RubyGems - kumogata-template - Versions diffs - 0.0.35 → 0.0.36 - Mend

kumogata-template 0.0.35 → 0.0.36

Files changed (278) hide show

checksums.yaml +5 -5
data/.travis.yml +4 -2
data/Gemfile +1 -1
data/Rakefile +1 -1
data/kumogata-template.gemspec +4 -4
data/lib/kumogata/template/alb.rb +48 -34
data/lib/kumogata/template/api-gateway.rb +262 -0
data/lib/kumogata/template/autoscaling.rb +17 -44
data/lib/kumogata/template/certificate.rb +11 -8
data/lib/kumogata/template/cloudfront.rb +67 -60
data/lib/kumogata/template/cloudwatch.rb +7 -12
data/lib/kumogata/template/codebuild.rb +4 -8
data/lib/kumogata/template/codecommit.rb +2 -6
data/lib/kumogata/template/codedeploy.rb +15 -0
data/lib/kumogata/template/cognito.rb +203 -0
data/lib/kumogata/template/const.rb +109 -47
data/lib/kumogata/template/datapipeline.rb +16 -47
data/lib/kumogata/template/dynamodb.rb +17 -8
data/lib/kumogata/template/ec2.rb +61 -10
data/lib/kumogata/template/ecr.rb +11 -9
data/lib/kumogata/template/ecs.rb +256 -91
data/lib/kumogata/template/elasticbeanstalk.rb +6 -9
data/lib/kumogata/template/elb.rb +9 -24
data/lib/kumogata/template/emr.rb +184 -51
data/lib/kumogata/template/events.rb +22 -10
data/lib/kumogata/template/ext/kumogata.rb +7 -7
data/lib/kumogata/template/helper.rb +189 -130
data/lib/kumogata/template/iam.rb +556 -146
data/lib/kumogata/template/kinesis.rb +282 -0
data/lib/kumogata/template/lambda.rb +43 -2
data/lib/kumogata/template/logs.rb +2 -6
data/lib/kumogata/template/nlb.rb +10 -0
data/lib/kumogata/template/pinpoint.rb +83 -0
data/lib/kumogata/template/rds.rb +52 -0
data/lib/kumogata/template/redshift.rb +15 -6
data/lib/kumogata/template/role.rb +425 -0
data/lib/kumogata/template/s3.rb +120 -80
data/lib/kumogata/template/sns.rb +2 -6
data/lib/kumogata/template/version.rb +1 -1
data/lib/kumogata/template.rb +9 -1
data/template/_template.rb +2 -2
data/template/alb-load-balancer.rb +5 -4
data/template/alb-target-group.rb +8 -9
data/template/api-gateway-account.rb +15 -0
data/template/api-gateway-api-key.rb +22 -0
data/template/api-gateway-authorizer.rb +38 -0
data/template/api-gateway-base-path-mapping.rb +23 -0
data/template/api-gateway-client-certificate.rb +16 -0
data/template/api-gateway-deployment.rb +24 -0
data/template/api-gateway-domain-name.rb +17 -0
data/template/api-gateway-method.rb +71 -0
data/template/api-gateway-model.rb +23 -0
data/template/api-gateway-resource.rb +32 -0
data/template/api-gateway-rest-api.rb +29 -0
data/template/api-gateway-stage.rb +33 -0
data/template/api-gateway-usage-plan-key.rb +19 -0
data/template/api-gateway-usage-plan.rb +24 -0
data/template/autoscaling-group.rb +2 -2
data/template/autoscaling-launch-configuration.rb +7 -4
data/template/autoscaling-scheduled-action.rb +0 -1
data/template/certificate.rb +2 -2
data/template/cloudfront-distribution.rb +4 -0
data/template/cloudfront-origin-access-identity.rb +19 -0
data/template/cloudtrail.rb +6 -4
data/template/cloudwatch-alarm.rb +9 -3
data/template/codebuild-project.rb +3 -3
data/template/codecommit-repository.rb +2 -2
data/template/codedeploy-application.rb +1 -1
data/template/codedeploy-deployment-config.rb +1 -1
data/template/codedeploy-deployment-group.rb +2 -0
data/template/cognito-identity-pool.rb +34 -0
data/template/cognito-identity-role-attachment.rb +22 -0
data/template/cognito-user-pool-client.rb +28 -0
data/template/cognito-user-pool-group.rb +24 -0
data/template/cognito-user-pool-user-to-group-attachment.rb +20 -0
data/template/cognito-user-pool-user.rb +28 -0
data/template/cognito-user-pool.rb +45 -0
data/template/datapipeline-pipeline.rb +4 -4
data/template/dynamodb-table.rb +5 -1
data/template/ec2-eip-association.rb +1 -1
data/template/ec2-instance.rb +4 -1
data/template/ec2-nat-gateway.rb +4 -0
data/template/ec2-route.rb +4 -0
data/template/ec2-security-group-ingress.rb +1 -1
data/template/ec2-security-group.rb +2 -2
data/template/ec2-subnet.rb +8 -4
data/template/ec2-volume.rb +1 -2
data/template/ec2-vpc-cidr-block.rb +4 -2
data/template/ec2-vpc-endpoint.rb +5 -2
data/template/ecr-repository.rb +2 -2
data/template/ecs-cluster.rb +1 -1
data/template/ecs-service.rb +19 -7
data/template/ecs-task-definition.rb +4 -4
data/template/elasticache-cache-cluster.rb +1 -1
data/template/elasticache-parameter-group.rb +1 -1
data/template/elasticache-replication-group.rb +1 -1
data/template/elasticache-subnet-group.rb +1 -1
data/template/elasticbeanstalk-application-version.rb +1 -1
data/template/elasticbeanstalk-application.rb +1 -1
data/template/elasticbeanstalk-configuration-template.rb +1 -1
data/template/elasticbeanstalk-environment.rb +1 -1
data/template/elb-load-balancer.rb +2 -2
data/template/emr-cluster.rb +3 -3
data/template/emr-instance-group-config.rb +4 -2
data/template/emr-security-configuration.rb +17 -0
data/template/emr-step.rb +2 -2
data/template/events-rule.rb +8 -8
data/template/iam-group.rb +2 -2
data/template/iam-instance-profile.rb +2 -2
data/template/iam-managed-policy.rb +1 -1
data/template/iam-policy.rb +1 -1
data/template/iam-role.rb +17 -2
data/template/iam-user.rb +4 -4
data/template/kinesis-firehose-delivery-stream.rb +36 -0
data/template/kinesis-stream.rb +21 -0
data/template/kms-alias.rb +2 -2
data/template/kms-key.rb +1 -1
data/template/lambda-alias.rb +2 -2
data/template/lambda-event-source-mapping.rb +4 -4
data/template/lambda-function.rb +17 -17
data/template/lambda-permission.rb +31 -10
data/template/lambda-version.rb +4 -2
data/template/logs-destination.rb +1 -1
data/template/logs-log-group.rb +1 -1
data/template/logs-log-stream.rb +4 -2
data/template/logs-metric-filter.rb +1 -1
data/template/logs-subscription_filter.rb +1 -1
data/template/mappings-ec2.rb +114 -52
data/template/output-arn.rb +12 -4
data/template/output-certificate.rb +11 -0
data/template/output-distribution.rb +11 -0
data/template/output-domain-name.rb +11 -0
data/template/output-ecr-repository.rb +16 -0
data/template/output-eip.rb +11 -0
data/template/output-lambda-function.rb +6 -0
data/template/output-name.rb +7 -2
data/template/output-origin-access-identity.rb +13 -0
data/template/output-rds-cluster.rb +17 -0
data/template/{output-rds.rb → output-rds-instance.rb} +1 -1
data/template/output-redshift.rb +11 -0
data/template/output-rest-api.rb +11 -0
data/template/output-s3.rb +3 -0
data/template/output-stage.rb +19 -0
data/template/output-subnet.rb +6 -3
data/template/output-trail.rb +14 -0
data/template/output-user-pool-client.rb +14 -0
data/template/output-user-pool.rb +17 -0
data/template/output-vpc.rb +13 -3
data/template/output.rb +3 -2
data/template/parameter-ec2.rb +10 -4
data/template/parameter-elasticache.rb +1 -1
data/template/parameter-rds.rb +51 -4
data/template/parameter-redshift.rb +31 -1
data/template/parameter.rb +87 -7
data/template/rds-db-cluster-parameter-group.rb +18 -4
data/template/rds-db-cluster.rb +19 -7
data/template/rds-db-instance.rb +55 -131
data/template/rds-db-parameter-group.rb +29 -3
data/template/rds-db-subnet-group.rb +1 -1
data/template/rds-event-subscription.rb +2 -4
data/template/rds-option-group.rb +28 -5
data/template/redshift-cluster-parameter-group.rb +3 -1
data/template/redshift-cluster-security-group.rb +17 -0
data/template/redshift-cluster-subnet-group.rb +3 -1
data/template/redshift-cluster.rb +15 -12
data/template/s3-bucket.rb +10 -5
data/template/sns-topic.rb +2 -2
data/template/sqs-queue.rb +1 -1
data/test/abstract_unit.rb +2 -9
data/test/cloudfront_test.rb +57 -28
data/test/codedeploy_test.rb +21 -0
data/test/datapipeline_test.rb +0 -22
data/test/ec2_test.rb +12 -52
data/test/ecs_test.rb +30 -26
data/test/emr_test.rb +101 -20
data/test/events_test.rb +47 -0
data/test/helper_test.rb +251 -281
data/test/iam_test.rb +572 -57
data/test/lambda_test.rb +1 -1
data/test/s3_test.rb +49 -14
data/test/template/alb-load-balancer_test.rb +4 -5
data/test/template/alb-target-group_test.rb +1 -3
data/test/template/api-gateway-account_test.rb +26 -0
data/test/template/api-gateway-api-key_test.rb +33 -0
data/test/template/api-gateway-authorizer_test.rb +62 -0
data/test/template/api-gateway-base-path-mapping_test.rb +27 -0
data/test/template/api-gateway-client-certificate_test.rb +21 -0
data/test/template/api-gateway-deployment_test.rb +27 -0
data/test/template/api-gateway-domain-name_test.rb +26 -0
data/test/template/api-gateway-method_test.rb +29 -0
data/test/template/api-gateway-model_test.rb +37 -0
data/test/template/api-gateway-resource_test.rb +82 -0
data/test/template/api-gateway-rest-api_test.rb +33 -0
data/test/template/api-gateway-stage_test.rb +39 -0
data/test/template/api-gateway-usage-plan-key_test.rb +25 -0
data/test/template/api-gateway-usage-plan_test.rb +42 -0
data/test/template/cloudfront-distribution_test.rb +41 -3
data/test/template/cloudtrail_test.rb +13 -5
data/test/template/cloudwatch-alarm_test.rb +14 -2
data/test/template/codebuild-project_test.rb +2 -11
data/test/template/codecommit-repository_test.rb +12 -1
data/test/template/cognito-identity-pool_test.rb +32 -0
data/test/template/cognito-identity-role-attachment_test.rb +38 -0
data/test/template/cognito-user-pool-client_test.rb +36 -0
data/test/template/cognito-user-pool-group_test.rb +36 -0
data/test/template/cognito-user-pool-user-to-group-attachment_test.rb +29 -0
data/test/template/cognito-user-pool-user_test.rb +38 -0
data/test/template/cognito-user-pool_test.rb +99 -0
data/test/template/datapipeline-pipeline_test.rb +45 -6
data/test/template/dynamodb-table_test.rb +19 -1
data/test/template/ec2-instance_test.rb +9 -1
data/test/template/ec2-nat-gateway_test.rb +29 -1
data/test/template/ec2-security-group-egress_test.rb +1 -0
data/test/template/ec2-security-group-ingress_test.rb +1 -0
data/test/template/ec2-security-group_test.rb +11 -1
data/test/template/ec2-spot-fleet_test.rb +1 -1
data/test/template/ec2-subnet_test.rb +62 -1
data/test/template/ec2-vpc-cidr-block_test.rb +1 -1
data/test/template/ec2-vpc-endpoint_test.rb +56 -0
data/test/template/ecr-repository_test.rb +63 -11
data/test/template/ecs-service_test.rb +13 -2
data/test/template/ecs-task-definition_test.rb +86 -13
data/test/template/elasticache-cache-cluster_test.rb +4 -6
data/test/template/elasticache-replication-group_test.rb +1 -1
data/test/template/elasticbeanstalk-application-version_test.rb +1 -0
data/test/template/elasticbeanstalk-application_test.rb +2 -1
data/test/template/elasticbeanstalk-configuration-template_test.rb +2 -1
data/test/template/elasticbeanstalk-template_test.rb +1 -0
data/test/template/elb-load-balancer_test.rb +1 -3
data/test/template/emr-cluster_test.rb +2 -14
data/test/template/emr-instance-group-config_test.rb +2 -4
data/test/template/emr-security-configuration_test.rb +34 -0
data/test/template/emr-step_test.rb +2 -6
data/test/template/events-rule_test.rb +3 -3
data/test/template/iam-group_test.rb +11 -1
data/test/template/iam-instance-profile_test.rb +11 -1
data/test/template/iam-managed-policy_test.rb +1 -0
data/test/template/iam-policy_test.rb +1 -3
data/test/template/iam-role_test.rb +12 -2
data/test/template/iam-user_test.rb +11 -17
data/test/template/kinesis-firehorse-delivery-stream_test.rb +68 -0
data/test/template/kinesis-stream_test.rb +61 -0
data/test/template/kms-key_test.rb +1 -0
data/test/template/lambda-alias_test.rb +2 -3
data/test/template/lambda-event-source-mapping_test.rb +1 -1
data/test/template/lambda-function_test.rb +20 -32
data/test/template/lambda-permission_test.rb +7 -4
data/test/template/lambda-version_test.rb +5 -2
data/test/template/logs-log-group_test.rb +1 -3
data/test/template/logs-log-stream_test.rb +2 -6
data/test/template/logs-metric-filter_test.rb +1 -3
data/test/template/logs-subscription-filter_test.rb +1 -3
data/test/template/mappings-ec2_test.rb +10 -3
data/test/template/output-domain-name_test.rb +30 -0
data/test/template/output-name_test.rb +9 -0
data/test/template/{output-rds_test.rb → output-rds-instance_test.rb} +2 -2
data/test/template/output-rest-api_test.rb +30 -0
data/test/template/output-s3_test.rb +9 -0
data/test/template/output-stage_test.rb +43 -0
data/test/template/output-user-pool-client_test.rb +39 -0
data/test/template/output-user-pool_test.rb +48 -0
data/test/template/output_test.rb +3 -1
data/test/template/parameter-ec2_test.rb +22 -24
data/test/template/parameter-elasticache_test.rb +2 -1
data/test/template/parameter-rds_test.rb +32 -3
data/test/template/parameter-redshift_test.rb +31 -2
data/test/template/parameter_test.rb +37 -4
data/test/template/rds-db-cluster-parameter-group_test.rb +1 -1
data/test/template/rds-db-cluster_test.rb +4 -20
data/test/template/rds-db-instance_test.rb +3 -373
data/test/template/rds-db-parameter-group_test.rb +1 -1
data/test/template/rds-option-group_test.rb +2 -2
data/test/template/redshift-cluster-parameter-group_test.rb +28 -0
data/test/template/redshift-cluster-security-group_test.rb +49 -0
data/test/template/redshift-cluster-subnet-group_test.rb +28 -0
data/test/template/redshift-cluster_test.rb +33 -5
data/test/template/s3-bucket_test.rb +6 -20
metadata +130 -22

data/template/iam-role.rb CHANGED Viewed

@@ -4,6 +4,21 @@
 #
 require 'kumogata/template/helper'
 require 'kumogata/template/iam'
+require 'kumogata/template/kinesis'
+require 'kumogata/template/pinpoint'
+args[:managed_policies].collect!{|v| "service-role/#{v}" } if args.key? :managed_policies
+args[:policies].each_with_index do |v, i|
+  next unless v.key? :type
+  case v[:type]
+  when /^kinesis firehose/
+    args[:policies][i][:document] = _kinesis_firehose_to_delivery_stream_role(v[:document])
+  when /^pinpoint kinesis stream/
+    args[:policies][i][:document] = _pinpoint_to_kinesis_stream_role(v[:document])
+  when /^pinpoint kinesis firehose/
+    args[:policies][i][:document] = _pinpoint_to_kinesis_firehose_delivery_stream_role(v[:document])
+  end
+end if args.key? :policies
 name = _resource_name(args[:name], "role")
 policy = _iam_assume_role_policy_document(args)
@@ -15,7 +30,7 @@ managed_policies =
   end
 path = args[:path] || "/"
 policies = _iam_policies("policies", args)
-role_name = _real_name("role", args)
+role = _name("role", args)
 _(name) do
   Type "AWS::IAM::Role"
@@ -27,6 +42,6 @@ _(name) do
     ManagedPolicyArns managed_policies unless managed_policies.empty?
     Path path
     Policies policies unless policies.empty?
-    RoleName role_name if role_name
+    RoleName role
   end
 end

data/template/iam-user.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'kumogata/template/helper'
 require 'kumogata/template/iam'
 name = _resource_name(args[:name], "user")
-group = _ref_array("group", args)
+groups = _ref_array("groups", args, "group")
 login_profile =
   if args.key? :login_profile
     _iam_login_profile(args[:login_profile])
@@ -21,16 +21,16 @@ managed_policies =
   end
 path = args[:path] || "/"
 policies = _iam_policies("policies", args)
-user = _real_name("user", args)
+user = _name("user", args)
 _(name) do
   Type "AWS::IAM::User"
   Properties do
-    Group group unless group.empty?
+    Groups groups unless groups.empty?
     LoginProfile login_profile unless login_profile.empty?
     ManagedPolicyArns managed_policies unless managed_policies.empty?
     Path path
     Policies policies unless policies.empty?
-    UserName user if user
+    UserName user
   end
 end

data/template/kinesis-firehose-delivery-stream.rb ADDED Viewed

@@ -0,0 +1,36 @@
+#
+# Kinesis Firehose Delivery System resource
+# http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesisfirehose-deliverystream.html
+#
+require 'kumogata/template/helper'
+require 'kumogata/template/kinesis'
+name = _resource_name(args[:name], 'kinesis firehose delivery stream')
+stream_name = _name('stream', args)
+stream_type = _kinesis_firehose_to_delivery_stream_type(args[:type])
+elasticsearch = _kinesis_firehose_delivery_stream_elasticsearch_destination(args[:es])
+extended_s3 = _kinesis_firehose_delivery_stream_extended_s3_destination(args[:extended_s3])
+kinesis = _kinesis_firehose_delivery_stream_kinesis_stream_source(args[:kinesis])
+redshift = _kinesis_firehose_delivery_stream_redshift_destination(args[:redshift])
+s3_dest = _kinesis_firehose_delivery_stream_s3_destnation(args[:s3_dest])
+depends = _depends([ { ref_log_stream: 'logs log stream' } ], args)
+if stream_type == 'KinesisStreamAsSource'
+  elasticsearch = ''
+  extended_s3 = ''
+  redshift = ''
+end
+_(name) do
+  Type 'AWS::KinesisFirehose::DeliveryStream'
+  Properties do
+    DeliveryStreamName stream_name
+    DeliveryStreamType stream_type
+    ElasticsearchDestinationConfiguration elasticsearch unless elasticsearch.empty?
+    ExtendedS3DestinationConfiguration extended_s3 unless extended_s3.empty?
+    KinesisStreamSourceConfiguration kinesis unless kinesis.empty?
+    RedshiftDestinationConfiguration redshift unless redshift.empty?
+    S3DestinationConfiguration s3_dest unless s3_dest.empty?
+  end
+  DependsOn depends unless depends.empty?
+end

data/template/kinesis-stream.rb ADDED Viewed

@@ -0,0 +1,21 @@
+#
+# Kinesis stream resource
+# http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesis-stream.html
+#
+require 'kumogata/template/helper'
+name = _resource_name(args[:name], 'kinesis stream')
+stream = _name('stream', args)
+rentention = args[:rentention] || 24
+shard = args[:shard] || 1
+tags = _tags(args, 'stream')
+_(name) do
+  Type 'AWS::Kinesis::Stream'
+  Properties do
+    Name stream
+    RetentionPeriodHours rentention
+    ShardCount shard
+    Tags tags
+  end
+end

data/template/kms-alias.rb CHANGED Viewed

@@ -5,8 +5,8 @@
 require 'kumogata/template/helper'
 name = _resource_name(args[:name], "kms alias")
-alias_name = _ref_name("alias", args)
-target = _ref_name("target", args)
+alias_name = _name("alias", args)
+target = _name("target", args)
 _(name) do
   Type "AWS::KMS::Alias"

data/template/kms-key.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'kumogata/template/helper'
 require 'kumogata/template/iam'
 name = _resource_name(args[:name], "kms key")
-description = args[:description] || ""
+description = _ref_string_default('description', args, '', "#{args[:name]} kms key description")
 enabled = _bool("enabled", args, true)
 rotation = _bool("rotation", args, false)
 policy = _iam_policy_document("policy", args)

data/template/lambda-alias.rb CHANGED Viewed

@@ -5,10 +5,10 @@
 require 'kumogata/template/helper'
 name = _resource_name(args[:name], "lambda alias")
-description = args[:description] || ""
+description = _ref_string_default("description", args, '', "#{args[:name]} lambda alias description")
 function_name = _ref_attr_string("function_name", "Arn", args, "lambda function")
 function_version = _ref_attr_string("function_version", "Version", args, "lambda version")
-alias_name = _ref_name("alias_name", args)
+alias_name = _name("alias_name", args)
 _(name) do
   Type "AWS::Lambda::Alias"

data/template/lambda-event-source-mapping.rb CHANGED Viewed

@@ -7,8 +7,8 @@ require 'kumogata/template/helper'
 name = _resource_name(args[:name], "lambda event source mapping")
 batch_size = args[:batch_size] || 100
 enabled = _bool("enabled", args, true)
-event_source = _ref_attr_string("event_source", "Arn", args, args[:event_source_prefix])
-function_name = _ref_attr_string("function_name", "Arn", args, "lambda function")
+event = _ref_attr_string("event", "Arn", args, args[:event_prefix])
+function = _ref_attr_string("function", "Arn", args, "lambda function")
 starting_position = _valid_values(args[:starting_position],
                                   %w( trim_horizon latest ), "latest")
@@ -17,8 +17,8 @@ _(name) do
   Properties do
     BatchSize batch_size
     Enabled enabled
-    EventSourceArn event_source
-    FunctionName function_name
+    EventSourceArn event
+    FunctionName function
     StartingPosition starting_position.upcase
   end
 end

data/template/lambda-function.rb CHANGED Viewed

@@ -8,30 +8,28 @@ require 'kumogata/template/lambda'
 name = _resource_name(args[:name], "lambda function")
 code = _lambda_function_code(args)
 dead_letter = _lambda_dead_letter(args)
-description = args[:description] || ""
+description = _ref_string_default("description", args, '', "#{args[:name]} lambda function description")
 environment = _lambda_function_environment(args)
-function_name = args[:function_name] || ""
-runtime = _valid_values(args[:runtime],
-                        %w( nodejs nodejs4.3 java8 python2.7 ), "nodejs")
+function = _name("function", args)
+runtime = _lambda_to_runtime(args[:runtime])
+handler_index = args[:handler] || 'lambda'
 handler =
-  if args.key? :handler
-    args[:handler]
+  case runtime
+  when /^nodejs/
+    "#{handler_index}.handler"
+  when /^python/
+    "#{handler_index}.handler"
   else
-    case runtime
-    when /^nodejs/
-      "#{args[:function_name]}.handler"
-    when /^python/
-      "#{args[:function_name]}.lambda_handler"
-    else
-      args[:handler]
-    end
+    'lambda.handler'
   end
 memory_size = args[:memory_size] || 128
 role = _ref_attr_string("role", "Arn", args, "role")
 role = _ref_string("role_arn", args, "role") if role.empty?
-timeout = args[:timeout] || 3
+timeout = args[:timeout] || 300
+trace = _lambda_trace_config(args)
 vpc_config = _lambda_vpc_config(args)
-tags = _tags(args)
+tags = _tags(args, "function")
+depends = _depends([ { ref_role: 'role' } ], args)
 _(name) do
   Type "AWS::Lambda::Function"
@@ -40,14 +38,16 @@ _(name) do
     DeadLetterConfig dead_letter unless dead_letter.empty?
     Description description unless description.empty?
     Environment environment unless environment.empty?
-    FunctionName function_name unless function_name.empty?
+    FunctionName function
     Handler handler
     #KmsKeyArn
     MemorySize memory_size
     Role role
     Runtime runtime
     Timeout timeout
+    TracingConfig trace unless trace.empty?
     VpcConfig vpc_config unless vpc_config.empty?
     Tags tags
   end
+  DependsOn depends unless depends.empty?
 end

data/template/lambda-permission.rb CHANGED Viewed

@@ -3,24 +3,45 @@
 # http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html
 #
 require 'kumogata/template/helper'
+require 'kumogata/template/iam'
 name = _resource_name(args[:name], "lambda permission")
-action = args[:action] || "lambda:*"
-function_name = _ref_attr_string("function_name", "Arn", args, "lambda function")
-principal = _valid_values(args[:principal],
-                          %w( s3.amazonaws.com sns.amazonaws.com ),
-                          "sns.amazonaws.com")
+action = args[:action] || 'invoke function'
+function = _ref_attr_string("function", "Arn", args, "lambda function", 'arn')
+principal = args[:principal]
 source_account = _ref_string("source_account", args, "account id")
-source_prefix = (principal == "s3.amazonaws") ? "bucket" : "topic"
-source_arn = _ref_string("source_arn", args, source_prefix)
+source_account = _ref_pseudo('account id') if source_account.empty? and principal == 's3'
+source_arn_prefix =
+  case principal
+  when 's3'
+    'bucket'
+  when 'sns'
+    'topic'
+  when 'events'
+    'events rule'
+    # TBD
+  else
+    ''
+  end
+source_arn =
+  case principal
+  when 'sns'
+    _ref_string("source_arn", args, source_arn_prefix)
+  else
+    _ref_attr_string('source_arn', 'Arn', args, source_arn_prefix)
+  end
+source_arn = _iam_arn("s3", { ref: args[:ref_iam_source_arn] }) if args.key? :ref_iam_source_arn and principal =~ /s3/ and source_arn.empty?
+depends = _depends([ { ref_function: 'lambda function' } ], args)
 _(name) do
   Type "AWS::Lambda::Permission"
   Properties do
-    Action action
-    FunctionName function_name
-    Principal principal
+    Action "lambda:#{_capitalize(action)}"
+    FunctionName function
+    Principal "#{principal}.#{DOMAIN}"
     SourceAccount source_account unless source_account.empty?
     SourceArn source_arn unless source_arn.empty?
   end
+  DependsOn depends unless depends.empty?
 end

data/template/lambda-version.rb CHANGED Viewed

@@ -7,13 +7,15 @@ require 'kumogata/template/helper'
 name = _resource_name(args[:name], "lambda version")
 code_sha256 = args[:code_sha256] || ""
 description = args[:description] || ""
-function_name = _ref_attr_string("function_name", "Arn", args, "lambda function")
+function = _ref_attr_string("function", "Arn", args, "lambda function")
+depends = _depends([ { ref_function: 'lambda function' } ], args)
 _(name) do
   Type "AWS::Lambda::Version"
   Properties do
     CodeSha256 code_sha256 unless code_sha256.empty?
     Description description unless description.empty?
-    FunctionName function_name
+    FunctionName function
   end
+  DependsOn depends unless depends.empty?
 end

data/template/logs-destination.rb CHANGED Viewed

@@ -7,7 +7,7 @@ require 'kumogata/template/iam'
 require 'kumogata/template/logs'
 name = _resource_name(args[:name], "logs destination")
-dest = _ref_name("dest", args)
+dest = _name("dest", args)
 policy = _iam_policy_document("policy", args)
 role = _ref_attr_string("role", "Arn", args, "role")
 target = _iam_arn("kinesis", args[:target].merge(type: "stream"))

data/template/logs-log-group.rb CHANGED Viewed

@@ -6,7 +6,7 @@ require 'kumogata/template/helper'
 require 'kumogata/template/logs'
 name = _resource_name(args[:name], "logs log group")
-group = _ref_name("group", args)
+group = _name("group", args)
 rentention = args[:rentention] || 365
 _(name) do

data/template/logs-log-stream.rb CHANGED Viewed

@@ -6,8 +6,9 @@ require 'kumogata/template/helper'
 require 'kumogata/template/logs'
 name = _resource_name(args[:name], "logs log stream")
-group = _ref_name("group", args)
-stream = _ref_name("stream", args)
+group = _name("group", args)
+stream = _name("stream", args)
+depends = _depends([ { ref_log_group: 'logs log group' } ], args)
 _(name) do
   Type "AWS::Logs::LogStream"
@@ -15,4 +16,5 @@ _(name) do
     LogGroupName group
     LogStreamName stream
   end
+  DependsOn depends unless depends.empty?
 end

data/template/logs-metric-filter.rb CHANGED Viewed

@@ -8,7 +8,7 @@ require 'kumogata/template/logs'
 name = _resource_name(args[:name], "logs metric filter")
 # pattern ex. [timestamps, ip_addresses, error_codes = 1234*, size, ...]
 pattern = args[:pattern]
-group = _ref_name("group", args)
+group = _name("group", args)
 trans = _logs_metric_filter_transformations(args)
 _(name) do

data/template/logs-subscription_filter.rb CHANGED Viewed

@@ -10,7 +10,7 @@ dest = _ref_attr_string("dest", "Arn", args, "role")
 # Filter and Pattern Syntax
 # http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
 pattern = args[:pattern]
-group = _ref_name("group", args)
+group = _name("group", args)
 role = _ref_attr_string("role", "Arn", args, "role")
 _(name) do

data/template/mappings-ec2.rb CHANGED Viewed

@@ -6,93 +6,155 @@ require 'kumogata/template/helper'
 AWSInstanceType2Arch do
   EC2_INSTANCE_TYPES.each do |type|
     _(type) do
-      Arch "HVM64"
+      Arch 'HVM64'
     end
   end
 end
-# Amazon Linux AMI (HVM / 64-bit)
+# Amazon Linux AMI x86_64 HVM GP2
 # https://aws.amazon.com/marketplace/pp/B00CIYTQTC/
 AWSRegionArch2AMIAmazonLinuxOfficial do
-  # 2017.03.0.20170417, released 04/19/2017
+  # 2017.09.1.20180115, released 01/15/2018
   image_id = {
-    virginia:   "c58c1dd3",
-    ohio:       "4191b524",
-    california: "7a85a01a",
-    oregon:     "4836a428",
-    canada:     "0bd66a6f",
-    ireland:    "01ccc867",
-    frankfurt:  "b968bad6",
-    london:     "b6daced2",
-    tokyo:      "923d12f5",
-    seoul:      "9d15c7f3",
-    singapore:  "fc5ae39f",
-    sydney:     "162c2575",
-    mumbai:     "52c7b43d",
-    saopaulo:   "37cfad5b",
+    virginia:   '97785bed',
+    ohio:       'f63b1193',
+    california: '824c4ee2',
+    oregon:     'f2d3638a',
+    canada:     'a954d1cd',
+    frankfurt:  '5652ce39',
+    ireland:    'd834aba1',
+    london:     '403e2524',
+    paris:      '8ee056f3',
+    singapore:  '68097514',
+    sydney:     '942dd1f6',
+    seoul:      '863090e8',
+    tokyo:      'ceafcba8',
+    mumbai:     '531a4c3c',
+    saopaulo:   '84175ae8',
   }
   AWS_REGION.each do |key, region|
     _(region) do
       HVM64 "ami-#{image_id[key]}"
-    end
+    end if key !~ /local/
+  end
+end
+# Amazon Linux 2 AMI x86_64 HVM GP2
+# https://aws.amazon.com/amazon-linux-2/release-notes/
+# for r in $(aws --profile <profile> --output text ec2 describe-regions --query 'Regions[].RegionName'); do i=$(aws --profile <profile> --region $r --output text ec2 describe-images --owners amazon --filters Name=name,Values="amzn2-ami-hvm*gp2" --query 'Images[].[Name, ImageId]'); echo "$r: \"$i\""; done
+AWSRegionArch2AMIAmazonLinux2Official do
+  # 2017.12.0.20180115
+  image_id = {
+    virginia:   '428aa838',
+    ohio:       '710e2414',
+    california: '4a787a2a',
+    oregon:     '7f43f307',
+    canada:     '7549cc11',
+    frankfurt:  '1b2bb774',
+    ireland:    'db1688a2',
+    london:     '6d263d09',
+    paris:      '5ce55321',
+    singapore:  '4f89f533',
+    sydney:     '38708c5a',
+    seoul:      '3e04a450',
+    tokyo:      'c2680fa4',
+    mumbai:     '3b2f7954',
+    saopaulo:   'f1337e9d',
+  }
+  AWS_REGION.each do |key, region|
+    _(region) do
+      HVM64 "ami-#{image_id[key]}"
+    end if key !~ /local/
   end
 end
-# CentOS 7 (x86_64) with Updates HVM
+# CentOS 7 x86_64 with Updates HVM
 # https://wiki.centos.org/Cloud/AWS
 # https://aws.amazon.com/marketplace/pp/B00O7WM7QW/
 AWSRegionArch2AMICentos7Official do
-  # 1704, released 05/15/2017
+  # 18001_01, released 01/14/2018
   image_id = {
-    virginia:   "46c1b650",
-    ohio:       "18f8df7d",
-    california: "f5d7f195",
-    oregon:     "f4533694",
-    canada:     "28823e4c",
-    ireland:    "061b1560",
-    frankfurt:  "fa2df395",
-    london:     "e05a4d84",
-    tokyo:      "29d1e34e",
-    seoul:      "08e93466",
-    singapore:  "7d2eab1e",
-    sydney:     "34171d57",
-    mumbai:     "3c0e7353",
-    saopaulo:   "b31a75df",
+    virginia:   '4bf3d731',
+    ohio:       'e1496384',
+    california: '65e0e305',
+    oregon:     'a042f4d8',
+    canada:     'dcad28b8',
+    frankfurt:  '337be65c',
+    ireland:    '6e28b517',
+    london:     'ee6a718a',
+    paris:      'bfff49c2',
+    singapore:  'd2fa88ae',
+    sydney:     'b6bb47d4',
+    seoul:      '7248e81c',
+    tokyo:      '25bd2743',
+    mumbai:     '5d99ce32',
+    saopaulo:   'f9adef95',
   }
   AWS_REGION.each do |key, region|
     _(region) do
       HVM64 "ami-#{image_id[key]}"
-    end
+    end if key !~ /local/
   end
 end
-# Ubuntu Server 16.04 LTS
+# Ubuntu 16.04 LTS - Xenial (HVM)
 # https://cloud-images.ubuntu.com/locator/ec2/
 # https://aws.amazon.com/marketplace/pp/B01JBL2M0O
 AWSRegionArch2AMIUbuntu16Official do
-  # 20170411, released 04/11/2017
+  # 16.04 LTS 2018022, released 03/06/2018
   image_id = {
-    virginia:   "e4139df2",
-    ohio:       "33ab8f56",
-    california: "30476250",
-    oregon:	"17ba2a77",
-    canada:     "9eee52fa",
-    ireland:    "b5a893d3",
-    frankfurt:  "1b4d9e74",
-    london:     "4d3a2e29",
-    tokyo:      "c9e3c0ae",
-    seoul:      "3cda0852",
-    singapore:  "6e74ca0d",
-    sydney:     "92e8e6f1",
-    mumbai:     "",  ## N/A
-    saopaulo:   "36187a5a",
+    virginia:   'b46295c9',
+    ohio:       'f6cef993',
+    california: 'c16862a1',
+    oregon:	'1c1d9664',
+    canada:     '919b1cf5',
+    frankfurt:  '6283ef0d',
+    ireland:    '70054309',
+    london:     'be4aaed9',
+    paris:      '5563d528',
+    singapore:  '8f4f05f3',
+    sydney:     'ed77b18f',
+    seoul:      'e546eb8b',
+    tokyo:      '64612102',
+    mumbai:     '00000000',  ## N/A
+    saopaulo:   '4a733826',
   }
   AWS_REGION.each do |key, region|
     _(region) do
       HVM64 "ami-#{image_id[key]}"
-    end
+    end if key !~ /local/ and !image_id[key].empty?
+  end
+end
+# Amazon Linux AMI 2017.09.i x86_64 ECS HVM GP2
+# http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI_launch_latest.html
+AWSRegionArch2AMIEcsOfficial do
+  # 2017.09.j
+  image_id = {
+    ohio:       'ef64528a',
+    virginia:   'cad827b7',
+    oregon:	'baa236c2',
+    california: '29b8b249',
+    paris:      '0356e07e',
+    london:     '25f51242',
+    ireland:    '64c4871d',
+    frankfurt:  '3b7d1354',
+    seoul:      '3b19b455',
+    tokyo:      'bb5f13dd',
+    sydney:     'a677b6c4',
+    singapore:  'f88ade84',
+    canada:     'db48cfbf',
+    mumbai:     '9e91cff1',
+    saopaulo:   'da2c66b6',
+  }
+  AWS_REGION.each do |key, region|
+    _(region) do
+      HVM64 "ami-#{image_id[key]}" if region !~ /local/
+    end if key !~ /local/ and !image_id[key].empty?
   end
 end

data/template/output-arn.rb CHANGED Viewed

@@ -3,7 +3,15 @@
 #
 require 'kumogata/template/helper'
-_output "#{args[:name]} name", ref_value: args[:name],
-                               export: _export_string(args, "name")
-_output "#{args[:name]} arn", ref_value: [ args[:name], "Arn" ],
-                              export: _export_string(args, "arn")
+name =
+  if args.key? :resource
+    "#{args[:name]} #{args[:resource]}"
+  else
+    args[:name]
+  end
+_output "#{name} name", ref_value: name,
+                        export: _export_string(args, "name")
+_output "#{name} arn", ref_value: [ name, "Arn" ],
+                       export: _export_string(args, "arn")

data/template/output-certificate.rb ADDED Viewed

@@ -0,0 +1,11 @@
+#
+# Output access key
+#
+require 'kumogata/template/helper'
+_output "#{args[:name]} access key",
+        ref_value: "#{args[:name]} access key",
+        export: _export_string(args, "access key")
+_output "#{args[:name]} secret access key",
+        ref_value: [ "#{args[:name]} access key", "SecretAccessKey" ],
+        export: _export_string(args, "secret access key")

data/template/output-distribution.rb ADDED Viewed

@@ -0,0 +1,11 @@
+#
+# Output distribution
+#
+require 'kumogata/template/helper'
+_output "#{args[:name]} distribution",
+        ref_value: "#{args[:name]} distribution",
+        export: _export_string(args, "distribution")
+_output "#{args[:name]} distribution domain",
+        ref_value: [ "#{args[:name]} distribution", "DomainName" ],
+        export: _export_string(args, "distribution domain")

data/template/output-domain-name.rb ADDED Viewed

@@ -0,0 +1,11 @@
+#
+# Output domain name
+#
+require 'kumogata/template/helper'
+_output "#{args[:name]} domain name domain",
+        ref_value: "#{args[:name]} domain name",
+        export: _export_string(args, "domain name")
+_output "#{args[:name]} domain name distribution",
+        ref_value: [ "#{args[:name]} domain name", "DistributionDomainName" ],
+        export: _export_string(args, "domain name distribution")