def emit_configuration():
create_bucket = template.add_parameter(
Parameter(
"CreateDeployerBucket",
Type="String",
Description="Wheter or not to create the deployer bucket",
Default='no',
AllowedValues=['yes', 'no']
)
)
condition_name = "DeployerBucketCondition"
conditions = {
condition_name: Equals(
Ref(create_bucket), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c]),
bucket_name = Join('.', ['deployer', CLOUDNAME, Ref("AWS::Region"), CLOUDENV, 'leafme'])
bucket = template.add_resource(
Bucket(
"DeployerBucket",
BucketName=bucket_name,
DeletionPolicy="Retain",
Condition=condition_name
)
)
def emit_configuration():
vpc = cfn.vpcs[0]
dbname = template.add_parameter(
Parameter('RedshiftDatabaseName',
Description='The name of database to create within redshift',
Type="String",
Default="farragut",
AllowedPattern="[a-z0-9]*",
ConstraintDescription="Must be alphanumeric"))
clustertype = template.add_parameter(
Parameter('RedshiftClusterType',
Description="The type of cluster to build",
Type="String",
Default="single-node",
AllowedValues=["single-node", "multi-node"]))
numberofnodes = template.add_parameter(
Parameter(
"RedshiftNumberOfNodes",
Description="The number of compute nodes in the redshift cluster. "
"When cluster type is specified as: 1) single-node, the NumberOfNodes "
"parameter should be specified as 1, 2) multi-node, the NumberOfNodes "
"parameter should be greater than 1",
Type="Number",
Default="1",
))
nodetype = template.add_parameter(
Parameter(
"RedshiftNodeType",
Description=
"The node type to be provisioned for the redshift cluster",
Type="String",
Default="dw2.large",
))
masterusername = template.add_parameter(
Parameter("RedshiftMasterUsername",
Description=
"The user name associated with the master user account for "
"the redshift cluster that is being created",
Type="String",
Default="sa",
AllowedPattern="([a-z])([a-z]|[0-9])*"))
masteruserpassword = template.add_parameter(
Parameter(
"RedshiftMasterUserPassword",
Description=
"The password associated with the master user account for the "
"redshift cluster that is being created.",
Type="String",
NoEcho=True,
Default="LeafLeaf123"))
ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 5439)]
]
rs_security_group = template.add_resource(
SecurityGroup(
"RedshiftSecurityGroup",
GroupDescription="SecurityGroup for the {0} Redshift cluster".
format(CLOUDENV),
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title))
cluster_subnet_group = template.add_resource(
ClusterSubnetGroup(
"RedshiftClusterSubnetGroup",
Description="Redshift {0} cluster subnet group".format(CLOUDENV),
SubnetIds=[
Ref(sn)
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)
]))
conditions = {
"IsMultiNodeCluster": Equals(Ref("RedshiftClusterType"), "multi-mode"),
}
for k in conditions:
template.add_condition(k, conditions[k])
redshiftcluster = template.add_resource(
Cluster("RedshiftCluster",
ClusterType=Ref("RedshiftClusterType"),
NumberOfNodes=If("IsMultiNodeCluster",
Ref("RedshiftNumberOfNodes"),
Ref("AWS::NoValue")),
NodeType=Ref("RedshiftNodeType"),
DBName=Ref("RedshiftDatabaseName"),
MasterUsername=Ref("RedshiftMasterUsername"),
MasterUserPassword=Ref("RedshiftMasterUserPassword"),
ClusterParameterGroupName=Ref("RedshiftClusterParameterGroup"),
DeletionPolicy="Snapshot",
ClusterSubnetGroupName=Ref(cluster_subnet_group),
VpcSecurityGroupIds=[Ref("RedshiftSecurityGroup")],
DependsOn=[
cluster_subnet_group.title, rs_security_group.title
]))
log_activity_parameter = AmazonRedshiftParameter(
"AmazonRedshiftParameterEnableUserLogging",
ParameterName="enable_user_activity_logging",
ParameterValue="true",
)
redshiftclusterparametergroup = template.add_resource(
ClusterParameterGroup(
"RedshiftClusterParameterGroup",
Description="Cluster parameter group",
ParameterGroupFamily="redshift-1.0",
Parameters=[log_activity_parameter],
))
template.add_output(
Output(
"RedshiftClusterEndpoint",
Value=Join(":", [
GetAtt(redshiftcluster, "Endpoint.Address"),
GetAtt(redshiftcluster, "Endpoint.Port")
]),
))
def emit_configuration():
vpc = cfn.vpcs[0]
region = Ref("AWS::Region")
zookeeper_instance_class = template.add_parameter(
Parameter(
'ZookeeperInstanceType', Type='String', Default='m3.medium',
Description='Zookeeper instance type',
AllowedValues=cfn.usable_instances(),
ConstraintDescription='Instance size must be a valid instance type'
)
)
create_zookeeper_bucket = template.add_parameter(
Parameter(
'CreateZookeeperBucket',
Type='String',
Description='Whether or not to create the Zookeeper bucket. This option is provided in case the bucket already exists.',
Default='no',
AllowedValues=['yes', 'no'],
ConstraintDescription='Answer must be yes or no'
)
)
conditions = {
"ZookeeperBucketCondition": Equals(
Ref(create_zookeeper_bucket), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c])
ingress_rules = [
SecurityGroupRule(
IpProtocol='tcp', CidrIp='{0}.0.0/16'.format(CIDR_PREFIX), FromPort=p, ToPort=p
) for p in [2181, 8080]
]
ingress_rules.append(
SecurityGroupRule(
IpProtocol='tcp', CidrIp=DEFAULT_ROUTE, FromPort=22, ToPort=2222
)
)
zookeeper_sg = template.add_resource(
SecurityGroup(
"Zookeeper",
GroupDescription="Security Group for ZooKeeper instances",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title
)
)
# Now add in another ingress rule that allows zookeepers to talk to each other
# in the same SG
for port in [2888, 3888]:
template.add_resource(
SecurityGroupIngress(
"ZookeeperSelfIngress{0}".format(port),
IpProtocol='tcp',
FromPort=port,
ToPort=port,
GroupId=Ref(zookeeper_sg),
SourceSecurityGroupId=Ref(zookeeper_sg),
DependsOn=zookeeper_sg.title
)
)
# Create the zookeeper s3 bucket
zookeeper_bucket_name = Join('.', ['zookeeper', CLOUDNAME, region, CLOUDENV, 'leafme'])
zookeeper_bucket = template.add_resource(
Bucket(
"ZookeeperBucket",
BucketName=zookeeper_bucket_name,
DeletionPolicy='Retain',
Condition="ZookeeperBucketCondition"
)
)
zookeeper_role_name = '.'.join(['zookeeper', CLOUDNAME, CLOUDENV])
zookeeper_iam_role = template.add_resource(
Role(
"ZookeeperIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="ZookeeperDefaultPolicy",
PolicyDocument=json.loads(cfn.load_template("default_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }
))
),
Policy(
PolicyName="ZookeeperPolicy",
PolicyDocument=json.loads(cfn.load_template("zookeeper_policy.json.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
))
)
],
DependsOn=vpc.title
)
)
zookeeper_instance_profile = template.add_resource(
InstanceProfile(
"zookeeperInstanceProfile",
Path="/",
Roles=[Ref(zookeeper_iam_role)],
DependsOn=zookeeper_iam_role.title
)
)
zookeeper_user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "zookeeper"}
)
# Launch Configuration for zookeepers
zookeeper_launchcfg = template.add_resource(
LaunchConfiguration(
"ZookeeperLaunchConfiguration",
ImageId=FindInMap('RegionMap', region, int(cfn.Amis.INSTANCE)),
InstanceType=Ref(zookeeper_instance_class),
IamInstanceProfile=Ref(zookeeper_instance_profile),
AssociatePublicIpAddress=not USE_PRIVATE_SUBNETS,
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(zookeeper_sg)],
DependsOn=[zookeeper_instance_profile.title, zookeeper_sg.title],
UserData=Base64(zookeeper_user_data)
)
)
# Create the zookeeper autoscaling group
zookeeper_asg_name = '.'.join(['zookeeper', CLOUDNAME, CLOUDENV])
zookeeper_asg = template.add_resource(
AutoScalingGroup(
"ZookeeperASG",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="3",
LaunchConfigurationName=Ref(zookeeper_launchcfg),
MinSize="3",
MaxSize="3",
NotificationConfiguration=autoscaling.NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.MASTER)]
)
)
def emit_configuration():
vpc = cfn.vpcs[0]
instance_class = template.add_parameter(
Parameter(
'RegistryInstanceType', Type='String', Default='m3.medium',
Description='Registry instance type',
AllowedValues=cfn.usable_instances(),
)
)
create_bucket = template.add_parameter(
Parameter(
'CreateDockerRegistryBucket',
Type='String',
Description='Whether or not to create the Docker Registry bucket.',
Default='no',
AllowedValues=['yes', 'no']
)
)
condition_name = "DockerRegistryBucketCondition"
conditions = {
condition_name: Equals(
Ref(create_bucket), "yes"
)
}
for c in conditions:
template.add_condition(c, conditions[c])
# Create the registry bucket
bucket_name = Join('.', ['docker-registry', CLOUDNAME, Ref("AWS::Region"), CLOUDENV, 'leafme'])
bucket = template.add_resource(
Bucket(
"DockerRegistryBucket",
BucketName=bucket_name,
DeletionPolicy='Retain',
Condition=condition_name
)
)
ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 80), ('tcp', 22)]
]
sg = template.add_resource(
SecurityGroup(
"DockerRegistry",
GroupDescription="Security Group for Docker Registries",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title
)
)
policy_vars = { "env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1" }
# IAM role for docker registry
policy = json.loads(cfn.load_template("registry_policy.json.j2", policy_vars))
default_policy = json.loads(cfn.load_template("default_policy.json.j2", policy_vars))
iam_role = template.add_resource(
Role(
"DockerRegistryIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(
PolicyName="RegistryDefaultPolicy",
PolicyDocument=default_policy
),
Policy(
PolicyName="RegistryPolicy",
PolicyDocument=policy
)
],
DependsOn=vpc.title
)
)
instance_profile = template.add_resource(
InstanceProfile(
"DockerRegistryInstanceProfile",
Path="/",
Roles=[Ref(iam_role)],
DependsOn=iam_role.title
)
)
user_data = cfn.load_template("default-init.bash.j2",
{"env": CLOUDENV, "cloud": CLOUDNAME, "deploy": "docker_registry"}
)
launch_config = template.add_resource(
LaunchConfiguration(
"RegistryLaunchConfiguration",
ImageId=FindInMap('RegionMap', Ref("AWS::Region"), int(cfn.Amis.INSTANCE)),
InstanceType=Ref(instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(sg)],
DependsOn=[instance_profile.title, sg.title],
AssociatePublicIpAddress=False,
UserData=Base64(user_data)
)
)
asg = template.add_resource(
AutoScalingGroup(
"RegistryAutoscalingGroup",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(launch_config),
MinSize="1",
MaxSize="1",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH, EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]
),
VPCZoneIdentifier=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)],
DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)]
)
)
def emit_configuration():
vpc = cfn.vpcs[0]
instance_class = template.add_parameter(
Parameter(
'RegistryInstanceType',
Type='String',
Default='m3.medium',
Description='Registry instance type',
AllowedValues=cfn.usable_instances(),
))
create_bucket = template.add_parameter(
Parameter(
'CreateDockerRegistryBucket',
Type='String',
Description='Whether or not to create the Docker Registry bucket.',
Default='no',
AllowedValues=['yes', 'no']))
condition_name = "DockerRegistryBucketCondition"
conditions = {condition_name: Equals(Ref(create_bucket), "yes")}
for c in conditions:
template.add_condition(c, conditions[c])
# Create the registry bucket
bucket_name = Join(
'.',
['docker-registry', CLOUDNAME,
Ref("AWS::Region"), CLOUDENV, 'leafme'])
bucket = template.add_resource(
Bucket("DockerRegistryBucket",
BucketName=bucket_name,
DeletionPolicy='Retain',
Condition=condition_name))
ingress_rules = [
SecurityGroupRule(IpProtocol=p[0],
CidrIp=DEFAULT_ROUTE,
FromPort=p[1],
ToPort=p[1]) for p in [('tcp', 80), ('tcp', 22)]
]
sg = template.add_resource(
SecurityGroup("DockerRegistry",
GroupDescription="Security Group for Docker Registries",
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title))
policy_vars = {"env": CLOUDENV, "cloud": CLOUDNAME, "region": "us-east-1"}
# IAM role for docker registry
policy = json.loads(
cfn.load_template("registry_policy.json.j2", policy_vars))
default_policy = json.loads(
cfn.load_template("default_policy.json.j2", policy_vars))
iam_role = template.add_resource(
Role("DockerRegistryIamRole",
AssumeRolePolicyDocument=ASSUME_ROLE_POLICY,
Path="/",
Policies=[
Policy(PolicyName="RegistryDefaultPolicy",
PolicyDocument=default_policy),
Policy(PolicyName="RegistryPolicy", PolicyDocument=policy)
],
DependsOn=vpc.title))
instance_profile = template.add_resource(
InstanceProfile("DockerRegistryInstanceProfile",
Path="/",
Roles=[Ref(iam_role)],
DependsOn=iam_role.title))
user_data = cfn.load_template("default-init.bash.j2", {
"env": CLOUDENV,
"cloud": CLOUDNAME,
"deploy": "docker_registry"
})
launch_config = template.add_resource(
LaunchConfiguration("RegistryLaunchConfiguration",
ImageId=FindInMap('RegionMap', Ref("AWS::Region"),
int(cfn.Amis.INSTANCE)),
InstanceType=Ref(instance_class),
IamInstanceProfile=Ref(instance_profile),
KeyName=Ref(cfn.keyname),
SecurityGroups=[Ref(sg)],
DependsOn=[instance_profile.title, sg.title],
AssociatePublicIpAddress=False,
UserData=Base64(user_data)))
asg = template.add_resource(
AutoScalingGroup(
"RegistryAutoscalingGroup",
AvailabilityZones=cfn.get_asg_azs(),
DesiredCapacity="1",
LaunchConfigurationName=Ref(launch_config),
MinSize="1",
MaxSize="1",
NotificationConfiguration=NotificationConfiguration(
TopicARN=Ref(cfn.alert_topic),
NotificationTypes=[
EC2_INSTANCE_TERMINATE, EC2_INSTANCE_LAUNCH,
EC2_INSTANCE_LAUNCH_ERROR, EC2_INSTANCE_TERMINATE_ERROR
]),
VPCZoneIdentifier=[
Ref(sn)
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)
],
DependsOn=[
sn.title
for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.PLATFORM)
]))
def emit_configuration():
vpc = cfn.vpcs[0]
dbname = template.add_parameter(
Parameter(
'RedshiftDatabaseName',
Description='The name of database to create within redshift',
Type="String",
Default="farragut",
AllowedPattern="[a-z0-9]*",
ConstraintDescription="Must be alphanumeric"
)
)
clustertype = template.add_parameter(
Parameter(
'RedshiftClusterType',
Description="The type of cluster to build",
Type="String",
Default="single-node",
AllowedValues=["single-node", "multi-node"]
)
)
numberofnodes = template.add_parameter(
Parameter(
"RedshiftNumberOfNodes",
Description="The number of compute nodes in the redshift cluster. "
"When cluster type is specified as: 1) single-node, the NumberOfNodes "
"parameter should be specified as 1, 2) multi-node, the NumberOfNodes "
"parameter should be greater than 1",
Type="Number",
Default="1",
)
)
nodetype = template.add_parameter(
Parameter(
"RedshiftNodeType",
Description="The node type to be provisioned for the redshift cluster",
Type="String",
Default="dw2.large",
)
)
masterusername = template.add_parameter(Parameter(
"RedshiftMasterUsername",
Description="The user name associated with the master user account for "
"the redshift cluster that is being created",
Type="String",
Default="sa",
AllowedPattern="([a-z])([a-z]|[0-9])*"
))
masteruserpassword = template.add_parameter(Parameter(
"RedshiftMasterUserPassword",
Description="The password associated with the master user account for the "
"redshift cluster that is being created.",
Type="String",
NoEcho=True,
Default="LeafLeaf123"
))
ingress_rules = [
SecurityGroupRule(
IpProtocol=p[0], CidrIp=DEFAULT_ROUTE, FromPort=p[1], ToPort=p[1]
) for p in [('tcp', 5439)]
]
rs_security_group = template.add_resource(
SecurityGroup(
"RedshiftSecurityGroup",
GroupDescription="SecurityGroup for the {0} Redshift cluster".format(CLOUDENV),
VpcId=Ref(vpc),
SecurityGroupIngress=ingress_rules,
DependsOn=vpc.title
)
)
cluster_subnet_group = template.add_resource(
ClusterSubnetGroup(
"RedshiftClusterSubnetGroup",
Description="Redshift {0} cluster subnet group".format(CLOUDENV),
SubnetIds=[Ref(sn) for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)],
DependsOn=[sn.title for sn in cfn.get_vpc_subnets(vpc, cfn.SubnetTypes.DATABASE)]
)
)
conditions = {
"IsMultiNodeCluster": Equals(
Ref("RedshiftClusterType"),
"multi-mode"
),
}
for k in conditions:
template.add_condition(k, conditions[k])
redshiftcluster = template.add_resource(Cluster(
"RedshiftCluster",
ClusterType=Ref("RedshiftClusterType"),
NumberOfNodes=If("IsMultiNodeCluster",
Ref("RedshiftNumberOfNodes"), Ref("AWS::NoValue")),
NodeType=Ref("RedshiftNodeType"),
DBName=Ref("RedshiftDatabaseName"),
MasterUsername=Ref("RedshiftMasterUsername"),
MasterUserPassword=Ref("RedshiftMasterUserPassword"),
ClusterParameterGroupName=Ref("RedshiftClusterParameterGroup"),
DeletionPolicy="Snapshot",
ClusterSubnetGroupName=Ref(cluster_subnet_group),
VpcSecurityGroupIds=[Ref("RedshiftSecurityGroup")],
DependsOn=[cluster_subnet_group.title, rs_security_group.title]
))
log_activity_parameter = AmazonRedshiftParameter(
"AmazonRedshiftParameterEnableUserLogging",
ParameterName="enable_user_activity_logging",
ParameterValue="true",
)
redshiftclusterparametergroup = template.add_resource(ClusterParameterGroup(
"RedshiftClusterParameterGroup",
Description="Cluster parameter group",
ParameterGroupFamily="redshift-1.0",
Parameters=[log_activity_parameter],
))
template.add_output(Output(
"RedshiftClusterEndpoint",
Value=Join(":", [GetAtt(redshiftcluster, "Endpoint.Address"),
GetAtt(redshiftcluster, "Endpoint.Port")]),
))
