Skip to content
This repository has been archived by the owner on Jan 19, 2022. It is now read-only.

Commit

Permalink
Merge pull request #86 from ministryofjustice/fix_internal_elb
Browse files Browse the repository at this point in the history 
Use DnsName instead of CanonicalHostedZoneName so internal load balancers work.
  • Loading branch information
@ashb
ashb committed Apr 27, 2015
2 parents aea9d99 + 45a5143 commit 49f4dfb
Show file tree
Hide file tree
Showing 3 changed files with 229 additions and 189 deletions.
80 changes: 59 additions & 21 deletions bootstrap_cfn/config.py
View file
Expand Up @@ -8,6 +8,7 @@

from copy import deepcopy


class ProjectConfig:

config = None
Expand Down Expand Up @@ -69,13 +70,20 @@ def process(self):
for k, v in elb_sgs.items():
data[k] = v

template = json.loads(pkgutil.get_data('bootstrap_cfn', 'stacks/base.json'))
template = json.loads(
pkgutil.get_data(
'bootstrap_cfn',
'stacks/base.json'))
if 'vpc' in self.data:
template['Mappings']['SubnetConfig']['VPC'] = self.data['vpc']
template['Resources'] = data
template['Outputs'] = {}
for t in output_templates:
template['Outputs'].update(json.loads(pkgutil.get_data('bootstrap_cfn', t)))
template['Outputs'].update(
json.loads(
pkgutil.get_data(
'bootstrap_cfn',
t)))
if 'includes' in self.data:
for inc_path in self.data['includes']:
inc = json.load(open(inc_path))
Expand All @@ -98,7 +106,10 @@ def s3(self):
}

# LOAD STACK TEMPLATE
template = json.loads(pkgutil.get_data('bootstrap_cfn', 'stacks/s3.json'))
template = json.loads(
pkgutil.get_data(
'bootstrap_cfn',
'stacks/s3.json'))

# TEST FOR REQUIRED FIELDS AND EXIT IF MISSING ANY
present_keys = self.data['s3'].keys()
Expand All @@ -111,11 +122,21 @@ def s3(self):
if 'policy' in present_keys:
policy = json.loads(open(self.data['s3']['policy']).read())
else:
arn = 'arn:aws:s3:::%s/*' % self.data['s3']['static-bucket-name']
policy = {'Action': ['s3:Get*', 's3:Put*', 's3:List*'], 'Resource': arn, 'Effect': 'Allow', 'Principal' : {'AWS' : '*'}}

template['StaticBucket']['Properties']['BucketName'] = self.data['s3']['static-bucket-name']
template['StaticBucketPolicy']['Properties']['PolicyDocument']['Statement'][0] = policy
arn = 'arn:aws:s3:::%s/*' % self.data['s3']['static-bucket-name']
policy = {
'Action': [
's3:Get*',
's3:Put*',
's3:List*'],
'Resource': arn,
'Effect': 'Allow',
'Principal': {
'AWS': '*'}}

template['StaticBucket']['Properties'][
'BucketName'] = self.data['s3']['static-bucket-name']
template['StaticBucketPolicy']['Properties'][
'PolicyDocument']['Statement'][0] = policy

return template

Expand All @@ -139,7 +160,10 @@ def rds(self):
}

# LOAD STACK TEMPLATE
template = json.loads(pkgutil.get_data('bootstrap_cfn', 'stacks/rds.json'))
template = json.loads(
pkgutil.get_data(
'bootstrap_cfn',
'stacks/rds.json'))

# TEST FOR REQUIRED FIELDS AND EXIT IF MISSING ANY
for i in required_fields.keys():
Expand Down Expand Up @@ -173,36 +197,46 @@ def elb(self):
sys.exit(1)

# LOAD STACK TEMPLATE
template = json.loads(pkgutil.get_data('bootstrap_cfn', 'stacks/elb.json'))
template = json.loads(
pkgutil.get_data(
'bootstrap_cfn',
'stacks/elb.json'))

# LOAD SSL TEMPLATE
ssl_template = json.loads(pkgutil.get_data('bootstrap_cfn', 'stacks/elb_ssl.json'))
ssl_template = json.loads(
pkgutil.get_data(
'bootstrap_cfn',
'stacks/elb_ssl.json'))

for listener in elb['listeners']:
if listener['Protocol'] == 'HTTPS':
try:
cert_name = elb['certificate_name']
except KeyError:
raise errors.CfnConfigError("HTTPS listener but no certificate_name specified")
raise errors.CfnConfigError(
"HTTPS listener but no certificate_name specified")
try:
self.ssl()[cert_name]['cert']
self.ssl()[cert_name]['key']
except KeyError:
raise errors.CfnConfigError("Couldn't find ssl cert {0} in config file".format(cert_name))
ssl_template["SSLCertificateId"]['Fn::Join'][1].append("{0}-{1}".format(cert_name, self.stack_name))
raise errors.CfnConfigError(
"Couldn't find ssl cert {0} in config file".format(cert_name))
ssl_template["SSLCertificateId"]['Fn::Join'][1].append(
"{0}-{1}".format(cert_name, self.stack_name))
listener.update(ssl_template)


elb_sg = template.pop('DefaultELBSecurityGroup')
if 'security_groups' in elb:
for sg_name, sg in elb['security_groups'].items():
new_sg = deepcopy(elb_sg)
new_sg['Properties']['SecurityGroupIngress'] = sg
elb_sgs[sg_name] = new_sg
template['ElasticLoadBalancer']['Properties']['SecurityGroups'] = [{'Ref': k} for k in elb['security_groups'].keys()]
template['ElasticLoadBalancer']['Properties']['SecurityGroups'] = [
{'Ref': k} for k in elb['security_groups'].keys()]
else:
elb_sgs['DefaultSG' + safe_name] = elb_sg
template['ElasticLoadBalancer']['Properties']['SecurityGroups'] = [{'Ref': 'DefaultSG' + safe_name }]
template['ElasticLoadBalancer']['Properties'][
'SecurityGroups'] = [{'Ref': 'DefaultSG' + safe_name}]

# CONFIGURE THE LISTENERS, ELB NAME AND ROUTE53 RECORDS
template['ElasticLoadBalancer']['Properties'][
Expand All @@ -220,7 +254,7 @@ def elb(self):
'CanonicalHostedZoneNameID']
target_dns = [
'ELB%s' % safe_name,
'CanonicalHostedZoneName']
'DNSName']
template['DNSRecord']['Properties']['RecordSets'][0][
'AliasTarget']['HostedZoneId']['Fn::GetAtt'] = target_zone
template['DNSRecord']['Properties']['RecordSets'][0][
Expand All @@ -235,7 +269,10 @@ def elb(self):

def ec2(self):
# LOAD STACK TEMPLATE
template = json.loads(pkgutil.get_data('bootstrap_cfn', 'stacks/ec2.json'))
template = json.loads(
pkgutil.get_data(
'bootstrap_cfn',
'stacks/ec2.json'))

# SET SECURITY GROUPS, DEFAULT KEY AND INSTANCE TYPE
sg_t = template.pop('BaseHostSG')
Expand All @@ -244,7 +281,8 @@ def ec2(self):
new_sg['Properties']['SecurityGroupIngress'] = sg
template[sg_name] = new_sg

template['BaseHostLaunchConfig']['Properties']['SecurityGroups'] = [{'Ref': k} for k in self.data['ec2']['security_groups'].keys()]
template['BaseHostLaunchConfig']['Properties']['SecurityGroups'] = [
{'Ref': k} for k in self.data['ec2']['security_groups'].keys()]
template['BaseHostLaunchConfig']['Properties'][
'KeyName'] = self.data['ec2']['parameters']['KeyName']
template['BaseHostLaunchConfig']['Properties'][
Expand All @@ -258,7 +296,7 @@ def ec2(self):
{'DeviceName': i['DeviceName'], 'Ebs': {'VolumeSize': i['VolumeSize']}})
except KeyError:
devices.append(
{'DeviceName': '/dev/sda1', 'Ebs': {'VolumeSize': 20 }})
{'DeviceName': '/dev/sda1', 'Ebs': {'VolumeSize': 20}})
template['BaseHostLaunchConfig']['Properties'][
'BlockDeviceMappings'] = devices

Expand Down
2 changes: 1 addition & 1 deletion tests/sample-project.yaml
View file
Expand Up @@ -45,7 +45,7 @@ dev:
Protocol: TCP
- name: test-dev-internal
hosted_zone: kyrtest.pf.dsd.io.
scheme: internet-facing
scheme: internal
listeners:
- LoadBalancerPort: 80
InstancePort: 80
Expand Down

0 comments on commit 49f4dfb

Please sign in to comment.