예제 #1
0
def routeTablePub(vpc, gateway):
    resp = ec2.RouteTable("Pulumi Public Route Table", vpc_id=vpc)

    route1 = ec2.Route(
        "Default Out",
        destination_cidr_block="0.0.0.0/0",
        gateway_id=gateway,
        route_table_id=resp,
    )
    return resp
예제 #2
0
    def __init__(self,
                 name: str,
                 args: VpcArgs,
                 opts: pulumi.ResourceOptions = None):
        """
        Constructs a Vpc.

        :param name: The Pulumi resource name. Child resource names are constructed based on this.
        :param args: A VpcArgs object containing the arguments for VPC constructin.
        :param opts: A pulumi.ResourceOptions object.
        """
        super().__init__('Vpc', name, None, opts)

        # Make base info available to other methods
        self.name = name
        self.description = args.description
        self.base_tags = args.base_tags

        # Create VPC and Internet Gateway resources
        self.vpc = ec2.Vpc(f"{name}-vpc",
                           cidr_block=args.base_cidr,
                           enable_dns_hostnames=True,
                           enable_dns_support=True,
                           tags={
                               **args.base_tags, "Name":
                               f"{args.description} VPC"
                           },
                           opts=pulumi.ResourceOptions(parent=self, ))

        self.internet_gateway = ec2.InternetGateway(
            f"{name}-igw",
            vpc_id=self.vpc.id,
            tags={
                **args.base_tags, "Name":
                f"{args.description} VPC Internet Gateway"
            },
            opts=pulumi.ResourceOptions(parent=self.vpc, ))

        # Calculate subnet CIDR blocks and create subnets
        subnet_distributor = SubnetDistributor(
            args.base_cidr, len(args.availability_zone_names))

        self.public_subnets = [
            ec2.Subnet(f"{name}-public-subnet-{i}",
                       vpc_id=self.vpc.id,
                       cidr_block=cidr,
                       availability_zone=args.availability_zone_names[i],
                       map_public_ip_on_launch=True,
                       tags={
                           **args.base_tags, "Name":
                           f"${args.description} Public Subnet {i}"
                       },
                       opts=pulumi.ResourceOptions(parent=self.vpc, ))
            for i, cidr in enumerate(subnet_distributor.public_subnets)
        ]

        self.private_subnets = [
            ec2.Subnet(f"{name}-private-subnet-{i}",
                       vpc_id=self.vpc.id,
                       cidr_block=cidr,
                       availability_zone=args.availability_zone_names[i],
                       tags={
                           **args.base_tags, "Name":
                           f"${args.description} Private Subnet {i}"
                       },
                       opts=pulumi.ResourceOptions(parent=self.vpc, ))
            for i, cidr in enumerate(subnet_distributor.private_subnets)
        ]

        # Adopt the default route table for this VPC and adapt it for use with public subnets
        self.public_route_table = ec2.DefaultRouteTable(
            f"{name}-public-rt",
            default_route_table_id=self.vpc.default_route_table_id,
            tags={
                **args.base_tags, "Name":
                f"${args.description} Public Route Table"
            },
            opts=pulumi.ResourceOptions(parent=self.vpc, ))

        ec2.Route(f"{name}-route-public-sn-to-ig",
                  route_table_id=self.public_route_table.id,
                  destination_cidr_block="0.0.0.0/0",
                  gateway_id=self.internet_gateway.id,
                  opts=pulumi.ResourceOptions(parent=self.public_route_table))

        for i, subnet in enumerate(self.public_subnets):
            ec2.RouteTableAssociation(
                f"{name}-public-rta-{i + 1}",
                subnet_id=subnet.id,
                route_table_id=self.public_route_table,
                opts=pulumi.ResourceOptions(parent=self.public_route_table))

        self.nat_elastic_ip_addresses: [ec2.Eip] = list()
        self.nat_gateways: [ec2.NatGateway] = list()
        self.private_route_tables: [ec2.RouteTable] = list()

        # Create a NAT Gateway and appropriate route table for each private subnet
        for i, subnet in enumerate(self.private_subnets):
            self.nat_elastic_ip_addresses.append(
                ec2.Eip(f"{name}-nat-{i + 1}",
                        tags={
                            **args.base_tags, "Name":
                            f"{args.description} NAT Gateway EIP {i + 1}"
                        },
                        opts=pulumi.ResourceOptions(parent=subnet)))

            self.nat_gateways.append(
                ec2.NatGateway(
                    f"{name}-nat-gateway-{i + 1}",
                    allocation_id=self.nat_elastic_ip_addresses[i].id,
                    subnet_id=self.public_subnets[i].id,
                    tags={
                        **args.base_tags, "Name":
                        f"{args.description} NAT Gateway {i + 1}"
                    },
                    opts=pulumi.ResourceOptions(parent=subnet)))

            self.private_route_tables.append(
                ec2.RouteTable(f"{name}-private-rt-{i + 1}",
                               vpc_id=self.vpc.id,
                               tags={
                                   **args.base_tags, "Name":
                                   f"{args.description} Private RT {i + 1}"
                               },
                               opts=pulumi.ResourceOptions(parent=subnet)))

            ec2.Route(f"{name}-route-private-sn-to-nat-{i + 1}",
                      route_table_id=self.private_route_tables[i].id,
                      destination_cidr_block="0.0.0.0/0",
                      nat_gateway_id=self.nat_gateways[i].id,
                      opts=pulumi.ResourceOptions(
                          parent=self.private_route_tables[i]))

            ec2.RouteTableAssociation(
                f"{name}-private-rta-{i + 1}",
                subnet_id=subnet.id,
                route_table_id=self.private_route_tables[i].id,
                opts=pulumi.ResourceOptions(
                    parent=self.private_route_tables[i]))

        # Create S3 endpoint if necessary
        if args.create_s3_endpoint:
            ec2.VpcEndpoint(f"{name}-s3-endpoint",
                            vpc_id=self.vpc.id,
                            service_name=f"com.amazonaws.{config.region}.s3",
                            route_table_ids=[
                                self.public_route_table.id,
                                *[rt.id for rt in self.private_route_tables]
                            ],
                            opts=pulumi.ResourceOptions(parent=self.vpc))

        # Create DynamoDB endpoint if necessary
        if args.create_dynamodb_endpoint:
            ec2.VpcEndpoint(
                f"{name}-dynamodb-endpoint",
                vpc_id=self.vpc.id,
                service_name=f"com.amazonaws.{config.region}.dynamodb",
                route_table_ids=[
                    self.public_route_table.id,
                    *[rt.id for rt in self.private_route_tables]
                ],
                opts=pulumi.ResourceOptions(parent=self.vpc))

        super().register_outputs({})
예제 #3
0
    tags={
        'Name': 'infra public route table (front-back-autoscaling)',
        'Creator': 'timc'
    })

# AWS: source-based routing. To get closer to a specific destination CIDR,
# forward traffic to corresponding target, e.g.,
#
# Destination   Target
# 10.0.0.0/16   Local
# 172.31.0.0/16 pcx-1a2b3c4d
# 0.0.0.0/0     igw-11aa22bb

# AKA 'new-igw-route'
public_route = ec2.Route(resource_name='new-public-route',
                         destination_cidr_block='0.0.0.0/0',
                         gateway_id=igw.id,
                         route_table_id=public_subnet_rt.id)

public_subnet_rta = ec2.RouteTableAssociation(
    resource_name='new-public-subnet-rta',
    route_table_id=public_subnet_rt.id,
    subnet_id=public_subnet_1.id)

private_subnet_1 = ec2.Subnet(
    resource_name='new-private-subnet-1',
    vpc_id=vpc.id,
    cidr_block='10.0.2.0/24',
    availability_zone=_az1,
    tags={
        'Name': 'infra private subnet (front-back-autoscaling)',
        'Creator': 'timc'
예제 #4
0
                    }],
                    tags={
                        'Name': 'infra route table',
                        'Creator': 'timc'
                    })

# AWS: source-based routing. To get closer to a specific destination CIDR,
# forward traffic to corresponding target, e.g.,
#
# Destination   Target
# 10.0.0.0/16   Local
# 172.31.0.0/16 pcx-1a2b3c4d
# 0.0.0.0/0     igw-11aa22bb

route = ec2.Route('default-route',
                  destination_cidr_block='0.0.0.0/0',
                  gateway_id=igw.id,
                  route_table_id=rt.id)

# AWS: Maybe I should drop the route definition above, and use a
# MainRouteTableAssociation here. The main route table is sitting idle.

rta = ec2.RouteTableAssociation('new-rta',
                                route_table_id=rt.id,
                                subnet_id=subnet.id)

sg = ec2.SecurityGroup(resource_name='new-sg',
                       description='HTTP and SSH ingress',
                       vpc_id=vpc.id,
                       ingress=[
                           {
                               'protocol': 'tcp',
예제 #5
0
    def __init__(self):

        resource_specs = ParseYAML(resource_type).getSpecs()
        aws_vpc_id = VPCs.VPCId()
        aws_igw_id = InternetGateways.InternetGatewayId()
        aws_natgw_id = NATGateways.NATGatewayId()
        aws_subnet_id = Subnets.SubnetId()

        for rtb_name, rtb_configuration in resource_specs.items():

            # AWS Route Table Variables
            resource_name = rtb_name
            resource_vpc = rtb_configuration["vpc"]

            resource_tags = None
            resource_tags = rtb_configuration[
                "tags"] if "tags" in rtb_configuration else None

            # Getting list of tags from configuration file
            tags_list = {}
            if resource_tags is not None:
                for each_tag_name, each_tag_value in resource_tags.items():
                    tags_list.update({each_tag_name: each_tag_value})

            # Adding mandatory tags
            tags_list.update({"Name": resource_name})
            tags_list.update({
                "Project/Stack":
                pulumi.get_project() + "/" + pulumi.get_stack()
            })
            tags_list.update(resource_mandatory_tags)

            this_vpc = aws_vpc_id[str(resource_vpc)]

            #
            # Create Route Table
            #
            aws_rtb = rtb.RouteTable(resource_name,
                                     vpc_id=this_vpc,
                                     tags=tags_list)

            rtb_ids_dict.update({aws_rtb._name: aws_rtb.id})

            # Export the name of each Route Table
            pulumi.export(aws_rtb._name, aws_rtb.id)

            #
            # Route Table Routes
            #

            # Routes list
            routes_list = []

            for each_route_entry, each_route_entry_configuration in rtb_configuration[
                    "routes"].items():

                # NAT Gateways
                if each_route_entry_configuration[
                        "target_type"] == "nat_gateway":

                    this_natgw = aws_natgw_id[str(
                        each_route_entry_configuration["target"])]
                    routes_list.append(
                        rtb.Route(
                            (each_route_entry + "-route"),
                            route_table_id=aws_rtb.id,
                            destination_cidr_block=
                            each_route_entry_configuration["destination"],
                            nat_gateway_id=this_natgw))

                # Internet Gateways
                elif each_route_entry_configuration[
                        "target_type"] == "internet_gateway":

                    this_igw = aws_igw_id[str(
                        each_route_entry_configuration["target"])]
                    routes_list.append(
                        rtb.Route(
                            (each_route_entry + "-route"),
                            route_table_id=aws_rtb.id,
                            destination_cidr_block=
                            each_route_entry_configuration["destination"],
                            gateway_id=this_igw), )

                else:

                    print("ERROR | Unsupported 'target_type' found")

                for each_route_type in routes_list:

                    # print(each_route_entry)

                    rtb_route = (
                        each_route_type
                        # opts = pulumi.ResourceOptions(depends_on=[aws_rtb[resource_name]])
                    )

            #
            # Subnet Associations
            #

            # Checking if route-table: key is present
            resource_associated_subnet = None
            resource_associated_subnet = rtb_configuration[
                "associated_subnets"] if "associated_subnets" in rtb_configuration else None

            # If the key is present then we'll get the value
            # and we'll invoke the association
            if resource_associated_subnet is not None:

                subnets_count = 0

                for each_associated_subnet in resource_associated_subnet:

                    subnets_count = subnets_count + 1

                    this_subnet = aws_subnet_id[str(each_associated_subnet)]

                    route_table_association = rtb.RouteTableAssociation(
                        (resource_name + "-rtb-as-" +
                         str(subnets_count).zfill(2)),
                        subnet_id=this_subnet,
                        route_table_id=aws_rtb.id)

                    # Export the name of each Route Table Association
                    pulumi.export(route_table_association._name,
                                  route_table_association.id)
예제 #6
0
            )

        k += 1

rtb_pub = ec2.RouteTable(
    f"{APP}-rtb-pub",
    vpc_id=vpc.id,
    tags={
        'Name': 'rtb-pub',
        'Environment': _env
    }
)

rte_pub = ec2.Route(
    f"{APP}-rte-pub",
    destination_cidr_block="0.0.0.0/0",
    gateway_id=igw.id,
    route_table_id=rtb_pub.id
)

for i in subnets["public"]:
    ec2.RouteTableAssociation(
        f"{APP}-rtb-assoc-pub{i}",
        route_table_id=rtb_pub.id,
        subnet_id=subnets["public"][i]
    )

rtb_privs = []
if not ha:
    eip = ec2.Eip(
        f"{APP}-eip0",
        vpc=True,
예제 #7
0
    def __init__(
        self,
        name,
        opts=None,
    ):
        super().__init__("nuage:aws:DevelopmentEnvironment:VPC",
                         f"{name}VpcEnvironment", None, opts)

        vpc = ec2.Vpc(
            f"{name}Vpc",
            cidr_block="172.32.0.0/16",
            enable_dns_hostnames=True,
            enable_dns_support=True,
        )
        subnet_1 = ec2.Subnet(
            f"{name}VpcSubnetA",
            availability_zone="eu-west-1a",
            vpc_id=vpc.id,
            cidr_block="172.32.0.0/20",
            opts=ResourceOptions(depends_on=[vpc]),
        )
        subnet_2 = ec2.Subnet(
            f"{name}VpcSubnetB",
            availability_zone="eu-west-1b",
            vpc_id=vpc.id,
            cidr_block="172.32.16.0/20",
            opts=ResourceOptions(depends_on=[vpc]),
        )
        subnet_3 = ec2.Subnet(
            f"{name}VpcSubnetC",
            availability_zone="eu-west-1c",
            vpc_id=vpc.id,
            cidr_block="172.32.32.0/20",
            opts=ResourceOptions(depends_on=[vpc]),
        )

        private_subnet_1 = ec2.Subnet(
            f"{name}VpcPrivateSubnetA",
            availability_zone="eu-west-1a",
            vpc_id=vpc.id,
            cidr_block="172.32.48.0/20",
            opts=ResourceOptions(depends_on=[vpc]),
        )

        security_group = ec2.SecurityGroup(
            f"{name}SecurityGroup",
            vpc_id=vpc.id,
            opts=ResourceOptions(depends_on=[vpc]),
        )

        security_group_rule = ec2.SecurityGroupRule(
            f"{name}SSHRule",
            security_group_id=security_group.id,
            type="ingress",
            protocol="tcp",
            from_port=22,
            to_port=22,
            cidr_blocks=["0.0.0.0/0"],
        )

        security_group_rule = ec2.SecurityGroupRule(
            f"{name}InboundRule",
            security_group_id=security_group.id,
            type="ingress",
            protocol="all",
            from_port=0,
            to_port=65535,
            source_security_group_id=security_group.id,
        )
        security_group_rule = ec2.SecurityGroupRule(
            f"{name}OutboundRule",
            security_group_id=security_group.id,
            type="egress",
            protocol="all",
            from_port=0,
            to_port=65535,
            cidr_blocks=["0.0.0.0/0"],
        )

        subnets = [subnet_1, subnet_2, subnet_3]

        gateway = ec2.InternetGateway(
            f"{name}InternetGateway",
            vpc_id=vpc.id,
            opts=ResourceOptions(depends_on=[vpc]),
        )

        gateway_route = ec2.Route(
            f"{name}GatewayRoute",
            destination_cidr_block="0.0.0.0/0",
            gateway_id=gateway.id,
            route_table_id=vpc.default_route_table_id,
        )

        elastic_ip = ec2.Eip(f"{name}Eip",
                             vpc=True,
                             opts=ResourceOptions(depends_on=[gateway]))

        nat_gateway = ec2.NatGateway(
            f"{name}NatGateway",
            subnet_id=subnet_1.id,
            allocation_id=elastic_ip.id,
            opts=ResourceOptions(depends_on=[subnet_1, elastic_ip]),
        )

        private_route_table = ec2.RouteTable(
            f"{name}PrivateRouteTable",
            routes=[
                {
                    "cidr_block": "0.0.0.0/0",
                    "nat_gateway_id": nat_gateway.id,
                },
            ],
            vpc_id=vpc.id,
            opts=ResourceOptions(depends_on=[private_subnet_1]),
        )

        private_route_table_assoc = ec2.RouteTableAssociation(
            f"{name}PrivateRouteTableAssoc",
            route_table_id=private_route_table.id,
            subnet_id=private_subnet_1.id,
        )

        outputs = {
            "vpc": vpc,
            "security_group": security_group,
            "public_subnets": [subnet_1, subnet_2, subnet_3],
            "private_subnet": private_subnet_1,
            "nat_gateway": nat_gateway,
        }

        self.set_outputs(outputs)