def _create_from_arguments(self, name, number_of_availability_zones):
# type: (str, int) -> None
"""
Creates a new Network from the constructor arguments (i.e. not from a
VPC that already exists).
:param name: The name of the new network
:param number_of_availability_zones: The number of AZs to create subnets in
:return: None
"""
number_of_availability_zones = number_of_availability_zones or 2
if number_of_availability_zones < 1 or number_of_availability_zones >= 4:
raise RunError(
"Unsupported number of available zones for Network: " +
str(number_of_availability_zones))
self.use_private_subnets = self.use_private_subnets or False
vpc = ec2.Vpc(name,
cidr_block="10.10.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
"Name": name,
},
__opts__=ResourceOptions(parent=self))
self.vpc_id = vpc.id
self.security_group_ids = [vpc.default_security_group_id]
internet_gateway = ec2.InternetGateway(
name,
vpc_id=vpc.id,
tags={
"Name": name,
},
__opts__=ResourceOptions(parent=self))
public_route_table = ec2.RouteTable(
name,
vpc_id=vpc.id,
routes=[{
"cidrBlock": "0.0.0.0/0",
"gatewayId": internet_gateway.id
}],
tags={"Name": name},
__opts__=ResourceOptions(parent=self))
self.subnet_ids = []
self.public_subnet_ids = []
for i in range(number_of_availability_zones):
route_table, subnet = self._create_subnet(name, public_route_table,
i)
# pylint: disable=unused-variable
route_table_association = ec2.RouteTableAssociation(
"%s-%d" % (name, i),
subnet_id=subnet.id,
route_table_id=route_table.id,
__opts__=ResourceOptions(parent=self))
self.subnet_ids.append(subnet.id)
def main():
myvpc = ec2.Vpc("Pulumi VPC",
assign_generated_ipv6_cidr_block='False',
cidr_block=vpc_cidr,
enable_dns_hostnames='True',
enable_dns_support='True',
tags={"Name": "Pulumi Vpc"})
pubsubneta = subnet(vpc_network + '.0.0/24', 'a', myvpc, 'True')
pubsubnetb = subnet(vpc_network + '.1.0/24', 'b', myvpc, 'True')
pubsubnetc = subnet(vpc_network + '.2.0/24', 'c', myvpc, 'True')
privsubneta = subnet(vpc_network + '.4.0/24', 'a', myvpc, 'False')
privsubnetb = subnet(vpc_network + '.5.0/24', 'b', myvpc, 'False')
privsubnetc = subnet(vpc_network + '.6.0/24', 'c', myvpc, 'False')
dbsubneta = dbsubnet(vpc_network + '.8.0/24', 'a', myvpc)
dbsubnetb = dbsubnet(vpc_network + '.9.0/24', 'b', myvpc)
dbsubnetc = dbsubnet(vpc_network + '.10.0/24', 'c', myvpc)
igw = ec2.InternetGateway("Pulumi IGW",
tags={"Name": "Pulumi IGW"},
vpc_id=myvpc)
publicAcl(myvpc)
rtpublic = routeTablePub(myvpc, igw)
def __init__(self):
resource_specs = ParseYAML(resource_type).getSpecs()
for vpc_name, vpc_conf in resource_specs.items():
# AWS VPC Dynamic Variables
resource_name = vpc_name
resource_cidr = vpc_conf['cidr']
resource_dns_resolution = vpc_conf['dns-resolution']
resource_dns_hostnames = vpc_conf['dns-hostnames']
resource_tags = None
resource_tags = vpc_conf["tags"] if "tags" in vpc_conf else None
# Getting list of tags from configuration file
tags_list = {}
if resource_tags is not None:
for each_tag_name, each_tag_value in resource_tags.items():
tags_list.update({each_tag_name: each_tag_value})
# Add mandatory tags
tags_list.update({"Name": resource_name})
tags_list.update({
"Project/Stack":
pulumi.get_project() + "/" + pulumi.get_stack()
})
tags_list.update(resource_mandatory_tags)
# Create resource
vpc = net.Vpc(resource_name,
cidr_block=resource_cidr,
enable_dns_support=resource_dns_resolution,
enable_dns_hostnames=resource_dns_hostnames,
tags=tags_list)
# Update resource dictionary
vpc_ids_dict.update({vpc._name: vpc.id})
# Export the name of each VPC
pulumi.export(vpc._name, vpc.id)
# Copyright 2016-2020, Pulumi Corporation. All rights reserved.
import pulumi
from pulumi import Output
from pulumi_aws import applicationloadbalancing, get_availability_zones, ec2
vpc = ec2.Vpc('test',
cidr_block="10.11.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True)
internet_gateway = ec2.InternetGateway('test', vpc_id=vpc.id)
route_table = ec2.RouteTable('test',
vpc_id=vpc.id,
routes=[
ec2.RouteTableRouteArgs(
cidr_block="0.0.0.0/0",
gateway_id=internet_gateway.id)
])
zones = Output.from_input(get_availability_zones())
zone_names = zones.apply(lambda zs: zs.names)
subnet0 = ec2.Subnet(
"test0",
vpc_id=vpc.id,
availability_zone=zone_names.apply(lambda names: names[0]),
cidr_block="10.11.0.0/24",
map_public_ip_on_launch=True)
def __init__(self,
name: str,
args: VpcArgs,
opts: pulumi.ResourceOptions = None):
"""
Constructs a Vpc.
:param name: The Pulumi resource name. Child resource names are constructed based on this.
:param args: A VpcArgs object containing the arguments for VPC constructin.
:param opts: A pulumi.ResourceOptions object.
"""
super().__init__('Vpc', name, None, opts)
# Make base info available to other methods
self.name = name
self.description = args.description
self.base_tags = args.base_tags
# Create VPC and Internet Gateway resources
self.vpc = ec2.Vpc(f"{name}-vpc",
cidr_block=args.base_cidr,
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
**args.base_tags, "Name":
f"{args.description} VPC"
},
opts=pulumi.ResourceOptions(parent=self, ))
self.internet_gateway = ec2.InternetGateway(
f"{name}-igw",
vpc_id=self.vpc.id,
tags={
**args.base_tags, "Name":
f"{args.description} VPC Internet Gateway"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
# Calculate subnet CIDR blocks and create subnets
subnet_distributor = SubnetDistributor(
args.base_cidr, len(args.availability_zone_names))
self.public_subnets = [
ec2.Subnet(f"{name}-public-subnet-{i}",
vpc_id=self.vpc.id,
cidr_block=cidr,
availability_zone=args.availability_zone_names[i],
map_public_ip_on_launch=True,
tags={
**args.base_tags, "Name":
f"${args.description} Public Subnet {i}"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
for i, cidr in enumerate(subnet_distributor.public_subnets)
]
self.private_subnets = [
ec2.Subnet(f"{name}-private-subnet-{i}",
vpc_id=self.vpc.id,
cidr_block=cidr,
availability_zone=args.availability_zone_names[i],
tags={
**args.base_tags, "Name":
f"${args.description} Private Subnet {i}"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
for i, cidr in enumerate(subnet_distributor.private_subnets)
]
# Adopt the default route table for this VPC and adapt it for use with public subnets
self.public_route_table = ec2.DefaultRouteTable(
f"{name}-public-rt",
default_route_table_id=self.vpc.default_route_table_id,
tags={
**args.base_tags, "Name":
f"${args.description} Public Route Table"
},
opts=pulumi.ResourceOptions(parent=self.vpc, ))
ec2.Route(f"{name}-route-public-sn-to-ig",
route_table_id=self.public_route_table.id,
destination_cidr_block="0.0.0.0/0",
gateway_id=self.internet_gateway.id,
opts=pulumi.ResourceOptions(parent=self.public_route_table))
for i, subnet in enumerate(self.public_subnets):
ec2.RouteTableAssociation(
f"{name}-public-rta-{i + 1}",
subnet_id=subnet.id,
route_table_id=self.public_route_table,
opts=pulumi.ResourceOptions(parent=self.public_route_table))
self.nat_elastic_ip_addresses: [ec2.Eip] = list()
self.nat_gateways: [ec2.NatGateway] = list()
self.private_route_tables: [ec2.RouteTable] = list()
# Create a NAT Gateway and appropriate route table for each private subnet
for i, subnet in enumerate(self.private_subnets):
self.nat_elastic_ip_addresses.append(
ec2.Eip(f"{name}-nat-{i + 1}",
tags={
**args.base_tags, "Name":
f"{args.description} NAT Gateway EIP {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
self.nat_gateways.append(
ec2.NatGateway(
f"{name}-nat-gateway-{i + 1}",
allocation_id=self.nat_elastic_ip_addresses[i].id,
subnet_id=self.public_subnets[i].id,
tags={
**args.base_tags, "Name":
f"{args.description} NAT Gateway {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
self.private_route_tables.append(
ec2.RouteTable(f"{name}-private-rt-{i + 1}",
vpc_id=self.vpc.id,
tags={
**args.base_tags, "Name":
f"{args.description} Private RT {i + 1}"
},
opts=pulumi.ResourceOptions(parent=subnet)))
ec2.Route(f"{name}-route-private-sn-to-nat-{i + 1}",
route_table_id=self.private_route_tables[i].id,
destination_cidr_block="0.0.0.0/0",
nat_gateway_id=self.nat_gateways[i].id,
opts=pulumi.ResourceOptions(
parent=self.private_route_tables[i]))
ec2.RouteTableAssociation(
f"{name}-private-rta-{i + 1}",
subnet_id=subnet.id,
route_table_id=self.private_route_tables[i].id,
opts=pulumi.ResourceOptions(
parent=self.private_route_tables[i]))
# Create S3 endpoint if necessary
if args.create_s3_endpoint:
ec2.VpcEndpoint(f"{name}-s3-endpoint",
vpc_id=self.vpc.id,
service_name=f"com.amazonaws.{config.region}.s3",
route_table_ids=[
self.public_route_table.id,
*[rt.id for rt in self.private_route_tables]
],
opts=pulumi.ResourceOptions(parent=self.vpc))
# Create DynamoDB endpoint if necessary
if args.create_dynamodb_endpoint:
ec2.VpcEndpoint(
f"{name}-dynamodb-endpoint",
vpc_id=self.vpc.id,
service_name=f"com.amazonaws.{config.region}.dynamodb",
route_table_ids=[
self.public_route_table.id,
*[rt.id for rt in self.private_route_tables]
],
opts=pulumi.ResourceOptions(parent=self.vpc))
super().register_outputs({})
def __init__(self,
name,
port_list=None,
subnet_count=0,
vpc_tags=None,
sg_tags=None,
private_subnets=None,
security_group_ids=None,
public_subnets=None):
ComponentResource.__init__(
self, "aws:network:dtd", name, {
"number_of_availability_zones": subnet_count,
"use_private_subnets": True,
"subnet_ids": private_subnets,
"security_group_ids": security_group_ids,
"public_subnet_ids": public_subnets
}, None)
self.name = name
self.port_list = port_list
self.subnet_count = subnet_count
self.vpc_tags = vpc_tags
self.sg_tags = sg_tags
self.public_subnets = []
self.private_subnets = []
self.security_group_ids = []
self.vpcid = None
PUBLIC_SUBNET_COUNT = 0
if subnet_count < 2 or subnet_count > 3:
raise RunError(
"Unsupported amount of subnets! 2 or 3 supported. %d entered" %
subnet_count)
# create the VPC
vpc = ec2.Vpc(name,
cidr_block="10.0.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
tags=vpc_tags,
__opts__=ResourceOptions(parent=self))
self.vpcid = vpc.id
public_route_table_id = self._create_public_subnet_route_table(vpc.id)
private_route_table_id = None
# create the subnets
for i in range(subnet_count):
# create public subnet(s) first
if i <= PUBLIC_SUBNET_COUNT:
self.public_subnets.append(
self._create_public_subnet(vpc.id, public_route_table_id,
i))
# create private subnet(s) next
else:
# do create the private route table, eip & NAT just once
if i == 1:
public_subnet_id = self.public_subnets[0]
private_route_table_id = self._create_private_subnet_route_table(
public_subnet_id, vpc.id)
self.private_subnets.append(
self._create_private_subnet(vpc.id, private_route_table_id,
i))
self.security_group_ids = self._create_security_groups(vpc.id)
self.public_sg = self.security_group_ids['public']
self.private_sg = self.security_group_ids['private']
# This does not work because the items in the dictionary are of type Output
# for k in all_security_group_ids:
# print(k)
# if "public" in k:
# self.public_security_groups.append(all_security_group_ids[k])
# elif "private" in k:
# self.private_security_groups.append(all_security_group_ids[k])
# self.security_group_ids = list(all_security_group_ids)
# this may be unnecessary - it is a nice to have for the UI for now
self.register_outputs({
"vpc_id": vpc.id,
"private_subnet_ids": self.private_subnets,
"public_subnet_ids": self.public_subnet_ids,
"security_group_ids": self.security_group_ids
})
from pulumi_aws import config, ec2, get_availability_zones
## VPC
vpc = ec2.Vpc('eks-vpc',
cidr_block='10.100.0.0/16',
instance_tenancy='default',
enable_dns_hostnames=True,
enable_dns_support=True,
tags={'Name': 'pulumi-eks-vpc'})
igw = ec2.InternetGateway('vpc-ig',
vpc_id=vpc.id,
tags={'Name': 'pulumi-vpc-ig'})
eks_route_table = ec2.RouteTable('vpc-route-table',
vpc_id=vpc.id,
routes=[{
'cidr_block': '0.0.0.0/0',
'gateway_id': igw.id
}],
tags={'Name': 'pulumi-vpc-rt'})
## Subnets, one for each AZ in a region
zones = get_availability_zones()
subnet_ids = []
for zone in zones.names:
vpc_subnet = ec2.Subnet(f'vpc-subnet-{zone}',
assign_ipv6_address_on_creation=False,
# by type (gateways, subnets, routes+route tables, etc.). Not sure it would
# work, but there's got to be a way to break this up.
# TODO find or create an AMI chooser, given a region and instance type
# TODO create a config file
_ami = 'ami-032509850cf9ee54e'
_az1 = 'us-west-2b'
_az2 = 'us-west-2c'
_instance_type = 't2.micro'
_key_name = 'sl-us-west-2'
vpc = ec2.Vpc(resource_name='new-vpc',
cidr_block='10.0.0.0/16',
tags={
'Name': 'infra vpc (front-back-autoscaling)',
'Creator': 'timc'
})
igw = ec2.InternetGateway(
resource_name='new-igw',
vpc_id=vpc.id,
tags={
'Name': 'infra internet gateway (front-back-autoscaling)',
'Creator': 'timc'
})
public_subnet_1 = ec2.Subnet(
resource_name='new-public-subnet-1',
vpc_id=vpc.id,
cidr_block='10.0.0.0/24',
def __init__(self, name: str, args: VpcArgs, opts: ResourceOptions = None):
super().__init__('custom:resource:VPC', name, {}, opts)
vpc_name = name + '-vpc'
self.vpc = ec2.Vpc(vpc_name,
cidr_block=args.cidr_block,
instance_tenancy=args.instance_tenancy,
enable_dns_hostnames=args.enable_dns_hostnames,
enable_dns_support=args.enable_dns_support,
tags={'Name': vpc_name},
opts=ResourceOptions(parent=self))
igw_name = name + '-igw'
self.igw = ec2.InternetGateway(igw_name,
vpc_id=self.vpc.id,
tags={'Name': igw_name},
opts=ResourceOptions(parent=self))
rt_name = name + '-rt'
self.route_table = ec2.RouteTable(rt_name,
vpc_id=self.vpc.id,
routes=[
ec2.RouteTableRouteArgs(
cidr_block='0.0.0.0/0',
gateway_id=self.igw.id,
)
],
tags={'Name': rt_name},
opts=ResourceOptions(parent=self))
# Subnets, at least across two zones.
all_zones = get_availability_zones()
# limiting to 2 zones for speed and to meet minimal requirements.
zone_names = [all_zones.names[0], all_zones.names[1]]
self.subnets = []
subnet_name_base = f'{name}-subnet'
for zone in zone_names:
vpc_subnet = ec2.Subnet(
f'{subnet_name_base}-{zone}',
assign_ipv6_address_on_creation=False,
vpc_id=self.vpc.id,
map_public_ip_on_launch=True,
cidr_block=f'10.100.{len(self.subnets)}.0/24',
availability_zone=zone,
tags={
'Name': f'{subnet_name_base}-{zone}',
},
opts=ResourceOptions(parent=self))
ec2.RouteTableAssociation(f'vpc-route-table-assoc-{zone}',
route_table_id=self.route_table.id,
subnet_id=vpc_subnet.id,
opts=ResourceOptions(parent=self))
self.subnets.append(vpc_subnet)
# Security Groups
rds_sg_name = f'{name}-rds-sg'
self.rds_security_group = ec2.SecurityGroup(
rds_sg_name,
vpc_id=self.vpc.id,
description='Allow client access.',
tags={'Name': rds_sg_name},
ingress=[
ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'],
from_port=3306,
to_port=3306,
protocol='tcp',
description='Allow rds access.'),
],
egress=[
ec2.SecurityGroupEgressArgs(
protocol='-1',
from_port=0,
to_port=0,
cidr_blocks=['0.0.0.0/0'],
)
],
opts=ResourceOptions(parent=self))
fe_sg_name = f'{name}-fe-sg'
self.fe_security_group = ec2.SecurityGroup(
fe_sg_name,
vpc_id=self.vpc.id,
description='Allow all HTTP(s) traffic.',
tags={'Name': fe_sg_name},
ingress=[
ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'],
from_port=443,
to_port=443,
protocol='tcp',
description='Allow https.'),
ec2.SecurityGroupIngressArgs(cidr_blocks=['0.0.0.0/0'],
from_port=80,
to_port=80,
protocol='tcp',
description='Allow http access'),
],
egress=[
ec2.SecurityGroupEgressArgs(
protocol='-1',
from_port=0,
to_port=0,
cidr_blocks=['0.0.0.0/0'],
)
],
opts=ResourceOptions(parent=self))
self.register_outputs({})
instance_role_policy_1 = iam.RolePolicyAttachment(
'instance-role-policy-1',
policy_arn='arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy',
role=ec2_role.name)
instance_role_policy_2 = iam.RolePolicyAttachment(
'instance-role-policy-2',
policy_arn='arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy',
role=ec2_role.name)
vpc = ec2.Vpc('eks-vpc',
cidr_block='10.100.0.0/16',
instance_tenancy='default',
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
'Name': 'vpc',
'kubernetes.io/cluster/pulumi-kubeflow-ml': 'shared'
})
# https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/security_group.html.markdown
eks_cluster_sg = ec2.SecurityGroup(
'eks-cluster-sg',
vpc_id=vpc.id,
description='Allow all traffic and associate with our vpc',
tags={'Name': 'eks-cluster-sg'},
egress=[{
'cidr_blocks': ["0.0.0.0/0"],
'from_port': '0',
'to_port': '0',
# edit: unsupported feature on the AWS side
# edit: maybe a Pulumi usability bug? This will cause occasional failures if not explicit
# TODO need a solution here. I'd like to randomly choose a suitable AZ.
# However, once an AZ is chosen, that choice should be stable across `pulumi
# update`s, so that we're not causing what I call "stack churn". For now I'm
# going with a static choice. The original motivation is that in `us-west-2`,
# `t2.micro` is an unsupported instance type. So about one time in four, when
# creating a new stack, Pulumi chooses an AZ and everything fails.
_availability_zone = 'us-west-2b'
_instance_type = 't2.micro'
vpc = ec2.Vpc(resource_name='new-vpc',
cidr_block='10.0.0.0/16',
tags={
'Name': 'infra vpc',
'Creator': 'timc'
})
igw = ec2.InternetGateway(resource_name='new-igw',
vpc_id=vpc.id,
tags={
'Name': 'infra internet gateway',
'Creator': 'timc'
})
subnet = ec2.Subnet(resource_name='new-subnet',
vpc_id=vpc.id,
cidr_block='10.0.0.0/20',
availability_zone=_availability_zone,
tags={
def setup_vpc():
# Create a VPC
vpc_config = Config().require_object("vpc_config")
vpc = ec2.Vpc("chatapp-vpc",
cidr_block=vpc_config['cidr'],
enable_dns_hostnames=True,
enable_dns_support=True)
# Create public subnet to place NGW
public_subnet = ec2.Subnet("PublicSubnet",
vpc_id=vpc.id,
cidr_block=vpc_config['public_subnet_cidr'],
availability_zone="ap-southeast-1a")
# Create private subnets 1 and 2 for rds and redis clusters
private_subnet_1 = ec2.Subnet(
"PrivateSubnet1",
vpc_id=vpc.id,
cidr_block=vpc_config['private_subnet_1_cidr'],
availability_zone="ap-southeast-1b")
private_subnet_2 = ec2.Subnet(
"PrivateSubnet2",
vpc_id=vpc.id,
cidr_block=vpc_config['private_subnet_2_cidr'],
availability_zone="ap-southeast-1c")
# Create internet gateway
inet_gw = ec2.InternetGateway(
"inet-gateway",
vpc_id=vpc.id,
)
# create NAT gateway
elastic_ip = ec2.Eip("eip1",
opts=ResourceOptions(delete_before_replace=True))
nat_gw = ec2.NatGateway("nat-gateway",
subnet_id=public_subnet.id,
allocation_id=elastic_ip.id)
# Create private routed route-table
private_subnet_route_table = ec2.RouteTable("privatesubnetroutetable",
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": nat_gw.id
}],
vpc_id=vpc.id)
# Create public routed route-table
public_subnet_route_table = ec2.RouteTable("publicsubnetroutetable",
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": inet_gw.id
}],
vpc_id=vpc.id)
# Attach route tables to subnets
ec2.RouteTableAssociation("PrivateSubnetRT1",
subnet_id=private_subnet_1.id,
route_table_id=private_subnet_route_table.id)
ec2.RouteTableAssociation("PrivateSubnetRT2",
subnet_id=private_subnet_2.id,
route_table_id=private_subnet_route_table.id)
ec2.RouteTableAssociation("PublicSubnetRT",
subnet_id=public_subnet.id,
route_table_id=public_subnet_route_table.id)
return dict(vpc=vpc, private_subnets=[private_subnet_1, private_subnet_2])
read_capacity=1,
write_capacity=1)
## EC2
eip = ec2.Eip("myeip")
security_group = ec2.SecurityGroup("mysecuritygroup",
ingress=[
ec2.SecurityGroupIngressArgs(
protocol="tcp",
from_port=80,
to_port=80,
cidr_blocks=["0.0.0.0/0"])
])
vpc = ec2.Vpc("myvpc", cidr_block="10.0.0.0/16")
igw = ec2.InternetGateway("myinternetgateway", vpc_id=vpc.id)
public_route_table = ec2.RouteTable("myroutetable",
routes=[
ec2.RouteTableRouteArgs(
cidr_block="0.0.0.0/0",
gateway_id=igw.id)
],
vpc_id=vpc.id)
## ECR
repository = ecr.Repository("myrepository")
APP = f"{get_project()}-{_env}"
TIERS = ['public', 'app', 'data']
region = boto3.session.Session().region_name
cidr = conf.require(f"cidr.{region}")
aws_dns = conf.require_bool('useAwsDns')
max_azs = conf.require_int('maxAzs')
client = boto3.client('ec2', region_name=region)
vpc = ec2.Vpc(
resource_name=f'{APP}-vpc',
cidr_block=cidr,
enable_dns_hostnames=aws_dns,
enable_dns_support=aws_dns,
instance_tenancy='default',
tags={
'Name': APP,
'Environment': _env
}
)
igw = ec2.InternetGateway(
resource_name=f'{APP}-igw',
vpc_id=vpc.id
)
azs_response = client.describe_availability_zones(
Filters=[
{
'Name': 'region-name',
import pulumi
from pulumi_aws import ec2, get_availability_zones
import utils
# read local config settings
config = pulumi.Config()
private_subnet_cidrs = config.require_object("private_subnet_cidrs")
public_subnet_cidrs = config.require_object("public_subnet_cidrs")
zones_amount = config.require_int("zones_amount")
zones = utils.get_aws_az(zones_amount)
vpc = ec2.Vpc("pulumi-vpc",
cidr_block=config.require("vpc_cidr"),
tags={"Name": "pulumi-vpc"})
igw = ec2.InternetGateway("pulumi-igw", vpc_id=vpc.id)
public_rt = ec2.RouteTable(
"pulumi-public-rt",
vpc_id=vpc.id,
routes=[{
"cidr_block": "0.0.0.0/0",
"gateway_id": igw.id
}],
tags={"Name": "pulumi-public-rt"},
)
public_subnet_ids = []
def __init__(
self,
name,
opts=None,
):
super().__init__("nuage:aws:DevelopmentEnvironment:VPC",
f"{name}VpcEnvironment", None, opts)
vpc = ec2.Vpc(
f"{name}Vpc",
cidr_block="172.32.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True,
)
subnet_1 = ec2.Subnet(
f"{name}VpcSubnetA",
availability_zone="eu-west-1a",
vpc_id=vpc.id,
cidr_block="172.32.0.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
subnet_2 = ec2.Subnet(
f"{name}VpcSubnetB",
availability_zone="eu-west-1b",
vpc_id=vpc.id,
cidr_block="172.32.16.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
subnet_3 = ec2.Subnet(
f"{name}VpcSubnetC",
availability_zone="eu-west-1c",
vpc_id=vpc.id,
cidr_block="172.32.32.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
private_subnet_1 = ec2.Subnet(
f"{name}VpcPrivateSubnetA",
availability_zone="eu-west-1a",
vpc_id=vpc.id,
cidr_block="172.32.48.0/20",
opts=ResourceOptions(depends_on=[vpc]),
)
security_group = ec2.SecurityGroup(
f"{name}SecurityGroup",
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[vpc]),
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}SSHRule",
security_group_id=security_group.id,
type="ingress",
protocol="tcp",
from_port=22,
to_port=22,
cidr_blocks=["0.0.0.0/0"],
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}InboundRule",
security_group_id=security_group.id,
type="ingress",
protocol="all",
from_port=0,
to_port=65535,
source_security_group_id=security_group.id,
)
security_group_rule = ec2.SecurityGroupRule(
f"{name}OutboundRule",
security_group_id=security_group.id,
type="egress",
protocol="all",
from_port=0,
to_port=65535,
cidr_blocks=["0.0.0.0/0"],
)
subnets = [subnet_1, subnet_2, subnet_3]
gateway = ec2.InternetGateway(
f"{name}InternetGateway",
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[vpc]),
)
gateway_route = ec2.Route(
f"{name}GatewayRoute",
destination_cidr_block="0.0.0.0/0",
gateway_id=gateway.id,
route_table_id=vpc.default_route_table_id,
)
elastic_ip = ec2.Eip(f"{name}Eip",
vpc=True,
opts=ResourceOptions(depends_on=[gateway]))
nat_gateway = ec2.NatGateway(
f"{name}NatGateway",
subnet_id=subnet_1.id,
allocation_id=elastic_ip.id,
opts=ResourceOptions(depends_on=[subnet_1, elastic_ip]),
)
private_route_table = ec2.RouteTable(
f"{name}PrivateRouteTable",
routes=[
{
"cidr_block": "0.0.0.0/0",
"nat_gateway_id": nat_gateway.id,
},
],
vpc_id=vpc.id,
opts=ResourceOptions(depends_on=[private_subnet_1]),
)
private_route_table_assoc = ec2.RouteTableAssociation(
f"{name}PrivateRouteTableAssoc",
route_table_id=private_route_table.id,
subnet_id=private_subnet_1.id,
)
outputs = {
"vpc": vpc,
"security_group": security_group,
"public_subnets": [subnet_1, subnet_2, subnet_3],
"private_subnet": private_subnet_1,
"nat_gateway": nat_gateway,
}
self.set_outputs(outputs)
