Exemple #1
0
    def test_parameter_group(self):
        t = Template()
        p1 = t.add_parameter(Parameter("Foo"))
        t.add_parameter(Parameter("Bar"))
        t.add_parameter_to_group(p1, "gr")
        t.add_parameter_to_group("Bar", "gr")

        self.assertEqual(t.metadata, {
            "AWS::CloudFormation::Interface": {
                "ParameterGroups": [
                    {
                        "Label": {"default": "gr"},
                        "Parameters": ["Foo", "Bar"],
                    },
                ],
            },
        })
video_metadata_event_code_key = template.add_parameter(
    Parameter(
        'VideoMetadataEvent',
        Type=constants.STRING,
        Default='lambda-code/video_engine/video_metadata_event.zip',
    ))

rekognition_results_code_key = template.add_parameter(
    Parameter(
        'RekognitionResults',
        Type=constants.STRING,
        Default='lambda-code/video_engine/rekognition_results.zip',
    ))

template.add_parameter_to_group(start_insights_code_key, 'Lambda Keys')
template.add_parameter_to_group(rekognition_code_key, 'Lambda Keys')
template.add_parameter_to_group(video_metadata_event_code_key, 'Lambda Keys')
template.add_parameter_to_group(rekognition_results_code_key, 'Lambda Keys')

rekognition_updates_queue = template.add_resource(
    Queue('RekognitionUpdatesQueue', ))

rekognition_updates_topic = template.add_resource(
    Topic(
        'RekognitionUpdatesTopic',
        Subscription=[
            Subscription(
                Endpoint=GetAtt(rekognition_updates_queue, 'Arn'),
                Protocol='sqs',
            )
update_encoding_state_lambda_code_key = template.add_parameter(
    Parameter(
        'UpdateEncodingState',
        Type=constants.STRING,
        Default='lambda-code/video_engine/update_encoding_state.zip',
    ))

elastictranscoder_code_key = template.add_parameter(
    Parameter(
        'ElasticTranscoder',
        Type=constants.STRING,
        Default='custom_resources/elastictranscoder.zip',
    ))

template.add_parameter_to_group(start_encode_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(request_encoding_lambda_code_key,
                                'Lambda Keys')
template.add_parameter_to_group(update_encoding_state_lambda_code_key,
                                'Lambda Keys')
template.add_parameter_to_group(elastictranscoder_code_key, 'Lambda Keys')

_video_events_table = ImportValue(
    Join('-', [Ref(core_stack), 'VideoEventsTable', 'Ref']))
_lambda_managed_policy = ImportValue(
    Join('-', [Ref(core_stack), 'LambdaDefaultPolicy', 'Arn']))

request_encoding_queue = template.add_resource(Queue('RequestEncodingQueue', ))

start_media_insights_queue = template.add_resource(
    Queue('StartMediaInsightsQueue', ))
def main():

    t = Template()
    AddAMIMap(t)

    t.set_version("2010-09-09")

    t.set_description(
        "DCV 2017 Remote Desktop with Xilinx Vivado (using AWS FPGA Developer AMI)"
    )

    tags = Tags(Name=Ref("AWS::StackName"))

    # user data
    InstUserData = list()
    InstUserData = [
        '#!/usr/bin/env bash\n',
        '\n',
        'set -x\n',
        '\n',
        '##exit 0\n',  # use this to disable all user-data and bring up files
        '\n',
        'my_wait_handle="', Ref('InstanceWaitHandle'), '"\n',
        'user_name="', Ref('UserName'), '"\n',
        'user_pass="******"\n',
        '\n',
    ]

    with open('_include/dcv-install.sh', 'r',) as ud_file:
        user_data_file = ud_file.readlines()

    for l in user_data_file:
        InstUserData.append(l)

    VPCId = t.add_parameter(Parameter(
        'VPCId',
        Type="AWS::EC2::VPC::Id",
        Description="VPC ID for where the remote desktop instance should be launched"
    ))
    t.set_parameter_label(VPCId, "VPC ID")
    t.add_parameter_to_group(VPCId, "Instance Configuration")

    Subnet = t.add_parameter(Parameter(
        'Subnet',
        Type="AWS::EC2::Subnet::Id",
        Description="For the Subnet ID, you should choose one in the "
                    "Availability Zone where you want the instance launched"
    ))
    t.set_parameter_label(Subnet, "Subnet ID")
    t.add_parameter_to_group(Subnet, "Instance Configuration")

    ExistingSecurityGroup = t.add_parameter(Parameter(
        'ExistingSecurityGroup',
        Type="String",
        Default="NO_VALUE",
        Description="OPTIONAL: Needs to be a SG ID, for example sg-abcd1234efgh. "
                    "This is an already existing Security Group ID that is "
                    "in the same VPC, this is an addition to the security groups that "
                    "are automatically created to enable access to the remote desktop,"
                    "leave as NO_VALUE if you choose not to use this"
    ))
    t.set_parameter_label(ExistingSecurityGroup, "OPTIONAL: Existing Security Group (e.g. sg-abcd1234efgh)")
    t.add_parameter_to_group(ExistingSecurityGroup, "Instance Configuration")

    remoteDesktopInstanceType = t.add_parameter(Parameter(
        'remoteDesktopInstanceType',
        Type="String",
        Description="This is the instance type that will be used. As this is a "
                    "2D workstation, we are not supporting GPU instance types.",
        Default="m4.xlarge",
        AllowedValues=[
            "m4.large",
            "m4.xlarge",
            "m4.2xlarge",
            "m4.4xlarge",
            "m4.10xlarge",
            "m5.large",
            "m5.xlarge",
            "m5.2xlarge",
            "m5.4xlarge",
            "m5.12xlarge",
            "m5.24xlarge",
            "z1d.large",
            "z1d.xlarge",
            "z1d.2xlarge",
            "z1d.3xlarge",
            "z1d.6xlarge",
            "z1d.12xlarge",
            "z1d.metal"
        ],
        ConstraintDescription= "Must an EC2 instance type from the list"
    ))
    t.set_parameter_label(remoteDesktopInstanceType, "Remote Desktop Instance Type")
    t.add_parameter_to_group(remoteDesktopInstanceType, "Instance Configuration")

    EC2KeyName = t.add_parameter(Parameter(
        'EC2KeyName',
        Type="AWS::EC2::KeyPair::KeyName",
        Description="Name of an existing EC2 KeyPair to enable SSH access to the instance.",
        ConstraintDescription="REQUIRED: Must be a valid EC2 key pair"
    ))
    t.set_parameter_label(EC2KeyName, "EC2 Key Name")
    t.add_parameter_to_group(EC2KeyName, "Instance Configuration")

    OperatingSystem = t.add_parameter(Parameter(
        'OperatingSystem',
        Type="String",
        Description="Operating System of the AMI",
        Default="centos7",
        AllowedValues=[
            "centos7"
        ],
        ConstraintDescription="Must be: centos7"
    ))
    t.set_parameter_label(OperatingSystem, "Operating System of AMI")
    t.add_parameter_to_group(OperatingSystem, "Instance Configuration")

    StaticPrivateIpAddress = t.add_parameter(Parameter(
        'StaticPrivateIpAddress',
        Type="String",
        Default="NO_VALUE",
        Description="OPTIONAL: If you already have a private VPC address range, you can "
                    "specify the private IP address to use, leave as NO_VALUE if you choose not to use this",
    ))
    t.set_parameter_label(StaticPrivateIpAddress, "OPTIONAL: Static Private IP Address")
    t.add_parameter_to_group(StaticPrivateIpAddress, "Instance Configuration")

    UsePublicIp = t.add_parameter(Parameter(
        'UsePublicIp',
        Type="String",
        Description="Should a public IP address be given to the instance, "
                    "this is overridden by CreateElasticIP=True",
        Default="True",
        ConstraintDescription="True/False",
        AllowedValues=[
            "True",
            "False"
        ]
    ))
    t.set_parameter_label(UsePublicIp, "Assign a public IP Address")
    t.add_parameter_to_group(UsePublicIp, "Instance Configuration")

    CreateElasticIP = t.add_parameter(Parameter(
        'CreateElasticIP',
        Type="String",
        Description="Should an Elastic IP address be created and assigned, "
                    "this allows for persistent IP address assignment",
        Default="True",
        ConstraintDescription="True/False",
        AllowedValues=[
            "True",
            "False"
        ]
    ))
    t.set_parameter_label(CreateElasticIP, "Create an Elastic IP address")
    t.add_parameter_to_group(CreateElasticIP, "Instance Configuration")

    S3BucketName = t.add_parameter(Parameter(
        'S3BucketName',
        Type="String",
        Default="NO_VALUE",
        Description="OPTIONAL: S3 bucket to allow this instance read access (List and Get),"
                    "leave as NO_VALUE if you choose not to use this"
    ))
    t.set_parameter_label(S3BucketName, "OPTIONAL: S3 bucket for read access")
    t.add_parameter_to_group(S3BucketName, "Instance Configuration")

    AccessCidr = t.add_parameter(Parameter(
        'AccessCidr',
        Type="String",
        Description="This is the CIDR block for allowing remote access, for ports 22 and 8443",
        Default="111.222.333.444/32",
        AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
        ConstraintDescription="Must be a valid CIDR x.x.x.x/x"
    ))
    t.set_parameter_label(AccessCidr, "CIDR block for remote access (ports 22 and 8443)")
    t.add_parameter_to_group(AccessCidr, "Instance Configuration")

    UserName = t.add_parameter(Parameter(
        'UserName',
        Type="String",
        Description="User name for DCV remote desktop login, default is \"simuser\".",
        Default="simuser",
        MinLength="4",
    ))
    t.set_parameter_label(UserName, "User name for DCV login")
    t.add_parameter_to_group(UserName, "DCV Configuration")

    UserPass = t.add_parameter(Parameter(
        'UserPass',
        Type="String",
        Description="Password for DCV remote desktop login. The default password is Ch4ng3M3!",
        Default="Ch4ng3M3!",
        MinLength="8",
        AllowedPattern="^((?=.*[a-z])(?=.*[A-Z])(?=.*[\\d])|(?=.*[a-z])(?=.*[A-Z])(?=.*[\\W_])|(?=.*[a-z])(?=.*[\\d])(?=.*[\\W_])|(?=.*[A-Z])(?=.*[\\d])(?=.*[\\W_])).+$",
        ConstraintDescription="Password must contain at least one element from three of the following sets: lowercase letters, uppercase letters, base 10 digits, non-alphanumeric characters",
        NoEcho=True
    ))
    t.set_parameter_label(UserPass, "Password for DCV login")
    t.add_parameter_to_group(UserPass, "DCV Configuration")


    # end parameters

    RootRole = t.add_resource(iam.Role(
        "RootRole",
        AssumeRolePolicyDocument={
            "Version": "2012-10-17",
            "Statement": [ {
                "Effect": "Allow",
                "Principal": {
                    "Service": ["ec2.amazonaws.com"],
                 },
                "Action": ["sts:AssumeRole"]
            }]
        }
    ))

    dcvBucketPolicy= t.add_resource(PolicyType(
        "dcvBucketPolicy",
        PolicyName="dcvBucketPolicy",
        Roles=[Ref(RootRole)],
        PolicyDocument={
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Action": ["s3:GetObject"],
                    "Resource": "arn:aws:s3:::dcv-license.us-east-1/*"
                }
            ],
        },
    )),

    BucketPolicy= t.add_resource(PolicyType(
        "BucketPolicy",
        PolicyName="BucketPolicy",
        Roles=[Ref(RootRole)],
        PolicyDocument={
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Action": ["s3:GetObject"],
                    "Resource": {"Fn::Join":["", ["arn:aws:s3:::", {"Ref": "S3BucketName"},"/*"]]}
                },
                {
                    "Effect": "Allow",
                    "Action": [ "s3:ListBucket"],
                    "Resource": {"Fn::Join":["", ["arn:aws:s3:::", {"Ref": "S3BucketName"}]]}
                }
            ],
        },
        Condition="Has_Bucket"
    )),

    remoteDesktopSecurityGroup = t.add_resource(SecurityGroup(
        "remoteDesktopSecurityGroup",
        VpcId = Ref(VPCId),
        GroupDescription = "Remote Desktop Secuirty group",
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="8443",
                ToPort="8443",
                CidrIp=Ref(AccessCidr),
            ),
        ]
    ))

    SshSecurityGroup = t.add_resource(SecurityGroup(
        "SshSecurityGroup",
        VpcId = Ref(VPCId),
        GroupDescription = "SSH Secuirty group",
        SecurityGroupIngress=[
            ec2.SecurityGroupRule(
                IpProtocol="tcp",
                FromPort="22",
                ToPort="22",
                CidrIp=Ref(AccessCidr),
            ),
        ]
    ))

    RootInstanceProfile = t.add_resource(InstanceProfile(
        "RootInstanceProfile",
        Roles=[Ref(RootRole)]
    ))

    remoteDesktopInstance = t.add_resource(ec2.Instance(
        'remoteDesktopInstance',
        ImageId=FindInMap("AWSRegionAMI", Ref("AWS::Region"), Ref(OperatingSystem)),
        KeyName=Ref(EC2KeyName),
        InstanceType=(Ref(remoteDesktopInstanceType)),
        DisableApiTermination='false',
        NetworkInterfaces=[
            NetworkInterfaceProperty(
                SubnetId=Ref(Subnet),
                GroupSet=If(
                    "not_existing_sg",
                    [Ref(remoteDesktopSecurityGroup), Ref(SshSecurityGroup)],
                    [Ref(remoteDesktopSecurityGroup), Ref(SshSecurityGroup), Ref(ExistingSecurityGroup)]
                ),
                AssociatePublicIpAddress=Ref(UsePublicIp),
                DeviceIndex='0',
                DeleteOnTermination='true',
                PrivateIpAddress=If(
                    "Has_Static_Private_IP",
                    Ref(StaticPrivateIpAddress),
                    Ref("AWS::NoValue"),
                )
            )
        ],
        IamInstanceProfile=(Ref(RootInstanceProfile)),
        UserData=Base64(Join('', InstUserData)),
    ))

    EIPAddress = t.add_resource(EIP(
        'EIPAddress',
        Domain='vpc',
        InstanceId=Ref(remoteDesktopInstance),
        Condition="create_elastic_ip"
    ))

    t.add_condition(
        "not_existing_sg",
        Equals(Ref(ExistingSecurityGroup), "NO_VALUE")
    )

    t.add_condition(
        "Has_Public_Ip",
        Equals(Ref(UsePublicIp), "True")
    )

    t.add_condition(
        "Has_Bucket",
        Not(Equals(Ref(S3BucketName), "NO_VALUE"))
    )

    t.add_condition(
        "create_elastic_ip",
        Equals(Ref(CreateElasticIP), "True")
    )

    t.add_condition(
        "Has_Static_Private_IP",
        Not(Equals(Ref(StaticPrivateIpAddress), "NO_VALUE"))
    )

    waithandle = t.add_resource(WaitConditionHandle('InstanceWaitHandle'))

    instanceWaitCondition = t.add_resource(WaitCondition(
        "instanceWaitCondition",
        Handle=Ref(waithandle),
        Timeout="3600",
        DependsOn="remoteDesktopInstance"
    ))

    t.add_output([
        Output(
            "DCVConnectionLink",
            Description="Connect to the DCV Remote Desktop with this URL",
            Value=Join("", [
                "https://",
                GetAtt("remoteDesktopInstance", 'PublicIp'),
                ":8443"
            ])
        ),
        Output(
            "DCVUserName",
            Description="Login name for DCV session",
            Value=(Ref(UserName))
        ),
        Output(
            "SSHTunnelCommand",
            Description='Command for setting up SSH tunnel to remote desktop, use "localhost:18443" for DCV client',
            Value=Join("", [
                "ssh -i <file.pem> -L 18443:localhost:8443 -l centos ",
                GetAtt("remoteDesktopInstance", 'PublicIp')
            ])
        ),
    ])

    #print(t.to_json(indent=2))
    print(to_yaml(t.to_json(indent=2), clean_up=True))
Exemple #5
0
    '--output-dir',
    help='Where to place the Zip-files and the CloudFormation template',
    default='output')

args = parser.parse_args()

template = Template("Custom Resources")

s3_bucket = template.add_parameter(
    troposphere.Parameter(
        "S3Bucket",
        Type=constants.STRING,
        Description="S3 bucket where the ZIP files are located",
    ))
template.set_parameter_label(s3_bucket, "S3 bucket")
lambda_code_location = template.add_parameter_to_group(s3_bucket,
                                                       "Lambda code location")

s3_path = template.add_parameter(
    troposphere.Parameter(
        "S3Path",
        Type=constants.STRING,
        Default='',
        Description=
        "Path prefix where the ZIP files are located (should probably end with a '/')",
    ))
template.set_parameter_label(s3_path, "S3 path")
template.add_parameter_to_group(s3_path, lambda_code_location)


def rec_split_path(path: str) -> typing.List[str]:
    """
Exemple #6
0
    Default='spunt-core',
))

domain_name = template.add_parameter(Parameter(
    'DomainName',
    Type=constants.STRING,
    Default='spunt.be',
))

rewrite_assets_lambda_code_key = template.add_parameter(Parameter(
    'RewriteAssets',
    Type=constants.STRING,
    Default='lambda-code/frontend/rewrite_assets.zip',
))

template.add_parameter_to_group(rewrite_assets_lambda_code_key, 'Lambda Keys')

frontend_bucket = template.add_resource(Bucket(
    "FrontendBucket",
    AccessControl='PublicRead',  # Maybe remove this later on
    WebsiteConfiguration=WebsiteConfiguration(
        IndexDocument='index.html',
        ErrorDocument='index.html',
    ),
))

cloudfront_certificate = template.add_resource(Certificate(
    "CloudFrontCertificate",
    DomainName=Ref(domain_name),
    DomainValidationOptions=[DomainValidationOption(
        DomainName=Ref(domain_name),
Exemple #7
0
    Default='lambda-code/api/consume_events.zip',
))

upvote_lambda_code_key = template.add_parameter(Parameter(
    'Upvote',
    Type=constants.STRING,
    Default='lambda-code/api/upvote.zip',
))

upload_lambda_code_key = template.add_parameter(Parameter(
    'Upload',
    Type=constants.STRING,
    Default='lambda-code/api/upload.zip',
))

template.add_parameter_to_group(all_videos_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(trending_videos_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(hot_videos_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(recommended_videos_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(get_video_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(rewrite_downvote_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(consume_events_code_key, 'Lambda Keys')
template.add_parameter_to_group(upvote_lambda_code_key, 'Lambda Keys')
template.add_parameter_to_group(upload_lambda_code_key, 'Lambda Keys')

video_table = template.add_resource(Table(
    'VideoTable',
    BillingMode='PAY_PER_REQUEST',
    AttributeDefinitions=[AttributeDefinition(
        AttributeName='videoId',
        AttributeType='S',
Exemple #8
0
    Default='admin.spunt.be',
))

consume_events_code_key = template.add_parameter(Parameter(
    'ConsumeEvents',
    Type=constants.STRING,
    Default='lambda-code/admin/consume_admin_events.zip',
))

all_videos_lambda_code_key = template.add_parameter(Parameter(
    'AllVideos',
    Type=constants.STRING,
    Default='lambda-code/admin/all_admin_videos.zip',
))

template.add_parameter_to_group(consume_events_code_key, 'Lambda Keys')
template.add_parameter_to_group(all_videos_lambda_code_key, 'Lambda Keys')

video_table = template.add_resource(Table(
    'VideoTable',
    BillingMode='PAY_PER_REQUEST',
    AttributeDefinitions=[AttributeDefinition(
        AttributeName='videoId',
        AttributeType='S',
    )],
    KeySchema=[KeySchema(
        AttributeName='videoId',
        KeyType='HASH',
    )],
))