cfndsl 0.4.4 → 0.5.0.pre

data/sample/circular.rb

@@ -1,33 +1,30 @@
-
-CloudFormation {
-  AWSTemplateFormatVersion "2010-09-09"
-
-  Description "Circular Reference"
-
-  Parameter("InstanceType") {
-      Description "Type of EC2 instance to launch"
-      Type "String"
-      Default "m1.small"
-  }
-
-  Resource("WebServerGroup") {
-    Type "AWS::AutoScaling::AutoScalingGroup"
-    Property("AvailabilityZones", FnGetAZs("") )
-    Property("LaunchConfigurationName", Ref( "LaunchConfig") )
-    Property("MinSize", "1")
-    Property("MaxSize", "3")
-  }
-
-
-  Resource( "LaunchConfig" ) {
-    Type "AWS::AutoScaling::LaunchConfiguration"
-    DependsOn ["WebServerGroup"]
-    Property("InstanceType",   Ref("InstanceType") )
-  }
-
-
-  Output( "URL" ) {
-    Description "The URL of the website"
-    Value FnJoin( "", [ "http://", FnGetAtt( "LaunchConfig", "DNSName" ) ] )
-  }
-}
+CloudFormation do
+  AWSTemplateFormatVersion '2010-09-09'
+
+  Description 'Circular Reference'
+
+  Parameter('InstanceType') do
+    Description 'Type of EC2 instance to launch'
+    Type 'String'
+    Default 'm1.small'
+  end
+
+  Resource('WebServerGroup') do
+    Type 'AWS::AutoScaling::AutoScalingGroup'
+    Property('AvailabilityZones', FnGetAZs(''))
+    Property('LaunchConfigurationName', Ref('LaunchConfig'))
+    Property('MinSize', '1')
+    Property('MaxSize', '3')
+  end
+
+  Resource('LaunchConfig') do
+    Type 'AWS::AutoScaling::LaunchConfiguration'
+    DependsOn ['WebServerGroup']
+    Property('InstanceType', Ref('InstanceType'))
+  end
+
+  Output('URL') do
+    Description 'The URL of the website'
+    Value FnJoin('', ['http://', FnGetAtt('LaunchConfig', 'DNSName')])
+  end
+end

data/sample/codedeploy.rb

@@ -1,48 +1,47 @@
-CloudFormation {
-  DESCRIPTION ||= "CodeDeploy description"
+CloudFormation do
+  DESCRIPTION ||= 'CodeDeploy description'.freeze
 
   Description DESCRIPTION
 
-  Parameter("ServiceRoleArn") {
-      Description "CodeDeploy Service Role"
-      Type "String"
-  }
+  Parameter('ServiceRoleArn') do
+    Description 'CodeDeploy Service Role'
+    Type 'String'
+  end
 
-  Resource('MyCodeDeployApp') {
+  Resource('MyCodeDeployApp') do
     Type 'AWS::CodeDeploy::Application'
-  }
+  end
 
-  Resource('MyDeploymentConfig') {
+  Resource('MyDeploymentConfig') do
     Type 'AWS::CodeDeploy::DeploymentConfig'
-    Property('MinimumHealthyHosts', {
-      Type: "FLEET_PERCENT",
-      Value: "50"
-    })
-  }
+    Property('MinimumHealthyHosts',
+             Type: 'FLEET_PERCENT',
+             Value: '50'
+            )
+  end
 
-  Resource('MyDeploymentGroup') {
+  Resource('MyDeploymentGroup') do
     Type 'AWS::CodeDeploy::DeploymentGroup'
     Property('ApplicationName', Ref('MyCodeDeployApp'))
-    Property('Deployment', {
-      Description: 'My App CodeDeploy',
-      IgnoreApplicationStopFailures: true,
-      Revision: {
-        RevisionType: 'S3',
-        S3Location: {
-          Bucket: 'my_code_deploy_bucket',
-          Key: '/my_app_code_deloy',
-          BundleType: 'zip',
-          ETag: '1234567890ABCDEF',
-          Version: '10'
-        }
-      }
-    })
+    Property('Deployment',
+             Description: 'My App CodeDeploy',
+             IgnoreApplicationStopFailures: true,
+             Revision: {
+               RevisionType: 'S3',
+               S3Location: {
+                 Bucket: 'my_code_deploy_bucket',
+                 Key: '/my_app_code_deloy',
+                 BundleType: 'zip',
+                 ETag: '1234567890ABCDEF',
+                 Version: '10'
+               }
+             }
+            )
     Property('Ec2TagFilters', [{
-      Key: 'Role',
-      Value: 'myapp',
-      Type: 'KEY_AND_VALUE',
-    }])
+               Key: 'Role',
+               Value: 'myapp',
+               Type: 'KEY_AND_VALUE'
+             }])
     Property('ServiceRoleArn', Ref('ServiceRoleArn'))
-  }
-
-}
+  end
+end

data/sample/config_service.rb

@@ -0,0 +1,120 @@
+CloudFormation do
+  AWSTemplateFormatVersion '2010-09-09'
+
+  Description 'Creates SNS, SQS, S3 bucket and enables AWS Config.'
+
+  Queue('ConfigServiceQueue') do
+    QueueName 'ConfigServiceQueue'
+  end
+
+  Bucket('ConfigServiceBucket') do
+  end
+
+  Policy('ConfigServiceS3BucketAccessPolicy') do
+    PolicyName 'ConfigServiceS3BucketAccessPolicy'
+    PolicyDocument(
+      'Version' => '2012-10-17',
+      'Statement' =>
+      [
+        {
+          'Effect' => 'Allow',
+          'Action' => ['s3:PutObject'],
+          'Resource' => FnJoin('', ['arn:aws:s3:::', Ref('ConfigServiceBucket'), '/AWSLogs/', Ref('AWS::AccountId'), '/*']),
+          'Condition' =>
+          {
+            'StringLike' =>
+            {
+              's3:x-amz-acl' => 'bucket-owner-full-control'
+            }
+          }
+        },
+        {
+          'Effect' => 'Allow',
+          'Action' => ['s3:GetBucketAcl'],
+          'Resource' => FnJoin('', ['arn:aws:s3:::', Ref('ConfigServiceBucket')])
+        }
+      ]
+    )
+    Role Ref('ConfigServiceIAMRole')
+  end
+
+  Role('ConfigServiceIAMRole') do
+    AssumeRolePolicyDocument(
+      'Version' => '2012-10-17',
+      'Statement' => [
+        {
+          'Effect' => 'Allow',
+          'Principal' => {
+            'Service' => 'config.amazonaws.com'
+          },
+          'Action' => 'sts:AssumeRole'
+        }
+      ]
+    )
+    ManagedPolicyArns(
+      [
+        'arn:aws:iam::aws:policy/service-role/AWSConfigRole'
+      ])
+  end
+
+  Topic('ConfigServiceTopic') do
+    DisplayName 'ConfigSvc'
+    Subscription [{
+      'Endpoint' => FnGetAtt('ConfigServiceQueue', 'Arn'),
+      'Protocol' => 'sqs'
+    }]
+  end
+
+  Policy('ConfigServiceSNSTopicAccessPolicy') do
+    PolicyName 'ConfigServiceSNSTopicAccessPolicy'
+    PolicyDocument(
+      'Version' => '2012-10-17',
+      'Statement' =>
+      [
+        {
+          'Effect' => 'Allow',
+          'Action' => 'sns:Publish',
+          'Resource' => Ref('ConfigServiceTopic')
+        }
+      ]
+    )
+    Role Ref('ConfigServiceIAMRole')
+  end
+
+  QueuePolicy('ConfigServiceQueuePolicy') do
+    PolicyDocument(
+      'Version' => '2012-10-17',
+      'Statement' => [
+        {
+          'Sid' => 'Allow-SendMessage-To-ConfigService-Queue-From-SNS-Topic',
+          'Effect' => 'Allow',
+          'Principal' => '*',
+          'Action' => ['sqs:SendMessage'],
+          'Resource' => '*',
+          'Condition' => {
+            'ArnEquals' => {
+              'aws:SourceArn' => Ref('ConfigServiceTopic')
+            }
+          }
+        }
+      ]
+    )
+    Queues [Ref('ConfigServiceQueue')]
+  end
+
+  DeliveryChannel('ConfigDeliveryChannel') do
+    ConfigSnapshotDeliveryProperties(
+      'DeliveryFrequency' => 'Six_Hours'
+    )
+    S3BucketName Ref('ConfigServiceBucket')
+    SnsTopicARN Ref('ConfigServiceTopic')
+  end
+
+  ConfigurationRecorder('ConfigRecorder') do
+    Name 'DefaultRecorder'
+    RecordingGroup(
+      'AllSupported' => true
+    )
+    RoleARN FnGetAtt('ConfigServiceIAMRole', 'Arn')
+  end
+end

data/sample/ecs.rb

@@ -1,51 +1,51 @@
-CloudFormation {
-  DESCRIPTION ||= "ecs description"
+CloudFormation do
+  DESCRIPTION ||= 'ecs description'.freeze
 
   Description DESCRIPTION
 
-  Resource('MyECSCluster') {
+  Resource('MyECSCluster') do
     Type 'AWS::ECS::Cluster'
-  }
+  end
 
-  Resource('MyTaskDef') {
+  Resource('MyTaskDef') do
     Type 'AWS::ECS::Service'
-    Property('ContainerDefinitions', [
-      {
-        Command: ['echo hello'],
-        Cpu: 300,
-        EntryPoint: ['/bin/bash'],
-        Environment: [{
-          Name: 'test',
-          Value: 'testvalue'
-        }],
-        Essential: true,
-        Image: 'ubuntu:latest',
-        Links: ['myothercontainer'],
-        Memory: 1024,
-        MountPoints: [{
-          ContainerPath: '/var/log',
-          SourceVolume: 'log_volume',
-          ReadOnly: false
-        }],
-        Name: 'MyTaskDef',
-        PortMappings: [{
-          ContainerPort: 80,
-          HostPort: 8080
-        }],
-        VolumesFrom: [{
-          SourceContainer: 'myothercontainer',
-          ReadOnly: true
-        }]
+    Property('ContainerDefinitions',
+             [
+               {
+                 Command: ['echo hello'],
+                 Cpu: 300,
+                 EntryPoint: ['/bin/bash'],
+                 Environment: [{
+                   Name: 'test',
+                   Value: 'testvalue'
+                 }],
+                 Essential: true,
+                 Image: 'ubuntu:latest',
+                 Links: ['myothercontainer'],
+                 Memory: 1024,
+                 MountPoints: [{
+                   ContainerPath: '/var/log',
+                   SourceVolume: 'log_volume',
+                   ReadOnly: false
+                 }],
+                 Name: 'MyTaskDef',
+                 PortMappings: [{
+                   ContainerPort: 80,
+                   HostPort: 8080
+                 }],
+                 VolumesFrom: [{
+                   SourceContainer: 'myothercontainer',
+                   ReadOnly: true
+                 }]
+               }
+             ])
+  end
 
-      }
-    ])
-  }
-
-  Resource('MyECSService') {
+  Resource('MyECSService') do
     Type 'AWS::ECS::Service'
     Property('Cluster', Ref('MyECSCluster'))
     Property('DesiredCount', 10)
     Property('Role', 'ecsServiceRole')
     Property('TaskDefinition', 'MyTask:1')
-  }
-}
+  end
+end

data/sample/iam_policies.rb

@@ -0,0 +1,82 @@
+CloudFormation do
+  AWSTemplateFormatVersion '2010-09-09'
+
+  Description 'Creates sample IAM policies'
+
+  ManagedPolicy('AllowUserManagePasswordAccessKeys') do
+    Description 'Allows user to manage passwords and access keys'
+    PolicyDocument(
+      'Version' => '2012-10-17',
+      'Statement' => [
+        {
+          'Effect' => 'Allow',
+          'Action' => [
+            'iam:*LoginProfile',
+            'iam:*AccessKey*',
+            'iam:*SSHPublicKey*'
+          ],
+          'Resource' => FnJoin('', ['arn:aws:iam::', Ref('AWS::AccountId'), ':user/${aws:username}'])
+        }
+      ]
+    )
+  end
+
+  ManagedPolicy('AllowUserManageVirtualMFA') do
+    Description 'Allows user to manage their virtual MFA device'
+    PolicyDocument(
+      'Version' => '2012-10-17',
+      'Statement' => [
+        {
+          'Sid' => 'AllowUsersToCreateEnableResyncTheirOwnVirtualMFADevice',
+          'Effect' => 'Allow',
+          'Action' => [
+            'iam:CreateVirtualMFADevice',
+            'iam:EnableMFADevice',
+            'iam:ResyncMFADevice'
+          ],
+          'Resource' => [
+            FnJoin('', ['arn:aws:iam::', Ref('AWS::AccountId'), ':mfa/${aws:username}']),
+            FnJoin('', ['arn:aws:iam::', Ref('AWS::AccountId'), ':user/${aws:username}'])
+          ]
+        },
+        {
+          'Sid' => 'AllowUsersToDeactivateDeleteTheirOwnVirtualMFADevice',
+          'Effect' => 'Allow',
+          'Action' => [
+            'iam:DeactivateMFADevice',
+            'iam:DeleteVirtualMFADevice'
+          ],
+          'Resource' => [
+            FnJoin('', ['arn:aws:iam::', Ref('AWS::AccountId'), ':mfa/${aws:username}']),
+            FnJoin('', ['arn:aws:iam::', Ref('AWS::AccountId'), ':user/${aws:username}'])
+          ],
+          'Condition' => {
+            'Bool' => {
+              'aws:MultiFactorAuthPresent' => true
+            }
+          }
+        },
+        {
+          'Sid' => 'AllowUsersToListMFADevicesandUsersForConsole',
+          'Effect' => 'Allow',
+          'Action' => [
+            'iam:ListMFADevices',
+            'iam:ListVirtualMFADevices',
+            'iam:ListUsers'
+          ],
+          'Resource' => '*'
+        }
+      ]
+    )
+  end
+
+  Output('AllowUserManagePasswordAccessKeysPolicyArn') do
+    Description 'The ARN of the AllowUserManagePasswordAccessKeys IAM policy'
+    Value Ref('AllowUserManagePasswordAccessKeys')
+  end
+
+  Output('AllowUserManageVirtualMFAPolicyArn') do
+    Description 'The ARN of the AllowUserManageVirtualMFA IAM policy'
+    Value Ref('AllowUserManageVirtualMFA')
+  end
+end

data/sample/lambda.rb

@@ -1,38 +1,34 @@
-CloudFormation {
-  DESCRIPTION ||= "lambda description"
+CloudFormation do
+  DESCRIPTION ||= 'lambda description'.freeze
 
   Description DESCRIPTION
 
-  Parameter('Role') { Type "String" }
+  Parameter('Role') { Type 'String' }
 
-  Resource('LambdaFunction') {
+  Resource('LambdaFunction') do
     Type 'AWS::Lambda::Function'
-    Property('Handler','index.handler')
-    Property('Role',Ref('Role'))
-    Property('Code',{
-      S3Bucket: "lambda-functions",
-      S3Key: "amilookup.zip"
-    })
-    Property('Runtime','nodejs')
-    Property('Timeout','25')
-  }
+    Property('Handler', 'index.handler')
+    Property('Role', Ref('Role'))
+    Property('Code',
+             S3Bucket: 'lambda-functions',
+             S3Key: 'amilookup.zip'
+            )
+    Property('Runtime', 'nodejs')
+    Property('Timeout', '25')
+  end
 
-  Resource('EventSourceMapping') {
+  Resource('EventSourceMapping') do
     Type 'AWS::Lambda::EventSourceMapping'
-    Property('EventSourceArn', FnJoin('',["arn:aws:kinesis:", Ref('AWS::Region'), ":", Ref('AWS::AccountId'), ':stream/test']))
+    Property('EventSourceArn', FnJoin('', ['arn:aws:kinesis:', Ref('AWS::Region'), ':', Ref('AWS::AccountId'), ':stream/test']))
     Property('FunctionName', FnGetAtt('LambdaFunction', 'Arn'))
     Property('StartingPosition', 'TRIM_HORIZON')
-  }
+  end
 
-  Resource('LambdaInvokePermission') {
+  Resource('LambdaInvokePermission') do
     Type 'AWS::Lambda::Permission'
     Property('FunctionName', FnGetAtt('LambdaFunction', 'Arn'))
-    Property('Action', [
-      'lambda:InvokeFunction'
-    ])
+    Property('Action', ['lambda:InvokeFunction'])
     Property('Principal', 's3.amazonaws.com')
     Property('SourceAccount', Ref('AWS::AccountId'))
-
-  }
-
-}
+  end
+end