def create_loadbalancer():
return [
elb.LoadBalancer(
'tlsFrontend',
SecurityGroups=[Ref('secgrpLoadBalancer')],
Subnets=[Ref('subnetA'), Ref('subnetB')],
Tags=_tags(),
),
elb.Listener(
'tlsFrontendListener',
Certificates=[
elb.Certificate(CertificateArn=Ref('certificateArn')),
],
DefaultActions=[
elb.Action(TargetGroupArn=Ref('tlsFrontendApplication'),
Type='forward'),
],
LoadBalancerArn=Ref('tlsFrontend'),
Port=443,
Protocol='HTTPS',
),
elb.ListenerRule(
'tlsFrontendJenkinsRule',
Actions=[
elb.Action(TargetGroupArn=Ref('tlsFrontendJenkins'),
Type='forward'),
],
Conditions=[
elb.Condition(Field='host-header',
Values=[_subdomain_for_jenkins()]),
],
ListenerArn=Ref('tlsFrontendListener'),
Priority=1,
),
elb.TargetGroup(
'tlsFrontendApplication',
HealthCheckIntervalSeconds=300,
HealthCheckPath='/health',
Port=80,
Protocol='HTTP',
Tags=_tags(),
Targets=[
elb.TargetDescription(Id=Ref('devserver'), Port=80),
],
VpcId=Ref('vpc'),
),
elb.TargetGroup(
'tlsFrontendJenkins',
HealthCheckIntervalSeconds=300,
HealthCheckPath='/robots.txt',
Port=8080,
Protocol='HTTP',
Tags=_tags(),
Targets=[
elb.TargetDescription(Id=Ref('devserver'), Port=8080),
],
VpcId=Ref('vpc'),
),
]
def add_alb(self, template, provision_refs, instances):
alb = template.add_resource(
elb.LoadBalancer(
'ALB',
LoadBalancerAttributes=[
elb.LoadBalancerAttributes(
Key='idle_timeout.timeout_seconds', Value='3600')
],
Subnets=provision_refs.subnets,
Type='application',
Scheme='internet-facing',
IpAddressType='ipv4',
SecurityGroups=[provision_refs.security_group_alb]))
default_target_group = template.add_resource(
elb.TargetGroup(
'DefaultTargetGroup',
Port=46658,
Protocol='HTTP',
Targets=[
elb.TargetDescription(Id=Ref(instance))
for instance in instances
],
HealthCheckProtocol='HTTP',
HealthCheckPath='/rpc',
TargetGroupAttributes=[
elb.TargetGroupAttribute(Key='stickiness.enabled',
Value='true'),
elb.TargetGroupAttribute(Key='stickiness.type',
Value='lb_cookie'),
elb.TargetGroupAttribute(
Key='stickiness.lb_cookie.duration_seconds',
Value='86400'),
],
VpcId=provision_refs.vpc))
template.add_resource(
elb.Listener(
'ALBListener',
DefaultActions=[
elb.Action('DefaultAction',
Type='forward',
TargetGroupArn=Ref(default_target_group))
],
LoadBalancerArn=Ref(alb),
Port=46658,
Protocol='HTTPS',
SslPolicy='ELBSecurityPolicy-TLS-1-2-2017-01',
Certificates=[
elb.Certificate(
CertificateArn=
'arn:aws:acm:us-east-1:489745816517:certificate/'
'fbb68210-264e-4340-9c5c-a7687f993579')
]))
provision_refs.alb = alb
def create_target_group(stack,
name,
port,
protocol='HTTPS',
targets=[],
http_codes='200',
health_check_path='/',
target_type='instance',
attributes=False):
"""Add Target Group Resource."""
target_objects = []
for target in targets:
target_objects.append(alb.TargetDescription(Id=target))
tg_atts = []
if not attributes:
tg_atts.append(
alb.TargetGroupAttribute(
Key='deregistration_delay.timeout_seconds', Value='300'))
else:
for att, value in attributes.items():
tg_atts.append(alb.TargetGroupAttribute(Key=att, Value=value))
if http_codes is not None:
return stack.stack.add_resource(
alb.TargetGroup('{0}TargetGroup'.format(name),
HealthCheckIntervalSeconds='30',
HealthCheckProtocol=protocol,
HealthCheckTimeoutSeconds='10',
HealthyThresholdCount='4',
HealthCheckPath=health_check_path,
Matcher=alb.Matcher(HttpCode=http_codes),
Name='{0}Target'.format(name),
Port=port,
Protocol=protocol,
Targets=target_objects,
TargetType=target_type,
UnhealthyThresholdCount='3',
TargetGroupAttributes=tg_atts,
VpcId=Ref(stack.vpc)))
return stack.stack.add_resource(
alb.TargetGroup('{0}TargetGroup'.format(name),
HealthCheckIntervalSeconds='30',
HealthCheckProtocol=protocol,
HealthCheckTimeoutSeconds='10',
HealthyThresholdCount='3',
Name='{0}Target'.format(name),
Port=port,
Protocol=protocol,
Targets=targets,
UnhealthyThresholdCount='3',
TargetType=target_type,
TargetGroupAttributes=tg_atts,
VpcId=Ref(stack.vpc)))
def elbv2_target(self, target_id, port):
"""
Create an ELBv2 target
:param target_id: ID of the target
:param port: Target port
:return: Target Description CFN object
"""
return elbv2.TargetDescription(Id=target_id, Port=port)
def app_elb(template,
name,
subnets,
instances,
vpc,
instance_port=443,
load_balancer_port=443,
instance_proto='HTTPS',
load_balancer_proto='HTTPS',
securitygroups=None):
"""Create an elastic load balancer """
applb = elbv2.LoadBalancer(
name,
template=template,
Subnets=[Ref(r) for r in subnets],
SecurityGroups=[Ref(r) for r in securitygroups],
)
targetgroup = elbv2.TargetGroup(
title=name + 'targetgroup',
template=template,
Port=instance_port,
Protocol=instance_proto,
VpcId=Ref(vpc),
Targets=[elbv2.TargetDescription(Id=Ref(r)) for r in instances],
HealthCheckIntervalSeconds=10,
# HealthCheckPath="/",
# HealthCheckPort="traffic-port",
# HealthCheckProtocol="HTTP",
# HealthCheckTimeoutSeconds=5,
# UnhealthyThresholdCount=10,
# HealthyThresholdCount=2,
)
elbv2.Listener(
title=(name + 'listener'),
template=template,
DefaultActions=[
elbv2.Action(TargetGroupArn=Ref(targetgroup), Type='forward')
],
LoadBalancerArn=Ref(applb),
Port=load_balancer_port,
Protocol=load_balancer_proto,
)
return applb
def main():
template = Template()
template.add_version("2010-09-09")
template.add_description(
"AWS CloudFormation Sample Template: ELB with 2 EC2 instances")
AddAMI(template)
# Add the Parameters
keyname_param = template.add_parameter(Parameter(
"KeyName",
Type="String",
Default="mark",
Description="Name of an existing EC2 KeyPair to "
"enable SSH access to the instance",
))
template.add_parameter(Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="m1.small",
AllowedValues=[
"t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge",
"m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge",
"cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge"
],
ConstraintDescription="must be a valid EC2 instance type.",
))
webport_param = template.add_parameter(Parameter(
"WebServerPort",
Type="String",
Default="8888",
Description="TCP/IP port of the web server",
))
apiport_param = template.add_parameter(Parameter(
"ApiServerPort",
Type="String",
Default="8889",
Description="TCP/IP port of the api server",
))
subnetA = template.add_parameter(Parameter(
"subnetA",
Type="String",
Default="subnet-096fd06d"
))
subnetB = template.add_parameter(Parameter(
"subnetB",
Type="String",
Default="subnet-1313ef4b"
))
VpcId = template.add_parameter(Parameter(
"VpcId",
Type="String",
Default="vpc-82c514e6"
))
# Define the instance security group
instance_sg = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(webport_param),
ToPort=Ref(webport_param),
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(apiport_param),
ToPort=Ref(apiport_param),
CidrIp="0.0.0.0/0",
),
]
)
)
# Add the web server instance
WebInstance = template.add_resource(ec2.Instance(
"WebInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(webport_param)),
))
# Add the api server instance
ApiInstance = template.add_resource(ec2.Instance(
"ApiInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(apiport_param)),
))
# Add the application ELB
ApplicationElasticLB = template.add_resource(elb.LoadBalancer(
"ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=[Ref(subnetA), Ref(subnetB)]
))
TargetGroupWeb = template.add_resource(elb.TargetGroup(
"TargetGroupWeb",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(
HttpCode="200"),
Name="WebTarget",
Port=Ref(webport_param),
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(WebInstance),
Port=Ref(webport_param))],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)
))
TargetGroupApi = template.add_resource(elb.TargetGroup(
"TargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(
HttpCode="200"),
Name="ApiTarget",
Port=Ref(apiport_param),
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(ApiInstance),
Port=Ref(apiport_param))],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)
))
Listener = template.add_resource(elb.Listener(
"Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(TargetGroupWeb)
)]
))
template.add_resource(elb.ListenerRule(
"ListenerRuleApi",
ListenerArn=Ref(Listener),
Conditions=[elb.Condition(
Field="path-pattern",
Values=["/api/*"])],
Actions=[elb.Action(
Type="forward",
TargetGroupArn=Ref(TargetGroupApi)
)],
Priority="1"
))
template.add_output(Output(
"URL",
Description="URL of the sample website",
Value=Join("", ["http://", GetAtt(ApplicationElasticLB, "DNSName")])
))
print(template.to_json())
def main():
template = Template()
template.add_version("2010-09-09")
template.add_description(
"AWS CloudFormation Sample Template: ELB with 2 EC2 instances")
AddAMI(template)
# Add the Parameters
keyname_param = template.add_parameter(
Parameter(
"KeyName",
Type='AWS::EC2::KeyPair::KeyName',
Default="ansible-key",
Description="Name of an existing EC2 KeyPair to "
"enable SSH access to the instance",
))
template.add_parameter(
Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="t2.micro",
AllowedValues=["t1.micro", "t2.micro"],
ConstraintDescription="must be a valid EC2 instance type.",
))
webport_param = template.add_parameter(
Parameter(
"WebServerPort",
Type="String",
Default="8888",
Description="TCP/IP port of the web server",
))
web2_param = template.add_parameter(
Parameter(
"ApiServerPort",
Type="String",
Default="8889",
Description="TCP/IP port of the api server",
))
subnetA = template.add_parameter(
Parameter("subnetA",
Type="List<AWS::EC2::Subnet::Id>",
Description="Choose Subnets"))
VpcId = template.add_parameter(
Parameter("VpcId", Type="AWS::EC2::VPC::Id", Description="Choose VPC"))
# Define the instance security group
instance_sg = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(webport_param),
ToPort=Ref(webport_param),
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(web2_param),
ToPort=Ref(web2_param),
CidrIp="0.0.0.0/0",
),
]))
# Add the web server instance
WebInstance = template.add_resource(
ec2.Instance(
"WebInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(
Join('', [
'#!/bin/bash\n',
'sudo yum -y update\n',
'sudo yum install -y httpd php\n',
'sudo sed -i "42s/Listen 80/Listen 8888/" /etc/httpd/conf/httpd.conf\n',
'sudo service httpd restart \n',
'Ref(webport_param)',
]))))
# Add the api server instance
ApiInstance = template.add_resource(
ec2.Instance(
"ApiInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(
Join('', [
'#!/bin/bash\n',
'sudo yum -y update\n',
'sudo yum install -y httpd php\n',
'sudo sed -i "42s/Listen 80/Listen 8889/" /etc/httpd/conf/httpd.conf\n',
'sudo service httpd restart \n',
'Ref(web2_param)',
]))))
# Add the application ELB
ApplicationElasticLB = template.add_resource(
elb.LoadBalancer("ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=Ref("subnetA")))
TargetGroupWeb = template.add_resource(
elb.TargetGroup("TargetGroupWeb",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="WebTarget",
Port=Ref(webport_param),
Protocol="HTTP",
Targets=[
elb.TargetDescription(Id=Ref(WebInstance),
Port=Ref(webport_param))
],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)))
TargetGroupApi = template.add_resource(
elb.TargetGroup("TargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="ApiTarget",
Port=Ref(web2_param),
Protocol="HTTP",
Targets=[
elb.TargetDescription(Id=Ref(ApiInstance),
Port=Ref(web2_param))
],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)))
Listener = template.add_resource(
elb.Listener("Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupWeb))
]))
template.add_resource(
elb.ListenerRule("ListenerRuleApi",
ListenerArn=Ref(Listener),
Conditions=[
elb.Condition(Field="path-pattern",
Values=["/api/*"])
],
Actions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupApi))
],
Priority="1"))
template.add_output(
Output("URL",
Description="URL of the sample website",
Value=Join("",
["http://",
GetAtt(ApplicationElasticLB, "DNSName")])))
print(template.to_json())
def __init__(self, title, lambda_arn, **kwargs):
super().__init__(title, **kwargs)
self.Targets = [elbv2.TargetDescription(Id=lambda_arn, )]
self.TargetType = 'lambda'
)
target_group_web = t.add_resource(
elb.TargetGroup(
"TestTargetGroupWeb",
HealthCheckIntervalSeconds="60",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="30",
HealthyThresholdCount="4",
UnhealthyThresholdCount="3",
Matcher=elb.Matcher(HttpCode="200"),
Name="WebTarget",
Port="8080",
Protocol="HTTP",
Targets=[elb.TargetDescription(
Id=Ref(web_instance),
Port="8080"
)],
VpcId=Ref(vpc)
)
)
target_group_api = t.add_resource(
elb.TargetGroup(
"TestTargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
UnhealthyThresholdCount="3",
Matcher=elb.Matcher(HttpCode="200"),
Name="ApiTarget",
"RUST_BACKTRACE": "1",
"RUST_LOG": "debug"
}),
Handler="not_used",
Role=GetAtt(LambdaExecutionRole, "Arn"),
Runtime="provided",
))
ec2_client = boto3.client('ec2')
subnets = ec2_client.describe_subnets()["Subnets"]
targetGroup = t.add_resource(
elb.TargetGroup(
"TargetGroup",
TargetType="lambda",
Targets=[elb.TargetDescription(Id=GetAtt(app_function, 'Arn'))],
DependsOn="InvokePermission"))
t.add_resource(
Permission(
"InvokePermission",
Action="lambda:InvokeFunction",
FunctionName=GetAtt(app_function, 'Arn'),
Principal="elasticloadbalancing.amazonaws.com",
#SourceArn=Ref(targetGroup) # This would create a creation loop
#SourceAccount=Ref('AWS::AccountId')
))
# Add the application ELB
ApplicationElasticLB = t.add_resource(
elb.LoadBalancer("ApplicationElasticLB",
If(
'EnableAccessLogsCondition',
elbv2.LoadBalancerAttributes(Key='access_logs.s3.prefix',
Value=Ref(param_log_perfix)),
Ref(AWS_NO_VALUE)),
]))
targetgroup = t.add_resource(
elbv2.TargetGroup('TargetGroup',
DependsOn='LoadBalancer',
VpcId=Ref(param_vpcid),
Protocol='HTTP',
Port='80',
Targets=[
elbv2.TargetDescription(
Id=Ref(param_instance_id),
Port='80',
)
],
HealthCheckIntervalSeconds='15',
HealthCheckPath='/',
HealthCheckPort='80',
HealthCheckProtocol='HTTP',
HealthCheckTimeoutSeconds='5',
HealthyThresholdCount='3',
UnhealthyThresholdCount='5',
Matcher=elbv2.Matcher(HttpCode='200'),
TargetGroupAttributes=[
elbv2.TargetGroupAttribute(
Key='deregistration_delay.timeout_seconds',
Value='20')
]))
}
})
}))
instance.Tags = [{"Key": "Name", "Value": "StorReduce-QS-Base-Host"}]
instance.CreationPolicy = CreationPolicy(ResourceSignal=ResourceSignal(
Timeout='PT15M'))
return instance
base_instance = generate_new_instance(counter)
t.add_resource(base_instance)
instances.append(base_instance)
srr_targets_80.append(elb.TargetDescription(Id=Ref(base_instance), Port=80))
srr_targets_443.append(elb.TargetDescription(Id=Ref(base_instance), Port=443))
srr_targets_8080.append(elb.TargetDescription(Id=Ref(base_instance),
Port=8080))
counter += 1
num_mandatory_instances = MIN_INSTANCES - 1
# Create monitor VM
# -> sudo storreduce-monitor --initial_cluster_discovery_token="eyJDbHVzdGVySWQiOiJCREFBQzM1NC1GQ0MzLTQzNTgtQjY2MC02RjYwRUQwNDc4OEYiLCJFdGNkQ2xpZW50VXJsIjoiaHR0cDovLzEwLjAuMTQuMTc0OjIzNzkiLCJFdGNkQ2xpZW50UGFzc3dvcmQiOiIiLCJFdGNkQ2xpZW50VXNlcm5hbWUiOiIiLCJFeHRlcm5hbEV0Y2RTZXJ2ZXIiOmZhbHNlfQ=="
monitor_instance = t.add_resource(
ec2.Instance(
"MonitorInstance",
# Fix connect-srr.sh and init-srr.sh
DependsOn=[base_instance.title, StorReduceHostProfile.title],