cfndsl 0.4.4 → 0.5.0.pre

data/lib/cfndsl/UpdatePolicy.rb

@@ -1,29 +0,0 @@
-require 'cfndsl/JSONable'
-
-module CfnDsl  
-  class UpdatePolicyDefinition < JSONable
-    ##
-    # Handles autoscaling group update policy objects for Resources
-    #
-    # Usage
-    #   Resource("aaa") {
-    #     UpdatePolicy("AutoScalingRollingUpdate", {    
-    #       "MinInstancesInService" => "1",
-    #       "MaxBatchSize" => "1",
-    #       "PauseTime" => "PT12M5S"
-    #     })
-    #   }
-    #
-    def initialize(value) 
-      @value = value;
-    end
-
-    def value
-      return @value
-    end
-    
-    def to_json(*a) 
-      @value.to_json(*a)
-    end
-  end
-end

data/sample/config-service.rb

@@ -1,119 +0,0 @@
-CloudFormation {
-  AWSTemplateFormatVersion "2010-09-09"
-
-  Description "Creates SNS, SQS, S3 bucket and enables AWS Config."
-
-  Queue("ConfigServiceQueue") {
-    QueueName "ConfigServiceQueue"
-  }
-
-  Bucket("ConfigServiceBucket") {
-  }
-
-  Policy("ConfigServiceS3BucketAccessPolicy") {
-    PolicyName "ConfigServiceS3BucketAccessPolicy"
-    PolicyDocument({
-          "Version" => "2012-10-17",
-          "Statement" =>
-           [
-             {
-               "Effect" => "Allow",
-               "Action" => ["s3:PutObject"],
-               "Resource" => FnJoin("", ["arn:aws:s3:::", Ref("ConfigServiceBucket"), "/AWSLogs/" , Ref("AWS::AccountId") , "/*"]),
-               "Condition" =>
-                {
-                  "StringLike" =>
-                    {
-                      "s3:x-amz-acl" => "bucket-owner-full-control"
-                    }
-                }
-             },
-             {
-               "Effect" => "Allow",
-               "Action" => ["s3:GetBucketAcl"],
-               "Resource" => FnJoin("", ["arn:aws:s3:::", Ref("ConfigServiceBucket")])
-             }
-          ]
-        })
-    Role Ref("ConfigServiceIAMRole")
-  }
-
-  Role("ConfigServiceIAMRole") {
-    AssumeRolePolicyDocument({
-      "Version" => "2012-10-17",
-      "Statement" => [
-        {
-          "Effect" => "Allow",
-          "Principal" => {
-            "Service" => "config.amazonaws.com"
-          },
-          "Action" => "sts:AssumeRole"
-        }
-      ]
-    })
-    ManagedPolicyArns([
-        "arn:aws:iam::aws:policy/service-role/AWSConfigRole"
-    ])
-  }
-
-  Topic("ConfigServiceTopic") {
-    DisplayName "ConfigSvc"
-    Subscription [{
-      "Endpoint" => FnGetAtt("ConfigServiceQueue", "Arn"),
-      "Protocol" => "sqs"
-      }]
-  }
-
-  Policy("ConfigServiceSNSTopicAccessPolicy") {
-    PolicyName "ConfigServiceSNSTopicAccessPolicy"
-    PolicyDocument({
-        "Version" => "2012-10-17",
-        "Statement" =>
-         [
-           {
-            "Effect" => "Allow",
-            "Action" => "sns:Publish",
-            "Resource" => Ref("ConfigServiceTopic")
-           }
-          ]
-        })
-    Role Ref("ConfigServiceIAMRole")
-  }
-
-  QueuePolicy("ConfigServiceQueuePolicy") {
-    PolicyDocument({
-      "Version" => "2012-10-17",
-      "Statement" => [
-        {
-          "Sid" => "Allow-SendMessage-To-ConfigService-Queue-From-SNS-Topic",
-          "Effect" => "Allow",
-          "Principal" => "*",
-          "Action" => ["sqs:SendMessage"],
-          "Resource" => "*",
-          "Condition" => {
-            "ArnEquals" => {
-              "aws:SourceArn" => Ref("ConfigServiceTopic")
-            }
-          }
-        }
-      ]
-    })
-    Queues [ Ref("ConfigServiceQueue") ]
-  }
-
-  DeliveryChannel("ConfigDeliveryChannel") {
-    ConfigSnapshotDeliveryProperties({
-        "DeliveryFrequency" => "Six_Hours"
-    })
-    S3BucketName Ref("ConfigServiceBucket")
-    SnsTopicARN Ref("ConfigServiceTopic")
-  }
-
-  ConfigurationRecorder("ConfigRecorder") {
-    Name "DefaultRecorder"
-    RecordingGroup({
-      "AllSupported" => true
-    })
-    RoleARN FnGetAtt("ConfigServiceIAMRole", "Arn")
-  }
-}

data/sample/iam-policies.rb

@@ -1,82 +0,0 @@
-CloudFormation {
-  AWSTemplateFormatVersion "2010-09-09"
-
-  Description "Creates sample IAM policies"
-
-  ManagedPolicy("AllowUserManagePasswordAccessKeys") {
-    Description "Allows user to manage passwords and access keys"
-    PolicyDocument({
-      "Version" => "2012-10-17",
-      "Statement" => [
-        {
-          "Effect" => "Allow",
-          "Action" => [
-            "iam:*LoginProfile",
-            "iam:*AccessKey*",
-            "iam:*SSHPublicKey*"
-          ],
-          "Resource" => FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":user/${aws:username}"])
-        }
-      ]
-      })
-    }
-
-  ManagedPolicy("AllowUserManageVirtualMFA") {
-    Description "Allows user to manage their virtual MFA device"
-    PolicyDocument({
-      "Version" => "2012-10-17",
-      "Statement" => [
-        {
-          "Sid" => "AllowUsersToCreateEnableResyncTheirOwnVirtualMFADevice",
-          "Effect" => "Allow",
-          "Action" => [
-              "iam:CreateVirtualMFADevice",
-              "iam:EnableMFADevice",
-              "iam:ResyncMFADevice"
-            ],
-          "Resource" => [
-              FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":mfa/${aws:username}"]),
-              FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":user/${aws:username}"])
-            ]
-        },
-        {
-          "Sid" => "AllowUsersToDeactivateDeleteTheirOwnVirtualMFADevice",
-          "Effect" => "Allow",
-          "Action" => [
-              "iam:DeactivateMFADevice",
-              "iam:DeleteVirtualMFADevice"
-            ],
-          "Resource" => [
-              FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":mfa/${aws:username}"]),
-              FnJoin("", ["arn:aws:iam::", Ref("AWS::AccountId"), ":user/${aws:username}"])
-            ],
-          "Condition" => {
-            "Bool" => {
-              "aws:MultiFactorAuthPresent" => true
-            }
-          }
-        },
-        {
-          "Sid" => "AllowUsersToListMFADevicesandUsersForConsole",
-          "Effect" => "Allow",
-          "Action" => [
-              "iam:ListMFADevices",
-              "iam:ListVirtualMFADevices",
-              "iam:ListUsers"
-            ],
-          "Resource" => "*"
-        }
-      ]
-    })
-  }
-
-  Output("AllowUserManagePasswordAccessKeysPolicyArn") {
-    Description "The ARN of the AllowUserManagePasswordAccessKeys IAM policy"
-    Value Ref("AllowUserManagePasswordAccessKeys")
-  }
-
-  Output("AllowUserManageVirtualMFAPolicyArn") {
-    Description "The ARN of the AllowUserManageVirtualMFA IAM policy"
-    Value Ref("AllowUserManageVirtualMFA")
-  }
-}

data/sample/vpc-example.rb

@@ -1,51 +0,0 @@
-require 'cfndsl'
-
-CloudFormation {
-  Description "Creates an AWS VPC with a couple of subnets."
-
-  VPC(:VPC) {
-    EnableDnsSupport true
-    EnableDnsHostnames true
-    CidrBlock "10.1.0.0/16"
-    addTag("Name", "Test VPC")
-  }
-
-  InternetGateway(:InternetGateway) {
-    addTag("Name", "Test VPC Gateway")
-  }
-
-  VPCGatewayAttachment(:GatewayToInternet) {
-    VpcId Ref(:VPC)
-    InternetGatewayId  Ref(:InternetGateway)
-  }
-
-  10.times do |i|
-    subnet = "subnet#{i}"
-    route_table = subnet + "RouteTable"
-    route_table_assoc = route_table + "Assoc"
-
-    Subnet(subnet) {
-      VpcId Ref(:VPC)
-      CidrBlock "10.1.#{i}.0/24"
-      addTag("Name", "test vpc #{subnet}")
-    }
-
-    RouteTable(route_table) {
-      VpcId Ref(:VPC)
-      addTag("Name", route_table)
-    }
-
-    SubnetRouteTableAssociation(route_table_assoc) {
-      SubnetId Ref(subnet)
-      RouteTableId Ref(route_table)
-    }
-
-    Route(subnet + "GatewayRoute" ) {
-      DependsOn :GatewayToInternet
-      RouteTableId Ref(route_table)
-      DestinationCidrBlock "0.0.0.0/0"
-      GatewayId Ref(:InternetGateway)
-    }
-  end
-
-}

data/sample/vpc-with-vpn-example.rb

@@ -1,97 +0,0 @@
-require 'cfndsl'
-
-CloudFormation {
-  Description "Creates an AWS VPC with a couple of subnets."
-
-  Parameter("VPNAddress") {
-    Type "String"
-    Description "IP Address range for your existing infrastructure"
-    MinLength "9"
-    MaxLength "18"
-    AllowedPattern "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
-    ConstraintDescription "must be a valid IP CIDR range of the form x.x.x.x/x."
-  }
-
-  Parameter("RouterIPAddress") {
-    Type "String"
-    Description "IP Address of your VPN device"
-    MinLength "7"
-    MaxLength "15"
-    AllowedPattern "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})"
-    ConstraintDescription "must be a valid IP address of the form x.x.x.x"    
-  }
-
-  VPC(:VPC) {
-    EnableDnsSupport true
-    EnableDnsHostnames true
-    CidrBlock "10.1.0.0/16"
-    addTag("Name", "Test VPC")
-  }
-
-  InternetGateway(:InternetGateway) {
-    addTag("Name", "Test VPC Gateway")
-  }
-
-  VPCGatewayAttachment(:GatewayToInternet) {
-    VpcId Ref(:VPC)
-    InternetGatewayId  Ref(:InternetGateway)
-  }
-
-  10.times do |i|
-    subnet = "subnet#{i}"
-    route_table = subnet + "RouteTable"
-    route_table_assoc = route_table + "Assoc"
-
-    Subnet(subnet) {
-      VpcId Ref(:VPC)
-      CidrBlock "10.1.#{i}.0/24"
-      addTag("Name", "test vpc #{subnet}")
-    }
-
-    RouteTable(route_table) {
-      VpcId Ref(:VPC)
-      addTag("Name", route_table)
-    }
-
-    SubnetRouteTableAssociation(route_table_assoc) {
-      SubnetId Ref(subnet)
-      RouteTableId Ref(route_table)
-    }
-
-    Route(subnet + "GatewayRoute" ) {
-      DependsOn :GatewayToInternet
-      RouteTableId Ref(route_table)
-      DestinationCidrBlock "0.0.0.0/0"
-      GatewayId Ref(:InternetGateway)
-    }
-  end
-
-  VPNGateway(:VirtualPrivateNetworkGateway) {
-    Type "ipsec.1"
-    addTag("Name", "Test VPN Gateway")
-  }
-
-  VPCGatewayAttachment(:VPNGatewayAttachment) {
-    VpcId Ref(:VPC)
-    VpnGatewayId Ref(:VirtualPrivateNetworkGateway)
-  }
-
-  CustomerGateway(:CustomerVPNGateway) {
-    Type "ipsec.1"
-    BgpAsn "65000"
-    IpAddress Ref("RouterIPAddress")
-    addTag("Name", "Test Customer VPN Gateway")
-  }
-
-  VPNConnection(:VPNConnection) {
-    Type "ipsec.1"
-    StaticRoutesOnly "true"
-    CustomerGatewayId Ref(:CustomerVPNGateway)
-    VpnGatewayId Ref(:VirtualPrivateNetworkGateway)
-  }
-
-  VPNConnectionRoute(:VPNConnectionRoute) {
-    VpnConnectionId Ref(:VPNConnection)
-    DestinationCidrBlock Ref("VPNAddress")
-  }
-}