def resources(self, stack: Stack) -> list[AWSObject]:
"""Return resources associated with the construct."""
igw = ec2.InternetGateway(name_to_id(f"{self.name_prefix}-igw"))
attachement = ec2.VPCGatewayAttachment(
name_to_id(f"{self.name_prefix}-igw-attachement"),
InternetGatewayId=Ref(igw),
VpcId=Ref(self.vpc),
)
route = ec2.Route(
name_to_id(f"{self.name_prefix}-igw-route"),
RouteTableId=Ref(self.route_table),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(igw),
)
result = [igw, attachement, route]
# If a new route table has to be created associate it with provided subnets
if self.add_route_table_to_stack:
result.append(self.route_table)
assert self.subnets is not None
result.extend([
ec2.SubnetRouteTableAssociation(
name_to_id(f"{self.name_prefix}-{num}"),
RouteTableId=Ref(self.route_table),
SubnetId=Ref(subnet),
)
for subnet, num in zip(self.subnets, range(len(self.subnets)))
])
return result
def create_routing_resources(self):
"""Create VPC routing resource
Handles the creation of VPC resources that need to be used throughout
the stack and include the following:
- internet gateway
- vpc gateway attachment
- public route table
- public route
"""
gateway = self.create_resource(
ec2.InternetGateway('InternetGateway', Tags=self.get_tags()))
gateway_attachment = self.create_resource(
ec2.VPCGatewayAttachment('VPCGatewayAttachment',
VpcId=Ref(self.vpc),
InternetGatewayId=Ref(gateway)))
public_route_table = self.create_resource(
ec2.RouteTable('PublicRouteTable', VpcId=Ref(self.vpc)))
self.create_resource(
ec2.Route('PublicRoute',
RouteTableId=Ref(public_route_table),
DestinationCidrBlock=ALLOW_ALL_CIDR,
DependsOn=gateway_attachment.title,
GatewayId=Ref(gateway)))
return public_route_table
def create_vpc(self):
"""Create the VPC resources."""
template = self.template
variables = self.get_variables()
self.template.add_version(AWS_TEMPLATE_VERSION)
self.template.add_description('Create a VPC')
vpc = ec2.VPC(
VPC_NAME,
CidrBlock=variables['VpcCidr'],
EnableDnsSupport=True,
EnableDnsHostnames=True,
Tags=[ec2.Tag('Name', variables['VpcName'] + '-LATESTREPO')]
)
template.add_resource(vpc)
template.add_output(
Output(
OUTPUT_VPC_ID,
Value=VPC_ID
)
)
# create the internet gateway if needed
if variables["UseInternetGW"]:
template.add_resource(ec2.InternetGateway('InternetGatway'))
template.add_resource(
ec2.VPCGatewayAttachment(
'GatewayAttach',
VpcId=Ref(VPC_NAME),
InternetGatewayId=Ref('InternetGatway')
)
)
def create_routing_resources(self):
gateway = self.create_resource(
ec2.InternetGateway(
'InternetGateway',
Tags=self.get_tags()
)
)
gateway_attachment = self.create_resource(
ec2.VPCGatewayAttachment(
'VPCGatewayAttachment',
VpcId=Ref(self.vpc),
InternetGatewayId=Ref(gateway)
)
)
public_route_table = self.create_resource(
ec2.RouteTable(
'PublicRouteTable',
VpcId=Ref(self.vpc))
)
self.create_resource(
ec2.Route(
'PublicRoute',
RouteTableId=Ref(public_route_table),
DestinationCidrBlock=ALLOW_ALL_CIDR,
DependsOn=gateway_attachment.title,
GatewayId=Ref(gateway)
)
)
return public_route_table
def resources(self, stack: Stack) -> list[AWSObject]:
"""Return resources associated with the construct."""
igw = ec2.InternetGateway(name_to_id(f"{self.name_prefix}-igw"))
attachement = ec2.VPCGatewayAttachment(
name_to_id(f"{self.name_prefix}-igw-attachement"),
InternetGatewayId=Ref(igw),
VpcId=Ref(self.vpc),
)
route_table = ec2.RouteTable(
name_to_id(f"{self.name_prefix}-igw-route-table"), VpcId=Ref(self.vpc)
)
route = ec2.Route(
name_to_id(f"{self.name_prefix}-igw-route"),
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(igw),
)
route_table_associations = (
ec2.SubnetRouteTableAssociation(
name_to_id(f"{self.name_prefix}-{num}"),
RouteTableId=Ref(route_table),
SubnetId=Ref(subnet),
)
for subnet, num in zip(self.subnets, range(len(self.subnets)))
)
return [igw, attachement, route_table, route, *route_table_associations]
def add_igw_gateway(self):
name, tags = self._name_tags('igw_gateway')
self.igw_gateway = self.t.add_resource(
ec2.InternetGateway(
name,
Tags=Tags(**tags),
))
def create_gateway(self):
t = self.template
t.add_resource(ec2.InternetGateway(GATEWAY))
t.add_resource(
ec2.VPCGatewayAttachment(GW_ATTACH,
VpcId=VPC_ID,
InternetGatewayId=Ref(GATEWAY)))
def createCouchbaseInternetGateway(t):
couchbaseInternetGateway = t.add_resource(
ec2.InternetGateway(
'GATEWAY',
Tags=Tags(
Name=Join('', ['gateway-scalability-',
Ref('AWS::Region')]))))
return couchbaseInternetGateway
def add_igw(prefix, template, subnet):
title = "%sInternetGateway" % prefix
gw = ec2.InternetGateway(title)
gw.Tags = [tagging.name(title), tagging.env_name()]
gw.DependsOn = resource_title.vpc_title(prefix)
template.add_resource(gw)
template.add_output(
Output('InternetGateway', Description="InternetGateway",
Value=Ref(gw)))
return gw
def build_public_gateway(vpc):
public_gateway = ec2.InternetGateway(name="InternetGateway",
Tags=[{
"Key": "Application",
"Value": Ref("AWS::StackId")
}])
attachment = ec2.VPCGatewayAttachment(
name="AttachInternetGateway",
VpcId=Ref(vpc),
InternetGatewayId=Ref(public_gateway))
return [attachment, public_gateway]
def create_gateway(self, name=GATEWAY):
self.gateway = self.template.add_resource(
ec2.InternetGateway(name, Tags=self.__set_tags("InternetGateway")))
self.template.add_output(Output(
GATEWAY_ID,
Value=self.gateway.Ref(),
))
self.gateway_attachment = self.template.add_resource(
ec2.VPCGatewayAttachment(
VPC_GATEWAYATTACHMENT,
VpcId=self.vpc.Ref(),
InternetGatewayId=self.gateway.Ref(),
))
def add_igw(self):
t = self.template
self.igw = t.add_resource(
ec2.InternetGateway(
'InternetGateway',
Tags=self.defaultTags + [
ec2.Tag('Name',
Join("", [self.namePrefix, 'InternetGateway']))
]))
self.igwAttachment = t.add_resource(
ec2.VPCGatewayAttachment('InternetGatewayAttachment',
VpcId=Ref(self.vpc),
InternetGatewayId=Ref(self.igw)))
def create_vpc(t, env, env_number, subnet_mapping, subnet_config):
'''
Creates the VPC along with the subnets, IGW and RouteTables
'''
vpc_objects = {}
vpc_objects['vpc'] = t.add_resource(
ec2.VPC("{}VPC".format(env.upper()),
CidrBlock="10.{}.0.0/16".format(env_number),
InstanceTenancy="default",
Tags=Tags(Name="{}VPC".format(env.upper()))))
vpc_objects['igw'] = t.add_resource(ec2.InternetGateway("InternetGateway"))
vpc_objects['igw_attachment'] = t.add_resource(
ec2.VPCGatewayAttachment(
"IGWAttachment",
VpcId=Ref(vpc_objects['vpc']),
InternetGatewayId=Ref(vpc_objects['igw']),
))
# Create Subnets
vpc_objects['subnets'] = {}
vpc_objects['nat_eip'] = {}
for subid in subnet_config:
vpc_objects['subnets'][subid] = t.add_resource(
ec2.Subnet(subid,
CidrBlock=subnet_config[subid]['subnet'],
VpcId=Ref(vpc_objects['vpc']),
AvailabilityZone="{}".format(
subnet_config[subid]['az_name']),
Tags=Tags(Name="{}Subnet".format(subid))))
# Create NAT Gateways
if subnet_config[subid]['service'] == 'nat':
az = subnet_config[subid]['az_number']
nat_eip_name = '{}{}NatEIP'.format(env.title(), az)
vpc_objects['nat_eip'][nat_eip_name] = t.add_resource(
ec2.EIP(nat_eip_name, Domain="vpc"))
t.add_resource(
ec2.NatGateway('{}{}NatGW'.format(env.title(), az),
AllocationId=GetAtt(
vpc_objects['nat_eip'][nat_eip_name],
'AllocationId'),
SubnetId=Ref(vpc_objects['subnets'][subid])))
return t, vpc_objects
def create_internet_gateway(self):
t = self.template
self.gateway = t.add_resource(ec2.InternetGateway("InternetGateway"))
t.add_output(Output(
"InternetGatewayId",
Value=self.gateway.Ref(),
))
self.gateway_attachment = t.add_resource(
ec2.VPCGatewayAttachment(
"VPCGatewayAttachment",
VpcId=self.vpc.Ref(),
InternetGatewayId=self.gateway.Ref(),
))
t.add_output(
Output(
"VPCGatewayAttachmentId",
Value=self.gateway_attachment.Ref(),
))
def main():
"""
Creates a troposphere template and then adds a single s3 bucket
"""
template = Template()
vpc = template.add_resource(ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16'))
internet_gateway = template.add_resource(ec2.InternetGateway('MyInternetGateway'))
template.add_resource(ec2.VPCGatewayAttachment('MyVPCGatewayAttachment',
InternetGatewayId=Ref(internet_gateway),
VpcId=Ref(vpc),
DependsOn=internet_gateway.title))
security_group = template.add_resource(ec2.SecurityGroup('mySecGroup',
GroupDescription='Security group',
VpcId=Ref(vpc),
))
subnet = template.add_resource(ec2.Subnet('MyPubSub',
AvailabilityZone='ap-southeast-2a',
VpcId=Ref(vpc),
CidrBlock='10.0.1.0/24'))
template.add_resource(ec2.Instance(
'myinstance',
KeyName='INSERT_YOUR_KEYPAIR_HERE',
ImageId='ami-dc361ebf',
InstanceType='t2.nano',
NetworkInterfaces=[ec2.NetworkInterfaceProperty(
GroupSet=[Ref(security_group)],
AssociatePublicIpAddress=True,
DeviceIndex='0',
DeleteOnTermination=True,
SubnetId=Ref(subnet))],
SourceDestCheck=True,
DependsOn=internet_gateway.title
))
SNS(template=template)
print(template.to_json(indent=2, separators=(',', ': ')))
def define_vpc(self, vpc_config):
vpc = ec2.VPC(vpc_config["name"], DeletionPolicy=self.deletion_policy)
vpc.CidrBlock = vpc_config["cidr_block"]
vpc.EnableDnsSupport = vpc_config["dns_support"]
vpc.EnableDnsHostnames = vpc_config["dns_hostnames"]
vpc.Tags = self._get_tags(vpc_config)
self._add_resource(vpc)
if vpc_config["internet_gateway"]:
ig = ec2.InternetGateway(vpc_config["internet_gateway"]["name"],
DeletionPolicy=self.deletion_policy)
ig.Tags = self._get_tags(vpc_config["internet_gateway"])
self.template.add_resource(ig)
iga = ec2.VPCGatewayAttachment(
"%sAttachment" % vpc_config["internet_gateway"]["name"],
DependsOn=ig.name,
DeletionPolicy=self.deletion_policy)
iga.VpcId = Ref(vpc)
iga.InternetGatewayId = Ref(ig)
self.template.add_resource(iga)
def configure_vpc(cfn_template, cluster_name):
vpc = ec2.VPC("DustVPC")
vpc.CidrBlock = "10.0.0.0/16"
vpc.Tags = [ec2.Tag("Name:", cluster_name)]
cfn_template.add_resource(vpc)
vpc_id = Ref(vpc)
subnet = ec2.Subnet('dustSubnet')
subnet.VpcId = vpc_id
subnet.CidrBlock = "10.0.0.0/24"
cfn_template.add_resource(subnet)
vpc_subnet = Ref(subnet)
net_gateway = ec2.InternetGateway('dustGateway')
cfn_template.add_resource(net_gateway)
attach_net_gateway = ec2.VPCGatewayAttachment('dustAttachGateway')
attach_net_gateway.VpcId = vpc_id
attach_net_gateway.InternetGatewayId = Ref(net_gateway)
cfn_template.add_resource(attach_net_gateway)
route_table = ec2.RouteTable('dustRoutetable')
route_table.VpcId = vpc_id
cfn_template.add_resource(route_table)
route = ec2.Route('dustRoute')
route.RouteTableId = Ref(route_table)
route.DestinationCidrBlock = "0.0.0.0/0"
route.GatewayId = Ref(net_gateway)
route.DependsOn = "dustAttachGateway"
cfn_template.add_resource(route)
attach_route = ec2.SubnetRouteTableAssociation('dustAttachRouteTable')
attach_route.SubnetId = vpc_subnet
attach_route.RouteTableId = Ref(route_table)
cfn_template.add_resource(attach_route)
return vpc_id, vpc_subnet
def create_routing():
return [
ec2.InternetGateway(
'internetGateway',
Tags=_tags(),
),
ec2.VPCGatewayAttachment(
'vpcToInternetGateway',
InternetGatewayId=Ref('internetGateway'),
VpcId=Ref('vpc'),
),
ec2.RouteTable(
'routeTable',
VpcId=Ref('vpc'),
Tags=_tags(),
),
ec2.Route(
'routeToInternetGateway',
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref('internetGateway'),
RouteTableId=Ref('routeTable'),
),
]
def add_resources(self):
"""Add resources to template."""
template = self.template
variables = self.get_variables()
# Add StackName to outputs (for ease of reference by child stacks)
template.add_output(
Output('StackName',
Description='Name of this CloudFormation stack',
Value=Ref('AWS::StackName')))
vpc = template.add_resource(
ec2.VPC('VPC',
CidrBlock=variables['VpcCidr'].ref,
EnableDnsSupport=True,
EnableDnsHostnames=True,
InstanceTenancy=variables['VpcInstanceTenancy'].ref,
Tags=Tags(Application=Ref('AWS::StackName'),
Name=Join('-', [
variables['CustomerName'].ref, 'vpc',
variables['EnvironmentName'].ref
]),
Network='Public')))
template.add_output(
Output('VPC',
Description='VPC',
Export=Export(Sub('${AWS::StackName}-VPC')),
Value=Ref(vpc)))
template.add_output(
Output('CidrBlock',
Description='Set of IP addresses for the VPC',
Export=Export(Sub('${AWS::StackName}-CidrBlock')),
Value=GetAtt(vpc, 'CidrBlock')))
# Create subnets
for i in range(AZS):
for zone in ['Public', 'Private']:
template.add_resource(
ec2.Subnet(
'%sSubnet%s' % (zone[:3], str(i + 1)),
Condition='%sAZ%i' % (zone, (i + 1)),
VpcId=Ref(vpc),
AvailabilityZone=Select(str(i + variables['AzOffset']),
GetAZs('')),
CidrBlock=Ref('%sSubnet%s' % (zone, str(i + 1))),
Tags=Tags(
Application=Ref('AWS::StackName'),
Name=Join('-', [
variables['CustomerName'].ref,
zone.lower(), variables['EnvironmentName'].ref,
Select(str(i + variables['AzOffset']),
GetAZs(''))
]),
Network='%s - %s' % (zone, str(i + 1)))))
template.add_output(
Output('%sSubnet%s' % (zone[:3], str(i + 1)),
Condition='%sAZ%s' % (zone, str(i + 1)),
Description='%sSubnet%s' % (zone[:3], str(i + 1)),
Export=Export(
Sub('${AWS::StackName}-'
'%sSubnet%s' % (zone[:3], str(i + 1)))),
Value=Ref('%sSubnet%s' % (zone[:3], str(i + 1)))))
template.add_output(
Output(
'%sSubnet%sAZ' % (zone[:3], str(i + 1)),
Condition='%sAZ%s' % (zone, str(i + 1)),
Description='%sSubnet%s Availability Zone' %
(zone[:3], str(i + 1)), # noqa
Export=Export(
Sub('${AWS::StackName}-'
'%sSubnet%sAZ' % (zone[:3], str(i + 1)))),
Value=GetAtt('%sSubnet%s' % (zone[:3], str(i + 1)),
'AvailabilityZone')))
internetgateway = template.add_resource(
ec2.InternetGateway('InternetGateway',
Tags=Tags(
Application=Ref('AWS::StackName'),
Name=Join('-', [
variables['CustomerName'].ref, 'igw',
variables['EnvironmentName'].ref
]),
Network='Public')))
template.add_resource(
ec2.VPCGatewayAttachment(
'GatewayToInternet',
InternetGatewayId=Ref(internetgateway),
VpcId=Ref(vpc),
))
# Elastic IPs
for i in range(AZS):
template.add_resource(
ec2.EIP('NAT%iElasticIP' % (i + 1),
Condition='CreateNATGateway%i' % (i + 1),
Domain='vpc'))
template.add_output(
Output(
'NAT%iElasticIP' % (i + 1),
Condition='CreateNATGateway%i' % (i + 1),
Description='Elastic IP for NATs %i' % (i + 1),
Export=Export(
Sub('${AWS::StackName}-NAT%iElasticIP' % (i + 1))),
Value=Ref('NAT%iElasticIP' % (i + 1)),
))
# NAT Gateways
for i in range(AZS):
template.add_resource(
ec2.NatGateway('NATGateway%i' % (i + 1),
Condition='CreateNATGateway%i' % (i + 1),
AllocationId=GetAtt('NAT%iElasticIP' % (i + 1),
'AllocationId'),
SubnetId=Ref('PubSubnet%i' % (i + 1))))
# Route tables
publicroutetable = template.add_resource(
ec2.RouteTable(
'PublicRouteTable',
VpcId=Ref(vpc),
Tags=Tags(Application=Ref('AWS::StackName'),
Name=Join('-', [
variables['CustomerName'].ref, 'public-routes',
variables['EnvironmentName'].ref
]),
Network='Public')))
template.add_output(
Output(publicroutetable.title,
Description=publicroutetable.title,
Export=Export(
Sub('${AWS::StackName}-%s' % publicroutetable.title)),
Value=Ref(publicroutetable)))
for i in range(AZS):
template.add_resource(
ec2.RouteTable(
'PrivateRouteTable%i' % (i + 1),
Condition='PrivateAZ%i' % (i + 1),
VpcId=Ref(vpc),
Tags=Tags(
Application=Ref('AWS::StackName'),
Name=Join('-', [
variables['CustomerName'].ref, 'private-routes',
variables['EnvironmentName'].ref,
Select(str(i + variables['AzOffset']), GetAZs(''))
]),
Network='Private - %i' % (i + 1))))
template.add_output(
Output('PrivateRouteTable%i' % (i + 1),
Condition='PrivateAZ%i' % (i + 1),
Description='PrivateRouteTable%i' % (i + 1),
Export=Export(
Sub('${AWS::StackName}-'
'PrivateRouteTable%i' % (i + 1))),
Value=Ref('PrivateRouteTable%i' % (i + 1))))
# Routes & Route Table Associations
template.add_resource(
ec2.Route('PublicRoute',
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(internetgateway),
RouteTableId=Ref(publicroutetable)))
for i in range(AZS):
template.add_resource(
ec2.Route('PrivateRoute%i' % (i + 1),
Condition='CreateNATGateway%i' % (i + 1),
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref('NATGateway%i' % (i + 1)),
RouteTableId=Ref('PrivateRouteTable%i' % (i + 1))))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'PubSubnet%iRTAssoc' % (i + 1),
Condition='PublicAZ%i' % (i + 1),
RouteTableId=Ref(publicroutetable),
SubnetId=Ref('PubSubnet%i' % (i + 1))))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'PriSubnet%iRTAssoc' % (i + 1),
Condition='PrivateAZ%i' % (i + 1),
RouteTableId=Ref('PrivateRouteTable%i' % (i + 1)),
SubnetId=Ref('PriSubnet%i' % (i + 1))))
def __init__(self):
super(VPC, self).__init__()
self.vpc = ec2.VPC(
"VPC",
CidrBlock="172.1.0.0/16",
InstanceTenancy="default",
EnableDnsSupport=True,
EnableDnsHostnames=True,
Tags=Tags(Name=Ref("AWS::StackName")),
)
self.internet_gateway = ec2.InternetGateway(
"InternetGateway",
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-internet-gateway"]), ),
)
self.internet_gateway_attachment = ec2.VPCGatewayAttachment(
"InternetGatewayAttachment",
InternetGatewayId=Ref(self.internet_gateway),
VpcId=Ref(self.vpc),
)
self.public_route_table = ec2.RouteTable(
"PublicRouteTable",
VpcId=Ref(self.vpc),
Tags=Tags(Name=Join(
"-", [Ref("AWS::StackName"), "public-route-table"]), ),
)
self.private_route_table = ec2.RouteTable(
"PrivateRouteTable",
VpcId=Ref(self.vpc),
Tags=Tags(Name=Join(
"-", [Ref("AWS::StackName"), "private-route-table"]), ),
)
self.vpc_s3_endpoint = ec2.VPCEndpoint(
"VPCS3Endpoint",
ServiceName=Join(
"",
["com.amazonaws.", Ref("AWS::Region"), ".s3"]),
VpcId=Ref(self.vpc),
RouteTableIds=[
Ref(self.public_route_table),
Ref(self.private_route_table)
],
)
self.route_to_internet = ec2.Route(
"RouteToInternet",
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(self.internet_gateway),
RouteTableId=Ref(self.public_route_table),
DependsOn=self.internet_gateway_attachment.title,
)
# private subnets
self.private_subnet_1 = ec2.Subnet(
"PrivateSubnet1",
AvailabilityZone=Select(0, GetAZs()),
CidrBlock="172.1.1.0/24",
MapPublicIpOnLaunch=False,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-private-subnet-1"]), ),
VpcId=Ref(self.vpc),
)
self.private_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation(
"PrivateSubnet1RouteTableAssociation",
RouteTableId=Ref(self.private_route_table),
SubnetId=Ref(self.private_subnet_1),
)
self.private_subnet_2 = ec2.Subnet(
"PrivateSubnet2",
AvailabilityZone=Select(1, GetAZs()),
CidrBlock="172.1.2.0/24",
MapPublicIpOnLaunch=False,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-private-subnet-2"]), ),
VpcId=Ref(self.vpc),
)
self.private_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation(
"PrivateSubnet2RouteTableAssociation",
RouteTableId=Ref(self.private_route_table),
SubnetId=Ref(self.private_subnet_2),
)
self.private_network_aCL = ec2.NetworkAcl(
"PrivateNetworkACL",
VpcId=Ref(self.vpc),
Tags=Tags(Name=Join("",
[Ref("AWS::StackName"), "-private-nacl"]), ),
)
self.private_subnet_1_network_acl_association = ec2.SubnetNetworkAclAssociation(
"PrivateSubnet1NetworkAclAssociation",
SubnetId=Ref(self.private_subnet_1),
NetworkAclId=Ref(self.private_network_aCL),
)
self.private_subnet_2_network_acl_association = ec2.SubnetNetworkAclAssociation(
"PrivateSubnet2NetworkAclAssociation",
SubnetId=Ref(self.private_subnet_2),
NetworkAclId=Ref(self.private_network_aCL),
)
self.private_network_acl_entry_in = ec2.NetworkAclEntry(
"PrivateNetworkAclEntryIn",
CidrBlock="172.1.0.0/16",
Egress=False,
NetworkAclId=Ref(self.private_network_aCL),
Protocol=-1,
RuleAction="allow",
RuleNumber=200,
)
self.private_network_acl_entry_out = ec2.NetworkAclEntry(
"PrivateNetworkAclEntryOut",
CidrBlock="172.1.0.0/16",
Egress=True,
NetworkAclId=Ref(self.private_network_aCL),
Protocol=-1,
RuleAction="allow",
RuleNumber=200,
)
# public subnets
self.public_subnet_1 = ec2.Subnet(
"PublicSubnet1",
AvailabilityZone=Select(0, GetAZs()),
CidrBlock="172.1.128.0/24",
MapPublicIpOnLaunch=True,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-public-subnet-1"]), ),
VpcId=Ref(self.vpc),
)
self.public_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation(
"PublicSubnet1RouteTableAssociation",
RouteTableId=Ref(self.public_route_table),
SubnetId=Ref(self.public_subnet_1),
)
self.public_subnet_2 = ec2.Subnet(
"PublicSubnet2",
AvailabilityZone=Select(1, GetAZs()),
CidrBlock="172.1.129.0/24",
MapPublicIpOnLaunch=True,
Tags=Tags(Name=Join(
"", [Ref("AWS::StackName"), "-public-subnet-2"]), ),
VpcId=Ref(self.vpc),
)
self.public_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation(
"PublicSubnet2RouteTableAssociation",
RouteTableId=Ref(self.public_route_table),
SubnetId=Ref(self.public_subnet_2),
)
def create_vpc_template(template=None):
if not template:
template = Template()
template.add_description(
'AWS cloud formation script template.at creates a VPC with a NAT Gg'
)
template.add_version('2010-09-09')
vpc_cidr_block = template.add_parameter(
Parameter(
'VPCCIDR',
Default=vpc_config['cidr_block'],
Description='The IP address space for this VPC, in CIDR notation',
Type='String',
))
vpc = template.add_resource(
ec2.VPC('VPC',
CidrBlock=Ref(vpc_cidr_block),
Tags=Tags(vpc_config['tags'])))
igw = template.add_resource(ec2.InternetGateway('InternetGateway', ))
template.add_resource(
ec2.VPCGatewayAttachment(
"NatAttachment",
VpcId=Ref(vpc),
InternetGatewayId=Ref(igw),
))
template.add_output(Output('VPCId', Value=Ref(vpc), Description='VPC Id'))
public_security_group = template.add_resource(
ec2.SecurityGroup(
security_group_config['public']['name'],
GroupDescription='{} public security group'.format(
vpc_config['name']),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
ToPort=r['port'],
FromPort=r['port'],
CidrIp=r['cidr_block'])
for r in security_group_config['public']['ingress_rules']
],
VpcId=Ref(vpc),
Tags=Tags(
dict(Name='public {} security group'.format(
vpc_config['name']))),
))
template.add_output(
Output('PublicSecurityGroupId',
Value=Ref(public_security_group),
Description='Public Security Group Id'))
private_security_group = template.add_resource(
ec2.SecurityGroup(
security_group_config['private']['name'],
GroupDescription='{} private security group'.format(
vpc_config['name']),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol='tcp',
ToPort=r['port'],
FromPort=r['port'],
SourceSecurityGroupId=Ref(public_security_group))
for r in security_group_config['private']['ingress_rules']
],
VpcId=Ref(vpc),
Tags=Tags(
dict(Name='private {} security group'.format(
vpc_config['name']))),
))
for i, sub_net in enumerate(sub_nets):
public_subnet = template.add_parameter(
Parameter(
'PublicSubnetCidr{}'.format(i),
Type='String',
Description='Public Subnet CIDR',
Default=sub_net['public_cidr'],
))
public_net = template.add_resource(
ec2.Subnet(
'PublicSubnet{}'.format(i),
AvailabilityZone=sub_net['region'],
CidrBlock=Ref(public_subnet),
MapPublicIpOnLaunch=False,
VpcId=Ref(vpc),
Tags=Tags(dict(Name='Public Subnet {}'.format(i))),
))
public_route_table = template.add_resource(
ec2.RouteTable(
'PublicRouteTable{}'.format(i),
VpcId=Ref(vpc),
))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'PublicRouteAssociation{}'.format(i),
SubnetId=Ref(public_net),
RouteTableId=Ref(public_route_table),
))
template.add_resource(
ec2.Route(
'PublicDefaultRoute{}'.format(i),
RouteTableId=Ref(public_route_table),
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(igw),
))
template.add_output(
Output('PublicSubnet{}'.format(i),
Value=Ref(public_subnet),
Description='Subnet Id'))
if private_sub_net:
private_subnet = template.add_parameter(
Parameter(
'PrivateSubnetCidr{}'.format(i),
Type='String',
Description='Private Subnet CIDR',
Default=sub_net['private_cidr'],
))
private_net = template.add_resource(
ec2.Subnet(
'PrivateSubnet{}'.format(i),
CidrBlock=Ref(private_subnet),
MapPublicIpOnLaunch=False,
VpcId=Ref(vpc),
Tags=Tags(dict(Name='Private Subnet {}'.format(i))),
))
private_route_table = template.add_resource(
ec2.RouteTable(
'PrivateRouteTable{}'.format(i),
VpcId=Ref(vpc),
))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'PrivateRouteAssociation{}'.format(i),
SubnetId=Ref(private_net),
RouteTableId=Ref(private_route_table),
))
template.add_output(
Output('PrivateSubnet{}'.format(i),
Value=Ref(private_subnet),
Description='Subnet Id'))
if nat_gateway and private_sub_net:
nat_eip = template.add_resource(
ec2.EIP(
'NatEip{}'.format(i),
Domain="vpc",
))
nat = template.add_resource(
ec2.NatGateway(
'Nat{}'.format(i),
AllocationId=GetAtt(nat_eip, 'AllocationId'),
SubnetId=Ref(public_net),
))
template.add_resource(
ec2.Route(
'NatRoute{}'.format(i),
RouteTableId=Ref(private_route_table),
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=Ref(nat),
))
template.add_output(
Output(
'NatEip{}'.format(i),
Value=Ref(nat_eip),
Description='Nat Elastic IP',
))
write_json_to_file('vpc.json', template)
def add_resources(self):
""" Add All Cloudformation Resources. This will include vpc, igw, and any other network
resources """
self.vpc = self.template.add_resource(
ec2.VPC(
"VPC",
CidrBlock=Ref(self.VpcCidr),
EnableDnsSupport=True,
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-VPC"),
))
self.PubSubnet1 = self.template.add_resource(
ec2.Subnet(
"PubSubnet1",
CidrBlock=Ref(self.PubSub1Cidr),
VpcId=Ref(self.vpc),
AvailabilityZone="us-east-1a",
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PubSubnet1"),
))
self.PubSubnet2 = self.template.add_resource(
ec2.Subnet(
"PubSubnet2",
VpcId=Ref(self.vpc),
CidrBlock=Ref(self.PubSub2Cidr),
AvailabilityZone="us-east-1b",
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PubSubnet2"),
))
self.PrivSubnet1 = self.template.add_resource(
ec2.Subnet(
"PrivSubnet1",
VpcId=Ref(self.vpc),
CidrBlock=Ref(self.PrivSub1Cidr),
AvailabilityZone="us-east-1a",
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PrivSubnet1"),
))
self.PrivSubnet2 = self.template.add_resource(
ec2.Subnet(
"PrivSubnet2",
CidrBlock=Ref(self.PrivSub2Cidr),
VpcId=Ref(self.vpc),
AvailabilityZone="us-east-1b",
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PrivSubnet2"),
))
self.IGW = self.template.add_resource(
ec2.InternetGateway(
"IGW",
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-IGW"),
))
self.IGWAttachment = self.template.add_resource(
ec2.VPCGatewayAttachment(
"IGWAttachment",
VpcId=Ref(self.vpc),
InternetGatewayId=Ref(self.IGW),
))
self.EIP1 = self.template.add_resource(ec2.EIP(
"EIP1",
Domain="vpc",
))
self.EIP2 = self.template.add_resource(ec2.EIP(
"EIP2",
Domain="vpc",
))
self.NAT1 = self.template.add_resource(
ec2.NatGateway(
"NAT",
AllocationId=GetAtt(self.EIP1, "AllocationId"),
SubnetId=Ref(self.PubSubnet1),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-NAT1"),
))
self.NAT2 = self.template.add_resource(
ec2.NatGateway(
"NAT2",
AllocationId=GetAtt(self.EIP2, "AllocationId"),
SubnetId=Ref(self.PubSubnet2),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-NAT2"),
))
self.PrivRT1 = self.template.add_resource(
ec2.RouteTable(
"PrivRT1",
VpcId=Ref(self.vpc),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PRIVRT1"),
))
self.PrivRT2 = self.template.add_resource(
ec2.RouteTable(
"PrivRT2",
VpcId=Ref(self.vpc),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PRIVRT2"),
))
self.NatRoute = self.template.add_resource(
ec2.Route(
"NatRoute",
RouteTableId=Ref(self.PrivRT1),
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(self.NAT1),
))
self.Nat2Route = self.template.add_resource(
ec2.Route(
"NatRoute2",
RouteTableId=Ref(self.PrivRT2),
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(self.NAT2),
))
self.PrivRT1Association = self.template.add_resource(
ec2.SubnetRouteTableAssociation(
"PrivRT1Association",
SubnetId=Ref(self.PrivSubnet1),
RouteTableId=Ref(self.PrivRT1),
))
self.PrivRT2Association = self.template.add_resource(
ec2.SubnetRouteTableAssociation(
"PrivRT2Association",
SubnetId=Ref(self.PrivSubnet2),
RouteTableId=Ref(self.PrivRT2),
))
self.PubRT1 = self.template.add_resource(
ec2.RouteTable(
"PubRT1",
VpcId=Ref(self.vpc),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PUBRT1"),
))
self.PubRT2 = self.template.add_resource(
ec2.RouteTable(
"PubRT2",
VpcId=Ref(self.vpc),
Tags=self.base_tags +
Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
"-SS-PUBRT2"),
))
self.PubRT1IGWattachment = self.template.add_resource(
ec2.Route(
"PubRT1IGWAttachment",
DependsOn=["IGWAttachment"],
RouteTableId=Ref(self.PubRT1),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(self.IGW),
))
self.PubRT2IGWattachment = self.template.add_resource(
ec2.Route(
"PubRT2IGWAttachment",
DependsOn=["IGWAttachment"],
RouteTableId=Ref(self.PubRT2),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(self.IGW),
))
self.PubRT1Association = self.template.add_resource(
ec2.SubnetRouteTableAssociation(
"PubRT1Associate",
SubnetId=Ref(self.PubSubnet1),
RouteTableId=Ref(self.PubRT1),
))
self.PubRT2Asocation = self.template.add_resource(
ec2.SubnetRouteTableAssociation(
"PubR2Associate",
SubnetId=Ref(self.PubSubnet2),
RouteTableId=Ref(self.PubRT2),
))
def sg_subnet_vpc(self, template, provision_refs):
ref_stack_id = Ref('AWS::StackId')
if 'aws_vpc_id' in self.app.config['provision']:
vpc = self.app.config['provision']['aws_vpc_id']
use_subnet = self.app.config['provision']['aws_subnet_id']
use_subnet2 = self.app.config['provision']['aws_subnet2_id']
use_sg = self.app.config['provision']['aws_sg_id']
use_alb_sg = self.app.config['provision']['alb_sg_id']
self.app.log.info(
'Using your AWS subnet, make sure the routes and ports are configured correctly'
)
else:
vpc = Ref(
template.add_resource(
ec2.VPC('VPC',
CidrBlock='10.0.0.0/16',
Tags=Tags(Application=ref_stack_id))))
internet_gateway = template.add_resource(
ec2.InternetGateway('InternetGateway',
Tags=Tags(Application=ref_stack_id)))
template.add_resource(
ec2.VPCGatewayAttachment(
'AttachGateway',
VpcId=vpc,
InternetGatewayId=Ref(internet_gateway)))
route_table = template.add_resource(
ec2.RouteTable('RouteTable',
VpcId=vpc,
Tags=Tags(Application=ref_stack_id)))
subnet = template.add_resource(
ec2.Subnet('Subnet',
CidrBlock='10.0.0.0/24',
VpcId=vpc,
AvailabilityZone=Select(0, GetAZs("")),
Tags=Tags(Application=ref_stack_id)))
subnet2 = template.add_resource(
ec2.Subnet('Subnet2',
CidrBlock='10.0.1.0/24',
VpcId=vpc,
AvailabilityZone=Select(1, GetAZs("")),
Tags=Tags(Application=ref_stack_id)))
template.add_resource(
ec2.Route(
'Route',
DependsOn='AttachGateway',
GatewayId=Ref('InternetGateway'),
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref(route_table),
))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'SubnetRouteTableAssociation',
SubnetId=Ref(subnet),
RouteTableId=Ref(route_table),
))
template.add_resource(
ec2.SubnetRouteTableAssociation(
'Subnet2RouteTableAssociation',
SubnetId=Ref(subnet2),
RouteTableId=Ref(route_table),
))
network_acl = template.add_resource(
ec2.NetworkAcl(
'NetworkAcl',
VpcId=vpc,
Tags=Tags(Application=ref_stack_id),
))
template.add_resource(
ec2.NetworkAclEntry(
'InboundSSHNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='100',
Protocol='6',
PortRange=ec2.PortRange(From='22', To='22'),
Egress='false',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.NetworkAclEntry(
'InboundResponsePortsNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='101',
Protocol='6',
PortRange=ec2.PortRange(From='1024', To='65535'),
Egress='false',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.NetworkAclEntry(
'InboundICMPNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='102',
Protocol='1',
Icmp=ec2.ICMP(Code=-1, Type=-1),
Egress='false',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
# Only used when Blockscout is deployed
template.add_resource(
ec2.NetworkAclEntry(
'InboundHttpsNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='103',
Protocol='6',
PortRange=ec2.PortRange(From='443', To='443'),
Egress='false',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.NetworkAclEntry(
'OutBoundHTTPNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='100',
Protocol='6',
PortRange=ec2.PortRange(From='80', To='80'),
Egress='true',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.NetworkAclEntry(
'OutBoundHTTPSNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='101',
Protocol='6',
PortRange=ec2.PortRange(From='443', To='443'),
Egress='true',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.NetworkAclEntry(
'OutBoundResponsePortsNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='102',
Protocol='6',
PortRange=ec2.PortRange(From='1024', To='65535'),
Egress='true',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.NetworkAclEntry(
'OutboundICMPNetworkAclEntry',
NetworkAclId=Ref(network_acl),
RuleNumber='103',
Protocol='1',
Icmp=ec2.ICMP(Code=-1, Type=-1),
Egress='true',
RuleAction='allow',
CidrBlock='0.0.0.0/0',
))
template.add_resource(
ec2.SubnetNetworkAclAssociation(
'SubnetNetworkAclAssociation',
SubnetId=Ref(subnet),
NetworkAclId=Ref(network_acl),
))
template.add_resource(
ec2.SubnetNetworkAclAssociation(
'Subnet2NetworkAclAssociation',
SubnetId=Ref(subnet2),
NetworkAclId=Ref(network_acl),
))
use_subnet = Ref(subnet)
use_subnet2 = Ref(subnet2)
alb_security_group = template.add_resource(
ec2.SecurityGroup(
'ALBSecurityGroup',
GroupDescription=
'ALB allows traffic from public, is used to terminate SSL',
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
FromPort='46658',
ToPort='46658',
CidrIp='0.0.0.0/0'),
],
VpcId=vpc,
))
use_alb_sg = Ref(alb_security_group)
instance_security_group = template.add_resource(
ec2.SecurityGroup(
'InstanceSecurityGroup',
GroupDescription='Enable tendermint and SSH for all nodes',
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
FromPort='22',
ToPort='22',
CidrIp='0.0.0.0/0'),
ec2.SecurityGroupRule(IpProtocol='tcp',
FromPort='46656',
ToPort='46656',
CidrIp='0.0.0.0/0'),
ec2.SecurityGroupRule(IpProtocol='tcp',
FromPort='46658',
ToPort='46658',
CidrIp='0.0.0.0/0'),
ec2.SecurityGroupRule(IpProtocol='icmp',
FromPort='-1',
ToPort='-1',
CidrIp='0.0.0.0/0'),
],
VpcId=vpc,
))
use_sg = Ref(instance_security_group)
provision_refs.vpc = vpc
provision_refs.security_group_ec2 = use_sg
provision_refs.security_group_alb = use_alb_sg
provision_refs.subnets.append(use_subnet)
provision_refs.subnets.append(use_subnet2)
def main():
template = Template()
vpc = template.add_resource(
ec2.VPC('MyVPC',
CidrBlock='10.0.0.0/16',
EnableDnsSupport='true',
EnableDnsHostnames='true'))
internet_gateway = template.add_resource(
ec2.InternetGateway('MyInternetGateway',
Tags=Tags(Name='MyInternetGateway')))
template.add_resource(
ec2.VPCGatewayAttachment('MyVPCGatewayAttachment',
InternetGatewayId=Ref(internet_gateway),
VpcId=Ref(vpc),
DependsOn=internet_gateway.title))
security_group = template.add_resource(
ec2.SecurityGroup(
'mySecGroup',
GroupDescription='Security group',
VpcId=Ref(vpc),
))
template.add_resource(
ec2.SecurityGroupEgress('mySecGroupOut',
CidrIp='0.0.0.0/0',
IpProtocol='tcp',
FromPort='0',
ToPort='0',
GroupId=Ref(security_group)))
template.add_resource(
ec2.SecurityGroupIngress('mySecGroupIn',
CidrIp='0.0.0.0/0',
IpProtocol='tcp',
FromPort='0',
ToPort='0',
GroupId=Ref(security_group)))
public_subnets = [
template.add_resource(
ec2.Subnet('MyPubSub1',
AvailabilityZone='ap-southeast-2a',
VpcId=Ref(vpc),
CidrBlock='10.0.1.0/24')),
template.add_resource(
ec2.Subnet('MyPubSub2',
AvailabilityZone='ap-southeast-2b',
VpcId=Ref(vpc),
CidrBlock='10.0.2.0/24')),
template.add_resource(
ec2.Subnet('MyPubSub3',
AvailabilityZone='ap-southeast-2c',
VpcId=Ref(vpc),
CidrBlock='10.0.3.0/24'))
]
template.add_resource(
elb.LoadBalancer('myLoadBalancer',
CrossZone=True,
HealthCheck=elb.HealthCheck(
Target='HTTP:80/index.html',
HealthyThreshold='10',
UnhealthyThreshold='2',
Interval='300',
Timeout='60'),
Listeners=[
elb.Listener(LoadBalancerPort='80',
Protocol='HTTP',
InstancePort='80',
InstanceProtocol='HTTP')
],
Scheme='internet-facing',
SecurityGroups=[Ref(security_group)],
Subnets=[Ref(subnet) for subnet in public_subnets]))
template.add_resource(
ec2.Instance('myinstance',
KeyName='INSERT_YOUR_KEYPAIR_HERE',
ImageId='ami-dc361ebf',
InstanceType='t2.nano',
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(
GroupSet=[Ref(security_group)],
AssociatePublicIpAddress=True,
DeviceIndex='0',
DeleteOnTermination=True,
SubnetId=Ref(public_subnets[0]))
],
SourceDestCheck=True,
DependsOn=internet_gateway.title))
HostedZone(template=template, domain='mypublic.hz', vpcs=None)
HostedZone(template=template, domain='myprivate.hz', vpcs=[Ref(vpc)])
print(template.to_json(indent=2, separators=(',', ': ')))
def dump_base_yaml(cfn_file):
template = Template()
vpc_cidr_param = template.add_parameter(
Parameter(
"vpcCidrParam",
Description="string of vpc cidr block to use",
Type="String",
))
subnet_cidr_param = template.add_parameter(
Parameter(
"subnetCidrParam",
Description="string of subnet cidr block to use",
Type="String",
))
igw = template.add_resource(
ec2.InternetGateway(
"Igw",
Tags=resource_tags,
))
vpc = template.add_resource(
ec2.VPC(
"Vpc",
CidrBlock=Ref(vpc_cidr_param),
EnableDnsSupport=True,
EnableDnsHostnames=True,
InstanceTenancy="default",
Tags=resource_tags,
))
igwa = template.add_resource(
ec2.VPCGatewayAttachment(
"IgwA",
VpcId=Ref(vpc),
InternetGatewayId=Ref(igw),
))
route_tbl = template.add_resource(
ec2.RouteTable(
"RouteTable",
VpcId=Ref(vpc),
Tags=resource_tags,
))
default_route = template.add_resource(
ec2.Route("defaultRoute",
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(igw),
RouteTableId=Ref(route_tbl)))
subnet = template.add_resource(
ec2.Subnet(
"Subnet",
VpcId=Ref(vpc),
CidrBlock=Ref(subnet_cidr_param),
MapPublicIpOnLaunch=True,
AvailabilityZone=Select(0, GetAZs()),
Tags=resource_tags,
))
route_tbl_asoc = template.add_resource(
ec2.SubnetRouteTableAssociation("RouteTblSubnetAsoc",
RouteTableId=Ref(route_tbl),
SubnetId=Ref(subnet)))
priv_route_tbl = template.add_resource(
ec2.RouteTable(
"PrivRouteTable",
VpcId=Ref(vpc),
Tags=resource_tags,
))
priv_subnet = template.add_resource(
ec2.Subnet(
"PrivSubnet",
VpcId=Ref(vpc),
CidrBlock="10.10.1.0/24",
MapPublicIpOnLaunch=False,
AvailabilityZone=Select(0, GetAZs()),
Tags=resource_tags,
))
route_tbl_asoc = template.add_resource(
ec2.SubnetRouteTableAssociation("RouteTblPrivSubnetAsoc",
RouteTableId=Ref(priv_route_tbl),
SubnetId=Ref(priv_subnet)))
ngw_elastic_ip = template.add_resource(
ec2.EIP(
"MyNgwEip",
Tags=resource_tags,
))
nat_gateway = template.add_resource(
ec2.NatGateway(
"MyNatGateway",
AllocationId=GetAtt(ngw_elastic_ip, "AllocationId"),
SubnetId=Ref(subnet),
))
private_out_route = template.add_resource(
ec2.Route("privateOutRoute",
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(nat_gateway),
RouteTableId=Ref(priv_route_tbl)))
template.add_output([
Output(
"VpcId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(vpc),
Export=Export("VpcId-jdix"),
),
Output(
"SubnetId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(subnet),
Export=Export("SubnetId-jdix"),
),
Output(
"PrivSubnetId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(priv_subnet),
Export=Export("PrivSubnetId-jdix"),
),
])
template_out_yaml(cfn_file, template)
def dump_base_yaml(cfn_file):
template = Template()
vpc_cidr_param = template.add_parameter(
Parameter(
"vpcCidrParam",
Description="string of vpc cidr block to use",
Type="String",
))
subnet_cidr_param = template.add_parameter(
Parameter(
"subnetCidrParam",
Description="string of subnet cidr block to use",
Type="String",
))
igw = template.add_resource(
ec2.InternetGateway(
"Igw",
Tags=resource_tags,
))
vpc = template.add_resource(
ec2.VPC(
"Vpc",
CidrBlock=Ref(vpc_cidr_param),
EnableDnsSupport=True,
EnableDnsHostnames=True,
InstanceTenancy="default",
Tags=resource_tags,
))
igwa = template.add_resource(
ec2.VPCGatewayAttachment(
"IgwA",
VpcId=Ref(vpc),
InternetGatewayId=Ref(igw),
))
route_tbl = template.add_resource(
ec2.RouteTable(
"RouteTable",
VpcId=Ref(vpc),
Tags=resource_tags,
))
default_route = template.add_resource(
ec2.Route("defaultRoute",
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(igw),
RouteTableId=Ref(route_tbl)))
subnet = template.add_resource(
ec2.Subnet(
"Subnet",
VpcId=Ref(vpc),
CidrBlock=Ref(subnet_cidr_param),
MapPublicIpOnLaunch=True,
AvailabilityZone=Select(0, GetAZs()),
Tags=resource_tags,
))
route_tbl_asoc = template.add_resource(
ec2.SubnetRouteTableAssociation("RouteTblSubnetAsoc",
RouteTableId=Ref(route_tbl),
SubnetId=Ref(subnet)))
priv_route_tbl = template.add_resource(
ec2.RouteTable(
"PrivRouteTable",
VpcId=Ref(vpc),
Tags=resource_tags,
))
priv_subnet = template.add_resource(
ec2.Subnet(
"PrivSubnet",
VpcId=Ref(vpc),
CidrBlock="10.10.1.0/24",
MapPublicIpOnLaunch=False,
AvailabilityZone=Select(0, GetAZs()),
Tags=resource_tags,
))
route_tbl_asoc = template.add_resource(
ec2.SubnetRouteTableAssociation("RouteTblPrivSubnetAsoc",
RouteTableId=Ref(priv_route_tbl),
SubnetId=Ref(priv_subnet)))
ngw_elastic_ip = template.add_resource(
ec2.EIP(
"MyNgwEip",
Tags=resource_tags,
))
nat_gateway = template.add_resource(
ec2.NatGateway(
"MyNatGateway",
AllocationId=GetAtt(ngw_elastic_ip, "AllocationId"),
SubnetId=Ref(subnet),
))
private_out_route = template.add_resource(
ec2.Route("privateOutRoute",
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(nat_gateway),
RouteTableId=Ref(priv_route_tbl)))
first_network_acl = template.add_resource(
ec2.NetworkAcl(
"MyFirstNetAcl",
Tags=resource_tags,
VpcId=Ref(vpc),
))
network_out_second_acl_entry = template.add_resource(
ec2.NetworkAclEntry(
"MyPrivOutNetAclEntry",
NetworkAclId=Ref(first_network_acl),
CidrBlock="0.0.0.0/0",
Protocol=-1,
Egress=True,
RuleAction="allow",
RuleNumber=100,
))
network_inbound_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyInNetAclEntry",
NetworkAclId=Ref(first_network_acl),
CidrBlock="74.77.86.69/32",
Protocol=6,
RuleAction="allow",
RuleNumber=100,
PortRange=ec2.PortRange(From=22, To=22)))
private_to_public_client_ports_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPriv2PubClientPortsNetAclEntry",
NetworkAclId=Ref(first_network_acl),
CidrBlock="10.10.1.0/24",
Protocol=6,
RuleAction="allow",
RuleNumber=101,
PortRange=ec2.PortRange(From=1024, To=65535)))
public_to_internet_client_ports_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPub2DefaultClientPortsNetAclEntry",
NetworkAclId=Ref(first_network_acl),
CidrBlock="0.0.0.0/0",
Protocol=6,
RuleAction="allow",
RuleNumber=102,
PortRange=ec2.PortRange(From=1024, To=65535)))
public_to_private_icmpv4_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPubIcmpv4NetAclEntry",
NetworkAclId=Ref(first_network_acl),
CidrBlock="10.10.1.0/24",
Protocol=1,
Icmp=ec2.ICMP(Code=-1, Type=-1),
RuleAction="allow",
RuleNumber=103))
second_network_acl = template.add_resource(
ec2.NetworkAcl(
"MySecondNetAcl",
Tags=resource_tags,
VpcId=Ref(vpc),
))
network_out_second_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPriv2InternetClientPortsNetAclEntry",
NetworkAclId=Ref(second_network_acl),
CidrBlock="0.0.0.0/0",
Protocol=6,
RuleAction="allow",
RuleNumber=100,
PortRange=ec2.PortRange(From=1024, To=65535)))
public_to_private_ssh_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPrivSshNetAclEntry",
NetworkAclId=Ref(second_network_acl),
CidrBlock="10.10.0.0/24",
Protocol=6,
RuleAction="allow",
RuleNumber=101,
PortRange=ec2.PortRange(From=22, To=22)))
public_to_private_http_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPrivHttpNetAclEntry",
NetworkAclId=Ref(second_network_acl),
CidrBlock="10.10.0.0/24",
Protocol=6,
RuleAction="allow",
RuleNumber=102,
PortRange=ec2.PortRange(From=80, To=80)))
private_to_public_icmpv4_acl_entry = template.add_resource(
ec2.NetworkAclEntry("MyPrivIcmpv4NetAclEntry",
NetworkAclId=Ref(second_network_acl),
CidrBlock="10.10.0.0/24",
Protocol=1,
Icmp=ec2.ICMP(Code=-1, Type=-1),
RuleAction="allow",
RuleNumber=103))
network_out_second_acl_entry = template.add_resource(
ec2.NetworkAclEntry(
"MyPubOutNetAclEntry",
NetworkAclId=Ref(second_network_acl),
CidrBlock="0.0.0.0/0",
Protocol=-1,
Egress=True,
RuleAction="allow",
RuleNumber=100,
))
subnet_nacl_asociation = template.add_resource(
ec2.SubnetNetworkAclAssociation("subNaclAsoc",
NetworkAclId=Ref(first_network_acl),
SubnetId=Ref(subnet)))
priv_subnet_nacl_asociation = template.add_resource(
ec2.SubnetNetworkAclAssociation("privSubNaclAsoc",
NetworkAclId=Ref(second_network_acl),
SubnetId=Ref(priv_subnet)))
template.add_output([
Output(
"VpcId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(vpc),
Export=Export("VpcId-jdix"),
),
Output(
"SubnetId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(subnet),
Export=Export("SubnetId-jdix"),
),
Output(
"PrivSubnetId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(priv_subnet),
Export=Export("PrivSubnetId-jdix"),
),
])
template_out_yaml(cfn_file, template)
def add_resource(self):
t = self.template
self.PublicRouteTable = t.add_resource(ec2.RouteTable(
"PublicRouteTable",
VpcId=Ref("VPC"),
Tags=Tags(
Application=Ref("AWS::StackName"),
Network="Public",
Environment=Ref(self.Environment),
Name=Join("-", ["RT-PU-1", Ref(self.Project)]),
),
))
self.GatewayToInternet = t.add_resource(ec2.VPCGatewayAttachment(
"GatewayToInternet",
VpcId=Ref("VPC"),
InternetGatewayId=Ref("InternetGateway"),
))
self.PubSubnet1 = t.add_resource(ec2.Subnet(
"PubSubnet1",
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Public",
Name=Join("-", ["NT-PU-1", Ref(self.Project)]),
),
VpcId=Ref("VPC"),
CidrBlock=Ref(self.PublicSubnet1),
AvailabilityZone=Ref(self.AvailabilityZone1),
MapPublicIpOnLaunch=True,
))
self.PubSubnet2 = t.add_resource(ec2.Subnet(
"PubSubnet2",
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Public",
Name=Join("-", ["NT-PU-2", Ref(self.Project)]),
),
VpcId=Ref("VPC"),
CidrBlock=Ref(self.PublicSubnet2),
AvailabilityZone=Ref(self.AvailabilityZone2),
MapPublicIpOnLaunch=True,
))
self.PriSubnet2 = t.add_resource(ec2.Subnet(
"PriSubnet2",
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Private",
Name=Join("-", ["NT-PR-2", Ref(self.Project)]),
),
VpcId=Ref("VPC"),
CidrBlock=Ref(self.PrivateSubnet2),
AvailabilityZone=Ref(self.AvailabilityZone2),
))
self.PriSubnet1 = t.add_resource(ec2.Subnet(
"PriSubnet1",
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Private",
Name=Join("-", ["NT-PR-1", Ref(self.Project)]),
),
VpcId=Ref("VPC"),
CidrBlock=Ref(self.PrivateSubnet1),
AvailabilityZone=Ref(self.AvailabilityZone1),
))
self.PrivateRouteTable2 = t.add_resource(ec2.RouteTable(
"PrivateRouteTable2",
VpcId=Ref("VPC"),
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Private",
Name=Join("-", ["RT-PR-2", Ref(self.Project)]),
),
))
self.PublicRoute = t.add_resource(ec2.Route(
"PublicRoute",
GatewayId=Ref("InternetGateway"),
DestinationCidrBlock="0.0.0.0/0",
RouteTableId=Ref(self.PublicRouteTable),
))
self.PrivateRouteTable1 = t.add_resource(ec2.RouteTable(
"PrivateRouteTable1",
VpcId=Ref("VPC"),
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Private",
Name=Join("-", ["RT-PR-1", Ref(self.Project)]),
),
))
self.PriSubnet2RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation(
"PriSubnet2RTAssoc",
SubnetId=Ref(self.PriSubnet2),
RouteTableId=Ref(self.PrivateRouteTable2),
))
self.InternetGateway = t.add_resource(ec2.InternetGateway(
"InternetGateway",
Tags=Tags(
Application=Ref("AWS::StackName"),
Environment=Ref(self.Environment),
Network="Public",
Name=Join("-", ["IGW", Ref(self.Project)]),
),
))
self.VPC = t.add_resource(ec2.VPC(
"VPC",
CidrBlock=Ref(self.VpcCidr),
EnableDnsSupport=True,
EnableDnsHostnames=True,
Tags=Tags(
Name=Join("-", ["VPC", Ref(self.Project)]),
Environment=Ref(self.Environment),
Application=Ref("AWS::StackName"),
),
))
self.PubSubnet2RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation(
"PubSubnet2RTAssoc",
SubnetId=Ref(self.PubSubnet2),
RouteTableId=Ref(self.PublicRouteTable),
))
self.PubSubnet1RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation(
"PubSubnet1RTAssoc",
SubnetId=Ref(self.PubSubnet1),
RouteTableId=Ref(self.PublicRouteTable),
))
self.PriSubnet1RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation(
"PriSubnet1RTAssoc",
SubnetId=Ref(self.PriSubnet1),
RouteTableId=Ref(self.PrivateRouteTable1),
))
"ap-northeast-1": {"AMI": "ami-b80b6db8"},
"us-east-1": {"AMI": "ami-61bbf104"},
"sa-east-1": {"AMI": "ami-fd0197e0"},
"us-west-1": {"AMI": "ami-f77fbeb3"},
"us-west-2": {"AMI": "ami-d440a6e7"}
})
VPC = t.add_resource(ec2.VPC(
"VPC",
EnableDnsSupport="true",
CidrBlock=FindInMap("SubnetConfig", "VPC", "CIDR"),
EnableDnsHostnames="true",
))
InternetGateway = t.add_resource(ec2.InternetGateway(
"InternetGateway",
))
PublicSubnet = t.add_resource(ec2.Subnet(
"PublicSubnet",
VpcId=Ref("VPC"),
CidrBlock=FindInMap("SubnetConfig", "Public", "CIDR"),
))
PublicRouteTable = t.add_resource(ec2.RouteTable(
"PublicRouteTable",
VpcId=Ref(VPC),
))
DefaultSecurityGroup = t.add_resource(ec2.SecurityGroup(
ec2.Subnet(
'PublicSubnet',
CidrBlock=Ref(public_subnet),
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc),
))
private_net = t.add_resource(
ec2.Subnet(
'PrivateSubnet',
CidrBlock=Ref(private_subnet),
MapPublicIpOnLaunch=False,
VpcId=Ref(vpc),
))
igw = t.add_resource(ec2.InternetGateway('InternetGateway', ))
net_gw_vpc_attachment = t.add_resource(
ec2.VPCGatewayAttachment(
"NatAttachment",
VpcId=Ref(vpc),
InternetGatewayId=Ref(igw),
))
private_route_table = t.add_resource(
ec2.RouteTable(
'PrivateRouteTable',
VpcId=Ref(vpc),
))
public_route_table = t.add_resource(
from troposphere import Template, Ref
import troposphere.ec2 as ec2
t = Template()
r_vpc = t.add_resource(ec2.VPC('VPC', CidrBlock='10.0.0.0/16'))
r_internet_gateway = t.add_resource(ec2.InternetGateway('InternetGateway'))
r_gateway_attachment = t.add_resource(
ec2.VPCGatewayAttachment('VPCGatewayAttachment',
VpcId=Ref(r_vpc),
InternetGatewayId=Ref(r_internet_gateway)))
r_public_route_table = t.add_resource(
ec2.RouteTable('PublicRouteTable', VpcId=Ref(r_vpc)))
r_route_igw = t.add_resource(
ec2.Route(
'RouteInternetGateway',
DependsOn=r_gateway_attachment,
GatewayId=Ref(r_internet_gateway),
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=Ref(r_public_route_table),
))
print(t.to_yaml())