convection 0.2.33 → 0.2.34.pre.beta.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (55) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +1 -0
  3. data/CONTRIBUTING.md +22 -0
  4. data/README.md +15 -202
  5. data/Rakefile +3 -0
  6. data/docs/adding-new-resource-coverage.md +265 -0
  7. data/docs/canceling-stack-updates.md +5 -0
  8. data/docs/deleting-stacks.md +5 -0
  9. data/docs/getting-started.md +904 -0
  10. data/docs/index.md +69 -0
  11. data/docs/pygment.css +62 -0
  12. data/docs/relationship-to-cloudformation.md +51 -0
  13. data/docs/stacks.md +86 -0
  14. data/docs/template.html +130 -0
  15. data/example/getting-started-guide/Cloudfile +12 -0
  16. data/example/getting-started-guide/vpc.rb +74 -0
  17. data/example/stacks/Cloudfile +12 -0
  18. data/example/stacks/tasks/lookup_vpc_task.rb +28 -0
  19. data/example/stacks/templates/vpc.rb +14 -0
  20. data/lib/convection.rb +6 -0
  21. data/lib/convection/control/cloud.rb +1 -0
  22. data/lib/convection/control/stack.rb +126 -15
  23. data/lib/convection/model/cloudfile.rb +3 -0
  24. data/lib/convection/model/template/resource/aws_cloudfront_distribution.rb +24 -30
  25. data/lib/convection/model/template/resource/aws_ec2_dhcp_options.rb +38 -0
  26. data/lib/convection/model/template/resource/aws_ec2_security_group.rb +24 -2
  27. data/lib/convection/model/template/resource/aws_iam_user.rb +17 -3
  28. data/lib/convection/model/template/resource/aws_s3_bucket.rb +9 -3
  29. data/lib/convection/model/template/resource/aws_s3_bucket_policy.rb +10 -3
  30. data/lib/convection/model/template/resource/aws_sns_topic.rb +6 -3
  31. data/lib/convection/model/template/resource/aws_sns_topic_policy.rb +10 -3
  32. data/lib/convection/model/template/resource/aws_sqs_queue.rb +5 -3
  33. data/lib/convection/model/template/resource/aws_sqs_queue_policy.rb +10 -3
  34. data/spec/convection/model/template/resource/ec2_dhcp_options_spec.rb +55 -0
  35. data/yard_extensions.rb +4 -0
  36. data/yard_extensions/properties_handler.rb +30 -0
  37. data/yard_extensions/type_handler.rb +188 -0
  38. metadata +27 -23
  39. data/example/Cloudfile +0 -13
  40. data/example/deprecated/elb.rb +0 -27
  41. data/example/deprecated/iam_access_key.rb +0 -18
  42. data/example/deprecated/iam_group.rb +0 -31
  43. data/example/deprecated/iam_role.rb +0 -52
  44. data/example/deprecated/iam_user.rb +0 -31
  45. data/example/deprecated/rds.rb +0 -70
  46. data/example/deprecated/s3.rb +0 -13
  47. data/example/deprecated/sqs.rb +0 -32
  48. data/example/deprecated/vpc.rb +0 -85
  49. data/example/instances.rb +0 -93
  50. data/example/output/vpc.json +0 -335
  51. data/example/security-groups.rb +0 -77
  52. data/example/sqs-queue/Cloudfile +0 -19
  53. data/example/sqs-queue/README.md +0 -12
  54. data/example/trust_cloudtrail.rb +0 -24
  55. data/example/vpc.rb +0 -143
@@ -1,93 +0,0 @@
1
- require_relative '../lib/convection'
2
-
3
- module Convection
4
- module Demo
5
- INSTANCES = Convection.template do
6
- description 'Demo Foobar'
7
-
8
- ec2_instance 'Foobar' do
9
- subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
10
- security_group stack.get('security-groups', 'Foobar')
11
-
12
- image_id stack['foobar-image']
13
- instance_type 'm3.medium'
14
- key_name 'production'
15
-
16
- tag 'Name', 'foobar-0'
17
- tag 'Service', 'foobar'
18
- tag 'Stack', stack.cloud
19
- end
20
-
21
- #
22
- # Create an instance with encrypted EBS mount point
23
- # and an ephemeral volume
24
- #
25
-
26
- # Create a KMS encryption key to encrypt the volume
27
- kms_key 'FoobarKmsKey' do
28
- description 'Used to encrypt volumes'
29
-
30
- # don't delete the key when this stack is deleted
31
- deletion_policy 'Retain'
32
-
33
- policy do
34
- allow do
35
- sid 'Enable IAM User Permissions'
36
- principal :AWS => ["arn:aws:iam::#{MY_AWS_ACCOUNT_NUMBER}:root"]
37
- action 'kms:*'
38
- resource '*'
39
- end
40
- end
41
- end
42
-
43
- ec2_volume 'FoobarEncryptedVol' do
44
- availability_zone 'us-east-1a'
45
- size 20
46
- volume_type :gp2
47
-
48
- # encrypt with the key from this stack
49
- encrypted true
50
- kms_key fn_ref('FoobarKmsKey')
51
-
52
- # don't delete the volume when this stack is deleted
53
- deletion_policy 'Retain'
54
-
55
- tag 'Name', 'Foobar Encrypted Volume'
56
- tag 'Service', 'foobar'
57
- tag 'Stack', stack.cloud
58
- end
59
-
60
- ec2_instance 'FoobarWithEncryptedVol' do
61
- image_id stack['foobar-image']
62
- instance_type 'm3.medium'
63
- key_name 'production'
64
- availability_zone 'us-east-1a'
65
-
66
- # give the instance a static private IP and ensure
67
- # it has a public ip regardless of subnet default setting
68
- network_interface do
69
- private_ip_address '10.1.2.3'
70
- associate_public_ip_address true
71
- security_group stack.get('security-groups', 'Foobar')
72
- subnet stack.get('vpc', 'TargetVPCSubnetPublic3')
73
- end
74
-
75
- # mount the encrypted volume at /dev/xvdf
76
- volume do
77
- device '/dev/sdf'
78
- volume_id fn_ref('FoobarEncryptedVol')
79
- end
80
-
81
- # mount an ephemeral drive at /dev/xvdc
82
- block_device do
83
- device '/dev/sdc'
84
- virtual_name 'ephemeral0'
85
- end
86
-
87
- tag 'Name', 'Foobar Encrypted'
88
- tag 'Service', 'foobar'
89
- tag 'Stack', stack.cloud
90
- end
91
- end
92
- end
93
- end
@@ -1,335 +0,0 @@
1
- {
2
- "AWSTemplateFormatVersion": "2010-09-09",
3
- "Description": "Demo VPC",
4
- "Parameters": {
5
- },
6
- "Mappings": {
7
- },
8
- "Conditions": {
9
- },
10
- "Resources": {
11
- "TargetVPCIGVPCAttachmentTargetVPC": {
12
- "Type": "AWS::EC2::VPCGatewayAttachment",
13
- "Properties": {
14
- "VpcId": {
15
- "Ref": "TargetVPC"
16
- },
17
- "InternetGatewayId": {
18
- "Ref": "TargetVPCIG"
19
- }
20
- }
21
- },
22
- "TargetVPCIG": {
23
- "Type": "AWS::EC2::InternetGateway",
24
- "Properties": {
25
- "Tags": [
26
- {
27
- "Key": "Name",
28
- "Value": "TargetVPCInternetGateway"
29
- }
30
- ]
31
- }
32
- },
33
- "TargetVPCACLPublicEntryAllowAllIngress": {
34
- "Type": "AWS::EC2::NetworkAclEntry",
35
- "Properties": {
36
- "NetworkAclId": {
37
- "Ref": "TargetVPCACLPublic"
38
- },
39
- "RuleAction": "allow",
40
- "RuleNumber": 100,
41
- "PortRange": {
42
- "From": 0,
43
- "To": 65535
44
- },
45
- "CidrBlock": "0.0.0.0/0",
46
- "Protocol": -1
47
- }
48
- },
49
- "TargetVPCACLPublicEntryAllowAllEgress": {
50
- "Type": "AWS::EC2::NetworkAclEntry",
51
- "Properties": {
52
- "NetworkAclId": {
53
- "Ref": "TargetVPCACLPublic"
54
- },
55
- "RuleAction": "allow",
56
- "RuleNumber": 100,
57
- "Egress": true,
58
- "PortRange": {
59
- "From": 0,
60
- "To": 65535
61
- },
62
- "CidrBlock": "0.0.0.0/0",
63
- "Protocol": -1
64
- }
65
- },
66
- "TargetVPCACLPublic": {
67
- "Type": "AWS::EC2::NetworkAcl",
68
- "Properties": {
69
- "VpcId": {
70
- "Ref": "TargetVPC"
71
- },
72
- "Tags": [
73
- {
74
- "Key": "Name",
75
- "Value": "acl-public-convection-test"
76
- },
77
- {
78
- "Key": "Stack",
79
- "Value": "convection-test"
80
- }
81
- ]
82
- }
83
- },
84
- "TargetVPCTablePublic": {
85
- "Type": "AWS::EC2::RouteTable",
86
- "Properties": {
87
- "VpcId": {
88
- "Ref": "TargetVPC"
89
- },
90
- "Tags": [
91
- {
92
- "Key": "Name",
93
- "Value": "routes-public-convection-test"
94
- },
95
- {
96
- "Key": "Stack",
97
- "Value": "convection-test"
98
- }
99
- ]
100
- }
101
- },
102
- "TargetVPCTablePublicRouteDefault": {
103
- "Type": "AWS::EC2::Route",
104
- "Properties": {
105
- "RouteTableId": {
106
- "Ref": "TargetVPCTablePublic"
107
- },
108
- "DestinationCidrBlock": "0.0.0.0/0",
109
- "GatewayId": {
110
- "Ref": "TargetVPCIG"
111
- }
112
- }
113
- },
114
- "TargetVPCSubnetPublic0ACLAssociationTargetVPCACLPublic": {
115
- "Type": "AWS::EC2::SubnetNetworkAclAssociation",
116
- "Properties": {
117
- "NetworkAclId": {
118
- "Ref": "TargetVPCACLPublic"
119
- },
120
- "SubnetId": {
121
- "Ref": "TargetVPCSubnetPublic0"
122
- }
123
- }
124
- },
125
- "TargetVPCSubnetPublic0RouteTableAssociationTargetVPCTablePublic": {
126
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
127
- "Properties": {
128
- "RouteTableId": {
129
- "Ref": "TargetVPCTablePublic"
130
- },
131
- "SubnetId": {
132
- "Ref": "TargetVPCSubnetPublic0"
133
- }
134
- }
135
- },
136
- "TargetVPCSubnetPublic0": {
137
- "Type": "AWS::EC2::Subnet",
138
- "Properties": {
139
- "AvailabilityZone": "us-east-1a",
140
- "VpcId": {
141
- "Ref": "TargetVPC"
142
- },
143
- "CidrBlock": "10.255.0.0/24",
144
- "Tags": [
145
- {
146
- "Key": "Name",
147
- "Value": "subnet-public-convection-test-us-east-1a"
148
- },
149
- {
150
- "Key": "immutable_metadata",
151
- "Value": "{\"purpose\":\"public-convection-test\",\"target\":\"\"}"
152
- },
153
- {
154
- "Key": "Stack",
155
- "Value": "convection-test"
156
- },
157
- {
158
- "Key": "Service",
159
- "Value": "Public"
160
- }
161
- ]
162
- }
163
- },
164
- "TargetVPCSubnetPublic1ACLAssociationTargetVPCACLPublic": {
165
- "Type": "AWS::EC2::SubnetNetworkAclAssociation",
166
- "Properties": {
167
- "NetworkAclId": {
168
- "Ref": "TargetVPCACLPublic"
169
- },
170
- "SubnetId": {
171
- "Ref": "TargetVPCSubnetPublic1"
172
- }
173
- }
174
- },
175
- "TargetVPCSubnetPublic1RouteTableAssociationTargetVPCTablePublic": {
176
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
177
- "Properties": {
178
- "RouteTableId": {
179
- "Ref": "TargetVPCTablePublic"
180
- },
181
- "SubnetId": {
182
- "Ref": "TargetVPCSubnetPublic1"
183
- }
184
- }
185
- },
186
- "TargetVPCSubnetPublic1": {
187
- "Type": "AWS::EC2::Subnet",
188
- "Properties": {
189
- "AvailabilityZone": "us-east-1c",
190
- "VpcId": {
191
- "Ref": "TargetVPC"
192
- },
193
- "CidrBlock": "10.255.1.0/24",
194
- "Tags": [
195
- {
196
- "Key": "Name",
197
- "Value": "subnet-public-convection-test-us-east-1c"
198
- },
199
- {
200
- "Key": "immutable_metadata",
201
- "Value": "{\"purpose\":\"public-convection-test\",\"target\":\"\"}"
202
- },
203
- {
204
- "Key": "Stack",
205
- "Value": "convection-test"
206
- },
207
- {
208
- "Key": "Service",
209
- "Value": "Public"
210
- }
211
- ]
212
- }
213
- },
214
- "TargetVPCSubnetPublic2ACLAssociationTargetVPCACLPublic": {
215
- "Type": "AWS::EC2::SubnetNetworkAclAssociation",
216
- "Properties": {
217
- "NetworkAclId": {
218
- "Ref": "TargetVPCACLPublic"
219
- },
220
- "SubnetId": {
221
- "Ref": "TargetVPCSubnetPublic2"
222
- }
223
- }
224
- },
225
- "TargetVPCSubnetPublic2RouteTableAssociationTargetVPCTablePublic": {
226
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
227
- "Properties": {
228
- "RouteTableId": {
229
- "Ref": "TargetVPCTablePublic"
230
- },
231
- "SubnetId": {
232
- "Ref": "TargetVPCSubnetPublic2"
233
- }
234
- }
235
- },
236
- "TargetVPCSubnetPublic2": {
237
- "Type": "AWS::EC2::Subnet",
238
- "Properties": {
239
- "AvailabilityZone": "us-east-1d",
240
- "VpcId": {
241
- "Ref": "TargetVPC"
242
- },
243
- "CidrBlock": "10.255.2.0/24",
244
- "Tags": [
245
- {
246
- "Key": "Name",
247
- "Value": "subnet-public-convection-test-us-east-1d"
248
- },
249
- {
250
- "Key": "immutable_metadata",
251
- "Value": "{\"purpose\":\"public-convection-test\",\"target\":\"\"}"
252
- },
253
- {
254
- "Key": "Stack",
255
- "Value": "convection-test"
256
- },
257
- {
258
- "Key": "Service",
259
- "Value": "Public"
260
- }
261
- ]
262
- }
263
- },
264
- "TargetVPCSubnetPublic3ACLAssociationTargetVPCACLPublic": {
265
- "Type": "AWS::EC2::SubnetNetworkAclAssociation",
266
- "Properties": {
267
- "NetworkAclId": {
268
- "Ref": "TargetVPCACLPublic"
269
- },
270
- "SubnetId": {
271
- "Ref": "TargetVPCSubnetPublic3"
272
- }
273
- }
274
- },
275
- "TargetVPCSubnetPublic3RouteTableAssociationTargetVPCTablePublic": {
276
- "Type": "AWS::EC2::SubnetRouteTableAssociation",
277
- "Properties": {
278
- "RouteTableId": {
279
- "Ref": "TargetVPCTablePublic"
280
- },
281
- "SubnetId": {
282
- "Ref": "TargetVPCSubnetPublic3"
283
- }
284
- }
285
- },
286
- "TargetVPCSubnetPublic3": {
287
- "Type": "AWS::EC2::Subnet",
288
- "Properties": {
289
- "AvailabilityZone": "us-east-1e",
290
- "VpcId": {
291
- "Ref": "TargetVPC"
292
- },
293
- "CidrBlock": "10.255.3.0/24",
294
- "Tags": [
295
- {
296
- "Key": "Name",
297
- "Value": "subnet-public-convection-test-us-east-1e"
298
- },
299
- {
300
- "Key": "immutable_metadata",
301
- "Value": "{\"purpose\":\"public-convection-test\",\"target\":\"\"}"
302
- },
303
- {
304
- "Key": "Stack",
305
- "Value": "convection-test"
306
- },
307
- {
308
- "Key": "Service",
309
- "Value": "Public"
310
- }
311
- ]
312
- }
313
- },
314
- "TargetVPC": {
315
- "Type": "AWS::EC2::VPC",
316
- "Properties": {
317
- "CidrBlock": "10.255.0.0/16",
318
- "EnableDnsSupport": true,
319
- "EnableDnsHostnames": true,
320
- "Tags": [
321
- {
322
- "Key": "Name",
323
- "Value": "convection-test"
324
- },
325
- {
326
- "Key": "Stack",
327
- "Value": "convection-test"
328
- }
329
- ]
330
- }
331
- }
332
- },
333
- "Outputs": {
334
- }
335
- }
@@ -1,77 +0,0 @@
1
- require_relative '../lib/convection'
2
-
3
- module Convection
4
- module Demo
5
- SECURITY_GROUPS = Convection.template do
6
- description 'Demo Security Groups'
7
-
8
- ec2_security_group 'FoobarELB' do
9
- vpc stack.get('vpc', 'id')
10
- description 'Foobar ELB Ingress'
11
-
12
- ingress_rule(:tcp, 80, '0.0.0.0/0')
13
- ingress_rule(:tcp, 443, '0.0.0.0/0')
14
-
15
- tag 'Name', "sg-foobar-elb-#{ stack.cloud }"
16
- tag 'Service', 'foobar'
17
- tag 'Resource', 'ELB'
18
- tag 'Scope', 'public'
19
- tag 'Stack', stack.cloud
20
-
21
- with_output
22
- end
23
-
24
- ec2_security_group 'Foobar' do
25
- vpc stack.get('vpc', 'id')
26
- description 'Foobar Ingress'
27
-
28
- ingress_rule(:tcp, 8080) { source_group fn_ref('FoobarELB') }
29
-
30
- tag 'Name', "sg-foobar-#{ stack.cloud }"
31
- tag 'Service', 'foobar'
32
- tag 'Resource', 'EC2'
33
- tag 'Scope', 'private'
34
- tag 'Stack', stack.cloud
35
-
36
- with_output
37
- end
38
-
39
- ec2_security_group 'FoobarEgress' do
40
- vpc stack.get('vpc', 'id')
41
- description 'Foobar Egress'
42
-
43
- egress_rule(:tcp, 80, '0.0.0.0/0')
44
- egress_rule(:tcp, 443, '0.0.0.0/0')
45
-
46
- tag 'Name', "sg-foobar-egress-#{ stack.cloud }"
47
- tag 'Service', 'foobar'
48
- tag 'Resource', 'EC2'
49
- tag 'Scope', 'private'
50
- tag 'Stack', stack.cloud
51
-
52
- with_output
53
- end
54
-
55
- ec2_security_group 'FoobarNoEgress' do
56
- vpc stack.get('vpc', 'id')
57
- description 'Foobar No Egress'
58
-
59
- # By default, Cloud Formation adds a default egress rule that allows
60
- # egress traffic on all ports and IP protocols to any location. The default
61
- # rule is removed only when you specify one or more egress rules. If you want
62
- # to remove the default rule and limit egress traffic to just the localhost,
63
- # you can use the following rule:
64
- # See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
65
- egress_rule(-1, nil, '127.0.0.1/32')
66
-
67
- tag 'Name', "sg-foobar-noegress-#{ stack.cloud }"
68
- tag 'Service', 'foobar'
69
- tag 'Resource', 'EC2'
70
- tag 'Scope', 'private'
71
- tag 'Stack', stack.cloud
72
-
73
- with_output
74
- end
75
- end
76
- end
77
- end