AWS Plugin

The AWS plugin enables you to manage AWS resources with Cloudify.

Authentication with AWS

Each node template, has a client_config property which stores your account credentials. Use an intrinsic function to assign these to the values of secrets](/working_with/manager/using-secrets/) in your manager.

  my_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

Common Operations

This section requires an understanding of Cloudify’s install and uninstall built-in workflows.

AWS Plugin node types have these common operations, except where noted:

Operations

Common Properties

AWS Plugin node types have these common properties, except where noted:

Properties

Node Types

Each node type refers to a resource in AWS.

cloudify.nodes.aws.ec2.CustomerGateway

This node type refers to an AWS Customer Gateway

For more information, and possible keyword arguments, see: EC2:create_customer_gateway

Operations

Relationships

Customer Gateway Examples

Create Customer Gateway

Specify a relationship to an Elastic IP.

  customer_gateway:
    type: cloudify.nodes.aws.ec2.customer_gateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.depends_on
      target: eip

  nat_gateway_ip:
    type: cloudify.nodes.aws.ec2.ElasticIP
    properties:
      Domain: vpc
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

cloudify.nodes.aws.ec2.DHCPOptions

This node type refers to a DHCP Option Set.

For more information, and possible keyword arguments, see: EC2:create_dhcp_options

Operations

Relationships

DHCP Option Set Examples

Create DHCP Option Set

  dhcp:
    type: cloudify.nodes.aws.ec2.DHCPOptions
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

cloudify.nodes.aws.ec2.EBSAttachment

This node type refers to a EBS Attachment.

For more information, and possible keyword arguments, see: EC2:attach_volume

Operations

EBS Attachment Example

See EBS examples.

cloudify.nodes.aws.ec2.EBSVolume

This node type refers to an AWS EBS Volume.

Resource Config

For more information, and possible keyword arguments, see: EC2:create_volume

Operations

EBS Volume Examples

Create a Volume and Connect to a VM

  vm:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      resource_config:
        ImageId: { get_input: ami }
        InstanceType: { get_input: instance_type }
        kwargs:
          SubnetId: { get_input: subnet_id }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

  volume:
    type: cloudify.nodes.aws.ec2.EBSVolume
    properties:
      resource_config:
        AvailabilityZone: { get_input: availability_zone }
        Size: 6
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

  volume_attachment:
    type: cloudify.nodes.aws.ec2.EBSAttachment
    properties:
      resource_config:
        kwargs:
          Device: { get_input: ebs_volume_attachment_device }
          InstanceId: { get_attribute: [ vm, aws_resource_id ] }
          VolumeId: { get_attribute: [ volume, aws_resource_id ] }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: volume
      - type: cloudify.relationships.depends_on
        target: vm

cloudify.nodes.aws.ec2.Instances

This node type refers to an AWS Instance

Resource Config

For more information, and possible keyword arguments, see: EC2:run_instances

Properties

Operations

Relationships

Instance Examples

Connecting a VM to a subnet

Specify a relationship to a subnet and the Instance will be created in that subnet.

  host:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      agent_config:
        user: { get_input: username }
        key: { get_secret: private_key_content }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        ImageId: { get_input: ami }
        InstanceType: { get_input: instance_type }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      resource_config:
        CidrBlock: 10.0.0.0/16
        AvailabilityZone: us-west-1b
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc

Connecting a VM to a ENI

Specify a relationship to an ENI and the Instance will be connected to that ENI.

  host:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      agent_config:
        user: { get_input: agent_user }
        key: { get_secret: agent_key_private }
      resource_config:
        ImageId: ami-012345678
        InstanceType: m3.medium
        kwargs:
          BlockDeviceMappings:
          - DeviceName: '/dev/sda1'
            Ebs:
              DeleteOnTermination: True
          Placement:
            AvailabilityZone: us-west-1b
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: eni

  eni:
    type: cloudify.nodes.aws.ec2.Interface
    properties:
      resource_config:
        kwargs:
          Description: My NIC.
          SubnetId: us-west-1b
          Groups:
          - { get_input: security_group_id }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.depends_on
      target: subnet

Connecting a VM to a security group

Specify a relationship to a security and the Instance will be created in that group.

  host:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      agent_config:
        user: { get_input: agent_user }
        key: { get_secret: agent_key_private }
      resource_config:
        ImageId: ami-012345678
        InstanceType: m3.medium
        kwargs:
          BlockDeviceMappings:
          - DeviceName: '/dev/sda1'
            Ebs:
              DeleteOnTermination: True
          Placement:
            AvailabilityZone: us-west-1b
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

  my_security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      resource_config:
        kwargs:
          GroupName: MyGroup
          Description: My Grroup.
          VpcId: vpc-012345678
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc

cloudify.nodes.aws.ec2.SpotInstances

This node type permits a user to manage spot instances.

Resource Config

For information on possible keyword arguments, see: EC2:request_spot_instances

Operations

Relationships

Spot Instance Examples

Create spot instances that are connected to a subnet

  vm:
    type: cloudify.nodes.aws.ec2.SpotInstances
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      agent_config:
        install_method: none
        user: { get_input: agent_user }
        key: { get_attribute: [agent_key, private_key_export] }
      resource_config:
        kwargs:
          LaunchSpecification:
            ImageId: { get_attribute: [ ami, aws_resource_id ] }
            InstanceType: { get_input: instance_type }
            UserData: { get_attribute: [ cloud_init, cloud_config ] }
    relationships:
    - type: cloudify.relationships.depends_on
      target: ami
    - type: cloudify.relationships.depends_on
      target: cloud_init
    - type: cloudify.relationships.depends_on
      target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: 10.0.0.0/16
        AvailabilityZone: us-west-1b
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc

cloudify.nodes.aws.ec2.VPC

This node type refers to an AWS VPC

Resource Config

For more information, and possible keyword arguments, see: EC2:create_vpc

Operations

VPC Example

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.ec2.InternetGateway

This node type refers to an AWS Internet Gateway.

For more information, and possible keyword arguments, see: [EC2:create_internet_gateway](create_internet_gateway](http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_internet_gateway).

Operations

Relationships

Internet Gateway Example

  internet_gateway:
    type: cloudify.nodes.aws.ec2.InternetGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      Tags:
        - Key: Name
          Value: MyInternetGateway
    relationships:
    - type: cloudify.relationships.connected_to
      target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.ec2.Image

Identify an existing AMI by providing filters.

Operations

Image Examples

Creates VM from image

Creates an instance with an image identified from filters.

  cloudify_manager_ami:
    type: cloudify.nodes.aws.ec2.Image
    properties:
      resource_config:
        kwargs:
          Filters:
            - Name: image-id
              Values:
                - ami-0120b2cc79038bf90
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

  cloudify_manager:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      agent_config:
        install_method: none
      resource_config:
        ImageId: { get_attribute: [ cloudify_manager_ami, aws_resource_id ] }
        InstanceType: { get_input: instance_type }
        kwargs: { get_input: subnet_id }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: cloudify_manager_ami

cloudify.nodes.aws.ec2.Subnet

This node type refers to an AWS Subnet

Resource Config

For more information, and possible keyword arguments, see: EC2:create_subnet

Operations

Relationships

Example Subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      resource_config:
        CidrBlock: 10.0.0.0/24
        AvailabilityZone: { concat: [ { get_property: [ vpc, client_config, region_name ] }, 'a' ] }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_property: [ vpc, client_config, region_name ] }
      Tags:
        - Key: Name
          Value: MySubnet
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc
  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.ec2.SecurityGroupRuleIngress

This node type refers to an ingress rule.

Resource Config

For more information, and possible keyword arguments, see: EC2:authorize_security_group_ingress

Operations

Relationships

Security Group Rule Examples

See the Security Group Examples.

cloudify.nodes.aws.ec2.SecurityGroupRuleEgress

This node type refers to an ingress rule.

Resource Config

For more information, and possible keyword arguments, see: EC2:authorize_security_group_egress

Operations

Relationships

Security Group Rule Examples

See the Security Group Examples.

cloudify.nodes.aws.ec2.SecurityGroup

This node type refers to an AWS Security Group

Resource Config

For more information, and possible keyword arguments, see: EC2:create_security_group

Operations

Relationships

Security Group Examples

Creates a simple security group

  my_security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      resource_config:
        GroupName: MyGroup
        Description: The group for my instances.
        VpcId: { get_input: vpc }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

Create two security groups with strict rules

This example demonstrates a scenario where SSH in only allowed in one direction from my_security_group1 to my_security_group2.

  my_security_group1:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      resource_config:
        GroupName: MyGroup
        Description: The group for my instances.
        VpcId: { get_input: vpc }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

  my_security_group2:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      resource_config:
        GroupName: MyGroup
        Description: The group for my instances.
        VpcId: { get_input: vpc }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }

  ingress_rules:
    type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
    properties:
      resource_config:
        IpPermissions:
          - IpProtocol: tcp
            FromPort: 22
            ToPort: 22
            UserIdGroupPairs:
              - { GroupId: { get_attribute: [ my_security_group1, aws_resource_id ] } }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.contained_in
      target: my_security_group2
    - type: cloudify.relationships.depends_on
      target: my_security_group1

  egress_rules:
    type: cloudify.nodes.aws.ec2.SecurityGroupRuleEgress
    properties:
      resource_config:
        IpPermissions:
          - FromPort: 22
            ToPort: 22
            IpProtocol: tcp
            UserIdGroupPairs:
            - GroupId: { get_attribute: [ my_security_group2, aws_resource_id ] }
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.contained_in
      target: my_security_group1
    - type: cloudify.relationships.depends_on
      target: my_security_group2

cloudify.nodes.aws.ec2.ElasticIP

This node type refers to an AWS Elastic IP.

Resource Config

For more information, and possible keyword arguments, see: EC2:allocate_address

Properties

Operations

Relationships

Elastic IP Example

Connecting a VM to a nic and an IP

Creates an IP and have it attached to a VM and a NIC.

  vm:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        ImageId: { get_input: ami }
        InstanceType: { get_input: instance_type }
    relationships:
      - type: cloudify.relationships.depends_on
        target: ip
      - type: cloudify.relationships.depends_on
        target: nic

  ip:
    type: cloudify.nodes.aws.ec2.ElasticIP
    properties:
      Domain: vpc
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: nic

  nic:
    type: cloudify.nodes.aws.ec2.Interface
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: IP-VM-NIC Example.
          SubnetId: { get_input: subnet_id }
          Groups:
            - { get_input: security_group_id }

cloudify.nodes.aws.ec2.Interface

This node type refers to an AWS ENI.

For more information, and possible keyword arguments, see: EC2:create_network_interface.

Operations

Relationships

Interface Example

Creates an ENI and set SourceDestCheck to false

  my_eni:
    type: cloudify.nodes.aws.ec2.Interface
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: MyENI.
          SubnetId: { get_input: subnet_id }
          Groups:
            - { get_input: security_group_id }
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          inputs:
            modify_network_interface_attribute_args:
              SourceDestCheck:
                Value: false

Creates an ENI in a subnet and security group via relationship

  my_eni:
    type: cloudify.nodes.aws.ec2.Interface
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: MyENI.
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet
      - type: cloudify.relationships.depends_on
        target: security_group

cloudify.nodes.aws.ec2.Keypair

This node type refers to an AWS Keypair

Resource Config

For more information, and possible keyword arguments, see: EC2:create_key_pair

Properties

Operations

Keypair Example

Creates a Keypair and save to a secret

  my_key:
    type: cloudify.nodes.aws.ec2.Keypair
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      log_create_response: false
      store_in_runtime_properties: false
      create_secret: true
      secret_name: agent_key_private
      update_existing_secret: true

Imports a public key into AWS:

  imported_key:
    type: cloudify.nodes.aws.ec2.Keypair
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        KeyName: my_imported_key
        PublicKeyMaterial: |
          ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA879BJGYlPTLIuc9/R5MYiN4yc/YiCLcdBpSdzgK9Dt0Bkfe3rSz5cPm4wmehdE7GkVFXrBJ2YHqPLuM1yx1AUxIebpwlIl9f/aUHOts9eVnVh4NztPy0iSU/Sv0b2ODQQvcy2vYcujlorscl8JjAgfWsO3W4iGEe6QwBpVomcME8IU35v5VbylM9ORQa6wvZMVrPECBvwItTY8cPWH3MGZiK/74eHbSLKA4PY3gM4GHI450Nie16yggEg2aTQfWA1rry9JYWEoHS9pJ1dnLqZU3k/8OWgqJrilwSoC5rGjgp93iu0H8T6+mEHGRQe84Nk1y5lESSWIbn6P636Bl3uQ== your@email.com
      log_create_response: false
      store_in_runtime_properties: false

cloudify.nodes.aws.ec2.NATGateway

This node type refers to an AWS NAT Gateway .

For more information, and possible keyword arguments, see: EC2:create_nat_gateway.

Operations

Relationships

NAT Gateway Example

Creates a NATGateway and place it in public subnet and associate it with elastic ip

  my_natgateway:
    type: cloudify.nodes.aws.ec2.NATGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet
      - type: cloudify.relationships.depends_on
        target: elasticip

  elasticip:
   type: cloudify.nodes.aws.ec2.ElasticIP
   properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
     resource_config:
       kwargs:
         Domain: 'vpc'

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '172.30.0.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'd' ] }
      Tags:
        - Key: Name
          Value: Subnet
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '172.30.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.ec2.NetworkACL

This node type refers to an AWS Network ACL .

For more information, and possible keyword arguments, see: EC2:create_network_acl.

Operations

Relationships

Network ACL Example

Creates a network ACL and apply it to subnet in certain vpc

  my_network_acl:
    type: cloudify.nodes.aws.ec2.NetworkACL
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.contained_in
        target: vpc
      - type: cloudify.relationships.contained_in
        target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '172.30.0.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'd' ] }
      Tags:
        - Key: Name
          Value: Subnet
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '172.30.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.ec2.NetworkAclEntry

This node type refers to an AWS Network ACL Entry .

For more information, and possible keyword arguments, see: EC2:create_network_acl_entry.

Operations

Relationships

Network ACL Entry Example

Creates new network ACL entry and attach it to ACL

  my_network_acl_entry:
    type: cloudify.nodes.aws.ec2.NetworkAclEntry
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          RuleNumber: 100
          Protocol: '-1'
          RuleAction: 'allow'
          Egress: False
          CidrBlock: '0.0.0.0/0'
    relationships:
      - type: cloudify.relationships.contained_in
        target: network_acl

  network_acl:
    type: cloudify.nodes.aws.ec2.NetworkACL
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.contained_in
        target: vpc
      - type: cloudify.relationships.contained_in
        target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '172.30.0.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'd' ] }
      Tags:
        - Key: Name
          Value: Subnet
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '172.30.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.ec2.Route

This node type refers to an AWS Route.

For more information, and possible keyword arguments, see: EC2:create_route.

Operations

Relationships

Route Example

Creates new route entry to allow internet access using internet gateway

  my_route:
    type: cloudify.nodes.aws.ec2.Route
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }}
      resource_config:
        kwargs:
          DestinationCidrBlock: '0.0.0.0/0'
    relationships:
      - type: cloudify.relationships.contained_in
        target: route_table
      - type: cloudify.relationships.connected_to
        target: internet_gateway

  internet_gateway:
    type: cloudify.nodes.aws.ec2.InternetGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.connected_to
        target: vpc

  route_table:
    type: cloudify.nodes.aws.ec2.RouteTable
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.contained_in
        target: vpc
      - type: cloudify.relationships.connected_to
        target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'

cloudify.nodes.aws.ec2.RouteTable

This node type refers to an AWS Route Table.

For more information, and possible keyword arguments, see: EC2:create_route_table.

Operations

Relationships

Default VPC Route Table Representation

In order to model a VPC’s default Route Table (for example, for the purpose of adding route entries to it), do the following:

  1. Define a node template of the type cloudify.nodes.aws.ec2.RouteTable
  2. Set the use_external_resource property to `true
  3. Set the resource_id property to the value of the main_route_table_id attribute of the VPC node template
  4. Define a cloudify.relationships.contained_in relationship between this node template to the VPC

Once the topology is installed, the aws_resource_id runtime property will contain the AWS ID of the VPC’s main route table.

For example:

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config: *aws_client
      resource_config:
        CidrBlock: 10.0.0.0/16

  main_route_table:
    type: cloudify.nodes.aws.ec2.RouteTable
    properties:
      client_config: *aws_client
      use_external_resource: true
      resource_id: { get_attribute: [ vpc, main_route_table_id ] }
    relationships:
      - type: cloudify.relationships.contained_in
        target: vpc

Route Table Example

Creates new route table and associate it with subnet

  my_route_table:
    type: cloudify.nodes.aws.ec2.RouteTable
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.contained_in
        target: vpc
      - type: cloudify.relationships.connected_to
        target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'

cloudify.nodes.aws.ec2.TransitGatewayRoute

This node type refers to an AWS Transit Gateway Route.

For more information, and possible keyword arguments, see: EC2:create_transit_gateway_route.

Operations

Relationships

The following relationships are required:

Transit Gateway Route Example

Creates new transit gateway route entry to allow connectivity to a network sector in a transit gateway.

  transit_gateway_route_b:
    type: cloudify.nodes.aws.ec2.TransitGatewayRoute
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          DestinationCidrBlock: '10.11.0.0/16'
    relationships:
      - type: cloudify.relationships.depends_on
        target: transit_gateway_routetable
      - type: cloudify.relationships.depends_on
        target: vpc

cloudify.nodes.aws.ec2.TransitGatewayRouteTable

This node type refers to an AWS Transit Gateway Route Table.

For more information, and possible keyword arguments, see: EC2:create_transit_gateway_route_table.

Operations

Relationships

The following relationships are required:

Transit Gateway Route Table Example

  transit_gateway_routetable:
    type: cloudify.nodes.aws.ec2.TransitGatewayRouteTable
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          TagSpecifications:
            - ResourceType: 'transit-gateway-route-table'
              Tags:
              - Key: Made By
                Value: Cloudify
    relationships:
      - type: cloudify.relationships.depends_on
        target: transit_gateway
      - type: cloudify.relationships.depends_on
        target: vpc

cloudify.nodes.aws.ec2.TransitGateway

This node type refers to an AWS Transit Gateway.

For more information, and possible keyword arguments, see: EC2:create_transit_gateway.

Operations

Relationships

Transit Gateway Example

  transit_gateway:
    type: cloudify.nodes.aws.ec2.TransitGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: Test Transit Gateway
          Options:
            DefaultRouteTableAssociation: enable
            DefaultRouteTablePropagation: enable
            TransitGatewayCidrBlocks:
              - { get_input: vpc_a_cidr }
              - { get_input: vpc_b_cidr }
          TagSpecifications:
            - ResourceType: 'transit-gateway'
              Tags:
              - Key: Made By
                Value: Cloudify
    relationships:
      - type: cloudify.relationships.aws.ec2.attach_transit_gateway_to_vpc
        target: vpc_a
      - type: cloudify.relationships.aws.ec2.attach_transit_gateway_to_vpc
        target: vpc_b
      - type: cloudify.relationships.depends_on
        target: route_public_subnet_internet_gateway
      - type: cloudify.relationships.depends_on
        target: subnet_a
      - type: cloudify.relationships.depends_on
        target: subnet_b

cloudify.nodes.aws.ec2.Tags

This node type refers to an AWS Tags.

For more information, and possible keyword arguments, see: EC2:create_tags.

Operations

Relationships

Tags Example

Create tags and associate them with subnet and vpc ec2 resources

  my_tags:
    type: cloudify.nodes.aws.ec2.Tags
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Tags:
          - Key: Blueprint
            Value: ec2-vpc-feature-demo
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc
    - type: cloudify.relationships.depends_on
      target: subnet

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'

cloudify.nodes.aws.ec2.VpcPeering

This node type refers to an AWS VPC Peering.

For more information, and possible keyword arguments, see: EC2:create_vpc_peering_connection.

Operations

Relationships

VPC Peering Example

Creates vpc peering between two vpcs

  my_vpc_peering:
    type: cloudify.nodes.aws.ec2.VpcPeering
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              PeerVpcId: { get_attribute: [vpc_requester, aws_resource_id] }
              VpcId: { get_attribute: [vpc_accepter, aws_resource_id] }

    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc_accepter
      - type: cloudify.relationships.depends_on
        target: vpc_requester

  vpc_accepter:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'

  vpc_requester:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

cloudify.nodes.aws.ec2.VpcPeeringAcceptRequest

This node type refers to an AWS VPC Peering Accept Request.

For more information, and possible keyword arguments, see: EC2:accept_vpc_peering_connection.

Operations

Relationships

VPC Peering Accept Request Example

Accepts vpc peering request

  my_vpc_peering_accept_request:
    type: cloudify.nodes.aws.ec2.VpcPeeringAcceptRequest
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              VpcPeeringConnectionId: { get_attribute: [vpc_peering, aws_resource_id] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc_peering

  vpc_peering:
    type: cloudify.nodes.aws.ec2.VpcPeering
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              PeerVpcId: { get_attribute: [vpc_requester, aws_resource_id] }
              VpcId: { get_attribute: [vpc_accepter, aws_resource_id] }

    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc_accepter
      - type: cloudify.relationships.depends_on
        target: vpc_requester

  vpc_accepter:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'

  vpc_requester:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

cloudify.nodes.aws.ec2.VpcPeeringRejectRequest

This node type refers to an AWS VPC Peering Reject Request.

For more information, and possible keyword arguments, see: EC2:reject_vpc_peering_connection.

Operations

Relationships

VPC Peering Reject Request Example

Rejects vpc peering request

  my_vpc_peering_reject_request:
    type: cloudify.nodes.aws.ec2.VpcPeeringRejectRequest
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              VpcPeeringConnectionId: { get_attribute: [vpc_peering, aws_resource_id] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc_peering

  vpc_peering:
    type: cloudify.nodes.aws.ec2.VpcPeering
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              PeerVpcId: { get_attribute: [vpc_requester, aws_resource_id] }
              VpcId: { get_attribute: [vpc_accepter, aws_resource_id] }

    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc_accepter
      - type: cloudify.relationships.depends_on
        target: vpc_requester

  vpc_accepter:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '172.32.0.0/16'

  vpc_requester:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

cloudify.nodes.aws.ec2.VPNConnection

This node type refers to an AWS VPN Connection.

For more information, and possible keyword arguments, see: EC2:create_vpn_connection.

Operations

Relationships

VPN Connection Example

Creates VPN connection between customer gateway and virtual private gateway

  my_vpn_connection:
    type: cloudify.nodes.aws.ec2.VPNConnection
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              CustomerGatewayId: { get_attribute: [customer_gateway, aws_resource_id] }
              Type: 'ipsec.1'
              VpnGatewayId: { get_attribute: [vpn_gateway, aws_resource_id] }
              Options:
                StaticRoutesOnly: False
    relationships:
     - type: cloudify.relationships.depends_on
       target: vpn_gateway
     - type: cloudify.relationships.depends_on
       target: customer_gateway

  vpn_gateway:
    type: cloudify.nodes.aws.ec2.VPNGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Type: 'ipsec.1'
    relationships:
    - type: cloudify.relationships.connected_to
      target: vpc

  customer_gateway:
    type: cloudify.nodes.aws.ec2.CustomerGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Type: 'ipsec.1'
          PublicIp: { get_input: openstack_public_ip}
          BgpAsn: 65000
    relationships:
    - type: cloudify.relationships.connected_to
      target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id}

cloudify.nodes.aws.ec2.VPNConnectionRoute

This node type refers to an AWS VPN Connection Route.

For more information, and possible keyword arguments, see: EC2:create_vpn_connection_route.

Operations

Relationships

VPN Connection Route Example

Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway

  my_vpn_connection_route:
    type: cloudify.nodes.aws.ec2.VPNConnectionRoute
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              VpnConnectionId: { get_attribute: [vpn_connection, aws_resource_id] }
              DestinationCidrBlock: '172.32.0.0/16'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpn_connection

  vpn_connection:
    type: cloudify.nodes.aws.ec2.VPNConnection
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              CustomerGatewayId: { get_attribute: [customer_gateway, aws_resource_id] }
              Type: 'ipsec.1'
              VpnGatewayId: { get_attribute: [vpn_gateway, aws_resource_id] }
              Options:
                StaticRoutesOnly: True
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpn_gateway
      - type: cloudify.relationships.depends_on
        target: customer_gateway

  vpn_gateway:
    type: cloudify.nodes.aws.ec2.VPNGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Type: 'ipsec.1'
    relationships:
    - type: cloudify.relationships.connected_to
      target: vpc

  customer_gateway:
    type: cloudify.nodes.aws.ec2.CustomerGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Type: 'ipsec.1'
          PublicIp: { get_input: public_ip}
          BgpAsn: 65000
    relationships:
    - type: cloudify.relationships.connected_to
      target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id}

cloudify.nodes.aws.ec2.VPNGateway

This node type refers to an AWS Virtual Private Gateway.

For more information, and possible keyword arguments, see: EC2:create_vpn_gateway.

Operations

Relationships

VPN Gateway Example

Creates a virtual private gateway on the vpc side of the vpn connection

  my_vpn_gateway:
    type: cloudify.nodes.aws.ec2.VPNGateway
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Type: 'ipsec.1'
    relationships:
    - type: cloudify.relationships.connected_to
      target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id}

cloudify.nodes.aws.autoscaling.Group

This node type refers to an AWS AutoScaling Group

For more information, and possible keyword arguments, see: Autoscaling:create_autoscaling_group.

Operations

Relationships

AutoScaling Group Examples

Creates a AutoScaling in a subnet via relationship

  my_autoscaling_group:
    type: cloudify.nodes.aws.autoscaling.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          AutoScalingGroupName: autoscaling_group
          MinSize: 1
          MaxSize: 1
          DesiredCapacity: 1
          DefaultCooldown: 20
          AvailabilityZones:
            - { get_property: [ subnet, resource_config, kwargs, AvailabilityZone ] }
          VPCZoneIdentifier: { concat: [ { get_attribute: [ subnet, aws_resource_id ] }  ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: launch_configuration
      - type: cloudify.relationships.depends_on
        target: subnet
    interfaces:
      cloudify.interfaces.lifecycle:
        delete:
          implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
          inputs:
            resource_config:
              ForceDelete: true

  launch_configuration:
    type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          ImageId: ami-037a92bf1efdb11a2
          InstanceType: t2.large
          LaunchConfigurationName: container_instance
          IamInstanceProfile: { get_attribute: [ instance_profile, aws_resource_arn ] }
          KeyName: { get_property: [ key, resource_config,  KeyName] }
          AssociatePublicIpAddress: True
          SecurityGroups:
            - { get_attribute: [ securitygroup, aws_resource_id ] }
          BlockDeviceMappings:
            - DeviceName: /dev/sdh
              Ebs:
                VolumeSize: 22
                VolumeType: standard
    relationships:
      - type: cloudify.relationships.depends_on
        target: securitygroup
      - type: cloudify.relationships.depends_on
        target: instance_profile
      - type: cloudify.relationships.depends_on
        target: key

  key:
    type: cloudify.nodes.aws.ec2.Keypair
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        KeyName: test-key
      store_in_runtime_properties: true

  securitygroup:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          GroupName: SecurityGroup
          Description: Example Security Group
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  instance_profile:
    type: cloudify.nodes.aws.iam.InstanceProfile
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: cfy_instance_profile
      resource_config:
        kwargs:
          InstanceProfileName: cfy_instance_profile
          Path: '/cfy_instance_profile/'
    relationships:
      - type: cloudify.relationships.depends_on
        target: iam_role

  iam_role:
    type: cloudify.nodes.aws.iam.Role
    properties:
      resource_id: instance_iam_role
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Path: !!str /instance-role/
          AssumeRolePolicyDocument:
            Version: !!str 2012-10-17
            Statement:
            - Effect: Allow
              Principal:
                Service: !!str ec2.amazonaws.com
              Action: !!str sts:AssumeRole
    relationships:
      - type: cloudify.relationships.aws.iam.role.connected_to
        target: policy_access

  policy_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      resource_id: instance_access_policy
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: >-
            Grants access for ECS agent to Amazon ECS API
          Path: !!str /ecs-instance-access/
          PolicyDocument:
            Version: !!str 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - !!str ecs:CreateCluster
                  - !!str ecs:DeregisterContainerInstance
                  - !!str ecs:DiscoverPollEndpoint
                  - !!str ecs:Poll
                  - !!str ecs:RegisterContainerInstance
                  - !!str ecs:StartTelemetrySession
                  - !!str ecs:UpdateContainerInstancesState
                  - !!str ecs:Submit*
                  - !!str ecr:GetAuthorizationToken
                  - !!str ecr:BatchCheckLayerAvailability
                  - !!str ecr:GetDownloadUrlForLayer
                  - !!str ecr:BatchGetImage
                  - !!str logs:CreateLogStream
                  - !!str logs:PutLogEvents
                Resource: '*'

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.autoscaling.LaunchConfiguration

This node type refers to an AWS Launch Configuration

For more information, and possible keyword arguments, see: LaunchConfiguration:create_launch_configuration.

Operations

Relationships

LaunchConfiguration Examples

Creates a Launch Configuration connect it to security group and associate it with key and instance profile via relationship

  my_launch_configuration:
    type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          LaunchConfigurationName: test_lauchconfiguration_name
    relationships:
      - type: cloudify.relationships.depends_on
        target: instance

  instance:
    type: cloudify.nodes.aws.ec2.Instances
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      agent_config:
        install_method: none
      resource_config:
        MaxCount: 1
        MinCount: 1
        ImageId: { get_attribute: [ ubuntu_trusty_ami, aws_resource_id ] }
        InstanceType: t2.large
    relationships:
    - type: cloudify.relationships.depends_on
      target: subnet
    - type: cloudify.relationships.depends_on
      target: ubuntu_trusty_ami

  ubuntu_trusty_ami:
    type: cloudify.nodes.aws.ec2.Image
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Filters:
          - Name: name
            Values:
            - 'ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20170727'
          - Name: owner-id
            Values:
            - '099720109477'


  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: { get_input: public_subnet_cidr }
        AvailabilityZone: { get_input: availability_zone }
    relationships:
    - type: cloudify.relationships.depends_on
      target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: { get_input: vpc_cidr }   
  my_launch_configuration:
    type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          ImageId: ami-037a92bf1efdb11a2
          InstanceType: t2.large
          LaunchConfigurationName: container_instance
          IamInstanceProfile: { get_attribute: [ instance_profile, aws_resource_arn ] }
          KeyName: { get_property: [ key, resource_config,  KeyName] }
          AssociatePublicIpAddress: True
          SecurityGroups:
            - { get_attribute: [ securitygroup, aws_resource_id ] }
          BlockDeviceMappings:
            - DeviceName: /dev/sdh
              Ebs:
                VolumeSize: 22
                VolumeType: standard
    relationships:
      - type: cloudify.relationships.depends_on
        target: securitygroup
      - type: cloudify.relationships.depends_on
        target: instance_profile
      - type: cloudify.relationships.depends_on
        target: key

  key:
    type: cloudify.nodes.aws.ec2.Keypair
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        KeyName: test-key
      store_in_runtime_properties: true

  securitygroup:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          GroupName: SecurityGroup
          Description: Example Security Group
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  instance_profile:
    type: cloudify.nodes.aws.iam.InstanceProfile
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: cfy_instance_profile
      resource_config:
        kwargs:
          InstanceProfileName: cfy_instance_profile
          Path: '/cfy_instance_profile/'
    relationships:
      - type: cloudify.relationships.depends_on
        target: iam_role

  iam_role:
    type: cloudify.nodes.aws.iam.Role
    properties:
      resource_id: instance_iam_role
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Path: !!str /instance-role/
          AssumeRolePolicyDocument:
            Version: !!str 2012-10-17
            Statement:
            - Effect: Allow
              Principal:
                Service: !!str ec2.amazonaws.com
              Action: !!str sts:AssumeRole
    relationships:
      - type: cloudify.relationships.aws.iam.role.connected_to
        target: policy_access

  policy_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      resource_id: instance_access_policy
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: >-
            Grants access for ECS agent to Amazon ECS API
          Path: !!str /instance-access/
          PolicyDocument:
            Version: !!str 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - !!str ecs:CreateCluster
                  - !!str ecs:DeregisterContainerInstance
                  - !!str ecs:DiscoverPollEndpoint
                  - !!str ecs:Poll
                  - !!str ecs:RegisterContainerInstance
                  - !!str ecs:StartTelemetrySession
                  - !!str ecs:UpdateContainerInstancesState
                  - !!str ecs:Submit*
                  - !!str ecr:GetAuthorizationToken
                  - !!str ecr:BatchCheckLayerAvailability
                  - !!str ecr:GetDownloadUrlForLayer
                  - !!str ecr:BatchGetImage
                  - !!str logs:CreateLogStream
                  - !!str logs:PutLogEvents
                Resource: '*'

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.autoscaling.LifecycleHook

This node type refers to an AWS Lifecycle Hook

For more information, and possible keyword arguments, see: LifecycleHook:put_lifecycle_hook.

Operations

Relationships

LifecycleHook Example

Creates a lifecycle hook and add it to auto scaling group via relationship

  my_lifecycle_hook:
    type: cloudify.nodes.aws.autoscaling.LifecycleHook
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          LifecycleHookName: lifecycle_hook_name
          LifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING
    relationships:
      - type: cloudify.relationships.depends_on
        target: autoscaling_group

  autoscaling_group:
    type: cloudify.nodes.aws.autoscaling.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: autoscaling_group
      resource_config:
        kwargs:
          AutoScalingGroupName: autoscaling_group
          MinSize: 2
          MaxSize: 4
          DesiredCapacity: 2
          DefaultCooldown: 20
          AvailabilityZones:
            - { concat: [ { get_input: aws_region_name }, 'a' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: launch_configuration
    interfaces:
      cloudify.interfaces.lifecycle:
        delete:
          implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
          inputs:
            resource_config:
              ForceDelete: true

  launch_configuration:
    type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          ImageId: ami-e1496384
          InstanceType: t2.micro
          LaunchConfigurationName: launch_configuration

cloudify.nodes.aws.autoscaling.NotificationConfiguration

This node type refers to an AWS Auto Scaling Notification Configuration

For more information, and possible keyword arguments, see: NotificationConfiguration:put_notification_configuration.

Operations

Relationships

NotificationConfiguration Example

Creates a notification configuration add it to auto scaling group and associate it with sns topic via relationship

  my_notification_configuration:
    type: cloudify.nodes.aws.autoscaling.NotificationConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          NotificationTypes:
            - autoscaling:TEST_NOTIFICATION
    relationships:
      - type: cloudify.relationships.depends_on
        target: autoscaling_group
      - type: cloudify.relationships.depends_on
        target: topic

  topic:
    type: cloudify.nodes.aws.SNS.Topic
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: topic

  autoscaling_group:
    type: cloudify.nodes.aws.autoscaling.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          AutoScalingGroupName: pmcfy_as
          MinSize: 1
          MaxSize: 1
          DefaultCooldown: 300
          AvailabilityZones:
          - { concat: [ { get_input: aws_region_name }, 'a' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: launch_configuration
    interfaces:
      cloudify.interfaces.lifecycle:
        delete:
          implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
          inputs:
            resource_config:
              ForceDelete: true

  launch_configuration:
    type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          ImageId: ami-e1496384
          InstanceType: t2.micro
          LaunchConfigurationName: launch_configuration

cloudify.nodes.aws.autoscaling.Policy

This node type refers to an AWS Auto Scaling Policy

For more information, and possible keyword arguments, see: Policy:put_scaling_policy.

Operations

Relationships

AutoScaling Policy Example

Creates a launch configuration and add it to auto scaling group via relationship

  my_autoscaling_policy:
    type: cloudify.nodes.aws.autoscaling.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          PolicyName: my_autoscaling_policy
          PolicyType: SimpleScaling
          AdjustmentType: ChangeInCapacity
          ScalingAdjustment: 1
    relationships:
      - type: cloudify.relationships.depends_on
        target: autoscaling_group

  autoscaling_group:
    type: cloudify.nodes.aws.autoscaling.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: autoscaling_group
      resource_config:
        kwargs:
          AutoScalingGroupName: autoscaling_group
          MinSize: 2
          MaxSize: 4
          DesiredCapacity: 2
          DefaultCooldown: 20
          AvailabilityZones:
            - { concat: [ { get_input: aws_region_name }, 'a' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: launch_configuration
    interfaces:
      cloudify.interfaces.lifecycle:
        delete:
          implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
          inputs:
            resource_config:
              ForceDelete: true

  launch_configuration:
    type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          ImageId: { get_input: launch_configuration_ami }
          InstanceType: { get_input: launch_configuration_instance_type }
          LaunchConfigurationName: pmcfy_lc

cloudify.nodes.aws.CloudFormation.Stack

This node type refers to an AWS CloudFormation Stack.

For more information, and possible keyword arguments, see: CloudFormation:create_stack.

Operations

Relationships

Note:

There are two methods for delivering a CloudFormation Stack.

  1. TemplateURL. Provide the URL of a Template:

    resource_config:
    kwargs:
    StackName: ExampleStack
    TemplateURL: https://...
  2. TemplateBody. Provide the template inline.

              StackName: ExampleStack
              TemplateBody:
                AWSTemplateFormatVersion: "2010-09-09"
                Description: A sample template
                Outputs: ...
                Resources:
                  MyDB: ...
                  MyApp: ...

Outputs

CloudFormation returns a stack’s outputs as an array of dictionaries, each of which consists of OutputKey and OutputValue:

Outputs:
  - OutputKey: ip_address
    OutputValue: 10.0.0.1
  - OutputKey: port
    OutputValue: 3000

Also, the order of the outputs is not guaranteed. That makes it impossible to refer to output values through Cloudify’s intrinsic functions (such as get_attribute).

In order to address this, the plugin sets a runtime property by the name outputs_items, which is a dictionary containing the output values. This runtime property is only set if the Outputs key exists in CloudFormation’s response.

Considering the example above, outputs_items would be set as follows:

ip_address: 10.0.0.1
port: 3000

CloudFormation Examples

Creates a CloudFormation stack

This example demonstrates creating stack that depends on keypair node.

  my_ec2_cloudformation:
    type: cloudify.nodes.aws.CloudFormation.Stack
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          StackName: EC2Instance
          Parameters:
          - ParameterKey: KeyName
            ParameterValue: { get_input: key_name }
          - ParameterKey: PrimaryIPAddress
            ParameterValue: '172.30.0.10'
          - ParameterKey: SecondaryIPAddress
            ParameterValue: '172.30.0.11'
          - ParameterKey: SubnetId
            ParameterValue: { get_attribute: [ public_subnet, aws_resource_id ] }
          - ParameterKey: VpcId
            ParameterValue: { get_attribute: [ vpc, aws_resource_id ] }
          TemplateURL: https://s3-ap-northeast-1.amazonaws.com/ecosystem-tests-no-delete/VPC_EC2_Instance_With_Multiple_Static_IPAddresses.yaml.txt
    relationships:
      - type: cloudify.relationships.depends_on
        target: key_pair

  key_pair:
    type: cloudify.nodes.aws.ec2.Keypair
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        KeyName: { get_input: key_name }
      store_in_runtime_properties: true

This example demonstrates creating stack for Mysql db instance

  my_rds_cloudformation:
    type: cloudify.nodes.aws.CloudFormation.Stack
    properties:
      resource_id: cfn-test
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs: {}
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          implementation: aws.cloudify_aws.cloudformation.resources.stack.create
          inputs:
            resource_config:
              StackName: cfn-test
              TemplateBody:
                AWSTemplateFormatVersion: "2010-09-09"
                Description: A sample template
                Outputs:
                  MyDBEndpointAddress:
                    Description: The RDS Instance address.
                    Value:
                      Fn::GetAtt: [MyDB, Endpoint.Address]
                  MyDBEndpointPort:
                    Description: The RDS Instance port.
                    Value:
                      Fn::GetAtt: [MyDB, Endpoint.Port]
                Resources:
                  MyDB:
                    Type: "AWS::RDS::DBInstance"
                    Properties:
                      AllocatedStorage: "100"
                      DBInstanceClass: { get_input: rds_db_instance_class }
                      Engine: "MySQL"
                      EngineVersion: "5.5"
                      Iops: "1000"
                      MasterUsername: MyUser
                      MasterUserPassword: MyPassword
                      VPCSecurityGroups:
                       - { get_attribute: [ rds_security_group, aws_resource_id ] }
                      DBParameterGroupName: { get_property: [ rds_parameter_group, resource_id ] }
                      DBSubnetGroupName: { get_property: [ rds_subnet_group, resource_id ] }
                    DeletionPolicy: "Snapshot"
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_security_group
      - type: cloudify.relationships.depends_on
        target: rds_parameter_group
      - type: cloudify.relationships.depends_on
        target: rds_subnet_group

  rds_security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: security_group
        Description: Security Group Example.
        VpcId:  { get_attribute: [ rds_vpc, aws_resource_id ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_parameter_group:
    type: cloudify.nodes.aws.rds.ParameterGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-param-group
      resource_config:
        kwargs:
          DBParameterGroupFamily: mysql5.5
          Description: MySQL5.5 Parameter Group for Dev
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          inputs:
            resource_config:
              Parameters:
                - ParameterName: time_zone
                  ParameterValue: US/Eastern
                  ApplyMethod: immediate
                - ParameterName: lc_time_names
                  ParameterValue: en_US
                  ApplyMethod: immediate

  rds_subnet_group:
    type: cloudify.nodes.aws.rds.SubnetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-db-subnet-group
      resource_config:
        kwargs:
          DBSubnetGroupDescription: MySQL5.5 Subnet Group for Dev
    relationships:
      - type: cloudify.relationships.aws.rds.subnet_group.connected_to
        target: rds_subnet_1
      - type: cloudify.relationships.aws.rds.subnet_group.connected_to
        target: rds_subnet_2

  rds_subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: 10.10.3.0/24
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c'] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: 10.10.2.0/24
        AvailabilityZone: { get_input: availability_zone }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  security_group_rules:
    type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        IpPermissions:
         - IpProtocol: "-1"
           FromPort: -1
           ToPort: -1
           IpRanges:
            - CidrIp: 0.0.0.0/0
           UserIdGroupPairs: [  { GroupId: { get_attribute: [ rds_security_group, aws_resource_id ] } } ]
    relationships:
      - type: cloudify.relationships.contained_in
        target: rds_security_group

  rds_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: 10.10.0.0/16

cloudify.nodes.aws.cloudwatch.Alarm

This node type refers to an AWS CloudWatch Alarm

For more information, and possible keyword arguments, see: CloudWatch Alarm:put_metric_alarm.

Operations

CloudWatch Alarm Example

Creates a CloudWatch alarm

  my_alarm:
    type: cloudify.nodes.aws.cloudwatch.Alarm
    properties:
      client_config:
        aws_access_key_id: { get_input: aws_access_key_id }
        aws_secret_access_key: { get_input: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: { concat: [ {get_input: aws_region_name }, 'cwa' ] }
      resource_config:
        kwargs:
          AlarmName: cwa
          ActionsEnabled: true
          AlarmActions:
            - { concat: [ 'arn:aws:automate:', { get_input: aws_region_name }, ':ec2:terminate'] }
          ComparisonOperator: 'LessThanThreshold'
          Statistic: Minimum
          MetricName: CPUUtilization
          Namespace: AWS/EC2
          Period: 60
          EvaluationPeriods: 5
          Threshold: 60

cloudify.nodes.aws.cloudwatch.Event

This node type refers to an AWS CloudWatch Event

For more information, and possible keyword arguments, see: CloudWatch Event:put_events.

Operations

Relationships

CloudWatch Event Example

Creates an event matches the event pattern defined

  my_event:
    type: cloudify.nodes.aws.cloudwatch.Event
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Entries:
            - Source: autoscaling.amazonaws.com
              Resources:
               - { concat: [ 'arn:aws:automate:', { get_input: aws_region_name }, ':ec2:terminate'] }
              DetailType: Cloudwatch Event Demo
              Detail: |
                {
                  "instance-id": "i-12345678",
                  "state": "terminated"
                }
    relationships:
      - type: cloudify.relationships.depends_on
        target: cloudwatch_target

  cloudwatch_target:
    type: cloudify.nodes.aws.cloudwatch.Target
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Targets:
            - Id : topic1
              Arn: { get_attribute: [ topic1, aws_resource_arn ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: cloudwatch_rule
      - type: cloudify.relationships.depends_on
        target: topic

  cloudwatch_rule:
    type: cloudify.nodes.aws.cloudwatch.Rule
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: test-cloudwatch1
          ScheduleExpression: "rate(5 minutes)"
          EventPattern: |
            {
              "detail-type": [
                "AWS API Call via CloudTrail"
              ],
              "detail": {
                "eventSource": [
                  "autoscaling.amazonaws.com"
                ]
              }
            }
          State: 'ENABLED'

  topic:
    type: cloudify.nodes.aws.SNS.Topic
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs: {}

cloudify.nodes.aws.cloudwatch.Rule

This node type refers to an AWS CloudWatch Rule

Resource Config

For more information, and possible keyword arguments, see: CloudWatch Rule:put_rule

Operations

CloudWatch Rule Example

Defines CloudWatch rule

  my_cloudwatch_rule:
    type: cloudify.nodes.aws.cloudwatch.Rule
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: test-cloudwatch1
          ScheduleExpression: "rate(5 minutes)"
          EventPattern: |
            {
              "detail-type": [
                "AWS API Call via CloudTrail"
              ],
              "detail": {
                "eventSource": [
                  "autoscaling.amazonaws.com"
                ]
              }
            }
          State: 'ENABLED'

cloudify.nodes.aws.cloudwatch.Target

This node type refers to an AWS CloudWatch Target

Resource Config

For more information, and possible keyword arguments, see: CloudWatch Target:put_targets

Operations

Relationships

CloudWatch Target Example

Creates a target (topic) that associated with rule to be notified when triggered event matches the event pattern defined

  my_cloudwatch_target:
    type: cloudify.nodes.aws.cloudwatch.Target
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Targets:
            - Id : topic
              Arn: { get_attribute: [ topic1, aws_resource_arn ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: cloudwatch_rule
      - type: cloudify.relationships.depends_on
        target: topic

  cloudwatch_rule:
    type: cloudify.nodes.aws.cloudwatch.Rule
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: test-cloudwatch
          ScheduleExpression: "rate(5 minutes)"
          EventPattern: |
            {
              "detail-type": [
                "AWS API Call via CloudTrail"
              ],
              "detail": {
                "eventSource": [
                  "autoscaling.amazonaws.com"
                ]
              }
            }
          State: 'ENABLED'

  topic:
    type: cloudify.nodes.aws.SNS.Topic
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs: {}

cloudify.nodes.aws.dynamodb.Table

This node type refers to an AWS DynamoDB Table

Resource Config

For more information, and possible keyword arguments, see: DynamoDB:create_table

Operations

DynamoDB Table Example

Creates DynamoDB table

  my_dynamodb_table:
    type: cloudify.nodes.aws.dynamodb.Table
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        TableName: !!str abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-.0123456789
        AttributeDefinitions:
          - AttributeName: RandomKeyUUID
            AttributeType: S
        KeySchema:
          - AttributeName: RandomKeyUUID
            KeyType: HASH
        ProvisionedThroughput:
          ReadCapacityUnits: 5
          WriteCapacityUnits: 5

cloudify.nodes.aws.ecs.Cluster

This node type refers to an AWS ECS Cluster

Resource Config

For more information, and possible keyword arguments, see: ECS Cluster:create_cluster

Operations

ECS Cluster Example

Creates a new Amazon ECS cluster

  ecs_cluster:
    type: cloudify.nodes.aws.ecs.Cluster
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          clusterName: { get_input: ecs_cluster_name }

cloudify.nodes.aws.ecs.Service

This node type refers to an AWS ECS Service

Resource Config

For more information, and possible keyword arguments, see: ECS Service:create_service

Operations

Relationships

ECS Service Example

Creates ECS service that runs and maintains a desired number of tasks from a specified task definition

  my_ecs_service:
    type: cloudify.nodes.aws.ecs.Service
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: ecs_cluster
      - type: cloudify.relationships.depends_on
        target: forward_target_group
      - type: cloudify.relationships.depends_on
        target: task_definition
      - type: cloudify.relationships.depends_on
        target: ecs_service_iam_role
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          inputs:
            resource_config:
              serviceName: 'service_name'
              taskDefinition: { get_property: [ task_definition, resource_config, kwargs, family ] }
              desiredCount: 1
              role: { get_attribute: [ ecs_service_iam_role, aws_resource_arn ] }
              loadBalancers:
              - targetGroupArn: { get_attribute: [ forward_target_group, aws_resource_arn ] }
                containerName: { get_input: container_name }
                containerPort: { get_input: container_port }

  ecs_cluster:
    type: cloudify.nodes.aws.ecs.Cluster
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          clusterName: { get_input: ecs_cluster_name }

  task_definition:
    type: cloudify.nodes.aws.ecs.TaskDefinition
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          family: 'task_definition_1'
          containerDefinitions: [
            {
              "name": "wordpress",
              "links": [
                "mysql"
              ],
              "image": "wordpress",
              "essential": true,
              "portMappings": [
                {
                  "containerPort": 80,
                  "hostPort": 80
                }
              ],
              "memory": 500,
              "cpu": 10
            }, {
              "environment": [
                {
                  "name": "MYSQL_ROOT_PASSWORD",
                  "value": "password"
                }
              ],
              "name": "mysql",
              "image": "mysql",
              "cpu": 10,
              "memory": 500,
              "essential": true
            }]
    relationships:
      - type: cloudify.relationships.depends_on
        target: ecs_cluster

  forward_target_group:
    type: cloudify.nodes.aws.elb.TargetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: test-elb-target-group
          Protocol: HTTP
          Port: 80
          HealthCheckProtocol: HTTP
          HealthCheckPort: '80'
          HealthCheckPath: '/wp-admin'
          HealthCheckIntervalSeconds: 30
          HealthCheckTimeoutSeconds: 20
          HealthyThresholdCount: 7
          UnhealthyThresholdCount: 7
          Matcher:
            HttpCode: '404'
          Attributes:
            - Key: stickiness.enabled
              Value: 'true'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  ecs_service_iam_role:
    type: cloudify.nodes.aws.iam.Role
    properties:
      resource_id: ecs_service_iam_role
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Path: !!str /ecs-service-role/
          AssumeRolePolicyDocument:
            Version: !!str 2012-10-17
            Statement:
            - Effect: Allow
              Principal:
                Service: !!str ecs.amazonaws.com
              Action: !!str sts:AssumeRole
    relationships:
      - type: cloudify.relationships.aws.iam.role.connected_to
        target: ecs_service_access

  ecs_service_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      resource_id: ecs_service_access_policy
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: >-
            Grants access for ECS service to the Amazon EC2 and Elastic Load Balancing APIs
          Path: !!str /ecs-service-access/
          PolicyDocument:
            Version: !!str 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - !!str ec2:AuthorizeSecurityGroupIngress
                  - !!str ec2:Describe*
                  - !!str elasticloadbalancing:DeregisterInstancesFromLoadBalancer
                  - !!str elasticloadbalancing:DeregisterTargets
                  - !!str elasticloadbalancing:Describe*
                  - !!str elasticloadbalancing:RegisterInstancesWithLoadBalancer
                  - !!str elasticloadbalancing:RegisterTargets
                Resource: '*'

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.ecs.TaskDefinition

This node type refers to an AWS ECS Task Definition

Resource Config

For more information, and possible keyword arguments, see: ECS TaskDefinition:register_task_definition

Operations

Relationships

ECS Task Definition Example

Registers a new task definition from the supplied family and containerDefinitions

  my_task_definition:
    type: cloudify.nodes.aws.ecs.TaskDefinition
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          family: 'task_definition_1'
          containerDefinitions: [
            {
              "name": "wordpress",
              "links": [
                "mysql"
              ],
              "image": "wordpress",
              "essential": true,
              "portMappings": [
                {
                  "containerPort": 80,
                  "hostPort": 80
                }
              ],
              "memory": 500,
              "cpu": 10
            }, {
              "environment": [
                {
                  "name": "MYSQL_ROOT_PASSWORD",
                  "value": "password"
                }
              ],
              "name": "mysql",
              "image": "mysql",
              "cpu": 10,
              "memory": 500,
              "essential": true
            }]
    relationships:
      - type: cloudify.relationships.depends_on
        target: ecs_cluster

  ecs_cluster:
    type: cloudify.nodes.aws.ecs.Cluster
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          clusterName: { get_input: ecs_cluster_name }

cloudify.nodes.aws.efs.FileSystem

This node type refers to an AWS EFS File System

Resource Config

For more information, and possible keyword arguments, see: EFS FileSystem:create_file_system

Operations

EFS File System Example

Creates a new, empty file system

   my_file_system:
    type: cloudify.nodes.aws.efs.FileSystem
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config: {}

cloudify.nodes.aws.efs.FileSystemTags

This node type refers to an AWS EFS File System Tags

Resource Config

For more information, and possible keyword arguments, see: EFS FileSystemTags:create_tags

Operations

Relationships

EFS File System Tags Example

Creates or overwrites tags associated with a file system

  my_file_system_tags:
    type: cloudify.nodes.aws.efs.FileSystemTags
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Tags:
          - Key: Name
            Value: file_system_tags
    relationships:
    - type: cloudify.relationships.depends_on
      target: file_system

  file_system:
    type: cloudify.nodes.aws.efs.FileSystem
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config: {}

cloudify.nodes.aws.efs.MountTarget

This node type refers to an AWS EFS Mount Target

Resource Config

For more information, and possible keyword arguments, see: EFS MountTarget:create_mount_target

Operations

Relationships

EFS Mount Target Example

Creates a mount target for a file system

  my_mount_target:
    type: cloudify.nodes.aws.efs.MountTarget
    properties:
      resource_config: {}
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
    - type: cloudify.relationships.depends_on
      target: security_group
    - type: cloudify.relationships.depends_on
      target: subnet
    - type: cloudify.relationships.depends_on
      target: file_system


  file_system:
    type: cloudify.nodes.aws.efs.FileSystem
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config: {}

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          GroupName: security_group1
          Description: efs security group
          VpcId:  { get_attribute: [ vpc, aws_resource_id ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: 172.30.0.0/24
          AvailabilityZone: { get_input: availability_zone }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          CidrBlock: 172.30.0.0/16

cloudify.nodes.aws.elb.Classic.HealthCheck

This node type refers to an AWS Health Check For Classic Load Balancer

Resource Config

For more information, and possible keyword arguments, see: ELB Classic HealthCheck:configure_health_check

Operations

Relationships

Classic ELB Health Check Example

Creates health check settings to use when evaluating the health state of EC2 instance

  my_classic_health_check:
    type: cloudify.nodes.aws.elb.Classic.HealthCheck
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        HealthCheck:
          Target: HTTP:80/
          Interval: 15
          Timeout: 5
          UnhealthyThreshold: 2
          HealthyThreshold: 5
    relationships:
      - type: cloudify.relationships.depends_on
        target: classic_elb

  classic_elb:
    type: cloudify.nodes.aws.elb.Classic.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        LoadBalancerName: myclassicelb
        Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: SecurityGroup1
        Description: Example Security Group 1
      Tags:
        - Key: Name
          Value: MyGroup
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.1.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
      Tags:
      - Key: Name
        Value: MySubnet1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.2.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: MySubnet2
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.elb.Classic.Listener

This node type refers to an AWS Listener For Classic Load Balancer

Resource Config

For more information, and possible keyword arguments, see: ELB Classic Listener:create_load_balancer_listeners

Operations

Relationships

Classic ELB Listeners Example

Creates listener for the specified load balancer

  my_classic_elb_listener:
    type: cloudify.nodes.aws.elb.Classic.Listener
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Listeners:
        - Protocol: HTTP
          LoadBalancerPort: 80
          InstancePort: 8080
    relationships:
      - type: cloudify.relationships.depends_on
        target: classic_elb
    interfaces:
      cloudify.interfaces.lifecycle:
        start:
          implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.start
          inputs:
            resource_config:
              LoadBalancerAttributes:
                CrossZoneLoadBalancing:
                  Enabled: true
                ConnectionSettings:
                  IdleTimeout: 120

  classic_elb:
    type: cloudify.nodes.aws.elb.Classic.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        LoadBalancerName: myclassicelb
        Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: SecurityGroup1
        Description: Example Security Group 1
      Tags:
        - Key: Name
          Value: MyGroup
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.1.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
      Tags:
      - Key: Name
        Value: MySubnet1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.2.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: MySubnet2
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.elb.Classic.LoadBalancer

This node type refers to an AWS Classic Load Balancer

Resource Config

For more information, and possible keyword arguments, see: ELB Classic:create_load_balancer

Operations

Relationships

Classic ELB Example

Creates a classic load balancer

  classic_elb:
    type: cloudify.nodes.aws.elb.Classic.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        LoadBalancerName: myclassicelb
        Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: SecurityGroup1
        Description: Example Security Group 1
      Tags:
        - Key: Name
          Value: MyGroup
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.1.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
      Tags:
      - Key: Name
        Value: MySubnet1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.2.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: MySubnet2
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.elb.Classic.Policy

This node type refers to an AWS Policy For Classic Load Balancer

Resource Config

For more information, and possible keyword arguments, see: ELB Classic Policy:create_load_balancer_policy

Operations

Relationships

Classic ELB Policy Example

Creates a policy with the specified attributes for the specified load balancer

  my_classic_policy:
    type: cloudify.nodes.aws.elb.Classic.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: myclassicpolicy
        PolicyTypeName: ProxyProtocolPolicyType
        kwargs:
          PolicyAttributes:
            - AttributeName: ProxyProtocol
              AttributeValue: 'true'
    relationships:
      - type: cloudify.relationships.depends_on
        target: classic_elb

  classic_elb:
    type: cloudify.nodes.aws.elb.Classic.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        LoadBalancerName: myclassicelb
        Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: SecurityGroup1
        Description: Example Security Group 1
      Tags:
        - Key: Name
          Value: MyGroup
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.1.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
      Tags:
      - Key: Name
        Value: MySubnet1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.2.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: MySubnet2
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.elb.Classic.Policy.Stickiness

This node type refers to an AWS Policy Stickiness For Classic Load Balancer

Resource Config

For more information, and possible keyword arguments, see: ELB Classic PolicyStickiness:create_lb_cookie_stickiness_policy

Operations

Relationships

Classic ELB Policy Stickiness Example

Creates a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent)

  my_classic_stickiness_policy:
    type: cloudify.nodes.aws.elb.Classic.Policy.Stickiness
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: myclassicstickinesspolicy
        CookieExpirationPeriod: 3600
    relationships:
      - type: cloudify.relationships.depends_on
        target: classic_elb

  classic_elb:
    type: cloudify.nodes.aws.elb.Classic.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_input: aws_access_key_id }
        aws_secret_access_key: { get_input: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        LoadBalancerName: myclassicelb
        Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: SecurityGroup1
        Description: Example Security Group 1
      Tags:
        - Key: Name
          Value: MyGroup
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.1.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
      Tags:
      - Key: Name
        Value: MySubnet1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.2.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: MySubnet2
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: MyVPC

cloudify.nodes.aws.elb.Listener

This node type refers to an AWS ELB V2 Listener

Resource Config

For more information, and possible keyword arguments, see: ELB V2 Listener:create_listener

Operations

Relationships

ELB V2 Listener Example

Creates a listener for the specified application load balancer

  my_http_listener:
    type: cloudify.nodes.aws.elb.Listener
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Protocol: HTTP
        Port: 8080
        DefaultActions:
          - Type: redirect
            RedirectConfig:
              Protocol: HTTP
              Port: '8080'
              Host: www.example.com
              Path: /
              StatusCode: HTTP_301
    relationships:
      - type: cloudify.relationships.depends_on
        target: elb
      - type: cloudify.relationships.depends_on
        target: forward_target_group

  elb:
    type: cloudify.nodes.aws.elb.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Name: test-elb
        kwargs:
          Attributes:
            - Key: idle_timeout.timeout_seconds
              Value: '120'
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
          CidrBlock: '10.0.1.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
          CidrBlock: '10.0.2.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'        

cloudify.nodes.aws.elb.LoadBalancer

This node type refers to an AWS ELB V2 (Application | NetWork)

Resource Config

For more information, and possible keyword arguments, see: ELB V2:create_load_balancer

Operations

Relationships

ELB V2 Example

Creates an application load balancer

  my_elb:
    type: cloudify.nodes.aws.elb.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Name: test-elb
        kwargs:
          Attributes:
            - Key: idle_timeout.timeout_seconds
              Value: '120'
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group


  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
          CidrBlock: '10.0.1.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
          CidrBlock: '10.0.2.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'        

cloudify.nodes.aws.elb.Rule

This node type refers to an AWS ELB V2 Rule

Resource Config

For more information, and possible keyword arguments, see: ELB V2 Rule:create_rule

Operations

Relationships

Classic ELB Rule Examples

Creates an application load balancer

  my_forward_rule:
    type: cloudify.nodes.aws.elb.Rule
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Priority: 101
        Conditions:
          - Field: 'host-header'
            Values:
              - example.com
        Actions:
          - Type: forward
            TargetGroupArn: { get_attribute: [ forward_target_group, aws_resource_arn ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: http_listener
      - type: cloudify.relationships.depends_on
        target: forward_target_group
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          implementation: aws.cloudify_aws.elb.resources.rule.create
          inputs:
            resource_config:
              Priority: 101
              Conditions:
                - Field: 'host-header'
                  Values:
                    - example.com
              Actions:
                - Type: forward
                  TargetGroupArn: { get_attribute: [ forward_target_group, aws_resource_arn ] }

  http_listener:
    type: cloudify.nodes.aws.elb.Listener
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Protocol: HTTP
        Port: 8080
        DefaultActions:
          - Type: redirect
            RedirectConfig:
              Protocol: HTTP
              Port: '8080'
              Host: www.example.com
              Path: /
              StatusCode: HTTP_301
    relationships:
      - type: cloudify.relationships.depends_on
        target: elb
      - type: cloudify.relationships.depends_on
        target: forward_target_group

  forward_target_group:
    type: cloudify.nodes.aws.elb.TargetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Name: test-elb-target-group
        Protocol: HTTP
        Port: 8080
        HealthCheckProtocol: HTTP
        HealthCheckPort: '80'
        kwargs:
          HealthCheckIntervalSeconds: 30
          HealthCheckTimeoutSeconds: 5
          UnhealthyThresholdCount: 3
          Matcher:
            HttpCode: '404'
          Attributes:
            - Key: stickiness.enabled
              Value: 'true'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  elb:
    type: cloudify.nodes.aws.elb.LoadBalancer
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Name: test-elb
        kwargs:
          Attributes:
            - Key: idle_timeout.timeout_seconds
              Value: '120'
    relationships:
      - type: cloudify.relationships.depends_on
        target: subnet1
      - type: cloudify.relationships.depends_on
        target: subnet2
      - type: cloudify.relationships.depends_on
        target: security_group

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: SecurityGroup1
        Description: Example Security Group 1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
          CidrBlock: '10.0.1.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
          CidrBlock: '10.0.2.0/24'
          AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

cloudify.nodes.aws.elb.TargetGroup

This node type refers to an AWS ELB V2 Target Group

Resource Config

For more information, and possible keyword arguments, see: ELB V2 TargetGroup:create_target_group

Operations

Relationships

ELB V2 Target Group Example

Creates a target group

  my_forward_target_group:
    type: cloudify.nodes.aws.elb.TargetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Name: test-elb-target-group
        Protocol: HTTP
        Port: 8080
        HealthCheckProtocol: HTTP
        HealthCheckPort: '80'
        kwargs:
          HealthCheckIntervalSeconds: 30
          HealthCheckTimeoutSeconds: 5
          UnhealthyThresholdCount: 3
          Matcher:
            HttpCode: '404'
          Attributes:
            - Key: stickiness.enabled
              Value: 'true'
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'

cloudify.nodes.aws.iam.AccessKey

This node type refers to an AWS IAM Access Key

Resource Config

For more information, and possible keyword arguments, see: IAM AccessKey:create_access_key

Operations

Relationships

IAM Access Key Example

Creates a new AWS secret access key and corresponding AWS access key ID for the specified user

  my_iam_user_api_access:
    type: cloudify.nodes.aws.iam.AccessKey
    relationships:
      - type: cloudify.relationships.aws.iam.access_key.connected_to
        target: iam_user

  iam_user:
    type: cloudify.nodes.aws.iam.User
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        UserName: !!str CloudifyUser=,.@-Test
        Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
    relationships:
      - type: cloudify.relationships.aws.iam.user.connected_to
        target: iam_group
      - type: cloudify.relationships.aws.iam.user.connected_to
        target: iam_policy_vpc_access

  iam_group:
    type: cloudify.nodes.aws.iam.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: !!str pmcfy_CloudifyGroup
        Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
    relationships:
      - type: cloudify.relationships.aws.iam.group.connected_to
        target: iam_policy_vpc_access

  iam_policy_vpc_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_vpcpolicy
        Description: >-
          Grants access to EC2 network components
        Path: !!str /service-role/
        PolicyDocument:
          Version: !!str 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - !!str ec2:CreateNetworkInterface
                - !!str ec2:DeleteNetworkInterface
                - !!str ec2:DescribeNetworkInterfaces
              Resource: '*'

cloudify.nodes.aws.iam.Group

This node type refers to an AWS IAM Group

Resource Config

For more information, and possible keyword arguments, see: IAM Group:create_group

Operations

Relationships

IAM Group Example

Creates a new group

  iam_group:
    type: cloudify.nodes.aws.iam.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: !!str pmcfy_CloudifyGroup
        Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
    relationships:
      - type: cloudify.relationships.aws.iam.group.connected_to
        target: iam_policy_vpc_access

  iam_policy_vpc_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_vpcpolicy
        Description: >-
          Grants access to EC2 network components
        Path: !!str /service-role/
        PolicyDocument:
          Version: !!str 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - !!str ec2:CreateNetworkInterface
                - !!str ec2:DeleteNetworkInterface
                - !!str ec2:DescribeNetworkInterfaces
              Resource: '*'

cloudify.nodes.aws.iam.InstanceProfile

This node type refers to an AWS IAM Instance Profile

Resource Config

For more information, and possible keyword arguments, see: IAM InstanceProfile:create_instance_profile

Operations

Relationships

IAM Instance Profile Example

Creates a new instance profile

  iam_user_instance_profile:
    type: cloudify.nodes.aws.iam.InstanceProfile
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        InstanceProfileName: pmcfy_iam_user_instance_profile
        Path: '/pmcfy_iam_user_instance_profile/'
    relationships:
      - type: cloudify.relationships.depends_on
        target: iam_role

  iam_role:
    type: cloudify.nodes.aws.iam.Role
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        RoleName: pmcfy_lambdarole
        Path: !!str /service-role/
        AssumeRolePolicyDocument:
          Version: !!str 2012-10-17
          Statement:
          - Effect: Allow
            Principal:
              Service: !!str lambda.amazonaws.com
            Action: !!str sts:AssumeRole

cloudify.nodes.aws.iam.LoginProfile

This node type refers to an AWS IAM Login Profile

Resource Config

For more information, and possible keyword arguments, see: IAM LoginProfile:create_login_profile

Operations

Relationships

IAM Login Profile Example

Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console

  iam_login_profile:
    type: cloudify.nodes.aws.iam.LoginProfile
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        UserName: !!str PMCfy=,.@-User
        Password: !!str Cl0ud1fy2017
    relationships:
      - type: cloudify.relationships.aws.iam.login_profile.connected_to
        target: iam_user

  iam_user:
    type: cloudify.nodes.aws.iam.User
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        UserName: !!str CloudifyUser=,.@-Test
        Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/

cloudify.nodes.aws.iam.Policy

This node type refers to an AWS IAM Policy

Resource Config

For more information, and possible keyword arguments, see: IAM Policy:create_policy

Operations

IAM Policy Example

Creates a new managed policy for your AWS account

  iam_policy:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_vpcpolicy
        Description: >-
          Grants access to EC2 network components
        Path: !!str /service-role/
        PolicyDocument:
          Version: !!str 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - !!str ec2:CreateNetworkInterface
                - !!str ec2:DeleteNetworkInterface
                - !!str ec2:DescribeNetworkInterfaces
              Resource: '*'

cloudify.nodes.aws.iam.Role

This node type refers to an AWS IAM Role

Resource Config

For more information, and possible keyword arguments, see: IAM Role:create_role

Operations

Relationships

IAM Role Example

Creates a new role for your AWS account

  iam_role:
    type: cloudify.nodes.aws.iam.Role
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        RoleName: pmcfy_lambdarole
        Path: !!str /service-role/
        AssumeRolePolicyDocument:
          Version: !!str 2012-10-17
          Statement:
          - Effect: Allow
            Principal:
              Service: !!str lambda.amazonaws.com
            Action: !!str sts:AssumeRole
    relationships:
      - type: cloudify.relationships.aws.iam.role.connected_to
        target: iam_policy_vpc_access
      - type: cloudify.relationships.aws.iam.role.connected_to
        target: iam_policy_cloudwatch_access

  iam_policy_vpc_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_vpcpolicy
        Description: >-
          Grants access to EC2 network components
        Path: !!str /service-role/
        PolicyDocument:
          Version: !!str 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - !!str ec2:CreateNetworkInterface
                - !!str ec2:DeleteNetworkInterface
                - !!str ec2:DescribeNetworkInterfaces
              Resource: '*'


  iam_policy_cloudwatch_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_iampolicy
        Description: >-
          Grants access to CloudWatch logs
        Path: !!str /service-role/
        PolicyDocument:
          Version: !!str 2012-10-17
          Statement:
            - Effect: Allow
              Action: !!str logs:CreateLogGroup
              Resource: '*'
            - Effect: Allow
              Action:
                - !!str logs:CreateLogStream
                - !!str logs:PutLogEvents
              Resource:
                - { get_input: aws_cloudwatch_log_arn }

cloudify.nodes.aws.iam.RolePolicy

This node type refers to an AWS IAM Role Policy

Resource Config

For more information, and possible keyword arguments, see: IAM RolePolicy:put_role_policy

Operations

Relationships

IAM Role Policy Example

Adds or updates an inline policy document that is embedded in the specified IAM role

  iam_role_policy:
    type: cloudify.nodes.aws.iam.RolePolicy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_iam_role_policy
        PolicyDocument:
          {
            "Version": "2012-10-17",
            "Statement": {
              "Effect": "Allow",
              "Resource": "*",
              "Action": "sts:AssumeRole"
            }
          }
    relationships:
      - type: cloudify.relationships.depends_on
        target: iam_role

  iam_role:
    type: cloudify.nodes.aws.iam.Role
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        RoleName: pmcfy_lambdarole
        Path: !!str /service-role/
        AssumeRolePolicyDocument:
          Version: !!str 2012-10-17
          Statement:
          - Effect: Allow
            Principal:
              Service: !!str lambda.amazonaws.com
            Action: !!str sts:AssumeRole

cloudify.nodes.aws.iam.User

This node type refers to an AWS IAM User

Resource Config

For more information, and possible keyword arguments, see: IAM User:create_user

Operations

Relationships

IAM User Example

Creates a new IAM user for AWS account

  iam_user:
    type: cloudify.nodes.aws.iam.User
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        UserName: !!str CloudifyUser=,.@-Test
        Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
    relationships:
      - type: cloudify.relationships.aws.iam.user.connected_to
        target: iam_group
      - type: cloudify.relationships.aws.iam.user.connected_to
        target: iam_policy_vpc_access

 iam_group:
    type: cloudify.nodes.aws.iam.Group
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: !!str pmcfy_CloudifyGroup
        Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
    relationships:
      - type: cloudify.relationships.aws.iam.group.connected_to
        target: iam_policy_vpc_access

  iam_policy_vpc_access:
    type: cloudify.nodes.aws.iam.Policy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        PolicyName: pmcfy_vpcpolicy
        Description: >-
          Grants access to EC2 network components
        Path: !!str /service-role/
        PolicyDocument:
          Version: !!str 2012-10-17
          Statement:
            - Effect: Allow
              Action:
                - !!str ec2:CreateNetworkInterface
                - !!str ec2:DeleteNetworkInterface
                - !!str ec2:DescribeNetworkInterfaces
              Resource: '*'

cloudify.nodes.aws.kms.Alias

This node type refers to an AWS KMS Alias

Resource Config

For more information, and possible keyword arguments, see: KMS Alias:create_alias

Operations

Relationships

KMS Alias Example

Creates a display name for a customer managed customer master key (CMK)

  my_alias:
    type: cloudify.nodes.aws.kms.Alias
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          AliasName: alias/test_key
    relationships:
      - type: cloudify.relationships.depends_on
        target: cmk

  cmk:
    type: cloudify.nodes.aws.kms.CustomerMasterKey
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: An example CMK.
          Tags:
          - TagKey: Cloudify
            TagValue: Example

cloudify.nodes.aws.kms.CustomerMasterKey

This node type refers to an AWS KMS Customer Master Key

Resource Config

For more information, and possible keyword arguments, see: KMS CustomerMasterKey:create_key

Operations

KMS Customer Master Key Example

Creates a customer managed customer master key (CMK) in AWS account

  my_cmk:
    type: cloudify.nodes.aws.kms.CustomerMasterKey
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: An example CMK.
          Tags:
          - TagKey: Cloudify
            TagValue: Example

cloudify.nodes.aws.kms.Grant

This node type refers to an AWS KMS Grant

Resource Config

For more information, and possible keyword arguments, see: KMS Grant:create_grant

Operations

Relationships

KMS Grant Example

Adds a grant to a customer master key (CMK)

  my_grant:
    type: cloudify.nodes.aws.kms.Grant
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: TestGrant
          GranteePrincipal: { get_input: iam_arn }
          Operations: [Encrypt, Decrypt]
    relationships:
      - type: cloudify.relationships.depends_on
        target: cmk

  cmk:
    type: cloudify.nodes.aws.kms.CustomerMasterKey
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Description: An example CMK.
          Tags:
          - TagKey: Cloudify
            TagValue: Example

cloudify.nodes.aws.lambda.Function

This node type refers to an AWS Lambda Function

Resource Config

For more information, and possible keyword arguments, see: Lambda Function:create_function

Operations

Relationships

Lambda Function Example

Creates a Lambda function

  my_lambda_function:
    type: cloudify.nodes.aws.lambda.Function
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        FunctionName: myLambdaFunction
        Runtime: python2.7
        Handler: main.lambda_handler
        Code:
          ZipFile: function/main.zip
        kwargs:
          MemorySize: 128
    relationships:
      - type: cloudify.relationships.connected_to
        target: subnet_1
      - type: cloudify.relationships.connected_to
        target: subnet_2
      - type: cloudify.relationships.connected_to
        target: security_group
      - type: cloudify.relationships.connected_to
        target: iam_role_lambda_function

  subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: Subnet1
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.1.0/24'
        AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
      Tags:
        - Key: Name
          Value: Subnet2
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        GroupName: Lambda Security Group
        Description: Lambda Feature Demo Test Group
      Tags:
        - Key: Name
          Value: MyGroup
    relationships:
      - type: cloudify.relationships.depends_on
        target: vpc

  security_group_rules:
    type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        IpPermissions:
         - IpProtocol: "-1"
           FromPort: -1
           ToPort: -1
           IpRanges:
            - CidrIp: 0.0.0.0/0
           UserIdGroupPairs: [  { GroupId: { get_attribute: [ security_group, aws_resource_id ] } } ]
    relationships:
      - type: cloudify.relationships.contained_in
        target: security_group
    interfaces:
      cloudify.interfaces.lifecycle:
        start:
          implementation: aws.cloudify_aws.ec2.resources.securitygroup.authorize_ingress_rules
          inputs:
            resource_config:
              IpPermissions:
               - IpProtocol: "-1"
                 FromPort: -1
                 ToPort: -1
                 IpRanges:
                  - CidrIp: 0.0.0.0/0
                 UserIdGroupPairs: [  { GroupId: { get_attribute: [ security_group, aws_resource_id ] } } ]
        stop:
          implementation: aws.cloudify_aws.ec2.resources.securitygroup.revoke_ingress_rules
          inputs:
            resource_config:
              IpPermissions:
               - IpProtocol: "-1"
                 FromPort: -1
                 ToPort: -1
                 IpRanges:
                  - CidrIp: 0.0.0.0/0
                 UserIdGroupPairs: [  { GroupId: { get_attribute: [ security_group, aws_resource_id ] } } ]

  vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: '10.0.0.0/16'
      Tags:
        - Key: Name
          Value: VPC

cloudify.nodes.aws.lambda.Invoke

This node type refers to an AWS Lambda Invoke

Resource Config

For more information, and possible keyword arguments, see: Lambda Invoke:invoke

Operations

Relationships

Lambda Invoke Example

Invokes a Lambda function

  my_lambda_function_invocation:
    type: cloudify.nodes.aws.lambda.Invoke
    relationships:
      - type: cloudify.relationships.aws.lambda.invoke.connected_to
        target: lambda_function

  lambda_function:
    type: cloudify.nodes.aws.lambda.Function
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        FunctionName: myLambdaFunction
        Runtime: python2.7
        Handler: main.lambda_handler
        Code:
          ZipFile: function/main.zip
        kwargs:
          MemorySize: 128

cloudify.nodes.aws.lambda.Permission

This node type refers to an AWS Lambda Permission

Resource Config

For more information, and possible keyword arguments, see: Lambda Permission:add_permission

Operations

Relationships

Lambda Permission Example

Grants an AWS service or another account permission to use a function

  my_lambda_function_permission:
    type: cloudify.nodes.aws.lambda.Permission
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        FunctionName: { get_attribute: [ lambda_function, aws_resource_arn ] }
        StatementId: apigateway-id-2
        Action: !!str lambda:*
        Principal: !!str apigateway.amazonaws.com
    relationships:
      - type: cloudify.relationships.aws.lambda.permission.connected_to
        target: lambda_function

  lambda_function:
    type: cloudify.nodes.aws.lambda.Function
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        FunctionName: myLambdaFunction
        Runtime: python2.7
        Handler: main.lambda_handler
        Code:
          ZipFile: function/main.zip
        kwargs:
          MemorySize: 128

cloudify.nodes.aws.rds.Instance

This node type refers to an AWS RDS Instance

Resource Config

For more information, and possible keyword arguments, see: RDS Instance:create_db_instance

Operations

Relationships

RDS Instance Example

Creates a new DB instance

  my_rds_mysql_instance:
    type: cloudify.nodes.aws.rds.Instance
    properties:
      resource_id: devdbinstance
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              DBInstanceClass: db.t2.small
              Engine: mysql
              EngineVersion: 5.7.16
              AvailabilityZone: us-west-1a
              StorageType: gp2
              AllocatedStorage: 10
              DBName: devdb
              MasterUsername: root
              MasterUserPassword: Password1234
    relationships:
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_subnet_group
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_option_group
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_parameter_group
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_security_group

  rds_subnet_group:
    type: cloudify.nodes.aws.rds.SubnetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-subnet-group
      resource_config:
        kwargs:
          DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_1
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_2

  rds_subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_1_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_2_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id }

cloudify.nodes.aws.rds.InstanceReadReplica

This node type refers to an AWS RDS Instance Read Replica

Resource Config

For more information, and possible keyword arguments, see: RDS Instance Read Replica:create_db_instance_read_replica

Operations

Relationships

RDS Instance Read Replica Example

Creates a new DB instance that acts as a Read Replica for an existing source DB instance

  my_rds_mysql_read_replica:
    type: cloudify.nodes.aws.rds.InstanceReadReplica
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: devdbinstance-replica
      resource_config:
        kwargs:
          SourceDBInstanceIdentifier: { get_property: [rds_mysql_instance, resource_id] }
          DBInstanceClass: db.t2.small
          AvailabilityZone: us-west-1c
    relationships:
    - type: cloudify.relationships.aws.rds.instance_read_replica.connected_to
      target: rds_mysql_instance
    - type: cloudify.relationships.aws.rds.instance_read_replica.connected_to
      target: rds_option_group
    - type: cloudify.relationships.aws.rds.instance_read_replica.connected_to
      target: rds_parameter_group

  rds_option_group:
    type: cloudify.nodes.aws.rds.OptionGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-option-group
      resource_config:
        kwargs:
          EngineName: mysql
          MajorEngineVersion: '5.7'
          OptionGroupDescription: MySQL5.7 Option Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.option_group.connected_to
      target: rds_option_1

  rds_option_1:
    type: cloudify.nodes.aws.rds.Option
    properties:
      resource_id: MEMCACHED
      resource_config:
        kwargs:
          Port: 21212
    relationships:
    - type: cloudify.relationships.aws.rds.option.connected_to
      target: rds_security_group

  rds_security_group:
    type: cloudify.nodes.aws.ec2.SecurityGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_security_group_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id }

  rds_parameter_group:
    type: cloudify.nodes.aws.rds.ParameterGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-param-group
      resource_config:
        kwargs:
          DBParameterGroupFamily: mysql5.7
          Description: MySQL5.7 Parameter Group for Dev
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          inputs:
            resource_config:
              Parameters:
              - ParameterName: time_zone
                ParameterValue: US/Eastern
                ApplyMethod: immediate
              - ParameterName: lc_time_names
                ParameterValue: en_US
                ApplyMethod: immediate

  rds_mysql_instance:
    type: cloudify.nodes.aws.rds.Instance
    properties:
      resource_id: devdbinstance
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
    interfaces:
      cloudify.interfaces.lifecycle:
        create:
          inputs:
            resource_config:
              DBInstanceClass: db.t2.small
              Engine: mysql
              EngineVersion: 5.7.16
              AvailabilityZone: us-west-1a
              StorageType: gp2
              AllocatedStorage: 10
              DBName: devdb
              MasterUsername: root
              MasterUserPassword: Password1234
    relationships:
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_subnet_group
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_option_group
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_parameter_group
    - type: cloudify.relationships.aws.rds.instance.connected_to
      target: rds_security_group

  rds_subnet_group:
    type: cloudify.nodes.aws.rds.SubnetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-subnet-group
      resource_config:
        kwargs:
          DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_1
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_2

  rds_subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_1_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_2_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

cloudify.nodes.aws.rds.Option

This node type refers to an AWS RDS Option

Resource Config

For more information, and possible keyword arguments, see: RDS Option:modify_option_group

Operations

Relationships

RDS Option Example

Creates new option to an existing option group

  my_rds_option:
    type: cloudify.nodes.aws.rds.Option
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: MEMCACHED
      resource_config:
        kwargs:
          Port: 21212
    relationships:
    - type: cloudify.relationships.aws.rds.option.connected_to
      target: rds_security_group

  rds_subnet_group:
    type: cloudify.nodes.aws.rds.SubnetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-subnet-group
      resource_config:
        kwargs:
          DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_1
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_2

  rds_subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_1_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_2_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

   rds_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id }

cloudify.nodes.aws.rds.OptionGroup

This node type refers to an AWS RDS Option Group

Resource Config

For more information, and possible keyword arguments, see: RDS Option Group:create_option_group

Operations

Relationships

RDS Option Group Example

Creates new option to an existing option group

  my_rds_option_group:
    type: cloudify.nodes.aws.rds.OptionGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-option-group
      resource_config:
        kwargs:
          EngineName: mysql
          MajorEngineVersion: '5.7'
          OptionGroupDescription: MySQL5.7 Option Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.option_group.connected_to
      target: rds_option_1

  rds_option_1:
    type: cloudify.nodes.aws.rds.Option
    properties:
      resource_id: MEMCACHED
      resource_config:
        kwargs:
          Port: 21212
    relationships:
    - type: cloudify.relationships.aws.rds.option.connected_to
      target: rds_security_group

  rds_subnet_group:
    type: cloudify.nodes.aws.rds.SubnetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-subnet-group
      resource_config:
        kwargs:
          DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_1
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_2

  rds_subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_1_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_2_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_id }  

cloudify.nodes.aws.rds.Parameter

This node type refers to an AWS RDS Parameter

Resource Config

For more information, and possible keyword arguments, see: RDS Parameter:modify_db_parameter_group

Operations

Relationships

RDS Parameter Example

Creates new parameter to an existing parameter group

  my_rds_parameter:
    type: cloudify.nodes.aws.rds.Parameter
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: binlog_cache_size
      resource_config:
        kwargs:
          ApplyMethod: immediate
    relationships:
    - type: cloudify.relationships.aws.rds.parameter.connected_to
      target: rds_parameter_group

  rds_parameter_group:
    type: cloudify.nodes.aws.rds.ParameterGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-param-group
      resource_config:
        kwargs:
          DBParameterGroupFamily: mysql5.7
          Description: MySQL5.7 Parameter Group for Dev
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          inputs:
            resource_config:
              Parameters:
              - ParameterName: time_zone
                ParameterValue: US/Eastern
                ApplyMethod: immediate
              - ParameterName: lc_time_names
                ParameterValue: en_US
                ApplyMethod: immediate

cloudify.nodes.aws.rds.ParameterGroup

This node type refers to an AWS RDS Parameter Group

Resource Config

For more information, and possible keyword arguments, see: RDS Parameter Group:create_db_parameter_group

Operations

Relationships

RDS Parameter Group Example

Creates a new DB parameter group

  my_rds_parameter_group:
    type: cloudify.nodes.aws.rds.ParameterGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-param-group
      resource_config:
        kwargs:
          DBParameterGroupFamily: mysql5.7
          Description: MySQL5.7 Parameter Group for Dev
    interfaces:
      cloudify.interfaces.lifecycle:
        configure:
          inputs:
            resource_config:
              Parameters:
              - ParameterName: time_zone
                ParameterValue: US/Eastern
                ApplyMethod: immediate
              - ParameterName: lc_time_names
                ParameterValue: en_US
                ApplyMethod: immediate
    relationships:
      - type: cloudify.relationships.aws.rds.parameter_group.connected_to
        target: rds_parameter

  rds_parameter:
    type: cloudify.nodes.aws.rds.Parameter
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: binlog_cache_size
      resource_config:
        kwargs:
          ApplyMethod: immediate

cloudify.nodes.aws.rds.SubnetGroup

This node type refers to an AWS RDS Subnet Group

Resource Config

For more information, and possible keyword arguments, see: RDS Subnet Group:create_db_subnet_group

Operations

Relationships

RDS Subnet Group Example

Creates a new DB subnet group

  my_rds_subnet_group:
    type: cloudify.nodes.aws.rds.SubnetGroup
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: dev-rds-subnet-group
      resource_config:
        kwargs:
          DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
    relationships:
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_1
    - type: cloudify.relationships.aws.rds.subnet_group.connected_to
      target: rds_subnet_2

  rds_subnet_1:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_1_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

  rds_subnet_2:
    type: cloudify.nodes.aws.ec2.Subnet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      use_external_resource: true
      resource_id: { get_input: aws_vpc_subnet_2_id }
    relationships:
      - type: cloudify.relationships.depends_on
        target: rds_vpc

cloudify.nodes.aws.route53.HostedZone

This node type refers to an AWS Route53 Hosted Zone

Resource Config

For more information, and possible keyword arguments, see: Route53 HostedZone:create_hosted_zone

Operations

Relationships

Route53 Hosted Zone Example

Creates a new private hosted zone

  my_dns_hosted_zone:
    type: cloudify.nodes.aws.route53.HostedZone
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_id: !!str getcloudify.org
      resource_config:
        kwargs:
          HostedZoneConfig:
            Comment: !!str Cloudify-generated DNS Hosted Zone
            PrivateZone: !!bool true
          VPC:
            VPCRegion: { get_input: aws_region_name }
            VPCId: { get_attribute: [ dns_vpc, aws_resource_id ] }
    relationships:
    - type: cloudify.relationships.aws.route53.hosted_zone.connected_to
      target: dns_vpc

  dns_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: { get_input: vpc_cidr }

cloudify.nodes.aws.route53.RecordSet

This node type refers to an AWS Route53 Record Set

Resource Config

For more information, and possible keyword arguments, see: Route53 RecordSet:change_resource_record_sets

Operations

Relationships

Route53 Record Set Example

Creates a resource record set

  my_dns_record_set:
    type: cloudify.nodes.aws.route53.RecordSet
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Action: UPSERT
          ResourceRecordSet:
            Name: { concat: ["staging.", { get_property: [dns_hosted_zone, resource_id] }] }
            Type: !!str TXT
            TTL: !!int 60
            ResourceRecords:
            - Value: '"Created using Cloudify"'
    relationships:
    - type: cloudify.relationships.aws.route53.record_set.connected_to
      target: dns_hosted_zone

  dns_hosted_zone:
    type: cloudify.nodes.aws.route53.HostedZone
    properties:
      resource_id: !!str getcloudify.org
      client_config:
        aws_access_key_id: { get_input: aws_access_key_id }
        aws_secret_access_key: { get_input: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          HostedZoneConfig:
            Comment: !!str Cloudify-generated DNS Hosted Zone
            PrivateZone: !!bool true
          VPC:
            VPCRegion: { get_input: aws_region_name }
            VPCId: { get_attribute: [ dns_vpc, aws_resource_id ] }
    relationships:
    - type: cloudify.relationships.aws.route53.hosted_zone.connected_to
      target: dns_vpc

  dns_vpc:
    type: cloudify.nodes.aws.ec2.Vpc
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        CidrBlock: { get_input: vpc_cidr }

cloudify.nodes.aws.s3.Bucket

This node type refers to an AWS S3 Bucket

Resource Config

For more information, and possible keyword arguments, see: S3 Bucket:create_bucket

Operations

S3 Bucket Example

creates a new bucket

  my_bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

cloudify.nodes.aws.s3.BucketLifecycleConfiguration

This node type refers to an AWS S3 Bucket Lifecycle Configuration

Resource Config

For more information, and possible keyword arguments, see: S3 BucketLifecycleConfiguration:put_bucket_lifecycle

Operations

Relationships

S3 Bucket Lifecycle Configuration Example

Creates a new lifecycle configuration for the bucket

  my_bucket_lifecycle_configuration:
    type: cloudify.nodes.aws.s3.BucketLifecycleConfiguration
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        LifecycleConfiguration:
          Rules:
          - ID: Standard Rule LFC
            Prefix: boto3
            Status: Disabled
            Transition:
              Days: 31
              StorageClass: STANDARD_IA
            Expiration:
              Days: 95
    relationships:
    - type: cloudify.relationships.depends_on
      target: bucket

   bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

cloudify.nodes.aws.s3.BucketPolicy

This node type refers to an AWS S3 Bucket Policy

Resource Config

For more information, and possible keyword arguments, see: S3 BucketPolicy:put_bucket_policy

Operations

Relationships

S3 Bucket Policy Example

Creates a new bucket policy for the bucket

  my_bucket_policy:
    type: cloudify.nodes.aws.s3.BucketPolicy
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Policy:
          Version: '2012-10-17'
          Statement:
          - Sid: EveryoneGetPlugin
            Effect: Allow
            Principal: "*"
            Action:
            - "s3:GetObject"
            Resource: { concat: [ 'arn:aws:s3:::', { get_property: [ bucket, resource_config, Bucket ] } , '/*' ] }
    relationships:
    - type: cloudify.relationships.depends_on
      target: bucket

   bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

cloudify.nodes.aws.s3.BucketTagging

This node type refers to an AWS S3 Bucket Tagging

Resource Config

For more information, and possible keyword arguments, see: S3 BucketTagging:put_bucket_tagging

Operations

Relationships

S3 Bucket Tagging Example

Creates a set of tags to an existing bucket

  my_bucket_tagging:
    type: cloudify.nodes.aws.s3.BucketTagging
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Tagging:
          TagSet:
          - Key: Name
            Value: aws-test-bucket-tagging
    relationships:
    - type: cloudify.relationships.depends_on
      target: bucket

   bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

cloudify.nodes.aws.s3.BucketObject

This node type refers to an AWS S3 Bucket Tagging

Resource Config

For more information, and possible keyword arguments, see: S3 BucketObject:put_object

Properties

Operations

Relationships

S3 Bucket Object Examples

Adds an object to a bucket

This example demonstrates how to add new object to the bucket by reading bytes data in Body

  my_bucket_object_bytes:
    type: cloudify.nodes.aws.s3.BucketObject
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      source_type: 'bytes'
      resource_config:
        ACL: 'public-read'
        Bucket: { get_property: [ bucket, resource_config, Bucket ] }
        Key: 'test-byte-data.txt'
        kwargs:
          Body: 'Test Bytes Mode'
    relationships:
    - type: cloudify.relationships.depends_on
      target: bucket

  bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

This example demonstrates how to add new object to the bucket by reading local file data in path

  my_bucket_object_bytes:
    type: cloudify.nodes.aws.s3.BucketObject
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      source_type: 'local'
      path: './local-s3-object.txt'
      resource_config:
        ACL: 'public-read'
        Bucket: { get_property: [ bucket, resource_config, Bucket ] }
        Key: 'local-s3-object.txt'
    relationships:
    - type: cloudify.relationships.depends_on
      target: bucket

  bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

This example demonstrates how to add new object to the bucket by reading remote file url in path

  my_bucket_object_bytes:
    type: cloudify.nodes.aws.s3.BucketObject
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      source_type: 'remote'
      path: 'https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf'
      resource_config:
        ACL: 'public-read'
        Bucket: { get_property: [ bucket, resource_config, Bucket ] }
        Key: 'dummy.pdf'
    relationships:
    - type: cloudify.relationships.depends_on
      target: bucket

  bucket:
    type: cloudify.nodes.aws.s3.Bucket
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        Bucket: test-cloudify-bucket
        ACL: public-read-write
        CreateBucketConfiguration:
          LocationConstraint: { get_input: aws_region_name }

cloudify.nodes.aws.SNS.Subscription

This node type refers to an AWS SNS Subscription

Resource Config

For more information, and possible keyword arguments, see: SNS Subscription:subscribe

Operations

Relationships

SNS Subscription Example

Creates a subscription to endpoint

  my_subscription:
    type: cloudify.nodes.aws.SNS.Subscription
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Protocol: sqs
          Endpoint: queue
    relationships:
      - type: cloudify.relationships.depends_on
        target: topic

  topic:
    type: cloudify.nodes.aws.SNS.Topic
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: TestCloudifyTopic

cloudify.nodes.aws.SNS.Topic

This node type refers to an AWS SNS Topic

Resource Config

For more information, and possible keyword arguments, see: SNS Topic:create_topic

Operations

SNS Topic Example

Creates a topic to which notifications can be published

  my_topic:
    type: cloudify.nodes.aws.SNS.Topic
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Name: TestCloudifyTopic

cloudify.nodes.aws.SQS.Queue

This node type refers to an AWS SQS Queue

Resource Config

For more information, and possible keyword arguments, see: SQS Queue:create_queue

Operations

SQS Example

Creates a new standard

  my_queue:
    type: cloudify.nodes.aws.SQS.Queue
    properties:
      client_config:
        aws_access_key_id: { get_secret: aws_access_key_id }
        aws_secret_access_key: { get_secret: aws_secret_access_key }
        region_name: { get_input: aws_region_name }
      resource_config:
        kwargs:
          Attributes:
            Policy:
              {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Sid": "Sid1",
                    "Effect": "Deny",
                    "Principal": "*",
                    "Action": [
                      "SQS:SendMessage",
                      "SQS:ReceiveMessage"
                    ],
                    "Resource": "test-queue",
                    "Condition": {
                      "DateGreaterThan" : {
                         "aws:CurrentTime" : "2013-12-15T12:00:00Z"
                      }
                    }
                  }
                ]
              }
            MessageRetentionPeriod: '86400'
            VisibilityTimeout: '180'

Known Issues

1. AWS plugin clock sync issue

in some cases, even if your credentials are correct and a error like this appears:

AWS was not able to validate the provided access credentials
Causes (most recent cause last):
--------------------------------
Traceback (most recent call last):
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-aws-plugin-2.0.0/lib/python2.7/site-packages/cloudify_aws/common/__init__.py", line 87, in make_client_call
    res = client_method(**client_method_args)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-aws-plugin-2.0.0/lib/python2.7/site-packages/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-aws-plugin-2.0.0/lib/python2.7/site-packages/botocore/client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
ClientError: An error occurred (AuthFailure) when calling the CreateNetworkInterface operation: AWS was not able to validate the provided access credentials

If the credentials are correct and no boto/aws CLI configuration files are on the filesystem, try resyncing your clock, e.g.

sudo ntpdate 1.ro.pool.ntp.org

cloudify.nodes.aws.eks.Cluster

This node type refers to an AWS EKS Cluster

Resource Config

For more information, and possible keyword arguments, see: EKS Cluster:create_cluster

Operations

Relationships

EKS Examples

Creates a new EKS Cluster

  eks_cluster:
    type: cloudify.nodes.aws.eks.Cluster
    properties:
      resource_config:
        kwargs:
          name: { get_input: eks_cluster_name }
          version: { get_input: kubernetes_version }
          roleArn: { get_attribute: [ eks_service_iam_role, aws_resource_arn ] }
          resourcesVpcConfig:
            subnetIds:
              - { get_attribute: [ private_subnet_01, aws_resource_id ] }
              - { get_attribute: [ private_subnet_02, aws_resource_id ] }
              - { get_attribute: [ public_subnet_01, aws_resource_id ] }
              - { get_attribute: [ public_subnet_02, aws_resource_id ] }
            securityGroupIds:
              - { get_attribute: [ security_group, aws_resource_id ] }
            endpointPublicAccess: True
            endpointPrivateAccess: False
      client_config: *client_config
      store_kube_config_in_runtime: True

Uses connected_to_eks_cluster Relationship

  new_service_account:
    type: cloudify.kubernetes.resources.ServiceAccount
    properties:
      client_config:
        configuration:
          file_content: { get_attribute: [ eks_cluster, kubeconf ] }
      definition:
        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: { get_input: service_account_name }
          namespace: { get_input: service_account_namespace }
      options:
        namespace: { get_input: service_account_namespace }
    relationships:
      - type: cloudify.relationships.aws.eks.connected_to_eks_cluster
        target: eks_cluster

cloudify.nodes.aws.eks.NodeGroup

This node type refers to an AWS EKS NodeGroup

Resource Config

For more information, and possible keyword arguments, see: Node Group:create_nodegroup

Operations

NodeGroup Example

Creates a new EKS Cluster NodeGroup

  eks_node_group:
    type: cloudify.nodes.aws.eks.NodeGroup
    properties:
      resource_config:
        kwargs:
          clusterName: { get_input: eks_cluster_name }
          nodegroupName: { get_input: eks_nodegroup_name }
          scalingConfig:
            minSize: 1
            maxSize: 1
            desiredSize: 1
          diskSize: 20
          subnets:
              - { get_attribute: [ private_subnet_01, aws_resource_id ] }
              - { get_attribute: [ private_subnet_02, aws_resource_id ] }
              - { get_attribute: [ public_subnet_01, aws_resource_id ] }
              - { get_attribute: [ public_subnet_02, aws_resource_id ] }
          instanceTypes:
            - t3.medium
          amiType: AL2_x86_64
          nodeRole: { get_attribute: [ eks_nodegroup_iam_role, aws_resource_arn ] }
          remoteAccess:
            ec2SshKey: { get_input: ssh_keypair }
      client_config: *client_config

cloudify.nodes.aws.codepipeline.Pipeline

This node type refers to an AWS Codepipeline pipeline.

Resource Config

For more information, and possible keyword arguments, see: CodePipeline:create_pipeline

Operations

Creates a new pipeline.

  codepipeline:
    type: cloudify.nodes.aws.codepipeline.Pipeline
    properties:
      client_config: *client_config
      resource_config:
        kwargs:
          pipeline:
            name: { get_input: pipeline_name }
            roleArn: { get_input: code_pipeline_service_role }
            artifactStore:
              type: 'S3'
              location: { get_input: artifact_store_bucket_name }
            stages:
              - name: 'Source-stage'
                actions:
                  - name: 'source-action'
                    actionTypeId:
                      category: 'Source'
                      owner: 'AWS'
                      provider: 'S3'
                      version: '1'
                    outputArtifacts:
                      - name: 'My-source'
                    configuration:
                      S3Bucket: { get_input: source_code_bucket }
                      S3ObjectKey: test-app.zip
                      PollForSourceChanges: 'false'
                    region: { get_input: aws_region_name }
              - name: 'Deploy-stage'
                actions:
                  - name: 'deploy-action'
                    actionTypeId:
                      category: 'Deploy'
                      owner: 'AWS'
                      provider: 'S3'
                      version: '1'
                    inputArtifacts:
                      - name: 'My-source'
                    configuration:
                      "BucketName": { get_input: deployment_bucket_name }
                      "Extract": "true"
                    region: { get_input: aws_region_name }
            version: 1

Invoke start_pipeline_execution operation:

cfy exec start -d pipelinedep execute_operation -p '{"node_instance_ids": ["codepipeline_uasi97"], "operation": "aws.codepipeline.pipeline.start_pipeline_execution", "operation_kwargs": {"name": "Demopipeline"}}'

cloudify.nodes.aws.ec2.SpotFleetRequest

This node type refers to an AWS spot fleet request.

Resource Config

For more information, and possible keyword arguments, see: EC2:request_spot_fleet

Operations

Spot Fleet Example

  fleet:
    type: cloudify.nodes.aws.ec2.SpotFleetRequest
    properties:
      client_config: *client_config
      resource_config:
        kwargs:
          SpotFleetRequestConfig:
            IamFleetRole: { get_attribute: [ cfy_fleet_role, aws_resource_arn ] }
            LaunchSpecifications:
              - IamInstanceProfile:
                  Arn: { get_attribute: [ cfy_fleet_profile, aws_resource_arn ] }
                ImageId: { get_attribute: [ ami, aws_resource_id ] }
                InstanceType: { get_input: instance_type }
                KeyName: { get_input: key_name }
                Placement:
                  AvailabilityZone: { get_input: availability_zone }
                SubnetId: { get_attribute: [ subnet, aws_resource_id ] }
                SecurityGroups:
                  - GroupId: { get_attribute: [ security_group, aws_resource_id ] }
            SpotPrice: '0.04'
            TargetCapacity: 4