def add_utility_bucket(self, name=None, param_binding_map={}):
"""
Method adds a bucket to be used for infrastructure utility purposes such as backups
@param name [str] friendly name to prepend to the CloudFormation asset name
"""
if name:
self.utility_bucket = name
param_binding_map["utilityBucket"] = name
else:
self.utility_bucket = self.add_resource(
s3.Bucket(
name.lower() + "UtilityBucket", AccessControl=s3.BucketOwnerFullControl, DeletionPolicy=Retain
)
)
bucket_policy_statements = self.get_logging_bucket_policy_document(
self.utility_bucket,
elb_log_prefix=res.get_str("elb_log_prefix", ""),
cloudtrail_log_prefix=res.get_str("cloudtrail_log_prefix", ""),
)
self.add_resource(
s3.BucketPolicy(
name.lower() + "UtilityBucketLoggingPolicy",
Bucket=Ref(self.utility_bucket),
PolicyDocument=bucket_policy_statements,
)
)
param_binding_map["utilityBucket"] = Ref(self.utility_bucket)
log_group_name = "DefaultLogGroup"
self.add_resource(logs.LogGroup(log_group_name, RetentionInDays=7))
self.add_resource(self.create_vpcflowlogs_role())
def add_common_parameters(self, subnet_types, az_count=2):
"""
Adds parameters to template for use as a child stack:
vpcCidr,
vpcId,
commonSecurityGroup,
utilityBucket,
each subnet: [public|private]Subnet[0-9],
each AZ name: availabilityZone[0-9]
"""
self.vpc_cidr = self.add_parameter(
Parameter(
"vpcCidr",
Description="CIDR of the VPC network",
Type="String",
AllowedPattern=res.get_str("cidr_regex"),
ConstraintDescription=res.get_str("cidr_regex_message"),
)
)
self.vpc_id = self.add_parameter(Parameter("vpcId", Description="ID of the VPC network", Type="String"))
self.common_security_group = self.add_parameter(
Parameter(
"commonSecurityGroup",
Description="Security Group ID of the common security group for this environment",
Type="String",
)
)
self.utility_bucket = self.add_parameter(
Parameter(
"utilityBucket", Description="Name of the S3 bucket used for infrastructure utility", Type="String"
)
)
self.igw = self.add_parameter(
Parameter("internetGateway", Description="Name of the internet gateway used by the vpc", Type="String")
)
for subnet_type in subnet_types:
if subnet_type not in self.subnets:
self.subnets[subnet_type] = []
for index in range(0, az_count):
subnet_param = Parameter(
subnet_type.lower() + "Subnet" + str(index),
Description=subnet_type + " subnet " + str(index),
Type="String",
)
self.add_parameter(subnet_param)
self.subnets[subnet_type].append(Ref(subnet_param))
self.azs = []
for x in range(0, az_count):
az_param = Parameter("availabilityZone" + str(x), Description="Availability Zone " + str(x), Type="String")
self.add_parameter(az_param)
self.azs.append(Ref(az_param))
def initialize_template(self):
"""
Create new Template instance, set description and common parameters and load AMI cache.
"""
print '\nGenerating templates for {} stack\n'.format(
self.globals['environment_name'])
# Configure Template class with S3 settings from config
Template.template_bucket_default = self.template_args.get('s3_bucket')
Template.s3_path_prefix = self.s3_prefix()
Template.stack_timeout = self.template_args.get("timeout_in_minutes")
Template.upload_acl = self.template_args.get('s3_upload_acl')
Template.include_timestamp = self.template_args.get(
'include_timestamp')
Template.include_templateValidationHash_output = self.template_args.get(
'include_templateValidationHash_output')
Template.include_dateGenerated_output = self.template_args.get(
'include_dateGenerated_output')
# Create the root template object
self.template = Template(
self.globals.get('environment_name', 'default_template'))
self.template.description = self.template_args.get(
'description', 'No Description Specified')
self.template.resource_path = self._root_template_path()
ec2_key = self.config.get('template').get('ec2_key_default',
'default-key')
self.template._ec2_key = self.template.add_parameter(
Parameter(
'ec2Key',
Type='String',
Default=ec2_key,
Description=
'Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')))
bucket_name = self.config.get('logging').get('s3_bucket')
self.template.add_utility_bucket(name=bucket_name)
self.template.add_log_group()
self.template.add_vpcflowlogs_role()
ami_filename = self.config['template'].get('ami_map_file')
if ami_filename:
ami_cache = res.load_yaml_file(ami_filename)
self.template.add_ami_mapping(ami_cache)
def add_common_parameters(self, subnet_types, az_count=2):
"""
Adds parameters to template for use as a child stack:
vpcCidr,
vpcId,
commonSecurityGroup,
utilityBucket,
each subnet: [public|private]Subnet[0-9],
each AZ name: availabilityZone[0-9]
"""
self.vpc_cidr = self.add_parameter(Parameter(
'vpcCidr',
Description='CIDR of the VPC network',
Type='String',
AllowedPattern=res.get_str('cidr_regex'),
ConstraintDescription=res.get_str('cidr_regex_message')))
self.vpc_id = self.add_parameter(Parameter(
'vpcId',
Description='ID of the VPC network',
Type='String'))
self.common_security_group = self.add_parameter(Parameter(
'commonSecurityGroup',
Description='Security Group ID of the common security group for this environment',
Type='String'))
self.utility_bucket = self.add_parameter(Parameter(
'utilityBucket',
Description='Name of the S3 bucket used for infrastructure utility',
Type='String'))
for subnet_type in subnet_types:
if subnet_type not in self.subnets:
self.subnets[subnet_type] = []
for index in range(0, az_count):
subnet_param = Parameter(
subnet_type.lower() + 'Subnet' + str(index),
Description=subnet_type + ' subnet ' + str(index),
Type='String')
self.add_parameter(subnet_param)
self.subnets[subnet_type].append(Ref(subnet_param))
self.azs = []
for x in range(0, az_count):
az_param = Parameter(
'availabilityZone' + str(x),
Description='Availability Zone ' + str(x),
Type='String')
self.add_parameter(az_param)
self.azs.append(Ref(az_param))
def add_common_params_to_child_template(self, template):
az_count = self.config['network']['az_count']
subnet_types = self.config['network']['subnet_types']
template.add_common_parameters(subnet_types, az_count)
template.add_parameter_idempotent(Parameter(
'ec2Key',
Type='String',
Default=self.config.get('template').get('ec2_key_default', 'default-key'),
Description='Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')))
def init_root_template(self, template_config):
"""
Adds common parameters for instance creation to the CloudFormation template
@param template_config [dict] collection of template-level configuration values to drive the setup of this method
"""
self.template.add_parameter_idempotent(Parameter('ec2Key',
Type='String',
Default=template_config.get('ec2_key_default', 'default-key'),
Description='Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')))
self.template.add_utility_bucket(
name=template_config.get('utility_bucket'),
param_binding_map=self.manual_parameter_bindings)
def add_common_params_to_child_template(self, template):
az_count = self.config['network']['az_count']
subnet_types = self.config['network']['subnet_types']
template.add_common_parameters(subnet_types, az_count)
template.add_parameter_idempotent(
Parameter(
'ec2Key',
Type='String',
Default=self.config.get('template').get(
'ec2_key_default', 'default-key'),
Description=
'Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')))
def initialize_template(self):
"""
Create new Template instance, set description and common parameters and load AMI cache.
"""
print '\nGenerating templates for {} stack\n'.format(self.globals['environment_name'])
# Configure Template class with S3 settings from config
Template.template_bucket_default = self.template_args.get('s3_bucket')
Template.s3_path_prefix = self.s3_prefix()
Template.stack_timeout = self.template_args.get("timeout_in_minutes")
Template.upload_acl = self.template_args.get('s3_upload_acl')
Template.include_timestamp = self.template_args.get('include_timestamp')
Template.include_templateValidationHash_output = self.template_args.get('include_templateValidationHash_output')
Template.include_dateGenerated_output = self.template_args.get('include_dateGenerated_output')
# Create the root template object
self.template = Template(self.globals.get('environment_name', 'default_template'))
self.template.description = self.template_args.get('description', 'No Description Specified')
self.template.resource_path = self._root_template_path()
ec2_key = self.config.get('template').get('ec2_key_default', 'default-key')
self.template._ec2_key = self.template.add_parameter(Parameter(
'ec2Key',
Type='String',
Default=ec2_key,
Description='Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')
))
bucket_name = self.config.get('logging').get('s3_bucket')
self.template.add_utility_bucket(name=bucket_name)
self.template.add_log_group()
self.template.add_vpcflowlogs_role()
ami_filename = self.config['template'].get('ami_map_file')
if ami_filename:
ami_cache = res.load_yaml_file(ami_filename)
self.template.add_ami_mapping(ami_cache)
def init_root_template(self, template_config):
"""
Adds common parameters for instance creation to the CloudFormation template
@param template_config [dict] collection of template-level configuration values to drive the setup of this method
"""
self.template.add_parameter_idempotent(
Parameter(
'ec2Key',
Type='String',
Default=template_config.get('ec2_key_default', 'default-key'),
Description=
'Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')))
self.template.add_utility_bucket(
name=template_config.get('utility_bucket'),
param_binding_map=self.manual_parameter_bindings)
def add_common_parameters(self,
template_config):
'''
Adds common parameters for instance creation to the CloudFormation template
@param template_config [dict] collection of template-level configuration values to drive the setup of this method
'''
self.template.add_parameter_idempotent(Parameter('ec2Key',
Type='String',
Default=template_config.get('ec2_key_default','default-key'),
Description='Name of an existing EC2 KeyPair to enable SSH access to the instances',
AllowedPattern=res.get_str('ec2_key'),
MinLength=1,
MaxLength=255,
ConstraintDescription=res.get_str('ec2_key_message')))
self.remote_access_cidr = self.template.add_parameter(Parameter('remoteAccessLocation',
Description='CIDR block identifying the network address space that will be allowed to ingress into public access points within this solution',
Type='String',
Default='0.0.0.0/0',
MinLength=9,
MaxLength=18,
AllowedPattern=res.get_str('cidr_regex'),
ConstraintDescription=res.get_str('cidr_regex_message')))
def add_utility_bucket(self,
name='demo',
param_binding_map={}):
"""
Method adds a bucket to be used for infrastructure utility purposes such as backups
@param name [str] friendly name to prepend to the CloudFormation asset name
"""
self.utility_bucket = self.add_resource(s3.Bucket(name.lower() + 'UtilityBucket',
AccessControl=s3.BucketOwnerFullControl,
DeletionPolicy=Retain))
bucket_policy_statements = self.get_logging_bucket_policy_document(self.utility_bucket, elb_log_prefix=res.get_str('elb_log_prefix',''), cloudtrail_log_prefix=res.get_str('cloudtrail_log_prefix', ''))
self.add_resource(s3.BucketPolicy( name.lower() + 'UtilityBucketLoggingPolicy',
Bucket=Ref(self.utility_bucket),
PolicyDocument=bucket_policy_statements))
param_binding_map['utilityBucket'] = Ref(self.utility_bucket)
def create_network(self,
network_config=None):
"""
Method creates a network with the specified number of public and private subnets within the VPC cidr specified by the networkAddresses CloudFormation mapping
@param network_config [dict] collection of network parameters for creating the VPC network
"""
if 'network_name' in network_config:
network_name = network_config.get('network_name')
else:
network_name = self.__class__.__name__
self.vpc = self.template.add_resource(ec2.VPC('vpc',
CidrBlock=FindInMap('networkAddresses', 'vpcBase', 'cidr'),
EnableDnsSupport=True,
EnableDnsHostnames=True,
Tags=[ec2.Tag(key='Name', value=network_name)]))
self.igw = self.template.add_resource(ec2.InternetGateway('vpcIgw'))
igw_title = 'igwVpcAttachment'
self.igw_attachment = self.template.add_resource(ec2.VPCGatewayAttachment(igw_title,
InternetGatewayId=Ref(self.igw),
VpcId=Ref(self.vpc)))
nat_instance_type = self.template.add_parameter(Parameter('natInstanceType',
Type='String',
Default=str(network_config.get('nat_instance_type', 't2.small')),
AllowedValues=res.get_str('valid_instance_types'),
ConstraintDescription=res.get_str('valid_instance_type_message'),
Description='Instance type to use when launching NAT instances.'))
subnet_types = network_config.get('subnet_types',['public','private'])
self.gateway_hook()
for index in range(0, int(network_config.get('az_count', 2))):
for subnet_type in subnet_types:
if subnet_type in self.template.mappings['networkAddresses']['subnet' + str(index)]:
if subnet_type not in self.local_subnets:
self.local_subnets[subnet_type] = {}
self.local_subnets[subnet_type][str(index)] = self.template.add_resource(ec2.Subnet(subnet_type + 'Subnet' + str(index),
AvailabilityZone=FindInMap('RegionMap', Ref('AWS::Region'), 'az' + str(index) + 'Name'),
VpcId=Ref(self.vpc),
CidrBlock=FindInMap('networkAddresses', 'subnet' + str(index), subnet_type)))
for index in range(0, int(network_config.get('az_count', 2))):
for subnet_type in subnet_types:
if subnet_type in self.template.mappings['networkAddresses']['subnet' + str(index)]:
route_table = self.template.add_resource(ec2.RouteTable(subnet_type + 'Subnet' + str(index) + 'RouteTable',
VpcId=Ref(self.vpc)))
self.create_subnet_egress(index, route_table, igw_title, nat_instance_type, subnet_type)
self.template.add_resource(ec2.SubnetRouteTableAssociation(subnet_type + 'Subnet' + str(index) + 'EgressRouteTableAssociation',
RouteTableId=Ref(route_table),
SubnetId=Ref(self.local_subnets[subnet_type][str(index)])))
self.manual_parameter_bindings['vpcCidr'] = FindInMap('networkAddresses', 'vpcBase', 'cidr')
self.manual_parameter_bindings['vpcId'] = Ref(self.vpc)
for x in self.local_subnets:
if x not in self.subnets:
self.subnets[x] = []
for y in self.local_subnets[x]:
self.subnets[x].append(Ref(self.local_subnets[x][y]))