import pulumi
from pulumi_aws import ec2, get_ami, GetAmiFilterArgs
group = ec2.SecurityGroup('web-secgrp', ingress=[
# Uncomment to fail a test:
#{ "protocol": "tcp", "from_port": 22, "to_port": 22, "cidr_blocks": ["0.0.0.0/0"] },
{ "protocol": "tcp", "from_port": 80, "to_port": 80, "cidr_blocks": ["0.0.0.0/0"] },
])
user_data = '#!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 &'
ami_id = get_ami(
most_recent=True,
owners=["099720109477"],
filters=[
GetAmiFilterArgs(
name="name",
values=["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
)]
).id
server = ec2.Instance('web-server-www',
instance_type="t2.micro",
vpc_security_group_ids=[ group.id ], # reference the group object above
# Comment out to fail a test:
tags={'Name': 'webserver'}, # name tag
# Uncomment to fail a test:
#user_data=user_data) # start a simple web server
ami=ami_id)
# Copyright 2016-2018, Pulumi Corporation. All rights reserved.
import pulumi
from pulumi_aws import ec2
from ami import get_linux_ami
size = 't2.micro'
group = ec2.SecurityGroup('web-secgrp',
description='Enable HTTP access',
ingress=[{
'protocol': 'tcp',
'from_port': 80,
'to_port': 80,
'cidr_blocks': ['0.0.0.0/0']
}])
server = ec2.Instance('web-server-www',
instance_type=size,
security_groups=[group.name],
ami=get_linux_ami(size))
pulumi.export('public_ip', server.public_ip)
pulumi.export('public_dns', server.public_dns)
"""
import pulumi
from pulumi_aws import ec2
# Writes an index.html file, then runs the built-in Python
# webserver module on port 80.
user_data = """#!/bin/bash
echo "<h1>Hello, World!</h1><p>From a Pulumi-managed EC2 server.</p>" > index.html
nohup python -m SimpleHTTPServer 80 &
"""
instance = ec2.Instance(
'web-server-www;',
instance_type="t2.micro",
tags={"Owner": "Chris"},
# AMI for Amazon Linux 2 us-east-2 (Ohio)
ami="ami-0f7919c33c90f5b58",
user_data=user_data)
group = ec2.SecurityGroup(
'web-secgrp',
ingress=[
# SSH
{
"protocol": "tcp",
"from_port": 22,
"to_port": 22,
"cidr_blocks": ["0.0.0.0/0"]
},
# HTTP
import pulumi
from pulumi_aws import ec2
group = ec2.SecurityGroup(
'web-secgrp',
ingress=[
# Uncomment to fail a test:
#{ "protocol": "tcp", "from_port": 22, "to_port": 22, "cidr_blocks": ["0.0.0.0/0"] },
{
"protocol": "tcp",
"from_port": 80,
"to_port": 80,
"cidr_blocks": ["0.0.0.0/0"]
},
])
user_data = '#!/bin/bash echo "Hello, World!" > index.html nohup python -m SimpleHTTPServer 80 &'
server = ec2.Instance(
'web-server-www;',
instance_type="t2.micro",
security_groups=[group.name], # reference the group object above
# Comment out to fail a test:
tags={'Name': 'webserver'}, # name tag
ami="ami-c55673a0") # AMI for us-east-2 (Ohio)
# Uncomment to fail a test:
#user_data=user_data) # start a simple web server
# difficulty trying to automate an AMI selection
AMI = "ami-7172b611"
sg_web = ec2.SecurityGroup("web-in",
ingress=[{
'protocol': 'tcp',
'from_port': 80,
'to_port': 80,
'cidr_blocks': ["0.0.0.0/0"]
}])
instances_web = []
for i in range(COUNT):
inst = ec2.Instance('Terraform Demo {}'.format(i),
ami=AMI,
availability_zone=AZONE,
instance_type="t2.micro",
vpc_security_group_ids=[sg_web.id])
instances_web.append(inst)
volumes_web = []
for i in range(COUNT):
vol = ebs.Volume(
'Terraform Demo {}'.format(i),
# strange that you can set the azone for instances with pulumi config
# but it doesn't take for volumes
availability_zone=AZONE,
size=10)
volumes_web.append(vol)
volumes_attach = []
from pulumi import StackReference, Config, export
from pulumi_aws import get_ami, ec2
config = Config()
company_stack = StackReference(config.require("companyStack"))
department_stack = StackReference(config.require("departmentStack"))
combines_tags = {
"department": department_stack.get_output("departmentName"),
"company": company_stack.get_output("companyName"),
"team": config.require("teamName"),
"Managed By": "Pulumi",
}
ami_id = get_ami(
most_recent="true",
owners=["099720109477"],
filters=[{
"name":
"name",
"values": ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
}]).id
instance = ec2.Instance("tagged",
instance_type="t2.medium",
ami=ami_id,
tags=combines_tags)
export("instance_id", instance.id)
export("instance_tags", instance.tags)
'cidr_blocks': ['0.0.0.0/0']
}],
egress=[{
'protocol': '-1',
'from_port': 0,
'to_port': 0,
'cidr_blocks': ['0.0.0.0/0']
}])
# Create an EC2 (using the ami previously retrieved)
instance = ec2.Instance(
f"nextcloud-webserver-www-{env}",
instance_type=size,
# reference security group from above
security_groups=[group.name],
ami=ami.id,
key_name=keyPairName,
associate_public_ip_address=True,
availability_zone=availabilityZone,
user_data=userScript_final,
tags={'Name': f"nextcloud-{env}"},
opts=pulumi.ResourceOptions(delete_before_replace=True, ))
# Associate our Elastic IP to the instance
elastic_ip_association = ec2.EipAssociation(
f"nextcloud-elastic-ip-association{env}",
opts=None,
allocation_id=None,
allow_reassociation=None,
instance_id=instance.id,
network_interface_id=None,
private_ip_address=None,
# TODO add ebs_block_devices
# TODO add volume_tags
# TODO add iam_instance_profile
# TODO add user_data
# TODO how to allow access to private instance without copying SSH key to this
# machine? Looks like I need `SSH agent forwarding`.
public_server_1 = ec2.Instance(
resource_name='new-public-ec2-1',
ami=_ami, # TypeError if not present
instance_type=_instance_type, # TypeError if not present
security_groups=[public_sg.id],
availability_zone=_az1,
subnet_id=public_subnet_1.id,
associate_public_ip_address=False,
key_name=_key_name,
# TODO `Quiver`: `Pulumi > Questions > Adding tags forces EC2 replacement?`
# edit: I also changed the instance's `resource_name`
tags={
'Name': 'infra public ec2 1 (front-back-autoscaling)',
'Creator': 'timc'
})
public_server_2 = ec2.Instance(
resource_name='new-public-ec2-2',
ami=_ami, # TypeError if not present
instance_type=_instance_type, # TypeError if not present
security_groups=[public_sg.id],
availability_zone=_az2,
subnet_id=public_subnet_2.id,
def Instance():
resource_specs = ParseYAML(resource_type).getSpecs()
aws_subnet_id = Subnets.SubnetId()
aws_sg_id = SecurityGroups.SecurityGroupId()
aws_keypair_id = KeyPairs.KeyPairId()
for ec2_instance_name, ec2_instance_configuration in resource_specs[
"instance"].items():
# AWS EC2 Dynamic Variables
resource_name = ec2_instance_name
resource_number_of_instances = ec2_instance_configuration[
"number_of_instances"] if "number_of_instances" in ec2_instance_configuration else 1
resource_ami = ec2_instance_configuration[
"ami"] if "ami" in ec2_instance_configuration else None
resource_instance_type = ec2_instance_configuration[
"instance_type"] if "instance_type" in ec2_instance_configuration else None
resource_subnet = ec2_instance_configuration[
"subnet"] if "subnet" in ec2_instance_configuration else None
resource_security_groups = ec2_instance_configuration[
"security_groups"] if "security_groups" in ec2_instance_configuration else None
resource_ebs_optimization = ec2_instance_configuration[
"ebs_optimization"] if "ebs_optimization" in ec2_instance_configuration else None
resource_root_disk_volume_type = ec2_instance_configuration[
"root_disk"][
"volume_type"] if "volume_type" in ec2_instance_configuration[
"root_disk"] else None
resource_root_disk_volume_size = ec2_instance_configuration[
"root_disk"][
"volume_size"] if "volume_size" in ec2_instance_configuration[
"root_disk"] else None
resource_additional_disks = ec2_instance_configuration[
"additional_disks"] if "additional_disks" in ec2_instance_configuration else None
resource_public_ipv4_address = ec2_instance_configuration[
"public_ipv4_address"] if "public_ipv4_address" in ec2_instance_configuration else None
resource_keypair = ec2_instance_configuration[
"ssh_key"] if "ssh_key" in ec2_instance_configuration else None
resource_user_data = ec2_instance_configuration[
"user_data"] if "user_data" in ec2_instance_configuration else None
resource_password_data = ec2_instance_configuration[
"password"] if "password" in ec2_instance_configuration else None
resource_tags = None
resource_tags = ec2_instance_configuration[
"tags"] if "tags" in ec2_instance_configuration else None
# Getting list of tags from configuration file
tags_list = {}
if resource_tags is not None:
for each_tag_name, each_tag_value in resource_tags.items():
tags_list.update({each_tag_name: each_tag_value})
# Adding mandatory tags
tags_list.update({"Name": resource_name})
tags_list.update({
"Project/Stack":
pulumi.get_project() + "/" + pulumi.get_stack()
})
tags_list.update(resource_mandatory_tags)
this_subnet = aws_subnet_id[str(resource_subnet)]
# Check if the KeyPair is provided or not
if resource_keypair is not None:
this_keypair = aws_keypair_id[str(resource_keypair)]
# Getting the list of security groups found
security_groups_list = []
for each_security_group_found in resource_security_groups:
this_security_group = aws_sg_id[str(each_security_group_found)]
security_groups_list.append(this_security_group)
for number_of_instances in range(
1,
int(resource_number_of_instances) + 1):
if resource_number_of_instances > 1:
resource_final_name = (
resource_name +
str("-" + str(number_of_instances)).zfill(4))
else:
resource_final_name = resource_name
#
# Create EC2
#
ec2_instance = ec2.Instance(
resource_final_name,
ami=resource_ami,
instance_type=resource_instance_type,
associate_public_ip_address=resource_public_ipv4_address,
subnet_id=this_subnet,
vpc_security_group_ids=security_groups_list,
key_name=this_keypair,
ebs_optimized=resource_ebs_optimization,
root_block_device={
"volume_type": resource_root_disk_volume_type,
"volume_size": resource_root_disk_volume_size
},
user_data=resource_user_data,
get_password_data=resource_password_data,
tags=tags_list)
#
# Additional Disks (EBS Volumes)
#
if resource_additional_disks is not None:
# This variable is used down below
# by Volume Attachment
additional_disks_found = 0
for additional_disk_name, additional_disk_config in resource_additional_disks.items(
):
if additional_disk_name is not None:
# Setting up the default values
# for each individual EBS volume
default_additional_disk_config_az = ec2_instance.availability_zone
default_additional_disk_config_type = "gp2"
default_additional_disk_config_size = 20
if additional_disk_config is not None:
additional_disk_config_az = additional_disk_config[
"availability_zone"] if "availability_zone" in additional_disk_config else default_additional_disk_config_az
additional_disk_config_type = additional_disk_config[
"volume_type"] if "volume_type" in additional_disk_config else default_additional_disk_config_type
additional_disk_config_size = additional_disk_config[
"volume_size"] if "volume_size" in additional_disk_config else default_additional_disk_config_size
else:
additional_disk_config_az = default_additional_disk_config_az
additional_disk_config_type = default_additional_disk_config_type
additional_disk_config_size = default_additional_disk_config_size
# Create EBS Volume
ebs_volume = ebs.Volume(
additional_disk_name,
availability_zone=additional_disk_config_az,
type=additional_disk_config_type,
size=additional_disk_config_size,
tags={
"Name": additional_disk_name,
})
#
# EBS Volume Attachment
#
additional_disks_letter = range(
98, 123) # Getting a letter between 'b' and 'z'
additional_disk_assigned_letter = additional_disks_letter[
additional_disks_found]
additional_disk_device_lettet = "/dev/sd{:c}".format(
additional_disk_assigned_letter)
ebs_attachment = ec2.VolumeAttachment(
(additional_disk_name + "-attachment"),
device_name=additional_disk_device_lettet,
volume_id=ebs_volume.id,
instance_id=ec2_instance.id)
additional_disks_found = additional_disks_found + 1
# NOTE EC2 ID Dictionary
# Update resource dictionaries
ec2_ids_dict.update({ec2_instance._name: ec2_instance.id})
# NOTE Values Test
# Print statements below are used only for
# testing the functionality, can be ignored
# print("Instance name:", ec2_instance._name)
# print("Instance ID:", ec2_instance.id)
# Export the name of each EC2 Instance
pulumi.export(
ec2_instance._name,
[{
"ID": ec2_instance.id,
"ARN": ec2_instance.arn,
"State": ec2_instance.instance_state,
"Password (Windows)": ec2_instance.password_data,
"Private DNS": ec2_instance.private_dns,
"Public DNS": ec2_instance.public_dns,
"Public IP": ec2_instance.public_ip,
"Primary ENI":
ec2_instance.primary_network_interface_id
}])
'Creator': 'timc'
})
# TODO add ebs_block_devices
# TODO add volume_tags
# TODO add iam_instance_profile
# TODO add user_data
server = ec2.Instance(
resource_name='new-ec2',
ami='ami-032509850cf9ee54e', # TypeError if not present
instance_type=_instance_type, # TypeError if not present
security_groups=[sg.id],
availability_zone=_availability_zone,
subnet_id=subnet.id,
associate_public_ip_address=False,
key_name='sl-us-west-2',
# TODO `Quiver`: `Pulumi > Questions > Adding tags forces EC2 replacement?`
# edit: I also changed the instance's `resource_name`
tags={
'Name': 'infra ec2',
'Creator': 'timc'
})
# TODO bug? If you include `associate_with_private_ip = server.private_ip` but
# leave off `instance = server.id`, the association is not created
eip = ec2.Eip(resource_name='new-eip',
instance=server.id,
associate_with_private_ip=server.private_ip,
tags={
'Name': 'infra eip',
"values": [ec2_image_id]
}],
owners=[ec2_image_owner])
# Create a EC2 security group
pulumi_security_group = ec2.SecurityGroup(
'pulumi-secgrp',
description='pulumi: enable SSH access & outgoing connections',
ingress=[{
'protocol': 'tcp',
'from_port': ec2_ssh_port,
'to_port': ec2_ssh_port,
'cidr_blocks': ['0.0.0.0/0']
}],
egress=[{
'protocol': '-1',
'from_port': 0,
'to_port': 0,
'cidr_blocks': ['0.0.0.0/0']
}])
# Create EC2 instance
ec2_instance = ec2.Instance(ec2_instance_name,
key_name=ec2_keypair_name,
instance_type=ec2_instance_size,
security_groups=[pulumi_security_group.name],
ami=pulumi_ami.id)
pulumi.export('publicIp', ec2_instance.public_ip)
pulumi.export('publicHostName', ec2_instance.public_dns)
),
undefined=LoggingUndefined)
template_env.globals['include_raw'] = include_raw
template = template_env.get_template('user-data.j2')
user_data = template.render(template_vars)
with open('user-data.test', 'w') as f:
f.write(user_data)
pulumi.info(msg='generated user-data from user-data.j2')
elif os.path.exists('user-data.txt'):
with open('user-data.txt') as f:
user_data = f.read()
pulumi.info(msg='read user-data from user-data.txt')
server = ec2.Instance('server',
instance_type=instance_type,
security_groups=[web_group.name, ssh_group.name],
user_data=user_data,
ami=ami)
if DEBUG:
pulumi.info("web_group={}".format(attributes(web_group)))
pulumi.info("web_group.vpc_id={}".format(
Output.all(web_group.vpc_id).apply(lambda s: f"{s[0]}")))
pulumi.info("ssh_group={}".format(attributes(ssh_group)))
pulumi.info("ssh_group.vpc_id={}".format(
ssh_group.vpc_id.apply(lambda s: f"{s[0]}")))
# Determining the user account for a given AMI is not an easy
# task. For details on how to get the default user name, see
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html
# Hard code the user until this can be derived programatically.
import pulumi
from pulumi_aws import ec2
size = 't2.micro'
ami_id = 'ami-0475f60cdd8fd2120' # us-west-2
group = ec2.SecurityGroup('web-secgrp',
description='Enable HTTP access',
ingress=[{
'protocol': 'tcp',
'from_port': 80,
'to_port': 80,
'cidr_blocks': ['0.0.0.0/0']
}])
user_data = """
#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &
"""
server = ec2.Instance('web-server-www',
instance_type=size,
security_groups=[group.name],
user_data=user_data,
ami=ami_id)
pulumi.export('public_ip', server.public_ip)
