Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
opsworks,
policies,
rds,
redshift,
route53,
s3,
sdb,
sns,
sqs,
ssm,
waf,
workspaces,
]
CLOUDFORMATION_FUNCTIONS = [
Base64, FindInMap, GetAtt, GetAZs, If, Equals, And, Or, Not, Join, Sub, Split, Select, Ref, Condition, ImportValue,
Export, Tags
]
CLOUDFORMATION_DECLARATIONS = [Output, Parameter]
origin_domain_name = GetAtt("LoadBalancer", "DNSName")
if origin_domain_name:
app_uses_cloudfront = template.add_parameter(
Parameter(
"AppUsesCloudFront",
Description="Whether or not to create a CloudFront distribution in front of your application server.",
Type="String",
AllowedValues=["true", "false"],
Default="false",
),
group="Application Server",
label="Enable CloudFront",
)
app_uses_cloudfront_condition = "AppUsesCloudFrontCondition"
template.add_condition(app_uses_cloudfront_condition, Equals(Ref(app_uses_cloudfront), "true"))
app_protocol_policy = template.add_parameter(
Parameter(
"AppCloudFrontProtocolPolicy",
Description="The protocols allowed by the application server's CloudFront distribution. See: "
"http://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DefaultCacheBehavior.html",
Type="String",
AllowedValues=["redirect-to-https", "https-only", "allow-all"],
Default="redirect-to-https",
),
group="Application Server",
label="CloudFront Protocol Policy",
)
# Currently, you can specify only certificates that are in the US East (N. Virginia) region.
# http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html
use_aes256_encryption_cond = "UseAES256EncryptionCond"
template.add_condition(use_aes256_encryption_cond, Equals(use_aes256_encryption, "true"))
cmk_arn = template.add_parameter(
Parameter(
"CustomerManagedCmkArn",
Description="KMS CMK ARN to encrypt stack resources (except for public buckets).",
Type="String",
Default="",
),
group="Global",
label="Customer managed key ARN",
)
use_cmk_arn = "CmkArnCondition"
template.add_condition(use_cmk_arn, Not(Equals(Ref(cmk_arn), "")))
use_vol[i] = t.add_condition("UseVol%s" % (i + 1), Not(Equals(Select("0", Ref(raid_options)), "NONE")))
else:
use_vol[i] = t.add_condition(
"UseVol%s" % (i + 1),
And(Not(Equals(Select("2", Ref(raid_options)), str(i))), Condition(use_vol[i - 1])),
)
use_ebs_iops = t.add_condition("Vol%s_UseEBSPIOPS" % (i + 1), Equals(Select("3", Ref(raid_options)), "io1"))
use_volume_size = t.add_condition(
"Vol%s_UseVolumeSize" % (i + 1), Not(Equals(Select("4", Ref(raid_options)), "NONE"))
)
use_volume_type = t.add_condition(
"Vol%s_UseVolumeType" % (i + 1), Not(Equals(Select("3", Ref(raid_options)), "NONE"))
)
use_ebs_encryption = t.add_condition(
"Vol%s_UseEBSEncryption" % (i + 1), Equals(Select("6", Ref(raid_options)), "true")
)
use_ebs_kms_key = t.add_condition(
"Vol%s_UseEBSKMSKey" % (i + 1),
And(Condition(use_ebs_encryption), Not(Equals(Select("7", Ref(raid_options)), "NONE"))),
)
v[i] = t.add_resource(
ec2.Volume(
"Volume%s" % (i + 1),
AvailabilityZone=Ref(availability_zone),
VolumeType=If(use_volume_type, Select("3", Ref(raid_options)), "gp2"),
Size=If(use_volume_size, Select("4", Ref(raid_options)), 20),
Iops=If(use_ebs_iops, Select("5", Ref(raid_options)), NoValue),
Encrypted=If(use_ebs_encryption, Select("6", Ref(raid_options)), NoValue),
KmsKeyId=If(use_ebs_kms_key, Select("7", Ref(raid_options)), NoValue),
Condition=use_vol[i],
)
# Deploy Actions
[ deploy_stage,
self.s3_deploy_assume_role_statement,
self.codedeploy_deploy_assume_role_statement,
self.ecs_deploy_assume_role_statement ] = self.init_deploy_stage(deploy_region)
# Manual Deploy Enabled/Disable
manual_approval_enabled_param = self.create_cfn_parameter(
param_type='String',
name='ManualApprovalEnabled',
description='Boolean indicating whether a manual approval is enabled or not.',
value=self.manual_approval_is_enabled,
)
self.template.add_condition(
'ManualApprovalIsEnabled',
troposphere.Equals(troposphere.Ref(manual_approval_enabled_param), 'true')
)
pipeline_stages = []
if source_stage != None: pipeline_stages.append(source_stage)
if build_stage != None: pipeline_stages.append(build_stage)
if deploy_stage != None: pipeline_stages.append(deploy_stage)
pipeline_service_role_res = self.add_pipeline_service_role()
pipeline_res = troposphere.codepipeline.Pipeline(
title='BuildCodePipeline',
template=self.template,
DependsOn='CodePipelinePolicy',
RoleArn=troposphere.GetAtt(pipeline_service_role_res, 'Arn'),
Name=troposphere.Ref(self.resource_name_prefix_param),
Stages=pipeline_stages,
ArtifactStore=troposphere.codepipeline.ArtifactStore(
"UseUserProvidedComputeSubnet", Not(Equals(Ref(compute_subnet_id), "NONE"))
)
# Need to create compute mount target if:
# user is providing a compute subnet and
# there is no existing MT in compute subnet's AZ(includes case where master AZ == compute AZ).
#
# If user is not providing a compute subnet, either we are using the master subnet as compute subnet,
# or we will be creating a compute subnet that is in the same AZ as master subnet,
# see ComputeSubnet resource in the main stack.
# In both cases no compute MT is needed.
create_compute_mt = t.add_condition(
"CreateComputeMT", And(Condition(use_user_provided_compute_subnet), Condition(no_mt_in_compute_az))
)
use_performance_mode = t.add_condition("UsePerformanceMode", Not(Equals(Select(str(2), Ref(efs_options)), "NONE")))
use_efs_encryption = t.add_condition("UseEFSEncryption", Equals(Select(str(5), Ref(efs_options)), "true"))
use_efs_kms_key = t.add_condition(
"UseEFSKMSKey", And(Condition(use_efs_encryption), Not(Equals(Select(str(3), Ref(efs_options)), "NONE")))
)
use_throughput_mode = t.add_condition("UseThroughputMode", Not(Equals(Select(str(6), Ref(efs_options)), "NONE")))
use_provisioned = t.add_condition("UseProvisioned", Equals(Select(str(6), Ref(efs_options)), "provisioned"))
use_provisioned_throughput = t.add_condition(
"UseProvisionedThroughput",
And(Condition(use_provisioned), Not(Equals(Select(str(4), Ref(efs_options)), "NONE"))),
)
fs = t.add_resource(
FileSystem(
"EFSFS",
PerformanceMode=If(use_performance_mode, Select(str(2), Ref(efs_options)), NoValue),
ProvisionedThroughputInMibps=If(use_provisioned_throughput, Select(str(4), Ref(efs_options)), NoValue),
ThroughputMode=If(use_throughput_mode, Select(str(6), Ref(efs_options)), NoValue),
))
use_aes256_encryption = Ref(template.add_parameter(
Parameter(
"UseAES256Encryption",
Description="Whether or not to use server side encryption for S3, EBS, and RDS. "
"When true, encryption is enabled for all resources.",
Type="String",
AllowedValues=["true", "false"],
Default="false",
),
group="Global",
label="Enable Encryption",
))
use_aes256_encryption_cond = "UseAES256EncryptionCond"
template.add_condition(use_aes256_encryption_cond, Equals(use_aes256_encryption, "true"))
cmk_arn = template.add_parameter(
Parameter(
"CustomerManagedCmkArn",
Description="KMS CMK ARN to encrypt stack resources (except for public buckets).",
Type="String",
Default="",
),
group="Global",
label="Customer managed key ARN",
)
use_cmk_arn = "CmkArnCondition"
template.add_condition(use_cmk_arn, Not(Equals(Ref(cmk_arn), "")))
"CreateSNSTopic",
And(Equals(Ref("EventsSNSTopicName"), ""),
Condition("EnableSNSEvents")))
t.add_condition(
"EnableCloudwatchLogs",
Equals(Ref("RunLogsBackend"), "cloudwatch"))
t.add_condition(
"CreateRunLogsGroup",
And(Equals(Ref("RunLogsCloudwatchGroup"), ""),
Condition("EnableCloudwatchLogs")))
t.add_condition(
"EnableAppEventStream",
Equals(Ref("LogsStreamer"), "kinesis"))
t.add_condition(
"RequireCommitMessages",
Equals(Ref("RequireCommitMessages"), "true"))
def create_template(self):
"""Create template (main function called by Stacker)."""
template = self.template
variables = self.get_variables()
self.template.set_version('2010-09-09')
self.template.set_description('Terraform State Resources')
# Conditions
for i in ['BucketName', 'TableName']:
template.add_condition(
"%sOmitted" % i,
Or(Equals(variables[i].ref, ''),
Equals(variables[i].ref, 'undefined'))
)
# Resources
terraformlocktable = template.add_resource(
dynamodb.Table(
'TerraformStateTable',
AttributeDefinitions=[
dynamodb.AttributeDefinition(
AttributeName='LockID',
AttributeType='S'
)
],
KeySchema=[
dynamodb.KeySchema(
AttributeName='LockID',
KeyType='HASH'
"FSXOptions",
Type="CommaDelimitedList",
Description="Comma separated list of fsx related options, 8 parameters in total, [shared_dir,fsx_fs_id,storage_capacity,fsx_kms_key_id,imported_file_chunk_size,export_path,import_path,weekly_maintenance_start_time]",
)
)
compute_security_group = t.add_parameter(
Parameter("ComputeSecurityGroup", Type="String", Description="SecurityGroup for FSx filesystem")
)
subnet_id = t.add_parameter(Parameter("SubnetId", Type="String", Description="SubnetId for FSx filesystem"))
# ================= Conditions =================
create_fsx = t.add_condition(
"CreateFSX",
And(Not(Equals(Select(str(0), Ref(fsx_options)), "NONE")), Equals(Select(str(1), Ref(fsx_options)), "NONE")),
)
use_storage_capacity = t.add_condition("UseStorageCap", Not(Equals(Select(str(2), Ref(fsx_options)), "NONE")))
use_fsx_kms_key = t.add_condition("UseFSXKMSKey", Not(Equals(Select(str(3), Ref(fsx_options)), "NONE")))
use_imported_file_chunk_size = t.add_condition(
"UseImportedFileChunkSize", Not(Equals(Select(str(4), Ref(fsx_options)), "NONE"))
)
use_export_path = t.add_condition("UseExportPath", Not(Equals(Select(str(5), Ref(fsx_options)), "NONE")))
use_import_path = t.add_condition("UseImportPath", Not(Equals(Select(str(6), Ref(fsx_options)), "NONE")))
use_weekly_mainenance_start_time = t.add_condition(
"UseWeeklyMaintenanceStartTime", Not(Equals(Select(str(7), Ref(fsx_options)), "NONE"))
)
# ================= Resources =================
fs = t.add_resource(
FileSystem(