Merge pull request caktus#96 from caktus/add-services-to-eks

Optionally create services with EKS

Author: dpoirier

CHANGELOG.rst

@@ -5,6 +5,8 @@ Change Log
 `X.Y.Z`_ (TBD-DD-DD)
 ---------------------
 
+* Optionally create RDS, Redis, memcached, elasticsearch services when creating
+  an EKS cluster.
 * TBD
 
 

stack/__init__.py

@@ -14,6 +14,17 @@
     from . import template
     from . import repository  # noqa: F401
     from . import eks  # noqa: F401
+    from . import cache  # noqa: F401
+    from . import database  # noqa: F401
+    from . import logs  # noqa: F401
+    if not USE_GOVCLOUD:
+        # make sure this isn't added to the template for GovCloud, as it's not
+        # supported in this region
+        from . import search  # noqa: F401
+
+    if USE_NAT_GATEWAY:
+        from . import bastion  # noqa: F401
+
 else:
     from . import sftp  # noqa: F401
     from . import assets  # noqa: F401
@@ -51,8 +62,8 @@
 print("# https://github.com/caktus/aws-web-stacks")
 print("# at %s" % datetime.datetime.now())
 print("# with parameters:")
-use_parms = sorted(parm for parm in os.environ.keys() if parm.startswith("USE_"))
-for parm in use_parms:
+parms_used = sorted(parm for parm in os.environ.keys() if parm.startswith("USE_") or parm == "DEFAULTS_FILE")
+for parm in parms_used:
     print("#\t%s = %s" % (parm, os.environ[parm]))
 print()
 print(template.template.to_yaml())

stack/eks.py

@@ -93,7 +93,7 @@
     [
         Output(
             "ClusterEndpoint",
-            Description="The connection endpoint for the cluster API.",
+            Description="The connection endpoint for the EKS cluster API.",
             Value=GetAtt(cluster, "Endpoint"),
         ),
     ]

stack/repository.py

@@ -1,13 +1,6 @@
 import awacs.ecr as ecr
 from awacs.aws import Allow, AWSPrincipal, Policy, Statement
-from troposphere import (
-    AWS_ACCOUNT_ID,
-    AWS_REGION,
-    AWS_STACK_NAME,
-    Join,
-    Output,
-    Ref
-)
+from troposphere import AWS_ACCOUNT_ID, AWS_REGION, Join, Output, Ref
 from troposphere.ecr import Repository
 
 from .common import arn_prefix
@@ -17,22 +10,20 @@
 repository = Repository(
     "ApplicationRepository",
     template=template,
-    RepositoryName=Ref(AWS_STACK_NAME),
+    # Do we need to specify a repository name? The stack name might not be
+    # a valid repository name, and if we just leave it out, AWS will make one
+    # up for us.
+    # RepositoryName=Ref(AWS_STACK_NAME),
     # Allow all account users to manage images.
     RepositoryPolicyText=Policy(
         Version="2008-10-17",
         Statement=[
             Statement(
                 Sid="AllowPushPull",
                 Effect=Allow,
-                Principal=AWSPrincipal([
-                    Join("", [
-                        arn_prefix,
-                        ":iam::",
-                        Ref(AWS_ACCOUNT_ID),
-                        ":root",
-                    ]),
-                ]),
+                Principal=AWSPrincipal(
+                    [Join("", [arn_prefix, ":iam::", Ref(AWS_ACCOUNT_ID), ":root"])]
+                ),
                 Action=[
                     ecr.GetDownloadUrlForLayer,
                     ecr.BatchGetImage,
@@ -43,20 +34,25 @@
                     ecr.CompleteLayerUpload,
                 ],
             ),
-        ]
+        ],
     ),
 )
 
 
 # Output ECR repository URL
-template.add_output(Output(
-    "RepositoryURL",
-    Description="The docker repository URL",
-    Value=Join("", [
-        Ref(AWS_ACCOUNT_ID),
-        ".dkr.ecr.",
-        Ref(AWS_REGION),
-        ".amazonaws.com/",
-        Ref(repository),
-    ]),
-))
+template.add_output(
+    Output(
+        "RepositoryURL",
+        Description="The docker repository URL",
+        Value=Join(
+            "",
+            [
+                Ref(AWS_ACCOUNT_ID),
+                ".dkr.ecr.",
+                Ref(AWS_REGION),
+                ".amazonaws.com/",
+                Ref(repository),
+            ],
+        ),
+    )
+)

stack/security_groups.py

@@ -59,15 +59,17 @@
             SourceSecurityGroupId=Ref(load_balancer_security_group),
         ))
 
-if not USE_NAT_GATEWAY:
-    # Allow direct administrator access via SSH.
-    ingress_rules.append(SecurityGroupRule(
-        IpProtocol="tcp",
-        FromPort="22",
-        ToPort="22",
-        Description="Administrator SSH Access",
-        CidrIp=administrator_ip_address,
-    ))
+    if not USE_NAT_GATEWAY:
+        # Allow direct administrator access via SSH.
+        ingress_rules.append(SecurityGroupRule(
+            IpProtocol="tcp",
+            FromPort="22",
+            ToPort="22",
+            Description="Administrator SSH Access",
+            CidrIp=administrator_ip_address,
+        ))
+else:
+    ingress_rules = []
 
 container_security_group = SecurityGroup(
     # NOTE: If creating an EKS cluster, eks.py will modify this security group.