def generate_cf(self): """ Create Cloud Formation Template from user supplied or default config file :return json string """ ## read machine list from the config file ## machines = self._readConfig(self.configdata) if 'error' in machines: return machines template = Template() template.add_description( "%s: [%s]" % (self.owner,", ".join(self.machinelist)) ) ## convert the params into cloud formation instance object ## for subnet in machines: for mclass in machines[subnet]: machine = machines[subnet][mclass] instance = self._set_instance_value(machine,mclass,self.subnet[subnet]) template.add_resource(instance) intrecordset = self._set_internal_resource_record(mclass) template.add_resource(intrecordset) if subnet == 'public': pubrecordset = self._set_public_resource_record(mclass) template.add_resource(pubrecordset) ## this magic function turn it to jason formatted template ## return template.to_json(),self.envname
def create_services(name='services', sns_name='cfSns', sqs_name='cfSqs'): t = Template() t.add_description("""\ microservices stack""") create_sns_sqs(t, sns_name + name, sqs_name + name) return t
def _generate_template(tms=1, within_vpc=False): t = Template() t.add_description(FLINK_TEMPLATE_DESCRIPTION) t.add_version(FLINK_TEMPLATE_VERSION) t.add_metadata({'LastUpdated': datetime.datetime.now().strftime('%c')}) # mappings mappings.add_mappings(t) # parameters parameters.add_parameters(t) vpc = None subnet_pri = None subnet_pub = None if within_vpc: # networking resources vpc, subnet_pri, subnet_pub = _define_vpc(t) # security groups sg_ssh = t.add_resource(securitygroups.ssh( parameters.ssh_location, vpc)) sg_jobmanager = t.add_resource(securitygroups.jobmanager( parameters.http_location, vpc)) sg_taskmanager = t.add_resource(securitygroups.taskmanager(None, vpc)) jobmanager = t.add_resource(instances.jobmanager( 0, [Ref(sg_ssh), Ref(sg_jobmanager)], within_vpc, subnet_pub )) prefix = "JobManager00" t.add_output(outputs.ssh_to(jobmanager, prefix)) t.add_output(Output( "FlinkWebGui", Description="Flink web interface", Value=Join("", [ 'http://', GetAtt(jobmanager, "PublicDnsName"), ':8081' ]) )) for index in range(0, tms): i = t.add_resource(instances.taskmanager( index, jobmanager, [Ref(sg_ssh), Ref(sg_taskmanager)], within_vpc, subnet_pri )) prefix = "TaskManager%2.2d" % index t.add_output(outputs.ssh_to(i, prefix, bastion=jobmanager)) return t.to_json()
def test_s3_bucket(self): t = Template() t.add_description("S3 Bucket Example") s3bucket = t.add_resource(s3.Bucket( "S3Bucket", AccessControl=s3.PublicRead,)) t.add_output(Output( "BucketName", Value=Ref(s3bucket), Description="Name of S3 bucket to hold website content" )) self.assertEqual(s3_bucket_yaml, t.to_yaml())
def generate_json(): r = {} t = Template() # t.add_description(Join('', ["DOMjudge Cluster - ", Ref('AWS::StackName')])) t.add_description("DOMjudge Cluster") r['notify_topic'] = Select(0, Ref("AWS::NotificationARNs")) t.add_mapping('SizeMap', { 'nano': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, 'small': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, 'medium': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, 'large': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, }) parameters.init(t, r) dynamodb.init(t, r) iam.init(t, r) securitygroups.init(t, r) rds.init(t, r) webserver.init(t, r) judgehost.init(t, r) return t.to_json()
def generate_env_template(app_env, env_dict): sg_name = env_dict['sg_name'] vpc_id = 'vpc-a1d187c4' # query for this! logger.debug('generating template for %s' % vpc_id) t = Template() t.add_version('2010-09-09') t.add_description('env template for %s' % app_env) app_sg = SecurityGroup('TestAppSecurityGroup') app_sg.VpcId = vpc_id app_sg.GroupDescription = 'testing' app_sg.Tags = name_tag(sg_name) t.add_resource(app_sg) return t.to_json()
def generate_application_template(app_dict): app_name = app_dict['app_name'] t = Template() t.add_version() t.add_description('app template for %s' % app_name) app = Application(app_name, Description=app_name) t.add_resource(app) bucket_name = 'ehi-pcf-%s' % app_name bucket = Bucket('AppBucket', BucketName=bucket_name, AccessControl=Private) t.add_resource(bucket) return t.to_json()
def lambda_handler(event, context): #print("Received event: " + json.dumps(event, indent=2)) # Get the object from the event and show its content type bucket = event['Records'][0]['s3']['bucket']['name'] key = urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8') print ("buket:" + bucket) print ("key:" + key) obj = s3.Object(bucket,key) response= obj.get() body = response['Body'].read() body_list= body.splitlines() # VPC関係 VPC_CidrBlockList = body_list[0].split(',') VPC_EnableDnsSupportList = body_list[1].split(',') VPC_TagsValueList = body_list[2].split(',') t = Template() t.add_version("2010-09-09") t.add_description("ROOP&ROOP") if len(VPC_CidrBlockList) > 1: for (address,dns,value) in zip(VPC_CidrBlockList[1:],VPC_EnableDnsSupportList[1:],VPC_TagsValueList[1:]): t.add_resource(VPC( value, EnableDnsSupport="true", CidrBlock=address, EnableDnsHostnames=dns, Tags=Tags(Name=value) )) json_template = t.to_json() bucket = s3.Bucket('cf-templates-hokan') obj = bucket.Object('json-template-' + basename + ' .txt') response = obj.put( Body=json_template.encode('utf-8'), ContentEncoding='utf-8', ContentType='text/plane' ) print(json_template)
def add_resources(self, resources, config): """ Creates JSON-formatted string representation of stack resourcs suitable for use with AWS Cloudformation :param resources: Internal data structure of resources :type resources: dict. :param config: Config key/value pairs :type config: dict. :returns: string :raises: :class:`pmcf.exceptions.ProvisionerException` """ LOG.info('Start building template') data = Template() desc = "%s %s stack" % (config['name'], config['environment']) data.add_description(desc) data.add_version() self._add_streams(data, resources.get('stream', []), config) self._add_queues(data, resources.get('queue', []), config) self._add_nets(data, resources.get('network', []), config) sgs = self._add_secgroups(data, resources['secgroup'], config) self._add_caches(data, resources.get('cache', []), config, sgs) lbs = self._add_lbs(data, resources['load_balancer'], config, sgs, resources['instance']) self._add_instances(data, resources['instance'], config, sgs, lbs) LOG.info('Finished building template') return data.to_json(indent=None)
def GenerateGlobalLayer(): t = Template() t.add_description("""\ Global Layer """) stackname_param = t.add_parameter(Parameter( "StackName", Description="Environment Name (default: StepGlobals)", Type="String", Default="StepGlobals", )) crontab_table = t.add_resource(dynamodb.Table( "scheduleTable", AttributeDefinitions=[ dynamodb.AttributeDefinition("taskname", "S"), ], KeySchema=[ dynamodb.Key("taskname", "HASH") ], ProvisionedThroughput=dynamodb.ProvisionedThroughput( 1, 1 ) )) t.add_output([ Output( "crontabtablename", Description="Crontab Table Name", Value=Ref(crontab_table), ) ]) return t
#!/usr/bin/python from troposphere import Template, Ref, Output, Join, GetAtt, Parameter from troposphere.dynamodb import Key, AttributeDefinition, ProvisionedThroughput, Projection from troposphere.dynamodb import Table, GlobalSecondaryIndex template = Template() template.add_description("Create a dynamodb table with a global secondary index") #N.B. If you remove the provisioning section this works for LocalSecondaryIndexes aswell. readunits = template.add_parameter(Parameter( "ReadCapacityUnits", Description="Provisioned read throughput", Type="Number", Default="10", MinValue="5", MaxValue="10000", ConstraintDescription="should be between 5 and 10000" )) writeunits = template.add_parameter(Parameter( "WriteCapacityUnits", Description="Provisioned write throughput", Type="Number", Default="5", MinValue="5", MaxValue="10000", ConstraintDescription="should be between 5 and 10000" ))
import sys import troposphere as Fn from troposphere import (ec2, iam, Template, Parameter, Ref, elasticloadbalancing) from troposphere.autoscaling import LaunchConfiguration, AutoScalingGroup from troposphere.route53 import RecordSetType from troposphere.policies import AutoScalingRollingUpdate, UpdatePolicy COMPONENT_NAME = "sample-app-python" HEALTH_CHECK_TARGET = "HTTP:7080/status" t = Template() t.add_version() t.add_description("Stack to run the sample python application within.") image_id = t.add_parameter( Parameter("ImageId", Description=( "The AMI used by this component, defaults to base centos 7"), Default="ami-9398d3e0", Type="AWS::EC2::Image::Id")) min_size = t.add_parameter( Parameter("MinSize", Description="Minimum number of instances to spin-up", Type="String", Default="2")) max_size = t.add_parameter( Parameter("MaxSize",
"""Generating CloudFormation template.""" from awacs.aws import Allow, Policy, Principal, Statement from awacs.sts import AssumeRole from troposphere import GetAtt, Ref, Template from troposphere.codepipeline import (Actions, ActionTypeId, ArtifactStore, InputArtifacts, OutputArtifacts, Pipeline, Stages) from troposphere.iam import Policy as IAMPolicy from troposphere.iam import Role from troposphere.s3 import Bucket, VersioningConfiguration t = Template() t.add_description("AWS: Helloworld Pipeline") t.add_resource( Bucket("S3Bucket", VersioningConfiguration=VersioningConfiguration( Status="Enabled", ))) t.add_resource( Role("PipelineRole", AssumeRolePolicyDocument=Policy(Statement=[ Statement(Effect=Allow, Action=[AssumeRole], Principal=Principal("Service", ["codepipeline.amazonaws.com"])) ]), Path="/", Policies=[
from troposphere import Base64, Join from troposphere import Parameter, Ref, Template from troposphere import cloudformation, autoscaling from troposphere.autoscaling import AutoScalingGroup, Tag from troposphere.autoscaling import LaunchConfiguration from troposphere.elasticloadbalancing import LoadBalancer from troposphere.policies import (AutoScalingReplacingUpdate, AutoScalingRollingUpdate, UpdatePolicy) import troposphere.ec2 as ec2 import troposphere.elasticloadbalancing as elb t = Template() t.add_description("""\ Configures autoscaling group for api app""") SecurityGroup = t.add_parameter( Parameter( "SecurityGroup", Type="String", Description="Security group for api instances.", )) DeployBucket = t.add_parameter( Parameter( "DeployBucket", Type="String", Description="The S3 bucket with the cloudformation scripts.", )) SSLCertificateId = t.add_parameter(
# Example Network with a NAT Gateway from troposphere import Output, Ref, Template, Parameter, GetAtt from troposphere import ec2 t = Template() t.add_description( "AWS CloudFormation Sample Template NatGateway: Sample template showing " "how to create a public NAT gateway. " "**WARNING** This template creates an Amazon NAT instance. " "You will be billed for the AWS resources used if you create " "a stack from this template.") vpc_cidr = t.add_parameter( Parameter( 'VPCCIDR', Default='172.18.0.0/16', Description='The IP address space for this VPC, in CIDR notation', Type='String', )) public_subnet = t.add_parameter( Parameter( 'PublicSubnetCidr', Type='String', Description='Public Subnet CIDR', Default='172.18.0.0/22', )) private_subnet = t.add_parameter(
from troposphere import Base64, Select, FindInMap, GetAtt, GetAZs, Join, Output from troposphere import Parameter, Ref, Tags, Template from troposphere.cloudformation import Init from troposphere.cloudfront import Distribution, DistributionConfig from troposphere.cloudfront import Origin, DefaultCacheBehavior from troposphere.ec2 import PortRange from troposphere.iam import InstanceProfile from troposphere.iam import Role from troposphere.iam import Group t = Template() t.add_version("2010-09-09") t.add_description("""\ IAM""") craftInstanceProfile = t.add_resource(InstanceProfile( "craftInstanceProfile", Path="/", Roles=[Ref("craftIamRole")], )) BastionInstanceProfile = t.add_resource(InstanceProfile( "BastionInstanceProfile", Path="/", Roles=[Ref("BastionIamRole")], )) BastionIamRole = t.add_resource(Role( "BastionIamRole", Path="/",
#!/usr/bin/env python from confu import atlas from troposphere import ( Template, FindInMap, GetAtt, Ref, Parameter, Join, Base64, Select, Output, ec2 as ec2 ) template = Template() template.add_description('kafka') atlas.infra_params(template) # ssh_key, Env, Silo atlas.conf_params(template) # Conf Name, Conf Version, Conf tarball bucket atlas.instance_params( template, roles_default=['kafka', ], iam_default='kafka', ) atlas.scaling_params(template) atlas.mappings( template, accounts=[atlas.poundpay], ) kafka_secgrp = atlas.instance_secgrp( template,
def create_template(): t = Template() t.add_description("The individual CodeBuild stack for CBuildCI.") p_build_description = t.add_parameter( Parameter( "BuildDescription", Description="Used for the CodeBuild project description.", Type="String", )) p_api_lambda_role = t.add_parameter( Parameter( "ApiLambdaRole", Description= "The IAM role used by the API lambda function, which will receive permission to monitor builds.", Type="String", )) p_step_lambda_role = t.add_parameter( Parameter( "StepLambdaRole", Description= "The IAM role used by the lambda function, which will receive permission to start, stop and monitor builds.", Type="String", )) p_source_bucket = t.add_parameter( Parameter( "SourceBucket", Type="String", )) p_source_key_prefix = t.add_parameter( Parameter( "SourceKeyPrefix", Type="String", Default="github-source/", )) p_artifact_bucket = t.add_parameter( Parameter( "ArtifactBucket", Type="String", )) p_artifact_key_prefix = t.add_parameter( Parameter( "ArtifactKeyPrefix", Type="String", Default="github-artifacts/", )) p_cache_bucket = t.add_parameter(Parameter( "CacheBucket", Type="String", )) p_cache_key_prefix = t.add_parameter( Parameter( "CacheKeyPrefix", Type="String", Default="github-cache/", )) p_logs_retention_days = t.add_parameter( Parameter( "LogsRetentionDays", Description= "Number of days to keep CloudWatch logs for this stack's lambda function.", Type="Number", Default="30", )) p_code_build_role_policy_arns = t.add_parameter( Parameter( "CodeBuildRolePolicyArns", Description= "Optional list of IAM managed policy ARNs to attach to the CodeBuild role.", Type="String", Default="-NONE-", )) p_read_ecr_arns = t.add_parameter( Parameter( "ReadECRArns", Description= "ECS Repository ARNs to give CodeBuild permission to pull images from.", Type="String", Default="-NONE-", )) p_read_s3_arns = t.add_parameter( Parameter( "ReadS3Arns", Description="S3 ARNs to give CodeBuild permission to S3.", Type="String", Default="-NONE-", )) p_read_ssm_param_arns = t.add_parameter( Parameter( "ReadSSMParamArns", Description="SSM parameters to give CodeBuild permission to read.", Type="String", Default="-NONE-", )) p_read_kms_arns = t.add_parameter( Parameter( "ReadKMSArns", Description="KMS keys to give CodeBuild permission to decrypt.", Type="String", Default="-NONE-", )) p_vpc = t.add_parameter( Parameter( "VPC", Description="Optional VPC to use for CodeBuild.", Type="String", Default="-NONE-", )) p_security_groups = t.add_parameter( Parameter( "SecurityGroups", Description="Security groups to use for CodeBuild.", Type="String", Default="-NONE-", )) p_subnets = t.add_parameter( Parameter( "Subnets", Description="Subnets to use for CodeBuild.", Type="String", Default="-NONE-", )) t.add_condition( "HasCodeBuildRolePolicyArns", Not(Equals(Ref(p_code_build_role_policy_arns), "-NONE-")), ) t.add_condition( "HasReadECRArns", Not(Equals(Ref(p_read_ecr_arns), "-NONE-")), ) t.add_condition( "HasReadS3Arns", Not(Equals(Ref(p_read_s3_arns), "-NONE-")), ) t.add_condition( "HasReadSSMParamArns", Not(Equals(Ref(p_read_ssm_param_arns), "-NONE-")), ) t.add_condition( "HasReadKMSArns", Not(Equals(Ref(p_read_kms_arns), "-NONE-")), ) t.add_condition( "HasVPC", Not(Equals(Ref(p_vpc), "-NONE-")), ) # Replace with custom tags if desired. tags = build_tags_list(t) r_log_group = t.add_resource( LogGroup( "CodeBuildLogGroup", LogGroupName=Sub("/aws/codebuild/${AWS::StackName}"), RetentionInDays=Ref(p_logs_retention_days), )) r_code_build_role = t.add_resource( Role( "CodeBuildRole", AssumeRolePolicyDocument=PolicyDocument( Version="2012-10-17", Statement=[ Statement( Effect=Allow, Action=[ac_sts.AssumeRole], Principal=Principal("Service", ["codebuild.amazonaws.com"]), ), ], ), ManagedPolicyArns=If( "HasCodeBuildRolePolicyArns", Split(",", Ref(p_code_build_role_policy_arns)), NoValue, ), Policies=[ Policy( PolicyName="code-build-policy", PolicyDocument={ "Statement": [ Statement( Effect=Allow, Resource=[ GetAtt(r_log_group, "Arn"), ], Action=[ ac_logs.CreateLogGroup, ac_logs.CreateLogStream, ac_logs.PutLogEvents, ], ), Statement( Effect=Allow, Resource=[ Sub( ac_s3.ARN(resource="${%s}/${%s}*" % ( p_source_bucket.title, p_source_key_prefix.title, ), )), ], Action=[ ac_s3.GetObject, ac_s3.GetObjectVersion, ], ), Statement( Effect=Allow, Resource=[ Sub( ac_s3.ARN(resource="${%s}/${%s}*" % ( p_artifact_bucket.title, p_artifact_key_prefix.title, ), )), Sub( ac_s3.ARN(resource="${%s}/${%s}*" % ( p_cache_bucket.title, p_cache_key_prefix.title, ), )), ], Action=[ ac_s3.GetObject, ac_s3.GetObjectVersion, ac_s3.PutObject, ], ), If( "HasReadECRArns", { "Effect": Allow, "Resource": Split(",", Ref(p_read_ecr_arns)), "Action": [ ac_ecr.BatchCheckLayerAvailability, ac_ecr.BatchGetImage, ac_ecr.GetDownloadUrlForLayer, ], }, NoValue, ), If( "HasReadS3Arns", { "Effect": Allow, "Resource": Split(",", Ref(p_read_s3_arns)), "Action": [ ac_s3.ListBucket, ac_s3.GetObject, ac_s3.GetObject, ac_s3.GetObjectVersion, ], }, NoValue, ), If( "HasReadSSMParamArns", { "Effect": Allow, "Resource": Split(",", Ref(p_read_ssm_param_arns)), "Action": [ ac_ssm.GetParameter, ], }, NoValue, ), If( "HasReadKMSArns", { "Effect": Allow, "Resource": Split(",", Ref(p_read_kms_arns)), "Action": [ ac_kms.Decrypt, ], }, NoValue, ), ] }, ), ], )) r_code_build = t.add_resource( Project( "CodeBuild", Name=Ref("AWS::StackName"), Description=Ref(p_build_description), ServiceRole=Ref(r_code_build_role), Source=Source(Type="CODEPIPELINE", ), Artifacts=Artifacts(Type="CODEPIPELINE", ), VpcConfig=If( "HasVPC", VpcConfig( VpcId=Ref(p_vpc), Subnets=Ref(p_subnets), SecurityGroupIds=Ref(p_security_groups), ), NoValue, ), Environment=CodeBuildEnvironment( Type="LINUX_CONTAINER", ComputeType="BUILD_GENERAL1_SMALL", Image="aws/codebuild/ubuntu-base:14.04", ), Tags=tags, )) t.add_resource( PolicyType( "ApiLambdaRolePolicy", Roles=[ Ref(p_api_lambda_role), ], PolicyName=Sub("${AWS::StackName}-policy"), PolicyDocument=PolicyDocument(Statement=[ Statement( Effect=Allow, Resource=[GetAtt(r_code_build, "Arn")], Action=[ ac_codebuild.BatchGetBuilds, ], ), Statement( Effect=Allow, Resource=[ GetAtt(r_log_group, "Arn"), ], Action=[ ac_logs.GetLogEvents, ], ), ], ), )) t.add_resource( PolicyType( "StepLambdaRolePolicy", Roles=[ Ref(p_step_lambda_role), ], PolicyName=Sub("${AWS::StackName}-policy"), PolicyDocument=PolicyDocument(Statement=[ Statement( Effect=Allow, Resource=[GetAtt(r_code_build, "Arn")], Action=[ ac_codebuild.StartBuild, ac_codebuild.StopBuild, ac_codebuild.BatchGetBuilds, ], ), ], ), )) t.add_output(Output( "CodeBuildProjectName", Value=Ref(r_code_build), )) t.add_output(Output( "CodeBuildArn", Value=GetAtt(r_code_build, "Arn"), )) return t
import json # Declaring variable to which everything is loaded from the config json file(argument) jsondata = '' instances = '' # Fetching values from json given as argument while this python is executed parser = argparse.ArgumentParser() parser.add_argument('filename') args = parser.parse_args() with open(args.filename) as file: jsondata = json.load(file) t = Template() t.add_version("2010-09-09") t.add_description( "CF to create %s EC2 instance(s) for %s environment" % (jsondata['NetworkInfo']['ServerName'], jsondata['NetworkInfo']['Env'])) # Get ZoneID, VPCID, SecurityGroupID and SubnetID based on the environment using boto3 client = boto3.client('ec2', region_name='us-east-1') route53client = boto3.client('route53') vpcdata = client.describe_vpcs( Filters=[{ 'Name': 'tag-value', 'Values': [jsondata['NetworkInfo']['VPCName']] }]) # Function to get the subnet id def get_subnet_id(VpcId, Type, AvailabilityZone):
from troposphere.iam import ( Group, ManagedPolicy, ) from awacs.aws import ( Action, Allow, Policy, Statement, ) t = Template() t.add_description("Effective DevOps in AWS: User Groups") t.add_resource( Group( "Admins", GroupName="Admins", ManagedPolicyArns=["arn:aws:iam::aws:policy/AdministratorAccess"], )) t.add_resource( ManagedPolicy( "CommonIamPolicy", Description="Common policy to manage IAM resources", PolicyDocument=Policy( Version="2012-10-17", Statement=[
# Converted from DynamoDB_Table.template located at: # http://aws.amazon.com/cloudformation/aws-cloudformation-templates/ from troposphere import Output, Parameter, Ref, Template from troposphere.dynamodb import (KeySchema, AttributeDefinition, ProvisionedThroughput) from troposphere.dynamodb import Table t = Template() t.add_description("AWS CloudFormation Sample Template: This template " "demonstrates the creation of a DynamoDB table.") hashkeyname = t.add_parameter( Parameter( "HaskKeyElementName", Description="HashType PrimaryKey Name", Type="String", AllowedPattern="[a-zA-Z0-9]*", MinLength="1", MaxLength="2048", ConstraintDescription="must contain only alphanumberic characters")) hashkeytype = t.add_parameter( Parameter("HaskKeyElementType", Description="HashType PrimaryKey Type", Type="String", Default="S", AllowedPattern="[S|N]", MinLength="1", MaxLength="1",
from awacs.aws import Action, Allow, Policy, Principal, Statement from troposphere import ( Template, applicationautoscaling, cloudwatch, cloudformation, ec2, ecs, elasticloadbalancingv2, iam, logs, ssm, Equals, GetAZs, GetAtt, If, ImportValue, Join, Not, Parameter, Ref, Select, Sub ) from uuid import uuid4 t = Template() t.add_description("ecs-apache service") def update_dummy_wch(template): template.add_resource(cloudformation.WaitConditionHandle( str(uuid4()).replace("-", "") )) update_dummy_wch(t) # PARAMETERS container_name = t.add_parameter(Parameter( "ContainerName", AllowedPattern="^.+$", Type="String", Description="Container name", Default="NONE" )) container_port = t.add_parameter(Parameter(
from troposphere import ( Parameter, Ref, Template, Join, ImportValue, Select, Split, ) from awacs.sts import AssumeRole t = Template() t.add_description("ECS service - Helloworld") t.add_parameter( Parameter("Tag", Type="String", Default="latest", Description="Tag to deploy")) t.add_resource( TaskDefinition( "task", ContainerDefinitions=[ ContainerDefinition( Image=Join("", [ Ref("AWS::AccountId"), ".dkr.ecr.", Ref("AWS::Region"), ".amazonaws.com", "/",
def create(): es = Template() es.add_description("Stack defining the elasticsearch instance") # Get latest AMIs def getAMI(region): AMIMap = {} print("Getting latest AMZN linux AMI in %s" % region) ec2conn = boto.ec2.connect_to_region(region) images = ec2conn.get_all_images(owners=["amazon"], filters={"name": "amzn-ami-hvm-*.x86_64-gp2"}) latestDate = "" latestAMI = "" for image in images: if image.creationDate > latestDate: latestDate = image.creationDate latestAMI = image.id AMIMap[region] = {"id": latestAMI} return AMIMap # Create AMI Map es.add_mapping("AMIMap",getAMI(region)) # Create es VPC esVPC = es.add_resource( VPC( "esVPC", CidrBlock="10.0.0.0/16", Tags=Tags( Name="esVPC" ) ) ) # Create es IGW esIGW = es.add_resource( InternetGateway( "esIGW" ) ) # Attach IGW to VPC esIGWAttachment = es.add_resource( VPCGatewayAttachment( "esIGWAttachment", VpcId=Ref(esVPC), InternetGatewayId=Ref(esIGW) ) ) # Create es Subnet esSubnet = es.add_resource( Subnet( "esSubnet", CidrBlock="10.0.0.0/24", VpcId=Ref(esVPC) ) ) # Create es RTB esRTB = es.add_resource( RouteTable( "esRTB", VpcId=Ref(esVPC) ) ) # Create route to IGW esDefaultRoute = es.add_resource( Route( "esDefaultRoute", DependsOn="esIGWAttachment", GatewayId=Ref(esIGW), DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(esRTB) ) ) # Associate RTB with Subnet esSubnetRTBAssociation = es.add_resource( SubnetRouteTableAssociation( "esSubnetRTBAssociation", SubnetId=Ref(esSubnet), RouteTableId=Ref(esRTB) ) ) # Create es Security Group esSecurityGroup = es.add_resource( SecurityGroup( "esSecurityGroup", GroupDescription="Allow inbound access on port 9200", SecurityGroupIngress=[ SecurityGroupRule( IpProtocol="tcp", FromPort="9200", ToPort="9200", CidrIp="0.0.0.0/0" ) ], VpcId=Ref(esVPC) ) ) # Create es instance metadata esInstanceMetadata = Metadata( Init( # Use ConfigSets to ensure GPG key and repo file are in place # before trying to install elasticsearch InitConfigSets( ordered=["first","second"] ), first=InitConfig( files=InitFiles( { # cfn-hup notices when the cloudformation stack is changed "/etc/cfn/cfn-hup.conf": InitFile( content=Join("", [ "[main]\n", "stack=",Ref("AWS::StackName"),"\n", "region=",Ref("AWS::Region"),"\n" ] ), mode="000400", owner="root", group="root" ), # cfn-hup will then trigger cfn-init to run. # This lets us update the instance just by updating the stack "/etc/cfn/hooks.d/cfn-auto-reloader.conf": InitFile( content=Join("", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.esInstance.Metadata\n", "action=/opt/aws/bin/cfn-init -v --stack ", Ref("AWS::StackName"), " ", "--resource esInstance ", "--region ", Ref("AWS::Region"), " ", "--c ordered\n" "runas=root\n" ] ), mode="000400", owner="root", group="root" ), # repo file for elastic search "/etc/yum.repos.d/elasticsearch.repo": InitFile( content=Join("", [ "[elasticsearch-2.x]\n", "name=Elasticsearch repository for 2.x packages\n", "baseurl=http://packages.elastic.co/elasticsearch/2.x/centos\n", "gpgcheck=1\n", "gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch\n", "enabled=1\n" ] ), mode="000400", owner="root", group="root" ) } ), commands={ # Install elasticsearch key so package will install "installGPG": { "command": "rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch" } } ), second=InitConfig( packages={ "yum": { # Install elasticsearch "elasticsearch": [], } }, commands={ # Enable external access to elasticsearch "listenOnAllinterfaces": { "command": "echo \"network.host: 0.0.0.0\" >> /etc/elasticsearch/elasticsearch.yml" } }, services={ "sysvinit": InitServices( { "elasticsearch": InitService( enabled=True, ensureRunning=True ), "cfn-hup": InitService( enabled=True, ensureRunning=True, files=[ "/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf" ] ) } ) } ) ) ) # Create es Instance esInstance = es.add_resource( Instance( "esInstance", ImageId=FindInMap("AMIMap",Ref("AWS::Region"),"id"), InstanceType="t2.micro", Metadata=esInstanceMetadata, UserData=Base64( Join("", [ "#!/bin/bash\n", "/opt/aws/bin/cfn-init -v ", "--stack ", Ref("AWS::StackName"), " ", "--resource esInstance ", "--region ", Ref("AWS::Region"), " ", "-c ordered" ] ) ), NetworkInterfaces=[ NetworkInterfaceProperty( GroupSet=[ Ref(esSecurityGroup) ], AssociatePublicIpAddress="true", DeviceIndex="0", DeleteOnTermination="true", SubnetId=Ref(esSubnet), ) ], Tags=Tags( Name="esInstance" ) ) ) # Output address es.add_output( [Output ("esAddress", Description="Elastic Search address", Value=Join("", [ "http://", GetAtt("esInstance", "PublicIp"), ":9200/" ] ) ) ] ) return es
def main(): template = Template() template.add_version("2010-09-09") template.add_description( "AWS CloudFormation Sample Template: ELB with 2 EC2 instances") AddAMI(template) # Add the Parameters keyname_param = template.add_parameter(Parameter( "KeyName", Type="String", Default="mark", Description="Name of an existing EC2 KeyPair to " "enable SSH access to the instance", )) template.add_parameter(Parameter( "InstanceType", Type="String", Description="WebServer EC2 instance type", Default="m1.small", AllowedValues=[ "t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge", "cc1.4xlarge", "cc2.8xlarge", "cg1.4xlarge" ], ConstraintDescription="must be a valid EC2 instance type.", )) webport_param = template.add_parameter(Parameter( "WebServerPort", Type="String", Default="8888", Description="TCP/IP port of the web server", )) apiport_param = template.add_parameter(Parameter( "ApiServerPort", Type="String", Default="8889", Description="TCP/IP port of the api server", )) subnetA = template.add_parameter(Parameter( "subnetA", Type="String", Default="subnet-096fd06d" )) subnetB = template.add_parameter(Parameter( "subnetB", Type="String", Default="subnet-1313ef4b" )) VpcId = template.add_parameter(Parameter( "VpcId", Type="String", Default="vpc-82c514e6" )) # Define the instance security group instance_sg = template.add_resource( ec2.SecurityGroup( "InstanceSecurityGroup", GroupDescription="Enable SSH and HTTP access on the inbound port", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort=Ref(webport_param), ToPort=Ref(webport_param), CidrIp="0.0.0.0/0", ), ec2.SecurityGroupRule( IpProtocol="tcp", FromPort=Ref(apiport_param), ToPort=Ref(apiport_param), CidrIp="0.0.0.0/0", ), ] ) ) # Add the web server instance WebInstance = template.add_resource(ec2.Instance( "WebInstance", SecurityGroups=[Ref(instance_sg)], KeyName=Ref(keyname_param), InstanceType=Ref("InstanceType"), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), UserData=Base64(Ref(webport_param)), )) # Add the api server instance ApiInstance = template.add_resource(ec2.Instance( "ApiInstance", SecurityGroups=[Ref(instance_sg)], KeyName=Ref(keyname_param), InstanceType=Ref("InstanceType"), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), UserData=Base64(Ref(apiport_param)), )) # Add the application ELB ApplicationElasticLB = template.add_resource(elb.LoadBalancer( "ApplicationElasticLB", Name="ApplicationElasticLB", Scheme="internet-facing", Subnets=[Ref(subnetA), Ref(subnetB)] )) TargetGroupWeb = template.add_resource(elb.TargetGroup( "TargetGroupWeb", HealthCheckIntervalSeconds="30", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="10", HealthyThresholdCount="4", Matcher=elb.Matcher( HttpCode="200"), Name="WebTarget", Port=Ref(webport_param), Protocol="HTTP", Targets=[elb.TargetDescription( Id=Ref(WebInstance), Port=Ref(webport_param))], UnhealthyThresholdCount="3", VpcId=Ref(VpcId) )) TargetGroupApi = template.add_resource(elb.TargetGroup( "TargetGroupApi", HealthCheckIntervalSeconds="30", HealthCheckProtocol="HTTP", HealthCheckTimeoutSeconds="10", HealthyThresholdCount="4", Matcher=elb.Matcher( HttpCode="200"), Name="ApiTarget", Port=Ref(apiport_param), Protocol="HTTP", Targets=[elb.TargetDescription( Id=Ref(ApiInstance), Port=Ref(apiport_param))], UnhealthyThresholdCount="3", VpcId=Ref(VpcId) )) Listener = template.add_resource(elb.Listener( "Listener", Port="80", Protocol="HTTP", LoadBalancerArn=Ref(ApplicationElasticLB), DefaultActions=[elb.Action( Type="forward", TargetGroupArn=Ref(TargetGroupWeb) )] )) template.add_resource(elb.ListenerRule( "ListenerRuleApi", ListenerArn=Ref(Listener), Conditions=[elb.Condition( Field="path-pattern", Values=["/api/*"])], Actions=[elb.Action( Type="forward", TargetGroupArn=Ref(TargetGroupApi) )], Priority="1" )) template.add_output(Output( "URL", Description="URL of the sample website", Value=Join("", ["http://", GetAtt(ApplicationElasticLB, "DNSName")]) )) print(template.to_json())
from troposphere import (Base64, ec2, GetAtt, Join, Output, Parameter, Ref, Template, FindInMap) from troposphere.iam import (InstanceProfile, PolicyType as IAMPolicy, Role) from awacs.aws import (Action, Allow, Policy, PolicyDocument, Principal, Statement) from awacs.sts import AssumeRole AnsiblePlaybookFile = "ansible/frontServer.yml" ApplicationPort = "80" GithubAnsibleURL = "https://github.com/yoon2ix/cloudformation-ansible.git" VpcID = "vpc-0a93272040286fd79" SubnetID = "subnet-07f69f1a00576f7de" t = Template() t.add_description("Effective DevOps in AWS: Deploy Template") # Deploy Server for Ansible AnsiblePullCmd = "/usr/bin/ansible-pull -U {} {} -i localhost".format( GithubAnsibleURL, AnsiblePlaybookFile) # AWS IAM Profile cfnrole = t.add_resource( Role("CFNRole", AssumeRolePolicyDocument=PolicyDocument(Statement=[ Statement(Effect=Allow, Action=[AssumeRole], Principal=Principal("Service", ["ec2.amazonaws.com"])) ]))) cfninstanceprofile = t.add_resource(
#!/usr/bin/env python from __future__ import print_function from troposphere import Base64, Join, GetAtt from troposphere import Parameter, Ref, Template from troposphere import ec2, iam from troposphere.autoscaling import AutoScalingGroup, Tag from troposphere.autoscaling import LaunchConfiguration from troposphere.route53 import RecordSet, RecordSetGroup, AliasTarget import troposphere.elasticloadbalancing as elb templ = Template() templ.add_description('Kibana cloudformation template') instance_type = templ.add_parameter(Parameter( 'InstanceType', Type='String', Description='Instande type for instances', Default='m3.medium' )) key_name = templ.add_parameter(Parameter( 'KeyName', Type='AWS::EC2::KeyPair::KeyName', Description='Name of an existing EC2 KeyPair to enable SSH access', )) cluster_name = templ.add_parameter(Parameter(
import sys from troposphere import GetAtt, Join, Output, Parameter, Ref, Template from troposphere.s3 import Bucket, Private env = sys.argv[1] COMPONENT_NAME = env + "YaegarBooksSharedResources" t = Template(COMPONENT_NAME) t.add_version("2010-09-09") t.add_description(COMPONENT_NAME + " stacks") s3bucket = t.add_resource( Bucket("S3BucketSharedResources", AccessControl=Private)) t.add_output([ Output("S3bucketArn", Value=GetAtt(s3bucket, "Arn"), Description="Arn for S3") ]) print(t.to_json())
from troposphere.logs import MetricFilter, MetricTransformation METRIC_NAMESPACE = "BBC/CHAOS-LAMBDA" t = Template() log_group = t.add_parameter( Parameter( "LambdaLogGroupName", Description="The name of the log group for the lambda function.", Type="String", ) ) t.add_description( "Metrics and filters for Chaos Lambda" ) lambda_metrics = { "liveliness": { "FilterPattern": ( "[datetime, event=\"triggered\", ...]" ), "MetricTransformations": [ MetricTransformation( MetricNamespace=METRIC_NAMESPACE, MetricName="triggered", MetricValue="1", ) ] }
from troposphere.events import Rule, Target from troposphere.iam import Role, Policy from troposphere.logs import LogGroup from troposphere.s3 import Bucket from troposphere.sns import Subscription, Topic from troposphere import GetAtt, Join, Split, Output, Sub, utils, logs, Ref, Export from troposphere import Ref, Template, Parameter from troposphere.cognito import UserPool, UserPoolClient, UserPoolGroup, UserPoolUser, \ UserPoolUserToGroupAttachment, CognitoIdentityProvider, IdentityPool, IdentityPoolRoleAttachment, RoleMapping from troposphere.iam import Role, Policy t = Template() t.add_version("2010-09-09") t.add_description("AWS CloudFormation pVideoDashboard stack. (1 step)") #### PARAMETER #### # mettere Enable cloudWatch alarm # mettere Enable status_trigger suffixcf = "cf" suffix_work = "-work" log_group_name = "pVideoDashboardLogGroup" # ansible_module.params['log_group_name'] s3_bucket_name = "pvideodashboard" # ansible_module.params['s3_bucket_name'] ca_cluster_identifier = "ca-dev-frank-cloudanalyticsredshiftcluster-jlt2fskwsdso" subnets_array_lambda = "subnet-00670b6b,subnet-8574d0f8" # ansible_module.params['private_subnet_ids'].split(",") security_group_lambda = "sg-17fd397a" # ansible_module.params['security_group_lambda'] lambda_memory = 512 # ansible_module.params['lambda_memory'], lambda_timeout = 300 # ansible_module.params['lambda_timeout'],
import yaml import troposphere.emr as emr from troposphere import GetAtt, Output, Parameter, Ref, Tags, Template import cloudformation.troposphere.utils as utils # load config cfg = yaml.load(resource_string('config', 'generic_emr_config.yml')) networking_resources = utils.get_stack_resources( stack_name=cfg['networking_stack_name']) STACK_NAME = cfg['stack_name'] template = Template() description = 'Stack containing EMR with conda in all nodes' template.add_description(description) template.add_version('2010-09-09') instances = template.add_parameter( Parameter('Instances', Type='Number', Description='Number of core instances', MaxValue='10')) cluster = template.add_resource( emr.Cluster( 'Cluster', Name='Generic Cluster', ReleaseLabel=cfg['version'], JobFlowRole='GenericEMRInstanceProfile', ServiceRole='GenericEMRServiceRole',
from troposphere.constants import NUMBER from troposphere import Output, Parameter, Ref, Template, GetAtt from troposphere import Join import troposphere.kinesis as kinesis from troposphere.sqs import Queue, QueuePolicy from troposphere.awslambda import Function, Code, MEMORY_VALUES, EventSourceMapping from troposphere.iam import Role, Policy, PolicyType template = Template() template.add_description("AWS CloudFormation Template: " "Kinesis Stream + Lambda + SQS.") s3_bucket = template.add_parameter( Parameter( "CodeS3Bucket", Description="Name of code bucket", Type="String")) s3_key = template.add_parameter( Parameter("CodeS3Key", Description="Name of code zip file", Type="String")) s3_object_version_id = template.add_parameter( Parameter( "CodeS3ObjectVersionID", Description="Version ID of zip file", Type="String")) memory_size = template.add_parameter( Parameter( 'LambdaMemorySize', Type=NUMBER, Description='Amount of memory to allocate to the Lambda Function',
from troposphere import Ref, Template, Tags, Join from troposphere.ec2 import VPC, Subnet, NetworkAcl, NetworkAclEntry, InternetGateway, \ VPCGatewayAttachment, RouteTable, Route, SubnetRouteTableAssociation, SubnetNetworkAclAssociation VPC_NETWORK = "172.20.0.0/16" VPC_PRIVATE_A = "172.20.1.0/24" VPC_PRIVATE_B = "172.20.2.0/24" VPC_PRIVATE_C = "172.20.3.0/24" VPC_PUBLIC_A = "172.20.128.0/24" VPC_PUBLIC_B = "172.20.129.0/24" VPC_PUBLIC_C = "172.20.130.0/24" t = Template() t.add_description("Stack creating a basic VPC") vpc = t.add_resource(VPC( "VPC", CidrBlock=VPC_NETWORK, InstanceTenancy="default", EnableDnsSupport=True, EnableDnsHostnames=False, Tags=Tags( Name=Ref("AWS::StackName") ) )) # internet gateway internetGateway = t.add_resource(InternetGateway( "InternetGateway", Tags=Tags(
# Converted from S3_Bucket.template located at: # http://aws.amazon.com/cloudformation/aws-cloudformation-templates/ from troposphere import Output, Ref, Template from troposphere.s3 import Bucket, PublicRead t = Template() t.add_description( "AWS CloudFormation Sample Template S3_Bucket: Sample template showing " "how to create a publicly accessible S3 bucket. " "**WARNING** This template creates an Amazon S3 Bucket. " "You will be billed for the AWS resources used if you create " "a stack from this template.") s3bucket = t.add_resource(Bucket("S3Bucket", AccessControl=PublicRead,)) t.add_output(Output( "BucketName", Value=Ref(s3bucket), Description="Name of S3 bucket to hold website content" )) print(t.to_json())
"""Generating CloudFormation template.""" from troposphere import (Export, Join, Output, Parameter, Ref, Template) from troposphere.ecr import Repository t = Template() t.add_description("ECR Repository") t.add_parameter( Parameter("RepoName", Type="String", Description="Name of the ECR repository to create")) t.add_resource(Repository("Repository", RepositoryName=Ref("RepoName"))) t.add_output( Output( "Repository", Description="ECR repository", Value=Ref("RepoName"), Export=Export(Join("-", [Ref("RepoName"), "repo"])), )) print(t.to_json())
# Converted from Redshift.template located at: # http://aws.amazon.com/cloudformation/aws-cloudformation-templates/ from troposphere import Template, Parameter, Ref, Equals from troposphere import If, Output, Join, GetAtt from troposphere.redshift import Cluster, ClusterParameterGroup from troposphere.redshift import AmazonRedshiftParameter, ClusterSubnetGroup from troposphere.ec2 import VPC, Subnet, InternetGateway, VPCGatewayAttachment from troposphere.ec2 import SecurityGroup, SecurityGroupIngress t = Template() t.add_version("2010-09-09") t.add_description( "AWS CloudFormation Sample Template: Redshift cluster in a VPC") dbname = t.add_parameter(Parameter( "DatabaseName", Description="The name of the first database to be created when the " "redshift cluster is created", Type="String", Default="defaultdb", AllowedPattern="([a-z]|[0-9])+", )) clustertype = t.add_parameter(Parameter( "ClusterType", Description="The type of the cluster", Type="String", Default="single-node",
from troposphere import Template, Ref, Output, GetAtt from troposphere.iam import AccessKey, User tpl = Template() tpl.add_version('2010-09-09') tpl.add_description( "Create a CircleCI user with access to S3 bucket." ) # Resources superuser = tpl.add_resource(User( title='czpycon2015circleci', )) access_keys = tpl.add_resource(AccessKey( "Troposphere", Status="Active", UserName=Ref(superuser)) ) # Outputs tpl.add_output(Output( "AccessKey", Value=Ref(access_keys), Description="AWSAccessKeyId", )) tpl.add_output(Output( "SecretKey", Value=GetAtt(access_keys, "SecretAccessKey"), Description="AWSSecretKey",
from troposphere import Template, Parameter, Ref, Tags, Output, GetAtt, ec2 import template_utils as utils import troposphere.autoscaling as asg import troposphere.cloudwatch as cw import troposphere.elasticloadbalancing as elb t = Template() t.add_version('2010-09-09') t.add_description('An application server stack for the nyc-trees project.') # # Parameters # color_param = t.add_parameter(Parameter( 'StackColor', Type='String', Description='Stack color', AllowedValues=['Blue', 'Green'], ConstraintDescription='must be either Blue or Green' )) vpc_param = t.add_parameter(Parameter( 'VpcId', Type='String', Description='Name of an existing VPC' )) keyname_param = t.add_parameter(Parameter( 'KeyName', Type='String', Default='nyc-trees-stg', Description='Name of an existing EC2 key pair' )) notification_arn_param = t.add_parameter(Parameter(
Join, Ref, Template ) from troposphere.codebuild import ( Artifacts, Environment, Project, Source ) from troposphere.iam import Role t = Template() t.add_description("Effective DevOps in AWS: CodeBuild - Helloworld container") t.add_resource(Role( "ServiceRole", AssumeRolePolicyDocument=Policy( Statement=[ Statement( Effect=Allow, Action=[AssumeRole], Principal=Principal("Service", ["codebuild.amazonaws.com"]) ) ] ), Path="/", ManagedPolicyArns=[ 'arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess',
class Wordpress(object): def __init__(self, sceptre_user_data): self.template = Template() self.template.add_description("VPC Stack") self.sceptreUserData = sceptre_user_data self.environment = self.sceptreUserData['environment'] self.add_parameters() self.defaultTags = [Tag('Contact', Ref(self.ownerEmailParam))] self.namePrefix = Join( "", [Ref(self.ownerNameParam), self.sceptreUserData['environment']]) self.add_elb() self.add_security_groups() self.add_rds() self.add_autoscaling_group() self.add_outputs() def add_parameters(self): t = self.template self.vpcIdParam = t.add_parameter( Parameter( "vpcId", Type="String", Description="The VPC ID.", )) self.keyPairParam = t.add_parameter( Parameter( "keyPair", Type="AWS::EC2::KeyPair::KeyName", Description= "Name of an existing EC2 KeyPair to enable SSH access to the instances.", )) self.ownerNameParam = t.add_parameter( Parameter('ownerName', Type='String')) self.ownerEmailParam = t.add_parameter( Parameter('ownerEmail', Type='String')) self.dbMultiAzParam = t.add_parameter( Parameter( "dbMultiAz", Default='false', Type="String", Description="The WordPress database admin account password", AllowedValues=['true', 'false'], ConstraintDescription="Must be either ture or false.")) self.dbNameParam = t.add_parameter( Parameter( "dbName", Type="String", Default="wordpressdb", Description="The WordPress database name", MinLength=1, MaxLength=64, AllowedPattern="[a-zA-Z][a-zA-Z0-9]*", ConstraintDescription= "Must begin with a letter and contain only alphanumeric characters." )) self.dbUserParam = t.add_parameter( Parameter( "dbUser", Type="String", Description="The WordPress database admin account username", MinLength=1, MaxLength=16, AllowedPattern="[a-zA-Z][a-zA-Z0-9]*", ConstraintDescription= "Must begin with a letter and contain only alphanumeric characters." )) self.dbPasswordParam = t.add_parameter( Parameter( "dbPassword", NoEcho=True, Type="String", Description="The WordPress database admin account password", MinLength=6, AllowedPattern="[a-zA-Z0-9]*", ConstraintDescription= "Must only contain alphanumeric characters.")) self.dbStorageParam = t.add_parameter( Parameter("dbStorage", NoEcho=True, Type="Number", Description="The size of the WordPress database in Gb.", Default='5', MinValue='5', MaxValue='1024')) self.vpnSgIdParam = t.add_parameter( Parameter("vpnSgId", Type="String", Description="The ID of the VPN security group.")) def add_elb(self): t = self.template self.elbSg = t.add_resource( SecurityGroup( 'ElbSecurityGroup', VpcId=Ref(self.vpcIdParam), GroupDescription='Security group for ELB.', SecurityGroupIngress=[ SecurityGroupRule(ToPort='80', FromPort='80', IpProtocol='tcp', CidrIp="0.0.0.0/0") #TODO HTTPS ], Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'ElbSecurityGroup'])) ])) self.elbListener = Listener('ElbListener', LoadBalancerPort="80", InstancePort="80", Protocol="HTTP", InstanceProtocol="HTTP") self.elbHealthCheck = HealthCheck(Target="TCP:80", Timeout="2", Interval="5", HealthyThreshold="2", UnhealthyThreshold="2") publicSubnetIds = [ self.sceptreUserData['subnets']['publicInfraAZ1Id'], self.sceptreUserData['subnets']['publicInfraAZ2Id'], self.sceptreUserData['subnets']['publicInfraAZ3Id'] ] self.elb = t.add_resource( LoadBalancer('Elb', Listeners=[self.elbListener], Scheme='internet-facing', HealthCheck=self.elbHealthCheck, CrossZone=True, Subnets=publicSubnetIds, SecurityGroups=[Ref(self.elbSg)], Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'Elb']))])) return 0 def add_security_groups(self): t = self.template self.asgSg = t.add_resource( SecurityGroup( 'AsgSg', VpcId=Ref(self.vpcIdParam), GroupDescription='Security group for ASG.', SecurityGroupIngress=[ SecurityGroupRule(ToPort='80', FromPort='80', IpProtocol='tcp', SourceSecurityGroupId=Ref(self.elbSg)), SecurityGroupRule(ToPort='22', FromPort='22', IpProtocol='tcp', SourceSecurityGroupId=Ref( self.vpnSgIdParam)) #TODO HTTPS ], Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'AsgSg']))])) self.rdsSg = t.add_resource( SecurityGroup('RdsSg', VpcId=Ref(self.vpcIdParam), GroupDescription='Security group for RDS.', SecurityGroupIngress=[ SecurityGroupRule(ToPort='3306', FromPort='3306', IpProtocol='tcp', SourceSecurityGroupId=Ref( self.asgSg)) ], Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'RdsSg']))])) return 0 def add_rds(self): t = self.template dbSubnetIds = [ self.sceptreUserData['subnets']['privateDataAZ1Id'], self.sceptreUserData['subnets']['privateDataAZ2Id'], self.sceptreUserData['subnets']['privateDataAZ3Id'] ] self.rdsSubnetGroup = t.add_resource( DBSubnetGroup( 'DbSubnetGroup', DBSubnetGroupDescription='Subnet group for RDS.', SubnetIds=dbSubnetIds, Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'DbSubnetGroup']))])) self.rds = t.add_resource( DBInstance('RdsInstance', AllocatedStorage=Ref(self.dbStorageParam), DBInstanceClass='db.t2.micro', DBName=Ref(self.dbNameParam), DBSubnetGroupName=Ref(self.rdsSubnetGroup), VPCSecurityGroups=[Ref(self.rdsSg)], Engine='MySQL', EngineVersion='5.5.46', MasterUsername=Ref(self.dbUserParam), MasterUserPassword=Ref(self.dbPasswordParam), MultiAZ=Ref(self.dbMultiAzParam))) return 0 def add_autoscaling_group(self): t = self.template self.asgLaunchConfig = t.add_resource( LaunchConfiguration( 'ASGLaunchConfig', ImageId='ami-0b33d91d', #TODO Mapping for different regions InstanceMonitoring=False, AssociatePublicIpAddress=False, InstanceType="t2.micro", SecurityGroups=[Ref(self.asgSg)], KeyName=Ref(self.keyPairParam), UserData=Base64( Join( "", [ "#!/bin/bash -xe\n", "yum update -y aws-cfn-bootstrap\n", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref": "AWS::StackName" }, " --resource LaunchConfig ", " --configsets wordpress_install ", " --region ", { "Ref": "AWS::Region" }, "\n", # "/opt/aws/bin/cfn-signal -e $? ", # " --stack ", { "Ref" : "AWS::StackName" }, # " --resource WebServerGroup ", # " --region ", { "Ref" : "AWS::Region" }, "\n" ])), Metadata=cfn.Metadata( cfn.Init( cfn.InitConfigSets(wordpress_install=[ 'install_cfn', 'install_chefdk', "install_chef", "install_wordpress", "run_chef" ]), install_cfn=cfn.InitConfig( # Starts cfn-hup daemon which detects changes in metadata # and runs user-specified actions when a change is detected. # This allows configuration updates through UpdateStack. # The cfn-hup.conf file stores the name of the stack and # the AWS credentials that the cfn-hup daemon targets. # The cfn-hup daemon parses and loads each file in the /etc/cfn/hooks.d directory. files={ "/etc/cfn/cfn-hup.conf": { "content": { "Fn::Join": [ "", [ "[main]\n", "stack=", { "Ref": "AWS::StackId" }, "\n", "region=", { "Ref": "AWS::Region" }, "\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { "content": { "Fn::Join": [ "", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref": "AWS::StackName" }, " --resource LaunchConfig ", " --configsets wordpress_install ", " --region ", { "Ref": "AWS::Region" }, "\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" } }, services={ "sysvinit": { "cfn-hup": { "enabled": "true", "ensureRunning": "true", "files": [ "/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf" ] } } }), install_chefdk=cfn.InitConfig( packages={ "rpm": { "chefdk": "https://opscode-omnibus-packages.s3.amazonaws.com/el/6/x86_64/chefdk-0.2.0-2.el6.x86_64.rpm" } }), install_chef=cfn.InitConfig( sources={ # Set up a local Chef repository on the instance. "/var/chef/chef-repo": "http://github.com/opscode/chef-repo/tarball/master" }, files={ # Chef installation file. "/tmp/install.sh": { "source": "https://www.opscode.com/chef/install.sh", "mode": "000400", "owner": "root", "group": "root" }, # Knife configuration file. "/var/chef/chef-repo/.chef/knife.rb": { "content": { "Fn::Join": [ "", [ "cookbook_path [ '/var/chef/chef-repo/cookbooks' ]\n", "node_path [ '/var/chef/chef-repo/nodes' ]\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, # Chef client configuration file. "/var/chef/chef-repo/.chef/client.rb": { "content": { "Fn::Join": [ "", [ "cookbook_path [ '/var/chef/chef-repo/cookbooks' ]\n", "node_path [ '/var/chef/chef-repo/nodes' ]\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" } }, commands={ # make the /var/chef directory readable, run the # Chef installation, and then start Chef local mode # by using the client.rb file that was created. # The commands are run in alphanumeric order. "01_make_chef_readable": { "command": "chmod +rx /var/chef" }, "02_install_chef": { "command": "bash /tmp/install.sh", "cwd": "/var/chef" }, "03_create_node_list": { "command": "chef-client -z -c /var/chef/chef-repo/.chef/client.rb", "cwd": "/var/chef/chef-repo", "env": { "HOME": "/var/chef" } } }), install_wordpress=cfn.InitConfig( # Installs WordPress by using a WordPress cookbook. files={ # knife.rb and client.rb files are overwritten to # point to the cookbooks that are required to install WordPress. "/var/chef/chef-repo/.chef/knife.rb": { "content": { "Fn::Join": [ "", [ "cookbook_path [ '/var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks' ]\n", "node_path [ '/var/chef/chef-repo/nodes' ]\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, "/var/chef/chef-repo/.chef/client.rb": { "content": { "Fn::Join": [ "", [ "cookbook_path [ '/var/chef/chef-repo/cookbooks/wordpress/berks-cookbooks' ]\n", "node_path [ '/var/chef/chef-repo/nodes' ]\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" }, # Specify the Amazon RDS database instance as the WordPress database "/var/chef/chef-repo/cookbooks/wordpress/attributes/aws_rds_config.rb": { "content": { "Fn::Join": [ "", [ "normal['wordpress']['db']['pass'] = '******'\n", "normal['wordpress']['db']['user'] = '******'\n", "normal['wordpress']['db']['host'] = '", GetAtt(self.rds, "Endpoint.Address"), "'\n", "normal['wordpress']['db']['name'] = '", Ref(self.dbNameParam), "'\n" ] ] }, "mode": "000400", "owner": "root", "group": "root" } }, commands={ "01_get_cookbook": { "command": "knife cookbook site download wordpress", "cwd": "/var/chef/chef-repo", "env": { "HOME": "/var/chef" } }, "02_unpack_cookbook": { "command": "tar xvfz /var/chef/chef-repo/wordpress*", "cwd": "/var/chef/chef-repo/cookbooks" }, "03_init_berkshelf": { "command": "berks init /var/chef/chef-repo/cookbooks/wordpress --skip-vagrant --skip-git", "cwd": "/var/chef/chef-repo/cookbooks/wordpress", "env": { "HOME": "/var/chef" } }, "04_vendorize_berkshelf": { "command": "berks vendor", "cwd": "/var/chef/chef-repo/cookbooks/wordpress", "env": { "HOME": "/var/chef" } }, "05_configure_node_run_list": { "command": "knife node run_list add -z `knife node list -z` recipe[wordpress]", "cwd": "/var/chef/chef-repo", "env": { "HOME": "/var/chef" } } }), run_chef=cfn.InitConfig( commands={ "01_run_chef_client": { "command": "chef-client -z -c /var/chef/chef-repo/.chef/client.rb", "cwd": "/var/chef/chef-repo", "env": { "HOME": "/var/chef" } } }))))) webserverSubnetIds = [ self.sceptreUserData['subnets']['privateWebAZ1Id'], self.sceptreUserData['subnets']['privateWebAZ2Id'], self.sceptreUserData['subnets']['privateWebAZ3Id'] ] self.webServerASG = t.add_resource( AutoScalingGroup( 'WebServerASG', LaunchConfigurationName=Ref(self.asgLaunchConfig), LoadBalancerNames=[Ref(self.elb)], MinSize='1', DesiredCapacity='2', Cooldown='1', MaxSize='5', UpdatePolicy=UpdatePolicy( AutoScalingRollingUpdate=AutoScalingRollingUpdate( MinInstancesInService="1")), VPCZoneIdentifier=webserverSubnetIds, Tags=[ ASTag('Contact', Ref(self.ownerEmailParam), True), ASTag('Name', Join("", [self.namePrefix, 'ASG']), True) ])) return 0 def add_outputs(self): t = self.template self.websiteUrl = t.add_output( Output('websiteUrl', Value=Join( '', ['http://', GetAtt(self.elb, 'DNSName')]), Description='Wordpress website URL.')) return 0
# Python script to generate the cloudformation template json file # This is not strictly needed, but it takes the pain out of writing a # cloudformation template by hand. It also allows for DRY approaches # to maintaining cloudformation templates. from troposphere import Ref, Template, Parameter, Output, Join, GetAtt, Tags import troposphere.ec2 as ec2 import configuration t = Template() t.add_description( 'Couchbase Servers' ) keynameparameter = t.add_parameter(Parameter( 'KeyNameParameter', Type='AWS::EC2::KeyPair::KeyName', Description='KeyName' )) subnetid1parameter = t.add_parameter(Parameter( 'SubnetId1Parameter', Type='AWS::EC2::Subnet::Id', Description='SubnetId' )) subnetid2parameter = t.add_parameter(Parameter( 'SubnetId2Parameter', Type='AWS::EC2::Subnet::Id', Description='SubnetId' ))
def main(): """ Create a ElastiCache Redis Node and EC2 Instance """ template = Template() # Description template.add_description( 'AWS CloudFormation Sample Template ElastiCache_Redis:' 'Sample template showIing how to create an Amazon' 'ElastiCache Redis Cluster. **WARNING** This template' 'creates an Amazon EC2 Instance and an Amazon ElastiCache' 'Cluster. You will be billed for the AWS resources used' 'if you create a stack from this template.') # Mappings template.add_mapping( 'AWSInstanceType2Arch', { 't1.micro': { 'Arch': 'PV64' }, 't2.micro': { 'Arch': 'HVM64' }, 't2.small': { 'Arch': 'HVM64' }, 't2.medium': { 'Arch': 'HVM64' }, 'm1.small': { 'Arch': 'PV64' }, 'm1.medium': { 'Arch': 'PV64' }, 'm1.large': { 'Arch': 'PV64' }, 'm1.xlarge': { 'Arch': 'PV64' }, 'm2.xlarge': { 'Arch': 'PV64' }, 'm2.2xlarge': { 'Arch': 'PV64' }, 'm2.4xlarge': { 'Arch': 'PV64' }, 'm3.medium': { 'Arch': 'HVM64' }, 'm3.large': { 'Arch': 'HVM64' }, 'm3.xlarge': { 'Arch': 'HVM64' }, 'm3.2xlarge': { 'Arch': 'HVM64' }, 'c1.medium': { 'Arch': 'PV64' }, 'c1.xlarge': { 'Arch': 'PV64' }, 'c3.large': { 'Arch': 'HVM64' }, 'c3.xlarge': { 'Arch': 'HVM64' }, 'c3.2xlarge': { 'Arch': 'HVM64' }, 'c3.4xlarge': { 'Arch': 'HVM64' }, 'c3.8xlarge': { 'Arch': 'HVM64' }, 'c4.large': { 'Arch': 'HVM64' }, 'c4.xlarge': { 'Arch': 'HVM64' }, 'c4.2xlarge': { 'Arch': 'HVM64' }, 'c4.4xlarge': { 'Arch': 'HVM64' }, 'c4.8xlarge': { 'Arch': 'HVM64' }, 'g2.2xlarge': { 'Arch': 'HVMG2' }, 'r3.large': { 'Arch': 'HVM64' }, 'r3.xlarge': { 'Arch': 'HVM64' }, 'r3.2xlarge': { 'Arch': 'HVM64' }, 'r3.4xlarge': { 'Arch': 'HVM64' }, 'r3.8xlarge': { 'Arch': 'HVM64' }, 'i2.xlarge': { 'Arch': 'HVM64' }, 'i2.2xlarge': { 'Arch': 'HVM64' }, 'i2.4xlarge': { 'Arch': 'HVM64' }, 'i2.8xlarge': { 'Arch': 'HVM64' }, 'd2.xlarge': { 'Arch': 'HVM64' }, 'd2.2xlarge': { 'Arch': 'HVM64' }, 'd2.4xlarge': { 'Arch': 'HVM64' }, 'd2.8xlarge': { 'Arch': 'HVM64' }, 'hi1.4xlarge': { 'Arch': 'HVM64' }, 'hs1.8xlarge': { 'Arch': 'HVM64' }, 'cr1.8xlarge': { 'Arch': 'HVM64' }, 'cc2.8xlarge': { 'Arch': 'HVM64' } }) template.add_mapping( 'AWSRegionArch2AMI', { 'us-east-1': { 'PV64': 'ami-0f4cfd64', 'HVM64': 'ami-0d4cfd66', 'HVMG2': 'ami-5b05ba30' }, 'us-west-2': { 'PV64': 'ami-d3c5d1e3', 'HVM64': 'ami-d5c5d1e5', 'HVMG2': 'ami-a9d6c099' }, 'us-west-1': { 'PV64': 'ami-85ea13c1', 'HVM64': 'ami-87ea13c3', 'HVMG2': 'ami-37827a73' }, 'eu-west-1': { 'PV64': 'ami-d6d18ea1', 'HVM64': 'ami-e4d18e93', 'HVMG2': 'ami-72a9f105' }, 'eu-central-1': { 'PV64': 'ami-a4b0b7b9', 'HVM64': 'ami-a6b0b7bb', 'HVMG2': 'ami-a6c9cfbb' }, 'ap-northeast-1': { 'PV64': 'ami-1a1b9f1a', 'HVM64': 'ami-1c1b9f1c', 'HVMG2': 'ami-f644c4f6' }, 'ap-southeast-1': { 'PV64': 'ami-d24b4280', 'HVM64': 'ami-d44b4286', 'HVMG2': 'ami-12b5bc40' }, 'ap-southeast-2': { 'PV64': 'ami-ef7b39d5', 'HVM64': 'ami-db7b39e1', 'HVMG2': 'ami-b3337e89' }, 'sa-east-1': { 'PV64': 'ami-5b098146', 'HVM64': 'ami-55098148', 'HVMG2': 'NOT_SUPPORTED' }, 'cn-north-1': { 'PV64': 'ami-bec45887', 'HVM64': 'ami-bcc45885', 'HVMG2': 'NOT_SUPPORTED' } }) template.add_mapping( 'Region2Principal', { 'us-east-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'us-west-2': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'us-west-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'eu-west-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'ap-southeast-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'ap-northeast-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'ap-southeast-2': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'sa-east-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' }, 'cn-north-1': { 'EC2Principal': 'ec2.amazonaws.com.cn', 'OpsWorksPrincipal': 'opsworks.amazonaws.com.cn' }, 'eu-central-1': { 'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com' } }) # Parameters cachenodetype = template.add_parameter( Parameter( 'ClusterNodeType', Description= 'The compute and memory capacity of the nodes in the Redis' ' Cluster', Type='String', Default='cache.m1.small', AllowedValues=[ 'cache.m1.small', 'cache.m1.large', 'cache.m1.xlarge', 'cache.m2.xlarge', 'cache.m2.2xlarge', 'cache.m2.4xlarge', 'cache.c1.xlarge' ], ConstraintDescription='must select a valid Cache Node type.', )) instancetype = template.add_parameter( Parameter( 'InstanceType', Description='WebServer EC2 instance type', Type='String', Default='t2.micro', AllowedValues=[ 't1.micro', 't2.micro', 't2.small', 't2.medium', 'm1.small', 'm1.medium', 'm1.large', 'm1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm3.medium', 'm3.large', 'm3.xlarge', 'm3.2xlarge', 'c1.medium', 'c1.xlarge', 'c3.large', 'c3.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'c4.large', 'c4.xlarge', 'c4.2xlarge', 'c4.4xlarge', 'c4.8xlarge', 'g2.2xlarge', 'r3.large', 'r3.xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'i2.xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'd2.xlarge', 'd2.2xlarge', 'd2.4xlarge', 'd2.8xlarge', 'hi1.4xlarge', 'hs1.8xlarge', 'cr1.8xlarge', 'cc2.8xlarge', 'cg1.4xlarge' ], ConstraintDescription='must be a valid EC2 instance type.', )) keyname = template.add_parameter( Parameter( 'KeyName', Description='Name of an existing EC2 KeyPair to enable SSH access' ' to the instance', Type='AWS::EC2::KeyPair::KeyName', ConstraintDescription= 'must be the name of an existing EC2 KeyPair.', )) sshlocation = template.add_parameter( Parameter('SSHLocation', Description='The IP address range that can be used to SSH to' ' the EC2 instances', Type='String', MinLength='9', MaxLength='18', Default='0.0.0.0/0', AllowedPattern='(\\d{1,3})\\.(\\d{1,3})\\.' '(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})', ConstraintDescription='must be a valid IP CIDR range of the' ' form x.x.x.x/x.')) # Resources webserverrole = template.add_resource( iam.Role( 'WebServerRole', AssumeRolePolicyDocument=Policy(Statement=[ Statement( Effect=Allow, Action=[AssumeRole], Principal=Principal('Service', [ FindInMap('Region2Principal', Ref('AWS::Region'), 'EC2Principal') ]), ) ]), Path='/', )) template.add_resource( iam.PolicyType( 'WebServerRolePolicy', PolicyName='WebServerRole', PolicyDocument=awacs.aws.Policy(Statement=[ awacs.aws.Statement(Action=[ awacs.aws.Action("elasticache", "DescribeCacheClusters") ], Resource=["*"], Effect=awacs.aws.Allow) ]), Roles=[Ref(webserverrole)], )) webserverinstanceprofile = template.add_resource( iam.InstanceProfile( 'WebServerInstanceProfile', Path='/', Roles=[Ref(webserverrole)], )) webserversg = template.add_resource( ec2.SecurityGroup('WebServerSecurityGroup', GroupDescription='Enable HTTP and SSH access', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp=Ref(sshlocation), ), ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='80', ToPort='80', CidrIp='0.0.0.0/0', ) ])) webserverinstance = template.add_resource( ec2.Instance( 'WebServerInstance', Metadata=cloudformation.Metadata( cloudformation.Init({ 'config': cloudformation.InitConfig( packages={ 'yum': { 'httpd': [], 'php': [], 'php-devel': [], 'gcc': [], 'make': [] } }, files=cloudformation.InitFiles({ '/var/www/html/index.php': cloudformation. InitFile(content=Join('', [ '<?php\n', 'echo \"<h1>AWS CloudFormation sample' ' application for Amazon ElastiCache' ' Redis Cluster</h1>\";\n', '\n', '$cluster_config = json_decode(' 'file_get_contents(\'/tmp/cacheclusterconfig\'' '), true);\n', '$endpoint = $cluster_config[\'CacheClusters' '\'][0][\'CacheNodes\'][0][\'Endpoint\'][\'Add' 'ress\'];\n', '$port = $cluster_config[\'CacheClusters\'][0]' '[\'CacheNodes\'][0][\'Endpoint\'][\'Port\'];' '\n', '\n', 'echo \"<p>Connecting to Redis Cache Cluster ' 'node \'{$endpoint}\' on port {$port}</p>\";' '\n', '\n', '$redis=new Redis();\n', '$redis->connect($endpoint, $port);\n', '$redis->set(\'testkey\', \'Hello World!\');' '\n', '$return = $redis->get(\'testkey\');\n', '\n', 'echo \"<p>Retrieved value: $return</p>\";' '\n', '?>\n' ]), mode='000644', owner='apache', group='apache'), '/etc/cron.d/get_cluster_config': cloudformation.InitFile( content='*/5 * * * * root' ' /usr/local/bin/get_cluster_config', mode='000644', owner='root', group='root'), '/usr/local/bin/get_cluster_config': cloudformation.InitFile(content=Join( '', [ '#! /bin/bash\n', 'aws elasticache describe-cache-clusters ', ' --cache-cluster-id ', Ref('RedisCluster'), ' --show-cache-node-info' ' --region ', Ref('AWS::Region'), ' > /tmp/cacheclusterconfig\n' ]), mode='000755', owner='root', group='root'), '/usr/local/bin/install_phpredis': cloudformation.InitFile(content=Join( '', [ '#! /bin/bash\n', 'cd /tmp\n', 'wget https://github.com/nicolasff/' 'phpredis/zipball/master -O phpredis.zip' '\n', 'unzip phpredis.zip\n', 'cd nicolasff-phpredis-*\n', 'phpize\n', './configure\n', 'make && make install\n', 'touch /etc/php.d/redis.ini\n', 'echo extension=redis.so > /etc/php.d/' 'redis.ini\n' ]), mode='000755', owner='root', group='root'), '/etc/cfn/cfn-hup.conf': cloudformation.InitFile(content=Join( '', [ '[main]\n', 'stack=', Ref('AWS::StackId'), '\n', 'region=', Ref('AWS::Region'), '\n' ]), mode='000400', owner='root', group='root'), '/etc/cfn/hooks.d/cfn-auto-reloader.conf': cloudformation. InitFile(content=Join('', [ '[cfn-auto-reloader-hook]\n', 'triggers=post.update\n', 'path=Resources.WebServerInstance.Metadata' '.AWS::CloudFormation::Init\n', 'action=/opt/aws/bin/cfn-init -v ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n', 'runas=root\n' ]), # Why doesn't the Amazon template have this? # mode='000400', # owner='root', # group='root' ), }), commands={ '01-install_phpredis': { 'command': '/usr/local/bin/install_phpredis' }, '02-get-cluster-config': { 'command': '/usr/local/bin/get_cluster_config' } }, services={ "sysvinit": cloudformation.InitServices({ "httpd": cloudformation.InitService( enabled=True, ensureRunning=True, ), "cfn-hup": cloudformation.InitService( enabled=True, ensureRunning=True, files=[ '/etc/cfn/cfn-hup.conf', '/etc/cfn/hooks.d/' 'cfn-auto-reloader.conf' ]), }), }, ) })), ImageId=FindInMap( 'AWSRegionArch2AMI', Ref('AWS::Region'), FindInMap('AWSInstanceType2Arch', Ref(instancetype), 'Arch')), InstanceType=Ref(instancetype), SecurityGroups=[Ref(webserversg)], KeyName=Ref(keyname), IamInstanceProfile=Ref(webserverinstanceprofile), UserData=Base64( Join('', [ '#!/bin/bash -xe\n', 'yum update -y aws-cfn-bootstrap\n', '# Setup the PHP sample application\n', '/opt/aws/bin/cfn-init -v ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n', '# Signal the status of cfn-init\n', '/opt/aws/bin/cfn-signal -e $? ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n' ])), CreationPolicy=CreationPolicy(ResourceSignal=ResourceSignal( Timeout='PT15M')), Tags=Tags(Application=Ref('AWS::StackId'), Details='Created using Troposhpere'))) redisclustersg = template.add_resource( elasticache.SecurityGroup( 'RedisClusterSecurityGroup', Description='Lock the cluster down', )) template.add_resource( elasticache.SecurityGroupIngress( 'RedisClusterSecurityGroupIngress', CacheSecurityGroupName=Ref(redisclustersg), EC2SecurityGroupName=Ref(webserversg), )) template.add_resource( elasticache.CacheCluster( 'RedisCluster', Engine='redis', CacheNodeType=Ref(cachenodetype), NumCacheNodes='1', CacheSecurityGroupNames=[Ref(redisclustersg)], )) # Outputs template.add_output([ Output('WebsiteURL', Description='Application URL', Value=Join('', [ 'http://', GetAtt(webserverinstance, 'PublicDnsName'), ])) ]) # Print CloudFormation Template print(template.to_json())
# Converted from s3_processor located at: # https://github.com/awslabs/serverless-application-model/blob/dbc54b5d0cd31bf5cebd16d765b74aee9eb34641/examples/2016-10-31/s3_processor/template.yaml from troposphere import Template, Ref from troposphere.s3 import Bucket from troposphere.serverless import Function, S3Event t = Template() t.add_description( "A function is triggered off an upload to a bucket. It logs the content " "type of the uploaded object.") t.add_transform('AWS::Serverless-2016-10-31') s3_bucket = t.add_resource( Bucket("Bucket") ) t.add_resource( Function( "ProcessorFunction", Handler='index.handler', Runtime='nodejs4.3', CodeUri='s3://<bucket>/s3_processor.zip', Policies='AmazonS3ReadOnlyAccess', Events={ 'PhotoUpload': S3Event( 'PhotoUpload', Bucket=Ref(s3_bucket),
parser = argparse.ArgumentParser(description="OpenEMR Standard stack builder") parser.add_argument( "--recovery", help="load OpenEMR stack from backups", action="store_true") parser.add_argument( "--dev", help="purge development resources on exit", action="store_true") args = parser.parse_args() t = Template() t.add_version('2010-09-09') descString = 'OpenEMR Cloud Standard v5.0.1-1 cloud deployment' if (args.dev): descString += ' [developer]' if (args.recovery): descString += ' [recovery]' t.add_description(descString) # reduce to consistent names if (args.recovery): OpenEMRKeyID = Select('1', Split('/', Ref('RecoveryKMSKey'))) OpenEMRKeyARN = Ref('RecoveryKMSKey') else: OpenEMRKeyID = Ref('OpenEMRKey') OpenEMRKeyARN = GetAtt('OpenEMRKey', 'Arn') if (args.recovery): setRecoveryInputs(t, args) else: setInputs(t, args) setMappings(t, args)
from troposphere import Template, Ref, Output, GetAtt from troposphere.iam import AccessKey, User tpl = Template() tpl.add_version('2010-09-09') tpl.add_description( "Create a superadmin user with all required privileges for this project. " ) # Resources superuser = tpl.add_resource(User( title='czpycon2015', )) access_keys = tpl.add_resource(AccessKey( "Troposphere", Status="Active", UserName=Ref(superuser)) ) # Outputs tpl.add_output(Output( "AccessKey", Value=Ref(access_keys), Description="AWSAccessKeyId of superuser", )) tpl.add_output(Output( "SecretKey", Value=GetAtt(access_keys, "SecretAccessKey"), Description="AWSSecretKey of superuser",
class StandUp: region = "ap-southeast-2" subnet = "subnet-cb5facae" type = "m3.xlarge" ami = "ami-e95c31d3" stackname = "TestIOStack" name = "windows-2012-test" instance_template = "TestIO" timezone = "Australia/Brisbane" environment = "Development" comment = "Comments" keypair = "IOTEST" iamrole = "IAM-EC2-Default" securitygroups = ["sg-02b36667"] monitoring = False rollback = False volume = "" ec2conn = "" cfnconn = "" template = "" def __init__(self): self.build() self.output_to_file() def output_to_file(self): output = self.template.to_json() fd = open('standup.json', 'w') fd.write(output) fd.close() print(output) def metadata(self): m = MetadataObject() m.add_configkeys( 'AWS::CloudFormation::Init', 'InitRAID', 'files', { "C:\\cfn\\scripts\\striperaidebs.txt": { "content": """select disk 1 clean convert dynamic select disk 2 clean convert dynamic create volume stripe disk=1,2 list volume select volume 2 assign letter=e format fs=ntfs quick""" }, "C:\\cfn\\scripts\\striperaidephemeral.txt": { "content": """select disk 2 clean convert dynamic select disk 3 clean convert dynamic create volume stripe disk=2,3 select volume 2 assign letter=E format fs=ntfs quick""" } }) m.add_configkeys( 'AWS::CloudFormation::Init', 'InitRAID', 'commands', { "1-initialize-raid-1": { "command": """diskpart /s C:\\cfn\\scripts\\striperaidebs.txt""", "waitAfterCompletion": 0 } }) m.add_configkeys( 'AWS::CloudFormation::Init', 'TestIO', 'packages', { "msi": { "python": """https://www.python.org/ftp/python/3.4.2/python-3.4.2.amd64.msi""" } }) m.add_configkeys( 'AWS::CloudFormation::Init', 'TestIO', 'files', { "C:\\cfn\\scripts\\DiskRobIOt.py": """https://raw.githubusercontent.com/monk-ee/DiskRobIOt/master/DiskRobIOt.py""" }) m.add_configkeys( 'AWS::CloudFormation::Init', 'TestIO', 'commands', { "1-python-path": { "command": """setx path "%path%;C:\\Python34" """, "waitAfterCompletion": 0 }, "2-run-disktest": { "command": """c:\\cfn\\scripts\DiskRobIOt.py --path e:\\ """, "waitAfterCompletion": 0 } }) m.add_configkeys('AWS::CloudFormation::Init', 'configSets', 'config', ["InitRAID", "TestIO"]) return m def build(self): self.template = Template() self.template.add_version() self.template.add_description(self.comment) m = self.metadata() ec2_instance = self.template.add_resource( ec2.Instance( self.instance_template, ImageId=self.ami, InstanceType=self.type, KeyName=self.keypair, SubnetId=self.subnet, SecurityGroupIds=self.securitygroups, Monitoring=self.monitoring, IamInstanceProfile=self.iamrole, UserData=Base64("""<script> cfn-init -v -s """ + self.stackname + """ -r """ + self.instance_template + """ --region """ + self.region + """ --configset config</script>"""), Metadata=m.JSONrepr(), BlockDeviceMappings=[ ec2.BlockDeviceMapping( DeviceName="/dev/xvdca", VirtualName="ephemeral0", ), ec2.BlockDeviceMapping( DeviceName="/dev/xvdcb", VirtualName="ephemeral1", ), ec2.BlockDeviceMapping( DeviceName="/dev/xvdb", Ebs=ec2.EBSBlockDevice(DeleteOnTermination=True, VolumeSize="45", VolumeType="gp2"), ), ec2.BlockDeviceMapping( DeviceName="/dev/xvdc", Ebs=ec2.EBSBlockDevice(DeleteOnTermination=True, VolumeSize="45", VolumeType="gp2"), ) ], Tags=Tags( Name=self.name, Environment=self.environment, Comment=self.comment, Role=self.iamrole, ), )) self.template.add_resource( ec2.EIP( "EIP", InstanceId=Ref(ec2_instance), Domain='vpc', )) self.template.add_output([ Output( "InstanceId", Description="InstanceId of the newly created EC2 instance", Value=Ref(ec2_instance), ), Output( "PrivateIP", Description= "Private IP address of the newly created EC2 instance", Value=GetAtt(ec2_instance, "PrivateIp"), ), Output( "PrivateDNS", Description="Private DNSName of the newly created EC2 instance", Value=GetAtt(ec2_instance, "PrivateDnsName"), ) ]) def cloudform(self): try: self.cfnconn.create_stack(self.stackname, template_body=self.template.to_json(), disable_rollback=self.rollback) output = self.template.to_json() return output except Exception as e: raise def ec2_connect_to_region(self): try: self.ec2conn = boto.ec2.connect_to_region(self.region) except: raise def vpc_connect_to_region(self): try: self.vpcconn = boto.vpc.connect_to_region(self.region) except: raise def iam_connect_to_region(self): try: self.iamconn = boto.iam.connect_to_region(self.region) except: raise def cfn_connect_to_region(self): try: self.cfnconn = boto.cloudformation.connect_to_region(self.region) except: raise
# Python script to generate the cloudformation template json file # This is not strictly needed, but it takes the pain out of writing a # cloudformation template by hand. It also allows for DRY approaches # to maintaining cloudformation templates. from troposphere import Ref, Template, Parameter, Output, Join, GetAtt, Tags import troposphere.ec2 as ec2 t = Template() t.add_description( 'An Ec2-classic stack with Couchbase Server, Sync Gateway + load testing tools ' ) NUM_COUCHBASE_SERVERS=3 NUM_SYNC_GW_SERVERS=1 NUM_GATELOADS=1 COUCHBASE_INSTANCE_TYPE="m3.medium" SYNC_GW_INSTANCE_TYPE="m3.medium" GATELOAD_INSTANCE_TYPE="m3.medium" def createCouchbaseSecurityGroups(t): # Couchbase security group secGrpCouchbase = ec2.SecurityGroup('CouchbaseSecurityGroup') secGrpCouchbase.GroupDescription = "Allow access to Couchbase Server" secGrpCouchbase.SecurityGroupIngress = [ ec2.SecurityGroupRule( IpProtocol="tcp",
from troposphere.autoscaling import ( AutoScalingGroup, LaunchConfiguration, ScalingPolicy, ) from troposphere.cloudwatch import ( Alarm, MetricDimension, ) from awacs.sts import AssumeRole t = Template() t.add_description('ElasticSearch Template') t.add_parameter(Parameter("VpcId", Type="AWS::EC2::VPC::Id", Description="VPC")) t.add_parameter( Parameter("PrivateSubnet", Description="PrivateSubnet", Type="List<AWS::EC2::Subnet::Id>", ConstraintDescription="PrivateSubnet")) t.add_parameter( Parameter( "InstanceType", Type="String", Description="instance type",
from troposphere import Parameter, Ref, Template from troposphere import cloudformation, autoscaling from troposphere.autoscaling import AutoScalingGroup, Tag from troposphere.autoscaling import LaunchConfiguration, ScalingPolicy from troposphere.elasticloadbalancing import LoadBalancer from troposphere.policies import ( AutoScalingReplacingUpdate, AutoScalingRollingUpdate, UpdatePolicy ) import troposphere.ec2 as ec2 import troposphere.elasticloadbalancing as elb from troposphere.cloudwatch import Alarm, MetricDimension t = Template() t.add_description("""\ Configures autoscaling group for api app""") SecurityGroup = t.add_parameter(Parameter( "SecurityGroup", Type="String", Description="Security group for api instances.", )) DeployBucket = t.add_parameter(Parameter( "DeployBucket", Type="String", Description="The S3 bucket with the cloudformation scripts.", )) SSLCertificateId = t.add_parameter(Parameter( "SSLCertificateId",
MetricName="TestMetric", Namespace="AWS/ElasticMapReduce", Period="300", Statistic="AVERAGE", Threshold="50", Unit="PERCENT", Dimensions=[ emr.MetricDimension('my.custom.master.property', 'my.custom.master.value') ]))) ] return rules template = Template() template.add_description( "Sample CloudFormation template for creating an EMR cluster") keyname = template.add_parameter( Parameter("KeyName", Description="Name of an existing EC2 KeyPair to enable SSH " "to the instances", Type=KEY_PAIR_NAME)) subnet = template.add_parameter( Parameter("Subnet", Description="Subnet ID for creating the EMR cluster", Type=SUBNET_ID)) spot = template.add_parameter( Parameter("SpotPrice", Description="Spot price (or use 0 for 'on demand' instance)",
ref_ambariserver = GetAtt('AmbariNode', 'PrivateDnsName') ref_java_provider = Ref('JavaProvider') ref_java_version = Ref('JavaVersion') ref_additional_instance_count = Ref('AdditionalInstanceCount') ref_ambari_pass = Ref('AmbariPass') ref_ambari_services = Ref('AmbariServices') ref_deploy_cluster = Ref('DeployCluster') ref_wait_ambari = Ref('waitHandleAmbari') # now the work begins t = Template() t.add_version("2010-09-09") t.add_description("""\ CloudFormation template to Deploy Hortonworks Data Platform on VPC with a public subnet""") ## Parameters BootDiskSize = t.add_parameter(Parameter( "BootDiskSize", Type="Number", Default="80", MinValue=10, MaxValue=2000, Description="Size of boot disk.", )) InstanceType = t.add_parameter(Parameter( "InstanceType", Default="m4.xlarge",
from troposphere.cloudfront import Distribution, DistributionConfig from troposphere.cloudfront import Origin, DefaultCacheBehavior from troposphere.policies import CreationPolicy, ResourceSignal ref_stack_id = Ref('AWS::StackId') ref_region = Ref('AWS::Region') ref_stack_name = Ref('AWS::StackName') ref_ambariserver = GetAtt('AmbariNode', 'PrivateDnsName') ref_java_provider = Ref('JavaProvider') t = Template() t.add_version("2010-09-09") t.add_description("""\ CloudFormation template to Deploy Hortonworks Data Platform on VPC with a public subnet""") AmbariInstanceType = t.add_parameter(Parameter( "AmbariInstanceType", Default="m3.large", ConstraintDescription="Must be a valid EC2 instance type.", Type="String", Description="Instance type for Ambari node", )) WorkerInstanceCount = t.add_parameter(Parameter( "WorkerInstanceCount", Default="2", Type="Number", Description="Number of Worker instances", MaxValue="99", MinValue="1",
def main(): """ Create a ElastiCache Redis Node and EC2 Instance """ template = Template() # Description template.add_description( 'AWS CloudFormation Sample Template ElastiCache_Redis:' 'Sample template showing how to create an Amazon' 'ElastiCache Redis Cluster. **WARNING** This template' 'creates an Amazon EC2 Instance and an Amazon ElastiCache' 'Cluster. You will be billed for the AWS resources used' 'if you create a stack from this template.') # Mappings template.add_mapping('AWSInstanceType2Arch', { 't1.micro': {'Arch': 'PV64'}, 't2.micro': {'Arch': 'HVM64'}, 't2.small': {'Arch': 'HVM64'}, 't2.medium': {'Arch': 'HVM64'}, 'm1.small': {'Arch': 'PV64'}, 'm1.medium': {'Arch': 'PV64'}, 'm1.large': {'Arch': 'PV64'}, 'm1.xlarge': {'Arch': 'PV64'}, 'm2.xlarge': {'Arch': 'PV64'}, 'm2.2xlarge': {'Arch': 'PV64'}, 'm2.4xlarge': {'Arch': 'PV64'}, 'm3.medium': {'Arch': 'HVM64'}, 'm3.large': {'Arch': 'HVM64'}, 'm3.xlarge': {'Arch': 'HVM64'}, 'm3.2xlarge': {'Arch': 'HVM64'}, 'c1.medium': {'Arch': 'PV64'}, 'c1.xlarge': {'Arch': 'PV64'}, 'c3.large': {'Arch': 'HVM64'}, 'c3.xlarge': {'Arch': 'HVM64'}, 'c3.2xlarge': {'Arch': 'HVM64'}, 'c3.4xlarge': {'Arch': 'HVM64'}, 'c3.8xlarge': {'Arch': 'HVM64'}, 'c4.large': {'Arch': 'HVM64'}, 'c4.xlarge': {'Arch': 'HVM64'}, 'c4.2xlarge': {'Arch': 'HVM64'}, 'c4.4xlarge': {'Arch': 'HVM64'}, 'c4.8xlarge': {'Arch': 'HVM64'}, 'g2.2xlarge': {'Arch': 'HVMG2'}, 'r3.large': {'Arch': 'HVM64'}, 'r3.xlarge': {'Arch': 'HVM64'}, 'r3.2xlarge': {'Arch': 'HVM64'}, 'r3.4xlarge': {'Arch': 'HVM64'}, 'r3.8xlarge': {'Arch': 'HVM64'}, 'i2.xlarge': {'Arch': 'HVM64'}, 'i2.2xlarge': {'Arch': 'HVM64'}, 'i2.4xlarge': {'Arch': 'HVM64'}, 'i2.8xlarge': {'Arch': 'HVM64'}, 'd2.xlarge': {'Arch': 'HVM64'}, 'd2.2xlarge': {'Arch': 'HVM64'}, 'd2.4xlarge': {'Arch': 'HVM64'}, 'd2.8xlarge': {'Arch': 'HVM64'}, 'hi1.4xlarge': {'Arch': 'HVM64'}, 'hs1.8xlarge': {'Arch': 'HVM64'}, 'cr1.8xlarge': {'Arch': 'HVM64'}, 'cc2.8xlarge': {'Arch': 'HVM64'} }) template.add_mapping('AWSRegionArch2AMI', { 'us-east-1': {'PV64': 'ami-0f4cfd64', 'HVM64': 'ami-0d4cfd66', 'HVMG2': 'ami-5b05ba30'}, 'us-west-2': {'PV64': 'ami-d3c5d1e3', 'HVM64': 'ami-d5c5d1e5', 'HVMG2': 'ami-a9d6c099'}, 'us-west-1': {'PV64': 'ami-85ea13c1', 'HVM64': 'ami-87ea13c3', 'HVMG2': 'ami-37827a73'}, 'eu-west-1': {'PV64': 'ami-d6d18ea1', 'HVM64': 'ami-e4d18e93', 'HVMG2': 'ami-72a9f105'}, 'eu-central-1': {'PV64': 'ami-a4b0b7b9', 'HVM64': 'ami-a6b0b7bb', 'HVMG2': 'ami-a6c9cfbb'}, 'ap-northeast-1': {'PV64': 'ami-1a1b9f1a', 'HVM64': 'ami-1c1b9f1c', 'HVMG2': 'ami-f644c4f6'}, 'ap-southeast-1': {'PV64': 'ami-d24b4280', 'HVM64': 'ami-d44b4286', 'HVMG2': 'ami-12b5bc40'}, 'ap-southeast-2': {'PV64': 'ami-ef7b39d5', 'HVM64': 'ami-db7b39e1', 'HVMG2': 'ami-b3337e89'}, 'sa-east-1': {'PV64': 'ami-5b098146', 'HVM64': 'ami-55098148', 'HVMG2': 'NOT_SUPPORTED'}, 'cn-north-1': {'PV64': 'ami-bec45887', 'HVM64': 'ami-bcc45885', 'HVMG2': 'NOT_SUPPORTED'} }) template.add_mapping('Region2Principal', { 'us-east-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'us-west-2': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'us-west-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'eu-west-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'ap-southeast-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'ap-northeast-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'ap-southeast-2': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'sa-east-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'cn-north-1': {'EC2Principal': 'ec2.amazonaws.com.cn', 'OpsWorksPrincipal': 'opsworks.amazonaws.com.cn'}, 'eu-central-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'} }) # Parameters cachenodetype = template.add_parameter(Parameter( 'ClusterNodeType', Description='The compute and memory capacity of the nodes in the Redis' ' Cluster', Type='String', Default='cache.m1.small', AllowedValues=['cache.m1.small', 'cache.m1.large', 'cache.m1.xlarge', 'cache.m2.xlarge', 'cache.m2.2xlarge', 'cache.m2.4xlarge', 'cache.c1.xlarge'], ConstraintDescription='must select a valid Cache Node type.', )) instancetype = template.add_parameter(Parameter( 'InstanceType', Description='WebServer EC2 instance type', Type='String', Default='t2.micro', AllowedValues=['t1.micro', 't2.micro', 't2.small', 't2.medium', 'm1.small', 'm1.medium', 'm1.large', 'm1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm3.medium', 'm3.large', 'm3.xlarge', 'm3.2xlarge', 'c1.medium', 'c1.xlarge', 'c3.large', 'c3.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'c4.large', 'c4.xlarge', 'c4.2xlarge', 'c4.4xlarge', 'c4.8xlarge', 'g2.2xlarge', 'r3.large', 'r3.xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'i2.xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'd2.xlarge', 'd2.2xlarge', 'd2.4xlarge', 'd2.8xlarge', 'hi1.4xlarge', 'hs1.8xlarge', 'cr1.8xlarge', 'cc2.8xlarge', 'cg1.4xlarge'], ConstraintDescription='must be a valid EC2 instance type.', )) keyname = template.add_parameter(Parameter( 'KeyName', Description='Name of an existing EC2 KeyPair to enable SSH access' ' to the instance', Type='AWS::EC2::KeyPair::KeyName', ConstraintDescription='must be the name of an existing EC2 KeyPair.', )) sshlocation = template.add_parameter(Parameter( 'SSHLocation', Description='The IP address range that can be used to SSH to' ' the EC2 instances', Type='String', MinLength='9', MaxLength='18', Default='0.0.0.0/0', AllowedPattern='(\\d{1,3})\\.(\\d{1,3})\\.' '(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})', ConstraintDescription='must be a valid IP CIDR range of the' ' form x.x.x.x/x.' )) # Resources webserverrole = template.add_resource(iam.Role( 'WebServerRole', AssumeRolePolicyDocument=Policy( Statement=[ Statement( Effect=Allow, Action=[AssumeRole], Principal=Principal('Service', [FindInMap('Region2Principal', Ref('AWS::Region'), 'EC2Principal')]), ) ] ), Path='/', )) template.add_resource(iam.PolicyType( 'WebServerRolePolicy', PolicyName='WebServerRole', PolicyDocument=awacs.aws.Policy( Statement=[awacs.aws.Statement( Action=[awacs.aws.Action("elasticache", "DescribeCacheClusters")], Resource=["*"], Effect=awacs.aws.Allow )] ), Roles=[Ref(webserverrole)], )) webserverinstanceprofile = template.add_resource(iam.InstanceProfile( 'WebServerInstanceProfile', Path='/', Roles=[Ref(webserverrole)], )) webserversg = template.add_resource(ec2.SecurityGroup( 'WebServerSecurityGroup', GroupDescription='Enable HTTP and SSH access', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp=Ref(sshlocation), ), ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='80', ToPort='80', CidrIp='0.0.0.0/0', ) ] )) webserverinstance = template.add_resource(ec2.Instance( 'WebServerInstance', Metadata=cloudformation.Metadata( cloudformation.Init({ 'config': cloudformation.InitConfig( packages={ 'yum': { 'httpd': [], 'php': [], 'php-devel': [], 'gcc': [], 'make': [] } }, files=cloudformation.InitFiles({ '/var/www/html/index.php': cloudformation.InitFile( content=Join('', [ '<?php\n', 'echo \"<h1>AWS CloudFormation sample' ' application for Amazon ElastiCache' ' Redis Cluster</h1>\";\n', '\n', '$cluster_config = json_decode(' 'file_get_contents(\'/tmp/cacheclusterconfig\'' '), true);\n', '$endpoint = $cluster_config[\'CacheClusters' '\'][0][\'CacheNodes\'][0][\'Endpoint\'][\'Add' 'ress\'];\n', '$port = $cluster_config[\'CacheClusters\'][0]' '[\'CacheNodes\'][0][\'Endpoint\'][\'Port\'];' '\n', '\n', 'echo \"<p>Connecting to Redis Cache Cluster ' 'node \'{$endpoint}\' on port {$port}</p>\";' '\n', '\n', '$redis=new Redis();\n', '$redis->connect($endpoint, $port);\n', '$redis->set(\'testkey\', \'Hello World!\');' '\n', '$return = $redis->get(\'testkey\');\n', '\n', 'echo \"<p>Retrieved value: $return</p>\";' '\n', '?>\n' ]), mode='000644', owner='apache', group='apache' ), '/etc/cron.d/get_cluster_config': cloudformation.InitFile( content='*/5 * * * * root' ' /usr/local/bin/get_cluster_config', mode='000644', owner='root', group='root' ), '/usr/local/bin/get_cluster_config': cloudformation.InitFile( content=Join('', [ '#! /bin/bash\n', 'aws elasticache describe-cache-clusters ', ' --cache-cluster-id ', Ref('RedisCluster'), ' --show-cache-node-info' ' --region ', Ref('AWS::Region'), ' > /tmp/cacheclusterconfig\n' ]), mode='000755', owner='root', group='root' ), '/usr/local/bin/install_phpredis': cloudformation.InitFile( content=Join('', [ '#! /bin/bash\n', 'cd /tmp\n', 'wget https://github.com/nicolasff/' 'phpredis/zipball/master -O phpredis.zip' '\n', 'unzip phpredis.zip\n', 'cd nicolasff-phpredis-*\n', 'phpize\n', './configure\n', 'make && make install\n', 'touch /etc/php.d/redis.ini\n', 'echo extension=redis.so > /etc/php.d/' 'redis.ini\n' ]), mode='000755', owner='root', group='root' ), '/etc/cfn/cfn-hup.conf': cloudformation.InitFile( content=Join('', [ '[main]\n', 'stack=', Ref('AWS::StackId'), '\n', 'region=', Ref('AWS::Region'), '\n' ]), mode='000400', owner='root', group='root' ), '/etc/cfn/hooks.d/cfn-auto-reloader.conf': cloudformation.InitFile( content=Join('', [ '[cfn-auto-reloader-hook]\n', 'triggers=post.update\n', 'path=Resources.WebServerInstance.Metadata' '.AWS::CloudFormation::Init\n', 'action=/opt/aws/bin/cfn-init -v ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n', 'runas=root\n' ]), # Why doesn't the Amazon template have this? # mode='000400', # owner='root', # group='root' ), }), commands={ '01-install_phpredis': { 'command': '/usr/local/bin/install_phpredis' }, '02-get-cluster-config': { 'command': '/usr/local/bin/get_cluster_config' } }, services={ "sysvinit": cloudformation.InitServices({ "httpd": cloudformation.InitService( enabled=True, ensureRunning=True, ), "cfn-hup": cloudformation.InitService( enabled=True, ensureRunning=True, files=['/etc/cfn/cfn-hup.conf', '/etc/cfn/hooks.d/' 'cfn-auto-reloader.conf'] ), }), }, ) }) ), ImageId=FindInMap('AWSRegionArch2AMI', Ref('AWS::Region'), FindInMap('AWSInstanceType2Arch', Ref(instancetype), 'Arch')), InstanceType=Ref(instancetype), SecurityGroups=[Ref(webserversg)], KeyName=Ref(keyname), IamInstanceProfile=Ref(webserverinstanceprofile), UserData=Base64(Join('', [ '#!/bin/bash -xe\n', 'yum update -y aws-cfn-bootstrap\n', '# Setup the PHP sample application\n', '/opt/aws/bin/cfn-init -v ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n', '# Signal the status of cfn-init\n', '/opt/aws/bin/cfn-signal -e $? ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n' ])), CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal(Timeout='PT15M') ), Tags=Tags(Application=Ref('AWS::StackId'), Details='Created using Troposhpere') )) redisclustersg = template.add_resource(elasticache.SecurityGroup( 'RedisClusterSecurityGroup', Description='Lock the cluster down', )) template.add_resource(elasticache.SecurityGroupIngress( 'RedisClusterSecurityGroupIngress', CacheSecurityGroupName=Ref(redisclustersg), EC2SecurityGroupName=Ref(webserversg), )) template.add_resource(elasticache.CacheCluster( 'RedisCluster', Engine='redis', CacheNodeType=Ref(cachenodetype), NumCacheNodes='1', CacheSecurityGroupNames=[Ref(redisclustersg)], )) # Outputs template.add_output([ Output( 'WebsiteURL', Description='Application URL', Value=Join('', [ 'http://', GetAtt(webserverinstance, 'PublicDnsName'), ]) ) ]) # Print CloudFormation Template print(template.to_json())
SecurityGroupRule, SecurityGroup from troposphere.policies import CreationPolicy, ResourceSignal from troposphere.cloudformation import Init, InitFile, InitFiles, \ InitConfig, InitService, InitServices import boto3 import sys import datetime ami_id = sys.argv[1] stack_name = 'testing%s' % datetime.datetime.now().strftime("%Y%M%d%H%M") t = Template() t.add_version('2010-09-09') t.add_description("""Test template to take in new ami id from packer""") keyname_param = t.add_parameter( Parameter( 'KeyName', ConstraintDescription='must be the name of an existing EC2 KeyPair.', Description='Name of an existing EC2 KeyPair to enable SSH access to \ the instance', Type='AWS::EC2::KeyPair::KeyName', Default='keyname' )) amiid_param = t.add_parameter( Parameter( 'AMIID', ConstraintDescription='AMI ID of the new image',
# Converted from Elasticsearch Domain example located at: # http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#d0e51519 from troposphere import Template, constants from troposphere.elasticsearch import Domain, EBSOptions from troposphere.elasticsearch import ElasticsearchClusterConfig from troposphere.elasticsearch import SnapshotOptions templ = Template() templ.add_description('Elasticsearch Domain example') es_domain = templ.add_resource(Domain( 'ElasticsearchDomain', DomainName="ExampleElasticsearchDomain", ElasticsearchClusterConfig=ElasticsearchClusterConfig( DedicatedMasterEnabled=True, InstanceCount=2, ZoneAwarenessEnabled=True, InstanceType=constants.ELASTICSEARCH_M3_MEDIUM, DedicatedMasterType=constants.ELASTICSEARCH_M3_MEDIUM, DedicatedMasterCount=3 ), EBSOptions=EBSOptions(EBSEnabled=True, Iops=0, VolumeSize=20, VolumeType="gp2"), SnapshotOptions=SnapshotOptions(AutomatedSnapshotStartHour=0), AccessPolicies={'Version': '2012-10-17', 'Statement': [{
ApplicationName = "helloworld" ApplicationPort = "3000" GithubAccount = "EffectiveDevOpsWithAWS" GithubAnsibleURL = "https://github.com/{}/ansible".format(GithubAccount) PublicCidrIp = str(ip_network(get_ip())) AnsiblePullCmd = \ "/usr/bin/ansible-pull -U {} {}.yml -i localhost".format(GithubAnsibleURL, ApplicationName ) t = Template() t.add_description("Effective DevOps in AWS: HelloWorld web application") t.add_parameter( Parameter( "KeyPair", Description="Name of an existing EC2 KeyPair to SSH", Type="AWS::EC2::KeyPair::KeyName", ConstraintDescription="must be the name of an existing EC2 KeyPair.", )) t.add_resource( ec2.SecurityGroup( "SecurityGroup", GroupDescription="Allow SSH and TCP/{} access".format(ApplicationPort), SecurityGroupIngress=[ ec2.SecurityGroupRule(
#!/usr/bin/python # Asgard CloudFormation template from troposphere import Template, Parameter, Join, Ref, FindInMap, Output, GetAtt import troposphere.ec2 as ec2 template = Template() template.add_description('NetflixOSS Asgard 1.4.1 - Template by Answers for AWS') keyname = template.add_parameter(Parameter( "KeyPairName", Description = "Name of an existing EC2 KeyPair to enable SSH access to the instance", Type = "String", MinLength = "1", MaxLength = "64", AllowedPattern = "[-_ a-zA-Z0-9]*", ConstraintDescription = "can contain only alphanumeric characters, spaces, dashes and underscores." )) ip_address = template.add_parameter(Parameter( "YourIpAddress", Description = "Your IP address", Type = "String", )) instance_type = template.add_parameter(Parameter( "InstanceType", Description = "EC2 instance type to launch for Application servers", Type = "String",
from awacs.sts import AssumeRole ApplicationName = "jenkins" ApplicationPort = "8080" PublicCidrIp = str(ip_network(get_ip())) GithubAccount = "gane-dev" GithubAnsibleURL = "https://github.com/{}/ansible".format(GithubAccount) t = Template() AnsiblePullCmd = "/usr/local/bin/ansible-pull -U {} {}.yml -i localhost".format( GithubAnsibleURL, ApplicationName ) t.add_description("Simple HelloWorld web application") t.add_parameter(Parameter( "KeyPair", Description="GaneshAwsDevOps2", Type="AWS::EC2::KeyPair::KeyName", ConstraintDescription="must be the name of an existing EC2 KeyPair.", )) t.add_resource(ec2.SecurityGroup( "SecurityGroup", GroupDescription="Allow SSH and TCP/{} access".format(ApplicationPort), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22",
# Converted from ElasticBeanstalk_Python_Sample.template located at: # http://aws.amazon.com/cloudformation/aws-cloudformation-templates/ from troposphere import GetAtt, Join, Output from troposphere import Parameter, Ref, Template from troposphere.elasticbeanstalk import Application, Environment from troposphere.elasticbeanstalk import ApplicationVersion, OptionSettings from troposphere.elasticbeanstalk import SourceBundle t = Template() t.add_description( "AWS CloudFormation Sample Template ElasticBeanstalk_Python_Sample: " "Configure and launch the AWS Elastic Beanstalk Python sample " "application. **WARNING** This template creates one or more Amazon EC2 " "instances. You will be billed for the AWS resources used if you create " "a stack from this template.") keyname = t.add_parameter(Parameter( "KeyName", Description="Name of an existing EC2 KeyPair to enable SSH access " "to the AWS Elastic Beanstalk instance", Type="String", )) sampleApp = t.add_resource(Application( "sampleApplication", Description="AWS Elastic Beanstalk Python Sample Application", ApplicationVersions=[ ApplicationVersion(
from troposphere.awslambda import Code, Environment, Function, Permission from troposphere.iam import Role, Policy from troposphere.events import Rule, Target from troposphere.sns import Topic if len(sys.argv) > 2: source = open(sys.argv[2], "r").read() # Reclaim a few bytes (maximum size is 4096!) by converting four space # indents to single space indents indent_re = re.compile(r"^((?: ){1,})", re.MULTILINE) source = indent_re.sub(lambda m: " " * (len(m.group(1)) / 4), source) else: source = None t = Template() t.add_description("Chaos Lambda") if source is None: s3_bucket = t.add_parameter( Parameter( "S3Bucket", Description="Name of the S3 bucket containing the Lambda zip file", Type="String", )) s3_key = t.add_parameter( Parameter( "S3Key", Description="Path to the Lambda zip file under the bucket", Default="chaos-lambda.zip", Type="String", ))