/
master.yml
146 lines (146 loc) · 4.34 KB
/
master.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
CodeBucket:
Type: String
Description: Bucket name where code is located
Default: computeblog-us-east-1
CodeKey:
Type: String
Description: Key name (including all prefixes) of code zip
Default: automate-sg-lambda/auto-sg-updater.zip
AutoScalingGroup:
Type: String
Description: The name of your AutoScalingGroup
LocalSG:
Type: String
Description: The security group ID of your local Security Group (sg-abcd1234)
RemoteSG:
Type: String
Description: The security group ID of your remote Security Group (sg-abcd1234)
RemoteRegion:
Type: String
Description: The region name of the remote region (us-west-2, us-east-1, etc.)
RemoteASG:
Type: String
Description: The name of your remote region AutoScalingGroup
RemoteTable:
Type: String
Description: The name of the remote DynamoDB Table
Outputs:
DynamoTable:
Description: Name of the DynamoDB Table to copy in remote region stack
Value: !Ref DynamoDBTable
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Local Resources"
Parameters:
- LocalSG
- AutoScalingGroup
-
Label:
default: "Remote Resources"
Parameters:
- RemoteSG
- RemoteRegion
- RemoteASG
- RemoteTable
-
Label:
default: "General Configuration - Change these when launching in remote region!"
Parameters:
- CodeBucket
- CodeKey
ParameterLabels:
LocalSG:
default: "Local Security Group ID"
AutoScalingGroup:
default: "Local Auto Scaling Group Name"
RemoteSG:
default: "Remote Security Group ID"
RemoteRegion:
default: "Remote Region Name"
RemoteASG:
default: "Remote Auto Scaling Group Name"
RemoteTable:
default: "Remote DynamoDB Table Name"
CodeBucket:
default: "Code Zip S3 Bucket Name"
CodeKey:
default: "Code Zip S3 Object Key"
Resources:
SGUpdater:
Type: AWS::Serverless::Function
Properties:
Handler: auto_sg_updater.lambda_handler
Runtime: python2.7
Timeout: 300
Policies:
- AWSLambdaExecute
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- autoscaling:CompleteLifecycleAction
- ec2:DescribeSecurityGroups
- ec2:AuthorizeSecurityGroupIngress
- ec2:RevokeSecurityGroupIngress
- ec2:DescribeInstances
- autoscaling:DescribeAutoScalingGroups
- dynamodb:UpdateItem
- dynamodb:GetItem
Resource: '*'
CodeUri:
Bucket: !Ref CodeBucket
Key: !Ref CodeKey
Environment:
Variables:
local_table: !Ref DynamoDBTable
local_sg: !Ref LocalSG
local_region: !Ref AWS::Region
remote_table: !Ref RemoteTable
remote_region: !Ref RemoteRegion
remote_asg: !Ref RemoteASG
remote_sg: !Ref RemoteSG
Events:
Stream:
Type: CloudWatchEvent
Properties:
Pattern:
source:
- aws.autoscaling
detail-type:
- EC2 Instance-launch Lifecycle Action
- EC2 Instance-terminate Lifecycle Action
detail:
AutoScalingGroupName:
- !Ref AutoScalingGroup
DynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: region
AttributeType: S
- AttributeName: asg
AttributeType: S
KeySchema:
- AttributeName: region
KeyType: HASH
- AttributeName: asg
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 3
WriteCapacityUnits: 3
LaunchLifecycleHook:
Type: "AWS::AutoScaling::LifecycleHook"
Properties:
AutoScalingGroupName: !Ref AutoScalingGroup
LifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING
TerminateLifecycleHook:
Type: "AWS::AutoScaling::LifecycleHook"
Properties:
AutoScalingGroupName: !Ref AutoScalingGroup
LifecycleTransition: autoscaling:EC2_INSTANCE_TERMINATING