def create_subnets(): return [ ec2.Subnet( 'subnetA', AvailabilityZone='us-east-1a', CidrBlock=Ref('cidrSubnetA'), MapPublicIpOnLaunch=True, Tags=_tags(), VpcId=Ref('vpc'), ), ec2.SubnetRouteTableAssociation( 'subnetAToRouteTable', RouteTableId=Ref('routeTable'), SubnetId=Ref('subnetA'), ), ec2.Subnet( 'subnetB', AvailabilityZone='us-east-1b', CidrBlock=Ref('cidrSubnetB'), MapPublicIpOnLaunch=True, Tags=_tags(), VpcId=Ref('vpc'), ), ec2.SubnetRouteTableAssociation( 'subnetBToRouteTable', RouteTableId=Ref('routeTable'), SubnetId=Ref('subnetB'), ), ]
def create_subnets(self): self.default_azs = [] self.default_private_subnets = [] self.default_public_subnets = [] for num, availability_zone in enumerate(self.availability_zones): public_subnet_name = '{}PublicSubnet'.format( availability_zone.cfn_name) public_subnet = self.create_resource(ec2.Subnet( public_subnet_name, VpcId=Ref(self.vpc), CidrBlock=cidr_generator.next(), AvailabilityZone=availability_zone.name, Tags=self.get_tags(Name=public_subnet_name)), output=public_subnet_name) self.create_resource( ec2.SubnetRouteTableAssociation( '{}PublicRouteTableAssociation'.format( public_subnet.title), SubnetId=Ref(public_subnet), RouteTableId=Ref(self.public_route_table))) private_subnet_name = '{}PrivateSubnet'.format( availability_zone.cfn_name) private_subnet = self.create_resource(ec2.Subnet( private_subnet_name, VpcId=Ref(self.vpc), CidrBlock=cidr_generator.next(), AvailabilityZone=availability_zone.name, Tags=self.get_tags(Name=private_subnet_name)), output=private_subnet_name) private_route_table_name = '{}PrivateRouteTable'.format( availability_zone.cfn_name) private_route_table = self.create_resource( ec2.RouteTable( private_route_table_name, VpcId=Ref(self.vpc), Tags=self.get_tags(Name=private_route_table_name))) self.PRIVATE_ROUTE_TABLES.append(private_route_table) self.create_resource( ec2.SubnetRouteTableAssociation( '{}PrivateSubnetRouteTableAssociation'.format( private_subnet.title), SubnetId=Ref(private_subnet), RouteTableId=Ref(private_route_table))) self.PUBLIC_SUBNETS.append(public_subnet) self.PRIVATE_SUBNETS.append(private_subnet) if availability_zone.name in self.get_input('AvailabilityZones'): self.create_nat_gateway(availability_zone, public_subnet, private_route_table) self.default_azs.append(availability_zone.name) self.default_private_subnets.append(private_subnet) self.default_public_subnets.append(public_subnet)
def create_subnets(self, public_route_table): self.default_azs = [] self.default_private_subnets = [] self.default_public_subnets = [] for num, availability_zone in enumerate(self.availability_zones): public_subnet_name = '{}PublicSubnet'.format( availability_zone.cfn_name) # NOQA public_subnet = self.create_resource( ec2.Subnet(public_subnet_name, VpcId=Ref(self.vpc), CidrBlock=next(self.public_subnet_cidr_ranges), AvailabilityZone=availability_zone.name, Tags=self.get_tags(Name=public_subnet_name))) self.create_resource( ec2.SubnetRouteTableAssociation( '{}PublicRouteTableAssociation'.format( public_subnet.title), SubnetId=Ref(public_subnet), RouteTableId=Ref(public_route_table))) private_subnet_name = '{}PrivateSubnet'.format( availability_zone.cfn_name) # NOQA private_subnet = self.create_resource( ec2.Subnet(private_subnet_name, VpcId=Ref(self.vpc), CidrBlock=next(self.private_subnet_cidr_ranges), AvailabilityZone=availability_zone.name, Tags=self.get_tags(Name=private_subnet_name))) private_route_table_name = '{}PrivateRouteTable'.format( availability_zone.cfn_name) # NOQA private_route_table = self.create_resource( ec2.RouteTable( private_route_table_name, VpcId=Ref(self.vpc), Tags=self.get_tags(Name=private_route_table_name))) self.create_resource( ec2.SubnetRouteTableAssociation( '{}PrivateSubnetRouteTableAssociation'.format( private_subnet.title), # NOQA SubnetId=Ref(private_subnet), RouteTableId=Ref(private_route_table))) if availability_zone.name in self.get_input( 'AvailabilityZones').split(','): # NOQA self.create_nat(availability_zone, public_subnet, private_route_table) self.default_azs.append(availability_zone.name) self.default_private_subnets.append(private_subnet) self.default_public_subnets.append(public_subnet)
def main(): vpc = ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16') subnet = ec2.Subnet('MySubnet', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24') template = Template() single_instance_config = SingleInstanceConfig( keypair='INSERT_YOUR_KEYPAIR_HERE', si_image_id='ami-dc361ebf', si_instance_type='t2.micro', vpc=Ref(vpc), subnet=Ref(subnet), instance_dependencies=vpc.title, public_hosted_zone_name=None, sns_topic=None, is_nat=False, iam_instance_profile_arn=None, availability_zone='ap-southeast-2a') SingleInstance(title='jump', template=template, single_instance_config=single_instance_config) template.add_resource(vpc) template.add_resource(subnet) print(template.to_json(indent=2, separators=(',', ': ')))
def create_subnet(self): t = self.template self.subnet = t.add_resource( ec2.Subnet( "Subnet", VpcId=self.vpc_id, AvailabilityZone=self.availability_zone, CidrBlock=self.cidr_block, Tags=self.tags, ) ) t.add_output(Output("SubnetId", Value=self.subnet.Ref())) t.add_output(Output("NetworkType", Value=self.network_type)) t.add_output(Output("CidrBlock", Value=self.cidr_block)) attrs = ["AvailabilityZone", "NetworkAclAssociationId", "VpcId"] for attr in attrs: t.add_output(Output(attr, Value=self.subnet.GetAtt(attr))) list_attrs = ["Ipv6CidrBlocks"] for attr in list_attrs: t.add_output( Output( attr, Value=Join(",", self.subnet.GetAtt(attr)) ) )
def subnet(self) -> ec2.Subnet: """Return a Subnet for the VPC.""" return ec2.Subnet( name_to_id(f"{self.name}Subnet"), VpcId=Ref(self.vpc), CidrBlock=self.subnet_cidr_block, )
def test_internet_gateway(stack: Stack) -> None: """Test InternetGateway construct.""" vpc = ec2.VPC( name_to_id("vpc-test"), CidrBlock="10.0.0.0/16", EnableDnsHostnames="true", EnableDnsSupport="true", ) subnets = [ ec2.Subnet( name_to_id(f"{zone}-subnet"), CidrBlock="10.0.0.0/20", AvailabilityZone="eu-west-1b", VpcId=Ref(vpc), MapPublicIpOnLaunch="true", ) for zone, ip in zip(["eu-west-1a", "eu-west-1b"], ["10.0.0.0/20", "10.0.16.0/20"]) ] igw = InternetGateway(name_prefix="test", vpc=vpc, subnets=subnets) for el in (vpc, *subnets, igw): stack.add(el) assert stack.export()["Resources"] == EXPECTED_TEMPLATE
def main(): vpc = ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16') subnet = ec2.Subnet('MySubnet', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24') template = Template() sns_topic = SNS(template) single_instance_config = SingleInstanceConfig( keypair='INSERT_YOUR_KEYPAIR_HERE', si_image_id='ami-53371f30', si_instance_type='t2.micro', vpc=Ref(vpc), subnet=Ref(subnet), is_nat=True, instance_dependencies=vpc.title, public_hosted_zone_name=None, iam_instance_profile_arn=None, sns_topic=sns_topic, availability_zone='ap-southeast-2a', ec2_scheduled_shutdown=None, owner='*****@*****.**') SingleInstance(title='nat1', template=template, single_instance_config=single_instance_config) template.add_resource(vpc) template.add_resource(subnet) print(template.to_json(indent=2, separators=(',', ': ')))
def create_vpc_subnet(subnet): prefix = calculate_cidr_prefix(subnet[1]["IP Count"]) possible_nets = list(network.subnet(prefix)) if subnet[0] == 0: cidrblock = possible_nets[0] chosen_nets.append(possible_nets[0]) else: net = None for possible_net in possible_nets: ok = True for chosen_net in chosen_nets: if possible_net in chosen_net: ok = False if ok: net = possible_net break if net is None: raise ValueError('Unable to fit all subnets in your VPC.') chosen_nets.append(net) cidrblock = net tags = [{"Key": "Network", "Value": subnet[1]["Type"]}] return ec2.Subnet(name=subnet[1]["Name"], CidrBlock=str(cidrblock), VpcId=Ref(vpc), Tags=tags)
def create_subnet(template, name, vpc, cidr_block, availability_zone): return template.add_resource(ec2.Subnet( name, VpcId=Ref(vpc), CidrBlock=cidr_block, AvailabilityZone=availability_zone, Tags=Tags(Name=name) ))
def dump_yaml(cfn_file): template = Template() vpc_cidr_param = template.add_parameter( Parameter( "vpcCidrParam", Description="string of vpc cidr block to use", Type="String", )) subnet_cidr_param = template.add_parameter( Parameter( "subnetCidrParam", Description="string of subnet cidr block to use", Type="String", )) resource_tags = Tags(Name=Sub("${AWS::StackName}"), user="******", stelligent_u_lesson='lesson-4-1', stelligent_u_lab='lab-1') vpc = template.add_resource( ec2.VPC( "Vpc", CidrBlock=Ref(vpc_cidr_param), EnableDnsSupport=True, EnableDnsHostnames=True, InstanceTenancy="default", Tags=resource_tags, )) subnet = template.add_resource( ec2.Subnet( "Subnet", VpcId=Ref(vpc), CidrBlock=Ref(subnet_cidr_param), MapPublicIpOnLaunch=False, AvailabilityZone=Select(0, GetAZs()), Tags=resource_tags, )) template.add_output([ Output( "vpcId", Description="InstanceId of the newly created EC2 instance", Value=Ref(vpc), ), Output( "SubnetId", Description="InstanceId of the newly created EC2 instance", Value=Ref(subnet), ), ]) with open(cfn_file, 'w') as f: f.write(template.to_yaml())
def createCouchbaseSubnet(t, vpc): couchbaseSubnet = t.add_resource(ec2.Subnet( 'SUBNET', CidrBlock='10.0.0.0/16', MapPublicIpOnLaunch='true', Tags=Tags(Name=Join('', ['subnet-scalability-', Ref('AWS::Region')])), VpcId=Ref(vpc) )) return couchbaseSubnet
def createCouchbaseSubnet2(t, vpc): couchbaseSubnet = t.add_resource(ec2.Subnet( 'SUBNET2', AvailabilityZone = configuration.CLUSTER2_AVAILABILITY_ZONE, CidrBlock='10.0.128.0/17', MapPublicIpOnLaunch='true', Tags=Tags(Name=Join('', ['subnet2-scalability-', Ref('AWS::Region')])), VpcId=Ref(vpc) )) return couchbaseSubnet
def subnet(self) -> ec2.Subnet: """Return a private subnet.""" if self._subnet is None: self._subnet = ec2.Subnet( name_to_id(self.name), VpcId=Ref(self.vpc), CidrBlock=self.cidr_block, Tags=Tags({"Name": self.name}), ) return self._subnet
def build_subnet(self, t, subnetName, az, cidr): subnet = t.add_resource( ec2.Subnet( subnetName, VpcId=Ref(self.vpc), AvailabilityZone=az, CidrBlock=cidr, Tags=self.defaultTags + [ec2.Tag('Name', Join("", [self.namePrefix, subnetName]))])) return subnet
def define_subnet(self, subnet_config, vpc_name): subnet = ec2.Subnet(subnet_config["name"], DeletionPolicy=self.deletion_policy) #print("creating subnet in %s" % defaults["vpc_id"]) subnet.VpcId = Ref(self.template.resources[vpc_name]) subnet.AvailabilityZone = subnet_config["availability_zone"] subnet.CidrBlock = subnet_config["cidr_block"] subnet.Tags = self._get_tags(subnet_config) self._add_resource(subnet)
def subnet(self) -> ec2.Subnet: """Return a Subnet for VPC endpoints.""" if self._subnet is None: subnet_name = f"{self.name}Subnet" self._subnet = ec2.Subnet( name_to_id(subnet_name), VpcId=Ref(self.vpc), CidrBlock=self.cidr_block, Tags=Tags({"Name": subnet_name}), ) return self._subnet
def add_subnet_db2(self): name, tags = self._name_tags('subnet_db2') self.subnet_db2 = self.t.add_resource( ec2.Subnet( name, AvailabilityZone=self.aws['subnet_db2.az'], CidrBlock=self.aws['subnet_db2.cidr_block'], VpcId=Ref(self.vpc), Tags=Tags(**tags), )) self.t.add_output(Output( "DB2Subnet", Value=Ref(self.subnet_db2) ))
def create_subnets(self): t = self.template vpc_cidr = self.get_variables()["VpcCidrBlock"] n_hosts = self.get_variables()["HostsPerSubnet"] # Calculate the number of subnets and their addresses here # For each calculated subnet t.add_resource( ec2.Subnet( RESOURCE_NAME, AvailabilityZone=AZS[?], # How can you distribute the subnets across as many AZs as possible? VpcId=VPC_ID, CidrBlock=SUBNET_CIDR_BLOCK, # This will come from the calculation above Tags=Tags(Name="%s - %s" % (self.get_variables()["Namespace"], SUBNET_CIDR_BLOCK)) # This will generate the following tag: Name: teamX - x.x.x.x/x ) )
def build(prefix, template, vpc, cidr="172.168.1.0/24", index=1): """ Build public subnet and contained resources """ subnet_title = resource_title.subnet_title(prefix, index) subnet = ec2.Subnet(subnet_title) subnet.CidrBlock = cidr subnet.VpcId = Ref(vpc) subnet.Tags = [ tagging.pair('Public', str(True)), tagging.name(subnet_title), tagging.env_name() ] template.add_resource(subnet) template.add_output( Output('PublicSubnet', Description="PublicSubnet", Value=Ref(subnet))) routing.build(prefix, template, vpc, subnet) return subnet
def create_vpc(t, env, env_number, subnet_mapping, subnet_config): ''' Creates the VPC along with the subnets, IGW and RouteTables ''' vpc_objects = {} vpc_objects['vpc'] = t.add_resource( ec2.VPC("{}VPC".format(env.upper()), CidrBlock="10.{}.0.0/16".format(env_number), InstanceTenancy="default", Tags=Tags(Name="{}VPC".format(env.upper())))) vpc_objects['igw'] = t.add_resource(ec2.InternetGateway("InternetGateway")) vpc_objects['igw_attachment'] = t.add_resource( ec2.VPCGatewayAttachment( "IGWAttachment", VpcId=Ref(vpc_objects['vpc']), InternetGatewayId=Ref(vpc_objects['igw']), )) # Create Subnets vpc_objects['subnets'] = {} vpc_objects['nat_eip'] = {} for subid in subnet_config: vpc_objects['subnets'][subid] = t.add_resource( ec2.Subnet(subid, CidrBlock=subnet_config[subid]['subnet'], VpcId=Ref(vpc_objects['vpc']), AvailabilityZone="{}".format( subnet_config[subid]['az_name']), Tags=Tags(Name="{}Subnet".format(subid)))) # Create NAT Gateways if subnet_config[subid]['service'] == 'nat': az = subnet_config[subid]['az_number'] nat_eip_name = '{}{}NatEIP'.format(env.title(), az) vpc_objects['nat_eip'][nat_eip_name] = t.add_resource( ec2.EIP(nat_eip_name, Domain="vpc")) t.add_resource( ec2.NatGateway('{}{}NatGW'.format(env.title(), az), AllocationId=GetAtt( vpc_objects['nat_eip'][nat_eip_name], 'AllocationId'), SubnetId=Ref(vpc_objects['subnets'][subid]))) return t, vpc_objects
def main(): """ Creates a troposphere template and then adds a single s3 bucket """ template = Template() vpc = template.add_resource(ec2.VPC('MyVPC', CidrBlock='10.0.0.0/16')) internet_gateway = template.add_resource(ec2.InternetGateway('MyInternetGateway')) template.add_resource(ec2.VPCGatewayAttachment('MyVPCGatewayAttachment', InternetGatewayId=Ref(internet_gateway), VpcId=Ref(vpc), DependsOn=internet_gateway.title)) security_group = template.add_resource(ec2.SecurityGroup('mySecGroup', GroupDescription='Security group', VpcId=Ref(vpc), )) subnet = template.add_resource(ec2.Subnet('MyPubSub', AvailabilityZone='ap-southeast-2a', VpcId=Ref(vpc), CidrBlock='10.0.1.0/24')) template.add_resource(ec2.Instance( 'myinstance', KeyName='INSERT_YOUR_KEYPAIR_HERE', ImageId='ami-dc361ebf', InstanceType='t2.nano', NetworkInterfaces=[ec2.NetworkInterfaceProperty( GroupSet=[Ref(security_group)], AssociatePublicIpAddress=True, DeviceIndex='0', DeleteOnTermination=True, SubnetId=Ref(subnet))], SourceDestCheck=True, DependsOn=internet_gateway.title )) SNS(template=template) print(template.to_json(indent=2, separators=(',', ': ')))
def configure_vpc(cfn_template, cluster_name): vpc = ec2.VPC("DustVPC") vpc.CidrBlock = "10.0.0.0/16" vpc.Tags = [ec2.Tag("Name:", cluster_name)] cfn_template.add_resource(vpc) vpc_id = Ref(vpc) subnet = ec2.Subnet('dustSubnet') subnet.VpcId = vpc_id subnet.CidrBlock = "10.0.0.0/24" cfn_template.add_resource(subnet) vpc_subnet = Ref(subnet) net_gateway = ec2.InternetGateway('dustGateway') cfn_template.add_resource(net_gateway) attach_net_gateway = ec2.VPCGatewayAttachment('dustAttachGateway') attach_net_gateway.VpcId = vpc_id attach_net_gateway.InternetGatewayId = Ref(net_gateway) cfn_template.add_resource(attach_net_gateway) route_table = ec2.RouteTable('dustRoutetable') route_table.VpcId = vpc_id cfn_template.add_resource(route_table) route = ec2.Route('dustRoute') route.RouteTableId = Ref(route_table) route.DestinationCidrBlock = "0.0.0.0/0" route.GatewayId = Ref(net_gateway) route.DependsOn = "dustAttachGateway" cfn_template.add_resource(route) attach_route = ec2.SubnetRouteTableAssociation('dustAttachRouteTable') attach_route.SubnetId = vpc_subnet attach_route.RouteTableId = Ref(route_table) cfn_template.add_resource(attach_route) return vpc_id, vpc_subnet
def create_subnets_in_availability_zones(self): t = self.template subnet_count = 0 for name in self.subnets.keys(): self.subnets[name]['az_subnets'] = list() for i in range(len(self.zones)): subnet_name = '%sSubnet%d' % (name, i) self.subnets[name]['az_subnets'].append(subnet_name) t.add_resource( ec2.Subnet( subnet_name, AvailabilityZone=self.zones[i], CidrBlock=self.subnet_cidr(self.subnets, name, i), #Tags=Tags(net_type=self.subnets[name]['net_type']) + Tags(self.variables['Tags']), VpcId=VPC_ID)) # Outputs for name in self.subnets: t.add_output( Output( '%sSubnets' % name, Value=Join( ',', [Ref(sn) for sn in self.subnets[name]['az_subnets']])))
def create_si(title, is_nat=False, ec2_schedule=None): """ Helper function to create Single instance Troposhpere object to interate through. :param title: name of instance :param is_nat: is the instance a nat :param ec2_schedule: optional flag to set scheduler tag on instance :return: Troposphere object for single instance, security group and output """ vpc = 'vpc-12345' dependencies = 'igw-12345' public_hosted_zone_name = None if is_nat else 'my.hostedzone.' template = Template() subnet = template.add_resource( ec2.Subnet('subnet12345', AvailabilityZone='ap-southeast-2a', VpcId=vpc, CidrBlock='10.0.1.0/24')) sns_topic = SNS(template) single_instance_config = SingleInstanceConfig( keypair='pipeline', si_image_id='ami-53371f30', si_instance_type='t2.nano', vpc=vpc, subnet=Ref(subnet), public_hosted_zone_name=public_hosted_zone_name, instance_dependencies=dependencies, is_nat=is_nat, iam_instance_profile_arn='my/instance-profile', sns_topic=sns_topic, availability_zone='ap-southeast-2a', ec2_scheduled_shutdown=ec2_schedule, owner='*****@*****.**') si = SingleInstance(title=title, template=template, single_instance_config=single_instance_config) return si
def gen_public_subnet_az(self, az_index, cidr_block): name = f"PublicSubnet{az_index}" subnet = ec2.Subnet( name, VpcId=Ref(self.vpc), CidrBlock=cidr_block, AvailabilityZone=Select(str(az_index), GetAZs(Ref("AWS::Region"))), ) self.template.add_resource(subnet) self.export_value(Ref(subnet), name) route_table_association = ec2.SubnetRouteTableAssociation( f"{name}RouteTableAssociation", SubnetId=Ref(subnet), RouteTableId=Ref(self.public_route_table), ) self.template.add_resource(route_table_association) network_acl_association = ec2.SubnetNetworkAclAssociation( f"{name}NetworkAclAssociation", SubnetId=Ref(subnet), NetworkAclId=Ref(self.network_acl), ) self.template.add_resource(network_acl_association)
Parameter( 'PrivateSubnetCidr', Type='String', Description='Public Subnet CIDR', Default='172.18.32.0/21', )) vpc = t.add_resource(ec2.VPC( 'VPC', CidrBlock=Ref(vpc_cidr), )) public_net = t.add_resource( ec2.Subnet( 'PublicSubnet', CidrBlock=Ref(public_subnet), MapPublicIpOnLaunch=True, VpcId=Ref(vpc), )) private_net = t.add_resource( ec2.Subnet( 'PrivateSubnet', CidrBlock=Ref(private_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), )) igw = t.add_resource(ec2.InternetGateway('InternetGateway', )) net_gw_vpc_attachment = t.add_resource( ec2.VPCGatewayAttachment(
def create_network(self): t = self.template variables = self.get_variables() self.create_gateway() t.add_resource(ec2.NetworkAcl('DefaultACL', VpcId=VPC_ID)) self.create_nat_security_groups() subnets = {'public': [], 'private': []} net_types = subnets.keys() zones = [] for i in range(variables["AZCount"]): az = Select(i, GetAZs("")) zones.append(az) name_suffix = i for net_type in net_types: name_prefix = net_type.capitalize() subnet_name = "%sSubnet%s" % (name_prefix, name_suffix) subnets[net_type].append(subnet_name) t.add_resource( ec2.Subnet(subnet_name, AvailabilityZone=az, VpcId=VPC_ID, DependsOn=GW_ATTACH, CidrBlock=variables.get("%sSubnets" % name_prefix)[i], Tags=Tags(type=net_type))) route_table_name = "%sRouteTable%s" % (name_prefix, name_suffix) t.add_resource( ec2.RouteTable(route_table_name, VpcId=VPC_ID, Tags=[ec2.Tag('type', net_type)])) t.add_resource( ec2.SubnetRouteTableAssociation( "%sRouteTableAssociation%s" % (name_prefix, name_suffix), SubnetId=Ref(subnet_name), RouteTableId=Ref(route_table_name))) route_name = '%sRoute%s' % (name_prefix, name_suffix) if net_type == 'public': # the public subnets are where the NAT instances live, # so their default route needs to go to the AWS # Internet Gateway t.add_resource( ec2.Route(route_name, RouteTableId=Ref(route_table_name), DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(GATEWAY))) self.create_nat_instance(i, subnet_name) else: # Private subnets are where actual instances will live # so their gateway needs to be through the nat instances route = ec2.Route( route_name, RouteTableId=Ref(route_table_name), DestinationCidrBlock='0.0.0.0/0', ) if variables["UseNatGateway"]: route.NatGatewayId = Ref(NAT_GATEWAY_NAME % name_suffix) else: route.InstanceId = Ref(NAT_INSTANCE_NAME % name_suffix) t.add_resource(route) for net_type in net_types: t.add_output( Output("%sSubnets" % net_type.capitalize(), Value=Join(",", [Ref(sn) for sn in subnets[net_type]]))) for i, sn in enumerate(subnets[net_type]): t.add_output( Output("%sSubnet%d" % (net_type.capitalize(), i), Value=Ref(sn))) self.template.add_output( Output("AvailabilityZones", Value=Join(",", zones))) for i, az in enumerate(zones): t.add_output(Output("AvailabilityZone%d" % (i), Value=az))
def __init__(self): super(VPC, self).__init__() self.vpc = ec2.VPC( "VPC", CidrBlock="172.1.0.0/16", InstanceTenancy="default", EnableDnsSupport=True, EnableDnsHostnames=True, Tags=Tags(Name=Ref("AWS::StackName")), ) self.internet_gateway = ec2.InternetGateway( "InternetGateway", Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-internet-gateway"]), ), ) self.internet_gateway_attachment = ec2.VPCGatewayAttachment( "InternetGatewayAttachment", InternetGatewayId=Ref(self.internet_gateway), VpcId=Ref(self.vpc), ) self.public_route_table = ec2.RouteTable( "PublicRouteTable", VpcId=Ref(self.vpc), Tags=Tags(Name=Join( "-", [Ref("AWS::StackName"), "public-route-table"]), ), ) self.private_route_table = ec2.RouteTable( "PrivateRouteTable", VpcId=Ref(self.vpc), Tags=Tags(Name=Join( "-", [Ref("AWS::StackName"), "private-route-table"]), ), ) self.vpc_s3_endpoint = ec2.VPCEndpoint( "VPCS3Endpoint", ServiceName=Join( "", ["com.amazonaws.", Ref("AWS::Region"), ".s3"]), VpcId=Ref(self.vpc), RouteTableIds=[ Ref(self.public_route_table), Ref(self.private_route_table) ], ) self.route_to_internet = ec2.Route( "RouteToInternet", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(self.internet_gateway), RouteTableId=Ref(self.public_route_table), DependsOn=self.internet_gateway_attachment.title, ) # private subnets self.private_subnet_1 = ec2.Subnet( "PrivateSubnet1", AvailabilityZone=Select(0, GetAZs()), CidrBlock="172.1.1.0/24", MapPublicIpOnLaunch=False, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-private-subnet-1"]), ), VpcId=Ref(self.vpc), ) self.private_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation( "PrivateSubnet1RouteTableAssociation", RouteTableId=Ref(self.private_route_table), SubnetId=Ref(self.private_subnet_1), ) self.private_subnet_2 = ec2.Subnet( "PrivateSubnet2", AvailabilityZone=Select(1, GetAZs()), CidrBlock="172.1.2.0/24", MapPublicIpOnLaunch=False, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-private-subnet-2"]), ), VpcId=Ref(self.vpc), ) self.private_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation( "PrivateSubnet2RouteTableAssociation", RouteTableId=Ref(self.private_route_table), SubnetId=Ref(self.private_subnet_2), ) self.private_network_aCL = ec2.NetworkAcl( "PrivateNetworkACL", VpcId=Ref(self.vpc), Tags=Tags(Name=Join("", [Ref("AWS::StackName"), "-private-nacl"]), ), ) self.private_subnet_1_network_acl_association = ec2.SubnetNetworkAclAssociation( "PrivateSubnet1NetworkAclAssociation", SubnetId=Ref(self.private_subnet_1), NetworkAclId=Ref(self.private_network_aCL), ) self.private_subnet_2_network_acl_association = ec2.SubnetNetworkAclAssociation( "PrivateSubnet2NetworkAclAssociation", SubnetId=Ref(self.private_subnet_2), NetworkAclId=Ref(self.private_network_aCL), ) self.private_network_acl_entry_in = ec2.NetworkAclEntry( "PrivateNetworkAclEntryIn", CidrBlock="172.1.0.0/16", Egress=False, NetworkAclId=Ref(self.private_network_aCL), Protocol=-1, RuleAction="allow", RuleNumber=200, ) self.private_network_acl_entry_out = ec2.NetworkAclEntry( "PrivateNetworkAclEntryOut", CidrBlock="172.1.0.0/16", Egress=True, NetworkAclId=Ref(self.private_network_aCL), Protocol=-1, RuleAction="allow", RuleNumber=200, ) # public subnets self.public_subnet_1 = ec2.Subnet( "PublicSubnet1", AvailabilityZone=Select(0, GetAZs()), CidrBlock="172.1.128.0/24", MapPublicIpOnLaunch=True, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-public-subnet-1"]), ), VpcId=Ref(self.vpc), ) self.public_subnet_1_route_table_association = ec2.SubnetRouteTableAssociation( "PublicSubnet1RouteTableAssociation", RouteTableId=Ref(self.public_route_table), SubnetId=Ref(self.public_subnet_1), ) self.public_subnet_2 = ec2.Subnet( "PublicSubnet2", AvailabilityZone=Select(1, GetAZs()), CidrBlock="172.1.129.0/24", MapPublicIpOnLaunch=True, Tags=Tags(Name=Join( "", [Ref("AWS::StackName"), "-public-subnet-2"]), ), VpcId=Ref(self.vpc), ) self.public_subnet_2_route_table_association = ec2.SubnetRouteTableAssociation( "PublicSubnet2RouteTableAssociation", RouteTableId=Ref(self.public_route_table), SubnetId=Ref(self.public_subnet_2), )
def create_vpc_template(template=None): if not template: template = Template() template.add_description( 'AWS cloud formation script template.at creates a VPC with a NAT Gg' ) template.add_version('2010-09-09') vpc_cidr_block = template.add_parameter( Parameter( 'VPCCIDR', Default=vpc_config['cidr_block'], Description='The IP address space for this VPC, in CIDR notation', Type='String', )) vpc = template.add_resource( ec2.VPC('VPC', CidrBlock=Ref(vpc_cidr_block), Tags=Tags(vpc_config['tags']))) igw = template.add_resource(ec2.InternetGateway('InternetGateway', )) template.add_resource( ec2.VPCGatewayAttachment( "NatAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(igw), )) template.add_output(Output('VPCId', Value=Ref(vpc), Description='VPC Id')) public_security_group = template.add_resource( ec2.SecurityGroup( security_group_config['public']['name'], GroupDescription='{} public security group'.format( vpc_config['name']), SecurityGroupIngress=[ ec2.SecurityGroupRule(IpProtocol='tcp', ToPort=r['port'], FromPort=r['port'], CidrIp=r['cidr_block']) for r in security_group_config['public']['ingress_rules'] ], VpcId=Ref(vpc), Tags=Tags( dict(Name='public {} security group'.format( vpc_config['name']))), )) template.add_output( Output('PublicSecurityGroupId', Value=Ref(public_security_group), Description='Public Security Group Id')) private_security_group = template.add_resource( ec2.SecurityGroup( security_group_config['private']['name'], GroupDescription='{} private security group'.format( vpc_config['name']), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', ToPort=r['port'], FromPort=r['port'], SourceSecurityGroupId=Ref(public_security_group)) for r in security_group_config['private']['ingress_rules'] ], VpcId=Ref(vpc), Tags=Tags( dict(Name='private {} security group'.format( vpc_config['name']))), )) for i, sub_net in enumerate(sub_nets): public_subnet = template.add_parameter( Parameter( 'PublicSubnetCidr{}'.format(i), Type='String', Description='Public Subnet CIDR', Default=sub_net['public_cidr'], )) public_net = template.add_resource( ec2.Subnet( 'PublicSubnet{}'.format(i), AvailabilityZone=sub_net['region'], CidrBlock=Ref(public_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), Tags=Tags(dict(Name='Public Subnet {}'.format(i))), )) public_route_table = template.add_resource( ec2.RouteTable( 'PublicRouteTable{}'.format(i), VpcId=Ref(vpc), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'PublicRouteAssociation{}'.format(i), SubnetId=Ref(public_net), RouteTableId=Ref(public_route_table), )) template.add_resource( ec2.Route( 'PublicDefaultRoute{}'.format(i), RouteTableId=Ref(public_route_table), DestinationCidrBlock='0.0.0.0/0', GatewayId=Ref(igw), )) template.add_output( Output('PublicSubnet{}'.format(i), Value=Ref(public_subnet), Description='Subnet Id')) if private_sub_net: private_subnet = template.add_parameter( Parameter( 'PrivateSubnetCidr{}'.format(i), Type='String', Description='Private Subnet CIDR', Default=sub_net['private_cidr'], )) private_net = template.add_resource( ec2.Subnet( 'PrivateSubnet{}'.format(i), CidrBlock=Ref(private_subnet), MapPublicIpOnLaunch=False, VpcId=Ref(vpc), Tags=Tags(dict(Name='Private Subnet {}'.format(i))), )) private_route_table = template.add_resource( ec2.RouteTable( 'PrivateRouteTable{}'.format(i), VpcId=Ref(vpc), )) template.add_resource( ec2.SubnetRouteTableAssociation( 'PrivateRouteAssociation{}'.format(i), SubnetId=Ref(private_net), RouteTableId=Ref(private_route_table), )) template.add_output( Output('PrivateSubnet{}'.format(i), Value=Ref(private_subnet), Description='Subnet Id')) if nat_gateway and private_sub_net: nat_eip = template.add_resource( ec2.EIP( 'NatEip{}'.format(i), Domain="vpc", )) nat = template.add_resource( ec2.NatGateway( 'Nat{}'.format(i), AllocationId=GetAtt(nat_eip, 'AllocationId'), SubnetId=Ref(public_net), )) template.add_resource( ec2.Route( 'NatRoute{}'.format(i), RouteTableId=Ref(private_route_table), DestinationCidrBlock='0.0.0.0/0', NatGatewayId=Ref(nat), )) template.add_output( Output( 'NatEip{}'.format(i), Value=Ref(nat_eip), Description='Nat Elastic IP', )) write_json_to_file('vpc.json', template)