_SECRET=",
Ref("EmpireTokenSecret"), "\n", "DOCKER_REGISTRY=",
Ref("DockerRegistry"), "\n", "DOCKER_USER="******"DockerRegistryUser"), "\n", "DOCKER_PASS="******"DockerRegistryPassword"), "\n", "DOCKER_EMAIL=",
Ref("DockerRegistryEmail"), "\n", "ENABLE_STREAMING_LOGS=",
If("EnableStreamingLogs", "true", "false"), "\n"
]
return seed
def add_listener(self, template):
# Choose proper certificate source ?-> always acm?
acm_cert = Join("", [
"arn:aws:acm:",
Ref("AWS::Region"), ":",
Ref("AWS::AccountId"), ":certificate/",
Ref("ALBCertName")
])
# We probably don't need this code for an IAM Cert
iam_cert = Join("", [
"arn:aws:iam::",
Ref("AWS::AccountId"), ":server-certificate/",
Ref("ALBCertName")
])
cert_id = If("UseIAMCert", iam_cert, acm_cert)
alb_name = ALB_NAME
with_ssl = alb.Listener(
ALB_LISTENER % self.name,
Port="443",
Protocol="HTTPS",
LoadBalancerArn=Ref(alb_name),
DefaultActions=[
alb.Action(Type="forward",
TargetGroupArn=Ref(TARGET_GROUP_DEFAULT))
],
Certificates=[alb.Certificate(CertificateArn=cert_id)])
template.add_resource(with_ssl)
template.add_output(Output("IAlbListener", Value=with_ssl.Ref()))
def get_common_attrs(self):
return {
"AllocatedStorage": Ref("AllocatedStorage"),
"AllowMajorVersionUpgrade": Ref("AllowMajorVersionUpgrade"),
"AutoMinorVersionUpgrade": Ref("AutoMinorVersionUpgrade"),
"BackupRetentionPeriod": Ref("BackupRetentionPeriod"),
"DBName": Ref("DatabaseName"),
"DBInstanceClass": Ref("InstanceType"),
"DBInstanceIdentifier": Ref("DBInstanceIdentifier"),
"DBSnapshotIdentifier": If(
"HasDBSnapshotIdentifier",
Ref("DBSnapshotIdentifier"),
Ref("AWS::NoValue"),
),
"DBParameterGroupName": Ref("ParameterGroup"),
"DBSubnetGroupName": Ref(SUBNET_GROUP),
"Engine": self.engine() or Ref("Engine"),
"EngineVersion": Ref("EngineVersion"),
# NoValue for now
"LicenseModel": Ref("AWS::NoValue"),
"MasterUsername": Ref("MasterUser"),
"MasterUserPassword": Ref("MasterUserPassword"),
"MultiAZ": Ref("MultiAZ"),
"OptionGroupName": Ref("OptionGroup"),
"PreferredBackupWindow": Ref("PreferredBackupWindow"),
"PreferredMaintenanceWindow": Ref("PreferredMaintenanceWindow"),
"StorageEncrypted": Ref("StorageEncrypted"),
"VPCSecurityGroups": [Ref(SECURITY_GROUP), ],
"Tags": Tags(Name=self.name),
}
def add_spotfleet_stack(template, settings, launch_template):
"""
Function to build the spotfleet stack and add it to the Cluster parent template
:param launch_template: the launch template
:param troposphere.Template template: parent cluster template
:param ComposeXSettings settings: The settings for execution
"""
compute_config = ComputeConfig(settings)
parameters = {
ROOT_STACK_NAME_T: If(
cfn_conditions.USE_STACK_NAME_CON_T,
Ref("AWS::StackName"),
Ref(ROOT_STACK_NAME),
),
compute_params.LAUNCH_TEMPLATE_ID_T: Ref(launch_template),
compute_params.LAUNCH_TEMPLATE_VersionNumber_T: GetAtt(
launch_template, "LatestVersionNumber"
),
compute_params.MAX_CAPACITY_T: Ref(compute_params.MAX_CAPACITY),
compute_params.MIN_CAPACITY_T: Ref(compute_params.MIN_CAPACITY),
compute_params.TARGET_CAPACITY_T: Ref(compute_params.TARGET_CAPACITY),
}
fleet_template = generate_spot_fleet_template(settings, compute_config.spot_config)
template.add_resource(
ComposeXStack(
"SpotFleet",
stack_template=fleet_template,
Condition=cfn_conditions.USE_SPOT_CON_T,
Parameters=parameters,
)
)
