RubyGems - sumomo - Versions diffs - 0.8.4 → 0.8.6 - Mend

sumomo 0.8.4 → 0.8.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

checksums.yaml +5 -5
data/.rubocop.yml +1 -0
data/.rubocop_todo.yml +169 -0
data/Gemfile +2 -0
data/Rakefile +5 -3
data/bin/console +4 -3
data/data/sumomo/api_modules/node_modules/.bin/uuid +1 -1
data/data/sumomo/custom_resources/TempS3Bucket.js +208 -0
data/exe/sumomo +42 -41
data/lib/sumomo.rb +235 -233
data/lib/sumomo/api.rb +148 -151
data/lib/sumomo/cdn.rb +119 -113
data/lib/sumomo/dns.rb +20 -20
data/lib/sumomo/ec2.rb +490 -491
data/lib/sumomo/ecs.rb +256 -262
data/lib/sumomo/irregular.rb +9 -0
data/lib/sumomo/momo_extensions/resource.rb +8 -7
data/lib/sumomo/momo_extensions/stack.rb +4 -3
data/lib/sumomo/network.rb +109 -106
data/lib/sumomo/stack.rb +191 -189
data/lib/sumomo/version.rb +3 -1
data/sumomo.gemspec +23 -22
metadata +25 -22

data/lib/sumomo/dns.rb CHANGED

@@ -1,25 +1,25 @@
+# frozen_string_literal: true
 module Sumomo
-	module Stack
+  module Stack
+    def cloudflare_hosted_zone(domain_name:, key:, email:)
+      root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain_name)[:root_name]
-		def cloudflare_hosted_zone(domain_name:,key:,email:)
-			root_name = /(?<root_name>[^.]+\.[^.]+)$/.match(domain_name)[:root_name]
+      hz = make 'AWS::Route53::HostedZone' do
+        Name domain_name
+      end
-			hz = make "AWS::Route53::HostedZone" do
-				Name domain_name
-			end
+      (0..3).each do |i|
+        make 'Custom::CloudflareDNSEntry' do
+          Key key
+          Email email
+          Domain root_name
+          Entry domain_name.sub(/#{root_name}$/, '').chomp('.')
+          NS hz.NameServers[i]
+        end
+      end
-			for i in 0..3
-				make "Custom::CloudflareDNSEntry" do
-					Key key
-					Email email
-					Domain root_name
-					Entry domain_name.sub(/#{root_name}$/, "").chomp(".")
-					NS hz.NameServers[i]
-				end
-			end
-			return hz
-		end
-	end
-end
+      hz
+    end
+  end
+end

data/lib/sumomo/ec2.rb CHANGED

@@ -1,179 +1,172 @@
+# frozen_string_literal: true
 module Sumomo
-	module Stack
-		def get_azs
-			resp = @ec2.describe_availability_zones
-			Array(resp.availability_zones.map do |x|
-				x.zone_name
-			end)
-		end
-		def allow_port(thing)
-			if (thing == :all)
-				{
-					"IpProtocol" => "-1",
-					"ToPort" => 65535,
-					"FromPort" => 0,
-					"CidrIp" => "0.0.0.0/0"
-				}
-			elsif thing.is_a? Integer and thing > 0 and thing < 65536
-				# its a port!
-				{
-					"IpProtocol" => "tcp",
-					"ToPort" => thing,
-					"FromPort" => thing,
-					"CidrIp" => "0.0.0.0/0"
-				}
-			elsif thing.is_a? String and /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\/[0-9]+/.match(thing)
-				# its a cidr!
-				{
-					"IpProtocol" => "tcp",
-					"ToPort" => 65535,
-					"FromPort" => 0,
-					"CidrIp" => thing
-				}
-			elsif thing.is_a? Hash
-				# more shit
-				{
-					"IpProtocol" => thing[:protocol] || "tcp",
-					"ToPort" => thing[:port] || thing[:end_port] || 0,
-					"FromPort" => thing[:port] || thing[:start_port] || 65535,
-					"CidrIp" => thing[:cidr] || "0.0.0.0/0"
-				}
-			else
-				raise "utils.rb allow: please allow something"
-			end
-		end
-		def http_listener(port: 80, instance_port: port)
-			{
-				"LoadBalancerPort" => port,
-				"InstancePort" => instance_port,
-				"Protocol" => "HTTP"
-			}
-		end
-		def https_listener(cert_arn:, instance_port: 80, port: 443)
-			res = http_listener(instance_port)
-			res["LoadBalancerPort"] = lb_port
-			res["Protocol"] = "HTTPS"
-			res["SSLCertificateId"] = cert_arn
-			return res
-		end
-		def elb_tcp_health_check(port: 80, healthy_threshold: 2, interval: 10, timeout: 5, unhealthy_threshold: 10, path: "/")
-			elb_health_check(port: port,
-				healthy_threshold: healthy_threshold,
-				interval: interval,
-				timeout: timeout,
-				unhealthy_threshold: unhealthy_threshold,
-				path: path,
-				check_type: "TCP")
-		end
-		def elb_health_check(port: 80,
-			healthy_threshold: 2,
-			interval: 10,
-			timeout: 5,
-			unhealthy_threshold: 10,
-			path: "/",
-			check_type: "HTTP")
-			options[:path] = "/#{options[:path]}"
-			options[:path].gsub!(/^[\/]+/, "/")
-			{
-				"HealthyThreshold" => options[:healthy_threshold] || 2,
-				"Interval" => options[:interval] || 10,
-				"Target" => "#{check_type}:#{port}#{options[:path]}",
-				"Timeout" => options[:timeout] || 5,
-				"UnhealthyThreshold" => options[:unhealthy_threshold] || 10
-			}
-		end
-		def initscript(wait_handle, asgname, script)
-			call("Fn::Base64",
-				call("Fn::Join", "", [
-					"#!/bin/bash -v\n",
-					"yum update -y aws-cfn-bootstrap\n",
-					"# Helper function\n",
-					"function error_exit\n",
-					"{\n",
-					"  /opt/aws/bin/cfn-signal -e 1 -r \"$1\" \"", wait_handle, "\"\n",
-					"  exit 1\n",
-					"}\n",
-					"# Run init meta\n",
-					"/opt/aws/bin/cfn-init -s ", ref("AWS::StackId"), " -r ", asgname, " ",
-					"    --region ", ref("AWS::Region"), " || error_exit 'Failed to run cfn-init'\n",
-					"# Run script\n",
-					script,
-					"\n",
-					"# All is well so signal success\n",
-					"/opt/aws/bin/cfn-signal -e 0 -r \"Setup complete\" \"", wait_handle, "\"\n"
-				]))
-		end
-		class EC2Tasks
-			def initialize(bucket_name, &block)
-				@script = ""
-				@bucket_name = bucket_name
-				@tags = []
-				instance_eval(&block) if block
-			end
-			def mkdir(name)
-				@script += <<-SNIPPET
-sudo mkdir -p #{name}
-				SNIPPET
-			end
-			def download_file(name, local_path)
-				@script += <<-SNIPPET
-sudo aws s3 cp s3://#{@bucket_name}/uploads/#{name} #{local_path}
-				SNIPPET
-			end
-			def script
-				@script
-			end
-			def tags
-				@tags
-			end
-			def tag(name, value)
-				@tags << [name, value]
-			end
-		end
-		def make_spotter(
-			price:,
-			network:,
-			layer:,
-			ec2_sns_arn:nil,
-			ecs_cluster:nil,
-			eip:nil,
-			&block)
-			update_time = Time.now.to_i
-			spot = make "Custom::SelectSpot" do
-				DateTime update_time
-				ExcludeString "1.,2.,small,micro"
-				LookBack 3
-				TargetPrice price
-			end
-			switcher1_src = define_custom_resource(name: "ASGSelector1", code: <<-CODE
+  module Stack
+    def get_azs
+      resp = @ec2.describe_availability_zones
+      Array(resp.availability_zones.map(&:zone_name))
+    end
+    def allow_port(thing)
+      if thing == :all
+        {
+          'IpProtocol' => '-1',
+          'ToPort' => 65_535,
+          'FromPort' => 0,
+          'CidrIp' => '0.0.0.0/0'
+        }
+      elsif thing.is_a?(Integer) && (thing > 0) && (thing < 65_536)
+        # its a port!
+        {
+          'IpProtocol' => 'tcp',
+          'ToPort' => thing,
+          'FromPort' => thing,
+          'CidrIp' => '0.0.0.0/0'
+        }
+      elsif thing.is_a?(String) && %r{[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/[0-9]+}.match(thing)
+        # its a cidr!
+        {
+          'IpProtocol' => 'tcp',
+          'ToPort' => 65_535,
+          'FromPort' => 0,
+          'CidrIp' => thing
+        }
+      elsif thing.is_a? Hash
+        # more shit
+        {
+          'IpProtocol' => thing[:protocol] || 'tcp',
+          'ToPort' => thing[:port] || thing[:end_port] || 0,
+          'FromPort' => thing[:port] || thing[:start_port] || 65_535,
+          'CidrIp' => thing[:cidr] || '0.0.0.0/0'
+        }
+      else
+        raise 'utils.rb allow: please allow something'
+      end
+    end
+    def http_listener(port: 80, instance_port: port)
+      {
+        'LoadBalancerPort' => port,
+        'InstancePort' => instance_port,
+        'Protocol' => 'HTTP'
+      }
+    end
+    def https_listener(cert_arn:, instance_port: 80, port: 443)
+      res = http_listener(instance_port)
+      res['LoadBalancerPort'] = lb_port
+      res['Protocol'] = 'HTTPS'
+      res['SSLCertificateId'] = cert_arn
+      res
+    end
+    def elb_tcp_health_check(port: 80, healthy_threshold: 2, interval: 10, timeout: 5, unhealthy_threshold: 10, path: '/')
+      elb_health_check(port: port,
+                       healthy_threshold: healthy_threshold,
+                       interval: interval,
+                       timeout: timeout,
+                       unhealthy_threshold: unhealthy_threshold,
+                       path: path,
+                       check_type: 'TCP')
+    end
+    def elb_health_check(port: 80,
+                         healthy_threshold: 2,
+                         interval: 10,
+                         timeout: 5,
+                         unhealthy_threshold: 10,
+                         path: '/',
+                         check_type: 'HTTP')
+      options[:path] = "/#{options[:path]}"
+      options[:path].gsub!(%r{^[/]+}, '/')
+      {
+        'HealthyThreshold' => options[:healthy_threshold] || 2,
+        'Interval' => options[:interval] || 10,
+        'Target' => "#{check_type}:#{port}#{options[:path]}",
+        'Timeout' => options[:timeout] || 5,
+        'UnhealthyThreshold' => options[:unhealthy_threshold] || 10
+      }
+    end
+    def initscript(wait_handle, asgname, script)
+      call('Fn::Base64',
+           call('Fn::Join', '', [
+                  "#!/bin/bash -v\n",
+                  "yum update -y aws-cfn-bootstrap\n",
+                  "# Helper function\n",
+                  "function error_exit\n",
+                  "{\n",
+                  '  /opt/aws/bin/cfn-signal -e 1 -r "$1" "', wait_handle, "\"\n",
+                  "  exit 1\n",
+                  "}\n",
+                  "# Run init meta\n",
+                  '/opt/aws/bin/cfn-init -s ', ref('AWS::StackId'), ' -r ', asgname, ' ',
+                  '    --region ', ref('AWS::Region'), " || error_exit 'Failed to run cfn-init'\n",
+                  "# Run script\n",
+                  script,
+                  "\n",
+                  "# All is well so signal success\n",
+                  '/opt/aws/bin/cfn-signal -e 0 -r "Setup complete" "', wait_handle, "\"\n"
+                ]))
+    end
+    class EC2Tasks
+      def initialize(bucket_name, &block)
+        @script = ''
+        @bucket_name = bucket_name
+        @tags = []
+        instance_eval(&block) if block
+      end
+      def mkdir(name)
+        @script += <<~SNIPPET
+          sudo mkdir -p #{name}
+        SNIPPET
+      end
+      def download_file(name, local_path)
+        @script += <<~SNIPPET
+          sudo aws s3 cp s3://#{@bucket_name}/uploads/#{name} #{local_path}
+        SNIPPET
+      end
+      attr_reader :script
+      attr_reader :tags
+      def tag(name, value)
+        @tags << [name, value]
+      end
+    end
+    def make_spotter(
+      price:,
+      network:,
+      layer:,
+      ec2_sns_arn: nil,
+      ecs_cluster: nil,
+      eip: nil,
+      &block
+    )
+      update_time = Time.now.to_i
+      spot = make 'Custom::SelectSpot' do
+        DateTime update_time
+        ExcludeString '1.,2.,small,micro'
+        LookBack 3
+        TargetPrice price
+      end
+      switcher1_src = define_custom_resource(name: 'ASGSelector1', code: <<-CODE
 				store.get("num1", function(num) {
 					num = parseInt(num);
 					if (request.RequestType != "Delete")
@@ -190,10 +183,10 @@ sudo aws s3 cp s3://#{@bucket_name}/uploads/#{name} #{local_path}
 					store.put("num1", String(1));
 					Cloudformation.send(request, context, Cloudformation.SUCCESS, {Num: 1}, "Success", String(1));
 				});
-			CODE
-			)
+      CODE
+                                            )
-			switcher2_src = define_custom_resource(name: "ASGSelector2", code: <<-CODE
+      switcher2_src = define_custom_resource(name: 'ASGSelector2', code: <<-CODE
 				store.get("num2", function(num) {
 					num = parseInt(num);
 					if (request.RequestType != "Delete")
@@ -210,224 +203,231 @@ sudo aws s3 cp s3://#{@bucket_name}/uploads/#{name} #{local_path}
 					store.put("num2", String(1));
 					Cloudformation.send(request, context, Cloudformation.SUCCESS, {Num: 1}, "Success", String(0));
 				});
-			CODE
-			)
-			size_1 = make_custom switcher1_src, name: "ASGSelector1Value" do
-				DateTime update_time
-			end
-			size_2 = make_custom switcher2_src, name: "ASGSelector2Value" do
-				DateTime update_time
-			end
-			make_autoscaling_group(
-				type: spot,
-				network: network,
-				layer: "ecs",
-				zone: spot.Zone,
-				spot_price: price,
-				min_size: size_1,
-				ec2_sns_arn: ec2_sns_arn,
-				ecs_cluster: ecs_cluster,
-				eip: eip, &block)
-			make_autoscaling_group(
-				type: spot,
-				network: network,
-				layer: "ecs",
-				zone: spot.Zone,
-				spot_price: price,
-				min_size: size_2,
-				ec2_sns_arn: ec2_sns_arn,
-				ecs_cluster: ecs_cluster,
-				eip: eip)
-		end
-		def make_autoscaling_group(
-			network:,
-			layer:,
-			zone:nil,
-			type:"m3.medium",
-			name:nil,
-			elb:nil,
-			min_size:1,
-			max_size:min_size,
-			vol_size:10,
-			vol_type:"gp2",
-			keypair:@master_key_name,
-			has_public_ips:true,
-			ingress:nil,
-			egress:nil,
-			machine_tag:nil,
-			ec2_sns_arn:nil,
-			ami_name:nil,
-			ebs_root_device:nil,
-			spot_price:nil,
-			script: nil,
-			ecs_cluster: nil,
-			docker_username:"",
-			docker_email:"",
-			docker_password: "",
-			eip:nil,
-			policies:[],
-			&block)
-			if ami_name == nil
-				@ami_lookup_resources ||= {}
-				if !@ami_lookup_resources[type]
-					@ami_lookup_resources[type] = make "Custom::AMILookup" do
-						InstanceType type
-					end
-				end
-				ami_name = @ami_lookup_resources[type]
-				ebs_root_device = @ami_lookup_resources[type].RootDeviceName if ebs_root_device == nil
-			end
-			tasks = EC2Tasks.new(@bucket_name, &block)
-			task_script = tasks.script
-			ingress ||= [ allow_port(:all) ]
-			egress ||= [ allow_port(:all) ]
-			machine_tag ||= ref("AWS::StackName")
-			name ||= make_default_resource_name("AutoScalingGroup")
-			script ||= ""
-			bucket_name = @bucket_name
-			script += "\n#{task_script}\n"
-			if ecs_cluster
-				script += <<-ECS_START
-yum update
-yum groupinstall "Development Tools"
-yum install -y python screen git gcc-c++ ecs-init
-curl -sSL https://get.docker.com/ | sh
-cp /ecs.config /etc/ecs/ecs.config
-service docker start
-start ecs
-curl http://localhost:51678/v1/metadata > /home/ec2-user/ecs_info
-				ECS_START
-			end
-			if eip
-				script += <<-EIP_ALLOCATE
-aws ec2 associate-address --region `cat /etc/aws_region` --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id `cat /etc/eip_allocation_id`
-				EIP_ALLOCATE
-			end
-			script += "\nservice spot-watcher start" if spot_price and ec2_sns_arn
-			raise "ec2: ingress option needs to be an array" if !ingress.is_a? Array
-			raise "ec2: egress option needs to be an array" if !egress.is_a? Array
-			web_sec_group = make "AWS::EC2::SecurityGroup" do
-				GroupDescription "Security group for layer: #{layer}"
-				SecurityGroupIngress ingress
-				SecurityGroupEgress egress
-				VpcId network.vpc
-			end
-			wait_handle = make "AWS::CloudFormation::WaitConditionHandle"
-			user_data = initscript(wait_handle, name, script)
-			role_policy_doc = {
-				"Version" => "2012-10-17",
-				"Statement" => [{
-					"Effect" => "Allow",
-					"Principal" => {"Service" => ["ec2.amazonaws.com"]},
-					"Action" => ["sts:AssumeRole"]
-				}]
-			}
-			asg_role = make "AWS::IAM::Role" do
-				AssumeRolePolicyDocument role_policy_doc
-				Path "/"
-				Policies [{
-					"PolicyName" => "root",
-					"PolicyDocument" => {
-						"Version" => "2012-10-17",
-						"Statement" => [{
-							"Effect" => "Allow",
-							"Action" => ["sns:Publish"],
-							"Resource" => "*"
-						},
-						{
-							"Effect" => "Allow",
-							"Action" => ["s3:DeleteObject", "s3:GetObject", "s3:PutObject"],
-							"Resource" => "arn:aws:s3:::#{bucket_name}/uploads/*"
-						},
-						{
-							"Effect" => "Allow",
-							"Action" => [
-								"ec2:AllocateAddress",
-								"ec2:AssociateAddress",
-								"ec2:DescribeAddresses",
-								"ec2:DisassociateAddress"
-							],
-							"Resource" => "*"
-						},
-						{
-							"Effect" => "Allow",
-							"Action" => [
-								"ecs:DeregisterContainerInstance",
-								"ecs:DiscoverPollEndpoint",
-								"ecs:Poll",
-								"ecs:RegisterContainerInstance",
-								"ecs:StartTelemetrySession",
-								"ecs:Submit*",
-								"ecr:GetAuthorizationToken",
-								"ecr:BatchCheckLayerAvailability",
-								"ecr:GetDownloadUrlForLayer",
-								"ecr:BatchGetImage",
-								"logs:CreateLogStream",
-								"logs:PutLogEvents"
-							],
-							"Resource": "*"
-						}] + policies
-					}
-				}]
-			end
-			asg_profile = make "AWS::IAM::InstanceProfile" do
-				Path "/"
-				Roles [ asg_role ]
-			end
-			launch_config = make "AWS::AutoScaling::LaunchConfiguration" do
-				AssociatePublicIpAddress has_public_ips
-				KeyName keypair
-				SecurityGroups [ web_sec_group ]
-				ImageId ami_name
-				UserData user_data
-				InstanceType type
-				IamInstanceProfile asg_profile
-				SpotPrice spot_price if spot_price
-				BlockDeviceMappings [{
-						"DeviceName" => ebs_root_device,
-						"Ebs" => {
-								"VolumeType" => vol_type,
-								"VolumeSize" => vol_size,
-							}
-					}]
-			end
-			zones_used = network.azs
-			subnet_ids = network.subnets[layer].map { |x| x[:name] }
-			if zone
-				# if we only specified a single zone, then we have to do some processing
-				res = define_custom_resource(name: "SubnetIdentifierCodeFor#{name}", code: <<-CODE
+      CODE
+                                            )
+      size_1 = make_custom switcher1_src, name: 'ASGSelector1Value' do
+        DateTime update_time
+      end
+      size_2 = make_custom switcher2_src, name: 'ASGSelector2Value' do
+        DateTime update_time
+      end
+      make_autoscaling_group(
+        type: spot,
+        network: network,
+        layer: 'ecs',
+        zone: spot.Zone,
+        spot_price: price,
+        min_size: size_1,
+        ec2_sns_arn: ec2_sns_arn,
+        ecs_cluster: ecs_cluster,
+        eip: eip, &block
+      )
+      make_autoscaling_group(
+        type: spot,
+        network: network,
+        layer: 'ecs',
+        zone: spot.Zone,
+        spot_price: price,
+        min_size: size_2,
+        ec2_sns_arn: ec2_sns_arn,
+        ecs_cluster: ecs_cluster,
+        eip: eip
+      )
+    end
+    def make_autoscaling_group(
+      network:,
+      layer:,
+      zone: nil,
+      type: 'm3.medium',
+      name: nil,
+      elb: nil,
+      min_size: 1,
+      max_size: min_size,
+      vol_size: 10,
+      vol_type: 'gp2',
+      keypair: @master_key_name,
+      has_public_ips: true,
+      ingress: nil,
+      egress: nil,
+      machine_tag: nil,
+      ec2_sns_arn: nil,
+      ami_name: nil,
+      ebs_root_device: nil,
+      spot_price: nil,
+      script: nil,
+      ecs_cluster: nil,
+      docker_username: '',
+      docker_email: '',
+      docker_password: '',
+      eip: nil,
+      policies: [],
+      &block
+    )
+      if ami_name.nil?
+        @ami_lookup_resources ||= {}
+        unless @ami_lookup_resources[type]
+          @ami_lookup_resources[type] = make 'Custom::AMILookup' do
+            InstanceType type
+          end
+        end
+        ami_name = @ami_lookup_resources[type]
+        if ebs_root_device.nil?
+          ebs_root_device = @ami_lookup_resources[type].RootDeviceName
+   end
+      end
+      tasks = EC2Tasks.new(@bucket_name, &block)
+      task_script = tasks.script
+      ingress ||= [allow_port(:all)]
+      egress ||= [allow_port(:all)]
+      machine_tag ||= ref('AWS::StackName')
+      name ||= make_default_resource_name('AutoScalingGroup')
+      script ||= ''
+      bucket_name = @bucket_name
+      script += "\n#{task_script}\n"
+      if ecs_cluster
+        script += <<~ECS_START
+          yum update
+          yum groupinstall "Development Tools"
+          yum install -y python screen git gcc-c++ ecs-init
+          curl -sSL https://get.docker.com/ | sh
+          cp /ecs.config /etc/ecs/ecs.config
+          service docker start
+          start ecs
+          curl http://localhost:51678/v1/metadata > /home/ec2-user/ecs_info
+        ECS_START
+      end
+      if eip
+        script += <<~EIP_ALLOCATE
+          aws ec2 associate-address --region `cat /etc/aws_region` --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id `cat /etc/eip_allocation_id`
+        EIP_ALLOCATE
+      end
+      script += "\nservice spot-watcher start" if spot_price && ec2_sns_arn
+      unless ingress.is_a? Array
+        raise 'ec2: ingress option needs to be an array'
+       end
+      raise 'ec2: egress option needs to be an array' unless egress.is_a? Array
+      web_sec_group = make 'AWS::EC2::SecurityGroup' do
+        GroupDescription "Security group for layer: #{layer}"
+        SecurityGroupIngress ingress
+        SecurityGroupEgress egress
+        VpcId network.vpc
+      end
+      wait_handle = make 'AWS::CloudFormation::WaitConditionHandle'
+      user_data = initscript(wait_handle, name, script)
+      role_policy_doc = {
+        'Version' => '2012-10-17',
+        'Statement' => [{
+          'Effect' => 'Allow',
+          'Principal' => { 'Service' => ['ec2.amazonaws.com'] },
+          'Action' => ['sts:AssumeRole']
+        }]
+      }
+      asg_role = make 'AWS::IAM::Role' do
+        AssumeRolePolicyDocument role_policy_doc
+        Path '/'
+        Policies [{
+          'PolicyName' => 'root',
+          'PolicyDocument' => {
+            'Version' => '2012-10-17',
+            'Statement' => [{
+              'Effect' => 'Allow',
+              'Action' => ['sns:Publish'],
+              'Resource' => '*'
+            },
+                            {
+                              'Effect' => 'Allow',
+                              'Action' => ['s3:DeleteObject', 's3:GetObject', 's3:PutObject'],
+                              'Resource' => "arn:aws:s3:::#{bucket_name}/uploads/*"
+                            },
+                            {
+                              'Effect' => 'Allow',
+                              'Action' => [
+                                'ec2:AllocateAddress',
+                                'ec2:AssociateAddress',
+                                'ec2:DescribeAddresses',
+                                'ec2:DisassociateAddress'
+                              ],
+                              'Resource' => '*'
+                            },
+                            {
+                              'Effect' => 'Allow',
+                              'Action' => [
+                                'ecs:DeregisterContainerInstance',
+                                'ecs:DiscoverPollEndpoint',
+                                'ecs:Poll',
+                                'ecs:RegisterContainerInstance',
+                                'ecs:StartTelemetrySession',
+                                'ecs:Submit*',
+                                'ecr:GetAuthorizationToken',
+                                'ecr:BatchCheckLayerAvailability',
+                                'ecr:GetDownloadUrlForLayer',
+                                'ecr:BatchGetImage',
+                                'logs:CreateLogStream',
+                                'logs:PutLogEvents'
+                              ],
+                              "Resource": '*'
+                            }] + policies
+          }
+        }]
+      end
+      asg_profile = make 'AWS::IAM::InstanceProfile' do
+        Path '/'
+        Roles [asg_role]
+      end
+      launch_config = make 'AWS::AutoScaling::LaunchConfiguration' do
+        AssociatePublicIpAddress has_public_ips
+        KeyName keypair
+        SecurityGroups [web_sec_group]
+        ImageId ami_name
+        UserData user_data
+        InstanceType type
+        IamInstanceProfile asg_profile
+        SpotPrice spot_price if spot_price
+        BlockDeviceMappings [{
+          'DeviceName' => ebs_root_device,
+          'Ebs' => {
+            'VolumeType' => vol_type,
+            'VolumeSize' => vol_size
+          }
+        }]
+      end
+      zones_used = network.azs
+      subnet_ids = network.subnets[layer].map { |x| x[:name] }
+      if zone
+        # if we only specified a single zone, then we have to do some processing
+        res = define_custom_resource(name: "SubnetIdentifierCodeFor#{name}", code: <<-CODE
 					var ids = {};
 					var zones = request.ResourceProperties.SubnetZones;
 					for (var i=0;i<zones.length;i++)
@@ -436,99 +436,98 @@ aws ec2 associate-address --region `cat /etc/aws_region` --instance-id `curl htt
 					}
 					Cloudformation.send(request, context, Cloudformation.SUCCESS, {}, "Success", ids[request.ResourceProperties.Zone]);
-				CODE
-				)
-				identifier = make_custom res, name: "SubnetIdentifierFor#{name}" do
-					SubnetIds network.subnets[layer].map { |x| x[:name] }
-					SubnetZones network.subnets[layer].map { |x| x[:zone] }
-					Zone zone
-				end
-				zones_used = [ zone ]
-				subnet_ids = [ identifier ]
-			end
-			asg = make "AWS::AutoScaling::AutoScalingGroup", name: name do
-				depends_on network.attachment
-				AvailabilityZones zones_used
-				Cooldown 30
-				MinSize min_size
-				MaxSize max_size
-				VPCZoneIdentifier subnet_ids
-				LaunchConfigurationName launch_config
-				LoadBalancerNames [ elb ] if elb
-				NotificationConfigurations [
-					{
-						"NotificationTypes" => [
-							"autoscaling:EC2_INSTANCE_LAUNCH",
-							"autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
-							"autoscaling:EC2_INSTANCE_TERMINATE",
-							"autoscaling:EC2_INSTANCE_TERMINATE_ERROR",
-							"autoscaling:TEST_NOTIFICATION"
-						],
-						"TopicARN" => ec2_sns_arn
-					}
-				] if ec2_sns_arn
-				file "/etc/aws_region", content: "{{ region }}", context: {
-					region: ref("AWS::Region")
-				}
-				if ec2_sns_arn
-					file "/etc/sns_arn", content: "{{ sns_arn }}", context: {
-						sns_arn: ec2_sns_arn
-					}
-				end
-				if eip
-					file "/etc/eip_allocation_id", content: "{{ id }}", context: {
-						id: eip.AllocationId
-					}
-				end
-				if spot_price and ec2_sns_arn
-					watcher = File.read( File.join( Gem.loaded_specs['sumomo'].full_gem_path, "data", "sumomo", "sources", "spot-watcher.sh" ) )
-					poller = File.read( File.join( Gem.loaded_specs['sumomo'].full_gem_path, "data", "sumomo", "sources", "spot-watcher-poller.sh" ) )
-					file "/etc/init.d/spot-watcher", content: watcher, mode: "000700"
-					file "/bin/spot-watcher", content: poller, mode: "000700", context: {
-						sns_arn: ec2_sns_arn,
-						region: ref("AWS::Region")
-					}
-				end
-				if ecs_cluster
-					ecs_config = <<-CONFIG
-ECS_CLUSTER={{cluster_name}}
-ECS_ENGINE_AUTH_TYPE=docker
-ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"{{docker_username}}","password":"{{docker_password}}","email":"{{docker_email}}"}}
-					CONFIG
-					file "/ecs.config", content: ecs_config, context: {
-						cluster_name: ecs_cluster,
-						docker_username: docker_username,
-						docker_password: docker_password,
-						docker_email: docker_email
-					}
-				end
-				tag "Name", machine_tag, propagate_at_launch: true
-				tasks.tags.each do |t|
-					tag t[0], t[1], propagate_at_launch: true
-				end
-			end
-			asg
-		end
-	end
-end
+        CODE
+                                    )
+        identifier = make_custom res, name: "SubnetIdentifierFor#{name}" do
+          SubnetIds network.subnets[layer].map { |x| x[:name] }
+          SubnetZones network.subnets[layer].map { |x| x[:zone] }
+          Zone zone
+        end
+        zones_used = [zone]
+        subnet_ids = [identifier]
+      end
+      asg = make 'AWS::AutoScaling::AutoScalingGroup', name: name do
+        depends_on network.attachment
+        AvailabilityZones zones_used
+        Cooldown 30
+        MinSize min_size
+        MaxSize max_size
+        VPCZoneIdentifier subnet_ids
+        LaunchConfigurationName launch_config
+        LoadBalancerNames [elb] if elb
+        if ec2_sns_arn
+          NotificationConfigurations [
+            {
+              'NotificationTypes' => [
+                'autoscaling:EC2_INSTANCE_LAUNCH',
+                'autoscaling:EC2_INSTANCE_LAUNCH_ERROR',
+                'autoscaling:EC2_INSTANCE_TERMINATE',
+                'autoscaling:EC2_INSTANCE_TERMINATE_ERROR',
+                'autoscaling:TEST_NOTIFICATION'
+              ],
+              'TopicARN' => ec2_sns_arn
+            }
+          ]
+        end
+        file '/etc/aws_region', content: '{{ region }}', context: {
+          region: ref('AWS::Region')
+        }
+        if ec2_sns_arn
+          file '/etc/sns_arn', content: '{{ sns_arn }}', context: {
+            sns_arn: ec2_sns_arn
+          }
+        end
+        if eip
+          file '/etc/eip_allocation_id', content: '{{ id }}', context: {
+            id: eip.AllocationId
+          }
+        end
+        if spot_price && ec2_sns_arn
+          watcher = File.read(File.join(Gem.loaded_specs['sumomo'].full_gem_path, 'data', 'sumomo', 'sources', 'spot-watcher.sh'))
+          poller = File.read(File.join(Gem.loaded_specs['sumomo'].full_gem_path, 'data', 'sumomo', 'sources', 'spot-watcher-poller.sh'))
+          file '/etc/init.d/spot-watcher', content: watcher, mode: '000700'
+          file '/bin/spot-watcher', content: poller, mode: '000700', context: {
+            sns_arn: ec2_sns_arn,
+            region: ref('AWS::Region')
+          }
+        end
+        if ecs_cluster
+          ecs_config = <<~CONFIG
+            ECS_CLUSTER={{cluster_name}}
+            ECS_ENGINE_AUTH_TYPE=docker
+            ECS_ENGINE_AUTH_DATA={"https://index.docker.io/v1/":{"username":"{{docker_username}}","password":"{{docker_password}}","email":"{{docker_email}}"}}
+          CONFIG
+          file '/ecs.config', content: ecs_config, context: {
+            cluster_name: ecs_cluster,
+            docker_username: docker_username,
+            docker_password: docker_password,
+            docker_email: docker_email
+          }
+        end
+        tag 'Name', machine_tag, propagate_at_launch: true
+        tasks.tags.each do |t|
+          tag t[0], t[1], propagate_at_launch: true
+        end
+      end
+      asg
+    end
+  end
+end