Esempio n. 1
0
    def add_rds_database(self, name, engine, username, password, storage,
                         instance_type, rds_subnet_group, rds_security_group,
                         multiaz_status, parameter_group_name, encrypt):
        print "WARNING: Adding RDS for %s" % name
        rds_database = DBInstance(
            'rds' + name,
            Engine=engine,
            MasterUsername=username,
            MasterUserPassword=password,
            AllocatedStorage=storage,
            StorageType='gp2',
            DBInstanceClass=instance_type,
            DBName='rds' + name,
            DeletionPolicy="Snapshot",
            DBSubnetGroupName=Ref(rds_subnet_group),
            BackupRetentionPeriod=7,
            DBParameterGroupName=Ref(parameter_group_name),
            VPCSecurityGroups=[Ref(rds_security_group)],
            MultiAZ=multiaz_status)

        if encrypt:
            rds_database.properties['KmsKeyId'] = encrypt
            rds_database.properties['StorageEncrypted'] = True

        return self.add_resource(rds_database)
Esempio n. 2
0
 def create_rds(self):
     t = self.template
     variables = self.get_variables()
     db = DBInstance(DBINSTANCE,
                     StorageType=self.get_storage_type(),
                     **self.get_common_attrs())
     # Hack till https://github.com/cloudtools/troposphere/pull/652/
     # is accepted
     if variables["IOPS"]:
         db.Iops = variables["IOPS"]
     t.add_resource(db)
Esempio n. 3
0
 def create_rds(self):
     t = self.template
     variables = self.get_variables()
     db = DBInstance(
         DBINSTANCE,
         StorageType=self.get_storage_type(),
         **self.get_common_attrs())
     # Hack till https://github.com/cloudtools/troposphere/pull/652/
     # is accepted
     if variables["IOPS"]:
         db.Iops = variables["IOPS"]
     t.add_resource(db)
Esempio n. 4
0
    def add_kippo_rds(self):
        self.template.add_resource(
            DBSubnetGroup(
                'RdsSubnetGroup',
                DBSubnetGroupDescription=
                'Subnet group for the kippo RDS instance',
                SubnetIds=Ref('RdsSubnetIdList'),
            ))

        self.template.add_resource(
            DBInstance(
                'RdsInstance',
                AllocatedStorage=Ref('RdsStorage'),
                DBInstanceClass=Ref('RdsInstanceType'),
                DBInstanceIdentifier='kippo-database',
                DBSubnetGroupName=Ref('RdsSubnetGroup'),
                Engine='MySQL',
                EngineVersion='5.6.22',
                MasterUsername='******',
                MasterUserPassword=Ref('RdsRootPassword'),
                MultiAZ=True,
                Port=3306,
                VPCSecurityGroups=[Ref('RdsSecurityGroup')],
            ))

        self.template.add_output(
            Output(
                'RdsEndpoint',
                Description='RDS endpoint address',
                Value=GetAtt('RdsInstance', 'Endpoint.Address'),
            ))
Esempio n. 5
0
    def create_prediction_service_db(self, subnet_group):
        t = self.template

        t.add_resource(
            DBInstance("Euro2016DB",
                       DBName=Ref("DBName"),
                       AllocatedStorage=Ref("DBSize"),
                       DBInstanceClass=Ref("DBInstanceClass"),
                       Engine="MySQL",
                       EngineVersion="5.7",
                       MasterUsername=Ref("DBUser"),
                       MasterUserPassword=Ref("DBPassword"),
                       DBSubnetGroupName=Ref(subnet_group),
                       VPCSecurityGroups=Ref("DBSecurityGroups"),
                       MultiAZ=True,
                       StorageType="gp2",
                       Tags=[Tag("Name", "euro2016-prediction-db")]))

        t.add_output(
            Output("DBAddress",
                   Description="Database address",
                   Value=GetAtt("Euro2016DB", "Endpoint.Address")))

        t.add_output(
            Output("DBPort",
                   Description="Database port",
                   Value=GetAtt("Euro2016DB", "Endpoint.Port")))
Esempio n. 6
0
    def add_rds(self):
        t = self.template

        dbSubnetIds = [
            self.sceptreUserData['subnets']['privateDataAZ1Id'],
            self.sceptreUserData['subnets']['privateDataAZ2Id'],
            self.sceptreUserData['subnets']['privateDataAZ3Id']
        ]

        self.rdsSubnetGroup = t.add_resource(
            DBSubnetGroup(
                'DbSubnetGroup',
                DBSubnetGroupDescription='Subnet group for RDS.',
                SubnetIds=dbSubnetIds,
                Tags=self.defaultTags +
                [Tag('Name', Join("", [self.namePrefix, 'DbSubnetGroup']))]))

        self.rds = t.add_resource(
            DBInstance('RdsInstance',
                       AllocatedStorage=Ref(self.dbStorageParam),
                       DBInstanceClass='db.t2.micro',
                       DBName=Ref(self.dbNameParam),
                       DBSubnetGroupName=Ref(self.rdsSubnetGroup),
                       VPCSecurityGroups=[Ref(self.rdsSg)],
                       Engine='MySQL',
                       EngineVersion='5.5.46',
                       MasterUsername=Ref(self.dbUserParam),
                       MasterUserPassword=Ref(self.dbPasswordParam),
                       MultiAZ=Ref(self.dbMultiAzParam)))
        return 0
Esempio n. 7
0
def create_rds_instance(stack,
                        db_instance_identifier,
                        db_name,
                        db_instance_class,
                        db_username,
                        db_password,
                        db_subnet_group,
                        db_security_groups,
                        vpc_security_groups,
                        db_param_group,
                        allocated_storage="20",
                        engine="MySQL",
                        engine_version="5.7.17",
                        storage_encrypted="True",
                        deletion_policy="Retain",
                        multi_az=False):
    """Add RDS Instance Resource."""

    return stack.stack.add_resource(
        DBInstance('RDSInstance',
                   DBInstanceIdentifier=db_instance_identifier,
                   DBName=db_name,
                   DBInstanceClass=db_instance_class,
                   AllocatedStorage=allocated_storage,
                   Engine=engine,
                   EngineVersion=engine_version,
                   MasterUsername=db_username,
                   MasterUserPassword=db_password,
                   DBSubnetGroupName=db_subnet_group,
                   DBSecurityGroups=list(db_security_groups),
                   VPCSecurityGroups=list(db_security_groups),
                   DBParameterGroupName=db_param_group,
                   StorageEncrypted=storage_encrypted,
                   DeletionPolicy=deletion_policy,
                   MultiAZ=multi_az))
Esempio n. 8
0
 def create_rds(self):
     t = self.template
     t.add_resource(
         DBInstance(DBINSTANCE,
                    StorageType=self.get_storage_type(),
                    Iops=self.get_piops(),
                    **self.get_common_attrs()))
Esempio n. 9
0
def create_rds_db(db_name, db_user, db_password):
    db = DBInstance('Database',
                    DBInstanceClass='db.t2.micro',
                    Engine='MySQL',
                    AllocatedStorage="5",
                    DBName=Ref(db_name),
                    MasterUsername=Ref(db_user),
                    MasterUserPassword=Ref(db_password))
    return db
Esempio n. 10
0
 def create_rds(self):
     t = self.template
     t.add_resource(
         DBInstance(DBINSTANCE,
                    StorageType=If("HasStorageType", Ref("StorageType"),
                                   Ref("AWS::NoValue")),
                    Iops=If("HasProvisionedIOPS", Ref("IOPS"),
                            Ref("AWS::NoValue")),
                    **self.get_common_attrs()))
Esempio n. 11
0
def add_instances_from_parameters(db_template, db):
    """
    Function to go over each Instance defined in parameters

    :param troposphere.Template db_template: The template to add the resources to.
    :param ecs_composex.rds.rds_stack.Rds db: The Db object defined in compose.
    :raises: TypeError
    """
    aurora_compatible = [
        "Engine",
        "UseDefaultProcessorFeatures",
        "Tags",
        "SourceRegion",
        "SourceDBInstanceIdentifier",
        "PubliclyAccessible",
        "PromotionTier",
        "ProcessorFeatures",
        "PreferredMaintenanceWindow",
        "EnablePerformanceInsights",
        "AllowMajorVersionUpgrade",
        "AssociatedRoles",
        "CACertificateIdentifier",
        "DBInstanceClass",
        "DBParameterGroupName",
    ]
    if not isinstance(db.parameters["Instances"], list):
        raise TypeError("The Instances in MacroParameters must be a list of dict")
    for count, db_instance in enumerate(db.parameters["Instances"]):
        if not isinstance(db_instance, dict):
            raise TypeError(
                "The instance defined must be the CFN properties for RDS Instance. Got",
                type(db_instance),
            )
        instance_props = import_record_properties(db_instance, DBInstance)
        instance_props["Engine"] = Ref(DB_ENGINE_NAME)

        to_del = [
            prop_name
            for prop_name in instance_props.keys()
            if prop_name not in aurora_compatible
        ]
        for key in to_del:
            del instance_props[key]
        db_instance = DBInstance(
            f"{db.logical_name}Instance{count}",
            DBClusterIdentifier=Ref(db.cfn_resource),
            **instance_props,
        )
        db_template.add_resource(db_instance)
Esempio n. 12
0
def add_instance(template):
    """
    Function to add DB Instance(s)

    :param troposphere.Template template: The template to add the DB Instance to.
    """
    DBInstance(
        DATABASE_T,
        template=template,
        Engine=Ref(DB_ENGINE_NAME),
        EngineVersion=Ref(DB_ENGINE_VERSION),
        StorageType=If(rds_conditions.USE_CLUSTER_CON_T, Ref(AWS_NO_VALUE),
                       Ref(DB_STORAGE_TYPE)),
        DBSubnetGroupName=If(
            rds_conditions.NOT_USE_CLUSTER_CON_T,
            If(
                rds_conditions.DBS_SUBNET_GROUP_CON_T,
                Ref(CLUSTER_SUBNET_GROUP),
                Ref(DBS_SUBNET_GROUP),
            ),
            Ref(AWS_NO_VALUE),
        ),
        AllocatedStorage=If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(AWS_NO_VALUE),
            Ref(DB_STORAGE_CAPACITY),
        ),
        DBInstanceClass=Ref(DB_INSTANCE_CLASS),
        MasterUsername=If(
            rds_conditions.USE_CLUSTER_OR_SNAPSHOT_CON_T,
            Ref(AWS_NO_VALUE),
            Sub(f"{{{{resolve:secretsmanager:${{{DB_SECRET_T}}}:SecretString:username}}}}"
                ),
        ),
        DBClusterIdentifier=If(rds_conditions.USE_CLUSTER_CON_T,
                               Ref(CLUSTER_T), Ref(AWS_NO_VALUE)),
        MasterUserPassword=If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(AWS_NO_VALUE),
            Sub(f"{{{{resolve:secretsmanager:${{{DB_SECRET_T}}}:SecretString:password}}}}"
                ),
        ),
        VPCSecurityGroups=If(rds_conditions.USE_CLUSTER_CON_T,
                             Ref(AWS_NO_VALUE), [Ref(DB_SG_T)]),
    )
Esempio n. 13
0
    def create_rds(self):
        t = self.template
        db_name = RDS_INSTANCE_NAME % self.name
        t.add_resource(
            DBInstance(db_name,
                       AllocatedStorage=Ref('AllocatedStorage'),
                       AllowMajorVersionUpgrade=False,
                       AutoMinorVersionUpgrade=True,
                       BackupRetentionPeriod=30,
                       DBName=Ref('DBName'),
                       DBInstanceClass=Ref('InstanceType'),
                       DBSubnetGroupName=Ref(RDS_SUBNET_GROUP % self.name),
                       Engine='postgres',
                       EngineVersion='9.3.5',
                       MasterUsername=Ref('MasterUser'),
                       MasterUserPassword=Ref('MasterUserPassword'),
                       MultiAZ=True,
                       PreferredBackupWindow=Ref('PreferredBackupWindow'),
                       VPCSecurityGroups=[
                           Ref(RDS_SG_NAME % self.name),
                       ]))

        endpoint = GetAtt(db_name, 'Endpoint.Address')

        # Setup CNAME to db
        t.add_resource(
            RecordSetType(
                '%sDnsRecord' % db_name,
                # Appends a '.' to the end of the domain
                HostedZoneId=Ref("InternalZoneId"),
                Comment='RDS DB CNAME Record',
                Name=Join(".",
                          [Ref("InternalHostname"),
                           Ref("InternalZoneName")]),
                Type='CNAME',
                TTL='120',
                ResourceRecords=[endpoint],
                Condition="CreateInternalHostname"))
        t.add_output(Output('DBAddress', Value=endpoint))
        t.add_output(
            Output('DBCname',
                   Condition="CreateInternalHostname",
                   Value=Ref("%sDnsRecord" % db_name)))
Esempio n. 14
0
def create_rds_instance(stack,
                        db_instance_identifier,
                        db_name,
                        db_instance_class,
                        db_username,
                        db_password,
                        db_subnet_group,
                        db_security_groups,
                        vpc_security_groups,
                        db_param_group,
                        allocated_storage='20',
                        engine='MySQL',
                        engine_version='5.7.17',
                        storage_encrypted='True',
                        deletion_policy='Retain',
                        multi_az=False,
                        public=False):
    """Add RDS Instance Resource."""

    return stack.stack.add_resource(
        DBInstance('{0}RDSInstance'.format(
            db_instance_identifier.replace('-', '')),
                   DBInstanceIdentifier=db_instance_identifier,
                   DBName=db_name,
                   DBInstanceClass=db_instance_class,
                   AllocatedStorage=allocated_storage,
                   Engine=engine,
                   EngineVersion=engine_version,
                   MasterUsername=db_username,
                   MasterUserPassword=db_password,
                   DBSubnetGroupName=db_subnet_group,
                   DBSecurityGroups=list(db_security_groups),
                   VPCSecurityGroups=list(vpc_security_groups),
                   DBParameterGroupName=db_param_group,
                   StorageEncrypted=storage_encrypted,
                   DeletionPolicy=deletion_policy,
                   PubliclyAccessible=public,
                   MultiAZ=multi_az))
Esempio n. 15
0
def gen_rds_db(service_name):
    db_subnet_group = DBSubnetGroup(
        "DBSubnetGroup",
        DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
        SubnetIds=[
            Select(
                0,
                Split(
                    ",",
                    ImportValue(
                        Sub("${NetworkName}-network-vpc-PrivateSubnets")))),
            Select(
                1,
                Split(
                    ",",
                    ImportValue(
                        Sub("${NetworkName}-network-vpc-PrivateSubnets"))))
        ],
    )
    db = DBInstance("DB",
                    DBName=Ref(parameters['DBName']),
                    AllocatedStorage=Ref(parameters['DBStorage']),
                    DBInstanceClass=Ref(parameters['DBClass']),
                    DBInstanceIdentifier=service_name,
                    VPCSecurityGroups=[Ref('DBSecurityGroup')],
                    Engine=Ref(parameters['DBEngine']),
                    EngineVersion=Ref(parameters['DBEngineVersion']),
                    StorageType=Ref(parameters['DBStorageType']),
                    Iops=Ref(parameters['Iops']),
                    MasterUsername=Ref(parameters['Username']),
                    MasterUserPassword=Ref(parameters['Password']),
                    MultiAZ=Ref(parameters['MultiAZ']),
                    PubliclyAccessible=Ref(parameters['PubliclyAccessible']),
                    DBSubnetGroupName=Ref("DBSubnetGroup"),
                    Tags=gen_tags(service_name))
    return [db, db_subnet_group]
Esempio n. 16
0
    def add_resources(self):

        self.OracleRestDBSecurityGroup = self.template.add_resource(
            ec2.SecurityGroup(
                "OracleRestDBSecurityGroup",
                GroupDescription="Allow access to db",
                VpcId=Ref(self.VpcId),
                SecurityGroupIngress=[
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=1521,
                        ToPort=1521,
                        SourceSecurityGroupId=Ref(
                            self.ApiServerEC2SecurityGroup),
                    ),
                    ec2.SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=1521,
                        ToPort=1521,
                        SourceSecurityGroupId=Ref(
                            self.LoyaltyNavigatorEC2SecurityGroup),
                    )
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-OracleRDSSG"),
            ))

        self.OracleRestDBSubnetGroup = self.template.add_resource(
            DBSubnetGroup(
                "OracleRestDBSubnetGroup",
                DBSubnetGroupDescription="RDS DB Subnet Group",
                SubnetIds=[
                    Ref(self.RESTPrivSubnet1),
                    Ref(self.RESTPrivSubnet2)
                ],
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-OracleRDSSubnetGroup"),
            ))

        self.OracleRestDBInstance = self.template.add_resource(
            DBInstance(
                "OracleRestDBInstance",
                DBName=Ref(self.OracleRestDBName),
                DBInstanceIdentifier=Ref(self.OracleRestDBName),
                Engine="oracle-se2",
                MasterUsername=Ref(self.OracleRestDBUsername),
                DBInstanceClass=Ref(self.OracleRestDBClass),
                EngineVersion="12.1.0.2.v8",
                LicenseModel="license-included",
                BackupRetentionPeriod="0",
                DBSubnetGroupName=Ref(self.OracleRestDBSubnetGroup),
                VPCSecurityGroups=[Ref(self.OracleRestDBSecurityGroup)],
                AllocatedStorage=Ref(self.OracleRestDBAllocatedStorage),
                StorageType=Ref(self.OracleRestDBStorageType),
                Iops=Ref(self.OracleRestDBIOPS),
                MasterUserPassword=Ref(self.OracleRestDBPassword),
                DBParameterGroupName=Ref(self.OracleDBParameterGroup),
                Tags=self.base_tags +
                Tags(Name=self.environment_parameters["ClientEnvironmentKey"] +
                     "-OracleRDS"),
            ))
Esempio n. 17
0
            "LoadBalancerPort": "80",
            "Protocol": "HTTP"
        }],
        AvailabilityZones=GetAZs(""),
    ))

# @alias component @app:@db to MySQLDatabase
MySQLDatabase = t.add_resource(
    DBInstance(
        "MySQLDatabase",
        Engine="MySQL",
        MultiAZ=Ref(MultiAZDatabase),
        DBSecurityGroups=If("Is-EC2-Classic", [Ref(DBSecurityGroup)],
                            Ref("AWS::NoValue")),
        MasterUsername=Ref(DBUser),
        MasterUserPassword=Ref(DBPassword),
        VPCSecurityGroups=If("Is-EC2-VPC",
                             [GetAtt(DBEC2SecurityGroup, "GroupId")],
                             Ref("AWS::NoValue")),
        AllocatedStorage=Ref(DBAllocatedStorage),
        DBInstanceClass=Ref(DBInstanceClass),
        DBName=Ref(DBName),
    ))

WebsiteURL = t.add_output(
    Output(
        "WebsiteURL",
        Description="URL for newly created LAMP stack",
        Value=Join(
            "", ["http://", GetAtt(ElasticLoadBalancer, "DNSName")]),
    ))
Esempio n. 18
0
t.add_version("2010-09-09")

t.add_description(
    "AWS CloudFormation Sample Template RDS_Snapshot_On_Delete: Sample "
    "template showing how to create an RDS DBInstance that is snapshotted on "
    "stack deletion. **WARNING** This template creates an Amazon RDS database "
    "instance. When the stack is deleted a database snpshot will be left in "
    "your account. You will be billed for the AWS resources used if you "
    "create a stack from this template.")
MyDB = t.add_resource(
    DBInstance(
        "MyDB",
        Engine="MySQL",
        MasterUsername="******",
        MasterUserPassword="******",
        AllocatedStorage="5",
        DBInstanceClass="db.m1.small",
        DBName="MyDatabase",
    ))

JDBCConnectionString = t.add_output(
    Output(
        "JDBCConnectionString",
        Description="JDBC connection string for the database",
        Value=Join("", [
            "jdbc:mysql://",
            GetAtt(MyDB, "Endpoint.Address"), ":",
            GetAtt(MyDB, "Endpoint.Port"), "/MyDatabase"
        ]),
    ))
Esempio n. 19
0
def create():
    from troposphere.ec2 import PortRange, NetworkAcl, Route, \
        VPCGatewayAttachment, SubnetRouteTableAssociation, Subnet, RouteTable, \
        VPC, NetworkInterfaceProperty

    mydb = mysql.connector.connect(host="localhost",
                                   user="******",
                                   passwd="AmazingTheory62",
                                   database="cloud_formation")

    mycursor = mydb.cursor()
    mycursor.execute("SELECT * FROM customize_table")
    myresult = (mycursor.fetchone())
    sname = myresult[0]
    instance1 = myresult[1]
    instancetype1 = myresult[2]
    instance2 = myresult[3]
    instancetype2 = myresult[4]
    dbname = myresult[5]
    dbuser = myresult[6]
    dbpassword = myresult[7]
    dbstorage = myresult[8]
    dbinstance = myresult[9]
    vpcname = myresult[10]
    subnetname = myresult[11]

    t = Template()

    t.add_version('2010-09-09')

    t.set_description("""\
    AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: Sample \
    template showing how to create a VPC and add an EC2 instance with an Elastic \
    IP address and a security group. \
    **WARNING** This template creates an Amazon EC2 instance. You will be billed \
    for the AWS resources used if you create a stack from this template.""")

    keyname_param = t.add_parameter(
        Parameter(
            'KeyName',
            ConstraintDescription=
            'must be the name of an existing EC2 KeyPair.',
            Description=
            'Name of an existing EC2 KeyPair to enable SSH access to \
    the instance',
            Type='AWS::EC2::KeyPair::KeyName',
            Default='jayaincentiuskey',
        ))

    sshlocation_param = t.add_parameter(
        Parameter(
            'SSHLocation',
            Description=
            ' The IP address range that can be used to SSH to the EC2 \
    instances',
            Type='String',
            MinLength='9',
            MaxLength='18',
            Default='0.0.0.0/0',
            AllowedPattern=
            r"(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})",
            ConstraintDescription=(
                "must be a valid IP CIDR range of the form x.x.x.x/x."),
        ))

    instanceType_param = t.add_parameter(
        Parameter(
            'InstanceType',
            Type='String',
            Description='WebServer EC2 instance type',
            Default=instancetype1,
            AllowedValues=[
                't1.micro',
                't2.micro',
                't2.small',
                't2.medium',
                'm1.small',
                'm1.medium',
                'm1.large',
                'm1.xlarge',
                'm2.xlarge',
                'm2.2xlarge',
                'm2.4xlarge',
                'm3.medium',
                'm3.large',
                'm3.xlarge',
                'm3.2xlarge',
                'c1.medium',
                'c1.xlarge',
                'c3.large',
                'c3.xlarge',
                'c3.2xlarge',
                'c3.4xlarge',
                'c3.8xlarge',
                'g2.2xlarge',
                'r3.large',
                'r3.xlarge',
                'r3.2xlarge',
                'r3.4xlarge',
                'r3.8xlarge',
                'i2.xlarge',
                'i2.2xlarge',
                'i2.4xlarge',
                'i2.8xlarge',
                'hi1.4xlarge',
                'hs1.8xlarge',
                'cr1.8xlarge',
                'cc2.8xlarge',
                'cg1.4xlarge',
            ],
            ConstraintDescription='must be a valid EC2 instance type.',
        ))

    instanceType_param1 = t.add_parameter(
        Parameter(
            'SecindInstanceType',
            Type='String',
            Description='WebServer EC2 instance type',
            Default=instancetype2,
            AllowedValues=[
                't1.micro',
                't2.micro',
                't2.small',
                't2.medium',
                'm1.small',
                'm1.medium',
                'm1.large',
                'm1.xlarge',
                'm2.xlarge',
                'm2.2xlarge',
                'm2.4xlarge',
                'm3.medium',
                'm3.large',
                'm3.xlarge',
                'm3.2xlarge',
                'c1.medium',
                'c1.xlarge',
                'c3.large',
                'c3.xlarge',
                'c3.2xlarge',
                'c3.4xlarge',
                'c3.8xlarge',
                'g2.2xlarge',
                'r3.large',
                'r3.xlarge',
                'r3.2xlarge',
                'r3.4xlarge',
                'r3.8xlarge',
                'i2.xlarge',
                'i2.2xlarge',
                'i2.4xlarge',
                'i2.8xlarge',
                'hi1.4xlarge',
                'hs1.8xlarge',
                'cr1.8xlarge',
                'cc2.8xlarge',
                'cg1.4xlarge',
            ],
            ConstraintDescription='must be a valid EC2 instance type.',
        ))

    t.add_mapping(
        'AWSInstanceType2Arch', {
            't1.micro': {
                'Arch': 'PV64'
            },
            't2.micro': {
                'Arch': 'HVM64'
            },
            't2.small': {
                'Arch': 'HVM64'
            },
            't2.medium': {
                'Arch': 'HVM64'
            },
            'm1.small': {
                'Arch': 'PV64'
            },
            'm1.medium': {
                'Arch': 'PV64'
            },
            'm1.large': {
                'Arch': 'PV64'
            },
            'm1.xlarge': {
                'Arch': 'PV64'
            },
            'm2.xlarge': {
                'Arch': 'PV64'
            },
            'm2.2xlarge': {
                'Arch': 'PV64'
            },
            'm2.4xlarge': {
                'Arch': 'PV64'
            },
            'm3.medium': {
                'Arch': 'HVM64'
            },
            'm3.large': {
                'Arch': 'HVM64'
            },
            'm3.xlarge': {
                'Arch': 'HVM64'
            },
            'm3.2xlarge': {
                'Arch': 'HVM64'
            },
            'c1.medium': {
                'Arch': 'PV64'
            },
            'c1.xlarge': {
                'Arch': 'PV64'
            },
            'c3.large': {
                'Arch': 'HVM64'
            },
            'c3.xlarge': {
                'Arch': 'HVM64'
            },
            'c3.2xlarge': {
                'Arch': 'HVM64'
            },
            'c3.4xlarge': {
                'Arch': 'HVM64'
            },
            'c3.8xlarge': {
                'Arch': 'HVM64'
            },
            'g2.2xlarge': {
                'Arch': 'HVMG2'
            },
            'r3.large': {
                'Arch': 'HVM64'
            },
            'r3.xlarge': {
                'Arch': 'HVM64'
            },
            'r3.2xlarge': {
                'Arch': 'HVM64'
            },
            'r3.4xlarge': {
                'Arch': 'HVM64'
            },
            'r3.8xlarge': {
                'Arch': 'HVM64'
            },
            'i2.xlarge': {
                'Arch': 'HVM64'
            },
            'i2.2xlarge': {
                'Arch': 'HVM64'
            },
            'i2.4xlarge': {
                'Arch': 'HVM64'
            },
            'i2.8xlarge': {
                'Arch': 'HVM64'
            },
            'hi1.4xlarge': {
                'Arch': 'HVM64'
            },
            'hs1.8xlarge': {
                'Arch': 'HVM64'
            },
            'cr1.8xlarge': {
                'Arch': 'HVM64'
            },
            'cc2.8xlarge': {
                'Arch': 'HVM64'
            },
        })

    t.add_mapping(
        'AWSRegionArch2AMI', {
            'us-east-1': {
                'PV64': 'ami-50842d38',
                'HVM64': 'ami-08842d60',
                'HVMG2': 'ami-3a329952'
            },
            'us-west-2': {
                'PV64': 'ami-af86c69f',
                'HVM64': 'ami-8786c6b7',
                'HVMG2': 'ami-47296a77'
            },
            'us-west-1': {
                'PV64': 'ami-c7a8a182',
                'HVM64': 'ami-cfa8a18a',
                'HVMG2': 'ami-331b1376'
            },
            'eu-west-1': {
                'PV64': 'ami-aa8f28dd',
                'HVM64': 'ami-748e2903',
                'HVMG2': 'ami-00913777'
            },
            'ap-southeast-1': {
                'PV64': 'ami-20e1c572',
                'HVM64': 'ami-d6e1c584',
                'HVMG2': 'ami-fabe9aa8'
            },
            'ap-northeast-1': {
                'PV64': 'ami-21072820',
                'HVM64': 'ami-35072834',
                'HVMG2': 'ami-5dd1ff5c'
            },
            'ap-southeast-2': {
                'PV64': 'ami-8b4724b1',
                'HVM64': 'ami-fd4724c7',
                'HVMG2': 'ami-e98ae9d3'
            },
            'sa-east-1': {
                'PV64': 'ami-9d6cc680',
                'HVM64': 'ami-956cc688',
                'HVMG2': 'NOT_SUPPORTED'
            },
            'cn-north-1': {
                'PV64': 'ami-a857c591',
                'HVM64': 'ami-ac57c595',
                'HVMG2': 'NOT_SUPPORTED'
            },
            'eu-central-1': {
                'PV64': 'ami-a03503bd',
                'HVM64': 'ami-b43503a9',
                'HVMG2': 'ami-b03503ad'
            },
        })

    ref_stack_id = Ref('AWS::StackId')
    ref_region = Ref('AWS::Region')
    ref_stack_name = Ref('AWS::StackName')

    VPC = t.add_resource(
        VPC('VPC',
            CidrBlock='10.0.0.0/16',
            Tags=Tags(Name=vpcname, Application=ref_stack_id)))

    subnet = t.add_resource(
        Subnet('publicSubnet',
               CidrBlock='10.0.1.0/24',
               AvailabilityZone='us-west-2b',
               VpcId=Ref(VPC),
               Tags=Tags(Name=subnetname, Application=ref_stack_id)))

    subnet1 = t.add_resource(
        Subnet('publicSubnet1',
               CidrBlock='10.0.3.0/24',
               AvailabilityZone='us-west-2a',
               VpcId=Ref(VPC),
               Tags=Tags(Name=subnetname, Application=ref_stack_id)))

    publicsubnet = t.add_resource(
        Subnet('PrivateSubnet',
               CidrBlock='10.0.0.0/24',
               AvailabilityZone='us-west-2a',
               VpcId=Ref(VPC),
               Tags=Tags(Name=subnetname, Application=ref_stack_id)))

    publicsubnet1 = t.add_resource(
        Subnet('PrivateSubnet1',
               CidrBlock='10.0.2.0/24',
               AvailabilityZone='us-west-2b',
               VpcId=Ref(VPC),
               Tags=Tags(Name=subnetname, Application=ref_stack_id)))

    internetGateway = t.add_resource(
        InternetGateway('InternetGateway',
                        Tags=Tags(Application=ref_stack_id)))

    gatewayAttachment = t.add_resource(
        VPCGatewayAttachment('AttachGateway',
                             VpcId=Ref(VPC),
                             InternetGatewayId=Ref(internetGateway)))

    routeTable = t.add_resource(
        RouteTable('RouteTable',
                   VpcId=Ref(VPC),
                   Tags=Tags(Application=ref_stack_id)))

    route = t.add_resource(
        Route(
            'Route',
            DependsOn='AttachGateway',
            GatewayId=Ref('InternetGateway'),
            DestinationCidrBlock='0.0.0.0/0',
            RouteTableId=Ref(routeTable),
        ))

    routeTable1 = t.add_resource(
        RouteTable('PrivateRouteTable',
                   VpcId=Ref(VPC),
                   Tags=Tags(Application=ref_stack_id)))

    # route1 = t.add_resource(
    #     Route(
    #         'PublicRoute',
    #         DependsOn='AttachGateway',
    #         GatewayId=Ref('InternetGateway'),
    #         DestinationCidrBlock='0.0.0.0/0',
    #         RouteTableId=Ref(routeTable1),
    #     ))

    subnetRouteTableAssociation = t.add_resource(
        SubnetRouteTableAssociation(
            'SubnetRouteTableAssociation',
            SubnetId=Ref(subnet),
            RouteTableId=Ref(routeTable),
        ))

    subnetRouteTableAssociation1 = t.add_resource(
        SubnetRouteTableAssociation(
            'SubnetRouteTableAssociation1',
            SubnetId=Ref(subnet1),
            RouteTableId=Ref(routeTable),
        ))

    subnetRouteTableAssociation2 = t.add_resource(
        SubnetRouteTableAssociation(
            'SubnetRouteTable1Association2',
            SubnetId=Ref(publicsubnet),
            RouteTableId=Ref(routeTable1),
        ))

    subnetRouteTableAssociation3 = t.add_resource(
        SubnetRouteTableAssociation(
            'SubnetRouteTable1Association3',
            SubnetId=Ref(publicsubnet1),
            RouteTableId=Ref(routeTable1),
        ))
    #
    # subnetRouteTableAssociation4= t.add_resource(
    #     SubnetRouteTableAssociation(
    #         'SubnetRouteTable1Association4',
    #         SubnetId=Ref(subnet1),
    #         RouteTableId=Ref(routeTable1),
    #     ))

    instanceSecurityGroup = t.add_resource(
        SecurityGroup(
            'InstanceSecurityGroup',
            GroupDescription='Enable SSH access via port 22',
            SecurityGroupIngress=[
                SecurityGroupRule(IpProtocol='tcp',
                                  FromPort='22',
                                  ToPort='22',
                                  CidrIp=Ref(sshlocation_param)),
                SecurityGroupRule(IpProtocol='tcp',
                                  FromPort='80',
                                  ToPort='80',
                                  CidrIp='0.0.0.0/0')
            ],
            VpcId=Ref(VPC),
        ))

    instance = t.add_resource(
        Instance(
            'WebServerInstance',
            #Metadata=instance_metadata,
            ImageId=FindInMap(
                'AWSRegionArch2AMI', Ref('AWS::Region'),
                FindInMap('AWSInstanceType2Arch', Ref(instanceType_param),
                          'Arch')),
            InstanceType=Ref(instanceType_param),
            KeyName=Ref(keyname_param),
            NetworkInterfaces=[
                NetworkInterfaceProperty(GroupSet=[Ref(instanceSecurityGroup)],
                                         AssociatePublicIpAddress='true',
                                         DeviceIndex='0',
                                         DeleteOnTermination='true',
                                         SubnetId=Ref(subnet))
            ],
            Tags=Tags(Name=instance1, Application=ref_stack_id),
        ))

    instance1 = t.add_resource(
        Instance(
            'WebServerInstance1',
            #Metadata=instance_metadata,
            ImageId=FindInMap(
                'AWSRegionArch2AMI', Ref('AWS::Region'),
                FindInMap('AWSInstanceType2Arch', Ref(instanceType_param1),
                          'Arch')),
            InstanceType=Ref(instanceType_param1),
            KeyName=Ref(keyname_param),
            NetworkInterfaces=[
                NetworkInterfaceProperty(GroupSet=[Ref(instanceSecurityGroup)],
                                         AssociatePublicIpAddress='true',
                                         DeviceIndex='0',
                                         DeleteOnTermination='true',
                                         SubnetId=Ref(subnet1))
            ],
            Tags=Tags(Name=instance2, Application=ref_stack_id),
        ))

    # rdssubnet = t.add_parameter(Parameter(
    #     "Subnets",
    #     Type="CommaDelimitedList",
    #     Default=Ref(publicsubnet1),
    #     Description=(
    #         "The list of SubnetIds, for at least two Availability Zones in the "
    #         "region in your Virtual Private Cloud (VPC)")
    # ))

    mydbsubnetgroup = t.add_resource(
        DBSubnetGroup(
            "MyDBSubnetGroup",
            DBSubnetGroupDescription=
            "Subnets available for the RDS DB Instance",
            # Type="CommaDelimitedList",
            SubnetIds=[Ref(publicsubnet),
                       Ref(publicsubnet1)],
        ))

    mydb = t.add_resource(
        DBInstance(
            "MyDB",
            DBName=dbname,
            AllocatedStorage=dbstorage,
            DBInstanceClass=dbinstance,
            Engine="MySQL",
            EngineVersion="5.5",
            MasterUsername=dbuser,
            MasterUserPassword=dbpassword,
            DBSubnetGroupName=Ref(mydbsubnetgroup),
        ))

    t.add_output(
        Output("JDBCConnectionString",
               Description="JDBC connection string for database",
               Value=Join("", [
                   "jdbc:mysql://",
                   GetAtt("MyDB", "Endpoint.Address"),
                   GetAtt("MyDB", "Endpoint.Port"), "/", "customizedb"
               ])))

    # print(t.to_json())
    file = open('customizejson.json', 'w')
    file.write(t.to_json())
    file.close()
    os.system('aws cloudformation create-stack --stack-name ' + sname +
              ' --template-body file://customizejson.json')


# create()
Esempio n. 20
0
def create():
    mydb1 = mysql.connector.connect(
        host="localhost",
        user="******",
        passwd="AmazingTheory62",
        database="cloud_formation"
    )

    mycursor = mydb1.cursor()
    mycursor.execute("SELECT * FROM rds_table")
    myresult = (mycursor.fetchone())
    sname = myresult[0]
    name = myresult[1]
    username = myresult[2]
    password = myresult[3]
    storage = myresult[4]
    instance = myresult[5]
    vname = myresult[6]

    t = Template()

    t.set_description(
        "AWS CloudFormation Sample Template VPC_RDS_DB_Instance: Sample template "
        "showing how to create an RDS DBInstance in an existing Virtual Private "
        "Cloud (VPC). **WARNING** This template creates an Amazon Relational "
        "Database Service database instance. You will be billed for the AWS "
        "resources used if you create a stack from this template.")

    vpcid = t.add_parameter(Parameter(
        "VpcId",
        Type="String",
        Default=vname,
        Description="VpcId of your existing Virtual Private Cloud (VPC)"
    ))

    subnet = t.add_parameter(Parameter(
        "Subnets",
        Type="CommaDelimitedList",
        Default="subnet-022285e80f9d67db7, subnet-0cccbdd282866c95e",
        Description=(
            "The list of SubnetIds, for at least two Availability Zones in the "
            "region in your Virtual Private Cloud (VPC)")
    ))

    dbname = t.add_parameter(Parameter(
        "DBName",
        Default=name,
        Description="The database name",
        Type="String",
        MinLength="1",
        MaxLength="64",
        AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
        ConstraintDescription=("must begin with a letter and contain only"
                               " alphanumeric characters.")
    ))

    dbuser = t.add_parameter(Parameter(
        "DBUser",
        NoEcho=True,
        Default=username,
        Description="The database admin account username",
        Type="String",
        MinLength="1",
        MaxLength="16",
        AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
        ConstraintDescription=("must begin with a letter and contain only"
                               " alphanumeric characters.")
    ))

    dbpassword = t.add_parameter(Parameter(
        "DBPassword",
        NoEcho=True,
        Default=password,
        Description="The database admin account password",
        Type="String",
        MinLength="1",
        MaxLength="41",
        AllowedPattern="[a-zA-Z0-9]*",
        ConstraintDescription="must contain only alphanumeric characters."
    ))

    dbclass = t.add_parameter(Parameter(
        "DBClass",
        Default=instance,
        Description="Database instance class",
        Type="String",
        AllowedValues=[
          "db.m5.large", "db.m1.small", "db.m5.xlarge", "db.m5.2xlarge", "db.m5.4xlarge",
          "db.m5.12xlarge", "db.m5.24xlarge", "db.m4.large", "db.m4.xlarge",
          "db.m4.2xlarge", "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge",
          "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge", "db.r4.4xlarge",
          "db.r4.8xlarge", "db.r4.16xlarge", "db.x1e.xlarge", "db.x1e.2xlarge",
          "db.x1e.4xlarge", "db.x1e.8xlarge", "db.x1e.16xlarge", "db.x1e.32xlarge",
          "db.x1.16xlarge", "db.x1.32xlarge", "db.r3.large", "db.r3.xlarge",
          "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge", "db.t2.micro",
          "db.t2.small", "db.t2.medium", "db.t2.large", "db.t2.xlarge",
          "db.t2.2xlarge"
        ],
        ConstraintDescription="must select a valid database instance type.",
    ))

    dballocatedstorage = t.add_parameter(Parameter(
        "DBAllocatedStorage",
        Default=storage,
        Description="The size of the database (Gb)",
        Type="Number",
        MinValue="5",
        MaxValue="1024",
        ConstraintDescription="must be between 5 and 1024Gb.",
    ))


    mydbsubnetgroup = t.add_resource(DBSubnetGroup(
        "MyDBSubnetGroup",
        DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
        SubnetIds=Ref(subnet),
    ))

    myvpcsecuritygroup = t.add_resource(SecurityGroup(
        "myVPCSecurityGroup",
        GroupDescription="Security group for RDS DB Instance.",
        VpcId=Ref(vpcid)
    ))

    mydb = t.add_resource(DBInstance(
        "MyDB",
        DBName=Ref(dbname),
        AllocatedStorage=Ref(dballocatedstorage),
        DBInstanceClass=Ref(dbclass),
        Engine="MySQL",
        EngineVersion="5.5",
        MasterUsername=Ref(dbuser),
        MasterUserPassword=Ref(dbpassword),
        DBSubnetGroupName=Ref(mydbsubnetgroup),
        VPCSecurityGroups=[Ref(myvpcsecuritygroup)],
    ))

    t.add_output(Output(
        "JDBCConnectionString",
        Description="JDBC connection string for database",
        Value=Join("", [
            "jdbc:mysql://",
            GetAtt("MyDB", "Endpoint.Address"),
            GetAtt("MyDB", "Endpoint.Port"),
            "/",
            Ref(dbname)
        ])
    ))

    print(t.to_json())
    file = open('rdsjson.json', 'w')
    file.write(t.to_json())
    file.close()
    os.system('aws cloudformation create-stack --stack-name ' + sname + ' --template-body file://rdsjson.json')
Esempio n. 21
0
def create_rds_template():
    template = Template()

    vpc = template.add_parameter(
        parameter=Parameter(title='Vpc', Type='String'))

    subnet_a = template.add_parameter(
        parameter=Parameter(title='SubnetA', Type='String'))

    subnet_b = template.add_parameter(
        parameter=Parameter(title='SubnetB', Type='String'))

    master_user_name = template.add_parameter(
        parameter=Parameter(title='DBMasterUserName', Type='String'))

    master_user_password = template.add_parameter(
        parameter=Parameter(title='DBMasterUserPassword', Type='String'))

    storage_size = template.add_parameter(
        parameter=Parameter(title='StorageSize', Default='20', Type='String'))

    instance_class = template.add_parameter(parameter=Parameter(
        title='InstanceClass', Default='db.t2.micro', Type='String'))

    engine_version = template.add_parameter(parameter=Parameter(
        title='EngineVersion', Default='5.7.26', Type='String'))

    security_group = template.add_resource(
        resource=SecurityGroup(title='SampleSecurityGroup',
                               GroupDescription='sample-rds',
                               SecurityGroupIngress=[{
                                   'IpProtocol': 'tcp',
                                   'FromPort': 3306,
                                   'ToPort': 3306,
                                   'CidrIp': '0.0.0.0/0',
                               }],
                               VpcId=Ref(vpc)))

    db_subnet_group = template.add_resource(resource=DBSubnetGroup(
        title='SampleDBSubnetGroup',
        DBSubnetGroupDescription='sample-rds',
        DBSubnetGroupName='sample-rds',
        SubnetIds=[Ref(subnet_a), Ref(subnet_b)]))

    template.add_resource(resource=DBInstance(
        title='SampleDBInstance',
        DBSubnetGroupName=Ref(db_subnet_group),
        # VPCSecurityGroups=[Ref(security_group)],
        VPCSecurityGroups=[GetAtt(security_group, 'GroupId')],
        AllocatedStorage=Ref(storage_size),
        DBInstanceClass=Ref(instance_class),
        DBInstanceIdentifier='sample-rds',
        DBName='sample_rds',
        Engine='mysql',
        EngineVersion=Ref(engine_version),
        MasterUsername=Ref(master_user_name),
        MasterUserPassword=Ref(master_user_password),
        PubliclyAccessible=True))

    with open('./rds.yml', mode='w') as file:
        file.write(template.to_yaml())
    MinLength="1",
    MaxLength="41",
    AllowedPattern="[a-zA-Z0-9]*",
    ConstraintDescription="must contain only alphanumeric characters."
))


myrdsparamgroup = t.add_resource(DBParameterGroup(
    "MyRDSParamGroup",
    Family="MySQL5.5",
    Description="CloudFormation Sample Database Parameter Group",
    Parameters={
        "autocommit": "1",
        "general_log": "1",
        "old_passwords": "0"
    }
))

mydb = t.add_resource(DBInstance(
    "MyDB",
    AllocatedStorage="5",
    DBInstanceClass="db.m1.small",
    Engine="MySQL",
    EngineVersion="5.5",
    MasterUsername=Ref(dbuser),
    MasterUserPassword=Ref(dbpassword),
    DBParameterGroupName=Ref(myrdsparamgroup),
))

print(t.to_json())
Esempio n. 23
0
    )
)

Instance = t.add_resource(
    DBInstance(
        "Instance",
        AllocatedStorage="20",
        DBInstanceClass="db.t2.micro",
        Engine="mysql",
        DBInstanceIdentifier="TestInstance",
        MasterUsername=Join(
            "",
            [
                "{{resolve:secretsmanager:",
                {"Ref": "DbSecret"},
                ":SecretString:username}}",
            ],
        ),
        MasterUserPassword=Join(
            "",
            [
                "{{resolve:secretsmanager:",
                {"Ref": "DbSecret"},
                ":SecretString:password}}",
            ],
        ),
    )
)

t.add_resource(
    SecretTargetAttachment(
Esempio n. 24
0
def add_default_instance_definition(db, for_cluster=False):
    """
    Function to add DB Instance(s)

    :param ecs_composex.rds.rds_stack.Rds db:
    :param bool for_cluster: Whether this instance is added with default values for a DB Cluster
    """
    props = {
        "Engine": Ref(DB_ENGINE_NAME),
        "EngineVersion": If(
            rds_conditions.USE_CLUSTER_CON_T,
            NoValue,
            Ref(DB_ENGINE_VERSION),
        ),
        "StorageType": If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(AWS_NO_VALUE),
            Ref(DB_STORAGE_TYPE),
        ),
        "DBSubnetGroupName": If(
            rds_conditions.NOT_USE_CLUSTER_CON_T,
            Ref(db.db_subnet_group),
            Ref(AWS_NO_VALUE),
        ),
        "AllocatedStorage": If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(AWS_NO_VALUE),
            Ref(DB_STORAGE_CAPACITY),
        ),
        "DBInstanceClass": Ref(DB_INSTANCE_CLASS),
        "MasterUsername": If(
            rds_conditions.USE_CLUSTER_OR_SNAPSHOT_CON_T,
            Ref(AWS_NO_VALUE),
            Sub(
                f"{{{{resolve:secretsmanager:${{{db.db_secret.title}}}:SecretString:username}}}}"
            ),
        ),
        "DBClusterIdentifier": If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(db.cfn_resource),
            Ref(AWS_NO_VALUE),
        ),
        "MasterUserPassword": If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(AWS_NO_VALUE),
            Sub(
                f"{{{{resolve:secretsmanager:${{{db.db_secret.title}}}:SecretString:password}}}}"
            ),
        ),
        "VPCSecurityGroups": If(
            rds_conditions.USE_CLUSTER_CON_T,
            Ref(AWS_NO_VALUE),
            [GetAtt(db.db_sg, "GroupId")],
        ),
        "Tags": Tags(SecretName=Ref(db.db_secret), Name=db.logical_name),
        "StorageEncrypted": True,
    }
    if db.parameters and keyisset("MultiAZ", db.parameters):
        props["MultiAZ"] = True
    if for_cluster and keyisset("StorageEncrypted", props):
        del props["StorageEncrypted"]

    instance = DBInstance(f"Instance{db.logical_name}", **props)
    return instance
Esempio n. 25
0
    DBSubnetGroup('DatabaseSubnetGroup',
                  DBSubnetGroupDescription='RDS subnet group',
                  SubnetIds=[
                      ImportValue(Sub("${NetworkStackName}-PrivateSubnet1")),
                      ImportValue(Sub("${NetworkStackName}-PrivateSubnet2"))
                  ]))

mydb = t.add_resource(
    DBInstance("MyDB",
               MultiAZ=False,
               AllocatedStorage="5",
               DBInstanceClass="db.t2.micro",
               StorageType="gp2",
               Engine="postgres",
               MasterUsername=Ref(dbuser),
               MasterUserPassword=Ref(dbpassword),
               PubliclyAccessible=False,
               DBInstanceIdentifier=Ref(dbidentifier),
               AvailabilityZone=Select("0", GetAZs("")),
               DBSubnetGroupName=Ref(subnet_group),
               VPCSecurityGroups=[
                   ImportValue(Sub("${NetworkStackName}-DbSecurityGroupID"))
               ],
               Tags=Tags(Name=Sub('${AWS::StackName}-db'))))
# ##################
""" OUTPUTS """

# ##################
#  validation
cfclient = boto3.client(
    'cloudformation',
    aws_access_key_id=os.environ['AWS_ACCESS_KEY_ID'],
Esempio n. 26
0
    def rds(self, template):
        """
        Create an RDS resource configuration from the config file data
        and add it to the  troposphere.Template. Outputs for the RDS name,
        host and port are created.

        Args:
            template:
                The troposphere.Template object
        """
        # REQUIRED FIELDS MAPPING
        required_fields = {
            "db-name": "DBName",
            "storage": "AllocatedStorage",
            "storage-type": "StorageType",
            "backup-retention-period": "BackupRetentionPeriod",
            "db-master-username": "******",
            "db-master-password": "******",
            "db-engine": "Engine",
            "db-engine-version": "EngineVersion",
            "instance-class": "DBInstanceClass",
            "multi-az": "MultiAZ",
        }

        optional_fields = {"storage-encrypted": "StorageEncrypted", "identifier": "DBInstanceIdentifier"}

        # LOAD STACK TEMPLATE
        resources = []
        rds_subnet_group = DBSubnetGroup(
            "RDSSubnetGroup",
            SubnetIds=[Ref("SubnetA"), Ref("SubnetB"), Ref("SubnetC")],
            DBSubnetGroupDescription="VPC Subnets",
        )
        resources.append(rds_subnet_group)

        database_sg = SecurityGroup(
            "DatabaseSG",
            SecurityGroupIngress=[
                {
                    "ToPort": 5432,
                    "FromPort": 5432,
                    "IpProtocol": "tcp",
                    "CidrIp": FindInMap("SubnetConfig", "VPC", "CIDR"),
                },
                {
                    "ToPort": 3306,
                    "FromPort": 3306,
                    "IpProtocol": "tcp",
                    "CidrIp": FindInMap("SubnetConfig", "VPC", "CIDR"),
                },
            ],
            VpcId=Ref("VPC"),
            GroupDescription="SG for EC2 Access to RDS",
        )
        resources.append(database_sg)

        rds_instance = DBInstance(
            "RDSInstance",
            PubliclyAccessible=False,
            AllowMajorVersionUpgrade=False,
            AutoMinorVersionUpgrade=False,
            VPCSecurityGroups=[GetAtt(database_sg, "GroupId")],
            DBSubnetGroupName=Ref(rds_subnet_group),
            StorageEncrypted=False,
            DependsOn=database_sg.title,
        )
        resources.append(rds_instance)

        # We *cant* specify db-name for SQL Server based RDS instances. :(
        if "db-engine" in self.data["rds"] and self.data["rds"]["db-engine"].startswith("sqlserver"):
            required_fields.pop("db-name")

        # TEST FOR REQUIRED FIELDS AND EXIT IF MISSING ANY
        for yaml_key, rds_prop in required_fields.iteritems():
            if yaml_key not in self.data["rds"]:
                print "\n\n[ERROR] Missing RDS fields [%s]" % yaml_key
                sys.exit(1)
            else:
                rds_instance.__setattr__(rds_prop, self.data["rds"][yaml_key])

        for yaml_key, rds_prop in optional_fields.iteritems():
            if yaml_key in self.data["rds"]:
                rds_instance.__setattr__(rds_prop, self.data["rds"][yaml_key])

        # Add resources and outputs
        map(template.add_resource, resources)
        template.add_output(
            Output("dbhost", Description="RDS Hostname", Value=GetAtt(rds_instance, "Endpoint.Address"))
        )
        template.add_output(Output("dbport", Description="RDS Port", Value=GetAtt(rds_instance, "Endpoint.Port")))
        "ZappaLamdbaBucket",
        BucketName=Join("-",
                        [Ref(EnvironmentName), Ref(VPC)]),
    ))

RDSDBInstance = template.add_resource(
    DBInstance(
        "RDSDBInstance",
        Engine=Ref(RDSEngine),
        MultiAZ=Ref(RDSMultiAZDatabase),
        PubliclyAccessible=True,
        Tags=Tags(Name=Sub("${EnvironmentName} RDS Instance"), ),
        MasterUsername=Ref(RDSDBUser),
        MasterUserPassword=Ref(RDSTemporaryDBPassword),
        VPCSecurityGroups=[
            GetAtt("RDSExternalSecurityGroup", "GroupId"),
            GetAtt(RDSInternalSecurityGroup, "GroupId")
        ],
        AllocatedStorage=Ref(RDSDBAllocatedStorage),
        EngineVersion=Ref(RDSEngineVersion),
        DBInstanceClass=Ref(RDSDBClass),
        DBSubnetGroupName=Ref("RDSDBSubnetGroup"),
        DBName=Ref(RDSDBName),
        DependsOn="RDSDBSubnetGroup",
    ))

RDSExternalSecurityGroup = template.add_resource(
    SecurityGroup(
        "RDSExternalSecurityGroup",
        SecurityGroupIngress=[
            {
Esempio n. 28
0
def buildStack(bootstrap, env):
    t = Template()

    t.add_description("""\
    Configures autoscaling group for hello world app""")

    vpcCidr = t.add_parameter(
        Parameter(
            "VPCCidr",
            Type="String",
            Description="VPC cidr (x.x.x.x/xx)",
        ))

    publicSubnet1 = t.add_parameter(
        Parameter(
            "PublicSubnet1",
            Type="String",
            Description="A public VPC subnet ID for the api app load balancer.",
        ))

    publicSubnet2 = t.add_parameter(
        Parameter(
            "PublicSubnet2",
            Type="String",
            Description="A public VPC subnet ID for the api load balancer.",
        ))

    dbName = t.add_parameter(
        Parameter(
            "DBName",
            Default="HelloWorldApp",
            Description="The database name",
            Type="String",
            MinLength="1",
            MaxLength="64",
            AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
            ConstraintDescription=("must begin with a letter and contain only"
                                   " alphanumeric characters.")))

    dbUser = t.add_parameter(
        Parameter(
            "DBUser",
            NoEcho=True,
            Description="The database admin account username",
            Type="String",
            MinLength="1",
            MaxLength="16",
            AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
            ConstraintDescription=("must begin with a letter and contain only"
                                   " alphanumeric characters.")))

    dbPassword = t.add_parameter(
        Parameter(
            "DBPassword",
            NoEcho=True,
            Description="The database admin account password",
            Type="String",
            MinLength="8",
            MaxLength="41",
            AllowedPattern="[a-zA-Z0-9]*",
            ConstraintDescription="must contain only alphanumeric characters.")
    )

    dbType = t.add_parameter(
        Parameter(
            "DBType",
            Default="db.t2.medium",
            Description="Database instance class",
            Type="String",
            AllowedValues=[
                "db.m5.large", "db.m5.xlarge", "db.m5.2xlarge",
                "db.m5.4xlarge", "db.m5.12xlarge", "db.m5.24xlarge",
                "db.m4.large", "db.m4.xlarge", "db.m4.2xlarge",
                "db.m4.4xlarge", "db.m4.10xlarge", "db.m4.16xlarge",
                "db.r4.large", "db.r4.xlarge", "db.r4.2xlarge",
                "db.r4.4xlarge", "db.r4.8xlarge", "db.r4.16xlarge",
                "db.x1e.xlarge", "db.x1e.2xlarge", "db.x1e.4xlarge",
                "db.x1e.8xlarge", "db.x1e.16xlarge", "db.x1e.32xlarge",
                "db.x1.16xlarge", "db.x1.32xlarge", "db.r3.large",
                "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge",
                "db.r3.8xlarge", "db.t2.micro", "db.t2.small", "db.t2.medium",
                "db.t2.large", "db.t2.xlarge", "db.t2.2xlarge"
            ],
            ConstraintDescription="must select a valid database instance type.",
        ))

    dbAllocatedStorage = t.add_parameter(
        Parameter(
            "DBAllocatedStorage",
            Default="5",
            Description="The size of the database (Gb)",
            Type="Number",
            MinValue="5",
            MaxValue="1024",
            ConstraintDescription="must be between 5 and 1024Gb.",
        ))

    whitelistedCIDR = t.add_parameter(
        Parameter(
            "WhitelistedCIDR",
            Description="CIDR whitelisted to be open on public instances",
            Type="String",
        ))

    #### NETWORK SECTION ####
    vpc = t.add_resource(
        VPC("VPC", CidrBlock=Ref(vpcCidr), EnableDnsHostnames=True))

    subnet1 = t.add_resource(
        Subnet("Subnet1",
               CidrBlock=Ref(publicSubnet1),
               AvailabilityZone="eu-west-1a",
               VpcId=Ref(vpc)))
    subnet2 = t.add_resource(
        Subnet("Subnet2",
               CidrBlock=Ref(publicSubnet2),
               AvailabilityZone="eu-west-1b",
               VpcId=Ref(vpc)))

    internetGateway = t.add_resource(InternetGateway('InternetGateway'))

    gatewayAttachment = t.add_resource(
        VPCGatewayAttachment('AttachGateway',
                             VpcId=Ref(vpc),
                             InternetGatewayId=Ref(internetGateway)))

    routeTable = t.add_resource(RouteTable('RouteTable', VpcId=Ref(vpc)))

    route = t.add_resource(
        Route(
            'Route',
            DependsOn='AttachGateway',
            GatewayId=Ref('InternetGateway'),
            DestinationCidrBlock='0.0.0.0/0',
            RouteTableId=Ref(routeTable),
        ))

    subnetRouteTableAssociation = t.add_resource(
        SubnetRouteTableAssociation(
            'SubnetRouteTableAssociation',
            SubnetId=Ref(subnet1),
            RouteTableId=Ref(routeTable),
        ))

    subnetRouteTableAssociation2 = t.add_resource(
        SubnetRouteTableAssociation(
            'SubnetRouteTableAssociation2',
            SubnetId=Ref(subnet2),
            RouteTableId=Ref(routeTable),
        ))

    #### SECURITY GROUP ####
    loadBalancerSg = t.add_resource(
        ec2.SecurityGroup(
            "LoadBalancerSecurityGroup",
            VpcId=Ref(vpc),
            GroupDescription="Enable SSH access via port 22",
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="80",
                    ToPort="80",
                    CidrIp="0.0.0.0/0",
                ),
            ],
        ))

    instanceSg = t.add_resource(
        ec2.SecurityGroup(
            "InstanceSecurityGroup",
            VpcId=Ref(vpc),
            GroupDescription="Enable SSH access via port 22",
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="22",
                    ToPort="22",
                    CidrIp=Ref(whitelistedCIDR),
                ),
                ec2.SecurityGroupRule(
                    IpProtocol="tcp",
                    FromPort="8000",
                    ToPort="8000",
                    SourceSecurityGroupId=Ref(loadBalancerSg),
                ),
            ],
        ))

    rdsSg = t.add_resource(
        SecurityGroup("RDSSecurityGroup",
                      GroupDescription="Security group for RDS DB Instance.",
                      VpcId=Ref(vpc),
                      SecurityGroupIngress=[
                          ec2.SecurityGroupRule(
                              IpProtocol="tcp",
                              FromPort="5432",
                              ToPort="5432",
                              SourceSecurityGroupId=Ref(instanceSg),
                          ),
                          ec2.SecurityGroupRule(
                              IpProtocol="tcp",
                              FromPort="5432",
                              ToPort="5432",
                              CidrIp=Ref(whitelistedCIDR),
                          ),
                      ]))

    #### DATABASE SECTION ####
    subnetGroup = t.add_resource(
        DBSubnetGroup(
            "SubnetGroup",
            DBSubnetGroupDescription=
            "Subnets available for the RDS DB Instance",
            SubnetIds=[Ref(subnet1), Ref(subnet2)],
        ))

    db = t.add_resource(
        DBInstance(
            "RDSHelloWorldApp",
            DBName=Join("", [Ref(dbName), env]),
            DBInstanceIdentifier=Join("", [Ref(dbName), env]),
            EnableIAMDatabaseAuthentication=True,
            PubliclyAccessible=True,
            AllocatedStorage=Ref(dbAllocatedStorage),
            DBInstanceClass=Ref(dbType),
            Engine="postgres",
            EngineVersion="10.4",
            MasterUsername=Ref(dbUser),
            MasterUserPassword=Ref(dbPassword),
            DBSubnetGroupName=Ref(subnetGroup),
            VPCSecurityGroups=[Ref(rdsSg)],
        ))

    t.add_output(
        Output("RDSConnectionString",
               Description="Connection string for database",
               Value=GetAtt("RDSHelloWorldApp", "Endpoint.Address")))

    if (bootstrap):
        return t

    #### INSTANCE SECTION ####
    keyName = t.add_parameter(
        Parameter(
            "KeyName",
            Type="String",
            Description="Name of an existing EC2 KeyPair to enable SSH access",
            MinLength="1",
            AllowedPattern="[\x20-\x7E]*",
            MaxLength="255",
            ConstraintDescription="can contain only ASCII characters.",
        ))

    scaleCapacityMin = t.add_parameter(
        Parameter(
            "ScaleCapacityMin",
            Default="1",
            Type="String",
            Description="Number of api servers to run",
        ))

    scaleCapacityMax = t.add_parameter(
        Parameter(
            "ScaleCapacityMax",
            Default="1",
            Type="String",
            Description="Number of api servers to run",
        ))

    scaleCapacityDesired = t.add_parameter(
        Parameter(
            "ScaleCapacityDesired",
            Default="1",
            Type="String",
            Description="Number of api servers to run",
        ))

    amiId = t.add_parameter(
        Parameter(
            "AmiId",
            Type="String",
            Default="ami-09693313102a30b2c",
            Description="The AMI id for the api instances",
        ))

    instanceType = t.add_parameter(
        Parameter("InstanceType",
                  Description="WebServer EC2 instance type",
                  Type="String",
                  Default="t2.medium",
                  AllowedValues=[
                      "t2.nano", "t2.micro", "t2.small", "t2.medium",
                      "t2.large", "m3.medium", "m3.large", "m3.xlarge",
                      "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge",
                      "m4.4xlarge", "m4.10xlarge", "c4.large", "c4.xlarge",
                      "c4.2xlarge", "c4.4xlarge", "c4.8xlarge"
                  ],
                  ConstraintDescription="must be a valid EC2 instance type."))

    assumeRole = t.add_resource(
        Role("AssumeRole",
             AssumeRolePolicyDocument=json.loads("""\
{
  "Version": "2012-10-17",
  "Statement": [
    {
    "Action": "sts:AssumeRole",
    "Principal": {
      "Service": "ec2.amazonaws.com"
    },
    "Effect": "Allow",
    "Sid": ""
    }
  ]
}\
""")))

    instanceProfile = t.add_resource(
        InstanceProfile("InstanceProfile", Roles=[Ref(assumeRole)]))

    rolePolicyType = t.add_resource(
        PolicyType("RolePolicyType",
                   Roles=[Ref(assumeRole)],
                   PolicyName=Join("", ["CloudWatchHelloWorld", "-", env]),
                   PolicyDocument=json.loads("""\
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:DescribeLogStreams",
        "logs:PutLogEvents"
      ],
    "Effect": "Allow",
    "Resource": [
        "arn:aws:logs:*:*:*"
      ]
    }
  ]
}\
""")))

    appPassword = t.add_parameter(
        Parameter(
            "AppPassword",
            NoEcho=True,
            Description="The Password for the app user",
            Type="String",
            MinLength="8",
            MaxLength="41",
            AllowedPattern="[a-zA-Z0-9]*",
            ConstraintDescription="must contain only alphanumeric characters.")
    )

    launchConfig = t.add_resource(
        LaunchConfiguration(
            "LaunchConfiguration",
            Metadata=autoscaling.Metadata(
                cloudformation.Init({
                    "config":
                    cloudformation.InitConfig(files=cloudformation.InitFiles({
                        "/home/app/environment":
                        cloudformation.InitFile(content=Join(
                            "", [
                                "SPRING_DATASOURCE_URL=", "jdbc:postgresql://",
                                GetAtt("RDSHelloWorldApp", "Endpoint.Address"),
                                ":5432/HelloWorldApp" + env +
                                "?currentSchema=hello_world", "\n",
                                "SPRING_DATASOURCE_USERNAME=app", "\n",
                                "SPRING_DATASOURCE_PASSWORD="******"\n",
                                "SPRING_PROFILES_ACTIVE=", env, "\n"
                            ]),
                                                mode="000600",
                                                owner="app",
                                                group="app")
                    }), )
                }), ),
            UserData=Base64(
                Join('', [
                    "#!/bin/bash\n", "/opt/aws/bin/cfn-init",
                    "    --resource LaunchConfiguration", "    --stack ",
                    Ref("AWS::StackName"), "    --region ",
                    Ref("AWS::Region"), "\n", "/opt/aws/bin/cfn-signal -e $? ",
                    "         --stack ", {
                        "Ref": "AWS::StackName"
                    }, "         --resource AutoscalingGroup ",
                    "         --region ", {
                        "Ref": "AWS::Region"
                    }, "\n"
                ])),
            ImageId=Ref(amiId),
            KeyName=Ref(keyName),
            IamInstanceProfile=Ref(instanceProfile),
            BlockDeviceMappings=[
                ec2.BlockDeviceMapping(DeviceName="/dev/xvda",
                                       Ebs=ec2.EBSBlockDevice(VolumeSize="8")),
            ],
            SecurityGroups=[Ref(instanceSg)],
            InstanceType=Ref(instanceType),
            AssociatePublicIpAddress='True',
        ))

    applicationElasticLB = t.add_resource(
        elb.LoadBalancer("ApplicationElasticLB",
                         Name="ApplicationElasticLB-" + env,
                         Scheme="internet-facing",
                         Type="application",
                         SecurityGroups=[Ref(loadBalancerSg)],
                         Subnets=[Ref(subnet1), Ref(subnet2)]))

    targetGroup = t.add_resource(
        elb.TargetGroup("TargetGroupHelloWorld",
                        HealthCheckProtocol="HTTP",
                        HealthCheckTimeoutSeconds="15",
                        HealthyThresholdCount="5",
                        Matcher=elb.Matcher(HttpCode="200,404"),
                        Port="8000",
                        Protocol="HTTP",
                        UnhealthyThresholdCount="3",
                        TargetGroupAttributes=[
                            elb.TargetGroupAttribute(
                                Key="deregistration_delay.timeout_seconds",
                                Value="120",
                            )
                        ],
                        VpcId=Ref(vpc)))

    listener = t.add_resource(
        elb.Listener("Listener",
                     Port="80",
                     Protocol="HTTP",
                     LoadBalancerArn=Ref(applicationElasticLB),
                     DefaultActions=[
                         elb.Action(Type="forward",
                                    TargetGroupArn=Ref(targetGroup))
                     ]))

    t.add_output(
        Output("URL",
               Description="URL of the sample website",
               Value=Join("",
                          ["http://",
                           GetAtt(applicationElasticLB, "DNSName")])))

    autoScalingGroup = t.add_resource(
        AutoScalingGroup(
            "AutoscalingGroup",
            DesiredCapacity=Ref(scaleCapacityDesired),
            LaunchConfigurationName=Ref(launchConfig),
            MinSize=Ref(scaleCapacityMin),
            MaxSize=Ref(scaleCapacityMax),
            VPCZoneIdentifier=[Ref(subnet1), Ref(subnet2)],
            TargetGroupARNs=[Ref(targetGroup)],
            HealthCheckType="ELB",
            HealthCheckGracePeriod=360,
            UpdatePolicy=UpdatePolicy(
                AutoScalingReplacingUpdate=AutoScalingReplacingUpdate(
                    WillReplace=True, ),
                AutoScalingRollingUpdate=AutoScalingRollingUpdate(
                    PauseTime='PT5M',
                    MinInstancesInService="1",
                    MaxBatchSize='1',
                    WaitOnResourceSignals=True)),
            CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal(
                Timeout="PT15M", Count=Ref(scaleCapacityDesired)))))

    # print(t.to_json())
    return t
Esempio n. 29
0
def main():
    '''Function: Generates the Cloudformation template'''
    template = Template()
    template.add_description("Dev Stack")

    keyname_param = template.add_parameter(
        Parameter(
            'KeyName',
            Description='An existing EC2 KeyPair.',
            ConstraintDescription='An existing EC2 KeyPair.',
            Type='AWS::EC2::KeyPair::KeyName',
        ))

    db_pass_param = template.add_parameter(
        Parameter(
            'DBPass',
            NoEcho=True,
            Type='String',
            Description='The database admin account password',
            ConstraintDescription='Must contain only alphanumeric characters',
            AllowedPattern="[-_a-zA-Z0-9]*",
        ))

    db_name_param = template.add_parameter(
        Parameter(
            'DBName',
            Default='miramax',
            Type='String',
            Description='The database name',
            ConstraintDescription=
            'Must begin with a letter and contain only alphanumeric characters',
            AllowedPattern="[-_a-zA-Z0-9]*",
        ))

    db_user_param = template.add_parameter(
        Parameter(
            'DBUser',
            Default='miramax',
            Type='String',
            Description='Username for MySQL database access',
            ConstraintDescription=
            'Must begin with a letter and contain only alphanumeric characters',
            AllowedPattern="[-_a-zA-Z0-9]*",
        ))

    template.add_mapping(
        'RegionMap', {
            'ap-south-1': {
                'ami': 'ami-ee8ea481'
            },
            'eu-west-3': {
                'ami': 'ami-daf040a7'
            },
            'eu-west-2': {
                'ami': 'ami-ddb950ba'
            },
            'eu-west-1': {
                'ami': 'ami-d2414e38'
            },
            'ap-northeast-2': {
                'ami': 'ami-65d86d0b'
            },
            'ap-northeast-1': {
                'ami': 'ami-e875a197'
            },
            'sa-east-1': {
                'ami': 'ami-ccd48ea0'
            },
            'ca-central-1': {
                'ami': 'ami-c3e567a7'
            },
            'ap-southeast-1': {
                'ami': 'ami-31e7e44d'
            },
            'ap-southeast-2': {
                'ami': 'ami-23c51c41'
            },
            'eu-central-1': {
                'ami': 'ami-3c635cd7'
            },
            'us-east-1': {
                'ami': 'ami-5cc39523'
            },
            'us-east-2': {
                'ami': 'ami-67142d02'
            },
            'us-west-1': {
                'ami': 'ami-d7b355b4'
            },
            'us-west-2': {
                'ami': 'ami-39c28c41'
            }
        })

    ec2_security_group = template.add_resource(
        ec2.SecurityGroup(
            'EC2SecurityGroup',
            Tags=[
                {
                    'Key': 'Name',
                    'Value': Ref('AWS::StackName')
                },
            ],
            GroupDescription='EC2 Security Group',
            SecurityGroupIngress=[
                ec2.SecurityGroupRule(IpProtocol='tcp',
                                      FromPort='22',
                                      ToPort='22',
                                      CidrIp='0.0.0.0/0',
                                      Description='SSH'),
                ec2.SecurityGroupRule(IpProtocol='tcp',
                                      FromPort='80',
                                      ToPort='80',
                                      CidrIp='0.0.0.0/0',
                                      Description='HTTP'),
                ec2.SecurityGroupRule(IpProtocol='tcp',
                                      FromPort='443',
                                      ToPort='443',
                                      CidrIp='0.0.0.0/0',
                                      Description='HTTPS'),
            ],
        ))

    db_security_group = template.add_resource(
        ec2.SecurityGroup('DBSecurityGroup',
                          Tags=[
                              {
                                  'Key': 'Name',
                                  'Value': Ref('AWS::StackName')
                              },
                          ],
                          GroupDescription='DB Security Group',
                          SecurityGroupIngress=[
                              ec2.SecurityGroupRule(
                                  IpProtocol='tcp',
                                  FromPort='3306',
                                  ToPort='3306',
                                  SourceSecurityGroupId=GetAtt(
                                      ec2_security_group, "GroupId"),
                                  Description='MySQL'),
                          ]))
    ec2_instance = template.add_resource(
        ec2.Instance(
            'Instance',
            Metadata=Metadata(
                Init({
                    "config":
                    InitConfig(files=InitFiles({
                        "/tmp/instance.txt":
                        InitFile(content=Ref('AWS::StackName'),
                                 mode="000644",
                                 owner="root",
                                 group="root")
                    }), )
                }), ),
            CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal(
                Timeout='PT15M')),
            Tags=[
                {
                    'Key': 'Name',
                    'Value': Ref('AWS::StackName')
                },
            ],
            ImageId=FindInMap('RegionMap', Ref('AWS::Region'), 'ami'),
            InstanceType='t2.micro',
            KeyName=Ref(keyname_param),
            SecurityGroups=[Ref(ec2_security_group),
                            Ref(db_security_group)],
            DependsOn='Database',
            UserData=Base64(
                Join('', [
                    '#!/bin/bash -x\n',
                    'exec > /tmp/user-data.log 2>&1\n',
                    'unset UCF_FORCE_CONFFOLD\n',
                    'export UCF_FORCE_CONFFNEW=YES\n',
                    'ucf --purge /boot/grub/menu.lst\n',
                    'export DEBIAN_FRONTEND=noninteractive\n',
                    'apt-get update\n',
                    'apt-get -o Dpkg::Options::="--force-confnew" --force-yes -fuy upgrade\n',
                    'apt-get install -y python-pip apache2 libapache2-mod-wsgi\n',
                    'pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n',
                    '# Signal Cloudformation when set up is complete\n',
                    '/usr/local/bin/cfn-signal -e $? --resource=Instance --region=',
                    Ref('AWS::Region'),
                    ' --stack=',
                    Ref('AWS::StackName'),
                    '\n',
                ]))))

    ip_association = template.add_resource(
        ec2.EIPAssociation('IPAssociation',
                           InstanceId=Ref(ec2_instance),
                           AllocationId='eipalloc-aa755d96'))

    db_instance = template.add_resource(
        DBInstance(
            'Database',
            DBName=Ref(db_name_param),
            AllocatedStorage=20,
            DBInstanceClass='db.t2.micro',
            Engine='MySQL',
            EngineVersion='5.7.21',
            MasterUsername=Ref(db_user_param),
            MasterUserPassword=Ref(db_pass_param),
            VPCSecurityGroups=[GetAtt(db_security_group, "GroupId")],
        ))

    template.add_output([
        Output(
            'InstanceDnsName',
            Description='PublicDnsName',
            Value=GetAtt(ec2_instance, 'PublicDnsName'),
        ),
        Output(
            'DatabaseDnsName',
            Description='DBEndpoint',
            Value=GetAtt(db_instance, 'Endpoint.Address'),
        ),
    ])

    print(template.to_yaml())
    def create_wordpress_environment(self):

        template = Template()
        template.add_version('2010-09-09')
        
        # Wordpress preparation: format vpc name and split private and public subnets in two lists
       
        vpc_name_formatted = ''.join(
            e for e in self.private_vpc_name if e.isalnum()).capitalize()

        filter_private_subnets = filter(lambda x : x["type"] == "private", self.private_vpc_subnets)
        filter_public_subnets = filter(lambda x : x["type"] == "public", self.private_vpc_subnets)

        private_subnets = []
        for subnet in filter_private_subnets:
            subnet_name_formatted = ''.join(e for e in subnet["name"] if e.isalnum()).capitalize()

            private_subnets.append(ImportValue("{}{}{}SubnetId".format(self.stage, vpc_name_formatted, subnet_name_formatted)))

        public_subnets = []
        for subnet in filter_public_subnets:
            subnet_name_formatted = ''.join(e for e in subnet["name"] if e.isalnum()).capitalize()

            public_subnets.append(ImportValue("{}{}{}SubnetId".format(self.stage, vpc_name_formatted, subnet_name_formatted)))

        # Instances Security Groups

        web_dmz_security_group = template.add_resource(
            SecurityGroup(
                "{}WebDMZSecurityGroup".format(self.stage),
                GroupName="{}webdmz-sg".format(self.stage),
                VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)),
                GroupDescription="Enables external http access to EC2 instance(s) that host the webpages",
                SecurityGroupIngress=[
                    SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort="80",
                        ToPort="80",
                        CidrIp="0.0.0.0/0",
                    ),
                    SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort="22",
                        ToPort="22",
                        SourceSecurityGroupId=ImportValue("{}BastionHostSecurityGroupID".format(self.stage))
                    )
                ]
            )
        )

        rds_private_security_group = template.add_resource(
            SecurityGroup(
                "{}RdsPrivateSecurityGroup".format(self.stage),
                GroupName="{}rds-private-sg".format(self.stage),
                VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)),
                GroupDescription="Allow access to the mysql port from the webservers",
                SecurityGroupIngress=[
                    SecurityGroupRule(
                        IpProtocol="tcp",
                        FromPort=self.database_port,
                        ToPort=self.database_port,
                        SourceSecurityGroupId=Ref(web_dmz_security_group)
                    )
                ]
            )
        )

        # S3 Buckets for wordpress content

        bucket_wordpress_code = template.add_resource(
            Bucket(
                "{}BucketWordpressCode".format(self.stage),
                BucketName="{}-wordpress-code".format(self.stage),
                AccessControl=Private
            )
        )

        bucket_wordpress_media_assets = template.add_resource(
            Bucket(
                "{}BucketWordpressMediaAssets".format(self.stage),
                BucketName="{}-wordpress-media-assets".format(self.stage),
                AccessControl=Private
            )
        )

        # Database Instance to store wordpress data

        rds_subnet_group = template.add_resource(
            DBSubnetGroup(
                "{}PrivateRDSSubnetGroup".format(self.stage),
                DBSubnetGroupName="{}private-rds-subnet-group".format(self.stage),
                DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
                SubnetIds=private_subnets
            )
        )

        template.add_resource(
            DBInstance(
                "{}RdsInstance".format(self.stage),
                DBInstanceIdentifier="{}RdsInstance".format(self.stage),
                DBName=self.database_name,
                AllocatedStorage="20",
                DBInstanceClass=self.database_instance_class,
                Engine=self.database_engine,
                EngineVersion=self.database_engine_version,
                MasterUsername=self.database_username,
                MasterUserPassword=self.database_password,
                Port=self.database_port,
                BackupRetentionPeriod=0,
                MultiAZ=self.database_multiaz,
                DBSubnetGroupName=Ref(rds_subnet_group),
                VPCSecurityGroups=[Ref(rds_private_security_group)],
                Tags=Tags(
                    Name=self.database_name_tag
                )
            )
        )

        # Cloudfront Distribution to load images

        cloudfront_origin_access_identity = template.add_resource(
            CloudFrontOriginAccessIdentity(
                "{}CloudfrontOriginAccessIdentity".format(self.stage),
                CloudFrontOriginAccessIdentityConfig=CloudFrontOriginAccessIdentityConfig(
                    "{}CloudFrontOriginAccessIdentityConfig".format(self.stage),
                    Comment="WordPress Origin Access Identity"
                )
            )
        )

        template.add_resource(BucketPolicy(
            "{}BucketWordpressMediaAssetsPolicy".format(self.stage),
            Bucket=Ref(bucket_wordpress_media_assets),
            PolicyDocument={
                "Version": "2008-10-17",
                "Id": "PolicyForCloudFrontPrivateContent",
                "Statement": [
                    {
                        "Sid": "1",
                        "Effect": "Allow",
                        "Principal": {
                            "CanonicalUser": GetAtt(cloudfront_origin_access_identity, 'S3CanonicalUserId')
                        },
                        "Action": "s3:GetObject",
                        "Resource": "arn:aws:s3:::{}-wordpress-media-assets/*".format(self.stage)
                    }
                ]
            }
        ))

        cloudfront_distribution = template.add_resource(
            Distribution(
                "{}CloudfrontDistribution".format(self.stage),
                DistributionConfig=DistributionConfig(
                    Origins=[
                        Origin(
                            Id="MediaAssetsOrigin",
                            DomainName=GetAtt(bucket_wordpress_media_assets, 'DomainName'),
                            S3OriginConfig=S3Origin(
                                OriginAccessIdentity=Join("", [
                                    "origin-access-identity/cloudfront/",
                                    Ref(cloudfront_origin_access_identity)
                                ])
                            )
                        )
                    ],
                    DefaultCacheBehavior=DefaultCacheBehavior(
                        TargetOriginId="MediaAssetsOrigin",
                        ForwardedValues=ForwardedValues(
                            QueryString=False
                        ),
                        ViewerProtocolPolicy="allow-all"
                    ),
                    Enabled=True,
                    HttpVersion='http2'
                )
            )
        )

        # Wordpress EC2 Instances
        
        ''' 
            EC2 Instances types:
                Write node = To make changes to your blog. E.g: add new posts
                Read Nodes = Instances open to the internet for blog reading
        '''

        wordpress_ec2_role = template.add_resource(
            Role(
                "{}WordPressEC2InstanceRole".format(self.stage),
                RoleName="{}WordPressEC2InstanceRole".format(self.stage),
                Path="/",
                AssumeRolePolicyDocument={"Statement": [{
                    "Effect": "Allow",
                    "Principal": {
                        "Service": ["ec2.amazonaws.com"]
                    },
                    "Action": ["sts:AssumeRole"]
                }]},
                Policies=[
                    Policy(
                        PolicyName="S3FullAccess",
                        PolicyDocument={
                            "Statement": [{
                                "Effect": "Allow",
                                "Action": "s3:*",
                                "Resource": "*"
                            }],
                        }
                    )
                ]
            )
        )

        spotfleetrole = template.add_resource(
            Role(
                "{}spotfleetrole".format(self.stage),
                AssumeRolePolicyDocument={
                    "Statement": [
                        {
                            "Action": "sts:AssumeRole",
                            "Principal": {
                                "Service": "spotfleet.amazonaws.com"
                            },
                            "Effect": "Allow",
                            "Sid": ""
                        }
                    ],
                    "Version": "2012-10-17"
                },
                ManagedPolicyArns=[
                    "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole"
                ]
            )
        )

        ec2_instance_profile = template.add_resource(
            InstanceProfile(
                "{}WriteWordpressEc2InstanceProfile".format(self.stage),
                Roles=[Ref(wordpress_ec2_role)]
            )
        )

        template.add_resource(
            SpotFleet(
                "{}WriteWordpressEc2Instance".format(self.stage),
                SpotFleetRequestConfigData=SpotFleetRequestConfigData(
                    AllocationStrategy="lowestPrice",
                    IamFleetRole=GetAtt(spotfleetrole,"Arn"),
                    LaunchSpecifications=[LaunchSpecifications(
                        IamInstanceProfile=IamInstanceProfile(
                            Arn=GetAtt(ec2_instance_profile, "Arn")
                        ),
                        ImageId=self.write_instance_image_id,
                        InstanceType=self.write_instance_type,
                        KeyName=self.write_instance_key_name,
                        SecurityGroups=[SecurityGroups(GroupId=Ref(web_dmz_security_group))],
                        SubnetId=next(iter(public_subnets)),
                        UserData=Base64(
                            Join("", [
                                """ #!/bin/bash
                                yum install httpd php php-mysql -y
                                cd /var/www/html
                                echo \"healthy\" > healthy.html
                                wget https://wordpress.org/latest.tar.gz
                                tar -xzf latest.tar.gz
                                cp -r wordpress/* /var/www/html/
                                rm -rf wordpress
                                rm -rf latest.tar.gz
                                chmod -R 755 wp-content
                                chown -R apache:apache wp-content
                                echo -e 'Options +FollowSymlinks \nRewriteEngine on \nrewriterule ^wp-content/uploads/(.*)$ http://""",
                                GetAtt(cloudfront_distribution, 'DomainName'),
                                """/$1 [r=301,nc]' > .htaccess
                                chkconfig httpd on
                                cd /var/www
                                sudo chown -R apache /var/www/html
                                cd html/
                                sudo find . -type d -exec chmod 0755 {} \;
                                sudo find . -type f -exec chmod 0644 {} \;
                                sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
                                sed -i 's/AllowOverride none/AllowOverride All/g' /etc/httpd/conf/httpd.conf
                                echo -e "*/1 * * * * root aws s3 sync --delete /var/www/html s3://""",
                                Ref(bucket_wordpress_code),
                                """">> /etc/crontab 
                                echo -e "*/1 * * * * root aws s3 sync --delete /var/www/html/wp-content/uploads s3://""",
                                Ref(bucket_wordpress_media_assets),
                                """">> /etc/crontab
                                service httpd start
                                """
                            ])
                        )
                    )],
                    TargetCapacity=1,
                    Type="request"
                )
            )
        )

        template.add_resource(
            LaunchConfiguration(
                "{}WordPressReadLaunchConfiguration".format(self.stage),
                InstanceType=self.read_instance_type,
                ImageId=self.read_instance_image_id,
                KeyName=self.read_instance_key_name,
                LaunchConfigurationName="{}-wordpress-launch-config".format(self.stage),
                SecurityGroups=[Ref(web_dmz_security_group)],
                IamInstanceProfile=Ref(ec2_instance_profile),
                SpotPrice="0.5",
                UserData=Base64(
                    Join("", [
                        """ #!/bin/bash
                        yum install httpd php php-mysql -y
                        cd /var/www/html
                        echo \"healthy\" > healthy.html
                        wget https://wordpress.org/latest.tar.gz
                        tar -xzf latest.tar.gz
                        cp -r wordpress/* /var/www/html/
                        rm -rf wordpress
                        rm -rf latest.tar.gz
                        chmod -R 755 wp-content
                        chown -R apache:apache wp-content
                        echo -e 'Options +FollowSymlinks \nRewriteEngine on \nrewriterule ^wp-content/uploads/(.*)$ http://""",
                        GetAtt(cloudfront_distribution, 'DomainName'),
                        """/$1 [r=301,nc]' > .htaccess
                        chkconfig httpd on
                        cd /var/www
                        sudo chown -R apache /var/www/html
                        cd html/
                        sudo find . -type d -exec chmod 0755 {} \;
                        sudo find . -type f -exec chmod 0644 {} \;
                        sed -i 's/AllowOverride None/AllowOverride All/g' /etc/httpd/conf/httpd.conf
                        sed -i 's/AllowOverride none/AllowOverride All/g' /etc/httpd/conf/httpd.conf
                        echo -e "*/1 * * * * root aws s3 sync --delete s3://""",
                        Ref(bucket_wordpress_code),
                        """ /var/www/html">> /etc/crontab 
                        echo -e "*/1 * * * * root aws s3 sync --delete s3://""",
                        Ref(bucket_wordpress_media_assets),
                        """/var/www/html/wp-content/uploads">> /etc/crontab
                        service httpd start
                        """
                    ])
                )
            )
        )

        alb = template.add_resource(
            LoadBalancer(
                "{}ApplicationLoadBalancer".format(self.stage),
                Name="{}-wordpress-alb".format(self.stage),
                SecurityGroups=[Ref(web_dmz_security_group)],
                Subnets=public_subnets,
                Type="application"
            )
        )

        target_group = template.add_resource(
            TargetGroup(
                "{}TargetGroup".format(self.stage),
                Name="{}-wordpress-target-group".format(self.stage),
                Port=80,
                Protocol="HTTP",
                VpcId=ImportValue("{}{}VpcId".format(self.stage,vpc_name_formatted)),
                HealthCheckPort=8080
            )
        )

        template.add_resource(
            AutoScalingGroup(
                "{}AutoScalingGroup".format(self.stage),
                DependsOn="{}WordPressReadLaunchConfiguration".format(self.stage),
                AutoScalingGroupName="{}-wordpress-auto-scaling".format(self.stage),
                LaunchConfigurationName="{}-wordpress-launch-config".format(self.stage),
                TargetGroupARNs=[Ref(target_group)],
                MaxSize="3",
                MinSize="1",
                VPCZoneIdentifier=public_subnets,
                Tags=[
                    Tag("Name", "{}-wordpress-read-node".format(self.stage), True)
                ]
            )
        )

        template.add_resource(
            Listener(
                "ALBListener",
                DefaultActions=[
                    Action(
                        TargetGroupArn=Ref(target_group), 
                        Type="forward"
                    )
                ],
                LoadBalancerArn=Ref(alb),
                Port=80,
                Protocol="HTTP"
            )
        )

        f = open("modules/template_wordpress.yaml", 'w')
        print(template.to_yaml(), file=f)
Esempio n. 31
0
        DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
        SubnetIds=Ref(subnet),
    ))

myvpcsecuritygroup = t.add_resource(
    SecurityGroup("myVPCSecurityGroup",
                  GroupDescription="Security group for RDS DB Instance.",
                  VpcId=Ref(vpcid)))

mydb = t.add_resource(
    DBInstance(
        "MyDB",
        DBName=Ref(dbname),
        AllocatedStorage=Ref(dballocatedstorage),
        DBInstanceClass=Ref(dbclass),
        Engine="MySQL",
        EngineVersion="5.5",
        MasterUsername=Ref(dbuser),
        MasterUserPassword=Ref(dbpassword),
        DBSubnetGroupName=Ref(mydbsubnetgroup),
        VPCSecurityGroups=[Ref(myvpcsecuritygroup)],
    ))

t.add_output(
    Output("JDBCConnectionString",
           Description="JDBC connection string for database",
           Value=Join("", [
               "jdbc:mysql://",
               GetAtt("MyDB", "Endpoint.Address"),
               GetAtt("MyDB", "Endpoint.Port"), "/",
               Ref(dbname)
           ])))
Esempio n. 32
0
        Description='Security Group to use for Postgres',
    ))

subnet_group = template.add_resource(
    DBSubnetGroup(
        'SubnetGroup',
        DBSubnetGroupDescription='Subnets group for Postgres Instance',
        SubnetIds=[Ref(subnet_az_1), Ref(subnet_az_2)]))

rds_postgres = template.add_resource(
    DBInstance('DB',
               DBInstanceIdentifier='dev-db',
               DBName='dev',
               DBInstanceClass='db.t2.micro',
               AllocatedStorage='10',
               Engine='postgres',
               EngineVersion='9.6.3',
               MasterUsername=Ref(master_user),
               MasterUserPassword=Ref(master_user_password),
               DBSubnetGroupName=Ref(subnet_group),
               VPCSecurityGroups=[Ref(security_group)],
               PubliclyAccessible=True))

# Outputs
template.add_output([
    Output('RDSPostgres',
           Description='RDS Postgres Instance',
           Value=Ref(rds_postgres)),
    Output('RDSPostgresEndpointAddress',
           Description='RDS Postgres Instance',
           Value=GetAtt(rds_postgres, 'Endpoint.Address')),
    Output('RDSPostgresEndpointPort',