def configure_alb(self, t, service):
service_target_group = t.add_resource(elasticloadbalancingv2.TargetGroup(
self.resource_name_format % ('ServiceTargetGroup'),
Port=80,
Protocol="HTTP",
HealthCheckPath=self.healthcheck_path,
HealthCheckIntervalSeconds=self.healthcheck_interval,
HealthCheckTimeoutSeconds=self.healthcheck_interval - 1,
HealthyThresholdCount=2,
UnhealthyThresholdCount=5,
VpcId=ImportValue(Sub(self.imports_format % ('VpcId'))),
TargetGroupAttributes=[
elasticloadbalancingv2.TargetGroupAttribute(Key=key, Value=value)
for (key, value) in sorted(self.target_group_attributes().items())
]
))
listener_rule = t.add_resource(elasticloadbalancingv2.ListenerRule(
self.resource_name_format % ('SecureListenerRule'),
ListenerArn=ImportValue(Sub(self.imports_format % ('PublicListener' if self.public else 'InternalListener'))),
Priority=self.priority,
Actions=[elasticloadbalancingv2.Action(Type="forward", TargetGroupArn=Ref(service_target_group))],
Conditions=[elasticloadbalancingv2.Condition(Field="host-header", Values=self.domains)]
))
service.DependsOn.append(listener_rule.title)
service.LoadBalancers = [
ecs.LoadBalancer(
ContainerName=self.container_name,
ContainerPort=self.port,
TargetGroupArn=Ref(service_target_group)
)
]
def add_resources(self):
"""Add resources to template."""
template = self.template
variables = self.get_variables()
listenerrule = template.add_resource(
elasticloadbalancingv2.ListenerRule(
'ListenerRule',
Actions=[
elasticloadbalancingv2.Action(
TargetGroupArn=variables['TargetGroupArn'].ref,
Type='forward'
)
],
Conditions=[
elasticloadbalancingv2.Condition(
Field=variables['Condition'].ref,
Values=[variables['Value'].ref]
)
],
ListenerArn=variables['ListenerArn'].ref,
Priority=variables['Priority'].ref
)
)
template.add_output(Output(
"{}Arn".format(listenerrule.title),
Description="ARN of the Listener Rule",
Value=Ref(listenerrule),
Export=Export(
Sub('${AWS::StackName}-%sArn' % listenerrule.title)
)
))
def create_loadbalancer():
return [
elb.LoadBalancer(
'tlsFrontend',
SecurityGroups=[Ref('secgrpLoadBalancer')],
Subnets=[Ref('subnetA'), Ref('subnetB')],
Tags=_tags(),
),
elb.Listener(
'tlsFrontendListener',
Certificates=[
elb.Certificate(CertificateArn=Ref('certificateArn')),
],
DefaultActions=[
elb.Action(TargetGroupArn=Ref('tlsFrontendApplication'),
Type='forward'),
],
LoadBalancerArn=Ref('tlsFrontend'),
Port=443,
Protocol='HTTPS',
),
elb.ListenerRule(
'tlsFrontendJenkinsRule',
Actions=[
elb.Action(TargetGroupArn=Ref('tlsFrontendJenkins'),
Type='forward'),
],
Conditions=[
elb.Condition(Field='host-header',
Values=[_subdomain_for_jenkins()]),
],
ListenerArn=Ref('tlsFrontendListener'),
Priority=1,
),
elb.TargetGroup(
'tlsFrontendApplication',
HealthCheckIntervalSeconds=300,
HealthCheckPath='/health',
Port=80,
Protocol='HTTP',
Tags=_tags(),
Targets=[
elb.TargetDescription(Id=Ref('devserver'), Port=80),
],
VpcId=Ref('vpc'),
),
elb.TargetGroup(
'tlsFrontendJenkins',
HealthCheckIntervalSeconds=300,
HealthCheckPath='/robots.txt',
Port=8080,
Protocol='HTTP',
Tags=_tags(),
Targets=[
elb.TargetDescription(Id=Ref('devserver'), Port=8080),
],
VpcId=Ref('vpc'),
),
]
def elbv2_listener_rule(self, name, actions, conditions, listener_arn,
priority):
"""
Create ELBv2 listener rule
:param name: Name to assign to the rule
:param actions: Listener actions,
:param conditions: Conditions (i.e application layer rules)
:param listener_arn: ARN of the listener
:param priority: Rule priority, for when there are multiple rules.
"""
self.template.add_resource(
elbv2.ListenerRule(name,
Actions=actions,
Conditions=conditions,
ListenerArn=listener_arn,
Priority=priority))
def create_listener_rule(self):
t = self.template
listener_rule = t.add_resource(
elb.ListenerRule(
"ListenerRule",
ListenerArn=self.vars['DefaultListener'],
Priority=1,
Actions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(self.target_group))
],
Conditions=[
elb.Condition(
Field="path-pattern",
Values=['/'],
)
],
))
return listener_rule
def create_alb_listener_rule(stack,
name,
listener,
condition,
target_group,
priority=1,
condition_field=''):
"""Add ALB Listener Rule Resource."""
return stack.stack.add_resource(
alb.ListenerRule(
'{0}ListenerRule'.format(name),
Condition=condition_field,
ListenerArn=listener,
Conditions=[
alb.Condition(Field=condition['field'],
Values=condition['values'])
],
Actions=[alb.Action(Type='forward', TargetGroupArn=target_group)],
Priority=priority))
def gen_listener_rule(self):
self.listener_rule = elasticloadbalancingv2.ListenerRule(
"ListenerRule",
Actions=[
elasticloadbalancingv2.Action(Type="forward",
TargetGroupArn=Ref(
self.target_group))
],
Conditions=[
elasticloadbalancingv2.Condition(
Field="path-pattern",
PathPatternConfig=elasticloadbalancingv2.PathPatternConfig(
Values=["/demo/*", "/demo"]),
)
],
ListenerArn=self.import_value("load-balancer",
"LoadBalancerListenerHTTP"),
Priority=10,
)
self.template.add_resource(self.listener_rule)
def handle(self, chain_context):
template = chain_context.template
if not (self.path_pattern or self.host_pattern):
raise RuntimeError(
"with_listener_rule() requires one of: path_pattern, host_pattern"
)
routing_condition = None
if self.path_pattern:
routing_condition = alb.Condition(
Field="path-pattern",
Values=[self.path_pattern],
)
# TODO: support host headers someday
# elif self.host_pattern:
# routing_condition = alb.Condition(
# Field="host-header",
# Values=[
# chain_context.instance_name,
# "-",
# What do we put here?
# ".",
# self.base_domain_name
# ]
# )
listener_rule = alb.ListenerRule(
self.name,
ListenerArn=self.alb_listener_rule,
Conditions=[routing_condition],
Actions=[
alb.Action(Type="forward",
TargetGroupArn=Ref(
chain_context.metadata[META_TARGET_GROUP_NAME]))
],
Priority=self.priority,
)
template.add_resource(listener_rule)
def add_resources_and_outputs(self):
"""Add resources to template."""
template = self.template
variables = self.get_variables()
for rule in variables['Rules']:
listenerrule = template.add_resource(
elasticloadbalancingv2.ListenerRule(
'ListenerRule{p}'.format(p=rule['Priority']),
Actions=[
elasticloadbalancingv2.Action(
TargetGroupArn=rule['TargetGroupArn'],
Type='forward'
)
],
Conditions=[
elasticloadbalancingv2.Condition(
Field=rule['Condition'],
Values=[rule['Value']]
)
],
ListenerArn=variables['ListenerArn'].ref,
Priority=rule['Priority']
)
)
template.add_output(
Output(
'{}Arn'.format(listenerrule.title),
Description='ARN of the Listener Rule {}'.format(
rule['Priority']
),
Export=Export(
Sub('${AWS::StackName}-%sArn' % listenerrule.title)
),
Value=Ref(listenerrule),
)
)
]))
ElasticLoadBalancingV2ListenerRule = template.add_resource(
elasticloadbalancingv2.ListenerRule(
'ElasticLoadBalancingV2ListenerRule',
Priority='1',
ListenerArn=
'arn:aws:elasticloadbalancing:us-east-2:445114057331:listener/app/my-service-lb/39baed772591d6c0/930c98eb2dcb4690',
Conditions=[
elasticloadbalancingv2.Condition(
Field='path-pattern',
Values=['/api/currency-exchange-microservice/*'])
],
Actions=[
elasticloadbalancingv2.Action(
Type='forward',
TargetGroupArn=
'arn:aws:elasticloadbalancing:us-east-2:445114057331:targetgroup/currencyexchangeservicetg/1d71df4075d5ad16',
ForwardConfig={
"TargetGroups": [{
'TargetGroupArn':
'arn:aws:elasticloadbalancing:us-east-2:445114057331:targetgroup/currencyexchangeservicetg/1d71df4075d5ad16',
'Weight': 1
}],
"TargetGroupStickinessConfig": {
'Enabled': False
}
})
]))
ElasticLoadBalancingV2ListenerRule2 = template.add_resource(
elasticloadbalancingv2.ListenerRule(
def main():
template = Template()
template.add_version("2010-09-09")
template.add_description(
"AWS CloudFormation Sample Template: ELB with 2 EC2 instances")
AddAMI(template)
# Add the Parameters
keyname_param = template.add_parameter(
Parameter(
"KeyName",
Type='AWS::EC2::KeyPair::KeyName',
Default="ansible-key",
Description="Name of an existing EC2 KeyPair to "
"enable SSH access to the instance",
))
template.add_parameter(
Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="t2.micro",
AllowedValues=["t1.micro", "t2.micro"],
ConstraintDescription="must be a valid EC2 instance type.",
))
webport_param = template.add_parameter(
Parameter(
"WebServerPort",
Type="String",
Default="8888",
Description="TCP/IP port of the web server",
))
web2_param = template.add_parameter(
Parameter(
"ApiServerPort",
Type="String",
Default="8889",
Description="TCP/IP port of the api server",
))
subnetA = template.add_parameter(
Parameter("subnetA",
Type="List<AWS::EC2::Subnet::Id>",
Description="Choose Subnets"))
VpcId = template.add_parameter(
Parameter("VpcId", Type="AWS::EC2::VPC::Id", Description="Choose VPC"))
# Define the instance security group
instance_sg = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(webport_param),
ToPort=Ref(webport_param),
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(web2_param),
ToPort=Ref(web2_param),
CidrIp="0.0.0.0/0",
),
]))
# Add the web server instance
WebInstance = template.add_resource(
ec2.Instance(
"WebInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(
Join('', [
'#!/bin/bash\n',
'sudo yum -y update\n',
'sudo yum install -y httpd php\n',
'sudo sed -i "42s/Listen 80/Listen 8888/" /etc/httpd/conf/httpd.conf\n',
'sudo service httpd restart \n',
'Ref(webport_param)',
]))))
# Add the api server instance
ApiInstance = template.add_resource(
ec2.Instance(
"ApiInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(
Join('', [
'#!/bin/bash\n',
'sudo yum -y update\n',
'sudo yum install -y httpd php\n',
'sudo sed -i "42s/Listen 80/Listen 8889/" /etc/httpd/conf/httpd.conf\n',
'sudo service httpd restart \n',
'Ref(web2_param)',
]))))
# Add the application ELB
ApplicationElasticLB = template.add_resource(
elb.LoadBalancer("ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=Ref("subnetA")))
TargetGroupWeb = template.add_resource(
elb.TargetGroup("TargetGroupWeb",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="WebTarget",
Port=Ref(webport_param),
Protocol="HTTP",
Targets=[
elb.TargetDescription(Id=Ref(WebInstance),
Port=Ref(webport_param))
],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)))
TargetGroupApi = template.add_resource(
elb.TargetGroup("TargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="ApiTarget",
Port=Ref(web2_param),
Protocol="HTTP",
Targets=[
elb.TargetDescription(Id=Ref(ApiInstance),
Port=Ref(web2_param))
],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)))
Listener = template.add_resource(
elb.Listener("Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupWeb))
]))
template.add_resource(
elb.ListenerRule("ListenerRuleApi",
ListenerArn=Ref(Listener),
Conditions=[
elb.Condition(Field="path-pattern",
Values=["/api/*"])
],
Actions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupApi))
],
Priority="1"))
template.add_output(
Output("URL",
Description="URL of the sample website",
Value=Join("",
["http://",
GetAtt(ApplicationElasticLB, "DNSName")])))
print(template.to_json())
def main():
template = Template()
subnetA = template.add_parameter(Parameter("subnetA", Type="String"))
subnetB = template.add_parameter(Parameter("subnetB", Type="String"))
alb = template.add_resource(
elb.LoadBalancer(
"ALB",
Scheme="internet-facing",
Subnets=[subnetA.ref(), subnetB.ref()],
))
listener = template.add_resource(
elb.Listener(
"Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=alb.ref(),
DefaultActions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=(
"This is a fixed response for the default "
"ALB action"),
ContentType="text/plain",
),
)
],
))
template.add_resource([
elb.ListenerRule(
"ListenerRuleApi",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(Field="host-header", Values=["api.example.com"]),
elb.Condition(
Field="http-header",
HttpHeaderConfig=elb.HttpHeaderConfig(
HttpHeaderName="X-Action", Values=["Create"]),
),
elb.Condition(
Field="path-pattern",
PathPatternConfig=elb.PathPatternConfig(Values=["/api/*"]),
),
elb.Condition(
Field="http-request-method",
HttpRequestMethodConfig=elb.HttpRequestMethodConfig(
Values=["POST"]),
),
],
Actions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=(
"This is a fixed response for any API POST "
"request with header X-Action: Create"),
ContentType="text/plain",
),
)
],
Priority="10",
),
elb.ListenerRule(
"ListenerRuleWeb",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(
Field="host-header",
HostHeaderConfig=elb.HostHeaderConfig(
Values=["www.example.com"]),
),
elb.Condition(
Field="path-pattern",
PathPatternConfig=elb.PathPatternConfig(Values=["/web/*"]),
),
],
Actions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=("This is a fixed response for any WEB "
"request"),
ContentType="text/plain",
),
)
],
Priority="20",
),
elb.ListenerRule(
"ListenerRuleMetrics",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(Field="path-pattern", Values=["/metrics/*"])
],
Actions=[
elb.Action(
Type="redirect",
RedirectConfig=elb.RedirectConfig(StatusCode="HTTP_301",
Protocol="HTTPS",
Port="443"),
)
],
Priority="30",
),
elb.ListenerRule(
"ListenerRuleSourceIp",
ListenerArn=listener.ref(),
Conditions=[
elb.Condition(
Field="source-ip",
SourceIpConfig=elb.SourceIpConfig(
Values=["52.30.12.16/28"]),
)
],
Actions=[
elb.Action(
Type="fixed-response",
FixedResponseConfig=elb.FixedResponseConfig(
StatusCode="200",
MessageBody=("The request came from IP range "
"52.30.12.16/28"),
ContentType="text/plain",
),
)
],
Priority="40",
),
])
print(template.to_json())
elb.Listener(
"TestListener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(application_elb),
DefaultActions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(target_group_web)
)]
)
)
t.add_resource(
elb.ListenerRule(
"TestListenerRule",
ListenerArn=Ref(elb_listener),
Conditions=[elb.Condition(
Field="path-pattern",
Values=["/api/*"]
)],
Actions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(target_group_api)
)],
Priority="1"
)
)
print(t.to_json())
TargetType='ip',
HealthCheckPath='/auth/realms/main',
HealthCheckProtocol='HTTP',
HealthCheckIntervalSeconds=240,
HealthyThresholdCount=5,
UnhealthyThresholdCount=5,
))
keycloakListenerRule = t.add_resource(
elasticloadbalancingv2.ListenerRule(
'KeycloakListenerRule',
ListenerArn=ImportValue(Sub('${CoreStack}-ALB-Web-Listener')),
Priority=10,
Conditions=[
elasticloadbalancingv2.Condition(Field='path-pattern',
Values=['/auth', '/auth*'])
],
Actions=[
elasticloadbalancingv2.Action(
Type='forward',
TargetGroupArn=keycloakTargetGroup.Ref(),
)
]))
keycloakTask = t.add_resource(
ecs.TaskDefinition(
'KeycloakTask',
ContainerDefinitions=[
ecs.ContainerDefinition(
'KeycloakContainer',
Name='keycloak',
Image=Ref('KeycloakImage'),
def main():
template = Template()
template.add_version("2010-09-09")
template.add_description(
"AWS CloudFormation Sample Template: ELB with 2 EC2 instances")
AddAMI(template)
# Add the Parameters
keyname_param = template.add_parameter(Parameter(
"KeyName",
Type="String",
Default="mark",
Description="Name of an existing EC2 KeyPair to "
"enable SSH access to the instance",
))
template.add_parameter(Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="m1.small",
AllowedValues=[
"t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge",
"m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge",
"cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge"
],
ConstraintDescription="must be a valid EC2 instance type.",
))
webport_param = template.add_parameter(Parameter(
"WebServerPort",
Type="String",
Default="8888",
Description="TCP/IP port of the web server",
))
apiport_param = template.add_parameter(Parameter(
"ApiServerPort",
Type="String",
Default="8889",
Description="TCP/IP port of the api server",
))
subnetA = template.add_parameter(Parameter(
"subnetA",
Type="String",
Default="subnet-096fd06d"
))
subnetB = template.add_parameter(Parameter(
"subnetB",
Type="String",
Default="subnet-1313ef4b"
))
VpcId = template.add_parameter(Parameter(
"VpcId",
Type="String",
Default="vpc-82c514e6"
))
# Define the instance security group
instance_sg = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(webport_param),
ToPort=Ref(webport_param),
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(apiport_param),
ToPort=Ref(apiport_param),
CidrIp="0.0.0.0/0",
),
]
)
)
# Add the web server instance
WebInstance = template.add_resource(ec2.Instance(
"WebInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(webport_param)),
))
# Add the api server instance
ApiInstance = template.add_resource(ec2.Instance(
"ApiInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(apiport_param)),
))
# Add the application ELB
ApplicationElasticLB = template.add_resource(elb.LoadBalancer(
"ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=[Ref(subnetA), Ref(subnetB)]
))
TargetGroupWeb = template.add_resource(elb.TargetGroup(
"TargetGroupWeb",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(
HttpCode="200"),
Name="WebTarget",
Port=Ref(webport_param),
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(WebInstance),
Port=Ref(webport_param))],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)
))
TargetGroupApi = template.add_resource(elb.TargetGroup(
"TargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(
HttpCode="200"),
Name="ApiTarget",
Port=Ref(apiport_param),
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(ApiInstance),
Port=Ref(apiport_param))],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)
))
Listener = template.add_resource(elb.Listener(
"Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(TargetGroupWeb)
)]
))
template.add_resource(elb.ListenerRule(
"ListenerRuleApi",
ListenerArn=Ref(Listener),
Conditions=[elb.Condition(
Field="path-pattern",
Values=["/api/*"])],
Actions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(TargetGroupApi)
)],
Priority="1"
))
template.add_output(Output(
"URL",
Description="URL of the sample website",
Value=Join("", ["http://", GetAtt(ApplicationElasticLB, "DNSName")])
))
print(template.to_json())
priority = services.index(s) + 1
# Set a URL extension for non-prod environments
if e == "prod":
URLPathMod = ""
else:
URLPathMod = "{}.".format(e)
t.add_resource(
elb.ListenerRule(
"{}{}ListenerRule".format(e, s),
ListenerArn=Ref("{}Listener".format(e)),
Conditions=[
elb.Condition(
Field="host-header",
Values=[Join("", [s, ".", URLPathMod, domain])])
],
Actions=[
elb.Action(Type="forward",
TargetGroupArn=Ref("{}{}TargetGroup".format(
e, s)))
],
Priority=priority))
t.add_resource(
route53.RecordSetType("{}{}DNSRecord".format(e, s),
HostedZoneName=Join("", [domain, "."]),
Name=Join("",
[s, ".", URLPathMod, domain, "."]),
Type="A",
AliasTarget=route53.AliasTarget(
FindInMap("RegionZIDMap",
# )]
# ))
"""
Add the TargetGroup to a Listener on the ALB
- path-pattern is given as a Parameter to this stack
"""
listener_rule1 = t.add_resource(
elasticloadbalancingv2.ListenerRule(
"ListenerRule1",
Actions=[
elasticloadbalancingv2.Action(TargetGroupArn=Ref(target_group),
Type="forward")
],
Conditions=[
elasticloadbalancingv2.Condition(Field="path-pattern",
Values=[Ref(service_path)]),
If(
service_host_condition,
elasticloadbalancingv2.Condition(Field="host-header",
Values=[Ref(service_host)]),
Ref("AWS::NoValue"))
],
# ListenerArn=Ref(app_lb_listener),
ListenerArn=ImportValue(Sub("${AlbStack}-AlbPublicListener80")),
Priority=Ref(listener_priority)))
listener_rule2 = t.add_resource(
elasticloadbalancingv2.ListenerRule(
"ListenerRule2",
Condition=certificate_arn_condition,
Actions=[
elasticloadbalancingv2.Action(TargetGroupArn=Ref(target_group),
VpcId=myvpc,
))
Listener = template.add_resource(
elb.Listener("Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(FrontendAlb),
DefaultActions=[
elb.Action(Type="forward", TargetGroupArn=Ref(WebTargets))
]))
template.add_resource(
elb.ListenerRule(
"ListenerRule",
ListenerArn=Ref(Listener),
Conditions=[elb.Condition(Field="path-pattern", Values=["/*"])],
Actions=[elb.Action(Type="forward", TargetGroupArn=Ref(WebTargets))],
Priority="1"))
lcf = template.add_resource(
LaunchConfiguration(
"lcf",
AssociatePublicIpAddress=False,
ImageId='ami-63d53204',
InstanceType='t2.nano',
KeyName='Demo',
SecurityGroups=[Ref(instancesg)],
))
asg = template.add_resource(
AutoScalingGroup(
def generate_template(d):
# Set template metadata
t = Template()
t.add_version("2010-09-09")
t.set_description(d["cf_template_description"])
aws_account_id = Ref("AWS::AccountId")
aws_region = Ref("AWS::Region")
# Task definition
task_definition = t.add_resource(
TaskDefinition(
"TaskDefinition",
Family=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
RequiresCompatibilities=["FARGATE"],
Cpu=d["container_cpu"],
Memory=d["container_memory"],
NetworkMode="awsvpc",
ExecutionRoleArn=ImportValue(d["ecs_stack_name"] +
"-ECSClusterRole"),
ContainerDefinitions=[
ContainerDefinition(
Name=Join("", [
d["env"], "-", d["project_name"], "-",
d["service_name"]
]),
Image=Join(
"",
[
aws_account_id, ".dkr.ecr.", aws_region,
".amazonaws.com/", d["env"], d["project_name"],
d["service_name"], ":latest"
],
),
Essential=True,
PortMappings=[
PortMapping(
ContainerPort=d["container_port"],
HostPort=d["container_port"],
)
],
EntryPoint=["sh", "-c"],
Command=[d["container_command"]],
LogConfiguration=LogConfiguration(
LogDriver="awslogs",
Options={
"awslogs-region":
aws_region,
"awslogs-group":
Join("", [
d["env"], "-", d["project_name"], "-",
d["service_name"]
]),
"awslogs-stream-prefix":
"ecs",
"awslogs-create-group":
"true"
}))
],
Tags=Tags(d["tags"],
{"Name": d["project_name"] + "-task-definition"}),
))
# ECR
ecr = t.add_resource(
Repository(
"ECR",
DependsOn="ListenerRule",
RepositoryName=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-ecr"}),
))
# Target group
target_group = t.add_resource(
elb.TargetGroup(
"TargetGroup",
Name=Join("", [d["env"], "-", d["service_name"]]),
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckPort=d["container_port"],
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
HealthCheckPath=d["tg_health_check_path"],
Matcher=elb.Matcher(HttpCode="200-299"),
Port=d["container_port"],
Protocol="HTTP",
TargetType="ip",
UnhealthyThresholdCount="3",
VpcId=ImportValue(d["network_stack_name"] + "-VPCId"),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-ecr"}),
))
# Listener rule
t.add_resource(
elb.ListenerRule(
"ListenerRule",
DependsOn="TargetGroup",
ListenerArn=ImportValue(d["ecs_stack_name"] + "-ListenerArnHTTP"),
Conditions=[
elb.Condition(Field="path-pattern",
Values=[d["application_path_api"]])
],
Actions=[
elb.Action(Type="forward", TargetGroupArn=Ref(target_group))
],
Priority="1",
))
# ECS service
ecs_service = t.add_resource(
Service(
"ECSService",
ServiceName=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
DependsOn="pipeline",
DesiredCount=d["container_desired_tasks_count"],
TaskDefinition=Ref(task_definition),
LaunchType="FARGATE",
NetworkConfiguration=NetworkConfiguration(
AwsvpcConfiguration=AwsvpcConfiguration(
Subnets=[
ImportValue(d["network_stack_name"] +
"-PrivateSubnetId1"),
ImportValue(d["network_stack_name"] +
"-PrivateSubnetId2"),
],
SecurityGroups=[
ImportValue(d["ecs_stack_name"] + "-ECSClusterSG")
],
)),
LoadBalancers=([
LoadBalancer(
ContainerName=Join(
"",
[
d["env"], "-", d["project_name"], "-",
d["service_name"]
],
),
ContainerPort=d["container_port"],
TargetGroupArn=Ref(target_group),
)
]),
Cluster=ImportValue(d["ecs_stack_name"] + "-ECSClusterName"),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-ecs-service"}),
))
# App Autoscaling target
# App Autoscaling policy
# Codebuild project
codebuild = t.add_resource(
Project(
"codebuild",
Name=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
DependsOn="ECR",
ServiceRole=ImportValue(d["ecs_stack_name"] +
"-CodebuildDeveloperRole"),
Artifacts=Artifacts(
Name="Build",
Location=d["artifact_store"],
Type="S3",
),
Description="Build a docker image and send it to ecr",
Source=Source(
BuildSpec="buildspec.yml",
Type="S3",
Location=d["artifact_store"] + "/" + d["artifact_name"],
),
Environment=Environment(
ComputeType="BUILD_GENERAL1_SMALL",
Image="aws/codebuild/standard:4.0",
PrivilegedMode=True,
Type="LINUX_CONTAINER",
EnvironmentVariables=[
EnvironmentVariable(
Name="AWS_DEFAULT_REGION",
Type="PLAINTEXT",
Value=aws_region,
),
EnvironmentVariable(
Name="SERVICE_NAME",
Type="PLAINTEXT",
Value=Join(
"",
[
d["env"], "-", d["project_name"], "-",
d["service_name"]
],
),
),
EnvironmentVariable(
Name="IMAGE_URI",
Type="PLAINTEXT",
Value=Join(
"",
[
aws_account_id,
".dkr.ecr.",
aws_region,
".amazonaws.com/",
d["env"],
"-",
d["project_name"],
"-",
d["service_name"],
],
),
),
],
),
Tags=Tags(d["tags"], {"Name": d["project_name"] + "-codebuild"}),
))
# Codepipeline
pipeline = t.add_resource(
Pipeline(
"pipeline",
Name=Join(
"",
[d["env"], "-", d["project_name"], "-", d["service_name"]]),
RoleArn=ImportValue(d["ecs_stack_name"] + "-CodePipelineRole"),
Stages=[
Stages(
Name="Source",
Actions=[
Actions(
Name="Source",
ActionTypeId=ActionTypeId(
Category="Source",
Owner="AWS",
Version="1",
Provider="S3",
),
OutputArtifacts=[
OutputArtifacts(Name="source_artifact")
],
Configuration={
"S3Bucket": d["artifact_store"],
"S3ObjectKey": d["artifact_name"],
},
RunOrder="1",
)
],
),
Stages(
Name="Build",
Actions=[
Actions(
Name="Build",
InputArtifacts=[
InputArtifacts(Name="source_artifact")
],
OutputArtifacts=[
OutputArtifacts(Name="build_artifact")
],
ActionTypeId=ActionTypeId(
Category="Build",
Owner="AWS",
Version="1",
Provider="CodeBuild",
),
Configuration={"ProjectName": Ref(codebuild)},
RunOrder="1",
)
],
),
Stages(
Name="Deploy",
Actions=[
Actions(
Name="Deploy",
InputArtifacts=[
InputArtifacts(Name="build_artifact")
],
ActionTypeId=ActionTypeId(
Category="Deploy",
Owner="AWS",
Version="1",
Provider="ECS",
),
Configuration={
"ClusterName":
ImportValue(d["ecs_stack_name"] +
"-ECSClusterName"),
"ServiceName":
Join(
"",
[
d["env"],
"-",
d["project_name"],
"-",
d["service_name"],
],
),
"FileName":
"definitions.json",
},
)
],
),
],
ArtifactStore=ArtifactStore(Type="S3",
Location=d["artifact_store"]),
))
# Route53
# Outputs
return t
def main():
# Meta
t.add_version("2010-09-09")
t.add_description("Template for auto-scaling in an Application"
"load balancer target group. "
"The ALB will be used as an A Alias target "
"for a specified Route53 hosted zone. "
"This template also showcases "
"Metadata Parameter Grouping, "
"Special AWS Parameter Types, "
"and Cloudformation Outputs with Exports"
"which can be imported into other templates.")
t.add_metadata({
"Author": "https://github.com/hmain/",
"LastUpdated": "2017 01 31",
"Version": "1",
})
# Parameter grouping
t.add_metadata({
"AWS::CloudFormation::Interface": {
"ParameterGroups": [{
"Label": {
"default": "Global parameters"
},
"Parameters": ["environment"]
}, {
"Label": {
"default": "Application Loadbalancer"
},
"Parameters": [
"albSubnets", "loadbalancerPrefix", "loadBalancerArn",
"albPaths", "albPort"
]
}, {
"Label": {
"default": "VPC"
},
"Parameters": ["ec2Subnets", "VPC", "securityGroup"]
}, {
"Label": {
"default": "EC2"
},
"Parameters": ["ec2Name", "ec2Type", "ec2Key"]
}, {
"Label": {
"default": "Auto-scaling"
},
"Parameters": [
"asgCapacity", "asgMinSize", "asgMaxSize", "asgCooldown",
"asgHealthGrace"
]
}, {
"Label": {
"default": "Route53"
},
"Parameters": ["route53HostedZoneId", "route53HostedZoneName"]
}]
}
})
AddAMI(t)
environment = t.add_parameter(
Parameter(
"environment",
Default="dev",
Type="String",
Description="Development or Production environment",
AllowedValues=["dev", "prod"],
ConstraintDescription="dev or prod",
))
route53_hosted_zone_id = t.add_parameter(
Parameter("route53HostedZoneId",
Default="",
Type="AWS::Route53::HostedZone::Id",
Description="Route53 DNS zone ID"))
route53_hosted_zone_name = t.add_parameter(
Parameter("route53HostedZoneName",
Default="my.aws.dns.com",
Type="String",
Description="Route53 hosted zone name"))
security_group = t.add_parameter(
Parameter("securityGroup",
Default="",
Type="List<AWS::EC2::SecurityGroup::Id>",
Description="Which security groups to use"))
alb_paths = t.add_parameter(
Parameter(
"albPaths",
Default="/",
Type="CommaDelimitedList",
Description="Path-patterns you want the loadbalancer to point to in "
"your application"))
albPort = t.add_parameter(
Parameter("albPort",
Default="80",
Type="Number",
Description="Which loadbalancer port to use"))
ec2_subnets = t.add_parameter(
Parameter("ec2Subnets",
Default="",
Type="List<AWS::EC2::Subnet::Id>",
Description="Private subnets for the instances."))
alb_subnets = t.add_parameter(
Parameter("albSubnets",
Default="",
Type="List<AWS::EC2::Subnet::Id>",
Description="Public subnets for the load balancer."))
loadbalancer_prefix = t.add_parameter(
Parameter(
"loadbalancerPrefix",
Default="",
Type="String",
Description="Specify a prefix for your loadbalancer",
))
vpc = t.add_parameter(
Parameter("VPC",
Default="",
Type="AWS::EC2::VPC::Id",
Description="Environment VPC"))
# Auto scaling group parameters
asg_capacity = t.add_parameter(
Parameter("asgCapacity",
Default="0",
Type="Number",
Description="Number of instances"))
asg_min_size = t.add_parameter(
Parameter("asgMinSize",
Default="0",
Type="Number",
Description="Minimum size of AutoScalingGroup"))
asg_max_size = t.add_parameter(
Parameter("asgMaxSize",
Default="1",
Type="Number",
Description="Maximum size of AutoScalingGroup"))
asg_cooldown = t.add_parameter(
Parameter(
"asgCooldown",
Default="300",
Type="Number",
Description="Cooldown before starting/stopping another instance"))
asg_health_grace = t.add_parameter(
Parameter(
"asgHealthGrace",
Default="300",
Type="Number",
Description="Wait before starting/stopping another instance"))
# EC2 parameters
ec2_name = t.add_parameter(
Parameter("ec2Name",
Default="myApplication",
Type="String",
Description="Name of the instances"))
ec2_type = t.add_parameter(
Parameter("ec2Type",
Default="t2.large",
Type="String",
Description="Instance type."))
ec2_key = t.add_parameter(
Parameter("ec2Key",
Default="",
Type="AWS::EC2::KeyPair::KeyName",
Description="EC2 Key Pair"))
# Launchconfiguration
ec2_launchconfiguration = t.add_resource(
autoscaling.LaunchConfiguration(
"EC2LaunchConfiguration",
ImageId=FindInMap("windowsAMI", Ref("AWS::Region"), "AMI"),
KeyName=Ref(ec2_key),
SecurityGroups=Ref(security_group),
InstanceType=Ref(ec2_type),
AssociatePublicIpAddress=False,
))
# Application ELB
alb_target_group = t.add_resource(
elb.TargetGroup("albTargetGroup",
HealthCheckPath=Select("0", Ref(alb_paths)),
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name=Ref(ec2_name),
Port=80,
Protocol="HTTP",
UnhealthyThresholdCount="3",
VpcId=Ref(vpc)))
# Auto scaling group
t.add_resource(
autoscaling.AutoScalingGroup(
"autoScalingGroup",
DesiredCapacity=Ref(asg_capacity),
Tags=autoscaling.Tags(Environment=Ref(environment)),
VPCZoneIdentifier=Ref(ec2_subnets),
TargetGroupARNs=[Ref(alb_target_group)],
MinSize=Ref(asg_min_size),
MaxSize=Ref(asg_max_size),
Cooldown=Ref(asg_cooldown),
LaunchConfigurationName=Ref(ec2_launchconfiguration),
HealthCheckGracePeriod=Ref(asg_health_grace),
HealthCheckType="EC2",
))
# Application Load Balancer
application_load_balancer = t.add_resource(
elb.LoadBalancer("applicationLoadBalancer",
Name=Ref(loadbalancer_prefix),
Scheme="internet-facing",
Subnets=Ref(alb_subnets),
SecurityGroups=Ref(security_group)))
alb_listener = t.add_resource(
elb.Listener("albListener",
Port=Ref(albPort),
Protocol="HTTP",
LoadBalancerArn=Ref(application_load_balancer),
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(alb_target_group))
]))
t.add_resource(
elb.ListenerRule("albListenerRule",
ListenerArn=Ref(alb_listener),
Conditions=[
elb.Condition(Field="path-pattern",
Values=Ref(alb_paths))
],
Actions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(alb_target_group))
],
Priority="1"))
# Route53
t.add_resource(
route53.RecordSetGroup(
"route53RoundRobin",
HostedZoneId=Ref(route53_hosted_zone_id),
RecordSets=[
route53.RecordSet(
Weight=1,
SetIdentifier=Join(".", [
Ref(environment),
Ref(route53_hosted_zone_name), "ELB"
]),
Name=Join(
".", [Ref(environment),
Ref(route53_hosted_zone_name)]),
Type="A",
AliasTarget=route53.AliasTarget(
GetAtt(application_load_balancer,
"CanonicalHostedZoneID"),
GetAtt(application_load_balancer, "DNSName")))
]))
t.add_output(
Output(
"URL",
Description="URL of the website",
Value=Join("", [
"http://",
GetAtt(application_load_balancer, "DNSName"),
Select("0", Ref(alb_paths))
]),
Export=Export(Sub("${AWS::StackName}-URL")),
))
print(t.to_json())
