stackit 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,54 @@
1
+ [
2
+ {
3
+ "ParameterKey": "VpcName",
4
+ "ParameterValue": "StackIT"
5
+ },
6
+ {
7
+ "ParameterKey": "OfficeNetwork",
8
+ "ParameterValue": "127.0.0.1/32"
9
+ },
10
+ {
11
+ "ParameterKey": "VpcCidrNetwork",
12
+ "ParameterValue": "172.16.0.0/16"
13
+ },
14
+ {
15
+ "ParameterKey": "PublicCidrAZ1",
16
+ "ParameterValue": "172.16.110.0/24"
17
+ },
18
+ {
19
+ "ParameterKey": "PublicCidrAZ2",
20
+ "ParameterValue": "172.16.120.0/24"
21
+ },
22
+ {
23
+ "ParameterKey": "PublicCidrAZ3",
24
+ "ParameterValue": "172.16.130.0/24"
25
+ },
26
+ {
27
+ "ParameterKey": "PrivateCidrAZ1",
28
+ "ParameterValue": "172.16.111.0/24"
29
+ },
30
+ {
31
+ "ParameterKey": "PrivateCidrAZ2",
32
+ "ParameterValue": "172.16.121.0/24"
33
+ },
34
+ {
35
+ "ParameterKey": "PrivateCidrAZ3",
36
+ "ParameterValue": "172.16.131.0/24"
37
+ },
38
+ {
39
+ "ParameterKey": "VpcAvailabilityZone1",
40
+ "ParameterValue": "us-east-1a"
41
+ },
42
+ {
43
+ "ParameterKey": "VpcAvailabilityZone2",
44
+ "ParameterValue": "us-east-1c"
45
+ },
46
+ {
47
+ "ParameterKey": "VpcAvailabilityZone3",
48
+ "ParameterValue": "us-east-1e"
49
+ },
50
+ {
51
+ "ParameterKey": "DevOpsBucketName",
52
+ "ParameterValue": "devops-automation"
53
+ }
54
+ ]
@@ -0,0 +1,258 @@
1
+ {
2
+ "AWSTemplateFormatVersion" : "2010-09-09",
3
+
4
+ "Description" : "Remote Access VPN stack",
5
+
6
+ "Parameters" : {
7
+
8
+ "VpcId" : {
9
+ "Type": "AWS::EC2::VPC::Id",
10
+ "Description" : "The VPC identifier",
11
+ "ConstraintDescription": "must be a valid VPC identifier"
12
+ },
13
+
14
+ "VpcCidrNetwork" : {
15
+ "Description" : "The VPC CIDR",
16
+ "Type": "String",
17
+ "MinLength": "9",
18
+ "MaxLength": "18",
19
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
20
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
21
+ },
22
+
23
+ "RemoteAdminNetwork" : {
24
+ "Description" : "The office CIDR where remote management will occur",
25
+ "Type": "String",
26
+ "MinLength": "9",
27
+ "MaxLength": "18",
28
+ "Default": "127.0.0.1/32",
29
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
30
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
31
+ },
32
+
33
+ "StackEnvironment": {
34
+ "Type": "String",
35
+ "Description" : "The environment (dev|prod)",
36
+ "MinLength": "1",
37
+ "MaxLength": "255",
38
+ "AllowedPattern" : "dev|prod",
39
+ "ConstraintDescription" : "can contain only ASCII characters."
40
+ },
41
+
42
+ "KeyPair": {
43
+ "Type": "AWS::EC2::KeyPair::KeyName",
44
+ "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
45
+ "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
46
+ },
47
+
48
+ "DefaultIngressSecurityGroup": {
49
+ "Type": "AWS::EC2::SecurityGroup::Id",
50
+ "Description": "The default VPC ingress security group"
51
+ },
52
+
53
+ "OpsWorksStackName": {
54
+ "Type": "String"
55
+ },
56
+
57
+ "OpsWorksDefaultOs": {
58
+ "Type": "String",
59
+ "Description": "The stack's default operating system"
60
+ },
61
+
62
+ "OpsWorksDefaultSubnetId": {
63
+ "Type": "AWS::EC2::Subnet::Id",
64
+ "Description": "The stack's default VPC subnet ID"
65
+ },
66
+
67
+ "OpsWorksCustomJson": {
68
+ "Type": "String",
69
+ "Description": "Custom JSON used to override corresponding default stack configuration JSON values"
70
+ },
71
+
72
+ "OpsWorksServiceRoleArn": {
73
+ "Type": "String",
74
+ "Description": "The AWS Identity and Access Management (IAM) role that AWS OpsWorks uses to work with AWS resources on your behalf."
75
+ },
76
+
77
+ "UseOpsworksSecurityGroups": {
78
+ "Type": "String",
79
+ "Description": "Whether to associate the AWS OpsWorks built-in security groups with the stack's layers."
80
+ },
81
+
82
+ "OpsWorksConfigureRunlist": {
83
+ "Type": "CommaDelimitedList"
84
+ },
85
+
86
+ "OpsWorksDeployRunlist": {
87
+ "Type": "CommaDelimitedList"
88
+ },
89
+
90
+ "OpsWorksSetupRunlist": {
91
+ "Type": "CommaDelimitedList"
92
+ },
93
+
94
+ "OpsWorksShutdownRunlist": {
95
+ "Type": "CommaDelimitedList"
96
+ },
97
+
98
+ "OpsWorksUndeployRunlist": {
99
+ "Type": "CommaDelimitedList"
100
+ },
101
+
102
+ "S3CookbookSource": {
103
+ "Type": "String"
104
+ }
105
+
106
+ },
107
+
108
+ "Conditions": {
109
+
110
+ "HasCustomJson": {
111
+ "Fn::Not" : [{
112
+ "Fn::Equals" : [
113
+ {"Ref" : "OpsWorksCustomJson"},
114
+ ""
115
+ ]
116
+ }]
117
+ }
118
+
119
+ },
120
+
121
+ "Resources" : {
122
+
123
+ "VpnInstanceRole": {
124
+ "Type": "AWS::IAM::Role",
125
+ "Properties": {
126
+ "AssumeRolePolicyDocument": {
127
+ "Statement": [
128
+ {
129
+ "Effect": "Allow",
130
+ "Principal": {
131
+ "Service": [
132
+ "ec2.amazonaws.com"
133
+ ]
134
+ },
135
+ "Action": [
136
+ "sts:AssumeRole"
137
+ ]
138
+ }
139
+ ]
140
+ },
141
+ "Path": "/"
142
+ }
143
+ },
144
+
145
+ "VpnServerIamPolicy": {
146
+ "Type": "AWS::IAM::Policy",
147
+ "Properties": {
148
+ "PolicyName": "vpnserver",
149
+ "PolicyDocument": {
150
+ "Statement": [{
151
+ "Effect": "Allow",
152
+ "Action": [
153
+ "ec2:AllocateAddress",
154
+ "ec2:AssociateAddress",
155
+ "ec2:DescribeAddresses",
156
+ "ec2:DisassociateAddress"
157
+ ],
158
+ "Resource": [ "*" ]
159
+ }]
160
+ },
161
+ "Roles" : [ { "Ref" : "VpnInstanceRole" } ]
162
+ }
163
+ },
164
+
165
+ "VpnInstanceIamProfile": {
166
+ "Type": "AWS::IAM::InstanceProfile",
167
+ "Properties": {
168
+ "Path": "/",
169
+ "Roles": [ {"Ref": "VpnInstanceRole"} ]
170
+ }
171
+ },
172
+
173
+ "VpnServerSecurityGroup" : {
174
+ "Type" : "AWS::EC2::SecurityGroup",
175
+ "Properties" : {
176
+ "VpcId" : { "Ref" : "VpcId" },
177
+ "GroupDescription" : "Enable VPN server ingress traffic",
178
+ "SecurityGroupIngress" : [
179
+ {"IpProtocol" : "tcp", "FromPort" : "1701", "ToPort" : "1701", "CidrIp" : "0.0.0.0/0"},
180
+ {"IpProtocol" : "udp", "FromPort" : "4500", "ToPort" : "4500", "CidrIp" : "0.0.0.0/0"},
181
+ {"IpProtocol" : "udp", "FromPort" : "500", "ToPort" : "500", "CidrIp" : "0.0.0.0/0"},
182
+ {"IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0"}
183
+ ],
184
+ "Tags" : [
185
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "-", [ { "Ref": "StackEnvironment" }, "vpnserver" ] ] } }
186
+ ]
187
+ }
188
+ },
189
+
190
+ "VpnServerEip" : {
191
+ "Type" : "AWS::EC2::EIP",
192
+ "Properties" : {
193
+ "Domain" : "vpc"
194
+ }
195
+ },
196
+
197
+ "OpsWorksStack": {
198
+ "Type" : "AWS::OpsWorks::Stack",
199
+ "Properties" : {
200
+ "Name": {"Ref": "OpsWorksStackName"},
201
+ "VpcId": {"Ref": "VpcId"},
202
+ "ConfigurationManager" : {
203
+ "Name" : "Chef",
204
+ "Version" : "12"
205
+ },
206
+ "CustomCookbooksSource" : {
207
+ "Type": "s3",
208
+ "Url": { "Ref": "S3CookbookSource" }
209
+ },
210
+ "CustomJson" : {
211
+ "Fn::If" : [
212
+ "HasCustomJson",
213
+ {"Ref" : "OpsWorksCustomJson"},
214
+ {"Ref" : "AWS::NoValue" }
215
+ ]
216
+ },
217
+ "DefaultOs": {"Ref": "OpsWorksDefaultOs"},
218
+ "DefaultSubnetId": {"Ref": "OpsWorksDefaultSubnetId"},
219
+ "DefaultInstanceProfileArn": {"Fn::GetAtt" : ["VpnInstanceIamProfile", "Arn"] },
220
+ "DefaultSshKeyName": {"Ref": "KeyPair"},
221
+ "HostnameTheme": "Layer_Dependent",
222
+ "ServiceRoleArn": {"Ref": "OpsWorksServiceRoleArn"},
223
+ "UseCustomCookbooks": true,
224
+ "UseOpsworksSecurityGroups": {"Ref": "UseOpsworksSecurityGroups"}
225
+ }
226
+ },
227
+
228
+ "OpsWorksLayer": {
229
+ "Type": "AWS::OpsWorks::Layer",
230
+ "Properties": {
231
+ "Name": { "Fn::Join": [ "-", [ {"Ref": "StackEnvironment" }, "vpnserver"] ] },
232
+ "Shortname": { "Fn::Join": [ "-", [ {"Ref": "StackEnvironment" }, "vpnserver"] ] },
233
+ "StackId" : {"Ref": "OpsWorksStack"},
234
+ "Type": "custom",
235
+ "AutoAssignElasticIps": false,
236
+ "AutoAssignPublicIps": true,
237
+ "CustomInstanceProfileArn": {"Fn::GetAtt" : ["VpnInstanceIamProfile", "Arn"] },
238
+ "CustomRecipes": {
239
+ "Configure": {"Ref" : "OpsWorksConfigureRunlist"},
240
+ "Deploy": {"Ref" : "OpsWorksDeployRunlist"},
241
+ "Setup": {"Ref" : "OpsWorksSetupRunlist"},
242
+ "Shutdown": {"Ref" : "OpsWorksShutdownRunlist"},
243
+ "Undeploy": {"Ref" : "OpsWorksUndeployRunlist"}
244
+ },
245
+ "CustomSecurityGroupIds": [ {"Ref": "DefaultIngressSecurityGroup"}, {"Ref": "VpnServerSecurityGroup"}],
246
+ "EnableAutoHealing": true,
247
+ "InstallUpdatesOnBoot": true
248
+ }
249
+ }
250
+
251
+ },
252
+
253
+ "Outputs" : {
254
+ "VpnServerEipAllocationId" : {
255
+ "Value" : { "Fn::GetAtt" : [ "VpnServerEip", "AllocationId" ] }
256
+ }
257
+ }
258
+ }
@@ -0,0 +1,70 @@
1
+ [
2
+ {
3
+ "ParameterKey": "VpcId",
4
+ "ParameterValue": "vpc-abcd1234"
5
+ },
6
+ {
7
+ "ParameterKey": "VpcCidrNetwork",
8
+ "ParameterValue": "172.16.0.0/16"
9
+ },
10
+ {
11
+ "ParameterKey": "RemoteAdminNetwork",
12
+ "ParameterValue": "127.0.0.1/32"
13
+ },
14
+ {
15
+ "ParameterKey": "StackEnvironment",
16
+ "ParameterValue": "dev"
17
+ },
18
+ {
19
+ "ParameterKey": "KeyPair",
20
+ "ParameterValue": "testkey"
21
+ },
22
+ {
23
+ "ParameterKey": "DefaultIngressSecurityGroup",
24
+ "ParameterValue": "sg-abcd1234"
25
+ },
26
+ {
27
+ "ParameterKey": "OpsWorksDefaultOs",
28
+ "ParameterValue": "Amazon Linux 2016.03"
29
+ },
30
+ {
31
+ "ParameterKey": "OpsWorksDefaultSubnetId",
32
+ "ParameterValue": "subnet-abcd1234"
33
+ },
34
+ {
35
+ "ParameterKey": "OpsWorksStackName",
36
+ "ParameterValue": "DevRemoteAccessVPN"
37
+ },
38
+ {
39
+ "ParameterKey": "OpsWorksCustomJson",
40
+ "ParameterValue": ""
41
+ },
42
+ {
43
+ "ParameterKey": "OpsWorksServiceRoleArn",
44
+ "ParameterValue": "arn:aws:iam::123456789012:role/teststack-OpsWorksServiceRole-L44YW4T65C00"
45
+ },
46
+ {
47
+ "ParameterKey": "UseOpsworksSecurityGroups",
48
+ "ParameterValue": "false"
49
+ },
50
+ {
51
+ "ParameterKey": "OpsWorksConfigureRunlist",
52
+ "ParameterValue": "vpnserver::configure"
53
+ },
54
+ {
55
+ "ParameterKey": "OpsWorksDeployRunlist",
56
+ "ParameterValue": "vpnserver::deploy"
57
+ },
58
+ {
59
+ "ParameterKey": "OpsWorksSetupRunlist",
60
+ "ParameterValue": "vpnserver::setup"
61
+ },
62
+ {
63
+ "ParameterKey": "OpsWorksShutdownRunlist",
64
+ "ParameterValue": "vpnserver::shutdown"
65
+ },
66
+ {
67
+ "ParameterKey": "OpsWorksUndeployRunlist",
68
+ "ParameterValue": "vpnserver::undeploy"
69
+ }
70
+ ]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stackit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Hahn
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-15 00:00:00.000000000 Z
11
+ date: 2016-04-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -153,6 +153,12 @@ files:
153
153
  - lib/stackit/version.rb
154
154
  - lib/stackit/wait.rb
155
155
  - stackit.gemspec
156
+ - templates/vpc-tiered.json
157
+ - templates/vpc-tiered.parameters
158
+ - templates/vpc.json
159
+ - templates/vpc.parameters
160
+ - templates/vpn.json
161
+ - templates/vpn.parameters
156
162
  homepage: https://github.com/jeremyhahn/stackit
157
163
  licenses:
158
164
  - GPLv3