From 2f1bc408b76e54472d32facc1873b401c28a23c5 Mon Sep 17 00:00:00 2001 From: Luis Raul Espinoza Barboza Date: Thu, 10 Dec 2020 11:05:58 -0700 Subject: [PATCH] add cf scripts --- aws-cf-buckets.json | 38 ++++ aws-cf-rds.json | 121 +++++++++++++ aws-cf-several-services.json | 342 +++++++++++++++++++++++++++++++++++ aws-cloudformation.json | 4 +- 4 files changed, 503 insertions(+), 2 deletions(-) create mode 100644 aws-cf-buckets.json create mode 100644 aws-cf-rds.json create mode 100644 aws-cf-several-services.json diff --git a/aws-cf-buckets.json b/aws-cf-buckets.json new file mode 100644 index 0000000..fbbb115 --- /dev/null +++ b/aws-cf-buckets.json @@ -0,0 +1,38 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Transform": "AWS::Serverless-2016-10-31", + "Description": "create buckets", + + "Parameters": { + "prefixListName": { + "Description": "prefix for a service", + "Type": "CommaDelimitedList", + "Default": "s3, iamr,iamg,iamp,lamb,cf,cfrm,apig,wapf,dydb,rdsi,nsg,rds" + }, + "madeBy": { + "Description": "made by", + "Type": "String", + "Default": "luis.espinoza@facware.com" + } + }, + + "Resources": { + "s3Bucket": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketName": "bucketdemo", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ] + }, + "DeletionPolicy" : "Delete" + } + }, + + "Outputs" : { + "WebsiteURL" : { + "Value" : { "Fn::GetAtt" : [ "s3Bucket", "WebsiteURL" ] }, + "Description" : "URL to store source code" + } + } +} \ No newline at end of file diff --git a/aws-cf-rds.json b/aws-cf-rds.json new file mode 100644 index 0000000..ef1ea6b --- /dev/null +++ b/aws-cf-rds.json @@ -0,0 +1,121 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Transform": "AWS::Serverless-2016-10-31", + "Description": "RDS", + + "Parameters": { + "prefixListName": { + "Description": "prefix for a service", + "Type": "CommaDelimitedList", + "Default": "s3, iamr,iamg,iamp,lamb,cf,cfrm,apig,wapf,dydb,rdsi,nsg,rds" + }, + "madeBy": { + "Description": "made by", + "Type": "String", + "Default": "luis.espinoza@facware.com" + }, + + + "vpcSecurityGroups": { + "Type": "CommaDelimitedList", + "Description": "List of SecurityGroupIds (VPC)", + "Default": "sg-1" + }, + "dbEngine": { + "Description": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-engine", + "Type": "String", + "Default": "postgres" + }, + "dbVersion": { + "Description": "RDS -> Subnet groups", + "Type": "Number", + "Default": 11.8 + }, + "dbPort": { + "Description": "Port number", + "Type": "String", + "Default": "5432" + }, + "dBName": { + "Default": "facware", + "Description": "Data base name", + "Type": "String", + "MinLength": "1", + "MaxLength": "64", + "AllowedPattern": "[a-zA-Z][a-zA-Z0-9]*", + "ConstraintDescription": "Must begin with a letter and contain only alphanumeric characters." + }, + "dBInstanceClass": { + "Default": "db.t2.micro", + "Description": "DB instance class", + "Type": "String", + "ConstraintDescription": "Must select a valid DB instance type." + }, + "dBAllocatedStorage": { + "Default": "20", + "Description": "The size of the database (GiB)", + "Type": "Number", + "MinValue": "5", + "MaxValue": "1024", + + "ConstraintDescription": "must be between 20 and 65536 GiB." + }, + "dBUsername": { + "NoEcho": "true", + "Description": "Username for database access", + "Type": "String" + }, + "dBPassword": { + "NoEcho": "true", + "Description": "Password for database access", + "Type": "String" + } + }, + + "Resources": { + "dbSubnetGroup": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "RDS subnet group", + "SubnetIds": [ + "subnet-1", + "subnet-2" + ], + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ] + } + }, + "projectDatabase": { + "Type" : "AWS::RDS::DBInstance", + "Properties" : { + "AllocatedStorage" : { "Ref": "dBAllocatedStorage" }, + "AllowMajorVersionUpgrade" : false, + "AutoMinorVersionUpgrade" : true, + "BackupRetentionPeriod": 0, + "DBInstanceClass": { "Ref": "dBInstanceClass" }, + "DBInstanceIdentifier" : "rds-name", + "DBName": { "Ref": "dBName" }, + "DBSubnetGroupName": { "Ref": "dbSubnetGroup" }, + "DeleteAutomatedBackups" : true, + "DeletionProtection" : false, + "EnableIAMDatabaseAuthentication" : false, + "EnablePerformanceInsights" : false, + "Engine" : { "Ref": "dbEngine" }, + "EngineVersion" : { "Ref": "dbVersion" }, + "MasterUsername" : { "Ref": "dBUsername" }, + "MasterUserPassword" : { "Ref": "dBPassword" }, + "MultiAZ" : false, + "Port" : { "Ref": "dbPort" }, + "PubliclyAccessible" : false, + "StorageEncrypted" : false, + "StorageType" : "gp2", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ], + "VPCSecurityGroups" : { "Ref": "vpcSecurityGroups" } } + } + + } + +} \ No newline at end of file diff --git a/aws-cf-several-services.json b/aws-cf-several-services.json new file mode 100644 index 0000000..1239c36 --- /dev/null +++ b/aws-cf-several-services.json @@ -0,0 +1,342 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Transform": "AWS::Serverless-2016-10-31", + "Description": "backend and front end resources", + + "Parameters": { + "prefixListName": { + "Description": "prefix for a service", + "Type": "CommaDelimitedList", + "Default": "s3, iamr,iamg,iamp,lamb,cf,cfrm,apig,wapf,dydb,rdsi,nsg,rds" + }, + "madeBy": { + "Description": "made by", + "Type": "String", + "Default": "luis_espinoza@facware.com" + }, + "originAccessIdentity": { + "Description": "OAL for cloud drstribution", + "Type": "String", + "Default": "origin-access-identity/cloudfront/99CD7H123O051R" + }, + "apiEndpointType": { + "Description": "api gw type", + "Type": "String", + "Default": "REGIONAL" + }, + "environmentReference": { + "Description": "set environment for resources", + "Type": "String", + "Default": "Staging" + }, + "securityGroups": { + "Type": "CommaDelimitedList", + "Description": "The list of SecurityGroupIds VPC security group", + "Default": "sg-1" + }, + "subnetIds": { + "Type": "CommaDelimitedList", + "Description": "The list of Subnets Ids ", + "Default": "subnet-1, subnet-2" + }, + "vpcIds": { + "Type": "CommaDelimitedList", + "Description": "The list of VPC Ids", + "Default": "vpc-identifier001" + } + }, + + "Resources": { + "s3Bucket": { + "Type": "AWS::S3::Bucket", + "Properties": { + "AccessControl" : "PublicRead", + "BucketName": "bucket-client", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ], + "WebsiteConfiguration": { + "IndexDocument": "index.html", + "ErrorDocument" : "index.html" + } + } + }, + + "s3BucketPolicy" : { + "Type" : "AWS::S3::BucketPolicy", + "Properties" : { + "Bucket" : {"Ref" : "s3Bucket"}, + "PolicyDocument": { + "Statement":[{ + "Action":["s3:GetObject"], + "Effect":"Allow", + "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "s3Bucket" } , "/*" ]]}, + "Principal":"*" + }] + } + } + }, + + "lambdaIamRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com", + "edgelambda.amazonaws.com" + ] + } + } + ] + }, + "Description": "give permission to lambda function to execute, run under vpc", + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/AWSLambdaExecute", + "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess", + "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess", + "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", + "arn:aws:iam::aws:policy/AmazonS3FullAccess" + ], + "Path": "/", + "RoleName": "role1", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ] + } + }, + + "apiGatewayIamRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": [ + "apigateway.amazonaws.com" + ] + }, + "Action": "sts:AssumeRole" + } + ] + }, + "Description": "api role", + "Path": "/", + "Policies": [ + { + "PolicyName": "LambdaAccess", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "lambda:InvokeFunction", + "Resource": { "Fn::GetAtt" : [ "lambdaFunction", "Arn" ] } + } + ] + } + } + ], + + "RoleName": "role2", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ] + } + }, + + "lambdaFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucketdemo", + "S3Key": "backend/Api.zip" + }, + "Environment" : { + "Variables" : { + "ASPNETCORE_ENVIRONMENT" : { "Ref": "environmentReference" } + } + }, + "Handler": "assembly::namespace::FunctionHandlerAsync", + "Role": { "Fn::GetAtt": ["lambdaIamRole", "Arn"] }, + "Runtime": "dotnetcore3.1", + "FunctionName": "api-function", + "MemorySize": 512, + "Timeout": 300, + "Description": "Serverless to deploy the API ", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ], + "VpcConfig" : { + "SecurityGroupIds" : { "Ref": "securityGroups" }, + "SubnetIds" : { "Ref": "subnetIds" } + } + } + }, + + "lambdaFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": "bucketdemo", + "S3Key": "lambda-functions/function.zip" + }, + "Environment" : { + "Variables" : { + "ASPNETCORE_ENVIRONMENT" : { "Ref": "environmentReference" } + } + }, + "Handler": "assembly::namespace.Function::FunctionHandler", + "Role": { "Fn::GetAtt": ["lambdaIamRole", "Arn"] }, + "Runtime": "dotnetcore3.1", + "FunctionName": "lambda-function", + "MemorySize": 512, + "Timeout": 300, + "Description": "Function", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ], + "VpcConfig" : { + "SecurityGroupIds" : { "Ref": "securityGroups" }, + "SubnetIds" : { "Ref": "subnetIds" } + } + } + }, + + "apiGateway": { + "Type" : "AWS::ApiGateway::RestApi", + "Properties" : { + "ApiKeySourceType": "HEADER", + "BinaryMediaTypes" : [ "*/*", "application/octet-stream" ], + "Description" : "top 10 app interface to execute lambda function serverless", + "EndpointConfiguration": { + "Types": [ + { "Ref": "apiEndpointType"} + ] + }, + "Name" : "api-gateway", + "Tags":[ + { "Key" : "madeBy", "Value" : { "Ref": "madeBy" } } + ] + } + }, + + "resourceAPI": { + "Type" : "AWS::ApiGateway::Resource", + "Properties" : { + "ParentId" : { + "Fn::GetAtt": [ + "apiGateway", + "RootResourceId" + ] + }, + "PathPart" : "{proxy+}", + "RestApiId" : { "Ref": "apiGateway" } + }, + "DependsOn": [ + "apiGateway" + ] + }, + + "methodApi": { + "Type" : "AWS::ApiGateway::Method", + "Properties" : { + "ApiKeyRequired" : false, + "AuthorizationType": "NONE", + "HttpMethod" : "ANY", + "Integration": { + "CacheKeyParameters" : [ "method.request.path.proxy" ], + "Credentials": { "Fn::GetAtt" : [ "apiGatewayIamRole", "Arn" ] }, + "Type": "AWS_PROXY", + "IntegrationHttpMethod": "POST", + "IntegrationResponses" : [ + { "StatusCode": 200 } + ], + "PassthroughBehavior": "WHEN_NO_MATCH", + "RequestParameters": { + "integration.request.path.proxy": "method.request.path.proxy" + }, + "Uri": { + "Fn::Join": [ + "", [ + "arn:aws:apigateway:", + { + "Ref": "AWS::Region" + }, + ":lambda:path/2015-03-31/functions/", + { + "Fn::GetAtt" : [ "lambdaFunction", "Arn" ] + }, + "/invocations" + ] + ] + } + }, + "OperationName" : "proxy method to execute lambda", + "RequestParameters": { + "method.request.path.proxy": true + }, + "ResourceId" : { "Ref": "resourceAPI" }, + "RestApiId" : { "Ref": "apiGateway" } + }, + "DependsOn": [ + "resourceAPI" + ] + }, + + "lambdaPermission": { + "Type" : "AWS::Lambda::Permission", + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { "Fn::GetAtt" : [ "lambdaFunction", "Arn" ] }, + "Principal": "apigateway.amazonaws.com", + "SourceAccount": { "Ref": "AWS::AccountId" }, + "SourceArn": { + "Fn::Join": [ + "", [ + "arn:aws:execute-api:", + { "Ref": "AWS::Region" }, ":", + { "Ref": "AWS::AccountId" }, ":", + { "Ref": "apiGateway" }, + "/*/*/*" + ] + ] + } + } + }, + + "deploymentDevelopment": { + "Type" : "AWS::ApiGateway::Deployment", + "Properties" : { + "Description" : "Deployment to development environment", + "RestApiId" : { "Ref": "apiGateway" }, + "StageName" : "development" + }, + "DependsOn": [ + "apiGateway", + "methodApi" + ] + } + }, + + "Outputs" : { + "WebsiteURL" : { + "Value" : { "Fn::GetAtt" : [ "s3Bucket", "WebsiteURL" ] }, + "Description" : "URL for website hosted on S3" + }, + "S3BucketSecureURL" : { + "Value" : { "Fn::Join" : [ + "", [ "https://", { "Fn::GetAtt" : [ "s3Bucket", "DomainName" ] } ] + ] }, + "Description" : "S3 bucket to hold website content" + } + } +} \ No newline at end of file diff --git a/aws-cloudformation.json b/aws-cloudformation.json index 6ff566e..20f9dfd 100644 --- a/aws-cloudformation.json +++ b/aws-cloudformation.json @@ -7,7 +7,7 @@ "originAccessIdentity": { "Description": "OAL for cloud drstribution", "Type": "String", - "Default": "origin-access-identity/cloudfront/E2CD7HCQYO051D" + "Default": "origin-access-identity/cloudfront/34CD7HCQYO051R" }, "madeBy": { "Description": "made by", @@ -71,7 +71,7 @@ "S3Bucket": "lambda-sourcecode", "S3Key": "lambda.zip" }, - "Handler": "AWSPTUServerless::AWSPTUServerless.LambdaEntryPoint::FunctionHandlerAsync", + "Handler": "assembly::namespace.LambdaEntryPoint::FunctionHandlerAsync", "Role": { "Fn::GetAtt": [ "iamRole",