def addSearchGuard(template, role, subnet, keyname, secgroup, profilename):
profile = InstanceProfile("sgprofile" + profilename,
Path="/",
Roles=[Ref(role)])
template.add_resource(profile)
instance = Instance(
"sg" + profilename,
InstanceType="m4.xlarge",
ImageId=FindInMap("RegionToAmi", Ref("AWS::Region"), "stable"),
DisableApiTermination=False,
IamInstanceProfile=Ref(profile),
KeyName=Ref(keyname),
Monitoring=False,
InstanceInitiatedShutdownBehavior="stop",
UserData=userdata.from_file("src/bootstrap.sh"),
NetworkInterfaces=[
NetworkInterfaceProperty(DeviceIndex=0,
Description="Primary network interface",
SubnetId=Ref(subnet),
DeleteOnTermination=True,
AssociatePublicIpAddress=True,
GroupSet=[Ref(secgroup)])
],
Tags=[
Tag("Name", "Search Guard " + profilename),
Tag("sgnodetag", profilename)
],
EbsOptimized=False,
BlockDeviceMappings=[
BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=EBSBlockDevice(VolumeSize=25))
])
template.add_resource(instance)
return instance
def create_private_subnet(self, zone, ip_network):
"""Create private subnet and associated resources"""
if not 'Public' in self.network['Subnets'][zone]:
raise Exception(("Public subnet in {} does not exist to "
"create private subnet!").format(zone))
elif not 'NatGateway' in self.network['Subnets'][zone]['Public']:
raise Exception(
("No NAT Gateway in public subnet {} to associate "
"default route with in private subnet!").format(zone))
zone_title = self.data['Title'] + TITLE_CLEANUP_RE.subn('', zone)[0]
tag = Tag(Key='Name',
Value='{} {} Private'.format(self.data['Name'], zone))
subnet = Subnet(title=zone_title + 'Private',
template=self.data['Template'],
AvailabilityZone=zone,
CidrBlock=ip_network,
MapPublicIpOnLaunch=False,
Tags=[tag] + self.data['Tags'],
VpcId=Ref(self.network['VPC']))
tag = Tag(Key='Name',
Value='{} {} Private Route Table'.format(
self.data['Name'], zone))
routetable = RouteTable(title=zone_title + 'PrivateRouteTable',
template=self.data['Template'],
VpcId=Ref(self.network['VPC']),
Tags=[tag] + self.data['Tags'])
nat_gateway_id = Ref(
self.network['Subnets'][zone]['Public']['NatGateway'])
route = Route(title=zone_title + 'PrivateDefaultRoute',
template=self.data['Template'],
DestinationCidrBlock='0.0.0.0/0',
NatGatewayId=nat_gateway_id,
RouteTableId=Ref(routetable))
subnetroutetableassociation = SubnetRouteTableAssociation(
title=zone_title + 'PrivateSubnetRouteTableAssociation',
template=self.data['Template'],
RouteTableId=Ref(routetable),
SubnetId=Ref(subnet))
self.network['Subnets'][zone]['Private'] = {}
self.network['Subnets'][zone]['Private']['Subnet'] = subnet
self.network['Subnets'][zone]['Private']['RouteTable'] = routetable
self.network['Subnets'][zone]['Private']['DefaultRoute'] = route
self.network['Subnets'][zone]['Private'][
'SubnetRouteTableAssociation'] = subnetroutetableassociation
# Export Private Subnet ID
self.add_output(
title=self.data['Title'] + zone_title + 'PrivateSubnet',
description="Private Subnet ID of {} in {}".format(
self.data['Name'], zone),
value=Ref(subnet),
export=Sub('${{AWS::StackName}}{}PrivateSubnet'.format(zone)))
# Export Private Route Table ID
self.add_output(
title=self.data['Title'] + zone_title + 'PrivateRouteTable',
description="Private Route Table ID of {} in {}".format(
self.data['Name'], zone),
value=Ref(routetable),
export=Sub('${{AWS::StackName}}{}PrivateRouteTable'.format(zone)))
def __init__(self,
name,
network,
region,
tags=None,
aws_access_key=None,
aws_secret_key=None,
aws_profile='default'):
"""Constructor"""
self.data = {}
self.data['Name'] = name
self.data['Title'] = TITLE_CLEANUP_RE.subn('', name)[0]
self.data['IPv4Network'] = ipaddress.IPv4Network(network)
self.data['AWS Region'] = region
self.data['Tags'] = []
if tags is not None:
if isinstance(tags, dict):
for key, value in tags.items():
self.data['Tags'].append(Tag(Key=key, Value=value))
elif isinstance(tags, list):
self.data['Tags'] = tags
self.data['AWS Credentials'] = {}
self.data['AWS Credentials']['Access'] = aws_access_key
self.data['AWS Credentials']['Secret'] = aws_secret_key
self.data['Session'] = None
self.data['Availability Zones'] = []
self.data['Subnet Prefixlen'] = 0
self.data['Template'] = Template()
self.network = {}
self.network['VPC'] = troposphere.ec2.VPC(
title=self.data['Title'] + TITLE_CLEANUP_RE.subn('', region)[0] +
'VPC',
template=self.data['Template'],
CidrBlock=str(self.data['IPv4Network']),
EnableDnsSupport=True,
EnableDnsHostnames=True,
InstanceTenancy='default',
Tags=[Tag(Key='Name', Value=name)] + self.data['Tags'])
self.data['Outputs'] = {}
self.add_output(title=self.data['Title'] +
TITLE_CLEANUP_RE.subn('', region)[0] + 'VPCID',
description="VPC ID of {} in {}".format(name, region),
value=Ref(self.network['VPC'].title),
export=Sub(
'${{AWS::StackName}}-{}-VPCID'.format(region)))
if aws_profile is not None:
self.data['Session'] = boto3.Session(profile_name=aws_profile,
region_name=region)
creds = self.data['Session'].get_credentials()
self.data['AWS Credentials']['Access'] = creds.access_key
self.data['AWS Credentials']['Secret'] = creds.secret_key
elif not None in (aws_access_key, aws_secret_key):
self.data['Session'] = boto3.Session(
aws_access_key_id=aws_access_key,
aws_secret_access_key=aws_secret_key,
region_name=region)
def __init__(self, sceptre_user_data):
self.template = Template()
self.sceptre_user_data = sceptre_user_data
self.template.add_description(self.sceptre_user_data['application']+': Instance')
self.DEFAULT_TAGS = [
Tag('Application', self.sceptre_user_data['application']),
Tag('Owner Name', self.sceptre_user_data['owner_name']),
Tag('Owner Email', self.sceptre_user_data['owner_email'])
]
self.add_instance()
self.add_outputs()
def add_elb(self):
t = self.template
self.elbSg = t.add_resource(
SecurityGroup(
'ElbSecurityGroup',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for ELB.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='80',
FromPort='80',
IpProtocol='tcp',
CidrIp="0.0.0.0/0")
#TODO HTTPS
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'ElbSecurityGroup']))
]))
self.elbListener = Listener('ElbListener',
LoadBalancerPort="80",
InstancePort="80",
Protocol="HTTP",
InstanceProtocol="HTTP")
self.elbHealthCheck = HealthCheck(Target="TCP:80",
Timeout="2",
Interval="5",
HealthyThreshold="2",
UnhealthyThreshold="2")
publicSubnetIds = [
self.sceptreUserData['subnets']['publicInfraAZ1Id'],
self.sceptreUserData['subnets']['publicInfraAZ2Id'],
self.sceptreUserData['subnets']['publicInfraAZ3Id']
]
self.elb = t.add_resource(
LoadBalancer('Elb',
Listeners=[self.elbListener],
Scheme='internet-facing',
HealthCheck=self.elbHealthCheck,
CrossZone=True,
Subnets=publicSubnetIds,
SecurityGroups=[Ref(self.elbSg)],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'Elb']))]))
return 0
def add_vpnInstance(self):
t = self.template
self.vpnInstance = t.add_resource(
Instance(
"OpenVPNInstance",
ImageId=Ref(self.amiParam),
SecurityGroupIds=[Ref(self.openVPNSecurityGroup)],
SubnetId=Ref(self.vpnSubnetParam),
KeyName=Ref(self.keyPairParam),
InstanceType=Ref(self.instanceTypeParam),
BlockDeviceMappings=[
BlockDeviceMapping(
DeviceName="/dev/sda1",
Ebs=EBSBlockDevice(
VolumeSize=Ref(self.volumeSizeParam)))
],
UserData=Base64(
Join("", [
"admin_user="******"\n", "admin_pw=", self.sceptreUserData['vpnAdminPw'],
"\n", "reroute_gw=1\n", "reroute_dns=1\n"
])),
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'OpenVPNInstance']))]))
def add_rds(self):
t = self.template
dbSubnetIds = [
self.sceptreUserData['subnets']['privateDataAZ1Id'],
self.sceptreUserData['subnets']['privateDataAZ2Id'],
self.sceptreUserData['subnets']['privateDataAZ3Id']
]
self.rdsSubnetGroup = t.add_resource(
DBSubnetGroup(
'DbSubnetGroup',
DBSubnetGroupDescription='Subnet group for RDS.',
SubnetIds=dbSubnetIds,
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'DbSubnetGroup']))]))
self.rds = t.add_resource(
DBInstance('RdsInstance',
AllocatedStorage=Ref(self.dbStorageParam),
DBInstanceClass='db.t2.micro',
DBName=Ref(self.dbNameParam),
DBSubnetGroupName=Ref(self.rdsSubnetGroup),
VPCSecurityGroups=[Ref(self.rdsSg)],
Engine='MySQL',
EngineVersion='5.5.46',
MasterUsername=Ref(self.dbUserParam),
MasterUserPassword=Ref(self.dbPasswordParam),
MultiAZ=Ref(self.dbMultiAzParam)))
return 0
def add_instance(self):
t = self.template
self.openvpn_instance = t.add_resource(Instance(
'OpenVpnInstance',
ImageId=self.sceptre_user_data['ami_map'][self.sceptre_user_data['region']],
InstanceType=self.sceptre_user_data['instance_type'],
KeyName=self.sceptre_user_data['key_pair'],
NetworkInterfaces=[
NetworkInterfaceProperty(
AssociatePublicIpAddress=True,
DeviceIndex=0,
GroupSet=[self.sceptre_user_data['openvpn_sg']],
SubnetId=self.sceptre_user_data['subnets']['public_1']
)
],
UserData=Base64(Join("",
[
"admin_user="******"\n",
"admin_pw=",self.sceptre_user_data['vpn_admin_pw'],"\n",
"reroute_gw=1\n",
"reroute_dns=1\n"
]
)),
Tags=self.DEFAULT_TAGS + [Tag('Name', self.sceptre_user_data['application']+'-Instance')]
))
return 0
def add_vpnSecurityGroup(self):
t = self.template
self.openVPNSecurityGroup = t.add_resource(
SecurityGroup(
"OpenVPNSecurityGroup",
VpcId=Ref(self.vpcIdParam),
SecurityGroupIngress=[{
"ToPort": "443",
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "443"
}, {
"ToPort": "943",
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "943"
}, {
"ToPort": "1194",
"IpProtocol": "udp",
"CidrIp": "0.0.0.0/0",
"FromPort": "1194"
}, {
"ToPort": "22",
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "22"
}],
GroupDescription="Controls access to the OpenVPN server",
Tags=self.defaultTags + [
Tag('Name',
Join("", [self.namePrefix, 'OpenVPNSecurityGroup']))
]))
def create_prediction_service_db(self, subnet_group):
t = self.template
t.add_resource(
DBInstance("Euro2016DB",
DBName=Ref("DBName"),
AllocatedStorage=Ref("DBSize"),
DBInstanceClass=Ref("DBInstanceClass"),
Engine="MySQL",
EngineVersion="5.7",
MasterUsername=Ref("DBUser"),
MasterUserPassword=Ref("DBPassword"),
DBSubnetGroupName=Ref(subnet_group),
VPCSecurityGroups=Ref("DBSecurityGroups"),
MultiAZ=True,
StorageType="gp2",
Tags=[Tag("Name", "euro2016-prediction-db")]))
t.add_output(
Output("DBAddress",
Description="Database address",
Value=GetAtt("Euro2016DB", "Endpoint.Address")))
t.add_output(
Output("DBPort",
Description="Database port",
Value=GetAtt("Euro2016DB", "Endpoint.Port")))
def create_prediction_service_elb(self):
t = self.template
prediction_service_elastic_load_balancer = t.add_resource(
LoadBalancer("Euro2016ElasticLoadBalancer",
LoadBalancerName=Ref("ELBName"),
Subnets=Ref("ELBSubnetIds"),
Listeners=[{
"InstancePort": "8000",
"LoadBalancerPort": "80",
"Protocol": "HTTP"
}, {
"InstancePort": "8000",
"LoadBalancerPort": "443",
"Protocol": "HTTPS",
"SSLCertificateId": Ref("SSLCertificateId")
}],
SecurityGroups=Ref("ELBSecurityGroups"),
HealthCheck=HealthCheck(
HealthyThreshold="3",
Interval="30",
Target="HTTP:8000/status",
Timeout="5",
UnhealthyThreshold="5",
),
CrossZone=True,
Tags=[Tag("Name",
"euro2016-prediction-service-elb")]))
return prediction_service_elastic_load_balancer
def create_internet_gateway(self):
"""Create an internet gateway if it does not exist already"""
if 'InternetGateway' not in self.network:
tag = Tag(Key='Name',
Value='{} Internet Gateway'.format(self.data['Name']))
self.network['InternetGateway'] = InternetGateway(
title='{}InternetGateway'.format(self.data['Title']),
template=self.data['Template'],
Tags=[tag] + self.data['Tags'])
tag = Tag(Key='Name',
Value='{} VPC Gateway Attachment'.format(
self.data['Name']))
self.network['VPCGatewayAttachment'] = VPCGatewayAttachment(
title='{}VPCGatewayAttachment'.format(self.data['Title']),
template=self.data['Template'],
VpcId=Ref(self.network['VPC']),
InternetGatewayId=Ref(self.network['InternetGateway']))
def build_subnet(self, t, name, az, cidr):
subnet = t.add_resource(
Subnet(name.replace('-', ''),
VpcId=Ref(self.vpc),
AvailabilityZone=az,
CidrBlock=cidr,
Tags=self.DEFAULT_TAGS + [Tag('Name', name)]))
return subnet
def __init__(self, sceptre_user_data):
self.template = Template()
self.sceptre_user_data = sceptre_user_data
self.template.add_description(self.sceptre_user_data['application'] +
': ' +
self.sceptre_user_data['sg_name'] +
" Security Group")
self.DEFAULT_TAGS = [
Tag('Application', self.sceptre_user_data['application']),
Tag('Owner Name', self.sceptre_user_data['owner_name']),
Tag('Owner Email', self.sceptre_user_data['owner_email'])
]
self.add_security_group()
self.add_outputs()
def add_vpc(self):
t = self.template
self.vpc = t.add_resource(
VPC('vpc',
CidrBlock=self.sceptre_user_data['vpc_cidr'],
EnableDnsSupport='true',
EnableDnsHostnames='true',
Tags=self.DEFAULT_TAGS +
[Tag('Name', self.sceptre_user_data['application'] + '-VPC')]))
return 0
def add_route_tables(self):
t = self.template
for subnet_dict in self.sceptre_user_data['subnets']:
table_name = self.sceptre_user_data[
'application'] + '-' + subnet_dict['tier'] + '-route-table'
route_table = t.add_resource(
RouteTable(table_name.replace('-', ''),
VpcId=Ref(self.vpc),
Tags=self.DEFAULT_TAGS + [Tag('Name', table_name)]))
self.route_table_ids[subnet_dict['tier']] = Ref(route_table)
return 0
def __init__(self, sceptre_user_data):
self.template = Template()
self.sceptre_user_data = sceptre_user_data
self.template.add_description(self.sceptre_user_data['application'] +
': VPC, IGW, Subnet, Route Table')
self.DEFAULT_TAGS = [
Tag('Application', self.sceptre_user_data['application']),
Tag('Owner Name', self.sceptre_user_data['owner_name']),
Tag('Owner Email', self.sceptre_user_data['owner_email'])
]
self.subnet_ids = {}
self.route_table_ids = {}
self.add_vpc()
self.add_igw()
self.add_subnets()
self.add_route_tables()
self.add_routes()
self.associate_route_table_ids()
self.add_outputs()
def add_igw(self):
t = self.template
self.igw = t.add_resource(
InternetGateway(
'internetGateway',
Tags=self.DEFAULT_TAGS +
[Tag('Name', self.sceptre_user_data['application'] + '-IGW')]))
self.igw_attachment = t.add_resource(
VPCGatewayAttachment('internetGatewayAttachment',
VpcId=Ref(self.vpc),
InternetGatewayId=Ref(self.igw)))
return 0
def add_security_groups(self):
t = self.template
self.asgSg = t.add_resource(
SecurityGroup(
'AsgSg',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for ASG.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='80',
FromPort='80',
IpProtocol='tcp',
SourceSecurityGroupId=Ref(self.elbSg)),
SecurityGroupRule(ToPort='22',
FromPort='22',
IpProtocol='tcp',
SourceSecurityGroupId=Ref(
self.vpnSgIdParam))
#TODO HTTPS
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'AsgSg']))]))
self.rdsSg = t.add_resource(
SecurityGroup('RdsSg',
VpcId=Ref(self.vpcIdParam),
GroupDescription='Security group for RDS.',
SecurityGroupIngress=[
SecurityGroupRule(ToPort='3306',
FromPort='3306',
IpProtocol='tcp',
SourceSecurityGroupId=Ref(
self.asgSg))
],
Tags=self.defaultTags +
[Tag('Name', Join("", [self.namePrefix, 'RdsSg']))]))
return 0
def add_security_group(self):
t = self.template
self.security_group = t.add_resource(
SecurityGroup(
self.sceptre_user_data['sg_name'] + 'SecurityGroup',
VpcId=self.sceptre_user_data['vpc_id'],
GroupDescription='Security Group.',
SecurityGroupIngress=self.create_rules(
self.sceptre_user_data['rules']),
Tags=self.DEFAULT_TAGS + [
Tag(
'Name', self.sceptre_user_data['application'] +
self.sceptre_user_data['sg_name'] + 'SG')
]))
return 0
def __init__(self, sceptre_user_data):
self.template = Template()
self.template.add_description("OpenVPN server Stack")
self.sceptreUserData = sceptre_user_data
self.environment = self.sceptreUserData['environment']
self.add_parameters()
self.defaultTags = [Tag('Contact', Ref(self.ownerEmailParam))]
self.namePrefix = Join(
"",
[Ref(self.ownerNameParam), self.sceptreUserData['environment']])
self.add_vpnSecurityGroup()
self.add_vpnInstance()
self.add_eip()
self.add_outputs()
def __init__(self, sceptre_user_data):
self.template = Template()
self.template.add_description("VPC Stack")
self.sceptreUserData = sceptre_user_data
self.environment = self.sceptreUserData['environment']
self.add_parameters()
self.defaultTags = [Tag('Contact', Ref(self.ownerEmailParam))]
self.namePrefix = Join(
"",
[Ref(self.ownerNameParam), self.sceptreUserData['environment']])
self.add_elb()
self.add_security_groups()
self.add_rds()
self.add_autoscaling_group()
self.add_outputs()
def add_resources(self):
jmeter_install_version = self.variables["jmeter_install_version"]
jmeter_heap_initial_size = self.variables["jmeter_heap_initial_size"]
jmeter_heap_max_size = self.variables["jmeter_heap_max_size"]
jmeter_max_meta_space_size = self.variables[
"jmeter_max_meta_space_size"]
jmeter_max_open_file = self.variables["jmeter_max_open_file"]
instance_count = self.variables["jmeter_servers_count"]
for i in range(0, instance_count):
user_data = f"""#!/bin/sh
yum install -y git wget java-1.8.0-openjdk java-1.8.0-openjdk-devel
mkdir /home/ec2-user/jmeter && cd /home/ec2-user/jmeter
wget -O ./jmeter.tar.gz \\
https://archive.apache.org/dist/jmeter/binaries/apache-jmeter-{jmeter_install_version}.tgz
tar xvfz jmeter.tar.gz --strip=1 && rm -f jmeter.tar.gz
chown ec2-user:ec2-user -R .
echo >> ./bin/user.properties
echo server.rmi.ssl.disable=true >> ./bin/user.properties
ulimit -n {jmeter_max_open_file}
export HEAP=\\
"-Xms{jmeter_heap_initial_size} \\
-Xmx{jmeter_heap_max_size} \\
-XX:MaxMetaspaceSize={jmeter_max_meta_space_size}"
nohup ./bin/jmeter-server \\
-Jserver_number={i+1} \\
-Jserver_count={instance_count} &
"""
self.template.add_resource(
Instance(
f"JMeterServer{i+1}",
ImageId=Ref(self.jmeter_ami_id),
InstanceType=Ref(self.jmeter_server_instance_type),
KeyName=Ref(self.jmeter_key_pair),
SecurityGroupIds=[Ref(self.jmeter_security_group)],
SubnetId=Ref(self.jmeter_subnet),
Tags=[Tag(key="Name", value=f"jmeter-server-{i+1}")],
UserData=Base64(user_data),
))
def add_resources(self):
self.tag = Tag(key="Name", value="jmeter-client")
jmeter_install_version = self.variables["jmeter_install_version"]
user_data = f"""#!/bin/sh
yum install -y git wget java-1.8.0-openjdk java-1.8.0-openjdk-devel
mkdir /home/ec2-user/jmeter && cd /home/ec2-user/jmeter
wget -O ./jmeter.tar.gz \\
https://archive.apache.org/dist/jmeter/binaries/apache-jmeter-{jmeter_install_version}.tgz
tar xvfz jmeter.tar.gz --strip=1 && rm -f jmeter.tar.gz
chown ec2-user:ec2-user -R .
"""
self.instance = self.template.add_resource(
Instance(
"JMeterClient",
ImageId=Ref(self.jmeter_ami_id),
InstanceType=Ref(self.jmeter_client_instance_type),
KeyName=Ref(self.jmeter_key_pair),
SecurityGroupIds=[Ref(self.jmeter_security_group)],
SubnetId=Ref(self.jmeter_subnet),
Tags=[self.tag],
UserData=Base64(user_data),
))
def create_public_subnet(self, zone, ip_network):
"""Create the public subnet and associated resources"""
self.create_internet_gateway()
zone_title = self.data['Title'] + TITLE_CLEANUP_RE.subn('', zone)[0]
tag = Tag(Key='Name',
Value='{} {} Public'.format(self.data['Name'], zone))
subnet = Subnet(title=zone_title + 'Public',
template=self.data['Template'],
AvailabilityZone=zone,
CidrBlock=ip_network,
MapPublicIpOnLaunch=True,
Tags=[tag] + self.data['Tags'],
VpcId=Ref(self.network['VPC']))
eip = EIP(title=zone_title + 'NatEIP',
template=self.data['Template'],
Domain='vpc',
DependsOn=self.network['VPCGatewayAttachment'].title)
tag = Tag(Key='Name',
Value='{} {} NAT Gateway'.format(self.data['Name'], zone))
natgateway = NatGateway(title=zone_title + 'NATGateway',
template=self.data['Template'],
AllocationId=GetAtt(zone_title + 'NatEIP',
'AllocationId'),
SubnetId=Ref(subnet),
DependsOn=eip.title,
Tags=[tag] + self.data['Tags'])
tag = Tag(Key='Name',
Value='{} {} Public Route Table'.format(
self.data['Name'], zone))
routetable = RouteTable(title=zone_title + 'PublicRouteTable',
template=self.data['Template'],
VpcId=Ref(self.network['VPC']),
Tags=[tag] + self.data['Tags'])
route = Route(title=zone_title + 'PublicDefaultRoute',
template=self.data['Template'],
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(self.network['InternetGateway']),
RouteTableId=Ref(routetable))
subnetroutetableassociation = SubnetRouteTableAssociation(
title=zone_title + 'PublicSubnetRouteTableAssociation',
template=self.data['Template'],
RouteTableId=Ref(routetable),
SubnetId=Ref(subnet))
self.network['Subnets'][zone]['Public'] = {}
self.network['Subnets'][zone]['Public']['Subnet'] = subnet
self.network['Subnets'][zone]['Public']['EIP'] = eip
self.network['Subnets'][zone]['Public']['NatGateway'] = natgateway
self.network['Subnets'][zone]['Public']['RouteTable'] = routetable
self.network['Subnets'][zone]['Public']['DefaultRoute'] = route
self.network['Subnets'][zone]['Public'][
'SubnetRouteTableAssociation'] = subnetroutetableassociation
# Export Public Subnet ID
self.add_output(
title=self.data['Title'] + zone_title + 'PublicSubnet',
description="Public Subnet ID of {} in {}".format(
self.data['Name'], zone),
value=Ref(subnet),
export=Sub('${{AWS::StackName}}-{}-PublicSubnet'.format(zone)))
# Export Public Route Table ID
self.add_output(
title=self.data['Title'] + zone_title + 'PublicRouteTable',
description="Public Route Table ID of {} in {}".format(
self.data['Name'], zone),
value=Ref(routetable),
export=Sub('${{AWS::StackName}}-{}-PublicRouteTable'.format(zone)))
docker_service = InitService(enabled=True,
ensureRunning=True,
files=['/etc/docker/daemon.json'])
netkan_instance = Instance(
'NetKANCompute',
# ECS Optimised us-west-2
ImageId='ami-064803387adcb64b3',
InstanceType='t3.small',
IamInstanceProfile=Ref(netkan_profile),
KeyName='techman83_alucard',
SecurityGroups=['ckan-bot'],
UserData=Base64(netkan_userdata),
# t3 instances are unlimited by default
CreditSpecification=CreditSpecification(CPUCredits='standard'),
Tags=[
Tag(Key='Name', Value='NetKAN Indexer'),
Tag(Key='Service', Value='Indexer'),
],
Metadata=Metadata(
Init({
'config':
InitConfig(
files=InitFiles({
'/etc/cfn/cfn-hup.conf': cfn_hup,
'/etc/cfn/hooks.d/cfn-auto-reloader.conf': reloader,
'/etc/docker/daemon.json': docker,
})),
'services': {
'sysvinit': {
'cfn': cfn_service,
'docker': docker_service,
def subnet(template, vpc):
subnet = Subnet("sgdemosubnet", VpcId = Ref(vpc), CidrBlock = "10.0.0.0/24", Tags = [Tag("Name", "Search Guard Demo Subnet")])
template.add_resource(subnet)
return subnet
def vpc(template):
vpc = VPC("sgdemovpc", CidrBlock = "10.0.0.0/16", InstanceTenancy = "default", EnableDnsSupport = True, EnableDnsHostnames = True, Tags = [Tag("Name", "Search Guard Demo VPC")])
template.add_resource(vpc)
return vpc
amazon_ec2_spot_fleet_role = Role(
title="AmazonEC2SpotFleetRole",
Policies=[],
ManagedPolicyArns=[
"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole",
],
AssumeRolePolicyDocument={
"Statement": [{
"Action": ["sts:AssumeRole"],
"Effect": "Allow",
"Principal": {
"Service": ["spot.amazonaws.com", "spotfleet.amazonaws.com"]
}
}]
},
Tags=[Tag("service", Ref(aws_service_tag))],
)
# ------------------------------------------------------------------------------
# S3 Bucket
# ------------------------------------------------------------------------------
# N/A
# ------------------------------------------------------------------------------
# Batch
# ------------------------------------------------------------------------------
spot_fleet_batch_compute_environment = ComputeEnvironment(
title="ComputeEnvironment",
Type="MANAGED",
ComputeEnvironmentName=Ref(cloud_resource_name_parameter),
ComputeResources=ComputeResources(
def add_spot_fleet(self, spot_fleet):
""" Add spot fleet to stack """
self.open_userdata()
launch_specs = []
default_security_groups = [
SecurityGroups(GroupId=Ref('IncomingSg')),
SecurityGroups(GroupId=ImportValue('{}-cluster:DBBadgeSg'.format(self.cluster.get('name')))),
]
for group in self.cluster.get('security_groups', []):
default_security_groups.append(
SecurityGroups(GroupId=group)
)
for bid in spot_fleet['bids']:
launch_specs.append(
LaunchSpecifications(
BlockDeviceMappings=self.block_devices,
IamInstanceProfile=IamInstanceProfile(Arn=self.instance_role),
ImageId=self.ami,
InstanceType=bid.get('instance_type'),
KeyName=self.keypair,
SecurityGroups=default_security_groups,
SubnetId=Join(",", self.cluster.get('subnets')),
SpotPrice=str(bid.get('price')),
UserData=Base64(Sub(self.open_userdata())),
Monitoring=Monitoring(Enabled=True),
WeightedCapacity=bid.get('weight', 1),
TagSpecifications=[SpotFleetTagSpecification(
ResourceType='instance',
Tags=[
Tag("cluster", self.cluster.get('name')),
Tag("Name", self.cluster.get('name'))
]
)]
)
)
spot_fleet_role = Role(
"SpotFleetRole",
AssumeRolePolicyDocument={
"Statement": [{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {"Service": "spotfleet.amazonaws.com"},
}]
},
Policies=[
Policy(
PolicyName="ec2-spot-fleet",
PolicyDocument={
"Statement": [{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:CancelSpotFleetRequests",
"ec2:CancelSpotInstanceRequests",
"ec2:ModifySpotFleetRequest",
"ec2:RequestSpotFleet",
"ec2:RequestSpotInstances",
"ec2:TerminateInstances",
"ec2:CreateTags",
"iam:PassRole",
"iam:ListRoles",
"iam:ListInstanceProfiles"
],
"Resource": "*"
}]
}
)
]
)
self.template.add_resource(spot_fleet_role)
spot_resource = SpotFleet(
"SpotFleet{}".format(sanitize_cfn_resource_name(spot_fleet.get('name'))),
SpotFleetRequestConfigData=SpotFleetRequestConfigData(
AllocationStrategy="diversified",
IamFleetRole=GetAtt("SpotFleetRole", "Arn"),
LaunchSpecifications=launch_specs,
TargetCapacity=spot_fleet.get('desired_weight')
)
)
self.template.add_resource(spot_resource)
if self.instance_base.get('autoscaling'):
add_scaling(spot_fleet, self.template, self.cluster.get('name'))