def create_resource_name_join(self,
name_list,
separator,
camel_case=False,
filter_id=None,
hash_long_names=False):
# Duplicated in paco.models.base.Resource
name = big_join(name_list, separator, camel_case)
return self.create_resource_name(name,
filter_id=filter_id,
hash_long_names=hash_long_names,
camel_case=camel_case)
def set_aws_name(self,
template_name,
first_id=None,
second_id=None,
third_id=None):
if isinstance(first_id, list):
id_list = first_id
else:
id_list = [first_id, second_id, third_id]
# Exceptions: ApiGatewayRestApi | Lambda
if self.paco_ctx.legacy_flag('cftemplate_aws_name_2019_09_17') == True and \
template_name not in ['ApiGatewayRestApi', 'Lambda', 'SNSTopics']:
id_list.insert(0, template_name)
self.aws_name = utils.big_join(str_list=id_list,
separator_ch='-',
none_value_ok=True)
else:
id_list.append(template_name)
self.aws_name = utils.big_join(str_list=id_list,
separator_ch='-',
none_value_ok=True)
self.aws_name.replace('_', '-')
def create_cfn_logical_id_join(self, str_list, camel_case=False):
logical_id = big_join(str_list, '', camel_case)
return self.create_cfn_logical_id(logical_id, camel_case=camel_case)
def ec2_nat_gateway(self, network_config, nat_sg_config, nat_sg_config_ref,
nat_config):
nat_az = nat_config.availability_zone
nat_segment = nat_config.segment.split('.')[-1]
ec2_resource = {}
for az_idx in range(1, network_config.availability_zones + 1):
# Add security groups created for NAT Bastions
nat_security_groups = []
nat_security_groups.extend(nat_config.security_groups)
if nat_az == 'all':
nat_sg_id = nat_config.name + "_az" + str(az_idx)
nat_security_groups.append('paco.ref ' + nat_sg_config_ref +
'.' + nat_sg_id)
elif az_idx == int(nat_config.availability_zone):
for nat_sg_id in nat_sg_config.keys():
nat_security_groups.append('paco.ref ' +
nat_sg_config_ref + '.' +
nat_sg_id)
if nat_az == 'all' or nat_az == str(az_idx):
security_group_list_param = self.create_cfn_ref_list_param(
param_type='List<AWS::EC2::SecurityGroup::Id>',
name='NATSecurityGroupListAZ' + str(az_idx),
description=
'List of security group ids to attach to the instances.',
value=nat_security_groups,
ref_attribute='id',
)
subnet_id_param = self.create_cfn_parameter(
name=self.create_cfn_logical_id_join(
str_list=['SubnetIdAZ',
str(az_idx), nat_segment],
camel_case=True),
param_type='String',
description='SubnetId to launch an EC2 NAT instance',
value=nat_config.segment + '.az' + str(az_idx) +
'.subnet_id',
)
ref_parts = nat_config.paco_ref_parts.split('.')
instance_name = utils.big_join(str_list=[
ref_parts[1], ref_parts[2], 'NGW', nat_config.name,
'AZ' + str(az_idx)
],
separator_ch='-',
camel_case=True)
# ToDo: expose latest ami id as an API and call it directly
# SLOW: takes a couple seconds to resolve this every Paco run
latest_image_ref = Reference(
'paco.ref function.aws.ec2.ami.latest.amazon-linux-nat')
latest_image_ref.set_region(self.aws_region)
nat_ami_id = latest_image_ref.resolve(self.paco_ctx.project,
self.account_ctx)
ec2_resource[az_idx] = troposphere.ec2.Instance(
title=self.create_cfn_logical_id_join(
str_list=['EC2NATInstance',
str(az_idx)],
camel_case=True),
template=self.template,
SubnetId=troposphere.Ref(subnet_id_param),
ImageId=nat_ami_id,
InstanceType=nat_config.ec2_instance_type,
KeyName=self.paco_ctx.get_ref(nat_config.ec2_key_pair +
'.keypair_name'),
SecurityGroupIds=troposphere.Ref(
security_group_list_param),
SourceDestCheck=False,
Tags=troposphere.ec2.Tags(Name=instance_name))
ec2_instance_id_output = troposphere.Output(
title=ec2_resource[az_idx].title + 'Id',
Description="EC2 NAT Instance Id",
Value=troposphere.Ref(ec2_resource[az_idx]))
self.template.add_output(ec2_instance_id_output)
troposphere.ec2.EIP(title=self.create_cfn_logical_id_join(
str_list=['ElasticIP', str(az_idx)], camel_case=True),
template=self.template,
Domain='vpc',
InstanceId=troposphere.Ref(
ec2_resource[az_idx]))
self.register_stack_output_config(
nat_config.paco_ref_parts + ".ec2.az" + str(az_idx),
ec2_instance_id_output.title)
# Add DefaultRoute to the route tables in each AZ
for segment_ref in nat_config.default_route_segments:
segment_id = segment_ref.split('.')[-1]
# Routes
for az_idx in range(1, network_config.availability_zones + 1):
if nat_config.availability_zone == 'all':
instance_id_ref = troposphere.Ref(ec2_resource[az_idx])
else:
instance_id_ref = troposphere.Ref(
ec2_resource[int(nat_az)])
route_table_id_param = self.create_cfn_parameter(
name=self.create_cfn_logical_id_join(
str_list=['RouteTable', segment_id, 'AZ',
str(az_idx)],
camel_case=True),
param_type='String',
description='RouteTable ID for ' + segment_id + ' AZ' +
str(az_idx),
value=segment_ref + ".az{}.route_table.id".format(az_idx),
)
troposphere.ec2.Route(
title="EC2NATRouteAZ" + str(az_idx),
template=self.template,
DestinationCidrBlock="0.0.0.0/0",
InstanceId=instance_id_ref,
RouteTableId=troposphere.Ref(route_table_id_param))