def test_getcidr_withsizemask(self): raw = Cidr("10.1.10.1/24", 2, 10) actual = raw.to_dict() expected = {"Fn::Cidr": ["10.1.10.1/24", 2, 10]} self.assertEqual(expected, actual)
def ssm_network(): template = Template() default_route = "0.0.0.0/0" vpc_cidr = "192.168.0.0/16" template.add_parameter(Parameter( "VpcCidr", Type="String", Description="Cidr block for VPC", MinLength="9", MaxLength="18", Default=vpc_cidr, AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", ConstraintDescription="Must match following pattern 'xxx.xxx.xxx.xxx/xx'" )) template.add_parameter(Parameter( "CreateEndpoints", Type="String", Description="Create VPC Endpoints", Default="No", AllowedValues=["Yes", "No"], ConstraintDescription="'Yes' or 'No' are only options" )) template.add_parameter(Parameter( "CreateNatGateway", Type="String", Description="Create NAT Gateway", Default="No", AllowedValues=["Yes", "No"], ConstraintDescription="'Yes' or 'No' are only options" )) conditions = { "CreateVpcEndpointsUpperYes": Equals( Ref("CreateEndpoints"), "Yes" ), "CreateVpcEndpointsLowerYes": Equals( Ref("CreateEndpoints"), "yes" ), "CreateVpcEndpoints": Or( Condition("CreateVpcEndpointsUpperYes"), Condition("CreateVpcEndpointsLowerYes") ), "CreateNatGatewayUpperYes": Equals( Ref("CreateNatGateway"), "Yes" ), "CreateNatGatewayLowerYes": Equals( Ref("CreateNatGateway"), "yes" ), "CreateNatGateway": Or( Condition("CreateNatGatewayUpperYes"), Condition("CreateNatGatewayLowerYes") ) } ssm_vpc = ec2.VPC( 'SsmVpc', CidrBlock=Ref("VpcCidr"), InstanceTenancy="default", EnableDnsHostnames=True, EnableDnsSupport=True, Tags=Tags( Name="SSM VPC" ) ) subnet_blocks = Cidr(GetAtt(ssm_vpc, "CidrBlock"), 256, 8) ssm_ig = ec2.InternetGateway( 'SsmIG', ) ssm_attach_gw = ec2.VPCGatewayAttachment( 'SsmAttachGateway', InternetGatewayId=Ref(ssm_ig), VpcId=Ref(ssm_vpc) ) ssm_public_subnet = ec2.Subnet( 'SsmPublicSubnet', DependsOn=ssm_attach_gw, AvailabilityZone=Select(0, GetAZs('')), CidrBlock=Select(0, subnet_blocks), VpcId=Ref(ssm_vpc), Tags=Tags( Name="Public Subnet" ) ) ssm_public_route_table = ec2.RouteTable( 'SsmPublicRouteTable', VpcId=Ref(ssm_vpc), ) ssm_public_route = ec2.Route( 'SsmPublicRoute', DestinationCidrBlock=default_route, GatewayId=Ref(ssm_ig), RouteTableId=Ref(ssm_public_route_table) ) ssm_public_subnet_route_table_association = ec2.SubnetRouteTableAssociation( 'SsmPublicSubnetRouteTableAssociation', RouteTableId=Ref(ssm_public_route_table), SubnetId=Ref(ssm_public_subnet) ) ssm_eip_nat_gateway = ec2.EIP( 'SsmEipNatGateway', Condition="CreateNatGateway" ) ssm_nat_gateway = ec2.NatGateway( 'SsmNatGateway', Condition="CreateNatGateway", DependsOn=ssm_eip_nat_gateway, SubnetId=Ref(ssm_public_subnet), AllocationId=GetAtt(ssm_eip_nat_gateway, "AllocationId"), ) ssm_private_subnet = ec2.Subnet( 'SsmPrivateSubnet', DependsOn=ssm_attach_gw, AvailabilityZone=Select(0, GetAZs('')), CidrBlock=Select(1, subnet_blocks), VpcId=Ref(ssm_vpc), Tags=Tags( Name="Private Subnet" ) ) ssm_private_route_table = ec2.RouteTable( 'SsmPrivateRouteTable', VpcId=Ref(ssm_vpc), ) ssm_private_route = ec2.Route( 'SsmPrivateRoute', Condition="CreateNatGateway", DestinationCidrBlock=default_route, NatGatewayId=Ref(ssm_nat_gateway), RouteTableId=Ref(ssm_private_route_table) ) ssm_private_subnet_route_table_association = ec2.SubnetRouteTableAssociation( 'SsmPrivateSubnetRouteTableAssociation', RouteTableId=Ref(ssm_private_route_table), SubnetId=Ref(ssm_private_subnet) ) ssm_sg_ingress_rules = [ ec2.SecurityGroupRule( ToPort=443, FromPort=443, IpProtocol="tcp", CidrIp=GetAtt(ssm_vpc, "CidrBlock") ) ] ssm_security_group = ec2.SecurityGroup( 'SsmSecurityGroup', GroupName="SsmSG", GroupDescription="SG for SSM usage", VpcId=Ref(ssm_vpc), SecurityGroupIngress=ssm_sg_ingress_rules ) ssm_s3e_vpc_endpoint = ec2.VPCEndpoint( 'SsmS3VpcEndpoint', Condition="CreateVpcEndpoints", RouteTableIds=[ Ref(ssm_private_route_table) ], ServiceName=vpc_endpoint("s3"), VpcId=Ref(ssm_vpc), VpcEndpointType="Gateway" ) ssm_ssm_vpc_endpoint = ec2.VPCEndpoint( 'SsmSsmVpcEndpoint', Condition="CreateVpcEndpoints", SubnetIds=[Ref(ssm_private_subnet)], ServiceName=vpc_endpoint("ssm"), VpcId=Ref(ssm_vpc), VpcEndpointType="Interface", SecurityGroupIds=[ Ref(ssm_security_group) ], PrivateDnsEnabled=True ) ssm_ssmmessages_vpc_endpoint = ec2.VPCEndpoint( 'SsmSsmMessagesVpcEndpoint', Condition="CreateVpcEndpoints", SubnetIds=[Ref(ssm_private_subnet)], ServiceName=vpc_endpoint("ssmmessages"), VpcId=Ref(ssm_vpc), VpcEndpointType="Interface", SecurityGroupIds=[ Ref(ssm_security_group) ], PrivateDnsEnabled=True ) ssm_ec2messages_vpc_endpoint = ec2.VPCEndpoint( 'SsmEc2MessagesVpcEndpoint', Condition="CreateVpcEndpoints", SubnetIds=[Ref(ssm_private_subnet)], ServiceName=vpc_endpoint("ec2messages"), VpcId=Ref(ssm_vpc), VpcEndpointType="Interface", SecurityGroupIds=[ Ref(ssm_security_group) ], PrivateDnsEnabled=True ) template.add_resource(ssm_vpc) template.add_resource(ssm_ig) template.add_resource(ssm_attach_gw) template.add_resource(ssm_eip_nat_gateway) template.add_resource(ssm_public_subnet) template.add_resource(ssm_public_route_table) template.add_resource(ssm_nat_gateway) template.add_resource(ssm_public_route) template.add_resource(ssm_public_subnet_route_table_association) template.add_resource(ssm_private_subnet) template.add_resource(ssm_private_route_table) template.add_resource(ssm_private_route) template.add_resource(ssm_private_subnet_route_table_association) template.add_resource(ssm_security_group) template.add_resource(ssm_s3e_vpc_endpoint) template.add_resource(ssm_ec2messages_vpc_endpoint) template.add_resource(ssm_ssm_vpc_endpoint) template.add_resource(ssm_ssmmessages_vpc_endpoint) for k in conditions: template.add_condition(k, conditions[k]) template.add_output(Output( 'SsmVpc', Description="VPC for SSM", Value=Ref(ssm_vpc), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-vpc"])) )) template.add_output(Output( 'SsmSg', Description="Security Group for SSM", Value=Ref(ssm_security_group), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-sg"])) )) template.add_output(Output( 'SsmPrivateSubnet', Description="Private Subnet for SSM", Value=Ref(ssm_private_subnet), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-private-subnet"])) )) template.add_output(Output( 'SsmPrivateRouteTable', Description="Private RouteTable for SSM", Value=Ref(ssm_private_route_table), Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-private-route-table"])) )) with open(os.path.dirname(os.path.realpath(__file__)) + '/ssm_network.yml', 'w') as cf_file: cf_file.write(template.to_yaml()) return template.to_yaml()
def test_getcidr(self): raw = Cidr("10.1.10.1/24", 2) actual = raw.to_dict() expected = {"Fn::Cidr": ["10.1.10.1/24", 2]} self.assertEqual(expected, actual)
def test_getcidr_withsizemask(self): raw = Cidr("10.1.10.1/24", 2, 10) actual = raw.to_dict() expected = {'Fn::Cidr': ["10.1.10.1/24", 2, 10]} self.assertEqual(expected, actual)
def test_getcidr(self): raw = Cidr("10.1.10.1/24", 2) actual = raw.to_dict() expected = {'Fn::Cidr': ["10.1.10.1/24", 2]} self.assertEqual(expected, actual)
def create_template(): template = Template(Description="Simple public VPC") availability_zones = template.add_parameter( Parameter( "AvailabilityZones", Type="String", )) vpc = template.add_resource( VPC( "Vpc", CidrBlock="10.10.0.0/16", EnableDnsHostnames=False, EnableDnsSupport=True, Tags=Tags(Name=StackName), )) dhcp_options = template.add_resource( DHCPOptions( "DhcpOptions", NtpServers=["169.254.169.123"], DomainNameServers=["AmazonProvidedDNS"], Tags=Tags(Name=StackName), )) template.add_resource( VPCDHCPOptionsAssociation( "VpcDhcpOptionsAssociation", VpcId=Ref(vpc), DhcpOptionsId=Ref(dhcp_options), )) internet_gateway = template.add_resource( InternetGateway( "InternetGateway", Tags=Tags(Name=StackName), )) vpc_gateway_attachment = template.add_resource( VPCGatewayAttachment( "VpcGatewayAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(internet_gateway), )) subnet = template.add_resource( Subnet( "Subnet0", MapPublicIpOnLaunch=True, VpcId=Ref(vpc), CidrBlock=Select(0, Cidr(GetAtt(vpc, "CidrBlock"), 8, 8)), AvailabilityZone=Select(0, Split(",", Ref(availability_zones))), Tags=Tags(Name=StackName), )) route_table = template.add_resource( RouteTable( "RouteTable0", VpcId=Ref(vpc), Tags=Tags(Name=StackName), )) internet_route = template.add_resource( Route( "InternetRoute0", DestinationCidrBlock="0.0.0.0/0", GatewayId=Ref(internet_gateway), RouteTableId=Ref(route_table), DependsOn=[vpc_gateway_attachment], )) template.add_resource( SubnetRouteTableAssociation( "SubnetRouteTableAssocation0", RouteTableId=Ref(route_table), SubnetId=Ref(subnet), )) template.add_output(Output( "VpcId", Value=Ref(vpc), )) template.add_output(Output( "SubnetIds", Value=Ref(subnet), )) return template
GroupId=Ref("CustomSg"), IpProtocol="-1", FromPort="0", ToPort="0", CidrIp="0.0.0.0/0") ]) for _ in range(subnetcount): if _ % 2 is 0: typ = "Public" else: typ = "Private" t.add_resource( Subnet(F"S{_}", AvailabilityZone=fazes[_], CidrBlock=Select(_, Cidr(cidr, subnetcount, subnetmask)), VpcId=Ref("vpc"), Tags=Tags(Name=F"{stackname}-{typ}-Subnet"))) for _ in range(subnetcount): if _ % 2 is 0: t.add_resource( SubnetRouteTableAssociation(F"S{_}RTA", RouteTableId=Ref("PublicRt"), SubnetId=Ref(F"S{_}"))) else: t.add_resource( SubnetRouteTableAssociation(F"S{_}RTA", RouteTableId=Ref("PrivateRt"), SubnetId=Ref(F"S{_}")))
from troposphere import Template, Ref, GetAtt, Select, Cidr import troposphere.ec2 as ec2 t = Template() r_vpc = t.add_resource(ec2.VPC('VPC', CidrBlock='10.0.0.0/24')) r_subnet_az1 = t.add_resource( ec2.Subnet('SubnetAz1', CidrBlock=Select(0, Cidr(GetAtt(r_vpc, 'CidrBlock'), 2, 7)), VpcId=Ref(r_vpc), AvailabilityZone='eu-west-1a')) print(t.to_yaml())