def add_ec2_instance(self):
instance_metadata = Metadata(
Init({
'config':
InitConfig(
packages={'yum': {
'openvpn': []
}},
files=InitFiles({
'/etc/openvpn/server.conf':
InitFile(content=Join('\n', [
'port 1194',
'proto tcp-server',
'dev tun1',
'ifconfig 172.16.1.2 172.16.1.3',
'status server-tcp.log',
'verb 3',
'secret /etc/openvpn/static.key',
'keepalive 10 60',
'ping-timer-rem',
'persist-tun',
'persist-key',
'user nobody',
'group nobody',
'daemon',
]),
mode='000644',
owner='root',
group='root'),
'/etc/openvpn/client.ovpn':
InitFile(content=Join('\n', [
'proto tcp-client',
'remote {{public_ip}}',
'port 1194',
'dev tun',
'secret /tmp/secret.key',
'ifconfig 10.4.0.2 10.4.0.1',
]),
mode='000644',
owner='root',
group='root'),
'/etc/cfn/cfn-hup.conf':
InitFile(content=Join('', [
'[main]\n',
'stack=',
Ref('AWS::StackId'),
'\n',
'region=',
Ref('AWS::Region'),
'\n',
]),
mode='000400',
owner='root',
group='root'),
'/etc/cfn/hooks.d/cfn-auto-reloader.conf':
InitFile(content=Join('', [
'[cfn-auto-reloader-hook]\n',
'triggers=post.update\n',
'path=Resources.OpenVpn.Metadata.AWS::CloudFormation::Init\n',
'action=/opt/aws/bin/cfn-init -v --stack ',
Ref('AWS::StackName'),
'--resource OpenVpn ',
' --region ',
Ref('AWS::Region'),
'\n',
'runas=root\n',
]))
}),
services={
'sysvinit':
InitServices({
'openvpn':
InitService(enabled=True,
ensureRunning=True,
files=['/etc/openvpn/server.conf']),
'cfn-hup':
InitService(
enabled=True,
ensureRunning=True,
files=[
'/etc/cfn/cfn-hup.conf',
'/etc/cfn/hooks.d/cfn-auto-reloader.conf'
])
})
})
}))
self.ec2_instance = self.template.add_resource(
ec2.Instance(
"OpenVpn",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType="t2.micro",
KeyName=self.sceptre_user_data["keyname"],
SecurityGroupIds=[Ref(self.securityGroup)],
IamInstanceProfile=Ref(self.cfninstanceprofile),
SubnetId=ImportValue('deploy-dev-vpc-PublicSubnet'),
Metadata=instance_metadata,
UserData=Base64(
Join('', [
'#!/bin/bash -xe\n',
'yum install easy-rsa -y --enablerepo=epel\n',
'yum update -y aws-cfn-bootstrap\n',
'/opt/aws/bin/cfn-init -v --stack ',
Ref('AWS::StackName'),
' --resource OpenVpn --region ',
Ref('AWS::Region'),
'\n',
'/opt/aws/bin/cfn-signal -e $? --stack ',
Ref('AWS::StackName'),
' --resource OpenVpn --region ',
Ref('AWS::Region'),
'\n',
'cd /etc/openvpn\n',
'openvpn --genkey --secret static.key\n',
'aws s3 cp static.key s3://',
ImportValue('deploy-dev-s3bucket-s3bucketname'),
'/\n',
'sudo modprobe iptable_nat',
'\n',
'echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward',
'\n',
'sudo iptables -t nat -A POSTROUTING -s 10.4.0.1/2 -o eth0 -j MASQUERADE',
'\n',
'external_ip=`curl http://169.254.169.254/latest/meta-data/public-ipv4`',
'\n',
'sed -i "s|{{public_ip}}|$external_ip|g" /etc/openvpn/client.ovpn',
'\n',
'aws s3 cp client.ovpn s3://',
ImportValue('deploy-dev-s3bucket-s3bucketname'),
'\n',
])),
CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal(
Timeout='PT15M')),
Tags=Tags(Name="vpn-server"),
))
"ap-southeast-1": {
"AMI": "ami-74dda626"
},
"ap-northeast-1": {
"AMI": "ami-dcfa4edd"
}
})
ebs = ec2.EBSBlockDevice(VolumeSize=20,
VolumeType="gp2",
DeletionPolicy="Snapshot")
ec2_instance = template.add_resource(
ec2.Instance("Ec2Instance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType="t1.micro",
KeyName=Ref(keyname_param),
SecurityGroups=["default"],
UserData=Base64("80"),
BlockDeviceMappings=[
ec2.BlockDeviceMapping(DeviceName="/dev/sdf", Ebs=ebs)
]))
template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
Output(
"AZ",
Description="Availability Zone of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "AvailabilityZone"),
ud = Base64(
Join('\n', [
"#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs",
"wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js",
"wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf",
"start helloworld"
]))
t.add_resource(
ec2.Instance(
"instance",
ImageId="ami-e251209a",
InstanceType="t2.micro",
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(AssociatePublicIpAddress="true",
GroupSet=[Ref("SecurityGroup")],
SubnetId="subnet-72379639",
DeviceIndex="0"),
],
KeyName=Ref("KeyPair"),
UserData=ud,
))
t.add_output(
Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(
def dump_lab_yaml(cfn_file):
template = Template()
key_name_param = template.add_parameter(
Parameter(
"keyName",
Description="string of vpc cidr block to use",
Type="String",
))
ami_id_param = template.add_parameter(
Parameter("AmiId",
Description="string of vpc cidr block to use",
Type="AWS::EC2::Image::Id"))
instance_type_param = template.add_parameter(
Parameter(
"InstanceType",
Description="string of vpc cidr block to use",
Type="String",
))
sg = template.add_resource(
ec2.SecurityGroup(
"MySg",
GroupDescription="who cares",
VpcId=ImportValue("VpcId-jdix"),
Tags=resource_tags,
))
sshIn = template.add_resource(
ec2.SecurityGroupIngress("MySshIn",
CidrIp="0.0.0.0/0",
IpProtocol="tcp",
FromPort=22,
ToPort=22,
GroupId=Ref(sg)))
pingIn = template.add_resource(
ec2.SecurityGroupIngress("MyPingIn",
CidrIp="0.0.0.0/0",
IpProtocol="icmp",
FromPort=-1,
ToPort=-1,
GroupId=Ref(sg)))
instance = template.add_resource(
ec2.Instance(
"MyInstance",
ImageId=Ref(ami_id_param),
SubnetId=ImportValue("SubnetId-jdix"),
InstanceType=Ref(instance_type_param),
KeyName=Ref(key_name_param),
Tags=resource_tags,
SecurityGroupIds=[Ref(sg)],
))
priv_instance = template.add_resource(
ec2.Instance(
"MyPrivInstance",
ImageId=Ref(ami_id_param),
SubnetId=ImportValue("PrivSubnetId-jdix"),
InstanceType=Ref(instance_type_param),
KeyName=Ref(key_name_param),
Tags=resource_tags,
SecurityGroupIds=[Ref(sg)],
))
instance_elastic_ip = template.add_resource(
ec2.EIP(
"MyEip",
InstanceId=Ref(instance),
Tags=resource_tags,
))
template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(instance),
Export=Export("InstanceId-jdix"),
),
Output(
"InstancePrivateIP",
Description="InstanceId of the newly created EC2 instance",
Value=GetAtt(instance, "PrivateIp"),
Export=Export("InstancePrivateIP-jdix"),
)
])
template_out_yaml(cfn_file, template)
def gen_template(config):
num_couchbase_servers = config.server_number
couchbase_instance_type = config.server_type
num_sync_gateway_servers = config.sync_gateway_number
sync_gateway_server_type = config.sync_gateway_type
num_gateloads = config.load_number
gateload_instance_type = config.load_type
num_lbs = config.lb_number
lb_instance_type = config.lb_type
t = Template()
t.add_description(
'An Ec2-classic stack with Couchbase Server, Sync Gateway + load testing tools '
)
def createCouchbaseSecurityGroups(t):
# Couchbase security group
secGrpCouchbase = ec2.SecurityGroup('CouchbaseSecurityGroup')
secGrpCouchbase.GroupDescription = "Allow access to Couchbase Server"
secGrpCouchbase.SecurityGroupIngress = [
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="8091",
ToPort="8091",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # sync gw user port
IpProtocol="tcp",
FromPort="4984",
ToPort="4984",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # sync gw admin port
IpProtocol="tcp",
FromPort="4985",
ToPort="4985",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # expvars
IpProtocol="tcp",
FromPort="9876",
ToPort="9876",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="4369",
ToPort="4369",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="5984",
ToPort="5984",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="8092",
ToPort="8092",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="11209",
ToPort="11209",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="11210",
ToPort="11210",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="11211",
ToPort="11211",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule( # couchbase server
IpProtocol="tcp",
FromPort="21100",
ToPort="21299",
CidrIp="0.0.0.0/0",
)
]
# Add security group to template
t.add_resource(secGrpCouchbase)
return secGrpCouchbase
#
# Parameters
#
keyname_param = t.add_parameter(
Parameter(
'KeyName',
Type='String',
Description='Name of an existing EC2 KeyPair to enable SSH access')
)
secGrpCouchbase = createCouchbaseSecurityGroups(t)
# Create an IAM Role to give the EC2 instance permissions to
# push Cloudwatch Logs, which avoids the need to bake in the
# AWS_KEY + AWS_SECRET_KEY into an ~/.aws/credentials file or
# env variables
mobileTestKitRole = iam.Role(
'MobileTestKit',
ManagedPolicyArns=['arn:aws:iam::aws:policy/CloudWatchFullAccess'],
AssumeRolePolicyDocument={
'Version':
'2012-10-17',
'Statement': [{
'Action': 'sts:AssumeRole',
'Principal': {
'Service': 'ec2.amazonaws.com'
},
'Effect': 'Allow',
}]
})
t.add_resource(mobileTestKitRole)
# The InstanceProfile instructs the EC2 instance to use
# the mobileTestKitRole created above. It will be referenced
# in the instance.IamInstanceProfile property for all EC2 instances created
instanceProfile = iam.InstanceProfile(
'EC2InstanceProfile',
Roles=[Ref(mobileTestKitRole)],
)
t.add_resource(instanceProfile)
# Couchbase Server Instances
for i in xrange(num_couchbase_servers):
name = "couchbaseserver{}".format(i)
instance = ec2.Instance(name)
instance.ImageId = "ami-6d1c2007" # centos7
instance.InstanceType = couchbase_instance_type
instance.SecurityGroups = [Ref(secGrpCouchbase)]
instance.KeyName = Ref(keyname_param)
instance.Tags = Tags(Name=name, Type="couchbaseserver")
instance.IamInstanceProfile = Ref(instanceProfile)
instance.BlockDeviceMappings = [
ec2.BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=ec2.EBSBlockDevice(
DeleteOnTermination=True,
VolumeSize=200,
VolumeType="gp2"))
]
t.add_resource(instance)
# Sync Gw instances (ubuntu ami)
for i in xrange(num_sync_gateway_servers):
name = "syncgateway{}".format(i)
instance = ec2.Instance(name)
instance.ImageId = "ami-6d1c2007" # centos7
instance.InstanceType = sync_gateway_server_type
instance.SecurityGroups = [Ref(secGrpCouchbase)]
instance.KeyName = Ref(keyname_param)
instance.IamInstanceProfile = Ref(instanceProfile)
instance.BlockDeviceMappings = [
ec2.BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=ec2.EBSBlockDevice(
DeleteOnTermination=True,
VolumeSize=200,
VolumeType="gp2"))
]
# Make syncgateway0 a cache writer, and the rest cache readers
# See https://github.com/couchbase/sync_gateway/wiki/Distributed-channel-cache-design-notes
if i == 0:
instance.Tags = Tags(Name=name,
Type="syncgateway",
CacheType="writer")
else:
instance.Tags = Tags(Name=name, Type="syncgateway")
t.add_resource(instance)
# Gateload instances (ubuntu ami)
for i in xrange(num_gateloads):
name = "gateload{}".format(i)
instance = ec2.Instance(name)
instance.ImageId = "ami-6d1c2007" # centos7
instance.InstanceType = gateload_instance_type
instance.SecurityGroups = [Ref(secGrpCouchbase)]
instance.KeyName = Ref(keyname_param)
instance.IamInstanceProfile = Ref(instanceProfile)
instance.Tags = Tags(Name=name, Type="gateload")
instance.BlockDeviceMappings = [
ec2.BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=ec2.EBSBlockDevice(
DeleteOnTermination=True,
VolumeSize=200,
VolumeType="gp2"))
]
t.add_resource(instance)
# Load Balancer instances (ubuntu ami)
for i in xrange(num_lbs):
name = "loadbalancer{}".format(i)
instance = ec2.Instance(name)
instance.ImageId = "ami-6d1c2007" # centos7
instance.InstanceType = lb_instance_type
instance.SecurityGroups = [Ref(secGrpCouchbase)]
instance.KeyName = Ref(keyname_param)
instance.IamInstanceProfile = Ref(instanceProfile)
instance.Tags = Tags(Name=name, Type="loadbalancer")
instance.BlockDeviceMappings = [
ec2.BlockDeviceMapping(DeviceName="/dev/sda1",
Ebs=ec2.EBSBlockDevice(
DeleteOnTermination=True,
VolumeSize=200,
VolumeType="gp2"))
]
t.add_resource(instance)
return t.to_json()
def setUp(self):
self.instance = ec2.Instance('Instance', UserData='')
dir = os.path.dirname(__file__)
self.filepath = os.path.join(dir, 'userdata_test_scripts/')
],
))
ud = Base64(
Join('\n', [
"#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs",
"wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js",
"wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf",
"sudo start helloworld"
]))
t.add_resource(
ec2.Instance(
"instance",
ImageId="ami-f469ad94",
InstanceType="t2.small",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud,
))
t.add_output(
Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(
Output(
"WebUrl",
Description="Application endpoint",
def create_bastion(self):
bastion_security_group_name = 'sgBastion'
bastion_security_group = self.add_resource(
ec2.SecurityGroup(
bastion_security_group_name,
GroupDescription='Enables access to the BastionHost',
VpcId=Ref(self.vpc),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=Ref(self.ip_access),
FromPort=p,
ToPort=p)
for p in [GRAPHITE_WEB, KIBANA, SSH]
] + [
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p)
for p in [GRAPHITE, RELP, STATSITE]
] + [
ec2.SecurityGroupRule(IpProtocol='udp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p) for p in [STATSITE]
],
SecurityGroupEgress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=VPC_CIDR,
FromPort=p,
ToPort=p)
for p in [POSTGRESQL, REDIS, SSH]
] + [
ec2.SecurityGroupRule(IpProtocol='tcp',
CidrIp=ALLOW_ALL_CIDR,
FromPort=p,
ToPort=p) for p in [HTTP, HTTPS]
],
Tags=self.get_tags(Name=bastion_security_group_name)))
bastion_host_name = 'BastionHost'
bastion_host = self.add_resource(
ec2.Instance(bastion_host_name,
BlockDeviceMappings=[{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeType": "gp2",
"VolumeSize": "256"
}
}],
InstanceType=Ref(self.bastion_instance_type),
KeyName=Ref(self.keyname),
IamInstanceProfile=Ref(self.bastion_instance_profile),
ImageId=Ref(self.bastion_host_ami),
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(
Description='ENI for BastionHost',
GroupSet=[Ref(bastion_security_group)],
SubnetId=Ref(self.PUBLIC_SUBNETS[0]),
AssociatePublicIpAddress=True,
DeviceIndex=0,
DeleteOnTermination=True)
],
Tags=self.get_tags(Name=bastion_host_name)))
return bastion_host, bastion_security_group
ToPort=ApplicationPort,
CidrIp="0.0.0.0/0")
]))
ud = Base64(
Join('\n', [
"#!/bin/bash", "sudo yum install --enablerepo=epel -y git",
"sudo yum install --enablerepo=epel -y ansible", AnsiblePullCmd,
"echo '*/10 * * * * {}' > /etc/cron.d/ansible-pull".format(
AnsiblePullCmd)
]))
t.add_resource(
ec2.Instance("instance",
ImageId="ami-a0cfeed8",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud))
t.add_output(
Output("InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp")))
t.add_output(
Output("WebUrl",
Description="Application endpoint",
Value=Join("", [
"http://",
GetAtt("instance", "PublicDnsName"), ":", ApplicationPort
])))
"AMI": "ami-3e3be423"
},
"ap-southeast-1": {
"AMI": "ami-74dda626"
},
"ap-northeast-1": {
"AMI": "ami-dcfa4edd"
}
})
ec2_instance = template.add_resource(
ec2.Instance(
"Ec2Instance",
ImageId='ami-25681456',
InstanceType='t2.micro',
KeyName='dev-ec2',
SecurityGroupIds=["sg-8eec36e8"], # hard coded to glomex default sg
SubnetId='subnet-b6eaa5d2', # hard coded to glomex subnet eu-west-1a
UserData=Base64("80"),
Tags=[ec2.Tag('Name', 'gcdt-test-ec2-ebs-tagging')]))
template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
])
def generate_template():
VpcId='vpc-cb0bf3af',
GroupDescription='Allow SSH, HTTP and HTTPS',
SecurityGroupIngress=ingress,
SecurityGroupEgress=egress,
Tags=Tags(Name='AmazonLinuxMachine SG', Application=Ref('AWS::StackName')))
ec2_instance = ec2.Instance(
'AmazonLinuxMachine',
SecurityGroupIds=[Ref(amazon_linux_SG)],
KeyName='tutorial-serverless',
InstanceType='t2.micro',
InstanceInitiatedShutdownBehavior='stop',
DisableApiTermination=True,
SubnetId='subnet-d9ed25af',
Tags=Tags(Name='Amazon Linux Machine',
Application=Ref('AWS::StackId'),
Details='Created by Cloud Formation'),
SourceDestCheck=False,
ImageId='ami-f9dd458a',
UserData=Base64(
Join("", [
"#!/bin/bash\n", "yum install python27-devel python27-pip gcc",
"yum install libjpeg-devel zlib-devel python-pip"
"pip install -U pip", "pip install virtualenv"
])))
tutorial_images = Bucket('ttrserverlessimages',
BucketName="ttrserverlessimages")
tutorial_imagescover = Bucket('ttrserverlessimagescover',
BucketName="ttrserverlessimagescover")
tutorial_imagesprofile = Bucket('ttrserverlessimagesprofile',
t.add_resource(
IAMPolicy(
"Policy",
PolicyName="AllowS3",
PolicyDocument=Policy(Statement=[
Statement(Effect=Allow, Action=[Action("s3", "*")], Resource=["*"
]),
Statement(
Effect=Allow, Action=[Action("logs", "*")], Resource=["*"])
]),
Roles=[Ref("Role")]))
t.add_resource(
ec2.Instance("KubernetesMaster",
ImageId="ami-8ec0e1f4",
UserData=ud,
InstanceType=Ref("InstanceType"),
KeyName=Ref("KeyPair"),
IamInstanceProfile=Ref("MasterInstanceProfile"),
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(
GroupSet=[Ref("MasterNodes")],
AssociatePublicIpAddress='false',
SubnetId="subnet-d1c1d09a",
DeviceIndex='0',
)
]))
print t.to_json()
"sudo yum -y install java-1.8.0",
"sudo yum -y remove java-1.7.0-openjdk",
"curl --silent --location https://rpm.nodesource.com/setup_10.x | sudo bash -",
"sudo yum -y install nodejs",
"yum install --enablerepo=epel -y git",
"pip install ansible",
AnsiblePullCmd,
"echo '*/10 * * * * root {}' > /etc/cron.d/ansible-pull".format(AnsiblePullCmd)
]))
t.add_resource(ec2.Instance(
"instance",
ImageId="ami-976152f2",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud,
Tags=PoCTags,
))
t.add_output(Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(Output(
"WebUrl",
Description="Application endpoint",
Value=Join("", [
def create():
mydb = mysql.connector.connect(host="localhost",
user="******",
passwd="AmazingTheory62",
database="cloud_formation")
mycursor = mydb.cursor()
mycursor.execute("SELECT * FROM ec2_table")
myresult = (mycursor.fetchone())
sname = myresult[0]
name = myresult[1]
region = myresult[2]
itype = myresult[3]
vpc1 = myresult[4]
subnet1 = myresult[5]
#print(type(vpc1))
template = Template()
keyname_param = template.add_parameter(
Parameter("KeyName",
Description="Name of an existing EC2 KeyPair to enable SSH "
"access to the instance",
Type="String",
Default="jayaincentiuskey"))
vpcid_param = template.add_parameter(
Parameter(
"VpcId",
Description="VpcId of your existing Virtual Private Cloud (VPC)",
Type="String",
Default=vpc1))
subnetid_param = template.add_parameter(
Parameter(
"SubnetId",
Description=
"SubnetId of an existing subnet (for the primary network) in "
"your Virtual Private Cloud (VPC)"
"access to the instance",
Type="String",
Default=subnet1))
secondary_ip_param = template.add_parameter(
Parameter(
"SecondaryIPAddressCount",
Description=
"Number of secondary IP addresses to assign to the network "
"interface (1-5)",
ConstraintDescription="must be a number from 1 to 5.",
Type="Number",
Default="1",
MinValue="1",
MaxValue="5",
))
sshlocation_param = template.add_parameter(
Parameter(
"SSHLocation",
Description="The IP address range that can be used to SSH to the "
"EC2 instances",
Type="String",
MinLength="9",
MaxLength="18",
Default="0.0.0.0/0",
AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})"
"/(\\d{1,2})",
ConstraintDescription="must be a valid IP CIDR range of the "
"form x.x.x.x/x."))
template.add_mapping('RegionMap', {"us-west-2": {"AMI": region}})
eip1 = template.add_resource(ec2.EIP(
"EIP1",
Domain="vpc",
))
ssh_sg = template.add_resource(
ec2.SecurityGroup(
"SSHSecurityGroup",
VpcId=Ref(vpcid_param),
GroupDescription="Enable SSH access via port 22",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp=Ref(sshlocation_param),
),
],
))
eth0 = template.add_resource(
ec2.NetworkInterface(
"Eth0",
Description="eth0",
GroupSet=[
Ref(ssh_sg),
],
SourceDestCheck=True,
SubnetId=Ref(subnetid_param),
Tags=Tags(
Name="Interface 0",
Interface="eth0",
),
SecondaryPrivateIpAddressCount=Ref(secondary_ip_param),
))
# eipassoc1 = template.add_resource(ec2.EIPAssociation(
# "EIPAssoc1",
# NetworkInterfaceId=Ref(eth0),
# AllocationId=GetAtt("EIP1", "AllocationId"),
# PrivateIpAddress=GetAtt("Eth0", "PrimaryPrivateIpAddress"),
# ))
ec2_instance = template.add_resource(
ec2.Instance("EC2Instance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType=itype,
KeyName=Ref(keyname_param),
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(
NetworkInterfaceId=Ref(eth0),
DeviceIndex="0",
),
],
Tags=Tags(Name=name, )))
template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
Output(
"EIP1",
Description="Primary public IP address for Eth0",
Value=Join(
" ",
["IP address",
Ref(eip1), "on subnet",
Ref(subnetid_param)]),
),
Output(
"PrimaryPrivateIPAddress",
Description="Primary private IP address of Eth0",
Value=Join(" ", [
"IP address",
GetAtt("Eth0", "PrimaryPrivateIpAddress"), "on subnet",
Ref(subnetid_param)
]),
),
Output(
"FirstSecondaryPrivateIPAddress",
Description="First secondary private IP address of Eth0",
Value=Join(" ", [
"IP address",
Select("0", GetAtt("Eth0", "SecondaryPrivateIpAddresses")),
"on subnet",
Ref(subnetid_param)
]),
),
])
print(template.to_json())
file = open('ec2json.json', 'w')
file.write(template.to_json())
file.close()
os.system('aws cloudformation create-stack --stack-name ' + sname +
' --template-body file://ec2json.json')
},
"sa-east-1": {
"AMI": "ami-3e3be423"
},
"ap-southeast-1": {
"AMI": "ami-74dda626"
},
"ap-northeast-1": {
"AMI": "ami-dcfa4edd"
}
})
ec2_instance = template.add_resource(
ec2.Instance("Ec2Instance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType="t1.micro",
KeyName=Ref(keyname_param),
SecurityGroups=["default"],
UserData=Base64("80")))
template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
Output(
"AZ",
Description="Availability Zone of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "AvailabilityZone"),
),
Output(
def main():
template = Template()
template.add_version("2010-09-09")
template.set_description(
"AWS CloudFormation Sample Template: ELB with 2 EC2 instances")
AddAMI(template)
# Add the Parameters
keyname_param = template.add_parameter(
Parameter(
"KeyName",
Type="String",
Default="mark",
Description="Name of an existing EC2 KeyPair to "
"enable SSH access to the instance",
))
template.add_parameter(
Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="m1.small",
AllowedValues=[
"t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge",
"m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium",
"c1.xlarge", "cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge"
],
ConstraintDescription="must be a valid EC2 instance type.",
))
webport_param = template.add_parameter(
Parameter(
"WebServerPort",
Type="String",
Default="8888",
Description="TCP/IP port of the web server",
))
apiport_param = template.add_parameter(
Parameter(
"ApiServerPort",
Type="String",
Default="8889",
Description="TCP/IP port of the api server",
))
subnetA = template.add_parameter(
Parameter("subnetA", Type="String", Default="subnet-096fd06d"))
subnetB = template.add_parameter(
Parameter("subnetB", Type="String", Default="subnet-1313ef4b"))
VpcId = template.add_parameter(
Parameter("VpcId", Type="String", Default="vpc-82c514e6"))
# Define the instance security group
instance_sg = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(webport_param),
ToPort=Ref(webport_param),
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=Ref(apiport_param),
ToPort=Ref(apiport_param),
CidrIp="0.0.0.0/0",
),
]))
# Add the web server instance
WebInstance = template.add_resource(
ec2.Instance(
"WebInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(webport_param)),
))
# Add the api server instance
ApiInstance = template.add_resource(
ec2.Instance(
"ApiInstance",
SecurityGroups=[Ref(instance_sg)],
KeyName=Ref(keyname_param),
InstanceType=Ref("InstanceType"),
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
UserData=Base64(Ref(apiport_param)),
))
# Add the application ELB
ApplicationElasticLB = template.add_resource(
elb.LoadBalancer("ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=[Ref(subnetA), Ref(subnetB)]))
TargetGroupWeb = template.add_resource(
elb.TargetGroup("TargetGroupWeb",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="WebTarget",
Port=Ref(webport_param),
Protocol="HTTP",
Targets=[
elb.TargetDescription(Id=Ref(WebInstance),
Port=Ref(webport_param))
],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)))
TargetGroupApi = template.add_resource(
elb.TargetGroup("TargetGroupApi",
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="ApiTarget",
Port=Ref(apiport_param),
Protocol="HTTP",
Targets=[
elb.TargetDescription(Id=Ref(ApiInstance),
Port=Ref(apiport_param))
],
UnhealthyThresholdCount="3",
VpcId=Ref(VpcId)))
Listener = template.add_resource(
elb.Listener("Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupWeb))
]))
template.add_resource(
elb.ListenerRule("ListenerRuleApi",
ListenerArn=Ref(Listener),
Conditions=[
elb.Condition(Field="path-pattern",
Values=["/api/*"])
],
Actions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupApi))
],
Priority="1"))
template.add_output(
Output("URL",
Description="URL of the sample website",
Value=Join("",
["http://",
GetAtt(ApplicationElasticLB, "DNSName")])))
print(template.to_json())
AmbariNode = t.add_resource(
ec2.Instance(
"AmbariNode",
UserData=Base64(
Join(
"",
my_bootstrap_script('AmbariNode', 'true', 'true',
'127.0.0.1'))),
ImageId=FindInMap("RHEL66", Ref("AWS::Region"), "AMI"),
BlockDeviceMappings=If(
"UseEBSBool",
my_block_device_mappings_ebs(ref_disk_worker_ebs_diskcount,
"/dev/sd",
ref_disk_worker_ebs_volumesize,
"gp2"),
my_block_device_mappings_ephemeral(24, "/dev/sd")),
CreationPolicy=CreationPolicy(
ResourceSignal=ResourceSignal(Count=1, Timeout="PT30M")),
KeyName=Ref(KeyName),
IamInstanceProfile=Ref(AmbariInstanceProfile),
InstanceType=Ref(InstanceType),
NetworkInterfaces=[
ec2.NetworkInterfaceProperty(
DeleteOnTermination="true",
DeviceIndex="0",
SubnetId=Ref(PublicSubnet),
GroupSet=[Ref(AmbariSecurityGroup)],
AssociatePublicIpAddress="true",
),
],
))
ec2.Instance(
"HdsfServer",
AvailabilityZone=Ref(az_param),
ImageId=Ref(ami_param),
InstanceType="m4.large",
BlockDeviceMappings=[
ec2.BlockDeviceMapping("RootVolume",
DeviceName='/dev/xvda',
Ebs=ec2.EBSBlockDevice(VolumeSize=32))
],
# This doesn't work, but it seems like we need to fix a problem in
# https://github.com/cloudtools/troposphere/blob/2dc788dbc89c15ce5984f9c40b143494336a2348/troposphere/ec2.py#L311
# It only works if the profile exists outside of the template
# Til this is investigated you have to manually edit the generated json file and
# remove the \" s
IamInstanceProfile='{"Ref": "ServiceProfile"}',
KeyName=Ref(keyname_param),
SecurityGroups=[Ref(security_group)],
UserData=Base64(
Join("\n", [
"#!/bin/bash", "yum update -y",
"amazon-linux-extras install docker", "service docker start",
"usermod -a -G docker ec2-user",
'curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose',
"chmod +x /usr/local/bin/docker-compose", "yum install -y git",
"cat <<-EOL > /opt/start_server.sh",
"git clone https://github.com/HDFGroup/hsds.git",
"export AWS_S3_GATEWAY=http://s3.amazonaws.com",
Join("", ["export BUCKET_NAME=",
Ref(bucket_param)]),
'export HSDS_ENDPOINT=http://$(curl http://169.254.169.254/latest/meta-data/public-hostname)',
Join("", ["export AWS_IAM_ROLE=",
Ref(ServiceRole)]), "cd hsds",
"mv admin/config/passwd.default admin/config/passwd.txt",
"./runall.sh", "EOL", "chmod o+rx /opt/start_server.sh"
]))))
),
],
))
ud = Base64(
Join('\n', [
"#!/bin/bash", "yum install --enablerepo=epel -y git",
"pip install ansible", AnsiblePullCmd,
"echo '*/10 * * * * {}' > /etc/cron.d/ansible-pull".format(
AnsiblePullCmd)
]))
t.add_resource(
ec2.Instance(
"instance",
ImageId="ami-a4c7edb2",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("MyKeyPair"),
UserData=ud,
))
t.add_output(
Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(
Output(
"WebUrl",
Description="Application endpoint",
delimiter = ''
user_data_script = (
"#!/bin/bash\n",
'sudo yum update -y\n',
'wget https://packages.chef.io/files/stable/chefdk/2.5.3/sles/12/chefdk-2.5.3-1.sles12.x86_64.rpm\n',
'sudo rpm -Uvh chefdk-2.5.3-1.sles12.x86_64.rpm\n',
'rm chefdk-2.5.3-1.sles12.x86_64.rpm\n',
'sudo yum install git -y\n'
)
ec2_instance = template.add_resource(ec2.Instance(
"Ec2Instance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType="t2.micro",
KeyName=Ref(keyname_param),
SecurityGroups=Ref(security_groups_param),
UserData=Base64(Join(delimiter, user_data_script))
))
template.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
Output(
"AZ",
Description="Availability Zone of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "AvailabilityZone"),
FromPort = '22',
ToPort = '22',
CidrIp = '0.0.0.0/0'
),
ec2.SecurityGroupRule(
IpProtocol = 'tcp',
FromPort = '80',
ToPort = '80',
CidrIp = Join('/', [Ref(ip_address), "32"])
)
]
ec2_instance = template.add_resource(ec2.Instance(
"AsgardInstance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType=Ref(instance_type),
KeyName=Ref(keyname),
SecurityGroups=[Ref(sg)]
))
template.add_output([
Output(
"PublicIP",
Description="Public IP address of the Asgard instance",
Value=GetAtt(ec2_instance, "PublicIp"),
),
Output(
"PrivateIP",
Description="Private IP address of the Asgard instance",
Value=GetAtt(ec2_instance, "PrivateIp"),
),
),
],
))
ud = Base64(Join('\n', [
"#!/bin/bash",
"sudo yum install --enablerepo=epel -y nodejs",
"wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js",
"wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf",
"start helloworld"
]))
t.add_resource(ec2.Instance(
"instance",
ImageId="ami-e21cc38c",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud,
))
t.add_output(Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(Output(
"WebUrl",
Description="Application endpoint",
Value=Join("", [
"http://", GetAtt("instance", "PublicDnsName"),
]
)
))
t.add_resource(InstanceProfile(
"InstanceProfile",
Path="/",
Roles=[Ref("Role")]
))
t.add_resource(ec2.Instance(
"instance",
ImageId="ami-cfe4b2b0",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud,
IamInstanceProfile=Ref("InstanceProfile"),
))
t.add_output(Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(Output(
"WebUrl",
Description="Application endpoint",
Value=Join("", [
Statement(Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["ec2.amazonaws.com"]))
])))
"""********Instance Profile *********"""
t.add_resource(
InstanceProfile("InstanceProfile", Path="/", Roles=[Ref("Role")]))
"""********EC2 Resource creation Creation"""
t.add_resource(
ec2.Instance(
"instance",
InstanceType="t2.micro",
SecurityGroups=[Ref("TropoSecuritygroup")],
ImageId="mi-a4c7edb2",
KeyName=Ref("KeyPair"),
UserData=ud,
IamInstanceProfile=Ref("InstanceProfile"),
)),
t.add_output(Output(
"myOutputPublicIP",
Value=GetAtt("instance", "PublicIp"),
)),
t.add_output(
Output(
"PublicIPAddress",
Value=GetAtt("instance", "PublicDnsName"),
)),
print t.to_json()
"ap-northeast-1": {
"AMI": "ami-dcfa4edd"
},
"ap-northeast-2": {
"AMI": "ami-0d097db2fb6e0f05e"
}
})
ec2_instance = t.add_resource(
ec2.Instance(
"instance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType="t2.micro",
KeyName=Ref(keyname_param),
SecurityGroupIds=[Ref(security_param)],
SubnetId=SubnetID,
UserData=ud,
IamInstanceProfile=Ref(cfninstanceprofile),
Tags=[{
"Key": "Name",
"Value": "codingTestServer"
}],
))
# GetAtt: Fn::GetAtt
t.add_output([
Output(
"InstanceId",
Description="InstanceId of the newly created EC2 instance",
Value=Ref(ec2_instance),
),
"#!/bin/bash",
"sudo yum install --enablerepo=epel -y nodejs",
"wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js",
"wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf",
"start helloworld"
]))
"""
"""[Modified jenkins] EC2 Resource creation Creation"""
t.add_resource(
ec2.Instance(
'troins',
InstanceType='t2.micro',
SecurityGroups=[Ref('trosecgro')],
ImageId='ami-a4c7edb2',
KeyName=Ref('keypair'),
UserData=ud,
IamInstanceProfile=Ref('InstanceProfile'),
))
t.add_output(
Output(
"myOutputPublicIP",
Value=GetAtt("instance", "PublicIp"),
)
),
t.add_output(
Output(
"PublicIPAddress",
},
"ap-southeast-1": {
"AMI": "ami-dc9339bf"
},
"ap-southeast-2": {
"AMI": "ami-1c47407f"
},
"ap-northeast-1": {
"AMI": "ami-56d4ad31"
}
})
ec2_instance = template.add_resource(
ec2.Instance("Ec2Instance",
ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"),
InstanceType="t2.micro",
KeyName=Ref(keyname_param),
SecurityGroups=[Ref(securitygroup_param)],
Tags=Tags(Name="Tropo1")))
template.add_output([
Output(
"PublicIP",
Description="Public IP address of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "PublicIp"),
),
Output(
"PublicDNS",
Description="Public DNSName of the newly created EC2 instance",
Value=GetAtt(ec2_instance, "PublicDnsName"),
)
])
t.add_resource(
IAMPolicy(
"Policy",
PolicyName="AllowS3",
PolicyDocument=Policy(Statement=[
Statement(Effect=Allow, Action=[Action("s3", "*")], Resource=["*"])
]),
))
t.add_resource(
ec2.Instance(
"instance",
ImageId="ami-09ead922c1dad67e4",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud,
IamInstanceProfile=Ref("InstanceProfile"),
))
t.add_output(
Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(
Output(
"WebUrl",
import troposphere.ec2 as ec2
# Incorrect property being set on AWS resource
instance = ec2.Instance("ec2instance", image="i-XXXX")
# Incorrect type for AWS resource property
#instance = ec2.Instance("ec2instance", ImageId=1)
# uncomment and comment line above run when ready
#instance = ec2.Instance("ec2instance", ImageId="ami-sadljf3")
from troposphere import Template
t = Template()
t.add_resource(instance)
print(t.to_json())
],
))
ud = Base64(
Join('\n', [
"#!/bin/bash", "sudo yum install --enablerepo=epel -y nodejs",
"wget http://bit.ly/2vESNuc -O /home/ec2-user/helloworld.js",
"wget http://bit.ly/2vVvT18 -O /etc/init/helloworld.conf",
"start helloworld"
]))
t.add_resource(
ec2.Instance(
"instance",
ImageId="ami-0d097db2fb6e0f05e",
InstanceType="t2.micro",
SecurityGroups=[Ref("SecurityGroup")],
KeyName=Ref("KeyPair"),
UserData=ud,
))
t.add_output(
Output(
"InstancePublicIp",
Description="Public IP of our instance.",
Value=GetAtt("instance", "PublicIp"),
))
t.add_output(
Output(
"WebUrl",
Description="Application endpoint",
