-
Notifications
You must be signed in to change notification settings - Fork 18
/
ec2.clj
101 lines (74 loc) · 3.84 KB
/
ec2.clj
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
(ns crucible.aws.ec2
"Resources in AWS::EC2::*"
(:require [clojure.spec.alpha :as s]
[crucible.resources :refer [spec-or-ref defresource] :as res]))
(defn ec2 [suffix] (str "AWS::EC2::" suffix))
(s/def ::cidr-block (spec-or-ref string?))
(s/def ::vpc (s/keys :req [::cidr-block]
:opt [::enable-dns-support
::enable-dns-hostnames
::instance-tenancy
::res/tags]))
(defresource vpc (ec2 "VPC") ::vpc)
(s/def ::vpc-id (spec-or-ref string?))
(s/def ::availability-zone (spec-or-ref string?))
(s/def ::map-public-ip-on-launch (spec-or-ref string?))
(s/def ::subnet (s/keys :req [::vpc-id ::cidr-block]
:opt [::availability-zone
::map-public-ip-on-launch
::tags]))
(defresource subnet (ec2 "Subnet") ::subnet)
(s/def ::domain #{"vpc"})
(s/def ::instance-id string?)
(s/def ::eip (s/keys :opt [::domain ::instance-id]))
(defresource eip (ec2 "EIP") ::eip)
(s/def ::allocation-id (spec-or-ref string?))
(s/def ::subnet-id (spec-or-ref string?))
(s/def ::eip string?)
(s/def ::private-ip-address string?)
(s/def ::eip-association (s/keys :opt [::allocation-id
::eip
::instance-id
::network-interface-id
::private-ip-address]))
(defresource eip-association (ec2 "EIPAssociation") ::eip-association)
(defresource internet-gateway (ec2 "InternetGateway") (s/? (s/keys :opt [::tags])))
(defresource nat-gateway (ec2 "NatGateway") (s/keys :req [::allocation-id ::subnet-id]
:opt [::tags]))
(s/def ::vpc-gateway-attachment (s/keys :req [::vpc-id]
:opt [::internet-gateway-id
::vpn-gateway-id]))
(s/def ::group-description (spec-or-ref string?))
(s/def ::cidr-ip (spec-or-ref string?))
(def highest-port 65535)
(def lowest-port 1)
(s/def ::port (spec-or-ref (s/and integer?
#(<= lowest-port % highest-port))))
(s/def ::from-port ::port)
(s/def ::to-port ::port)
(def protocols-all -1)
(s/def ::ip-protocol (spec-or-ref (s/or :int (s/and integer?
#(<= -1 %))
:str #{"tcp" "udp" "icmp"})))
(s/def ::security-group-id (spec-or-ref string?))
(s/def ::source-security-group-id ::security-group-id)
(s/def ::source-security-group-name (spec-or-ref string?))
(s/def ::source-security-group-owner-id (spec-or-ref string?))
(s/def ::security-group-ingress (s/* (s/keys :req [::ip-protocol]
:opt [::cidr-ip
::from-port
::to-port
::source-security-group-id
::source-security-group-name
::source-security-group-owner-id])))
(s/def ::destination-security-group-id ::security-group-id)
(s/def ::security-group-egress (s/* (s/keys :req [::ip-protocol]
:opt [::from-port
::to-port
::destination-security-group-id])))
(s/def ::security-group (s/keys :req [::group-description]
:opt [::security-group-ingress
::security-group-egress
::res/tags
::vpc-id]))
(defresource security-group (ec2 "SecurityGroup") ::security-group)