from troposphere import (
Base64,
ec2,
GetAtt,
Join,
Output,
Parameter,
Ref,
Template,
)
PublicCidr = str(ip_network(get_ip()))
port = "3000"
t = Template()
t.set_description("DevOps in AWS - HelloWorld application")
t.add_parameter(
Parameter(
"KeyPair",
Description="herculano_devops",
Type="AWS::EC2::KeyPair::KeyName",
ConstraintDescription="herculano_devops",
))
t.add_resource(
ec2.SecurityGroup(
"SecurityGroup",
GroupDescription="Allow SSH and TCP/ {} access".format(port),
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol="tcp",
# Converted from SQS_With_CloudWatch_Alarms.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import GetAtt, Output, Ref, Template
from troposphere.sqs import Queue, RedrivePolicy
t = Template()
t.set_description(
"AWS CloudFormation Sample Template SQS: Sample template showing how to "
"create an SQS queue with a dead letter queue. **WARNING** This template "
"creates Amazon SQS Queues. You will be billed for the AWS resources used "
"if you create a stack from this template.")
mysourcequeue = t.add_resource(
Queue("MySourceQueue",
RedrivePolicy=RedrivePolicy(
deadLetterTargetArn=GetAtt("MyDeadLetterQueue", "Arn"),
maxReceiveCount="5",
)))
mydeadletterqueue = t.add_resource(Queue("MyDeadLetterQueue"))
t.add_output([
Output("SourceQueueURL",
Description="URL of the source queue",
Value=Ref(mysourcequeue)),
Output("SourceQueueARN",
Description="ARN of the source queue",
Value=GetAtt(mysourcequeue, "Arn")),
Output("DeadLetterQueueURL",
"""Generating CloudFormation template."""
from troposphere import Base64, ec2, GetAtt, Join, Output, Parameter, Ref, Template
ApplicationPort = "3000"
t = Template()
t.set_description("Effective DevOps in AWS: HelloWorld web application")
t.add_parameter(Parameter(
"KeyPair",
Description="Name of an existing EC2 KeyPair to SSH",
Type="AWS::EC2::KeyPair::KeyName",
ConstraintDescription="must be the name of an existing EC2 KeyPair.",
))
t.add_resource(ec2.SecurityGroup(
"SecurityGroup",
GroupDescription="Allow SSH and TCP/{} access".format(ApplicationPort),
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="0.0.0.0/0",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort=ApplicationPort,
class JMeterSecurityGroups:
def __init__(self, sceptre_user_data):
self.template = Template()
self.sceptre_user_data = sceptre_user_data
self.template.set_description("JMeter SecurityGroups")
def add_parameters(self):
self.jmeter_vpc = self.template.add_parameter(
Parameter(
"JMeterVpc",
Description="id of vpc",
Type="String",
))
self.jmeter_allowed_ip = self.template.add_parameter(
Parameter(
"JMeterAllowedIp",
Description="ip allowed to ssh",
Type="String",
))
def add_resources(self):
self.jmeter_security_group = self.template.add_resource(
ec2.SecurityGroup(
"JMeterSecurityGroup",
VpcId=Ref(self.jmeter_vpc),
GroupDescription="jmeter_security_group",
Tags=Tags(Name="jmeter_security_group"),
))
self.jmeter_ingress_rule_01 = self.template.add_resource(
ec2.SecurityGroupIngress(
"JMeterIngressRule01",
GroupId=Ref(self.jmeter_security_group),
ToPort="22",
IpProtocol="tcp",
CidrIp=Ref(self.jmeter_allowed_ip),
FromPort="22",
))
self.jmeter_ingress_rule_02 = self.template.add_resource(
ec2.SecurityGroupIngress(
"JMeterIngressRule02",
GroupId=Ref(self.jmeter_security_group),
ToPort="1099",
IpProtocol="tcp",
SourceSecurityGroupId=Ref(self.jmeter_security_group),
FromPort="1099",
))
self.jmeter_ingress_rule_03 = self.template.add_resource(
ec2.SecurityGroupIngress(
"JMeterIngressRule03",
GroupId=Ref(self.jmeter_security_group),
ToPort="65535",
IpProtocol="tcp",
SourceSecurityGroupId=Ref(self.jmeter_security_group),
FromPort="30000",
))
def add_outputs(self):
self.template.add_output([
Output("JMeterSecurityGroup",
Value=Ref(self.jmeter_security_group))
])
Rule,
Rules,
SizeConstraint,
SizeConstraintSet,
SqlInjectionMatchSet,
SqlInjectionMatchTuples,
WebACL,
XssMatchSet,
XssMatchTuple,
)
t = Template()
t.set_version("2010-09-09")
t.set_description(
"Creates an AWS WAF configuration that protects against common attacks")
WebACLName = t.add_parameter(
Parameter(
"WebACLName",
Default="CommonAttackProtection",
Type="String",
Description="Enter the name you want to use for the WebACL. "
"This value is also added as a prefix for the names of the rules, "
"conditions, and CloudWatch metrics created by this template.",
))
SqliMatchSet = t.add_resource(
SqlInjectionMatchSet(
"SqliMatchSet",
Name=Join("", [Ref(WebACLName), "SqliMatch"]),
# Converted from S3_Bucket.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Output, Ref, Template
from troposphere.s3 import Bucket, PublicRead, AccelerateConfiguration
t = Template()
t.set_description(
"AWS CloudFormation Sample Template S3_Bucket: Sample template showing :"
"How to create a publicly accessible S3 bucket. "
"How to enable S3 Transfer Acceleration. "
"**WARNING** This template creates an Amazon S3 Bucket. "
"You will be billed for the AWS resources used if you create "
"a stack from this template.")
s3bucket = t.add_resource(
Bucket(
"S3Bucket",
# Make public Read
AccessControl=PublicRead,
# Enable s3 Transfer Acceleration
AccelerateConfiguration=AccelerateConfiguration(
AccelerationStatus="Enabled", ),
))
t.add_output(
Output(
"BucketName",
Value=Ref(s3bucket),
Description="Name of S3 bucket with s3 transfer acceleration enabled",
from troposphere import Base64, Select, FindInMap, GetAtt, GetAZs, Join, Output, If, And, Not, Or, Equals, Condition
from troposphere import Parameter, Ref, Tags, Template
from troposphere.wafregional import WebACL
from troposphere.wafregional import Rule
from troposphere.wafregional import IPSet
from troposphere.wafregional import WebACLAssociation
from troposphere.wafregional import *
import os
import csv
t = Template()
t.set_version("2010-09-09")
t.set_description("""\
Custom WAF using a list of IP addresses for access.""")
## -- Parameters
ELBARN = t.add_parameter(
Parameter("ELBARN",
Type="String",
Description="ARN of the ELB to associate with the WAF"))
## -- Resources
WAFWebACL = t.add_resource(
WebACL(
"WAFWebACL",
DefaultAction=Action(Type="BLOCK"),
Rules=[
Rules(Action=Action(Type="ALLOW"),
Priority=1,
from troposphere import Template, Parameter, Ref, Join
from troposphere.logs import LogGroup
t = Template()
t.set_description("Log group for GoURMET gap fill evaluation tool")
environment = t.add_parameter(
Parameter(
"Environment",
Description="The name of the environment.",
Type="String",
))
logGroup = t.add_resource(
LogGroup("logGroup",
RetentionInDays=14,
LogGroupName=Join(
"-", ["gourmet-gap-fill-evaluation",
Ref(environment)])))
print(t.to_json())
# Converted from RDS_with_DBParameterGroup.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Parameter, Ref, Template
from troposphere.rds import DBInstance, DBParameterGroup
t = Template()
t.set_description(
"AWS CloudFormation Sample Template RDS_with_DBParameterGroup: Sample "
"template showing how to create an Amazon RDS Database Instance with "
"a DBParameterGroup.**WARNING** This template creates an Amazon "
"Relational Database Service database instance. You will be billed for "
"the AWS resources used if you create a stack from this template.")
dbuser = t.add_parameter(
Parameter(
"DBUser",
NoEcho=True,
Description="The database admin account username",
Type="String",
MinLength="1",
MaxLength="16",
AllowedPattern="[a-zA-Z][a-zA-Z0-9]*",
ConstraintDescription=("must begin with a letter and contain only"
" alphanumeric characters.")))
dbpassword = t.add_parameter(
Parameter(
"DBPassword",
NoEcho=True,
)
from troposphere.sns import (
Topic
)
from troposphere.cloudformation import (
CustomResource
)
t = Template()
t.set_version("2010-09-09")
t.set_description("""
(qs-1ph8nehb7)
Serverless CICD Quick Start
Codepipeline shared resources and security
""")
PipelineParam = {
"AppName": t.add_parameter(
Parameter(
"AppName",
Description="Application name, used for the repository and child stack name",
Type="String",
Default="Sample"
)
),
"BuildImageName": t.add_parameter(
Parameter(
"BuildImageName",
from troposphere import (
Parameter,
Ref,
Template,
Join,
ImportValue,
Select,
Split,
)
from awacs.sts import AssumeRole
t = Template()
t.set_description("Effective DevOps in AWS: ECS service - Helloworld")
t.add_parameter(
Parameter("Tag",
Type="String",
Default="latest",
Description="Tag to deploy"))
t.add_parameter(
Parameter("NodeEnv",
Type="String",
Default="",
Description="Runtime environment variables"))
t.add_resource(
TaskDefinition(
"task",
import boto3
from troposphere import Ref, Template, Tags, Join, Output, GetAtt
from awacs.aws import Allow, Policy, Principal, Statement, Action
import troposphere.iam
# S3_BUCKET='sbma44'
# S3_PATH='traccar/'
try:
from local_settings import *
except:
pass
t = Template()
t.set_description('Traccar event handler user for managing traces')
s3policy = troposphere.iam.Policy(
PolicyName='TraccarS3Policy',
PolicyDocument= Policy(
Statement=[
Statement(
Sid='S3PutGetList',
Effect=Allow,
Action=[
Action('s3', 'Get*'),
Action('s3', 'Put*')
],
Resource=['arn:aws:s3:::{}/{}*'.format(S3_BUCKET, S3_PATH)]
)
]
)
)
# Converted from api_backend located at:
# https://github.com/awslabs/serverless-application-model/blob/dbc54b5d0cd31bf5cebd16d765b74aee9eb34641/examples/2016-10-31/api_backend/template.yaml
from troposphere import Ref, Template
from troposphere.awslambda import Environment
from troposphere.serverless import ApiEvent, Function, SimpleTable
t = Template()
t.set_description(
"Simple CRUD webservice. State is stored in a SimpleTable (DynamoDB) " "resource."
)
t.set_transform("AWS::Serverless-2016-10-31")
simple_table = t.add_resource(SimpleTable("Table"))
t.add_resource(
Function(
"GetFunction",
Handler="index.get",
Runtime="nodejs4.3",
CodeUri="s3://<bucket>/api_backend.zip",
Policies="AmazonDynamoDBReadOnlyAccess",
Environment=Environment(Variables={"TABLE_NAME": Ref(simple_table)}),
Events={
"GetResource": ApiEvent(
"GetResource", Path="/resource/{resourceId}", Method="get"
)
},
)
ComputeEnvironmentOrder(
ComputeEnvironment=Ref(spot_fleet_batch_compute_environment),
Order=1),
],
Priority=Ref(batch_job_queue_priority_parameter),
JobQueueName=Ref(cloud_resource_name_parameter))
# ------------------------------------------------------------------------------
# Complete Template
# ------------------------------------------------------------------------------
# ----------------------------------------
# Template
# ----------------------------------------
faust_nextflow_template = Template()
faust_nextflow_template.set_version()
faust_nextflow_template.set_description(description)
# ----------------------------------------
# Parameter
# ----------------------------------------
faust_nextflow_template.add_parameter(cloud_resource_name_parameter)
faust_nextflow_template.add_parameter(aws_service_tag)
# ---
faust_nextflow_template.add_parameter(
batch_compute_environment_min_vcpu_parameter)
faust_nextflow_template.add_parameter(
batch_compute_environment_desired_vcpu_parameter)
faust_nextflow_template.add_parameter(
batch_compute_environment_max_vcpu_parameter)
# ---
faust_nextflow_template.add_parameter(batch_job_queue_priority_parameter)
# Converted from RDS_Snapshot_On_Delete.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import GetAtt, Join, Output
from troposphere import Template
from troposphere.rds import DBInstance
t = Template()
t.add_version("2010-09-09")
t.set_description(
"AWS CloudFormation Sample Template RDS_Snapshot_On_Delete: Sample "
"template showing how to create an RDS DBInstance that is snapshotted on "
"stack deletion. **WARNING** This template creates an Amazon RDS database "
"instance. When the stack is deleted a database snpshot will be left in "
"your account. You will be billed for the AWS resources used if you "
"create a stack from this template.")
MyDB = t.add_resource(
DBInstance(
"MyDB",
Engine="MySQL",
MasterUsername="******",
MasterUserPassword="******",
AllocatedStorage="5",
DBInstanceClass="db.m1.small",
DBName="MyDatabase",
))
JDBCConnectionString = t.add_output(
Output(
def main():
t = Template()
t.add_version('2010-09-09')
t.set_description("AWS CloudFormation ECS example")
# Add the Parameters
AMI = t.add_parameter(Parameter(
"AMI",
Type="String",
))
ClusterSize = t.add_parameter(Parameter(
"ClusterSize",
Type="String",
))
ClusterType = t.add_parameter(Parameter(
"ClusterType",
Type="String",
))
InstanceType = t.add_parameter(Parameter(
"InstanceType",
Type="String",
))
IamInstanceProfile = t.add_parameter(
Parameter(
"IamInstanceProfile",
Type="String",
))
KeyName = t.add_parameter(
Parameter(
"KeyName",
Type="AWS::EC2::KeyPair::KeyName",
))
MaxClusterSize = t.add_parameter(
Parameter(
"MaxClusterSize",
Type="String",
))
RollingUpdate = t.add_parameter(Parameter(
"RollingUpdate",
Type="String",
))
Stage = t.add_parameter(Parameter(
"Stage",
Type="String",
))
Subnets = t.add_parameter(
Parameter(
"Subnets",
Type="List<AWS::EC2::Subnet::Id>",
))
VpcCidr = t.add_parameter(Parameter(
"VpcCidr",
Type="String",
))
VpcId = t.add_parameter(Parameter(
"VpcId",
Type="AWS::EC2::VPC::Id",
))
ContainerInstances = t.add_resource(
LaunchConfiguration(
'ContainerInstances',
UserData=Base64(
Join('', [
'#!/bin/bash -xe\n', 'echo ECS_CLUSTER=',
Ref('AWS::StackName'), '>> /etc/ecs/ecs.config\n',
'systemctl enable [email protected]\n',
'systemctl start [email protected]\n',
'/usr/bin/cfn-signal -e $? ', ' --stack ',
Ref('AWS::StackName'),
' --resource ECSAutoScalingGroup ',
' --region ',
Ref('AWS::Region'), '\n'
])),
ImageId=Ref(AMI),
KeyName=Ref(KeyName),
SecurityGroups=[Ref('EcsSecurityGroup')],
IamInstanceProfile=Ref(IamInstanceProfile),
InstanceType=Ref(InstanceType)))
ECSCluster = t.add_resource(
Cluster('EcsCluster', ClusterName=Ref('AWS::StackName')))
ECSAutoScalingGroup = t.add_resource(
AutoScalingGroup(
'ECSAutoScalingGroup',
DesiredCapacity=Ref(ClusterSize),
MinSize=Ref(ClusterSize),
MaxSize=Ref(MaxClusterSize),
VPCZoneIdentifier=Ref(Subnets),
LaunchConfigurationName=Ref('ContainerInstances'),
HealthCheckType="EC2",
UpdatePolicy=UpdatePolicy(
AutoScalingReplacingUpdate=AutoScalingReplacingUpdate(
WillReplace=True, ),
AutoScalingRollingUpdate=AutoScalingRollingUpdate(
PauseTime='PT5M',
MinInstancesInService=Ref(ClusterSize),
MaxBatchSize='1',
WaitOnResourceSignals=True)),
Tags=[
Tag("Project", "demo", True),
Tag("Stage", Ref(Stage), True),
Tag("Name", "home-ecs", True),
]))
t.add_resource(
ScalingPolicy("EcsAsgScaleDown",
AdjustmentType="PercentChangeInCapacity",
AutoScalingGroupName=Ref("ECSAutoScalingGroup"),
MetricAggregationType="Average",
MinAdjustmentMagnitude="1",
PolicyType="StepScaling",
StepAdjustments=[
StepAdjustments(MetricIntervalLowerBound="-10",
MetricIntervalUpperBound="0",
ScalingAdjustment="-10"),
StepAdjustments(MetricIntervalUpperBound="-10",
ScalingAdjustment="-20")
]))
t.add_resource(
ScalingPolicy('EcsScaleUp',
AdjustmentType="PercentChangeInCapacity",
AutoScalingGroupName=Ref("ECSAutoScalingGroup"),
EstimatedInstanceWarmup="300",
MetricAggregationType="Average",
MinAdjustmentMagnitude="1",
PolicyType="StepScaling",
StepAdjustments=[
StepAdjustments(MetricIntervalLowerBound="0",
MetricIntervalUpperBound="10",
ScalingAdjustment="10"),
StepAdjustments(MetricIntervalLowerBound="10",
ScalingAdjustment="20")
]))
t.add_resource(
cloudwatch.Alarm("EcsScaleDownAlarm",
ActionsEnabled="True",
MetricName="CPUUtilization",
AlarmActions=[Ref("EcsAsgScaleDown")],
AlarmDescription="Scale down ECS Instances",
Namespace="AWS/EC2",
Statistic="Average",
Period="60",
EvaluationPeriods="6",
Threshold="25",
ComparisonOperator="LessThanThreshold",
Dimensions=[
cloudwatch.MetricDimension(
Name="AutoScalingGroupName",
Value=Ref("ECSAutoScalingGroup"))
]))
t.add_resource(
cloudwatch.Alarm("EcsAsgScaleUpAlarm",
ActionsEnabled="True",
MetricName="CPUUtilization",
AlarmActions=[Ref("EcsScaleUp")],
AlarmDescription="Scale up ECS Instances",
Namespace="AWS/EC2",
Statistic="Average",
Period="60",
EvaluationPeriods="3",
Threshold="65",
ComparisonOperator="GreaterThanThreshold",
Dimensions=[
cloudwatch.MetricDimension(
Name="AutoScalingGroupName",
Value=Ref("ECSAutoScalingGroup"))
]))
EC2SecurityGroup = t.add_resource(
ec2.SecurityGroup('EcsSecurityGroup',
GroupDescription='ECS InstanceSecurityGroup',
SecurityGroupIngress=[
ec2.SecurityGroupRule(IpProtocol='tcp',
FromPort='22',
ToPort='22',
CidrIp='0.0.0.0/0'),
ec2.SecurityGroupRule(IpProtocol='tcp',
FromPort='31000',
ToPort='61000',
CidrIp='0.0.0.0/0')
],
VpcId=Ref(VpcId)))
with open("ecs-ec2-cluster-cf.yaml", "w") as yamlout:
yamlout.write(t.to_yaml())
def main(**launch_parameters):
try:
t = Template()
t.set_version("2010-09-09")
t.set_description("(SOCA) - Base template to deploy DCV nodes version 2.7.2")
allow_anonymous_data_collection = launch_parameters["DefaultMetricCollection"]
# Launch Actual Capacity
instance = ec2.Instance(str(launch_parameters["session_name"]))
instance.BlockDeviceMappings = [{'DeviceName': "/dev/xvda" if launch_parameters["base_os"] == "amazonlinux2" else "/dev/sda1",
'Ebs': {
'DeleteOnTermination': True,
'VolumeSize': 30 if launch_parameters["disk_size"] is False else int(launch_parameters["disk_size"]),
'VolumeType': 'gp3',
'Encrypted': True}
}]
instance.ImageId = launch_parameters["image_id"]
instance.SecurityGroupIds = [launch_parameters["security_group_id"]]
if launch_parameters["hibernate"] is True:
instance.HibernationOptions = ec2.HibernationOptions(Configured=True)
instance.InstanceType = launch_parameters["instance_type"]
instance.SubnetId = random.choice(launch_parameters["soca_private_subnets"]) if not launch_parameters["subnet_id"] else launch_parameters["subnet_id"]
instance.IamInstanceProfile = launch_parameters["ComputeNodeInstanceProfileArn"].split("instance-profile/")[-1]
instance.UserData = Base64(Sub((launch_parameters["user_data"])))
instance.Tags = base_Tags(
Name=str(launch_parameters["cluster_id"] + "-" + launch_parameters["session_name"] + "-" + launch_parameters["user"]),
_soca_JobName=str(launch_parameters["session_name"]),
_soca_JobOwner=str(launch_parameters["user"]),
_soca_NodeType="dcv",
_soca_JobProject="desktop",
_soca_DCVSupportHibernate=str(launch_parameters["hibernate"]).lower(),
_soca_ClusterId=str(launch_parameters["cluster_id"]),
_soca_DCVSessionUUID=str(launch_parameters["session_uuid"]),
_soca_DCVSystem=str(launch_parameters["base_os"]))
t.add_resource(instance)
# Begin Custom Resource
# Change Mapping to No if you want to disable this
if allow_anonymous_data_collection is True:
metrics = CustomResourceSendAnonymousMetrics("SendAnonymousData")
metrics.ServiceToken = launch_parameters["SolutionMetricsLambda"]
metrics.DesiredCapacity = "1"
metrics.InstanceType = str(launch_parameters["instance_type"])
metrics.Efa = "false"
metrics.ScratchSize = "0"
metrics.RootSize = str(launch_parameters["disk_size"])
metrics.SpotPrice = "false"
metrics.BaseOS = str(launch_parameters["base_os"])
metrics.StackUUID = str(launch_parameters["session_uuid"])
metrics.KeepForever = "false"
metrics.FsxLustre = str({"fsx_lustre": "false", "existing_fsx": "false", "s3_backend": "false", "import_path": "false", "export_path": "false",
"deployment_type": "false", "per_unit_throughput": "false", "capacity": 1200})
metrics.TerminateWhenIdle = "false"
metrics.Dcv = "true"
t.add_resource(metrics)
# End Custom Resource
# Tags must use "soca:<Key>" syntax
template_output = t.to_yaml().replace("_soca_", "soca:")
return {'success': True,
'output': template_output}
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
return {'success': False,
'output': 'cloudformation_builder.py: ' + (str(e) + ': error :' + str(exc_type) + ' ' + str(fname) + ' ' + str(exc_tb.tb_lineno))}
class ECSTemplate():
'''
Create ECS template
'''
def __init__(self):
self.cfn_template = Template()
def add_descriptions(self, descriptions):
'''
Add descriptions to template
'''
self.cfn_template.set_description(descriptions)
return self.cfn_template
def add_version(self, version):
'''
Add a version of the template file to template
'''
self.cfn_template.set_version(version)
return self.cfn_template
def add_parameters(self):
'''
Add parameters to generated template
'''
self.cfn_template.add_parameter(
Parameter(
"Environment",
Type="String",
))
self.cfn_template.add_parameter(
Parameter(
"TargetGroup",
Type="String",
))
self.cfn_template.add_parameter(
Parameter(
"AnchoreEngineImage",
Type="String",
))
self.cfn_template.add_parameter(
Parameter(
"ArchoreDatabaseImage",
Type="String",
))
self.cfn_template.add_parameter(Parameter(
"PGDATA",
Type="String",
))
self.cfn_template.add_parameter(
Parameter(
"AnchoreDBPassword",
Type="String",
))
return self.cfn_template
def add_outputs(self):
'''
Add outputs to generated template
'''
self.cfn_template.add_output(
Output(
constants.SERVICE,
Description="ECS Service",
Export=Export(Sub('${Environment}-SERVICE')),
Value=Ref(constants.SERVICE),
))
self.cfn_template.add_output(
Output(
constants.TASK,
Description="ECS Task",
Export=Export(Sub('${Environment}-TASK')),
Value=Ref(constants.TASK),
))
return self.cfn_template
def add_ecs_service(self):
'''
Add ECS service
'''
self.cfn_template.add_resource(
Service(
title=constants.SERVICE,
Cluster=ImportValue(Sub('${Environment}-CLUSTER')),
LaunchType='EC2',
DesiredCount=int('1'),
TaskDefinition=Ref(constants.TASK),
Role=Ref(constants.SERVICE_ROLE),
DeploymentConfiguration=DeploymentConfiguration(
MaximumPercent=int('200'),
MinimumHealthyPercent=int('100')),
LoadBalancers=[
LoadBalancer(ContainerName='anchore-engine',
ContainerPort=int('8228'),
TargetGroupArn=ImportValue(
Sub('${Environment}-TARGETGROUP-ARN')))
],
PlacementStrategies=[
PlacementStrategy(Type='spread',
Field='attribute:ecs.availability-zone'),
PlacementStrategy(Type='spread', Field='instanceId')
]))
return self.cfn_template
def add_ecs_task(self):
'''
Add ECS Task
'''
self.cfn_template.add_resource(
TaskDefinition(
title=constants.TASK,
Volumes=[Volume(Name='anchore_db_vol')],
TaskRoleArn=GetAtt(constants.TASK_ROLE, 'Arn'),
ContainerDefinitions=[
ContainerDefinition(
Name='anchore-engine',
Hostname='anchore-engine',
Cpu=int('512'),
MemoryReservation=int('1536'),
Essential=bool('true'),
Image=ImportValue(
Sub('${Environment}-${AnchoreEngineImage}')),
PortMappings=[
PortMapping(
ContainerPort=int('8228'),
HostPort=int('8228'),
Protocol='tcp',
),
PortMapping(
ContainerPort=int('8338'),
HostPort=int('8338'),
Protocol='tcp',
),
],
DockerSecurityOptions=['apparmor:docker-default'],
Environment=[
Environment(Name='ANCHORE_HOST_ID',
Value='anchore-engine'),
Environment(Name='ANCHORE_ENDPOINT_HOSTNAME',
Value='anchore-engine'),
Environment(Name='ANCHORE_DB_HOST',
Value='anchore-db'),
Environment(Name='ANCHORE_DB_PASSWORD',
Value=Ref('AnchoreDBPassword')),
Environment(Name='AWS_DEFAULT_REGION',
Value=Ref('AWS::Region')),
Environment(Name='region',
Value=Ref('AWS::Region')),
],
LogConfiguration=LogConfiguration(
LogDriver='awslogs',
Options={
"awslogs-group":
Ref('EngineLogGroup'),
"awslogs-region":
Ref('AWS::Region'),
"awslogs-stream-prefix":
Join('', ['anchore-engine', 'logs'])
}),
Links=['anchore-db']),
ContainerDefinition(
Name='anchore-db',
Hostname='anchore-db',
Cpu=int('512'),
MemoryReservation=int('1536'),
Essential=bool('true'),
Image=Ref('ArchoreDatabaseImage'),
PortMappings=[
PortMapping(
ContainerPort=int('5432'),
HostPort=int('5432'),
Protocol='tcp',
)
],
DockerSecurityOptions=['apparmor:docker-default'],
MountPoints=[
MountPoint(ContainerPath=Ref('PGDATA'),
SourceVolume='anchore_db_vol')
],
Environment=[
Environment(Name='POSTGRES_PASSWORD',
Value=Ref('AnchoreDBPassword')),
Environment(Name='PGDATA', Value=Ref('PGDATA')),
Environment(Name='AWS_DEFAULT_REGION',
Value=Ref('AWS::Region')),
Environment(Name='region',
Value=Ref('AWS::Region')),
],
LogConfiguration=LogConfiguration(
LogDriver='awslogs',
Options={
"awslogs-group":
Ref('DatabaseLogGroup'),
"awslogs-region":
Ref('AWS::Region'),
"awslogs-stream-prefix":
Join('', ['anchore-db', 'logs'])
}))
]))
return self.cfn_template
def add_ecs_service_role(self):
'''
Add ECS Service Role to template
'''
self.cfn_template.add_resource(
Role(
title=constants.SERVICE_ROLE,
AssumeRolePolicyDocument=PolicyDocument(Statement=[
Statement(Effect=Allow,
Action=[AssumeRole],
Principal=Principal('Service',
['ecs.amazonaws.com']))
]),
Policies=[
Policy(
PolicyName='AmazonEC2ContainerServiceRole',
PolicyDocument=PolicyDocument(Statement=[
Statement(
Effect=Allow,
Action=[
Action('ec2',
'AuthorizeSecurityGroupIngress'),
Action('ec2', 'Describe*'),
Action(
'elasticloadbalancing',
'DeregisterInstancesFromLoadBalancer'),
Action('ecelasticloadbalancing2',
'Describe*'),
Action(
'elasticloadbalancing',
'RegisterInstancesWithLoadBalancer'),
Action('elasticloadbalancing',
'DeregisterTargets'),
Action('elasticloadbalancing',
'DescribeTargetGroups'),
Action('elasticloadbalancing',
'DescribeTargetHealth'),
Action('elasticloadbalancing',
'RegisterTargets')
],
Resource=['*'])
]))
]))
return self.cfn_template
def add_ecs_task_role(self):
'''
Add ECS Task Role to template
'''
self.cfn_template.add_resource(
Role(
title=constants.TASK_ROLE,
AssumeRolePolicyDocument=PolicyDocument(Statement=[
Statement(Effect=Allow,
Action=[AssumeRole],
Principal=Principal('Service',
['ecs-tasks.amazonaws.com']))
]),
Policies=[
Policy(PolicyName='ECSTaskDefinitionContainerRole',
PolicyDocument=PolicyDocument(Statement=[
Statement(Effect=Allow,
Action=[
Action('s3', 'GetObject'),
Action('kms', 'Encrypt'),
Action('kms', 'Decrypt')
],
Resource=['*'])
])),
Policy(
PolicyName='DemoAppContainerRole',
PolicyDocument=PolicyDocument(Statement=[
Statement(Effect=Allow,
Action=[
Action('dynamodb', 'BatchGetItem'),
Action('dynamodb', 'BatchWriteItem'),
Action('dynamodb', 'GetItem'),
Action('dynamodb', 'ListTables'),
Action('dynamodb', 'PutItem'),
Action('dynamodb', 'Query'),
Action('dynamodb', 'Scan'),
Action('dynamodb', 'UpdateItem'),
Action('dynamodb', 'DeleteItem')
],
Resource=['*'])
]))
]))
return self.cfn_template
def add_engine_log_group(self):
'''
Add Anchore Engine log group to template
'''
self.cfn_template.add_resource(
LogGroup(title=constants.ENG_LOG,
LogGroupName='demo-anchore-engine',
RetentionInDays=int('7')))
return self.cfn_template
def add_database_log_group(self):
'''
Add Anchore Database log group to template
'''
self.cfn_template.add_resource(
LogGroup(title=constants.DB_LOG,
LogGroupName='demo-anchore-database',
RetentionInDays=int('7')))
return self.cfn_template
def generate_template(d):
t = Template()
t.set_description(d["cf_template_description"])
S3bucket = t.add_resource(
Bucket(
"S3Bucket",
BucketName=Join("-", [d["project_name"], d["env"]]),
AccessControl=Private,
PublicAccessBlockConfiguration=PublicAccessBlockConfiguration(
BlockPublicAcls=True,
BlockPublicPolicy=True,
IgnorePublicAcls=True,
RestrictPublicBuckets=True,
),
Tags=Tags(d["tags"], {"Name": d["project_name"]}),
)
)
CFOriginAccessIdentity = t.add_resource(
CloudFrontOriginAccessIdentity(
"CFOriginAccessIdentity",
CloudFrontOriginAccessIdentityConfig=CloudFrontOriginAccessIdentityConfig(
Comment=Join(" ", ["Cloudfront Origin Access Identity", d["project_name"], d["env"]])
),
)
)
t.add_resource(
BucketPolicy(
"BucketPolicy",
Bucket=Ref("S3Bucket"),
PolicyDocument=dict(
Statement=[
dict(
Sid="Allow-cf",
Effect="Allow",
Action=[
"s3:GetObject",
"s3:ListBucket"
],
Principal=Principal(
"CanonicalUser",
GetAtt(CFOriginAccessIdentity, "S3CanonicalUserId")
),
Resource=[
Join("", ["arn:aws:s3:::", Ref("S3Bucket"), "/*"]),
Join("", ["arn:aws:s3:::", Ref("S3Bucket")]),
]
)
]
)
)
)
myDistribution = t.add_resource(
Distribution(
"myDistribution",
DistributionConfig=DistributionConfig(
Enabled=True,
HttpVersion='http2',
DefaultRootObject=d['default_root_object'],
Origins=[Origin(
Id=Join("-", [d["project_name"], d["env"]]),
DomainName=GetAtt(S3bucket, "DomainName"),
S3OriginConfig=S3OriginConfig(
OriginAccessIdentity=Join("/",["origin-access-identity", "cloudfront", Ref(CFOriginAccessIdentity)])
)
)],
DefaultCacheBehavior=DefaultCacheBehavior(
TargetOriginId=Join("-", [d["project_name"], d["env"]]),
ForwardedValues=ForwardedValues(
QueryString=False
),
ViewerProtocolPolicy="allow-all",
MaxTTL=0,
MinTTL=0,
DefaultTTL=0,
),
CustomErrorResponses=[CustomErrorResponse(
ErrorCachingMinTTL=0,
ErrorCode=404,
ResponsePagePath=Join("",["/", d['default_root_object']]),
ResponseCode=200,
)],
ViewerCertificate=ViewerCertificate(
CloudFrontDefaultCertificate=True
),
),
Tags=Tags(d["tags"], {"Name": d["project_name"]}),
)
)
t.add_output(Output(
"BucketName",
Value=Ref(S3bucket),
Description="Name of S3 bucket to hold website content"
))
t.add_output([
Output("DistributionId", Value=Ref(myDistribution)),
Output(
"DistributionName",
Value=Join("", ["http://", GetAtt(myDistribution, "DomainName")])),
])
return t
# Converted from Route53_RoundRobin.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Join, Parameter, Ref, Template
from troposphere.route53 import RecordSet, RecordSetGroup
t = Template()
t.set_description(
"AWS CloudFormation Sample Template Route53_RoundRobin: Sample template "
"showing how to use weighted round robin (WRR) DNS entried via Amazon "
"Route 53. This contrived sample uses weighted CNAME records to "
"illustrate that the weighting influences the return records. It assumes "
" that you already have a Hosted Zone registered with Amazon Route 53. "
"**WARNING** This template creates an Amazon EC2 instance. "
"You will be billed for the AWS resources used if you create "
"a stack from this template."
)
hostedzone = t.add_parameter(
Parameter(
"HostedZone",
Description="The DNS name of an existing Amazon Route 53 hosted zone",
Type="String",
)
)
myDNSRecord = t.add_resource(
RecordSetGroup(
"myDNSRecord",
HostedZoneName=Join("", [Ref(hostedzone), "."]),
from troposphere import Template, apigateway, Ref
def write_to_file(filename: str, data: str):
with open(filename, 'w') as out:
out.write(data)
template = Template()
template.set_description("JR-API gateway")
api = template.add_resource(
apigateway.RestApi("API",
Description="Job Registry API via CloudFormation",
Name="CF-Rom-Job Registry API",
EndpointConfiguration=apigateway.EndpointConfiguration(
Types=["REGIONAL"])))
api_image_method = template.add_resource(
apigateway.Method("auth",
ResourceId="auth",
ApiKeyRequired=False,
AuthorizationType="NONE",
HttpMethod="PUT",
RestApiId=Ref(api),
Integration=apigateway.Integration(
Uri="",
IntegrationResponses=[
apigateway.IntegrationResponse(
"Default",
def main(**params):
try:
# Metadata
t = Template()
t.set_version("2010-09-09")
t.set_description("(SOCA) - Base template to deploy compute nodes.")
allow_anonymous_data_collection = params["MetricCollectionAnonymous"]
debug = False
mip_usage = False
instances_list = params["InstanceType"].split("+")
asg_lt = asg_LaunchTemplate()
ltd = LaunchTemplateData("NodeLaunchTemplateData")
mip = MixedInstancesPolicy()
stack_name = Ref("AWS::StackName")
# Begin LaunchTemplateData
UserData = '''#!/bin/bash -xe
export PATH=$PATH:/usr/local/bin
if [[ "''' + params['BaseOS'] + '''" == "centos7" ]] || [[ "''' + params['BaseOS'] + '''" == "rhel7" ]];
then
EASY_INSTALL=$(which easy_install-2.7)
$EASY_INSTALL pip
PIP=$(which pip2.7)
$PIP install awscli
yum install -y nfs-utils # enforce install of nfs-utils
else
# Upgrade awscli on ALI (do not use yum)
EASY_INSTALL=$(which easy_install-2.7)
$EASY_INSTALL pip
PIP=$(which pip)
$PIP install awscli --upgrade
fi
if [[ "''' + params['BaseOS'] + '''" == "amazonlinux2" ]];
then
/usr/sbin/update-motd --disable
fi
GET_INSTANCE_TYPE=$(curl http://169.254.169.254/latest/meta-data/instance-type)
echo export "SOCA_CONFIGURATION="''' + str(params['ClusterId']) + '''"" >> /etc/environment
echo export "SOCA_BASE_OS="''' + str(params['BaseOS']) + '''"" >> /etc/environment
echo export "SOCA_JOB_QUEUE="''' + str(params['JobQueue']) + '''"" >> /etc/environment
echo export "SOCA_JOB_OWNER="''' + str(params['JobOwner']) + '''"" >> /etc/environment
echo export "SOCA_JOB_NAME="''' + str(params['JobName']) + '''"" >> /etc/environment
echo export "SOCA_JOB_PROJECT="''' + str(params['JobProject']) + '''"" >> /etc/environment
echo export "SOCA_VERSION="''' + str(params['Version']) + '''"" >> /etc/environment
echo export "SOCA_JOB_EFA="''' + str(params['Efa']).lower() + '''"" >> /etc/environment
echo export "SOCA_JOB_ID="''' + str(params['JobId']) + '''"" >> /etc/environment
echo export "SOCA_SCRATCH_SIZE=''' + str(params['ScratchSize']) + '''" >> /etc/environment
echo export "SOCA_INSTALL_BUCKET="''' + str(params['S3Bucket']) + '''"" >> /etc/environment
echo export "SOCA_INSTALL_BUCKET_FOLDER="''' + str(params['S3InstallFolder']) + '''"" >> /etc/environment
echo export "SOCA_FSX_LUSTRE_BUCKET="''' + str(params['FSxLustreConfiguration']['fsx_lustre']).lower() + '''"" >> /etc/environment
echo export "SOCA_FSX_LUSTRE_DNS="''' + str(params['FSxLustreConfiguration']['existing_fsx']).lower() + '''"" >> /etc/environment
echo export "SOCA_INSTANCE_TYPE=$GET_INSTANCE_TYPE" >> /etc/environment
echo export "SOCA_INSTANCE_HYPERTHREADING="''' + str(params['ThreadsPerCore']).lower() + '''"" >> /etc/environment
echo export "SOCA_HOST_SYSTEM_LOG="/apps/soca/''' + str(params['ClusterId']) + '''/cluster_node_bootstrap/logs/''' + str(params['JobId']) + '''/$(hostname -s)"" >> /etc/environment
echo export "AWS_STACK_ID=${AWS::StackName}" >> /etc/environment
echo export "AWS_DEFAULT_REGION=${AWS::Region}" >> /etc/environment
source /etc/environment
AWS=$(which aws)
# Give yum permission to the user on this specific machine
echo "''' + params['JobOwner'] + ''' ALL=(ALL) /bin/yum" >> /etc/sudoers
mkdir -p /apps
mkdir -p /data
# Mount EFS
echo "''' + params['EFSDataDns'] + ''':/ /data nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab
echo "''' + params['EFSAppsDns'] + ''':/ /apps nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab
mount -a
# Configure NTP
yum remove -y ntp
yum install -y chrony
mv /etc/chrony.conf /etc/chrony.conf.original
echo -e """
# use the local instance NTP service, if available
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
# !!! [BEGIN] SOCA REQUIREMENT
# You will need to open UDP egress traffic on your security group if you want to enable public pool
#pool 2.amazon.pool.ntp.org iburst
# !!! [END] SOCA REQUIREMENT
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# save data between restarts for fast re-load
dumponexit
dumpdir /var/run/chrony
""" > /etc/chrony.conf
systemctl enable chronyd
# Prepare Log folder
mkdir -p $SOCA_HOST_SYSTEM_LOG
echo "@reboot /bin/bash /apps/soca/$SOCA_CONFIGURATION/cluster_node_bootstrap/ComputeNodePostReboot.sh >> $SOCA_HOST_SYSTEM_LOG/ComputeNodePostInstall.log 2>&1" | crontab -
$AWS s3 cp s3://$SOCA_INSTALL_BUCKET/$SOCA_INSTALL_BUCKET_FOLDER/scripts/config.cfg /root/
/bin/bash /apps/soca/$SOCA_CONFIGURATION/cluster_node_bootstrap/ComputeNode.sh ''' + params['SchedulerHostname'] + ''' >> $SOCA_HOST_SYSTEM_LOG/ComputeNode.sh.log 2>&1'''
ltd.EbsOptimized = True
for instance in instances_list:
if "t2." in instance:
ltd.EbsOptimized = False
else:
# metal + t2 does not support CpuOptions
if "metal" not in instance:
ltd.CpuOptions = CpuOptions(
CoreCount=int(params["CoreCount"]),
ThreadsPerCore=1 if params["ThreadsPerCore"] is False else 2)
ltd.IamInstanceProfile = IamInstanceProfile(Arn=params["ComputeNodeInstanceProfileArn"])
ltd.KeyName = params["SSHKeyPair"]
ltd.ImageId = params["ImageId"]
if params["SpotPrice"] is not False and params["SpotAllocationCount"] is False:
ltd.InstanceMarketOptions = InstanceMarketOptions(
MarketType="spot",
SpotOptions=SpotOptions(
MaxPrice=Ref("AWS::NoValue") if params["SpotPrice"] == "auto" else str(params["SpotPrice"])
# auto -> cap at OD price
)
)
ltd.InstanceType = instances_list[0]
ltd.NetworkInterfaces = [NetworkInterfaces(
InterfaceType="efa" if params["Efa"] is not False else Ref("AWS::NoValue"),
DeleteOnTermination=True,
DeviceIndex=0,
Groups=[params["SecurityGroupId"]]
)]
ltd.UserData = Base64(Sub(UserData))
ltd.BlockDeviceMappings = [
BlockDeviceMapping(
DeviceName="/dev/xvda" if params["BaseOS"] == "amazonlinux2" else "/dev/sda1",
Ebs=EBSBlockDevice(
VolumeSize=params["RootSize"],
VolumeType="gp2",
DeleteOnTermination="false" if params["KeepEbs"] is True else "true",
Encrypted=True))
]
if int(params["ScratchSize"]) > 0:
ltd.BlockDeviceMappings.append(
BlockDeviceMapping(
DeviceName="/dev/xvdbx",
Ebs=EBSBlockDevice(
VolumeSize=params["ScratchSize"],
VolumeType="io1" if int(params["VolumeTypeIops"]) > 0 else "gp2",
Iops=params["VolumeTypeIops"] if int(params["VolumeTypeIops"]) > 0 else Ref("AWS::NoValue"),
DeleteOnTermination="false" if params["KeepEbs"] is True else "true",
Encrypted=True))
)
# End LaunchTemplateData
# Begin Launch Template Resource
lt = LaunchTemplate("NodeLaunchTemplate")
lt.LaunchTemplateName = params["ClusterId"] + "-" + str(params["JobId"])
lt.LaunchTemplateData = ltd
t.add_resource(lt)
# End Launch Template Resource
asg_lt.LaunchTemplateSpecification = LaunchTemplateSpecification(
LaunchTemplateId=Ref(lt),
Version=GetAtt(lt, "LatestVersionNumber")
)
asg_lt.Overrides = []
for instance in instances_list:
asg_lt.Overrides.append(LaunchTemplateOverrides(
InstanceType=instance))
# Begin InstancesDistribution
if params["SpotPrice"] is not False and \
params["SpotAllocationCount"] is not False and \
(params["DesiredCapacity"] - params["SpotAllocationCount"]) > 0:
mip_usage = True
idistribution = InstancesDistribution()
idistribution.OnDemandAllocationStrategy = "prioritized" # only supported value
idistribution.OnDemandBaseCapacity = params["DesiredCapacity"] - params["SpotAllocationCount"]
idistribution.OnDemandPercentageAboveBaseCapacity = "0" # force the other instances to be SPOT
idistribution.SpotMaxPrice = Ref("AWS::NoValue") if params["SpotPrice"] == "auto" else str(
params["SpotPrice"])
idistribution.SpotAllocationStrategy = params['SpotAllocationStrategy']
mip.InstancesDistribution = idistribution
# End MixedPolicyInstance
# Begin FSx for Lustre
if params["FSxLustreConfiguration"]["fsx_lustre"] is not False:
if params["FSxLustreConfiguration"]["existing_fsx"] is False:
fsx_lustre = FileSystem("FSxForLustre")
fsx_lustre.FileSystemType = "LUSTRE"
fsx_lustre.StorageCapacity = params["FSxLustreConfiguration"]["capacity"]
fsx_lustre.SecurityGroupIds = [params["SecurityGroupId"]]
fsx_lustre.SubnetIds = params["SubnetId"]
if params["FSxLustreConfiguration"]["s3_backend"] is not False:
fsx_lustre_configuration = LustreConfiguration()
fsx_lustre_configuration.ImportPath = params["FSxLustreConfiguration"]["import_path"] if params["FSxLustreConfiguration"]["import_path"] is not False else params["FSxLustreConfiguration"]["s3_backend"]
fsx_lustre_configuration.ExportPath = params["FSxLustreConfiguration"]["import_path"] if params["FSxLustreConfiguration"]["import_path"] is not False else params["FSxLustreConfiguration"]["s3_backend"] + "/" + params["ClusterId"] + "-fsxoutput/job-" + params["JobId"] + "/"
fsx_lustre.LustreConfiguration = fsx_lustre_configuration
fsx_lustre.Tags = base_Tags(
# False disable PropagateAtLaunch
Name=str(params["ClusterId"] + "-compute-job-" + params["JobId"]),
_soca_JobId=str(params["JobId"]),
_soca_JobName=str(params["JobName"]),
_soca_JobQueue=str(params["JobQueue"]),
_soca_StackId=stack_name,
_soca_JobOwner=str(params["JobOwner"]),
_soca_JobProject=str(params["JobProject"]),
_soca_KeepForever=str(params["KeepForever"]).lower(),
_soca_FSx="true",
_soca_ClusterId=str(params["ClusterId"]),
)
t.add_resource(fsx_lustre)
# End FSx For Lustre
# Begin AutoScalingGroup Resource
asg = AutoScalingGroup("AutoScalingComputeGroup")
asg.DependsOn = "NodeLaunchTemplate"
if mip_usage is True or instances_list.__len__() > 1:
mip.LaunchTemplate = asg_lt
asg.MixedInstancesPolicy = mip
else:
asg.LaunchTemplate = LaunchTemplateSpecification(
LaunchTemplateId=Ref(lt),
Version=GetAtt(lt, "LatestVersionNumber"))
asg.MinSize = int(params["DesiredCapacity"])
asg.MaxSize = int(params["DesiredCapacity"])
asg.VPCZoneIdentifier = params["SubnetId"]
if params["PlacementGroup"] is True:
pg = PlacementGroup("ComputeNodePlacementGroup")
pg.Strategy = "cluster"
t.add_resource(pg)
asg.PlacementGroup = Ref(pg)
asg.Tags = Tags(
Name=str(params["ClusterId"]) + "-compute-job-" + str(params["JobId"]),
_soca_JobId=str(params["JobId"]),
_soca_JobName=str(params["JobName"]),
_soca_JobQueue=str(params["JobQueue"]),
_soca_StackId=stack_name,
_soca_JobOwner=str(params["JobOwner"]),
_soca_JobProject=str(params["JobProject"]),
_soca_KeepForever=str(params["KeepForever"]).lower(),
_soca_ClusterId=str(params["ClusterId"]),
_soca_NodeType="soca-compute-node")
t.add_resource(asg)
# End AutoScalingGroup Resource
# Begin Custom Resource
# Change Mapping to No if you want to disable this
if allow_anonymous_data_collection is True:
metrics = CustomResourceSendAnonymousMetrics("SendAnonymousData")
metrics.ServiceToken = params["SolutionMetricLambda"]
metrics.DesiredCapacity = str(params["DesiredCapacity"])
metrics.InstanceType = str(params["InstanceType"])
metrics.Efa = str(params["Efa"])
metrics.ScratchSize = str(params["ScratchSize"])
metrics.RootSize = str(params["RootSize"])
metrics.SpotPrice = str(params["SpotPrice"])
metrics.BaseOS = str(params["BaseOS"])
metrics.StackUUID = str(params["StackUUID"])
metrics.KeepForever = str(params["KeepForever"])
metrics.FsxLustre = str(params["FSxLustreConfiguration"])
t.add_resource(metrics)
# End Custom Resource
if debug is True:
print(t.to_json())
# Tags must use "soca:<Key>" syntax
template_output = t.to_yaml().replace("_soca_", "soca:")
return {'success': True,
'output': template_output}
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
return {'success': False,
'output': 'cloudformation_builder.py: ' + (
str(e) + ': error :' + str(exc_type) + ' ' + str(fname) + ' ' + str(exc_tb.tb_lineno))}
MetricName="TestMetric",
Namespace="AWS/ElasticMapReduce",
Period="300",
Statistic="AVERAGE",
Threshold="50",
Unit="PERCENT",
Dimensions=[
emr.MetricDimension('my.custom.master.property',
'my.custom.master.value')
])))
]
return rules
template = Template()
template.set_description(
"Sample CloudFormation template for creating an EMR cluster")
keyname = template.add_parameter(
Parameter("KeyName",
Description="Name of an existing EC2 KeyPair to enable SSH "
"to the instances",
Type=KEY_PAIR_NAME))
subnet = template.add_parameter(
Parameter("Subnet",
Description="Subnet ID for creating the EMR cluster",
Type=SUBNET_ID))
spot = template.add_parameter(
Parameter("SpotPrice",
Description="Spot price (or use 0 for 'on demand' instance)",
def main():
# Initialize template
template = Template()
template.set_version("2010-09-09")
template.set_description("""\
Configures autoscaling group for nginx app""")
# Collect template properties through parameters
InstanceType = template.add_parameter(
Parameter(
"InstanceType",
Type="String",
Description="WebServer EC2 instance type",
Default="t2.small",
AllowedValues=[
"t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge"
],
ConstraintDescription="Must be a valid EC2 instance type.",
))
KeyName = template.add_parameter(
Parameter(
"KeyName",
Type="String",
Description="Name of an existing EC2 KeyPair to enable SSH access",
MinLength="1",
AllowedPattern="[\x20-\x7E]*",
MaxLength="255",
ConstraintDescription="Can contain only ASCII characters.",
))
ScaleCapacity = template.add_parameter(
Parameter(
"ScaleCapacity",
Default="1",
Type="String",
Description="Number of nginx servers to run",
))
PublicSubnet1 = template.add_parameter(
Parameter(
"PublicSubnet1",
Type="String",
Description=
"A public VPC subnet ID for the nginx app load balancer.",
))
PublicSubnet2 = template.add_parameter(
Parameter(
"PublicSubnet2",
Type="String",
Description="A public VPC subnet ID for the nginx load balancer.",
))
VPCAvailabilityZone2 = template.add_parameter(
Parameter(
"VPCAvailabilityZone2",
MinLength="1",
Type="String",
Description="Second availability zone",
MaxLength="255",
))
VPCAvailabilityZone1 = template.add_parameter(
Parameter(
"VPCAvailabilityZone1",
MinLength="1",
Type="String",
Description="First availability zone",
MaxLength="255",
))
PrivateSubnet2 = template.add_parameter(
Parameter(
"PrivateSubnet2",
Type="String",
Description="Second private VPC subnet ID for the nginx app.",
))
PrivateSubnet1 = template.add_parameter(
Parameter(
"PrivateSubnet1",
Type="String",
Description="First private VPC subnet ID for the nginx app.",
))
VpcId = template.add_parameter(
Parameter(
"VpcId",
Type="String",
Description="VPC Id.",
))
# as of now only provide centos based ami id
AmiId = template.add_parameter(
Parameter(
"AmiId",
Type="String",
Description="AMI Id.",
))
# Create a common security group
NginxInstanceSG = template.add_resource(
ec2.SecurityGroup(
"InstanceSecurityGroup",
VpcId=Ref(VpcId),
GroupDescription="Enable SSH and HTTP access on the inbound port",
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="22",
ToPort="22",
CidrIp="10.0.0.0/8",
),
ec2.SecurityGroupRule(
IpProtocol="tcp",
FromPort="80",
ToPort="80",
CidrIp="0.0.0.0/0",
)
]))
# Add the application LB
ApplicationElasticLB = template.add_resource(
elb.LoadBalancer("ApplicationElasticLB",
Name="ApplicationElasticLB",
Scheme="internet-facing",
Subnets=[Ref(PublicSubnet1),
Ref(PublicSubnet2)],
SecurityGroups=[Ref(NginxInstanceSG)]))
# Add Target Group for the ALB
TargetGroupNginx = template.add_resource(
elb.TargetGroup(
"TargetGroupNginx",
VpcId=Ref(VpcId),
HealthCheckIntervalSeconds="30",
HealthCheckProtocol="HTTP",
HealthCheckTimeoutSeconds="10",
HealthyThresholdCount="4",
Matcher=elb.Matcher(HttpCode="200"),
Name="NginxTarget",
Port="80",
Protocol="HTTP",
UnhealthyThresholdCount="3",
))
# Add ALB listener
Listener = template.add_resource(
elb.Listener("Listener",
Port="80",
Protocol="HTTP",
LoadBalancerArn=Ref(ApplicationElasticLB),
DefaultActions=[
elb.Action(Type="forward",
TargetGroupArn=Ref(TargetGroupNginx))
]))
# Add launch configuration for auto scaling
LaunchConfig = template.add_resource(
LaunchConfiguration(
"LaunchConfiguration",
ImageId=Ref(AmiId),
KeyName=Ref(KeyName),
AssociatePublicIpAddress="False",
LaunchConfigurationName="nginx-LC",
UserData=Base64(
Join('', [
"#!/bin/bash\n", "yum update\n", "yum -y install nginx\n",
"chkconfig nginx on\n", "service nginx start"
])),
SecurityGroups=[Ref(NginxInstanceSG)],
InstanceType=Ref(InstanceType)))
# Add auto scaling group
AutoscalingGroup = template.add_resource(
AutoScalingGroup(
"AutoscalingGroup",
DesiredCapacity=Ref(ScaleCapacity),
LaunchConfigurationName=Ref(LaunchConfig),
MinSize="1",
TargetGroupARNs=[Ref(TargetGroupNginx)],
MaxSize=Ref(ScaleCapacity),
VPCZoneIdentifier=[Ref(PrivateSubnet1),
Ref(PrivateSubnet2)],
AvailabilityZones=[
Ref(VPCAvailabilityZone1),
Ref(VPCAvailabilityZone2)
],
HealthCheckType="EC2"))
template.add_output(
Output("URL",
Description="URL of the sample website",
Value=Join("",
["http://",
GetAtt(ApplicationElasticLB, "DNSName")])))
#print(template.to_json())
with open('AutoScaling.yaml', 'w') as f:
f.write(template.to_yaml())
from troposphere import Ref, Template, Parameter
from troposphere.constants import STRING
import troposphere.ssm as ssm
t = Template()
t.set_description("2012-09-09")
rhel_patch_group_name = t.add_parameter(
Parameter("RHELPatchGroupName",
Type=STRING,
Description="The value of the RHEL patch group tag "
"that will have the baseline applied to them."))
windows_patch_group_name = t.add_parameter(
Parameter("WindowsPatchGroupName",
Type=STRING,
Description="The value of the Windows patch group tag"
"that will have baseline applied to them."))
linux_filter_group = ssm.PatchFilterGroup("LinuxGroup",
PatchFilters=[
ssm.PatchFilter(
"Linuxfilter",
Key="CLASSIFICATION",
Values=["Security"])
])
windows_filter_group = ssm.PatchFilterGroup("windowsGroup",
PatchFilters=[
ssm.PatchFilter(
"WindowsFilter",
from troposphere.ec2 import PortRange, NetworkAcl, Route, \
VPCGatewayAttachment, SubnetRouteTableAssociation, Subnet, RouteTable, \
VPC, NetworkInterfaceProperty, NetworkAclEntry, \
SubnetNetworkAclAssociation, EIP, Instance, InternetGateway, \
SecurityGroupRule, SecurityGroup
from troposphere.policies import CreationPolicy, ResourceSignal
from troposphere.cloudformation import Init, InitFile, InitFiles, \
InitConfig, InitService, InitServices
t = Template()
t.add_version('2010-09-09')
t.set_description("""\
AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: Sample \
template showing how to create a VPC and add an EC2 instance with an Elastic \
IP address and a security group. \
**WARNING** This template creates an Amazon EC2 instance. You will be billed \
for the AWS resources used if you create a stack from this template.""")
keyname_param = t.add_parameter(
Parameter(
'KeyName',
ConstraintDescription='must be the name of an existing EC2 KeyPair.',
Description='Name of an existing EC2 KeyPair to enable SSH access to \
the instance',
Type='AWS::EC2::KeyPair::KeyName',
))
sshlocation_param = t.add_parameter(
Parameter(
'SSHLocation',
# Converted from IAM_Users_Groups_and_Policies.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import GetAtt, Output, Ref, Template
from troposphere.iam import (
AccessKey,
Group,
LoginProfile,
PolicyType,
User,
UserToGroupAddition,
)
t = Template()
t.set_description("AWS CloudFormation Sample Template: This template "
"demonstrates the creation of IAM User/Group.")
cfnuser = t.add_resource(
User("CFNUser", LoginProfile=LoginProfile(Password="******")))
cfnusergroup = t.add_resource(Group("CFNUserGroup"))
cfnadmingroup = t.add_resource(Group("CFNAdminGroup"))
cfnkeys = t.add_resource(
AccessKey("CFNKeys", Status="Active", UserName=Ref(cfnuser)))
users = t.add_resource(
UserToGroupAddition(
"Users",
GroupName=Ref(cfnusergroup),
Users=[Ref(cfnuser)],
def get_or_create_kinesis_cloudformation_stack(projectName, kinesisStreamArn):
"""[create or get the cloudformation stack based on the project name
TODO: for somehow kinesisStream cloudformation snippet fails on xml parse
have to create it outside of stack
]
Arguments:
projectName {[String]} -- [ project name ]
kinesisStreamArn {[String]} -- [ kinesisStream Arn ]
Raises:
Exception: [ timeout or unexpected exception ]
Returns:
[ dict ] -- [ describe stack information ]
"""
cloudformationClient = boto3.client('cloudformation',
endpoint_url='http://localhost:4581',
region_name='us-west-2')
t = Template()
t.set_version('2010-09-09')
t.set_description(
"LocalStackTests Task one cloud formation template of S3 - kinesisStream and firehose"
)
# kinesisStream = get_or_create_kinesis_stream_resource( projectName + "kinesisStream" )
bucketName = projectName + "s3bucketStream"
s3bucket = create_s3_bucket_resource(projectName + "s3bucketStream")
deliveryRole = create_role_resource(projectName + "deliveryRole")
rootPolicy = create_root_Policy(projectName + "rootPolicy",
[Ref(deliveryRole)])
fireHoseDelivery = create_firehose_delivery_stream_resource(
projectName + "fireHoseDelivery", rootPolicy, kinesisStreamArn,
s3bucket, deliveryRole)
t.add_resource(s3bucket)
t.add_resource(rootPolicy)
t.add_resource(deliveryRole)
# t.add_resource( kinesisStream )
t.add_resource(fireHoseDelivery)
# print( t.to_yaml() )
t.add_output(
Output("BucketName",
Value=Ref(s3bucket),
Description="Name of S3 bucket"))
# t.add_output(Output(
# "StreamName",
# Value=Ref(kinesisStream),
# Description="Name of kinesis Stream"
# ))
stackName = projectName + 'Task1'
try:
task1_stack = cloudformationClient.create_stack(
StackName=stackName, TemplateBody=t.to_yaml())
except Exception as e:
# TODO: check other exceptions
pass
stackReady = wait_resource(cloudformationClient.describe_stacks,
check_cloudformation_stack_complete,
10,
StackName=stackName)
if stackReady:
res = cloudformationClient.describe_stacks(StackName=stackName)
return res['Stacks'][0]
else:
raise Exception(
"Fails to get recently created stack, try to wait for more time")
def main():
"""
Create a ElastiCache Redis Node and EC2 Instance
"""
template = Template()
# Description
template.set_description(
'AWS CloudFormation Sample Template ElastiCache_Redis:'
'Sample template showing how to create an Amazon'
'ElastiCache Redis Cluster. **WARNING** This template'
'creates an Amazon EC2 Instance and an Amazon ElastiCache'
'Cluster. You will be billed for the AWS resources used'
'if you create a stack from this template.')
# Mappings
template.add_mapping('AWSInstanceType2Arch', {
't1.micro': {'Arch': 'PV64'},
't2.micro': {'Arch': 'HVM64'},
't2.small': {'Arch': 'HVM64'},
't2.medium': {'Arch': 'HVM64'},
'm1.small': {'Arch': 'PV64'},
'm1.medium': {'Arch': 'PV64'},
'm1.large': {'Arch': 'PV64'},
'm1.xlarge': {'Arch': 'PV64'},
'm2.xlarge': {'Arch': 'PV64'},
'm2.2xlarge': {'Arch': 'PV64'},
'm2.4xlarge': {'Arch': 'PV64'},
'm3.medium': {'Arch': 'HVM64'},
'm3.large': {'Arch': 'HVM64'},
'm3.xlarge': {'Arch': 'HVM64'},
'm3.2xlarge': {'Arch': 'HVM64'},
'c1.medium': {'Arch': 'PV64'},
'c1.xlarge': {'Arch': 'PV64'},
'c3.large': {'Arch': 'HVM64'},
'c3.xlarge': {'Arch': 'HVM64'},
'c3.2xlarge': {'Arch': 'HVM64'},
'c3.4xlarge': {'Arch': 'HVM64'},
'c3.8xlarge': {'Arch': 'HVM64'},
'c4.large': {'Arch': 'HVM64'},
'c4.xlarge': {'Arch': 'HVM64'},
'c4.2xlarge': {'Arch': 'HVM64'},
'c4.4xlarge': {'Arch': 'HVM64'},
'c4.8xlarge': {'Arch': 'HVM64'},
'g2.2xlarge': {'Arch': 'HVMG2'},
'r3.large': {'Arch': 'HVM64'},
'r3.xlarge': {'Arch': 'HVM64'},
'r3.2xlarge': {'Arch': 'HVM64'},
'r3.4xlarge': {'Arch': 'HVM64'},
'r3.8xlarge': {'Arch': 'HVM64'},
'i2.xlarge': {'Arch': 'HVM64'},
'i2.2xlarge': {'Arch': 'HVM64'},
'i2.4xlarge': {'Arch': 'HVM64'},
'i2.8xlarge': {'Arch': 'HVM64'},
'd2.xlarge': {'Arch': 'HVM64'},
'd2.2xlarge': {'Arch': 'HVM64'},
'd2.4xlarge': {'Arch': 'HVM64'},
'd2.8xlarge': {'Arch': 'HVM64'},
'hi1.4xlarge': {'Arch': 'HVM64'},
'hs1.8xlarge': {'Arch': 'HVM64'},
'cr1.8xlarge': {'Arch': 'HVM64'},
'cc2.8xlarge': {'Arch': 'HVM64'}
})
template.add_mapping('AWSRegionArch2AMI', {
'us-east-1': {'PV64': 'ami-0f4cfd64',
'HVM64': 'ami-0d4cfd66',
'HVMG2': 'ami-5b05ba30'},
'us-west-2': {'PV64': 'ami-d3c5d1e3',
'HVM64': 'ami-d5c5d1e5',
'HVMG2': 'ami-a9d6c099'},
'us-west-1': {'PV64': 'ami-85ea13c1',
'HVM64': 'ami-87ea13c3',
'HVMG2': 'ami-37827a73'},
'eu-west-1': {'PV64': 'ami-d6d18ea1',
'HVM64': 'ami-e4d18e93',
'HVMG2': 'ami-72a9f105'},
'eu-central-1': {'PV64': 'ami-a4b0b7b9',
'HVM64': 'ami-a6b0b7bb',
'HVMG2': 'ami-a6c9cfbb'},
'ap-northeast-1': {'PV64': 'ami-1a1b9f1a',
'HVM64': 'ami-1c1b9f1c',
'HVMG2': 'ami-f644c4f6'},
'ap-southeast-1': {'PV64': 'ami-d24b4280',
'HVM64': 'ami-d44b4286',
'HVMG2': 'ami-12b5bc40'},
'ap-southeast-2': {'PV64': 'ami-ef7b39d5',
'HVM64': 'ami-db7b39e1',
'HVMG2': 'ami-b3337e89'},
'sa-east-1': {'PV64': 'ami-5b098146',
'HVM64': 'ami-55098148',
'HVMG2': 'NOT_SUPPORTED'},
'cn-north-1': {'PV64': 'ami-bec45887',
'HVM64': 'ami-bcc45885',
'HVMG2': 'NOT_SUPPORTED'}
})
template.add_mapping('Region2Principal', {
'us-east-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'us-west-2': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'us-west-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'eu-west-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'ap-southeast-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'ap-northeast-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'ap-southeast-2': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'sa-east-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'},
'cn-north-1': {'EC2Principal': 'ec2.amazonaws.com.cn',
'OpsWorksPrincipal': 'opsworks.amazonaws.com.cn'},
'eu-central-1': {'EC2Principal': 'ec2.amazonaws.com',
'OpsWorksPrincipal': 'opsworks.amazonaws.com'}
})
# Parameters
cachenodetype = template.add_parameter(Parameter(
'ClusterNodeType',
Description='The compute and memory capacity of the nodes in the Redis'
' Cluster',
Type='String',
Default='cache.m1.small',
AllowedValues=['cache.m1.small',
'cache.m1.large',
'cache.m1.xlarge',
'cache.m2.xlarge',
'cache.m2.2xlarge',
'cache.m2.4xlarge',
'cache.c1.xlarge'],
ConstraintDescription='must select a valid Cache Node type.',
))
instancetype = template.add_parameter(Parameter(
'InstanceType',
Description='WebServer EC2 instance type',
Type='String',
Default='t2.micro',
AllowedValues=['t1.micro',
't2.micro',
't2.small',
't2.medium',
'm1.small',
'm1.medium',
'm1.large',
'm1.xlarge',
'm2.xlarge',
'm2.2xlarge',
'm2.4xlarge',
'm3.medium',
'm3.large',
'm3.xlarge',
'm3.2xlarge',
'c1.medium',
'c1.xlarge',
'c3.large',
'c3.xlarge',
'c3.2xlarge',
'c3.4xlarge',
'c3.8xlarge',
'c4.large',
'c4.xlarge',
'c4.2xlarge',
'c4.4xlarge',
'c4.8xlarge',
'g2.2xlarge',
'r3.large',
'r3.xlarge',
'r3.2xlarge',
'r3.4xlarge',
'r3.8xlarge',
'i2.xlarge',
'i2.2xlarge',
'i2.4xlarge',
'i2.8xlarge',
'd2.xlarge',
'd2.2xlarge',
'd2.4xlarge',
'd2.8xlarge',
'hi1.4xlarge',
'hs1.8xlarge',
'cr1.8xlarge',
'cc2.8xlarge',
'cg1.4xlarge'],
ConstraintDescription='must be a valid EC2 instance type.',
))
keyname = template.add_parameter(Parameter(
'KeyName',
Description='Name of an existing EC2 KeyPair to enable SSH access'
' to the instance',
Type='AWS::EC2::KeyPair::KeyName',
ConstraintDescription='must be the name of an existing EC2 KeyPair.',
))
sshlocation = template.add_parameter(Parameter(
'SSHLocation',
Description='The IP address range that can be used to SSH to'
' the EC2 instances',
Type='String',
MinLength='9',
MaxLength='18',
Default='0.0.0.0/0',
AllowedPattern='(\\d{1,3})\\.(\\d{1,3})\\.'
'(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})',
ConstraintDescription='must be a valid IP CIDR range of the'
' form x.x.x.x/x.'
))
# Resources
webserverrole = template.add_resource(iam.Role(
'WebServerRole',
AssumeRolePolicyDocument=PolicyDocument(
Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal('Service',
[FindInMap('Region2Principal',
Ref('AWS::Region'),
'EC2Principal')]),
)
]
),
Path='/',
))
template.add_resource(iam.PolicyType(
'WebServerRolePolicy',
PolicyName='WebServerRole',
PolicyDocument=PolicyDocument(
Statement=[awacs.aws.Statement(
Action=[awacs.aws.Action("elasticache",
"DescribeCacheClusters")],
Resource=["*"],
Effect=awacs.aws.Allow
)]
),
Roles=[Ref(webserverrole)],
))
webserverinstanceprofile = template.add_resource(iam.InstanceProfile(
'WebServerInstanceProfile',
Path='/',
Roles=[Ref(webserverrole)],
))
webserversg = template.add_resource(ec2.SecurityGroup(
'WebServerSecurityGroup',
GroupDescription='Enable HTTP and SSH access',
SecurityGroupIngress=[
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort='22',
ToPort='22',
CidrIp=Ref(sshlocation),
),
ec2.SecurityGroupRule(
IpProtocol='tcp',
FromPort='80',
ToPort='80',
CidrIp='0.0.0.0/0',
)
]
))
webserverinstance = template.add_resource(ec2.Instance(
'WebServerInstance',
Metadata=cloudformation.Metadata(
cloudformation.Init({
'config': cloudformation.InitConfig(
packages={
'yum': {
'httpd': [],
'php': [],
'php-devel': [],
'gcc': [],
'make': []
}
},
files=cloudformation.InitFiles({
'/var/www/html/index.php': cloudformation.InitFile(
content=Join('', [
'<?php\n',
'echo \"<h1>AWS CloudFormation sample'
' application for Amazon ElastiCache'
' Redis Cluster</h1>\";\n',
'\n',
'$cluster_config = json_decode('
'file_get_contents(\'/tmp/cacheclusterconfig\''
'), true);\n',
'$endpoint = $cluster_config[\'CacheClusters'
'\'][0][\'CacheNodes\'][0][\'Endpoint\'][\'Add'
'ress\'];\n',
'$port = $cluster_config[\'CacheClusters\'][0]'
'[\'CacheNodes\'][0][\'Endpoint\'][\'Port\'];'
'\n',
'\n',
'echo \"<p>Connecting to Redis Cache Cluster '
'node \'{$endpoint}\' on port {$port}</p>\";'
'\n',
'\n',
'$redis=new Redis();\n',
'$redis->connect($endpoint, $port);\n',
'$redis->set(\'testkey\', \'Hello World!\');'
'\n',
'$return = $redis->get(\'testkey\');\n',
'\n',
'echo \"<p>Retrieved value: $return</p>\";'
'\n',
'?>\n'
]),
mode='000644',
owner='apache',
group='apache'
),
'/etc/cron.d/get_cluster_config':
cloudformation.InitFile(
content='*/5 * * * * root'
' /usr/local/bin/get_cluster_config',
mode='000644',
owner='root',
group='root'
),
'/usr/local/bin/get_cluster_config':
cloudformation.InitFile(
content=Join('', [
'#! /bin/bash\n',
'aws elasticache describe-cache-clusters ',
' --cache-cluster-id ',
Ref('RedisCluster'),
' --show-cache-node-info'
' --region ', Ref('AWS::Region'),
' > /tmp/cacheclusterconfig\n'
]),
mode='000755',
owner='root',
group='root'
),
'/usr/local/bin/install_phpredis':
cloudformation.InitFile(
content=Join('', [
'#! /bin/bash\n',
'cd /tmp\n',
'wget https://github.com/nicolasff/'
'phpredis/zipball/master -O phpredis.zip'
'\n',
'unzip phpredis.zip\n',
'cd nicolasff-phpredis-*\n',
'phpize\n',
'./configure\n',
'make && make install\n',
'touch /etc/php.d/redis.ini\n',
'echo extension=redis.so > /etc/php.d/'
'redis.ini\n'
]),
mode='000755',
owner='root',
group='root'
),
'/etc/cfn/cfn-hup.conf': cloudformation.InitFile(
content=Join('', [
'[main]\n',
'stack=', Ref('AWS::StackId'), '\n',
'region=', Ref('AWS::Region'), '\n'
]),
mode='000400',
owner='root',
group='root'
),
'/etc/cfn/hooks.d/cfn-auto-reloader.conf':
cloudformation.InitFile(
content=Join('', [
'[cfn-auto-reloader-hook]\n',
'triggers=post.update\n',
'path=Resources.WebServerInstance.Metadata'
'.AWS::CloudFormation::Init\n',
'action=/opt/aws/bin/cfn-init -v ',
' --stack ', Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ', Ref('AWS::Region'),
'\n',
'runas=root\n'
]),
# Why doesn't the Amazon template have this?
# mode='000400',
# owner='root',
# group='root'
),
}),
commands={
'01-install_phpredis': {
'command': '/usr/local/bin/install_phpredis'
},
'02-get-cluster-config': {
'command': '/usr/local/bin/get_cluster_config'
}
},
services={
"sysvinit": cloudformation.InitServices({
"httpd": cloudformation.InitService(
enabled=True,
ensureRunning=True,
),
"cfn-hup": cloudformation.InitService(
enabled=True,
ensureRunning=True,
files=['/etc/cfn/cfn-hup.conf',
'/etc/cfn/hooks.d/'
'cfn-auto-reloader.conf']
),
}),
},
)
})
),
ImageId=FindInMap('AWSRegionArch2AMI', Ref('AWS::Region'),
FindInMap('AWSInstanceType2Arch',
Ref(instancetype), 'Arch')),
InstanceType=Ref(instancetype),
SecurityGroups=[Ref(webserversg)],
KeyName=Ref(keyname),
IamInstanceProfile=Ref(webserverinstanceprofile),
UserData=Base64(Join('', [
'#!/bin/bash -xe\n',
'yum update -y aws-cfn-bootstrap\n',
'# Setup the PHP sample application\n',
'/opt/aws/bin/cfn-init -v ',
' --stack ', Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ', Ref('AWS::Region'), '\n',
'# Signal the status of cfn-init\n',
'/opt/aws/bin/cfn-signal -e $? ',
' --stack ', Ref('AWS::StackName'),
' --resource WebServerInstance ',
' --region ', Ref('AWS::Region'), '\n'
])),
CreationPolicy=CreationPolicy(
ResourceSignal=ResourceSignal(Timeout='PT15M')
),
Tags=Tags(Application=Ref('AWS::StackId'),
Details='Created using Troposhpere')
))
redisclustersg = template.add_resource(elasticache.SecurityGroup(
'RedisClusterSecurityGroup',
Description='Lock the cluster down',
))
template.add_resource(elasticache.SecurityGroupIngress(
'RedisClusterSecurityGroupIngress',
CacheSecurityGroupName=Ref(redisclustersg),
EC2SecurityGroupName=Ref(webserversg),
))
template.add_resource(elasticache.CacheCluster(
'RedisCluster',
Engine='redis',
CacheNodeType=Ref(cachenodetype),
NumCacheNodes='1',
CacheSecurityGroupNames=[Ref(redisclustersg)],
))
# Outputs
template.add_output([
Output(
'WebsiteURL',
Description='Application URL',
Value=Join('', [
'http://',
GetAtt(webserverinstance, 'PublicDnsName'),
])
)
])
# Print CloudFormation Template
print(template.to_json())
# Converted from S3_Bucket.template located at:
# http://aws.amazon.com/cloudformation/aws-cloudformation-templates/
from troposphere import Output, Ref, Template
from troposphere.s3 import Bucket, PublicRead, VersioningConfiguration, \
LifecycleConfiguration, LifecycleRule, NoncurrentVersionTransition, \
LifecycleRuleTransition
t = Template()
t.set_description(
"AWS CloudFormation Sample Template S3_Bucket: Sample template showing :"
"How to create a publicly accessible S3 bucket. "
"How to enable bucket object versions. "
"How to archive and delete current objects. "
"How to archive and delete non current (versioned) objects. "
"**WARNING** This template creates an Amazon S3 Bucket. "
"You will be billed for the AWS resources used if you create "
"a stack from this template.")
s3bucket = t.add_resource(
Bucket(
"S3Bucket",
# Make public Read
AccessControl=PublicRead,
# Turn on Versioning to the whole S3 Bucket
VersioningConfiguration=VersioningConfiguration(Status="Enabled", ),
# Attach a LifeCycle Configuration
LifecycleConfiguration=LifecycleConfiguration(Rules=[
# Add a rule to
LifecycleRule(
class VPCTemplateBuilder:
"""Build troposphere CFN templates for VPC creation."""
def __init__(self, vpc_config, description="VPC built by VPCBuilder"):
self.__template = Template()
self.__template.set_version("2010-09-09")
self.__template.set_description(description)
self.__vpc_config = vpc_config
def build(self):
"""Build the template."""
self.__build_template()
return self.__template
def __build_template(self):
vpc = self.__build_vpc()
internet_gateway = self.__build_internet_gateway(vpc)
nat_gateway = None
subnet_refs = []
for subnet in self.__vpc_config.subnets:
subnet_ref = self.__build_subnet(subnet, vpc)
subnet_refs.append(subnet_ref)
if subnet.has_nat_gateway:
nat_gateway = self.__build_nat_gateway(subnet, subnet_ref)
for subnet, subnet_ref in zip(self.__vpc_config.subnets, subnet_refs):
self.__build_route_table(subnet, subnet_ref, vpc, internet_gateway, nat_gateway)
def __build_vpc(self):
vpc_config = self.__vpc_config
vpc = self.__template.add_resource(
VPC(
vpc_config.name,
CidrBlock=vpc_config.cidr,
EnableDnsSupport=vpc_config.enable_dns_support,
EnableDnsHostnames=vpc_config.enable_dns_hostnames,
Tags=vpc_config.tags,
)
)
self.__template.add_output(Output("VpcId", Value=Ref(vpc), Description="VPC Id"))
return vpc
def __build_internet_gateway(self, vpc: VPC):
internet_gateway = self.__template.add_resource(
InternetGateway("InternetGateway", Tags=Tags(Name=Ref("AWS::StackName"), Stack=Ref("AWS::StackId")))
)
self.__template.add_resource(
VPCGatewayAttachment("VPCGatewayAttachment", VpcId=Ref(vpc), InternetGatewayId=Ref(internet_gateway))
)
return internet_gateway
def __build_subnet(self, subnet_config: SubnetConfig, vpc: VPC):
subnet = Subnet(
subnet_config.name,
CidrBlock=subnet_config.cidr,
VpcId=Ref(vpc),
MapPublicIpOnLaunch=subnet_config.map_public_ip_on_launch,
Tags=subnet_config.tags(),
)
if subnet_config.availability_zone:
subnet.AvailabilityZone = subnet_config.availability_zone
self.__template.add_resource(subnet)
self.__template.add_output(Output(subnet_config.name + "Id", Value=Ref(subnet)))
return subnet
def __build_nat_gateway(self, subnet_config: SubnetConfig, subnet_ref: Subnet):
nat_eip = self.__template.add_resource(EIP("NatEIP" + subnet_config.name, Domain="vpc"))
return self.__template.add_resource(
NatGateway(
"NatGateway" + subnet_config.name,
AllocationId=GetAtt(nat_eip, "AllocationId"),
SubnetId=Ref(subnet_ref),
)
)
def __build_route_table(
self,
subnet_config: SubnetConfig,
subnet_ref: Subnet,
vpc: VPC,
internet_gateway: InternetGateway,
nat_gateway: NatGateway,
):
route_table = self.__template.add_resource(
RouteTable(
"RouteTable" + subnet_config.name,
VpcId=Ref(vpc),
Tags=Tags(Name=Sub("${AWS::StackName}_route_table_" + subnet_config.name), Stack=Ref("AWS::StackId")),
)
)
self.__template.add_resource(
SubnetRouteTableAssociation(
"RouteAssociation" + subnet_config.name, SubnetId=Ref(subnet_ref), RouteTableId=Ref(route_table)
)
)
if subnet_config.default_gateway == Gateways.INTERNET_GATEWAY:
self.__template.add_resource(
Route(
"DefaultRoute" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(internet_gateway),
)
)
elif subnet_config.default_gateway == Gateways.NAT_GATEWAY:
self.__template.add_resource(
Route(
"NatRoute" + subnet_config.name,
RouteTableId=Ref(route_table),
DestinationCidrBlock="0.0.0.0/0",
NatGatewayId=Ref(nat_gateway),
)
)
