diff --git a/.gitmodules b/.gitmodules index 9ff9217..dfbb645 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,12 +1,12 @@ [submodule "submodules/quickstart-aws-vpc"] path = submodules/quickstart-aws-vpc url = https://github.com/aws-quickstart/quickstart-aws-vpc.git - branch = master + branch = main [submodule "submodules/quickstart-linux-bastion"] path = submodules/quickstart-linux-bastion url = https://github.com/aws-quickstart/quickstart-linux-bastion.git - branch = master + branch = main [submodule "submodules/quickstart-microsoft-rdgateway"] path = submodules/quickstart-microsoft-rdgateway url = https://github.com/aws-quickstart/quickstart-microsoft-rdgateway.git - branch = master + branch = main diff --git a/.taskcat.yml b/.taskcat.yml new file mode 100644 index 0000000..8c5183b --- /dev/null +++ b/.taskcat.yml @@ -0,0 +1,48 @@ +project: + name: quickstart-examples + owner: quickstart-eng@amazon.com + package_lambda: false + shorten_stack_name: true + s3_regional_buckets: true + regions: + - ap-northeast-1 + - ap-northeast-2 + - ap-south-1 + - ap-southeast-1 + - ap-southeast-2 + - ca-central-1 + - eu-central-1 + - eu-west-1 + - eu-west-2 + - sa-east-1 + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + s3_bucket: '' +tests: + examples-main: + parameters: + AvailabilityZones: $[alfred_getaz_2] + BastionAMIOS: Amazon-Linux2-HVM + BastionInstanceType: t2.micro + KeyPairName: $[alfred_getkeypair] + OperatorEmail: operator@example.com + PrivateSubnet1CIDR: 10.0.0.0/19 + PrivateSubnet2CIDR: 10.0.32.0/19 + PublicSubnet1CIDR: 10.0.128.0/20 + PublicSubnet2CIDR: 10.0.144.0/20 + QSS3BucketName: $[taskcat_autobucket] + QSS3BucketRegion: $[taskcat_current_region] + RemoteAccessCIDR: 10.0.0.0/16 + S3BucketName: alfred-develop-examples-$[alfred_genuuid] + VPCCIDR: 10.0.0.0/16 + WorkloadInstanceType: m4.xlarge + WorkloadNodesDesiredCapacity: '2' + WorkloadNodesMaxSize: '4' + WorkloadNodesMinSize: '2' + regions: + - eu-west-1 + - eu-central-1 + s3_bucket: '' + template: templates/workload-yaml-entrypoint-new-vpc.template.yaml diff --git a/ci/taskcat.yml b/ci/taskcat.yml index 7d1b331..9fdc84a 100644 --- a/ci/taskcat.yml +++ b/ci/taskcat.yml @@ -22,21 +22,21 @@ tests: json-master: parameter_input: workload-master.json regions: - - ap-northeast-1 - - ap-northeast-2 - - ap-south-1 - - ap-southeast-1 - - ap-southeast-2 - - ca-central-1 +# - ap-northeast-1 +# - ap-northeast-2 +# - ap-south-1 +# - ap-southeast-1 +# - ap-southeast-2 +# - ca-central-1 - eu-central-1 - template_file: workload-json-master.template + template_file: workload-yaml-entrypoint-new-vpc.template.yaml yaml-master: parameter_input: workload-master.json regions: - eu-west-1 - - eu-west-2 - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - template_file: workload-yaml-master.template +# - eu-west-2 +# - us-east-1 +# - us-east-2 +# - us-west-1 +# - us-west-2 + template_file: workload-yaml-entrypoint-new-vpc.template.yaml diff --git a/ci/workload-master.json b/ci/workload-master.json deleted file mode 100644 index 2c48122..0000000 --- a/ci/workload-master.json +++ /dev/null @@ -1,74 +0,0 @@ -[ - { - "ParameterKey": "AvailabilityZones", - "ParameterValue": "$[alfred_getaz_2]" - }, - { - "ParameterKey": "BastionAMIOS", - "ParameterValue": "Amazon-Linux-HVM" - }, - { - "ParameterKey": "BastionInstanceType", - "ParameterValue": "t2.micro" - }, - { - "ParameterKey": "KeyPairName", - "ParameterValue": "$[alfred_getkeypair]" - }, - { - "ParameterKey": "OperatorEmail", - "ParameterValue": "operator@example.com" - }, - { - "ParameterKey": "PrivateSubnet1CIDR", - "ParameterValue": "10.0.0.0/19" - }, - { - "ParameterKey": "PrivateSubnet2CIDR", - "ParameterValue": "10.0.32.0/19" - }, - { - "ParameterKey": "PublicSubnet1CIDR", - "ParameterValue": "10.0.128.0/20" - }, - { - "ParameterKey": "PublicSubnet2CIDR", - "ParameterValue": "10.0.144.0/20" - }, - { - "ParameterKey": "RemoteAccessCIDR", - "ParameterValue": "10.0.0.0/16" - }, - { - "ParameterKey": "S3BucketName", - "ParameterValue": "alfred-develop-examples-$[alfred_genuuid]" - }, - { - "ParameterKey": "VPCCIDR", - "ParameterValue": "10.0.0.0/16" - }, - { - "ParameterKey": "WorkloadInstanceType", - "ParameterValue": "m4.xlarge" - }, - { - "ParameterKey": "WorkloadNodesDesiredCapacity", - "ParameterValue": "2" - }, - { - "ParameterKey": "WorkloadNodesMaxSize", - "ParameterValue": "4" - }, - { - "ParameterKey": "WorkloadNodesMinSize", - "ParameterValue": "2" - }, - { - "ParameterKey": "QSS3BucketName", - "ParameterValue": "$[taskcat_autobucket]" - }, - { - "ParameterKey": "QSS3BucketRegion", - "ParameterValue": "$[taskcat_current_region]" - } -] diff --git a/patterns/LambdaZips/example.yaml b/patterns/LambdaZips/example.yaml index f6a172f..b7088af 100644 --- a/patterns/LambdaZips/example.yaml +++ b/patterns/LambdaZips/example.yaml @@ -55,7 +55,7 @@ Resources: Properties: Description: Copies objects from a source S3 bucket to a destination Handler: index.handler - Runtime: python2.7 + Runtime: python3.7 Role: !GetAtt 'CopyZipsRole.Arn' Timeout: 240 Code: @@ -75,9 +75,9 @@ Resources: 'Bucket': source_bucket, 'Key': key } - print('copy_source: %s' % copy_source) - print('dest_bucket = %s'%dest_bucket) - print('key = %s' %key) + print(('copy_source: %s' % copy_source)) + print(('dest_bucket = %s'%dest_bucket)) + print(('key = %s' %key)) s3.copy_object(CopySource=copy_source, Bucket=dest_bucket, Key=key) @@ -100,7 +100,7 @@ Resources: / 1000.00) - 0.5, timeout, args=[event, context]) timer.start() - print('Received event: %s' % json.dumps(event)) + print(('Received event: %s' % json.dumps(event))) status = cfnresponse.SUCCESS try: source_bucket = event['ResourceProperties']['SourceBucket'] @@ -136,7 +136,7 @@ Resources: Properties: Description: Example Handler: lambda_function.handler - Runtime: python2.7 + Runtime: python3.7 Role: !GetAtt 'MyFunctionRole.Arn' Timeout: 300 Code: diff --git a/patterns/blog/CircularDependency/LessSimpleNonWorking.yaml b/patterns/blog/CircularDependency/LessSimpleNonWorking.yaml index 4eb59a2..5618e44 100644 --- a/patterns/blog/CircularDependency/LessSimpleNonWorking.yaml +++ b/patterns/blog/CircularDependency/LessSimpleNonWorking.yaml @@ -7,7 +7,7 @@ Resources: Type: AWS::Serverless::Function Properties: CodeUri: s3://bucketname/object.zip # Add in an S3 URI where you have code Lambda Code - Runtime: python2.7 + Runtime: python3.7 Handler: index.handler Policies: - Version: 2012-10-17 diff --git a/patterns/blog/CircularDependency/LessSimpleWorking.yaml b/patterns/blog/CircularDependency/LessSimpleWorking.yaml index 9b3a7b9..1813c90 100644 --- a/patterns/blog/CircularDependency/LessSimpleWorking.yaml +++ b/patterns/blog/CircularDependency/LessSimpleWorking.yaml @@ -9,7 +9,7 @@ Resources: Type: AWS::Serverless::Function Properties: CodeUri: s3://bucketname/object.zip # Add in an S3 URI where you have code Lambda Code - Runtime: python2.7 + Runtime: python3.7 Handler: index.handler Policies: - Version: 2012-10-17 diff --git a/samples/cloudformation-codebuild-container/codebuild.yaml b/samples/cloudformation-codebuild-container/codebuild.yaml index c7ae922..ba7d25f 100755 --- a/samples/cloudformation-codebuild-container/codebuild.yaml +++ b/samples/cloudformation-codebuild-container/codebuild.yaml @@ -52,7 +52,7 @@ Resources: Properties: Description: Copies objects from a source S3 bucket to a destination Handler: index.handler - Runtime: python2.7 + Runtime: python3.7 Role: !GetAtt 'CopyZipsRole.Arn' Timeout: 240 Code: @@ -73,9 +73,9 @@ Resources: - ' ''Bucket'': source_bucket,' - ' ''Key'': key' - ' }' - - ' print(''copy_source: %s'' % copy_source)' - - ' print(''dest_bucket = %s''%dest_bucket)' - - ' print(''key = %s'' %key)' + - ' print((''copy_source: %s'' % copy_source))' + - ' print((''dest_bucket = %s''%dest_bucket))' + - ' print((''key = %s'' %key))' - ' s3.copy_object(CopySource=copy_source, Bucket=dest_bucket, Key=key)' - '' @@ -99,7 +99,7 @@ Resources: / 1000.00) - 0.5, timeout, args=[event, context])' - ' timer.start()' - '' - - ' print(''Received event: %s'' % json.dumps(event))' + - ' print((''Received event: %s'' % json.dumps(event)))' - ' status = cfnresponse.SUCCESS' - ' try:' - ' source_bucket = event[''ResourceProperties''][''SourceBucket'']' @@ -283,7 +283,7 @@ Resources: S3Bucket: !Ref LambdaZipsBucket S3Key: !Sub "quickstart-examples/samples/cloudformation-codebuild-container/${LambdaCodePath}" Handler: "lambda_codebuild.lambda_handler" - Runtime: python2.7 + Runtime: python3.7 Timeout: 300 Role: !GetAtt CodeBuildLambdaExecutionRole.Arn CodeBuildLambdaExecutionRole: diff --git a/samples/cloudformation-codebuild-container/lambda_codebuild.py b/samples/cloudformation-codebuild-container/lambda_codebuild.py index ed06dc3..953c013 100755 --- a/samples/cloudformation-codebuild-container/lambda_codebuild.py +++ b/samples/cloudformation-codebuild-container/lambda_codebuild.py @@ -1,6 +1,6 @@ """This AWS Lambda Function kicks off a code build job.""" -import httplib -import urlparse +import http.client +import urllib.parse import json import boto3 import traceback @@ -12,7 +12,7 @@ def lambda_handler(event, context): try: # Log the received event - print("Received event: " + json.dumps(event, indent=2)) + print(("Received event: " + json.dumps(event, indent=2))) # Setup base response response = get_response_dict(event) @@ -24,7 +24,7 @@ def lambda_handler(event, context): execute_build(event) except Exception as build_exce: print("ERROR: Build threw exception") - print(repr(build_exce)) + print((repr(build_exce))) # Signal back that we failed return send_response(event, get_response_dict(event), "FAILED", repr(build_exce)) @@ -42,11 +42,11 @@ def lambda_handler(event, context): cleanup_images_repo(repository, account_id) except Exception as cleanup_exception: # signal failure to CFN - print(json.dumps(event, indent=2)) + print((json.dumps(event, indent=2))) traceback.print_stack() print("---------") traceback.print_exc() - print(repr(cleanup_exception)) + print((repr(cleanup_exception))) return send_response(event, response, "FAILED", "Cleanup of Container image failed." + repr(cleanup_exception)) # signal success to CFN @@ -67,7 +67,7 @@ def cleanup_images_repo(repository, account_id): """ ecr_client = boto3.client('ecr') - print("Repo:" + repository + " AccountID:" + account_id) + print(("Repo:" + repository + " AccountID:" + account_id)) response = ecr_client.describe_images( registryId=account_id, repositoryName=repository @@ -97,7 +97,7 @@ def execute_build(event): stack_id = event["StackId"] request_id = event["RequestId"] logical_resource_id = event["LogicalResourceId"] - url = urlparse.urlparse(event['ResponseURL']) + url = urllib.parse.urlparse(event['ResponseURL']) response = build.start_build( projectName=project_name, environmentVariablesOverride=[ {'name': 'url_path', 'value': url.path}, @@ -130,9 +130,9 @@ def send_response(event, response, status=None, reason=None): response['Reason'] = reason if 'ResponseURL' in event and event['ResponseURL']: - url = urlparse.urlparse(event['ResponseURL']) + url = urllib.parse.urlparse(event['ResponseURL']) body = json.dumps(response) - https = httplib.HTTPSConnection(url.hostname) + https = http.client.HTTPSConnection(url.hostname) https.request('PUT', url.path+'?'+url.query, body) print("Sent CFN Response") diff --git a/samples/cloudformation-codebuild-container/lambda_codebuild.zip b/samples/cloudformation-codebuild-container/lambda_codebuild.zip old mode 100755 new mode 100644 index d408e9f..1068b1f Binary files a/samples/cloudformation-codebuild-container/lambda_codebuild.zip and b/samples/cloudformation-codebuild-container/lambda_codebuild.zip differ diff --git a/samples/ia4ct.ps1 b/samples/ia4ct.ps1 new file mode 100755 index 0000000..0693d00 --- /dev/null +++ b/samples/ia4ct.ps1 @@ -0,0 +1,74 @@ +#! /usr/local/bin/pwsh +[CmdletBinding()] +param ( + # This is the s3 path to the template file we will reference in the manifest file + [Parameter()] + [string] + $templatePath = "templates/linux-bastion.template", + [Parameter()] + [string] + $manifestPath = "temp/ps_manifest.yaml", + [Parameter()] + [string] + $verboseManifest = $true +) +import-module powershell-yaml + +# Read Yaml file +$cfn = Get-Content $templatePath | ConvertFrom-Yaml + +class cfnParameter { + [String]$pname + [String]$default + [String]$type + [String]$description + [String]$allowedValues + [String]$allowedPattern + [String]$constraintDescription +} +$parms = @() +foreach ($key in $cfn.Parameters.keys) { + $ctParm = New-Object cfnParameter + $ctParm.pname = $key + $ctParm.default = $cfn.Parameters[$key].default + $ctParm.type = $cfn.Parameters[$key].type + $ctParm.description = $cfn.Parameters[$key].description + $ctParm.allowedValues = $cfn.Parameters[$key].allowedValues + $ctParm.allowedPattern = $cfn.Parameters[$key].allowedPattern + $ctParm.ConstraintDescription = $cfn.Parameters[$key].ConstraintDescription + $parms += $ctParm +} +#$parms +$manifestPath= '../temp/ps_manifest.yaml' +Set-Content -Path $manifestPath -Value '---' +#Add-Content -Path temp/manifest.yaml -Value '---' +Add-Content -Path $manifestPath -Value 'region: [The region where Customization for Control Tower is deployed]' +Add-Content -Path $manifestPath -Value 'version: 2021-03-15' +Add-Content -Path $manifestPath -Value 'resources:' +Add-Content -Path $manifestPath -Value ' - name: [The name for this deployment]' +Add-Content -Path $manifestPath -Value " description: $($cfn.description)" +Add-Content -Path $manifestPath -Value ' resource_file: [The s3 path where the template is located.]' +Add-Content -Path $manifestPath -Value ' parameters:' +$parms = $parms | Sort-Object -Property pname +foreach ($parm in $parms) { + if ($verboseManifest -eq $true) { + if ($parm.description) { Add-Content -Path $manifestPath -Value " # Description: $($parm.description)" } + if ($parm.allowedPattern) { Add-Content -Path $manifestPath -Value " # AllowedPattern: $($parm.allowedPattern)" } + if ($parm.allowedValues) { Add-Content -Path $manifestPath -Value " # AllowedValues: $($parm.allowedValues)" } + if ($parm.constraintDescription) { Add-Content -Path $manifestPath -Value " # ConstraintDescription: $($parm.constraintDescription)" } + if ($parm.MaxLength) { Add-Content -Path $manifestPath -Value " # MaxLength: $($parm.MaxLength)" } + if ($parm.MaxValue) { Add-Content -Path $manifestPath -Value " # MaxValue: $($parm.MaxValue)" } + if ($parm.MinLength) { Add-Content -Path $manifestPath -Value " # MinLength: $($parm.MinLength)" } + if ($parm.MinValue) { Add-Content -Path $manifestPath -Value " # MinValue: $($parm.MinValue)" } + if ($parm.NoEcho) { Add-Content -Path $manifestPath -Value " # NoEcho: $($parm.NoEcho)" } + if ($parm.type) { Add-Content -Path $manifestPath -Value " # Type: $($parm.type)" } + } + Add-Content -Path $manifestPath -Value " - parameter_key: $($parm.pname)" + Add-Content -Path $manifestPath -Value " parameter_value: $($parm.default)" +} +Add-Content -Path $manifestPath -Value ' deploy_method: stack_set' +Add-Content -Path $manifestPath -Value ' deployment_targets: stack_set' +Add-Content -Path $manifestPath -Value ' organizational_units:' +Add-Content -Path $manifestPath -Value ' - [Enter your Organizational Unit]' +Add-Content -Path $manifestPath -Value ' regions:' +Add-Content -Path $manifestPath -Value ' - [The region where you wish to deploy this workload]' diff --git a/samples/ia4ct.py b/samples/ia4ct.py new file mode 100644 index 0000000..6665def --- /dev/null +++ b/samples/ia4ct.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +import sys +import argparse +from typing import DefaultDict +import yaml +from yaml.error import YAMLError + +parser = argparse.ArgumentParser() + +parser.add_argument("path", nargs='?', default="templates/linux-bastion.template", help="Provide a path to the template file", type=str) +parser.add_argument("outPath", nargs='?', default="temp/py_manifest.yaml", help="Provide a destination path for the output file", type=str) +parser.add_argument("-v", "--verboseManifest", help="Include help comments in the manifest", action="store_true") +args = parser.parse_args() +# print(args.path) +# print(args.verboseManifest) + +class CtParameter(yaml.YAMLObject): + yaml_tag = u'!Parameters' + def __init__(self, name): + self.name = name + pass + def method(self, arg): + return True + +try: + yaml.add_multi_constructor('!', lambda loader, suffix, node: None) + # Read Yaml file + cfn = yaml.full_load(open(args.path, 'r')) + # Container for each parameter object + parameters = [] + # Get data for each parameter + for n in cfn['Parameters']: + ctParm = CtParameter(n) + #ctParm.name = n + for i in cfn['Parameters'][n]: + setattr(ctParm, i, cfn['Parameters'][n][i]) + # Append the parameter data to the list + parameters.append(ctParm) + + # Create the manifest file and write the document + m = open(args.outPath, "w+") + m.write("---\r\n") + m.write("region: [The region where Customization for Control Tower is deployed]\r\n") + m.write("version: 2021-03-15\r\n") + m.write("resources:\r\n") + m.write(" - name: [The name for this deployment]\r\n") + m.write(" description: " + cfn['Description'] + "\r\n") + m.write(" resource_file: [The s3 path where the template is located.]\r\n") + m.write(" parameters:\r\n") + + parameters.sort(key=lambda x: x.name) + for p in parameters: + if args.verboseManifest: + if hasattr(p,"Description"): + m.write(" # Description: " + p.Description + "\r\n") + if hasattr(p,"AllowedPattern"): + m.write(" # AllowedPattern: " + p.AllowedPattern + "\r\n") + if hasattr(p,"AllowedValues"): + m.write(" # AllowedValues: " + ' '.join(p.AllowedValues) + "\r\n") + if hasattr(p,"ConstraintDescription"): + m.write(" # ConstraintDescription: " + p.ConstraintDescription + "\r\n") + if hasattr(p,"MaxLength"): + m.write(" # MaxLength: " + p.MaxLength + "\r\n") + if hasattr(p,"MaxValue"): + m.write(" # MaxValue: " + p.MaxValue + "\r\n") + if hasattr(p,"MinLength"): + m.write(" # MinLength: " + p.MinLength + "\r\n") + if hasattr(p,"MinValue"): + m.write(" # MinValue: " + p.MinValue + "\r\n") + if hasattr(p,"NoEcho"): + m.write(" # NoEcho: " + p.NoEcho + "\r\n") + if hasattr(p,"Type"): + m.write(" # Type: " + p.Type + "\r\n") + m.write(" - parameter_key: " + p.name + "\r\n") + if hasattr(p,"Default"): + m.write(" parameter_value: " + p.Default + "\r\n") + else: + m.write(" parameter_value: \r\n") + m.write(" deploy_method: stack_set\r\n") + m.write(" deployment_targets: stack_set\r\n") + m.write(" organizational_units:\r\n") + m.write(" - [Enter your Organizational Unit]\r\n") + m.write(" regions:\r\n") + m.write(" - [The region where you wish to deploy this workload]\r\n") + + +except YAMLError as exc: + print(exc) diff --git a/submodules/quickstart-aws-vpc b/submodules/quickstart-aws-vpc index c0c6b19..ffc7af4 160000 --- a/submodules/quickstart-aws-vpc +++ b/submodules/quickstart-aws-vpc @@ -1 +1 @@ -Subproject commit c0c6b19e183e37b014ce6d2b6862608173551726 +Subproject commit ffc7af4e59a09dbf52199a3ecf70f3805abeff48 diff --git a/submodules/quickstart-linux-bastion b/submodules/quickstart-linux-bastion index f7ea3f4..297feeb 160000 --- a/submodules/quickstart-linux-bastion +++ b/submodules/quickstart-linux-bastion @@ -1 +1 @@ -Subproject commit f7ea3f4eb39de5c80852c77a5e562a33f852c77f +Subproject commit 297feeb5aefd6d4826367ea7568a55de9e3c70c0 diff --git a/submodules/quickstart-microsoft-rdgateway b/submodules/quickstart-microsoft-rdgateway index 49a0408..23af011 160000 --- a/submodules/quickstart-microsoft-rdgateway +++ b/submodules/quickstart-microsoft-rdgateway @@ -1 +1 @@ -Subproject commit 49a0408d53ac915f27572da78fb5c259e0b1a17e +Subproject commit 23af011799027a5ec193fad0233595461d232139 diff --git a/templates/redshift-cluster.template b/templates/redshift-cluster.template deleted file mode 100644 index d33deb6..0000000 --- a/templates/redshift-cluster.template +++ /dev/null @@ -1,271 +0,0 @@ -{ - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "Creates an Amazon Redshift cluster within a VPC. **WARNING** This template creates an Amazon Redshift cluster of the size and instance type that you specify. You will be billed for the AWS resources used if you create a stack from this template.", - "Metadata": { - "AWS::CloudFormation::Interface": { - "ParameterGroups": [ - { - "Label": { - "default": "Network" - }, - "Parameters": [ - "VPCID", - "ClusterSubnetID", - "InboundTrafficCIDR" - ] - }, - { - "Label": { - "default": "Database" - }, - "Parameters": [ - "DatabaseName", - "MasterUsername", - "MasterUserPassword", - "DatabasePort" - ] - }, - { - "Label": { - "default": "Cluster" - }, - "Parameters": [ - "NumberOfNodes", - "NodeType" - ] - } - ], - "ParameterLabels": { - "ClusterSubnetID": { - "default": "Target Subnet ID" - }, - "DatabaseName": { - "default": "Database Name" - }, - "DatabasePort": { - "default": "Database Port" - }, - "InboundTrafficCIDR": { - "default": "Inbound IP Address Range" - }, - "MasterUserPassword": { - "default": "Master User Password" - }, - "MasterUsername": { - "default": "Master User Name" - }, - "NodeType": { - "default": "Node Type" - }, - "NumberOfNodes": { - "default": "Number Of Nodes" - }, - "VPCID": { - "default": "VPC ID" - } - } - } - }, - "Parameters": { - "ClusterSubnetID": { - "Description": "Subnet ID of an existing subnet in your Amazon Virtual Private Cloud (VPC).", - "Type": "AWS::EC2::Subnet::Id" - }, - "DatabaseName": { - "AllowedPattern": "([a-z]|[0-9])+", - "ConstraintDescription": "Must contain a-z or 0-9 only.", - "Default": "defaultdb", - "Description": "The name of the first database to be created when the Amazon Redshift cluster is created.", - "MaxLength": "64", - "MinLength": "1", - "Type": "String" - }, - "DatabasePort": { - "Default": "5439", - "Description": "The port that Amazon Redshift will listen on and that will be allowed through the Security Group.", - "Type": "String" - }, - "InboundTrafficCIDR": { - "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", - "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", - "Description": "Allow inbound traffic to the cluster from this CIDR range.", - "Type": "String" - }, - "MasterUserPassword": { - "AllowedPattern": "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?!.*[@/\\\"']).*$", - "ConstraintDescription": "Must contain only alphanumeric characters.", - "Description": "The password associated with the master user account for the Amazon Redshift cluster that is being created.", - "MaxLength": "64", - "MinLength": "8", - "NoEcho": "true", - "Type": "String" - }, - "MasterUsername": { - "AllowedPattern": "([a-z])([a-z]|[0-9])*", - "ConstraintDescription": "Must start with a-z and contain only a-z or 0-9.", - "Description": "The user name associated with the master user account for the Amazon Redshift cluster that is being created.", - "MaxLength": "128", - "MinLength": "1", - "Type": "String" - }, - "NodeType": { - "AllowedValues": [ - "dc1.large", - "dc1.8xlarge", - "ds1.xlarge", - "ds1.8xlarge", - "ds2.xlarge", - "ds2.8xlarge" - ], - "ConstraintDescription": "Must be a valid Amazon Redshift node type.", - "Default": "dc1.large", - "Description": "The node type to be provisioned for the Amazon Redshift cluster.", - "Type": "String" - }, - "NumberOfNodes": { - "Default": "2", - "Description": "The number of compute nodes in the Amazon Redshift cluster. For a single-node cluster, the NumberOfNodes parameter should be specified as 1. For a multi-node cluster, the NumberOfNodes parameter should be greater than 1.", - "Type": "Number" - }, - "VPCID": { - "Description": "ID of the Virtual Private Cloud.", - "Type": "AWS::EC2::VPC::Id" - } - }, - "Conditions": { - "IsMultiNodeCluster": { - "Fn::Not": [ - { - "Fn::Equals": [ - { - "Ref": "NumberOfNodes" - }, - "1" - ] - } - ] - } - }, - "Resources": { - "SecurityGroup": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "VpcId": { - "Ref": "VPCID" - }, - "GroupDescription": "Amazon Redshift security group", - "SecurityGroupIngress": [ - { - "CidrIp": { - "Ref": "InboundTrafficCIDR" - }, - "FromPort": { - "Ref": "DatabasePort" - }, - "ToPort": { - "Ref": "DatabasePort" - }, - "IpProtocol": "tcp" - } - ] - } - }, - "ClusterSubnetGroup": { - "Type": "AWS::Redshift::ClusterSubnetGroup", - "Properties": { - "Description": "RedshiftClusterSubnetGroup", - "SubnetIds": [ - { - "Ref": "ClusterSubnetID" - } - ] - } - }, - "RedshiftCluster": { - "Type": "AWS::Redshift::Cluster", - "DependsOn": "ClusterSubnetGroup", - "Properties": { - "ClusterType": { - "Fn::If": [ - "IsMultiNodeCluster", - "multi-node", - "single-node" - ] - }, - "NumberOfNodes": { - "Fn::If": [ - "IsMultiNodeCluster", - { - "Ref": "NumberOfNodes" - }, - { - "Ref": "AWS::NoValue" - } - ] - }, - "NodeType": { - "Ref": "NodeType" - }, - "DBName": { - "Ref": "DatabaseName" - }, - "MasterUsername": { - "Ref": "MasterUsername" - }, - "MasterUserPassword": { - "Ref": "MasterUserPassword" - }, - "PubliclyAccessible": "false", - "Port": { - "Ref": "DatabasePort" - }, - "VpcSecurityGroupIds": [ - { - "Ref": "SecurityGroup" - } - ], - "ClusterSubnetGroupName": { - "Ref": "ClusterSubnetGroup" - } - } - } - }, - "Outputs": { - "RedshiftHost": { - "Description": "Amazon Redshift cluster endpoint address", - "Value": { - "Fn::GetAtt": [ - "RedshiftCluster", - "Endpoint.Address" - ] - } - }, - "RedshiftPort": { - "Description": "Amazon Redshift cluster endpoint port", - "Value": { - "Fn::GetAtt": [ - "RedshiftCluster", - "Endpoint.Port" - ] - } - }, - "RedshiftDatabaseName": { - "Description": "Amazon Redshift cluster database name", - "Value": { - "Ref": "DatabaseName" - } - }, - "RedshiftUsername": { - "Description": "Amazon Redshift cluster user name", - "Value": { - "Ref": "MasterUsername" - } - }, - "RedshiftClusterID": { - "Description": "Amazon Redshift cluster ID", - "Value": { - "Ref": "RedshiftCluster" - } - } - } -} diff --git a/templates/workload-yaml-entrypoint-new-vpc.template.yaml b/templates/workload-yaml-entrypoint-new-vpc.template.yaml index 8032653..87744d6 100644 --- a/templates/workload-yaml-entrypoint-new-vpc.template.yaml +++ b/templates/workload-yaml-entrypoint-new-vpc.template.yaml @@ -1,11 +1,18 @@ --- AWSTemplateFormatVersion: '2010-09-09' -Description: This master template creates a VPC infrastructure for a multi-AZ, multi-tier +Description: This example template creates a VPC infrastructure for a multi-AZ, multi-tier deployment of a workload on AWS. It deploys a VPC with bastions and a workload cluster behind an ELB. The cluster is configured to use an S3 bucket for storage **WARNING** This template creates EC2 instances and related resources. You will be billed for - the AWS resources used if you create a stack from this template. + the AWS resources used if you create a stack from this template. (qs-1s1eguahh) Metadata: + cfn-lint: + config: + ignore_checks: + - W9006 # temporary to get rid of warnings + - W9002 # temporary to get rid of warnings + - W9003 # temporary to get rid of warnings + - W9901 # Not passing all the default parameters to reduce verbosity AWS::CloudFormation::Interface: ParameterGroups: - Label: @@ -29,7 +36,7 @@ Metadata: default: Workload nodes configuration Parameters: - WorkloadNodesMinSize - - NodesMaxSize + - WorkloadNodesMaxSize - OperatorEmail - Label: default: Workload storage configuration @@ -74,8 +81,6 @@ Metadata: default: VPC CIDR WorkloadInstanceType: default: Workload servers instance type - WorkloadoNodesDesiredCapacity: - default: Workload nodes desired capacity WorkloadNodesMaxSize: default: Workload nodes max size WorkloadNodesMinSize: @@ -237,7 +242,7 @@ Resources: Properties: TemplateURL: !Sub - - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template' + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: @@ -245,8 +250,6 @@ Resources: Fn::Join: - ',' - Ref: AvailabilityZones - KeyPairName: - Ref: KeyPairName NumberOfAZs: '2' PrivateSubnet1ACIDR: Ref: PrivateSubnet1CIDR @@ -259,7 +262,6 @@ Resources: VPCCIDR: Ref: VPCCIDR BastionStack: - DependsOn: VPCStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: @@ -294,12 +296,11 @@ Resources: - VPCStack - Outputs.VPCID WorkloadStack: - DependsOn: BastionStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/workload-yaml.template' + - 'https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/workload-yaml.template.yaml' - S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: @@ -337,8 +338,6 @@ Resources: - Outputs.PublicSubnet2ID QSS3BucketName: Ref: QSS3BucketName - QSS3BucketRegion: - Ref: QSS3BucketRegion QSS3KeyPrefix: Ref: QSS3KeyPrefix S3BucketName: diff --git a/templates/workload-yaml.template.yaml b/templates/workload-yaml.template.yaml index 3b9839b..4f28734 100644 --- a/templates/workload-yaml.template.yaml +++ b/templates/workload-yaml.template.yaml @@ -3,8 +3,15 @@ AWSTemplateFormatVersion: '2010-09-09' Description: This workload template deploys an ASG behind an ELB load balancer in two private subnets. The cluster is configured to use an S3 bucket for storage **WARNING** This template creates EC2 instances and related resources. You will be billed for - the AWS resources used if you create a stack from this template. + the AWS resources used if you create a stack from this template. (qs-1s1eguak1) Metadata: + cfn-lint: + config: + ignore_checks: + - W9006 # temporary to get rid of warnings + - W9002 # temporary to get rid of warnings + - W9003 # temporary to get rid of warnings + - W9901 # Not passing all the default parameters to reduce verbosity AWS::CloudFormation::Interface: ParameterGroups: - Label: @@ -36,7 +43,6 @@ Metadata: default: AWS Quick Start configuration Parameters: - QSS3BucketName - - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: BastionSecurityGroupID: @@ -55,8 +61,6 @@ Metadata: default: Public subnet 2 ID QSS3BucketName: default: Quick Start S3 bucket name - QSS3BucketRegion: - default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix S3BucketName: @@ -112,10 +116,6 @@ Parameters: numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String - QSS3BucketRegion: - Default: 'us-east-1' - Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' - Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, @@ -242,12 +242,12 @@ Resources: Ref: VPCID SecurityGroupIngress: - IpProtocol: tcp - FromPort: '80' - ToPort: '80' + FromPort: 80 + ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp - FromPort: '443' - ToPort: '443' + FromPort: 443 + ToPort: 443 CidrIp: 0.0.0.0/0 ElasticLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer @@ -266,7 +266,7 @@ Resources: Protocol: HTTP PolicyNames: - WorkloadCookieStickinessPolicy - CrossZone: 'true' + CrossZone: true HealthCheck: Target: TCP:80 HealthyThreshold: '2' @@ -306,15 +306,18 @@ Resources: - Effect: Allow Action: - cloudwatch:PutMetricData - - cloudwatch:EnableAlarmActions - - cloudwatch:PutMetricAlarm Resource: '*' - Effect: Allow Action: - - s3:* + - cloudwatch:EnableAlarmActions + - cloudwatch:PutMetricAlarm + Resource: + - !Sub arn:${AWS::Partition}:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:* + - Effect: Allow + Action: ["s3:PutLifecycleConfiguration", "s3:AbortMultipartUpload", "s3:DeleteObjectTagging", "s3:DeleteAccessPoint", "s3:GetAccessPoint", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:PutMetricsConfiguration", "s3:GetAccessPointConfigurationForObjectLambda", "s3:BypassGovernanceRetention", "s3:PutBucketLogging", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:GetObjectVersionTagging", "s3:PutEncryptionConfiguration", "s3:GetBucketTagging", "s3:GetAccelerateConfiguration", "s3:PutIntelligentTieringConfiguration", "s3:GetBucketPolicy", "s3:PutJobTagging", "s3:PutBucketCORS", "s3:GetReplicationConfiguration", "s3:DeleteAccessPointForObjectLambda", "s3:GetStorageLensDashboard", "s3:ListJobs", "s3:GetMetricsConfiguration", "s3:PutAccelerateConfiguration", "s3:PutStorageLensConfigurationTagging", "s3:PutAccessPointConfigurationForObjectLambda", "s3:GetBucketObjectLockConfiguration", "s3:GetInventoryConfiguration", "s3:PutBucketWebsite", "s3:PutAnalyticsConfiguration", "s3:GetIntelligentTieringConfiguration", "s3:GetLifecycleConfiguration", "s3:ListStorageLensConfigurations", "s3:DeleteObjectVersion", "s3:GetBucketPublicAccessBlock", "s3:DeleteJobTagging", "s3:PutObjectVersionTagging", "s3:GetObjectAcl", "s3:PutBucketObjectLockConfiguration", "s3:CreateAccessPointForObjectLambda", "s3:PutBucketPolicy", "s3:GetBucketLogging", "s3:GetObjectVersionForReplication", "s3:GetObject", "s3:GetBucketLocation", "s3:DeleteAccessPointPolicyForObjectLambda", "s3:DeleteStorageLensConfigurationTagging", "s3:GetBucketPolicyStatus", "s3:RestoreObject", "s3:GetBucketOwnershipControls", "s3:PutStorageLensConfiguration", "s3:DeleteBucketWebsite", "s3:PutInventoryConfiguration", "s3:ListAccessPoints", "s3:ListMultipartUploadParts", "s3:GetObjectVersion", "s3:DeleteBucketOwnershipControls", "s3:GetBucketCORS", "s3:PutObject", "s3:PutBucketNotification", "s3:PutObjectTagging", "s3:GetEncryptionConfiguration", "s3:GetStorageLensConfiguration", "s3:GetObjectVersionTorrent", "s3:PutAccessPointPolicyForObjectLambda", "s3:PutObjectRetention", "s3:PutBucketPublicAccessBlock", "s3:PutBucketVersioning", "s3:GetAccountPublicAccessBlock", "s3:GetBucketNotification", "s3:GetBucketVersioning", "s3:DeleteStorageLensConfiguration", "s3:GetObjectVersionAcl", "s3:ReplicateTags", "s3:UpdateJobStatus", "s3:DeleteAccessPointPolicy", "s3:GetBucketAcl", "s3:GetObjectLegalHold", "s3:GetAnalyticsConfiguration", "s3:GetObjectRetention", "s3:DeleteBucketPolicy", "s3:PutObjectVersionAcl", "s3:PutAccountPublicAccessBlock", "s3:PutReplicationConfiguration", "s3:DescribeJob", "s3:GetAccessPointForObjectLambda", "s3:CreateAccessPoint", "s3:PutAccessPointPolicy", "s3:GetObjectTorrent", "s3:ListAccessPointsForObjectLambda", "s3:GetBucketRequestPayment", "s3:CreateJob", "s3:GetBucketWebsite", "s3:PutObjectAcl", "s3:PutBucketAcl", "s3:ListBucketVersions", "s3:GetJobTagging", "s3:PutBucketTagging", "s3:PutBucketRequestPayment", "s3:ReplicateDelete", "s3:DeleteObjectVersionTagging", "s3:UpdateJobPriority", "s3:PutBucketOwnershipControls", "s3:DeleteObject", "s3:DeleteBucket", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutObjectLegalHold", "s3:GetStorageLensConfigurationTagging", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetObjectTagging", "s3:CreateBucket", "s3:ReplicateObject", "s3:GetAccessPointPolicy"] Resource: - - Fn::Sub: arn:aws:s3:::${S3Bucket} - - Fn::Sub: arn:aws:s3:::${S3Bucket}/* + - Fn::Sub: arn:${AWS::Partition}:s3:::${S3Bucket} + - Fn::Sub: arn:${AWS::Partition}:s3:::${S3Bucket}/* SetupRoleProfile: Type: AWS::IAM::InstanceProfile Properties: @@ -329,18 +332,18 @@ Resources: Ref: VPCID SecurityGroupIngress: - IpProtocol: tcp - FromPort: '80' - ToPort: '80' + FromPort: 80 + ToPort: 80 SourceSecurityGroupId: Ref: ELBSecurityGroup - IpProtocol: tcp - FromPort: '443' - ToPort: '443' + FromPort: 443 + ToPort: 443 SourceSecurityGroupId: Ref: ELBSecurityGroup - IpProtocol: tcp - FromPort: '22' - ToPort: '22' + FromPort: 22 + ToPort: 22 SourceSecurityGroupId: Ref: BastionSecurityGroupID WorkloadASLaunchConfig: @@ -363,7 +366,7 @@ Resources: - AWSAMIRegionMap - Ref: AWS::Region - AMZNLINUXHVM - InstanceMonitoring: 'true' + InstanceMonitoring: true IamInstanceProfile: Ref: SetupRoleProfile InstanceType: @@ -394,7 +397,7 @@ Resources: AutoScalingGroupName: Ref: WorkloadAutoScalingGroup Cooldown: '300' - ScalingAdjustment: '1' + ScalingAdjustment: 1 WorkloadScaleDownPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: @@ -402,7 +405,7 @@ Resources: AutoScalingGroupName: Ref: WorkloadAutoScalingGroup Cooldown: '300' - ScalingAdjustment: '-1' + ScalingAdjustment: -1 CPUAlarmHigh: Type: AWS::CloudWatch::Alarm Properties: @@ -410,9 +413,9 @@ Resources: MetricName: CPUUtilization Namespace: AWS/EC2 Statistic: Average - Period: '60' - EvaluationPeriods: '5' - Threshold: '60' + Period: 60 + EvaluationPeriods: 5 + Threshold: 60 AlarmActions: - Ref: WorkloadScaleUpPolicy Dimensions: @@ -427,9 +430,9 @@ Resources: MetricName: CPUUtilization Namespace: AWS/EC2 Statistic: Average - Period: '60' - EvaluationPeriods: '30' - Threshold: '40' + Period: 60 + EvaluationPeriods: 30 + Threshold: 40 AlarmActions: - Ref: WorkloadScaleDownPolicy Dimensions: @@ -446,7 +449,7 @@ Resources: Cooldown: '600' DesiredCapacity: Ref: WorkloadNodesDesiredCapacity - HealthCheckGracePeriod: '600' + HealthCheckGracePeriod: 600 HealthCheckType: EC2 LaunchConfigurationName: Ref: WorkloadASLaunchConfig @@ -456,19 +459,20 @@ Resources: Ref: WorkloadNodesMaxSize MinSize: Ref: WorkloadNodesMinSize - NotificationConfiguration: - TopicARN: - Ref: NotificationTopic - NotificationTypes: - - autoscaling:EC2_INSTANCE_LAUNCH - - autoscaling:EC2_INSTANCE_LAUNCH_ERROR - - autoscaling:EC2_INSTANCE_TERMINATE - - autoscaling:EC2_INSTANCE_TERMINATE_ERROR - - autoscaling:TEST_NOTIFICATION + NotificationConfigurations: + - + TopicARN: + Ref: NotificationTopic + NotificationTypes: + - autoscaling:EC2_INSTANCE_LAUNCH + - autoscaling:EC2_INSTANCE_LAUNCH_ERROR + - autoscaling:EC2_INSTANCE_TERMINATE + - autoscaling:EC2_INSTANCE_TERMINATE_ERROR + - autoscaling:TEST_NOTIFICATION Tags: - Key: Name Value: Workload Server cluster node - PropagateAtLaunch: 'true' + PropagateAtLaunch: true CreationPolicy: ResourceSignal: Count: