convection 0.0.1 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rubocop.yml +26 -8
- data/.rubocop_todo.yml +77 -0
- data/.ruby-version +1 -0
- data/.travis.yml +10 -0
- data/Gemfile +9 -0
- data/README.md +27 -2
- data/Rakefile +11 -1
- data/bin/convection +49 -0
- data/convection.gemspec +5 -7
- data/example/.ruby-version +1 -0
- data/example/Cloudfile +13 -0
- data/example/deprecated/elb.rb +27 -0
- data/example/deprecated/iam_access_key.rb +18 -0
- data/example/deprecated/iam_group.rb +31 -0
- data/example/{iam_role.rb → deprecated/iam_role.rb} +21 -32
- data/example/deprecated/iam_user.rb +31 -0
- data/example/deprecated/rds.rb +70 -0
- data/example/{s3.rb → deprecated/s3.rb} +0 -0
- data/example/deprecated/sqs.rb +32 -0
- data/example/deprecated/vpc.rb +85 -0
- data/example/foobar.rb +22 -0
- data/example/output/vpc.json +335 -0
- data/example/security-groups.rb +40 -0
- data/example/trust_cloudtrail.rb +24 -0
- data/example/vpc.rb +63 -81
- data/ext/resource_generator.sh +21 -0
- data/lib/convection.rb +5 -4
- data/lib/convection/control/cloud.rb +59 -0
- data/lib/convection/control/stack.rb +261 -60
- data/lib/convection/dsl/helpers.rb +63 -5
- data/lib/convection/model/attributes.rb +60 -0
- data/lib/convection/model/cloudfile.rb +58 -0
- data/lib/convection/model/diff.rb +39 -0
- data/lib/convection/model/event.rb +62 -0
- data/lib/convection/model/exceptions.rb +18 -0
- data/lib/convection/model/mixin/cidr_block.rb +4 -4
- data/lib/convection/model/mixin/colorize.rb +20 -0
- data/lib/convection/model/mixin/conditional.rb +1 -3
- data/lib/convection/model/mixin/policy.rb +89 -0
- data/lib/convection/model/mixin/protocol.rb +29 -0
- data/lib/convection/model/mixin/taggable.rb +2 -2
- data/lib/convection/model/template.rb +248 -21
- data/lib/convection/model/template/condition.rb +56 -0
- data/lib/convection/model/template/mapping.rb +4 -3
- data/lib/convection/model/template/output.rb +9 -7
- data/lib/convection/model/template/parameter.rb +19 -4
- data/lib/convection/model/template/resource.rb +317 -23
- data/lib/convection/model/template/resource/aws_auto_scaling_auto_scaling_group.rb +39 -0
- data/lib/convection/model/template/resource/aws_auto_scaling_launch_configuration.rb +30 -0
- data/lib/convection/model/template/resource/aws_auto_scaling_scaling_policy.rb +20 -0
- data/lib/convection/model/template/resource/aws_cloud_watch_alarm.rb +31 -0
- data/lib/convection/model/template/resource/aws_ec2_instance.rb +10 -46
- data/lib/convection/model/template/resource/aws_ec2_internet_gateway.rb +3 -14
- data/lib/convection/model/template/resource/aws_ec2_network_acl.rb +45 -0
- data/lib/convection/model/template/resource/aws_ec2_network_acl_entry.rb +27 -0
- data/lib/convection/model/template/resource/aws_ec2_route.rb +7 -40
- data/lib/convection/model/template/resource/aws_ec2_route_table.rb +2 -17
- data/lib/convection/model/template/resource/aws_ec2_security_group.rb +24 -30
- data/lib/convection/model/template/resource/aws_ec2_security_group_ingres.rb +25 -0
- data/lib/convection/model/template/resource/aws_ec2_subnet.rb +21 -28
- data/lib/convection/model/template/resource/aws_ec2_subnet_network_acl_association.rb +18 -0
- data/lib/convection/model/template/resource/aws_ec2_subnet_route_table_association.rb +3 -24
- data/lib/convection/model/template/resource/aws_ec2_vpc.rb +20 -22
- data/lib/convection/model/template/resource/aws_ec2_vpc_gateway_attachment.rb +4 -28
- data/lib/convection/model/template/resource/aws_elasticache_cluster.rb +24 -0
- data/lib/convection/model/template/resource/aws_elasticache_parameter_group.rb +19 -0
- data/lib/convection/model/template/resource/aws_elasticache_security_group.rb +17 -0
- data/lib/convection/model/template/resource/aws_elasticache_security_group_ingress.rb +19 -0
- data/lib/convection/model/template/resource/aws_elb.rb +39 -0
- data/lib/convection/model/template/resource/aws_iam_access_key.rb +19 -0
- data/lib/convection/model/template/resource/aws_iam_group.rb +18 -0
- data/lib/convection/model/template/resource/aws_iam_instance_profile.rb +21 -0
- data/lib/convection/model/template/resource/aws_iam_policy.rb +28 -24
- data/lib/convection/model/template/resource/aws_iam_role.rb +88 -19
- data/lib/convection/model/template/resource/aws_iam_user.rb +53 -0
- data/lib/convection/model/template/resource/aws_logs_loggroup.rb +33 -0
- data/lib/convection/model/template/resource/aws_rds_db_instance.rb +59 -0
- data/lib/convection/model/template/resource/aws_rds_db_parameter_group.rb +27 -0
- data/lib/convection/model/template/resource/aws_rds_db_security_group.rb +40 -0
- data/lib/convection/model/template/resource/aws_rds_db_subnet_group.rb +26 -0
- data/lib/convection/model/template/resource/aws_route53_health_check.rb +17 -0
- data/lib/convection/model/template/resource/aws_route53_recordset.rb +30 -0
- data/lib/convection/model/template/resource/aws_s3_bucket.rb +8 -44
- data/lib/convection/model/template/resource/aws_s3_bucket_policy.rb +14 -19
- data/lib/convection/model/template/resource/aws_sns_topic.rb +19 -0
- data/lib/convection/model/template/resource/aws_sqs_queue.rb +31 -0
- data/lib/convection/model/template/resource/aws_sqs_queue_policy.rb +18 -0
- data/test/convection/model/test_conditions.rb +121 -0
- data/test/convection/model/test_elasticache.rb +97 -0
- data/test/convection/model/test_loggroups.rb +25 -0
- data/test/convection/model/test_rds.rb +76 -0
- data/test/convection/model/test_template.rb +64 -0
- data/test/convection/model/test_validation.rb +216 -0
- data/test/test_helper.rb +17 -0
- metadata +131 -50
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 075a28b9e49edf4315587f8de99945362fd9e837
|
4
|
+
data.tar.gz: 97a5572cf09f71edca02765fda206d77483bbfc0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7c0a82cfe5c746882ca8d48c45929ed0a136d27def8f98bd59a5a3394c4ea00ce5ecf4c19ddd30dd17dff84c9f2612ca6b9a9ebe14d103fd0d0ef29acc1f4f13
|
7
|
+
data.tar.gz: c2dbf7220245c5c4b4274a40c1db694f5ac3c68b0a954a88418bd4da0270d8359d60f0a63644d93905ace121a226e70f1aad2ca4fdeca5a9988776b570f45844
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
@@ -1,16 +1,34 @@
|
|
1
|
+
inherit_from: .rubocop_todo.yml
|
2
|
+
|
1
3
|
AllCops:
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
4
|
+
Include:
|
5
|
+
- lib/**/*
|
6
|
+
- bin/**/*
|
7
|
+
- test/**/*
|
8
|
+
- Gemfile
|
9
|
+
- Rakefile
|
10
|
+
- Thorfile
|
11
|
+
Exclude:
|
12
|
+
- example/**/*
|
6
13
|
|
7
14
|
Encoding:
|
8
15
|
Enabled: false
|
9
|
-
|
16
|
+
RescueModifier:
|
10
17
|
Enabled: false
|
11
18
|
HashSyntax:
|
12
19
|
Enabled: false
|
13
|
-
|
20
|
+
SpaceInsideStringInterpolation:
|
14
21
|
Enabled: false
|
15
|
-
|
16
|
-
|
22
|
+
|
23
|
+
# AbcSize:
|
24
|
+
# Max: 24
|
25
|
+
# ClassLength:
|
26
|
+
# Max: 256
|
27
|
+
# CyclomaticComplexity:
|
28
|
+
# Max: 12
|
29
|
+
# LineLength:
|
30
|
+
# Max: 120
|
31
|
+
# MethodLength:
|
32
|
+
# Max: 32
|
33
|
+
# PerceivedComplexity:
|
34
|
+
# Max: 12
|
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,77 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config`
|
3
|
+
# on 2015-09-14 17:06:32 -0400 using RuboCop version 0.34.1.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 1
|
10
|
+
Lint/HandleExceptions:
|
11
|
+
Exclude:
|
12
|
+
- 'lib/convection/control/stack.rb'
|
13
|
+
|
14
|
+
# Offense count: 1
|
15
|
+
Lint/UselessAssignment:
|
16
|
+
Exclude:
|
17
|
+
- 'lib/convection/model/template.rb'
|
18
|
+
|
19
|
+
# Offense count: 9
|
20
|
+
Metrics/AbcSize:
|
21
|
+
Max: 57
|
22
|
+
|
23
|
+
# Offense count: 1
|
24
|
+
# Configuration parameters: CountComments.
|
25
|
+
Metrics/ClassLength:
|
26
|
+
Max: 267
|
27
|
+
|
28
|
+
# Offense count: 1
|
29
|
+
Metrics/CyclomaticComplexity:
|
30
|
+
Max: 13
|
31
|
+
|
32
|
+
# Offense count: 9
|
33
|
+
# Configuration parameters: AllowURI, URISchemes.
|
34
|
+
Metrics/LineLength:
|
35
|
+
Max: 151
|
36
|
+
|
37
|
+
# Offense count: 1
|
38
|
+
# Configuration parameters: CountComments.
|
39
|
+
Metrics/MethodLength:
|
40
|
+
Max: 35
|
41
|
+
|
42
|
+
# Offense count: 1
|
43
|
+
Metrics/PerceivedComplexity:
|
44
|
+
Max: 13
|
45
|
+
|
46
|
+
# Offense count: 2
|
47
|
+
Style/AccessorMethodName:
|
48
|
+
Exclude:
|
49
|
+
- 'lib/convection/control/stack.rb'
|
50
|
+
|
51
|
+
# Offense count: 3
|
52
|
+
# Configuration parameters: EnforcedStyle, SupportedStyles.
|
53
|
+
Style/ClassAndModuleChildren:
|
54
|
+
Exclude:
|
55
|
+
- 'lib/convection/model/template.rb'
|
56
|
+
- 'test/test_helper.rb'
|
57
|
+
|
58
|
+
# Offense count: 11
|
59
|
+
Style/Documentation:
|
60
|
+
Exclude:
|
61
|
+
- 'lib/convection/model/attributes.rb'
|
62
|
+
- 'lib/convection/model/mixin/colorize.rb'
|
63
|
+
- 'lib/convection/model/template/condition.rb'
|
64
|
+
- 'test/convection/model/test_conditions.rb'
|
65
|
+
- 'test/convection/model/test_elasticache.rb'
|
66
|
+
- 'test/convection/model/test_loggroups.rb'
|
67
|
+
- 'test/convection/model/test_rds.rb'
|
68
|
+
- 'test/convection/model/test_template.rb'
|
69
|
+
- 'test/convection/model/test_validation.rb'
|
70
|
+
- 'test/test_helper.rb'
|
71
|
+
|
72
|
+
# Offense count: 1
|
73
|
+
# Cop supports --auto-correct.
|
74
|
+
# Configuration parameters: EnforcedStyle, SupportedStyles.
|
75
|
+
Style/FirstParameterIndentation:
|
76
|
+
Exclude:
|
77
|
+
- 'lib/convection/model/mixin/taggable.rb'
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.2.2
|
data/.travis.yml
ADDED
data/Gemfile
CHANGED
@@ -2,3 +2,12 @@ source 'https://rubygems.org'
|
|
2
2
|
|
3
3
|
# Specify your gem's dependencies in convection.gemspec
|
4
4
|
gemspec
|
5
|
+
|
6
|
+
group :development do
|
7
|
+
gem 'bundler', '~> 1.7'
|
8
|
+
gem 'minitest'
|
9
|
+
gem 'rake', '~> 10.0'
|
10
|
+
gem 'rubocop', '~> 0.34'
|
11
|
+
gem 'simplecov'
|
12
|
+
gem 'thor-scmversion', '= 1.7.0'
|
13
|
+
end
|
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
# Convection
|
1
|
+
# Convection [![Build Status](https://travis-ci.org/rapid7/convection.svg)](https://travis-ci.org/rapid7/convection)
|
2
2
|
_A fully generic, modular DSL for AWS CloudFormation_
|
3
3
|
|
4
4
|
This gem aims to provide a reusable model for AWS CloudFormation in Ruby. It exposes a DSL for template definition, and a simple, decoupled abstraction of a CloudFormation Stack to compile and apply templates.
|
@@ -107,7 +107,18 @@ end
|
|
107
107
|
### Conditions
|
108
108
|
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html
|
109
109
|
|
110
|
-
|
110
|
+
```ruby
|
111
|
+
condition 'ThisCondition' do
|
112
|
+
fn_equals( fn_ref('SomeParameter'), 'value_x' )
|
113
|
+
end
|
114
|
+
|
115
|
+
condition 'ThatCondition' do
|
116
|
+
fn_or(
|
117
|
+
fn_equals( fn_ref('SomeParameter'), 'value_y' ),
|
118
|
+
fn_equals( fn_ref('SomeParameter'), 'value_z' )
|
119
|
+
)
|
120
|
+
end
|
121
|
+
```
|
111
122
|
|
112
123
|
### Resources
|
113
124
|
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html
|
@@ -127,6 +138,17 @@ resource 'AnInstance' do
|
|
127
138
|
end
|
128
139
|
```
|
129
140
|
|
141
|
+
Using a condition to set a resource property:
|
142
|
+
|
143
|
+
```ruby
|
144
|
+
resource 'MySQL' do
|
145
|
+
type 'AWS::RDS::DBInstance'
|
146
|
+
...
|
147
|
+
property 'Iops', fn_if('ThisCondition', '1000', fn_ref('AWS::NoValue'))
|
148
|
+
...
|
149
|
+
end
|
150
|
+
```
|
151
|
+
|
130
152
|
### Outputs
|
131
153
|
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html
|
132
154
|
|
@@ -195,6 +217,9 @@ The `Stack` class provides a state wrapper for CloudFormation Stacks. It tracks
|
|
195
217
|
* `#delete` - Delete CloudFormation Stack
|
196
218
|
* `#availability_zones(&block)` - Return an array of strings representing the region's availability zones. Provided codeblock will be called for each AZ.
|
197
219
|
|
220
|
+
## Futures
|
221
|
+
*
|
222
|
+
|
198
223
|
## License
|
199
224
|
_Copyright (c) 2015 John Manero, Rapid7 LLC._
|
200
225
|
|
data/Rakefile
CHANGED
@@ -1,2 +1,12 @@
|
|
1
|
-
require
|
1
|
+
require 'bundler/gem_tasks'
|
2
|
+
require 'rubocop/rake_task'
|
3
|
+
require 'rake/testtask'
|
2
4
|
|
5
|
+
RuboCop::RakeTask.new
|
6
|
+
|
7
|
+
Rake::TestTask.new do |t|
|
8
|
+
t.libs << 'test'
|
9
|
+
t.pattern = 'test/**/test_*.rb'
|
10
|
+
end
|
11
|
+
|
12
|
+
task :default => [:test, :rubocop]
|
data/bin/convection
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'thor'
|
3
|
+
require_relative '../lib/convection/control/cloud'
|
4
|
+
|
5
|
+
module Convection
|
6
|
+
##
|
7
|
+
# Convection CLI
|
8
|
+
##
|
9
|
+
class CLI < Thor
|
10
|
+
class_option :cloudfile, :type => :string, :default => 'Cloudfile'
|
11
|
+
def initialize(*args)
|
12
|
+
super
|
13
|
+
@cloud = Control::Cloud.new
|
14
|
+
@cwd = Dir.getwd
|
15
|
+
end
|
16
|
+
|
17
|
+
desc 'converge STACK', 'Converge your cloud'
|
18
|
+
def converge(stack = nil)
|
19
|
+
@cloud.configure(File.absolute_path(options['cloudfile'], @cwd))
|
20
|
+
@cloud.converge(stack) do |event, errors|
|
21
|
+
say_status(*event.to_thor)
|
22
|
+
errors.each do |error|
|
23
|
+
say "* #{ error.message }"
|
24
|
+
error.backtrace.each { |b| say " #{ b }" }
|
25
|
+
end unless errors.nil?
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
desc 'diff', 'Show changes that will be applied by converge'
|
30
|
+
def diff
|
31
|
+
@cloud.configure(File.absolute_path(options['cloudfile'], @cwd))
|
32
|
+
@cloud.diff { |d| say_status(*d.to_thor) }
|
33
|
+
end
|
34
|
+
|
35
|
+
desc 'print STACK', 'Print the rendered template for STACK'
|
36
|
+
def print(stack)
|
37
|
+
@cloud.configure(File.absolute_path(options['cloudfile'], @cwd))
|
38
|
+
puts @cloud.stacks[stack].to_json(true)
|
39
|
+
end
|
40
|
+
|
41
|
+
desc 'validate STACK', 'Validate the rendered template for STACK'
|
42
|
+
def validate(stack)
|
43
|
+
@cloud.configure(File.absolute_path(options['cloudfile'], @cwd))
|
44
|
+
@cloud.stacks[stack].validate
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
Convection::CLI.start(ARGV)
|
data/convection.gemspec
CHANGED
@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
|
|
10
10
|
spec.email = ['jmanero@rapid7.com']
|
11
11
|
spec.summary = Convection::SUMMARY
|
12
12
|
spec.description = Convection::DESCRIPTION
|
13
|
-
spec.homepage = ''
|
13
|
+
spec.homepage = 'https://github.com/rapid7/convection'
|
14
14
|
spec.license = 'MIT'
|
15
15
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0")
|
@@ -18,10 +18,8 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(/^(test|spec|features)\//)
|
19
19
|
spec.require_paths = ['lib']
|
20
20
|
|
21
|
-
spec.
|
22
|
-
spec.
|
23
|
-
spec.
|
24
|
-
|
25
|
-
spec.add_runtime_dependency 'aws-sdk', '< 2'
|
26
|
-
spec.add_runtime_dependency 'netaddr', '~> 1.5.0'
|
21
|
+
spec.add_runtime_dependency 'aws-sdk', '>= 2'
|
22
|
+
spec.add_runtime_dependency 'httparty', '~> 0.13'
|
23
|
+
spec.add_runtime_dependency 'netaddr', '~> 1.5'
|
24
|
+
spec.add_runtime_dependency 'thor', '~> 0.19'
|
27
25
|
end
|
@@ -0,0 +1 @@
|
|
1
|
+
2.2.2
|
data/example/Cloudfile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
require_relative '../lib/convection'
|
2
|
+
require_relative './vpc'
|
3
|
+
require_relative './security-groups'
|
4
|
+
require_relative './foobar'
|
5
|
+
|
6
|
+
name 'convection-test'
|
7
|
+
region 'us-east-1'
|
8
|
+
|
9
|
+
attribute 'vpc', 'subnet', '10.255.0.0/16'
|
10
|
+
|
11
|
+
stack 'vpc', Convection::Demo::VPC
|
12
|
+
stack 'security-groups', Convection::Demo::SECURITY_GROUPS
|
13
|
+
stack 'foobar', Convection::Demo::FOOBAR
|
@@ -0,0 +1,27 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'convection'
|
3
|
+
|
4
|
+
region = 'us-west-1'
|
5
|
+
|
6
|
+
elb_template = Convection.template do
|
7
|
+
description 'Example ELB via Convection '
|
8
|
+
|
9
|
+
elb 'TestELB' do
|
10
|
+
availability_zones(
|
11
|
+
{
|
12
|
+
"Fn::GetAZs"=>""
|
13
|
+
}
|
14
|
+
)
|
15
|
+
load_balancer_name('ExampleELB')
|
16
|
+
listeners(
|
17
|
+
{
|
18
|
+
'InstancePort' => '80',
|
19
|
+
'LoadBalancerPort' => '80',
|
20
|
+
'Protocol' => 'HTTP'
|
21
|
+
}
|
22
|
+
)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
puts elb_template.to_json
|
27
|
+
#puts Convection.stack('ELBTestStack', elb_template, :region => region).apply
|
@@ -0,0 +1,18 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'convection'
|
3
|
+
|
4
|
+
test_iam_access_key_template = Convection.template do
|
5
|
+
description 'This example creates a user an access keys for that user.'
|
6
|
+
|
7
|
+
iam_user 'NewUser' do
|
8
|
+
path 'new_user'
|
9
|
+
end
|
10
|
+
|
11
|
+
iam_access_key 'NewUserKey' do
|
12
|
+
status 'Active'
|
13
|
+
user_name fn_ref(:NewUser)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
puts test_iam_access_key_template.to_json
|
18
|
+
# puts Convection.stack('IAMTestStack', test_iam_access_key_template, :region => 'us-west-1').apply
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'convection'
|
3
|
+
|
4
|
+
test_iam_group_template = Convection.template do
|
5
|
+
description 'This is an example of a stack representing IAM Groups and Policies.'
|
6
|
+
|
7
|
+
parameter 'Path' do
|
8
|
+
type 'String'
|
9
|
+
default '/'
|
10
|
+
end
|
11
|
+
|
12
|
+
iam_policy 'GroupPolicy' do
|
13
|
+
policy_name 'NewPolicy'
|
14
|
+
group fn_ref(:NewGroup)
|
15
|
+
|
16
|
+
policy(
|
17
|
+
:Statement => [{
|
18
|
+
:Effect => 'Allow',
|
19
|
+
:Action => ['s3:GetObject'],
|
20
|
+
:Resource => ['arn:aws:s3:::some.bucket.name.here/*']
|
21
|
+
}]
|
22
|
+
)
|
23
|
+
end
|
24
|
+
|
25
|
+
iam_group 'NewGroup' do
|
26
|
+
path fn_ref(:Path)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
puts test_iam_group_template.to_json
|
31
|
+
# puts Convection.stack('IAMTestStack', test_iam_group_template, :region => 'us-west-1').apply
|
@@ -20,43 +20,32 @@ test_iam_role_template = Convection.template do
|
|
20
20
|
end
|
21
21
|
|
22
22
|
iam_policy 'RolePolicy' do
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
"s3:GetObject"
|
34
|
-
],
|
35
|
-
"Resource"=> [
|
36
|
-
"arn:aws:s3:::some.bucket.name.here/*"
|
37
|
-
]
|
38
|
-
}
|
39
|
-
]
|
40
|
-
})
|
23
|
+
policy_name 'NewPolicy'
|
24
|
+
role fn_ref(:NewRole)
|
25
|
+
|
26
|
+
policy(
|
27
|
+
:Statement => [{
|
28
|
+
:Effect => 'Allow',
|
29
|
+
:Action => ['s3:GetObject'],
|
30
|
+
:Resource => ['arn:aws:s3:::some.bucket.name.here/*']
|
31
|
+
}]
|
32
|
+
)
|
41
33
|
end
|
42
34
|
|
43
35
|
iam_role 'NewRole' do
|
44
|
-
path fn_ref(
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
{
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
"Service" => "ec2.amazonaws.com"
|
36
|
+
path fn_ref(:Path)
|
37
|
+
|
38
|
+
# EC2 Instance Role
|
39
|
+
trust_relationship(
|
40
|
+
:Statement => [{
|
41
|
+
:Effect => 'Allow',
|
42
|
+
:Principal => {
|
43
|
+
:Service => 'ec2.amazonaws.com'
|
53
44
|
},
|
54
|
-
|
55
|
-
}
|
56
|
-
|
57
|
-
})
|
45
|
+
:Action => 'sts:AssumeRole'
|
46
|
+
}]
|
47
|
+
)
|
58
48
|
end
|
59
|
-
|
60
49
|
end
|
61
50
|
|
62
51
|
puts test_iam_role_template.to_json
|