def ECR_Repositories(key): PolicyStatementAccounts = [] for n, v in cfg.EcrAccount.items(): mapname = f"EcrAccount{n}Id" # Ex. EcrAccountPrdId # conditions add_obj(get_condition(mapname, "not_equals", "none")) if "Pull" in v["Policy"]: PolicyStatementAccount = ECRRepositoryPolicyStatementAccountPull( name=mapname) PolicyStatementAccounts.append( If(mapname, PolicyStatementAccount, Ref("AWS::NoValue"))) if "Push" in v["Policy"]: PolicyStatementAccount = ECRRepositoryPolicyStatementAccountPush( name=mapname) PolicyStatementAccounts.append( If(mapname, PolicyStatementAccount, Ref("AWS::NoValue"))) # Resources for n, v in getattr(cfg, key).items(): resname = f"{key}{n}" Repo = ecr.Repository(resname) auto_get_props(Repo, indexname=n) Repo.RepositoryPolicyText["Statement"].extend(PolicyStatementAccounts) add_obj(Repo)
def test_ecr_with_tags(self): repo = ecr.Repository( "ECRRepo", RepositoryName="myrepo", Tags=Tags(Name='myrepo'), ) repo.to_dict()
def create_template(self): """Create template.""" template = self.template variables = self.get_variables() for repo in variables["Repositories"]: template.add_resource( ecr.Repository("%sRepository" % repo, RepositoryName=repo,) )
def create_docker_repository_resource(template, docker_repository_name_variable): return template.add_resource( ecr.Repository( 'DockerRepository', RepositoryName=docker_repository_name_variable, LifecyclePolicy=ecr.LifecyclePolicy( LifecyclePolicyText='{"rules":[{"rulePriority":1,"description":"Remove untagged images older than 1 week","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}}]}' ) ) )
def resources(self, stack: Stack) -> list[AWSObject]: """Construct and return a ECR Repository.""" return [ ecr.Repository( name_to_id(self.name), ImageScanningConfiguration={"scanOnPush": "true"}, ImageTagMutability="IMMUTABLE", RepositoryName=self.name, Tags=Tags({"Name": self.name, **self.tags}), ) ]
def add_resources(self): """Add resources to template.""" template = self.template variables = self.get_variables() for repo in variables['RepoNames']: ecrrepo = template.add_resource( ecr.Repository('{}Repo'.format(sub('-', '', repo)), RepositoryName=repo)) template.add_output( Output(ecrrepo.title, Description='ECR repo ({})'.format(ecrrepo.title), Value=Ref(ecrrepo)))
def build_repo(self, t): repo = t.add_resource(ecr.Repository('{}ECRRepo'.format(self.name))) t.add_output([ Output('{}ECRRepo'.format(self.name), Value=Ref(repo)), Output('{}ECRRepoUrl'.format(self.name), Value=Join('', [ Ref("AWS::AccountId"), ".dkr.ecr.", Ref("AWS::Region"), ".amazonaws.com/", Ref(repo) ])) ]) return repo
def create_template(self) -> None: """Create template.""" for repo in self.variables["Repositories"]: self.template.add_resource( ecr.Repository("%sRepository" % repo, RepositoryName=repo))
# Troposphere to create CloudFormation template to build the Clair image # By Jason Umiker ([email protected]) from troposphere import Output, Join, Ref, Template from troposphere import AWS_ACCOUNT_ID, AWS_REGION from troposphere import ecr, s3, iam, codebuild t = Template() t.add_description("Template to set up a CodeBuild for the Clair container") # Create the clair Repository Repository = t.add_resource( ecr.Repository("Repository", RepositoryName="clair")) # Create the S3 Bucket for Output S3Bucket = t.add_resource(s3.Bucket("ClairBuildOutput")) # CodeBuild Service Role ServiceRole = t.add_resource( iam.Role("InstanceRole", AssumeRolePolicyDocument={ "Statement": [{ 'Effect': 'Allow', 'Principal': { 'Service': 'codebuild.amazonaws.com' }, "Action": "sts:AssumeRole" }] }))
Parameter( 'BuildSubnet', Type='AWS::EC2::Subnet::Id', Description='A VPC subnet ID for the build.', )) build_subnet2 = t.add_parameter( Parameter( 'BuildSubnet2', Type='AWS::EC2::Subnet::Id', Description='A 2nd VPC subnet ID for the build.', )) # Create the ghost Repository Repository = t.add_resource( ecr.Repository("Repository", RepositoryName="ghost")) # Create the S3 Bucket for Output S3Bucket = t.add_resource(s3.Bucket("GhostClairBuildOutput")) # Create Security group for the build jobs build_security_group = ec2.SecurityGroup( "BuildSecurityGroup", GroupDescription="Ghost Build Security Group.", VpcId=Ref(build_vpc)) t.add_resource(build_security_group) # CodeBuild Service Role ServiceRole = t.add_resource( iam.Role("InstanceRole", AssumeRolePolicyDocument={
# Template to create a CodeBuild Project to build nginx # By Jason Umiker ([email protected]) # comment from troposphere import Output, Join, Ref, Template from troposphere import AWS_ACCOUNT_ID, AWS_REGION from troposphere import ecr, s3, iam, codebuild t = Template() # Create the nginx Repository Repository = t.add_resource( ecr.Repository( "Repository", RepositoryName="nginx" ) ) # Create the S3 Bucket for Output NginxBuildOutputBucket = t.add_resource( s3.Bucket( "NginxBuildOutputBucket" ) ) # CodeBuild Service Role CodeBuildServiceRole = t.add_resource(iam.Role( "CodeBuildServiceRole", AssumeRolePolicyDocument={ "Statement": [ { 'Effect': 'Allow',
"How to convert username to fully qualified name (%[email protected])", Type="String")) idp_duo_apiHost = t.add_parameter( Parameter("duoapiHost", Description="API endpoint location from Duo", Type="String")) idp_duo_integrationKey = t.add_parameter( Parameter("duointegrationKey", Description="Integration Key from Duo", Type="String")) # Create the ECR Repository Repository = t.add_resource( ecr.Repository("Repository", RepositoryName="shibboleth")) #Create the Redirect Repository RedirectRepository = t.add_resource( ecr.Repository("RedirectRepository", RepositoryName="shibboleth-redirect")) # Create the S3 Bucket for the Configuration S3Bucket = t.add_resource(s3.Bucket("ConfigBucket")) # Create instance/task roles # Instance Role InstanceRole = t.add_resource( iam.Role("InstanceRole", AssumeRolePolicyDocument={ "Statement": [{ 'Effect': 'Allow',
'#!/bin/bash\n', 'echo ECS_CLUSTER=', Ref(ecs_cluster), ' >> /etc/ecs/ecs.config;echo ECS_BACKEND_HOST= >> /etc/ecs/ecs.config;' ]) ) ) ) ) # Create the Docker repository. docker_repository = template.add_resource( ecr.Repository( 'DockerRepository', RepositoryName=Ref(docker_repository_name), LifecyclePolicy=ecr.LifecyclePolicy( LifecyclePolicyText='{"rules":[{"rulePriority":1,"description":"Remove untagged images older than 1 week","selection":{"tagStatus":"untagged","countType":"sinceImagePushed","countUnit":"days","countNumber":7},"action":{"type":"expire"}}]}' ) ) ) # Create the ECS task definitions. api_log_group = template.add_resource( logs.LogGroup( 'ApiLogGroup', LogGroupName=Ref(api_log_group_name), RetentionInDays=7 ) ) queue_worker_log_group = template.add_resource(