RubyGems - kumogata-template - Versions diffs - 0.0.35 → 0.0.36 - Mend

kumogata-template 0.0.35 → 0.0.36

Files changed (278) hide show

checksums.yaml +5 -5
data/.travis.yml +4 -2
data/Gemfile +1 -1
data/Rakefile +1 -1
data/kumogata-template.gemspec +4 -4
data/lib/kumogata/template/alb.rb +48 -34
data/lib/kumogata/template/api-gateway.rb +262 -0
data/lib/kumogata/template/autoscaling.rb +17 -44
data/lib/kumogata/template/certificate.rb +11 -8
data/lib/kumogata/template/cloudfront.rb +67 -60
data/lib/kumogata/template/cloudwatch.rb +7 -12
data/lib/kumogata/template/codebuild.rb +4 -8
data/lib/kumogata/template/codecommit.rb +2 -6
data/lib/kumogata/template/codedeploy.rb +15 -0
data/lib/kumogata/template/cognito.rb +203 -0
data/lib/kumogata/template/const.rb +109 -47
data/lib/kumogata/template/datapipeline.rb +16 -47
data/lib/kumogata/template/dynamodb.rb +17 -8
data/lib/kumogata/template/ec2.rb +61 -10
data/lib/kumogata/template/ecr.rb +11 -9
data/lib/kumogata/template/ecs.rb +256 -91
data/lib/kumogata/template/elasticbeanstalk.rb +6 -9
data/lib/kumogata/template/elb.rb +9 -24
data/lib/kumogata/template/emr.rb +184 -51
data/lib/kumogata/template/events.rb +22 -10
data/lib/kumogata/template/ext/kumogata.rb +7 -7
data/lib/kumogata/template/helper.rb +189 -130
data/lib/kumogata/template/iam.rb +556 -146
data/lib/kumogata/template/kinesis.rb +282 -0
data/lib/kumogata/template/lambda.rb +43 -2
data/lib/kumogata/template/logs.rb +2 -6
data/lib/kumogata/template/nlb.rb +10 -0
data/lib/kumogata/template/pinpoint.rb +83 -0
data/lib/kumogata/template/rds.rb +52 -0
data/lib/kumogata/template/redshift.rb +15 -6
data/lib/kumogata/template/role.rb +425 -0
data/lib/kumogata/template/s3.rb +120 -80
data/lib/kumogata/template/sns.rb +2 -6
data/lib/kumogata/template/version.rb +1 -1
data/lib/kumogata/template.rb +9 -1
data/template/_template.rb +2 -2
data/template/alb-load-balancer.rb +5 -4
data/template/alb-target-group.rb +8 -9
data/template/api-gateway-account.rb +15 -0
data/template/api-gateway-api-key.rb +22 -0
data/template/api-gateway-authorizer.rb +38 -0
data/template/api-gateway-base-path-mapping.rb +23 -0
data/template/api-gateway-client-certificate.rb +16 -0
data/template/api-gateway-deployment.rb +24 -0
data/template/api-gateway-domain-name.rb +17 -0
data/template/api-gateway-method.rb +71 -0
data/template/api-gateway-model.rb +23 -0
data/template/api-gateway-resource.rb +32 -0
data/template/api-gateway-rest-api.rb +29 -0
data/template/api-gateway-stage.rb +33 -0
data/template/api-gateway-usage-plan-key.rb +19 -0
data/template/api-gateway-usage-plan.rb +24 -0
data/template/autoscaling-group.rb +2 -2
data/template/autoscaling-launch-configuration.rb +7 -4
data/template/autoscaling-scheduled-action.rb +0 -1
data/template/certificate.rb +2 -2
data/template/cloudfront-distribution.rb +4 -0
data/template/cloudfront-origin-access-identity.rb +19 -0
data/template/cloudtrail.rb +6 -4
data/template/cloudwatch-alarm.rb +9 -3
data/template/codebuild-project.rb +3 -3
data/template/codecommit-repository.rb +2 -2
data/template/codedeploy-application.rb +1 -1
data/template/codedeploy-deployment-config.rb +1 -1
data/template/codedeploy-deployment-group.rb +2 -0
data/template/cognito-identity-pool.rb +34 -0
data/template/cognito-identity-role-attachment.rb +22 -0
data/template/cognito-user-pool-client.rb +28 -0
data/template/cognito-user-pool-group.rb +24 -0
data/template/cognito-user-pool-user-to-group-attachment.rb +20 -0
data/template/cognito-user-pool-user.rb +28 -0
data/template/cognito-user-pool.rb +45 -0
data/template/datapipeline-pipeline.rb +4 -4
data/template/dynamodb-table.rb +5 -1
data/template/ec2-eip-association.rb +1 -1
data/template/ec2-instance.rb +4 -1
data/template/ec2-nat-gateway.rb +4 -0
data/template/ec2-route.rb +4 -0
data/template/ec2-security-group-ingress.rb +1 -1
data/template/ec2-security-group.rb +2 -2
data/template/ec2-subnet.rb +8 -4
data/template/ec2-volume.rb +1 -2
data/template/ec2-vpc-cidr-block.rb +4 -2
data/template/ec2-vpc-endpoint.rb +5 -2
data/template/ecr-repository.rb +2 -2
data/template/ecs-cluster.rb +1 -1
data/template/ecs-service.rb +19 -7
data/template/ecs-task-definition.rb +4 -4
data/template/elasticache-cache-cluster.rb +1 -1
data/template/elasticache-parameter-group.rb +1 -1
data/template/elasticache-replication-group.rb +1 -1
data/template/elasticache-subnet-group.rb +1 -1
data/template/elasticbeanstalk-application-version.rb +1 -1
data/template/elasticbeanstalk-application.rb +1 -1
data/template/elasticbeanstalk-configuration-template.rb +1 -1
data/template/elasticbeanstalk-environment.rb +1 -1
data/template/elb-load-balancer.rb +2 -2
data/template/emr-cluster.rb +3 -3
data/template/emr-instance-group-config.rb +4 -2
data/template/emr-security-configuration.rb +17 -0
data/template/emr-step.rb +2 -2
data/template/events-rule.rb +8 -8
data/template/iam-group.rb +2 -2
data/template/iam-instance-profile.rb +2 -2
data/template/iam-managed-policy.rb +1 -1
data/template/iam-policy.rb +1 -1
data/template/iam-role.rb +17 -2
data/template/iam-user.rb +4 -4
data/template/kinesis-firehose-delivery-stream.rb +36 -0
data/template/kinesis-stream.rb +21 -0
data/template/kms-alias.rb +2 -2
data/template/kms-key.rb +1 -1
data/template/lambda-alias.rb +2 -2
data/template/lambda-event-source-mapping.rb +4 -4
data/template/lambda-function.rb +17 -17
data/template/lambda-permission.rb +31 -10
data/template/lambda-version.rb +4 -2
data/template/logs-destination.rb +1 -1
data/template/logs-log-group.rb +1 -1
data/template/logs-log-stream.rb +4 -2
data/template/logs-metric-filter.rb +1 -1
data/template/logs-subscription_filter.rb +1 -1
data/template/mappings-ec2.rb +114 -52
data/template/output-arn.rb +12 -4
data/template/output-certificate.rb +11 -0
data/template/output-distribution.rb +11 -0
data/template/output-domain-name.rb +11 -0
data/template/output-ecr-repository.rb +16 -0
data/template/output-eip.rb +11 -0
data/template/output-lambda-function.rb +6 -0
data/template/output-name.rb +7 -2
data/template/output-origin-access-identity.rb +13 -0
data/template/output-rds-cluster.rb +17 -0
data/template/{output-rds.rb → output-rds-instance.rb} +1 -1
data/template/output-redshift.rb +11 -0
data/template/output-rest-api.rb +11 -0
data/template/output-s3.rb +3 -0
data/template/output-stage.rb +19 -0
data/template/output-subnet.rb +6 -3
data/template/output-trail.rb +14 -0
data/template/output-user-pool-client.rb +14 -0
data/template/output-user-pool.rb +17 -0
data/template/output-vpc.rb +13 -3
data/template/output.rb +3 -2
data/template/parameter-ec2.rb +10 -4
data/template/parameter-elasticache.rb +1 -1
data/template/parameter-rds.rb +51 -4
data/template/parameter-redshift.rb +31 -1
data/template/parameter.rb +87 -7
data/template/rds-db-cluster-parameter-group.rb +18 -4
data/template/rds-db-cluster.rb +19 -7
data/template/rds-db-instance.rb +55 -131
data/template/rds-db-parameter-group.rb +29 -3
data/template/rds-db-subnet-group.rb +1 -1
data/template/rds-event-subscription.rb +2 -4
data/template/rds-option-group.rb +28 -5
data/template/redshift-cluster-parameter-group.rb +3 -1
data/template/redshift-cluster-security-group.rb +17 -0
data/template/redshift-cluster-subnet-group.rb +3 -1
data/template/redshift-cluster.rb +15 -12
data/template/s3-bucket.rb +10 -5
data/template/sns-topic.rb +2 -2
data/template/sqs-queue.rb +1 -1
data/test/abstract_unit.rb +2 -9
data/test/cloudfront_test.rb +57 -28
data/test/codedeploy_test.rb +21 -0
data/test/datapipeline_test.rb +0 -22
data/test/ec2_test.rb +12 -52
data/test/ecs_test.rb +30 -26
data/test/emr_test.rb +101 -20
data/test/events_test.rb +47 -0
data/test/helper_test.rb +251 -281
data/test/iam_test.rb +572 -57
data/test/lambda_test.rb +1 -1
data/test/s3_test.rb +49 -14
data/test/template/alb-load-balancer_test.rb +4 -5
data/test/template/alb-target-group_test.rb +1 -3
data/test/template/api-gateway-account_test.rb +26 -0
data/test/template/api-gateway-api-key_test.rb +33 -0
data/test/template/api-gateway-authorizer_test.rb +62 -0
data/test/template/api-gateway-base-path-mapping_test.rb +27 -0
data/test/template/api-gateway-client-certificate_test.rb +21 -0
data/test/template/api-gateway-deployment_test.rb +27 -0
data/test/template/api-gateway-domain-name_test.rb +26 -0
data/test/template/api-gateway-method_test.rb +29 -0
data/test/template/api-gateway-model_test.rb +37 -0
data/test/template/api-gateway-resource_test.rb +82 -0
data/test/template/api-gateway-rest-api_test.rb +33 -0
data/test/template/api-gateway-stage_test.rb +39 -0
data/test/template/api-gateway-usage-plan-key_test.rb +25 -0
data/test/template/api-gateway-usage-plan_test.rb +42 -0
data/test/template/cloudfront-distribution_test.rb +41 -3
data/test/template/cloudtrail_test.rb +13 -5
data/test/template/cloudwatch-alarm_test.rb +14 -2
data/test/template/codebuild-project_test.rb +2 -11
data/test/template/codecommit-repository_test.rb +12 -1
data/test/template/cognito-identity-pool_test.rb +32 -0
data/test/template/cognito-identity-role-attachment_test.rb +38 -0
data/test/template/cognito-user-pool-client_test.rb +36 -0
data/test/template/cognito-user-pool-group_test.rb +36 -0
data/test/template/cognito-user-pool-user-to-group-attachment_test.rb +29 -0
data/test/template/cognito-user-pool-user_test.rb +38 -0
data/test/template/cognito-user-pool_test.rb +99 -0
data/test/template/datapipeline-pipeline_test.rb +45 -6
data/test/template/dynamodb-table_test.rb +19 -1
data/test/template/ec2-instance_test.rb +9 -1
data/test/template/ec2-nat-gateway_test.rb +29 -1
data/test/template/ec2-security-group-egress_test.rb +1 -0
data/test/template/ec2-security-group-ingress_test.rb +1 -0
data/test/template/ec2-security-group_test.rb +11 -1
data/test/template/ec2-spot-fleet_test.rb +1 -1
data/test/template/ec2-subnet_test.rb +62 -1
data/test/template/ec2-vpc-cidr-block_test.rb +1 -1
data/test/template/ec2-vpc-endpoint_test.rb +56 -0
data/test/template/ecr-repository_test.rb +63 -11
data/test/template/ecs-service_test.rb +13 -2
data/test/template/ecs-task-definition_test.rb +86 -13
data/test/template/elasticache-cache-cluster_test.rb +4 -6
data/test/template/elasticache-replication-group_test.rb +1 -1
data/test/template/elasticbeanstalk-application-version_test.rb +1 -0
data/test/template/elasticbeanstalk-application_test.rb +2 -1
data/test/template/elasticbeanstalk-configuration-template_test.rb +2 -1
data/test/template/elasticbeanstalk-template_test.rb +1 -0
data/test/template/elb-load-balancer_test.rb +1 -3
data/test/template/emr-cluster_test.rb +2 -14
data/test/template/emr-instance-group-config_test.rb +2 -4
data/test/template/emr-security-configuration_test.rb +34 -0
data/test/template/emr-step_test.rb +2 -6
data/test/template/events-rule_test.rb +3 -3
data/test/template/iam-group_test.rb +11 -1
data/test/template/iam-instance-profile_test.rb +11 -1
data/test/template/iam-managed-policy_test.rb +1 -0
data/test/template/iam-policy_test.rb +1 -3
data/test/template/iam-role_test.rb +12 -2
data/test/template/iam-user_test.rb +11 -17
data/test/template/kinesis-firehorse-delivery-stream_test.rb +68 -0
data/test/template/kinesis-stream_test.rb +61 -0
data/test/template/kms-key_test.rb +1 -0
data/test/template/lambda-alias_test.rb +2 -3
data/test/template/lambda-event-source-mapping_test.rb +1 -1
data/test/template/lambda-function_test.rb +20 -32
data/test/template/lambda-permission_test.rb +7 -4
data/test/template/lambda-version_test.rb +5 -2
data/test/template/logs-log-group_test.rb +1 -3
data/test/template/logs-log-stream_test.rb +2 -6
data/test/template/logs-metric-filter_test.rb +1 -3
data/test/template/logs-subscription-filter_test.rb +1 -3
data/test/template/mappings-ec2_test.rb +10 -3
data/test/template/output-domain-name_test.rb +30 -0
data/test/template/output-name_test.rb +9 -0
data/test/template/{output-rds_test.rb → output-rds-instance_test.rb} +2 -2
data/test/template/output-rest-api_test.rb +30 -0
data/test/template/output-s3_test.rb +9 -0
data/test/template/output-stage_test.rb +43 -0
data/test/template/output-user-pool-client_test.rb +39 -0
data/test/template/output-user-pool_test.rb +48 -0
data/test/template/output_test.rb +3 -1
data/test/template/parameter-ec2_test.rb +22 -24
data/test/template/parameter-elasticache_test.rb +2 -1
data/test/template/parameter-rds_test.rb +32 -3
data/test/template/parameter-redshift_test.rb +31 -2
data/test/template/parameter_test.rb +37 -4
data/test/template/rds-db-cluster-parameter-group_test.rb +1 -1
data/test/template/rds-db-cluster_test.rb +4 -20
data/test/template/rds-db-instance_test.rb +3 -373
data/test/template/rds-db-parameter-group_test.rb +1 -1
data/test/template/rds-option-group_test.rb +2 -2
data/test/template/redshift-cluster-parameter-group_test.rb +28 -0
data/test/template/redshift-cluster-security-group_test.rb +49 -0
data/test/template/redshift-cluster-subnet-group_test.rb +28 -0
data/test/template/redshift-cluster_test.rb +33 -5
data/test/template/s3-bucket_test.rb +6 -20
metadata +130 -22

data/lib/kumogata/template/role.rb ADDED Viewed

@@ -0,0 +1,425 @@
+#
+# AWS IAM Roles
+#
+COGNITO_AUTH_ROLE =
+  [
+   { service: "mobileanalytics", action: "push events" },
+   { services: %w( cognito-sync cognito-identity ) },
+  ]
+COGNITO_UNAUTH_ROLE =
+  [
+   { service: "mobileanalytics", action: "put events" },
+   { service: "cognito-sync" },
+  ]
+API_GATEWAY_CLOUDWATCH_LOGS =
+  [
+   {
+     service: "logs",
+     actions: [
+               "create log group", "create log stream",
+               "describe log grops", "describe log streams",
+               "get log evetns", "put log events", "filter log events",
+              ],
+     resource: "*",
+   },
+  ]
+PINPOINT_ADMIN_ROLE =
+  [
+   { services: %w( mobiletargeting mobileanalytics ) },
+   { service: "s3", action: "list all my buckets" },
+   {
+     service: "iam",
+     actions: [
+               "get policy",
+               "get policy version",
+               "list roles",
+               "list attached role policies",
+               "pass role",
+              ],
+   },
+   {
+     service: "kinesis",
+     actions: [
+               "describe stream",
+               "list streams",
+               "put records",
+              ],
+   },
+   {
+     service: "firehose",
+     actions: [
+               "describe delivery stream",
+               "list delivery streams",
+               "put record batch",
+              ],
+   },
+  ]
+ECS_INSTANCE_ROLE =
+  [
+   {
+     service: "ecs",
+     actions: [
+               "create cluster", "deregister container instance",
+               "discover poll endpoint", "poll",
+               "register container instance",
+               "start telemetry session",
+               "update container instances state",
+               "submit*",
+              ]
+   },
+   {
+     service: "ecr",
+     actions: [
+               "get authorization token",
+               "batch check layer availability",
+               "get download url for layer",
+               "batch get image",
+              ],
+   },
+   {
+     service: "logs",
+     actions: [
+               "create log group",
+               "create log stream",
+               "describe log groups",
+               "describe log streams",
+               "put log events",
+              ],
+     resource: "*",
+   },
+  ]
+ECS_SERVICE_ROLE =
+  [
+   {
+     service: "ec2",
+     actions: [
+               "authorize security group ingress",
+               "describe*",
+              ],
+   },
+   {
+     service: "elasticloadbalancing",
+     actions: [
+               "deregister instances from load balancer",
+               "deregister targets",
+               "describe*",
+               "register instances with load balancer",
+               "register targets",
+              ],
+   },
+  ]
+SSM_INSTANCE_ROLE =
+  [
+   {
+     service: "ssm",
+     actions: [
+               "describe instance information",
+               "describe association",
+               "list associations",
+               "get document",
+               "get parameters",
+               "list instance associations",
+               "update association status",
+               "update instance information",
+              ],
+   },
+   {
+     service: "ec2messages",
+     actions: [
+               "acknowledge message",
+               "delete message",
+               "fail message",
+               "get endpoint",
+               "get messages",
+               "send reply",
+              ],
+   },
+   {
+     service: "ds",
+     actions: [
+               "create computer",
+               "describe directories",
+              ],
+   },
+   {
+     service: "ec2",
+     actions: [
+               "describe instance status",
+              ],
+   },
+  ]
+KINESIS_FIREHOSE_DELIVERY_STREAM_ROLE =
+  [
+   {
+     service: 's3',
+     actions: [
+               'abort multipart upload',
+               'get bucket location',
+               'get object',
+               'list object',
+               'list object multipart uploads',
+               'put object',
+              ],
+     resources: [
+                 '%BUCKET_NAME%',
+                 '%BUCKET_NAME%/*',
+                ]
+   },
+   {
+     service: 'kinesis',
+     actions: [
+               'describe stream',
+               'get shard iterator',
+               'get records',
+              ],
+     resources: [
+                 { name: '%STREAM_NAME%' },
+               ],
+   },
+   {
+     service: 'kms',
+     actions: [
+               'decrypt',
+               'generate data key',
+              ],
+     resources: [
+                 {
+                   type: 'key',
+                   id: '%KEY%',
+                 },
+                ],
+     condition: [
+                 {
+                   '=': {
+                     'kms:ViaService': "s3.%REGION%.#{DOMAIN}",
+                   },
+                   '=~': {
+                     'kms:EncryptionContext:aws:s3:arn': 'arn:aws:s3:::%BUCKET_NAME%/%BUCKET_PREFIX%*',
+                   }
+                 },
+                ],
+   },
+   {
+     service: 'logs',
+     actions: [
+               'put log events',
+              ],
+     resources: [
+                 {
+                   type: 'log-group',
+                   name: '%LOG_GROUP_NAME%',
+                   stream: '%LOG_STREAM_NAME%',
+                 },
+                ],
+   },
+   {
+     service: 'lambda',
+     actions: [
+               'invoke function',
+               'get function configuration',
+              ],
+     resources: [
+                 {
+                   name: '%LAMBDA_FUNCTION_NAME%',
+                   'alias': '%LAMBDA_FUNCTION_ALIAS%'
+                 },
+                ],
+   },
+  ]
+PINPOINT_KINESIS_STREAM_ROLE =
+  [
+   {
+     service: 'kinesis',
+     actions: [
+               'put records',
+               'describe stream',
+              ],
+     resources: [
+                 {
+                   name: '%KINESIS_STREAM_NAME%',
+                 },
+                ],
+   },
+  ]
+PINPOINT_KINESIS_FIREHOSE_DELIVERY_STREAM_ROLE =
+  [
+   {
+     service: 'firehose',
+     actions: [
+               'describe delivery stream',
+               'put record batch',
+              ],
+     resources: [
+                 {
+                   name: '%FIREHOSE_DELIVERY_STREAM_NAME%',
+                 },
+     ],
+   },
+  ]
+# Datadog
+# https://docs.datadoghq.com/integrations/aws/#installation
+DATADOG_ROLE =
+  [
+   {
+     service: "autoscaling",
+     action: "describe*",
+   },
+   {
+     service: "budgets",
+     action: "view budget",
+   },
+   {
+     service: "cloudtrail",
+     actions: [
+               "describe trails",
+               "get trail status",
+              ],
+   },
+   {
+     service: "cloudwatch",
+     actions: [
+               "describe*",
+               "get*",
+               "list*",
+              ],
+   },
+   {
+     service: "codedeploy",
+     actions: [
+               "list*",
+               "batch get*",
+              ],
+   },
+   {
+     service: "dynamodb",
+     actions: [
+               "list*",
+               "describe*",
+               ],
+   },
+   {
+     service: "ec2",
+     actions: [
+               "describe*",
+               "get*",
+              ],
+   },
+   {
+     service: "ecs",
+     actions: [
+               "describe*",
+               "list*",
+              ],
+   },
+   {
+     service: "elasticache",
+     actions: [
+               "describe*",
+               "list*",
+              ],
+   },
+   {
+     service: "elasticfilesystem",
+     actions: [
+               "describe file systems",
+               "describe tags",
+             ],
+   },
+   {
+     service: "elasticloadbalancing",
+     actoin: "describe*",
+   },
+   {
+     service: "elasticmapreduce",
+     actions: [
+               "list*",
+               "describe*",
+               ],
+   },
+   {
+     service: "es",
+     actions: [
+               "list tags",
+               "list domain names",
+               "describe elasticsearch domains",
+              ],
+   },
+   {
+     service: "kinesis",
+     actions: [
+               "list*",
+               "describe*",
+              ],
+   },
+   {
+     service: "lambda",
+     action: "list*",
+   },
+   {
+     service: "logs",
+     actions: [
+               "get*",
+               "describe*",
+               "filter log events",
+               "test metric filter",
+              ],
+     resource: "*",
+   },
+   {
+     service: "rds",
+     actions: [
+               "describe*",
+               "list*",
+             ],
+   },
+   {
+     service: "route53",
+     action: "list*",
+   },
+   {
+     service: "s3",
+     actions: [
+               "get bucket tagging",
+               "list all my buckets",
+              ],
+   },
+   {
+     service: "ses",
+     action: "get*",
+   },
+   {
+     service: "sns",
+     actions: [
+               "list*",
+               "publish",
+              ],
+   },
+   {
+     service: "sqs",
+     action: "list queues",
+   },
+   {
+     service: "support",
+   },
+   {
+     service: "tag",
+     actions: [
+               "get resources",
+               "get tag keys",
+               "get tag values"
+              ],
+   }
+  ]
+DATADOG_ACCOUNT_ID = 464622532012