This repository has been archived by the owner on Jan 7, 2020. It is now read-only.
/
CloudFormation.py
executable file
·166 lines (153 loc) · 5.22 KB
/
CloudFormation.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python
from datetime import datetime
from os.path import getmtime
import awacs.aws as aws
import awacs.sts as sts
from troposphere import (AWS_REGION,
AWS_STACK_NAME,
Base64,
codedeploy,
Join,
Parameter,
Ref,
Template)
import troposphere.autoscaling as autoscaling
from troposphere.constants import (IMAGE_ID,
SECURITY_GROUP_ID,
SUBNET_ID,)
import troposphere.iam as iam
import troposphere.policies as policies
import troposphere.s3 as s3
OUTPUTFILE = "CloudFormation.json"
t = Template()
t.add_description("CloudFormation template for Strongarm Cronjob setup")
t.add_metadata({
"Comments": "Made with troposphere",
"LastUpdated": datetime.utcfromtimestamp(getmtime(__file__)).strftime('%Y-%m-%d %H:%M:%SZ'),
"Version": "V0.1",
})
# Parameters
securityGroup = t.add_parameter(Parameter(
"SecurityGroup",
Description="The security group for the region this stack is running in",
Type=SECURITY_GROUP_ID,
ConstraintDescription="The id of the default security group in this "
"region to enable communication between instances",
Default="sg-51530134"
))
imageId = t.add_parameter(Parameter(
"ImageId",
Description="The id of the AMI that should be used by these ASGs",
Type=IMAGE_ID,
ConstraintDescription="Ubuntu 64-bit is reasonable",
# Ubuntu 16 LTS--update when CodeDeploy in s3 catches up to git and fixes
# Ruby version problems.
# Default="ami-b9ff39d9",
Default="ami-65579105", # Ubuntu 14 LTS
))
subnetId = t.add_parameter(Parameter(
"SubnetId",
Description="The subnet in which to run",
Type=SUBNET_ID,
ConstraintDescription="Should be a private subnet.",
))
# S3 bucket
s3bucket = t.add_resource(s3.Bucket(
"StrongjobsS3Bucket",
BucketName="strongjobs",
AccessControl=s3.Private,
))
# Access management things
serviceRole = t.add_resource(iam.Role(
"StrongjobsServiceRole",
AssumeRolePolicyDocument=aws.Policy(
Statement=[
aws.Statement(
Effect=aws.Allow,
Action=[sts.AssumeRole],
Principal=aws.Principal("Service",
["codedeploy.amazonaws.com"])
),
aws.Statement(
Effect=aws.Allow,
Action=[sts.AssumeRole],
Principal=aws.Principal("Service", ["ec2.amazonaws.com"])
),
],
),
ManagedPolicyArns=["arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/service-role/"
"AWSCodeDeployRole"]
))
IAMInstanceProfile = t.add_resource(iam.InstanceProfile(
"StrongjobsInstanceProfile",
Roles=[Ref(serviceRole)]
))
# Launch configuration
launchConfiguration = t.add_resource(autoscaling.LaunchConfiguration(
"StrongjobsLaunchConfig",
ImageId=Ref(imageId),
SecurityGroups=[Ref(securityGroup)],
IamInstanceProfile=Ref(IAMInstanceProfile),
InstanceType="t2.micro",
AssociatePublicIpAddress=False,
BlockDeviceMappings=[{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "10",
},
}],
UserData=Base64(Join('', [
"#cloud-boothook\n",
"#!/bin/bash\n",
"echo 'userdata is running'\n",
"apt-get -y install awscli\n",
"apt-get -y install ruby2.0\n",
"aws s3 cp s3://aws-codedeploy-",
{"Ref": AWS_REGION},
"/latest/install /tmp/codedeploy_install --region ",
{"Ref": AWS_REGION}, "\n",
"/bin/chmod +x /tmp/codedeploy_install\n",
"/tmp/codedeploy_install auto \n"
])),
))
# AutoScaling Group
autoScalingGroupStrongjobs = t.add_resource(autoscaling.AutoScalingGroup(
"StrongjobsGroup",
UpdatePolicy=policies.UpdatePolicy(
AutoScalingRollingUpdate=policies.AutoScalingRollingUpdate(
MinInstancesInService="0",
MaxBatchSize='1',
)
),
LaunchConfigurationName=Ref(launchConfiguration),
VPCZoneIdentifier=[Ref(subnetId)],
MinSize="1",
DesiredCapacity="1",
MaxSize="1",
Tags=[
autoscaling.Tag("environment", Ref(AWS_STACK_NAME), "true"),
autoscaling.Tag("Name",
Join("-", [Ref(AWS_STACK_NAME), "asg-strongjobs"]),
"true"),
autoscaling.Tag("application", "strongjobs", "true"),
],
))
# CodeDeploy
strongjobsApplication = t.add_resource(codedeploy.Application(
"StrongjobsApplication",
ApplicationName=Join("-", ["strongjobs", Ref(AWS_STACK_NAME)])
))
strongjobsCodeDeploy = t.add_resource(codedeploy.DeploymentGroup(
"StrongjobsDeploymentGroup",
DeploymentGroupName='strongjobs',
ApplicationName=Ref(strongjobsApplication),
AutoScalingGroups=[Ref(autoScalingGroupStrongjobs)],
ServiceRoleArn=Join("", ["arn:aws:iam::",
Ref("AWS::AccountId"),
":role/", Ref(serviceRole)
]),
))
with open(OUTPUTFILE, "w") as f:
f.write(t.to_json())
print("Wrote " + OUTPUTFILE)