def generate_template(description=None, **settings): """ """ if description is None: description = 'VPC template generated via CFN Macro' template = Template(description) template.set_metadata({ 'Author': 'https://github.com/johnpreston', 'Version': __version__, 'Date': dt.utcnow().isoformat() }) vpc = add_vpc(template, **settings['Properties']) if 'VpcSettings' in settings.keys(): vpc_settings = settings['VpcSettings'] if 'DhcpOptions' in vpc_settings.keys(): add_dhcp_options(template, vpc, **vpc_settings['DhcpOptions']) if KEYISSET('PublicVpc', vpc_settings): add_gateway(template, vpc) if KEYISSET('UseCloudMap', vpc_settings): add_vpcmap(tpl, vpc) if KEYISSET('SubnetsLayers', settings): subnets_settings = settings['SubnetsLayers'] add_subnets(template, vpc, settings['Properties']['VpcCidr'], subnet_settings, vpc_settings['AvailabilityZones'])
def create_template(description, metadata, outputs, resources): """Creates troposphere template.""" template = Template() template.set_description(description) template.set_metadata(metadata) template.add_output(outputs) for resource in resources: template.add_resource(resource) return template
def init_template(description=None): """Function to initialize the troposphere base template :param description: Description used for the CFN :type description: str :returns: template :rtype: Template """ if description is not None: template = Template(description) else: template = Template(f"Template generated by ECS ComposeX") template.set_metadata({"GeneratedOn": DATE}) template.set_version() return template
def init_template(description=None): """Function to initialize the troposphere base template :param description: Description used for the CFN :type description: str :returns: template :rtype: Template """ if description is not None: template = Template(description) else: template = Template("Template generated by ECS ComposeX") template.set_metadata( deepcopy({ "Type": "ComposeX", "Properties": { "Version": version, "GeneratedOn": DATE }, })) template.set_version() return template
def generate_template(environment): ''' Generates the required template based on the given environment. Parameters: environment: str The environment for which the template is to be generated. Ex: Experimental, Development, Production Returns: template: obj A Template(troposphere) object with all the requiured attributes. ''' template = Template() template.set_description('Service VPC') template.set_metadata({ "DependsOn": [], "Environment": environment, "StackName": f'{environment}-VPC' }) internet_gateway = template.add_resource( InternetGateway("InternetGateway", Tags=Tags(Environment=environment, Name=f'{environment}-InternetGateway'))) vpc = template.add_resource( VPC("VPC", CidrBlock="10.0.0.0/16", EnableDnsHostnames=True, EnableDnsSupport=True, InstanceTenancy="default", Tags=Tags(Environment=environment, Name=f'{environment}-ServiceVPC'))) gateway_attachment = template.add_resource( VPCGatewayAttachment("VpcGatewayAttachment", InternetGatewayId=Ref(internet_gateway), VpcId=Ref(vpc))) network_acl = template.add_resource( NetworkAcl( "VpcNetworkAcl", VpcId=Ref(vpc), Tags=Tags(Environment=environment, Name=f'{environment}-NetworkAcl'), )) network_acl_inbound_rule = template.add_resource( NetworkAclEntry("VpcNetworkAclInboundRule", CidrBlock="0.0.0.0/0", Egress=False, NetworkAclId=Ref(network_acl), PortRange=PortRange(To='443', From='443'), Protocol=6, RuleAction="allow", RuleNumber=100)) network_acl_outbound_rule = template.add_resource( NetworkAclEntry("VpcNetworkAclOutboundRule", CidrBlock="0.0.0.0/0", Egress=True, NetworkAclId=Ref(network_acl), Protocol=6, RuleAction="allow", RuleNumber=200)) template.add_output([ Output("InternetGateway", Value=Ref(internet_gateway)), Output("VPCID", Value=Ref(vpc)) ]) return template
from troposphere import Template, Parameter, Output, Export, Ref, Equals, Sub from troposphere import ec2 t = Template() t.set_version() t.set_description('Template generated by Troposphere') t.set_metadata({ 'Comments': 'Initial Draft', 'LastUpdated': 'Jan 1st 2015', 'UpdatedBy': 'First Last', 'Version': 'V1.0', 'Instances': { 'Description': 'Information about the instances' }, 'Databases': { 'Description': 'Information about the databases' } }) p_environment = t.add_parameter( Parameter( 'Environment', Description='Environment into which the EC2 instance will be deployed', Type='String')) t.add_parameter( Parameter( 'KeyName', Description='Name of an existing EC2 KeyPair to enable SSH ' 'access to the instance',
from troposphere import Template t = Template() t.set_description("Example to show adding a Metadata section to the template") t.set_metadata({ "Comments": "Initial Draft", "LastUpdated": "Jan 1st 2015", "UpdatedBy": "First Last", "Version": "V1.0", }) print(t.to_json())
from troposphere.kms import (Key as KmsKey, Alias as KmsAlias) from troposphere.s3 import ( Bucket, LifecycleConfiguration, LifecycleRule, LifecycleRuleTransition, VersioningConfiguration, AbortIncompleteMultipartUpload, BucketEncryption, SseKmsEncryptedObjects, SourceSelectionCriteria, ServerSideEncryptionRule, ServerSideEncryptionByDefault, ReplicationConfiguration, ReplicationConfigurationRules, ReplicationConfigurationRulesDestination, EncryptionConfiguration) from ozone.resources.iam.roles import role_trust_policy TPL = Template('Template to create Replicated Bucket') TPL.set_metadata({ 'Author': 'https://github.com/johnpreston', 'Date': dt.utcnow().isoformat() }) SOURCE_REGION = TPL.add_parameter( Parameter('SourceRegion', Type='String', AllowedValues=[ region['RegionName'] for region in client('ec2').describe_regions()['Regions'] ])) REPLICA_REGION = TPL.add_parameter( Parameter('ReplicaRegion', Type='String', AllowedValues=[ region['RegionName']
# Common tags to tag AWS Resources with common_tags = dict( Environment='ApiDev', Owner='Foo industries', Service='ServiceVPC', VPC='Dev' ) # The CloudFormation template for "stack_dev" template = Template(Description="Service VPC - used for services") template.set_metadata({ "Build": "development", "DependsOn": [], "Environment": "ApiDev", "Revision": "develop", "StackName": "ApiDev-Dev-VPC", "StackType": "InfrastructureResource", "TemplateBucket": "cfn-apidev", "TemplateName": "VPC", "TemplatePath": "ApiDev/Dev/VPC" }) def tags(resource_name): """ Returns common tags along with custom name tag for each kind of resource type. Parameters: resource_name: str Name of resource
def generate_vpc_template(layers, az_count, cidr_block): TPL = Template() TPL.set_description('VPC - Version 2019-06-05') TPL.set_metadata({'Author': 'https://github.com/johnpreston'}) VPC = VPCType('VPC', CidrBlock=cidr_block, EnableDnsHostnames=True, EnableDnsSupport=True, Tags=Tags(Name=Ref('AWS::StackName'), EnvironmentName=Ref('AWS::StackName'))) IGW = InternetGateway("InternetGateway") IGW_ATTACH = VPCGatewayAttachment("VPCGatewayAttachement", InternetGatewayId=Ref(IGW), VpcId=Ref(VPC)) DHCP_OPTIONS = DHCPOptions('VpcDhcpOptions', DomainName=Sub(f'${{AWS::StackName}}.local'), DomainNameServers=['AmazonProvidedDNS'], Tags=Tags(Name=Sub(f'DHCP-${{{VPC.title}}}'))) DHCP_ATTACH = VPCDHCPOptionsAssociation('VpcDhcpOptionsAssociate', DhcpOptionsId=Ref(DHCP_OPTIONS), VpcId=Ref(VPC)) DNS_HOSTED_ZONE = HostedZone( 'VpcHostedZone', VPCs=[HostedZoneVPCs(VPCId=Ref(VPC), VPCRegion=Ref('AWS::Region'))], Name=Sub(f'${{AWS::StackName}}.local'), HostedZoneTags=Tags(Name=Sub(f'ZoneFor-${{{VPC.title}}}'))) TPL.add_resource(VPC) TPL.add_resource(IGW) TPL.add_resource(IGW_ATTACH) TPL.add_resource(DHCP_OPTIONS) TPL.add_resource(DHCP_ATTACH) TPL.add_resource(DNS_HOSTED_ZONE) STORAGE_RTB = TPL.add_resource( RouteTable('StorageRtb', VpcId=Ref(VPC), Tags=Tags(Name='StorageRtb'))) STORAGE_SUBNETS = [] for count, subnet_cidr in zip(az_count, layers['stor']): subnet = Subnet( f'StorageSubnet{alpha[count].upper()}', CidrBlock=subnet_cidr, VpcId=Ref(VPC), AvailabilityZone=Sub(f'${{AWS::Region}}{alpha[count]}'), Tags=Tags(Name=Sub(f'${{AWS::StackName}}-Storage-{alpha[count]}'), Usage="Storage")) subnet_assoc = TPL.add_resource( SubnetRouteTableAssociation( f'StorageSubnetAssoc{alpha[count].upper()}', SubnetId=Ref(subnet), RouteTableId=Ref(STORAGE_RTB))) STORAGE_SUBNETS.append(subnet) TPL.add_resource(subnet) PUBLIC_RTB = TPL.add_resource( RouteTable('PublicRtb', VpcId=Ref(VPC), Tags=Tags(Name='PublicRtb'))) PUBLIC_ROUTE = TPL.add_resource( Route('PublicDefaultRoute', GatewayId=Ref(IGW), RouteTableId=Ref(PUBLIC_RTB), DestinationCidrBlock='0.0.0.0/0')) PUBLIC_SUBNETS = [] NAT_GATEWAYS = [] for count, subnet_cidr in zip(az_count, layers['pub']): subnet = Subnet( f'PublicSubnet{alpha[count].upper()}', CidrBlock=subnet_cidr, VpcId=Ref(VPC), AvailabilityZone=Sub(f'${{AWS::Region}}{alpha[count]}'), MapPublicIpOnLaunch=True, Tags=Tags(Name=Sub(f'${{AWS::StackName}}-Public-{alpha[count]}'))) eip = TPL.add_resource( EIP(f"NatGatewayEip{alpha[count].upper()}", Domain='vpc')) nat = NatGateway(f"NatGatewayAz{alpha[count].upper()}", AllocationId=GetAtt(eip, 'AllocationId'), SubnetId=Ref(subnet)) subnet_assoc = TPL.add_resource( SubnetRouteTableAssociation( f'PublicSubnetsRtbAssoc{alpha[count].upper()}', RouteTableId=Ref(PUBLIC_RTB), SubnetId=Ref(subnet))) NAT_GATEWAYS.append(nat) PUBLIC_SUBNETS.append(subnet) TPL.add_resource(nat) TPL.add_resource(subnet) APP_SUBNETS = [] APP_RTBS = [] for count, subnet_cidr, nat in zip(az_count, layers['app'], NAT_GATEWAYS): SUFFIX = alpha[count].upper() subnet = Subnet( f'AppSubnet{SUFFIX}', CidrBlock=subnet_cidr, VpcId=Ref(VPC), AvailabilityZone=Sub(f'${{AWS::Region}}{alpha[count]}'), Tags=Tags(Name=Sub(f'${{AWS::StackName}}-App-{alpha[count]}'))) APP_SUBNETS.append(subnet) rtb = RouteTable(f'AppRtb{alpha[count].upper()}', VpcId=Ref(VPC), Tags=Tags(Name=f'AppRtb{alpha[count].upper()}')) APP_RTBS.append(rtb) route = Route(f'AppRoute{alpha[count].upper()}', NatGatewayId=Ref(nat), RouteTableId=Ref(rtb), DestinationCidrBlock='0.0.0.0/0') subnet_assoc = SubnetRouteTableAssociation( f'SubnetRtbAssoc{alpha[count].upper()}', RouteTableId=Ref(rtb), SubnetId=Ref(subnet)) TPL.add_resource(subnet) TPL.add_resource(rtb) TPL.add_resource(route) TPL.add_resource(subnet_assoc) APP_S3_ENDPOINT = VPCEndpoint( 'AppS3Endpoint', VpcId=Ref(VPC), RouteTableIds=[Ref(rtb) for rtb in APP_RTBS], ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'), VpcEndpointType='Gateway', ) PUBLIC_S3_ENDPOINT = VPCEndpoint( 'PublicS3Endpoint', VpcId=Ref(VPC), RouteTableIds=[Ref(PUBLIC_RTB)], ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'), VpcEndpointType='Gateway', ) STORAGE_S3_ENDPOINT = VPCEndpoint( 'StorageS3Endpoint', VpcId=Ref(VPC), RouteTableIds=[Ref(STORAGE_RTB)], ServiceName=Sub('com.amazonaws.${AWS::Region}.s3'), VpcEndpointType='Gateway') RESOURCES = [] for count in az_count: resource = TPL.add_resource(EIP(f'Eip{count}', Domain='vpc')) RESOURCES.append(resource) TPL.add_resource(APP_S3_ENDPOINT) TPL.add_resource(PUBLIC_S3_ENDPOINT) TPL.add_resource(STORAGE_S3_ENDPOINT) SG_RULES = [] for subnet in layers['app']: RULE = SecurityGroupRule( IpProtocol="tcp", FromPort="443", ToPort="443", CidrIp=subnet, ) SG_RULES.append(RULE) ENDPOINT_SG = TPL.add_resource( SecurityGroup( 'VpcEndpointSecurityGroup', VpcId=Ref(VPC), GroupDescription='SG for all Interface VPC Endpoints', SecurityGroupIngress=SG_RULES, Tags=Tags(Name="sg-endpoints"), )) APP_SNS_ENDPOINT = VPCEndpoint( 'AppSNSEndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.sns'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_SNS_ENDPOINT) APP_SQS_ENDPOINT = VPCEndpoint( 'AppSQSEndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.sqs'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_SQS_ENDPOINT) APP_ECR_API_ENDPOINT = VPCEndpoint( 'AppECRAPIEndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.ecr.api'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_ECR_API_ENDPOINT) APP_ECR_DKR_ENDPOINT = VPCEndpoint( 'AppECRDKREndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.ecr.dkr'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_ECR_DKR_ENDPOINT) APP_SECRETS_MANAGER_ENDPOINT = VPCEndpoint( 'AppSecretsManagerEndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.secretsmanager'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_SECRETS_MANAGER_ENDPOINT) APP_SSM_ENDPOINT = VPCEndpoint( 'AppSSMEndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.ssm'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_SSM_ENDPOINT) APP_SSM_MESSAGES_ENDPOINT = VPCEndpoint( 'AppSSMMessagesEndpoint', VpcId=Ref(VPC), SubnetIds=[Ref(subnet) for subnet in APP_SUBNETS], SecurityGroupIds=[GetAtt(ENDPOINT_SG, 'GroupId')], ServiceName=Sub('com.amazonaws.${AWS::Region}.ssmmessages'), VpcEndpointType='Interface', PrivateDnsEnabled=True) TPL.add_resource(APP_SSM_MESSAGES_ENDPOINT) ################################################################################ # # OUTPUTS # TPL.add_output(object_outputs(VPC, name_is_id=True)) TPL.add_output(object_outputs(APP_SQS_ENDPOINT, name_is_id=True)) TPL.add_output(object_outputs(APP_SNS_ENDPOINT, name_is_id=True)) TPL.add_output( comments_outputs([{ 'EIP': Join(',', [GetAtt(resource, "AllocationId") for resource in RESOURCES]) }, { 'PublicSubnets': Join(',', [Ref(subnet) for subnet in PUBLIC_SUBNETS]) }, { 'StorageSubnets': Join(',', [Ref(subnet) for subnet in STORAGE_SUBNETS]) }, { 'ApplicationSubnets': Join(',', [Ref(subnet) for subnet in APP_SUBNETS]) }, { 'StackName': Ref('AWS::StackName') }, { 'VpcZoneId': Ref(DNS_HOSTED_ZONE) }])) return TPL
class EnvironmentTemplate: def __init__(self, Env=os.environ.get('ENV', 'Development')): self.env = Env url_config = os.getcwd() + '/config/config.ini' p = MyParser() self.config = p.readconfig(url_config, self.env) self.template = Template() self.template.set_description("Service VPC") self.template.set_metadata({ "DependsOn": [], "Environment": Env, "StackName": "%s-VPC" % Env }) self.vpc = None self.gateway = None self.gateway_attachment = None """ private method to set tags for the resources""" def __set_tags(self, name): tags = [{ "Key": "Environment", "Value": self.env }, { "Key": "Name", "Value": "%s-%s" % (self.env, name) }] return tags """ create gateway within the vpc""" def create_gateway(self, name=GATEWAY): self.gateway = self.template.add_resource( ec2.InternetGateway(name, Tags=self.__set_tags("InternetGateway"))) self.template.add_output(Output( GATEWAY_ID, Value=self.gateway.Ref(), )) self.gateway_attachment = self.template.add_resource( ec2.VPCGatewayAttachment( VPC_GATEWAYATTACHMENT, VpcId=self.vpc.Ref(), InternetGatewayId=self.gateway.Ref(), )) """ create vpc n/w access list,inboud and outbound rule""" def create_network(self): self.vpc_nw_acl = self.template.add_resource( ec2.NetworkAcl(VPC_NETWORK_ACCESS_LIST, VpcId=self.vpc.Ref(), Tags=self.__set_tags("NetworkAcl"))) self.inbound_rule = self.template.add_resource( ec2.NetworkAclEntry(VPC_NETWORK_ACL_INBOUND_RULE, NetworkAclId=self.vpc_nw_acl.Ref(), RuleNumber=100, Protocol="6", PortRange=PortRange(To="443", From="443"), Egress="false", RuleAction="allow", CidrBlock="0.0.0.0/0")) self.outbound_rule = self.template.add_resource( ec2.NetworkAclEntry(VPC_NETWORK_ACL_OUTBOUND_RULE, NetworkAclId=self.vpc_nw_acl.Ref(), RuleNumber=200, Protocol="6", Egress="true", RuleAction="allow", CidrBlock="0.0.0.0/0")) """ create vpc for given template""" def create_vpc(self, name=VPC_NAME): self.vpc = self.template.add_resource( ec2.VPC(name, CidrBlock=self.config['vpc_cidrblock'], EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy="default", Tags=self.__set_tags("ServiceVPC"))) # Just about everything needs this, so storing it on the object self.template.add_output(Output(VPC_ID, Value=self.vpc.Ref())) """ write template json to the file""" def write_to_file(self, filename): with open(filename, 'w') as f: f.write( json.dumps(json.loads(self.template.to_json()), indent=2, sort_keys=True))