def add_bucket_access(self, bucket_list):
"""Authorize access to a list of buckets using vpc endpoint.
Note that this just allow an instance in the vpc to ask access
to a given bucket through the endpoint. This does not change
the bucket policy.
The function creates also automatically the S3 VPC endpoint
on the first call.
:param bucket_list: list of bucket names
:type bucket_list: list[Bucket] | list[str]
"""
if self.name + 'S3EndPoint' not in self:
self.add(VPCEndpoint(self.name + 'S3EndPoint',
's3',
self.subnet.vpc,
[self.route_table],
PolicyDocument()))
for bucket in bucket_list:
if isinstance(bucket, Bucket):
bucket_name = bucket.ref
else:
bucket_name = bucket
self.s3_endpoint.policy_document.append(
Allow(to='s3:*',
on=[Join(['arn:aws:s3:::', bucket_name]),
Join(['arn:aws:s3:::', bucket_name, '/*'])],
apply_to=Principal(PrincipalKind.EVERYONE)))
def properties(self):
return {
"VpcId":
self.vpc.ref,
"ServiceName":
Join(["com.amazonaws.",
Ref("AWS::Region"), "." + self.service]),
"PolicyDocument":
self.policy_document.properties,
"RouteTableIds": [rt.ref for rt in self.route_tables],
}
def properties(self):
return {
'VpcId':
self.vpc.ref,
'ServiceName':
Join(["com.amazonaws.",
Ref("AWS::Region"), "." + self.service]),
'PolicyDocument':
self.policy_document.properties,
'RouteTableIds': [rt.ref for rt in self.route_tables]
}
def properties(self):
"""Serialize the object as a simple dict.
Can be used to transform to CloudFormation Yaml format.
:rtype: dict
"""
props = []
for kind, part in self.parts:
props.append('<%s>\n%s\n</%s>' % (kind, part, kind))
return Base64(Join(props))
def properties(self):
return {
"VpcId":
self.subnet.vpc.ref,
"ServiceName":
Join(["com.amazonaws.",
Ref("AWS::Region"), "." + self.service]),
"PolicyDocument":
self.policy_document.properties,
"PrivateDnsEnabled":
"true",
"VpcEndpointType":
"Interface",
"SubnetIds": [self.subnet.ref],
"SecurityGroupIds": [self.security_group.group_id],
}
def set_cfn_init(
self,
config="init",
cfn_init="/usr/local/bin/cfn-init",
resource=None,
metadata=None,
init_script="",
use_instance_role=False,
):
"""Add CFN init call on first boot of the instance.
:param config: name of the configset to be launch (default: init)
:type config: str
:param cfn_init: location of cfn-init on the instance
(default: /usr/local/bin/cfn-init)
:type cfn_init: str
:param resource: resource in which the metadata will be added. Default
is to use current resource
:type resource: str | None
:param metadata: dict conforming to AWS::CloudFormation::Init
specifications
:type metadata: dict | None
:param init_script: command to launch after cfn-init
:type init_script: powershell command for windows and bash command for
linuxes
"""
if resource is None:
resource = self.name
if use_instance_role:
cfn_init_options = Join([" --role ", self.instance_profile.role])
else:
cfn_init_options = ""
if self.image.is_windows:
self.add_user_data(
"powershell",
CFN_INIT_STARTUP_SCRIPT_WIN + init_script,
variables={
"Cfninit": cfn_init,
"Config": config,
"Resource": resource,
"CfninitOptions": cfn_init_options,
},
)
self.add_user_data("persist", "true")
else:
self.add_user_data(
"x-shellscript",
CFN_INIT_STARTUP_SCRIPT + init_script,
"init.sh",
variables={
"Cfninit": cfn_init,
"Config": config,
"Resource": resource,
"CfninitOptions": cfn_init_options,
},
)
if metadata is not None:
self.metadata["AWS::CloudFormation::Init"] = metadata