def resources(self, stack: Stack) -> list[AWSObject]: """Return resources associated with the construct.""" igw = ec2.InternetGateway(name_to_id(f"{self.name_prefix}-igw")) attachement = ec2.VPCGatewayAttachment( name_to_id(f"{self.name_prefix}-igw-attachement"), InternetGatewayId=Ref(igw), VpcId=Ref(self.vpc), ) route = ec2.Route( name_to_id(f"{self.name_prefix}-igw-route"), RouteTableId=Ref(self.route_table), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), ) result = [igw, attachement, route] # If a new route table has to be created associate it with provided subnets if self.add_route_table_to_stack: result.append(self.route_table) assert self.subnets is not None result.extend([ ec2.SubnetRouteTableAssociation( name_to_id(f"{self.name_prefix}-{num}"), RouteTableId=Ref(self.route_table), SubnetId=Ref(subnet), ) for subnet, num in zip(self.subnets, range(len(self.subnets))) ]) return result
def create_routing_resources(self): """Create VPC routing resource Handles the creation of VPC resources that need to be used throughout the stack and include the following: - internet gateway - vpc gateway attachment - public route table - public route """ gateway = self.create_resource( ec2.InternetGateway('InternetGateway', Tags=self.get_tags())) gateway_attachment = self.create_resource( ec2.VPCGatewayAttachment('VPCGatewayAttachment', VpcId=Ref(self.vpc), InternetGatewayId=Ref(gateway))) public_route_table = self.create_resource( ec2.RouteTable('PublicRouteTable', VpcId=Ref(self.vpc))) self.create_resource( ec2.Route('PublicRoute', RouteTableId=Ref(public_route_table), DestinationCidrBlock=ALLOW_ALL_CIDR, DependsOn=gateway_attachment.title, GatewayId=Ref(gateway))) return public_route_table
def create_vpc(self): """Create the VPC resources.""" template = self.template variables = self.get_variables() self.template.add_version(AWS_TEMPLATE_VERSION) self.template.add_description('Create a VPC') vpc = ec2.VPC( VPC_NAME, CidrBlock=variables['VpcCidr'], EnableDnsSupport=True, EnableDnsHostnames=True, Tags=[ec2.Tag('Name', variables['VpcName'] + '-LATESTREPO')] ) template.add_resource(vpc) template.add_output( Output( OUTPUT_VPC_ID, Value=VPC_ID ) ) # create the internet gateway if needed if variables["UseInternetGW"]: template.add_resource(ec2.InternetGateway('InternetGatway')) template.add_resource( ec2.VPCGatewayAttachment( 'GatewayAttach', VpcId=Ref(VPC_NAME), InternetGatewayId=Ref('InternetGatway') ) )
def create_routing_resources(self): gateway = self.create_resource( ec2.InternetGateway( 'InternetGateway', Tags=self.get_tags() ) ) gateway_attachment = self.create_resource( ec2.VPCGatewayAttachment( 'VPCGatewayAttachment', VpcId=Ref(self.vpc), InternetGatewayId=Ref(gateway) ) ) public_route_table = self.create_resource( ec2.RouteTable( 'PublicRouteTable', VpcId=Ref(self.vpc)) ) self.create_resource( ec2.Route( 'PublicRoute', RouteTableId=Ref(public_route_table), DestinationCidrBlock=ALLOW_ALL_CIDR, DependsOn=gateway_attachment.title, GatewayId=Ref(gateway) ) ) return public_route_table
def resources(self, stack: Stack) -> list[AWSObject]: """Return resources associated with the construct.""" igw = ec2.InternetGateway(name_to_id(f"{self.name_prefix}-igw")) attachement = ec2.VPCGatewayAttachment( name_to_id(f"{self.name_prefix}-igw-attachement"), InternetGatewayId=Ref(igw), VpcId=Ref(self.vpc), ) route_table = ec2.RouteTable( name_to_id(f"{self.name_prefix}-igw-route-table"), VpcId=Ref(self.vpc) ) route = ec2.Route( name_to_id(f"{self.name_prefix}-igw-route"), RouteTableId=Ref(route_table), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), ) route_table_associations = ( ec2.SubnetRouteTableAssociation( name_to_id(f"{self.name_prefix}-{num}"), RouteTableId=Ref(route_table), SubnetId=Ref(subnet), ) for subnet, num in zip(self.subnets, range(len(self.subnets))) ) return [igw, attachement, route_table, route, *route_table_associations]
def add_igw_gateway(self): name, tags = self._name_tags('igw_gateway') self.igw_gateway = self.t.add_resource( ec2.InternetGateway( name, Tags=Tags(**tags), ))
def create_gateway(self): t = self.template t.add_resource(ec2.InternetGateway(GATEWAY)) t.add_resource( ec2.VPCGatewayAttachment(GW_ATTACH, VpcId=VPC_ID, InternetGatewayId=Ref(GATEWAY)))
def createCouchbaseInternetGateway(t): couchbaseInternetGateway = t.add_resource( ec2.InternetGateway( 'GATEWAY', Tags=Tags( Name=Join('', ['gateway-scalability-', Ref('AWS::Region')])))) return couchbaseInternetGateway
def add_igw(prefix, template, subnet): title = "%sInternetGateway" % prefix gw = ec2.InternetGateway(title) gw.Tags = [tagging.name(title), tagging.env_name()] gw.DependsOn = resource_title.vpc_title(prefix) template.add_resource(gw) template.add_output( Output('InternetGateway', Description="InternetGateway", Value=Ref(gw))) return gw
def build_public_gateway(vpc): public_gateway = ec2.InternetGateway(name="InternetGateway", Tags=[{ "Key": "Application", "Value": Ref("AWS::StackId") }]) attachment = ec2.VPCGatewayAttachment( name="AttachInternetGateway", VpcId=Ref(vpc), InternetGatewayId=Ref(public_gateway)) return [attachment, public_gateway]
def create_gateway(self, name=GATEWAY): self.gateway = self.template.add_resource( ec2.InternetGateway(name, Tags=self.__set_tags("InternetGateway"))) self.template.add_output(Output( GATEWAY_ID, Value=self.gateway.Ref(), )) self.gateway_attachment = self.template.add_resource( ec2.VPCGatewayAttachment( VPC_GATEWAYATTACHMENT, VpcId=self.vpc.Ref(), InternetGatewayId=self.gateway.Ref(), ))
def add_igw(self): t = self.template self.igw = t.add_resource( ec2.InternetGateway( 'InternetGateway', Tags=self.defaultTags + [ ec2.Tag('Name', Join("", [self.namePrefix, 'InternetGateway'])) ])) self.igwAttachment = t.add_resource( ec2.VPCGatewayAttachment('InternetGatewayAttachment', VpcId=Ref(self.vpc), InternetGatewayId=Ref(self.igw)))
def create_vpc(t, env, env_number, subnet_mapping, subnet_config): ''' Creates the VPC along with the subnets, IGW and RouteTables ''' vpc_objects = {} vpc_objects['vpc'] = t.add_resource( ec2.VPC("{}VPC".format(env.upper()), CidrBlock="10.{}.0.0/16".format(env_number), InstanceTenancy="default", Tags=Tags(Name="{}VPC".format(env.upper())))) vpc_objects['igw'] = t.add_resource(ec2.InternetGateway("InternetGateway")) vpc_objects['igw_attachment'] = t.add_resource( ec2.VPCGatewayAttachment( "IGWAttachment", VpcId=Ref(vpc_objects['vpc']), InternetGatewayId=Ref(vpc_objects['igw']), )) # Create Subnets vpc_objects['subnets'] = {} vpc_objects['nat_eip'] = {} for subid in subnet_config: vpc_objects['subnets'][subid] = t.add_resource( ec2.Subnet(subid, CidrBlock=subnet_config[subid]['subnet'], VpcId=Ref(vpc_objects['vpc']), AvailabilityZone="{}".format( subnet_config[subid]['az_name']), Tags=Tags(Name="{}Subnet".format(subid)))) # Create NAT Gateways if subnet_config[subid]['service'] == 'nat': az = subnet_config[subid]['az_number'] nat_eip_name = '{}{}NatEIP'.format(env.title(), az) vpc_objects['nat_eip'][nat_eip_name] = t.add_resource( ec2.EIP(nat_eip_name, Domain="vpc")) t.add_resource( ec2.NatGateway('{}{}NatGW'.format(env.title(), az), AllocationId=GetAtt( vpc_objects['nat_eip'][nat_eip_name], 'AllocationId'), SubnetId=Ref(vpc_objects['subnets'][subid]))) return t, vpc_objects
def create_internet_gateway(self): t = self.template self.gateway = t.add_resource(ec2.InternetGateway("InternetGateway")) t.add_output(Output( "InternetGatewayId", Value=self.gateway.Ref(), )) self.gateway_attachment = t.add_resource( ec2.VPCGatewayAttachment( "VPCGatewayAttachment", VpcId=self.vpc.Ref(), InternetGatewayId=self.gateway.Ref(), )) t.add_output( Output( "VPCGatewayAttachmentId", Value=self.gateway_attachment.Ref(), ))
def main(): """ Creates a troposphere template and then adds a single s3 bucket """ template = Template() vpc = template.add_resource(ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16')) internet_gateway = template.add_resource(ec2.InternetGateway('MyInternetGateway')) template.add_resource(ec2.VPCGatewayAttachment('MyVPCGatewayAttachment', InternetGatewayId=Ref(internet_gateway), VpcId=Ref(vpc), DependsOn=internet_gateway.title)) security_group = template.add_resource(ec2.SecurityGroup('mySecGroup', GroupDescription='Security group', VpcId=Ref(vpc), )) subnet = template.add_resource(ec2.Subnet('MyPubSub', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24')) template.add_resource(ec2.Instance( 'myinstance', KeyName='INSERT_YOUR_KEYPAIR_HERE', ImageId='ami-dc361ebf', InstanceType='t2.nano', NetworkInterfaces=[ec2.NetworkInterfaceProperty( GroupSet=[Ref(security_group)], AssociatePublicIpAddress=True, DeviceIndex='0', DeleteOnTermination=True, SubnetId=Ref(subnet))], SourceDestCheck=True, DependsOn=internet_gateway.title )) SNS(template=template) print(template.to_json(indent=2, separators=(',', ': ')))
def define_vpc(self, vpc_config): vpc = ec2.VPC(vpc_config["name"], DeletionPolicy=self.deletion_policy) vpc.CidrBlock = vpc_config["cidr_block"] vpc.EnableDnsSupport = vpc_config["dns_support"] vpc.EnableDnsHostnames = vpc_config["dns_hostnames"] vpc.Tags = self._get_tags(vpc_config) self._add_resource(vpc) if vpc_config["internet_gateway"]: ig = ec2.InternetGateway(vpc_config["internet_gateway"]["name"], DeletionPolicy=self.deletion_policy) ig.Tags = self._get_tags(vpc_config["internet_gateway"]) self.template.add_resource(ig) iga = ec2.VPCGatewayAttachment( "%sAttachment" % vpc_config["internet_gateway"]["name"], DependsOn=ig.name, DeletionPolicy=self.deletion_policy) iga.VpcId = Ref(vpc) iga.InternetGatewayId = Ref(ig) self.template.add_resource(iga)
def configure_vpc(cfn_template, cluster_name): vpc = ec2.VPC("DustVPC") vpc.CidrBlock = "10.0.0.0/16" vpc.Tags = [ec2.Tag("Name:", cluster_name)] cfn_template.add_resource(vpc) vpc_id = Ref(vpc) subnet = ec2.Subnet('dustSubnet') subnet.VpcId = vpc_id subnet.CidrBlock = "10.0.0.0/24" cfn_template.add_resource(subnet) vpc_subnet = Ref(subnet) net_gateway = ec2.InternetGateway('dustGateway') cfn_template.add_resource(net_gateway) attach_net_gateway = ec2.VPCGatewayAttachment('dustAttachGateway') attach_net_gateway.VpcId = vpc_id attach_net_gateway.InternetGatewayId = Ref(net_gateway) cfn_template.add_resource(attach_net_gateway) route_table = ec2.RouteTable('dustRoutetable') route_table.VpcId = vpc_id cfn_template.add_resource(route_table) route = ec2.Route('dustRoute') route.RouteTableId = Ref(route_table) route.DestinationCidrBlock = "0.0.0.0/0" route.GatewayId = Ref(net_gateway) route.DependsOn = "dustAttachGateway" cfn_template.add_resource(route) attach_route = ec2.SubnetRouteTableAssociation('dustAttachRouteTable') attach_route.SubnetId = vpc_subnet attach_route.RouteTableId = Ref(route_table) cfn_template.add_resource(attach_route) return vpc_id, vpc_subnet
def create_routing(): return [ ec2.InternetGateway( 'internetGateway', Tags=_tags(), ), ec2.VPCGatewayAttachment( 'vpcToInternetGateway', InternetGatewayId=Ref('internetGateway'), VpcId=Ref('vpc'), ), ec2.RouteTable( 'routeTable', VpcId=Ref('vpc'), Tags=_tags(), ), ec2.Route( 'routeToInternetGateway', DestinationCidrBlock='0.0.0.0/0', GatewayId=Ref('internetGateway'), RouteTableId=Ref('routeTable'), ), ]
def add_resources(self): """Add resources to template.""" template = self.template variables = self.get_variables() # Add StackName to outputs (for ease of reference by child stacks) template.add_output( Output('StackName', Description='Name of this CloudFormation stack', Value=Ref('AWS::StackName'))) vpc = template.add_resource( ec2.VPC('VPC', CidrBlock=variables['VpcCidr'].ref, EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy=variables['VpcInstanceTenancy'].ref, Tags=Tags(Application=Ref('AWS::StackName'), Name=Join('-', [ variables['CustomerName'].ref, 'vpc', variables['EnvironmentName'].ref ]), Network='Public'))) template.add_output( Output('VPC', Description='VPC', Export=Export(Sub('${AWS::StackName}-VPC')), Value=Ref(vpc))) template.add_output( Output('CidrBlock', Description='Set of IP addresses for the VPC', Export=Export(Sub('${AWS::StackName}-CidrBlock')), Value=GetAtt(vpc, 'CidrBlock'))) # Create subnets for i in range(AZS): for zone in ['Public', 'Private']: template.add_resource( ec2.Subnet( '%sSubnet%s' % (zone[:3], str(i + 1)), Condition='%sAZ%i' % (zone, (i + 1)), VpcId=Ref(vpc), AvailabilityZone=Select(str(i + variables['AzOffset']), GetAZs('')), CidrBlock=Ref('%sSubnet%s' % (zone, str(i + 1))), Tags=Tags( Application=Ref('AWS::StackName'), Name=Join('-', [ variables['CustomerName'].ref, zone.lower(), variables['EnvironmentName'].ref, Select(str(i + variables['AzOffset']), GetAZs('')) ]), Network='%s - %s' % (zone, str(i + 1))))) template.add_output( Output('%sSubnet%s' % (zone[:3], str(i + 1)), Condition='%sAZ%s' % (zone, str(i + 1)), Description='%sSubnet%s' % (zone[:3], str(i + 1)), Export=Export( Sub('${AWS::StackName}-' '%sSubnet%s' % (zone[:3], str(i + 1)))), Value=Ref('%sSubnet%s' % (zone[:3], str(i + 1))))) template.add_output( Output( '%sSubnet%sAZ' % (zone[:3], str(i + 1)), Condition='%sAZ%s' % (zone, str(i + 1)), Description='%sSubnet%s Availability Zone' % (zone[:3], str(i + 1)), # noqa Export=Export( Sub('${AWS::StackName}-' '%sSubnet%sAZ' % (zone[:3], str(i + 1)))), Value=GetAtt('%sSubnet%s' % (zone[:3], str(i + 1)), 'AvailabilityZone'))) internetgateway = template.add_resource( ec2.InternetGateway('InternetGateway', Tags=Tags( Application=Ref('AWS::StackName'), Name=Join('-', [ variables['CustomerName'].ref, 'igw', variables['EnvironmentName'].ref ]), Network='Public'))) template.add_resource( ec2.VPCGatewayAttachment( 'GatewayToInternet', InternetGatewayId=Ref(internetgateway), VpcId=Ref(vpc), )) # Elastic IPs for i in range(AZS): template.add_resource( ec2.EIP('NAT%iElasticIP' % (i + 1), Condition='CreateNATGateway%i' % (i + 1), Domain='vpc')) template.add_output( Output( 'NAT%iElasticIP' % (i + 1), Condition='CreateNATGateway%i' % (i + 1), Description='Elastic IP for NATs %i' % (i + 1), Export=Export( Sub('${AWS::StackName}-NAT%iElasticIP' % (i + 1))), Value=Ref('NAT%iElasticIP' % (i + 1)), )) # NAT Gateways for i in range(AZS): template.add_resource( ec2.NatGateway('NATGateway%i' % (i + 1), Condition='CreateNATGateway%i' % (i + 1), AllocationId=GetAtt('NAT%iElasticIP' % (i + 1), 'AllocationId'), SubnetId=Ref('PubSubnet%i' % (i + 1)))) # Route tables publicroutetable = template.add_resource( ec2.RouteTable( 'PublicRouteTable', VpcId=Ref(vpc), Tags=Tags(Application=Ref('AWS::StackName'), Name=Join('-', [ variables['CustomerName'].ref, 'public-routes', variables['EnvironmentName'].ref ]), Network='Public'))) template.add_output( Output(publicroutetable.title, Description=publicroutetable.title, Export=Export( Sub('${AWS::StackName}-%s' % publicroutetable.title)), Value=Ref(publicroutetable))) for i in range(AZS): template.add_resource( ec2.RouteTable( 'PrivateRouteTable%i' % (i + 1), Condition='PrivateAZ%i' % (i + 1), VpcId=Ref(vpc), Tags=Tags( Application=Ref('AWS::StackName'), Name=Join('-', [ variables['CustomerName'].ref, 'private-routes', variables['EnvironmentName'].ref, Select(str(i + variables['AzOffset']), GetAZs('')) ]), Network='Private - %i' % (i + 1)))) template.add_output( Output('PrivateRouteTable%i' % (i + 1), Condition='PrivateAZ%i' % (i + 1), Description='PrivateRouteTable%i' % (i + 1), Export=Export( Sub('${AWS::StackName}-' 'PrivateRouteTable%i' % (i + 1))), Value=Ref('PrivateRouteTable%i' % (i + 1)))) # Routes & Route Table Associations template.add_resource( ec2.Route('PublicRoute', DestinationCidrBlock='0.0.0.0/0', GatewayId=Ref(internetgateway), RouteTableId=Ref(publicroutetable))) for i in range(AZS): template.add_resource( ec2.Route('PrivateRoute%i' % (i + 1), Condition='CreateNATGateway%i' % (i + 1), DestinationCidrBlock='0.0.0.0/0', NatGatewayId=Ref('NATGateway%i' % (i + 1)), RouteTableId=Ref('PrivateRouteTable%i' % (i + 1)))) template.add_resource( ec2.SubnetRouteTableAssociation( 'PubSubnet%iRTAssoc' % (i + 1), Condition='PublicAZ%i' % (i + 1), RouteTableId=Ref(publicroutetable), SubnetId=Ref('PubSubnet%i' % (i + 1)))) template.add_resource( ec2.SubnetRouteTableAssociation( 'PriSubnet%iRTAssoc' % (i + 1), Condition='PrivateAZ%i' % (i + 1), RouteTableId=Ref('PrivateRouteTable%i' % (i + 1)), SubnetId=Ref('PriSubnet%i' % (i + 1))))
def __init__(self): super(VPC, self).__init__() self.vpc = ec2.VPC( "VPC", CidrBlock="172.1.0.0/16", InstanceTenancy="default", EnableDnsSupport=True, EnableDnsHostnames=True, Tags=Tags(Name=Ref("AWS::StackName")), ) self.internet_gateway = ec2.InternetGateway( "InternetGateway", Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-internet-gateway"]), ), ) self.internet_gateway_attachment = ec2.VPCGatewayAttachment( "InternetGatewayAttachment", InternetGatewayId=Ref(self.internet_gateway), VpcId=Ref(self.vpc), ) self.public_route_table = ec2.RouteTable( "PublicRouteTable", VpcId=Ref(self.vpc), Tags=Tags(Name=Join( "-", [Ref("AWS::StackName"), "public-route-table"]), ), ) self.private_route_table = ec2.RouteTable( "PrivateRouteTable", VpcId=Ref(self.vpc), Tags=Tags(Name=Join( "-", [Ref("AWS::StackName"), "private-route-table"]), ), ) self.vpc_s3_endpoint = ec2.VPCEndpoint( "VPCS3Endpoint", ServiceName=Join( "", ["com.amazonaws.", Ref("AWS::Region"), ".s3"]), VpcId=Ref(self.vpc), RouteTableIds=[ Ref(self.public_route_table), Ref(self.private_route_table) ], ) self.route_to_internet = ec2.Route( "RouteToInternet", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.internet_gateway), RouteTableId=Ref(self.public_route_table), DependsOn=self.internet_gateway_attachment.title, ) # private subnets self.private_subnet_1 = ec2.Subnet( "PrivateSubnet1", AvailabilityZone=Select(0, GetAZs()), CidrBlock="172.1.1.0/24", MapPublicIpOnLaunch=False, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-private-subnet-1"]), ), VpcId=Ref(self.vpc), ) self.private_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation( "PrivateSubnet1RouteTableAssociation", RouteTableId=Ref(self.private_route_table), SubnetId=Ref(self.private_subnet_1), ) self.private_subnet_2 = ec2.Subnet( "PrivateSubnet2", AvailabilityZone=Select(1, GetAZs()), CidrBlock="172.1.2.0/24", MapPublicIpOnLaunch=False, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-private-subnet-2"]), ), VpcId=Ref(self.vpc), ) self.private_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation( "PrivateSubnet2RouteTableAssociation", RouteTableId=Ref(self.private_route_table), SubnetId=Ref(self.private_subnet_2), ) self.private_network_aCL = ec2.NetworkAcl( "PrivateNetworkACL", VpcId=Ref(self.vpc), Tags=Tags(Name=Join("", [Ref("AWS::StackName"), "-private-nacl"]), ), ) self.private_subnet_1_network_acl_association = ec2.SubnetNetworkAclAssociation( "PrivateSubnet1NetworkAclAssociation", SubnetId=Ref(self.private_subnet_1), NetworkAclId=Ref(self.private_network_aCL), ) self.private_subnet_2_network_acl_association = ec2.SubnetNetworkAclAssociation( "PrivateSubnet2NetworkAclAssociation", SubnetId=Ref(self.private_subnet_2), NetworkAclId=Ref(self.private_network_aCL), ) self.private_network_acl_entry_in = ec2.NetworkAclEntry( "PrivateNetworkAclEntryIn", CidrBlock="172.1.0.0/16", Egress=False, NetworkAclId=Ref(self.private_network_aCL), Protocol=-1, RuleAction="allow", RuleNumber=200, ) self.private_network_acl_entry_out = ec2.NetworkAclEntry( "PrivateNetworkAclEntryOut", CidrBlock="172.1.0.0/16", Egress=True, NetworkAclId=Ref(self.private_network_aCL), Protocol=-1, RuleAction="allow", RuleNumber=200, ) # public subnets self.public_subnet_1 = ec2.Subnet( "PublicSubnet1", AvailabilityZone=Select(0, GetAZs()), CidrBlock="172.1.128.0/24", MapPublicIpOnLaunch=True, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-public-subnet-1"]), ), VpcId=Ref(self.vpc), ) self.public_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation( "PublicSubnet1RouteTableAssociation", RouteTableId=Ref(self.public_route_table), SubnetId=Ref(self.public_subnet_1), ) self.public_subnet_2 = ec2.Subnet( "PublicSubnet2", AvailabilityZone=Select(1, GetAZs()), CidrBlock="172.1.129.0/24", MapPublicIpOnLaunch=True, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-public-subnet-2"]), ), VpcId=Ref(self.vpc), ) self.public_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation( "PublicSubnet2RouteTableAssociation", RouteTableId=Ref(self.public_route_table), SubnetId=Ref(self.public_subnet_2), )
def create_vpc_template(template=None): if not template: template = Template() template.add_description( 'AWS cloud formation script template.at creates a VPC with a NAT Gg' ) template.add_version('2010-09-09') vpc_cidr_block = template.add_parameter( Parameter( 'VPCCIDR', Default=vpc_config['cidr_block'], Description='The IP address space for this VPC, in CIDR notation', Type='String', )) vpc = template.add_resource( ec2.VPC('VPC', CidrBlock=Ref(vpc_cidr_block), Tags=Tags(vpc_config['tags']))) igw = template.add_resource(ec2.InternetGateway('InternetGateway', )) template.add_resource( ec2.VPCGatewayAttachment( "NatAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) template.add_output(Output('VPCId', Value=Ref(vpc), Description='VPC Id')) public_security_group = template.add_resource( ec2.SecurityGroup( security_group_config['public']['name'], GroupDescription='{} public security group'.format( vpc_config['name']), SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', ToPort=r['port'], FromPort=r['port'], CidrIp=r['cidr_block']) for r in security_group_config['public']['ingress_rules'] ], VpcId=Ref(vpc), Tags=Tags( dict(Name='public {} security group'.format( vpc_config['name']))), )) template.add_output( Output('PublicSecurityGroupId', Value=Ref(public_security_group), Description='Public Security Group Id')) private_security_group = template.add_resource( ec2.SecurityGroup( security_group_config['private']['name'], GroupDescription='{} private security group'.format( vpc_config['name']), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', ToPort=r['port'], FromPort=r['port'], SourceSecurityGroupId=Ref(public_security_group)) for r in security_group_config['private']['ingress_rules'] ], VpcId=Ref(vpc), Tags=Tags( dict(Name='private {} security group'.format( vpc_config['name']))), )) for i, sub_net in enumerate(sub_nets): public_subnet = template.add_parameter( Parameter( 'PublicSubnetCidr{}'.format(i), Type='String', Description='Public Subnet CIDR', Default=sub_net['public_cidr'], )) public_net = template.add_resource( ec2.Subnet( 'PublicSubnet{}'.format(i), AvailabilityZone=sub_net['region'], CidrBlock=Ref(public_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), Tags=Tags(dict(Name='Public Subnet {}'.format(i))), )) public_route_table = template.add_resource( ec2.RouteTable( 'PublicRouteTable{}'.format(i), VpcId=Ref(vpc), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'PublicRouteAssociation{}'.format(i), SubnetId=Ref(public_net), RouteTableId=Ref(public_route_table), )) template.add_resource( ec2.Route( 'PublicDefaultRoute{}'.format(i), RouteTableId=Ref(public_route_table), DestinationCidrBlock='0.0.0.0/0', GatewayId=Ref(igw), )) template.add_output( Output('PublicSubnet{}'.format(i), Value=Ref(public_subnet), Description='Subnet Id')) if private_sub_net: private_subnet = template.add_parameter( Parameter( 'PrivateSubnetCidr{}'.format(i), Type='String', Description='Private Subnet CIDR', Default=sub_net['private_cidr'], )) private_net = template.add_resource( ec2.Subnet( 'PrivateSubnet{}'.format(i), CidrBlock=Ref(private_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), Tags=Tags(dict(Name='Private Subnet {}'.format(i))), )) private_route_table = template.add_resource( ec2.RouteTable( 'PrivateRouteTable{}'.format(i), VpcId=Ref(vpc), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'PrivateRouteAssociation{}'.format(i), SubnetId=Ref(private_net), RouteTableId=Ref(private_route_table), )) template.add_output( Output('PrivateSubnet{}'.format(i), Value=Ref(private_subnet), Description='Subnet Id')) if nat_gateway and private_sub_net: nat_eip = template.add_resource( ec2.EIP( 'NatEip{}'.format(i), Domain="vpc", )) nat = template.add_resource( ec2.NatGateway( 'Nat{}'.format(i), AllocationId=GetAtt(nat_eip, 'AllocationId'), SubnetId=Ref(public_net), )) template.add_resource( ec2.Route( 'NatRoute{}'.format(i), RouteTableId=Ref(private_route_table), DestinationCidrBlock='0.0.0.0/0', NatGatewayId=Ref(nat), )) template.add_output( Output( 'NatEip{}'.format(i), Value=Ref(nat_eip), Description='Nat Elastic IP', )) write_json_to_file('vpc.json', template)
def add_resources(self): """ Add All Cloudformation Resources. This will include vpc, igw, and any other network resources """ self.vpc = self.template.add_resource( ec2.VPC( "VPC", CidrBlock=Ref(self.VpcCidr), EnableDnsSupport=True, Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-VPC"), )) self.PubSubnet1 = self.template.add_resource( ec2.Subnet( "PubSubnet1", CidrBlock=Ref(self.PubSub1Cidr), VpcId=Ref(self.vpc), AvailabilityZone="us-east-1a", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PubSubnet1"), )) self.PubSubnet2 = self.template.add_resource( ec2.Subnet( "PubSubnet2", VpcId=Ref(self.vpc), CidrBlock=Ref(self.PubSub2Cidr), AvailabilityZone="us-east-1b", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PubSubnet2"), )) self.PrivSubnet1 = self.template.add_resource( ec2.Subnet( "PrivSubnet1", VpcId=Ref(self.vpc), CidrBlock=Ref(self.PrivSub1Cidr), AvailabilityZone="us-east-1a", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PrivSubnet1"), )) self.PrivSubnet2 = self.template.add_resource( ec2.Subnet( "PrivSubnet2", CidrBlock=Ref(self.PrivSub2Cidr), VpcId=Ref(self.vpc), AvailabilityZone="us-east-1b", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PrivSubnet2"), )) self.IGW = self.template.add_resource( ec2.InternetGateway( "IGW", Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-IGW"), )) self.IGWAttachment = self.template.add_resource( ec2.VPCGatewayAttachment( "IGWAttachment", VpcId=Ref(self.vpc), InternetGatewayId=Ref(self.IGW), )) self.EIP1 = self.template.add_resource(ec2.EIP( "EIP1", Domain="vpc", )) self.EIP2 = self.template.add_resource(ec2.EIP( "EIP2", Domain="vpc", )) self.NAT1 = self.template.add_resource( ec2.NatGateway( "NAT", AllocationId=GetAtt(self.EIP1, "AllocationId"), SubnetId=Ref(self.PubSubnet1), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-NAT1"), )) self.NAT2 = self.template.add_resource( ec2.NatGateway( "NAT2", AllocationId=GetAtt(self.EIP2, "AllocationId"), SubnetId=Ref(self.PubSubnet2), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-NAT2"), )) self.PrivRT1 = self.template.add_resource( ec2.RouteTable( "PrivRT1", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PRIVRT1"), )) self.PrivRT2 = self.template.add_resource( ec2.RouteTable( "PrivRT2", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PRIVRT2"), )) self.NatRoute = self.template.add_resource( ec2.Route( "NatRoute", RouteTableId=Ref(self.PrivRT1), DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(self.NAT1), )) self.Nat2Route = self.template.add_resource( ec2.Route( "NatRoute2", RouteTableId=Ref(self.PrivRT2), DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(self.NAT2), )) self.PrivRT1Association = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PrivRT1Association", SubnetId=Ref(self.PrivSubnet1), RouteTableId=Ref(self.PrivRT1), )) self.PrivRT2Association = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PrivRT2Association", SubnetId=Ref(self.PrivSubnet2), RouteTableId=Ref(self.PrivRT2), )) self.PubRT1 = self.template.add_resource( ec2.RouteTable( "PubRT1", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PUBRT1"), )) self.PubRT2 = self.template.add_resource( ec2.RouteTable( "PubRT2", VpcId=Ref(self.vpc), Tags=self.base_tags + Tags(Name=self.environment_parameters["ClientEnvironmentKey"] + "-SS-PUBRT2"), )) self.PubRT1IGWattachment = self.template.add_resource( ec2.Route( "PubRT1IGWAttachment", DependsOn=["IGWAttachment"], RouteTableId=Ref(self.PubRT1), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.IGW), )) self.PubRT2IGWattachment = self.template.add_resource( ec2.Route( "PubRT2IGWAttachment", DependsOn=["IGWAttachment"], RouteTableId=Ref(self.PubRT2), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.IGW), )) self.PubRT1Association = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PubRT1Associate", SubnetId=Ref(self.PubSubnet1), RouteTableId=Ref(self.PubRT1), )) self.PubRT2Asocation = self.template.add_resource( ec2.SubnetRouteTableAssociation( "PubR2Associate", SubnetId=Ref(self.PubSubnet2), RouteTableId=Ref(self.PubRT2), ))
def sg_subnet_vpc(self, template, provision_refs): ref_stack_id = Ref('AWS::StackId') if 'aws_vpc_id' in self.app.config['provision']: vpc = self.app.config['provision']['aws_vpc_id'] use_subnet = self.app.config['provision']['aws_subnet_id'] use_subnet2 = self.app.config['provision']['aws_subnet2_id'] use_sg = self.app.config['provision']['aws_sg_id'] use_alb_sg = self.app.config['provision']['alb_sg_id'] self.app.log.info( 'Using your AWS subnet, make sure the routes and ports are configured correctly' ) else: vpc = Ref( template.add_resource( ec2.VPC('VPC', CidrBlock='10.0.0.0/16', Tags=Tags(Application=ref_stack_id)))) internet_gateway = template.add_resource( ec2.InternetGateway('InternetGateway', Tags=Tags(Application=ref_stack_id))) template.add_resource( ec2.VPCGatewayAttachment( 'AttachGateway', VpcId=vpc, InternetGatewayId=Ref(internet_gateway))) route_table = template.add_resource( ec2.RouteTable('RouteTable', VpcId=vpc, Tags=Tags(Application=ref_stack_id))) subnet = template.add_resource( ec2.Subnet('Subnet', CidrBlock='10.0.0.0/24', VpcId=vpc, AvailabilityZone=Select(0, GetAZs("")), Tags=Tags(Application=ref_stack_id))) subnet2 = template.add_resource( ec2.Subnet('Subnet2', CidrBlock='10.0.1.0/24', VpcId=vpc, AvailabilityZone=Select(1, GetAZs("")), Tags=Tags(Application=ref_stack_id))) template.add_resource( ec2.Route( 'Route', DependsOn='AttachGateway', GatewayId=Ref('InternetGateway'), DestinationCidrBlock='0.0.0.0/0', RouteTableId=Ref(route_table), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'SubnetRouteTableAssociation', SubnetId=Ref(subnet), RouteTableId=Ref(route_table), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'Subnet2RouteTableAssociation', SubnetId=Ref(subnet2), RouteTableId=Ref(route_table), )) network_acl = template.add_resource( ec2.NetworkAcl( 'NetworkAcl', VpcId=vpc, Tags=Tags(Application=ref_stack_id), )) template.add_resource( ec2.NetworkAclEntry( 'InboundSSHNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='100', Protocol='6', PortRange=ec2.PortRange(From='22', To='22'), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'InboundResponsePortsNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='101', Protocol='6', PortRange=ec2.PortRange(From='1024', To='65535'), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'InboundICMPNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='102', Protocol='1', Icmp=ec2.ICMP(Code=-1, Type=-1), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) # Only used when Blockscout is deployed template.add_resource( ec2.NetworkAclEntry( 'InboundHttpsNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='103', Protocol='6', PortRange=ec2.PortRange(From='443', To='443'), Egress='false', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutBoundHTTPNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='100', Protocol='6', PortRange=ec2.PortRange(From='80', To='80'), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutBoundHTTPSNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='101', Protocol='6', PortRange=ec2.PortRange(From='443', To='443'), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutBoundResponsePortsNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='102', Protocol='6', PortRange=ec2.PortRange(From='1024', To='65535'), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.NetworkAclEntry( 'OutboundICMPNetworkAclEntry', NetworkAclId=Ref(network_acl), RuleNumber='103', Protocol='1', Icmp=ec2.ICMP(Code=-1, Type=-1), Egress='true', RuleAction='allow', CidrBlock='0.0.0.0/0', )) template.add_resource( ec2.SubnetNetworkAclAssociation( 'SubnetNetworkAclAssociation', SubnetId=Ref(subnet), NetworkAclId=Ref(network_acl), )) template.add_resource( ec2.SubnetNetworkAclAssociation( 'Subnet2NetworkAclAssociation', SubnetId=Ref(subnet2), NetworkAclId=Ref(network_acl), )) use_subnet = Ref(subnet) use_subnet2 = Ref(subnet2) alb_security_group = template.add_resource( ec2.SecurityGroup( 'ALBSecurityGroup', GroupDescription= 'ALB allows traffic from public, is used to terminate SSL', SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='46658', ToPort='46658', CidrIp='0.0.0.0/0'), ], VpcId=vpc, )) use_alb_sg = Ref(alb_security_group) instance_security_group = template.add_resource( ec2.SecurityGroup( 'InstanceSecurityGroup', GroupDescription='Enable tendermint and SSH for all nodes', SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp='0.0.0.0/0'), ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='46656', ToPort='46656', CidrIp='0.0.0.0/0'), ec2.SecurityGroupRule(IpProtocol='tcp', FromPort='46658', ToPort='46658', CidrIp='0.0.0.0/0'), ec2.SecurityGroupRule(IpProtocol='icmp', FromPort='-1', ToPort='-1', CidrIp='0.0.0.0/0'), ], VpcId=vpc, )) use_sg = Ref(instance_security_group) provision_refs.vpc = vpc provision_refs.security_group_ec2 = use_sg provision_refs.security_group_alb = use_alb_sg provision_refs.subnets.append(use_subnet) provision_refs.subnets.append(use_subnet2)
def main(): template = Template() vpc = template.add_resource( ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16', EnableDnsSupport='true', EnableDnsHostnames='true')) internet_gateway = template.add_resource( ec2.InternetGateway('MyInternetGateway', Tags=Tags(Name='MyInternetGateway'))) template.add_resource( ec2.VPCGatewayAttachment('MyVPCGatewayAttachment', InternetGatewayId=Ref(internet_gateway), VpcId=Ref(vpc), DependsOn=internet_gateway.title)) security_group = template.add_resource( ec2.SecurityGroup( 'mySecGroup', GroupDescription='Security group', VpcId=Ref(vpc), )) template.add_resource( ec2.SecurityGroupEgress('mySecGroupOut', CidrIp='0.0.0.0/0', IpProtocol='tcp', FromPort='0', ToPort='0', GroupId=Ref(security_group))) template.add_resource( ec2.SecurityGroupIngress('mySecGroupIn', CidrIp='0.0.0.0/0', IpProtocol='tcp', FromPort='0', ToPort='0', GroupId=Ref(security_group))) public_subnets = [ template.add_resource( ec2.Subnet('MyPubSub1', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24')), template.add_resource( ec2.Subnet('MyPubSub2', AvailabilityZone='ap-southeast-2b', VpcId=Ref(vpc), CidrBlock='10.0.2.0/24')), template.add_resource( ec2.Subnet('MyPubSub3', AvailabilityZone='ap-southeast-2c', VpcId=Ref(vpc), CidrBlock='10.0.3.0/24')) ] template.add_resource( elb.LoadBalancer('myLoadBalancer', CrossZone=True, HealthCheck=elb.HealthCheck( Target='HTTP:80/index.html', HealthyThreshold='10', UnhealthyThreshold='2', Interval='300', Timeout='60'), Listeners=[ elb.Listener(LoadBalancerPort='80', Protocol='HTTP', InstancePort='80', InstanceProtocol='HTTP') ], Scheme='internet-facing', SecurityGroups=[Ref(security_group)], Subnets=[Ref(subnet) for subnet in public_subnets])) template.add_resource( ec2.Instance('myinstance', KeyName='INSERT_YOUR_KEYPAIR_HERE', ImageId='ami-dc361ebf', InstanceType='t2.nano', NetworkInterfaces=[ ec2.NetworkInterfaceProperty( GroupSet=[Ref(security_group)], AssociatePublicIpAddress=True, DeviceIndex='0', DeleteOnTermination=True, SubnetId=Ref(public_subnets[0])) ], SourceDestCheck=True, DependsOn=internet_gateway.title)) HostedZone(template=template, domain='mypublic.hz', vpcs=None) HostedZone(template=template, domain='myprivate.hz', vpcs=[Ref(vpc)]) print(template.to_json(indent=2, separators=(',', ': ')))
def dump_base_yaml(cfn_file): template = Template() vpc_cidr_param = template.add_parameter( Parameter( "vpcCidrParam", Description="string of vpc cidr block to use", Type="String", )) subnet_cidr_param = template.add_parameter( Parameter( "subnetCidrParam", Description="string of subnet cidr block to use", Type="String", )) igw = template.add_resource( ec2.InternetGateway( "Igw", Tags=resource_tags, )) vpc = template.add_resource( ec2.VPC( "Vpc", CidrBlock=Ref(vpc_cidr_param), EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy="default", Tags=resource_tags, )) igwa = template.add_resource( ec2.VPCGatewayAttachment( "IgwA", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) route_tbl = template.add_resource( ec2.RouteTable( "RouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) default_route = template.add_resource( ec2.Route("defaultRoute", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), RouteTableId=Ref(route_tbl))) subnet = template.add_resource( ec2.Subnet( "Subnet", VpcId=Ref(vpc), CidrBlock=Ref(subnet_cidr_param), MapPublicIpOnLaunch=True, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblSubnetAsoc", RouteTableId=Ref(route_tbl), SubnetId=Ref(subnet))) priv_route_tbl = template.add_resource( ec2.RouteTable( "PrivRouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) priv_subnet = template.add_resource( ec2.Subnet( "PrivSubnet", VpcId=Ref(vpc), CidrBlock="10.10.1.0/24", MapPublicIpOnLaunch=False, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblPrivSubnetAsoc", RouteTableId=Ref(priv_route_tbl), SubnetId=Ref(priv_subnet))) ngw_elastic_ip = template.add_resource( ec2.EIP( "MyNgwEip", Tags=resource_tags, )) nat_gateway = template.add_resource( ec2.NatGateway( "MyNatGateway", AllocationId=GetAtt(ngw_elastic_ip, "AllocationId"), SubnetId=Ref(subnet), )) private_out_route = template.add_resource( ec2.Route("privateOutRoute", DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(nat_gateway), RouteTableId=Ref(priv_route_tbl))) template.add_output([ Output( "VpcId", Description="InstanceId of the newly created EC2 instance", Value=Ref(vpc), Export=Export("VpcId-jdix"), ), Output( "SubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(subnet), Export=Export("SubnetId-jdix"), ), Output( "PrivSubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(priv_subnet), Export=Export("PrivSubnetId-jdix"), ), ]) template_out_yaml(cfn_file, template)
def dump_base_yaml(cfn_file): template = Template() vpc_cidr_param = template.add_parameter( Parameter( "vpcCidrParam", Description="string of vpc cidr block to use", Type="String", )) subnet_cidr_param = template.add_parameter( Parameter( "subnetCidrParam", Description="string of subnet cidr block to use", Type="String", )) igw = template.add_resource( ec2.InternetGateway( "Igw", Tags=resource_tags, )) vpc = template.add_resource( ec2.VPC( "Vpc", CidrBlock=Ref(vpc_cidr_param), EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy="default", Tags=resource_tags, )) igwa = template.add_resource( ec2.VPCGatewayAttachment( "IgwA", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) route_tbl = template.add_resource( ec2.RouteTable( "RouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) default_route = template.add_resource( ec2.Route("defaultRoute", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(igw), RouteTableId=Ref(route_tbl))) subnet = template.add_resource( ec2.Subnet( "Subnet", VpcId=Ref(vpc), CidrBlock=Ref(subnet_cidr_param), MapPublicIpOnLaunch=True, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblSubnetAsoc", RouteTableId=Ref(route_tbl), SubnetId=Ref(subnet))) priv_route_tbl = template.add_resource( ec2.RouteTable( "PrivRouteTable", VpcId=Ref(vpc), Tags=resource_tags, )) priv_subnet = template.add_resource( ec2.Subnet( "PrivSubnet", VpcId=Ref(vpc), CidrBlock="10.10.1.0/24", MapPublicIpOnLaunch=False, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) route_tbl_asoc = template.add_resource( ec2.SubnetRouteTableAssociation("RouteTblPrivSubnetAsoc", RouteTableId=Ref(priv_route_tbl), SubnetId=Ref(priv_subnet))) ngw_elastic_ip = template.add_resource( ec2.EIP( "MyNgwEip", Tags=resource_tags, )) nat_gateway = template.add_resource( ec2.NatGateway( "MyNatGateway", AllocationId=GetAtt(ngw_elastic_ip, "AllocationId"), SubnetId=Ref(subnet), )) private_out_route = template.add_resource( ec2.Route("privateOutRoute", DestinationCidrBlock="0.0.0.0/0", NatGatewayId=Ref(nat_gateway), RouteTableId=Ref(priv_route_tbl))) first_network_acl = template.add_resource( ec2.NetworkAcl( "MyFirstNetAcl", Tags=resource_tags, VpcId=Ref(vpc), )) network_out_second_acl_entry = template.add_resource( ec2.NetworkAclEntry( "MyPrivOutNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="0.0.0.0/0", Protocol=-1, Egress=True, RuleAction="allow", RuleNumber=100, )) network_inbound_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyInNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="74.77.86.69/32", Protocol=6, RuleAction="allow", RuleNumber=100, PortRange=ec2.PortRange(From=22, To=22))) private_to_public_client_ports_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPriv2PubClientPortsNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="10.10.1.0/24", Protocol=6, RuleAction="allow", RuleNumber=101, PortRange=ec2.PortRange(From=1024, To=65535))) public_to_internet_client_ports_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPub2DefaultClientPortsNetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="0.0.0.0/0", Protocol=6, RuleAction="allow", RuleNumber=102, PortRange=ec2.PortRange(From=1024, To=65535))) public_to_private_icmpv4_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPubIcmpv4NetAclEntry", NetworkAclId=Ref(first_network_acl), CidrBlock="10.10.1.0/24", Protocol=1, Icmp=ec2.ICMP(Code=-1, Type=-1), RuleAction="allow", RuleNumber=103)) second_network_acl = template.add_resource( ec2.NetworkAcl( "MySecondNetAcl", Tags=resource_tags, VpcId=Ref(vpc), )) network_out_second_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPriv2InternetClientPortsNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="0.0.0.0/0", Protocol=6, RuleAction="allow", RuleNumber=100, PortRange=ec2.PortRange(From=1024, To=65535))) public_to_private_ssh_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPrivSshNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="10.10.0.0/24", Protocol=6, RuleAction="allow", RuleNumber=101, PortRange=ec2.PortRange(From=22, To=22))) public_to_private_http_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPrivHttpNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="10.10.0.0/24", Protocol=6, RuleAction="allow", RuleNumber=102, PortRange=ec2.PortRange(From=80, To=80))) private_to_public_icmpv4_acl_entry = template.add_resource( ec2.NetworkAclEntry("MyPrivIcmpv4NetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="10.10.0.0/24", Protocol=1, Icmp=ec2.ICMP(Code=-1, Type=-1), RuleAction="allow", RuleNumber=103)) network_out_second_acl_entry = template.add_resource( ec2.NetworkAclEntry( "MyPubOutNetAclEntry", NetworkAclId=Ref(second_network_acl), CidrBlock="0.0.0.0/0", Protocol=-1, Egress=True, RuleAction="allow", RuleNumber=100, )) subnet_nacl_asociation = template.add_resource( ec2.SubnetNetworkAclAssociation("subNaclAsoc", NetworkAclId=Ref(first_network_acl), SubnetId=Ref(subnet))) priv_subnet_nacl_asociation = template.add_resource( ec2.SubnetNetworkAclAssociation("privSubNaclAsoc", NetworkAclId=Ref(second_network_acl), SubnetId=Ref(priv_subnet))) template.add_output([ Output( "VpcId", Description="InstanceId of the newly created EC2 instance", Value=Ref(vpc), Export=Export("VpcId-jdix"), ), Output( "SubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(subnet), Export=Export("SubnetId-jdix"), ), Output( "PrivSubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(priv_subnet), Export=Export("PrivSubnetId-jdix"), ), ]) template_out_yaml(cfn_file, template)
def add_resource(self): t = self.template self.PublicRouteTable = t.add_resource(ec2.RouteTable( "PublicRouteTable", VpcId=Ref("VPC"), Tags=Tags( Application=Ref("AWS::StackName"), Network="Public", Environment=Ref(self.Environment), Name=Join("-", ["RT-PU-1", Ref(self.Project)]), ), )) self.GatewayToInternet = t.add_resource(ec2.VPCGatewayAttachment( "GatewayToInternet", VpcId=Ref("VPC"), InternetGatewayId=Ref("InternetGateway"), )) self.PubSubnet1 = t.add_resource(ec2.Subnet( "PubSubnet1", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Public", Name=Join("-", ["NT-PU-1", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PublicSubnet1), AvailabilityZone=Ref(self.AvailabilityZone1), MapPublicIpOnLaunch=True, )) self.PubSubnet2 = t.add_resource(ec2.Subnet( "PubSubnet2", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Public", Name=Join("-", ["NT-PU-2", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PublicSubnet2), AvailabilityZone=Ref(self.AvailabilityZone2), MapPublicIpOnLaunch=True, )) self.PriSubnet2 = t.add_resource(ec2.Subnet( "PriSubnet2", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["NT-PR-2", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PrivateSubnet2), AvailabilityZone=Ref(self.AvailabilityZone2), )) self.PriSubnet1 = t.add_resource(ec2.Subnet( "PriSubnet1", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["NT-PR-1", Ref(self.Project)]), ), VpcId=Ref("VPC"), CidrBlock=Ref(self.PrivateSubnet1), AvailabilityZone=Ref(self.AvailabilityZone1), )) self.PrivateRouteTable2 = t.add_resource(ec2.RouteTable( "PrivateRouteTable2", VpcId=Ref("VPC"), Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["RT-PR-2", Ref(self.Project)]), ), )) self.PublicRoute = t.add_resource(ec2.Route( "PublicRoute", GatewayId=Ref("InternetGateway"), DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(self.PublicRouteTable), )) self.PrivateRouteTable1 = t.add_resource(ec2.RouteTable( "PrivateRouteTable1", VpcId=Ref("VPC"), Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Private", Name=Join("-", ["RT-PR-1", Ref(self.Project)]), ), )) self.PriSubnet2RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PriSubnet2RTAssoc", SubnetId=Ref(self.PriSubnet2), RouteTableId=Ref(self.PrivateRouteTable2), )) self.InternetGateway = t.add_resource(ec2.InternetGateway( "InternetGateway", Tags=Tags( Application=Ref("AWS::StackName"), Environment=Ref(self.Environment), Network="Public", Name=Join("-", ["IGW", Ref(self.Project)]), ), )) self.VPC = t.add_resource(ec2.VPC( "VPC", CidrBlock=Ref(self.VpcCidr), EnableDnsSupport=True, EnableDnsHostnames=True, Tags=Tags( Name=Join("-", ["VPC", Ref(self.Project)]), Environment=Ref(self.Environment), Application=Ref("AWS::StackName"), ), )) self.PubSubnet2RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PubSubnet2RTAssoc", SubnetId=Ref(self.PubSubnet2), RouteTableId=Ref(self.PublicRouteTable), )) self.PubSubnet1RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PubSubnet1RTAssoc", SubnetId=Ref(self.PubSubnet1), RouteTableId=Ref(self.PublicRouteTable), )) self.PriSubnet1RTAssoc = t.add_resource(ec2.SubnetRouteTableAssociation( "PriSubnet1RTAssoc", SubnetId=Ref(self.PriSubnet1), RouteTableId=Ref(self.PrivateRouteTable1), ))
"ap-northeast-1": {"AMI": "ami-b80b6db8"}, "us-east-1": {"AMI": "ami-61bbf104"}, "sa-east-1": {"AMI": "ami-fd0197e0"}, "us-west-1": {"AMI": "ami-f77fbeb3"}, "us-west-2": {"AMI": "ami-d440a6e7"} }) VPC = t.add_resource(ec2.VPC( "VPC", EnableDnsSupport="true", CidrBlock=FindInMap("SubnetConfig", "VPC", "CIDR"), EnableDnsHostnames="true", )) InternetGateway = t.add_resource(ec2.InternetGateway( "InternetGateway", )) PublicSubnet = t.add_resource(ec2.Subnet( "PublicSubnet", VpcId=Ref("VPC"), CidrBlock=FindInMap("SubnetConfig", "Public", "CIDR"), )) PublicRouteTable = t.add_resource(ec2.RouteTable( "PublicRouteTable", VpcId=Ref(VPC), )) DefaultSecurityGroup = t.add_resource(ec2.SecurityGroup(
ec2.Subnet( 'PublicSubnet', CidrBlock=Ref(public_subnet), MapPublicIpOnLaunch=True, VpcId=Ref(vpc), )) private_net = t.add_resource( ec2.Subnet( 'PrivateSubnet', CidrBlock=Ref(private_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), )) igw = t.add_resource(ec2.InternetGateway('InternetGateway', )) net_gw_vpc_attachment = t.add_resource( ec2.VPCGatewayAttachment( "NatAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) private_route_table = t.add_resource( ec2.RouteTable( 'PrivateRouteTable', VpcId=Ref(vpc), )) public_route_table = t.add_resource(
from troposphere import Template, Ref import troposphere.ec2 as ec2 t = Template() r_vpc = t.add_resource(ec2.VPC('VPC', CidrBlock='10.0.0.0/16')) r_internet_gateway = t.add_resource(ec2.InternetGateway('InternetGateway')) r_gateway_attachment = t.add_resource( ec2.VPCGatewayAttachment('VPCGatewayAttachment', VpcId=Ref(r_vpc), InternetGatewayId=Ref(r_internet_gateway))) r_public_route_table = t.add_resource( ec2.RouteTable('PublicRouteTable', VpcId=Ref(r_vpc))) r_route_igw = t.add_resource( ec2.Route( 'RouteInternetGateway', DependsOn=r_gateway_attachment, GatewayId=Ref(r_internet_gateway), DestinationCidrBlock='0.0.0.0/0', RouteTableId=Ref(r_public_route_table), )) print(t.to_yaml())