stackit 0.1.7 → 0.1.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/stackit/cli/stack_cli.rb +2 -0
  3. data/lib/stackit/stack/managed_stack.rb +11 -10
  4. data/lib/stackit/version.rb +1 -1
  5. data/templates/vpc-tiered.json +1050 -0
  6. data/templates/vpc-tiered.parameters +90 -0
  7. data/templates/vpc.json +614 -0
  8. data/templates/vpc.parameters +54 -0
  9. data/templates/vpn.json +258 -0
  10. data/templates/vpn.parameters +70 -0
  11. metadata +8 -2
data/templates/vpc.parameters ADDED
@@ -0,0 +1,54 @@
1
+ [
2
+ {
3
+ "ParameterKey": "VpcName",
4
+ "ParameterValue": "StackIT"
5
+ },
6
+ {
7
+ "ParameterKey": "OfficeNetwork",
8
+ "ParameterValue": "127.0.0.1/32"
9
+ },
10
+ {
11
+ "ParameterKey": "VpcCidrNetwork",
12
+ "ParameterValue": "172.16.0.0/16"
13
+ },
14
+ {
15
+ "ParameterKey": "PublicCidrAZ1",
16
+ "ParameterValue": "172.16.110.0/24"
17
+ },
18
+ {
19
+ "ParameterKey": "PublicCidrAZ2",
20
+ "ParameterValue": "172.16.120.0/24"
21
+ },
22
+ {
23
+ "ParameterKey": "PublicCidrAZ3",
24
+ "ParameterValue": "172.16.130.0/24"
25
+ },
26
+ {
27
+ "ParameterKey": "PrivateCidrAZ1",
28
+ "ParameterValue": "172.16.111.0/24"
29
+ },
30
+ {
31
+ "ParameterKey": "PrivateCidrAZ2",
32
+ "ParameterValue": "172.16.121.0/24"
33
+ },
34
+ {
35
+ "ParameterKey": "PrivateCidrAZ3",
36
+ "ParameterValue": "172.16.131.0/24"
37
+ },
38
+ {
39
+ "ParameterKey": "VpcAvailabilityZone1",
40
+ "ParameterValue": "us-east-1a"
41
+ },
42
+ {
43
+ "ParameterKey": "VpcAvailabilityZone2",
44
+ "ParameterValue": "us-east-1c"
45
+ },
46
+ {
47
+ "ParameterKey": "VpcAvailabilityZone3",
48
+ "ParameterValue": "us-east-1e"
49
+ },
50
+ {
51
+ "ParameterKey": "DevOpsBucketName",
52
+ "ParameterValue": "devops-automation"
53
+ }
54
+ ]
data/templates/vpn.json ADDED
@@ -0,0 +1,258 @@
1
+ {
2
+ "AWSTemplateFormatVersion" : "2010-09-09",
3
+
4
+ "Description" : "Remote Access VPN stack",
5
+
6
+ "Parameters" : {
7
+
8
+ "VpcId" : {
9
+ "Type": "AWS::EC2::VPC::Id",
10
+ "Description" : "The VPC identifier",
11
+ "ConstraintDescription": "must be a valid VPC identifier"
12
+ },
13
+
14
+ "VpcCidrNetwork" : {
15
+ "Description" : "The VPC CIDR",
16
+ "Type": "String",
17
+ "MinLength": "9",
18
+ "MaxLength": "18",
19
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
20
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
21
+ },
22
+
23
+ "RemoteAdminNetwork" : {
24
+ "Description" : "The office CIDR where remote management will occur",
25
+ "Type": "String",
26
+ "MinLength": "9",
27
+ "MaxLength": "18",
28
+ "Default": "127.0.0.1/32",
29
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
30
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
31
+ },
32
+
33
+ "StackEnvironment": {
34
+ "Type": "String",
35
+ "Description" : "The environment (dev|prod)",
36
+ "MinLength": "1",
37
+ "MaxLength": "255",
38
+ "AllowedPattern" : "dev|prod",
39
+ "ConstraintDescription" : "can contain only ASCII characters."
40
+ },
41
+
42
+ "KeyPair": {
43
+ "Type": "AWS::EC2::KeyPair::KeyName",
44
+ "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
45
+ "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
46
+ },
47
+
48
+ "DefaultIngressSecurityGroup": {
49
+ "Type": "AWS::EC2::SecurityGroup::Id",
50
+ "Description": "The default VPC ingress security group"
51
+ },
52
+
53
+ "OpsWorksStackName": {
54
+ "Type": "String"
55
+ },
56
+
57
+ "OpsWorksDefaultOs": {
58
+ "Type": "String",
59
+ "Description": "The stack's default operating system"
60
+ },
61
+
62
+ "OpsWorksDefaultSubnetId": {
63
+ "Type": "AWS::EC2::Subnet::Id",
64
+ "Description": "The stack's default VPC subnet ID"
65
+ },
66
+
67
+ "OpsWorksCustomJson": {
68
+ "Type": "String",
69
+ "Description": "Custom JSON used to override corresponding default stack configuration JSON values"
70
+ },
71
+
72
+ "OpsWorksServiceRoleArn": {
73
+ "Type": "String",
74
+ "Description": "The AWS Identity and Access Management (IAM) role that AWS OpsWorks uses to work with AWS resources on your behalf."
75
+ },
76
+
77
+ "UseOpsworksSecurityGroups": {
78
+ "Type": "String",
79
+ "Description": "Whether to associate the AWS OpsWorks built-in security groups with the stack's layers."
80
+ },
81
+
82
+ "OpsWorksConfigureRunlist": {
83
+ "Type": "CommaDelimitedList"
84
+ },
85
+
86
+ "OpsWorksDeployRunlist": {
87
+ "Type": "CommaDelimitedList"
88
+ },
89
+
90
+ "OpsWorksSetupRunlist": {
91
+ "Type": "CommaDelimitedList"
92
+ },
93
+
94
+ "OpsWorksShutdownRunlist": {
95
+ "Type": "CommaDelimitedList"
96
+ },
97
+
98
+ "OpsWorksUndeployRunlist": {
99
+ "Type": "CommaDelimitedList"
100
+ },
101
+
102
+ "S3CookbookSource": {
103
+ "Type": "String"
104
+ }
105
+
106
+ },
107
+
108
+ "Conditions": {
109
+
110
+ "HasCustomJson": {
111
+ "Fn::Not" : [{
112
+ "Fn::Equals" : [
113
+ {"Ref" : "OpsWorksCustomJson"},
114
+ ""
115
+ ]
116
+ }]
117
+ }
118
+
119
+ },
120
+
121
+ "Resources" : {
122
+
123
+ "VpnInstanceRole": {
124
+ "Type": "AWS::IAM::Role",
125
+ "Properties": {
126
+ "AssumeRolePolicyDocument": {
127
+ "Statement": [
128
+ {
129
+ "Effect": "Allow",
130
+ "Principal": {
131
+ "Service": [
132
+ "ec2.amazonaws.com"
133
+ ]
134
+ },
135
+ "Action": [
136
+ "sts:AssumeRole"
137
+ ]
138
+ }
139
+ ]
140
+ },
141
+ "Path": "/"
142
+ }
143
+ },
144
+
145
+ "VpnServerIamPolicy": {
146
+ "Type": "AWS::IAM::Policy",
147
+ "Properties": {
148
+ "PolicyName": "vpnserver",
149
+ "PolicyDocument": {
150
+ "Statement": [{
151
+ "Effect": "Allow",
152
+ "Action": [
153
+ "ec2:AllocateAddress",
154
+ "ec2:AssociateAddress",
155
+ "ec2:DescribeAddresses",
156
+ "ec2:DisassociateAddress"
157
+ ],
158
+ "Resource": [ "*" ]
159
+ }]
160
+ },
161
+ "Roles" : [ { "Ref" : "VpnInstanceRole" } ]
162
+ }
163
+ },
164
+
165
+ "VpnInstanceIamProfile": {
166
+ "Type": "AWS::IAM::InstanceProfile",
167
+ "Properties": {
168
+ "Path": "/",
169
+ "Roles": [ {"Ref": "VpnInstanceRole"} ]
170
+ }
171
+ },
172
+
173
+ "VpnServerSecurityGroup" : {
174
+ "Type" : "AWS::EC2::SecurityGroup",
175
+ "Properties" : {
176
+ "VpcId" : { "Ref" : "VpcId" },
177
+ "GroupDescription" : "Enable VPN server ingress traffic",
178
+ "SecurityGroupIngress" : [
179
+ {"IpProtocol" : "tcp", "FromPort" : "1701", "ToPort" : "1701", "CidrIp" : "0.0.0.0/0"},
180
+ {"IpProtocol" : "udp", "FromPort" : "4500", "ToPort" : "4500", "CidrIp" : "0.0.0.0/0"},
181
+ {"IpProtocol" : "udp", "FromPort" : "500", "ToPort" : "500", "CidrIp" : "0.0.0.0/0"},
182
+ {"IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0"}
183
+ ],
184
+ "Tags" : [
185
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "-", [ { "Ref": "StackEnvironment" }, "vpnserver" ] ] } }
186
+ ]
187
+ }
188
+ },
189
+
190
+ "VpnServerEip" : {
191
+ "Type" : "AWS::EC2::EIP",
192
+ "Properties" : {
193
+ "Domain" : "vpc"
194
+ }
195
+ },
196
+
197
+ "OpsWorksStack": {
198
+ "Type" : "AWS::OpsWorks::Stack",
199
+ "Properties" : {
200
+ "Name": {"Ref": "OpsWorksStackName"},
201
+ "VpcId": {"Ref": "VpcId"},
202
+ "ConfigurationManager" : {
203
+ "Name" : "Chef",
204
+ "Version" : "12"
205
+ },
206
+ "CustomCookbooksSource" : {
207
+ "Type": "s3",
208
+ "Url": { "Ref": "S3CookbookSource" }
209
+ },
210
+ "CustomJson" : {
211
+ "Fn::If" : [
212
+ "HasCustomJson",
213
+ {"Ref" : "OpsWorksCustomJson"},
214
+ {"Ref" : "AWS::NoValue" }
215
+ ]
216
+ },
217
+ "DefaultOs": {"Ref": "OpsWorksDefaultOs"},
218
+ "DefaultSubnetId": {"Ref": "OpsWorksDefaultSubnetId"},
219
+ "DefaultInstanceProfileArn": {"Fn::GetAtt" : ["VpnInstanceIamProfile", "Arn"] },
220
+ "DefaultSshKeyName": {"Ref": "KeyPair"},
221
+ "HostnameTheme": "Layer_Dependent",
222
+ "ServiceRoleArn": {"Ref": "OpsWorksServiceRoleArn"},
223
+ "UseCustomCookbooks": true,
224
+ "UseOpsworksSecurityGroups": {"Ref": "UseOpsworksSecurityGroups"}
225
+ }
226
+ },
227
+
228
+ "OpsWorksLayer": {
229
+ "Type": "AWS::OpsWorks::Layer",
230
+ "Properties": {
231
+ "Name": { "Fn::Join": [ "-", [ {"Ref": "StackEnvironment" }, "vpnserver"] ] },
232
+ "Shortname": { "Fn::Join": [ "-", [ {"Ref": "StackEnvironment" }, "vpnserver"] ] },
233
+ "StackId" : {"Ref": "OpsWorksStack"},
234
+ "Type": "custom",
235
+ "AutoAssignElasticIps": false,
236
+ "AutoAssignPublicIps": true,
237
+ "CustomInstanceProfileArn": {"Fn::GetAtt" : ["VpnInstanceIamProfile", "Arn"] },
238
+ "CustomRecipes": {
239
+ "Configure": {"Ref" : "OpsWorksConfigureRunlist"},
240
+ "Deploy": {"Ref" : "OpsWorksDeployRunlist"},
241
+ "Setup": {"Ref" : "OpsWorksSetupRunlist"},
242
+ "Shutdown": {"Ref" : "OpsWorksShutdownRunlist"},
243
+ "Undeploy": {"Ref" : "OpsWorksUndeployRunlist"}
244
+ },
245
+ "CustomSecurityGroupIds": [ {"Ref": "DefaultIngressSecurityGroup"}, {"Ref": "VpnServerSecurityGroup"}],
246
+ "EnableAutoHealing": true,
247
+ "InstallUpdatesOnBoot": true
248
+ }
249
+ }
250
+
251
+ },
252
+
253
+ "Outputs" : {
254
+ "VpnServerEipAllocationId" : {
255
+ "Value" : { "Fn::GetAtt" : [ "VpnServerEip", "AllocationId" ] }
256
+ }
257
+ }
258
+ }
data/templates/vpn.parameters ADDED
@@ -0,0 +1,70 @@
1
+ [
2
+ {
3
+ "ParameterKey": "VpcId",
4
+ "ParameterValue": "vpc-abcd1234"
5
+ },
6
+ {
7
+ "ParameterKey": "VpcCidrNetwork",
8
+ "ParameterValue": "172.16.0.0/16"
9
+ },
10
+ {
11
+ "ParameterKey": "RemoteAdminNetwork",
12
+ "ParameterValue": "127.0.0.1/32"
13
+ },
14
+ {
15
+ "ParameterKey": "StackEnvironment",
16
+ "ParameterValue": "dev"
17
+ },
18
+ {
19
+ "ParameterKey": "KeyPair",
20
+ "ParameterValue": "testkey"
21
+ },
22
+ {
23
+ "ParameterKey": "DefaultIngressSecurityGroup",
24
+ "ParameterValue": "sg-abcd1234"
25
+ },
26
+ {
27
+ "ParameterKey": "OpsWorksDefaultOs",
28
+ "ParameterValue": "Amazon Linux 2016.03"
29
+ },
30
+ {
31
+ "ParameterKey": "OpsWorksDefaultSubnetId",
32
+ "ParameterValue": "subnet-abcd1234"
33
+ },
34
+ {
35
+ "ParameterKey": "OpsWorksStackName",
36
+ "ParameterValue": "DevRemoteAccessVPN"
37
+ },
38
+ {
39
+ "ParameterKey": "OpsWorksCustomJson",
40
+ "ParameterValue": ""
41
+ },
42
+ {
43
+ "ParameterKey": "OpsWorksServiceRoleArn",
44
+ "ParameterValue": "arn:aws:iam::123456789012:role/teststack-OpsWorksServiceRole-L44YW4T65C00"
45
+ },
46
+ {
47
+ "ParameterKey": "UseOpsworksSecurityGroups",
48
+ "ParameterValue": "false"
49
+ },
50
+ {
51
+ "ParameterKey": "OpsWorksConfigureRunlist",
52
+ "ParameterValue": "vpnserver::configure"
53
+ },
54
+ {
55
+ "ParameterKey": "OpsWorksDeployRunlist",
56
+ "ParameterValue": "vpnserver::deploy"
57
+ },
58
+ {
59
+ "ParameterKey": "OpsWorksSetupRunlist",
60
+ "ParameterValue": "vpnserver::setup"
61
+ },
62
+ {
63
+ "ParameterKey": "OpsWorksShutdownRunlist",
64
+ "ParameterValue": "vpnserver::shutdown"
65
+ },
66
+ {
67
+ "ParameterKey": "OpsWorksUndeployRunlist",
68
+ "ParameterValue": "vpnserver::undeploy"
69
+ }
70
+ ]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stackit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Hahn
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-04-15 00:00:00.000000000 Z
11
+ date: 2016-04-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -153,6 +153,12 @@ files:
153
153
  - lib/stackit/version.rb
154
154
  - lib/stackit/wait.rb
155
155
  - stackit.gemspec
156
+ - templates/vpc-tiered.json
157
+ - templates/vpc-tiered.parameters
158
+ - templates/vpc.json
159
+ - templates/vpc.parameters
160
+ - templates/vpn.json
161
+ - templates/vpn.parameters
156
162
  homepage: https://github.com/jeremyhahn/stackit
157
163
  licenses:
158
164
  - GPLv3