openstax_aws 1.0.0

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/TODO.md

@@ -0,0 +1 @@
+* "parameters" as template arguments and "parameters" as secrets in the parameter store is confusing?

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "openstax_aws"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/create_development_environment

@@ -0,0 +1,26 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "openstax_aws"
+
+REGION = 'us-east-2'
+
+OpenStax::Aws.configure do |config|
+  config.cfn_template_bucket_name = "openstax-sandbox-cfn-templates"
+  config.cfn_template_bucket_region = "us-west-2"
+  config.stack_waiter_delay = 10
+  config.fixed_s3_template_folder = "spec-templates"
+end
+
+stack = OpenStax::Aws::Stack.new({
+  name: "aws-ruby-development",
+  region: REGION,
+  absolute_template_path: File.join(__dir__, "templates/aws_ruby_development.yml"),
+  dry_run: false,
+})
+
+stack.create(wait: true, params: {
+  unique_name: "aws-ruby-dev-env",
+  image_id: "ami-0510c89f1a2691cf2", # See bin/get_latest_ubuntu_ami
+  key_name: "openstax-sandbox-kp"
+})

data/bin/get_latest_ubuntu_ami

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+# Returns the latest Ubuntu AMI from Canonical.  Change the AMI name
+# below to select a different Ubuntu version.  Example run:
+#
+# $> ./bin/get_latest_ubuntu_ami us-east-2
+
+require "bundler/setup"
+require "aws-sdk-ec2"
+
+client = Aws::EC2::Client.new(region: ARGV[0])
+
+result = client.describe_images({
+  owners: ['099720109477'],
+  filters: [
+    {
+      name: "name",
+      values: ["ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*"]
+    },
+    {
+      name: "virtualization-type",
+      values: ["hvm"]
+    },
+    {
+      name: "root-device-type",
+      values: ["ebs"]
+    }
+  ]
+})
+
+puts result.images.sort_by(&:name).last.image_id

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/bin/templates/aws_ruby_development.yml

@@ -0,0 +1,221 @@
+AWSTemplateFormatVersion: '2010-09-09'
+
+Description: aws-ruby development
+
+Parameters:
+
+  UniqueName:
+    Type: String
+
+  ImageId:
+    Description: AMI to use in the web server LaunchConfiguration
+    Type: AWS::EC2::Image::Id
+    ConstraintDescription: must be the id of a valid AMI
+
+  KeyName:
+    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: must be the name of an existing EC2 KeyPair
+
+Resources:
+
+  Vpc:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: 10.0.0.0/16
+      EnableDnsSupport: 'true'
+      EnableDnsHostnames: 'true'
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-vpc'
+        - Key: Project
+          Value: Unified
+        - Key: Application
+          Value: Search
+
+  Subnet1:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref 'Vpc'
+      CidrBlock: 10.0.1.0/24
+      MapPublicIpOnLaunch: 'true'
+      AvailabilityZone: !Select
+        - '0'
+        - !GetAZs
+          Ref: AWS::Region
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-sn1'
+
+  Subnet2:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref 'Vpc'
+      CidrBlock: 10.0.2.0/24
+      MapPublicIpOnLaunch: 'true'
+      AvailabilityZone: !Select
+        - '1'
+        - !GetAZs
+          Ref: AWS::Region
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-sn2'
+
+  Subnet3:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref 'Vpc'
+      CidrBlock: 10.0.3.0/24
+      MapPublicIpOnLaunch: 'true'
+      AvailabilityZone: !Select
+        - '2'
+        - !GetAZs
+          Ref: AWS::Region
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-sn3'
+
+  Gateway:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-igw'
+
+  GatewayAttachment:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      InternetGatewayId: !Ref 'Gateway'
+      VpcId: !Ref 'Vpc'
+
+  RouteTable:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId: !Ref 'Vpc'
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-rt'
+
+  InetTrafficRoute:
+    Type: AWS::EC2::Route
+    Properties:
+      DestinationCidrBlock: '0.0.0.0/0'
+      GatewayId: !Ref 'Gateway'
+      RouteTableId: !Ref 'RouteTable'
+
+  Subnet1RtAssoc:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      RouteTableId: !Ref 'RouteTable'
+      SubnetId: !Ref 'Subnet1'
+
+  Subnet2RtAssoc:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      RouteTableId: !Ref 'RouteTable'
+      SubnetId: !Ref 'Subnet2'
+
+  Subnet3RtAssoc:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      RouteTableId: !Ref 'RouteTable'
+      SubnetId: !Ref 'Subnet3'
+
+  ServerSecGrp:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: aws-ruby development server
+      VpcId: !Ref 'Vpc'
+      Tags:
+        - Key: Name
+          Value: !Sub '${AWS::StackName}-dev-sg'
+      SecurityGroupEgress:
+        - Description: all traffic allowed on all ports to anywhere
+          IpProtocol: '-1'
+          FromPort: '-1'
+          ToPort: '-1'
+          CidrIp: '0.0.0.0/0'
+      SecurityGroupIngress:
+        - Description: SSH on port 22 from bastion2 (IPv4)
+          IpProtocol: '6'
+          FromPort: '22'
+          ToPort: '22'
+          CidrIp: '128.42.169.79/32'
+
+  AsgInstanceRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - ec2.amazonaws.com
+            Action: sts:AssumeRole
+      Policies:
+        - PolicyName: !Sub '${UniqueName}-autoscaling'
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - autoscaling:DescribeAutoScalingInstances
+                Resource: "*"
+
+  AsgInstanceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties:
+      Roles:
+        - !Ref 'AsgInstanceRole'
+
+  Lc:
+    Type: AWS::AutoScaling::LaunchConfiguration
+    Properties:
+      ImageId: !Ref 'ImageId'
+      InstanceType: t3.nano
+      KeyName: !Ref 'KeyName'
+      SecurityGroups:
+        - !Ref 'ServerSecGrp'
+      SpotPrice: 0.0052 # set max at on-demand pricing
+      IamInstanceProfile: !Ref 'AsgInstanceProfile'
+      UserData:
+        Fn::Base64:
+          !Sub |
+            #!/bin/bash -x
+
+            cat >/home/ubuntu/install.sh <<CONTENT
+            #!/bin/bash
+
+            sudo apt update
+            sudo apt install ruby-full -y
+            sudo apt install git-core -y
+            sudo apt install build-essential -y
+            sudo apt install emacs-nox -y
+            sudo gem install bundler
+            git config --global core.editor "vim"
+
+            CONTENT
+
+            /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource \
+            Asg --region ${AWS::Region}
+
+  Asg:
+    Type: AWS::AutoScaling::AutoScalingGroup
+    Properties:
+      AutoScalingGroupName: !Sub "${UniqueName}-asg"
+      LaunchConfigurationName: !Ref 'Lc'
+      VPCZoneIdentifier:
+        - !Ref 'Subnet1'
+        - !Ref 'Subnet2'
+        - !Ref 'Subnet3'
+      DesiredCapacity: 1
+      MinSize: 0
+      MaxSize: 2
+      HealthCheckType: EC2
+      HealthCheckGracePeriod: 30
+    CreationPolicy:
+      ResourceSignal:
+        Count: 0
+        Timeout: PT5M
+

data/examples/deployment.rb

@@ -0,0 +1,90 @@
+require 'byebug'
+
+module OpenStax::Aws::SomeApp
+  class Deployment < OpenStax::Aws::DeploymentBase
+
+    stack :network
+    stack :redis
+    stack :app do
+      parameter_defaults do
+        web_server_desired_capacity '1'
+        secrets_namespace { secrets_namespace }
+      end
+      volatile_parameters do
+        web_server_desired_capacity { resource("Asg").desired_capacity }
+      end
+    end
+
+    def initialize(env_name:, region:, dry_run: true)
+      super(env_name: env_name, region: region, name: "some_name", dry_run: dry_run)
+    end
+
+    def create(app_image_id:, sha: nil)
+      network_stack.create
+      redis_stack.create
+
+      network_stack.wait_for_stack_creation
+      redis_stack.wait_for_stack_creation
+
+      create_parameters(deployed_app_sha: sha || image_sha(app_image_id))
+
+      app_stack.create(params: {
+        branch_name_or_sha: sha || "",
+        web_server_image_id: app_image_id,
+      })
+    end
+
+    def create_parameters(deployed_app_sha:)
+      redis_host = redis_stack.output_value(key: "ElastiCacheAddress")
+
+      parameters.create(
+        specifications: OpenStax::Aws::ParametersSpecification.from_git(
+          org_slash_repo: "openstax/some_app_repo",
+          sha: deployed_app_sha,
+          path: 'config/secrets.yml.example',
+          format: :yml,
+          top_key: :production
+        ),
+        substitutions: {
+          env_name: env_name,
+          redis_url: "redis://#{redis_host}:6379/0"
+        }
+      )
+    end
+
+    def delete
+      app_stack.delete
+      redis_stack.delete
+
+      app_stack.wait_for_stack_deletion
+      redis_stack.wait_for_stack_deletion
+
+      parameters.delete
+
+      network_stack.delete
+    end
+
+    def update_app_image(new_app_image_id:, dry_run: true)
+      app_stack.apply_change_set(params: {
+        web_server_image_id: new_app_image_id
+      })
+    end
+
+    protected
+
+    # A good way to handle deployment-wide stack parameter defaults
+    def parameter_default(parameter_name)
+      case parameter_name
+      when "HostedZoneName"
+        "something.domain.com"
+      when "KeyName"
+        "my-key-pair-on-aws"
+      end
+    end
+
+    def secrets_namespace
+      'some_name'
+    end
+
+  end
+end

data/ideas.md

@@ -0,0 +1,15 @@
+### Better declaration of stacks
+
+```ruby
+class MyDeployment < OpenStax::Aws::DeploymentBase
+    template_directory __dir__, "../../../cfn/search/"
+
+    # makes an attr_reader `elasticsearch_stack`
+    stack :elasticsearch, # can infer stack name
+          template_path: "elasticsearch.yml",
+          capabilities: [:iam],
+          default_parameters: -> {
+            env_name: env_name # could even have multiple passes of defaults, some set from DeploymentBase (e.g. env_name)
+          }
+end
+```

data/lib/openstax/aws/auto_scaling_group.rb

@@ -0,0 +1,28 @@
+module OpenStax::Aws
+  class AutoScalingGroup
+    attr_reader :raw_asg
+
+    delegate_missing_to :@raw_asg
+
+    def initialize(name:, region:)
+      @raw_asg = Aws::AutoScaling::AutoScalingGroup.new(
+        name: name,
+        client: Aws::AutoScaling::Client.new(region: region)
+      )
+    end
+
+    def increase_desired_capacity(by:)
+      # take the smaller of max size or desired+by (or this call raises an exception)
+      increase_to = [raw_asg.max_size, raw_asg.desired_capacity + by].min
+
+      raw_asg.set_desired_capacity(
+        {
+          desired_capacity: increase_to
+        })
+    end
+
+    def desired_capacity
+      raw_asg.desired_capacity
+    end
+  end
+end