def create_conditions(self): self.template.add_condition( "UseSSL", Not(Equals(Ref("ControllerELBCertName"), ""))) self.template.add_condition("UseDNS", Not(Equals(Ref("ExternalDomain"), ""))) self.template.add_condition("EnableStreamingLogs", Equals(Ref("DisableStreamingLogs"), ""))
def create_conditions(self): t = self.template ssl_condition = Not(Equals(Ref("ELBCertName"), "")) t.add_condition("UseHTTPS", ssl_condition) t.add_condition("UseHTTP", Not(ssl_condition)) self.template.add_condition( "UseIAMCert", Not(Equals(Ref("ELBCertType"), "acm"))) t.add_condition( "EnableSNSEvents", Equals(Ref("EventsBackend"), "sns")) t.add_condition( "CreateSNSTopic", And(Equals(Ref("EventsSNSTopicName"), ""), Condition("EnableSNSEvents"))) t.add_condition( "EnableCloudwatchLogs", Equals(Ref("RunLogsBackend"), "cloudwatch")) t.add_condition( "CreateRunLogsGroup", And(Equals(Ref("RunLogsCloudwatchGroup"), ""), Condition("EnableCloudwatchLogs"))) t.add_condition( "EnableAppEventStream", Equals(Ref("LogsStreamer"), "kinesis")) t.add_condition( "RequireCommitMessages", Equals(Ref("RequireCommitMessages"), "true"))
def condition_bucket_name_provided(self) -> str: """Condition BucketNameProvided.""" return self.template.add_condition( "BucketNameProvided", And( Not(Equals(self.variables["BucketName"].ref, "undefined")), Not(Equals(self.variables["BucketName"].ref, "")), ), )
def add_conditions(self): """ Create Conditions """ template = self.template variables = self.get_variables() template.add_condition('UseCidrIp', Not(Equals(variables['CidrIp'].ref, ''))) template.add_condition( 'UseSourceSecurityGroupId', Not(Equals(variables['SourceSecurityGroupId'].ref, '')))
def add_conditions(self): """Add conditions to template.""" template = self.template variables = self.get_variables() template.add_condition('CidrDefined', Not(Equals(variables['FromCidr'].ref, ''))) template.add_condition('SrcSgDefined', Not(Equals(variables['FromSgId'].ref, '')))
def create_conditions(self): self.template.add_condition("HasInternalDomain", Not(Equals(Ref("InternalDomain"), ""))) self.template.add_condition("HasExternalDomain", Not(Equals(Ref("BaseDomain"), ""))) self.template.add_condition( "HasHostedZones", Or(Condition("HasInternalDomain"), Condition("HasExternalDomain"))) self.template.add_condition("NoHostedZones", Not(Condition("HasHostedZones")))
def create_conditions(self): self.template.add_condition("HasInternalZone", Not(Equals(Ref("InternalZoneId"), ""))) self.template.add_condition("HasInternalZoneName", Not(Equals(Ref("InternalZoneName"), ""))) self.template.add_condition("HasInternalHostname", Not(Equals(Ref("InternalHostname"), ""))) self.template.add_condition( "CreateInternalHostname", And(Condition("HasInternalZone"), Condition("HasInternalZoneName"), Condition("HasInternalHostname")))
def create_conditions(self): self.template.add_condition("CreateELB", Not(Equals(Ref("ELBHostName"), ""))) self.template.add_condition("SetupDNS", Not(Equals(Ref("BaseDomain"), ""))) self.template.add_condition("UseSSL", Not(Equals(Ref("ELBCertName"), ""))) self.template.add_condition( "CreateSSLELB", And(Condition("CreateELB"), Condition("UseSSL"))) self.template.add_condition( "SetupELBDNS", And(Condition("CreateELB"), Condition("SetupDNS")))
def create_policy(self): ns = self.context.namespace name_prefix = "%s-%s" % (ns, self.name) t = self.template t.add_condition( 'ExternalRoles', Not(Equals(Join(",", Ref('RoleNames')), '')), ) t.add_condition( 'ExternalGroups', Not(Equals(Join(",", Ref('GroupNames')), '')), ) t.add_condition( 'ExternalUsers', Not(Equals(Join(",", Ref('UserNames')), '')), ) t.add_condition( 'CreatePolicy', Or( TropoCondition("ExternalRoles"), TropoCondition("ExternalGroups"), TropoCondition("ExternalUsers"), )) t.add_resource( iam.PolicyType( FIREHOSE_WRITE_POLICY, PolicyName='{}-firehose'.format(name_prefix), PolicyDocument=firehose_write_policy(), Roles=If("ExternalRoles", Ref("RoleNames"), Ref("AWS::NoValue")), Groups=If("ExternalGroups", Ref("GroupNames"), Ref("AWS::NoValue")), Users=If("ExternalUsers", Ref("UserNames"), Ref("AWS::NoValue")), Condition='CreatePolicy', ), ) t.add_resource( iam.PolicyType( LOGS_POLICY, PolicyName='{}-logs'.format(name_prefix), PolicyDocument=logs_policy(), Roles=If("ExternalRoles", Ref("RoleNames"), Ref("AWS::NoValue")), Groups=If("ExternalGroups", Ref("GroupNames"), Ref("AWS::NoValue")), Users=If("ExternalUsers", Ref("UserNames"), Ref("AWS::NoValue")), Condition='CreatePolicy', ), )
def create_conditions(self): self.template.add_condition("HasInternalDomain", Not(Equals(Ref("InternalDomain"), ""))) self.template.add_condition("HasExternalDomain", Not(Equals(Ref("BaseDomain"), ""))) self.template.add_condition( "HasHostedZones", Or(Condition("HasInternalDomain"), Condition("HasExternalDomain"))) self.template.add_condition("NoHostedZones", Not(Condition("HasHostedZones"))) self.template.add_condition("UseNatGateway", Equals(Ref("UseNatGateway"), "true")) self.template.add_condition("UseNatInstances", Not(Condition("UseNatGateway")))
def create_conditions(self): t = self.template t.add_condition("DefinedNotificationArn", Not(Equals(Ref("NotificationTopicArn"), ""))) t.add_condition("DefinedPort", Not(Equals(Ref("Port"), "0"))) t.add_condition( "DefinedAvailabilityZones", Not(Equals(Join(",", Ref("PreferredCacheClusterAZs")), ""))) t.add_condition("DefinedSnapshotArns", Not(Equals(Join(",", Ref("SnapshotArns")), ""))) t.add_condition("DefinedSnapshotWindow", Not(Equals(Ref("SnapshotWindow"), ""))) # DNS Conditions t.add_condition("HasInternalZone", Not(Equals(Ref("InternalZoneId"), ""))) t.add_condition("HasInternalZoneName", Not(Equals(Ref("InternalZoneName"), ""))) t.add_condition("HasInternalHostname", Not(Equals(Ref("InternalHostname"), ""))) t.add_condition( "CreateInternalHostname", And(Condition("HasInternalZone"), Condition("HasInternalZoneName"), Condition("HasInternalHostname")))
def add_conditions(self): """Set up AZ conditions.""" template = self.template for i in range(AZS): template.add_condition( 'PublicAZ%i' % (i + 1), Not(Equals(Ref('PublicSubnet%i' % (i + 1)), ''))) template.add_condition( 'PrivateAZ%i' % (i + 1), Not(Equals(Ref('PrivateSubnet%i' % (i + 1)), ''))) template.add_condition( 'CreateNATGateway%i' % (i + 1), And(Condition('PublicAZ%i' % (i + 1)), Condition('PrivateAZ%i' % (i + 1))))
def create_log_group_template(): template = Template( Description="Child stack to maintain Lambda@Edge log groups") log_group_name = template.add_parameter( Parameter("LogGroupName", Type="String")) log_retention_days = template.add_parameter( Parameter( "LogRetentionDays", Type="Number", Description= "Days to keep Lambda@Edge logs. 0 means indefinite retention.", AllowedValues=[0] + CLOUDWATCH_LOGS_RETENTION_OPTIONS, )) retention_defined = add_condition(template, "RetentionDefined", Not(Equals(Ref(log_retention_days), 0))) template.add_resource( LogGroup( "EdgeLambdaLogGroup", LogGroupName=Ref(log_group_name), RetentionInDays=If(retention_defined, Ref(log_retention_days), NoValue), )) return template
def create_conditions(self): t = self.template t.add_condition( 'HasInternalZone', Not(Equals(Ref('InternalZoneId'), ''))) t.add_condition( 'HasInternalZoneName', Not(Equals(Ref('InternalZoneName'), ''))) t.add_condition( 'HasInternalHostname', Not(Equals(Ref('InternalHostname'), ''))) t.add_condition( 'CreateInternalHostname', And(Condition('HasInternalZone'), Condition('HasInternalZoneName'), Condition('HasInternalHostname')))
def create_kms_key(self): t = self.template t.add_condition("EncryptS3Bucket", Not(Equals(Ref("EncryptS3Bucket"), "false"))) key_description = Join( "", ["S3 Bucket kms encryption key for stack ", Ref("AWS::StackName")]) key_use_arns = self.local_parameters["KeyUseArns"] # auto add the created IAM Role key_use_arns.append(GetAtt(IAM_ROLE, "Arn")) key_admin_arns = self.local_parameters["KeyAdminArns"] t.add_resource( kms.Key(KMS_KEY, Description=key_description, Enabled=True, EnableKeyRotation=Ref("EnableKeyRotation"), KeyPolicy=kms_key_policy(key_use_arns, key_admin_arns), Condition="EncryptS3Bucket")) key_arn = Join("", [ "arn:aws:kms:", Ref("AWS::Region"), ":", Ref("AWS::AccountId"), ":key/", Ref(KMS_KEY) ]) t.add_output(Output("KmsKeyArn", Value=key_arn))
def main(argv): # Set up a blank template t = Template() # Add description t.add_description("RDS Database") # Add all defined input parameters to template for p in parameters.values(): t.add_parameter(p) t.add_condition("InstallPostgis", Not(Equals(Ref("ProvisionStackName"), ""))) t.add_resource(gen_postgis_provisioner()) # Create instance and security group add to template t.add_resource(gen_sg()) for resource in gen_rds_db(service_name): t.add_resource(resource) t.add_output( Output("ConnectionString", Description="Connection string for database", Value=Join("", [GetAtt("DB", "Endpoint.Address"), Ref("DB")]))) # Convert template to json template = (t.to_json()) # Print template to console (for debugging) and write to file print(template) write_to_file(template)
def add_conditions(self): """Set up template conditions.""" template = self.template variables = self.get_variables() template.add_condition( 'SSHKeySpecified', And(Not(Equals(variables['KeyName'].ref, '')), Not(Equals(variables['KeyName'].ref, 'undefined')))) template.add_condition( 'MissingVPNAMI', Or(Equals(variables['VPNAMI'].ref, ''), Equals(variables['VPNAMI'].ref, 'undefined'))) template.add_condition( 'RHELUserData', Not(Equals(variables['VPNOS'].ref, 'ubuntu-16.04'))) template.add_condition( 'ChefRunListSpecified', And(Not(Equals(variables['ChefRunList'].ref, '')), Not(Equals(variables['ChefRunList'].ref, 'undefined')))) template.add_condition( 'PublicRouteTableSpecified', And(Not(Equals(variables['PublicRouteTable'].ref, '')), Not(Equals(variables['PublicRouteTable'].ref, 'undefined')))) template.add_condition( 'PublicSubnetsOmitted', Equals(Join('', variables['PublicSubnets'].ref), '')) for i in range(AZS): template.add_condition( '%iPrivateSubnetsCreated' % (i + 1), Equals(variables['PrivateSubnetCount'].ref, str(i + 1))) template.add_condition( 'PrivateSubnetCountOmitted', Equals(variables['PrivateSubnetCount'].ref, '0'))
def add_double_sided_condition(template, condition_name_base, conditional): template.add_condition( f"{condition_name_base}True", conditional, ) template.add_condition(f"{condition_name_base}False", Not(conditional)) return f"{condition_name_base}True", f"{condition_name_base}False"
def create_conditions(self): self.template.add_condition( "UseSSL", Not(Equals(Ref("ControllerELBCertName"), ""))) self.template.add_condition( "UseDNS", Not(Equals(Ref("ExternalDomain"), ""))) self.template.add_condition( "EnableStreamingLogs", Equals(Ref("DisableStreamingLogs"), "")) self.template.add_condition( "HasGithubWebhooksSecret", Not(Equals(Ref("EmpireGithubWebhooksSecret"), ""))) self.template.add_condition( "HasGithubDeploymentEnvironment", Not(Equals(Ref("EmpireGithubDeploymentsEnvironment"), ""))) self.template.add_condition( "EnableSNSEvents", Not(Equals(Ref("EnableSNSEvents"), "false")))
def add_conditions(self): """Add conditions to template.""" template = self.template variables = self.get_variables() template.add_condition('KmsKeyEnabled', Not(Equals(variables['KmsKey'].ref, ''))) template.add_condition( 'CustomParameterGroup', Not(Equals(variables['ParameterGroupName'].ref, ''))) template.add_condition( 'VpnAccessEnabled', Not(Equals(variables['VPNSecurityGroup'].ref, ''))) template.add_condition( 'SnsTopicSpecified', Not(Equals(Join('', variables['SNSTopic'].ref), ''))) template.add_condition( 'IdentifierSpecified', Not( Or(Equals(variables['RdsInstanceIdentifier'].ref, 'undefined'), Equals(variables['RdsInstanceIdentifier'].ref, '')))) template.add_condition( 'SnapshotSpecified', Not( Or(Equals(variables['RdsSnapshotIdentifier'].ref, 'undefined'), Equals(variables['RdsSnapshotIdentifier'].ref, ''))))
def create_conditions(self): t = self.template t.add_condition( "HasInternalZone", Not(Equals(Ref("InternalZoneId"), ""))) t.add_condition( "HasInternalZoneName", Not(Equals(Ref("InternalZoneName"), ""))) t.add_condition( "HasInternalHostname", Not(Equals(Ref("InternalHostname"), ""))) t.add_condition( "CreateInternalHostname", And(Condition("HasInternalZone"), Condition("HasInternalZoneName"), Condition("HasInternalHostname"))) t.add_condition( "HasProvisionedIOPS", Not(Equals(Ref("IOPS"), "0"))) t.add_condition( "HasStorageType", Not(Equals(Ref("StorageType"), "default"))) t.add_condition( "HasDBSnapshotIdentifier", Not(Equals(Ref("DBSnapshotIdentifier"), "")))
def build_tags_list(t): has_conditions = [] tags_list = [] for x in range(1, 11): name = t.add_parameter( Parameter( "Tag%sName" % x, Type="String", Default="-NONE-", )) value = t.add_parameter( Parameter( "Tag%sValue" % x, Type="String", Default="-NONE-", )) t.add_condition( "HasTag%s" % x, Not( Or( Equals(Ref(name), "-NONE-"), Equals(Ref(value), "-NONE-"), ), ), ) has_conditions.append({"Fn::Condition": "HasTag%s" % x}) tags_list.append( If( "HasTag%s" % x, { "Key": Ref(name), "Value": Ref(value), }, NoValue, ), ) t.add_condition( "HasTags", Or(*has_conditions), ) return If( "HasTags", TagsList(*tags_list), NoValue, )
def add_conditions(self): """Set up template conditions.""" template = self.template variables = self.get_variables() template.add_condition( 'AlarmDescriptionSpecified', Not(Equals(variables['AlarmDescription'].ref, '')) ) template.add_condition( 'AlarmNameSpecified', Not(Equals(variables['AlarmName'].ref, '')) ) template.add_condition( 'MetricDimensionSpecified', Not(Equals(variables['DimensionName'].ref, '')) ) template.add_condition( 'TreatMissingDataSpecified', Not(Equals(variables['TreatMissingData'].ref, '')) )
def __init__( self, vpc_configuration: VPCConfig, existing_vpc: bool = False, availability_zone: str = None, description="Network build by NetworkTemplateBuilder", ): self.__template = Template() self.__template.set_version("2010-09-09") self.__template.set_description(description) self.__availability_zone = self.__get_availability_zone(availability_zone) self.__vpc_config = vpc_configuration self.__vpc, self.__additional_vpc_cidr_blocks = self.__get_vpc(existing_vpc) self.__vpc_subnets = vpc_configuration.subnets self.__gateway_id = self.__get_gateway_id() self.__create_ig = self.__template.add_condition("CreateInternetGateway", Equals(self.__gateway_id, "")) self.__existing_ig = self.__template.add_condition( # can't negate above condition with Not() "ExistingInternetGateway", Not(Equals(self.__gateway_id, "")) )
# # Parameters # param_bucket_name = t.add_parameter( Parameter( 'BucketName', Description='Bucket name', Default='', Type='String', AllowedPattern=r'[-\.a-z0-9]*', )) # # Condition # t.add_condition('HasBucketName', Not(Equals(Ref(param_bucket_name), ''))) # # Resource # bucket = t.add_resource( s3.Bucket( 'Bucket', BucketName=If('HasBucketName', Ref(param_bucket_name), Ref(AWS_NO_VALUE)), LifecycleConfiguration=s3.LifecycleConfiguration(Rules=[ # Add a rule to s3.LifecycleRule( # Rule attributes Id='S3BucketRule1', Prefix='',
'Three', Type='String', ), Parameter( 'Four', Type='String', ), Parameter( 'SshKeyName', Type='String', ) ]) t.add_condition('OneEqualsFoo', Equals(Ref('One'), 'Foo')) t.add_condition('NotOneEqualsFoo', Not(Condition('OneEqualsFoo'))) t.add_condition('BarEqualsTwo', Equals('Bar', Ref('Two'))) t.add_condition('ThreeEqualsFour', Equals(Ref('Three'), Ref('Four'))) t.add_condition('OneEqualsFooOrBarEqualsTwo', Or(Condition('OneEqualsFoo'), Condition('BarEqualsTwo'))) t.add_condition('OneEqualsFooAndNotBarEqualsTwo', And(Condition('OneEqualsFoo'), Not(Condition('BarEqualsTwo')))) t.add_condition( 'OneEqualsFooAndBarEqualsTwoAndThreeEqualsPft', And(Condition('OneEqualsFoo'), Condition('BarEqualsTwo'), Equals(Ref('Three'), 'Pft')))
def create_template(self) -> None: """Create template (main function called by Stacker).""" template = self.template template.add_version("2010-09-09") template.add_description( "Kubernetes workers via EKS - V1.0.0 " "- compatible with amazon-eks-node-v23+" ) # Metadata template.add_metadata( { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": {"default": "EKS Cluster"}, "Parameters": [ self.variables[i].name for i in [ "ClusterName", "ClusterControlPlaneSecurityGroup", ] ], }, { "Label": {"default": "Worker Node Configuration"}, "Parameters": [ self.variables[i].name for i in [ "NodeGroupName", "NodeAutoScalingGroupMinSize", "NodeAutoScalingGroupMaxSize", "UseDesiredInstanceCount", "NodeInstanceType", "NodeInstanceProfile", "NodeImageId", "NodeVolumeSize", "KeyName", "UseSpotInstances", "SpotBidPrice", "BootstrapArguments", ] ], }, { "Label": {"default": "Worker Network Configuration"}, "Parameters": [ self.variables[i].name for i in ["VpcId", "Subnets"] ], }, ] } } ) # Conditions template.add_condition( "SetSpotPrice", Equals(self.variables["UseSpotInstances"].ref, "yes") ) template.add_condition( "DesiredInstanceCountSpecified", Equals(self.variables["UseDesiredInstanceCount"].ref, "true"), ) template.add_condition( "KeyNameSpecified", Not(Equals(self.variables["KeyName"].ref, "")) ) # Resources nodesecuritygroup = template.add_resource( ec2.SecurityGroup( "NodeSecurityGroup", GroupDescription="Security group for all nodes in the cluster", Tags=[ { "Key": Sub("kubernetes.io/cluster/${ClusterName}"), "Value": "owned", }, ], VpcId=self.variables["VpcId"].ref, ) ) template.add_output( Output( "NodeSecurityGroup", Description="Security group for all nodes in the cluster", Value=nodesecuritygroup.ref(), ) ) template.add_resource( ec2.SecurityGroupIngress( "NodeSecurityGroupIngress", Description="Allow node to communicate with each other", GroupId=nodesecuritygroup.ref(), SourceSecurityGroupId=nodesecuritygroup.ref(), IpProtocol="-1", FromPort=0, ToPort=65535, ) ) template.add_resource( ec2.SecurityGroupIngress( "NodeSecurityGroupFromControlPlaneIngress", Description="Allow worker Kubelets and pods to receive " "communication from the cluster control plane", GroupId=nodesecuritygroup.ref(), SourceSecurityGroupId=self.variables[ "ClusterControlPlaneSecurityGroup" ].ref, # noqa IpProtocol="tcp", FromPort=1025, ToPort=65535, ) ) template.add_resource( ec2.SecurityGroupEgress( "ControlPlaneEgressToNodeSecurityGroup", Description="Allow the cluster control plane to communicate " "with worker Kubelet and pods", GroupId=self.variables["ClusterControlPlaneSecurityGroup"].ref, DestinationSecurityGroupId=nodesecuritygroup.ref(), IpProtocol="tcp", FromPort=1025, ToPort=65535, ) ) template.add_resource( ec2.SecurityGroupIngress( "NodeSecurityGroupFromControlPlaneOn443Ingress", Description="Allow pods running extension API servers on port " "443 to receive communication from cluster " "control plane", GroupId=nodesecuritygroup.ref(), SourceSecurityGroupId=self.variables[ "ClusterControlPlaneSecurityGroup" ].ref, # noqa IpProtocol="tcp", FromPort=443, ToPort=443, ) ) template.add_resource( ec2.SecurityGroupEgress( "ControlPlaneEgressToNodeSecurityGroupOn443", Description="Allow the cluster control plane to communicate " "with pods running extension API servers on port " "443", GroupId=self.variables["ClusterControlPlaneSecurityGroup"].ref, DestinationSecurityGroupId=nodesecuritygroup.ref(), IpProtocol="tcp", FromPort=443, ToPort=443, ) ) template.add_resource( ec2.SecurityGroupIngress( "ClusterControlPlaneSecurityGroupIngress", Description="Allow pods to communicate with the cluster API " "Server", GroupId=self.variables["ClusterControlPlaneSecurityGroup"].ref, SourceSecurityGroupId=nodesecuritygroup.ref(), IpProtocol="tcp", FromPort=443, ToPort=443, ) ) nodelaunchconfig = template.add_resource( autoscaling.LaunchConfiguration( "NodeLaunchConfig", AssociatePublicIpAddress=True, IamInstanceProfile=self.variables["NodeInstanceProfile"].ref, ImageId=self.variables["NodeImageId"].ref, InstanceType=self.variables["NodeInstanceType"].ref, KeyName=If("KeyNameSpecified", self.variables["KeyName"].ref, NoValue), SecurityGroups=[nodesecuritygroup.ref()], SpotPrice=If( "SetSpotPrice", self.variables["SpotBidPrice"].ref, NoValue ), BlockDeviceMappings=[ autoscaling.BlockDeviceMapping( DeviceName="/dev/xvda", Ebs=autoscaling.EBSBlockDevice( VolumeSize=self.variables["NodeVolumeSize"].ref, VolumeType="gp2", DeleteOnTermination=True, ), ) ], UserData=Base64( Sub( "\n".join( [ "#!/bin/bash", "set -o xtrace", "/etc/eks/bootstrap.sh ${ClusterName} ${BootstrapArguments}", "/opt/aws/bin/cfn-signal --exit-code $? \\", "--stack ${AWS::StackName} \\", "--resource NodeGroup \\", "--region ${AWS::Region}", ] ) ) ), ) ) template.add_resource( autoscaling.AutoScalingGroup( "NodeGroup", DesiredCapacity=If( "DesiredInstanceCountSpecified", self.variables["NodeAutoScalingGroupMaxSize"].ref, NoValue, ), LaunchConfigurationName=nodelaunchconfig.ref(), MinSize=self.variables["NodeAutoScalingGroupMinSize"].ref, MaxSize=self.variables["NodeAutoScalingGroupMaxSize"].ref, VPCZoneIdentifier=self.variables["Subnets"].ref, Tags=[ autoscaling.Tag( "Name", Sub("${ClusterName}-${NodeGroupName}-Node"), True ), autoscaling.Tag( Sub("kubernetes.io/cluster/${ClusterName}"), "owned", True ), ], UpdatePolicy=UpdatePolicy( AutoScalingRollingUpdate=AutoScalingRollingUpdate( MinInstancesInService="1", MaxBatchSize="1" ) ), ) )
Default="redis", Description="Cache engine (redis or memcached)", Type="String", AllowedValues=[ 'redis', 'memcached', ], ConstraintDescription="must select a valid cache engine.", ), group="Cache", label="Engine", ) cache_condition = "CacheCondition" template.add_condition(cache_condition, Not(Equals(Ref(cache_node_type), dont_create_value))) using_redis_condition = "UsingRedis" template.add_condition( using_redis_condition, Equals(Ref(cache_engine), "redis"), ) cache_security_group = ec2.SecurityGroup( 'CacheSecurityGroup', template=template, GroupDescription="Cache security group.", Condition=cache_condition, VpcId=Ref(vpc), SecurityGroupIngress=[ # Redis in from web clusters
Parameter( "BastionKeyName", Description="Name of an existing EC2 KeyPair to enable SSH access to " "the Bastion instance. This parameter is required even if " "no Bastion AMI is specified (but will be unused).", Type="AWS::EC2::KeyPair::KeyName", ConstraintDescription="must be the name of an existing EC2 KeyPair.", Default=dont_create_value, ), group="Bastion Server", label="SSH Key Name", ) bastion_type_set = "BastionTypeSet" template.add_condition(bastion_type_set, Not(Equals(dont_create_value, Ref(bastion_type)))) bastion_type_is_openvpn_set = "BastionTypeIsOpenVPNSet" template.add_condition(bastion_type_is_openvpn_set, Equals("OpenVPN", Ref(bastion_type))) bastion_type_is_ssh_set = "BastionTypeIsSSHSet" template.add_condition(bastion_type_is_ssh_set, Equals("SSH", Ref(bastion_type))) bastion_ami_set = "BastionAMISet" template.add_condition(bastion_ami_set, Not(Equals("", Ref(bastion_ami)))) bastion_type_and_ami_set = "BastionTypeAndAMISet" template.add_condition( bastion_type_and_ami_set,
)) use_aes256_encryption = Ref(template.add_parameter( Parameter( "UseAES256Encryption", Description="Whether or not to use server side encryption for S3, EBS, and RDS. " "When true, encryption is enabled for all resources.", Type="String", AllowedValues=["true", "false"], Default="false", ), group="Global", label="Enable Encryption", )) use_aes256_encryption_cond = "UseAES256EncryptionCond" template.add_condition(use_aes256_encryption_cond, Equals(use_aes256_encryption, "true")) cmk_arn = template.add_parameter( Parameter( "CustomerManagedCmkArn", Description="KMS CMK ARN to encrypt stack resources (except for public buckets).", Type="String", Default="", ), group="Global", label="Customer managed key ARN", ) use_cmk_arn = "CmkArnCondition" template.add_condition(use_cmk_arn, Not(Equals(Ref(cmk_arn), "")))