def __create_codebuild_service_role(template):
role = template.add_resource(resource=Role(
title='SampleCodeBuildServiceRole',
RoleName='sample-codebuild-service-role',
Path='/',
AssumeRolePolicyDocument={
'Statement': [{
'Effect': 'Allow',
'Principal': {
'Service': 'codebuild.amazonaws.com'
},
'Action': ['sts:AssumeRole']
}]
},
Policies=[
Policy(PolicyName='sample-codebuild-policy',
PolicyDocument={
'Version':
'2012-10-17',
'Statement': [{
"Action": [
'logs:*',
's3:*',
],
"Resource": ['*'],
"Effect": "Allow"
}]
})
]))
add_export(template, role.title + 'Arn', GetAtt(role, 'Arn'))
def __create_lambda_edge_function_service_role(template):
role = template.add_resource(resource=Role(
title='SampleLambdaEdgeServiceRole',
RoleName='sample-lambda-edge-service-role',
Path='/',
AssumeRolePolicyDocument={
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service":
['lambda.amazonaws.com', 'edgelambda.amazonaws.com']
},
"Action": ["sts:AssumeRole"]
}]
},
Policies=[
Policy(PolicyName="sample-policy",
PolicyDocument={
"Version":
"2012-10-17",
"Statement": [{
"Action": ['lambda:*', 'logs:*'],
"Resource": ['*'],
"Effect": "Allow"
}]
})
]))
add_export(template, role.title + 'Arn', GetAtt(role, 'Arn'))
def create_bucket_template() -> Template:
template = Template()
bucket = template.add_resource(resource=Bucket(
title='SampleBucket',
BucketName=Sub('sample-bucket-${AWS::AccountId}'),
))
add_export(template, bucket.title + 'Name', Ref(bucket))
add_export(template, bucket.title + 'Arn', GetAtt(bucket, 'Arn'))
return template
def create_vpc_template() -> Template:
template = Template()
vpc_cidr = template.add_parameter(parameter=Parameter(
title='VpcCidr', Type='String', Default='10.0.0.0/16'))
vpc = template.add_resource(
resource=VPC(title='SampleVpc', CidrBlock=Ref(vpc_cidr)))
add_export(template, vpc.title + 'Id', Ref(vpc))
public_subnet = __create_public_subnet(template, vpc)
__create_private_subnet(template, vpc)
# __create_dmz_subnet(template, vpc, public_subnet)
return template
def __create_private_subnet(template: Template, vpc):
private_route_table = template.add_resource(
resource=RouteTable(title='SamplePrivateRoteTable', VpcId=Ref(vpc)))
for suffix in ['A', 'B']:
private_subnet_cidr = template.add_parameter(
parameter=Parameter(title='PrivateSubnetCidr' + suffix,
Type='String',
Default=__get_subnet_cidr()))
private_subnet = template.add_resource(
resource=Subnet(title='SamplePrivateSubnet' + suffix,
AvailabilityZone=Sub('${AWS::Region}' +
suffix.lower()),
CidrBlock=Ref(private_subnet_cidr),
VpcId=Ref(vpc)))
add_export(template, private_subnet.title + 'Id', Ref(private_subnet))
template.add_resource(resource=SubnetRouteTableAssociation(
title='SamplePrivateRoteTableAssociation' + suffix,
RouteTableId=Ref(private_route_table),
SubnetId=Ref(private_subnet)))
def __create_public_subnet(template: Template, vpc) -> Subnet:
igw = template.add_resource(resource=InternetGateway(title='SampleIgw'))
template.add_resource(resource=VPCGatewayAttachment(
title='SampleAttachment', VpcId=Ref(vpc), InternetGatewayId=Ref(igw)))
public_route_table = template.add_resource(
resource=RouteTable(title='SamplePublicRoteTable', VpcId=Ref(vpc)))
for suffix in ['A', 'B']:
public_subnet_cidr = template.add_parameter(
parameter=Parameter(title='PublicSubnetCidr' + suffix,
Type='String',
Default=__get_subnet_cidr()))
public_subnet = template.add_resource(
resource=Subnet(title='SamplePublicSubnet' + suffix,
AvailabilityZone=Sub('${AWS::Region}' +
suffix.lower()),
CidrBlock=Ref(public_subnet_cidr),
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc)))
add_export(template, public_subnet.title + 'Id', Ref(public_subnet))
template.add_resource(resource=SubnetRouteTableAssociation(
title='SamplePublicRoteTableAssociation' + suffix,
RouteTableId=Ref(public_route_table),
SubnetId=Ref(public_subnet)))
template.add_resource(resource=Route(title='SamplePublicRoute',
DestinationCidrBlock='0.0.0.0/0',
GatewayId=Ref(igw),
RouteTableId=Ref(public_route_table)))
return public_subnet