diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..ac1de4c --- /dev/null +++ b/.yamllint @@ -0,0 +1,6 @@ +extends: default + +rules: + line-length: + max: 120 + level: warning diff --git a/buildspec.yml b/buildspec.yml index 30db118..7191312 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -1,3 +1,4 @@ +--- version: 0.2 env: @@ -17,4 +18,5 @@ phases: - coverage run --source=. -m unittest discover -s spoptimize - coverage report - python scripts/validate-templates.py + - yamllint *.yml demo/*.yml - coveralls diff --git a/demo/demo.yml b/demo/demo.yml index 418f26f..4e8c368 100644 --- a/demo/demo.yml +++ b/demo/demo.yml @@ -1,9 +1,11 @@ +--- + AWSTemplateFormatVersion: 2010-09-09 Description: Spoptimize Demo Parameters: - InstanceType: + InstanceType: Description: EC2 Instance Type Type: String Default: t2.micro @@ -85,17 +87,17 @@ Resources: SourceSecurityGroupId: !GetAtt ElbSecGrp.GroupId ## These would be used for a NLB - #EIP1: + # EIP1: # Type: AWS::EC2::EIP # Properties: # Domain: VPC - #EIP2: + # EIP2: # Type: AWS::EC2::EIP # Properties: # Domain: VPC Elb: - #DependsOn: + # DependsOn: # - EIP1 # - EIP2 Type: AWS::ElasticLoadBalancingV2::LoadBalancer @@ -106,14 +108,14 @@ Resources: SecurityGroups: - !GetAtt ElbSecGrp.GroupId IpAddressType: ipv4 - #SubnetMappings: + # SubnetMappings: # - SubnetId: !Select [ 0 !Ref SubnetIds ] # AllocationId: !GetAtt EIP1.AllocationId # - SubnetId: !Select [ 1 !Ref SubnetIds ] # AllocationId: !GetAtt EIP2.AllocationId - Subnets: - - !Select [ 0, !Ref SubnetIds ] - - !Select [ 1, !Ref SubnetIds ] + Subnets: + - !Select [0, !Ref SubnetIds] + - !Select [1, !Ref SubnetIds] ElbTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup @@ -148,7 +150,7 @@ Resources: LaunchConfig: Type: AWS::AutoScaling::LaunchConfiguration Properties: - ImageId: !FindInMap [ Region2Ami, !Ref "AWS::Region", amzn2 ] + ImageId: !FindInMap [Region2Ami, !Ref "AWS::Region", amzn2] KeyName: !Ref Ec2Key InstanceType: !Ref InstanceType IamInstanceProfile: !Sub "arn:aws:iam::${AWS::AccountId}:instance-profile/base-ec2" @@ -186,10 +188,10 @@ Resources: DesiredCapacity: 1 MinSize: 0 MaxSize: 12 - VPCZoneIdentifier: - - !Select [ 0, !Ref SubnetIds ] - - !Select [ 1, !Ref SubnetIds ] - MetricsCollection: + VPCZoneIdentifier: + - !Select [0, !Ref SubnetIds] + - !Select [1, !Ref SubnetIds] + MetricsCollection: - Granularity: 1Minute HealthCheckGracePeriod: 120 Cooldown: 180 diff --git a/iam-global.yml b/iam-global.yml index b4d4ac7..185ad25 100644 --- a/iam-global.yml +++ b/iam-global.yml @@ -1,3 +1,5 @@ +--- + AWSTemplateFormatVersion: 2010-09-09 Description: IAM Resources for Spoptimize @@ -33,12 +35,12 @@ Resources: Path: !Ref RolePath AssumeRolePolicyDocument: Statement: - - Effect: Allow - Principal: - Service: states.amazonaws.com - Action: sts:AssumeRole + - Effect: Allow + Principal: + Service: states.amazonaws.com + Action: sts:AssumeRole ManagedPolicyArns: - - !Ref StateMachineManagedPolicy + - !Ref StateMachineManagedPolicy LambdaManagedPolicy: Type: AWS::IAM::ManagedPolicy @@ -48,62 +50,62 @@ Resources: PolicyDocument: Version: '2012-10-17' Statement: - - Sid: AutoScaling - Effect: Allow - Action: - - autoscaling:Describe* - - autoscaling:SetDesiredCapacity - - autoscaling:AttachInstances - - autoscaling:TerminateInstanceInAutoScalingGroup - #- autoscaling:DetachInstances - Resource: "*" - - Sid: SpotRequests - Effect: Allow - Action: - #- ec2:RunInstances - - ec2:CancelSpotInstanceRequests - - ec2:CreateTags - - ec2:DescribeSpotInstanceRequests - - ec2:DescribeSpotPriceHistory - - ec2:DescribeInstances - - ec2:DescribeTags - - ec2:RequestSpotInstances - - ec2:TerminateInstances - Resource: "*" - - Sid: StepFnStart - Effect: Allow - Action: - - states:StartExecution - Resource: !Sub "arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${StackBasename}-*" - - Sid: StepFnDescribeExec - Effect: Allow - Action: - - states:DescribeExecution - Resource: !Sub "arn:aws:states:${AWS::Region}:${AWS::AccountId}:execution:${StackBasename}-*" - - Sid: DynamoDbLockTable - Effect: Allow - Action: - - dynamodb:DeleteItem - - dynamodb:GetItem - - dynamodb:PutItem - Resource: !Sub "arn:aws:dynamodb:*:${AWS::AccountId}:table/${StackBasename}-autoscaling-group-locks" - - Sid: PassEc2IamRole - Effect: Allow - Action: iam:PassRole - Resource: "*" - Condition: - StringEquals: - iam:PassedToService: - - ec2.amazonaws.com - - ec2.amazonaws.com.cn - - Sid: GetIamInstanceProfiles - Effect: Allow - Action: iam:GetInstanceProfile - Resource: "*" - - Sid: CreateSpotServiceRole - Effect: Allow - Action: iam:CreateServiceLinkedRole - Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" + - Sid: AutoScaling + Effect: Allow + Action: + - autoscaling:Describe* + - autoscaling:SetDesiredCapacity + - autoscaling:AttachInstances + - autoscaling:TerminateInstanceInAutoScalingGroup + # - autoscaling:DetachInstances + Resource: "*" + - Sid: SpotRequests + Effect: Allow + Action: + # - ec2:RunInstances + - ec2:CancelSpotInstanceRequests + - ec2:CreateTags + - ec2:DescribeSpotInstanceRequests + - ec2:DescribeSpotPriceHistory + - ec2:DescribeInstances + - ec2:DescribeTags + - ec2:RequestSpotInstances + - ec2:TerminateInstances + Resource: "*" + - Sid: StepFnStart + Effect: Allow + Action: + - states:StartExecution + Resource: !Sub "arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${StackBasename}-*" + - Sid: StepFnDescribeExec + Effect: Allow + Action: + - states:DescribeExecution + Resource: !Sub "arn:aws:states:${AWS::Region}:${AWS::AccountId}:execution:${StackBasename}-*" + - Sid: DynamoDbLockTable + Effect: Allow + Action: + - dynamodb:DeleteItem + - dynamodb:GetItem + - dynamodb:PutItem + Resource: !Sub "arn:aws:dynamodb:*:${AWS::AccountId}:table/${StackBasename}-autoscaling-group-locks" + - Sid: PassEc2IamRole + Effect: Allow + Action: iam:PassRole + Resource: "*" + Condition: + StringEquals: + iam:PassedToService: + - ec2.amazonaws.com + - ec2.amazonaws.com.cn + - Sid: GetIamInstanceProfiles + Effect: Allow + Action: iam:GetInstanceProfile + Resource: "*" + - Sid: CreateSpotServiceRole + Effect: Allow + Action: iam:CreateServiceLinkedRole + Resource: !Sub "arn:aws:iam::${AWS::AccountId}:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot" LambdaExecRole: Type: AWS::IAM::Role @@ -112,13 +114,13 @@ Resources: Path: !Ref RolePath AssumeRolePolicyDocument: Statement: - - Effect: Allow - Principal: - Service: lambda.amazonaws.com - Action: sts:AssumeRole + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - - !Ref LambdaManagedPolicy + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + - !Ref LambdaManagedPolicy Outputs: StateMachineManagedPolicy: diff --git a/requirements-dev.txt b/requirements-dev.txt index f254a6a..b51f150 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -3,3 +3,4 @@ boto3 coveralls coverage mock +yamllint diff --git a/sam.yml b/sam.yml index 6290790..9193d33 100644 --- a/sam.yml +++ b/sam.yml @@ -1,3 +1,5 @@ +--- + AWSTemplateFormatVersion: 2010-09-09 Description: Step Functions for Spoptimize Transform: AWS::Serverless-2016-10-31 @@ -26,7 +28,7 @@ Parameters: Default: "" Conditions: - NoAlarmNotifications: !Equals [ !Ref AlarmTopicName, "" ] + NoAlarmNotifications: !Equals [!Ref AlarmTopicName, ""] Globals: Function: @@ -487,12 +489,12 @@ Resources: ComparisonOperator: GreaterThanThreshold Threshold: 0 TreatMissingData: notBreaching - ActionsEnabled: !If [ NoAlarmNotifications, false, true ] + ActionsEnabled: !If [NoAlarmNotifications, false, true] AlarmActions: Fn::If: - NoAlarmNotifications - !Ref AWS::NoValue - - [ !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${AlarmTopicName}" ] + - [!Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${AlarmTopicName}"] SpotRequestorTimedOutAlrm: Type: AWS::CloudWatch::Alarm @@ -510,12 +512,12 @@ Resources: ComparisonOperator: GreaterThanThreshold Threshold: 0 TreatMissingData: notBreaching - ActionsEnabled: !If [ NoAlarmNotifications, false, true ] + ActionsEnabled: !If [NoAlarmNotifications, false, true] AlarmActions: Fn::If: - NoAlarmNotifications - !Ref AWS::NoValue - - [ !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${AlarmTopicName}" ] + - [!Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${AlarmTopicName}"] Outputs: SpotRequestorArn: diff --git a/scripts/run-tests.sh b/scripts/run-tests.sh index c577690..26b140d 100755 --- a/scripts/run-tests.sh +++ b/scripts/run-tests.sh @@ -21,6 +21,15 @@ if [ -e requirements.txt ]; then #pip install -t vendored -r requirements.txt fi +yamllint_cmd='yamllint *.yml demo/*.yml' +echo "Checking yaml files via: $yamllint_cmd" +$yamllint_cmd +echo + +echo +python scripts/validate-templates.py +echo + test_cmd='coverage run --source=. -m unittest discover -s spoptimize -v' "$@" echo "Executing: $test_cmd" "$@" $test_cmd "$@"