def create_cft(): """Creates the CFT""" template = Template() template.add_version("2010-09-09") template.add_description( "AWS CloudFormation Template: Redshift cluster in a VPC") # Parameters for param in parameters: template.add_parameter(param) # Conditions for condition in conditions: template.add_condition(condition, conditions[condition]) # Custom lookups template.add_resource(subnet_info) template.add_resource(sg_info) # Security Group template.add_resource(securitygroup) # Redshift components for item in redshift_resources: template.add_resource(item) # Outputs for output in outputs: template.add_output(output) return template
def main(argv): # Set up a blank template t = Template() # Add description t.add_description("RDS Database") # Add all defined input parameters to template for p in parameters.values(): t.add_parameter(p) t.add_condition("InstallPostgis", Not(Equals(Ref("ProvisionStackName"), ""))) t.add_resource(gen_postgis_provisioner()) # Create instance and security group add to template t.add_resource(gen_sg()) for resource in gen_rds_db(service_name): t.add_resource(resource) t.add_output( Output("ConnectionString", Description="Connection string for database", Value=Join("", [GetAtt("DB", "Endpoint.Address"), Ref("DB")]))) # Convert template to json template = (t.to_json()) # Print template to console (for debugging) and write to file print(template) write_to_file(template)
def template(): t = Template() for p in parameters.values(): t.add_parameter(p) for k in conditions: t.add_condition(k, conditions[k]) for r in resources.values(): t.add_resource(r) return t
def template(**kwargs): """ Args: Returns: template Template() """ template = Template() release = template.add_parameter( Parameter('ReleaseNewAlias', Type="String", AllowedValues=['Yes', 'No'], Default='No')) release_condition = template.add_condition( 'ReleaseAlias', {'ReleaseAlias': Equals(Ref(release), 'Yes')}) function = template.add_resource(lambda_function(**kwargs)) version = template.add_resource( Version('LambdaVersion', FunctionName=GetAtt(function, 'Arn'))) alias = template.add_resource( Alias('LambdaAlias', Name='prod', DependsOn=[release_condition], Description=Sub(f'Alias to version ${{{version.title}.Arn}}'), FunctionName=Ref(function), FunctionVersion=Ref(version))) template.add_output(object_outputs(function, True)) template.add_output(object_outputs(version, True)) return template
def generate_template(accountalarms, configrules, s3bucket, s3key): parameters = [] maps = [] resources = [] outputs = [] conditions = {} resources, outputs = add_sns_topic(resources, outputs) for item in accountalarms: if item['Type'].strip() == 'CloudTrail': resources = add_cloudwatch_metric(resources, item) resources = add_cloudwatch_alarm(resources, item) resources, outputs = add_lambda_function(resources, outputs, s3bucket, s3key) for item in configrules: resources = add_config_rule(resources, item) template = Template() template.add_version('2010-09-09') template.add_description( "This is an AWS CloudFormation template that provisions metric filters" " based on a spreadsheet of applicable metric filters." " ***WARNING*** " "This template creates many Amazon CloudWatch alarms based on a Amazon" " CloudWatch Logs Log Group. You will be billed for the AWS resources " "used if you create a stack from this template." ) [template.add_parameter(p) for p in parameters] [template.add_condition(k, conditions[k]) for k in conditions] [template.add_resource(r) for r in resources] [template.add_output(o) for o in outputs] return template
ConstraintDescription="Can contain only ASCII characters.", Type="AWS::EC2::KeyPair::KeyName", Description="Name of an existing EC2 KeyPair to enable SSH access to the instance", )) AmbariUseEBS = t.add_parameter(Parameter( "AmbariUseEBS", Default="no", ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Ambari Node", AllowedValues=["yes", "no"], )) AmbariUseEBSBool = t.add_condition("AmbariUseEBSBool", Equals(Ref(AmbariUseEBS),"yes")) t.add_mapping("SubnetConfig", {'Public': {'CIDR': '10.0.0.0/24'}, 'VPC': {'CIDR': '10.0.0.0/16'}} ) t.add_mapping("CENTOS7", { "eu-west-1": {"AMI": "ami-33734044"}, "ap-southeast-1": {"AMI": "ami-2a7b6b78"}, "ap-southeast-2": {"AMI": "ami-d38dc6e9"}, "eu-central-1": {"AMI": "ami-e68f82fb"}, "ap-northeast-1": {"AMI": "ami-b80b6db8"}, "us-east-1": {"AMI": "ami-61bbf104"}, "sa-east-1": {"AMI": "ami-fd0197e0"}, "us-west-1": {"AMI": "ami-f77fbeb3"}, "us-west-2": {"AMI": "ami-d440a6e7"}
domain_name = Join('.', [Ref(param_label), Ref(param_hosted_zone_name)]) acm_cert = template.add_resource( custom_resources.acm.DnsValidatedCertificate( "AcmCert", Region='us-east-1', # Api gateway is in us-east-1 DomainName=domain_name, Tags=GetAtt(cloudformation_tags, 'TagList'), )) template.add_output( Output( "AcmCertDnsRecords", Value=GetAtt(acm_cert, "DnsRecords"), )) use_cert_cond = template.add_condition('UseCert', Equals(Ref(param_use_cert), 'yes')) # Create an entry in the domain-table, so this domain is listed in the Authorizer template.add_resource( custom_resources.dynamodb.Item( "AuthorizedDomain", TableName=ImportValue( Join('-', [Ref(param_authorizer_param_stack), "DomainTable"])), ItemKey={"domain": { "S": domain_name }}, )) # Create an entry in the group-table template.add_resource( custom_resources.dynamodb.Item(
Type="AWS::EC2::KeyPair::KeyName", Description= "Name of an existing EC2 KeyPair to enable SSH access to the instance", )) UseEBS = t.add_parameter( Parameter( "UseEBS", Default="no", ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Worker Node", AllowedValues=["yes", "no"], )) UseEBSBool = t.add_condition("UseEBSBool", Equals(Ref(UseEBS), "yes")) t.add_mapping("SubnetConfig", { 'Public': { 'CIDR': '10.0.0.0/24' }, 'VPC': { 'CIDR': '10.0.0.0/16' } }) t.add_mapping( "RHEL66", { 'ap-northeast-1': { 'AMI': 'ami-a15666a0' },
param_retire_days = t.add_parameter( Parameter( 'RetireInDays', Description= 'Days before retire current object, set to 0 disables retirement', Type='Number', Default=3650, MinValue=90, MaxValue=3650, )) # # Condition # t.add_condition('HasBucketName', Not(Equals(Ref(param_bucket_name), ''))) t.add_condition('ChinaRegionCondition', Equals(Ref(AWS_REGION), 'cn-north-1')) # # Resource # bucket = t.add_resource( s3.Bucket( 'Bucket', BucketName=If('HasBucketName', Ref(param_bucket_name), Ref(AWS_NO_VALUE)), LifecycleConfiguration=s3.LifecycleConfiguration(Rules=[ # Add a rule to s3.LifecycleRule(
MEMBER_ACCOUNT_ID = "5678" MEMBER_ACCOUNT_EMAIL = "*****@*****.**" t = Template() t.add_description( "GuardDuty example deployment for master and member accounts") member_invitation = t.add_parameter( Parameter( "MemberInvitation", Type="String", Description= "Invitation ID for member account, leave empty on master account")) t.add_condition("IsMaster", Equals(Ref(AWS_ACCOUNT_ID), MASTER_ACCOUNT_ID)) t.add_condition("IsMember", Not(Condition("IsMaster"))) detector = t.add_resource(guardduty.Detector("Detector", Enable=True)) master = t.add_resource( guardduty.Master( "Master", Condition="IsMember", DetectorId=Ref(detector), MasterId=MASTER_ACCOUNT_ID, InvitationId=Ref(member_invitation), )) # You can create multiple members if you have multiple members accounts member = t.add_resource(
'us-west-2': { 'AMI': 'ami-16fd7026' }, 'eu-west-1': { 'AMI': 'ami-24506250' }, 'sa-east-1': { 'AMI': 'ami-3e3be423' }, 'ap-southeast-1': { 'AMI': 'ami-74dda626' }, 'ap-northeast-1': { 'AMI': 'ami-dcfa4edd' } }) c_is_prod = t.add_condition('IsProduction', Equals(Ref('Environment'), 'true')) #t.set_transform('AWS::Serverless-2016-10-31') r_vpc = t.add_resource( ec2.VPC('VPC', Condition=c_is_prod, CidrBlock='10.0.0.0/24')) t.add_output( Output('VPCId', Value=Ref(r_vpc), Description='VPC Id', Export=Export(Sub('${AWS::StackName}-' + r_vpc.title)))) print(t.to_yaml())
), Parameter( 'Three', Type='String', ), Parameter( 'Four', Type='String', ), Parameter( 'SshKeyName', Type='String', ) ]) t.add_condition('OneEqualsFoo', Equals(Ref('One'), 'Foo')) t.add_condition('NotOneEqualsFoo', Not(Condition('OneEqualsFoo'))) t.add_condition('BarEqualsTwo', Equals('Bar', Ref('Two'))) t.add_condition('ThreeEqualsFour', Equals(Ref('Three'), Ref('Four'))) t.add_condition('OneEqualsFooOrBarEqualsTwo', Or(Condition('OneEqualsFoo'), Condition('BarEqualsTwo'))) t.add_condition('OneEqualsFooAndNotBarEqualsTwo', And(Condition('OneEqualsFoo'), Not(Condition('BarEqualsTwo')))) t.add_condition( 'OneEqualsFooAndBarEqualsTwoAndThreeEqualsPft',
class Stack(StackConfig): ''' main stack object ''' def __init__(self, stack_object): self.config = stack_object.config self.template = Template() self.sec_groups = self.__sec_groups_constructor() self.capabilities = [] @staticmethod def __tag_role_generator(role, extra_roles): extra_tags = Tags(**{ role: '', }) if len(extra_roles) > 0: for i in extra_roles: extra_tags += Tags(**{ i: '', }) return extra_tags # handle the case for references to static sec groups and also when they don't exist. def __sec_groups_constructor(self): default_sec_groups = [] default_sec_groups.extend( (ImportValue(self.config['monitoring_security_group_export_name']), ImportValue(self.config['admin_security_group_export_name']))) return default_sec_groups def __tag_elb_role_generator(self): role = self.config['apps'].values()[0].get("role", '') return Tags(Role=role, env=Ref("DeploymentEnvironment")) def __tag_as_role_generator(self, common_tags): copy_common_tags = copy.copy(common_tags) role = self.config['apps'].values()[0].get("role", '') extra_roles = self.config['apps'].values()[0].get("extra_roles", '') extra_tags = AsTags(**{ role: '', }) if len(extra_roles) > 0: for i in extra_roles: extra_tags += AsTags(**{ i: '', }) other_tags = AsTags(Name=Ref("AWS::StackName"), Role=role) all_tags = extra_tags + other_tags + copy_common_tags return all_tags @staticmethod def __loaduserdata(filename, as_name): data = [] mydir = os.path.dirname(os.path.abspath(__file__)) relative_path = os.path.join(mydir, '..', "data") try: with open(os.path.join(relative_path, filename), 'r') as f: for line in f: if line.strip('\n\r ') == '': continue # some funkiness below. Needs to substitute AS group name, since in a case of multiple groups # can't rely on a static value. line = MyTemplate(line) line = line.substitute({'as_name': as_name}) line = Sub(line) data.append(line) except IOError: print "User data file could not be found" exit() return Base64(Join('', data)) def process_config(self, common_tags, default_size=None, alb_secgroups=None): # This function will be changed significantly once we start using the new_elb_ # adder/target_adder function in favor of the classic ELB for k, v in self.config['apps'].iteritems(): instance_list = [] for index in xrange(v['count']): instance_list.append( self.instance_adder(k, v.get('size', default_size), v['ami_id'], v.get('role', k), v.get('extra_roles', []), index, common_tags, v.get('user_data', False))) if 'elb' in v: self.elb_adder(k, instance_list, Ref("Hostname")) if 'alb' in v: if alb_secgroups is None: print "You need to pass a list of ALB Security Groups if alb is on" quit() alb.Alb(self.template, self.config, instance_list, alb_secgroups) self.dns_adder(v.get("dns", None), "ApplicationLoadBalancer") def description(self, description, version='2010-09-09'): self.template.add_description(description) self.template.add_version(version) def print_template(self): output = self.template.to_json() print output def instance_adder(self, name, size, ami_id, role, extra_roles, index, common_tags, user_data_file=False): instance_sec_group = name + "group" instance_sec_group = instance_sec_group.translate(None, '_') instance_id = ''.join(ch for ch in name if ch.isalnum()) + str(index) instance = None extra_tags = self.__tag_role_generator(role, extra_roles) userdata = "" instance_name = Join("", [Ref("AWS::StackName"), str(index)]) app_config = self.config['apps'].values()[0] if user_data_file: userdata = self.__loaduserdata(user_data_file) blockmap = self.__generate_blockmap() instance = self.template.add_resource( ec2.Instance( instance_id, ImageId=FindInMap("RegionMap", Ref("AWS::Region"), ami_id), KeyName=self.config['keyname'], Tags=common_tags + Tags(Name=instance_name, Role=role) + extra_tags, IamInstanceProfile=self.config['iam_role'], SecurityGroupIds=[ Ref(instance_sec_group), ImportValue( self.config['monitoring_security_group_export_name']), ImportValue( self.config['admin_security_group_export_name']) ], InstanceType=size, SubnetId=random.choice(self.config['subnets']), UserData=userdata, BlockDeviceMappings=blockmap)) if 'dns_host' in app_config and app_config['dns_host']: self.host_dns_adder(instance_name, instance_id) return instance def dns_adder(self, dns, elbid): dns_record_id = "DNS" + str(elbid) self.template.add_resource( RecordSetType( dns_record_id, HostedZoneName=Join("", [Ref("BaseURL"), "."]), Name=Join("", [dns, ".", Ref("BaseURL"), "."]), Type="CNAME", TTL="900", ResourceRecords=[GetAtt(elbid, "DNSName")], )) def host_dns_adder(self, dns, instanceid): dns_record_id = "DNS" + str(instanceid) self.template.add_resource( RecordSetType( dns_record_id, HostedZoneName=Join("", [Ref("BaseURL"), "."]), Name=Join("", [dns, ".", Ref("BaseURL"), "."]), Type="A", TTL="600", ResourceRecords=[GetAtt(instanceid, "PrivateIp") ], # PrivateIP PrivateDnsName )) def elb_adder(self, name, instance_list, dns): ports = self.config['apps'].values()[0].get("ports", None) elb_type = self.config['apps'].values()[0].get("type", 'internet-facing') elb_check_type = self.config['apps'].values()[0].get( "elb_check_type", 'TCP') elb_check_path = self.config['apps'].values()[0].get( "elb_check_path", "") if 'HTTP' in elb_check_type.upper() and not elb_check_path: elb_check_path = "/" if instance_list is None: instance_list = [] elb_tags = self.__tag_elb_role_generator() elb_id = ''.join(ch for ch in name if ch.isalnum()) elb_sec_group = name + "_group" elb_sec_group = elb_sec_group.translate(None, '_') elasticlb = self.template.add_resource( elb.LoadBalancer( elb_id, Subnets=self.config['public_subnets'], Scheme=elb_type, LoadBalancerName=Join( "", [Ref("AWS::StackName"), '-', random.randint(1, 999)]), SecurityGroups=[Ref(elb_sec_group)], LBCookieStickinessPolicy=[ elb.LBCookieStickinessPolicy( PolicyName='LBCookeStickinessPolicy', ) ], ConnectionDrainingPolicy=elb.ConnectionDrainingPolicy( Enabled=True, Timeout=300, ), CrossZone=True, Instances=[Ref(r) for r in instance_list], Tags=elb_tags)) elasticlb.Listeners = [ elb.Listener(LoadBalancerPort="80", InstancePort=Ref("WebServerPort"), Protocol="HTTP", PolicyNames=['LBCookeStickinessPolicy']), elb.Listener( LoadBalancerPort="443", InstancePort=Ref("WebServerPort"), Protocol="HTTPS", SSLCertificateId=Ref("CertName"), PolicyNames=['LBCookeStickinessPolicy'], ) ] elasticlb.HealthCheck = elb.HealthCheck(Target=Join( "", [elb_check_type.upper(), ":", ports, elb_check_path]), HealthyThreshold="3", UnhealthyThreshold="5", Interval="30", Timeout="5") if dns: self.dns_adder(dns, elb_id) return elasticlb def autoscaling_adder(self, common_tags, min_size, max_size, min_in_service, image_id, instance_size, sec_groups, health_check_type='EC2', loadbalancer=False, keyname=None, targetgroup=False, user_data_file=False): lc_name = "LaunchConfiguration" + str(random.randint(1, 999)) as_name = "AutoScalingGroup" + str(random.randint(1, 999)) if keyname is None: keyname = self.config['keyname'] if user_data_file: userdata = self.__loaduserdata(user_data_file, as_name) else: userdata = self.__loaduserdata("default_userdata.txt", as_name) as_group_tags = self.__tag_as_role_generator(common_tags) blockmap = self.__generate_blockmap() lc_groups = copy.copy(self.sec_groups) lc_groups.append(Ref(sec_groups)) launch_config = self.template.add_resource( LaunchConfiguration(lc_name, ImageId=image_id, KeyName=keyname, InstanceType=instance_size, SecurityGroups=lc_groups, IamInstanceProfile=self.config['iam_role'], UserData=userdata, BlockDeviceMappings=blockmap)) as_group = autoscalinggroup = AutoScalingGroup( as_name, Tags=as_group_tags, LaunchConfigurationName=Ref(lc_name), MinSize=Ref(min_size), MaxSize=Ref(max_size), VPCZoneIdentifier=self.config['subnets'], HealthCheckType=health_check_type, DependsOn=lc_name, CreationPolicy=CreationPolicy( AutoScalingCreationPolicy=AutoScalingCreationPolicy( MinSuccessfulInstancesPercent=80), ResourceSignal=ResourceSignal(Count=1, Timeout='PT10M')), UpdatePolicy=UpdatePolicy( AutoScalingReplacingUpdate=AutoScalingReplacingUpdate( WillReplace=False, ), AutoScalingScheduledAction=AutoScalingScheduledAction( IgnoreUnmodifiedGroupSizeProperties=True, ), AutoScalingRollingUpdate=AutoScalingRollingUpdate( MaxBatchSize="2", MinInstancesInService=Ref(min_in_service), MinSuccessfulInstancesPercent=80, PauseTime='PT10M', WaitOnResourceSignals=True, SuspendProcesses=[ "ReplaceUnHealthy, AZRebalance, AlarmNotifications, " "ScheduledActions, HealthCheck" ]))) if loadbalancer: autoscalinggroup.LoadBalancerNames = loadbalancer if targetgroup: autoscalinggroup.TargetGroupARNs = [targetgroup] self.template.add_resource(autoscalinggroup) # getting a litte funky below. Only reason is to be able to do overrides for k8s. Probably will need to be # revisited as_lc = collections.namedtuple('aslc', 'as_group,launch_config')(as_group, launch_config) return as_lc def rds_adder(self, instance_identifier, allocated_storage, db_subnet_group, rds_group, db_size, db_name='MyDB', storage_type='gp2', engine_version='5.5.40a', storage_engine='MySQL', publicly_accessible=False): db_names = '' db_asf = (db_name.upper(), 'DNS') if publicly_accessible is False: publicly_accessible = "false" else: publicly_accessible = "true" dbinstance = rds.DBInstance( db_name, DBInstanceIdentifier=instance_identifier, Engine=storage_engine, EngineVersion=engine_version, MasterUsername=If("NotRestoringFromSnapshot", Ref("RDSDBUser"), Ref("AWS::NoValue")), MasterUserPassword=If("NotRestoringFromSnapshot", Ref("RDSDBPassword"), Ref("AWS::NoValue")), AllocatedStorage=allocated_storage, DBSnapshotIdentifier=If("NotRestoringFromSnapshot", Ref("AWS::NoValue"), Ref("RDSSnapshot")), StorageType=storage_type, DBSubnetGroupName=db_subnet_group, PubliclyAccessible=publicly_accessible, VPCSecurityGroups=rds_group, DBInstanceClass=db_size, StorageEncrypted=If("NotRestoringFromSnapshot", True, Ref("AWS::NoValue"))) dbdnsrecord = RecordSetType( db_names.join(db_asf), HostedZoneName=Join("", [Ref("RDSDNSDomain"), "."]), Name=Join("", [Ref("RDSDNSName"), ".", Ref("RDSDNSDomain"), "."]), Type="CNAME", TTL="900", ResourceRecords=[GetAtt(dbinstance, "Endpoint.Address")], ) self.template.add_resource(dbinstance) self.template.add_resource(dbdnsrecord) # these are very similar functions below. One handles the general rules and another one handles self-refrencing ones. # this could be handled in one function, but would require some funky stuff around conditionals and use of AWS::NoValue. # it's a cleaner implementation this way. @staticmethod def rule_adder(fromport, toport=None, cidr='0.0.0.0/0', protocol='TCP', sourcegroupid=Ref("AWS::NoValue")): if toport is None: toport = fromport rule = ec2.SecurityGroupRule(IpProtocol=protocol, FromPort=fromport, ToPort=toport, CidrIp=cidr, SourceSecurityGroupId=sourcegroupid) return rule def rule_adder_self(self, group, fromport, toport=None, protocol='TCP'): """ This function exits to create self-referencing security groups. """ if toport is None: toport = fromport rule = ec2.SecurityGroupIngress("IngressRule", IpProtocol=protocol, FromPort=fromport, ToPort=toport, SourceSecurityGroupId=Ref(group), GroupId=Ref(group)) self.template.add_resource(rule) def group_adder(self, group_name, rules, description=None): group_tags = Tags(Name=group_name) if description is None: description = "Security Group for {0} Access".format(group_name) group = ec2.SecurityGroup(group_name, GroupDescription=description, SecurityGroupIngress=rules, VpcId=self.config['vpcid'], Tags=group_tags) self.template.add_resource(group) def redis_adder(self, name, tags, instance_type='cache.m3.medium', nodes=1, version='2.8.24'): rule = self.rule_adder(6379, cidr='10.0.0.0/16') subnetname = Join("", [name, Ref("DeploymentEnvironment")]) self.group_adder("redissg", [rule]) subnetgroup = self.template.add_resource( elasticache.SubnetGroup( "SubnetGroup", CacheSubnetGroupName=subnetname, Description='Subnet Group for ElasticCache Redis {0}'.format( name), SubnetIds=self.config['subnets'])) self.template.add_resource( elasticache.CacheCluster( "CacheCluster", ClusterName=name, Engine='redis', EngineVersion=version, CacheNodeType=instance_type, NumCacheNodes=nodes, Tags=tags, CacheSubnetGroupName=Ref(subnetgroup), VpcSecurityGroupIds=[GetAtt('redissg', "GroupId")], )) redisdnsrecord = RecordSetType( "RedisDNSRecord", HostedZoneName=Join("", [Ref("RedisDNSDomain"), "."]), Name=Join("", [Ref("RedisDNSName"), ".", Ref("RedisDNSDomain"), "."]), Type="CNAME", TTL="900", ResourceRecords=[GetAtt("CacheCluster", "RedisEndpoint.Address")], ) self.template.add_resource(redisdnsrecord) def redis_adder_replcation(self, name, tags, instance_type='cache.m3.medium', cache_clusters=2, version='3.2.4'): rule = self.rule_adder(6379, cidr='10.0.0.0/16') subnetname = Join("", [name, Ref("DeploymentEnvironment")]) self.group_adder("redissg", [rule]) subnetgroup = self.template.add_resource( elasticache.SubnetGroup( "SubnetGroup", CacheSubnetGroupName=subnetname, Description='Subnet Group for ElasticCache Redis {0}'.format( name), SubnetIds=self.config['subnets'])) self.template.add_resource( elasticache.ReplicationGroup( 'RedisReplicationGroup', ReplicationGroupId=name, Engine='redis', EngineVersion=version, CacheNodeType=instance_type, NumCacheClusters=cache_clusters, Tags=tags, CacheSubnetGroupName=Ref(subnetgroup), ReplicationGroupDescription="%s replication group" % name, SecurityGroupIds=[GetAtt('redissg', "GroupId")], )) redisdnsrecord = RecordSetType( "RedisDNSRecord", HostedZoneName=Join("", [Ref("RedisDNSDomain"), "."]), Name=Join("", [Ref("RedisDNSName"), ".", Ref("RedisDNSDomain"), "."]), Type="CNAME", TTL="900", ResourceRecords=[ GetAtt("RedisReplicationGroup", "PrimaryEndPoint.Address") ], ) self.template.add_resource(redisdnsrecord) def elasticsearch_cluster(self, name, ebs=True, voltype='gp2'): es_domain = self.template.add_resource( Domain( name, DomainName=name + 'domain', ElasticsearchClusterConfig=ElasticsearchClusterConfig( DedicatedMasterEnabled=True, InstanceCount=2, ZoneAwarenessEnabled=True, InstanceType=constants.ELASTICSEARCH_M3_MEDIUM, DedicatedMasterType=constants.ELASTICSEARCH_M3_MEDIUM, DedicatedMasterCount=3), EBSOptions=EBSOptions(EBSEnabled=ebs, Iops=0, VolumeSize=20, VolumeType=voltype), SnapshotOptions=SnapshotOptions(AutomatedSnapshotStartHour=0), AccessPolicies={ 'Version': '2012-10-17', 'Statement': [{ 'Effect': 'Allow', 'Principal': { 'AWS': '*' }, 'Action': 'es:*', 'Resource': '*' }] }, AdvancedOptions={ "rest.action.multi.allow_explicit_index": "true" })) return es_domain def glue_db_adder(self, name): self.template.add_resource( glue.Database(name, CatalogId=Ref("AWS::AccountId"), DatabaseInput=glue.DatabaseInput(Name=name))) def glue_table_adder(self, name, db, props): unique_id = re.sub('[^A-Za-z]', '', name) + db table = glue.Table( unique_id, DependsOn=db, CatalogId=Ref("AWS::AccountId"), DatabaseName=db, TableInput=glue.TableInput( Name=name, Parameters=helpers.dictConvert(props.get("params", None)), StorageDescriptor=glue.StorageDescriptor( InputFormat=props.get("descriptor", {}).get("inputFormat", Ref("AWS::NoValue")), OutputFormat=props.get("descriptor", {}).get("outputFormat", Ref("AWS::NoValue")), Location=props.get("descriptor", {}).get("location", Ref("AWS::NoValue")), SerdeInfo=glue.SerdeInfo( SerializationLibrary=props.get("descriptor", {}).get( "SerDe", {}).get("serialization", Ref("AWS::NoValue")), Parameters=helpers.dictConvert( props.get("descriptor", {}).get("SerDe", {}).get("parameters", None)))))) columns = helpers.dictConvert((props.get("descriptor", {}).get("columns", {}))) if isinstance(columns, list): for index, item in enumerate(columns): column = glue.Column(**item) columns[index] = column table.TableInput.StorageDescriptor.Columns = columns self.template.add_resource(table) def kinesis_adder(self, name, shards): kinesis_stream = self.template.add_resource( kinesis.Stream(name, ShardCount=shards)) self.template.add_output( [Output( "kinesisStreamName", Value=Ref(kinesis_stream), )]) def cloudtrail_adder(self, name, bucket, cw_group=Ref("AWS::NoValue"), cw_role_arn=Ref("AWS::NoValue")): trail = cloudtrail.Trail(name, TrailName=name, IsLogging=True, S3BucketName=bucket, S3KeyPrefix=Ref("AWS::AccountId"), CloudWatchLogsLogGroupArn=cw_group, CloudWatchLogsRoleArn=cw_role_arn) self.template.add_resource(trail) return trail def s3_policy_adder(self, name, bucket, policy): self.template.add_resource( s3.BucketPolicy(name, Bucket=bucket, PolicyDocument=policy)) def cloudwatch_log_adder(self, name, metric_filter=None, lambda_name=None): log_group = logs.LogGroup(name, LogGroupName=name) if metric_filter: self.template.add_resource( logs.MetricFilter(name + "filter", DependsOn=name, LogGroupName=name, FilterPattern=metric_filter, MetricTransformations=[ logs.MetricTransformation( name + "transform", MetricName=name, MetricNamespace=name, MetricValue="1") ])) if lambda_name: self.template.add_resource( logs.SubscriptionFilter(name + "subscribe", DependsOn=name, LogGroupName=name, DestinationArn=GetAtt( lambda_name, "Arn"), FilterPattern=metric_filter)) self.template.add_resource(log_group) return log_group def lambda_adder(self, nameref, role, condition, **kwargs): try: lambda_func = awslambda.Function( nameref, DependsOn=role, Code=awslambda.Code(S3Bucket=kwargs['s3_bucket'], S3Key=kwargs['s3_key'], S3ObjectVersion=If(condition, Ref("AWS::NoValue"), Ref("LambdaVersion"))), MemorySize=kwargs['memory'], Role=GetAtt(role, "Arn"), Handler=kwargs['handler'], Timeout=kwargs['timeout'], FunctionName=kwargs['name'], Runtime=kwargs['runtime']) self.template.add_resource(lambda_func) return lambda_func except Exception as e: print e print "have you set all the values in your config file?" def lambda_policy_adder(self, name, principal): self.template.add_resource( awslambda.Permission("LambdaPermissionPolicy", DependsOn=name, Action="lambda:InvokeFunction", FunctionName=name, Principal=principal)) def iam_adder(self, name, managed_policies, role_policy): role = iam.Role(name, AssumeRolePolicyDocument=role_policy, RoleName=name, ManagedPolicyArns=managed_policies) self.template.add_resource(role) return role def iam_policy_adder(self, name, policy): policy = iam.ManagedPolicy(name, ManagedPolicyName=name, PolicyDocument=policy) self.template.add_resource(policy) return policy def cloudfront_adder(self, static_site=True): origin_id = Join("", ["S3-", Ref("S3Name"), Ref("Path")]) if static_site is True: origin = Origin( Id=origin_id, DomainName=Join( "", [Ref("S3Name"), ".s3-website-us-east-1.amazonaws.com"]), OriginPath=Ref("Path"), CustomOriginConfig=CustomOriginConfig( OriginProtocolPolicy="http-only")) else: origin = Origin(Id=origin_id, DomainName=Join( "", [Ref("S3Name"), ".s3.amazonaws.com"]), OriginPath=Ref("Path"), S3OriginConfig=S3Origin()) myDistribution = self.template.add_resource( Distribution( "myDistribution", DistributionConfig=DistributionConfig( Origins=[origin], DefaultCacheBehavior=DefaultCacheBehavior( TargetOriginId=origin_id, ForwardedValues=ForwardedValues(QueryString=False), ViewerProtocolPolicy="redirect-to-https", MinTTL=3600, DefaultTTL=86400, MaxTTL=31536000), ViewerCertificate=ViewerCertificate( AcmCertificateArn=Ref("ACMarn"), SslSupportMethod='sni-only'), Aliases=Ref("URLs"), DefaultRootObject=Ref("rootObject"), Enabled=True, HttpVersion='http2'))) self.template.add_output([ Output("DistributionId", Value=Ref(myDistribution)), Output("DistributionName", Value=Join( "", ["http://", GetAtt(myDistribution, "DomainName")])), ]) def __generate_blockmap(self, blockmap=None): if blockmap is None: blockmap = [] blockmap = [ ec2.BlockDeviceMapping(DeviceName="/dev/sda1", Ebs=ec2.EBSBlockDevice( VolumeSize=Ref("RootVolSize"), VolumeType="gp2")), ] app_config = self.config['apps'].values()[0] if 'mounts' in app_config: for mount in app_config['mounts']: blockmap.append( ec2.BlockDeviceMapping( DeviceName=mount['path'], Ebs=ec2.EBSBlockDevice( VolumeSize=Ref("{}VolSize".format(mount['name'])), SnapshotId=If( "{}NotRestoringFromSnapshot".format( mount['name']), Ref("AWS::NoValue"), Ref("{}SnapID".format(mount['name']))), VolumeType=mount.get('type', 'standard'), DeleteOnTermination=True))) return blockmap def disk_parameters(self): app_config = self.config['apps'].values()[0] if 'mounts' in app_config: # If you want to be able to override Volume size set default to size of snapshot. for mount in app_config['mounts']: param = Parameter("{}VolSize".format(mount['name']), Type="String", Default=mount['size'], Description="{} EBS Volume size.".format( mount['name'])) self.template.add_parameter(param) param = Parameter( "{}SnapID".format(mount['name']), Type="String", Default=mount.get("SnapshotId", ""), Description= "{} EBS Volume Snapshot(Leave Blank to use new Volume).". format(mount['name'])) self.template.add_parameter(param) condition_name = "{}NotRestoringFromSnapshot".format( mount['name']) self.template.add_condition( condition_name, Equals(Ref("{}SnapID".format(mount['name'])), ""))
class BaseTemplate(object): def __init__(self): self._template = Template() def add_description(self): self._template.add_description( self.description ) def add_parameters(self): for key, values in self.parameters.items(): self._template.add_parameter( Parameter(key, **values) ) def add_conditions(self): for key, condition in self.conditions.items(): self._template.add_condition( key, condition ) def add_mappings(self): for key, mapping in self.mappings.items(): self._template.add_mapping( key, mapping ) def add_outputs(self): for logical_id, keys in self.outputs.items(): self._template.add_output( Output(logical_id, **keys) ) def add_resource(self, attr_name): attr = getattr(self, attr_name) if isinstance(attr, list): if self.verify_list_of_resources(attr): for item in attr: self._template.add_resource(item) elif isinstance(attr, BaseAWSObject): self._template.add_resource(attr) def verify_list_of_resources(self, attr): for item in attr: if not isinstance(item, BaseAWSObject): return False return True def render(self, mappings): if not mappings: mappings = {} self.mappings = mappings self.add_mappings() valid_attributes = get_class_attrs(self.__class__) for attr in valid_attributes: add_method = getattr( self, 'add_%s' % attr, None ) if add_method: add_method() else: self.add_resource(attr) return self._template.to_json()
def main(args): number_of_vol = 5 t = Template() availability_zone = t.add_parameter( Parameter( "AvailabilityZone", Type="String", Description="Availability Zone the cluster will launch into. " "THIS IS REQUIRED", ) ) raid_options = t.add_parameter( Parameter( "RAIDOptions", Type="CommaDelimitedList", Description="Comma separated list of RAID related options, " "8 parameters in total, " "[" "0 shared_dir," "1 raid_type," "2 num_of_vols," "3 vol_type," "4 vol_size," "5 vol_IOPS," "6 encrypted, " "7 ebs_kms_key]", ) ) use_vol = [None] * number_of_vol v = [None] * number_of_vol for i in range(number_of_vol): if i == 0: use_vol[i] = t.add_condition("UseVol%s" % (i + 1), Not(Equals(Select("0", Ref(raid_options)), "NONE"))) else: use_vol[i] = t.add_condition( "UseVol%s" % (i + 1), And(Not(Equals(Select("2", Ref(raid_options)), str(i))), Condition(use_vol[i - 1])), ) use_ebs_iops = t.add_condition("Vol%s_UseEBSPIOPS" % (i + 1), Equals(Select("3", Ref(raid_options)), "io1")) use_volume_size = t.add_condition( "Vol%s_UseVolumeSize" % (i + 1), Not(Equals(Select("4", Ref(raid_options)), "NONE")) ) use_volume_type = t.add_condition( "Vol%s_UseVolumeType" % (i + 1), Not(Equals(Select("3", Ref(raid_options)), "NONE")) ) use_ebs_encryption = t.add_condition( "Vol%s_UseEBSEncryption" % (i + 1), Equals(Select("6", Ref(raid_options)), "true") ) use_ebs_kms_key = t.add_condition( "Vol%s_UseEBSKMSKey" % (i + 1), And(Condition(use_ebs_encryption), Not(Equals(Select("7", Ref(raid_options)), "NONE"))), ) v[i] = t.add_resource( ec2.Volume( "Volume%s" % (i + 1), AvailabilityZone=Ref(availability_zone), VolumeType=If(use_volume_type, Select("3", Ref(raid_options)), "gp2"), Size=If(use_volume_size, Select("4", Ref(raid_options)), 20), Iops=If(use_ebs_iops, Select("5", Ref(raid_options)), NoValue), Encrypted=If(use_ebs_encryption, Select("6", Ref(raid_options)), NoValue), KmsKeyId=If(use_ebs_kms_key, Select("7", Ref(raid_options)), NoValue), Condition=use_vol[i], ) ) outputs = [None] * number_of_vol vol_to_return = [None] * number_of_vol for i in range(number_of_vol): vol_to_return[i] = Ref(v[i]) if i == 0: outputs[i] = If(use_vol[i], vol_to_return[i], "NONE") else: outputs[i] = If(use_vol[i], Join(",", vol_to_return[: (i + 1)]), outputs[i - 1]) t.add_output( Output("Volumeids", Description="Volume IDs of the resulted RAID EBS volumes", Value=outputs[number_of_vol - 1]) ) json_file_path = args.target_path output_file = open(json_file_path, "w") output_file.write(t.to_json()) output_file.close()
ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Master Node", AllowedValues=["yes", "no"], )) WorkerUseEBS = t.add_parameter(Parameter( "WorkerUseEBS", Default="no", ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Worker Node", AllowedValues=["yes", "no"], )) MasterUseEBSBool = t.add_condition("MasterUseEBSBool", Equals(Ref("MasterUseEBS"),"yes")) WorkerUseEBSBool = t.add_condition("WorkerUseEBSBool", Equals(Ref("WorkerUseEBS"),"yes")) t.add_mapping("SubnetConfig", {'Public': {'CIDR': '10.0.0.0/24'}, 'VPC': {'CIDR': '10.0.0.0/16'}} ) t.add_mapping("RHEL66", {'ap-northeast-1': {'AMI': 'ami-a15666a0'}, 'ap-southeast-1': {'AMI': 'ami-3813326a'}, 'ap-southeast-2': {'AMI': 'ami-55e38e6f'}, 'eu-west-1': {'AMI': 'ami-9cfd53eb'}, 'sa-east-1': {'AMI': 'ami-995ce884'}, 'us-east-1': {'AMI': 'ami-aed06ac6'}, 'us-west-1': {'AMI': 'ami-69ccd92c'}, 'us-west-2': {'AMI': 'ami-5fbcf36f'}}
def generate_cloudformation_template(): enable_elb = sys.argv[1] input_scaling_policies = ast.literal_eval(sys.argv[2]) input_alarms = ast.literal_eval(sys.argv[3]) enable_elb = enable_elb == 'True' elb_listeners = ast.literal_eval(sys.argv[4]) template = Template() template.add_description("""\ Configures Auto Scaling Group for the app""") project_name = template.add_parameter(Parameter( "Name", Type="String", Description="Instances will be tagged with this name", )) scalecapacity = template.add_parameter(Parameter( "ScaleCapacity", Default="1", Type="String", Description="Number of api servers to run", )) minsize = template.add_parameter(Parameter( "MinScale", Type="String", Description="Minimum number of servers to keep in the ASG", )) maxsize = template.add_parameter(Parameter( "MaxScale", Type="String", Description="Maximum number of servers to keep in the ASG", )) signalcount = template.add_parameter(Parameter( "SignalCount", Default="1", Type="String", Description="No. of signals CF must receive before it sets the status as CREATE_COMPLETE", )) signaltimeout = template.add_parameter(Parameter( "SignalTimeout", Default="PT5M", Type="String", Description="Time that CF waits for the number of signals that was specified in Count ", )) minsuccessfulinstancespercent = template.add_parameter(Parameter( "MinSuccessfulInstancesPercent", Default="100", Type="String", Description="% instances in a rolling update that must signal success for CF to succeed", )) environment = template.add_parameter(Parameter( "Environment", Type="String", Description="The environment being deployed into", )) subnet = template.add_parameter(Parameter( "Subnets", Type="CommaDelimitedList", )) launchconfigurationname = template.add_parameter(Parameter( "LaunchConfigurationName", Type="String", )) health_check_grace_period = template.add_parameter(Parameter( "HealthCheckGracePeriod", Type="String", Default="300", )) if enable_elb: elb_subnets = template.add_parameter(Parameter( "LoadBalancerSubnets", Type="CommaDelimitedList", )) elb_bucket_name = template.add_parameter(Parameter( "LoadBalancerBucketName", Type="String", Description="S3 Bucket for the ELB access logs" )) template.add_condition("ElbLoggingCondition", Not(Equals(Ref(elb_bucket_name), ""))) elb_schema = template.add_parameter(Parameter( "LoadBalancerSchema", Type="String", )) health_check_interval = template.add_parameter(Parameter( "LoadBalancerHealthCheckInterval", Type="String", )) health_check_timeout = template.add_parameter(Parameter( "LoadBalancerHealthCheckTimeout", Type="String", )) healthy_threshold = template.add_parameter(Parameter( "LoadBalancerHealthyThreshold", Type="String", )) unhealthy_threshold = template.add_parameter(Parameter( "LoadBalancerUnHealthyThreshold", Type="String", )) enable_connection_draining = template.add_parameter(Parameter( "LoadBalancerEnableConnectionDraining", Type="String", Default="True", )) connection_draining_timeout = template.add_parameter(Parameter( "LoadBalancerConnectionDrainingTimeout", Type="String", Default="30", )) loadbalancersecuritygroup = template.add_parameter(Parameter( "LoadBalancerSecurityGroup", Type="CommaDelimitedList", Description="Security group for api app load balancer.", )) hostedzone = template.add_parameter(Parameter( "HostedZoneName", Description="The DNS name of an existing Amazon Route 53 hosted zone", Type="String", )) dns_record = template.add_parameter(Parameter( "DNSRecord", Type="String", )) dns_ttl = template.add_parameter(Parameter( "DNSTTL", Default="300", Type="String", )) new_weight = template.add_parameter(Parameter( "NewDnsWeight", Type="String", Default="100", )) health_check_protocol = template.add_parameter(Parameter( "LoadBalancerHealthCheckProtocol", Type="String", )) template.add_condition("ElbTCPProtocolCondition", Equals(Ref(health_check_protocol), "TCP")) health_check_port = template.add_parameter(Parameter( "LoadBalancerHealthCheckPort", Type="String", )) health_check_path = template.add_parameter(Parameter( "LoadBalancerHealthCheckPath", Type="String", )) load_balancer_listeners = [] for index, listener in enumerate(elb_listeners): template.add_condition("SSLCertificateCondition" + str(index), Equals(listener['protocol'], "https")) load_balancer_listeners.append(elb.Listener( LoadBalancerPort=listener['load_balancer_port'], InstancePort=listener['instance_port'], Protocol=listener['protocol'], InstanceProtocol=Ref(health_check_protocol), SSLCertificateId=If("SSLCertificateCondition" + str(index), listener.get('ssl_certificate_id', ''), Ref("AWS::NoValue")), )) loadbalancer = template.add_resource(elb.LoadBalancer( "LoadBalancer", AccessLoggingPolicy=If("ElbLoggingCondition", elb.AccessLoggingPolicy( EmitInterval=60, Enabled=True, S3BucketName=Ref(elb_bucket_name), S3BucketPrefix="ELBLogs"), Ref("AWS::NoValue")), ConnectionDrainingPolicy=elb.ConnectionDrainingPolicy( Enabled=Ref(enable_connection_draining), Timeout=Ref(connection_draining_timeout), ), Subnets=Ref(elb_subnets), HealthCheck=elb.HealthCheck( Target=Join("", [Ref(health_check_protocol), ":", Ref(health_check_port), If("ElbTCPProtocolCondition", Ref("AWS::NoValue"), Ref(health_check_path)) ]), HealthyThreshold=Ref(healthy_threshold), UnhealthyThreshold=Ref(unhealthy_threshold), Interval=Ref(health_check_interval), Timeout=Ref(health_check_timeout), ), Listeners=load_balancer_listeners, CrossZone=True, SecurityGroups=Ref(loadbalancersecuritygroup), Scheme=Ref(elb_schema) )) route53record = template.add_resource(RecordSetType( "DNS", HostedZoneName=Join("", [Ref(hostedzone), "."]), Name=Join("", [Ref(dns_record), ".", Ref(hostedzone), "."]), ResourceRecords=[GetAtt(loadbalancer, "DNSName")], SetIdentifier=Ref(project_name), TTL=Ref(dns_ttl), Type="CNAME", Weight=Ref(new_weight), )) autoscalinggroup = template.add_resource(AutoScalingGroup( "AutoscalingGroup", Tags=[ Tag("Name", Ref(project_name), True), Tag("Environment", Ref(environment), True) ], LaunchConfigurationName=Ref(launchconfigurationname), MinSize=Ref(minsize), MaxSize=Ref(maxsize), DesiredCapacity=Ref(scalecapacity), VPCZoneIdentifier=Ref(subnet), HealthCheckGracePeriod=Ref(health_check_grace_period), CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal( Count=Ref(signalcount), Timeout=Ref(signaltimeout) ), AutoScalingCreationPolicy=AutoScalingCreationPolicy( MinSuccessfulInstancesPercent=Ref(minsuccessfulinstancespercent) ) ), UpdatePolicy=UpdatePolicy( AutoScalingRollingUpdate=AutoScalingRollingUpdate( MaxBatchSize='1', MinInstancesInService='1', MinSuccessfulInstancesPercent=Ref(minsuccessfulinstancespercent), PauseTime=Ref(signaltimeout), WaitOnResourceSignals=True ) ) )) autoscalinggroup.HealthCheckType = 'EC2' if enable_elb: autoscalinggroup.LoadBalancerNames = [Ref(loadbalancer)] autoscalinggroup.HealthCheckType = 'ELB' created_scaling_policies = dict() for scaling_policy in input_scaling_policies: policy_properties = { 'AdjustmentType': scaling_policy['adjustment_type'], 'AutoScalingGroupName': Ref(autoscalinggroup), 'Cooldown': scaling_policy['cooldown'], 'PolicyType': scaling_policy['policy_type'], 'ScalingAdjustment': scaling_policy['scaling_adjustment'], } if scaling_policy['policy_type'] != "SimpleScaling" \ and 'estimated_instance_warmup' in scaling_policy: policy_properties['EstimatedInstanceWarmup'] = \ scaling_policy['estimated_instance_warmup'] if scaling_policy['policy_type'] != "SimpleScaling" \ and 'metric_aggregation_type' in scaling_policy: policy_properties['MetricAggregationType'] = scaling_policy['metric_aggregation_type'] if scaling_policy['adjustment_type'] == "PercentChangeInCapacity" \ and 'min_adjustment_magnitude' in scaling_policy: policy_properties['MinAdjustmentMagnitude'] = scaling_policy['min_adjustment_magnitude'] if 'step_adjustments' in scaling_policy: policy_properties['StepAdjustments'] = scaling_policy['step_adjustments'] created_scaling_policies[scaling_policy['name']] = template.add_resource(ScalingPolicy( scaling_policy['name'], **policy_properties )) for alarm in input_alarms: template.add_resource( Alarm( alarm['name'], ActionsEnabled=True, AlarmActions=[Ref(created_scaling_policies[alarm['scaling_policy_name']])], AlarmDescription=alarm['description'], ComparisonOperator=alarm['comparison'], Dimensions=[ MetricDimension( Name="AutoScalingGroupName", Value=Ref(autoscalinggroup) ), ], EvaluationPeriods=alarm['evaluation_periods'], InsufficientDataActions=[], MetricName=alarm['metric'], Namespace=alarm['namespace'], OKActions=[], Period=alarm['period'], Statistic=alarm['statistics'], Threshold=str(alarm['threshold']), Unit=alarm['unit'], ) ) template.add_output(Output("StackName", Value=Ref(project_name), Description="Stack Name")) if enable_elb: template.add_output(Output("DomainName", Value=Ref(route53record), Description="DNS to access the service")) template.add_output(Output("LoadBalancer", Value=GetAtt(loadbalancer, "DNSName"), Description="ELB dns")) template.add_output(Output("AutoScalingGroup", Value=Ref(autoscalinggroup), Description="Auto Scaling Group")) template.add_output(Output("LaunchConfiguration", Value=Ref(launchconfigurationname), Description="LaunchConfiguration for this deploy")) return template
"KeyName", ConstraintDescription="Can contain only ASCII characters.", Type="AWS::EC2::KeyPair::KeyName", Description="Name of an existing EC2 KeyPair to enable SSH access to the instance", )) UseEBS = t.add_parameter(Parameter( "UseEBS", Default="no", ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Worker Node", AllowedValues=["yes", "no"], )) UseEBSBool = t.add_condition("UseEBSBool", Equals(Ref(UseEBS),"yes")) t.add_mapping("SubnetConfig", {'Public': {'CIDR': '10.0.0.0/24'}, 'VPC': {'CIDR': '10.0.0.0/16'}} ) t.add_mapping("RHEL66", {'ap-northeast-1': {'AMI': 'ami-a15666a0'}, 'ap-southeast-1': {'AMI': 'ami-3813326a'}, 'ap-southeast-2': {'AMI': 'ami-55e38e6f'}, 'eu-west-1': {'AMI': 'ami-9cfd53eb'}, 'sa-east-1': {'AMI': 'ami-995ce884'}, 'us-east-1': {'AMI': 'ami-aed06ac6'}, 'us-west-1': {'AMI': 'ami-69ccd92c'}, 'us-west-2': {'AMI': 'ami-5fbcf36f'}} )
def main(): t = Template() t.set_description("test instance launch") t.set_version("2010-09-09") InstUserData = [ '#!/usr/bin/env bash\n', '\n', 'set -x\n', '\n', 'my_wait_handle="', Ref('InstanceWaitHandle'), '"\n', 'curl -X PUT -H \'Content-Type:\' --data-binary \'{ "Status" : "SUCCESS", "Reason" : "Instance launched", "UniqueId" : "launch001", "Data" : "Instance launched."}\' "${my_wait_handle}"', '\n', '\n', ] EC2KeyName = t.add_parameter( Parameter( 'EC2KeyName', Type="AWS::EC2::KeyPair::KeyName", Description= "Name of an existing EC2 KeyPair to enable SSH access to the instance.", ConstraintDescription="REQUIRED: Must be a valud EC2 key pair", )) OperatingSystem = t.add_parameter( Parameter('OperatingSystem', Type="String", Description="Operating System", Default="centos7", AllowedValues=[ "alinux2", "centos7", "rhel7", ], ConstraintDescription="Must be: alinux2, centos7, rhel7")) myInstanceType = t.add_parameter( Parameter( 'MyInstanceType', Type="String", Description="Instance type", Default="m5.2xlarge", )) VpcId = t.add_parameter( Parameter( 'VpcId', Type="AWS::EC2::VPC::Id", Description="VPC Id for this instance", )) Subnet = t.add_parameter( Parameter('Subnet', Type="AWS::EC2::Subnet::Id", Description="Subnet IDs")) ExistingSecurityGroup = t.add_parameter( Parameter( 'ExistingSecurityGroup', Type="AWS::EC2::SecurityGroup::Id", Description= "OPTIONAL: Choose an existing Security Group ID, e.g. sg-abcd1234") ) UsePublicIp = t.add_parameter( Parameter( 'UsePublicIp', Type="String", Description="Should a public IP address be given to the instance", Default="true", ConstraintDescription="true/false", AllowedValues=["true", "false"])) SshAccessCidr = t.add_parameter( Parameter( 'SshAccessCidr', Type="String", Description="CIDR Block for SSH access, default 127.0.0.1/32", Default="127.0.0.1/32", AllowedPattern= "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", ConstraintDescription="Must be a valid CIDR x.x.x.x/x")) RootRole = t.add_resource( iam.Role("RootRole", AssumeRolePolicyDocument={ "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] })) SshSecurityGroup = t.add_resource( SecurityGroup("SshSecurityGroup", VpcId=Ref(VpcId), GroupDescription="SSH Secuirty group", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp=Ref(SshAccessCidr), ), ])) RootInstanceProfile = t.add_resource( InstanceProfile("RootInstanceProfile", Roles=[Ref(RootRole)])) tags = Tags(Name=Ref("AWS::StackName")) myInstance = t.add_resource( ec2.Instance( 'MyInstance', ImageId=FindInMap("AWSRegionAMI", Ref("AWS::Region"), Ref(OperatingSystem)), KeyName=Ref(EC2KeyName), InstanceType=(Ref(myInstanceType)), NetworkInterfaces=[ NetworkInterfaceProperty( GroupSet=If( "not_existing_sg", [Ref(SshSecurityGroup)], [Ref(SshSecurityGroup), Ref(ExistingSecurityGroup)]), AssociatePublicIpAddress=Ref(UsePublicIp), DeviceIndex='0', DeleteOnTermination='true', SubnetId=Ref(Subnet)) ], IamInstanceProfile=(Ref(RootInstanceProfile)), UserData=Base64(Join('', InstUserData)), )) t.add_mapping( 'AWSRegionAMI', { "ap-northeast-1": { "centos7": "ami-8e8847f1", "rhel7": "ami-6b0d5f0d" }, "ap-northeast-2": { "centos7": "ami-bf9c36d1", "rhel7": "ami-3eee4150" }, "ap-south-1": { "centos7": "ami-1780a878", "rhel7": "ami-5b673c34" }, "ap-southeast-1": { "centos7": "ami-8e0205f2", "rhel7": "ami-76144b0a" }, "ap-southeast-2": { "centos7": "ami-d8c21dba", "rhel7": "ami-67589505" }, "ca-central-1": { "centos7": "ami-e802818c", "rhel7": "ami-49f0762d" }, "eu-central-1": { "centos7": "ami-dd3c0f36", "rhel7": "ami-c86c3f23" }, "eu-west-1": { "centos7": "ami-3548444c", "rhel7": "ami-7c491f05" }, "eu-west-2": { "centos7": "ami-00846a67", "rhel7": "ami-7c1bfd1b" }, "eu-west-3": { "centos7": "ami-262e9f5b", "rhel7": "ami-5026902d" }, "sa-east-1": { "centos7": "ami-cb5803a7", "rhel7": "ami-b0b7e3dc" }, "us-east-1": { "centos7": "ami-9887c6e7", "rhel7": "ami-6871a115" }, "us-east-2": { "centos7": "ami-9c0638f9", "rhel7": "ami-03291866" }, "us-west-1": { "centos7": "ami-4826c22b", "rhel7": "ami-18726478" }, "us-west-2": { "centos7": "ami-3ecc8f46", "rhel7": "ami-28e07e50" } }) t.add_condition("not_existing_sg", Equals(Ref(ExistingSecurityGroup), "")) t.add_condition("Has_Public_Ip", Equals(Ref(UsePublicIp), "true")) mywaithandle = t.add_resource(WaitConditionHandle('InstanceWaitHandle')) mywaitcondition = t.add_resource( WaitCondition("InstanceWaitCondition", Handle=Ref(mywaithandle), Timeout="1500", DependsOn="MyInstance")) t.add_output([ Output("InstanceID", Description="Instance ID", Value=Ref(myInstance)) ]) t.add_output( [Output("InstancePrivateIP", Value=GetAtt('MyInstance', 'PrivateIp'))]) t.add_output([ Output("InstancePublicIP", Value=GetAtt('MyInstance', 'PublicIp'), Condition="Has_Public_Ip") ]) ##print(t.to_yaml()) print(t.to_json(indent=2))
Description="EC2 instance type", Default="m3.medium", AllowedValues=[ "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge" ], ConstraintDescription="Must be a valid, EC2 classic " "compatible instance type.", )) # Conditions template.add_condition( "EIPProvided", Not( Equals( Ref("EIP"), "0.0.0.0" ) ) ) # Define the instance security group instance_sg = template.add_resource( ec2.SecurityGroup( "InstanceSecurityGroup", GroupDescription="Enable SSH access to the world", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22",
def main(args): number_of_vol = 5 t = Template() availability_zone = t.add_parameter( Parameter( "AvailabilityZone", Type="String", Description="Availability Zone the cluster will launch into. THIS IS REQUIRED", ) ) volume_size = t.add_parameter( Parameter( "VolumeSize", Type="CommaDelimitedList", Description="Size of EBS volume in GB, if creating a new one" ) ) volume_type = t.add_parameter( Parameter( "VolumeType", Type="CommaDelimitedList", Description="Type of volume to create either new or from snapshot" ) ) volume_iops = t.add_parameter( Parameter( "VolumeIOPS", Type="CommaDelimitedList", Description="Number of IOPS for volume type io1. Not used for other volume types.", ) ) ebs_encryption = t.add_parameter( Parameter( "EBSEncryption", Type="CommaDelimitedList", Description="Boolean flag to use EBS encryption for /shared volume. " "(Not to be used for snapshots)", ) ) ebs_kms_id = t.add_parameter( Parameter( "EBSKMSKeyId", Type="CommaDelimitedList", Description="KMS ARN for customer created master key, will be used for EBS encryption", ) ) ebs_volume_id = t.add_parameter( Parameter("EBSVolumeId", Type="CommaDelimitedList", Description="Existing EBS volume Id") ) ebs_snapshot_id = t.add_parameter( Parameter( "EBSSnapshotId", Type="CommaDelimitedList", Description="Id of EBS snapshot if using snapshot as source for volume", ) ) ebs_vol_num = t.add_parameter( Parameter( "NumberOfEBSVol", Type="Number", Description="Number of EBS Volumes the user requested, up to %s" % number_of_vol, ) ) use_vol = [None] * number_of_vol use_existing_ebs_volume = [None] * number_of_vol v = [None] * number_of_vol for i in range(number_of_vol): if i == 0: create_vol = t.add_condition( "Vol%s_CreateEBSVolume" % (i + 1), Equals(Select(str(i), Ref(ebs_volume_id)), "NONE") ) elif i == 1: use_vol[i] = t.add_condition("UseVol%s" % (i + 1), Not(Equals(Ref(ebs_vol_num), str(i)))) create_vol = t.add_condition( "Vol%s_CreateEBSVolume" % (i + 1), And(Condition(use_vol[i]), Equals(Select(str(i), Ref(ebs_volume_id)), "NONE")), ) else: use_vol[i] = t.add_condition( "UseVol%s" % (i + 1), And(Not(Equals(Ref(ebs_vol_num), str(i))), Condition(use_vol[i - 1])) ) create_vol = t.add_condition( "Vol%s_CreateEBSVolume" % (i + 1), And(Condition(use_vol[i]), Equals(Select(str(i), Ref(ebs_volume_id)), "NONE")), ) use_ebs_iops = t.add_condition("Vol%s_UseEBSPIOPS" % (i + 1), Equals(Select(str(i), Ref(volume_type)), "io1")) use_vol_size = t.add_condition( "Vol%s_UseVolumeSize" % (i + 1), Not(Equals(Select(str(i), Ref(volume_size)), "NONE")) ) use_vol_type = t.add_condition( "Vol%s_UseVolumeType" % (i + 1), Not(Equals(Select(str(i), Ref(volume_type)), "NONE")) ) use_ebs_encryption = t.add_condition( "Vol%s_UseEBSEncryption" % (i + 1), Equals(Select(str(i), Ref(ebs_encryption)), "true") ) use_ebs_kms_key = t.add_condition( "Vol%s_UseEBSKMSKey" % (i + 1), And(Condition(use_ebs_encryption), Not(Equals(Select(str(i), Ref(ebs_kms_id)), "NONE"))), ) use_ebs_snapshot = t.add_condition( "Vol%s_UseEBSSnapshot" % (i + 1), Not(Equals(Select(str(i), Ref(ebs_snapshot_id)), "NONE")) ) use_existing_ebs_volume[i] = t.add_condition( "Vol%s_UseExistingEBSVolume" % (i + 1), Not(Equals(Select(str(i), Ref(ebs_volume_id)), "NONE")) ) v[i] = t.add_resource( ec2.Volume( "Volume%s" % (i + 1), AvailabilityZone=Ref(availability_zone), VolumeType=If(use_vol_type, Select(str(i), Ref(volume_type)), "gp2"), Size=If(use_ebs_snapshot, NoValue, If(use_vol_size, Select(str(i), Ref(volume_size)), "20")), SnapshotId=If(use_ebs_snapshot, Select(str(i), Ref(ebs_snapshot_id)), NoValue), Iops=If(use_ebs_iops, Select(str(i), Ref(volume_iops)), NoValue), Encrypted=If(use_ebs_encryption, Select(str(i), Ref(ebs_encryption)), NoValue), KmsKeyId=If(use_ebs_kms_key, Select(str(i), Ref(ebs_kms_id)), NoValue), Condition=create_vol, ) ) outputs = [None] * number_of_vol vol_to_return = [None] * number_of_vol for i in range(number_of_vol): vol_to_return[i] = If(use_existing_ebs_volume[i], Select(str(i), Ref(ebs_volume_id)), Ref(v[i])) if i == 0: outputs[i] = vol_to_return[i] else: outputs[i] = If(use_vol[i], Join(",", vol_to_return[: (i + 1)]), outputs[i - 1]) t.add_output( Output("Volumeids", Description="Volume IDs of the resulted EBS volumes", Value=outputs[number_of_vol - 1]) ) json_file_path = args.target_path output_file = open(json_file_path, "w") output_file.write(t.to_json()) output_file.close()
def main(args): t = Template() # [0 shared_dir, 1 efs_fs_id, 2 performance_mode, 3 efs_kms_key_id, # 4 provisioned_throughput, 5 encrypted, 6 throughput_mode, 7 exists_valid_mt] efs_options = t.add_parameter( Parameter( "EFSOptions", Type="CommaDelimitedList", Description="Comma separated list of efs related options, " "8 parameters in total", ) ) compute_security_group = t.add_parameter( Parameter("ComputeSecurityGroup", Type="String", Description="SecurityGroup for Mount Target") ) subnet_id = t.add_parameter(Parameter("SubnetId", Type="String", Description="SubnetId for Mount Target")) create_efs = t.add_condition( "CreateEFS", And(Not(Equals(Select(str(0), Ref(efs_options)), "NONE")), Equals(Select(str(1), Ref(efs_options)), "NONE")), ) create_mt = t.add_condition( "CreateMT", And(Not(Equals(Select(str(0), Ref(efs_options)), "NONE")), Equals(Select(str(7), Ref(efs_options)), "NONE")), ) use_performance_mode = t.add_condition("UsePerformanceMode", Not(Equals(Select(str(2), Ref(efs_options)), "NONE"))) use_efs_encryption = t.add_condition("UseEFSEncryption", Equals(Select(str(5), Ref(efs_options)), "true")) use_efs_kms_key = t.add_condition( "UseEFSKMSKey", And(Condition(use_efs_encryption), Not(Equals(Select(str(3), Ref(efs_options)), "NONE"))) ) use_throughput_mode = t.add_condition("UseThroughputMode", Not(Equals(Select(str(6), Ref(efs_options)), "NONE"))) use_provisioned = t.add_condition("UseProvisioned", Equals(Select(str(6), Ref(efs_options)), "provisioned")) use_provisioned_throughput = t.add_condition( "UseProvisionedThroughput", And(Condition(use_provisioned), Not(Equals(Select(str(4), Ref(efs_options)), "NONE"))), ) fs = t.add_resource( FileSystem( "EFSFS", PerformanceMode=If(use_performance_mode, Select(str(2), Ref(efs_options)), NoValue), ProvisionedThroughputInMibps=If(use_provisioned_throughput, Select(str(4), Ref(efs_options)), NoValue), ThroughputMode=If(use_throughput_mode, Select(str(6), Ref(efs_options)), NoValue), Encrypted=If(use_efs_encryption, Select(str(5), Ref(efs_options)), NoValue), KmsKeyId=If(use_efs_kms_key, Select(str(3), Ref(efs_options)), NoValue), Condition=create_efs, ) ) mt = t.add_resource( MountTarget( "EFSMT", FileSystemId=If(create_efs, Ref(fs), Select(str(1), Ref(efs_options))), SecurityGroups=[Ref(compute_security_group)], SubnetId=Ref(subnet_id), Condition=create_mt, ) ) t.add_output( Output( "FileSystemId", Description="ID of the FileSystem", Value=If(create_efs, Ref(fs), Select("1", Ref(efs_options))), ) ) # Specify output file path json_file_path = args.target_path output_file = open(json_file_path, "w") output_file.write(t.to_json()) output_file.close()
Parameter( "LambdaBucket", Description= "The S3 Bucket that contains the zip to bootstrap your lambda function", Type="String", Default="galileo-babel-lambda")) t.add_parameter( Parameter( "S3Key", Description= "The S3 key that references the zip to bootstrap your lambda function.", Type="String", Default="GalileoBabel.zip")) t.add_condition("IsInt", Equals(Ref("LambdaEnv"), "int")) t.add_condition("IsTest", Equals(Ref("LambdaEnv"), "test")) t.add_condition("IsLive", Equals(Ref("LambdaEnv"), "live")) t.add_resource( Role( "LambdaExecutionRole", Policies=[ iam.Policy( PolicyName="FunctionRolePolicy", PolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[ Action("logs", "CreateLogGroup"), Action("logs", "CreateLogStream"), Action("logs", "PutLogEvents"),
s3_bucket_parameter = template.add_parameter(Parameter( "S3BucketParameter", Type="String", Description="Name of the S3 bucket where you uploaded the source code zip", )) source_zip_parameter = template.add_parameter(Parameter( "SourceZipParameter", Type="String", Default="backup-rds.zip", Description="Name of the zip file inside the S3 bucket", )) template.add_condition("UseAllDatabases", Equals(Join("", Ref(databases_to_use_parameter)), "")) template.add_condition("UseEncryption", Equals(Ref(kms_key_parameter), ""), ) template.add_condition("IncludeAurora", Equals(Ref(include_aurora_clusters_parameter), "Yes")) template.add_metadata({ "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Basic configuration" }, "Parameters": [ "TargetRegionParameter", "S3BucketParameter", "SourceZipParameter", ]
def main(argv): FILE = None try: opts, args = getopt.getopt(argv,"hf:",["FILE="]) except getopt.GetoptError: print sys.argv[0], ' -f <metric-csv-file>' sys.exit(2) # An array to contain any parameters for the template. parameters = [] # An array to contain any conditions for the template. conditions = {} # An array to contain any key value maps for the template. maps = [] # An array to contain any resource objects for the template. resources = [] # An array to contain any output objects for the template. outputs = [] with open(FILE, 'rbU') as f: reader = csv.reader(f) try: for row in islice(reader, 1, None): resources.append(Alarm( "QueueDepthAlarm", AlarmDescription="Alarm if queue depth grows beyond 10 messages", Namespace="AWS/SQS", MetricName="ApproximateNumberOfMessagesVisible", Dimensions=[ MetricDimension( Name="QueueName", Value=GetAtt(myqueue, "QueueName") ), ], Statistic="Sum", Period="300", EvaluationPeriods="1", Threshold="10", ComparisonOperator="GreaterThanThreshold", AlarmActions=[Ref(alarmtopic), ], InsufficientDataActions=[Ref(alarmtopic), ], )) except csv.Error as e: sys.exit('file %s, line %d: %s' % (VPC_ID, reader.line_num, e)) t = Template() t.add_version('2010-09-09') t.add_description( "This is an AWS CloudFormation template that provisions metric filters " "based on a spreadsheet of applicable metric filters. ***WARNING*** This " "template creates many Amazon CloudWatch alarms based on a Amazon " "CloudWatch Logs Log Group. You will be billed for the AWS resources used " "if you create a stack from this template." ) for p in parameters: t.add_parameter(p) for k in conditions: t.add_condition(k, conditions[k]) for r in resources: t.add_resource(r) for o in outputs: t.add_output(o) # Print the template to JSON print(t.to_json())
Parameter( 'DataIops', Description='Number of provisioned data IOPS', Type='Number', Default='0', ), Parameter( 'DataSize', Description='Size of data device in GB', Type='Number', Default='500', ), ]) template.add_condition('EnableDataIops', { 'Fn::Not': [{'Fn::Equals': [Ref('DataIops'), 0]}] }) atlas.infra_params(template) ## ssh_key, Env, Silo atlas.conf_params(template) ## Conf Name, Conf Version, Conf tarball bucket atlas.instance_params( template, roles_default=['log', ], iam_default='log', ) atlas.scaling_params(template) atlas.mappings(
def main(args): number_of_vol = 5 t = Template() availability_zone = t.add_parameter( Parameter( "AvailabilityZone", Type="String", Description="Availability Zone the cluster will launch into. " "THIS IS REQUIRED", )) raid_options = t.add_parameter( Parameter( "RAIDOptions", Type="CommaDelimitedList", Description="Comma separated list of RAID related options, " "8 parameters in total, " "[" "0 shared_dir," "1 raid_type," "2 num_of_vols," "3 vol_type," "4 vol_size," "5 vol_IOPS," "6 encrypted, " "7 ebs_kms_key]", )) use_vol = [None] * number_of_vol v = [None] * number_of_vol for i in range(number_of_vol): if i == 0: use_vol[i] = t.add_condition( "UseVol%s" % (i + 1), Not(Equals(Select("0", Ref(raid_options)), "NONE"))) else: use_vol[i] = t.add_condition( "UseVol%s" % (i + 1), And(Not(Equals(Select("2", Ref(raid_options)), str(i))), Condition(use_vol[i - 1])), ) use_ebs_iops = t.add_condition( "Vol%s_UseEBSPIOPS" % (i + 1), Equals(Select("3", Ref(raid_options)), "io1")) use_volume_size = t.add_condition( "Vol%s_UseVolumeSize" % (i + 1), Not(Equals(Select("4", Ref(raid_options)), "NONE"))) use_volume_type = t.add_condition( "Vol%s_UseVolumeType" % (i + 1), Not(Equals(Select("3", Ref(raid_options)), "NONE"))) use_ebs_encryption = t.add_condition( "Vol%s_UseEBSEncryption" % (i + 1), Equals(Select("6", Ref(raid_options)), "true")) use_ebs_kms_key = t.add_condition( "Vol%s_UseEBSKMSKey" % (i + 1), And(Condition(use_ebs_encryption), Not(Equals(Select("7", Ref(raid_options)), "NONE"))), ) v[i] = t.add_resource( ec2.Volume( "Volume%s" % (i + 1), AvailabilityZone=Ref(availability_zone), VolumeType=If(use_volume_type, Select("3", Ref(raid_options)), "gp2"), Size=If(use_volume_size, Select("4", Ref(raid_options)), 20), Iops=If(use_ebs_iops, Select("5", Ref(raid_options)), NoValue), Encrypted=If(use_ebs_encryption, Select("6", Ref(raid_options)), NoValue), KmsKeyId=If(use_ebs_kms_key, Select("7", Ref(raid_options)), NoValue), Condition=use_vol[i], )) outputs = [None] * number_of_vol vol_to_return = [None] * number_of_vol for i in range(number_of_vol): vol_to_return[i] = Ref(v[i]) if i == 0: outputs[i] = If(use_vol[i], vol_to_return[i], "NONE") else: outputs[i] = If(use_vol[i], Join(",", vol_to_return[:(i + 1)]), outputs[i - 1]) t.add_output( Output("Volumeids", Description="Volume IDs of the resulted RAID EBS volumes", Value=outputs[number_of_vol - 1])) json_file_path = args.target_path output_file = open(json_file_path, "w") output_file.write(t.to_json()) output_file.close()
subnet = template.add_parameter(Parameter( "Subnet", Description="Subnet ID for creating the EMR cluster", Type=SUBNET_ID )) spot = template.add_parameter(Parameter( "SpotPrice", Description="Spot price (or use 0 for 'on demand' instance)", Type=NUMBER, Default="0.1" )) withSpotPrice = "WithSpotPrice" template.add_condition(withSpotPrice, Not(Equals(Ref(spot), "0"))) gcTimeRatio = template.add_parameter(Parameter( "GcTimeRatioValue", Description="Hadoop name node garbage collector time ratio", Type=NUMBER, Default="19" )) # IAM roles required by EMR emr_service_role = template.add_resource(iam.Role( 'EMRServiceRole', AssumeRolePolicyDocument={ "Statement": [{ "Effect": "Allow",
MaxLength="64", Type="String", )) WebServerCapacity = t.add_parameter( Parameter( "WebServerCapacity", Description="The initial nuber of WebServer instances", Default="2", Type="Number", MaxValue="5", MinValue="1", ConstraintDescription="must be between 1 and 5 EC2 instances.", )) t.add_condition("Is-EC2-Classic", Not(Condition("Is-EC2-VPC"))) t.add_condition( "Is-EC2-VPC", Or(Equals(Ref("AWS::Region"), "eu-central-1"), Equals(Ref("AWS::Region"), "cn-north-1"), Equals(Ref("AWS::Region"), "ap-northeast-2"))) t.add_mapping( "AWSInstanceType2Arch", { u'c1.medium': { u'Arch': u'PV64' }, u'c1.xlarge': { u'Arch': u'PV64' },
"to the instances", Type=KEY_PAIR_NAME)) subnet = template.add_parameter( Parameter("Subnet", Description="Subnet ID for creating the EMR cluster", Type=SUBNET_ID)) spot = template.add_parameter( Parameter("SpotPrice", Description="Spot price (or use 0 for 'on demand' instance)", Type=NUMBER, Default="0.1")) withSpotPrice = "WithSpotPrice" template.add_condition(withSpotPrice, Not(Equals(Ref(spot), "0"))) gcTimeRatio = template.add_parameter( Parameter("GcTimeRatioValue", Description="Hadoop name node garbage collector time ratio", Type=NUMBER, Default="19")) # IAM roles required by EMR emr_service_role = template.add_resource( iam.Role( 'EMRServiceRole', AssumeRolePolicyDocument={ "Statement": [{ "Effect": "Allow",
], KeySchema=[ dynamodb.KeySchema( AttributeName="key", KeyType="HASH", ) ], )) template.add_output(Output( "Table2Name", Value=Ref(table2), )) table1_selected = template.add_condition("Table1Selected", Equals(Ref(table), '1')) table_item = template.add_resource(custom_resources.dynamodb.Item( "Item", TableName=If(table1_selected, Ref(table1), Ref(table2)), ItemKey={'key': {'S': Ref(key)}}, ItemValue={'value': {'S': Ref(value)}}, Overwrite=Ref(overwrite), )) def test_item(cloudformation_stack_name): cfn_params = { "CustomResourcesStack": "vrt-dpc-custom-resources-2-stag", "Table": "1", "Key": "foo",
def main(args): t = Template() # ================= Parameters ================= # 0 1 2 3 4 5 6 7 # [shared_dir,fsx_fs_id,storage_capacity,fsx_kms_key_id,imported_file_chunk_size,export_path,import_path,weekly_maintenance_start_time] fsx_options = t.add_parameter( Parameter( "FSXOptions", Type="CommaDelimitedList", Description="Comma separated list of fsx related options, 8 parameters in total, [shared_dir,fsx_fs_id,storage_capacity,fsx_kms_key_id,imported_file_chunk_size,export_path,import_path,weekly_maintenance_start_time]", ) ) compute_security_group = t.add_parameter( Parameter("ComputeSecurityGroup", Type="String", Description="SecurityGroup for FSx filesystem") ) subnet_id = t.add_parameter(Parameter("SubnetId", Type="String", Description="SubnetId for FSx filesystem")) # ================= Conditions ================= create_fsx = t.add_condition( "CreateFSX", And(Not(Equals(Select(str(0), Ref(fsx_options)), "NONE")), Equals(Select(str(1), Ref(fsx_options)), "NONE")), ) use_storage_capacity = t.add_condition("UseStorageCap", Not(Equals(Select(str(2), Ref(fsx_options)), "NONE"))) use_fsx_kms_key = t.add_condition("UseFSXKMSKey", Not(Equals(Select(str(3), Ref(fsx_options)), "NONE"))) use_imported_file_chunk_size = t.add_condition( "UseImportedFileChunkSize", Not(Equals(Select(str(4), Ref(fsx_options)), "NONE")) ) use_export_path = t.add_condition("UseExportPath", Not(Equals(Select(str(5), Ref(fsx_options)), "NONE"))) use_import_path = t.add_condition("UseImportPath", Not(Equals(Select(str(6), Ref(fsx_options)), "NONE"))) use_weekly_mainenance_start_time = t.add_condition( "UseWeeklyMaintenanceStartTime", Not(Equals(Select(str(7), Ref(fsx_options)), "NONE")) ) # ================= Resources ================= fs = t.add_resource( FileSystem( "FileSystem", FileSystemType="LUSTRE", SubnetIds=[Ref(subnet_id)], SecurityGroupIds=[Ref(compute_security_group)], KmsKeyId=If(use_fsx_kms_key, Select(str(3), Ref(fsx_options)), NoValue), StorageCapacity=If(use_storage_capacity, Select(str(2), Ref(fsx_options)), NoValue), LustreConfiguration=LustreConfiguration( ImportedFileChunkSize=If(use_imported_file_chunk_size, Select(str(4), Ref(fsx_options)), NoValue), ExportPath=If(use_export_path, Select(str(5), Ref(fsx_options)), NoValue), ImportPath=If(use_import_path, Select(str(6), Ref(fsx_options)), NoValue), WeeklyMaintenanceStartTime=If( use_weekly_mainenance_start_time, Select(str(7), Ref(fsx_options)), NoValue ), ), Condition=create_fsx, ) ) # ================= Outputs ================= t.add_output( Output( "FileSystemId", Description="ID of the FileSystem", Value=If(create_fsx, Ref(fs), Select("1", Ref(fsx_options))), ) ) # Specify output file path json_file_path = args.target_path output_file = open(json_file_path, "w") output_file.write(t.to_json()) output_file.close()
def generate_cloudformation_template(): enable_elb = sys.argv[1] input_scaling_policies = ast.literal_eval(sys.argv[2]) input_alarms = ast.literal_eval(sys.argv[3]) enable_elb = enable_elb == 'True' elb_listeners = ast.literal_eval(sys.argv[4]) template = Template() template.add_description("""\ Configures Auto Scaling Group for the app""") project_name = template.add_parameter( Parameter( "Name", Type="String", Description="Instances will be tagged with this name", )) scalecapacity = template.add_parameter( Parameter( "ScaleCapacity", Default="1", Type="String", Description="Number of api servers to run", )) minsize = template.add_parameter( Parameter( "MinScale", Type="String", Description="Minimum number of servers to keep in the ASG", )) maxsize = template.add_parameter( Parameter( "MaxScale", Type="String", Description="Maximum number of servers to keep in the ASG", )) signalcount = template.add_parameter( Parameter( "SignalCount", Default="1", Type="String", Description= "No. of signals CF must receive before it sets the status as CREATE_COMPLETE", )) signaltimeout = template.add_parameter( Parameter( "SignalTimeout", Default="PT5M", Type="String", Description= "Time that CF waits for the number of signals that was specified in Count ", )) minsuccessfulinstancespercent = template.add_parameter( Parameter( "MinSuccessfulInstancesPercent", Default="100", Type="String", Description= "% instances in a rolling update that must signal success for CF to succeed", )) environment = template.add_parameter( Parameter( "Environment", Type="String", Description="The environment being deployed into", )) subnet = template.add_parameter( Parameter( "Subnets", Type="CommaDelimitedList", )) launchconfigurationname = template.add_parameter( Parameter( "LaunchConfigurationName", Type="String", )) health_check_grace_period = template.add_parameter( Parameter( "HealthCheckGracePeriod", Type="String", Default="300", )) if enable_elb: elb_subnets = template.add_parameter( Parameter( "LoadBalancerSubnets", Type="CommaDelimitedList", )) elb_bucket_name = template.add_parameter( Parameter("LoadBalancerBucketName", Type="String", Description="S3 Bucket for the ELB access logs")) template.add_condition("ElbLoggingCondition", Not(Equals(Ref(elb_bucket_name), ""))) elb_schema = template.add_parameter( Parameter( "LoadBalancerSchema", Type="String", )) health_check_interval = template.add_parameter( Parameter( "LoadBalancerHealthCheckInterval", Type="String", )) health_check_timeout = template.add_parameter( Parameter( "LoadBalancerHealthCheckTimeout", Type="String", )) healthy_threshold = template.add_parameter( Parameter( "LoadBalancerHealthyThreshold", Type="String", )) unhealthy_threshold = template.add_parameter( Parameter( "LoadBalancerUnHealthyThreshold", Type="String", )) enable_connection_draining = template.add_parameter( Parameter( "LoadBalancerEnableConnectionDraining", Type="String", Default="True", )) connection_draining_timeout = template.add_parameter( Parameter( "LoadBalancerConnectionDrainingTimeout", Type="String", Default="30", )) loadbalancersecuritygroup = template.add_parameter( Parameter( "LoadBalancerSecurityGroup", Type="CommaDelimitedList", Description="Security group for api app load balancer.", )) hostedzone = template.add_parameter( Parameter( "HostedZoneName", Description= "The DNS name of an existing Amazon Route 53 hosted zone", Type="String", )) dns_record = template.add_parameter( Parameter( "DNSRecord", Type="String", )) dns_ttl = template.add_parameter( Parameter( "DNSTTL", Default="300", Type="String", )) new_weight = template.add_parameter( Parameter( "NewDnsWeight", Type="String", Default="100", )) health_check_protocol = template.add_parameter( Parameter( "LoadBalancerHealthCheckProtocol", Type="String", )) template.add_condition("ElbTCPProtocolCondition", Equals(Ref(health_check_protocol), "TCP")) health_check_port = template.add_parameter( Parameter( "LoadBalancerHealthCheckPort", Type="String", )) health_check_path = template.add_parameter( Parameter( "LoadBalancerHealthCheckPath", Type="String", )) load_balancer_listeners = [] for listener in elb_listeners: load_balancer_listeners.append( elb.Listener( LoadBalancerPort=listener['load_balancer_port'], InstancePort=listener['instance_port'], Protocol=listener['protocol'], InstanceProtocol=Ref(health_check_protocol), )) loadbalancer = template.add_resource( elb.LoadBalancer( "LoadBalancer", AccessLoggingPolicy=If( "ElbLoggingCondition", elb.AccessLoggingPolicy(EmitInterval=60, Enabled=True, S3BucketName=Ref(elb_bucket_name), S3BucketPrefix="ELBLogs"), Ref("AWS::NoValue")), ConnectionDrainingPolicy=elb.ConnectionDrainingPolicy( Enabled=Ref(enable_connection_draining), Timeout=Ref(connection_draining_timeout), ), Subnets=Ref(elb_subnets), HealthCheck=elb.HealthCheck( Target=Join("", [ Ref(health_check_protocol), ":", Ref(health_check_port), If("ElbTCPProtocolCondition", Ref("AWS::NoValue"), Ref(health_check_path)) ]), HealthyThreshold=Ref(healthy_threshold), UnhealthyThreshold=Ref(unhealthy_threshold), Interval=Ref(health_check_interval), Timeout=Ref(health_check_timeout), ), Listeners=load_balancer_listeners, CrossZone=True, SecurityGroups=Ref(loadbalancersecuritygroup), Scheme=Ref(elb_schema))) route53record = template.add_resource( RecordSetType( "DNS", HostedZoneName=Join("", [Ref(hostedzone), "."]), Name=Join("", [Ref(dns_record), ".", Ref(hostedzone), "."]), ResourceRecords=[GetAtt(loadbalancer, "DNSName")], SetIdentifier=Ref(project_name), TTL=Ref(dns_ttl), Type="CNAME", Weight=Ref(new_weight), )) autoscalinggroup = template.add_resource( AutoScalingGroup( "AutoscalingGroup", Tags=[ Tag("Name", Ref(project_name), True), Tag("Environment", Ref(environment), True) ], LaunchConfigurationName=Ref(launchconfigurationname), MinSize=Ref(minsize), MaxSize=Ref(maxsize), DesiredCapacity=Ref(scalecapacity), VPCZoneIdentifier=Ref(subnet), HealthCheckGracePeriod=Ref(health_check_grace_period), CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal(Count=Ref(signalcount), Timeout=Ref(signaltimeout)), AutoScalingCreationPolicy=AutoScalingCreationPolicy( MinSuccessfulInstancesPercent=Ref( minsuccessfulinstancespercent))), UpdatePolicy=UpdatePolicy( AutoScalingRollingUpdate=AutoScalingRollingUpdate( MaxBatchSize='1', MinInstancesInService='1', MinSuccessfulInstancesPercent=Ref( minsuccessfulinstancespercent), PauseTime=Ref(signaltimeout), WaitOnResourceSignals=True)))) autoscalinggroup.HealthCheckType = 'EC2' if enable_elb: autoscalinggroup.LoadBalancerNames = [Ref(loadbalancer)] autoscalinggroup.HealthCheckType = 'ELB' created_scaling_policies = dict() for scaling_policy in input_scaling_policies: policy_properties = { 'AdjustmentType': scaling_policy['adjustment_type'], 'AutoScalingGroupName': Ref(autoscalinggroup), 'Cooldown': scaling_policy['cooldown'], 'PolicyType': scaling_policy['policy_type'], 'ScalingAdjustment': scaling_policy['scaling_adjustment'], } if scaling_policy['policy_type'] != "SimpleScaling" \ and 'estimated_instance_warmup' in scaling_policy: policy_properties['EstimatedInstanceWarmup'] = \ scaling_policy['estimated_instance_warmup'] if scaling_policy['policy_type'] != "SimpleScaling" \ and 'metric_aggregation_type' in scaling_policy: policy_properties['MetricAggregationType'] = scaling_policy[ 'metric_aggregation_type'] if scaling_policy['adjustment_type'] == "PercentChangeInCapacity" \ and 'min_adjustment_magnitude' in scaling_policy: policy_properties['MinAdjustmentMagnitude'] = scaling_policy[ 'min_adjustment_magnitude'] if 'step_adjustments' in scaling_policy: policy_properties['StepAdjustments'] = scaling_policy[ 'step_adjustments'] created_scaling_policies[ scaling_policy['name']] = template.add_resource( ScalingPolicy(scaling_policy['name'], **policy_properties)) for alarm in input_alarms: template.add_resource( Alarm( alarm['name'], ActionsEnabled=True, AlarmActions=[ Ref(created_scaling_policies[alarm['scaling_policy_name']]) ], AlarmDescription=alarm['description'], ComparisonOperator=alarm['comparison'], Dimensions=[ MetricDimension(Name="AutoScalingGroupName", Value=Ref(autoscalinggroup)), ], EvaluationPeriods=alarm['evaluation_periods'], InsufficientDataActions=[], MetricName=alarm['metric'], Namespace=alarm['namespace'], OKActions=[], Period=alarm['period'], Statistic=alarm['statistics'], Threshold=str(alarm['threshold']), Unit=alarm['unit'], )) template.add_output( Output("StackName", Value=Ref(project_name), Description="Stack Name")) if enable_elb: template.add_output( Output("DomainName", Value=Ref(route53record), Description="DNS to access the service")) template.add_output( Output("LoadBalancer", Value=GetAtt(loadbalancer, "DNSName"), Description="ELB dns")) template.add_output( Output("AutoScalingGroup", Value=Ref(autoscalinggroup), Description="Auto Scaling Group")) template.add_output( Output("LaunchConfiguration", Value=Ref(launchconfigurationname), Description="LaunchConfiguration for this deploy")) return template
AllowedValues=['VPC', 'Subnet', 'NetworkInterface'], )) param_traffic_type = t.add_parameter(Parameter( 'TrafficType', Description='The type of traffic to log.', Type='String', Default='ALL', AllowedValues=['ACCEPT', 'REJECT', 'ALL'], )) # # Don't expire condition # t.add_condition( 'NotExpireCondition', Equals(Ref(param_retention), -1) ) # # Resources # log_group = t.add_resource(logs.LogGroup( 'LogGroup', RetentionInDays=If('NotExpireCondition', Ref(AWS_NO_VALUE), Ref(param_retention)) )) log_delivery_role = t.add_resource(iam.Role( 'LogDeliveryRole',
def main(args): t = Template() # ================= Parameters ================= # 0 1 2 3 4 5 6 # [shared_dir,fsx_fs_id,storage_capacity,fsx_kms_key_id,imported_file_chunk_size,export_path,import_path, # 7 # weekly_maintenance_start_time] fsx_options = t.add_parameter( Parameter( "FSXOptions", Type="CommaDelimitedList", Description= "Comma separated list of fsx related options, 8 parameters in total, [shared_dir,fsx_fs_id," "storage_capacity,fsx_kms_key_id,imported_file_chunk_size,export_path,import_path," "weekly_maintenance_start_time]", )) compute_security_group = t.add_parameter( Parameter("ComputeSecurityGroup", Type="String", Description="SecurityGroup for FSx filesystem")) subnet_id = t.add_parameter( Parameter("SubnetId", Type="String", Description="SubnetId for FSx filesystem")) # ================= Conditions ================= create_fsx = t.add_condition( "CreateFSX", And(Not(Equals(Select(str(0), Ref(fsx_options)), "NONE")), Equals(Select(str(1), Ref(fsx_options)), "NONE")), ) use_storage_capacity = t.add_condition( "UseStorageCap", Not(Equals(Select(str(2), Ref(fsx_options)), "NONE"))) use_fsx_kms_key = t.add_condition( "UseFSXKMSKey", Not(Equals(Select(str(3), Ref(fsx_options)), "NONE"))) use_imported_file_chunk_size = t.add_condition( "UseImportedFileChunkSize", Not(Equals(Select(str(4), Ref(fsx_options)), "NONE"))) use_export_path = t.add_condition( "UseExportPath", Not(Equals(Select(str(5), Ref(fsx_options)), "NONE"))) use_import_path = t.add_condition( "UseImportPath", Not(Equals(Select(str(6), Ref(fsx_options)), "NONE"))) use_weekly_mainenance_start_time = t.add_condition( "UseWeeklyMaintenanceStartTime", Not(Equals(Select(str(7), Ref(fsx_options)), "NONE"))) # ================= Resources ================= fs = t.add_resource( FileSystem( "FileSystem", FileSystemType="LUSTRE", SubnetIds=[Ref(subnet_id)], SecurityGroupIds=[Ref(compute_security_group)], KmsKeyId=If(use_fsx_kms_key, Select(str(3), Ref(fsx_options)), NoValue), StorageCapacity=If(use_storage_capacity, Select(str(2), Ref(fsx_options)), NoValue), LustreConfiguration=LustreConfiguration( ImportedFileChunkSize=If(use_imported_file_chunk_size, Select(str(4), Ref(fsx_options)), NoValue), ExportPath=If(use_export_path, Select(str(5), Ref(fsx_options)), NoValue), ImportPath=If(use_import_path, Select(str(6), Ref(fsx_options)), NoValue), WeeklyMaintenanceStartTime=If(use_weekly_mainenance_start_time, Select(str(7), Ref(fsx_options)), NoValue), ), Condition=create_fsx, )) # ================= Outputs ================= t.add_output( Output( "FileSystemId", Description="ID of the FileSystem", Value=If(create_fsx, Ref(fs), Select("1", Ref(fsx_options))), )) # Specify output file path json_file_path = args.target_path output_file = open(json_file_path, "w") output_file.write(t.to_json()) output_file.close()
class Stack(cfn.Stack): """Cloudformation stack using troposphere resources.""" def __init__( self, stack_name: str, description: Optional[str] = None, cfn_role_arn: Optional[str] = None, deploy_session: Optional[Session] = None, dry_run: Optional[bool] = False, s3_bucket: Optional[str] = None, s3_key: Optional[str] = None, ) -> None: """Initialize Stack attributes. :param stack_name: stack name :param cfn_role_arn: role asssumed by cloud formation to create the stack :param deploy_session: AWS session to deploy non CloudFormation AWS resources (aka Assets) :param dry_run: True if the stack is not to be deployed. :param description: a description of the stack :param s3_bucket: s3 bucket used to store data needed by the stack :param s3_key: s3 prefix in s3_bucket in which data is stored """ super().__init__( stack_name, cfn_role_arn=cfn_role_arn, description=description, s3_bucket=s3_bucket, s3_key=s3_key, ) self.constructs: list[Construct | AWSObject] = [] self.deploy_session = deploy_session self.dry_run = dry_run self.template = Template() def add(self, element: Union[AWSObject, Construct, Stack]) -> Stack: """Add a Construct or AWSObject to the stack. :param element: if a resource an AWSObject or Construct add the resource to the stack. If a stack merge its resources into the current stack. """ if isinstance(element, Stack): constructs = element.constructs else: constructs = [element] # Add the new constructs (non expanded) self.constructs += constructs # Update the template resources = [] for construct in constructs: if isinstance(construct, Construct): resources += construct.resources(stack=self) if isinstance(construct, AWSObject): resources.append(construct) self.template.add_resource(resources) return self def add_condition(self, condition_name: str, condition: ConditionFunction) -> None: """Add condition to stack template. :param condition_name: name of the condition to add :param condition: condition to add """ self.template.add_condition(condition_name, condition) def cfn_policy_document(self) -> PolicyDocument: """Return stack necessary policy document for CloudFormation.""" result = PolicyDocument([]) for construct in self.constructs: if isinstance(construct, Construct): result += construct.cfn_policy_document(stack=self) return result def __getitem__(self, resource_name: str) -> AWSObject: """Return AWSObject associated with resource_name. :param resource_name: name of the resource to retrieve """ return self.template.resources[name_to_id(resource_name)] def export(self) -> dict: """Export stack as dict. :return: a dict that can be serialized as YAML to produce a template """ result = self.template.to_dict() if self.description is not None: result["Description"] = self.description return result def create_data_dir(self, root_dir: str) -> None: """Populate root_dir with data needed by all constructs in the stack. :param root_dir: the local directory in which to store the data """ for construct in self.constructs: if isinstance(construct, Construct): construct.create_data_dir(root_dir)
Type="Number", Default="5", MinValue="5", MaxValue="10000", ConstraintDescription="should be between 5 and 10000")) writeunits = template.add_parameter( Parameter("WriteCapacityUnits", Description="Provisioned write throughput", Type="Number", Default="10", MinValue="5", MaxValue="10000", ConstraintDescription="should be between 5 and 10000")) template.add_condition("OnDemand", Equals(Ref(on_demand), "true")) hashkeyname = template.add_parameter( Parameter( "HashKeyElementName", Description="HashType PrimaryKey Name", Type="String", AllowedPattern="[a-zA-Z0-9]*", MinLength="1", MaxLength="2048", ConstraintDescription="must contain only alphanumberic characters")) hashkeytype = template.add_parameter( Parameter("HashKeyElementType", Description="HashType PrimaryKey Type", Type="String",
def ssm_network(): template = Template() default_route = "0.0.0.0/0" vpc_cidr = "192.168.0.0/16" template.add_parameter(Parameter( "VpcCidr", Type="String", Description="Cidr block for VPC", MinLength="9", MaxLength="18", Default=vpc_cidr, AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", ConstraintDescription="Must match following pattern 'xxx.xxx.xxx.xxx/xx'" )) template.add_parameter(Parameter( "CreateEndpoints", Type="String", Description="Create VPC Endpoints", Default="No", AllowedValues=["Yes", "No"], ConstraintDescription="'Yes' or 'No' are only options" )) template.add_parameter(Parameter( "CreateNatGateway", Type="String", Description="Create NAT Gateway", Default="No", AllowedValues=["Yes", "No"], ConstraintDescription="'Yes' or 'No' are only options" )) conditions = { "CreateVpcEndpointsUpperYes": Equals( Ref("CreateEndpoints"), "Yes" ), "CreateVpcEndpointsLowerYes": Equals( Ref("CreateEndpoints"), "yes" ), "CreateVpcEndpoints": Or( Condition("CreateVpcEndpointsUpperYes"), Condition("CreateVpcEndpointsLowerYes") ), "CreateNatGatewayUpperYes": Equals( Ref("CreateNatGateway"), "Yes" ), "CreateNatGatewayLowerYes": Equals( Ref("CreateNatGateway"), "yes" ), "CreateNatGateway": Or( Condition("CreateNatGatewayUpperYes"), Condition("CreateNatGatewayLowerYes") ) } ssm_vpc = ec2.VPC( 'SsmVpc', CidrBlock=Ref("VpcCidr"), InstanceTenancy="default", EnableDnsHostnames=True, EnableDnsSupport=True, Tags=Tags( Name="SSM VPC" ) ) subnet_blocks = Cidr(GetAtt(ssm_vpc, "CidrBlock"), 256, 8) ssm_ig = ec2.InternetGateway( 'SsmIG', ) ssm_attach_gw = ec2.VPCGatewayAttachment( 'SsmAttachGateway', InternetGatewayId=Ref(ssm_ig), VpcId=Ref(ssm_vpc) ) ssm_public_subnet = ec2.Subnet( 'SsmPublicSubnet', DependsOn=ssm_attach_gw, AvailabilityZone=Select(0, GetAZs('')), CidrBlock=Select(0, subnet_blocks), VpcId=Ref(ssm_vpc), Tags=Tags( Name="Public Subnet" ) ) ssm_public_route_table = ec2.RouteTable( 'SsmPublicRouteTable', VpcId=Ref(ssm_vpc), ) ssm_public_route = ec2.Route( 'SsmPublicRoute', DestinationCidrBlock=default_route, GatewayId=Ref(ssm_ig), RouteTableId=Ref(ssm_public_route_table) ) ssm_public_subnet_route_table_association = ec2.SubnetRouteTableAssociation( 'SsmPublicSubnetRouteTableAssociation', RouteTableId=Ref(ssm_public_route_table), SubnetId=Ref(ssm_public_subnet) ) ssm_eip_nat_gateway = ec2.EIP( 'SsmEipNatGateway', Condition="CreateNatGateway" ) ssm_nat_gateway = ec2.NatGateway( 'SsmNatGateway', Condition="CreateNatGateway", DependsOn=ssm_eip_nat_gateway, SubnetId=Ref(ssm_public_subnet), AllocationId=GetAtt(ssm_eip_nat_gateway, "AllocationId"), ) ssm_private_subnet = ec2.Subnet( 'SsmPrivateSubnet', DependsOn=ssm_attach_gw, AvailabilityZone=Select(0, GetAZs('')), CidrBlock=Select(1, subnet_blocks), VpcId=Ref(ssm_vpc), Tags=Tags( Name="Private Subnet" ) ) ssm_private_route_table = ec2.RouteTable( 'SsmPrivateRouteTable', VpcId=Ref(ssm_vpc), ) ssm_private_route = ec2.Route( 'SsmPrivateRoute', Condition="CreateNatGateway", DestinationCidrBlock=default_route, NatGatewayId=Ref(ssm_nat_gateway), RouteTableId=Ref(ssm_private_route_table) ) ssm_private_subnet_route_table_association = ec2.SubnetRouteTableAssociation( 'SsmPrivateSubnetRouteTableAssociation', RouteTableId=Ref(ssm_private_route_table), SubnetId=Ref(ssm_private_subnet) ) ssm_sg_ingress_rules = [ ec2.SecurityGroupRule( ToPort=443, FromPort=443, IpProtocol="tcp", CidrIp=GetAtt(ssm_vpc, "CidrBlock") ) ] ssm_security_group = ec2.SecurityGroup( 'SsmSecurityGroup', GroupName="SsmSG", GroupDescription="SG for SSM usage", VpcId=Ref(ssm_vpc), SecurityGroupIngress=ssm_sg_ingress_rules ) ssm_s3e_vpc_endpoint = ec2.VPCEndpoint( 'SsmS3VpcEndpoint', Condition="CreateVpcEndpoints", RouteTableIds=[ Ref(ssm_private_route_table) ], ServiceName=vpc_endpoint("s3"), VpcId=Ref(ssm_vpc), VpcEndpointType="Gateway" ) ssm_ssm_vpc_endpoint = ec2.VPCEndpoint( 'SsmSsmVpcEndpoint', Condition="CreateVpcEndpoints", SubnetIds=[Ref(ssm_private_subnet)], ServiceName=vpc_endpoint("ssm"), VpcId=Ref(ssm_vpc), VpcEndpointType="Interface", SecurityGroupIds=[ Ref(ssm_security_group) ], PrivateDnsEnabled=True ) ssm_ssmmessages_vpc_endpoint = ec2.VPCEndpoint( 'SsmSsmMessagesVpcEndpoint', Condition="CreateVpcEndpoints", SubnetIds=[Ref(ssm_private_subnet)], ServiceName=vpc_endpoint("ssmmessages"), VpcId=Ref(ssm_vpc), VpcEndpointType="Interface", SecurityGroupIds=[ Ref(ssm_security_group) ], PrivateDnsEnabled=True ) ssm_ec2messages_vpc_endpoint = ec2.VPCEndpoint( 'SsmEc2MessagesVpcEndpoint', Condition="CreateVpcEndpoints", SubnetIds=[Ref(ssm_private_subnet)], ServiceName=vpc_endpoint("ec2messages"), VpcId=Ref(ssm_vpc), VpcEndpointType="Interface", SecurityGroupIds=[ Ref(ssm_security_group) ], PrivateDnsEnabled=True ) template.add_resource(ssm_vpc) template.add_resource(ssm_ig) template.add_resource(ssm_attach_gw) template.add_resource(ssm_eip_nat_gateway) template.add_resource(ssm_public_subnet) template.add_resource(ssm_public_route_table) template.add_resource(ssm_nat_gateway) template.add_resource(ssm_public_route) template.add_resource(ssm_public_subnet_route_table_association) template.add_resource(ssm_private_subnet) template.add_resource(ssm_private_route_table) template.add_resource(ssm_private_route) template.add_resource(ssm_private_subnet_route_table_association) template.add_resource(ssm_security_group) template.add_resource(ssm_s3e_vpc_endpoint) template.add_resource(ssm_ec2messages_vpc_endpoint) template.add_resource(ssm_ssm_vpc_endpoint) template.add_resource(ssm_ssmmessages_vpc_endpoint) for k in conditions: template.add_condition(k, conditions[k]) template.add_output(Output( 'SsmVpc', Description="VPC for SSM", Value=Ref(ssm_vpc), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-vpc"])) )) template.add_output(Output( 'SsmSg', Description="Security Group for SSM", Value=Ref(ssm_security_group), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-sg"])) )) template.add_output(Output( 'SsmPrivateSubnet', Description="Private Subnet for SSM", Value=Ref(ssm_private_subnet), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-private-subnet"])) )) template.add_output(Output( 'SsmPrivateRouteTable', Description="Private RouteTable for SSM", Value=Ref(ssm_private_route_table), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-private-route-table"])) )) with open(os.path.dirname(os.path.realpath(__file__)) + '/ssm_network.yml', 'w') as cf_file: cf_file.write(template.to_yaml()) return template.to_yaml()
"MasterUserPassword", Description="The password associated with the master user account for the " "redshift cluster that is being created.", Type="String", NoEcho=True, )) conditions = { "IsMultiNodeCluster": Equals( Ref("ClusterType"), "multi-mode" ), } for k in conditions: t.add_condition(k, conditions[k]) redshiftcluster = t.add_resource(Cluster( "RedshiftCluster", ClusterType=Ref("ClusterType"), NumberOfNodes=If("IsMultiNodeCluster", Ref("NumberOfNodes"), Ref("AWS::NoValue")), NodeType=Ref("NodeType"), DBName=Ref("DatabaseName"), MasterUsername=Ref("MasterUsername"), MasterUserPassword=Ref("MasterUserPassword"), ClusterParameterGroupName=Ref("RedshiftClusterParameterGroup"), VpcSecurityGroupIds=Ref("SecurityGroup"), ClusterSubnetGroupName=Ref("RedshiftClusterSubnetGroup"), ))
class Stack(object): def __init__(self): self.template = Template() self.template.add_version("2010-09-09") self.template.add_description("Create resources for the \ AWS account environment. Includes VPC, shared services and network elements") parameters = Parameters() vpc = Vpc(parameters=parameters) outputs = Outputs(vpc=vpc, parameters=parameters) for resource in parameters.values(): self.template.add_parameter(resource) # Condition to specify whether NAT gateways should be deployed (NAT GWs cost $$$) self.template.add_condition( "DeployNATGateways", Equals(Ref(parameters.DeployNATGateways), "true")) # Condition to specify whether to create a production route53 zone self.template.add_condition( "CreateProductionZone", Equals(Ref(parameters.Environment), "prod")) for resource in vpc.values(): self.template.add_resource(resource) for res in outputs.values(): self.template.add_output(res) self.template.add_metadata({ "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Availability Zones" }, "Parameters": ["AvailabilityZoneA", "AvailabilityZoneB"] }, { "Label": { "default": "Environment" }, "Parameters": ["Environment"] }, { "Label": { "default": "Domain" }, "Parameters": ["DomainName"] }, { "Label": { "default": "NAT Gateway" }, "Parameters": ["DeployNATGateways"] }, { "Label": { "default": "VPC" }, "Parameters": ["VPCCIDR"] }, { "Label": { "default": "Private Subnets" }, "Parameters": [ "GeneralPrivateSubnetACIDR", "GeneralPrivateSubnetBCIDR" ] }, { "Label": { "default": "Shared Services Public Subnets" }, "Parameters": [ "SharedServicesPublicSubnetACIDR", "SharedServicesPublicSubnetBCIDR" ] }, { "Label": { "default": "Shared Services Private Subnets" }, "Parameters": [ "SharedServicesPrivateSubnetACIDR", "SharedServicesPrivateSubnetBCIDR" ] }, { "Label": { "default": "Load Balancer Subnets" }, "Parameters": ["LBSubnetACIDR", "LBSubnetBCIDR"] }, ] } })
Description= 'The number of cache nodes that the cache cluster should have.', Type='Number', Default=1, MaxValue=16, MinValue=1)) # # Mapping # # # Condition # t.add_condition('CreateSecurityGroupCondition', Equals(Ref(param_sg), '')) # # Resources # cache_sg = t.add_resource( ec2.SecurityGroup( 'CacheSecurityGroup', Condition='CreateSecurityGroupCondition', VpcId=Ref(param_vpcid), GroupDescription='Enable cache access', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='6379',
Parameter( "S3BucketParameter", Type="String", Description= "Name of the S3 bucket where you uploaded the source code zip", )) source_zip_parameter = template.add_parameter( Parameter( "SourceZipParameter", Type="String", Default="backup-rds.zip", Description="Name of the zip file inside the S3 bucket", )) template.add_condition("UseAllDatabases", Equals(Join("", Ref(databases_to_use_parameter)), "")) template.add_condition( "UseEncryption", Equals(Ref(kms_key_parameter), ""), ) template.add_condition("IncludeAurora", Equals(Ref(include_aurora_clusters_parameter), "Yes")) template.add_metadata({ "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Basic configuration" }, "Parameters": [
# # Parameters # param_bucket_name = t.add_parameter( Parameter( 'BucketName', Description='Bucket name', Default='', Type='String', AllowedPattern=r'[-\.a-z0-9]*', )) # # Condition # t.add_condition('HasBucketName', Not(Equals(Ref(param_bucket_name), ''))) # # Resource # bucket = t.add_resource( s3.Bucket( 'Bucket', BucketName=If('HasBucketName', Ref(param_bucket_name), Ref(AWS_NO_VALUE)), LifecycleConfiguration=s3.LifecycleConfiguration(Rules=[ # Add a rule to s3.LifecycleRule( # Rule attributes Id='S3BucketRule1', Prefix='',
MinValue="5", MaxValue="10000", ConstraintDescription="should be between 5 and 10000" )) writeunits = template.add_parameter(Parameter( "WriteCapacityUnits", Description="Provisioned write throughput", Type="Number", Default="10", MinValue="5", MaxValue="10000", ConstraintDescription="should be between 5 and 10000" )) template.add_condition("OnDemand", Equals(Ref(on_demand), "true")) hashkeyname = template.add_parameter(Parameter( "HashKeyElementName", Description="HashType PrimaryKey Name", Type="String", AllowedPattern="[a-zA-Z0-9]*", MinLength="1", MaxLength="2048", ConstraintDescription="must contain only alphanumberic characters" )) hashkeytype = template.add_parameter(Parameter( "HashKeyElementType", Description="HashType PrimaryKey Type", Type="String",