def test_parameter_group(self): t = Template() p1 = t.add_parameter(Parameter("Foo")) t.add_parameter(Parameter("Bar")) t.add_parameter_to_group(p1, "gr") t.add_parameter_to_group("Bar", "gr") self.assertEqual(t.metadata, { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": {"default": "gr"}, "Parameters": ["Foo", "Bar"], }, ], }, })
video_metadata_event_code_key = template.add_parameter( Parameter( 'VideoMetadataEvent', Type=constants.STRING, Default='lambda-code/video_engine/video_metadata_event.zip', )) rekognition_results_code_key = template.add_parameter( Parameter( 'RekognitionResults', Type=constants.STRING, Default='lambda-code/video_engine/rekognition_results.zip', )) template.add_parameter_to_group(start_insights_code_key, 'Lambda Keys') template.add_parameter_to_group(rekognition_code_key, 'Lambda Keys') template.add_parameter_to_group(video_metadata_event_code_key, 'Lambda Keys') template.add_parameter_to_group(rekognition_results_code_key, 'Lambda Keys') rekognition_updates_queue = template.add_resource( Queue('RekognitionUpdatesQueue', )) rekognition_updates_topic = template.add_resource( Topic( 'RekognitionUpdatesTopic', Subscription=[ Subscription( Endpoint=GetAtt(rekognition_updates_queue, 'Arn'), Protocol='sqs', )
update_encoding_state_lambda_code_key = template.add_parameter( Parameter( 'UpdateEncodingState', Type=constants.STRING, Default='lambda-code/video_engine/update_encoding_state.zip', )) elastictranscoder_code_key = template.add_parameter( Parameter( 'ElasticTranscoder', Type=constants.STRING, Default='custom_resources/elastictranscoder.zip', )) template.add_parameter_to_group(start_encode_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(request_encoding_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(update_encoding_state_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(elastictranscoder_code_key, 'Lambda Keys') _video_events_table = ImportValue( Join('-', [Ref(core_stack), 'VideoEventsTable', 'Ref'])) _lambda_managed_policy = ImportValue( Join('-', [Ref(core_stack), 'LambdaDefaultPolicy', 'Arn'])) request_encoding_queue = template.add_resource(Queue('RequestEncodingQueue', )) start_media_insights_queue = template.add_resource( Queue('StartMediaInsightsQueue', ))
def main(): t = Template() AddAMIMap(t) t.set_version("2010-09-09") t.set_description( "DCV 2017 Remote Desktop with Xilinx Vivado (using AWS FPGA Developer AMI)" ) tags = Tags(Name=Ref("AWS::StackName")) # user data InstUserData = list() InstUserData = [ '#!/usr/bin/env bash\n', '\n', 'set -x\n', '\n', '##exit 0\n', # use this to disable all user-data and bring up files '\n', 'my_wait_handle="', Ref('InstanceWaitHandle'), '"\n', 'user_name="', Ref('UserName'), '"\n', 'user_pass="******"\n', '\n', ] with open('_include/dcv-install.sh', 'r',) as ud_file: user_data_file = ud_file.readlines() for l in user_data_file: InstUserData.append(l) VPCId = t.add_parameter(Parameter( 'VPCId', Type="AWS::EC2::VPC::Id", Description="VPC ID for where the remote desktop instance should be launched" )) t.set_parameter_label(VPCId, "VPC ID") t.add_parameter_to_group(VPCId, "Instance Configuration") Subnet = t.add_parameter(Parameter( 'Subnet', Type="AWS::EC2::Subnet::Id", Description="For the Subnet ID, you should choose one in the " "Availability Zone where you want the instance launched" )) t.set_parameter_label(Subnet, "Subnet ID") t.add_parameter_to_group(Subnet, "Instance Configuration") ExistingSecurityGroup = t.add_parameter(Parameter( 'ExistingSecurityGroup', Type="String", Default="NO_VALUE", Description="OPTIONAL: Needs to be a SG ID, for example sg-abcd1234efgh. " "This is an already existing Security Group ID that is " "in the same VPC, this is an addition to the security groups that " "are automatically created to enable access to the remote desktop," "leave as NO_VALUE if you choose not to use this" )) t.set_parameter_label(ExistingSecurityGroup, "OPTIONAL: Existing Security Group (e.g. sg-abcd1234efgh)") t.add_parameter_to_group(ExistingSecurityGroup, "Instance Configuration") remoteDesktopInstanceType = t.add_parameter(Parameter( 'remoteDesktopInstanceType', Type="String", Description="This is the instance type that will be used. As this is a " "2D workstation, we are not supporting GPU instance types.", Default="m4.xlarge", AllowedValues=[ "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "m5.large", "m5.xlarge", "m5.2xlarge", "m5.4xlarge", "m5.12xlarge", "m5.24xlarge", "z1d.large", "z1d.xlarge", "z1d.2xlarge", "z1d.3xlarge", "z1d.6xlarge", "z1d.12xlarge", "z1d.metal" ], ConstraintDescription= "Must an EC2 instance type from the list" )) t.set_parameter_label(remoteDesktopInstanceType, "Remote Desktop Instance Type") t.add_parameter_to_group(remoteDesktopInstanceType, "Instance Configuration") EC2KeyName = t.add_parameter(Parameter( 'EC2KeyName', Type="AWS::EC2::KeyPair::KeyName", Description="Name of an existing EC2 KeyPair to enable SSH access to the instance.", ConstraintDescription="REQUIRED: Must be a valid EC2 key pair" )) t.set_parameter_label(EC2KeyName, "EC2 Key Name") t.add_parameter_to_group(EC2KeyName, "Instance Configuration") OperatingSystem = t.add_parameter(Parameter( 'OperatingSystem', Type="String", Description="Operating System of the AMI", Default="centos7", AllowedValues=[ "centos7" ], ConstraintDescription="Must be: centos7" )) t.set_parameter_label(OperatingSystem, "Operating System of AMI") t.add_parameter_to_group(OperatingSystem, "Instance Configuration") StaticPrivateIpAddress = t.add_parameter(Parameter( 'StaticPrivateIpAddress', Type="String", Default="NO_VALUE", Description="OPTIONAL: If you already have a private VPC address range, you can " "specify the private IP address to use, leave as NO_VALUE if you choose not to use this", )) t.set_parameter_label(StaticPrivateIpAddress, "OPTIONAL: Static Private IP Address") t.add_parameter_to_group(StaticPrivateIpAddress, "Instance Configuration") UsePublicIp = t.add_parameter(Parameter( 'UsePublicIp', Type="String", Description="Should a public IP address be given to the instance, " "this is overridden by CreateElasticIP=True", Default="True", ConstraintDescription="True/False", AllowedValues=[ "True", "False" ] )) t.set_parameter_label(UsePublicIp, "Assign a public IP Address") t.add_parameter_to_group(UsePublicIp, "Instance Configuration") CreateElasticIP = t.add_parameter(Parameter( 'CreateElasticIP', Type="String", Description="Should an Elastic IP address be created and assigned, " "this allows for persistent IP address assignment", Default="True", ConstraintDescription="True/False", AllowedValues=[ "True", "False" ] )) t.set_parameter_label(CreateElasticIP, "Create an Elastic IP address") t.add_parameter_to_group(CreateElasticIP, "Instance Configuration") S3BucketName = t.add_parameter(Parameter( 'S3BucketName', Type="String", Default="NO_VALUE", Description="OPTIONAL: S3 bucket to allow this instance read access (List and Get)," "leave as NO_VALUE if you choose not to use this" )) t.set_parameter_label(S3BucketName, "OPTIONAL: S3 bucket for read access") t.add_parameter_to_group(S3BucketName, "Instance Configuration") AccessCidr = t.add_parameter(Parameter( 'AccessCidr', Type="String", Description="This is the CIDR block for allowing remote access, for ports 22 and 8443", Default="111.222.333.444/32", AllowedPattern="(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", ConstraintDescription="Must be a valid CIDR x.x.x.x/x" )) t.set_parameter_label(AccessCidr, "CIDR block for remote access (ports 22 and 8443)") t.add_parameter_to_group(AccessCidr, "Instance Configuration") UserName = t.add_parameter(Parameter( 'UserName', Type="String", Description="User name for DCV remote desktop login, default is \"simuser\".", Default="simuser", MinLength="4", )) t.set_parameter_label(UserName, "User name for DCV login") t.add_parameter_to_group(UserName, "DCV Configuration") UserPass = t.add_parameter(Parameter( 'UserPass', Type="String", Description="Password for DCV remote desktop login. The default password is Ch4ng3M3!", Default="Ch4ng3M3!", MinLength="8", AllowedPattern="^((?=.*[a-z])(?=.*[A-Z])(?=.*[\\d])|(?=.*[a-z])(?=.*[A-Z])(?=.*[\\W_])|(?=.*[a-z])(?=.*[\\d])(?=.*[\\W_])|(?=.*[A-Z])(?=.*[\\d])(?=.*[\\W_])).+$", ConstraintDescription="Password must contain at least one element from three of the following sets: lowercase letters, uppercase letters, base 10 digits, non-alphanumeric characters", NoEcho=True )) t.set_parameter_label(UserPass, "Password for DCV login") t.add_parameter_to_group(UserPass, "DCV Configuration") # end parameters RootRole = t.add_resource(iam.Role( "RootRole", AssumeRolePolicyDocument={ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"], }, "Action": ["sts:AssumeRole"] }] } )) dcvBucketPolicy= t.add_resource(PolicyType( "dcvBucketPolicy", PolicyName="dcvBucketPolicy", Roles=[Ref(RootRole)], PolicyDocument={ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:GetObject"], "Resource": "arn:aws:s3:::dcv-license.us-east-1/*" } ], }, )), BucketPolicy= t.add_resource(PolicyType( "BucketPolicy", PolicyName="BucketPolicy", Roles=[Ref(RootRole)], PolicyDocument={ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:GetObject"], "Resource": {"Fn::Join":["", ["arn:aws:s3:::", {"Ref": "S3BucketName"},"/*"]]} }, { "Effect": "Allow", "Action": [ "s3:ListBucket"], "Resource": {"Fn::Join":["", ["arn:aws:s3:::", {"Ref": "S3BucketName"}]]} } ], }, Condition="Has_Bucket" )), remoteDesktopSecurityGroup = t.add_resource(SecurityGroup( "remoteDesktopSecurityGroup", VpcId = Ref(VPCId), GroupDescription = "Remote Desktop Secuirty group", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="8443", ToPort="8443", CidrIp=Ref(AccessCidr), ), ] )) SshSecurityGroup = t.add_resource(SecurityGroup( "SshSecurityGroup", VpcId = Ref(VPCId), GroupDescription = "SSH Secuirty group", SecurityGroupIngress=[ ec2.SecurityGroupRule( IpProtocol="tcp", FromPort="22", ToPort="22", CidrIp=Ref(AccessCidr), ), ] )) RootInstanceProfile = t.add_resource(InstanceProfile( "RootInstanceProfile", Roles=[Ref(RootRole)] )) remoteDesktopInstance = t.add_resource(ec2.Instance( 'remoteDesktopInstance', ImageId=FindInMap("AWSRegionAMI", Ref("AWS::Region"), Ref(OperatingSystem)), KeyName=Ref(EC2KeyName), InstanceType=(Ref(remoteDesktopInstanceType)), DisableApiTermination='false', NetworkInterfaces=[ NetworkInterfaceProperty( SubnetId=Ref(Subnet), GroupSet=If( "not_existing_sg", [Ref(remoteDesktopSecurityGroup), Ref(SshSecurityGroup)], [Ref(remoteDesktopSecurityGroup), Ref(SshSecurityGroup), Ref(ExistingSecurityGroup)] ), AssociatePublicIpAddress=Ref(UsePublicIp), DeviceIndex='0', DeleteOnTermination='true', PrivateIpAddress=If( "Has_Static_Private_IP", Ref(StaticPrivateIpAddress), Ref("AWS::NoValue"), ) ) ], IamInstanceProfile=(Ref(RootInstanceProfile)), UserData=Base64(Join('', InstUserData)), )) EIPAddress = t.add_resource(EIP( 'EIPAddress', Domain='vpc', InstanceId=Ref(remoteDesktopInstance), Condition="create_elastic_ip" )) t.add_condition( "not_existing_sg", Equals(Ref(ExistingSecurityGroup), "NO_VALUE") ) t.add_condition( "Has_Public_Ip", Equals(Ref(UsePublicIp), "True") ) t.add_condition( "Has_Bucket", Not(Equals(Ref(S3BucketName), "NO_VALUE")) ) t.add_condition( "create_elastic_ip", Equals(Ref(CreateElasticIP), "True") ) t.add_condition( "Has_Static_Private_IP", Not(Equals(Ref(StaticPrivateIpAddress), "NO_VALUE")) ) waithandle = t.add_resource(WaitConditionHandle('InstanceWaitHandle')) instanceWaitCondition = t.add_resource(WaitCondition( "instanceWaitCondition", Handle=Ref(waithandle), Timeout="3600", DependsOn="remoteDesktopInstance" )) t.add_output([ Output( "DCVConnectionLink", Description="Connect to the DCV Remote Desktop with this URL", Value=Join("", [ "https://", GetAtt("remoteDesktopInstance", 'PublicIp'), ":8443" ]) ), Output( "DCVUserName", Description="Login name for DCV session", Value=(Ref(UserName)) ), Output( "SSHTunnelCommand", Description='Command for setting up SSH tunnel to remote desktop, use "localhost:18443" for DCV client', Value=Join("", [ "ssh -i <file.pem> -L 18443:localhost:8443 -l centos ", GetAtt("remoteDesktopInstance", 'PublicIp') ]) ), ]) #print(t.to_json(indent=2)) print(to_yaml(t.to_json(indent=2), clean_up=True))
'--output-dir', help='Where to place the Zip-files and the CloudFormation template', default='output') args = parser.parse_args() template = Template("Custom Resources") s3_bucket = template.add_parameter( troposphere.Parameter( "S3Bucket", Type=constants.STRING, Description="S3 bucket where the ZIP files are located", )) template.set_parameter_label(s3_bucket, "S3 bucket") lambda_code_location = template.add_parameter_to_group(s3_bucket, "Lambda code location") s3_path = template.add_parameter( troposphere.Parameter( "S3Path", Type=constants.STRING, Default='', Description= "Path prefix where the ZIP files are located (should probably end with a '/')", )) template.set_parameter_label(s3_path, "S3 path") template.add_parameter_to_group(s3_path, lambda_code_location) def rec_split_path(path: str) -> typing.List[str]: """
Default='spunt-core', )) domain_name = template.add_parameter(Parameter( 'DomainName', Type=constants.STRING, Default='spunt.be', )) rewrite_assets_lambda_code_key = template.add_parameter(Parameter( 'RewriteAssets', Type=constants.STRING, Default='lambda-code/frontend/rewrite_assets.zip', )) template.add_parameter_to_group(rewrite_assets_lambda_code_key, 'Lambda Keys') frontend_bucket = template.add_resource(Bucket( "FrontendBucket", AccessControl='PublicRead', # Maybe remove this later on WebsiteConfiguration=WebsiteConfiguration( IndexDocument='index.html', ErrorDocument='index.html', ), )) cloudfront_certificate = template.add_resource(Certificate( "CloudFrontCertificate", DomainName=Ref(domain_name), DomainValidationOptions=[DomainValidationOption( DomainName=Ref(domain_name),
Default='lambda-code/api/consume_events.zip', )) upvote_lambda_code_key = template.add_parameter(Parameter( 'Upvote', Type=constants.STRING, Default='lambda-code/api/upvote.zip', )) upload_lambda_code_key = template.add_parameter(Parameter( 'Upload', Type=constants.STRING, Default='lambda-code/api/upload.zip', )) template.add_parameter_to_group(all_videos_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(trending_videos_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(hot_videos_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(recommended_videos_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(get_video_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(rewrite_downvote_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(consume_events_code_key, 'Lambda Keys') template.add_parameter_to_group(upvote_lambda_code_key, 'Lambda Keys') template.add_parameter_to_group(upload_lambda_code_key, 'Lambda Keys') video_table = template.add_resource(Table( 'VideoTable', BillingMode='PAY_PER_REQUEST', AttributeDefinitions=[AttributeDefinition( AttributeName='videoId', AttributeType='S',
Default='admin.spunt.be', )) consume_events_code_key = template.add_parameter(Parameter( 'ConsumeEvents', Type=constants.STRING, Default='lambda-code/admin/consume_admin_events.zip', )) all_videos_lambda_code_key = template.add_parameter(Parameter( 'AllVideos', Type=constants.STRING, Default='lambda-code/admin/all_admin_videos.zip', )) template.add_parameter_to_group(consume_events_code_key, 'Lambda Keys') template.add_parameter_to_group(all_videos_lambda_code_key, 'Lambda Keys') video_table = template.add_resource(Table( 'VideoTable', BillingMode='PAY_PER_REQUEST', AttributeDefinitions=[AttributeDefinition( AttributeName='videoId', AttributeType='S', )], KeySchema=[KeySchema( AttributeName='videoId', KeyType='HASH', )], ))