def generate_json(): r = {} t = Template() # t.add_description(Join('', ["DOMjudge Cluster - ", Ref('AWS::StackName')])) t.add_description("DOMjudge Cluster") r['notify_topic'] = Select(0, Ref("AWS::NotificationARNs")) t.add_mapping('SizeMap', { 'nano': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, 'small': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, 'medium': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, 'large': { 'RDSInstanceType': 'db.t2.micro', 'WebInstanceType': 't2.micro', 'WebASGMinSize': 1, 'WebASGMaxSize': 4, 'JudgeASGMinSize': 1, 'JudgeASGMaxSize': 4, }, }) parameters.init(t, r) dynamodb.init(t, r) iam.init(t, r) securitygroups.init(t, r) rds.init(t, r) webserver.init(t, r) judgehost.init(t, r) return t.to_json()
def output_template(self): template = Template() for parameter in self.parameters: template.add_parameter(parameter) for mapping in self.mappings: template.add_mapping(mapping[0], mapping[1]) for resource in self.resources: template.add_resource(resource) for output in self.outputs: template.add_output(output) print template.to_json() return
def InstanceVolumeTemplate(self): self.stack_name = "volumeTest{0}".format(int(time.time())) template = Template() keyname_param = template.add_parameter( Parameter( "KeyName", Description="Name of an existing EC2 KeyPair " "to enable SSH access to the instance", Type="String", )) template.add_mapping('RegionMap', {"": { "AMI": self.tester.get_emi().id }}) for i in xrange(2): ec2_instance = template.add_resource( ec2.Instance("Instance{0}".format(i), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=[self.group.name], UserData=Base64("80"))) vol = template.add_resource( ec2.Volume("Volume{0}".format(i), Size="8", AvailabilityZone=GetAtt("Instance{0}".format(i), "AvailabilityZone"))) mount = template.add_resource( ec2.VolumeAttachment("MountPt{0}".format(i), InstanceId=Ref("Instance{0}".format(i)), VolumeId=Ref("Volume{0}".format(i)), Device="/dev/vdc")) stack = self.tester.create_stack(self.stack_name, template.to_json(), parameters=[("KeyName", self.keypair.name)]) def stack_completed(): return self.tester.cloudformation.describe_stacks( self.stack_name).status == "CREATE_COMPLETE" self.tester.wait_for_result(stack_completed, True, timeout=600) self.tester.delete_stack(self.stack_name)
def create_cft(): """"Creates the CFT""" template = Template() template.add_version("2010-09-09") template.add_description("CFT to create merch cube user") # Add Parameters for param in parameters: template.add_parameter(param) # Add Maps template.add_mapping("EnvGroupToEnv", env_group_to_env) # Add Resources template.add_resource(managed_policy) template.add_resource(merch_cube_user) return template
def InstanceVolumeTemplate(self): self.stack_name = "volumeTest{0}".format(int(time.time())) template = Template() keyname_param = template.add_parameter(Parameter("KeyName", Description="Name of an existing EC2 KeyPair " "to enable SSH access to the instance", Type="String",)) template.add_mapping('RegionMap', {"": {"AMI": self.tester.get_emi().id}}) for i in xrange(2): ec2_instance = template.add_resource(ec2.Instance("Instance{0}".format(i), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=[self.group.name], UserData=Base64("80"))) vol = template.add_resource(ec2.Volume("Volume{0}".format(i), Size="8", AvailabilityZone=GetAtt("Instance{0}".format(i), "AvailabilityZone"))) mount = template.add_resource(ec2.VolumeAttachment("MountPt{0}".format(i), InstanceId=Ref("Instance{0}".format(i)), VolumeId=Ref("Volume{0}".format(i)), Device="/dev/vdc")) stack = self.tester.create_stack(self.stack_name, template.to_json(), parameters=[("KeyName",self.keypair.name)]) def stack_completed(): return self.tester.cloudformation.describe_stacks(self.stack_name).status == "CREATE_COMPLETE" self.tester.wait_for_result(stack_completed, True, timeout=600) self.tester.delete_stack(self.stack_name)
class Stack(object): def __init__(self): self.template = Template() self.template.add_version("2010-09-09") self.template.add_description("Creates resources for a Ethereum node") parameters = Parameters() vpn = Vpn(parameters=parameters) for key, value in Mappings().mappings.iteritems(): self.template.add_mapping(key, value) for param in parameters.values(): self.template.add_parameter(param) for res in vpn.values(): self.template.add_resource(res) self.template.add_metadata({ "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "EC2" }, "Parameters": [ "InstanceImage", "InstanceKeyPair", "InstanceStorageData", "InstanceStorageOS", "InstanceType" ] }, { "Label": { "default": "VPC" }, "Parameters": ["VPC"] }, ] } })
class DevDeployment(AbstractDeployment): def __init__(self, template=None): super(DevDeployment, self).__init__('dev') if template: self.template = template else: self.template = Template() self.template.add_version("2010-09-09") self.template.add_description("DevDeployment EC2 instance") self.template.add_parameter( Parameter("Os", Description="Chosen operating system", Type="String", Default="AmazonLinux2", AllowedValues=[ "AmazonLinux2", "Windows2016Base", ])) self.template.add_mapping( 'AmiByOs', { "us-east-1": { "Windows2016Base": "ami-06bee8e1000e44ca4", "AmazonLinux2": "ami-0c6b1d09930fac512", }, "us-west-2": { "Windows2016Base": "ami-07f35a597a32e470d", "AmazonLinux2": "ami-0cb72367e98845d43", }, }) self.template.add_resource( ec2.Instance( "DevEc2", ImageId=FindInMap("AmiByOs", Ref("AWS::Region"), Ref("Os")), InstanceType="t2.small", ))
def base_template(self): t = Template() t.add_mapping("AWSRegion2AMI", {"eu-west-1": {"AMI": "ami-00d88f77"}}) if "vpc" in self.data: t.add_mapping("SubnetConfig", {"VPC": self.data["vpc"]}) else: t.add_mapping( "SubnetConfig", { "VPC": { "CIDR": "10.0.0.0/16", "SubnetA": "10.0.0.0/20", "SubnetB": "10.0.16.0/20", "SubnetC": "10.0.32.0/20", } }, ) return t
], ConstraintDescription='must be a environment type.')) t.add_mapping( 'prod', { 'cidr': { 'Vpc': '10.0.0.0/16', 'Public': '10.0.0.0/24', 'Private': '10.0.1.0/24' }, 'tags': { 'Vpc': 'vpc', 'Igw': 'igw', 'PublicSubnet': 'prod-PublicSubnet', 'PrivateSubnet': 'prod-PrivateSubnet', 'PublicRouteTable': 'prod-PublicRoute', 'PrivateRouteTable': 'prod-PrivateRoute', 'NatGateway': 'prod-NatGateway' }, 'output': { 'Vpc': 'prod-vpc-id', 'Igw': 'prod-igw-id', 'PublicSubnet': 'prod-PublicSubnet-id', 'PrivateSubnet': 'prod-PrivateSubnet-id', 'PublicRouteTable': 'prod-PublicRoute-id', 'PrivateRouteTable': 'prod-PrivateRoute-id', 'NatGateway': 'prod-NatGateway-id' } }) t.add_mapping( 'veri', {
private_servers = [] db_servers = [] template = Template() template.add_description('This template for AWS Cloud Formation. Ilevel Project') keyname_param = template.add_parameter(Parameter( "KeyName", Description="Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="String", )) template.add_mapping('RegionMap', { "us-west-2": {"AMI": "ami-83a5bce2"}, }) security_groups = [template.add_resource(ec2.SecurityGroup( "WEB", GroupDescription='For WEB servers', SecurityGroupIngress=[{'CidrIp': '0.0.0.0/0', 'FromPort': '22', 'IpProtocol': 'tcp', 'ToPort': '22'}, {'CidrIp': '0.0.0.0/0', 'FromPort': '80', 'IpProtocol': 'tcp', 'ToPort': '80'}], )),
# Converted from EC2InstanceSample.template located at: # http://aws.amazon.com/cloudformation/aws-cloudformation-templates/ import troposphere.ec2 as ec2 from troposphere import (Base64, cloudformation, FindInMap, GetAtt, GetAZs, Join, Parameter, Output, Ref, Tags, Template) template = Template() template.add_mapping('RegionMap', { "us-east-1": { "AMI": "ami-4d87fc5a" }, }) ec2_instance_1 = template.add_resource( ec2.Instance("Ec2Instance1", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName="mcheriyath", SecurityGroups=["mcheriyath-sg"], Tags=Tags(**{ 'Name': 'DevOpsDenver', 'Owner': '*****@*****.**' }))) ec2_instance_2 = template.add_resource( ec2.Instance("Ec2Instance2", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName="mcheriyath",
Cookies=cloudfront.Cookies( Forward= 'all', # Don't do this. Done here to validate cookie-removal logic ), ), ), ViewerCertificate=cloudfront.ViewerCertificate( AcmCertificateArn=Ref(acm_cert), SslSupportMethod='sni-only', ), ), Tags=GetAtt(cloudformation_tags, 'TagList'), )) hosted_zone_map = "HostedZoneMap" template.add_mapping(hosted_zone_map, cfnutils.mappings.r53_hosted_zone_id()) template.add_resource( route53.RecordSetType( "DomainA", AliasTarget=route53.AliasTarget( DNSName=GetAtt(example_distribution, 'DomainName'), HostedZoneId=FindInMap(hosted_zone_map, Ref(AWS_REGION), 'CloudFront'), ), Comment=Sub('DNS for ${AWS::StackName}'), HostedZoneName=Join('', [Ref(param_hosted_zone_name), '.']), Name=domain_name, Type='A', )) template.add_resource(
def test_multiple_mappings(self): template = Template() template.add_mapping("map", {"k1": {"n1": "v1"}}) template.add_mapping("map", {"k2": {"n2": "v2"}}) json = template.to_json() self.assertEqual(multiple_mappings, json)
Roles=[Ref(AccessRoleAmbari)], )) CFNRolePolicies = t.add_resource(iam.PolicyType( "CFNRolePolicies", PolicyName="CFNaccess", PolicyDocument={ "Statement": [{ "Action": "cloudformation:Describe*", "Resource": "*", "Effect": "Allow" }] }, Roles=[Ref("AccessRoleAmbari")], )) t.add_mapping("CENTOS7", { "eu-west-1": {"AMI": "ami-33734044"}, "ap-southeast-1": {"AMI": "ami-2a7b6b78"}, "ap-southeast-2": {"AMI": "ami-d38dc6e9"}, "eu-central-1": {"AMI": "ami-e68f82fb"}, "ap-northeast-1": {"AMI": "ami-b80b6db8"}, "us-east-1": {"AMI": "ami-61bbf104"}, "sa-east-1": {"AMI": "ami-fd0197e0"}, "us-west-1": {"AMI": "ami-f77fbeb3"}, "us-west-2": {"AMI": "ami-d440a6e7"} }) waitHandleAmbari = t.add_resource(WaitConditionHandle("waitHandleAmbari")) waitConditionAmbari = t.add_resource( WaitCondition( "waitConditionAmbari", Handle=Ref(waitHandleAmbari), Timeout="2700",
# -*- coding: utf-8 -*- from troposphere import FindInMap, Ref from troposphere import Template, Tags import troposphere.rds as rds t = Template() t.add_version("2010-09-09") t.add_description("rds sample") t.add_mapping("RDSConfig", { "Sample": { "TagName": "RDSSample", "username": "******", "password": "******", "dbname": "sample", "subnetids": [ "subnet-xxxxxxxa", "subnet-xxxxxxxc" ] }, }) # db_subnet_group subnetgroup = t.add_resource(rds.DBSubnetGroup( "subnetgroup", DBSubnetGroupDescription="SubnetGroup sample", SubnetIds=FindInMap("RDSConfig", "Sample", "subnetids"), Tags=Tags( Name=FindInMap("RDSConfig", "Sample", "TagName"), Application=Ref("AWS::StackName") )
# -*- coding: utf-8 -*- from troposphere import FindInMap, Ref from troposphere import Template, Tags import troposphere.ec2 as ec2 t = Template() t.add_version("2010-09-09") t.add_description("VPC 120 with multiple subnets") t.add_mapping("SubnetConfig", { "VPC": {"CIDR": "10.120.0.0/24"}, "PublicA": {"CIDR": "10.120.0.0/26", "AvailabilityZone": "ap-northeast-1a"}, "PublicB": {"CIDR": "10.120.0.64/26", "AvailabilityZone": "ap-northeast-1c"}, "PrivateA": {"CIDR": "10.120.0.128/26", "AvailabilityZone": "ap-northeast-1a"}, "PrivateB": {"CIDR": "10.120.0.192/26", "AvailabilityZone": "ap-northeast-1c"}, }) t.add_mapping("SecurityGroupConfig", { "sg": {"CIDR": "127.0.0.1/32"}, }) # VPC構築 VPC = t.add_resource(ec2.VPC( "VPC", CidrBlock=FindInMap("SubnetConfig", "VPC", "CIDR"), EnableDnsSupport=True, EnableDnsHostnames=True, Tags=Tags( Application=Ref("AWS::StackName"), Network="Public" ) ))
"SSHLocation", Description="The IP address range that can be used to SSH to the " "EC2 instances", Type="String", MinLength="9", MaxLength="18", Default="0.0.0.0/0", AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})" "/(\\d{1,2})", ConstraintDescription="must be a valid IP CIDR range of the " "form x.x.x.x/x." )) template.add_mapping('RegionMap', { "us-east-1": {"AMI": "ami-76817c1e"}, "us-west-1": {"AMI": "ami-f0d3d4b5"}, "us-west-2": {"AMI": "ami-d13845e1"}, "eu-west-1": {"AMI": "ami-892fe1fe"} }) ### Security Groups Stuff ### ########### To Be Implemented later #################### kafka_sg = template.add_resource(ec2.SecurityGroup( "KafkaSecurityGroup", VpcId=Ref(vpcid_param), GroupDescription="Enable SSH, Kafka access via ports 22, bla bla bla", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp=Ref(sshlocation_param), ),
t.add_mapping('AWSInstanceType2Arch', { 't1.micro': {'Arch': 'PV64'}, 't2.micro': {'Arch': 'HVM64'}, 't2.small': {'Arch': 'HVM64'}, 't2.medium': {'Arch': 'HVM64'}, 'm1.small': {'Arch': 'PV64'}, 'm1.medium': {'Arch': 'PV64'}, 'm1.large': {'Arch': 'PV64'}, 'm1.xlarge': {'Arch': 'PV64'}, 'm2.xlarge': {'Arch': 'PV64'}, 'm2.2xlarge': {'Arch': 'PV64'}, 'm2.4xlarge': {'Arch': 'PV64'}, 'm3.medium': {'Arch': 'HVM64'}, 'm3.large': {'Arch': 'HVM64'}, 'm3.xlarge': {'Arch': 'HVM64'}, 'm3.2xlarge': {'Arch': 'HVM64'}, 'c1.medium': {'Arch': 'PV64'}, 'c1.xlarge': {'Arch': 'PV64'}, 'c3.large': {'Arch': 'HVM64'}, 'c3.xlarge': {'Arch': 'HVM64'}, 'c3.2xlarge': {'Arch': 'HVM64'}, 'c3.4xlarge': {'Arch': 'HVM64'}, 'c3.8xlarge': {'Arch': 'HVM64'}, 'g2.2xlarge': {'Arch': 'HVMG2'}, 'r3.large': {'Arch': 'HVM64'}, 'r3.xlarge': {'Arch': 'HVM64'}, 'r3.2xlarge': {'Arch': 'HVM64'}, 'r3.4xlarge': {'Arch': 'HVM64'}, 'r3.8xlarge': {'Arch': 'HVM64'}, 'i2.xlarge': {'Arch': 'HVM64'}, 'i2.2xlarge': {'Arch': 'HVM64'}, 'i2.4xlarge': {'Arch': 'HVM64'}, 'i2.8xlarge': {'Arch': 'HVM64'}, 'hi1.4xlarge': {'Arch': 'HVM64'}, 'hs1.8xlarge': {'Arch': 'HVM64'}, 'cr1.8xlarge': {'Arch': 'HVM64'}, 'cc2.8xlarge': {'Arch': 'HVM64'}, })
def create(AMIMap, instanceProfile, snsTopic, dnsCheckerDDB): # Create checker stack checker = Template() checker.add_description("Stack defining the checker instance for dnsChecker implementation") # Create AMI Map checker.add_mapping("AMIMap",AMIMap) # Create checker VPC checkerVPC = checker.add_resource( VPC( "checkerVPC", CidrBlock="10.0.0.0/16", Tags=Tags( Name="checkerVPC" ) ) ) # Create checker IGW checkerIGW = checker.add_resource( InternetGateway( "checkerIGW" ) ) # Attach IGW to VPC checkerIGWAttachment = checker.add_resource( VPCGatewayAttachment( "checkerIGWAttachment", VpcId=Ref(checkerVPC), InternetGatewayId=Ref(checkerIGW) ) ) # Create checker Subnet checkerSubnet = checker.add_resource( Subnet( "checkerSubnet", CidrBlock="10.0.0.0/24", VpcId=Ref(checkerVPC) ) ) # Create checker RTB checkerRTB = checker.add_resource( RouteTable( "checkerRTB", VpcId=Ref(checkerVPC) ) ) # Create route to IGW checkerDefaultRoute = checker.add_resource( Route( "checkerDefaultRoute", DependsOn="checkerIGWAttachment", GatewayId=Ref(checkerIGW), DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(checkerRTB) ) ) # Associate RTB with Subnet checkerSubnetRTBAssociation = checker.add_resource( SubnetRouteTableAssociation( "checkerSubnetRTBAssociation", SubnetId=Ref(checkerSubnet), RouteTableId=Ref(checkerRTB) ) ) # Create checker Security Group checkerSecurityGroup = checker.add_resource( SecurityGroup( "checkerSecurityGroup", GroupDescription="Allow inbound access on port 80", SecurityGroupIngress=[ SecurityGroupRule( IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0" ) ], VpcId=Ref(checkerVPC) ) ) # Create checker instance metadata checkerInstanceMetadata = Metadata( Init( # Use ConfigSets to ensure docker service is running before trying to run containers # (since cfn-init runs "services" block last) InitConfigSets( ordered=["first","second"] ), first=InitConfig( packages={ "yum": { "docker": [], "curl": [] } }, files=InitFiles( { "/etc/cfn/cfn-hup.conf": InitFile( content=Join("", [ "[main]\n", "stack=",Ref("AWS::StackName"),"\n", "region=",Ref("AWS::Region"),"\n" ] ), mode="000400", owner="root", group="root" ), "/etc/cfn/hooks.d/cfn-auto-reloader.conf": InitFile( content=Join("", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.checkerInstance.Metadata\n", "action=/opt/aws/bin/cfn-init -v --stack ", Ref("AWS::StackName"), " ", "--resource checkerInstance ", "--region ", Ref("AWS::Region"), " ", "-c ordered\n", "runas=root\n" ] ), mode="000400", owner="root", group="root" ), "/tmp/checker.conf": InitFile( content=Join("", [ "{\n", "\"dnsCheckerDDB\" : \""+dnsCheckerDDB+"\",\n", "\"region\" : \"", Ref("AWS::Region"), "\"\n", "}" ] ), mode="000400", owner="root", group="root" ) } ), services={ "sysvinit": InitServices( { "docker": InitService( enabled=True, ensureRunning=True ), "cfn-hup": InitService( enabled=True, ensureRunning=True, files=[ "/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf" ] ) } ) } ), second=InitConfig( commands={ "02runNginxContainer": { "command" : Join("", [ "docker run -dit --name nginx -v /var/log/nginx/:/var/log/nginx ", "-v /tmp/:/tmp -p 80:80 kelledro/dnschecker_nginx" ] ) }, "01runUwsgiContainer": { "command" : "docker run -dit --name uwsgi -v /tmp:/tmp kelledro/dnschecker_uwsgi" }, "50subscribeToSNS": { "command": Join("", [ "aws sns subscribe --protocol http --topic-arn ", snsTopic, " ", "--notification-endpoint http://$(curl -s 169.254.169.254/latest/meta-data/public-ipv4) ", "--region us-west-2" ] ) } } ) ) ) # Create checker Instance checkerInstance = checker.add_resource( Instance( "checkerInstance", ImageId=FindInMap("AMIMap",Ref("AWS::Region"),"id"), InstanceType="t2.micro", KeyName="kelledy", # TODO remove this after testing IamInstanceProfile=instanceProfile, Metadata=checkerInstanceMetadata, UserData=Base64( Join("", [ "#!/bin/bash\n", "/opt/aws/bin/cfn-init -v ", "--stack ", Ref("AWS::StackName"), " ", "--resource checkerInstance ", "--region ", Ref("AWS::Region"), " ", "-c ordered" ] ) ), NetworkInterfaces=[ NetworkInterfaceProperty( GroupSet=[ Ref(checkerSecurityGroup) ], AssociatePublicIpAddress="true", DeviceIndex="0", DeleteOnTermination="true", SubnetId=Ref(checkerSubnet), ) ], Tags=Tags( Name="checkerInstance" ) ) ) return checker
class CreateTemplate(object): def __init__(self): self.start_template() self.add_mappings() self.add_parameters() self.add_security_groups() self.add_kippo_rds() self.add_kippo_sensors() def start_template(self): self.template = Template() self.template.add_version('2010-09-09') self.template.add_description('Kippo cluster CloudFormation stack') def add_mappings(self): # Ubuntu Trusty 14.04 LTS amd64 self.template.add_mapping('Ec2AmiMap', { 'ap-northeast-1': {'AmiId': 'ami-c011d4c0'}, 'ap-southeast-1': {'AmiId': 'ami-76546924'}, 'eu-central-1': {'AmiId': 'ami-00dae61d'}, 'eu-west-1': {'AmiId': 'ami-2396f654'}, 'sa-east-1': {'AmiId': 'ami-75b23768'}, 'us-east-1': {'AmiId': 'ami-f63b3e9e'}, 'us-west-1': {'AmiId': 'ami-057f9d41'}, 'cn-north-1': {'AmiId': 'ami-78d84541'}, 'us-gov-west-1': {'AmiId': 'ami-85fa9ba6'}, }) def add_parameters(self): self.template.add_parameter(Parameter( 'Ec2InstanceType', Default='t2.micro', Description='Instance type of the EC2 instances', Type='String', )) self.template.add_parameter(Parameter( 'Ec2SubnetIdList', Description='List of subnet IDs in which to create the EC2 instances', Type='List<AWS::EC2::Subnet::Id>', )) self.template.add_parameter(Parameter( 'ElbSubnetIdList', Description='List of subnet IDs in which to create the ELB', Type='List<AWS::EC2::Subnet::Id>', )) self.template.add_parameter(Parameter( 'KeyName', Description='Name of the keypair to install on the EC2 instances', Type='AWS::EC2::KeyPair::KeyName', )) self.template.add_parameter(Parameter( 'KippoSensorCount', Default='1', Description='Number of kippo sensors to create', Type='Number', )) self.template.add_parameter(Parameter( 'RdsInstanceType', Default='t2.micro', Description='Instance type of the RDS instance', Type='String', )) self.template.add_parameter(Parameter( 'RdsRootPassword', Description='Password to use for the root RDS user', Type='String', )) self.template.add_parameter(Parameter( 'RdsStorage', Default='20', Description='Amount of storage (GB) for the RDS instance', Type='Number', )) self.template.add_parameter(Parameter( 'RdsSubnetIdList', Description='List of subnet IDs in which to create the RDS instance', Type='List<AWS::EC2::Subnet::Id>', )) self.template.add_parameter(Parameter( 'RealSshPort', Description='Port number to use for the real SSH service', Type='Number', )) self.template.add_parameter(Parameter( 'VpcId', Description='ID of the VPC in which to create the kippo cluster', Type='AWS::EC2::VPC::Id', )) def add_security_groups(self): # kippo sensor EC2 security group self.template.add_resource(SecurityGroup( 'Ec2SecurityGroup', GroupDescription='Security group for the kippo sensor ASG', SecurityGroupIngress=[ # Allow SSH (to kippo) from anywhere SecurityGroupRule( CidrIp='0.0.0.0/0', FromPort=22, ToPort=22, IpProtocol='tcp', ), # Allow real SSH from anywhere SecurityGroupRule( CidrIp='0.0.0.0/0', FromPort=Ref('RealSshPort'), ToPort=Ref('RealSshPort'), IpProtocol='tcp', ), # Allow HTTP from the kippo ELB SecurityGroupRule( FromPort=80, ToPort=80, IpProtocol='tcp', SourceSecurityGroupId=Ref('ElbSecurityGroup'), ), # Allow HTTPS from the kippo ELB SecurityGroupRule( FromPort=443, ToPort=443, IpProtocol='tcp', SourceSecurityGroupId=Ref('ElbSecurityGroup'), ), ], VpcId=Ref('VpcId'), )) # kippo sensor ELB security group self.template.add_resource(SecurityGroup( 'ElbSecurityGroup', GroupDescription='Security group for the kippo sensor ELB', SecurityGroupIngress=[ # Allow HTTP from anywhere SecurityGroupRule( CidrIp='0.0.0.0/0', FromPort=80, ToPort=80, IpProtocol='tcp', ), # Allow HTTPS from anywhere SecurityGroupRule( CidrIp='0.0.0.0/0', FromPort=443, ToPort=443, IpProtocol='tcp', ), ], VpcId=Ref('VpcId'), )) # RDS security group self.template.add_resource(SecurityGroup( 'RdsSecurityGroup', VpcId=Ref('VpcId'), GroupDescription='Security group for the kippo RDS instance', SecurityGroupIngress=[ # Allow MySQL from kippo EC2 instances SecurityGroupRule( FromPort=3306, ToPort=3306, IpProtocol='tcp', SourceSecurityGroupId=Ref('Ec2SecurityGroup'), ), ], )) def add_kippo_rds(self): self.template.add_resource(DBSubnetGroup( 'RdsSubnetGroup', DBSubnetGroupDescription='Subnet group for the kippo RDS instance', SubnetIds=Ref('RdsSubnetIdList'), )) self.template.add_resource(DBInstance( 'RdsInstance', AllocatedStorage=Ref('RdsStorage'), DBInstanceClass=Ref('RdsInstanceType'), DBInstanceIdentifier='kippo-database', DBSubnetGroupName=Ref('RdsSubnetGroup'), Engine='MySQL', EngineVersion='5.6.22', MasterUsername='******', MasterUserPassword=Ref('RdsRootPassword'), MultiAZ=True, Port=3306, VPCSecurityGroups=[Ref('RdsSecurityGroup')], )) self.template.add_output(Output( 'RdsEndpoint', Description='RDS endpoint address', Value=GetAtt('RdsInstance', 'Endpoint.Address'), )) def add_kippo_sensors(self): # Create the ELB self.template.add_resource(LoadBalancer( 'Elb', Listeners=[ Listener( InstancePort=80, LoadBalancerPort=80, Protocol='http', ), Listener( InstancePort=443, LoadBalancerPort=443, Protocol='tcp', # Plain TCP forwarding for HTTPS/SSL ), ], CrossZone=True, Subnets=Ref('ElbSubnetIdList'), SecurityGroups=[Ref('ElbSecurityGroup')], Scheme='internet-facing', HealthCheck=HealthCheck( Target='HTTP:80/kippo-graph/', HealthyThreshold=2, UnhealthyThreshold=5, Interval=120, Timeout=60, ), )) self.template.add_output(Output( 'ElbEndpoint', Description='ELB endpoint address', Value=GetAtt('Elb', 'DNSName'), )) self.template.add_resource(LaunchConfiguration( 'LaunchConfiguration', KeyName=Ref('KeyName'), ImageId=FindInMap('Ec2AmiMap', Ref('AWS::Region'), 'AmiId'), InstanceType=Ref('Ec2InstanceType'), SecurityGroups=[Ref('Ec2SecurityGroup')], AssociatePublicIpAddress=True, UserData=Base64(Join('\n', [ '#cloud-config', 'repo_upgrade: security', 'runcmd:', ' - "/usr/bin/wget -O /tmp/configure_kippo_sensor.sh https://raw.githubusercontent.com/cdodd/aws-kippo-cluster/master/bootstrap/configure_kippo_sensor.sh"', Join( '', [ ' - "bash /tmp/configure_kippo_sensor.sh', ' ', GetAtt('RdsInstance', 'Endpoint.Address'), ' ', Ref('RdsRootPassword'), ' ', Ref('RealSshPort'), '"', ], ), ])), )) self.template.add_resource(AutoScalingGroup( 'Asg', DesiredCapacity=Ref('KippoSensorCount'), HealthCheckGracePeriod=1800, HealthCheckType='ELB', LaunchConfigurationName=Ref('LaunchConfiguration'), LoadBalancerNames=[Ref('Elb')], MaxSize=Ref('KippoSensorCount'), MinSize=Ref('KippoSensorCount'), Tags=[Tag(key='Name', value='kippo-sensor', propogate='true')], VPCZoneIdentifier=Ref('Ec2SubnetIdList'), )) def output_template(self): return self.template.to_json()
region = RegionInfo() region.endpoint = "CLC IP" region.name = "eucalyptus" stack_name = "test-stack-1" tester = boto.connect_cloudformation(region=region, port=8773, path="/services/CloudFormation", is_secure=False, aws_access_key_id="your access key", aws_secret_access_key="your secret key") template = Template() keyname_param = template.add_parameter(Parameter("KeyName", Description="Name of an existing EC2 KeyPair to enable SSH access to the instance", Type="String", )) template.add_mapping('RegionMap', {"": {"AMI": "emi to use"}}) for i in xrange(2): ec2_instance = template.add_resource(ec2.Instance("Instance{0}".format(i), ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=["default"], UserData=Base64("80"))) vol = template.add_resource(ec2.Volume("Volume{0}".format(i), Size="1", AvailabilityZone=GetAtt("Instance{0}".format(i), "AvailabilityZone"))) mount = template.add_resource(ec2.VolumeAttachment("MountPt{0}".format(i), InstanceId=Ref("Instance{0}".format(i)), VolumeId=Ref("Volume{0}".format(i)), Device="/dev/vdc")) # tester.delete_stack(stack_name) stack = tester.create_stack(stack_name, template.to_json(), parameters=[("KeyName", "your key name")])
t.add_mapping('Profile', { "prod" : { "InstanceType": "m3.2xlarge", "ClusterSize": "4", "MultiAZ" : True, "DBAllocatedStorage" : "50", "DBInstanceType" : "db.m3.2xlarge", "DBBackupRetentionPeriod": 7 }, "stress" : { "InstanceType": "m3.xlarge", "ClusterSize": "4", "MultiAZ" : False, "DBAllocatedStorage" : "10", "DBInstanceType" : "db.m3.xlarge", "DBBackupRetentionPeriod": 0 }, "preprod" : { "InstanceType": "m3.large", "ClusterSize": "3", "MultiAZ" : False, "DBAllocatedStorage" : "10", "DBInstanceType" : "db.m3.large", "DBBackupRetentionPeriod": 1 }, "test" : { "InstanceType": "m3.large", "ClusterSize": "3", "MultiAZ" : False, "DBAllocatedStorage" : "5", "DBInstanceType" : "db.m3.large", "DBBackupRetentionPeriod": 0 } })
template = Template() keyname_param = template.add_parameter(Parameter( "KeyName", Description="Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="String", )) template.add_mapping('RegionMap', { "us-east-1": {"AMI": "ami-7f418316"}, "us-west-1": {"AMI": "ami-951945d0"}, "us-west-2": {"AMI": "ami-16fd7026"}, "eu-west-1": {"AMI": "ami-24506250"}, "sa-east-1": {"AMI": "ami-3e3be423"}, "ap-southeast-1": {"AMI": "ami-74dda626"}, "ap-northeast-1": {"AMI": "ami-dcfa4edd"} }) ebs=ec2.EBSBlockDevice(VolumeSize=20,VolumeType="gp2",DeletionPolicy="Snapshot") ec2_instance = template.add_resource(ec2.Instance( "Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=["default"], UserData=Base64("80"), BlockDeviceMappings=[ ec2.BlockDeviceMapping(DeviceName="/dev/sdf", Ebs=ebs)
security_groups_param = template.add_parameter(Parameter( "SecurityGroupsList", Description="List of one or more existing SecurityGroups allowing connectivity " "to the server, in the form \"Group1\", ... \"GroupN\"", Type="CommaDelimitedList", )) template.add_mapping('RegionMap', { "us-east-2" : { "AMI" : "ami-2a0f324f"}, "us-east-1" : { "AMI" : "ami-afd15ed0"}, "us-west-1" : { "AMI" : "ami-00d8c660"}, "us-west-2" : { "AMI" : "ami-31394949"}, "ap-south-1" : { "AMI" : "ami-7d95b612"}, "ap-northeast-2" : { "AMI" : "ami-d117bebf"}, "ap-southeast-1" : { "AMI" : "ami-a7f0c4db"}, "ap-southeast-2" : { "AMI" : "ami-c267b0a0"}, "ap-northeast-1" : { "AMI" : "ami-2724cf58"}, "ca-central-1" : { "AMI" : "ami-c59818a1"}, "eu-central-1" : { "AMI" : "ami-43eec3a8"}, "eu-west-1" : { "AMI" : "ami-921423eb"}, "eu-west-2" : { "AMI" : "ami-924aa8f5"}, "eu-west-3" : { "AMI" : "ami-a88233d5"}, "sa-east-1" : { "AMI" : "ami-4fd48923"} }) delimiter = '' user_data_script = ( "#!/bin/bash\n", 'sudo yum update -y\n', 'wget https://packages.chef.io/files/stable/chefdk/2.5.3/sles/12/chefdk-2.5.3-1.sles12.x86_64.rpm\n',
def main(): t = Template() t.set_description("test instance launch") t.set_version("2010-09-09") InstUserData = [ '#!/usr/bin/env bash\n', '\n', 'set -x\n', '\n', 'my_wait_handle="', Ref('InstanceWaitHandle'), '"\n', 'curl -X PUT -H \'Content-Type:\' --data-binary \'{ "Status" : "SUCCESS", "Reason" : "Instance launched", "UniqueId" : "launch001", "Data" : "Instance launched."}\' "${my_wait_handle}"', '\n', '\n', ] EC2KeyName = t.add_parameter( Parameter( 'EC2KeyName', Type="AWS::EC2::KeyPair::KeyName", Description= "Name of an existing EC2 KeyPair to enable SSH access to the instance.", ConstraintDescription="REQUIRED: Must be a valud EC2 key pair", )) OperatingSystem = t.add_parameter( Parameter('OperatingSystem', Type="String", Description="Operating System", Default="centos7", AllowedValues=[ "alinux2", "centos7", "rhel7", ], ConstraintDescription="Must be: alinux2, centos7, rhel7")) myInstanceType = t.add_parameter( Parameter( 'MyInstanceType', Type="String", Description="Instance type", Default="m5.2xlarge", )) VpcId = t.add_parameter( Parameter( 'VpcId', Type="AWS::EC2::VPC::Id", Description="VPC Id for this instance", )) Subnet = t.add_parameter( Parameter('Subnet', Type="AWS::EC2::Subnet::Id", Description="Subnet IDs")) ExistingSecurityGroup = t.add_parameter( Parameter( 'ExistingSecurityGroup', Type="AWS::EC2::SecurityGroup::Id", Description= "OPTIONAL: Choose an existing Security Group ID, e.g. sg-abcd1234") ) UsePublicIp = t.add_parameter( Parameter( 'UsePublicIp', Type="String", Description="Should a public IP address be given to the instance", Default="true", ConstraintDescription="true/false", AllowedValues=["true", "false"])) SshAccessCidr = t.add_parameter( Parameter( 'SshAccessCidr', Type="String", Description="CIDR Block for SSH access, default 127.0.0.1/32", Default="127.0.0.1/32", AllowedPattern= "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", ConstraintDescription="Must be a valid CIDR x.x.x.x/x")) RootRole = t.add_resource( iam.Role("RootRole", AssumeRolePolicyDocument={ "Statement": [{ "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] }] })) SshSecurityGroup = t.add_resource( SecurityGroup("SshSecurityGroup", VpcId=Ref(VpcId), GroupDescription="SSH Secuirty group", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp=Ref(SshAccessCidr), ), ])) RootInstanceProfile = t.add_resource( InstanceProfile("RootInstanceProfile", Roles=[Ref(RootRole)])) tags = Tags(Name=Ref("AWS::StackName")) myInstance = t.add_resource( ec2.Instance( 'MyInstance', ImageId=FindInMap("AWSRegionAMI", Ref("AWS::Region"), Ref(OperatingSystem)), KeyName=Ref(EC2KeyName), InstanceType=(Ref(myInstanceType)), NetworkInterfaces=[ NetworkInterfaceProperty( GroupSet=If( "not_existing_sg", [Ref(SshSecurityGroup)], [Ref(SshSecurityGroup), Ref(ExistingSecurityGroup)]), AssociatePublicIpAddress=Ref(UsePublicIp), DeviceIndex='0', DeleteOnTermination='true', SubnetId=Ref(Subnet)) ], IamInstanceProfile=(Ref(RootInstanceProfile)), UserData=Base64(Join('', InstUserData)), )) t.add_mapping( 'AWSRegionAMI', { "ap-northeast-1": { "centos7": "ami-8e8847f1", "rhel7": "ami-6b0d5f0d" }, "ap-northeast-2": { "centos7": "ami-bf9c36d1", "rhel7": "ami-3eee4150" }, "ap-south-1": { "centos7": "ami-1780a878", "rhel7": "ami-5b673c34" }, "ap-southeast-1": { "centos7": "ami-8e0205f2", "rhel7": "ami-76144b0a" }, "ap-southeast-2": { "centos7": "ami-d8c21dba", "rhel7": "ami-67589505" }, "ca-central-1": { "centos7": "ami-e802818c", "rhel7": "ami-49f0762d" }, "eu-central-1": { "centos7": "ami-dd3c0f36", "rhel7": "ami-c86c3f23" }, "eu-west-1": { "centos7": "ami-3548444c", "rhel7": "ami-7c491f05" }, "eu-west-2": { "centos7": "ami-00846a67", "rhel7": "ami-7c1bfd1b" }, "eu-west-3": { "centos7": "ami-262e9f5b", "rhel7": "ami-5026902d" }, "sa-east-1": { "centos7": "ami-cb5803a7", "rhel7": "ami-b0b7e3dc" }, "us-east-1": { "centos7": "ami-9887c6e7", "rhel7": "ami-6871a115" }, "us-east-2": { "centos7": "ami-9c0638f9", "rhel7": "ami-03291866" }, "us-west-1": { "centos7": "ami-4826c22b", "rhel7": "ami-18726478" }, "us-west-2": { "centos7": "ami-3ecc8f46", "rhel7": "ami-28e07e50" } }) t.add_condition("not_existing_sg", Equals(Ref(ExistingSecurityGroup), "")) t.add_condition("Has_Public_Ip", Equals(Ref(UsePublicIp), "true")) mywaithandle = t.add_resource(WaitConditionHandle('InstanceWaitHandle')) mywaitcondition = t.add_resource( WaitCondition("InstanceWaitCondition", Handle=Ref(mywaithandle), Timeout="1500", DependsOn="MyInstance")) t.add_output([ Output("InstanceID", Description="Instance ID", Value=Ref(myInstance)) ]) t.add_output( [Output("InstancePrivateIP", Value=GetAtt('MyInstance', 'PrivateIp'))]) t.add_output([ Output("InstancePublicIP", Value=GetAtt('MyInstance', 'PublicIp'), Condition="Has_Public_Ip") ]) ##print(t.to_yaml()) print(t.to_json(indent=2))
# SEE: https://coreos.com/os/docs/latest/booting-on-ec2.html#beta TEMPLATE.add_mapping( 'RegionMap', { EU_CENTRAL_1: { 'AMI': 'ami-e83ddb87' }, AP_NORTHEAST_1: { 'AMI': 'ami-67e9fd09' }, SA_EAST_1: { 'AMI': 'ami-9666eafa' }, AP_SOUTHEAST_2: { 'AMI': 'ami-9a7d5ef9' }, AP_SOUTHEAST_1: { 'AMI': 'ami-b8d319db' }, US_EAST_1: { 'AMI': 'ami-cfaba5a5' }, US_WEST_2: { 'AMI': 'ami-141df674' }, US_WEST_1: { 'AMI': 'ami-6c037e0c' }, EU_WEST_1: { 'AMI': 'ami-d149cea2' }, })
instance_type = template.add_parameter(Parameter( "InstanceType", Description = "EC2 instance type to launch for Application servers", Type = "String", Default = "m1.medium", AllowedValues = [ "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ], ConstraintDescription = "must be a valid EC2 instance type" )) template.add_mapping('RegionMap', { "us-east-1": {"AMI": "ami-99247ff0"}, "us-west-1": {"AMI": "ami-ae0234eb"}, "us-west-2": {"AMI": "ami-f40991c4"}, "eu-west-1": {"AMI": "ami-c1c527b6"}, "sa-east-1": {"AMI": "ami-df45e3c2"}, "ap-southeast-1": {"AMI": "ami-2a9cc978"}, "ap-southeast-2": {"AMI": "ami-1970ec23"}, "ap-northeast-1": {"AMI": "ami-91d3b690"} }) role = template.add_resource(Role('EurekaRole', AssumeRolePolicyDocument = { "Statement": [{ "Effect": "Allow", "Principal":{ "Service":["ec2.amazonaws.com"] }, "Action":["sts:AssumeRole"] }] },
desInstances_param = t.add_parameter( Parameter( "DesNumInstances", Description= "Number of instances that need to be running before creation is marked as complete.", ConstraintDescription= "Must be in the range specified by MinNumInstances and MaxNumInstances.", Default="1", Type="Number")) ## Mappings region_map = t.add_mapping( 'RegionMap', { "us-east-1": { "AMIid": ami_id, "SGid": security_groups_ids, "SNETid": subnet_ids, "ELBName": elb_name, } }) ## Resources iam_role_resource = t.add_resource( Role("IAMRole", Path="/", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [{ "Action": ["sts:AssumeRole"], "Effect": "Allow",
def create(): es = Template() es.add_description("Stack defining the elasticsearch instance") # Get latest AMIs def getAMI(region): AMIMap = {} print("Getting latest AMZN linux AMI in %s" % region) ec2conn = boto.ec2.connect_to_region(region) images = ec2conn.get_all_images( owners=["amazon"], filters={"name": "amzn-ami-hvm-*.x86_64-gp2"}) latestDate = "" latestAMI = "" for image in images: if image.creationDate > latestDate: latestDate = image.creationDate latestAMI = image.id AMIMap[region] = {"id": latestAMI} return AMIMap # Create AMI Map es.add_mapping("AMIMap", getAMI(region)) # Create es VPC esVPC = es.add_resource( VPC("esVPC", CidrBlock="10.0.0.0/16", Tags=Tags(Name="esVPC"))) # Create es IGW esIGW = es.add_resource(InternetGateway("esIGW")) # Attach IGW to VPC esIGWAttachment = es.add_resource( VPCGatewayAttachment("esIGWAttachment", VpcId=Ref(esVPC), InternetGatewayId=Ref(esIGW))) # Create es Subnet esSubnet = es.add_resource( Subnet("esSubnet", CidrBlock="10.0.0.0/24", VpcId=Ref(esVPC))) # Create es RTB esRTB = es.add_resource(RouteTable("esRTB", VpcId=Ref(esVPC))) # Create route to IGW esDefaultRoute = es.add_resource( Route("esDefaultRoute", DependsOn="esIGWAttachment", GatewayId=Ref(esIGW), DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(esRTB))) # Associate RTB with Subnet esSubnetRTBAssociation = es.add_resource( SubnetRouteTableAssociation("esSubnetRTBAssociation", SubnetId=Ref(esSubnet), RouteTableId=Ref(esRTB))) # Create es Security Group esSecurityGroup = es.add_resource( SecurityGroup("esSecurityGroup", GroupDescription="Allow inbound access on port 9200", SecurityGroupIngress=[ SecurityGroupRule(IpProtocol="tcp", FromPort="9200", ToPort="9200", CidrIp="0.0.0.0/0") ], VpcId=Ref(esVPC))) # Create es instance metadata esInstanceMetadata = Metadata( Init( # Use ConfigSets to ensure GPG key and repo file are in place # before trying to install elasticsearch InitConfigSets(ordered=["first", "second"]), first=InitConfig( files=InitFiles({ # cfn-hup notices when the cloudformation stack is changed "/etc/cfn/cfn-hup.conf": InitFile(content=Join("", [ "[main]\n", "stack=", Ref("AWS::StackName"), "\n", "region=", Ref("AWS::Region"), "\n" ]), mode="000400", owner="root", group="root"), # cfn-hup will then trigger cfn-init to run. # This lets us update the instance just by updating the stack "/etc/cfn/hooks.d/cfn-auto-reloader.conf": InitFile(content=Join("", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.esInstance.Metadata\n", "action=/opt/aws/bin/cfn-init -v --stack ", Ref("AWS::StackName"), " ", "--resource esInstance ", "--region ", Ref("AWS::Region"), " ", "--c ordered\n" "runas=root\n" ]), mode="000400", owner="root", group="root"), # repo file for elastic search "/etc/yum.repos.d/elasticsearch.repo": InitFile(content=Join("", [ "[elasticsearch-2.x]\n", "name=Elasticsearch repository for 2.x packages\n", "baseurl=http://packages.elastic.co/elasticsearch/2.x/centos\n", "gpgcheck=1\n", "gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch\n", "enabled=1\n" ]), mode="000400", owner="root", group="root") }), commands={ # Install elasticsearch key so package will install "installGPG": { "command": "rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch" } }), second=InitConfig( packages={ "yum": { # Install elasticsearch "elasticsearch": [], } }, commands={ # Enable external access to elasticsearch "listenOnAllinterfaces": { "command": "echo \"network.host: 0.0.0.0\" >> /etc/elasticsearch/elasticsearch.yml" } }, services={ "sysvinit": InitServices({ "elasticsearch": InitService(enabled=True, ensureRunning=True), "cfn-hup": InitService( enabled=True, ensureRunning=True, files=[ "/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf" ]) }) }))) # Create es Instance esInstance = es.add_resource( Instance( "esInstance", ImageId=FindInMap("AMIMap", Ref("AWS::Region"), "id"), InstanceType="t2.micro", Metadata=esInstanceMetadata, UserData=Base64( Join("", [ "#!/bin/bash\n", "/opt/aws/bin/cfn-init -v ", "--stack ", Ref("AWS::StackName"), " ", "--resource esInstance ", "--region ", Ref("AWS::Region"), " ", "-c ordered" ])), NetworkInterfaces=[ NetworkInterfaceProperty( GroupSet=[Ref(esSecurityGroup)], AssociatePublicIpAddress="true", DeviceIndex="0", DeleteOnTermination="true", SubnetId=Ref(esSubnet), ) ], Tags=Tags(Name="esInstance"))) # Output address es.add_output([ Output("esAddress", Description="Elastic Search address", Value=Join( "", ["http://", GetAtt("esInstance", "PublicIp"), ":9200/"])) ]) return es
keyname_param = t.add_parameter(Parameter( "SshKeyName", Description="Name of an existing EC2 KeyPair to enable SSH " "access to NAT instances. If not specified no key is used.", Default="AWS::NoValue", Type="AWS::EC2::KeyPair::KeyName", )) # These are standard freely available Amazon NAT AMIs t.add_mapping('RegionMap', { 'us-west-1': { 'NATAMI': 'ami-ada746e9', }, 'us-west-2': { 'NATAMI': 'ami-75ae8245', }, 'us-east-1': { 'NATAMI': 'ami-b0210ed8', } }) VPC = t.add_resource(VPC( "VPC", EnableDnsSupport="true", CidrBlock=vpc_cidr, EnableDnsHostnames="true", Tags=Tags( Name=Ref("AWS::StackName"), Application=Ref("AWS::StackName"), Network="VPN Connected VPC",
def test_single_mapping(self): template = Template() template.add_mapping("map", {"n": "v"}) json = template.to_json() self.assertEqual(single_mapping, json)
"InstanceType", Default="t2.micro", Type="String", AllowedValues=["t2.micro", "m1.small"], )) ExistingSecurityGroups = t.add_parameter( Parameter( "ExistingSecurityGroups", Type="List<AWS::EC2::SecurityGroup::Id>", )) t.add_mapping("AWSInstanceType2Arch", { u'm1.small': { u'Arch': u'PV64' }, u't2.micro': { u'Arch': u'HVM64' } }) t.add_mapping( "AWSRegionArch2AMI", { u'ap-northeast-1': { u'HVM64': u'ami-cbf90ecb', u'PV64': u'ami-27f90e27' }, u'ap-southeast-1': { u'HVM64': u'ami-68d8e93a', u'PV64': u'ami-acd9e8fe' }, u'ap-southeast-2': {
def generate_stack_template(): template = Template() generate_description(template) generate_version(template) # ---Parameters------------------------------------------------------------ param_vpc_id = Parameter( 'VpcIdentifer', Description='The identity of the VPC (vpc-abcdwxyz) in which this stack shall be created.', Type='AWS::EC2::VPC::Id', ) template.add_parameter(param_vpc_id) param_vpc_security_group = Parameter( 'VpcSecurityGroup', Description='The security group (sg-abcdwxyz) to apply to the resources created by this stack.', Type='AWS::EC2::SecurityGroup::Id', ) template.add_parameter(param_vpc_security_group) param_webserver_instance_subnet_id = Parameter( 'VpcSubnetIdentifer', Description='The identity of the public subnet (subnet-abcdwxyz) in which the web server shall be created.', Type='AWS::EC2::Subnet::Id', ) template.add_parameter(param_webserver_instance_subnet_id) param_keyname = Parameter( 'PemKeyName', Description='Name of an existing EC2 KeyPair file (.pem) to use to create EC2 instances', Type='AWS::EC2::KeyPair::KeyName' ) template.add_parameter(param_keyname) param_instance_type = Parameter( 'EC2InstanceType', Description='EC2 instance type, reference this parameter to insure consistency', Type='String', Default='t2.medium', # Prices from (2015-12-03) (Windows, us-west (North CA)) AllowedValues=[ # Source : https://aws.amazon.com/ec2/pricing/ 't2.small', # $0.044/hour 't2.micro', # $0.022/hour 't2.medium', # $0.088/hour 't2.large', # $0.166/hour 'm3.medium', # $0.140/hour 'm3.large', # $0.28/hour 'c4.large' # $0.221/hour ], ConstraintDescription='Must be a valid EC2 instance type' ) template.add_parameter(param_instance_type) #---Mappings--------------------------------------------------------------- mapping_environment_attribute_map = template.add_mapping( 'EnvironmentAttributeMap', { 'ap-southeast-1': { 'WebServerAmi': 'ami-1ddc0b7e' }, 'ap-southeast-2': { 'WebServerAmi': 'ami-0c95b86f' }, 'us-east-1': { 'WebServerAmi': 'ami-a4827dc9' }, 'us-west-1': { 'WebServerAmi': 'ami-f5f41398' } } ) # ---Resources------------------------------------------------------------- ref_region = Ref('AWS::Region') ref_stack_name = Ref('AWS::StackName') # Create the metadata for the server instance. name_web_server = 'WebServer' webserver_instance_metadata = cloudformation.Metadata( cloudformation.Init({ 'config': cloudformation.InitConfig( packages={ 'yum': { 'nginx': [], 'git': [] } }, files=cloudformation.InitFiles({ # cfn-hup.conf initialization '/etc/cfn/authorapp.conf': cloudformation.InitFile( content=Join('', [ 'server {', '\n', ' listen 3030 ssl http2;', '\n', ' root /var/www/authorapp;', '\n', '\n', ' ssl_certificate /vagrant/ssl/ca.crt;', '\n', ' ssl_certificate_key /vagrant/ssl/ca.key;', '\n', '\n', ' location / {', '\n', ' }', '\n', '\n', ' location /api {', '\n', ' proxy_pass http://10.50.50.1:3000;', '\n', ' }', '\n', '}', '\n', ]), mode='000400', owner='root', group='root' ), }), services=dict( sysvinit=cloudformation.InitServices( { # start cfn-hup service - # required for CloudFormation stack update 'cfn-hup': cloudformation.InitService( enabled=True, ensureRunning=True, files=[ '/etc/cfn/cfn-hup.conf', '/etc/cfn/hooks.d/cfn-auto-reloader.conf' ] ), # Disable sendmail service - not required. 'sendmail': cloudformation.InitService( enabled=False, ensureRunning=False ) } ) ) ) }) ) resource_web_server = ec2.Instance( name_web_server, Metadata=webserver_instance_metadata, ImageId=FindInMap('EnvironmentAttributeMap', ref_region, 'WebServerAmi'), InstanceType=Ref(param_instance_type), KeyName=Ref(param_keyname), NetworkInterfaces=[ ec2.NetworkInterfaceProperty( AssociatePublicIpAddress=str(True), DeleteOnTermination=str(True), Description='Network interface for web server', DeviceIndex=str(0), GroupSet=[Ref(param_vpc_security_group)], SubnetId=Ref(param_webserver_instance_subnet_id), ) ], Tags=Tags(Name=name_web_server, VPC=Ref(param_vpc_id)), UserData=Base64( Join( '', [ '#!/bin/bash -xe\n', 'yum update -y aws-cfn-bootstrap\n', 'yum update -y', '\n' '/opt/aws/bin/cfn-init --verbose ', ' --stack ', ref_stack_name, ' --resource %s ' % name_web_server, ' --region ', ref_region, '\n', '/opt/aws/bin/cfn-signal --exit-code $? ', ' --stack ', ref_stack_name, ' --resource ', name_web_server, '\n' ] ) ) ) template.add_resource(resource_web_server) template.add_output( Output('WebServer', Description='Web Server', Value=GetAtt(name_web_server, 'PublicIp') ) ) return template
from troposphere.sns import Subscription, Topic from troposphere.s3 import Bucket, PublicRead, WebsiteConfiguration from os.path import expanduser home = expanduser("~") filename = home + "/outputs/network.template" t = Template() t.add_description( "Network Stack", ) t.add_mapping( 'AWSRegion2AMI', { "us-east-1" : { "AMI" : "ami-b66ed3de" }, "us-west-2" : { "AMI" : "ami-b5a7ea85" } }) t.add_mapping( "AWSInstanceType2Arch", { "t2.micro" : { "Arch" : "64" }, "t2.medium" : { "Arch" : "64" }, "m3.medium" : { "Arch" : "64" }, "m3.large" : { "Arch" : "64" }, "m3.xlarge" : { "Arch" : "64" } } ) t.add_mapping( "EnvValues", { "prod" : {"cidr":"0"}, "qa" : {"cidr":"1"},
)) AmbariUseEBS = t.add_parameter(Parameter( "AmbariUseEBS", Default="no", ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Ambari Node", AllowedValues=["yes", "no"], )) AmbariUseEBSBool = t.add_condition("AmbariUseEBSBool", Equals(Ref(AmbariUseEBS),"yes")) t.add_mapping("SubnetConfig", {'Public': {'CIDR': '10.0.0.0/24'}, 'VPC': {'CIDR': '10.0.0.0/16'}} ) t.add_mapping("CENTOS7", { "eu-west-1": {"AMI": "ami-33734044"}, "ap-southeast-1": {"AMI": "ami-2a7b6b78"}, "ap-southeast-2": {"AMI": "ami-d38dc6e9"}, "eu-central-1": {"AMI": "ami-e68f82fb"}, "ap-northeast-1": {"AMI": "ami-b80b6db8"}, "us-east-1": {"AMI": "ami-61bbf104"}, "sa-east-1": {"AMI": "ami-fd0197e0"}, "us-west-1": {"AMI": "ami-f77fbeb3"}, "us-west-2": {"AMI": "ami-d440a6e7"} }) VPC = t.add_resource(ec2.VPC(
def main(): """ Create a ElastiCache Redis Node and EC2 Instance """ template = Template() # Description template.add_description( 'AWS CloudFormation Sample Template ElastiCache_Redis:' 'Sample template showing how to create an Amazon' 'ElastiCache Redis Cluster. **WARNING** This template' 'creates an Amazon EC2 Instance and an Amazon ElastiCache' 'Cluster. You will be billed for the AWS resources used' 'if you create a stack from this template.') # Mappings template.add_mapping('AWSInstanceType2Arch', { 't1.micro': {'Arch': 'PV64'}, 't2.micro': {'Arch': 'HVM64'}, 't2.small': {'Arch': 'HVM64'}, 't2.medium': {'Arch': 'HVM64'}, 'm1.small': {'Arch': 'PV64'}, 'm1.medium': {'Arch': 'PV64'}, 'm1.large': {'Arch': 'PV64'}, 'm1.xlarge': {'Arch': 'PV64'}, 'm2.xlarge': {'Arch': 'PV64'}, 'm2.2xlarge': {'Arch': 'PV64'}, 'm2.4xlarge': {'Arch': 'PV64'}, 'm3.medium': {'Arch': 'HVM64'}, 'm3.large': {'Arch': 'HVM64'}, 'm3.xlarge': {'Arch': 'HVM64'}, 'm3.2xlarge': {'Arch': 'HVM64'}, 'c1.medium': {'Arch': 'PV64'}, 'c1.xlarge': {'Arch': 'PV64'}, 'c3.large': {'Arch': 'HVM64'}, 'c3.xlarge': {'Arch': 'HVM64'}, 'c3.2xlarge': {'Arch': 'HVM64'}, 'c3.4xlarge': {'Arch': 'HVM64'}, 'c3.8xlarge': {'Arch': 'HVM64'}, 'c4.large': {'Arch': 'HVM64'}, 'c4.xlarge': {'Arch': 'HVM64'}, 'c4.2xlarge': {'Arch': 'HVM64'}, 'c4.4xlarge': {'Arch': 'HVM64'}, 'c4.8xlarge': {'Arch': 'HVM64'}, 'g2.2xlarge': {'Arch': 'HVMG2'}, 'r3.large': {'Arch': 'HVM64'}, 'r3.xlarge': {'Arch': 'HVM64'}, 'r3.2xlarge': {'Arch': 'HVM64'}, 'r3.4xlarge': {'Arch': 'HVM64'}, 'r3.8xlarge': {'Arch': 'HVM64'}, 'i2.xlarge': {'Arch': 'HVM64'}, 'i2.2xlarge': {'Arch': 'HVM64'}, 'i2.4xlarge': {'Arch': 'HVM64'}, 'i2.8xlarge': {'Arch': 'HVM64'}, 'd2.xlarge': {'Arch': 'HVM64'}, 'd2.2xlarge': {'Arch': 'HVM64'}, 'd2.4xlarge': {'Arch': 'HVM64'}, 'd2.8xlarge': {'Arch': 'HVM64'}, 'hi1.4xlarge': {'Arch': 'HVM64'}, 'hs1.8xlarge': {'Arch': 'HVM64'}, 'cr1.8xlarge': {'Arch': 'HVM64'}, 'cc2.8xlarge': {'Arch': 'HVM64'} }) template.add_mapping('AWSRegionArch2AMI', { 'us-east-1': {'PV64': 'ami-0f4cfd64', 'HVM64': 'ami-0d4cfd66', 'HVMG2': 'ami-5b05ba30'}, 'us-west-2': {'PV64': 'ami-d3c5d1e3', 'HVM64': 'ami-d5c5d1e5', 'HVMG2': 'ami-a9d6c099'}, 'us-west-1': {'PV64': 'ami-85ea13c1', 'HVM64': 'ami-87ea13c3', 'HVMG2': 'ami-37827a73'}, 'eu-west-1': {'PV64': 'ami-d6d18ea1', 'HVM64': 'ami-e4d18e93', 'HVMG2': 'ami-72a9f105'}, 'eu-central-1': {'PV64': 'ami-a4b0b7b9', 'HVM64': 'ami-a6b0b7bb', 'HVMG2': 'ami-a6c9cfbb'}, 'ap-northeast-1': {'PV64': 'ami-1a1b9f1a', 'HVM64': 'ami-1c1b9f1c', 'HVMG2': 'ami-f644c4f6'}, 'ap-southeast-1': {'PV64': 'ami-d24b4280', 'HVM64': 'ami-d44b4286', 'HVMG2': 'ami-12b5bc40'}, 'ap-southeast-2': {'PV64': 'ami-ef7b39d5', 'HVM64': 'ami-db7b39e1', 'HVMG2': 'ami-b3337e89'}, 'sa-east-1': {'PV64': 'ami-5b098146', 'HVM64': 'ami-55098148', 'HVMG2': 'NOT_SUPPORTED'}, 'cn-north-1': {'PV64': 'ami-bec45887', 'HVM64': 'ami-bcc45885', 'HVMG2': 'NOT_SUPPORTED'} }) template.add_mapping('Region2Principal', { 'us-east-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'us-west-2': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'us-west-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'eu-west-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'ap-southeast-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'ap-northeast-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'ap-southeast-2': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'sa-east-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'}, 'cn-north-1': {'EC2Principal': 'ec2.amazonaws.com.cn', 'OpsWorksPrincipal': 'opsworks.amazonaws.com.cn'}, 'eu-central-1': {'EC2Principal': 'ec2.amazonaws.com', 'OpsWorksPrincipal': 'opsworks.amazonaws.com'} }) # Parameters cachenodetype = template.add_parameter(Parameter( 'ClusterNodeType', Description='The compute and memory capacity of the nodes in the Redis' ' Cluster', Type='String', Default='cache.m1.small', AllowedValues=['cache.m1.small', 'cache.m1.large', 'cache.m1.xlarge', 'cache.m2.xlarge', 'cache.m2.2xlarge', 'cache.m2.4xlarge', 'cache.c1.xlarge'], ConstraintDescription='must select a valid Cache Node type.', )) instancetype = template.add_parameter(Parameter( 'InstanceType', Description='WebServer EC2 instance type', Type='String', Default='t2.micro', AllowedValues=['t1.micro', 't2.micro', 't2.small', 't2.medium', 'm1.small', 'm1.medium', 'm1.large', 'm1.xlarge', 'm2.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm3.medium', 'm3.large', 'm3.xlarge', 'm3.2xlarge', 'c1.medium', 'c1.xlarge', 'c3.large', 'c3.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'c4.large', 'c4.xlarge', 'c4.2xlarge', 'c4.4xlarge', 'c4.8xlarge', 'g2.2xlarge', 'r3.large', 'r3.xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'i2.xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'd2.xlarge', 'd2.2xlarge', 'd2.4xlarge', 'd2.8xlarge', 'hi1.4xlarge', 'hs1.8xlarge', 'cr1.8xlarge', 'cc2.8xlarge', 'cg1.4xlarge'], ConstraintDescription='must be a valid EC2 instance type.', )) keyname = template.add_parameter(Parameter( 'KeyName', Description='Name of an existing EC2 KeyPair to enable SSH access' ' to the instance', Type='AWS::EC2::KeyPair::KeyName', ConstraintDescription='must be the name of an existing EC2 KeyPair.', )) sshlocation = template.add_parameter(Parameter( 'SSHLocation', Description='The IP address range that can be used to SSH to' ' the EC2 instances', Type='String', MinLength='9', MaxLength='18', Default='0.0.0.0/0', AllowedPattern='(\\d{1,3})\\.(\\d{1,3})\\.' '(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})', ConstraintDescription='must be a valid IP CIDR range of the' ' form x.x.x.x/x.' )) # Resources webserverrole = template.add_resource(iam.Role( 'WebServerRole', AssumeRolePolicyDocument=Policy( Statement=[ Statement( Effect=Allow, Action=[AssumeRole], Principal=Principal('Service', [FindInMap('Region2Principal', Ref('AWS::Region'), 'EC2Principal')]), ) ] ), Path='/', )) template.add_resource(iam.PolicyType( 'WebServerRolePolicy', PolicyName='WebServerRole', PolicyDocument=awacs.aws.Policy( Statement=[awacs.aws.Statement( Action=[awacs.aws.Action("elasticache", "DescribeCacheClusters")], Resource=["*"], Effect=awacs.aws.Allow )] ), Roles=[Ref(webserverrole)], )) webserverinstanceprofile = template.add_resource(iam.InstanceProfile( 'WebServerInstanceProfile', Path='/', Roles=[Ref(webserverrole)], )) webserversg = template.add_resource(ec2.SecurityGroup( 'WebServerSecurityGroup', GroupDescription='Enable HTTP and SSH access', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='22', ToPort='22', CidrIp=Ref(sshlocation), ), ec2.SecurityGroupRule( IpProtocol='tcp', FromPort='80', ToPort='80', CidrIp='0.0.0.0/0', ) ] )) webserverinstance = template.add_resource(ec2.Instance( 'WebServerInstance', Metadata=cloudformation.Metadata( cloudformation.Init({ 'config': cloudformation.InitConfig( packages={ 'yum': { 'httpd': [], 'php': [], 'php-devel': [], 'gcc': [], 'make': [] } }, files=cloudformation.InitFiles({ '/var/www/html/index.php': cloudformation.InitFile( content=Join('', [ '<?php\n', 'echo \"<h1>AWS CloudFormation sample' ' application for Amazon ElastiCache' ' Redis Cluster</h1>\";\n', '\n', '$cluster_config = json_decode(' 'file_get_contents(\'/tmp/cacheclusterconfig\'' '), true);\n', '$endpoint = $cluster_config[\'CacheClusters' '\'][0][\'CacheNodes\'][0][\'Endpoint\'][\'Add' 'ress\'];\n', '$port = $cluster_config[\'CacheClusters\'][0]' '[\'CacheNodes\'][0][\'Endpoint\'][\'Port\'];' '\n', '\n', 'echo \"<p>Connecting to Redis Cache Cluster ' 'node \'{$endpoint}\' on port {$port}</p>\";' '\n', '\n', '$redis=new Redis();\n', '$redis->connect($endpoint, $port);\n', '$redis->set(\'testkey\', \'Hello World!\');' '\n', '$return = $redis->get(\'testkey\');\n', '\n', 'echo \"<p>Retrieved value: $return</p>\";' '\n', '?>\n' ]), mode='000644', owner='apache', group='apache' ), '/etc/cron.d/get_cluster_config': cloudformation.InitFile( content='*/5 * * * * root' ' /usr/local/bin/get_cluster_config', mode='000644', owner='root', group='root' ), '/usr/local/bin/get_cluster_config': cloudformation.InitFile( content=Join('', [ '#! /bin/bash\n', 'aws elasticache describe-cache-clusters ', ' --cache-cluster-id ', Ref('RedisCluster'), ' --show-cache-node-info' ' --region ', Ref('AWS::Region'), ' > /tmp/cacheclusterconfig\n' ]), mode='000755', owner='root', group='root' ), '/usr/local/bin/install_phpredis': cloudformation.InitFile( content=Join('', [ '#! /bin/bash\n', 'cd /tmp\n', 'wget https://github.com/nicolasff/' 'phpredis/zipball/master -O phpredis.zip' '\n', 'unzip phpredis.zip\n', 'cd nicolasff-phpredis-*\n', 'phpize\n', './configure\n', 'make && make install\n', 'touch /etc/php.d/redis.ini\n', 'echo extension=redis.so > /etc/php.d/' 'redis.ini\n' ]), mode='000755', owner='root', group='root' ), '/etc/cfn/cfn-hup.conf': cloudformation.InitFile( content=Join('', [ '[main]\n', 'stack=', Ref('AWS::StackId'), '\n', 'region=', Ref('AWS::Region'), '\n' ]), mode='000400', owner='root', group='root' ), '/etc/cfn/hooks.d/cfn-auto-reloader.conf': cloudformation.InitFile( content=Join('', [ '[cfn-auto-reloader-hook]\n', 'triggers=post.update\n', 'path=Resources.WebServerInstance.Metadata' '.AWS::CloudFormation::Init\n', 'action=/opt/aws/bin/cfn-init -v ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n', 'runas=root\n' ]), # Why doesn't the Amazon template have this? # mode='000400', # owner='root', # group='root' ), }), commands={ '01-install_phpredis': { 'command': '/usr/local/bin/install_phpredis' }, '02-get-cluster-config': { 'command': '/usr/local/bin/get_cluster_config' } }, services={ "sysvinit": cloudformation.InitServices({ "httpd": cloudformation.InitService( enabled=True, ensureRunning=True, ), "cfn-hup": cloudformation.InitService( enabled=True, ensureRunning=True, files=['/etc/cfn/cfn-hup.conf', '/etc/cfn/hooks.d/' 'cfn-auto-reloader.conf'] ), }), }, ) }) ), ImageId=FindInMap('AWSRegionArch2AMI', Ref('AWS::Region'), FindInMap('AWSInstanceType2Arch', Ref(instancetype), 'Arch')), InstanceType=Ref(instancetype), SecurityGroups=[Ref(webserversg)], KeyName=Ref(keyname), IamInstanceProfile=Ref(webserverinstanceprofile), UserData=Base64(Join('', [ '#!/bin/bash -xe\n', 'yum update -y aws-cfn-bootstrap\n', '# Setup the PHP sample application\n', '/opt/aws/bin/cfn-init -v ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n', '# Signal the status of cfn-init\n', '/opt/aws/bin/cfn-signal -e $? ', ' --stack ', Ref('AWS::StackName'), ' --resource WebServerInstance ', ' --region ', Ref('AWS::Region'), '\n' ])), CreationPolicy=CreationPolicy( ResourceSignal=ResourceSignal(Timeout='PT15M') ), Tags=Tags(Application=Ref('AWS::StackId'), Details='Created using Troposhpere') )) redisclustersg = template.add_resource(elasticache.SecurityGroup( 'RedisClusterSecurityGroup', Description='Lock the cluster down', )) template.add_resource(elasticache.SecurityGroupIngress( 'RedisClusterSecurityGroupIngress', CacheSecurityGroupName=Ref(redisclustersg), EC2SecurityGroupName=Ref(webserversg), )) template.add_resource(elasticache.CacheCluster( 'RedisCluster', Engine='redis', CacheNodeType=Ref(cachenodetype), NumCacheNodes='1', CacheSecurityGroupNames=[Ref(redisclustersg)], )) # Outputs template.add_output([ Output( 'WebsiteURL', Description='Application URL', Value=Join('', [ 'http://', GetAtt(webserverinstance, 'PublicDnsName'), ]) ) ]) # Print CloudFormation Template print(template.to_json())
from troposphere import Parameter, Output, Ref, Template import troposphere.ec2 as ec2 template = Template() keyname_param = template.add_parameter(Parameter( "KeyName", Type="String", Description="Name of an existing EC2 KeyPair to enable SSH", Default="pduleba-eu-west-1-key-pair", )) template.add_mapping('RegionMap', { "eu-west-1": {"AMI": "ami-01720b5f421cf0179"}, "eu-west-2": {"AMI": "ami-0e80a462ede03e653"}, "eu-west-3": {"AMI": "ami-000bdaf1845abe910"}, "eu-north-1": {"AMI": "ami-01d2b64cb4bdfe5db"}, "eu-south-1": {"AMI": "ami-04a490111f1f73f3a"}, "eu-central-1": {"AMI": "ami-03c3a7e4263fd998c"} }) ec2_instance = template.add_resource(ec2.Instance( "Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=["default"], UserData=Base64("80") )) template.add_output([ Output(
template.add_mapping( 'RegionMap', { "ap-south-1": { "AMI": "ami-0937dcc711d38ef3f" }, "eu-west-3": { "AMI": "ami-0854d53ce963f69d8" }, "eu-north-1": { "AMI": "ami-6d27a913" }, "eu-west-2": { "AMI": "ami-0664a710233d7c148" }, "eu-west-1": { "AMI": "ami-0fad7378adf284ce0" }, "ap-northeast-2": { "AMI": "ami-018a9a930060d38aa" }, "ap-northeast-1": { "AMI": "ami-0d7ed3ddb85b521a6" }, "sa-east-1": { "AMI": "ami-0b04450959586da29" }, "ca-central-1": { "AMI": "ami-0de8b8e4bc1f125fe" }, "ap-southeast-1": { "AMI": "ami-04677bdaa3c2b6e24" }, "ap-southeast-2": { "AMI": "ami-0c9d48b5db609ad6e" }, "eu-central-1": { "AMI": "ami-0eaec5838478eb0ba" }, "us-east-1": { "AMI": "ami-035be7bafff33b6b6" }, "us-east-2": { "AMI": "ami-04328208f4f0cf1fe" }, "us-west-1": { "AMI": "ami-0799ad445b5727125" }, "us-west-2": { "AMI": "ami-032509850cf9ee54e" } })
t.add_mapping( "CENTOS7", { "eu-west-1": { "AMI": "ami-33734044" }, "ap-southeast-1": { "AMI": "ami-2a7b6b78" }, "ap-southeast-2": { "AMI": "ami-d38dc6e9" }, "eu-central-1": { "AMI": "ami-e68f82fb" }, "ap-northeast-1": { "AMI": "ami-b80b6db8" }, "us-east-1": { "AMI": "ami-61bbf104" }, "sa-east-1": { "AMI": "ami-fd0197e0" }, "us-west-1": { "AMI": "ami-f77fbeb3" }, "us-west-2": { "AMI": "ami-d440a6e7" } })
t.add_mapping( 'RegionMap', { "us-east-1": { "hostedzoneID": "Z3AQBSTGFYJSTF", "websiteendpoint": "s3-website-us-east-1.amazonaws.com" }, "us-west-1": { "hostedzoneID": "Z2F56UZL2M1ACD", "websiteendpoint": "s3-website-us-west-1.amazonaws.com" }, "us-west-2": { "hostedzoneID": "Z3BJ6K6RIION7M", "websiteendpoint": "s3-website-us-west-2.amazonaws.com" }, "eu-west-1": { "hostedzoneID": "Z1BKCTXD74EZPE", "websiteendpoint": "s3-website-eu-west-1.amazonaws.com" }, "ap-southeast-1": { "hostedzoneID": "Z3O0J2DXBE1FTB", "websiteendpoint": "s3-website-ap-southeast-1.amazonaws.com" }, "ap-southeast-2": { "hostedzoneID": "Z1WCIGYICN2BYD", "websiteendpoint": "s3-website-ap-southeast-2.amazonaws.com" }, "ap-northeast-1": { "hostedzoneID": "Z2M4EHUR26P7ZW", "websiteendpoint": "s3-website-ap-northeast-1.amazonaws.com" }, "sa-east-1": { "hostedzoneID": "Z31GFT0UA1I2HV", "websiteendpoint": "s3-website-sa-east-1.amazonaws.com" }, "cloudfront": { "hostedzoneID": "Z2FDTNDATAQYW2" } })
def create(): es = Template() es.add_description("Stack defining the elasticsearch instance") # Get latest AMIs def getAMI(region): AMIMap = {} print("Getting latest AMZN linux AMI in %s" % region) ec2conn = boto.ec2.connect_to_region(region) images = ec2conn.get_all_images(owners=["amazon"], filters={"name": "amzn-ami-hvm-*.x86_64-gp2"}) latestDate = "" latestAMI = "" for image in images: if image.creationDate > latestDate: latestDate = image.creationDate latestAMI = image.id AMIMap[region] = {"id": latestAMI} return AMIMap # Create AMI Map es.add_mapping("AMIMap",getAMI(region)) # Create es VPC esVPC = es.add_resource( VPC( "esVPC", CidrBlock="10.0.0.0/16", Tags=Tags( Name="esVPC" ) ) ) # Create es IGW esIGW = es.add_resource( InternetGateway( "esIGW" ) ) # Attach IGW to VPC esIGWAttachment = es.add_resource( VPCGatewayAttachment( "esIGWAttachment", VpcId=Ref(esVPC), InternetGatewayId=Ref(esIGW) ) ) # Create es Subnet esSubnet = es.add_resource( Subnet( "esSubnet", CidrBlock="10.0.0.0/24", VpcId=Ref(esVPC) ) ) # Create es RTB esRTB = es.add_resource( RouteTable( "esRTB", VpcId=Ref(esVPC) ) ) # Create route to IGW esDefaultRoute = es.add_resource( Route( "esDefaultRoute", DependsOn="esIGWAttachment", GatewayId=Ref(esIGW), DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(esRTB) ) ) # Associate RTB with Subnet esSubnetRTBAssociation = es.add_resource( SubnetRouteTableAssociation( "esSubnetRTBAssociation", SubnetId=Ref(esSubnet), RouteTableId=Ref(esRTB) ) ) # Create es Security Group esSecurityGroup = es.add_resource( SecurityGroup( "esSecurityGroup", GroupDescription="Allow inbound access on port 9200", SecurityGroupIngress=[ SecurityGroupRule( IpProtocol="tcp", FromPort="9200", ToPort="9200", CidrIp="0.0.0.0/0" ) ], VpcId=Ref(esVPC) ) ) # Create es instance metadata esInstanceMetadata = Metadata( Init( # Use ConfigSets to ensure GPG key and repo file are in place # before trying to install elasticsearch InitConfigSets( ordered=["first","second"] ), first=InitConfig( files=InitFiles( { # cfn-hup notices when the cloudformation stack is changed "/etc/cfn/cfn-hup.conf": InitFile( content=Join("", [ "[main]\n", "stack=",Ref("AWS::StackName"),"\n", "region=",Ref("AWS::Region"),"\n" ] ), mode="000400", owner="root", group="root" ), # cfn-hup will then trigger cfn-init to run. # This lets us update the instance just by updating the stack "/etc/cfn/hooks.d/cfn-auto-reloader.conf": InitFile( content=Join("", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.esInstance.Metadata\n", "action=/opt/aws/bin/cfn-init -v --stack ", Ref("AWS::StackName"), " ", "--resource esInstance ", "--region ", Ref("AWS::Region"), " ", "--c ordered\n" "runas=root\n" ] ), mode="000400", owner="root", group="root" ), # repo file for elastic search "/etc/yum.repos.d/elasticsearch.repo": InitFile( content=Join("", [ "[elasticsearch-2.x]\n", "name=Elasticsearch repository for 2.x packages\n", "baseurl=http://packages.elastic.co/elasticsearch/2.x/centos\n", "gpgcheck=1\n", "gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch\n", "enabled=1\n" ] ), mode="000400", owner="root", group="root" ) } ), commands={ # Install elasticsearch key so package will install "installGPG": { "command": "rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch" } } ), second=InitConfig( packages={ "yum": { # Install elasticsearch "elasticsearch": [], } }, commands={ # Enable external access to elasticsearch "listenOnAllinterfaces": { "command": "echo \"network.host: 0.0.0.0\" >> /etc/elasticsearch/elasticsearch.yml" } }, services={ "sysvinit": InitServices( { "elasticsearch": InitService( enabled=True, ensureRunning=True ), "cfn-hup": InitService( enabled=True, ensureRunning=True, files=[ "/etc/cfn/cfn-hup.conf", "/etc/cfn/hooks.d/cfn-auto-reloader.conf" ] ) } ) } ) ) ) # Create es Instance esInstance = es.add_resource( Instance( "esInstance", ImageId=FindInMap("AMIMap",Ref("AWS::Region"),"id"), InstanceType="t2.micro", Metadata=esInstanceMetadata, UserData=Base64( Join("", [ "#!/bin/bash\n", "/opt/aws/bin/cfn-init -v ", "--stack ", Ref("AWS::StackName"), " ", "--resource esInstance ", "--region ", Ref("AWS::Region"), " ", "-c ordered" ] ) ), NetworkInterfaces=[ NetworkInterfaceProperty( GroupSet=[ Ref(esSecurityGroup) ], AssociatePublicIpAddress="true", DeviceIndex="0", DeleteOnTermination="true", SubnetId=Ref(esSubnet), ) ], Tags=Tags( Name="esInstance" ) ) ) # Output address es.add_output( [Output ("esAddress", Description="Elastic Search address", Value=Join("", [ "http://", GetAtt("esInstance", "PublicIp"), ":9200/" ] ) ) ] ) return es
ConstraintDescription = "must be a valid EC2 instance type" )) java_license = template.add_parameter(Parameter( "OracleJava", Description = "Type 'yes' to accept the Oracle Java license found here: http://www.oracle.com/technetwork/java/javase/terms/license/index.html", Type = "String", AllowedValues = [ "yes", "YES", "'yes'", "Yes" ], ConstraintDescription = "Type 'yes' to agree to the license" )) template.add_mapping('RegionMap', { "us-east-1": {"AMI": "ami-7724131e"}, "us-west-1": {"AMI": "ami-3cdcef79"}, "us-west-2": {"AMI": "ami-a86f0998"}, "eu-west-1": {"AMI": "ami-a8e10bdf"}, "sa-east-1": {"AMI": "ami-4bf85856"}, "ap-southeast-1": {"AMI": "ami-149fc846"}, "ap-southeast-2": {"AMI": "ami-e5d749df"}, "ap-northeast-1": {"AMI": "ami-8f39568e"} }) # Create a security group sg = template.add_resource(ec2.SecurityGroup('AsgardSecurityGroup')) sg.GroupDescription = 'Access to Asgard Instance' sg.SecurityGroupIngress = [ ec2.SecurityGroupRule( IpProtocol = 'tcp', FromPort = '22', ToPort = '22', CidrIp = '0.0.0.0/0' ),
def flocker_docker_template(cluster_size, client_ami_map, node_ami_map): """ :param int cluster_size: The number of nodes to create in the Flocker cluster (including control service node). :param dict client_ami_map: A map between AWS region name and AWS AMI ID for the client. :param dict node_ami_map: A map between AWS region name and AWS AMI ID for the node. :returns: a CloudFormation template for a Flocker + Docker + Docker Swarm cluster. """ # Base JSON template. template = Template() # Keys corresponding to CloudFormation user Inputs. access_key_id_param = template.add_parameter( Parameter( "AmazonAccessKeyID", Description="Required: Your Amazon AWS access key ID", Type="String", NoEcho=True, AllowedPattern="[\w]+", MinLength="16", MaxLength="32", )) secret_access_key_param = template.add_parameter( Parameter( "AmazonSecretAccessKey", Description="Required: Your Amazon AWS secret access key", Type="String", NoEcho=True, MinLength="1", )) keyname_param = template.add_parameter( Parameter( "EC2KeyPair", Description= "Required: Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="AWS::EC2::KeyPair::KeyName", )) template.add_parameter( Parameter( "S3AccessPolicy", Description="Required: Is current IAM user allowed to access S3? " "S3 access is required to distribute Flocker and Docker " "configuration amongst stack nodes. Reference: " "http://docs.aws.amazon.com/IAM/latest/UserGuide/" "access_permissions.html Stack creation will fail if user " "cannot access S3", Type="String", AllowedValues=["Yes"], )) volumehub_token = template.add_parameter( Parameter( "VolumeHubToken", Description=("Optional: Your Volume Hub token. " "You'll find the token at " "https://volumehub.clusterhq.com/v1/token."), Type="String", Default="", )) template.add_mapping('RegionMapClient', {k: { "AMI": v } for k, v in client_ami_map.items()}) template.add_mapping('RegionMapNode', {k: { "AMI": v } for k, v in node_ami_map.items()}) # Select a random AvailabilityZone within given AWS Region. zone = Select(0, GetAZs("")) # S3 bucket to hold {Flocker, Docker, Swarm} configuration for distribution # between nodes. s3bucket = Bucket('ClusterConfig', DeletionPolicy='Retain') template.add_resource(s3bucket) # Create SecurityGroup for cluster instances. instance_sg = template.add_resource( ec2.SecurityGroup( "InstanceSecurityGroup", GroupDescription=( "Enable ingress access on all protocols and ports."), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol=protocol, FromPort="0", ToPort="65535", CidrIp="0.0.0.0/0", ) for protocol in ('tcp', 'udp') ])) # Base for post-boot {Flocker, Docker, Swarm} configuration on the nodes. base_user_data = [ '#!/bin/bash\n', 'aws_region="', Ref("AWS::Region"), '"\n', 'aws_zone="', zone, '"\n', 'access_key_id="', Ref(access_key_id_param), '"\n', 'secret_access_key="', Ref(secret_access_key_param), '"\n', 's3_bucket="', Ref(s3bucket), '"\n', 'stack_name="', Ref("AWS::StackName"), '"\n', 'volumehub_token="', Ref(volumehub_token), '"\n', 'node_count="{}"\n'.format(cluster_size), 'apt-get update\n', ] # XXX Flocker agents are indexed from 1 while the nodes overall are indexed # from 0. flocker_agent_number = 1 # Gather WaitConditions wait_condition_names = [] for i in range(cluster_size): if i == 0: node_name = CONTROL_NODE_NAME else: node_name = AGENT_NODE_NAME_TEMPLATE.format(index=i) # Create an EC2 instance for the {Agent, Control} Node. ec2_instance = ec2.Instance(node_name, ImageId=FindInMap("RegionMapNode", Ref("AWS::Region"), "AMI"), InstanceType="m3.large", KeyName=Ref(keyname_param), SecurityGroups=[Ref(instance_sg)], AvailabilityZone=zone, Tags=Tags(Name=node_name)) # WaitCondition and corresponding Handler to signal completion # of {Flocker, Docker, Swarm} configuration on the node. wait_condition_handle = WaitConditionHandle( INFRA_WAIT_HANDLE_TEMPLATE.format(node=node_name)) template.add_resource(wait_condition_handle) wait_condition = WaitCondition( INFRA_WAIT_CONDITION_TEMPLATE.format(node=node_name), Handle=Ref(wait_condition_handle), Timeout=NODE_CONFIGURATION_TIMEOUT, ) template.add_resource(wait_condition) # Gather WaitConditions wait_condition_names.append(wait_condition.name) user_data = base_user_data[:] user_data += [ 'node_number="{}"\n'.format(i), 'node_name="{}"\n'.format(node_name), 'wait_condition_handle="', Ref(wait_condition_handle), '"\n', ] # Setup S3 utilities to push/pull node-specific data to/from S3 bucket. user_data += _sibling_lines(S3_SETUP) if i == 0: # Control Node configuration. control_service_instance = ec2_instance user_data += ['flocker_node_type="control"\n'] user_data += _sibling_lines(FLOCKER_CONFIGURATION_GENERATOR) user_data += _sibling_lines(DOCKER_SWARM_CA_SETUP) user_data += _sibling_lines(DOCKER_SETUP) # Setup Swarm 1.0.1 user_data += _sibling_lines(SWARM_MANAGER_SETUP) template.add_output([ Output( "ControlNodeIP", Description="Public IP of Flocker Control and " "Swarm Manager.", Value=GetAtt(ec2_instance, "PublicIp"), ) ]) else: # Agent Node configuration. ec2_instance.DependsOn = control_service_instance.name user_data += [ 'flocker_node_type="agent"\n', 'flocker_agent_number="{}"\n'.format(flocker_agent_number) ] flocker_agent_number += 1 user_data += _sibling_lines(DOCKER_SETUP) # Setup Swarm 1.0.1 user_data += _sibling_lines(SWARM_NODE_SETUP) template.add_output([ Output( "AgentNode{}IP".format(i), Description=( "Public IP of Agent Node for Flocker and Swarm."), Value=GetAtt(ec2_instance, "PublicIp"), ) ]) user_data += _sibling_lines(FLOCKER_CONFIGURATION_GETTER) user_data += _sibling_lines(VOLUMEHUB_SETUP) user_data += _sibling_lines(SIGNAL_CONFIG_COMPLETION) ec2_instance.UserData = Base64(Join("", user_data)) template.add_resource(ec2_instance) # Client Node creation. client_instance = ec2.Instance(CLIENT_NODE_NAME, ImageId=FindInMap("RegionMapClient", Ref("AWS::Region"), "AMI"), InstanceType="m3.medium", KeyName=Ref(keyname_param), SecurityGroups=[Ref(instance_sg)], AvailabilityZone=zone, Tags=Tags(Name=CLIENT_NODE_NAME)) wait_condition_handle = WaitConditionHandle(CLIENT_WAIT_HANDLE) template.add_resource(wait_condition_handle) wait_condition = WaitCondition( CLIENT_WAIT_CONDITION, Handle=Ref(wait_condition_handle), Timeout=NODE_CONFIGURATION_TIMEOUT, ) template.add_resource(wait_condition) # Client Node {Flockerctl, Docker-compose} configuration. user_data = base_user_data[:] user_data += [ 'wait_condition_handle="', Ref(wait_condition_handle), '"\n', 'node_number="{}"\n'.format("-1"), ] user_data += _sibling_lines(S3_SETUP) user_data += _sibling_lines(CLIENT_SETUP) user_data += _sibling_lines(SIGNAL_CONFIG_COMPLETION) client_instance.UserData = Base64(Join("", user_data)) # Start Client Node after Control Node and Agent Nodes are # up and running Flocker, Docker, Swarm stack. client_instance.DependsOn = wait_condition_names template.add_resource(client_instance) # List of Output fields upon successful creation of the stack. template.add_output([ Output( "ClientNodeIP", Description="Public IP address of the client node.", Value=GetAtt(client_instance, "PublicIp"), ) ]) template.add_output( Output( "ClientConfigDockerSwarmHost", Value=Join("", [ "export DOCKER_HOST=tcp://", GetAtt(control_service_instance, "PublicIp"), ":2376" ]), Description="Client config: Swarm Manager's DOCKER_HOST setting.")) template.add_output( Output("ClientConfigDockerTLS", Value="export DOCKER_TLS_VERIFY=1", Description="Client config: Enable TLS client for Swarm.")) return template.to_json()
template = Template() keyname_param = template.add_parameter(Parameter( "KeyName", Description="Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="String", )) template.add_mapping('RegionMap', { "us-east-1": {"AMI": "ami-7f418316"}, "us-west-1": {"AMI": "ami-951945d0"}, "us-west-2": {"AMI": "ami-16fd7026"}, "eu-west-1": {"AMI": "ami-24506250"}, "sa-east-1": {"AMI": "ami-3e3be423"}, "ap-southeast-1": {"AMI": "ami-74dda626"}, "ap-northeast-1": {"AMI": "ami-dcfa4edd"} }) ec2_instance = template.add_resource(ec2.Instance( "Ec2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro", KeyName=Ref(keyname_param), SecurityGroups=["default"], UserData=Base64("80") )) instanceSecurityGroup = template.add_resource(
from troposphere import Ref, Template, Parameter, FindInMap ################ Create Template ######################################## base_template = Template() ############### Create Mappings and Parameters ########################### ubuntu_images = [ "ami-07d0cf3af28718ef8", "ami-0cfee17793b08a293", "ami-00d4e9ff62bc40e03" ] '''map ami types''' base_template.add_mapping( "Images", { "18.04": { "Ubuntu": ubuntu_images[0] }, "16.04": { "Ubuntu": ubuntu_images[1] }, "14.04": { "Ubuntu": ubuntu_images[2] } }) '''map instance types''' base_template.add_mapping( "InstanceType", { "18.04": { "type": "t2.medium" }, "16.04": { "type": "t2.medium" }, "14.04": {
), Type="String", Description="Public subnet 1 CIDR block.", ConstraintDescription=( "Must be a valid IP CIDR range of the form x.x.x.x/x and subnet of " "VPC." ) )) t.add_mapping( "AWSNATAMI", { "ap-northeast-1": {"AMI": "ami-03cf3903"}, "ap-southeast-1": {"AMI": "ami-b49dace6"}, "ap-southeast-2": {"AMI": "ami-e7ee9edd"}, "eu-central-1": {"AMI": "ami-46073a5b"}, "eu-west-1": {"AMI": "ami-6975eb1e"}, "sa-east-1": {"AMI": "ami-fbfa41e6"}, "us-east-1": {"AMI": "ami-303b1458"}, "us-west-1": {"AMI": "ami-7da94839"}, "us-west-2": {"AMI": "ami-69ae8259"} } ) vpc = t.add_resource(VPC( "vpc", InstanceTenancy="default", EnableDnsSupport="true", CidrBlock=Ref(vpcCidr), EnableDnsHostnames="true" ))
"remote_user = ec2-user", "become = true", "become_method = sudo", "become_user = root", "EOF", AnsiblePullCmd ]) ) t.add_mapping( 'RegionMap', { "us-west-1": {"AMI": "ami-951945d0"}, "us-west-2": {"AMI": "ami-16fd7026"}, "eu-west-1": {"AMI": "ami-24506250"}, "sa-east-1": {"AMI": "ami-3e3be423"}, "ap-southeast-1": {"AMI": "ami-74dda626"}, "ap-northeast-1": {"AMI": "ami-dcfa4edd"}, "ap-northeast-2": {"AMI": "ami-0d097db2fb6e0f05e"} } ) ec2_instance=t.add_resource( ec2.Instance( "instance", ImageId=FindInMap("RegionMap",Ref("AWS::Region"),"AMI"), InstanceType="t2.micro", KeyName=Ref(keyname_param), SecurityGroupIds=[Ref(security_param)], SubnetId=SubnetID, UserData=ud,
UseEBS = t.add_parameter( Parameter( "UseEBS", Default="no", ConstraintDescription="Must be yes or no only.", Type="String", Description="Use EBS Volumes for the Worker Node", AllowedValues=["yes", "no"], )) UseEBSBool = t.add_condition("UseEBSBool", Equals(Ref(UseEBS), "yes")) t.add_mapping("SubnetConfig", { 'Public': { 'CIDR': '10.0.0.0/24' }, 'VPC': { 'CIDR': '10.0.0.0/16' } }) t.add_mapping( "RHEL66", { 'ap-northeast-1': { 'AMI': 'ami-a15666a0' }, 'ap-southeast-1': { 'AMI': 'ami-3813326a' }, 'ap-southeast-2': { 'AMI': 'ami-55e38e6f' },
def test_max_mappings(self): template = Template() for i in range(0, MAX_MAPPINGS): template.add_mapping(str(i), {"n": "v"}) with self.assertRaises(ValueError): template.add_mapping("mapping", {"n": "v"})
def flocker_docker_template(cluster_size, client_ami_map, node_ami_map): """ :param int cluster_size: The number of nodes to create in the Flocker cluster (including control service node). :param dict client_ami_map: A map between AWS region name and AWS AMI ID for the client. :param dict node_ami_map: A map between AWS region name and AWS AMI ID for the node. :returns: a CloudFormation template for a Flocker + Docker + Docker Swarm cluster. """ # Base JSON template. template = Template() # Keys corresponding to CloudFormation user Inputs. access_key_id_param = template.add_parameter(Parameter( "AmazonAccessKeyID", Description="Required: Your Amazon AWS access key ID", Type="String", NoEcho=True, AllowedPattern="[\w]+", MinLength="16", MaxLength="32", )) secret_access_key_param = template.add_parameter(Parameter( "AmazonSecretAccessKey", Description="Required: Your Amazon AWS secret access key", Type="String", NoEcho=True, MinLength="1", )) keyname_param = template.add_parameter(Parameter( "EC2KeyPair", Description="Required: Name of an existing EC2 KeyPair to enable SSH " "access to the instance", Type="AWS::EC2::KeyPair::KeyName", )) template.add_parameter(Parameter( "S3AccessPolicy", Description="Required: Is current IAM user allowed to access S3? " "S3 access is required to distribute Flocker and Docker " "configuration amongst stack nodes. Reference: " "http://docs.aws.amazon.com/IAM/latest/UserGuide/" "access_permissions.html Stack creation will fail if user " "cannot access S3", Type="String", AllowedValues=["Yes"], )) volumehub_token = template.add_parameter(Parameter( "VolumeHubToken", Description=( "Optional: Your Volume Hub token. " "You'll find the token at " "https://volumehub.clusterhq.com/v1/token." ), Type="String", Default="", )) # Base AMIs pre-baked with the following products: # Docker 1.9.1 # Flocker 1.9.0.dev1+1221.gde4c49f # Please update the version fields above when new AMIs are generated. template.add_mapping( 'RegionMap', { 'client': client_ami_map, 'node': node_ami_map, } ) # Select a random AvailabilityZone within given AWS Region. zone = Select(0, GetAZs("")) # S3 bucket to hold {Flocker, Docker, Swarm} configuration for distribution # between nodes. s3bucket = Bucket('ClusterConfig', DeletionPolicy='Retain') template.add_resource(s3bucket) # Create SecurityGroup for cluster instances. instance_sg = template.add_resource( ec2.SecurityGroup( "InstanceSecurityGroup", GroupDescription=( "Enable ingress access on all protocols and ports." ), SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol=protocol, FromPort="0", ToPort="65535", CidrIp="0.0.0.0/0", ) for protocol in ('tcp', 'udp') ] ) ) # Base for post-boot {Flocker, Docker, Swarm} configuration on the nodes. base_user_data = [ '#!/bin/bash\n', 'aws_region="', Ref("AWS::Region"), '"\n', 'aws_zone="', zone, '"\n', 'access_key_id="', Ref(access_key_id_param), '"\n', 'secret_access_key="', Ref(secret_access_key_param), '"\n', 's3_bucket="', Ref(s3bucket), '"\n', 'stack_name="', Ref("AWS::StackName"), '"\n', 'volumehub_token="', Ref(volumehub_token), '"\n', 'node_count="{}"\n'.format(cluster_size), 'apt-get update\n', ] # XXX Flocker agents are indexed from 1 while the nodes overall are indexed # from 0. flocker_agent_number = 1 # Gather WaitConditions wait_condition_names = [] for i in range(cluster_size): if i == 0: node_name = CONTROL_NODE_NAME else: node_name = AGENT_NODE_NAME_TEMPLATE.format(index=i) # Create an EC2 instance for the {Agent, Control} Node. ec2_instance = ec2.Instance( node_name, ImageId=FindInMap("RegionMap", "node", Ref("AWS::Region")), InstanceType="m3.large", KeyName=Ref(keyname_param), SecurityGroups=[Ref(instance_sg)], AvailabilityZone=zone, Tags=Tags(Name=node_name)) # WaitCondition and corresponding Handler to signal completion # of {Flocker, Docker, Swarm} configuration on the node. wait_condition_handle = WaitConditionHandle( INFRA_WAIT_HANDLE_TEMPLATE.format(node=node_name)) template.add_resource(wait_condition_handle) wait_condition = WaitCondition( INFRA_WAIT_CONDITION_TEMPLATE.format(node=node_name), Handle=Ref(wait_condition_handle), Timeout=NODE_CONFIGURATION_TIMEOUT, ) template.add_resource(wait_condition) # Gather WaitConditions wait_condition_names.append(wait_condition.name) user_data = base_user_data[:] user_data += [ 'node_number="{}"\n'.format(i), 'node_name="{}"\n'.format(node_name), 'wait_condition_handle="', Ref(wait_condition_handle), '"\n', ] # Setup S3 utilities to push/pull node-specific data to/from S3 bucket. user_data += _sibling_lines(S3_SETUP) if i == 0: # Control Node configuration. control_service_instance = ec2_instance user_data += ['flocker_node_type="control"\n'] user_data += _sibling_lines(FLOCKER_CONFIGURATION_GENERATOR) user_data += _sibling_lines(DOCKER_SWARM_CA_SETUP) user_data += _sibling_lines(DOCKER_SETUP) # Setup Swarm 1.0.1 user_data += _sibling_lines(SWARM_MANAGER_SETUP) template.add_output([ Output( "ControlNodeIP", Description="Public IP of Flocker Control and " "Swarm Manager.", Value=GetAtt(ec2_instance, "PublicIp"), ) ]) else: # Agent Node configuration. ec2_instance.DependsOn = control_service_instance.name user_data += [ 'flocker_node_type="agent"\n', 'flocker_agent_number="{}"\n'.format( flocker_agent_number ) ] flocker_agent_number += 1 user_data += _sibling_lines(DOCKER_SETUP) # Setup Swarm 1.0.1 user_data += _sibling_lines(SWARM_NODE_SETUP) template.add_output([ Output( "AgentNode{}IP".format(i), Description=( "Public IP of Agent Node for Flocker and Swarm." ), Value=GetAtt(ec2_instance, "PublicIp"), ) ]) user_data += _sibling_lines(FLOCKER_CONFIGURATION_GETTER) user_data += _sibling_lines(VOLUMEHUB_SETUP) user_data += _sibling_lines(SIGNAL_CONFIG_COMPLETION) ec2_instance.UserData = Base64(Join("", user_data)) template.add_resource(ec2_instance) # Client Node creation. client_instance = ec2.Instance( CLIENT_NODE_NAME, ImageId=FindInMap("RegionMap", "client", Ref("AWS::Region")), InstanceType="m3.medium", KeyName=Ref(keyname_param), SecurityGroups=[Ref(instance_sg)], AvailabilityZone=zone, Tags=Tags(Name=CLIENT_NODE_NAME)) wait_condition_handle = WaitConditionHandle(CLIENT_WAIT_HANDLE) template.add_resource(wait_condition_handle) wait_condition = WaitCondition( CLIENT_WAIT_CONDITION, Handle=Ref(wait_condition_handle), Timeout=NODE_CONFIGURATION_TIMEOUT, ) template.add_resource(wait_condition) # Client Node {Flockerctl, Docker-compose} configuration. user_data = base_user_data[:] user_data += [ 'wait_condition_handle="', Ref(wait_condition_handle), '"\n', 'node_number="{}"\n'.format("-1"), ] user_data += _sibling_lines(S3_SETUP) user_data += _sibling_lines(CLIENT_SETUP) user_data += _sibling_lines(SIGNAL_CONFIG_COMPLETION) client_instance.UserData = Base64(Join("", user_data)) # Start Client Node after Control Node and Agent Nodes are # up and running Flocker, Docker, Swarm stack. client_instance.DependsOn = wait_condition_names template.add_resource(client_instance) # List of Output fields upon successful creation of the stack. template.add_output([ Output( "ClientNodeIP", Description="Public IP address of the client node.", Value=GetAtt(client_instance, "PublicIp"), ) ]) template.add_output(Output( "ClientConfigDockerSwarmHost", Value=Join("", ["export DOCKER_HOST=tcp://", GetAtt(control_service_instance, "PublicIp"), ":2376"]), Description="Client config: Swarm Manager's DOCKER_HOST setting." )) template.add_output(Output( "ClientConfigDockerTLS", Value="export DOCKER_TLS_VERIFY=1", Description="Client config: Enable TLS client for Swarm." )) return template.to_json()
ssh_cidr = template.add_parameter(Parameter( "SshCidr", Description="CIDR block from which to allow SSH access. Restrict this to your IP, if possible.", Type="String", Default="0.0.0.0/0", )) # "16.04 hvm ssd" AMIs from https://cloud-images.ubuntu.com/locator/ec2/ template.add_mapping('RegionMap', { "ap-northeast-1": {"AMI": "ami-0417e362"}, "ap-northeast-2": {"AMI": "ami-536ab33d"}, "ap-south-1": {"AMI": "ami-df413bb0"}, "ap-southeast-1": {"AMI": "ami-9f28b3fc"}, "ap-southeast-2": {"AMI": "ami-bb1901d8"}, "ca-central-1": {"AMI": "ami-a9c27ccd"}, "eu-central-1": {"AMI": "ami-958128fa"}, "eu-west-1": {"AMI": "ami-674cbc1e"}, "eu-west-2": {"AMI": "ami-03998867"}, "sa-east-1": {"AMI": "ami-a41869c8"}, "us-east-1": {"AMI": "ami-1d4e7a66"}, "us-east-2": {"AMI": "ami-dbbd9dbe"}, "us-west-1": {"AMI": "ami-969ab1f6"}, "us-west-2": {"AMI": "ami-8803e0f0"}, }) security_group = template.add_resource(ec2.SecurityGroup( 'SecurityGroup', GroupDescription='Allows SSH access from SshCidr and HTTP/HTTPS access from anywhere.', SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol='tcp', FromPort=22,
import troposphere.elasticloadbalancing as elb import argparse # Depends on already created VPC. t = Template() vpcid_param = t.add_parameter(Parameter("VpcId", Description="VpcId of the existing VPC", Type="String")) subnetid_param = t.add_parameter( Parameter( "SubnetId", Description="SubnetId of an existing subnet (for the primary network) in the VPC", Type="String" ) ) t.add_mapping("RegionMap", {"us-east-1": {"AMI": "ami-7f418316"}, "us-west-1": {"AMI": "ami-951945d0"}}) frontend_ec2_sg = t.add_resource( ec2.SecurityGroup( "rzienertHttpSecurityGroup", VpcId=Ref(vpcid_param), GroupDescription="Enable HTTP traffic for frontend class servers", SecurityGroupIngress=[ec2.SecurityGroupRule(IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0")], ) ) ec2_instance = t.add_resource( ec2.Instance( "rzienertEC2Instance", ImageId=FindInMap("RegionMap", Ref("AWS::Region"), "AMI"), InstanceType="t1.micro",
def generate_stack_template(): template = Template() generate_description(template) generate_version(template) # ---Parameters------------------------------------------------------------ param_vpc_id = Parameter( 'VpcIdentifer', Description='The identity of the VPC (vpc-abcdwxyz) in which this stack shall be created.', Type='AWS::EC2::VPC::Id', ) template.add_parameter(param_vpc_id) param_vpc_cidr_block = Parameter( 'VpcCidrBlock', Description='The CIDR block of the VPC (w.x.y.z/n) in which this stack shall be created.', Type='String', Default='10.0.0.0/16' ) template.add_parameter(param_vpc_cidr_block) param_database_instance_subnet_id = Parameter( 'VpcSubnetIdentifer', Description='The identity of the private subnet (subnet-abcdwxyz) in which the database server shall be created.', Type='AWS::EC2::Subnet::Id', ) template.add_parameter(param_database_instance_subnet_id) param_keyname = Parameter( 'PemKeyName', Description='Name of an existing EC2 KeyPair file (.pem) to use to create EC2 instances', Type='AWS::EC2::KeyPair::KeyName' ) template.add_parameter(param_keyname) param_instance_type = Parameter( 'EC2InstanceType', Description='EC2 instance type, reference this parameter to insure consistency', Type='String', Default='t2.medium', # Prices from (2015-12-03) (Windows, us-west (North CA)) AllowedValues=[ # Source : https://aws.amazon.com/ec2/pricing/ 't2.small', # $0.044/hour 't2.micro', # $0.022/hour 't2.medium', # $0.088/hour 't2.large', # $0.166/hour 'm3.medium', # $0.140/hour 'm3.large', # $0.28/hour 'c4.large' # $0.221/hour ], ConstraintDescription='Must be a valid EC2 instance type' ) template.add_parameter(param_instance_type) param_s3_bucket = Parameter( 'S3Bucket', Description='The bucket in which applicable content can be found.', Type='String', Default='author-it-deployment-test-us-east-1' ) template.add_parameter(param_s3_bucket) param_s3_key = Parameter( 'S3Key', Description='The key within the bucket in which relevant files are located.', Type='String', Default='source/database/postgresql/single' ) template.add_parameter(param_s3_key) param_database_admin_password = Parameter( 'PostgresAdminPassword', Description='The password to be used by user postgres.', Type='String', NoEcho=True ) template.add_parameter(param_database_admin_password) #---Mappings--------------------------------------------------------------- mapping_environment_attribute_map = template.add_mapping( 'EnvironmentAttributeMap', { 'ap-southeast-1': { 'DatabaseServerAmi': 'ami-1ddc0b7e' }, 'ap-southeast-2': { 'DatabaseServerAmi': 'ami-0c95b86f' }, 'us-east-1': { 'DatabaseServerAmi': 'ami-a4827dc9' }, 'us-west-1': { 'DatabaseServerAmi': 'ami-f5f41398' } } ) # ---Resources------------------------------------------------------------- ref_stack_id = Ref('AWS::StackId') ref_region = Ref('AWS::Region') ref_stack_name = Ref('AWS::StackName') path_database_admin_script = 'usr/ec2-user/postgresql/set_admin_password.sql' name_database_server_wait_handle = 'DatabaseServerWaitHandle' cmd_postgresql_initdb = dict( command='service postgresql-95 initdb' ) cmd_start_postgresql_service = dict( command='service postgresql-95 start' ) cmd_set_postgres_user_password = dict( command='psql -U postgres -f %s' % path_database_admin_script ) cmd_start_postgresql_on_startup = dict( command='chkconfig postgresql on' ) cmd_signal_success = dict( command='cfn-signal --exit-code $?' ) # Create an instance of AWS::IAM::Role for the instance. # This allows: # - Access to S3 bucket content. # - Stack updates resource_instance_role = template.add_resource(iam.Role( 'InstanceRole', AssumeRolePolicyDocument=Policy( Statement=[ Statement( Action=[AssumeRole], Effect=Allow, Principal=Principal( 'Service', ['ec2.amazonaws.com'] ) ) ] ), Path='/' )) # Create the S3 policy and attach it to the role. template.add_resource(iam.PolicyType( 'InstanceS3DownloadPolicy', PolicyName='S3Download', PolicyDocument={ 'Statement':[ { 'Effect': 'Allow', 'Action': ['s3:GetObject'], 'Resource': Join('', [ 'arn:aws:s3:::', Ref(param_s3_bucket), '/*' ]) }, { 'Effect': 'Allow', 'Action': ['cloudformation:DescribeStacks', 'ec2:DescribeInstances'], 'Resource': '*' } ] }, Roles=[Ref(resource_instance_role)] )) # Create the CloudFormation stack update policy and attach it to the role. template.add_resource(iam.PolicyType( 'InstanceStackUpdatePolicy', PolicyName='StackUpdate', PolicyDocument={ 'Statement':[ { "Effect" : "Allow", "Action" : "Update:*", "Resource" : "*" } ] }, Roles=[Ref(resource_instance_role)] )) # Create the AWS::IAM::InstanceProfile from the role for reference in the # database server instance definition. resource_instance_profile = template.add_resource(iam.InstanceProfile( 'InstanceProfile', Path='/', Roles=[Ref(resource_instance_role)] )) # Create a security group for the postgresql instance. # This must be internal to the VPC only. name_security_group_database = 'VpcDatabaseSecurityGroup' resource_database_security_group = ec2.SecurityGroup( name_security_group_database, GroupDescription=Join(' ', ['Security group for VPC database', Ref(param_vpc_id)]), Tags=Tags(Name=name_security_group_database), VpcId=Ref(param_vpc_id) ) template.add_resource(resource_database_security_group) template.add_output( Output( 'SecurityGroupForDatabase', Description='Security group created for database in VPC.', Value=Ref(resource_database_security_group) ) ) # Add ingress rule from VPC to database security group for database traffic. database_port = 5432 ssh_port = 22 template.add_resource(ec2.SecurityGroupIngress( 'DatabaseSecurityGroupDatabaseIngress', CidrIp=Ref(param_vpc_cidr_block), FromPort=str(database_port), GroupId=Ref(resource_database_security_group), IpProtocol='tcp', ToPort=str(database_port) )) # Add ingress rule from VPC to database security group for ssh traffic. ssh_port = 22 template.add_resource(ec2.SecurityGroupIngress( 'DatabaseSecurityGroupSshIngress', CidrIp=Ref(param_vpc_cidr_block), FromPort=str(ssh_port), GroupId=Ref(resource_database_security_group), IpProtocol='tcp', ToPort=str(ssh_port) )) # Create the metadata for the database instance. name_database_server = 'DatabaseServer' database_instance_metadata = cloudformation.Metadata( cloudformation.Init({ 'config': cloudformation.InitConfig( packages={ 'rpm': { 'postgresql': 'https://download.postgresql.org/pub/repos/yum/9.5/redhat/rhel-6-x86_64/pgdg-ami201503-95-9.5-2.noarch.rpm' }, 'yum': { 'postgresql95': [], 'postgresql95-libs': [], 'postgresql95-server': [], 'postgresql95-devel': [], 'postgresql95-contrib': [], 'postgresql95-docs': [] } }, files=cloudformation.InitFiles({ # cfn-hup.conf initialization '/etc/cfn/cfn-hup.conf': cloudformation.InitFile( content=Join('', [ '[main]\n', 'stack=', ref_stack_id, '\n', 'region=', ref_region, '\n', 'interval=2', '\n', 'verbose=true', '\n' ]), mode='000400', owner='root', group='root' ), # cfn-auto-reloader.conf initialization '/etc/cfn/cfn-auto-reloader.conf': cloudformation.InitFile( content=Join('', [ '[cfn-auto-reloader-hook]\n', 'triggers=post.update\n', 'path=Resources.%s.Metadata.AWS::CloudFormation::Init\n' % name_database_server, 'action=cfn-init.exe ', ' --verbose ' ' --stack ', ref_stack_name, ' --resource %s ' % name_database_server, # resource that defines the Metadata ' --region ', ref_region, '\n' ]), mode='000400', owner='root', group='root' ), # # pg_hba.conf retrieval from S3 '/var/lib/pgsql9/data/pg_hba.conf': cloudformation.InitFile( source=Join('/', [ # Join('', ['https://s3-', ref_region, '.', 'amazonaws.com']), 'https://s3.amazonaws.com', Ref(param_s3_bucket), Ref(param_s3_key), 'conf' 'pg_hba.conf' ]), mode='000400', owner='root', group='root' ), # postgresql.conf retrieval from S3 '/var/lib/pgsql9/data/postgresql.conf': cloudformation.InitFile( source=Join('/', [ #Join('', ['https://s3-', ref_region, '.', 'amazonaws.com']), 'https://s3.amazonaws.com', Ref(param_s3_bucket), Ref(param_s3_key), 'conf' 'postgresql.conf' ]), mode='000400', owner='root', group='root' ), # pg_ident.conf retrieval from S3 '/var/lib/pgsql9/data/pg_ident.conf': cloudformation.InitFile( source=Join('/', [ #Join('', ['https://s3-', ref_region, '.', 'amazonaws.com']), 'https://s3.amazonaws.com', Ref(param_s3_bucket), Ref(param_s3_key), 'conf' 'pg_ident.conf' ]), mode='000400', owner='root', group='root' ), # script to set postgresql admin password. # (admin user = '******') path_database_admin_script: cloudformation.InitFile( source=Join('', [ 'ALTER USER postgres WITH PASSWORD ', Ref(param_database_admin_password), ';', '\n' ]) ) }), commands={ '10-postgresql_initdb': cmd_postgresql_initdb, '20-start_postgresql_service': cmd_start_postgresql_service, '30-set-postgres-user-password': cmd_set_postgres_user_password, '40-start-postgresql-on-startup': cmd_start_postgresql_on_startup, #'99-signal-success': cmd_signal_success }, services=dict( sysvinit=cloudformation.InitServices( { # start cfn-hup service - # required for CloudFormation stack update 'cfn-hup': cloudformation.InitService( enabled=True, ensureRunning=True, files=[ '/etc/cfn/cfn-hup.conf', '/etc/cfn/hooks.d/cfn-auto-reloader.conf' ] ), # start postgresql service 'postgresql-9.5': cloudformation.InitService( enabled=True, ensureRunning=True ), # Disable sendmail service - not required. 'sendmail': cloudformation.InitService( enabled=False, ensureRunning=False ) } ) ) ) }), cloudformation.Authentication({ 'S3AccessCredentials': cloudformation.AuthenticationBlock( buckets=[Ref(param_s3_bucket)], roleName=Ref(resource_instance_role), type='S3' ) }) ) # Add a wait handle to receive the completion signal. #resource_database_server_wait_handle = template.add_resource( # cloudformation.WaitConditionHandle( # name_database_server_wait_handle # ) # ) #template.add_resource( # cloudformation.WaitCondition( # 'DatabaseServerWaitCondition', # DependsOn=name_database_server, # Handle=Ref(resource_database_server_wait_handle), # Timeout=300, # ) #) resource_database_server = ec2.Instance( name_database_server, DependsOn=name_security_group_database, IamInstanceProfile=Ref(resource_instance_profile), Metadata=database_instance_metadata, ImageId=FindInMap('EnvironmentAttributeMap', ref_region, 'DatabaseServerAmi'), InstanceType=Ref(param_instance_type), KeyName=Ref(param_keyname), SecurityGroupIds=[Ref(resource_database_security_group)], SubnetId=Ref(param_database_instance_subnet_id), Tags=Tags(Name=name_database_server, VPC=Ref(param_vpc_id)), UserData=Base64( Join( '', [ '#!/bin/bash -xe\n', 'yum update -y aws-cfn-bootstrap\n', '/opt/aws/bin/cfn-init --verbose ', ' --stack ', ref_stack_name, ' --resource DatabaseServer ', ' --region ', ref_region, '\n', '/opt/aws/bin/cfn-signal --exit-code $? ', ' --stack ', ref_stack_name, ' --resource ', name_database_server, '\n' ] ) ) ) template.add_resource(resource_database_server) template.add_output( Output('DatabaseServer', Description='PostgreSQL single instance database server', Value=Ref(resource_database_server) ) ) return template
instance_type = template.add_parameter(Parameter( "InstanceType", Description = "EC2 instance type to launch for Application servers", Type = "String", Default = "m1.medium", AllowedValues = [ "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cg1.4xlarge" ], ConstraintDescription = "must be a valid EC2 instance type" )) template.add_mapping('RegionMap', { "us-east-1": {"AMI": "ami-8f4118e6"}, "us-west-1": {"AMI": "ami-905761d5"}, "us-west-2": {"AMI": "ami-6ebe265e"}, "eu-west-1": {"AMI": "ami-eb0ae99c"}, "sa-east-1": {"AMI": "ami-1b9a3c06"}, "ap-southeast-1": {"AMI": "ami-8e4114dc"}, "ap-southeast-2": {"AMI": "ami-5b5bc761"}, "ap-northeast-1": {"AMI": "ami-91395c90"} }) # Create a security group sg = template.add_resource(ec2.SecurityGroup('AsgardSecurityGroup')) sg.GroupDescription = 'Access to Asgard Instance' sg.SecurityGroupIngress = [ ec2.SecurityGroupRule( IpProtocol = 'tcp', FromPort = '22', ToPort = '22', CidrIp = '0.0.0.0/0' ),
from troposphere import Template, Ref, Output, Parameter, Join, GetAtt, FindInMap from troposphere.route53 import RecordSetType, RecordSet, RecordSetGroup, AliasTarget from troposphere.s3 import Bucket, PublicRead, BucketOwnerFullControl, WebsiteConfiguration, RedirectAllRequestsTo import boto3 import botocore t = Template() t.add_mapping("RegionMap", { "us-east-1" : { "S3hostedzoneID" : "Z3AQBSTGFYJSTF", "websiteendpoint" : "s3-website-us-east-1.amazonaws.com" }, "us-west-1" : { "S3hostedzoneID" : "Z2F56UZL2M1ACD", "websiteendpoint" : "s3-website-us-west-1.amazonaws.com" }, "us-west-2" : { "S3hostedzoneID" : "Z3BJ6K6RIION7M", "websiteendpoint" : "s3-website-us-west-2.amazonaws.com" }, "eu-west-1" : { "S3hostedzoneID" : "Z1BKCTXD74EZPE", "websiteendpoint" : "s3-website-eu-west-1.amazonaws.com" }, "ap-southeast-1" : { "S3hostedzoneID" : "Z3O0J2DXBE1FTB", "websiteendpoint" : "s3-website-ap-southeast-1.amazonaws.com" }, "ap-southeast-2" : { "S3hostedzoneID" : "Z1WCIGYICN2BYD", "websiteendpoint" : "s3-website-ap-southeast-2.amazonaws.com" }, "ap-northeast-1" : { "S3hostedzoneID" : "Z2M4EHUR26P7ZW", "websiteendpoint" : "s3-website-ap-northeast-1.amazonaws.com" }, "sa-east-1" : { "S3hostedzoneID" : "Z31GFT0UA1I2HV", "websiteendpoint" : "s3-website-sa-east-1.amazonaws.com" } }) hostedzone = t.add_parameter(Parameter( "HostedZone", Description="The DNS name of an existing Amazon Route 53 hosted zone", Type="String", )) root_bucket = t.add_resource( Bucket("RootBucket",
t.add_mapping( "Region2Principal", { "ap-northeast-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "ap-southeast-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "ap-southeast-2": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "cn-north-1": { "EC2Principal": "ec2.amazonaws.com.cn", "OpsWorksPrincipal": "opsworks.amazonaws.com.cn", }, "eu-central-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "eu-west-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "sa-east-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "us-east-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "us-west-1": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, "us-west-2": { "EC2Principal": "ec2.amazonaws.com", "OpsWorksPrincipal": "opsworks.amazonaws.com", }, }, )