def add_rds_database(self, name, engine, username, password, storage, instance_type, rds_subnet_group, rds_security_group, multiaz_status, parameter_group_name, encrypt): print "WARNING: Adding RDS for %s" % name rds_database = DBInstance( 'rds' + name, Engine=engine, MasterUsername=username, MasterUserPassword=password, AllocatedStorage=storage, StorageType='gp2', DBInstanceClass=instance_type, DBName='rds' + name, DeletionPolicy="Snapshot", DBSubnetGroupName=Ref(rds_subnet_group), BackupRetentionPeriod=7, DBParameterGroupName=Ref(parameter_group_name), VPCSecurityGroups=[Ref(rds_security_group)], MultiAZ=multiaz_status) if encrypt: rds_database.properties['KmsKeyId'] = encrypt rds_database.properties['StorageEncrypted'] = True return self.add_resource(rds_database)
def create_rds(self): t = self.template variables = self.get_variables() db = DBInstance(DBINSTANCE, StorageType=self.get_storage_type(), **self.get_common_attrs()) # Hack till https://github.com/cloudtools/troposphere/pull/652/ # is accepted if variables["IOPS"]: db.Iops = variables["IOPS"] t.add_resource(db)
def create_rds(self): t = self.template variables = self.get_variables() db = DBInstance( DBINSTANCE, StorageType=self.get_storage_type(), **self.get_common_attrs()) # Hack till https://github.com/cloudtools/troposphere/pull/652/ # is accepted if variables["IOPS"]: db.Iops = variables["IOPS"] t.add_resource(db)
def add_kippo_rds(self): self.template.add_resource( DBSubnetGroup( 'RdsSubnetGroup', DBSubnetGroupDescription= 'Subnet group for the kippo RDS instance', SubnetIds=Ref('RdsSubnetIdList'), )) self.template.add_resource( DBInstance( 'RdsInstance', AllocatedStorage=Ref('RdsStorage'), DBInstanceClass=Ref('RdsInstanceType'), DBInstanceIdentifier='kippo-database', DBSubnetGroupName=Ref('RdsSubnetGroup'), Engine='MySQL', EngineVersion='5.6.22', MasterUsername='******', MasterUserPassword=Ref('RdsRootPassword'), MultiAZ=True, Port=3306, VPCSecurityGroups=[Ref('RdsSecurityGroup')], )) self.template.add_output( Output( 'RdsEndpoint', Description='RDS endpoint address', Value=GetAtt('RdsInstance', 'Endpoint.Address'), ))
def create_prediction_service_db(self, subnet_group): t = self.template t.add_resource( DBInstance("Euro2016DB", DBName=Ref("DBName"), AllocatedStorage=Ref("DBSize"), DBInstanceClass=Ref("DBInstanceClass"), Engine="MySQL", EngineVersion="5.7", MasterUsername=Ref("DBUser"), MasterUserPassword=Ref("DBPassword"), DBSubnetGroupName=Ref(subnet_group), VPCSecurityGroups=Ref("DBSecurityGroups"), MultiAZ=True, StorageType="gp2", Tags=[Tag("Name", "euro2016-prediction-db")])) t.add_output( Output("DBAddress", Description="Database address", Value=GetAtt("Euro2016DB", "Endpoint.Address"))) t.add_output( Output("DBPort", Description="Database port", Value=GetAtt("Euro2016DB", "Endpoint.Port")))
def add_rds(self): t = self.template dbSubnetIds = [ self.sceptreUserData['subnets']['privateDataAZ1Id'], self.sceptreUserData['subnets']['privateDataAZ2Id'], self.sceptreUserData['subnets']['privateDataAZ3Id'] ] self.rdsSubnetGroup = t.add_resource( DBSubnetGroup( 'DbSubnetGroup', DBSubnetGroupDescription='Subnet group for RDS.', SubnetIds=dbSubnetIds, Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'DbSubnetGroup']))])) self.rds = t.add_resource( DBInstance('RdsInstance', AllocatedStorage=Ref(self.dbStorageParam), DBInstanceClass='db.t2.micro', DBName=Ref(self.dbNameParam), DBSubnetGroupName=Ref(self.rdsSubnetGroup), VPCSecurityGroups=[Ref(self.rdsSg)], Engine='MySQL', EngineVersion='5.5.46', MasterUsername=Ref(self.dbUserParam), MasterUserPassword=Ref(self.dbPasswordParam), MultiAZ=Ref(self.dbMultiAzParam))) return 0
def create_rds_instance(stack, db_instance_identifier, db_name, db_instance_class, db_username, db_password, db_subnet_group, db_security_groups, vpc_security_groups, db_param_group, allocated_storage="20", engine="MySQL", engine_version="5.7.17", storage_encrypted="True", deletion_policy="Retain", multi_az=False): """Add RDS Instance Resource.""" return stack.stack.add_resource( DBInstance('RDSInstance', DBInstanceIdentifier=db_instance_identifier, DBName=db_name, DBInstanceClass=db_instance_class, AllocatedStorage=allocated_storage, Engine=engine, EngineVersion=engine_version, MasterUsername=db_username, MasterUserPassword=db_password, DBSubnetGroupName=db_subnet_group, DBSecurityGroups=list(db_security_groups), VPCSecurityGroups=list(db_security_groups), DBParameterGroupName=db_param_group, StorageEncrypted=storage_encrypted, DeletionPolicy=deletion_policy, MultiAZ=multi_az))
def create_rds(self): t = self.template t.add_resource( DBInstance(DBINSTANCE, StorageType=self.get_storage_type(), Iops=self.get_piops(), **self.get_common_attrs()))
def create_rds_db(db_name, db_user, db_password): db = DBInstance('Database', DBInstanceClass='db.t2.micro', Engine='MySQL', AllocatedStorage="5", DBName=Ref(db_name), MasterUsername=Ref(db_user), MasterUserPassword=Ref(db_password)) return db
def create_rds(self): t = self.template t.add_resource( DBInstance(DBINSTANCE, StorageType=If("HasStorageType", Ref("StorageType"), Ref("AWS::NoValue")), Iops=If("HasProvisionedIOPS", Ref("IOPS"), Ref("AWS::NoValue")), **self.get_common_attrs()))
def add_instances_from_parameters(db_template, db): """ Function to go over each Instance defined in parameters :param troposphere.Template db_template: The template to add the resources to. :param ecs_composex.rds.rds_stack.Rds db: The Db object defined in compose. :raises: TypeError """ aurora_compatible = [ "Engine", "UseDefaultProcessorFeatures", "Tags", "SourceRegion", "SourceDBInstanceIdentifier", "PubliclyAccessible", "PromotionTier", "ProcessorFeatures", "PreferredMaintenanceWindow", "EnablePerformanceInsights", "AllowMajorVersionUpgrade", "AssociatedRoles", "CACertificateIdentifier", "DBInstanceClass", "DBParameterGroupName", ] if not isinstance(db.parameters["Instances"], list): raise TypeError("The Instances in MacroParameters must be a list of dict") for count, db_instance in enumerate(db.parameters["Instances"]): if not isinstance(db_instance, dict): raise TypeError( "The instance defined must be the CFN properties for RDS Instance. Got", type(db_instance), ) instance_props = import_record_properties(db_instance, DBInstance) instance_props["Engine"] = Ref(DB_ENGINE_NAME) to_del = [ prop_name for prop_name in instance_props.keys() if prop_name not in aurora_compatible ] for key in to_del: del instance_props[key] db_instance = DBInstance( f"{db.logical_name}Instance{count}", DBClusterIdentifier=Ref(db.cfn_resource), **instance_props, ) db_template.add_resource(db_instance)
def add_instance(template): """ Function to add DB Instance(s) :param troposphere.Template template: The template to add the DB Instance to. """ DBInstance( DATABASE_T, template=template, Engine=Ref(DB_ENGINE_NAME), EngineVersion=Ref(DB_ENGINE_VERSION), StorageType=If(rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), Ref(DB_STORAGE_TYPE)), DBSubnetGroupName=If( rds_conditions.NOT_USE_CLUSTER_CON_T, If( rds_conditions.DBS_SUBNET_GROUP_CON_T, Ref(CLUSTER_SUBNET_GROUP), Ref(DBS_SUBNET_GROUP), ), Ref(AWS_NO_VALUE), ), AllocatedStorage=If( rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), Ref(DB_STORAGE_CAPACITY), ), DBInstanceClass=Ref(DB_INSTANCE_CLASS), MasterUsername=If( rds_conditions.USE_CLUSTER_OR_SNAPSHOT_CON_T, Ref(AWS_NO_VALUE), Sub(f"{{{{resolve:secretsmanager:${{{DB_SECRET_T}}}:SecretString:username}}}}" ), ), DBClusterIdentifier=If(rds_conditions.USE_CLUSTER_CON_T, Ref(CLUSTER_T), Ref(AWS_NO_VALUE)), MasterUserPassword=If( rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), Sub(f"{{{{resolve:secretsmanager:${{{DB_SECRET_T}}}:SecretString:password}}}}" ), ), VPCSecurityGroups=If(rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), [Ref(DB_SG_T)]), )
def create_rds(self): t = self.template db_name = RDS_INSTANCE_NAME % self.name t.add_resource( DBInstance(db_name, AllocatedStorage=Ref('AllocatedStorage'), AllowMajorVersionUpgrade=False, AutoMinorVersionUpgrade=True, BackupRetentionPeriod=30, DBName=Ref('DBName'), DBInstanceClass=Ref('InstanceType'), DBSubnetGroupName=Ref(RDS_SUBNET_GROUP % self.name), Engine='postgres', EngineVersion='9.3.5', MasterUsername=Ref('MasterUser'), MasterUserPassword=Ref('MasterUserPassword'), MultiAZ=True, PreferredBackupWindow=Ref('PreferredBackupWindow'), VPCSecurityGroups=[ Ref(RDS_SG_NAME % self.name), ])) endpoint = GetAtt(db_name, 'Endpoint.Address') # Setup CNAME to db t.add_resource( RecordSetType( '%sDnsRecord' % db_name, # Appends a '.' to the end of the domain HostedZoneId=Ref("InternalZoneId"), Comment='RDS DB CNAME Record', Name=Join(".", [Ref("InternalHostname"), Ref("InternalZoneName")]), Type='CNAME', TTL='120', ResourceRecords=[endpoint], Condition="CreateInternalHostname")) t.add_output(Output('DBAddress', Value=endpoint)) t.add_output( Output('DBCname', Condition="CreateInternalHostname", Value=Ref("%sDnsRecord" % db_name)))
def create_rds_instance(stack, db_instance_identifier, db_name, db_instance_class, db_username, db_password, db_subnet_group, db_security_groups, vpc_security_groups, db_param_group, allocated_storage='20', engine='MySQL', engine_version='5.7.17', storage_encrypted='True', deletion_policy='Retain', multi_az=False, public=False): """Add RDS Instance Resource.""" return stack.stack.add_resource( DBInstance('{0}RDSInstance'.format( db_instance_identifier.replace('-', '')), DBInstanceIdentifier=db_instance_identifier, DBName=db_name, DBInstanceClass=db_instance_class, AllocatedStorage=allocated_storage, Engine=engine, EngineVersion=engine_version, MasterUsername=db_username, MasterUserPassword=db_password, DBSubnetGroupName=db_subnet_group, DBSecurityGroups=list(db_security_groups), VPCSecurityGroups=list(vpc_security_groups), DBParameterGroupName=db_param_group, StorageEncrypted=storage_encrypted, DeletionPolicy=deletion_policy, PubliclyAccessible=public, MultiAZ=multi_az))
def gen_rds_db(service_name): db_subnet_group = DBSubnetGroup( "DBSubnetGroup", DBSubnetGroupDescription="Subnets available for the RDS DB Instance", SubnetIds=[ Select( 0, Split( ",", ImportValue( Sub("${NetworkName}-network-vpc-PrivateSubnets")))), Select( 1, Split( ",", ImportValue( Sub("${NetworkName}-network-vpc-PrivateSubnets")))) ], ) db = DBInstance("DB", DBName=Ref(parameters['DBName']), AllocatedStorage=Ref(parameters['DBStorage']), DBInstanceClass=Ref(parameters['DBClass']), DBInstanceIdentifier=service_name, VPCSecurityGroups=[Ref('DBSecurityGroup')], Engine=Ref(parameters['DBEngine']), EngineVersion=Ref(parameters['DBEngineVersion']), StorageType=Ref(parameters['DBStorageType']), Iops=Ref(parameters['Iops']), MasterUsername=Ref(parameters['Username']), MasterUserPassword=Ref(parameters['Password']), MultiAZ=Ref(parameters['MultiAZ']), PubliclyAccessible=Ref(parameters['PubliclyAccessible']), DBSubnetGroupName=Ref("DBSubnetGroup"), Tags=gen_tags(service_name)) return [db, db_subnet_group]
def add_resources(self): self.OracleRestDBSecurityGroup = self.template.add_resource( ec2.SecurityGroup( "OracleRestDBSecurityGroup", GroupDescription="Allow access to db", VpcId=Ref(self.VpcId), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort=1521, ToPort=1521, SourceSecurityGroupId=Ref( self.ApiServerEC2SecurityGroup), ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort=1521, ToPort=1521, SourceSecurityGroupId=Ref( self.LoyaltyNavigatorEC2SecurityGroup), ) ], Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-OracleRDSSG"), )) self.OracleRestDBSubnetGroup = self.template.add_resource( DBSubnetGroup( "OracleRestDBSubnetGroup", DBSubnetGroupDescription="RDS DB Subnet Group", SubnetIds=[ Ref(self.RESTPrivSubnet1), Ref(self.RESTPrivSubnet2) ], Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-OracleRDSSubnetGroup"), )) self.OracleRestDBInstance = self.template.add_resource( DBInstance( "OracleRestDBInstance", DBName=Ref(self.OracleRestDBName), DBInstanceIdentifier=Ref(self.OracleRestDBName), Engine="oracle-se2", MasterUsername=Ref(self.OracleRestDBUsername), DBInstanceClass=Ref(self.OracleRestDBClass), EngineVersion="12.1.0.2.v8", LicenseModel="license-included", BackupRetentionPeriod="0", DBSubnetGroupName=Ref(self.OracleRestDBSubnetGroup), VPCSecurityGroups=[Ref(self.OracleRestDBSecurityGroup)], AllocatedStorage=Ref(self.OracleRestDBAllocatedStorage), StorageType=Ref(self.OracleRestDBStorageType), Iops=Ref(self.OracleRestDBIOPS), MasterUserPassword=Ref(self.OracleRestDBPassword), DBParameterGroupName=Ref(self.OracleDBParameterGroup), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-OracleRDS"), ))
"LoadBalancerPort": "80", "Protocol": "HTTP" }], AvailabilityZones=GetAZs(""), )) # @alias component @app:@db to MySQLDatabase MySQLDatabase = t.add_resource( DBInstance( "MySQLDatabase", Engine="MySQL", MultiAZ=Ref(MultiAZDatabase), DBSecurityGroups=If("Is-EC2-Classic", [Ref(DBSecurityGroup)], Ref("AWS::NoValue")), MasterUsername=Ref(DBUser), MasterUserPassword=Ref(DBPassword), VPCSecurityGroups=If("Is-EC2-VPC", [GetAtt(DBEC2SecurityGroup, "GroupId")], Ref("AWS::NoValue")), AllocatedStorage=Ref(DBAllocatedStorage), DBInstanceClass=Ref(DBInstanceClass), DBName=Ref(DBName), )) WebsiteURL = t.add_output( Output( "WebsiteURL", Description="URL for newly created LAMP stack", Value=Join( "", ["http://", GetAtt(ElasticLoadBalancer, "DNSName")]), ))
t.add_version("2010-09-09") t.add_description( "AWS CloudFormation Sample Template RDS_Snapshot_On_Delete: Sample " "template showing how to create an RDS DBInstance that is snapshotted on " "stack deletion. **WARNING** This template creates an Amazon RDS database " "instance. When the stack is deleted a database snpshot will be left in " "your account. You will be billed for the AWS resources used if you " "create a stack from this template.") MyDB = t.add_resource( DBInstance( "MyDB", Engine="MySQL", MasterUsername="******", MasterUserPassword="******", AllocatedStorage="5", DBInstanceClass="db.m1.small", DBName="MyDatabase", )) JDBCConnectionString = t.add_output( Output( "JDBCConnectionString", Description="JDBC connection string for the database", Value=Join("", [ "jdbc:mysql://", GetAtt(MyDB, "Endpoint.Address"), ":", GetAtt(MyDB, "Endpoint.Port"), "/MyDatabase" ]), ))
def create(): from troposphere.ec2 import PortRange, NetworkAcl, Route, \ VPCGatewayAttachment, SubnetRouteTableAssociation, Subnet, RouteTable, \ VPC, NetworkInterfaceProperty mydb = mysql.connector.connect(host="localhost", user="******", passwd="AmazingTheory62", database="cloud_formation") mycursor = mydb.cursor() mycursor.execute("SELECT * FROM customize_table") myresult = (mycursor.fetchone()) sname = myresult[0] instance1 = myresult[1] instancetype1 = myresult[2] instance2 = myresult[3] instancetype2 = myresult[4] dbname = myresult[5] dbuser = myresult[6] dbpassword = myresult[7] dbstorage = myresult[8] dbinstance = myresult[9] vpcname = myresult[10] subnetname = myresult[11] t = Template() t.add_version('2010-09-09') t.set_description("""\ AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: Sample \ template showing how to create a VPC and add an EC2 instance with an Elastic \ IP address and a security group. \ **WARNING** This template creates an Amazon EC2 instance. You will be billed \ for the AWS resources used if you create a stack from this template.""") keyname_param = t.add_parameter( Parameter( 'KeyName', ConstraintDescription= 'must be the name of an existing EC2 KeyPair.', Description= 'Name of an existing EC2 KeyPair to enable SSH access to \ the instance', Type='AWS::EC2::KeyPair::KeyName', Default='jayaincentiuskey', )) sshlocation_param = t.add_parameter( Parameter( 'SSHLocation', Description= ' The IP address range that can be used to SSH to the EC2 \ instances', Type='String', MinLength='9', MaxLength='18', Default='0.0.0.0/0', AllowedPattern= r"(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})", ConstraintDescription=( "must be a valid IP CIDR range of the form x.x.x.x/x."), )) instanceType_param = t.add_parameter( Parameter( 'InstanceType', Type='String', Description='WebServer EC2 instance type', Default=instancetype1, AllowedValues=[ 't1.micro', 't2.micro', 't2.small', 't2.medium', 'm1.small', 'm1.medium', 'm1.large', 'm1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm3.medium', 'm3.large', 'm3.xlarge', 'm3.2xlarge', 'c1.medium', 'c1.xlarge', 'c3.large', 'c3.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'g2.2xlarge', 'r3.large', 'r3.xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'i2.xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'hi1.4xlarge', 'hs1.8xlarge', 'cr1.8xlarge', 'cc2.8xlarge', 'cg1.4xlarge', ], ConstraintDescription='must be a valid EC2 instance type.', )) instanceType_param1 = t.add_parameter( Parameter( 'SecindInstanceType', Type='String', Description='WebServer EC2 instance type', Default=instancetype2, AllowedValues=[ 't1.micro', 't2.micro', 't2.small', 't2.medium', 'm1.small', 'm1.medium', 'm1.large', 'm1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm3.medium', 'm3.large', 'm3.xlarge', 'm3.2xlarge', 'c1.medium', 'c1.xlarge', 'c3.large', 'c3.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'g2.2xlarge', 'r3.large', 'r3.xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'i2.xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'hi1.4xlarge', 'hs1.8xlarge', 'cr1.8xlarge', 'cc2.8xlarge', 'cg1.4xlarge', ], ConstraintDescription='must be a valid EC2 instance type.', )) t.add_mapping( 'AWSInstanceType2Arch', { 't1.micro': { 'Arch': 'PV64' }, 't2.micro': { 'Arch': 'HVM64' }, 't2.small': { 'Arch': 'HVM64' }, 't2.medium': { 'Arch': 'HVM64' }, 'm1.small': { 'Arch': 'PV64' }, 'm1.medium': { 'Arch': 'PV64' }, 'm1.large': { 'Arch': 'PV64' }, 'm1.xlarge': { 'Arch': 'PV64' }, 'm2.xlarge': { 'Arch': 'PV64' }, 'm2.2xlarge': { 'Arch': 'PV64' }, 'm2.4xlarge': { 'Arch': 'PV64' }, 'm3.medium': { 'Arch': 'HVM64' }, 'm3.large': { 'Arch': 'HVM64' }, 'm3.xlarge': { 'Arch': 'HVM64' }, 'm3.2xlarge': { 'Arch': 'HVM64' }, 'c1.medium': { 'Arch': 'PV64' }, 'c1.xlarge': { 'Arch': 'PV64' }, 'c3.large': { 'Arch': 'HVM64' }, 'c3.xlarge': { 'Arch': 'HVM64' }, 'c3.2xlarge': { 'Arch': 'HVM64' }, 'c3.4xlarge': { 'Arch': 'HVM64' }, 'c3.8xlarge': { 'Arch': 'HVM64' }, 'g2.2xlarge': { 'Arch': 'HVMG2' }, 'r3.large': { 'Arch': 'HVM64' }, 'r3.xlarge': { 'Arch': 'HVM64' }, 'r3.2xlarge': { 'Arch': 'HVM64' }, 'r3.4xlarge': { 'Arch': 'HVM64' }, 'r3.8xlarge': { 'Arch': 'HVM64' }, 'i2.xlarge': { 'Arch': 'HVM64' }, 'i2.2xlarge': { 'Arch': 'HVM64' }, 'i2.4xlarge': { 'Arch': 'HVM64' }, 'i2.8xlarge': { 'Arch': 'HVM64' }, 'hi1.4xlarge': { 'Arch': 'HVM64' }, 'hs1.8xlarge': { 'Arch': 'HVM64' }, 'cr1.8xlarge': { 'Arch': 'HVM64' }, 'cc2.8xlarge': { 'Arch': 'HVM64' }, }) t.add_mapping( 'AWSRegionArch2AMI', { 'us-east-1': { 'PV64': 'ami-50842d38', 'HVM64': 'ami-08842d60', 'HVMG2': 'ami-3a329952' }, 'us-west-2': { 'PV64': 'ami-af86c69f', 'HVM64': 'ami-8786c6b7', 'HVMG2': 'ami-47296a77' }, 'us-west-1': { 'PV64': 'ami-c7a8a182', 'HVM64': 'ami-cfa8a18a', 'HVMG2': 'ami-331b1376' }, 'eu-west-1': { 'PV64': 'ami-aa8f28dd', 'HVM64': 'ami-748e2903', 'HVMG2': 'ami-00913777' }, 'ap-southeast-1': { 'PV64': 'ami-20e1c572', 'HVM64': 'ami-d6e1c584', 'HVMG2': 'ami-fabe9aa8' }, 'ap-northeast-1': { 'PV64': 'ami-21072820', 'HVM64': 'ami-35072834', 'HVMG2': 'ami-5dd1ff5c' }, 'ap-southeast-2': { 'PV64': 'ami-8b4724b1', 'HVM64': 'ami-fd4724c7', 'HVMG2': 'ami-e98ae9d3' }, 'sa-east-1': { 'PV64': 'ami-9d6cc680', 'HVM64': 'ami-956cc688', 'HVMG2': 'NOT_SUPPORTED' }, 'cn-north-1': { 'PV64': 'ami-a857c591', 'HVM64': 'ami-ac57c595', 'HVMG2': 'NOT_SUPPORTED' }, 'eu-central-1': { 'PV64': 'ami-a03503bd', 'HVM64': 'ami-b43503a9', 'HVMG2': 'ami-b03503ad' }, }) ref_stack_id = Ref('AWS::StackId') ref_region = Ref('AWS::Region') ref_stack_name = Ref('AWS::StackName') VPC = t.add_resource( VPC('VPC', CidrBlock='10.0.0.0/16', Tags=Tags(Name=vpcname, Application=ref_stack_id))) subnet = t.add_resource( Subnet('publicSubnet', CidrBlock='10.0.1.0/24', AvailabilityZone='us-west-2b', VpcId=Ref(VPC), Tags=Tags(Name=subnetname, Application=ref_stack_id))) subnet1 = t.add_resource( Subnet('publicSubnet1', CidrBlock='10.0.3.0/24', AvailabilityZone='us-west-2a', VpcId=Ref(VPC), Tags=Tags(Name=subnetname, Application=ref_stack_id))) publicsubnet = t.add_resource( Subnet('PrivateSubnet', CidrBlock='10.0.0.0/24', AvailabilityZone='us-west-2a', VpcId=Ref(VPC), Tags=Tags(Name=subnetname, Application=ref_stack_id))) publicsubnet1 = t.add_resource( Subnet('PrivateSubnet1', CidrBlock='10.0.2.0/24', AvailabilityZone='us-west-2b', VpcId=Ref(VPC), Tags=Tags(Name=subnetname, Application=ref_stack_id))) internetGateway = t.add_resource( InternetGateway('InternetGateway', Tags=Tags(Application=ref_stack_id))) gatewayAttachment = t.add_resource( VPCGatewayAttachment('AttachGateway', VpcId=Ref(VPC), InternetGatewayId=Ref(internetGateway))) routeTable = t.add_resource( RouteTable('RouteTable', VpcId=Ref(VPC), Tags=Tags(Application=ref_stack_id))) route = t.add_resource( Route( 'Route', DependsOn='AttachGateway', GatewayId=Ref('InternetGateway'), DestinationCidrBlock='0.0.0.0/0', RouteTableId=Ref(routeTable), )) routeTable1 = t.add_resource( RouteTable('PrivateRouteTable', VpcId=Ref(VPC), Tags=Tags(Application=ref_stack_id))) # route1 = t.add_resource( # Route( # 'PublicRoute', # DependsOn='AttachGateway', # GatewayId=Ref('InternetGateway'), # DestinationCidrBlock='0.0.0.0/0', # RouteTableId=Ref(routeTable1), # )) subnetRouteTableAssociation = t.add_resource( SubnetRouteTableAssociation( 'SubnetRouteTableAssociation', SubnetId=Ref(subnet), RouteTableId=Ref(routeTable), )) subnetRouteTableAssociation1 = t.add_resource( SubnetRouteTableAssociation( 'SubnetRouteTableAssociation1', SubnetId=Ref(subnet1), RouteTableId=Ref(routeTable), )) subnetRouteTableAssociation2 = t.add_resource( SubnetRouteTableAssociation( 'SubnetRouteTable1Association2', SubnetId=Ref(publicsubnet), RouteTableId=Ref(routeTable1), )) subnetRouteTableAssociation3 = t.add_resource( SubnetRouteTableAssociation( 'SubnetRouteTable1Association3', SubnetId=Ref(publicsubnet1), RouteTableId=Ref(routeTable1), )) # # subnetRouteTableAssociation4= t.add_resource( # SubnetRouteTableAssociation( # 'SubnetRouteTable1Association4', # SubnetId=Ref(subnet1), # RouteTableId=Ref(routeTable1), # )) instanceSecurityGroup = t.add_resource( SecurityGroup( 'InstanceSecurityGroup', GroupDescription='Enable SSH access via port 22', SecurityGroupIngress=[ SecurityGroupRule(IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp=Ref(sshlocation_param)), SecurityGroupRule(IpProtocol='tcp', FromPort='80', ToPort='80', CidrIp='0.0.0.0/0') ], VpcId=Ref(VPC), )) instance = t.add_resource( Instance( 'WebServerInstance', #Metadata=instance_metadata, ImageId=FindInMap( 'AWSRegionArch2AMI', Ref('AWS::Region'), FindInMap('AWSInstanceType2Arch', Ref(instanceType_param), 'Arch')), InstanceType=Ref(instanceType_param), KeyName=Ref(keyname_param), NetworkInterfaces=[ NetworkInterfaceProperty(GroupSet=[Ref(instanceSecurityGroup)], AssociatePublicIpAddress='true', DeviceIndex='0', DeleteOnTermination='true', SubnetId=Ref(subnet)) ], Tags=Tags(Name=instance1, Application=ref_stack_id), )) instance1 = t.add_resource( Instance( 'WebServerInstance1', #Metadata=instance_metadata, ImageId=FindInMap( 'AWSRegionArch2AMI', Ref('AWS::Region'), FindInMap('AWSInstanceType2Arch', Ref(instanceType_param1), 'Arch')), InstanceType=Ref(instanceType_param1), KeyName=Ref(keyname_param), NetworkInterfaces=[ NetworkInterfaceProperty(GroupSet=[Ref(instanceSecurityGroup)], AssociatePublicIpAddress='true', DeviceIndex='0', DeleteOnTermination='true', SubnetId=Ref(subnet1)) ], Tags=Tags(Name=instance2, Application=ref_stack_id), )) # rdssubnet = t.add_parameter(Parameter( # "Subnets", # Type="CommaDelimitedList", # Default=Ref(publicsubnet1), # Description=( # "The list of SubnetIds, for at least two Availability Zones in the " # "region in your Virtual Private Cloud (VPC)") # )) mydbsubnetgroup = t.add_resource( DBSubnetGroup( "MyDBSubnetGroup", DBSubnetGroupDescription= "Subnets available for the RDS DB Instance", # Type="CommaDelimitedList", SubnetIds=[Ref(publicsubnet), Ref(publicsubnet1)], )) mydb = t.add_resource( DBInstance( "MyDB", DBName=dbname, AllocatedStorage=dbstorage, DBInstanceClass=dbinstance, Engine="MySQL", EngineVersion="5.5", MasterUsername=dbuser, MasterUserPassword=dbpassword, DBSubnetGroupName=Ref(mydbsubnetgroup), )) t.add_output( Output("JDBCConnectionString", Description="JDBC connection string for database", Value=Join("", [ "jdbc:mysql://", GetAtt("MyDB", "Endpoint.Address"), GetAtt("MyDB", "Endpoint.Port"), "/", "customizedb" ]))) # print(t.to_json()) file = open('customizejson.json', 'w') file.write(t.to_json()) file.close() os.system('aws cloudformation create-stack --stack-name ' + sname + ' --template-body file://customizejson.json') # create()
def create(): mydb1 = mysql.connector.connect( host="localhost", user="******", passwd="AmazingTheory62", database="cloud_formation" ) mycursor = mydb1.cursor() mycursor.execute("SELECT * FROM rds_table") myresult = (mycursor.fetchone()) sname = myresult[0] name = myresult[1] username = myresult[2] password = myresult[3] storage = myresult[4] instance = myresult[5] vname = myresult[6] t = Template() t.set_description( "AWS CloudFormation Sample Template VPC_RDS_DB_Instance: Sample template " "showing how to create an RDS DBInstance in an existing Virtual Private " "Cloud (VPC). **WARNING** This template creates an Amazon Relational " "Database Service database instance. You will be billed for the AWS " "resources used if you create a stack from this template.") vpcid = t.add_parameter(Parameter( "VpcId", Type="String", Default=vname, Description="VpcId of your existing Virtual Private Cloud (VPC)" )) subnet = t.add_parameter(Parameter( "Subnets", Type="CommaDelimitedList", Default="subnet-022285e80f9d67db7, subnet-0cccbdd282866c95e", Description=( "The list of SubnetIds, for at least two Availability Zones in the " "region in your Virtual Private Cloud (VPC)") )) dbname = t.add_parameter(Parameter( "DBName", Default=name, Description="The database name", Type="String", MinLength="1", MaxLength="64", AllowedPattern="[a-zA-Z][a-zA-Z0-9]*", ConstraintDescription=("must begin with a letter and contain only" " alphanumeric characters.") )) dbuser = t.add_parameter(Parameter( "DBUser", NoEcho=True, Default=username, Description="The database admin account username", Type="String", MinLength="1", MaxLength="16", AllowedPattern="[a-zA-Z][a-zA-Z0-9]*", ConstraintDescription=("must begin with a letter and contain only" " alphanumeric characters.") )) dbpassword = t.add_parameter(Parameter( "DBPassword", NoEcho=True, Default=password, Description="The database admin account password", Type="String", MinLength="1", MaxLength="41", AllowedPattern="[a-zA-Z0-9]*", ConstraintDescription="must contain only alphanumeric characters." )) dbclass = t.add_parameter(Parameter( "DBClass", Default=instance, Description="Database instance class", Type="String", AllowedValues=[ "db.m5.large", "db.m1.small", "db.m5.xlarge", "db.m5.2xlarge", "db.m5.4xlarge", "db.m5.12xlarge", "db.m5.24xlarge", "db.m4.large", "db.m4.xlarge", "db.m4.2xlarge", "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.x1e.xlarge", "db.x1e.2xlarge", "db.x1e.4xlarge", "db.x1e.8xlarge", "db.x1e.16xlarge", "db.x1e.32xlarge", "db.x1.16xlarge", "db.x1.32xlarge", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.t2.micro", "db.t2.small", "db.t2.medium", "db.t2.large", "db.t2.xlarge", "db.t2.2xlarge" ], ConstraintDescription="must select a valid database instance type.", )) dballocatedstorage = t.add_parameter(Parameter( "DBAllocatedStorage", Default=storage, Description="The size of the database (Gb)", Type="Number", MinValue="5", MaxValue="1024", ConstraintDescription="must be between 5 and 1024Gb.", )) mydbsubnetgroup = t.add_resource(DBSubnetGroup( "MyDBSubnetGroup", DBSubnetGroupDescription="Subnets available for the RDS DB Instance", SubnetIds=Ref(subnet), )) myvpcsecuritygroup = t.add_resource(SecurityGroup( "myVPCSecurityGroup", GroupDescription="Security group for RDS DB Instance.", VpcId=Ref(vpcid) )) mydb = t.add_resource(DBInstance( "MyDB", DBName=Ref(dbname), AllocatedStorage=Ref(dballocatedstorage), DBInstanceClass=Ref(dbclass), Engine="MySQL", EngineVersion="5.5", MasterUsername=Ref(dbuser), MasterUserPassword=Ref(dbpassword), DBSubnetGroupName=Ref(mydbsubnetgroup), VPCSecurityGroups=[Ref(myvpcsecuritygroup)], )) t.add_output(Output( "JDBCConnectionString", Description="JDBC connection string for database", Value=Join("", [ "jdbc:mysql://", GetAtt("MyDB", "Endpoint.Address"), GetAtt("MyDB", "Endpoint.Port"), "/", Ref(dbname) ]) )) print(t.to_json()) file = open('rdsjson.json', 'w') file.write(t.to_json()) file.close() os.system('aws cloudformation create-stack --stack-name ' + sname + ' --template-body file://rdsjson.json')
def create_rds_template(): template = Template() vpc = template.add_parameter( parameter=Parameter(title='Vpc', Type='String')) subnet_a = template.add_parameter( parameter=Parameter(title='SubnetA', Type='String')) subnet_b = template.add_parameter( parameter=Parameter(title='SubnetB', Type='String')) master_user_name = template.add_parameter( parameter=Parameter(title='DBMasterUserName', Type='String')) master_user_password = template.add_parameter( parameter=Parameter(title='DBMasterUserPassword', Type='String')) storage_size = template.add_parameter( parameter=Parameter(title='StorageSize', Default='20', Type='String')) instance_class = template.add_parameter(parameter=Parameter( title='InstanceClass', Default='db.t2.micro', Type='String')) engine_version = template.add_parameter(parameter=Parameter( title='EngineVersion', Default='5.7.26', Type='String')) security_group = template.add_resource( resource=SecurityGroup(title='SampleSecurityGroup', GroupDescription='sample-rds', SecurityGroupIngress=[{ 'IpProtocol': 'tcp', 'FromPort': 3306, 'ToPort': 3306, 'CidrIp': '0.0.0.0/0', }], VpcId=Ref(vpc))) db_subnet_group = template.add_resource(resource=DBSubnetGroup( title='SampleDBSubnetGroup', DBSubnetGroupDescription='sample-rds', DBSubnetGroupName='sample-rds', SubnetIds=[Ref(subnet_a), Ref(subnet_b)])) template.add_resource(resource=DBInstance( title='SampleDBInstance', DBSubnetGroupName=Ref(db_subnet_group), # VPCSecurityGroups=[Ref(security_group)], VPCSecurityGroups=[GetAtt(security_group, 'GroupId')], AllocatedStorage=Ref(storage_size), DBInstanceClass=Ref(instance_class), DBInstanceIdentifier='sample-rds', DBName='sample_rds', Engine='mysql', EngineVersion=Ref(engine_version), MasterUsername=Ref(master_user_name), MasterUserPassword=Ref(master_user_password), PubliclyAccessible=True)) with open('./rds.yml', mode='w') as file: file.write(template.to_yaml())
MinLength="1", MaxLength="41", AllowedPattern="[a-zA-Z0-9]*", ConstraintDescription="must contain only alphanumeric characters." )) myrdsparamgroup = t.add_resource(DBParameterGroup( "MyRDSParamGroup", Family="MySQL5.5", Description="CloudFormation Sample Database Parameter Group", Parameters={ "autocommit": "1", "general_log": "1", "old_passwords": "0" } )) mydb = t.add_resource(DBInstance( "MyDB", AllocatedStorage="5", DBInstanceClass="db.m1.small", Engine="MySQL", EngineVersion="5.5", MasterUsername=Ref(dbuser), MasterUserPassword=Ref(dbpassword), DBParameterGroupName=Ref(myrdsparamgroup), )) print(t.to_json())
) ) Instance = t.add_resource( DBInstance( "Instance", AllocatedStorage="20", DBInstanceClass="db.t2.micro", Engine="mysql", DBInstanceIdentifier="TestInstance", MasterUsername=Join( "", [ "{{resolve:secretsmanager:", {"Ref": "DbSecret"}, ":SecretString:username}}", ], ), MasterUserPassword=Join( "", [ "{{resolve:secretsmanager:", {"Ref": "DbSecret"}, ":SecretString:password}}", ], ), ) ) t.add_resource( SecretTargetAttachment(
def add_default_instance_definition(db, for_cluster=False): """ Function to add DB Instance(s) :param ecs_composex.rds.rds_stack.Rds db: :param bool for_cluster: Whether this instance is added with default values for a DB Cluster """ props = { "Engine": Ref(DB_ENGINE_NAME), "EngineVersion": If( rds_conditions.USE_CLUSTER_CON_T, NoValue, Ref(DB_ENGINE_VERSION), ), "StorageType": If( rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), Ref(DB_STORAGE_TYPE), ), "DBSubnetGroupName": If( rds_conditions.NOT_USE_CLUSTER_CON_T, Ref(db.db_subnet_group), Ref(AWS_NO_VALUE), ), "AllocatedStorage": If( rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), Ref(DB_STORAGE_CAPACITY), ), "DBInstanceClass": Ref(DB_INSTANCE_CLASS), "MasterUsername": If( rds_conditions.USE_CLUSTER_OR_SNAPSHOT_CON_T, Ref(AWS_NO_VALUE), Sub( f"{{{{resolve:secretsmanager:${{{db.db_secret.title}}}:SecretString:username}}}}" ), ), "DBClusterIdentifier": If( rds_conditions.USE_CLUSTER_CON_T, Ref(db.cfn_resource), Ref(AWS_NO_VALUE), ), "MasterUserPassword": If( rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), Sub( f"{{{{resolve:secretsmanager:${{{db.db_secret.title}}}:SecretString:password}}}}" ), ), "VPCSecurityGroups": If( rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE), [GetAtt(db.db_sg, "GroupId")], ), "Tags": Tags(SecretName=Ref(db.db_secret), Name=db.logical_name), "StorageEncrypted": True, } if db.parameters and keyisset("MultiAZ", db.parameters): props["MultiAZ"] = True if for_cluster and keyisset("StorageEncrypted", props): del props["StorageEncrypted"] instance = DBInstance(f"Instance{db.logical_name}", **props) return instance
DBSubnetGroup('DatabaseSubnetGroup', DBSubnetGroupDescription='RDS subnet group', SubnetIds=[ ImportValue(Sub("${NetworkStackName}-PrivateSubnet1")), ImportValue(Sub("${NetworkStackName}-PrivateSubnet2")) ])) mydb = t.add_resource( DBInstance("MyDB", MultiAZ=False, AllocatedStorage="5", DBInstanceClass="db.t2.micro", StorageType="gp2", Engine="postgres", MasterUsername=Ref(dbuser), MasterUserPassword=Ref(dbpassword), PubliclyAccessible=False, DBInstanceIdentifier=Ref(dbidentifier), AvailabilityZone=Select("0", GetAZs("")), DBSubnetGroupName=Ref(subnet_group), VPCSecurityGroups=[ ImportValue(Sub("${NetworkStackName}-DbSecurityGroupID")) ], Tags=Tags(Name=Sub('${AWS::StackName}-db')))) # ################## """ OUTPUTS """ # ################## # validation cfclient = boto3.client( 'cloudformation', aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
def rds(self, template): """ Create an RDS resource configuration from the config file data and add it to the troposphere.Template. Outputs for the RDS name, host and port are created. Args: template: The troposphere.Template object """ # REQUIRED FIELDS MAPPING required_fields = { "db-name": "DBName", "storage": "AllocatedStorage", "storage-type": "StorageType", "backup-retention-period": "BackupRetentionPeriod", "db-master-username": "******", "db-master-password": "******", "db-engine": "Engine", "db-engine-version": "EngineVersion", "instance-class": "DBInstanceClass", "multi-az": "MultiAZ", } optional_fields = {"storage-encrypted": "StorageEncrypted", "identifier": "DBInstanceIdentifier"} # LOAD STACK TEMPLATE resources = [] rds_subnet_group = DBSubnetGroup( "RDSSubnetGroup", SubnetIds=[Ref("SubnetA"), Ref("SubnetB"), Ref("SubnetC")], DBSubnetGroupDescription="VPC Subnets", ) resources.append(rds_subnet_group) database_sg = SecurityGroup( "DatabaseSG", SecurityGroupIngress=[ { "ToPort": 5432, "FromPort": 5432, "IpProtocol": "tcp", "CidrIp": FindInMap("SubnetConfig", "VPC", "CIDR"), }, { "ToPort": 3306, "FromPort": 3306, "IpProtocol": "tcp", "CidrIp": FindInMap("SubnetConfig", "VPC", "CIDR"), }, ], VpcId=Ref("VPC"), GroupDescription="SG for EC2 Access to RDS", ) resources.append(database_sg) rds_instance = DBInstance( "RDSInstance", PubliclyAccessible=False, AllowMajorVersionUpgrade=False, AutoMinorVersionUpgrade=False, VPCSecurityGroups=[GetAtt(database_sg, "GroupId")], DBSubnetGroupName=Ref(rds_subnet_group), StorageEncrypted=False, DependsOn=database_sg.title, ) resources.append(rds_instance) # We *cant* specify db-name for SQL Server based RDS instances. :( if "db-engine" in self.data["rds"] and self.data["rds"]["db-engine"].startswith("sqlserver"): required_fields.pop("db-name") # TEST FOR REQUIRED FIELDS AND EXIT IF MISSING ANY for yaml_key, rds_prop in required_fields.iteritems(): if yaml_key not in self.data["rds"]: print "\n\n[ERROR] Missing RDS fields [%s]" % yaml_key sys.exit(1) else: rds_instance.__setattr__(rds_prop, self.data["rds"][yaml_key]) for yaml_key, rds_prop in optional_fields.iteritems(): if yaml_key in self.data["rds"]: rds_instance.__setattr__(rds_prop, self.data["rds"][yaml_key]) # Add resources and outputs map(template.add_resource, resources) template.add_output( Output("dbhost", Description="RDS Hostname", Value=GetAtt(rds_instance, "Endpoint.Address")) ) template.add_output(Output("dbport", Description="RDS Port", Value=GetAtt(rds_instance, "Endpoint.Port")))
"ZappaLamdbaBucket", BucketName=Join("-", [Ref(EnvironmentName), Ref(VPC)]), )) RDSDBInstance = template.add_resource( DBInstance( "RDSDBInstance", Engine=Ref(RDSEngine), MultiAZ=Ref(RDSMultiAZDatabase), PubliclyAccessible=True, Tags=Tags(Name=Sub("${EnvironmentName} RDS Instance"), ), MasterUsername=Ref(RDSDBUser), MasterUserPassword=Ref(RDSTemporaryDBPassword), VPCSecurityGroups=[ GetAtt("RDSExternalSecurityGroup", "GroupId"), GetAtt(RDSInternalSecurityGroup, "GroupId") ], AllocatedStorage=Ref(RDSDBAllocatedStorage), EngineVersion=Ref(RDSEngineVersion), DBInstanceClass=Ref(RDSDBClass), DBSubnetGroupName=Ref("RDSDBSubnetGroup"), DBName=Ref(RDSDBName), DependsOn="RDSDBSubnetGroup", )) RDSExternalSecurityGroup = template.add_resource( SecurityGroup( "RDSExternalSecurityGroup", SecurityGroupIngress=[ {
def buildStack(bootstrap, env): t = Template() t.add_description("""\ Configures autoscaling group for hello world app""") vpcCidr = t.add_parameter( Parameter( "VPCCidr", Type="String", Description="VPC cidr (x.x.x.x/xx)", )) publicSubnet1 = t.add_parameter( Parameter( "PublicSubnet1", Type="String", Description="A public VPC subnet ID for the api app load balancer.", )) publicSubnet2 = t.add_parameter( Parameter( "PublicSubnet2", Type="String", Description="A public VPC subnet ID for the api load balancer.", )) dbName = t.add_parameter( Parameter( "DBName", Default="HelloWorldApp", Description="The database name", Type="String", MinLength="1", MaxLength="64", AllowedPattern="[a-zA-Z][a-zA-Z0-9]*", ConstraintDescription=("must begin with a letter and contain only" " alphanumeric characters."))) dbUser = t.add_parameter( Parameter( "DBUser", NoEcho=True, Description="The database admin account username", Type="String", MinLength="1", MaxLength="16", AllowedPattern="[a-zA-Z][a-zA-Z0-9]*", ConstraintDescription=("must begin with a letter and contain only" " alphanumeric characters."))) dbPassword = t.add_parameter( Parameter( "DBPassword", NoEcho=True, Description="The database admin account password", Type="String", MinLength="8", MaxLength="41", AllowedPattern="[a-zA-Z0-9]*", ConstraintDescription="must contain only alphanumeric characters.") ) dbType = t.add_parameter( Parameter( "DBType", Default="db.t2.medium", Description="Database instance class", Type="String", AllowedValues=[ "db.m5.large", "db.m5.xlarge", "db.m5.2xlarge", "db.m5.4xlarge", "db.m5.12xlarge", "db.m5.24xlarge", "db.m4.large", "db.m4.xlarge", "db.m4.2xlarge", "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge", "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge", "db.x1e.xlarge", "db.x1e.2xlarge", "db.x1e.4xlarge", "db.x1e.8xlarge", "db.x1e.16xlarge", "db.x1e.32xlarge", "db.x1.16xlarge", "db.x1.32xlarge", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.t2.micro", "db.t2.small", "db.t2.medium", "db.t2.large", "db.t2.xlarge", "db.t2.2xlarge" ], ConstraintDescription="must select a valid database instance type.", )) dbAllocatedStorage = t.add_parameter( Parameter( "DBAllocatedStorage", Default="5", Description="The size of the database (Gb)", Type="Number", MinValue="5", MaxValue="1024", ConstraintDescription="must be between 5 and 1024Gb.", )) whitelistedCIDR = t.add_parameter( Parameter( "WhitelistedCIDR", Description="CIDR whitelisted to be open on public instances", Type="String", )) #### NETWORK SECTION #### vpc = t.add_resource( VPC("VPC", CidrBlock=Ref(vpcCidr), EnableDnsHostnames=True)) subnet1 = t.add_resource( Subnet("Subnet1", CidrBlock=Ref(publicSubnet1), AvailabilityZone="eu-west-1a", VpcId=Ref(vpc))) subnet2 = t.add_resource( Subnet("Subnet2", CidrBlock=Ref(publicSubnet2), AvailabilityZone="eu-west-1b", VpcId=Ref(vpc))) internetGateway = t.add_resource(InternetGateway('InternetGateway')) gatewayAttachment = t.add_resource( VPCGatewayAttachment('AttachGateway', VpcId=Ref(vpc), InternetGatewayId=Ref(internetGateway))) routeTable = t.add_resource(RouteTable('RouteTable', VpcId=Ref(vpc))) route = t.add_resource( Route( 'Route', DependsOn='AttachGateway', GatewayId=Ref('InternetGateway'), DestinationCidrBlock='0.0.0.0/0', RouteTableId=Ref(routeTable), )) subnetRouteTableAssociation = t.add_resource( SubnetRouteTableAssociation( 'SubnetRouteTableAssociation', SubnetId=Ref(subnet1), RouteTableId=Ref(routeTable), )) subnetRouteTableAssociation2 = t.add_resource( SubnetRouteTableAssociation( 'SubnetRouteTableAssociation2', SubnetId=Ref(subnet2), RouteTableId=Ref(routeTable), )) #### SECURITY GROUP #### loadBalancerSg = t.add_resource( ec2.SecurityGroup( "LoadBalancerSecurityGroup", VpcId=Ref(vpc), GroupDescription="Enable SSH access via port 22", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0", ), ], )) instanceSg = t.add_resource( ec2.SecurityGroup( "InstanceSecurityGroup", VpcId=Ref(vpc), GroupDescription="Enable SSH access via port 22", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp=Ref(whitelistedCIDR), ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="8000", ToPort="8000", SourceSecurityGroupId=Ref(loadBalancerSg), ), ], )) rdsSg = t.add_resource( SecurityGroup("RDSSecurityGroup", GroupDescription="Security group for RDS DB Instance.", VpcId=Ref(vpc), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="5432", ToPort="5432", SourceSecurityGroupId=Ref(instanceSg), ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="5432", ToPort="5432", CidrIp=Ref(whitelistedCIDR), ), ])) #### DATABASE SECTION #### subnetGroup = t.add_resource( DBSubnetGroup( "SubnetGroup", DBSubnetGroupDescription= "Subnets available for the RDS DB Instance", SubnetIds=[Ref(subnet1), Ref(subnet2)], )) db = t.add_resource( DBInstance( "RDSHelloWorldApp", DBName=Join("", [Ref(dbName), env]), DBInstanceIdentifier=Join("", [Ref(dbName), env]), EnableIAMDatabaseAuthentication=True, PubliclyAccessible=True, AllocatedStorage=Ref(dbAllocatedStorage), DBInstanceClass=Ref(dbType), Engine="postgres", EngineVersion="10.4", MasterUsername=Ref(dbUser), MasterUserPassword=Ref(dbPassword), DBSubnetGroupName=Ref(subnetGroup), VPCSecurityGroups=[Ref(rdsSg)], )) t.add_output( Output("RDSConnectionString", Description="Connection string for database", Value=GetAtt("RDSHelloWorldApp", "Endpoint.Address"))) if (bootstrap): return t #### INSTANCE SECTION #### keyName = t.add_parameter( Parameter( "KeyName", Type="String", Description="Name of an existing EC2 KeyPair to enable SSH access", MinLength="1", AllowedPattern="[\x20-\x7E]*", MaxLength="255", ConstraintDescription="can contain only ASCII characters.", )) scaleCapacityMin = t.add_parameter( Parameter( "ScaleCapacityMin", Default="1", Type="String", Description="Number of api servers to run", )) scaleCapacityMax = t.add_parameter( Parameter( "ScaleCapacityMax", Default="1", Type="String", Description="Number of api servers to run", )) scaleCapacityDesired = t.add_parameter( Parameter( "ScaleCapacityDesired", Default="1", Type="String", Description="Number of api servers to run", )) amiId = t.add_parameter( Parameter( "AmiId", Type="String", Default="ami-09693313102a30b2c", Description="The AMI id for the api instances", )) instanceType = t.add_parameter( Parameter("InstanceType", Description="WebServer EC2 instance type", Type="String", Default="t2.medium", AllowedValues=[ "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge" ], ConstraintDescription="must be a valid EC2 instance type.")) assumeRole = t.add_resource( Role("AssumeRole", AssumeRolePolicyDocument=json.loads("""\ { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "ec2.amazonaws.com" }, "Effect": "Allow", "Sid": "" } ] }\ """))) instanceProfile = t.add_resource( InstanceProfile("InstanceProfile", Roles=[Ref(assumeRole)])) rolePolicyType = t.add_resource( PolicyType("RolePolicyType", Roles=[Ref(assumeRole)], PolicyName=Join("", ["CloudWatchHelloWorld", "-", env]), PolicyDocument=json.loads("""\ { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:*" ] } ] }\ """))) appPassword = t.add_parameter( Parameter( "AppPassword", NoEcho=True, Description="The Password for the app user", Type="String", MinLength="8", MaxLength="41", AllowedPattern="[a-zA-Z0-9]*", ConstraintDescription="must contain only alphanumeric characters.") ) launchConfig = t.add_resource( LaunchConfiguration( "LaunchConfiguration", Metadata=autoscaling.Metadata( cloudformation.Init({ "config": cloudformation.InitConfig(files=cloudformation.InitFiles({ "/home/app/environment": cloudformation.InitFile(content=Join( "", [ "SPRING_DATASOURCE_URL=", "jdbc:postgresql://", GetAtt("RDSHelloWorldApp", "Endpoint.Address"), ":5432/HelloWorldApp" + env + "?currentSchema=hello_world", "\n", "SPRING_DATASOURCE_USERNAME=app", "\n", "SPRING_DATASOURCE_PASSWORD="******"\n", "SPRING_PROFILES_ACTIVE=", env, "\n" ]), mode="000600", owner="app", group="app") }), ) }), ), UserData=Base64( Join('', [ "#!/bin/bash\n", "/opt/aws/bin/cfn-init", " --resource LaunchConfiguration", " --stack ", Ref("AWS::StackName"), " --region ", Ref("AWS::Region"), "\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref": "AWS::StackName" }, " --resource AutoscalingGroup ", " --region ", { "Ref": "AWS::Region" }, "\n" ])), ImageId=Ref(amiId), KeyName=Ref(keyName), IamInstanceProfile=Ref(instanceProfile), BlockDeviceMappings=[ ec2.BlockDeviceMapping(DeviceName="/dev/xvda", Ebs=ec2.EBSBlockDevice(VolumeSize="8")), ], SecurityGroups=[Ref(instanceSg)], InstanceType=Ref(instanceType), AssociatePublicIpAddress='True', )) applicationElasticLB = t.add_resource( elb.LoadBalancer("ApplicationElasticLB", Name="ApplicationElasticLB-" + env, Scheme="internet-facing", Type="application", SecurityGroups=[Ref(loadBalancerSg)], Subnets=[Ref(subnet1), Ref(subnet2)])) targetGroup = t.add_resource( elb.TargetGroup("TargetGroupHelloWorld", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="15", HealthyThresholdCount="5", Matcher=elb.Matcher(HttpCode="200,404"), Port="8000", Protocol="HTTP", UnhealthyThresholdCount="3", TargetGroupAttributes=[ elb.TargetGroupAttribute( Key="deregistration_delay.timeout_seconds", Value="120", ) ], VpcId=Ref(vpc))) listener = t.add_resource( elb.Listener("Listener", Port="80", Protocol="HTTP", LoadBalancerArn=Ref(applicationElasticLB), DefaultActions=[ elb.Action(Type="forward", TargetGroupArn=Ref(targetGroup)) ])) t.add_output( Output("URL", Description="URL of the sample website", Value=Join("", ["http://", GetAtt(applicationElasticLB, "DNSName")]))) autoScalingGroup = t.add_resource( AutoScalingGroup( "AutoscalingGroup", DesiredCapacity=Ref(scaleCapacityDesired), LaunchConfigurationName=Ref(launchConfig), MinSize=Ref(scaleCapacityMin), MaxSize=Ref(scaleCapacityMax), VPCZoneIdentifier=[Ref(subnet1), Ref(subnet2)], TargetGroupARNs=[Ref(targetGroup)], HealthCheckType="ELB", HealthCheckGracePeriod=360, UpdatePolicy=UpdatePolicy( AutoScalingReplacingUpdate=AutoScalingReplacingUpdate( WillReplace=True, ), AutoScalingRollingUpdate=AutoScalingRollingUpdate( PauseTime='PT5M', MinInstancesInService="1", MaxBatchSize='1', WaitOnResourceSignals=True)), CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal( Timeout="PT15M", Count=Ref(scaleCapacityDesired))))) # print(t.to_json()) return t
def main(): '''Function: Generates the Cloudformation template''' template = Template() template.add_description("Dev Stack") keyname_param = template.add_parameter( Parameter( 'KeyName', Description='An existing EC2 KeyPair.', ConstraintDescription='An existing EC2 KeyPair.', Type='AWS::EC2::KeyPair::KeyName', )) db_pass_param = template.add_parameter( Parameter( 'DBPass', NoEcho=True, Type='String', Description='The database admin account password', ConstraintDescription='Must contain only alphanumeric characters', AllowedPattern="[-_a-zA-Z0-9]*", )) db_name_param = template.add_parameter( Parameter( 'DBName', Default='miramax', Type='String', Description='The database name', ConstraintDescription= 'Must begin with a letter and contain only alphanumeric characters', AllowedPattern="[-_a-zA-Z0-9]*", )) db_user_param = template.add_parameter( Parameter( 'DBUser', Default='miramax', Type='String', Description='Username for MySQL database access', ConstraintDescription= 'Must begin with a letter and contain only alphanumeric characters', AllowedPattern="[-_a-zA-Z0-9]*", )) template.add_mapping( 'RegionMap', { 'ap-south-1': { 'ami': 'ami-ee8ea481' }, 'eu-west-3': { 'ami': 'ami-daf040a7' }, 'eu-west-2': { 'ami': 'ami-ddb950ba' }, 'eu-west-1': { 'ami': 'ami-d2414e38' }, 'ap-northeast-2': { 'ami': 'ami-65d86d0b' }, 'ap-northeast-1': { 'ami': 'ami-e875a197' }, 'sa-east-1': { 'ami': 'ami-ccd48ea0' }, 'ca-central-1': { 'ami': 'ami-c3e567a7' }, 'ap-southeast-1': { 'ami': 'ami-31e7e44d' }, 'ap-southeast-2': { 'ami': 'ami-23c51c41' }, 'eu-central-1': { 'ami': 'ami-3c635cd7' }, 'us-east-1': { 'ami': 'ami-5cc39523' }, 'us-east-2': { 'ami': 'ami-67142d02' }, 'us-west-1': { 'ami': 'ami-d7b355b4' }, 'us-west-2': { 'ami': 'ami-39c28c41' } }) ec2_security_group = template.add_resource( ec2.SecurityGroup( 'EC2SecurityGroup', Tags=[ { 'Key': 'Name', 'Value': Ref('AWS::StackName') }, ], GroupDescription='EC2 Security Group', SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp='0.0.0.0/0', Description='SSH'), ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='80', ToPort='80', CidrIp='0.0.0.0/0', Description='HTTP'), ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='443', ToPort='443', CidrIp='0.0.0.0/0', Description='HTTPS'), ], )) db_security_group = template.add_resource( ec2.SecurityGroup('DBSecurityGroup', Tags=[ { 'Key': 'Name', 'Value': Ref('AWS::StackName') }, ], GroupDescription='DB Security Group', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='3306', ToPort='3306', SourceSecurityGroupId=GetAtt( ec2_security_group, "GroupId"), Description='MySQL'), ])) ec2_instance = template.add_resource( ec2.Instance( 'Instance', Metadata=Metadata( Init({ "config": InitConfig(files=InitFiles({ "/tmp/instance.txt": InitFile(content=Ref('AWS::StackName'), mode="000644", owner="root", group="root") }), ) }), ), CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal( Timeout='PT15M')), Tags=[ { 'Key': 'Name', 'Value': Ref('AWS::StackName') }, ], ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'ami'), InstanceType='t2.micro', KeyName=Ref(keyname_param), SecurityGroups=[Ref(ec2_security_group), Ref(db_security_group)], DependsOn='Database', UserData=Base64( Join('', [ '#!/bin/bash -x\n', 'exec > /tmp/user-data.log 2>&1\n', 'unset UCF_FORCE_CONFFOLD\n', 'export UCF_FORCE_CONFFNEW=YES\n', 'ucf --purge /boot/grub/menu.lst\n', 'export DEBIAN_FRONTEND=noninteractive\n', 'apt-get update\n', 'apt-get -o Dpkg::Options::="--force-confnew" --force-yes -fuy upgrade\n', 'apt-get install -y python-pip apache2 libapache2-mod-wsgi\n', 'pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n', '# Signal Cloudformation when set up is complete\n', '/usr/local/bin/cfn-signal -e $? --resource=Instance --region=', Ref('AWS::Region'), ' --stack=', Ref('AWS::StackName'), '\n', ])))) ip_association = template.add_resource( ec2.EIPAssociation('IPAssociation', InstanceId=Ref(ec2_instance), AllocationId='eipalloc-aa755d96')) db_instance = template.add_resource( DBInstance( 'Database', DBName=Ref(db_name_param), AllocatedStorage=20, DBInstanceClass='db.t2.micro', Engine='MySQL', EngineVersion='5.7.21', MasterUsername=Ref(db_user_param), MasterUserPassword=Ref(db_pass_param), VPCSecurityGroups=[GetAtt(db_security_group, "GroupId")], )) template.add_output([ Output( 'InstanceDnsName', Description='PublicDnsName', Value=GetAtt(ec2_instance, 'PublicDnsName'), ), Output( 'DatabaseDnsName', Description='DBEndpoint', Value=GetAtt(db_instance, 'Endpoint.Address'), ), ]) print(template.to_yaml())
def create_wordpress_environment(self): template = Template() template.add_version('2010-09-09') # Wordpress preparation: format vpc name and split private and public subnets in two lists vpc_name_formatted = ''.join( e for e in self.private_vpc_name if e.isalnum()).capitalize() filter_private_subnets = filter(lambda x : x["type"] == "private", self.private_vpc_subnets) filter_public_subnets = filter(lambda x : x["type"] == "public", self.private_vpc_subnets) private_subnets = [] for subnet in filter_private_subnets: subnet_name_formatted = ''.join(e for e in subnet["name"] if e.isalnum()).capitalize() private_subnets.append(ImportValue("{}{}{}SubnetId".format(self.stage, vpc_name_formatted, subnet_name_formatted))) public_subnets = [] for subnet in filter_public_subnets: subnet_name_formatted = ''.join(e for e in subnet["name"] if e.isalnum()).capitalize() public_subnets.append(ImportValue("{}{}{}SubnetId".format(self.stage, vpc_name_formatted, subnet_name_formatted))) # Instances Security Groups web_dmz_security_group = template.add_resource( SecurityGroup( "{}WebDMZSecurityGroup".format(self.stage), GroupName="{}webdmz-sg".format(self.stage), VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)), GroupDescription="Enables external http access to EC2 instance(s) that host the webpages", SecurityGroupIngress=[ SecurityGroupRule( IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0", ), SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", SourceSecurityGroupId=ImportValue("{}BastionHostSecurityGroupID".format(self.stage)) ) ] ) ) rds_private_security_group = template.add_resource( SecurityGroup( "{}RdsPrivateSecurityGroup".format(self.stage), GroupName="{}rds-private-sg".format(self.stage), VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)), GroupDescription="Allow access to the mysql port from the webservers", SecurityGroupIngress=[ SecurityGroupRule( IpProtocol="tcp", FromPort=self.database_port, ToPort=self.database_port, SourceSecurityGroupId=Ref(web_dmz_security_group) ) ] ) ) # S3 Buckets for wordpress content bucket_wordpress_code = template.add_resource( Bucket( "{}BucketWordpressCode".format(self.stage), BucketName="{}-wordpress-code".format(self.stage), AccessControl=Private ) ) bucket_wordpress_media_assets = template.add_resource( Bucket( "{}BucketWordpressMediaAssets".format(self.stage), BucketName="{}-wordpress-media-assets".format(self.stage), AccessControl=Private ) ) # Database Instance to store wordpress data rds_subnet_group = template.add_resource( DBSubnetGroup( "{}PrivateRDSSubnetGroup".format(self.stage), DBSubnetGroupName="{}private-rds-subnet-group".format(self.stage), DBSubnetGroupDescription="Subnets available for the RDS DB Instance", SubnetIds=private_subnets ) ) template.add_resource( DBInstance( "{}RdsInstance".format(self.stage), DBInstanceIdentifier="{}RdsInstance".format(self.stage), DBName=self.database_name, AllocatedStorage="20", DBInstanceClass=self.database_instance_class, Engine=self.database_engine, EngineVersion=self.database_engine_version, MasterUsername=self.database_username, MasterUserPassword=self.database_password, Port=self.database_port, BackupRetentionPeriod=0, MultiAZ=self.database_multiaz, DBSubnetGroupName=Ref(rds_subnet_group), VPCSecurityGroups=[Ref(rds_private_security_group)], Tags=Tags( Name=self.database_name_tag ) ) ) # Cloudfront Distribution to load images cloudfront_origin_access_identity = template.add_resource( CloudFrontOriginAccessIdentity( "{}CloudfrontOriginAccessIdentity".format(self.stage), CloudFrontOriginAccessIdentityConfig=CloudFrontOriginAccessIdentityConfig( "{}CloudFrontOriginAccessIdentityConfig".format(self.stage), Comment="WordPress Origin Access Identity" ) ) ) template.add_resource(BucketPolicy( "{}BucketWordpressMediaAssetsPolicy".format(self.stage), Bucket=Ref(bucket_wordpress_media_assets), PolicyDocument={ "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "1", "Effect": "Allow", "Principal": { "CanonicalUser": GetAtt(cloudfront_origin_access_identity, 'S3CanonicalUserId') }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::{}-wordpress-media-assets/*".format(self.stage) } ] } )) cloudfront_distribution = template.add_resource( Distribution( "{}CloudfrontDistribution".format(self.stage), DistributionConfig=DistributionConfig( Origins=[ Origin( Id="MediaAssetsOrigin", DomainName=GetAtt(bucket_wordpress_media_assets, 'DomainName'), S3OriginConfig=S3Origin( OriginAccessIdentity=Join("", [ "origin-access-identity/cloudfront/", Ref(cloudfront_origin_access_identity) ]) ) ) ], DefaultCacheBehavior=DefaultCacheBehavior( TargetOriginId="MediaAssetsOrigin", ForwardedValues=ForwardedValues( QueryString=False ), ViewerProtocolPolicy="allow-all" ), Enabled=True, HttpVersion='http2' ) ) ) # Wordpress EC2 Instances ''' EC2 Instances types: Write node = To make changes to your blog. E.g: add new posts Read Nodes = Instances open to the internet for blog reading ''' wordpress_ec2_role = template.add_resource( Role( "{}WordPressEC2InstanceRole".format(self.stage), RoleName="{}WordPressEC2InstanceRole".format(self.stage), Path="/", AssumeRolePolicyDocument={"Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }]}, Policies=[ Policy( PolicyName="S3FullAccess", PolicyDocument={ "Statement": [{ "Effect": "Allow", "Action": "s3:*", "Resource": "*" }], } ) ] ) ) spotfleetrole = template.add_resource( Role( "{}spotfleetrole".format(self.stage), AssumeRolePolicyDocument={ "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "spotfleet.amazonaws.com" }, "Effect": "Allow", "Sid": "" } ], "Version": "2012-10-17" }, ManagedPolicyArns=[ "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole" ] ) ) ec2_instance_profile = template.add_resource( InstanceProfile( "{}WriteWordpressEc2InstanceProfile".format(self.stage), Roles=[Ref(wordpress_ec2_role)] ) ) template.add_resource( SpotFleet( "{}WriteWordpressEc2Instance".format(self.stage), SpotFleetRequestConfigData=SpotFleetRequestConfigData( AllocationStrategy="lowestPrice", IamFleetRole=GetAtt(spotfleetrole,"Arn"), LaunchSpecifications=[LaunchSpecifications( IamInstanceProfile=IamInstanceProfile( Arn=GetAtt(ec2_instance_profile, "Arn") ), ImageId=self.write_instance_image_id, InstanceType=self.write_instance_type, KeyName=self.write_instance_key_name, SecurityGroups=[SecurityGroups(GroupId=Ref(web_dmz_security_group))], SubnetId=next(iter(public_subnets)), UserData=Base64( Join("", [ """ #!/bin/bash yum install httpd php php-mysql -y cd /var/www/html echo \"healthy\" > healthy.html wget https://wordpress.org/latest.tar.gz tar -xzf latest.tar.gz cp -r wordpress/* /var/www/html/ rm -rf wordpress rm -rf latest.tar.gz chmod -R 755 wp-content chown -R apache:apache wp-content echo -e 'Options +FollowSymlinks \nRewriteEngine on \nrewriterule ^wp-content/uploads/(.*)$ http://""", GetAtt(cloudfront_distribution, 'DomainName'), """/$1 [r=301,nc]' > .htaccess chkconfig httpd on cd /var/www sudo chown -R apache /var/www/html cd html/ sudo find . -type d -exec chmod 0755 {} \; sudo find . -type f -exec chmod 0644 {} \; sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf sed -i 's/AllowOverride none/AllowOverride All/g' /etc/httpd/conf/httpd.conf echo -e "*/1 * * * * root aws s3 sync --delete /var/www/html s3://""", Ref(bucket_wordpress_code), """">> /etc/crontab echo -e "*/1 * * * * root aws s3 sync --delete /var/www/html/wp-content/uploads s3://""", Ref(bucket_wordpress_media_assets), """">> /etc/crontab service httpd start """ ]) ) )], TargetCapacity=1, Type="request" ) ) ) template.add_resource( LaunchConfiguration( "{}WordPressReadLaunchConfiguration".format(self.stage), InstanceType=self.read_instance_type, ImageId=self.read_instance_image_id, KeyName=self.read_instance_key_name, LaunchConfigurationName="{}-wordpress-launch-config".format(self.stage), SecurityGroups=[Ref(web_dmz_security_group)], IamInstanceProfile=Ref(ec2_instance_profile), SpotPrice="0.5", UserData=Base64( Join("", [ """ #!/bin/bash yum install httpd php php-mysql -y cd /var/www/html echo \"healthy\" > healthy.html wget https://wordpress.org/latest.tar.gz tar -xzf latest.tar.gz cp -r wordpress/* /var/www/html/ rm -rf wordpress rm -rf latest.tar.gz chmod -R 755 wp-content chown -R apache:apache wp-content echo -e 'Options +FollowSymlinks \nRewriteEngine on \nrewriterule ^wp-content/uploads/(.*)$ http://""", GetAtt(cloudfront_distribution, 'DomainName'), """/$1 [r=301,nc]' > .htaccess chkconfig httpd on cd /var/www sudo chown -R apache /var/www/html cd html/ sudo find . -type d -exec chmod 0755 {} \; sudo find . -type f -exec chmod 0644 {} \; sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf sed -i 's/AllowOverride none/AllowOverride All/g' /etc/httpd/conf/httpd.conf echo -e "*/1 * * * * root aws s3 sync --delete s3://""", Ref(bucket_wordpress_code), """ /var/www/html">> /etc/crontab echo -e "*/1 * * * * root aws s3 sync --delete s3://""", Ref(bucket_wordpress_media_assets), """/var/www/html/wp-content/uploads">> /etc/crontab service httpd start """ ]) ) ) ) alb = template.add_resource( LoadBalancer( "{}ApplicationLoadBalancer".format(self.stage), Name="{}-wordpress-alb".format(self.stage), SecurityGroups=[Ref(web_dmz_security_group)], Subnets=public_subnets, Type="application" ) ) target_group = template.add_resource( TargetGroup( "{}TargetGroup".format(self.stage), Name="{}-wordpress-target-group".format(self.stage), Port=80, Protocol="HTTP", VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)), HealthCheckPort=8080 ) ) template.add_resource( AutoScalingGroup( "{}AutoScalingGroup".format(self.stage), DependsOn="{}WordPressReadLaunchConfiguration".format(self.stage), AutoScalingGroupName="{}-wordpress-auto-scaling".format(self.stage), LaunchConfigurationName="{}-wordpress-launch-config".format(self.stage), TargetGroupARNs=[Ref(target_group)], MaxSize="3", MinSize="1", VPCZoneIdentifier=public_subnets, Tags=[ Tag("Name", "{}-wordpress-read-node".format(self.stage), True) ] ) ) template.add_resource( Listener( "ALBListener", DefaultActions=[ Action( TargetGroupArn=Ref(target_group), Type="forward" ) ], LoadBalancerArn=Ref(alb), Port=80, Protocol="HTTP" ) ) f = open("modules/template_wordpress.yaml", 'w') print(template.to_yaml(), file=f)
DBSubnetGroupDescription="Subnets available for the RDS DB Instance", SubnetIds=Ref(subnet), )) myvpcsecuritygroup = t.add_resource( SecurityGroup("myVPCSecurityGroup", GroupDescription="Security group for RDS DB Instance.", VpcId=Ref(vpcid))) mydb = t.add_resource( DBInstance( "MyDB", DBName=Ref(dbname), AllocatedStorage=Ref(dballocatedstorage), DBInstanceClass=Ref(dbclass), Engine="MySQL", EngineVersion="5.5", MasterUsername=Ref(dbuser), MasterUserPassword=Ref(dbpassword), DBSubnetGroupName=Ref(mydbsubnetgroup), VPCSecurityGroups=[Ref(myvpcsecuritygroup)], )) t.add_output( Output("JDBCConnectionString", Description="JDBC connection string for database", Value=Join("", [ "jdbc:mysql://", GetAtt("MyDB", "Endpoint.Address"), GetAtt("MyDB", "Endpoint.Port"), "/", Ref(dbname) ])))
Description='Security Group to use for Postgres', )) subnet_group = template.add_resource( DBSubnetGroup( 'SubnetGroup', DBSubnetGroupDescription='Subnets group for Postgres Instance', SubnetIds=[Ref(subnet_az_1), Ref(subnet_az_2)])) rds_postgres = template.add_resource( DBInstance('DB', DBInstanceIdentifier='dev-db', DBName='dev', DBInstanceClass='db.t2.micro', AllocatedStorage='10', Engine='postgres', EngineVersion='9.6.3', MasterUsername=Ref(master_user), MasterUserPassword=Ref(master_user_password), DBSubnetGroupName=Ref(subnet_group), VPCSecurityGroups=[Ref(security_group)], PubliclyAccessible=True)) # Outputs template.add_output([ Output('RDSPostgres', Description='RDS Postgres Instance', Value=Ref(rds_postgres)), Output('RDSPostgresEndpointAddress', Description='RDS Postgres Instance', Value=GetAtt(rds_postgres, 'Endpoint.Address')), Output('RDSPostgresEndpointPort',