def create_config(bosslet_config):
session = bosslet_config.session
names = bosslet_config.names
config = CloudFormationConfiguration("dynamolambda", bosslet_config)
role = aws.role_arn_lookup(session, "lambda_cache_execution")
config.add_arg(
Arg.String("LambdaCacheExecutionRole", role,
"IAM role for " + names.multi_lambda.lambda_))
config.add_lambda(DYNAMO_LAMBDA_KEY,
names.dynamo_lambda.lambda_,
Ref("LambdaCacheExecutionRole"),
handler="index.handler",
timeout=120,
memory=128,
runtime="nodejs8.10",
reserved_executions=1)
config.add_cloudwatch_rule(TRIGGER_KEY,
name=names.trigger_dynamo_autoscale.cw,
description='Run DynamoDB table autoscaler',
targets=[{
'Arn': Arn(DYNAMO_LAMBDA_KEY),
'Id': names.vault_monitor.lambda_,
}],
schedule='rate(1 minute)',
depends_on=[DYNAMO_LAMBDA_KEY])
config.add_lambda_permission('TriggerPerms',
names.dynamo_lambda.lambda_,
principal='events.amazonaws.com',
source=Arn(TRIGGER_KEY))
return config
def create_config(session, domain):
"""
Create the CloudFormationConfiguration object.
Args:
session (Session): amazon session object
domain (str): domain of the stack being created
Returns: the config for the Cloud Formation stack
"""
names = AWSNames(domain)
config = CloudFormationConfiguration("dynamolambda", domain, const.REGION)
role = aws.role_arn_lookup(session, "lambda_cache_execution")
config.add_arg(Arg.String("LambdaCacheExecutionRole", role,
"IAM role for multilambda." + domain))
lambda_bucket = aws.get_lambda_s3_bucket(session)
lambda_key = generate_lambda_key(domain)
config.add_lambda(DYNAMO_LAMBDA_KEY,
names.dynamo_lambda,
Ref("LambdaCacheExecutionRole"),
s3=(aws.get_lambda_s3_bucket(session),
lambda_key,
"index.handler"),
timeout=120,
memory=128,
runtime="nodejs6.10",
reserved_executions=1)
config.add_cloudwatch_rule(TRIGGER_KEY,
name=names.trigger_dynamo_autoscale,
description='Run DynamoDB table autoscaler',
targets=[
{
'Arn': Arn(DYNAMO_LAMBDA_KEY),
'Id': names.vault_monitor,
}
],
schedule='rate(1 minute)',
depends_on=[DYNAMO_LAMBDA_KEY])
config.add_lambda_permission('TriggerPerms',
names.dynamo_lambda,
principal='events.amazonaws.com',
source=Arn(TRIGGER_KEY))
return config
def create_config(session, domain):
"""
Create the CloudFormationConfiguration object.
Args:
session (Session): amazon session object
domain (str): domain of the stack being created
Returns: the config for the Cloud Formation stack
"""
names = AWSNames(domain)
config = CloudFormationConfiguration("dynamolambda", domain, const.REGION)
role = aws.role_arn_lookup(session, "lambda_cache_execution")
config.add_arg(
Arg.String("LambdaCacheExecutionRole", role,
"IAM role for multilambda." + domain))
lambda_bucket = aws.get_lambda_s3_bucket(session)
lambda_key = generate_lambda_key(domain)
config.add_lambda(DYNAMO_LAMBDA_KEY,
names.dynamo_lambda,
Ref("LambdaCacheExecutionRole"),
s3=(aws.get_lambda_s3_bucket(session), lambda_key,
"index.handler"),
timeout=120,
memory=128,
runtime="nodejs6.10")
config.add_cloudwatch_rule(TRIGGER_KEY,
name=names.trigger_dynamo_autoscale,
description='Run DynamoDB table autoscaler',
targets=[{
'Arn': Arn(DYNAMO_LAMBDA_KEY),
'Id': names.vault_monitor,
}],
schedule='rate(1 minute)',
depends_on=[DYNAMO_LAMBDA_KEY])
config.add_lambda_permission('TriggerPerms',
names.dynamo_lambda,
principal='events.amazonaws.com',
source=Arn(TRIGGER_KEY))
return config
def create_config(bosslet_config):
"""Create the CloudFormationConfiguration object.
:arg session used to perform lookups
:arg domain DNS name of vpc
"""
config = CloudFormationConfiguration('cloudwatch', bosslet_config)
names = bosslet_config.names
session = bosslet_config.session
domain = bosslet_config.INTERNAL_DOMAIN
vpc_id = config.find_vpc()
lambda_subnets, _ = config.find_all_subnets(compatibility='lambda')
internal_sg = aws.sg_lookup(session, vpc_id, names.internal.sg)
loadbalancer_name = names.endpoint_elb.dns
if not aws.lb_lookup(session, loadbalancer_name):
raise MissingResourceError('ELB', loadbalancer_name)
# TODO Test that MailingListTopic is working.
production_mailing_list = bosslet_config.ALERT_TOPIC
mailing_list_arn = aws.sns_topic_lookup(session, production_mailing_list)
if mailing_list_arn is None:
raise MissingResourceError('SNS topic', bosslet_config.ALERT_TOPIC)
config.add_cloudwatch(loadbalancer_name, [mailing_list_arn])
lambda_role = aws.role_arn_lookup(session, 'VaultConsulHealthChecker')
config.add_arg(
Arg.String('VaultConsulHealthChecker', lambda_role,
'IAM role for vault/consul health check'))
config.add_lambda('VaultLambda',
names.vault_monitor.lambda_,
description='Check health of vault instances.',
timeout=30,
role=Ref('VaultConsulHealthChecker'),
security_groups=[internal_sg],
subnets=lambda_subnets,
handler='index.lambda_handler',
file=const.VAULT_LAMBDA)
# Lambda input data
json_str = json.dumps({
'hostname': names.vault.dns,
})
config.add_cloudwatch_rule('VaultCheck',
name=names.vault_check.cw,
description='Check health of vault instances.',
targets=[
{
'Arn': Arn('VaultLambda'),
'Id': names.vault_monitor.lambda_,
'Input': json_str
},
],
schedule='rate(2 minutes)',
depends_on=['VaultLambda'])
config.add_lambda_permission('VaultPerms',
names.vault_monitor.lambda_,
principal='events.amazonaws.com',
source=Arn('VaultCheck'))
return config
def create_config(session, domain):
"""Create the CloudFormationConfiguration object.
:arg session used to perform lookups
:arg domain DNS name of vpc
"""
config = CloudFormationConfiguration('cloudwatch', domain)
names = AWSNames(domain)
vpc_id = config.find_vpc(session)
lambda_subnets, _ = config.find_all_availability_zones(session, lambda_compatible_only=True)
internal_sg = aws.sg_lookup(session, vpc_id, names.internal)
loadbalancer_name = names.endpoint_elb
if not aws.lb_lookup(session, loadbalancer_name):
raise Exception("Invalid load balancer name: " + loadbalancer_name)
# TODO Test that MailingListTopic is working.
production_mailing_list = const.PRODUCTION_MAILING_LIST
mailing_list_arn = aws.sns_topic_lookup(session, production_mailing_list)
if mailing_list_arn is None:
#config.add_sns_topic("topicList", production_mailing_list)
msg = "MailingList {} needs to be created before running config"
raise Exception(msg.format(const.PRODUCTION_MAILING_LIST))
config.add_cloudwatch(loadbalancer_name, [mailing_list_arn])
lambda_role = aws.role_arn_lookup(session, 'VaultConsulHealthChecker')
config.add_arg(Arg.String(
'VaultConsulHealthChecker', lambda_role,
'IAM role for vault/consul health check.' + domain))
config.add_lambda('VaultLambda',
names.vault_monitor,
description='Check health of vault instances.',
timeout=30,
role=Ref('VaultConsulHealthChecker'),
security_groups=[internal_sg],
subnets=lambda_subnets,
handler='index.lambda_handler',
file=const.VAULT_LAMBDA)
config.add_lambda('ConsulLambda',
names.consul_monitor,
description='Check health of vault instances.',
timeout=30,
role=Ref('VaultConsulHealthChecker'),
security_groups=[internal_sg],
subnets=lambda_subnets,
handler='index.lambda_handler',
file=const.CONSUL_LAMBDA)
# Lambda input data
json_str = json.dumps({
'vpc_id': vpc_id,
'vpc_name': domain,
'topic_arn': mailing_list_arn,
})
config.add_cloudwatch_rule('VaultConsulCheck',
name=names.vault_consul_check,
description='Check health of vault and consul instances.',
targets=[
{
'Arn': Arn('VaultLambda'),
'Id': names.vault_monitor,
'Input': json_str
},
{
'Arn': Arn('ConsulLambda'),
'Id': names.consul_monitor,
'Input': json_str
},
],
schedule='rate(1 minute)',
depends_on=['VaultLambda', 'ConsulLambda'])
config.add_lambda_permission('VaultPerms',
names.vault_monitor,
principal='events.amazonaws.com',
source=Arn('VaultConsulCheck'))
config.add_lambda_permission('ConsulPerms',
names.consul_monitor,
principal='events.amazonaws.com',
source=Arn('VaultConsulCheck'))
return config
def create_config(bosslet_config):
names = bosslet_config.names
session = bosslet_config.session
config = CloudFormationConfiguration('redis', bosslet_config)
vpc_id = config.find_vpc()
internal_subnets, external_subnets = config.find_all_subnets()
sgs = aws.sg_lookup_all(session, vpc_id)
# Create the Cache and CacheState Redis Clusters
REDIS_PARAMETERS = {
"maxmemory-policy": "volatile-lru",
"reserved-memory-percent": str(const.REDIS_RESERVED_MEMORY_PERCENT),
"maxmemory-samples": "5", # ~ 5 - 10
}
config.add_redis_replication("Cache",
names.cache.redis,
internal_subnets, [sgs[names.internal.sg]],
type_=const.REDIS_CACHE_TYPE,
version="3.2.4",
clusters=const.REDIS_CLUSTER_SIZE,
parameters=REDIS_PARAMETERS)
config.add_redis_replication("CacheState",
names.cache_state.redis,
internal_subnets, [sgs[names.internal.sg]],
type_=const.REDIS_TYPE,
version="3.2.4",
clusters=const.REDIS_CLUSTER_SIZE)
# This one may not be created depending on the scenario type.
if const.REDIS_SESSION_TYPE is not None:
config.add_redis_replication("CacheSession",
names.cache_session.redis,
internal_subnets,
[sgs[names.internal.sg]],
type_=const.REDIS_SESSION_TYPE,
version="3.2.4",
clusters=1)
if const.REDIS_THROTTLE_TYPE is not None:
vpc_id = config.find_vpc()
internal_sg = aws.sg_lookup(session, vpc_id, names.internal.sg)
lambda_subnets, _ = config.find_all_subnets(compatibility='lambda')
config.add_redis_replication("CacheThrottle",
names.cache_throttle.redis,
internal_subnets,
[sgs[names.internal.sg]],
type_=const.REDIS_THROTTLE_TYPE,
version="3.2.4",
clusters=1)
config.add_lambda("CacheThrottleLambda",
names.cache_throttle.lambda_,
aws.role_arn_lookup(session,
'lambda_basic_execution'),
description="Reset Boss throttling metrics",
security_groups=[internal_sg],
subnets=lambda_subnets,
handler='index.handler',
timeout=120,
memory=1024)
# Schedule the lambda to be executed at midnight for the timezone where the bosslet is located
hour = TIMEZONE_OFFSET.get(bosslet_config.REGION, 0)
schedule = 'cron(0 {} * * ? *)'.format(hour)
config.add_cloudwatch_rule(
'CacheThrottleReset',
name=names.cache_throttle.cw,
description='Reset the current Boss throttling metrics',
targets=[
{
'Arn': Arn('CacheThrottleLambda'),
'Id': names.cache_throttle.lambda_,
'Input': json.dumps({'host': names.cache_throttle.redis}),
},
],
schedule=schedule,
depends_on=['CacheThrottleLambda'])
config.add_lambda_permission('CacheThrottlePerms',
names.cache_throttle.lambda_,
principal='events.amazonaws.com',
source=Arn('CacheThrottleReset'))
return config
def create_config(session, domain):
"""Create the CloudFormationConfiguration object.
:arg session used to perform lookups
:arg domain DNS name of vpc
"""
config = CloudFormationConfiguration('cloudwatch', domain)
names = AWSNames(domain)
vpc_id = config.find_vpc(session)
lambda_subnets, _ = config.find_all_availability_zones(
session, lambda_compatible_only=True)
internal_sg = aws.sg_lookup(session, vpc_id, names.internal)
loadbalancer_name = names.endpoint_elb
if not aws.lb_lookup(session, loadbalancer_name):
raise Exception("Invalid load balancer name: " + loadbalancer_name)
# TODO Test that MailingListTopic is working.
production_mailing_list = const.PRODUCTION_MAILING_LIST
mailing_list_arn = aws.sns_topic_lookup(session, production_mailing_list)
if mailing_list_arn is None:
#config.add_sns_topic("topicList", production_mailing_list)
msg = "MailingList {} needs to be created before running config"
raise Exception(msg.format(const.PRODUCTION_MAILING_LIST))
config.add_cloudwatch(loadbalancer_name, [mailing_list_arn])
lambda_role = aws.role_arn_lookup(session, 'VaultConsulHealthChecker')
config.add_arg(
Arg.String('VaultConsulHealthChecker', lambda_role,
'IAM role for vault/consul health check.' + domain))
config.add_lambda('VaultLambda',
names.vault_monitor,
description='Check health of vault instances.',
timeout=30,
role=Ref('VaultConsulHealthChecker'),
security_groups=[internal_sg],
subnets=lambda_subnets,
handler='index.lambda_handler',
file=const.VAULT_LAMBDA)
config.add_lambda('ConsulLambda',
names.consul_monitor,
description='Check health of vault instances.',
timeout=30,
role=Ref('VaultConsulHealthChecker'),
security_groups=[internal_sg],
subnets=lambda_subnets,
handler='index.lambda_handler',
file=const.CONSUL_LAMBDA)
# Lambda input data
json_str = json.dumps({
'vpc_id': vpc_id,
'vpc_name': domain,
'topic_arn': mailing_list_arn,
})
config.add_cloudwatch_rule(
'VaultConsulCheck',
name=names.vault_consul_check,
description='Check health of vault and consul instances.',
targets=[
{
'Arn': Arn('VaultLambda'),
'Id': names.vault_monitor,
'Input': json_str
},
{
'Arn': Arn('ConsulLambda'),
'Id': names.consul_monitor,
'Input': json_str
},
],
schedule='rate(1 minute)',
depends_on=['VaultLambda', 'ConsulLambda'])
config.add_lambda_permission('VaultPerms',
names.vault_monitor,
principal='events.amazonaws.com',
source=Arn('VaultConsulCheck'))
config.add_lambda_permission('ConsulPerms',
names.consul_monitor,
principal='events.amazonaws.com',
source=Arn('VaultConsulCheck'))
return config