def _create_from_arguments(self, name, number_of_availability_zones):
# type: (str, int) -> None
"""
Creates a new Network from the constructor arguments (i.e. not from a
VPC that already exists).
:param name: The name of the new network
:param number_of_availability_zones: The number of AZs to create subnets in
:return: None
"""
number_of_availability_zones = number_of_availability_zones or 2
if number_of_availability_zones < 1 or number_of_availability_zones >= 4:
raise RunError(
"Unsupported number of available zones for Network: " +
str(number_of_availability_zones))
self.use_private_subnets = self.use_private_subnets or False
vpc = ec2.Vpc(name,
cidr_block="10.10.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
"Name": name,
},
__opts__=ResourceOptions(parent=self))
self.vpc_id = vpc.id
self.security_group_ids = [vpc.default_security_group_id]
internet_gateway = ec2.InternetGateway(
name,
vpc_id=vpc.id,
tags={
"Name": name,
},
__opts__=ResourceOptions(parent=self))
public_route_table = ec2.RouteTable(
name,
vpc_id=vpc.id,
routes=[{
"cidrBlock": "0.0.0.0/0",
"gatewayId": internet_gateway.id
}],
tags={"Name": name},
__opts__=ResourceOptions(parent=self))
self.subnet_ids = []
self.public_subnet_ids = []
for i in range(number_of_availability_zones):
route_table, subnet = self._create_subnet(name, public_route_table,
i)
# pylint: disable=unused-variable
route_table_association = ec2.RouteTableAssociation(
"%s-%d" % (name, i),
subnet_id=subnet.id,
route_table_id=route_table.id,
__opts__=ResourceOptions(parent=self))
self.subnet_ids.append(subnet.id)
def routeTablePub(vpc, gateway):
resp = ec2.RouteTable("Pulumi Public Route Table", vpc_id=vpc)
route1 = ec2.Route(
"Default Out",
destination_cidr_block="0.0.0.0/0",
gateway_id=gateway,
route_table_id=resp,
)
return resp
def _create_public_subnet_route_table(self, vpcid):
# create the public subnet for the NAT
ig_name = "%s-ig" % self.name
internet_gateway = ec2.InternetGateway(
ig_name,
vpc_id=vpcid,
tags=self.vpc_tags,
__opts__=ResourceOptions(parent=self))
rt_name = "%s-public-rt" % self.name
public_route_table = ec2.RouteTable(
rt_name,
vpc_id=vpcid,
routes=[{
"cidrBlock": "0.0.0.0/0",
"gatewayId": internet_gateway.id
}],
__opts__=ResourceOptions(parent=self))
return public_route_table.id
def _create_private_subnet_route_table(self, public_subnet_id, vpcid):
eip_name = "%s-nat-eip" % self.name
nat_name = "%s-nat" % self.name
eip = ec2.Eip(eip_name, __opts__=ResourceOptions(parent=self))
nat_gateway = ec2.NatGateway(nat_name,
subnet_id=public_subnet_id,
allocation_id=eip.id,
tags=self.vpc_tags,
__opts__=ResourceOptions(parent=self))
rt_name = "%s-private-rt" % self.name
private_route_table = ec2.RouteTable(
rt_name,
vpc_id=vpcid,
routes=[{
"cidrBlock": "0.0.0.0/0",
"gatewayId": nat_gateway.id
}],
__opts__=ResourceOptions(parent=self))
return private_route_table.id
def routeTablePriv():
reps = ec2.RouteTable("")
})
# https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/ec2/#RouteTableArgs-routes
# FIXED! s/destination_cidr_block/cidr_block/g
# the routeID has got the routeTableID embedded in it somehow
# routeID r-rtb-0bc47b98495839d0d1080289494
# routeTableID rtb-0bc47b98495839d0d
# TODO does it make sense to have `public_subnet_` in the name of a route
# table? _Maybe_ just `public_rt` but even that seems a bit overspecified.
public_subnet_rt = ec2.RouteTable(
resource_name='new-public-subnet-rt',
vpc_id=vpc.id,
tags={
'Name': 'infra public route table (front-back-autoscaling)',
'Creator': 'timc'
})
# AWS: source-based routing. To get closer to a specific destination CIDR,
# forward traffic to corresponding target, e.g.,
#
# Destination Target
# 10.0.0.0/16 Local
# 172.31.0.0/16 pcx-1a2b3c4d
# 0.0.0.0/0 igw-11aa22bb
# AKA 'new-igw-route'
public_route = ec2.Route(resource_name='new-public-route',
destination_cidr_block='0.0.0.0/0',
igw = ec2.InternetGateway(
'vpc-ig',
vpc_id=vpc.id,
tags={
'Name': 'template-vpc-ig',
},
)
eks_route_table = ec2.RouteTable(
'vpc-route-table',
vpc_id=vpc.id,
routes=[
ec2.RouteTableRouteArgs(
cidr_block='0.0.0.0/0',
gateway_id=igw.id,
)
],
tags={
'Name': 'template-vpc-rt',
},
)
## Subnets, one for each AZ in a region
zones = get_availability_zones()
subnet_ids = []
for zone in zones.names:
vpc_subnet = ec2.Subnet(
f'vpc-subnet-{zone}',
public_subnet_cidrs = config.require_object("public_subnet_cidrs")
zones_amount = config.require_int("zones_amount")
zones = utils.get_aws_az(zones_amount)
vpc = ec2.Vpc("pulumi-vpc",
cidr_block=config.require("vpc_cidr"),
tags={"Name": "pulumi-vpc"})
igw = ec2.InternetGateway("pulumi-igw", vpc_id=vpc.id)
public_rt = ec2.RouteTable(
"pulumi-public-rt",
vpc_id=vpc.id,
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": igw.id
}],
tags={"Name": "pulumi-public-rt"},
)
public_subnet_ids = []
private_subnet_ids = []
for zone, public_subnet_cidr, private_subnet_cidr in zip(
zones, private_subnet_cidrs, public_subnet_cidrs):
### public stuff
public_subnet = ec2.Subnet(
f"pulumi-public-subnet-{zone}",
import pulumi
from pulumi import Output
from pulumi_aws import elasticloadbalancingv2, get_availability_zones, ec2
vpc = ec2.Vpc('test',
cidr_block="10.13.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True)
internet_gateway = ec2.InternetGateway('test', vpc_id=vpc.id)
route_table = ec2.RouteTable('test',
vpc_id=vpc.id,
routes=[{
"cidrBlock": "0.0.0.0/0",
"gatewayId": internet_gateway.id
}])
zones = Output.from_input(get_availability_zones())
zone_names = zones.apply(lambda zs: zs.names)
subnet0 = ec2.Subnet(
"test0",
vpc_id=vpc.id,
availability_zone=zone_names.apply(lambda names: names[0]),
cidr_block="10.13.0.0/24",
map_public_ip_on_launch=True)
subnet1 = ec2.Subnet(
"test1",
def __init__(self):
resource_specs = ParseYAML(resource_type).getSpecs()
aws_vpc_id = VPCs.VPCId()
aws_igw_id = InternetGateways.InternetGatewayId()
aws_natgw_id = NATGateways.NATGatewayId()
aws_subnet_id = Subnets.SubnetId()
for rtb_name, rtb_configuration in resource_specs.items():
# AWS Route Table Variables
resource_name = rtb_name
resource_vpc = rtb_configuration["vpc"]
resource_tags = None
resource_tags = rtb_configuration[
"tags"] if "tags" in rtb_configuration else None
# Getting list of tags from configuration file
tags_list = {}
if resource_tags is not None:
for each_tag_name, each_tag_value in resource_tags.items():
tags_list.update({each_tag_name: each_tag_value})
# Adding mandatory tags
tags_list.update({"Name": resource_name})
tags_list.update({
"Project/Stack":
pulumi.get_project() + "/" + pulumi.get_stack()
})
tags_list.update(resource_mandatory_tags)
this_vpc = aws_vpc_id[str(resource_vpc)]
#
# Create Route Table
#
aws_rtb = rtb.RouteTable(resource_name,
vpc_id=this_vpc,
tags=tags_list)
rtb_ids_dict.update({aws_rtb._name: aws_rtb.id})
# Export the name of each Route Table
pulumi.export(aws_rtb._name, aws_rtb.id)
#
# Route Table Routes
#
# Routes list
routes_list = []
for each_route_entry, each_route_entry_configuration in rtb_configuration[
"routes"].items():
# NAT Gateways
if each_route_entry_configuration[
"target_type"] == "nat_gateway":
this_natgw = aws_natgw_id[str(
each_route_entry_configuration["target"])]
routes_list.append(
rtb.Route(
(each_route_entry + "-route"),
route_table_id=aws_rtb.id,
destination_cidr_block=
each_route_entry_configuration["destination"],
nat_gateway_id=this_natgw))
# Internet Gateways
elif each_route_entry_configuration[
"target_type"] == "internet_gateway":
this_igw = aws_igw_id[str(
each_route_entry_configuration["target"])]
routes_list.append(
rtb.Route(
(each_route_entry + "-route"),
route_table_id=aws_rtb.id,
destination_cidr_block=
each_route_entry_configuration["destination"],
gateway_id=this_igw), )
else:
print("ERROR | Unsupported 'target_type' found")
for each_route_type in routes_list:
# print(each_route_entry)
rtb_route = (
each_route_type
# opts = pulumi.ResourceOptions(depends_on=[aws_rtb[resource_name]])
)
#
# Subnet Associations
#
# Checking if route-table: key is present
resource_associated_subnet = None
resource_associated_subnet = rtb_configuration[
"associated_subnets"] if "associated_subnets" in rtb_configuration else None
# If the key is present then we'll get the value
# and we'll invoke the association
if resource_associated_subnet is not None:
subnets_count = 0
for each_associated_subnet in resource_associated_subnet:
subnets_count = subnets_count + 1
this_subnet = aws_subnet_id[str(each_associated_subnet)]
route_table_association = rtb.RouteTableAssociation(
(resource_name + "-rtb-as-" +
str(subnets_count).zfill(2)),
subnet_id=this_subnet,
route_table_id=aws_rtb.id)
# Export the name of each Route Table Association
pulumi.export(route_table_association._name,
route_table_association.id)
def _create_subnet(self, network_name, public_route_table, az_id):
"""
Creates a subnet in the network with the given name and using the
given public route table to access the internet. The new subnet
is created in the AZ with the given AZ index.
:param network_name: The name of the network being created
:param public_route_table: The route table to connect this subnet to the internet
:param az_id: The AZ ID for this new subnet
:return: A tuple of a public route table that this subnet will use to connect to the
internet and the new subnet itself. If this subnet is private, the route table will
point to a public NAT gateway that is connected to the new private subnet.
"""
# type: (str, ec2.RouteTable, int) -> (ec2.RouteTable, ec2.Subnet)
subnet_name = "%s-%d" % (network_name, az_id)
# Create the subnet for this AZ - either public or private
subnet = ec2.Subnet(
subnet_name,
vpc_id=self.vpc_id,
availability_zone=get_aws_az(az_id),
cidr_block="10.10.%d.0/24" % az_id,
map_public_ip_on_launch=not self.use_private_subnets,
# Only assign public IP if we are exposing public subnets
tags={
"Name": subnet_name,
},
__opts__=ResourceOptions(parent=self))
# We will use a different route table for this subnet depending on
# whether we are in a public or private subnet
if self.use_private_subnets:
# We need a public subnet for the NAT Gateway
nat_name = "%s-nat-%d" % (network_name, az_id)
nat_gateway_public_subnet = ec2.Subnet(
nat_name,
vpc_id=self.vpc_id,
availability_zone=get_aws_az(az_id),
# Use top half of the subnet space
cidr_block="10.10.%d.0/24" % (az_id + 64),
# Always assign a public IP in NAT subnet
map_public_ip_on_launch=True,
tags={"Name": nat_name},
__opts__=ResourceOptions(parent=self))
# And we need to route traffic from that public subnet to the Internet Gateway
nat_gateway_routes = ec2.RouteTableAssociation(
nat_name,
subnet_id=nat_gateway_public_subnet.id,
route_table_id=public_route_table.id,
__opts__=ResourceOptions(parent=self))
self.public_subnet_ids.append(nat_gateway_public_subnet.id)
# We need an Elastic IP for the NAT Gateway
eip = ec2.Eip(nat_name, __opts__=ResourceOptions(parent=self))
# And we need a NAT Gateway to be able to access the Internet
nat_gateway = ec2.NatGateway(
nat_name,
subnet_id=nat_gateway_public_subnet.id,
allocation_id=eip.id,
tags={"Name": nat_name},
__opts__=ResourceOptions(parent=self,
depends_on=[nat_gateway_routes]))
nat_route_table = ec2.RouteTable(
nat_name,
vpc_id=self.vpc_id,
routes=[{
"cidrBlock": "0.0.0.0/0",
"natGatewayId": nat_gateway.id
}],
tags={"Name": network_name},
__opts__=ResourceOptions(parent=self))
# Route through the NAT gateway for the private subnet
return nat_route_table, subnet
self.public_subnet_ids.append(subnet.id)
return public_route_table, subnet
def setup_vpc():
# Create a VPC
vpc_config = Config().require_object("vpc_config")
vpc = ec2.Vpc("chatapp-vpc",
cidr_block=vpc_config['cidr'],
enable_dns_hostnames=True,
enable_dns_support=True)
# Create public subnet to place NGW
public_subnet = ec2.Subnet("PublicSubnet",
vpc_id=vpc.id,
cidr_block=vpc_config['public_subnet_cidr'],
availability_zone="ap-southeast-1a")
# Create private subnets 1 and 2 for rds and redis clusters
private_subnet_1 = ec2.Subnet(
"PrivateSubnet1",
vpc_id=vpc.id,
cidr_block=vpc_config['private_subnet_1_cidr'],
availability_zone="ap-southeast-1b")
private_subnet_2 = ec2.Subnet(
"PrivateSubnet2",
vpc_id=vpc.id,
cidr_block=vpc_config['private_subnet_2_cidr'],
availability_zone="ap-southeast-1c")
# Create internet gateway
inet_gw = ec2.InternetGateway(
"inet-gateway",
vpc_id=vpc.id,
)
# create NAT gateway
elastic_ip = ec2.Eip("eip1",
opts=ResourceOptions(delete_before_replace=True))
nat_gw = ec2.NatGateway("nat-gateway",
subnet_id=public_subnet.id,
allocation_id=elastic_ip.id)
# Create private routed route-table
private_subnet_route_table = ec2.RouteTable("privatesubnetroutetable",
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": nat_gw.id
}],
vpc_id=vpc.id)
# Create public routed route-table
public_subnet_route_table = ec2.RouteTable("publicsubnetroutetable",
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": inet_gw.id
}],
vpc_id=vpc.id)
# Attach route tables to subnets
ec2.RouteTableAssociation("PrivateSubnetRT1",
subnet_id=private_subnet_1.id,
route_table_id=private_subnet_route_table.id)
ec2.RouteTableAssociation("PrivateSubnetRT2",
subnet_id=private_subnet_2.id,
route_table_id=private_subnet_route_table.id)
ec2.RouteTableAssociation("PublicSubnetRT",
subnet_id=public_subnet.id,
route_table_id=public_subnet_route_table.id)
return dict(vpc=vpc, private_subnets=[private_subnet_1, private_subnet_2])
ingress=[
ec2.SecurityGroupIngressArgs(
protocol="tcp",
from_port=80,
to_port=80,
cidr_blocks=["0.0.0.0/0"])
])
vpc = ec2.Vpc("myvpc", cidr_block="10.0.0.0/16")
igw = ec2.InternetGateway("myinternetgateway", vpc_id=vpc.id)
public_route_table = ec2.RouteTable("myroutetable",
routes=[
ec2.RouteTableRouteArgs(
cidr_block="0.0.0.0/0",
gateway_id=igw.id)
],
vpc_id=vpc.id)
## ECR
repository = ecr.Repository("myrepository")
repository_policy = ecr.RepositoryPolicy(
"myrepositorypolicy",
repository=repository.id,
policy=json.dumps({
"Version":
"2012-10-17",
"Statement": [{
cidr_block=str(subnet_cidrs[k]),
map_public_ip_on_launch=True if i == 'public' else False,
vpc_id=vpc.id,
tags={
'Name': f"{i}{j}",
'Environment': _env,
'Tier': i
}
)
k += 1
rtb_pub = ec2.RouteTable(
f"{APP}-rtb-pub",
vpc_id=vpc.id,
tags={
'Name': 'rtb-pub',
'Environment': _env
}
)
rte_pub = ec2.Route(
f"{APP}-rte-pub",
destination_cidr_block="0.0.0.0/0",
gateway_id=igw.id,
route_table_id=rtb_pub.id
)
for i in subnets["public"]:
ec2.RouteTableAssociation(
f"{APP}-rtb-assoc-pub{i}",
route_table_id=rtb_pub.id,
security_group = ec2.SecurityGroup("mysecuritygroup",
ingress=[{
"protocol": "tcp",
"from_port": 80,
"to_port": 80,
"cidr_blocks": ["0.0.0.0/0"]
}])
vpc = ec2.Vpc("myvpc", cidr_block="10.0.0.0/16")
igw = ec2.InternetGateway("myinternetgateway", vpc_id=vpc.id)
public_route_table = ec2.RouteTable("myroutetable",
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": igw.id
}],
vpc_id=vpc.id)
## ECR
repository = ecr.Repository("myrepository")
repository_policy = ecr.RepositoryPolicy(
"myrepositorypolicy",
repository=repository.id,
policy=json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Sid":
vpc = ec2.Vpc('eks-vpc',
cidr_block='10.100.0.0/16',
instance_tenancy='default',
enable_dns_hostnames=True,
enable_dns_support=True,
tags={'Name': 'pulumi-eks-vpc'})
igw = ec2.InternetGateway('vpc-ig',
vpc_id=vpc.id,
tags={'Name': 'pulumi-vpc-ig'})
eks_route_table = ec2.RouteTable('vpc-route-table',
vpc_id=vpc.id,
routes=[{
'cidr_block': '0.0.0.0/0',
'gateway_id': igw.id
}],
tags={'Name': 'pulumi-vpc-rt'})
## Subnets, one for each AZ in a region
zones = get_availability_zones()
subnet_ids = []
for zone in zones.names:
vpc_subnet = ec2.Subnet(f'vpc-subnet-{zone}',
assign_ipv6_address_on_creation=False,
vpc_id=vpc.id,
map_public_ip_on_launch=True,
cidr_block=f'10.100.{len(subnet_ids)}.0/24',
'Name': 'infra subnet',
'Creator': 'timc'
})
# https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/ec2/#RouteTableArgs-routes
# FIXED! s/destination_cidr_block/cidr_block/g
# the routeID has got the routeTableID embedded in it somehow
# routeID r-rtb-0bc47b98495839d0d1080289494
# routeTableID rtb-0bc47b98495839d0d
rt = ec2.RouteTable('new-rt',
vpc_id=vpc.id,
routes=[{
'gateway_id': igw.id,
'cidr_block': '0.0.0.0/0'
}],
tags={
'Name': 'infra route table',
'Creator': 'timc'
})
# AWS: source-based routing. To get closer to a specific destination CIDR,
# forward traffic to corresponding target, e.g.,
#
# Destination Target
# 10.0.0.0/16 Local
# 172.31.0.0/16 pcx-1a2b3c4d
# 0.0.0.0/0 igw-11aa22bb
route = ec2.Route('default-route',
destination_cidr_block='0.0.0.0/0',
assign_ipv6_address_on_creation=False,
vpc_id=vpc.id,
map_public_ip_on_launch=True,
cidr_block='10.100.0.0/24',
availability_zone='us-east-1a',
tags={
'Name': 'vpc-1-subnet',
'kubernetes.io/cluster/pulumi-kubeflow-ml':
'shared'
})
# https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/route_table.html.markdown
eks_route_table = ec2.RouteTable('eks-route-table',
vpc_id=vpc.id,
routes=[{
'cidr_block': '0.0.0.0/0',
'gateway_id': edge.id
}],
tags={'Name': 'vpc'})
vpc_0_route_table_assoc = ec2.RouteTableAssociation(
'vpc-0-route-table-assoc',
route_table_id=eks_route_table.id,
subnet_id=vpc_0_subnet.id)
vpc_1_route_table_assoc = ec2.RouteTableAssociation(
'vpc-1-route-table-assoc',
route_table_id=eks_route_table.id,
subnet_id=vpc_1_subnet.id)
kfp_cluster = eks.Cluster('pulumi-kubeflow-ml',
def __init__(self,
name: str,
args: VpcArgs,
opts: pulumi.ResourceOptions = None):
"""
Constructs a Vpc.
:param name: The Pulumi resource name. Child resource names are constructed based on this.
:param args: A VpcArgs object containing the arguments for VPC constructin.
:param opts: A pulumi.ResourceOptions object.
"""
super().__init__('Vpc', name, None, opts)
# Make base info available to other methods
self.name = name
self.description = args.description
self.base_tags = args.base_tags
# Create VPC and Internet Gateway resources
self.vpc = ec2.Vpc(f"{name}-vpc",
cidr_block=args.base_cidr,
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
**args.base_tags, "Name":
f"{args.description} VPC"
},
opts=pulumi.ResourceOptions(parent=self, ))
self.internet_gateway = ec2.InternetGateway(
f"{name}-igw",
vpc_id=self.vpc.id,
tags={
**args.base_tags, "Name":
f"{args.description} VPC Internet Gateway"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
# Calculate subnet CIDR blocks and create subnets
subnet_distributor = SubnetDistributor(
args.base_cidr, len(args.availability_zone_names))
self.public_subnets = [
ec2.Subnet(f"{name}-public-subnet-{i}",
vpc_id=self.vpc.id,
cidr_block=cidr,
availability_zone=args.availability_zone_names[i],
map_public_ip_on_launch=True,
tags={
**args.base_tags, "Name":
f"${args.description} Public Subnet {i}"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
for i, cidr in enumerate(subnet_distributor.public_subnets)
]
self.private_subnets = [
ec2.Subnet(f"{name}-private-subnet-{i}",
vpc_id=self.vpc.id,
cidr_block=cidr,
availability_zone=args.availability_zone_names[i],
tags={
**args.base_tags, "Name":
f"${args.description} Private Subnet {i}"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
for i, cidr in enumerate(subnet_distributor.private_subnets)
]
# Adopt the default route table for this VPC and adapt it for use with public subnets
self.public_route_table = ec2.DefaultRouteTable(
f"{name}-public-rt",
default_route_table_id=self.vpc.default_route_table_id,
tags={
**args.base_tags, "Name":
f"${args.description} Public Route Table"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
ec2.Route(f"{name}-route-public-sn-to-ig",
route_table_id=self.public_route_table.id,
destination_cidr_block="0.0.0.0/0",
gateway_id=self.internet_gateway.id,
opts=pulumi.ResourceOptions(parent=self.public_route_table))
for i, subnet in enumerate(self.public_subnets):
ec2.RouteTableAssociation(
f"{name}-public-rta-{i + 1}",
subnet_id=subnet.id,
route_table_id=self.public_route_table,
opts=pulumi.ResourceOptions(parent=self.public_route_table))
self.nat_elastic_ip_addresses: [ec2.Eip] = list()
self.nat_gateways: [ec2.NatGateway] = list()
self.private_route_tables: [ec2.RouteTable] = list()
# Create a NAT Gateway and appropriate route table for each private subnet
for i, subnet in enumerate(self.private_subnets):
self.nat_elastic_ip_addresses.append(
ec2.Eip(f"{name}-nat-{i + 1}",
tags={
**args.base_tags, "Name":
f"{args.description} NAT Gateway EIP {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
self.nat_gateways.append(
ec2.NatGateway(
f"{name}-nat-gateway-{i + 1}",
allocation_id=self.nat_elastic_ip_addresses[i].id,
subnet_id=self.public_subnets[i].id,
tags={
**args.base_tags, "Name":
f"{args.description} NAT Gateway {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
self.private_route_tables.append(
ec2.RouteTable(f"{name}-private-rt-{i + 1}",
vpc_id=self.vpc.id,
tags={
**args.base_tags, "Name":
f"{args.description} Private RT {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
ec2.Route(f"{name}-route-private-sn-to-nat-{i + 1}",
route_table_id=self.private_route_tables[i].id,
destination_cidr_block="0.0.0.0/0",
nat_gateway_id=self.nat_gateways[i].id,
opts=pulumi.ResourceOptions(
parent=self.private_route_tables[i]))
ec2.RouteTableAssociation(
f"{name}-private-rta-{i + 1}",
subnet_id=subnet.id,
route_table_id=self.private_route_tables[i].id,
opts=pulumi.ResourceOptions(
parent=self.private_route_tables[i]))
# Create S3 endpoint if necessary
if args.create_s3_endpoint:
ec2.VpcEndpoint(f"{name}-s3-endpoint",
vpc_id=self.vpc.id,
service_name=f"com.amazonaws.{config.region}.s3",
route_table_ids=[
self.public_route_table.id,
*[rt.id for rt in self.private_route_tables]
],
opts=pulumi.ResourceOptions(parent=self.vpc))
# Create DynamoDB endpoint if necessary
if args.create_dynamodb_endpoint:
ec2.VpcEndpoint(
f"{name}-dynamodb-endpoint",
vpc_id=self.vpc.id,
service_name=f"com.amazonaws.{config.region}.dynamodb",
route_table_ids=[
self.public_route_table.id,
*[rt.id for rt in self.private_route_tables]
],
opts=pulumi.ResourceOptions(parent=self.vpc))
super().register_outputs({})
def __init__(self, name: str, args: VpcArgs, opts: ResourceOptions = None):
super().__init__('custom:resource:VPC', name, {}, opts)
vpc_name = name + '-vpc'
self.vpc = ec2.Vpc(vpc_name,
cidr_block=args.cidr_block,
instance_tenancy=args.instance_tenancy,
enable_dns_hostnames=args.enable_dns_hostnames,
enable_dns_support=args.enable_dns_support,
tags={'Name': vpc_name},
opts=ResourceOptions(parent=self))
igw_name = name + '-igw'
self.igw = ec2.InternetGateway(igw_name,
vpc_id=self.vpc.id,
tags={'Name': igw_name},
opts=ResourceOptions(parent=self))
rt_name = name + '-rt'
self.route_table = ec2.RouteTable(rt_name,
vpc_id=self.vpc.id,
routes=[
ec2.RouteTableRouteArgs(
cidr_block='0.0.0.0/0',
gateway_id=self.igw.id,
)
],
tags={'Name': rt_name},
opts=ResourceOptions(parent=self))
# Subnets, at least across two zones.
all_zones = get_availability_zones()
# limiting to 2 zones for speed and to meet minimal requirements.
zone_names = [all_zones.names[0], all_zones.names[1]]
self.subnets = []
subnet_name_base = f'{name}-subnet'
for zone in zone_names:
vpc_subnet = ec2.Subnet(
f'{subnet_name_base}-{zone}',
assign_ipv6_address_on_creation=False,
vpc_id=self.vpc.id,
map_public_ip_on_launch=True,
cidr_block=f'10.100.{len(self.subnets)}.0/24',
availability_zone=zone,
tags={
'Name': f'{subnet_name_base}-{zone}',
},
opts=ResourceOptions(parent=self))
ec2.RouteTableAssociation(f'vpc-route-table-assoc-{zone}',
route_table_id=self.route_table.id,
subnet_id=vpc_subnet.id,
opts=ResourceOptions(parent=self))
self.subnets.append(vpc_subnet)
# Security Groups
rds_sg_name = f'{name}-rds-sg'
self.rds_security_group = ec2.SecurityGroup(
rds_sg_name,
vpc_id=self.vpc.id,
description='Allow client access.',
tags={'Name': rds_sg_name},
ingress=[
ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'],
from_port=3306,
to_port=3306,
protocol='tcp',
description='Allow rds access.'),
],
egress=[
ec2.SecurityGroupEgressArgs(
protocol='-1',
from_port=0,
to_port=0,
cidr_blocks=['0.0.0.0/0'],
)
],
opts=ResourceOptions(parent=self))
fe_sg_name = f'{name}-fe-sg'
self.fe_security_group = ec2.SecurityGroup(
fe_sg_name,
vpc_id=self.vpc.id,
description='Allow all HTTP(s) traffic.',
tags={'Name': fe_sg_name},
ingress=[
ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'],
from_port=443,
to_port=443,
protocol='tcp',
description='Allow https.'),
ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'],
from_port=80,
to_port=80,
protocol='tcp',
description='Allow http access'),
],
egress=[
ec2.SecurityGroupEgressArgs(
protocol='-1',
from_port=0,
to_port=0,
cidr_blocks=['0.0.0.0/0'],
)
],
opts=ResourceOptions(parent=self))
self.register_outputs({})
import pulumi
from pulumi import Output
from pulumi_aws import applicationloadbalancing, get_availability_zones, ec2
vpc = ec2.Vpc('test',
cidr_block="10.11.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True)
internet_gateway = ec2.InternetGateway('test', vpc_id=vpc.id)
route_table = ec2.RouteTable('test',
vpc_id=vpc.id,
routes=[
ec2.RouteTableRouteArgs(
cidr_block="0.0.0.0/0",
gateway_id=internet_gateway.id)
])
zones = Output.from_input(get_availability_zones())
zone_names = zones.apply(lambda zs: zs.names)
subnet0 = ec2.Subnet(
"test0",
vpc_id=vpc.id,
availability_zone=zone_names.apply(lambda names: names[0]),
cidr_block="10.11.0.0/24",
map_public_ip_on_launch=True)
subnet1 = ec2.Subnet(
def __init__(
self,
name,
opts=None,
):
super().__init__("nuage:aws:DevelopmentEnvironment:VPC",
f"{name}VpcEnvironment", None, opts)
vpc = ec2.Vpc(
f"{name}Vpc",
cidr_block="172.32.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
)
subnet_1 = ec2.Subnet(
f"{name}VpcSubnetA",
availability_zone="eu-west-1a",
vpc_id=vpc.id,
cidr_block="172.32.0.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
subnet_2 = ec2.Subnet(
f"{name}VpcSubnetB",
availability_zone="eu-west-1b",
vpc_id=vpc.id,
cidr_block="172.32.16.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
subnet_3 = ec2.Subnet(
f"{name}VpcSubnetC",
availability_zone="eu-west-1c",
vpc_id=vpc.id,
cidr_block="172.32.32.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
private_subnet_1 = ec2.Subnet(
f"{name}VpcPrivateSubnetA",
availability_zone="eu-west-1a",
vpc_id=vpc.id,
cidr_block="172.32.48.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
security_group = ec2.SecurityGroup(
f"{name}SecurityGroup",
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[vpc]),
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}SSHRule",
security_group_id=security_group.id,
type="ingress",
protocol="tcp",
from_port=22,
to_port=22,
cidr_blocks=["0.0.0.0/0"],
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}InboundRule",
security_group_id=security_group.id,
type="ingress",
protocol="all",
from_port=0,
to_port=65535,
source_security_group_id=security_group.id,
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}OutboundRule",
security_group_id=security_group.id,
type="egress",
protocol="all",
from_port=0,
to_port=65535,
cidr_blocks=["0.0.0.0/0"],
)
subnets = [subnet_1, subnet_2, subnet_3]
gateway = ec2.InternetGateway(
f"{name}InternetGateway",
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[vpc]),
)
gateway_route = ec2.Route(
f"{name}GatewayRoute",
destination_cidr_block="0.0.0.0/0",
gateway_id=gateway.id,
route_table_id=vpc.default_route_table_id,
)
elastic_ip = ec2.Eip(f"{name}Eip",
vpc=True,
opts=ResourceOptions(depends_on=[gateway]))
nat_gateway = ec2.NatGateway(
f"{name}NatGateway",
subnet_id=subnet_1.id,
allocation_id=elastic_ip.id,
opts=ResourceOptions(depends_on=[subnet_1, elastic_ip]),
)
private_route_table = ec2.RouteTable(
f"{name}PrivateRouteTable",
routes=[
{
"cidr_block": "0.0.0.0/0",
"nat_gateway_id": nat_gateway.id,
},
],
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[private_subnet_1]),
)
private_route_table_assoc = ec2.RouteTableAssociation(
f"{name}PrivateRouteTableAssoc",
route_table_id=private_route_table.id,
subnet_id=private_subnet_1.id,
)
outputs = {
"vpc": vpc,
"security_group": security_group,
"public_subnets": [subnet_1, subnet_2, subnet_3],
"private_subnet": private_subnet_1,
"nat_gateway": nat_gateway,
}
self.set_outputs(outputs)
