def test_getcidr_withsizemask(self):
raw = Cidr("10.1.10.1/24", 2, 10)
actual = raw.to_dict()
expected = {"Fn::Cidr": ["10.1.10.1/24", 2, 10]}
self.assertEqual(expected, actual)
def ssm_network():
template = Template()
default_route = "0.0.0.0/0"
vpc_cidr = "192.168.0.0/16"
template.add_parameter(Parameter(
"VpcCidr",
Type="String",
Description="Cidr block for VPC",
MinLength="9",
MaxLength="18",
Default=vpc_cidr,
AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
ConstraintDescription="Must match following pattern 'xxx.xxx.xxx.xxx/xx'"
))
template.add_parameter(Parameter(
"CreateEndpoints",
Type="String",
Description="Create VPC Endpoints",
Default="No",
AllowedValues=["Yes", "No"],
ConstraintDescription="'Yes' or 'No' are only options"
))
template.add_parameter(Parameter(
"CreateNatGateway",
Type="String",
Description="Create NAT Gateway",
Default="No",
AllowedValues=["Yes", "No"],
ConstraintDescription="'Yes' or 'No' are only options"
))
conditions = {
"CreateVpcEndpointsUpperYes": Equals(
Ref("CreateEndpoints"), "Yes"
),
"CreateVpcEndpointsLowerYes": Equals(
Ref("CreateEndpoints"), "yes"
),
"CreateVpcEndpoints": Or(
Condition("CreateVpcEndpointsUpperYes"),
Condition("CreateVpcEndpointsLowerYes")
),
"CreateNatGatewayUpperYes": Equals(
Ref("CreateNatGateway"), "Yes"
),
"CreateNatGatewayLowerYes": Equals(
Ref("CreateNatGateway"), "yes"
),
"CreateNatGateway": Or(
Condition("CreateNatGatewayUpperYes"),
Condition("CreateNatGatewayLowerYes")
)
}
ssm_vpc = ec2.VPC(
'SsmVpc',
CidrBlock=Ref("VpcCidr"),
InstanceTenancy="default",
EnableDnsHostnames=True,
EnableDnsSupport=True,
Tags=Tags(
Name="SSM VPC"
)
)
subnet_blocks = Cidr(GetAtt(ssm_vpc, "CidrBlock"), 256, 8)
ssm_ig = ec2.InternetGateway(
'SsmIG',
)
ssm_attach_gw = ec2.VPCGatewayAttachment(
'SsmAttachGateway',
InternetGatewayId=Ref(ssm_ig),
VpcId=Ref(ssm_vpc)
)
ssm_public_subnet = ec2.Subnet(
'SsmPublicSubnet',
DependsOn=ssm_attach_gw,
AvailabilityZone=Select(0, GetAZs('')),
CidrBlock=Select(0, subnet_blocks),
VpcId=Ref(ssm_vpc),
Tags=Tags(
Name="Public Subnet"
)
)
ssm_public_route_table = ec2.RouteTable(
'SsmPublicRouteTable',
VpcId=Ref(ssm_vpc),
)
ssm_public_route = ec2.Route(
'SsmPublicRoute',
DestinationCidrBlock=default_route,
GatewayId=Ref(ssm_ig),
RouteTableId=Ref(ssm_public_route_table)
)
ssm_public_subnet_route_table_association = ec2.SubnetRouteTableAssociation(
'SsmPublicSubnetRouteTableAssociation',
RouteTableId=Ref(ssm_public_route_table),
SubnetId=Ref(ssm_public_subnet)
)
ssm_eip_nat_gateway = ec2.EIP(
'SsmEipNatGateway',
Condition="CreateNatGateway"
)
ssm_nat_gateway = ec2.NatGateway(
'SsmNatGateway',
Condition="CreateNatGateway",
DependsOn=ssm_eip_nat_gateway,
SubnetId=Ref(ssm_public_subnet),
AllocationId=GetAtt(ssm_eip_nat_gateway, "AllocationId"),
)
ssm_private_subnet = ec2.Subnet(
'SsmPrivateSubnet',
DependsOn=ssm_attach_gw,
AvailabilityZone=Select(0, GetAZs('')),
CidrBlock=Select(1, subnet_blocks),
VpcId=Ref(ssm_vpc),
Tags=Tags(
Name="Private Subnet"
)
)
ssm_private_route_table = ec2.RouteTable(
'SsmPrivateRouteTable',
VpcId=Ref(ssm_vpc),
)
ssm_private_route = ec2.Route(
'SsmPrivateRoute',
Condition="CreateNatGateway",
DestinationCidrBlock=default_route,
NatGatewayId=Ref(ssm_nat_gateway),
RouteTableId=Ref(ssm_private_route_table)
)
ssm_private_subnet_route_table_association = ec2.SubnetRouteTableAssociation(
'SsmPrivateSubnetRouteTableAssociation',
RouteTableId=Ref(ssm_private_route_table),
SubnetId=Ref(ssm_private_subnet)
)
ssm_sg_ingress_rules = [
ec2.SecurityGroupRule(
ToPort=443,
FromPort=443,
IpProtocol="tcp",
CidrIp=GetAtt(ssm_vpc, "CidrBlock")
)
]
ssm_security_group = ec2.SecurityGroup(
'SsmSecurityGroup',
GroupName="SsmSG",
GroupDescription="SG for SSM usage",
VpcId=Ref(ssm_vpc),
SecurityGroupIngress=ssm_sg_ingress_rules
)
ssm_s3e_vpc_endpoint = ec2.VPCEndpoint(
'SsmS3VpcEndpoint',
Condition="CreateVpcEndpoints",
RouteTableIds=[
Ref(ssm_private_route_table)
],
ServiceName=vpc_endpoint("s3"),
VpcId=Ref(ssm_vpc),
VpcEndpointType="Gateway"
)
ssm_ssm_vpc_endpoint = ec2.VPCEndpoint(
'SsmSsmVpcEndpoint',
Condition="CreateVpcEndpoints",
SubnetIds=[Ref(ssm_private_subnet)],
ServiceName=vpc_endpoint("ssm"),
VpcId=Ref(ssm_vpc),
VpcEndpointType="Interface",
SecurityGroupIds=[
Ref(ssm_security_group)
],
PrivateDnsEnabled=True
)
ssm_ssmmessages_vpc_endpoint = ec2.VPCEndpoint(
'SsmSsmMessagesVpcEndpoint',
Condition="CreateVpcEndpoints",
SubnetIds=[Ref(ssm_private_subnet)],
ServiceName=vpc_endpoint("ssmmessages"),
VpcId=Ref(ssm_vpc),
VpcEndpointType="Interface",
SecurityGroupIds=[
Ref(ssm_security_group)
],
PrivateDnsEnabled=True
)
ssm_ec2messages_vpc_endpoint = ec2.VPCEndpoint(
'SsmEc2MessagesVpcEndpoint',
Condition="CreateVpcEndpoints",
SubnetIds=[Ref(ssm_private_subnet)],
ServiceName=vpc_endpoint("ec2messages"),
VpcId=Ref(ssm_vpc),
VpcEndpointType="Interface",
SecurityGroupIds=[
Ref(ssm_security_group)
],
PrivateDnsEnabled=True
)
template.add_resource(ssm_vpc)
template.add_resource(ssm_ig)
template.add_resource(ssm_attach_gw)
template.add_resource(ssm_eip_nat_gateway)
template.add_resource(ssm_public_subnet)
template.add_resource(ssm_public_route_table)
template.add_resource(ssm_nat_gateway)
template.add_resource(ssm_public_route)
template.add_resource(ssm_public_subnet_route_table_association)
template.add_resource(ssm_private_subnet)
template.add_resource(ssm_private_route_table)
template.add_resource(ssm_private_route)
template.add_resource(ssm_private_subnet_route_table_association)
template.add_resource(ssm_security_group)
template.add_resource(ssm_s3e_vpc_endpoint)
template.add_resource(ssm_ec2messages_vpc_endpoint)
template.add_resource(ssm_ssm_vpc_endpoint)
template.add_resource(ssm_ssmmessages_vpc_endpoint)
for k in conditions:
template.add_condition(k, conditions[k])
template.add_output(Output(
'SsmVpc',
Description="VPC for SSM",
Value=Ref(ssm_vpc),
Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-vpc"]))
))
template.add_output(Output(
'SsmSg',
Description="Security Group for SSM",
Value=Ref(ssm_security_group),
Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-sg"]))
))
template.add_output(Output(
'SsmPrivateSubnet',
Description="Private Subnet for SSM",
Value=Ref(ssm_private_subnet),
Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-private-subnet"]))
))
template.add_output(Output(
'SsmPrivateRouteTable',
Description="Private RouteTable for SSM",
Value=Ref(ssm_private_route_table),
Export=Export(Join("", [Ref("AWS::StackName"), "-ssm-private-route-table"]))
))
with open(os.path.dirname(os.path.realpath(__file__)) + '/ssm_network.yml', 'w') as cf_file:
cf_file.write(template.to_yaml())
return template.to_yaml()
def test_getcidr(self):
raw = Cidr("10.1.10.1/24", 2)
actual = raw.to_dict()
expected = {"Fn::Cidr": ["10.1.10.1/24", 2]}
self.assertEqual(expected, actual)
def test_getcidr_withsizemask(self):
raw = Cidr("10.1.10.1/24", 2, 10)
actual = raw.to_dict()
expected = {'Fn::Cidr': ["10.1.10.1/24", 2, 10]}
self.assertEqual(expected, actual)
def test_getcidr(self):
raw = Cidr("10.1.10.1/24", 2)
actual = raw.to_dict()
expected = {'Fn::Cidr': ["10.1.10.1/24", 2]}
self.assertEqual(expected, actual)
def create_template():
template = Template(Description="Simple public VPC")
availability_zones = template.add_parameter(
Parameter(
"AvailabilityZones",
Type="String",
))
vpc = template.add_resource(
VPC(
"Vpc",
CidrBlock="10.10.0.0/16",
EnableDnsHostnames=False,
EnableDnsSupport=True,
Tags=Tags(Name=StackName),
))
dhcp_options = template.add_resource(
DHCPOptions(
"DhcpOptions",
NtpServers=["169.254.169.123"],
DomainNameServers=["AmazonProvidedDNS"],
Tags=Tags(Name=StackName),
))
template.add_resource(
VPCDHCPOptionsAssociation(
"VpcDhcpOptionsAssociation",
VpcId=Ref(vpc),
DhcpOptionsId=Ref(dhcp_options),
))
internet_gateway = template.add_resource(
InternetGateway(
"InternetGateway",
Tags=Tags(Name=StackName),
))
vpc_gateway_attachment = template.add_resource(
VPCGatewayAttachment(
"VpcGatewayAttachment",
VpcId=Ref(vpc),
InternetGatewayId=Ref(internet_gateway),
))
subnet = template.add_resource(
Subnet(
"Subnet0",
MapPublicIpOnLaunch=True,
VpcId=Ref(vpc),
CidrBlock=Select(0, Cidr(GetAtt(vpc, "CidrBlock"), 8, 8)),
AvailabilityZone=Select(0, Split(",", Ref(availability_zones))),
Tags=Tags(Name=StackName),
))
route_table = template.add_resource(
RouteTable(
"RouteTable0",
VpcId=Ref(vpc),
Tags=Tags(Name=StackName),
))
internet_route = template.add_resource(
Route(
"InternetRoute0",
DestinationCidrBlock="0.0.0.0/0",
GatewayId=Ref(internet_gateway),
RouteTableId=Ref(route_table),
DependsOn=[vpc_gateway_attachment],
))
template.add_resource(
SubnetRouteTableAssociation(
"SubnetRouteTableAssocation0",
RouteTableId=Ref(route_table),
SubnetId=Ref(subnet),
))
template.add_output(Output(
"VpcId",
Value=Ref(vpc),
))
template.add_output(Output(
"SubnetIds",
Value=Ref(subnet),
))
return template
GroupId=Ref("CustomSg"),
IpProtocol="-1",
FromPort="0",
ToPort="0",
CidrIp="0.0.0.0/0")
])
for _ in range(subnetcount):
if _ % 2 is 0:
typ = "Public"
else:
typ = "Private"
t.add_resource(
Subnet(F"S{_}",
AvailabilityZone=fazes[_],
CidrBlock=Select(_, Cidr(cidr, subnetcount, subnetmask)),
VpcId=Ref("vpc"),
Tags=Tags(Name=F"{stackname}-{typ}-Subnet")))
for _ in range(subnetcount):
if _ % 2 is 0:
t.add_resource(
SubnetRouteTableAssociation(F"S{_}RTA",
RouteTableId=Ref("PublicRt"),
SubnetId=Ref(F"S{_}")))
else:
t.add_resource(
SubnetRouteTableAssociation(F"S{_}RTA",
RouteTableId=Ref("PrivateRt"),
SubnetId=Ref(F"S{_}")))
from troposphere import Template, Ref, GetAtt, Select, Cidr
import troposphere.ec2 as ec2
t = Template()
r_vpc = t.add_resource(ec2.VPC('VPC', CidrBlock='10.0.0.0/24'))
r_subnet_az1 = t.add_resource(
ec2.Subnet('SubnetAz1',
CidrBlock=Select(0, Cidr(GetAtt(r_vpc, 'CidrBlock'), 2, 7)),
VpcId=Ref(r_vpc),
AvailabilityZone='eu-west-1a'))
print(t.to_yaml())
