def test_templateCF_GenericLambdaEvents(self):
resources = {
'lambda_events': {
'testLambdaEvent': {
'batchsize': '100',
'enabled': 'true',
'sourcearn': 'someArn',
'lambda': 'lambdaFunctionName',
'startingposition': "LATEST",
},
},
}
expected = {
"testLambdaEvent": {
"Type": "AWS::Lambda::EventSourceMapping",
"Properties": {
"BatchSize": "100",
"Enabled": "true",
"EventSourceArn": "someArn",
"FunctionName": "lambdaFunctionName",
"StartingPosition": "LATEST"
}
}
}
actual = templateCF(resources, 'resources')
self.maxDiff = None
self.assertDictEqual(actual, expected)
def test_templateCF_RestAPI(self):
resources = {
'apigateway': {
'testapi': {
'name': API_NAME,
'description': 'test description',
'failOnWarnings': True,
'deployments': {
'deployment': {},
},
}
}
}
expected = {
'testapi': {
'Type': 'AWS::ApiGateway::RestApi',
'Properties': {
'Description': 'test description',
'FailOnWarnings': 'true',
'Name': API_NAME,
},
},
'deployment': DEFAULT_API_DEPLOYMENT,
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_TestEvent(self):
target = {
'id': 'fooId',
'arn': 'fooRef',
}
resources = {
'events': {
'testevent': {
'name': EVENT_NAME,
'description': 'test description',
'schedule': 'rate(10 minutes)',
'targets': [target],
}
}
}
testevent = resources['events']['testevent']
expected = {
'testevent': {
'Type': 'AWS::Events::Rule',
'Properties': {
'ScheduleExpression': testevent['schedule'],
'Targets': [
{
'Id': target['id'],
'Arn': {'Fn::GetAtt': [target['arn'], "Arn"]},
}
],
'Description': testevent['description'],
'Name': testevent['name'],
},
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_EFSMount(self):
resources = {
'efsmount': {
'testefsmount': {
'filesystemid': 'testfsid',
'ipaddress': '1.2.3.4',
'securitygroupid': 'sg-1234567',
'subnetid': 'sub-1234567'
}
}
}
expected = {
'testefsmount': {
'Type': 'AWS::EFS::MountTarget',
'Properties': {
'FileSystemId': {
'Fn::ImportValue': {
'Fn::Sub': [
'${EFSStack}-EFS-testfsid',
{
'EFSStack': {
'Ref': 'EFSStack'
}
}
]
}
},
'IpAddress': '1.2.3.4',
'SecurityGroups': [
{
'Fn::ImportValue': {
'Fn::Sub': [
'${SecurityStack}-SecGroup-sg-1234567',
{
'SecurityStack': {
'Ref': 'SecurityStack'
}
}
]
}
}
],
'SubnetId': {
'Fn::ImportValue': {
'Fn::Sub': [
'${VPCStack}-Subnet-sub-1234567',
{
'VPCStack': {
'Ref': 'VPCStack'
}
}
]
}
}
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_Athena_NamedQuery(self):
resources = {
"athena_namedquery": {
"samplequery": {
"description": "samplequery",
"querystring":
"SELECT workflowname, AVG(activitytaskstarted) AS AverageWorkflow FROM swfmetadata WHERE year='17' AND GROUP BY workflowname ORDER BY AverageWorkflow DESC LIMIT 10",
"database": "sampledb",
"name": "SampleQuery"
}
}
}
expected = {
"samplequery": {
"Properties": {
"Database":
"sampledb",
"Description":
"samplequery",
"Name":
"SampleQuery",
"QueryString":
"SELECT workflowname, AVG(activitytaskstarted) AS AverageWorkflow FROM swfmetadata WHERE year='17' AND GROUP BY workflowname ORDER BY AverageWorkflow DESC LIMIT 10"
},
"Type": "AWS::Athena::NamedQuery"
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_EFS(self):
resources = {
'efs': {
'testefs': {
'tags': {
'tagname1': 'tagval1',
'tagname2': 'tagval2'
},
'performancemode': 'generalPurpose'
}
}
}
expected = {
'testefs': {
'Type': 'AWS::EFS::FileSystem',
'Properties': {
'FileSystemTags': [
{
'Key': 'tagname2',
'Value': 'tagval2'
},
{
'Key': 'tagname1',
'Value': 'tagval1'
}
],
'PerformanceMode': 'generalPurpose'
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_RedshiftParametersGroup(self):
resources = {
'redshift_paramsgroup': {
'testparamgroup': {
'description': 'someparamgroup',
'groupfamily': 'aurora5.6',
'parameters': {
'testparamname1': 'testparamval1',
'testparamname2': 'testparamval2'
}
}
}
}
expected = {
'testparamgroup': {
'Type': 'AWS::Redshift::ClusterParameterGroup',
'Properties': {
'Description':
'someparamgroup',
'ParameterGroupFamily':
'aurora5.6',
'Parameters': [{
'ParameterName': 'testparamname1',
'ParameterValue': 'testparamval1'
}, {
'ParameterName': 'testparamname2',
'ParameterValue': 'testparamval2'
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_EIP(self):
resources = {'eip': {'test1', 'test2.3-4'}}
expected = {
'test1EIP': {
'Type': 'AWS::EC2::EIP',
'Properties': {
'InstanceId': {
'Ref': 'test1'
},
'Domain': 'vpc'
}
},
'test234EIP': {
'Type': 'AWS::EC2::EIP',
'Properties': {
'InstanceId': {
'Ref': 'test234'
},
'Domain': 'vpc'
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_GenericDynamoDbTables(self):
resources = {
'dynamodb_tables': {
'testTable': {
'name': 'testTable',
'attributes': [{
'name': 'keyAttribute',
'type': 'S'
}],
'key_schema': [
{
'name': 'keyAttribute',
'type': 'HASH'
},
],
'throughput': {
'read_units': 10,
'write_units': 1
},
'stream': {
'type': "NEW_IMAGE"
},
},
},
}
expected = {
"testTable": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"AttributeDefinitions": [
{
"AttributeName": "keyAttribute",
"AttributeType": "S"
},
],
"KeySchema": [
{
"AttributeName": "keyAttribute",
"KeyType": "HASH"
},
],
"ProvisionedThroughput": {
"ReadCapacityUnits": "10",
"WriteCapacityUnits": "1"
},
"StreamSpecification": {
"StreamViewType": "NEW_IMAGE"
},
"TableName":
"testTable"
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_DMSSubnet(self):
resources = {
'dms_subnetgroup': {
'TestDMSSubnetGroup': {
'description': 'Some Description...',
'subnets': ['testsubnet1', 'testsubnet2'],
'tags': {
'testtagkey1': 'testtagval1',
'testtagkey2': 'testtagval2'
}
}
}
}
expected = {
'TestDMSSubnetGroup': {
'Type': 'AWS::DMS::ReplicationSubnetGroup',
'Properties': {
'ReplicationSubnetGroupIdentifier':
'TestDMSSubnetGroup',
'ReplicationSubnetGroupDescription':
'Some Description...',
'SubnetIds': [{
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-Subnet-testsubnet1", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
}, {
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-Subnet-testsubnet2", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
}],
'Tags': [{
'Key': 'testtagkey1',
'Value': 'testtagval1'
}, {
'Key': 'testtagkey2',
'Value': 'testtagval2'
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_ConfigRule(self):
resources = {
'config_rule': {
'ConfigPublicPortCheck': {
'name': 'ConfigPublicPortCheck',
'description': 'Check for Public Ports on Security Groups',
'inputparams': {
"AllowedPorts": [80, 443]
},
'maxfrequency': 'One_Hour',
'source': {
'owner': 'CUSTOM_LAMBDA',
'details': {
'aws.config': {
'frequency': 'One_Hour',
'messagetype': 'ScheduledNotification'
}
},
'sourceid': 'configpublicportscheck'
}
}
}
}
expected = {
"ConfigPublicPortCheck": {
"Properties": {
"ConfigRuleName": "ConfigPublicPortCheck",
"Description": "Check for Public Ports on Security Groups",
"InputParameters": {
"AllowedPorts": [80, 443]
},
"MaximumExecutionFrequency": "One_Hour",
"Source": {
"Owner":
"CUSTOM_LAMBDA",
"SourceDetails": [{
"EventSource":
"aws.config",
"MaximumExecutionFrequency":
"One_Hour",
"MessageType":
"ScheduledNotification"
}],
"SourceIdentifier":
"configpublicportscheck"
}
},
"Type": "AWS::Config::ConfigRule"
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_ElastiCache(self):
resources = {
'elasticache': {
'SimpleElastiCache': {
'name': 'some redis',
'cacheSubnetGroup': 'subnetGroup1',
'secgroups': ['securityGroup1']
}
}
}
expected = {
'SimpleElastiCache': {
'Type': 'AWS::ElastiCache::CacheCluster',
'Properties': {
'CacheNodeType':
'cache.t2.micro',
'ClusterName':
'some redis',
'Engine':
'redis',
'NumCacheNodes':
1,
'CacheSubnetGroupName': {
'Fn::ImportValue': {
'Fn::Sub': [
'${CacheSubnetStack}-ElastiCache-subnetGroup1-Subnet',
{
'CacheSubnetStack': {
'Ref': 'CacheSubnetStack'
}
}
]
}
},
'VpcSecurityGroupIds': [{
'Fn::ImportValue': {
'Fn::Sub': [
'${SecurityStack}-SecGroup-securityGroup1', {
'SecurityStack': {
'Ref': 'SecurityStack'
}
}
]
}
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_Route53Zone(self):
resources = {
'route53_zone': {
'testr53zone': {
'name': 'example.com',
'comment': 'testzonecomment',
'hostedzone': {
'Name': 'testname',
'Tag2': 'testtagstuff'
},
'vpcs': {
'vpc-12345678': 'ap-southeast-2',
'vpc-87654321': 'us-west-2'
}
}
}
}
expected = {
'testr53zone': {
'Type': 'AWS::Route53::HostedZone',
'Properties': {
'HostedZoneConfig': {
'Comment': 'testzonecomment'
},
'HostedZoneTags': [
{
'Key': 'Name',
'Value': 'testname'
},
{
'Key': 'Tag2',
'Value': 'testtagstuff'
}
],
'VPCs': [
{
'VPCId': 'vpc-87654321',
'VPCRegion': 'us-west-2'
},
{
'VPCId': 'vpc-12345678',
'VPCRegion': 'ap-southeast-2'
}
],
'Name': 'example.com'
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_ElastiCacheSubnet(self):
resources = {
'elasticachesubnet': {
'TestElastiCacheSubnet': {
'name': 'Some Name',
'description': 'Some Description...',
'subnets': ['testsubnet1', 'testsubnet2']
}
}
}
expected = {
'TestElastiCacheSubnet': {
'Type': 'AWS::ElastiCache::SubnetGroup',
'Properties': {
'CacheSubnetGroupName':
'Some Name',
'Description':
'Some Description...',
'SubnetIds': [{
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-Subnet-testsubnet1", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
}, {
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-Subnet-testsubnet2", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_SNSTopicPolicy(self):
resources = {
'snstopic': {
'test1': {
'policy': 'snsTopicPolicyDocument1',
'topics': [
'topic1',
'topic2'
]
}
}
}
expected = {
'test1': {
'Type': 'AWS::SNS::TopicPolicy',
'Properties': {
'PolicyDocument': 'snsTopicPolicyDocument1',
'Topics': [{
'Fn::ImportValue': {
'Fn::Sub': [
'${SNSStack}-SNS-topic1', {
'SNSStack': {
'Ref': 'SNSStack'
}
}
]
}
}, {
'Fn::ImportValue': {
'Fn::Sub': [
'${SNSStack}-SNS-topic2', {
'SNSStack': {
'Ref': 'SNSStack'
}
}
]
}
}]
}
}
}
self.maxDiff = None
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_ACM(self):
resources = {
"certificatemanager": {
"shopkablamocomau": {
"domainname": "shop.kablamo.com.au",
"domainvalidationoptions": {
"shop.kablamo.com.au": "kablamo.com.au",
"www.shop.kablamo.com.au": "kablamo.com.au"
},
"subjectalternativenames": ["www.shop.kablamo.com.au"],
"tags": {
"Name": "Shop Certificate"
}
}
}
}
expected = {
"shopkablamocomau": {
"Properties": {
"DomainName":
"shop.kablamo.com.au",
"DomainValidationOptions": [{
"DomainName":
"www.shop.kablamo.com.au",
"ValidationDomain":
"kablamo.com.au"
}, {
"DomainName":
"shop.kablamo.com.au",
"ValidationDomain":
"kablamo.com.au"
}],
"SubjectAlternativeNames": ["www.shop.kablamo.com.au"],
"Tags": [{
"Key": "Name",
"Value": "Shop Certificate"
}]
},
"Type": "AWS::CertificateManager::Certificate"
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_DMSInstance(self):
resources = {
'dms_instance': {
'myDMS': {
'replicationinstanceclass': 'dms.t2.small'
},
},
}
expected = {
"myDMSInstance": {
"Type": "AWS::DMS::ReplicationInstance",
"Properties": {
"ReplicationInstanceClass": "dms.t2.small"
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_RedshiftSubnetGroup(self):
resources = {
'redshift_subnetgroup': {
'testsubnetgroup': {
'description': 'somesubnetgroup',
'subnets': ['subnet1', 'subnet2']
}
}
}
expected = {
'testsubnetgroup': {
'Type': 'AWS::Redshift::ClusterSubnetGroup',
'Properties': {
'Description':
'somesubnetgroup',
'SubnetIds': [{
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-Subnet-subnet1", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
}, {
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-Subnet-subnet2", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_RDSParameterGroup(self):
resources = {
'rdsparamsgroup': {
'TestRDSParamGroup': {
'description': 'Some Description...',
'family': 'MySQL5.1',
'parameters': {
'testparamkey1': 'testparamval1',
'testparamkey2': 'testparamval2'
},
'tags': {
'testtagkey1': 'testtagval1',
'testtagkey2': 'testtagval2'
}
}
}
}
expected = {
'TestRDSParamGroup': {
'Type': 'AWS::RDS::DBParameterGroup',
'Properties': {
'Description':
'Some Description...',
'Family':
'MySQL5.1',
'Parameters': {
'testparamkey1': 'testparamval1',
'testparamkey2': 'testparamval2'
},
'Tags': [{
'Key': 'testtagkey1',
'Value': 'testtagval1'
}, {
'Key': 'testtagkey2',
'Value': 'testtagval2'
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_Methods(self):
method = {
'apiKeyRequired': True,
'authorizationType': 'NONE',
'authorizerId': 'authID',
'httpMethod': 'ANY',
'resource': 'testResource',
}
resources = {
'apigateway': {
'testapi': {
'name': API_NAME,
'methods': {
'testGetMethod': method,
},
'deployments': {
'deployment': {},
},
}
}
}
expected = {
'testapi': DEFAULT_API,
'deployment': DEFAULT_API_DEPLOYMENT,
'testGetMethod': {
'Type': "AWS::ApiGateway::Method",
'Properties': {
'ApiKeyRequired': 'true',
'AuthorizationType': method['authorizationType'],
'AuthorizerId': method['authorizerId'],
'HttpMethod': method['httpMethod'],
'ResourceId': {
'Ref': method['resource']
},
'RestApiId': {
'Ref': 'testapi'
},
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_Outputs(self):
resources = {
'apigateway': {
'testapi': {},
}
}
expected = {
'testapi': {
'Export': {
'Name': {
'Fn::Sub': '${AWS::StackName}-API-testapi'
}
},
'Value': {
'Ref': 'testapi'
},
'Description': 'testapi API gateway',
},
}
actual = templateCF(resources, 'outputs')
self.assertDictEqual(actual, expected)
def test_templateCF_KMS(self):
resources = {
'kms': {
'testkey': {
'description': 'testkeydescription',
'enabled': True,
'rotation': True,
'policy': '{ "somejsonobj": "something" }',
'aliasname': 'testkeyalias'
}
}
}
expected = {
'testkey': {
'Type': 'AWS::KMS::Key',
'Properties': {
'Description': 'testkeydescription',
'Enabled': 'true',
'EnableKeyRotation': 'true',
'KeyPolicy': {
'somejsonobj': 'something'
}
}
},
'testkeyAlias': {
'Type': 'AWS::KMS::Alias',
'Properties': {
'AliasName': 'alias/testkeyalias',
'TargetKeyId': {
'Ref': 'testkey'
}
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_SQS(self):
resources = {
'sqs': {
'testQueue': {
'name': 'testQueueName',
'delay': 20,
'maxsize': 10,
'retention': 1024,
'waittime': 30,
'redirectpolicy': {
'deadletterqueue': 'abc',
'count': 3
},
'visibilitytimeout': 60
}
}
}
expected = {
"testQueue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"DelaySeconds": "20",
"MaximumMessageSize": "10",
"MessageRetentionPeriod": "1024",
"QueueName": "testQueueName",
"ReceiveMessageWaitTimeSeconds": "30",
"RedrivePolicy": {
"deadLetterTargetArn": {"Fn::GetAtt": ["abc", "Arn"]},
"maxReceiveCount": "3"
},
"VisibilityTimeout": "60"
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_RedshiftCluster(self):
resources = {
'redshift': {
'simplecluster': {
'clustersubnetgroupname': 'testclustersubnetgroupname',
'dbname': 'testdbname',
'masterusername': '******',
'nodetype': 'dw.hs1.xlarge',
'maintenancewindow': '21:30-22:00',
'secgroupid': ['sg-1234567']
},
'complexcluster': {
'allowupgrade': True,
'automatedsnapshotretentionperiod': 300,
'az': 'ap-southeast-2c',
'clusterparamsgroup': 'testclusterparamsgroup',
'clustersubnetgroupname': 'testclustersubnetgroupname',
'clustertype': 'multi-node',
'clusterversion': '1.2.3',
'dbname': 'testdbname',
'eip': '1.2.3.4',
'encrypted': False,
'hsmclientcertificateidentifier': 'testhsmclientcertid',
'hsmconfigurationidentifier': 'testhsmconfigid',
'iamroles': ['iamrole1', 'iamrole2'],
'kmskeyid': 'testkmskeyid',
'masterusername': '******',
'nodetype': 'dw.hs1.xlarge',
'numberofnodes': 4,
'owneraccount': '123456789012',
'port': '45439',
'maintenancewindow': '21:30-22:00',
'public': True,
'snapshotidentifier': 'snap-12345678',
'snapshotclusteridentifier': 'snap-87654321',
'secgroupid': ['sg-1234567', 'sg-7654321']
}
}
}
expected = {
'simplecluster': {
'Type': 'AWS::Redshift::Cluster',
'Properties': {
'ClusterSubnetGroupName': {
'Fn::ImportValue': {
'Fn::Sub': [
'${RedshiftSubnetGroupStack}-Subnet-testclustersubnetgroupname',
{
'RedshiftSubnetGroupStack': {
'Ref': 'RedshiftSubnetGroupStack'
}
}
]
}
},
'DBName': 'testdbname',
'Encrypted': 'true',
'MasterUsername': '******',
'MasterUserPassword': {
'Ref': 'DBPassword'
},
'NodeType': 'dw.hs1.xlarge',
'Port': 5439,
'PreferredMaintenanceWindow': '21:30-22:00',
'PubliclyAccessible': 'false',
'VpcSecurityGroupIds': ['sg-1234567']
}
},
'complexcluster': {
'Type': 'AWS::Redshift::Cluster',
'Properties': {
'AllowVersionUpgrade':
'true',
'AutomatedSnapshotRetentionPeriod':
'300',
'AvailabilityZone':
'ap-southeast-2c',
'ClusterParameterGroupName': {
'Fn::ImportValue': {
'Fn::Sub': [
'${RedshiftParamsGroupStack}-ParamsGroup-testclusterparamsgroup',
{
'RedshiftParamsGroupStack': {
'Ref': 'RedshiftParamsGroupStack'
}
}
]
}
},
'ClusterSubnetGroupName': {
'Fn::ImportValue': {
'Fn::Sub': [
'${RedshiftSubnetGroupStack}-Subnet-testclustersubnetgroupname',
{
'RedshiftSubnetGroupStack': {
'Ref': 'RedshiftSubnetGroupStack'
}
}
]
}
},
'ClusterType':
'multi-node',
'ClusterVersion':
'1.2.3',
'DBName':
'testdbname',
'ElasticIp':
'1.2.3.4',
'Encrypted':
'false',
'HsmClientCertificateIdentifier':
'testhsmclientcertid',
'HsmConfigurationIdentifier':
'testhsmconfigid',
'IamRoles': [{
"Fn::ImportValue": {
"Fn::Sub": [
"${IAMRoleStack}-iamrole1", {
"IAMRoleStack": {
"Ref": "IAMRoleStack"
}
}
]
}
}, {
"Fn::ImportValue": {
"Fn::Sub": [
"${IAMRoleStack}-iamrole2", {
"IAMRoleStack": {
"Ref": "IAMRoleStack"
}
}
]
}
}],
'KmsKeyId': {
'Fn::ImportValue': {
'Fn::Sub': [
'${KMSStack}-KMS-testkmskeyid', {
'KMSStack': {
'Ref': 'KMSStack'
}
}
]
}
},
'MasterUsername':
'******',
'MasterUserPassword': {
'Ref': 'DBPassword'
},
'NodeType':
'dw.hs1.xlarge',
'NumberOfNodes':
4,
'OwnerAccount':
'123456789012',
'Port':
45439,
'PreferredMaintenanceWindow':
'21:30-22:00',
'PubliclyAccessible':
'true',
'SnapshotClusterIdentifier':
'snap-87654321',
'SnapshotIdentifier':
'snap-12345678',
'VpcSecurityGroupIds': ['sg-1234567', 'sg-7654321']
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_MicrosoftAD(self):
resources = {
'microsoftad': {
'testad': {
'createalias': True,
'enablesso': True,
'name': 'example.com',
'password': '******',
'shortname': 'ABC',
'subnets': ['subnet1', 'subnet2']
}
}
}
expected = {
'testad': {
'Type': 'AWS::DirectoryService::MicrosoftAD',
'Properties': {
'CreateAlias': 'true',
'EnableSso': 'true',
'Name': 'example.com',
'Password': '******',
'ShortName': 'ABC',
'VpcSettings': {
'SubnetIds': [{
'Fn::ImportValue': {
'Fn::Sub': [
'${VPCStack}-Subnet-subnet1', {
'VPCStack': {
'Ref': 'VPCStack'
}
}
]
}
}, {
'Fn::ImportValue': {
'Fn::Sub': [
'${VPCStack}-Subnet-subnet2', {
'VPCStack': {
'Ref': 'VPCStack'
}
}
]
}
}],
'VpcId': {
'Fn::ImportValue': {
'Fn::Sub': [
'${VPCStack}-VPC-VPCid', {
'VPCStack': {
'Ref': 'VPCStack'
}
}
]
}
}
}
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_SecurityGroups(self):
resources = {
'securitygroups': {
'StuffSecurity': {
'sg_description':
'The stuff security group',
'ingress':
[['icmp', -1, -1, 'VPCCIDR'],
['icmp', -1, -1, 'SydIpRange'],
['tcp', 5432, 5432, 'StuffSecurity', 'SG_REF_VPC']],
'egress': [['icmp', -1, -1, 'CoreIpRange'],
['tcp', 21, 21, 'GlobalIpRange'],
['tcp', 22, 22, 'GlobalIpRange']]
}
}
}
expected = {
"StuffSecurity": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Fn::ImportValue": {
"Fn::Sub": [
"${VPCStack}-VPCid", {
"VPCStack": {
"Ref": "VPCStack"
}
}
]
}
},
"Tags": [{
"Key": "Name",
"Value": "StuffSecurity"
}],
"GroupDescription":
"The stuff security group",
"SecurityGroupIngress": [{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": {
"Ref": "VPCCIDR"
}
}, {
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": {
"Ref": "SydIpRange"
}
}, {
"IpProtocol": "tcp",
"FromPort": "5432",
"ToPort": "5432",
"SourceSecurityGroupId": {
"Ref": "StuffSecurity"
}
}],
"SecurityGroupEgress": [{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": {
"Ref": "CoreIpRange"
}
}, {
"IpProtocol": "tcp",
"FromPort": "21",
"ToPort": "21",
"CidrIp": {
"Ref": "GlobalIpRange"
}
}, {
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "GlobalIpRange"
}
}]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_ElasticSearch(self):
self.maxDiff = None
resources = {
"elasticsearch": {
"ElasticSearchTest": {
"version": 5.5,
"dedicatedmaster": True,
"instancecount": 4,
"instancetype": "m4.large.elasticsearch",
"mastertype": "m4.large.elasticsearch",
"mastercount": 2,
"zoneid": "testaws",
"zonesuffix": "test.aws",
"ebsoptions": {
"iops": 0,
"size": 60,
"type": "gp2"
},
"snapshotoptions": {
"AutomatedSnapshotStartHour": 0
},
"advancedoptions": {
"rest.action.multi.allow_explicit_index": "true"
},
"policy": {
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}
}
}
}
expected = {
"ElasticSearchTest": {
"Properties": {
"AccessPolicies": {
"Statement": [{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}],
"Version":
"2012-10-17"
},
"AdvancedOptions": {
"rest.action.multi.allow_explicit_index": "true"
},
"DomainName": "ElasticSearchTest",
"EBSOptions": {
"EBSEnabled": "true",
"Iops": 0,
"VolumeSize": 60,
"VolumeType": "gp2"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": "2",
"DedicatedMasterEnabled": "true",
"DedicatedMasterType": "m4.large.elasticsearch",
"InstanceCount": "4",
"InstanceType": "m4.large.elasticsearch",
"ZoneAwarenessEnabled": "true"
},
"ElasticsearchVersion": "5.5",
"SnapshotOptions": {
"AutomatedSnapshotStartHour": "0"
}
},
"Type": "AWS::Elasticsearch::Domain"
},
"ElasticSearchTestDNS": {
"Properties": {
"Comment":
"ElasticSearchTest Records by default",
"HostedZoneId": {
"Fn::ImportValue": {
"Fn::Sub": [
"${DNSStack}-Route53-testaws-Zone", {
"DNSStack": {
"Ref": "DNSStack"
}
}
]
}
},
"RecordSets": [{
"Name":
"ElasticSearchTest.es.test.aws",
"ResourceRecords": [{
"Fn::GetAtt":
["ElasticSearchTest", "DomainEndpoint"]
}],
"SetIdentifier":
"ElasticSearchTest.es.test.aws",
"TTL":
"60",
"Type":
"CNAME",
"Weight":
"10"
}]
},
"Type": "AWS::Route53::RecordSetGroup"
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_IAMPolicies(self):
resources = {
'iam_policies': {
'Policies': [
{
'Name': 'SimplePolicy',
'PolicyDocument': "{\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n}"
},
{
'Name': 'ComplexPolicy',
'PolicyDocument': "{\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n}",
'ManagedPolicys': [
'Policy1',
'Policy2'
],
'Roles': [
'Role1',
'Role2'
],
'Groups': [
'Group1',
'Group2'
]
}
]
}
}
expected = {
'SimplePolicy': {
'Type': 'AWS::IAM::Policy',
'Properties': {
'PolicyName': 'SimplePolicy',
'PolicyDocument': {
'Version': '2012-10-17',
'Statement': [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
}
},
'ComplexPolicy': {
'Type': 'AWS::IAM::Policy',
'Properties': {
'PolicyName': 'ComplexPolicy',
'PolicyDocument': {
'Version': '2012-10-17',
'Statement': [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
},
'ManagedPolicyArns': [
'arn:aws:iam::aws:policy/Policy1',
'arn:aws:iam::aws:policy/Policy2'
],
'Roles': [
{
'Fn::ImportValue': {
'Fn::Sub': 'Role1'
}
},
{
'Fn::ImportValue': {
'Fn::Sub': 'Role2'
}
}
],
'Groups': [
{
'Fn::ImportValue': {
'Fn::Sub': 'Group1'
}
},
{
'Fn::ImportValue': {
'Fn::Sub': 'Group2'
}
}
]
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_IAMUsersGroups(self):
resources = {
'iam_users': {
'Users': {
'IAM-F.Last': {
'Groups': [
'NormalGroup'
]
},
'IAM-F.Last2': {
'Groups': [
'NormalGroup',
'MissingGroup'
]
},
'IAM-F.Last3': {
'Groups': [
]
}
},
'Groups': {
'NormalGroup': {
},
'UnassignedGroup': {
}
}
}
}
expected = {
'IAMFLast': {
'Type': 'AWS::IAM::User',
'Properties': {
'Groups': [
{
'Ref': 'NormalGroup'
}
],
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/Users/'
]
]
},
'UserName': '******'
}
},
'IAMFLast2': {
'Type': 'AWS::IAM::User',
'Properties': {
'Groups': [
{
'Ref': 'NormalGroup'
},
{
'Ref': 'MissingGroup'
}
],
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/Users/'
]
]
},
'UserName': '******'
}
},
'IAMFLast3': {
'Type': 'AWS::IAM::User',
'Properties': {
'Groups': [
],
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/Users/'
]
]
},
'UserName': '******'
}
},
'NormalGroup': {
'Type': 'AWS::IAM::Group',
'Properties': {
'GroupName': 'NormalGroup',
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/Groups/'
]
]
}
}
},
'UnassignedGroup': {
'Type': 'AWS::IAM::Group',
'Properties': {
'GroupName': 'UnassignedGroup',
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/Groups/'
]
]
}
}
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
def test_templateCF_IAMRolesInstanceProfiles(self):
resources = {
'iam_roles': {
'Roles': {
'SimpleRole': {
'RoleName': 'SimpleRole',
'ReverseTrust': [
'arn:aws:iam::123456789012:root'
]
},
'ComplexRole': {
'RoleName': 'ComplexRole',
'ManagedPolicys': [
'Policy1',
'Policy2'
],
'MFA_Required': True,
'ReverseTrust': [
'arn:aws:iam::123456789012:root',
'arn:aws:iam::987654321098:root'
],
'DependsOn': 'SimpleRole'
}
},
'InstanceProfiles': {
'SimpleInstProf': {
'RoleName': 'SimpleInstProf',
'Type': 'ec2'
},
'ComplexInstProf': {
'RoleName': 'ComplexInstProf',
'Type': 'ec2',
'ManagedPolicys': [
'Policy3',
'Policy4'
]
}
}
}
}
expected = {
'SimpleRole': {
'Type': 'AWS::IAM::Role',
'Properties': {
'AssumeRolePolicyDocument': {
'Version': '2012-10-17',
'Statement': [{
'Effect': 'Allow',
'Principal': {
'AWS': [
'arn:aws:iam::123456789012:root'
]
},
'Action': [
'sts:AssumeRole'
]
}]
},
'RoleName': 'SimpleRole'
}
},
'ComplexRole': {
'Type': 'AWS::IAM::Role',
'Properties': {
'ManagedPolicyArns': [
'arn:aws:iam::aws:policy/Policy1',
'arn:aws:iam::aws:policy/Policy2'
],
'AssumeRolePolicyDocument': {
'Version': '2012-10-17',
'Statement': [{
'Effect': 'Allow',
'Principal': {
'AWS': [
'arn:aws:iam::123456789012:root',
'arn:aws:iam::987654321098:root'
]
},
'Condition': {
'Bool': {
'aws:MultiFactorAuthPresent': 'true'
}
},
'Action': [
'sts:AssumeRole'
]
}]
},
'RoleName': 'ComplexRole'
},
'DependsOn': 'SimpleRole'
},
'SimpleInstProf': {
'Type': 'AWS::IAM::Role',
'Properties': {
'AssumeRolePolicyDocument': {
'Version': '2012-10-17',
'Statement': [{
'Effect': 'Allow',
'Principal': {
'Service': 'ec2.amazonaws.com'
},
'Action': ['sts:AssumeRole']
}]
},
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/InstanceRoles/'
]
]
},
'RoleName': 'SimpleInstProf'
}
},
'SimpleInstProfInstanceProfile': {
'Type': 'AWS::IAM::InstanceProfile',
'Properties': {
'InstanceProfileName': 'SimpleInstProf',
'Roles': [{
'Ref': 'SimpleInstProf'
}]
},
'DependsOn': 'SimpleInstProf'
},
'ComplexInstProf': {
'Type': 'AWS::IAM::Role',
'Properties': {
'AssumeRolePolicyDocument': {
'Version': '2012-10-17',
'Statement': [{
'Effect': 'Allow',
'Principal': {
'Service': 'ec2.amazonaws.com'
},
'Action': ['sts:AssumeRole']
}]
},
'ManagedPolicyArns': [
'arn:aws:iam::aws:policy/Policy3',
'arn:aws:iam::aws:policy/Policy4'
],
'Path': {
'Fn::Join': [
'', [
'/', {
'Ref': 'AccountName'
},
'/IAM/InstanceRoles/'
]
]
},
'RoleName': 'ComplexInstProf'
}
},
'ComplexInstProfInstanceProfile': {
'Type': 'AWS::IAM::InstanceProfile',
'Properties': {
'InstanceProfileName': 'ComplexInstProf',
'Roles': [{
'Ref': 'ComplexInstProf'
}]
},
'DependsOn': 'ComplexInstProf'
}
}
actual = templateCF(resources, 'resources')
self.assertDictEqual(actual, expected)
