def create_prediction_service_elb(self): t = self.template prediction_service_elastic_load_balancer = t.add_resource( LoadBalancer("Euro2016ElasticLoadBalancer", LoadBalancerName=Ref("ELBName"), Subnets=Ref("ELBSubnetIds"), Listeners=[{ "InstancePort": "8000", "LoadBalancerPort": "80", "Protocol": "HTTP" }, { "InstancePort": "8000", "LoadBalancerPort": "443", "Protocol": "HTTPS", "SSLCertificateId": Ref("SSLCertificateId") }], SecurityGroups=Ref("ELBSecurityGroups"), HealthCheck=HealthCheck( HealthyThreshold="3", Interval="30", Target="HTTP:8000/status", Timeout="5", UnhealthyThreshold="5", ), CrossZone=True, Tags=[Tag("Name", "euro2016-prediction-service-elb")])) return prediction_service_elastic_load_balancer
def test_healthy_interval_too_low(self): with self.assertRaises(ValueError): HealthCheck(HealthyThreshold='1', Interval='2', Target='HTTP:80/index.html', Timeout='4', UnhealthyThreshold='9')
def create_elb(self, subnet1, subnet2, elb_sg): load_balancer = self.t.add_resource( LoadBalancer( "LoadBalancer", ConnectionDrainingPolicy=ConnectionDrainingPolicy( Enabled=True, Timeout=120, ), Subnets=[Ref(subnet1), Ref(subnet2)], HealthCheck=HealthCheck( Target="TCP:80", HealthyThreshold="2", UnhealthyThreshold="9", Interval="20", Timeout="15", ), Listeners=[ Listener( LoadBalancerPort="80", InstancePort="80", Protocol="HTTP", ), ], CrossZone=True, SecurityGroups=[Ref(elb_sg)], LoadBalancerName="webapp-elb", Scheme="internet-facing", )) return load_balancer
def test_healthy_interval_ok(self): HealthCheck( HealthyThreshold='2', Interval='2', Target='HTTP:80/index.html', Timeout='4', UnhealthyThreshold='9' )
def test_healthy_interval_ok(self): HealthCheck( HealthyThreshold="2", Interval="2", Target="HTTP:80/index.html", Timeout="4", UnhealthyThreshold="9", )
def test_healthy_interval_too_low(self): with self.assertRaises(ValueError): HealthCheck( HealthyThreshold="1", Interval="2", Target="HTTP:80/index.html", Timeout="4", UnhealthyThreshold="9", )
def add_elb(self): t = self.template self.elbSg = t.add_resource( SecurityGroup( 'ElbSecurityGroup', VpcId=Ref(self.vpcIdParam), GroupDescription='Security group for ELB.', SecurityGroupIngress=[ SecurityGroupRule(ToPort='80', FromPort='80', IpProtocol='tcp', CidrIp="0.0.0.0/0") #TODO HTTPS ], Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'ElbSecurityGroup'])) ])) self.elbListener = Listener('ElbListener', LoadBalancerPort="80", InstancePort="80", Protocol="HTTP", InstanceProtocol="HTTP") self.elbHealthCheck = HealthCheck(Target="TCP:80", Timeout="2", Interval="5", HealthyThreshold="2", UnhealthyThreshold="2") publicSubnetIds = [ self.sceptreUserData['subnets']['publicInfraAZ1Id'], self.sceptreUserData['subnets']['publicInfraAZ2Id'], self.sceptreUserData['subnets']['publicInfraAZ3Id'] ] self.elb = t.add_resource( LoadBalancer('Elb', Listeners=[self.elbListener], Scheme='internet-facing', HealthCheck=self.elbHealthCheck, CrossZone=True, Subnets=publicSubnetIds, SecurityGroups=[Ref(self.elbSg)], Tags=self.defaultTags + [Tag('Name', Join("", [self.namePrefix, 'Elb']))])) return 0
def health_check(name, target='TCP:22', healthy_threashold=2, unhealthy_threashold=3, interval=30, timeout=3): """Classic elb health check""" hc = HealthCheck(title=name + 'healthcheck') hc.HealthyThreshold = healthy_threashold hc.UnhealthyThreshold = unhealthy_threashold hc.Interval = interval hc.Target = target hc.Timeout = timeout return hc
def define_networking(t): t.add_resource( VPC("VPC", CidrBlock=Ref(t.parameters["vpcCidrBlock"]), InstanceTenancy="default", EnableDnsSupport=True, EnableDnsHostnames=False, Tags=troposphere.cloudformation.Tags(Name=Join( " ", ["BIG-IQ VPC:", Ref("AWS::StackName")])))) t.add_resource( Subnet("Subnet1", CidrBlock=Ref(t.parameters["subnet1CidrBlock"]), VpcId=Ref(t.resources["VPC"]), AvailabilityZone=Ref(t.parameters["subnet1Az"]), Tags=Tags( Name=Join(" ", ["BIG-IQ Subnet 1:", Ref("AWS::StackName")])))) t.add_resource( Subnet("Subnet2", CidrBlock=Ref(t.parameters["subnet2CidrBlock"]), VpcId=Ref(t.resources["VPC"]), AvailabilityZone=Ref(t.parameters["subnet2Az"]), Tags=Tags( Name=Join(" ", ["Big-IQ Subnet 2:", Ref("AWS::StackName")])))) t.add_resource( RouteTable("RouteTable1", VpcId=Ref(t.resources["VPC"]), Tags=Tags(Name=Join( " ", ["BIG-IQ Route Table 1:", Ref("AWS::StackName")])))) t.add_resource( RouteTable("RouteTable2", VpcId=Ref(t.resources["VPC"]), Tags=Tags(Name=Join( " ", ["BIG-IQ Route Table 2:", Ref("AWS::StackName")])))) t.add_resource( SubnetRouteTableAssociation("Subnet1RouteTableAssociation", SubnetId=Ref(t.resources["Subnet1"]), RouteTableId=Ref( t.resources["RouteTable1"]))) t.add_resource( SubnetRouteTableAssociation("Subnet2RouteTableAssociation", SubnetId=Ref(t.resources["Subnet2"]), RouteTableId=Ref( t.resources["RouteTable2"]))) t.add_resource( InternetGateway( "IGW", Tags=Tags(Name=Join( " ", ["BIG-IQ Internet Gateway:", Ref("AWS::StackName")])))) t.add_resource( VPCGatewayAttachment("IGWAttachment", VpcId=Ref(t.resources["VPC"]), InternetGatewayId=Ref(t.resources["IGW"]))) t.add_resource( Route("Route1Default", DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(t.resources["RouteTable1"]), GatewayId=Ref(t.resources["IGW"]))) t.add_resource( Route("Route2Default", DestinationCidrBlock="0.0.0.0/0", RouteTableId=Ref(t.resources["RouteTable2"]), GatewayId=Ref(t.resources["IGW"]))) t.add_resource(NetworkAcl("VPCAcl", VpcId=Ref(t.resources["VPC"]))) t.add_resource( SecurityGroup( "SecurityGroup", GroupName=Join(" ", ["BIG-IQ SG:", Ref("AWS::StackName")]), GroupDescription="vpc-sg", VpcId=Ref(t.resources["VPC"]), SecurityGroupIngress=[ SecurityGroupRule(IpProtocol="tcp", FromPort="443", ToPort="443", CidrIp="0.0.0.0/0"), SecurityGroupRule(IpProtocol="tcp", FromPort="80", ToPort="80", CidrIp="0.0.0.0/0"), SecurityGroupRule(IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp="0.0.0.0/0"), SecurityGroupRule( IpProtocol= "tcp", # TODO Determine actual ports which should be open FromPort="1", ToPort="65356", CidrIp=Ref(t.parameters["vpcCidrBlock"])) ])) t.add_resource( SecurityGroup("ElbSecurityGroup", GroupName=Join( " ", ["ELB-SG-", Ref("AWS::StackName")]), GroupDescription="vpc-sg", VpcId=Ref(t.resources["VPC"]), SecurityGroupIngress=[])) t.add_resource( LoadBalancer( "ClassicELB", SecurityGroups=[Ref(t.resources["ElbSecurityGroup"])], HealthCheck=HealthCheck(HealthyThreshold="10", Interval="30", Target="TCP:22", Timeout="5", UnhealthyThreshold="2"), Listeners=[ Listener(LoadBalancerPort="80", InstancePort="80", Protocol="TCP", InstanceProtocol="TCP") ], LoadBalancerName=Join("", ["ELB-", Ref("AWS::StackName")]), Scheme="internet-facing", Subnets=[Ref(t.resources["Subnet1"]), Ref(t.resources["Subnet2"])]))
Ref(WebServerSecurityGroup), "FromPort": "3306" }], GroupDescription="Open database for access", Condition="Is-EC2-VPC", )) # @alias component @app:@elb to ElasticLoadBalancer ElasticLoadBalancer = t.add_resource( LoadBalancer( "ElasticLoadBalancer", HealthCheck=HealthCheck( HealthyThreshold="2", Interval="10", Target="HTTP:80/", Timeout="5", UnhealthyThreshold="5", ), LBCookieStickinessPolicy=[{ "PolicyName": "CookieBasedPolicy", "CookieExpirationPeriod": "30" }], CrossZone="true", Listeners=[{ "InstancePort": "80", "PolicyNames": ["CookieBasedPolicy"], "LoadBalancerPort": "80", "Protocol": "HTTP" }], AvailabilityZones=GetAZs(""),
elb = t.add_resource( LoadBalancer( "elb" + role.upper(), Subnets=Split(",", Ref(elb_identifier)), Listeners=[ Listener( LoadBalancerPort=80, InstancePort=80, Protocol='HTTP', ), ], SecurityGroups=[Ref("defaultSG"), Ref(elbSecurityGroup)], HealthCheck=HealthCheck( Target=rolemap[role]["elb"]["healthcheck"], HealthyThreshold="2", UnhealthyThreshold="2", Interval="10", Timeout="5"), ConnectionDrainingPolicy=ConnectionDrainingPolicy(Enabled=True, Timeout=300), CrossZone=True, Tags=Tags(Environment=Ref("environment"), Service=role))) loadbalancer = [Ref(elb)] identifier = "" if rolemap[role]["instance"]["subnet"] in public_prefixes: identifier = "pubsub" + rolemap[role]["instance"]["subnet"].upper() # Dont name this resource since named resources need full stack destroy. t.add_resource(
def add_kippo_sensors(self): # Create the ELB self.template.add_resource( LoadBalancer( 'Elb', Listeners=[ Listener( InstancePort=80, LoadBalancerPort=80, Protocol='http', ), Listener( InstancePort=443, LoadBalancerPort=443, Protocol='tcp', # Plain TCP forwarding for HTTPS/SSL ), ], CrossZone=True, Subnets=Ref('ElbSubnetIdList'), SecurityGroups=[Ref('ElbSecurityGroup')], Scheme='internet-facing', HealthCheck=HealthCheck( Target='HTTP:80/kippo-graph/', HealthyThreshold=2, UnhealthyThreshold=5, Interval=120, Timeout=60, ), )) self.template.add_output( Output( 'ElbEndpoint', Description='ELB endpoint address', Value=GetAtt('Elb', 'DNSName'), )) self.template.add_resource( LaunchConfiguration( 'LaunchConfiguration', KeyName=Ref('KeyName'), ImageId=FindInMap('Ec2AmiMap', Ref('AWS::Region'), 'AmiId'), InstanceType=Ref('Ec2InstanceType'), SecurityGroups=[Ref('Ec2SecurityGroup')], AssociatePublicIpAddress=True, UserData=Base64( Join('\n', [ '#cloud-config', 'repo_upgrade: security', 'runcmd:', ' - "/usr/bin/wget -O /tmp/configure_kippo_sensor.sh https://raw.githubusercontent.com/cdodd/aws-kippo-cluster/master/bootstrap/configure_kippo_sensor.sh"', Join( '', [ ' - "bash /tmp/configure_kippo_sensor.sh', ' ', GetAtt('RdsInstance', 'Endpoint.Address'), ' ', Ref('RdsRootPassword'), ' ', Ref('RealSshPort'), '"', ], ), ])), )) self.template.add_resource( AutoScalingGroup( 'Asg', DesiredCapacity=Ref('KippoSensorCount'), HealthCheckGracePeriod=1800, HealthCheckType='ELB', LaunchConfigurationName=Ref('LaunchConfiguration'), LoadBalancerNames=[Ref('Elb')], MaxSize=Ref('KippoSensorCount'), MinSize=Ref('KippoSensorCount'), Tags=[Tag(key='Name', value='kippo-sensor', propogate='true')], VPCZoneIdentifier=Ref('Ec2SubnetIdList'), ))