Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
//
// Note that the VPC has been tagged appropriately.
const defaultVpc = new aws.ec2.Vpc("default", {
cidrBlock: "10.0.0.0/16", // Just one CIDR block
enableDnsHostnames: true, // Definitely want DNS hostnames.
// The tag collection for this VPC.
tags: {
// Ensure that we tag this VPC with a Name.
Name: "test",
},
});
// Use some data sources.
const defaultSubnetIds = defaultVpc.id.apply(id => aws.ec2.getSubnetIds({
vpcId: id,
}, { async: true }));
const defaultAvailabilityZones = pulumi.output(aws.getAvailabilityZones({ async: true }));
const defaultAvailabilityZone: pulumi.Output[] = [];
for (let i = 0; i < defaultAvailabilityZones.apply(defaultAvailabilityZones => defaultAvailabilityZones.ids.length); i++) {
defaultAvailabilityZone.push(defaultAvailabilityZones.apply(defaultAvailabilityZones => aws.getAvailabilityZone({
zoneId: defaultAvailabilityZones.zoneIds[i],
}, { async: true })));
}
// The VPC details
const vpc = [{
// The ID
id: defaultVpc.id,
}];
// The region, again
const region = awsRegion; // why not
// Create a security group.
//
// This group should allow SSH and HTTP access.
// Copyright 2016-2019, Pulumi Corporation. All rights reserved.
const pulumi = require("@pulumi/pulumi");
const linode = require("@pulumi/linode");
const debian9 = "linode/debian9";
// (optional) create a simple web server using a startup script for the instance
const startupScript = `#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &`;
const profile = pulumi.output(linode.getProfile({ async: true }));
const stackscript = new linode.StackScript("simple-server", {
label: "simple-server",
script: startupScript,
description: "SimpleHTTPServer example StackScript",
images: [debian9],
});
const linodeInstance = new linode.Instance("instance", {
instanceType: "g6-nanode-1",
stackscriptId: stackscript,
image: debian9,
region: "us-east",
// Include all "LISH" registered SSH Keys
authorizedKeys: profile.authorizedKeys,
// Include all User configured SSH Keys
});
}
// Create an instance profile if using a default node group
if (!args.skipDefaultNodeGroup) {
instanceProfile = new aws.iam.InstanceProfile(`${name}-instanceProfile`, {
role: instanceRole,
}, { parent: parent });
}
instanceRoleMappings = pulumi.output(instanceRole).apply(role =>
[createInstanceRoleMapping(role.arn)],
);
}
const roleMappings = pulumi.all([pulumi.output(args.roleMappings || []), instanceRoleMappings])
.apply(([mappings, instanceMappings]) => {
return jsyaml.safeDump([...mappings, ...instanceMappings].map(m => ({
rolearn: m.roleArn,
username: m.username,
groups: m.groups,
})));
});
const nodeAccessData: any = {
mapRoles: roleMappings,
};
if (args.userMappings !== undefined) {
nodeAccessData.mapUsers = pulumi.output(args.userMappings).apply(mappings => {
return jsyaml.safeDump(mappings.map(m => ({
userarn: m.userArn,
username: m.username,
groups: m.groups,
// Create the full name of our CloudFormation stack here explicitly. Since the CFN stack
// references the launch configuration and vice-versa, we use this to break the cycle.
// TODO[pulumi/pulumi#381]: Creating an S3 bucket is an inelegant way to get a durable,
// unique name.
const stackName = pulumi.output(args.stackName!) || new aws.s3.Bucket(name).id;
// Use the instance provided, or create a new one.
const instanceProfile = getInstanceProfile(cluster, args);
super(name, {
...args,
imageId: getEcsAmiId(args.ecsOptimizedAMIName),
instanceType: pulumi.output(args.instanceType).apply(t => t || "t2.micro"),
keyName: args.keyName,
iamInstanceProfile: instanceProfile.id,
enableMonitoring: pulumi.output(args.enableMonitoring).apply(b => b !== undefined ? b : true),
placementTenancy: pulumi.output(args.placementTenancy).apply(t => t || "default"),
rootBlockDevice: pulumi.output(args.rootBlockDevice).apply(d => d || defaultRootBlockDevice),
ebsBlockDevices: pulumi.output(args.ebsBlockDevices).apply(d => d || defaultEbsBlockDevices),
securityGroups: pulumi.output(args.securityGroups).apply(g => g || [ cluster.instanceSecurityGroup.id ]),
userData: getInstanceUserData(cluster, args, stackName),
}, opts);
this.cluster = cluster;
this.stackName = stackName;
this.instanceProfile = instanceProfile;
this.fileSystem = args.fileSystem;
}
? Array.isArray(opts.dependsOn) ? opts.dependsOn : [opts.dependsOn]
: [];
dependsOn.push(args.autoScalingGroup);
opts.dependsOn = dependsOn;
}
super(name, {
...args,
cluster: cluster.arn,
taskDefinition: args.taskDefinition.arn,
loadBalancers: loadBalancers,
desiredCount: pulumi.output(args.desiredCount).apply(c => c === undefined ? 1 : c),
launchType: pulumi.output(args.launchType).apply(t => t || "EC2"),
waitForSteadyState: pulumi.output(args.waitForSteadyState).apply(w => w !== undefined ? w : true),
placementConstraints: pulumi.output(args.os).apply(os => mod.placementConstraintsForHost(isFargate, os)),
}, opts);
this.clusterInstance = cluster;
this.taskDefinitionInstance = args.taskDefinition;
this.autoScalingGroup = args.autoScalingGroup;
this.endpoints = args.taskDefinition.endpoints;
this.defaultEndpoint = args.taskDefinition.defaultEndpoint;
this.getEndpoint = (name, port) => args.taskDefinition.getEndpoint(name, port);
}
}
constructor(name: string, args: ServiceRoleArgs, opts?: pulumi.ResourceOptions) {
super("ServiceRole", name, args, opts);
const assumeRolePolicy = pulumi.output(args.service).apply(service => JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"sts:AssumeRole",
],
Effect: "Allow",
Principal: {
Service: [ service ],
},
}],
}));
const role = new aws.iam.Role(`${name}-role`, {
description: args.description,
assumeRolePolicy: assumeRolePolicy,
}, { parent: this });
const rolePolicyAttachments = [];
let inputs: pulumi.Inputs = {};
{
inputs["accessKey"] = args ? args.accessKey : undefined;
inputs["allowedAccountIds"] = pulumi.output(args ? args.allowedAccountIds : undefined).apply(JSON.stringify);
inputs["assumeRole"] = pulumi.output(args ? args.assumeRole : undefined).apply(JSON.stringify);
inputs["endpoints"] = pulumi.output(args ? args.endpoints : undefined).apply(JSON.stringify);
inputs["forbiddenAccountIds"] = pulumi.output(args ? args.forbiddenAccountIds : undefined).apply(JSON.stringify);
inputs["insecure"] = pulumi.output(args ? args.insecure : undefined).apply(JSON.stringify);
inputs["maxRetries"] = pulumi.output(args ? args.maxRetries : undefined).apply(JSON.stringify);
inputs["profile"] = args ? args.profile : undefined;
inputs["region"] = (args ? args.region : undefined) || utilities.getEnv("AWS_REGION", "AWS_DEFAULT_REGION");
inputs["s3ForcePathStyle"] = pulumi.output(args ? args.s3ForcePathStyle : undefined).apply(JSON.stringify);
inputs["secretKey"] = args ? args.secretKey : undefined;
inputs["sharedCredentialsFile"] = args ? args.sharedCredentialsFile : undefined;
inputs["skipCredentialsValidation"] = pulumi.output(args ? args.skipCredentialsValidation : undefined).apply(JSON.stringify);
inputs["skipGetEc2Platforms"] = pulumi.output(args ? args.skipGetEc2Platforms : undefined).apply(JSON.stringify);
inputs["skipMetadataApiCheck"] = pulumi.output(args ? args.skipMetadataApiCheck : undefined).apply(JSON.stringify);
inputs["skipRegionValidation"] = pulumi.output(args ? args.skipRegionValidation : undefined).apply(JSON.stringify);
inputs["skipRequestingAccountId"] = pulumi.output(args ? args.skipRequestingAccountId : undefined).apply(JSON.stringify);
inputs["token"] = args ? args.token : undefined;
}
super("aws", name, inputs, opts);
}
}
if (!args.container && !args.containers) {
throw new Error("Either [container] or [containers] must be provided");
}
const containers = args.containers || { container: args.container! };
const computedMemoryAndCPU = computeFargateMemoryAndCPU(containers);
const computedMemory = computedMemoryAndCPU.apply(x => x.memory);
const computedCPU = computedMemoryAndCPU.apply(x => x.cpu);
super(name, cluster, {
...args,
containers,
requiresCompatibilities: ["FARGATE"],
networkMode: "awsvpc",
memory: pulumi.output(args.memory).apply(memory => memory || computedMemory),
cpu: pulumi.output(args.cpu).apply(cpu => cpu || computedCPU),
}, /*isFargate:*/ false, opts);
}
constructor(args: MetricArgs, resource?: pulumi.Resource) {
this.resource = resource;
this.name = pulumi.output(args.name);
this.dimensions = pulumi.output(args.dimensions);
this.namespace = pulumi.output(args.namespace);
this.period = utils.ifUndefined(args.period, 60).apply(validatePeriod);
this.statistic = pulumi.all([args.statistic, args.extendedStatistic])
.apply(([statistic, extendedStatistic]) => validateStatistics(statistic, extendedStatistic));
this.extendedStatistic = pulumi.output(args.extendedStatistic).apply(validateExtendedStatistic);
this.unit = pulumi.output(args.unit);
}
);
}
const roleMappings = pulumi.all([pulumi.output(args.roleMappings || []), instanceRoleMappings])
.apply(([mappings, instanceMappings]) => {
return jsyaml.safeDump([...mappings, ...instanceMappings].map(m => ({
rolearn: m.roleArn,
username: m.username,
groups: m.groups,
})));
});
const nodeAccessData: any = {
mapRoles: roleMappings,
};
if (args.userMappings !== undefined) {
nodeAccessData.mapUsers = pulumi.output(args.userMappings).apply(mappings => {
return jsyaml.safeDump(mappings.map(m => ({
userarn: m.userArn,
username: m.username,
groups: m.groups,
})));
});
}
const eksNodeAccess = new k8s.core.v1.ConfigMap(`${name}-nodeAccess`, {
apiVersion: "v1",
metadata: {
name: `aws-auth`,
namespace: "kube-system",
},
data: nodeAccessData,
}, { parent: parent, provider: provider });