def ECR_Repositories(key):
PolicyStatementAccounts = []
for n, v in cfg.EcrAccount.items():
mapname = f"EcrAccount{n}Id" # Ex. EcrAccountPrdId
# conditions
add_obj(get_condition(mapname, "not_equals", "none"))
if "Pull" in v["Policy"]:
PolicyStatementAccount = ECRRepositoryPolicyStatementAccountPull(
name=mapname)
PolicyStatementAccounts.append(
If(mapname, PolicyStatementAccount, Ref("AWS::NoValue")))
if "Push" in v["Policy"]:
PolicyStatementAccount = ECRRepositoryPolicyStatementAccountPush(
name=mapname)
PolicyStatementAccounts.append(
If(mapname, PolicyStatementAccount, Ref("AWS::NoValue")))
# Resources
for n, v in getattr(cfg, key).items():
resname = f"{key}{n}"
Repo = ecr.Repository(resname)
auto_get_props(Repo, indexname=n)
Repo.RepositoryPolicyText["Statement"].extend(PolicyStatementAccounts)
add_obj(Repo)
def test_ecr_with_tags(self):
repo = ecr.Repository(
"ECRRepo",
RepositoryName="myrepo",
Tags=Tags(Name='myrepo'),
)
repo.to_dict()
def create_template(self):
"""Create template."""
template = self.template
variables = self.get_variables()
for repo in variables["Repositories"]:
template.add_resource(
ecr.Repository("%sRepository" % repo, RepositoryName=repo,)
)
def create_docker_repository_resource(template, docker_repository_name_variable):
return template.add_resource(
ecr.Repository(
'DockerRepository',
RepositoryName=docker_repository_name_variable,
LifecyclePolicy=ecr.LifecyclePolicy(
LifecyclePolicyText='{"rules":[{"rulePriority":1,"description":"Remove untagged images older than 1 week","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}}]}'
)
)
)
def resources(self, stack: Stack) -> list[AWSObject]:
"""Construct and return a ECR Repository."""
return [
ecr.Repository(
name_to_id(self.name),
ImageScanningConfiguration={"scanOnPush": "true"},
ImageTagMutability="IMMUTABLE",
RepositoryName=self.name,
Tags=Tags({"Name": self.name, **self.tags}),
)
]
def add_resources(self):
"""Add resources to template."""
template = self.template
variables = self.get_variables()
for repo in variables['RepoNames']:
ecrrepo = template.add_resource(
ecr.Repository('{}Repo'.format(sub('-', '', repo)),
RepositoryName=repo))
template.add_output(
Output(ecrrepo.title,
Description='ECR repo ({})'.format(ecrrepo.title),
Value=Ref(ecrrepo)))
def build_repo(self, t):
repo = t.add_resource(ecr.Repository('{}ECRRepo'.format(self.name)))
t.add_output([
Output('{}ECRRepo'.format(self.name), Value=Ref(repo)),
Output('{}ECRRepoUrl'.format(self.name),
Value=Join('', [
Ref("AWS::AccountId"), ".dkr.ecr.",
Ref("AWS::Region"), ".amazonaws.com/",
Ref(repo)
]))
])
return repo
def create_template(self) -> None:
"""Create template."""
for repo in self.variables["Repositories"]:
self.template.add_resource(
ecr.Repository("%sRepository" % repo, RepositoryName=repo))
# Troposphere to create CloudFormation template to build the Clair image # By Jason Umiker ([email protected]) from troposphere import Output, Join, Ref, Template from troposphere import AWS_ACCOUNT_ID, AWS_REGION from troposphere import ecr, s3, iam, codebuild t = Template() t.add_description("Template to set up a CodeBuild for the Clair container") # Create the clair Repository Repository = t.add_resource( ecr.Repository("Repository", RepositoryName="clair")) # Create the S3 Bucket for Output S3Bucket = t.add_resource(s3.Bucket("ClairBuildOutput")) # CodeBuild Service Role ServiceRole = t.add_resource( iam.Role("InstanceRole", AssumeRolePolicyDocument={ "Statement": [{ 'Effect': 'Allow', 'Principal': { 'Service': 'codebuild.amazonaws.com' }, "Action": "sts:AssumeRole" }] }))
Parameter(
'BuildSubnet',
Type='AWS::EC2::Subnet::Id',
Description='A VPC subnet ID for the build.',
))
build_subnet2 = t.add_parameter(
Parameter(
'BuildSubnet2',
Type='AWS::EC2::Subnet::Id',
Description='A 2nd VPC subnet ID for the build.',
))
# Create the ghost Repository
Repository = t.add_resource(
ecr.Repository("Repository", RepositoryName="ghost"))
# Create the S3 Bucket for Output
S3Bucket = t.add_resource(s3.Bucket("GhostClairBuildOutput"))
# Create Security group for the build jobs
build_security_group = ec2.SecurityGroup(
"BuildSecurityGroup",
GroupDescription="Ghost Build Security Group.",
VpcId=Ref(build_vpc))
t.add_resource(build_security_group)
# CodeBuild Service Role
ServiceRole = t.add_resource(
iam.Role("InstanceRole",
AssumeRolePolicyDocument={
# Template to create a CodeBuild Project to build nginx # By Jason Umiker ([email protected]) # comment from troposphere import Output, Join, Ref, Template from troposphere import AWS_ACCOUNT_ID, AWS_REGION from troposphere import ecr, s3, iam, codebuild t = Template() # Create the nginx Repository Repository = t.add_resource( ecr.Repository( "Repository", RepositoryName="nginx" ) ) # Create the S3 Bucket for Output NginxBuildOutputBucket = t.add_resource( s3.Bucket( "NginxBuildOutputBucket" ) ) # CodeBuild Service Role CodeBuildServiceRole = t.add_resource(iam.Role( "CodeBuildServiceRole", AssumeRolePolicyDocument={ "Statement": [ { 'Effect': 'Allow',
"How to convert username to fully qualified name (%[email protected])", Type="String")) idp_duo_apiHost = t.add_parameter( Parameter("duoapiHost", Description="API endpoint location from Duo", Type="String")) idp_duo_integrationKey = t.add_parameter( Parameter("duointegrationKey", Description="Integration Key from Duo", Type="String")) # Create the ECR Repository Repository = t.add_resource( ecr.Repository("Repository", RepositoryName="shibboleth")) #Create the Redirect Repository RedirectRepository = t.add_resource( ecr.Repository("RedirectRepository", RepositoryName="shibboleth-redirect")) # Create the S3 Bucket for the Configuration S3Bucket = t.add_resource(s3.Bucket("ConfigBucket")) # Create instance/task roles # Instance Role InstanceRole = t.add_resource( iam.Role("InstanceRole", AssumeRolePolicyDocument={ "Statement": [{ 'Effect': 'Allow',
'#!/bin/bash\n',
'echo ECS_CLUSTER=',
Ref(ecs_cluster),
' >> /etc/ecs/ecs.config;echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;'
])
)
)
)
)
# Create the Docker repository.
docker_repository = template.add_resource(
ecr.Repository(
'DockerRepository',
RepositoryName=Ref(docker_repository_name),
LifecyclePolicy=ecr.LifecyclePolicy(
LifecyclePolicyText='{"rules":[{"rulePriority":1,"description":"Remove untagged images older than 1 week","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}}]}'
)
)
)
# Create the ECS task definitions.
api_log_group = template.add_resource(
logs.LogGroup(
'ApiLogGroup',
LogGroupName=Ref(api_log_group_name),
RetentionInDays=7
)
)
queue_worker_log_group = template.add_resource(