Added Region to cftemplates so we can do inline replace of <account> …

…and <region>.

Added LambdaPermission and CWEventRule cftemplates.

Added CloudWatchController and LambdaController.

CHANGELOG.md

@@ -19,6 +19,14 @@ Changelog for aim
 
 - Resources/S3.yaml is now functional: eg. aim validate S3
 
+- Added Region to cftemplates so we can do inline replace of <account> and <region>.
+
+- Added LambdaPermission and CWEventRule cftemplates.
+
+- Added CloudWatchController and LambdaController.
+
+
+
 
 1.0.0 (2019-07-06)
 ------------------

src/aim/application/app_engine.py

@@ -129,6 +129,7 @@ def init_alarms(self, aws_name, res_config_ref, res_config):
         alarms_template = aim.cftemplates.CWAlarms(
             self.aim_ctx,
             self.account_ctx,
+            self.aws_region,
             res_config.monitoring.alarm_sets,
             res_config.type,
             res_config_ref,
@@ -150,8 +151,8 @@ def init_lambda_resource(self, grp_id, res_id, res_config):
         else:
             print("ApplicationEngine: Init: Lambda: %s" % (res_id))
 
-        lambda_config_ref = self.gen_resource_ref(grp_id, res_id)
-        # Create instance role
+        lambda_config_ref = self.gen_ref(grp_id, res_id)
+        # Create function execution role
         if res_config.iam_role.enabled == False:
             role_config_yaml = """
 instance_profile: false
@@ -163,6 +164,20 @@ def init_lambda_resource(self, grp_id, res_id, res_config):
         else:
             role_config = res_config.iam_role
 
+        # Add CloudWatch Logs permissions
+        cw_logs_policy = """
+name: CloudWatchLogs
+statement:
+  - effect: Allow
+    action:
+      - logs:CreateLogGroup
+      - logs:CreateLogStream
+      - logs:PutLogEvents
+    resource:
+      - '*'
+"""
+        role_config.add_policy(yaml.load(cw_logs_policy))
+
         # The ID to give this role is: group.resource.iam_role
         iam_role_ref = self.gen_ref(
             grp_id=grp_id,
@@ -192,31 +207,33 @@ def init_lambda_resource(self, grp_id, res_id, res_config):
             stack_group=self.stack_group,
             template_params=None
         )
+
+
         aws_name = '-'.join([grp_id, res_id])
-        asg_template = aim.cftemplates.Lambda(
+        lambda_template = aim.cftemplates.Lambda(
             self.aim_ctx,
             self.account_ctx,
+            self.aws_region,
             aws_name,
             res_config,
             lambda_config_ref
         )
-        asg_stack = Stack(
+        lambda_stack = Stack(
             self.aim_ctx,
             self.account_ctx,
             self.stack_group,
             res_config,
-            asg_template,
+            lambda_template,
             aws_region=self.aws_region
         )
-        self.stack_group.add_stack_order(asg_stack)
+        self.stack_group.add_stack_order(lambda_stack)
 
     def init_acm_resource(self, grp_id, res_id, res_config):
         if res_config.enabled == False:
             print("ApplicationEngine: Init: ACM: %s *disabled*" % (res_id))
         else:
             print("ApplicationEngine: Init: ACM: %s" % (res_id))
             acm_ctl = self.aim_ctx.get_controller('ACM')
-            self.gen_resource_ref(grp_id, res_id)
             cert_group_id = self.gen_resource_ref(grp_id, res_id)
             acm_ctl.add_certificate_config(
                 self.account_ctx,
@@ -258,6 +275,7 @@ def init_lbclassic_resource(self, grp_id, res_id, res_config):
             elb_template = aim.cftemplates.ELB(
                 self.aim_ctx,
                 self.account_ctx,
+                self.aws_region,
                 self.subenv_ctx,
                 self.app_id,
                 res_id,
@@ -287,6 +305,7 @@ def init_lbapplication_resource(self, grp_id, res_id, res_config):
         alb_template = aim.cftemplates.ALB(
             self.aim_ctx,
             self.account_ctx,
+            self.aws_region,
             self.subenv_ctx,
             aws_name,
             self.app_id,
@@ -373,6 +392,7 @@ def init_asg_resource(self, grp_id, res_id, res_config):
         asg_template = aim.cftemplates.ASG(
             self.aim_ctx,
             self.account_ctx,
+            self.aws_region,
             self.subenv_ctx,
             aws_name,
             self.app_id,
@@ -407,6 +427,7 @@ def init_ec2_resource(self, grp_id, res_id, res_config):
             ec2_template = aim.cftemplates.EC2(
                 self.aim_ctx,
                 self.account_ctx,
+                self.aws_region,
                 self.subenv_id,
                 aws_name,
                 self.app_id,
@@ -489,6 +510,7 @@ def init_cpbd_resource(self, grp_id, res_id, res_config):
             kms_template = aim.cftemplates.KMS(
                 self.aim_ctx,
                 tools_account_ctx,
+                self.aws_region,
                 aws_name,
                 kms_conf_ref,
                 kms_config_dict
@@ -592,6 +614,7 @@ def init_cpbd_resource(self, grp_id, res_id, res_config):
             codedeploy_template = aim.cftemplates.CodeDeploy(
                 self.aim_ctx,
                 self.account_ctx,
+                self.aws_region,
                 self.subenv_ctx,
                 aws_name,
                 self.app_id,
@@ -618,6 +641,7 @@ def init_cpbd_resource(self, grp_id, res_id, res_config):
             codepipebuild_template = aim.cftemplates.CodePipeBuild(
                 self.aim_ctx,
                 tools_account_ctx,
+                self.aws_region,
                 self.subenv_ctx,
                 aws_name,
                 self.app_id,
@@ -651,6 +675,7 @@ def init_cpbd_resource(self, grp_id, res_id, res_config):
             kms_template = aim.cftemplates.KMS(
                 self.aim_ctx,
                 tools_account_ctx,
+                self.aws_region,
                 aws_name,
                 kms_conf_ref,
                 kms_config_dict
@@ -732,5 +757,7 @@ def resolve_ref(self, ref):
             else:
                 return self.get_stack_from_ref(ref)
         elif isinstance(ref.resource, models.applications.Lambda):
-            pass
+            lambda_stack = self.get_stack_from_ref(ref)
+            return lambda_stack
+
         return None

src/aim/cftemplates/__init__.py

@@ -17,4 +17,6 @@
 from aim.cftemplates.kms import KMS
 from aim.cftemplates.cw_alarms import CWAlarms
 from aim.cftemplates.lambda_function import Lambda
+from aim.cftemplates.lambda_permission import LambdaPermission
 from aim.cftemplates.account import Account
+from aim.cftemplates.cw_event_rule import CWEventRule

src/aim/cftemplates/account.py

@@ -19,6 +19,7 @@ def __init__(self,
         # Super
         super().__init__(aim_ctx,
                          account_ctx,
+                         aws_account=None,
                          config_ref=account_config_ref,
                          aws_name=self.account_id,
                          iam_capabilities=["CAPABILITY_NAMED_IAM"])

src/aim/cftemplates/alb.py

@@ -9,6 +9,7 @@
 class ALB(CFTemplate):
     def __init__(self, aim_ctx,
                  account_ctx,
+                 aws_region,
                  subenv_ctx,
                  aws_name,
                  app_id,
@@ -22,6 +23,7 @@ def __init__(self, aim_ctx,
 
         super().__init__(aim_ctx=aim_ctx,
                          account_ctx=account_ctx,
+                         aws_region=aws_region,
                          config_ref=alb_config_ref,
                          aws_name='-'.join([ "ALB", aws_name]))
 

src/aim/cftemplates/asg.py

@@ -11,6 +11,7 @@ class ASG(CFTemplate):
     def __init__(self,
                  aim_ctx,
                  account_ctx,
+                 aws_region,
                  subenv_ctx,
                  aws_name,
                  app_id,
@@ -30,6 +31,7 @@ def __init__(self,
         aws_name='-'.join(["ASG", aws_name])
         super().__init__(aim_ctx,
                          account_ctx,
+                         aws_region,
                          config_ref=asg_config_ref,
                          aws_name=aws_name)
 

src/aim/cftemplates/cftemplates.py

@@ -153,11 +153,13 @@ class CFTemplate():
     def __init__(self,
                  aim_ctx,
                  account_ctx,
+                 aws_region,
                  config_ref,
                  aws_name,
                  iam_capabilities=[] ):
         self.aim_ctx = aim_ctx
         self.account_ctx = account_ctx
+        self.aws_region = aws_region
         self.build_folder = os.path.join(aim_ctx.build_folder, "templates")
         self.yaml_path = None
         self.parameters = []
@@ -250,7 +252,7 @@ def aim_sub(self):
                     if sub_ref.find('<account>') != -1:
                         sub_ref = sub_ref.replace('<account>', self.account_ctx.get_name())
                     if sub_ref.find('<region>') != -1:
-                        sub_ref = sub_ref.replace('<region>', self.stack.aws_region)
+                        sub_ref = sub_ref.replace('<region>', self.aws_region)
 
                     sub_value = self.aim_ctx.get_ref(sub_ref)
                     #print("Sub Value: %s" % (sub_value))
@@ -337,6 +339,8 @@ def set_parameter( self,
         elif isinstance(param_value, list):
             param_entry = Parameter(param_key, self.list_to_string(param_value))
         elif isinstance(param_value, str) and self.aim_ctx.aim_ref.is_ref(param_value):
+            param_value.replace("<account>", self.account_ctx.get_name())
+            param_value.replace("<region>", self.aws_region)
             ref_value = self.aim_ctx.get_ref(param_value, account_ctx=self.account_ctx)
             if ref_value == None:
                 print("ERROR: Unable to locate value for ref: " + param_value)

src/aim/cftemplates/codecommit.py

@@ -10,6 +10,7 @@ class CodeCommit(CFTemplate):
     def __init__(self,
                  aim_ctx,
                  account_ctx,
+                 aws_region,
                  codecommit_config,
                  repo_list):
         #aim_ctx.log("CodeCommit CF Template init")
@@ -18,6 +19,7 @@ def __init__(self,
 
         super().__init__(aim_ctx,
                          account_ctx,
+                         aws_region,
                          config_ref=None,
                          aws_name=aws_name,
                          iam_capabilities=["CAPABILITY_NAMED_IAM"])

src/aim/cftemplates/codedeploy.py

@@ -10,6 +10,7 @@ class CodeDeploy(CFTemplate):
     def __init__(self,
                  aim_ctx,
                  account_ctx,
+                 aws_region,
                  subenv_ctx,
                  aws_name,
                  app_id,
@@ -23,6 +24,7 @@ def __init__(self,
         self.subenv_ctx = subenv_ctx
         super().__init__(aim_ctx,
                          account_ctx,
+                         aws_region,
                          config_ref=cpbd_config_ref,
                          aws_name='-'.join(["CPBD-Deploy", aws_name]),
                          iam_capabilities=["CAPABILITY_NAMED_IAM"])

src/aim/cftemplates/codepipebuild.py

@@ -10,6 +10,7 @@ class CodePipeBuild(CFTemplate):
     def __init__(self,
                  aim_ctx,
                  account_ctx,
+                 aws_region,
                  subenv_ctx,
                  aws_name,
                  app_id,
@@ -23,6 +24,7 @@ def __init__(self,
         #aim_ctx.log("S3 CF Template init")
         super().__init__(aim_ctx,
                          account_ctx,
+                         aws_region,
                          config_ref=cpbd_config_ref,
                          aws_name='-'.join(["CPBD-PipeBuild", aws_name]),
                          iam_capabilities=["CAPABILITY_NAMED_IAM"])

src/aim/cftemplates/cw_alarms.py

@@ -12,6 +12,7 @@ class CWAlarms(CFTemplate):
     def __init__(self,
                  aim_ctx,
                  account_ctx,
+                 aws_region,
                  sets_config,
                  res_type,
                  res_config_ref,
@@ -22,6 +23,7 @@ def __init__(self,
         aws_name='-'.join([aws_name, 'Alarms'])
         super().__init__(aim_ctx,
                          account_ctx,
+                         aws_region,
                          config_ref=res_config_ref,
                          aws_name=aws_name)