Use nodegroup instead of setting up our own EC2 instances etc

Author: dpoirier

README.rst

@@ -132,27 +132,6 @@ typically take the longest to finish, and the EB environment or ECS service crea
 will not begin until all of its dependencies, including the CloudFront distribution and RDS
 instance, have been created.
 
-EKS Worker Nodes
-----------------
-
-The EKS stack includes EKS worker nodes, however, they will not be allowed to join the cluster
-until you specifically grant them access as described in the `AWS EKS User Guide
-<https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html>`_. In short, you need to:
-
-1. Download the AWS IAM Authenticator configuration map template from AWS::
-
-    curl -o aws-auth-cm.yaml https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2019-10-08/aws-auth-cm.yaml
-
-2. Open the file with your favorite text editor. Replace the ``<ARN of instance role (not instance profile)>``
-   snippet with the ``ContainerInstanceRole`` ARN from the stack that you created, and save the file.
-   **Important:** Do not modify any other lines in this file.
-
-3. Apply the configuration::
-
-    kubectl apply -f aws-auth-cm.yaml
-
-If you your nodes still aren't joining the cluster, consult the AWS EKS User Guide.
-
 SSL Certificate
 ---------------
 

requirements.txt

@@ -1,5 +1,5 @@
 awacs==0.9.6
-troposphere==2.5.2
+troposphere==2.5.3
 flake8==3.4.1
 isort==4.2.15
 sphinx==1.6.7

stack/__init__.py

@@ -1,34 +1,37 @@
 import os
 
-from . import sftp  # noqa: F401
-from . import assets  # noqa: F401
-from . import cache  # noqa: F401
-from . import database  # noqa: F401
-from . import logs  # noqa: F401
-from . import vpc  # noqa: F401
-from . import template
+if os.environ.get("USE_EKS") == "on":
+    from . import vpc  # noqa: F401
+    from . import template
+    from . import repository  # noqa: F401
+    from . import eks  # noqa: F401
+else:
+    from . import sftp  # noqa: F401
+    from . import assets  # noqa: F401
+    from . import cache  # noqa: F401
+    from . import database  # noqa: F401
+    from . import logs  # noqa: F401
+    from . import vpc  # noqa: F401
+    from . import template
 
-if os.environ.get('USE_GOVCLOUD') != 'on':
-    # make sure this isn't added to the template for GovCloud, as it's not
-    # supported in this region
-    from . import search  # noqa: F401
+    if os.environ.get("USE_GOVCLOUD") != "on":
+        # make sure this isn't added to the template for GovCloud, as it's not
+        # supported in this region
+        from . import search  # noqa: F401
 
-if os.environ.get('USE_NAT_GATEWAY') == 'on':
-    from . import bastion  # noqa: F401
+    if os.environ.get("USE_NAT_GATEWAY") == "on":
+        from . import bastion  # noqa: F401
 
-if os.environ.get('USE_ECS') == 'on':
-    from . import repository  # noqa: F401
-    from . import cluster  # noqa: F401
-elif os.environ.get('USE_EB') == 'on':
-    from . import repository  # noqa: F401
-    from . import eb  # noqa: F401
-elif os.environ.get('USE_DOKKU') == 'on':
-    from . import dokku  # noqa: F401
-elif os.environ.get('USE_EKS') == 'on':
-    from . import repository  # noqa: F401
-    from . import instances  # noqa: F401
-else:  # USE_GOVCLOUD and USE_EC2 both provide EC2 instances
-    from . import instances  # noqa: F401
+    if os.environ.get("USE_ECS") == "on":
+        from . import repository  # noqa: F401
+        from . import ecs_cluster  # noqa: F401
+    elif os.environ.get("USE_EB") == "on":
+        from . import repository  # noqa: F401
+        from . import eb  # noqa: F401
+    elif os.environ.get("USE_DOKKU") == "on":
+        from . import dokku  # noqa: F401
+    else:  # USE_GOVCLOUD and USE_EC2 both provide EC2 instances
+        from . import instances  # noqa: F401
 
 # Must be last to tag all resources
 from . import tags  # noqa: F401

stack/common.py

@@ -11,152 +11,53 @@
 template.add_condition(in_govcloud_region, Equals(Ref(AWS_REGION), "us-gov-west-1"))
 arn_prefix = If(in_govcloud_region, "arn:aws-us-gov", "arn:aws")
 
-administrator_ip_address = Ref(template.add_parameter(
-    Parameter(
-        "AdministratorIPAddress",
-        Description="The IP address allowed to access containers. "
-                    "Defaults to TEST-NET-1 (ie, no valid IP)",
-        Type="String",
-        # RFC5737 - TEST-NET-1 reserved for documentation
-        Default="192.0.2.0/24",
-    ),
-    group="Application Server",
-    label="Admin IP Address",
-))
-
-container_instance_type = Ref(template.add_parameter(
-    Parameter(
-        "ContainerInstanceType",
-        Description="The application server instance type",
-        Type="String",
-        Default="t2.micro",
-        AllowedValues=[
-            't3.nano',
-            't3.micro',
-            't3.small',
-            't3.medium',
-            't3.large',
-            't3.xlarge',
-            't3.2xlarge',
-            't2.nano',
-            't2.micro',
-            't2.small',
-            't2.medium',
-            't2.large',
-            't2.xlarge',
-            't2.2xlarge',
-            'm5.large',
-            'm5.xlarge',
-            'm5.2xlarge',
-            'm5.4xlarge',
-            'm5.12xlarge',
-            'm5.24xlarge',
-            'm5d.large',
-            'm5d.xlarge',
-            'm5d.2xlarge',
-            'm5d.4xlarge',
-            'm5d.12xlarge',
-            'm5d.24xlarge',
-            'm4.large',
-            'm4.xlarge',
-            'm4.2xlarge',
-            'm4.4xlarge',
-            'm4.10xlarge',
-            'm4.16xlarge',
-            'm3.medium',
-            'm3.large',
-            'm3.xlarge',
-            'm3.2xlarge',
-            'c5.large',
-            'c5.xlarge',
-            'c5.2xlarge',
-            'c5.4xlarge',
-            'c5.9xlarge',
-            'c5.18xlarge',
-            'c5d.large',
-            'c5d.xlarge',
-            'c5d.2xlarge',
-            'c5d.4xlarge',
-            'c5d.9xlarge',
-            'c5d.18xlarge',
-            'c4.large',
-            'c4.xlarge',
-            'c4.2xlarge',
-            'c4.4xlarge',
-            'c4.8xlarge',
-            'c3.large',
-            'c3.xlarge',
-            'c3.2xlarge',
-            'c3.4xlarge',
-            'c3.8xlarge',
-            'p2.xlarge',
-            'p2.8xlarge',
-            'p2.16xlarge',
-            'g2.2xlarge',
-            'g2.8xlarge',
-            'x1.16large',
-            'x1.32xlarge',
-            'r5.large',
-            'r5.xlarge',
-            'r5.2xlarge',
-            'r5.4xlarge',
-            'r5.12xlarge',
-            'r5.24xlarge',
-            'r4.large',
-            'r4.xlarge',
-            'r4.2xlarge',
-            'r4.4xlarge',
-            'r4.8xlarge',
-            'r4.16xlarge',
-            'r3.large',
-            'r3.xlarge',
-            'r3.2xlarge',
-            'r3.4xlarge',
-            'r3.8xlarge',
-            'i3.large',
-            'i3.xlarge',
-            'i3.2xlarge',
-            'i3.4xlarge',
-            'i3.8xlarge',
-            'i3.16large',
-            'd2.xlarge',
-            'd2.2xlarge',
-            'd2.4xlarge',
-            'd2.8xlarge',
-            'f1.2xlarge',
-            'f1.16xlarge',
-        ]
-    ),
-    group="Application Server",
-    label="Instance Type",
-))
-
-if "on" in set([os.getenv("USE_DOKKU"), os.getenv("USE_EB"), os.getenv("USE_ECS")]):
-    secret_key = Ref(template.add_parameter(
+administrator_ip_address = Ref(
+    template.add_parameter(
         Parameter(
-            "SecretKey",
-            Description="Application secret key for this stack (optional)",
+            "AdministratorIPAddress",
+            Description="The IP address allowed to access containers. "
+            "Defaults to TEST-NET-1 (ie, no valid IP)",
             Type="String",
-            NoEcho=True,
+            # RFC5737 - TEST-NET-1 reserved for documentation
+            Default="192.0.2.0/24",
         ),
         group="Application Server",
-        label="Secret Key",
-    ))
+        label="Admin IP Address",
+    )
+)
 
-use_aes256_encryption = Ref(template.add_parameter(
-    Parameter(
-        "UseAES256Encryption",
-        Description="Whether or not to use server side encryption for S3, EBS, and RDS. "
-                    "When true, encryption is enabled for all resources.",
-        Type="String",
-        AllowedValues=["true", "false"],
-        Default="false",
-    ),
-    group="Global",
-    label="Enable Encryption",
-))
+if "on" in set([os.getenv("USE_DOKKU"), os.getenv("USE_EB"), os.getenv("USE_ECS")]):
+    secret_key = Ref(
+        template.add_parameter(
+            Parameter(
+                "SecretKey",
+                Description="Application secret key for this stack (optional)",
+                Type="String",
+                NoEcho=True,
+            ),
+            group="Application Server",
+            label="Secret Key",
+        )
+    )
+
+use_aes256_encryption = Ref(
+    template.add_parameter(
+        Parameter(
+            "UseAES256Encryption",
+            Description="Whether or not to use server side encryption for S3, EBS, and RDS. "
+            "When true, encryption is enabled for all resources.",
+            Type="String",
+            AllowedValues=["true", "false"],
+            Default="false",
+        ),
+        group="Global",
+        label="Enable Encryption",
+    )
+)
 use_aes256_encryption_cond = "UseAES256EncryptionCond"
-template.add_condition(use_aes256_encryption_cond, Equals(use_aes256_encryption, "true"))
+template.add_condition(
+    use_aes256_encryption_cond, Equals(use_aes256_encryption, "true")
+)
 
 cmk_arn = template.add_parameter(
     Parameter(