AWS Plugin
The AWS plugin enables you to manage AWS resources with Cloudify.
Authentication with AWS
Each node template, has a client_config
property which stores your account credentials. Use an intrinsic function to assign these to the values of secrets in your manager.
my_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
aws_session_token: { get_secret: aws_session_token }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
The client_config
essential values are aws_access_key_id
and aws_access_key_id
. It also accepts aws_session_token
and api_version
.
Furthermore, the client_config
property accepts an argument additional_config
, where you can configure the AWS API retry number and mode for situations when AWS may throttle requests from your session:
my_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
additional_config:
retries:
max_attempts: 10
mode: adaptive
resource_config:
CidrBlock: '10.0.0.0/16'
For information on AWS Throttling, see here.
The valid values for retries mode
are [‘adaptive’, ‘standard’, ‘legacy’]. For documentation on configuring retries in boto3, please see here.
Common Operations
This section requires an understanding of Cloudify’s install and uninstall built-in workflows.
AWS Plugin node types have these common operations, except where noted:
Operations
cloudify.interfaces.validation.check_status
: Cloudify 6.3 introduces the validation interface. For each AWS resource, the plugin determines whether the resource is in a usable state or not.cloudify.interfaces.lifecycle.create
:description
: Theresource_config
from properties is stored in theresource_config
runtime property.inputs
:aws_resource_id
: Override the ID of the resource.runtime_properties
: Override the current runtime properties.force_operation
: Forces the current operation to be executed regardless ofuse_external_resource
.resource_config
: Override the resource config.
cloudify.interfaces.lifecycle.configure
description
: Execute the API action associated with creation, see resource mapping information.inputs
:aws_resource_id
: Override the ID of the resource.runtime_properties
: Override the current runtime properties.force_operation
: Forces the current operation to be executed regardless ofuse_external_resource
.resource_config
: Override the resource config.
cloudify.interfaces.lifecycle.delete
description
: Execute the API method action with deletion, see resource mapping information.inputs
:aws_resource_id
: Override the ID of the resource.runtime_properties
: Override the current runtime properties.force_operation
: Forces the current operation to be executed regardless ofuse_external_resource
.resource_config
: Override the resource config.
Common Properties
AWS Plugin node types have these common properties, except where noted:
Properties
client_config
: A dictionary that contains values to be passed to the connection client.resource_config
: A dictionary with required and common parameters to the resource’s create or put call. Thekwargs
key accepts any supported AWS API method arguments. This call usually happens in thecloudify.interfaces.lifecycle.configure
operation.use_external_resource
: Boolean. The default value isfalse
. Set totrue
if the resource already exists.resource_id
: The ID of an existing resource in AWS. Required ifuse_external_resource
istrue
.cloudify_tagging
: Boolean. The default value isfalse
. Set totrue
in order to automaticly add a Name & CreatedBy tags to EC2, EKS, ELB nodes.
Node Types
Each node type refers to a resource in AWS.
cloudify.nodes.aws.ec2.CustomerGateway
This node type refers to an AWS Customer Gateway
For more information, and possible keyword arguments, see: EC2:create_customer_gateway
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateCustomerGateway action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteCustomerGateway action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.ElasticIP
: Fills the PublicIp parameter with the address of the connected IP.
Customer Gateway Examples
Create Customer Gateway
Specify a relationship to an Elastic IP.
customer_gateway:
type: cloudify.nodes.aws.ec2.customer_gateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: eip
nat_gateway_ip:
type: cloudify.nodes.aws.ec2.ElasticIP
properties:
Domain: vpc
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
cloudify.nodes.aws.ec2.DHCPOptions
This node type refers to a DHCP Option Set.
For more information, and possible keyword arguments, see: EC2:create_dhcp_options
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateDhcpOptions action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteDhcpOptions action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Vpc
: Inserts the VPC parameter to the resource config creating the DHCP Option Set in that VPC.
DHCP Option Set Examples
Create DHCP Option Set
dhcp:
type: cloudify.nodes.aws.ec2.DHCPOptions
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.ec2.EBSAttachment
This node type refers to a EBS Attachment.
For more information, and possible keyword arguments, see: EC2:attach_volume
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the AttachVolume action.cloudify.interfaces.lifecycle.delete
: Executes the DetachVolume action.
EBS Attachment Example
See EBS examples.
cloudify.nodes.aws.ec2.EBSVolume
This node type refers to an AWS EBS Volume.
Resource Config
AvailabilityZone
: String. The availability zone to create the volume in.Size
Integer. In Gigabytes.
For more information, and possible keyword arguments, see: EC2:create_volume
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateVolume action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteVolume action.
EBS Volume Examples
Create a Volume and Connect to a VM
vm:
type: cloudify.nodes.aws.ec2.Instances
properties:
resource_config:
ImageId: { get_input: ami }
InstanceType: { get_input: instance_type }
kwargs:
SubnetId: { get_input: subnet_id }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
volume:
type: cloudify.nodes.aws.ec2.EBSVolume
properties:
resource_config:
AvailabilityZone: { get_input: availability_zone }
Size: 6
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
volume_attachment:
type: cloudify.nodes.aws.ec2.EBSAttachment
properties:
resource_config:
kwargs:
Device: { get_input: ebs_volume_attachment_device }
InstanceId: { get_attribute: [ vm, aws_resource_id ] }
VolumeId: { get_attribute: [ volume, aws_resource_id ] }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: volume
- type: cloudify.relationships.depends_on
target: vm
cloudify.nodes.aws.ec2.Instances
This node type refers to an AWS Instance
Resource Config
MinCount
: Integer. Do not change the default. Increment instances via default instances capability.MaxCount
: Integer. Do not change the default. Increment instances via default instances capability.ImageId
: String. Not required. The AMI.InstanceType
: String. Not required. The instance type.LaunchTemplate
: Not required. A dictionary with the following keys:LaunchTemplateId
: Not required.LaunchTemplateName
: Not required.Version
: Not required.
For more information, and possible keyword arguments, see: EC2:run_instances
Properties
use_ipv6_ip
: Setip
runtime property to IPv6 address if available.use_public_ip
: Setip
runtime property to a public ip if available.use_password
: Use a password for agent communication.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the RunInstances action.cloudify.interfaces.lifecycle.start
: Assigns IP properties and waits for the instance to be in a started state.cloudify.interfaces.lifecycle.stop
: Executes the StopInstances action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteInstances action.cloudify.interfaces.lifecycle.modify_instance_attribute
: Executes the ModifyInstanceAttribute action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.SecurityGroup
: Connect to a certain Security group.cloudify.nodes.aws.ec2.Subnet
: Create with in a certain subnet.cloudify.nodes.aws.ec2.Interface
: Create with an ENI in your account. If multiple ENIs are connected and device indices are not provided, they will be generated according to the relationship order.cloudify.nodes.aws.ec2.Keypair
: Create with a key pair in your account.
Instance Examples
Connecting a VM to a subnet
Specify a relationship to a subnet and the Instance will be created in that subnet.
host:
type: cloudify.nodes.aws.ec2.Instances
properties:
agent_config:
user: { get_input: username }
key: { get_secret: private_key_content }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
ImageId: { get_input: ami }
InstanceType: { get_input: instance_type }
relationships:
- type: cloudify.relationships.depends_on
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
resource_config:
CidrBlock: 10.0.0.0/16
AvailabilityZone: us-west-1b
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
Connecting a VM to a ENI
Specify a relationship to an ENI and the Instance will be connected to that ENI.
host:
type: cloudify.nodes.aws.ec2.Instances
properties:
agent_config:
user: { get_input: agent_user }
key: { get_secret: agent_key_private }
resource_config:
ImageId: ami-012345678
InstanceType: m3.medium
kwargs:
BlockDeviceMappings:
- DeviceName: '/dev/sda1'
Ebs:
DeleteOnTermination: True
Placement:
AvailabilityZone: us-west-1b
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: eni
eni:
type: cloudify.nodes.aws.ec2.Interface
properties:
resource_config:
kwargs:
Description: My NIC.
SubnetId: us-west-1b
Groups:
- { get_input: security_group_id }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: subnet
Connecting a VM to a security group
Specify a relationship to a security and the Instance will be created in that group.
host:
type: cloudify.nodes.aws.ec2.Instances
properties:
agent_config:
user: { get_input: agent_user }
key: { get_secret: agent_key_private }
resource_config:
ImageId: ami-012345678
InstanceType: m3.medium
kwargs:
BlockDeviceMappings:
- DeviceName: '/dev/sda1'
Ebs:
DeleteOnTermination: True
Placement:
AvailabilityZone: us-west-1b
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
my_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
resource_config:
kwargs:
GroupName: MyGroup
Description: My Grroup.
VpcId: vpc-012345678
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
cloudify.nodes.aws.ec2.SpotInstances
This node type permits a user to manage spot instances.
Resource Config
kwargs
: Any of the key value pairs specified in request_spot_instances.
For information on possible keyword arguments, see: EC2:request_spot_instances
Operations
cloudify.interfaces.lifecycle.precreate
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.create
: Executes the request_spot_instances.cloudify.interfaces.lifecycle.configure
: Waits for the request to be pending or filled.cloudify.interfaces.lifecycle.stop
: Deletes all instances created by spot instances.cloudify.interfaces.lifecycle.delete
: Executes the DeleteInstances action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.SecurityGroup
: Connect to a certain Security group.cloudify.nodes.aws.ec2.Subnet
: Create with in a certain subnet.cloudify.nodes.aws.ec2.Interface
: Create with an ENI in your account. If multiple ENIs are connected and device indices are not provided, they will be generated according to the relationship order.
Spot Instance Examples
Create spot instances that are connected to a subnet
vm:
type: cloudify.nodes.aws.ec2.SpotInstances
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
agent_config:
install_method: none
user: { get_input: agent_user }
key: { get_attribute: [agent_key, private_key_export] }
resource_config:
kwargs:
LaunchSpecification:
ImageId: { get_attribute: [ ami, aws_resource_id ] }
InstanceType: { get_input: instance_type }
UserData: { get_attribute: [ cloud_init, cloud_config ] }
relationships:
- type: cloudify.relationships.depends_on
target: ami
- type: cloudify.relationships.depends_on
target: cloud_init
- type: cloudify.relationships.depends_on
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: 10.0.0.0/16
AvailabilityZone: us-west-1b
relationships:
- type: cloudify.relationships.depends_on
target: vpc
cloudify.nodes.aws.ec2.VPC
This node type refers to an AWS VPC
Resource Config
CidrBlock
: String. The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16.
For more information, and possible keyword arguments, see: EC2:create_vpc
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateVpc action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteVpc action.
VPC Example
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.ec2.InternetGateway
This node type refers to an AWS Internet Gateway.
For more information, and possible keyword arguments, see: [EC2:create_internet_gateway](create_internet_gateway](http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#EC2.Client.create_internet_gateway).
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateInternetGateway action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteInternetGateway action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Vpc
: Create in a certain VPC.
Internet Gateway Example
internet_gateway:
type: cloudify.nodes.aws.ec2.InternetGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
Tags:
- Key: Name
Value: MyInternetGateway
relationships:
- type: cloudify.relationships.connected_to
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.ec2.Image
This node type refers to an AWS AMI Image.
Resource Config
Name
: String. The name of the AMI Image to create.InstanceId
: String. The ID of the EC2 instance from which the AMI Image will be created.kwargs
: Filters for searching an existing AMI Image, the Filters can contain thename
&owner-id
.
For more information, and possible keyword arguments, see: EC2:create_image & EC2:describe_images
Operations
cloudify.interfaces.lifecycle.create
:- If
use_external_resource
is False then an AMI Image will be searched. - Only these keys are accepted:
ImageIds
: A list of image IDs that can be passed to describe_images filter. Not required and not that useful. If you are looking for an image ID, and already have it, then you probably don’t need this function in the first place.Owners
: A list of AWS account numbers to include in the describe_images filter. Not required, but a very good way to limit the scope of the search. This can also be provided inFilters
. See example.ExecutableUsers
: Scopes the images by users with explicit launch permissions. Specify an AWS account ID, self (the sender of the request), or all (public AMIs). Not required.Filters
: Additional filters, most usefully, imagename
andowner-id
. See example
- If
cloudify.interfaces.lifecycle.configure
:- If
use_external_resource
is True then an AMI Image will be created using theresource_config
.
- If
cloudify.interfaces.lifecycle.delete
:- If
use_external_resource
is True then an AMI Image will be created using theresource_config
.
- If
Image Examples
Creates VM from image
Creates an instance with an image identified from filters.
cloudify_manager_ami:
type: cloudify.nodes.aws.ec2.Image
properties:
resource_config:
kwargs:
Filters:
- Name: name
Values:
- { get_input: ami_name_filter }
- Name: owner-id
Values:
- { get_input: ami_owner_filter }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
cloudify_manager:
type: cloudify.nodes.aws.ec2.Instances
properties:
agent_config:
install_method: none
resource_config:
ImageId: { get_attribute: [ cloudify_manager_ami, aws_resource_id ] }
InstanceType: { get_input: instance_type }
kwargs: { get_input: subnet_id }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: cloudify_manager_ami
Creates a AMI image from instance
Creates an image from an existing instance, using the input to identify the instance.
cloudify_manager_ami:
type: cloudify.nodes.aws.ec2.Image
properties:
use_external_resource: false
resource_config:
InstanceId: {get_input: instance_id}
Name: { get_input: ami_image_name }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
cloudify.nodes.aws.ec2.Subnet
This node type refers to an AWS Subnet
Resource Config
AvailabilityZone
: String. The Availability Zone for the subnetCidrBlock
: String. The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24.VpcId
: String. The ID of the VPC.
For more information, and possible keyword arguments, see: EC2:create_subnet
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateSubnet action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteSubnet action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Vpc
: Create in a certain VPC.
Example Subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
resource_config:
CidrBlock: 10.0.0.0/24
AvailabilityZone: { concat: [ { get_property: [ vpc, client_config, region_name ] }, 'a' ] }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_property: [ vpc, client_config, region_name ] }
Tags:
- Key: Name
Value: MySubnet
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
This node type refers to an ingress rule.
Resource Config
IpPermissions
: List. A list of IP Permissions.
For more information, and possible keyword arguments, see: EC2:authorize_security_group_ingress
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the AuthorizeSecurityGroupIngress action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the RevokeSecurityGroupIngress action.
Relationships
cloudify.relationships.contained_in
:cloudify.nodes.aws.ec2.SecurityGroup
: The group to create the rule on.
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.SecurityGroup
: Make sure that the target group already exists.
Security Group Rule Examples
See the Security Group Examples.
cloudify.nodes.aws.ec2.SecurityGroupRuleEgress
This node type refers to an ingress rule.
Resource Config
IpPermissions
: List. A list of IP Permissions.
For more information, and possible keyword arguments, see: EC2:authorize_security_group_egress
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the AuthorizeSecurityGroupEgress action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the RevokeSecurityGroupEgress action.
Relationships
cloudify.relationships.contained_in
:cloudify.nodes.aws.ec2.SecurityGroup
: The group to create the rule on.
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.SecurityGroup
: Make sure that the target group already exists.
Security Group Rule Examples
See the Security Group Examples.
cloudify.nodes.aws.ec2.SecurityGroup
This node type refers to an AWS Security Group
Resource Config
Description
: String. Some arbitrary description.GroupName
: String. A name for the group.VpcId
: String. The ID of the VPC to create the group in. Alternately use a relationship.
For more information, and possible keyword arguments, see: EC2:create_security_group
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateSecurityGroup action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteSecurityGroup action.
Relationships
cloudify.relationships.contained_in
:cloudify.nodes.aws.ec2.Vpc
: Create in a certain VPC.
Security Group Examples
Creates a simple security group
my_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
resource_config:
GroupName: MyGroup
Description: The group for my instances.
VpcId: { get_input: vpc }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
Create two security groups with strict rules
This example demonstrates a scenario where SSH in only allowed in one direction from my_security_group1
to my_security_group2
.
my_security_group1:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
resource_config:
GroupName: MyGroup
Description: The group for my instances.
VpcId: { get_input: vpc }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
my_security_group2:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
resource_config:
GroupName: MyGroup
Description: The group for my instances.
VpcId: { get_input: vpc }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
ingress_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
resource_config:
IpPermissions:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
UserIdGroupPairs:
- { GroupId: { get_attribute: [ my_security_group1, aws_resource_id ] } }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.contained_in
target: my_security_group2
- type: cloudify.relationships.depends_on
target: my_security_group1
egress_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleEgress
properties:
resource_config:
IpPermissions:
- FromPort: 22
ToPort: 22
IpProtocol: tcp
UserIdGroupPairs:
- GroupId: { get_attribute: [ my_security_group2, aws_resource_id ] }
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.contained_in
target: my_security_group1
- type: cloudify.relationships.depends_on
target: my_security_group2
cloudify.nodes.aws.ec2.ElasticIP
This node type refers to an AWS Elastic IP.
Resource Config
Domain
: String. Default is vpc.
For more information, and possible keyword arguments, see: EC2:allocate_address
Properties
use_unassociated_addresses
: Sometimes an IP has already been allocated, but is not assigned to a NIC. In order to work with limited quota, set this to true.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the AllocateAddress action.cloudify.interfaces.lifecycle.start
: Executes the AssociateAddress action.cloudify.interfaces.lifecycle.stop
: Executes the DisassociateAddress action.cloudify.interfaces.lifecycle.delete
: Executes the ReleaseAddress action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Interface
: Connect to a certain ENI.
Elastic IP Example
Connecting a VM to a nic and an IP
Creates an IP and have it attached to a VM and a NIC.
vm:
type: cloudify.nodes.aws.ec2.Instances
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
ImageId: { get_input: ami }
InstanceType: { get_input: instance_type }
relationships:
- type: cloudify.relationships.depends_on
target: ip
- type: cloudify.relationships.depends_on
target: nic
ip:
type: cloudify.nodes.aws.ec2.ElasticIP
properties:
Domain: vpc
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: nic
nic:
type: cloudify.nodes.aws.ec2.Interface
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: IP-VM-NIC Example.
SubnetId: { get_input: subnet_id }
Groups:
- { get_input: security_group_id }
cloudify.nodes.aws.ec2.Interface
This node type refers to an AWS ENI.
For more information, and possible keyword arguments, see: EC2:create_network_interface.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateNetworkInterface action. It will also execute a ModifyNetworkInterfaceAttribute action if the keymodify_network_interface_attribute_args
is provided in the inputs to the operation.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteNetworkInterface action.cloudify.interfaces.lifecycle.modify_network_interface_attribute
: Executes the ModifyNetworkInterfaceAttribute action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Subnet
: Connect to a certain Subnet.cloudify.nodes.aws.ec2.SecurityGroup
: Connect to a certain Security group.
Interface Example
Creates an ENI and set SourceDestCheck to false
my_eni:
type: cloudify.nodes.aws.ec2.Interface
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: MyENI.
SubnetId: { get_input: subnet_id }
Groups:
- { get_input: security_group_id }
interfaces:
cloudify.interfaces.lifecycle:
configure:
inputs:
modify_network_interface_attribute_args:
SourceDestCheck:
Value: false
Creates an ENI in a subnet and security group via relationship
my_eni:
type: cloudify.nodes.aws.ec2.Interface
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: MyENI.
relationships:
- type: cloudify.relationships.depends_on
target: subnet
- type: cloudify.relationships.depends_on
target: security_group
cloudify.nodes.aws.ec2.Keypair
This node type refers to an AWS Keypair
Resource Config
KeyName
: String. The name of the key pair. The node instance ID will be used if this is empty.PublicKeyMaterial
: String. If PublicKeyMaterial is provided, the import_key_pair operation is executed instead of create_key_pair.
For more information, and possible keyword arguments, see: EC2:create_key_pair
Properties
log_create_response
: Boolean. Opt-in to storing the create API request. Not recommended, will log private key material.store_in_runtime_properties
: Boolean. Opt-in to save the KeyPair KeyMaterial in the node-instance runtime-properties. Not recommended.create_secret
: Boolean. Opt-in to save the KeyPair KeyMaterial in the secret store. Only available in Cloudify Manager.secret_name
: String. The name of the secret ifcreate_secret
istrue
.update_existing_secret
: String. Ifsecret_name
already exists, overwrite the value.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateKeyPair action or the ImportKeyPair action. Ifstore_in_runtime_properties
istrue
, it will store the KeyMaterial along with all the other values from the API response in thecreate_response
runtime property. Ifcreate_secret
is provided, it will create a secret with the namesecret_name
. Ifsecret_name
is not provided it will use theKeyName
parameter. Ifupdate_existing_secret
isfalse
and the secret already exists, the operation will fail.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteKeyPair action.
Keypair Example
Creates a Keypair and save to a secret
my_key:
type: cloudify.nodes.aws.ec2.Keypair
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
log_create_response: false
store_in_runtime_properties: false
create_secret: true
secret_name: agent_key_private
update_existing_secret: true
Imports a public key into AWS:
imported_key:
type: cloudify.nodes.aws.ec2.Keypair
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
KeyName: my_imported_key
PublicKeyMaterial: |
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA879BJGYlPTLIuc9/R5MYiN4yc/YiCLcdBpSdzgK9Dt0Bkfe3rSz5cPm4wmehdE7GkVFXrBJ2YHqPLuM1yx1AUxIebpwlIl9f/aUHOts9eVnVh4NztPy0iSU/Sv0b2ODQQvcy2vYcujlorscl8JjAgfWsO3W4iGEe6QwBpVomcME8IU35v5VbylM9ORQa6wvZMVrPECBvwItTY8cPWH3MGZiK/74eHbSLKA4PY3gM4GHI450Nie16yggEg2aTQfWA1rry9JYWEoHS9pJ1dnLqZU3k/8OWgqJrilwSoC5rGjgp93iu0H8T6+mEHGRQe84Nk1y5lESSWIbn6P636Bl3uQ== your@email.com
log_create_response: false
store_in_runtime_properties: false
cloudify.nodes.aws.ec2.NATGateway
This node type refers to an AWS NAT Gateway .
For more information, and possible keyword arguments, see: EC2:create_nat_gateway.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateNatGateway action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteNatGateway action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Subnet
: Connect to a certain subnet.cloudify.nodes.aws.ec2.ElasticIP
: Associate nat gateway with certain elastic ip.
NAT Gateway Example
Creates a NATGateway and place it in public subnet and associate it with elastic ip
my_natgateway:
type: cloudify.nodes.aws.ec2.NATGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: subnet
- type: cloudify.relationships.depends_on
target: elasticip
elasticip:
type: cloudify.nodes.aws.ec2.ElasticIP
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Domain: 'vpc'
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '172.30.0.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'd' ] }
Tags:
- Key: Name
Value: Subnet
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '172.30.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.ec2.NetworkACL
This node type refers to an AWS Network ACL .
For more information, and possible keyword arguments, see: EC2:create_network_acl.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateNetworkAcl action.cloudify.interfaces.lifecycle.start
: Attach an AWS EC2 NetworkAcl to a Subnet by executing ReplaceNetworkAclAssociation action.cloudify.interfaces.lifecycle.stop
: De-attach an AWS EC2 NetworkAcl from a Subnet by executing ReplaceNetworkAclAssociation action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteNetworkAcl action.
Relationships
cloudify.relationships.contained_in
:cloudify.nodes.aws.ec2.Vpc
: Associate acl network to a certain vpc.
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.Subnet
: Associate acl network to a certain subnet.
Network ACL Example
Creates a network ACL and apply it to subnet in certain vpc
my_network_acl:
type: cloudify.nodes.aws.ec2.NetworkACL
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.contained_in
target: vpc
- type: cloudify.relationships.contained_in
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '172.30.0.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'd' ] }
Tags:
- Key: Name
Value: Subnet
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '172.30.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.ec2.NetworkAclEntry
This node type refers to an AWS Network ACL Entry .
For more information, and possible keyword arguments, see: EC2:create_network_acl_entry.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateNetworkAclEntry action or ReplaceNetworkAclEntry if the providedRuleNumber
matches one of the existing rulescloudify.interfaces.lifecycle.delete
: Executes the DeleteNetworkAclEntry action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.NetworkACL
: Associate acl network entry to a certain acl network.
Network ACL Entry Example
Creates new network ACL entry and attach it to ACL
my_network_acl_entry:
type: cloudify.nodes.aws.ec2.NetworkAclEntry
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
RuleNumber: 100
Protocol: '-1'
RuleAction: 'allow'
Egress: False
CidrBlock: '0.0.0.0/0'
relationships:
- type: cloudify.relationships.contained_in
target: network_acl
network_acl:
type: cloudify.nodes.aws.ec2.NetworkACL
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.contained_in
target: vpc
- type: cloudify.relationships.contained_in
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '172.30.0.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'd' ] }
Tags:
- Key: Name
Value: Subnet
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '172.30.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.ec2.Route
This node type refers to an AWS Route.
For more information, and possible keyword arguments, see: EC2:create_route.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateRoute action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteRoute action.
Relationships
cloudify.relationships.contained_in
:cloudify.nodes.aws.ec2.RouteTable
: Associate route to certain route table.
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.InternetGateway
: Associate route to an internet gateway.cloudify.nodes.aws.ec2.NATGateway
: Associate route to a nat gateway.cloudify.nodes.aws.ec2.VPNGateway
: Associate route to vpn gateway.
Route Example
Creates new route entry to allow internet access using internet gateway
my_route:
type: cloudify.nodes.aws.ec2.Route
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }}
resource_config:
kwargs:
DestinationCidrBlock: '0.0.0.0/0'
relationships:
- type: cloudify.relationships.contained_in
target: route_table
- type: cloudify.relationships.connected_to
target: internet_gateway
internet_gateway:
type: cloudify.nodes.aws.ec2.InternetGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.connected_to
target: vpc
route_table:
type: cloudify.nodes.aws.ec2.RouteTable
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.contained_in
target: vpc
- type: cloudify.relationships.connected_to
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
cloudify.nodes.aws.ec2.RouteTable
This node type refers to an AWS Route Table.
For more information, and possible keyword arguments, see: EC2:create_route_table.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateRouteTable action.cloudify.interfaces.lifecycle.start
: Executes the AssociateRouteTable action.cloudify.interfaces.lifecycle.stop
: Executes the DisassociateRouteTable action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteRouteTable action.
Relationships
cloudify.relationships.contained_in
:cloudify.nodes.aws.ec2.Vpc
: Associate route table to certain vpc.
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.Subnet
: Associate route table to certain subnet.
Default VPC Route Table Representation
In order to model a VPC’s default Route Table (for example, for the purpose of adding route entries to it), do the following:
- Define a node template of the type
cloudify.nodes.aws.ec2.RouteTable
- Set the
use_external_resource
property to `true - Set the
resource_id
property to the value of themain_route_table_id
attribute of the VPC node template - Define a
cloudify.relationships.contained_in
relationship between this node template to the VPC
Once the topology is installed, the aws_resource_id
runtime property will contain the AWS ID of the VPC’s
main route table.
For example:
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config: *aws_client
resource_config:
CidrBlock: 10.0.0.0/16
main_route_table:
type: cloudify.nodes.aws.ec2.RouteTable
properties:
client_config: *aws_client
use_external_resource: true
resource_id: { get_attribute: [ vpc, main_route_table_id ] }
relationships:
- type: cloudify.relationships.contained_in
target: vpc
Route Table Example
Creates new route table and associate it with subnet
my_route_table:
type: cloudify.nodes.aws.ec2.RouteTable
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.contained_in
target: vpc
- type: cloudify.relationships.connected_to
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
cloudify.nodes.aws.ec2.TransitGatewayRoute
This node type refers to an AWS Transit Gateway Route.
For more information, and possible keyword arguments, see: EC2:create_transit_gateway_route.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTransitGatewayRoute action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTransitGatewayRoute action.
Relationships
The following relationships are required:
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.TransitGatewayRouteTable
: Apply route to route table.cloudify.nodes.aws.ec2.Vpc
: Ensure that we are mapping the transit gateway to this VPC transit gateway.
Transit Gateway Route Example
Creates new transit gateway route entry to allow connectivity to a network sector in a transit gateway.
transit_gateway_route_b:
type: cloudify.nodes.aws.ec2.TransitGatewayRoute
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
DestinationCidrBlock: '10.11.0.0/16'
relationships:
- type: cloudify.relationships.depends_on
target: transit_gateway_routetable
- type: cloudify.relationships.depends_on
target: vpc
cloudify.nodes.aws.ec2.TransitGatewayRouteTable
This node type refers to an AWS Transit Gateway Route Table.
For more information, and possible keyword arguments, see: EC2:create_transit_gateway_route_table.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTransitGatewayRouteTable action.cloudify.interfaces.lifecycle.start
: Executes the AssociateTransitGatewayRouteTable action.cloudify.interfaces.lifecycle.stop
: Executes the DisassociateTransitGatewayRouteTable action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTransitGatewayRouteTable action.
Relationships
The following relationships are required:
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.TransitGateway
: Attach route table to transit gateway.cloudify.nodes.aws.ec2.Vpc
: Attach route table to transit gateway.
Transit Gateway Route Table Example
transit_gateway_routetable:
type: cloudify.nodes.aws.ec2.TransitGatewayRouteTable
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
TagSpecifications:
- ResourceType: 'transit-gateway-route-table'
Tags:
- Key: Made By
Value: Cloudify
relationships:
- type: cloudify.relationships.depends_on
target: transit_gateway
- type: cloudify.relationships.depends_on
target: vpc
cloudify.nodes.aws.ec2.TransitGateway
This node type refers to an AWS Transit Gateway.
For more information, and possible keyword arguments, see: EC2:create_transit_gateway.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTransitGateway action.cloudify.interfaces.lifecycle.delete
: Deletes IP properties and executes the DeleteTransitGateway action.
Relationships
cloudify.relationships.aws.ec2.attach_transit_gateway_to_vpc
:cloudify.nodes.aws.ec2.Vpc
: Create in a certain VPC.
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Subnet
: Includes subnet in Transit Gateway.
Transit Gateway Example
transit_gateway:
type: cloudify.nodes.aws.ec2.TransitGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: Test Transit Gateway
Options:
DefaultRouteTableAssociation: enable
DefaultRouteTablePropagation: enable
TransitGatewayCidrBlocks:
- { get_input: vpc_a_cidr }
- { get_input: vpc_b_cidr }
TagSpecifications:
- ResourceType: 'transit-gateway'
Tags:
- Key: Made By
Value: Cloudify
relationships:
- type: cloudify.relationships.aws.ec2.attach_transit_gateway_to_vpc
target: vpc_a
- type: cloudify.relationships.aws.ec2.attach_transit_gateway_to_vpc
target: vpc_b
- type: cloudify.relationships.depends_on
target: route_public_subnet_internet_gateway
- type: cloudify.relationships.depends_on
target: subnet_a
- type: cloudify.relationships.depends_on
target: subnet_b
cloudify.nodes.aws.ec2.Tags
This node type refers to an AWS Tags.
For more information, and possible keyword arguments, see: EC2:create_tags.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTags action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTags action.
Relationships
cloudify.relationships.depends_on
:- Any EC2 resources e.g.
cloudify.nodes.aws.ec2.Vpc
: Associate one or more tags to certain ec2 resources.
- Any EC2 resources e.g.
Tags Example
Create tags and associate them with subnet and vpc ec2 resources
my_tags:
type: cloudify.nodes.aws.ec2.Tags
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Tags:
- Key: Blueprint
Value: ec2-vpc-feature-demo
relationships:
- type: cloudify.relationships.depends_on
target: vpc
- type: cloudify.relationships.depends_on
target: subnet
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
cloudify.nodes.aws.ec2.VpcPeering
This node type refers to an AWS VPC Peering.
For more information, and possible keyword arguments, see: EC2:create_vpc_peering_connection.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateVpcPeeringConnection action.cloudify.interfaces.lifecycle.start
: Executes the ModifyVpcPeeringConnectionOptions action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTags action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Vpc
: Connect two vpc or more that need to be peered.
VPC Peering Example
Creates vpc peering between two vpcs
my_vpc_peering:
type: cloudify.nodes.aws.ec2.VpcPeering
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
PeerVpcId: { get_attribute: [vpc_requester, aws_resource_id] }
VpcId: { get_attribute: [vpc_accepter, aws_resource_id] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc_accepter
- type: cloudify.relationships.depends_on
target: vpc_requester
vpc_accepter:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
vpc_requester:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.ec2.VpcPeeringAcceptRequest
This node type refers to an AWS VPC Peering Accept Request.
For more information, and possible keyword arguments, see: EC2:accept_vpc_peering_connection.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the AcceptVpcPeeringConnection action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.VpcPeering
: Accept vpc peering request.
VPC Peering Accept Request Example
Accepts vpc peering request
my_vpc_peering_accept_request:
type: cloudify.nodes.aws.ec2.VpcPeeringAcceptRequest
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
VpcPeeringConnectionId: { get_attribute: [vpc_peering, aws_resource_id] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc_peering
vpc_peering:
type: cloudify.nodes.aws.ec2.VpcPeering
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
PeerVpcId: { get_attribute: [vpc_requester, aws_resource_id] }
VpcId: { get_attribute: [vpc_accepter, aws_resource_id] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc_accepter
- type: cloudify.relationships.depends_on
target: vpc_requester
vpc_accepter:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
vpc_requester:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.ec2.VpcPeeringRejectRequest
This node type refers to an AWS VPC Peering Reject Request.
For more information, and possible keyword arguments, see: EC2:reject_vpc_peering_connection.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the RejectVpcPeeringConnection action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.VpcPeering
: Reject vpc peering request.
VPC Peering Reject Request Example
Rejects vpc peering request
my_vpc_peering_reject_request:
type: cloudify.nodes.aws.ec2.VpcPeeringRejectRequest
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
VpcPeeringConnectionId: { get_attribute: [vpc_peering, aws_resource_id] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc_peering
vpc_peering:
type: cloudify.nodes.aws.ec2.VpcPeering
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
PeerVpcId: { get_attribute: [vpc_requester, aws_resource_id] }
VpcId: { get_attribute: [vpc_accepter, aws_resource_id] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc_accepter
- type: cloudify.relationships.depends_on
target: vpc_requester
vpc_accepter:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '172.32.0.0/16'
vpc_requester:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.ec2.VPNConnection
This node type refers to an AWS VPN Connection.
For more information, and possible keyword arguments, see: EC2:create_vpn_connection.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateVpnConnection action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteVpnConnection action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.CustomerGateway
: Associate vpn connection with certain customer gateway.cloudify.nodes.aws.ec2.VPNGateway
: Associate vpn connection with certain vpn gateway.
VPN Connection Example
Creates VPN connection between customer gateway and virtual private gateway
my_vpn_connection:
type: cloudify.nodes.aws.ec2.VPNConnection
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
CustomerGatewayId: { get_attribute: [customer_gateway, aws_resource_id] }
Type: 'ipsec.1'
VpnGatewayId: { get_attribute: [vpn_gateway, aws_resource_id] }
Options:
StaticRoutesOnly: False
relationships:
- type: cloudify.relationships.depends_on
target: vpn_gateway
- type: cloudify.relationships.depends_on
target: customer_gateway
vpn_gateway:
type: cloudify.nodes.aws.ec2.VPNGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Type: 'ipsec.1'
relationships:
- type: cloudify.relationships.connected_to
target: vpc
customer_gateway:
type: cloudify.nodes.aws.ec2.CustomerGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Type: 'ipsec.1'
PublicIp: { get_input: openstack_public_ip}
BgpAsn: 65000
relationships:
- type: cloudify.relationships.connected_to
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id}
cloudify.nodes.aws.ec2.VPNConnectionRoute
This node type refers to an AWS VPN Connection Route.
For more information, and possible keyword arguments, see: EC2:create_vpn_connection_route.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateVpnConnectionRoute action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteVpnConnectionRoute action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.VPNConnection
: Associate vpn route with certain vpn connection.
VPN Connection Route Example
Creates a static route associated with a VPN connection between an existing virtual private gateway and a VPN customer gateway
my_vpn_connection_route:
type: cloudify.nodes.aws.ec2.VPNConnectionRoute
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
VpnConnectionId: { get_attribute: [vpn_connection, aws_resource_id] }
DestinationCidrBlock: '172.32.0.0/16'
relationships:
- type: cloudify.relationships.depends_on
target: vpn_connection
vpn_connection:
type: cloudify.nodes.aws.ec2.VPNConnection
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
CustomerGatewayId: { get_attribute: [customer_gateway, aws_resource_id] }
Type: 'ipsec.1'
VpnGatewayId: { get_attribute: [vpn_gateway, aws_resource_id] }
Options:
StaticRoutesOnly: True
relationships:
- type: cloudify.relationships.depends_on
target: vpn_gateway
- type: cloudify.relationships.depends_on
target: customer_gateway
vpn_gateway:
type: cloudify.nodes.aws.ec2.VPNGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Type: 'ipsec.1'
relationships:
- type: cloudify.relationships.connected_to
target: vpc
customer_gateway:
type: cloudify.nodes.aws.ec2.CustomerGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Type: 'ipsec.1'
PublicIp: { get_input: public_ip}
BgpAsn: 65000
relationships:
- type: cloudify.relationships.connected_to
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id}
cloudify.nodes.aws.ec2.VPNGateway
This node type refers to an AWS Virtual Private Gateway.
For more information, and possible keyword arguments, see: EC2:create_vpn_gateway.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateVpnGateway action.cloudify.interfaces.lifecycle.start
: Executes the AttachVpnGateway action.cloudify.interfaces.lifecycle.stop
: Executes the DetachVpnGateway action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteVpnGateway action.
Relationships
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.Vpc
: Associate virtual private gateway with certain vpc.
VPN Gateway Example
Creates a virtual private gateway on the vpc side of the vpn connection
my_vpn_gateway:
type: cloudify.nodes.aws.ec2.VPNGateway
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Type: 'ipsec.1'
relationships:
- type: cloudify.relationships.connected_to
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id}
cloudify.nodes.aws.autoscaling.Group
This node type refers to an AWS AutoScaling Group
For more information, and possible keyword arguments, see: Autoscaling:create_autoscaling_group.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateAutoScalingGroup action.cloudify.interfaces.lifecycle.stop
: Stops all instances associated with auto scaling group before removing them UpdateAutoScalingGroup action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteAutoScalingGroup action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Subnet
: Connect to a certain Subnet.cloudify.nodes.aws.autoscaling.LaunchConfiguration
: Connect it to LaunchConfiguration.
AutoScaling Group Examples
Creates a AutoScaling in a subnet via relationship
my_autoscaling_group:
type: cloudify.nodes.aws.autoscaling.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
AutoScalingGroupName: autoscaling_group
MinSize: 1
MaxSize: 1
DesiredCapacity: 1
DefaultCooldown: 20
AvailabilityZones:
- { get_property: [ subnet, resource_config, kwargs, AvailabilityZone ] }
VPCZoneIdentifier: { concat: [ { get_attribute: [ subnet, aws_resource_id ] } ] }
relationships:
- type: cloudify.relationships.depends_on
target: launch_configuration
- type: cloudify.relationships.depends_on
target: subnet
interfaces:
cloudify.interfaces.lifecycle:
delete:
implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
inputs:
resource_config:
ForceDelete: true
launch_configuration:
type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
ImageId: ami-037a92bf1efdb11a2
InstanceType: t2.large
LaunchConfigurationName: container_instance
IamInstanceProfile: { get_attribute: [ instance_profile, aws_resource_arn ] }
KeyName: { get_property: [ key, resource_config, KeyName] }
AssociatePublicIpAddress: True
SecurityGroups:
- { get_attribute: [ securitygroup, aws_resource_id ] }
BlockDeviceMappings:
- DeviceName: /dev/sdh
Ebs:
VolumeSize: 22
VolumeType: standard
relationships:
- type: cloudify.relationships.depends_on
target: securitygroup
- type: cloudify.relationships.depends_on
target: instance_profile
- type: cloudify.relationships.depends_on
target: key
key:
type: cloudify.nodes.aws.ec2.Keypair
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
KeyName: test-key
store_in_runtime_properties: true
securitygroup:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
GroupName: SecurityGroup
Description: Example Security Group
relationships:
- type: cloudify.relationships.depends_on
target: vpc
instance_profile:
type: cloudify.nodes.aws.iam.InstanceProfile
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: cfy_instance_profile
resource_config:
kwargs:
InstanceProfileName: cfy_instance_profile
Path: '/cfy_instance_profile/'
relationships:
- type: cloudify.relationships.depends_on
target: iam_role
iam_role:
type: cloudify.nodes.aws.iam.Role
properties:
resource_id: instance_iam_role
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Path: !!str /instance-role/
AssumeRolePolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: !!str ec2.amazonaws.com
Action: !!str sts:AssumeRole
relationships:
- type: cloudify.relationships.aws.iam.role.connected_to
target: policy_access
policy_access:
type: cloudify.nodes.aws.iam.Policy
properties:
resource_id: instance_access_policy
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: >-
Grants access for ECS agent to Amazon ECS API
Path: !!str /ecs-instance-access/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ecs:CreateCluster
- !!str ecs:DeregisterContainerInstance
- !!str ecs:DiscoverPollEndpoint
- !!str ecs:Poll
- !!str ecs:RegisterContainerInstance
- !!str ecs:StartTelemetrySession
- !!str ecs:UpdateContainerInstancesState
- !!str ecs:Submit*
- !!str ecr:GetAuthorizationToken
- !!str ecr:BatchCheckLayerAvailability
- !!str ecr:GetDownloadUrlForLayer
- !!str ecr:BatchGetImage
- !!str logs:CreateLogStream
- !!str logs:PutLogEvents
Resource: '*'
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.autoscaling.LaunchConfiguration
This node type refers to an AWS Launch Configuration
For more information, and possible keyword arguments, see: LaunchConfiguration:create_launch_configuration.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateLaunchConfiguration action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteLaunchConfiguration action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Keypair
: Associate with a certain key.cloudify.nodes.aws.ec2.SecurityGroup
: Connect to a certain security group.cloudify.nodes.aws.iam.InstanceProfile
: Associate with an instance profile.cloudify.nodes.aws.ec2.Instances
: Associate with ec2 instance
LaunchConfiguration Examples
Creates a Launch Configuration connect it to security group and associate it with key and instance profile via relationship
my_launch_configuration:
type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
LaunchConfigurationName: test_lauchconfiguration_name
relationships:
- type: cloudify.relationships.depends_on
target: instance
instance:
type: cloudify.nodes.aws.ec2.Instances
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
agent_config:
install_method: none
resource_config:
MaxCount: 1
MinCount: 1
ImageId: { get_attribute: [ ubuntu_trusty_ami, aws_resource_id ] }
InstanceType: t2.large
relationships:
- type: cloudify.relationships.depends_on
target: subnet
- type: cloudify.relationships.depends_on
target: ubuntu_trusty_ami
ubuntu_trusty_ami:
type: cloudify.nodes.aws.ec2.Image
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Filters:
- Name: name
Values:
- 'ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20170727'
- Name: owner-id
Values:
- '099720109477'
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: { get_input: public_subnet_cidr }
AvailabilityZone: { get_input: availability_zone }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: { get_input: vpc_cidr }
my_launch_configuration:
type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
ImageId: ami-037a92bf1efdb11a2
InstanceType: t2.large
LaunchConfigurationName: container_instance
IamInstanceProfile: { get_attribute: [ instance_profile, aws_resource_arn ] }
KeyName: { get_property: [ key, resource_config, KeyName] }
AssociatePublicIpAddress: True
SecurityGroups:
- { get_attribute: [ securitygroup, aws_resource_id ] }
BlockDeviceMappings:
- DeviceName: /dev/sdh
Ebs:
VolumeSize: 22
VolumeType: standard
relationships:
- type: cloudify.relationships.depends_on
target: securitygroup
- type: cloudify.relationships.depends_on
target: instance_profile
- type: cloudify.relationships.depends_on
target: key
key:
type: cloudify.nodes.aws.ec2.Keypair
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
KeyName: test-key
store_in_runtime_properties: true
securitygroup:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
GroupName: SecurityGroup
Description: Example Security Group
relationships:
- type: cloudify.relationships.depends_on
target: vpc
instance_profile:
type: cloudify.nodes.aws.iam.InstanceProfile
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: cfy_instance_profile
resource_config:
kwargs:
InstanceProfileName: cfy_instance_profile
Path: '/cfy_instance_profile/'
relationships:
- type: cloudify.relationships.depends_on
target: iam_role
iam_role:
type: cloudify.nodes.aws.iam.Role
properties:
resource_id: instance_iam_role
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Path: !!str /instance-role/
AssumeRolePolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: !!str ec2.amazonaws.com
Action: !!str sts:AssumeRole
relationships:
- type: cloudify.relationships.aws.iam.role.connected_to
target: policy_access
policy_access:
type: cloudify.nodes.aws.iam.Policy
properties:
resource_id: instance_access_policy
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: >-
Grants access for ECS agent to Amazon ECS API
Path: !!str /instance-access/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ecs:CreateCluster
- !!str ecs:DeregisterContainerInstance
- !!str ecs:DiscoverPollEndpoint
- !!str ecs:Poll
- !!str ecs:RegisterContainerInstance
- !!str ecs:StartTelemetrySession
- !!str ecs:UpdateContainerInstancesState
- !!str ecs:Submit*
- !!str ecr:GetAuthorizationToken
- !!str ecr:BatchCheckLayerAvailability
- !!str ecr:GetDownloadUrlForLayer
- !!str ecr:BatchGetImage
- !!str logs:CreateLogStream
- !!str logs:PutLogEvents
Resource: '*'
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.autoscaling.LifecycleHook
This node type refers to an AWS Lifecycle Hook
For more information, and possible keyword arguments, see: LifecycleHook:put_lifecycle_hook.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutLifecycleHook action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteLifecycleHook action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.autoscaling.Group
: Connect to auto scaling group.
LifecycleHook Example
Creates a lifecycle hook and add it to auto scaling group via relationship
my_lifecycle_hook:
type: cloudify.nodes.aws.autoscaling.LifecycleHook
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
LifecycleHookName: lifecycle_hook_name
LifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING
relationships:
- type: cloudify.relationships.depends_on
target: autoscaling_group
autoscaling_group:
type: cloudify.nodes.aws.autoscaling.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: autoscaling_group
resource_config:
kwargs:
AutoScalingGroupName: autoscaling_group
MinSize: 2
MaxSize: 4
DesiredCapacity: 2
DefaultCooldown: 20
AvailabilityZones:
- { concat: [ { get_input: aws_region_name }, 'a' ] }
relationships:
- type: cloudify.relationships.depends_on
target: launch_configuration
interfaces:
cloudify.interfaces.lifecycle:
delete:
implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
inputs:
resource_config:
ForceDelete: true
launch_configuration:
type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
ImageId: ami-e1496384
InstanceType: t2.micro
LaunchConfigurationName: launch_configuration
cloudify.nodes.aws.autoscaling.NotificationConfiguration
This node type refers to an AWS Auto Scaling Notification Configuration
For more information, and possible keyword arguments, see: NotificationConfiguration:put_notification_configuration.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutNotificationConfiguration action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteNotificationConfiguration action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.autoscaling.Group
: Connect to auto scaling group.cloudify.nodes.aws.SNS.Topic
: Connect to sns topic.
NotificationConfiguration Example
Creates a notification configuration add it to auto scaling group and associate it with sns topic via relationship
my_notification_configuration:
type: cloudify.nodes.aws.autoscaling.NotificationConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
NotificationTypes:
- autoscaling:TEST_NOTIFICATION
relationships:
- type: cloudify.relationships.depends_on
target: autoscaling_group
- type: cloudify.relationships.depends_on
target: topic
topic:
type: cloudify.nodes.aws.SNS.Topic
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: topic
autoscaling_group:
type: cloudify.nodes.aws.autoscaling.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
AutoScalingGroupName: pmcfy_as
MinSize: 1
MaxSize: 1
DefaultCooldown: 300
AvailabilityZones:
- { concat: [ { get_input: aws_region_name }, 'a' ] }
relationships:
- type: cloudify.relationships.depends_on
target: launch_configuration
interfaces:
cloudify.interfaces.lifecycle:
delete:
implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
inputs:
resource_config:
ForceDelete: true
launch_configuration:
type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
ImageId: ami-e1496384
InstanceType: t2.micro
LaunchConfigurationName: launch_configuration
cloudify.nodes.aws.autoscaling.Policy
This node type refers to an AWS Auto Scaling Policy
For more information, and possible keyword arguments, see: Policy:put_scaling_policy.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutScalingPolicy action.cloudify.interfaces.lifecycle.delete
: Executes the DeletePolicy action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.autoscaling.Group
: Connect to auto scaling group.
AutoScaling Policy Example
Creates a launch configuration and add it to auto scaling group via relationship
my_autoscaling_policy:
type: cloudify.nodes.aws.autoscaling.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
PolicyName: my_autoscaling_policy
PolicyType: SimpleScaling
AdjustmentType: ChangeInCapacity
ScalingAdjustment: 1
relationships:
- type: cloudify.relationships.depends_on
target: autoscaling_group
autoscaling_group:
type: cloudify.nodes.aws.autoscaling.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: autoscaling_group
resource_config:
kwargs:
AutoScalingGroupName: autoscaling_group
MinSize: 2
MaxSize: 4
DesiredCapacity: 2
DefaultCooldown: 20
AvailabilityZones:
- { concat: [ { get_input: aws_region_name }, 'a' ] }
relationships:
- type: cloudify.relationships.depends_on
target: launch_configuration
interfaces:
cloudify.interfaces.lifecycle:
delete:
implementation: aws.cloudify_aws.autoscaling.resources.autoscaling_group.delete
inputs:
resource_config:
ForceDelete: true
launch_configuration:
type: cloudify.nodes.aws.autoscaling.LaunchConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
ImageId: { get_input: launch_configuration_ami }
InstanceType: { get_input: launch_configuration_instance_type }
LaunchConfigurationName: pmcfy_lc
cloudify.nodes.aws.CloudFormation.Stack
This node type refers to an AWS CloudFormation Stack.
For more information, and possible keyword arguments, see: CloudFormation:create_stack.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateStack action.inputs
:minimum_wait_time
: Sets the minimum time in seconds that Cloudify will wait for AWS to create the stack.
cloudify.interfaces.lifecycle.start
: Executes the same operations ascloudify.interfaces.lifecycle.pull
.cloudify.interfaces.lifecycle.delete
: Executes the DeleteStack action.inputs
:minimum_wait_time
: Sets the minimum time in seconds that Cloudify will wait for AWS to delete the stack.
cloudify.interfaces.lifecycle.pull
: Executes:- DetectStackDrift action.
- ListStackResources action, and store the result under
state
runtime property . - DescribeStackResourceDrifts action, and store the result under
StackResourceDrifts
runtime property. - DescribeStacks action and store the result in runtime properties.
- Store True/False under
is_drifted
runtime property depends on stack state.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Keypair
: Associate with a certain key.cloudify.nodes.aws.ec2.SecurityGroup
: Connect to a certain security group.cloudify.nodes.aws.rds.ParameterGroup
: Associate with a certain key.cloudify.nodes.aws.rds.SubnetGroup
: Associate with a certain key.
Note:
There are two methods for delivering a CloudFormation Stack.
TemplateURL. Provide the URL of a Template:
resource_config: kwargs: StackName: ExampleStack TemplateURL: https://...
TemplateBody. Provide the template inline.
StackName: ExampleStack TemplateBody: AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Outputs: ... Resources: MyDB: ... MyApp: ...
Outputs
CloudFormation returns a stack’s outputs as an array of dictionaries, each of which consists of
OutputKey
and OutputValue
:
Outputs:
- OutputKey: ip_address
OutputValue: 10.0.0.1
- OutputKey: port
OutputValue: 3000
Also, the order of the outputs is not guaranteed. That makes it impossible to refer to output values
through Cloudify’s intrinsic functions (such as get_attribute
).
In order to address this, the plugin sets a runtime property by the name outputs_items
, which is a
dictionary containing the output values. This runtime property is only set if the Outputs
key exists
in CloudFormation’s response.
Considering the example above, outputs_items
would be set as follows:
ip_address: 10.0.0.1
port: 3000
CloudFormation Examples
Creates a CloudFormation stack
This example demonstrates creating stack that depends on keypair node.
my_ec2_cloudformation:
type: cloudify.nodes.aws.CloudFormation.Stack
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
StackName: EC2Instance
Parameters:
- ParameterKey: KeyName
ParameterValue: { get_input: key_name }
- ParameterKey: PrimaryIPAddress
ParameterValue: '172.30.0.10'
- ParameterKey: SecondaryIPAddress
ParameterValue: '172.30.0.11'
- ParameterKey: SubnetId
ParameterValue: { get_attribute: [ public_subnet, aws_resource_id ] }
- ParameterKey: VpcId
ParameterValue: { get_attribute: [ vpc, aws_resource_id ] }
TemplateURL: https://s3-ap-northeast-1.amazonaws.com/ecosystem-tests-no-delete/VPC_EC2_Instance_With_Multiple_Static_IPAddresses.yaml.txt
relationships:
- type: cloudify.relationships.depends_on
target: key_pair
key_pair:
type: cloudify.nodes.aws.ec2.Keypair
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
KeyName: { get_input: key_name }
store_in_runtime_properties: true
This example demonstrates creating stack for Mysql db instance
my_rds_cloudformation:
type: cloudify.nodes.aws.CloudFormation.Stack
properties:
resource_id: cfn-test
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs: {}
interfaces:
cloudify.interfaces.lifecycle:
configure:
implementation: aws.cloudify_aws.cloudformation.resources.stack.create
inputs:
resource_config:
StackName: cfn-test
TemplateBody:
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Outputs:
MyDBEndpointAddress:
Description: The RDS Instance address.
Value:
Fn::GetAtt: [MyDB, Endpoint.Address]
MyDBEndpointPort:
Description: The RDS Instance port.
Value:
Fn::GetAtt: [MyDB, Endpoint.Port]
Resources:
MyDB:
Type: "AWS::RDS::DBInstance"
Properties:
AllocatedStorage: "100"
DBInstanceClass: { get_input: rds_db_instance_class }
Engine: "MySQL"
EngineVersion: "5.5"
Iops: "1000"
MasterUsername: MyUser
MasterUserPassword: MyPassword
VPCSecurityGroups:
- { get_attribute: [ rds_security_group, aws_resource_id ] }
DBParameterGroupName: { get_property: [ rds_parameter_group, resource_id ] }
DBSubnetGroupName: { get_property: [ rds_subnet_group, resource_id ] }
DeletionPolicy: "Snapshot"
relationships:
- type: cloudify.relationships.depends_on
target: rds_security_group
- type: cloudify.relationships.depends_on
target: rds_parameter_group
- type: cloudify.relationships.depends_on
target: rds_subnet_group
rds_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: security_group
Description: Security Group Example.
VpcId: { get_attribute: [ rds_vpc, aws_resource_id ] }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_parameter_group:
type: cloudify.nodes.aws.rds.ParameterGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-param-group
resource_config:
kwargs:
DBParameterGroupFamily: mysql5.5
Description: MySQL5.5 Parameter Group for Dev
interfaces:
cloudify.interfaces.lifecycle:
configure:
inputs:
resource_config:
Parameters:
- ParameterName: time_zone
ParameterValue: US/Eastern
ApplyMethod: immediate
- ParameterName: lc_time_names
ParameterValue: en_US
ApplyMethod: immediate
rds_subnet_group:
type: cloudify.nodes.aws.rds.SubnetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-db-subnet-group
resource_config:
kwargs:
DBSubnetGroupDescription: MySQL5.5 Subnet Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_1
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_2
rds_subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: 10.10.3.0/24
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c'] }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: 10.10.2.0/24
AvailabilityZone: { get_input: availability_zone }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
security_group_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
IpPermissions:
- IpProtocol: "-1"
FromPort: -1
ToPort: -1
IpRanges:
- CidrIp: 0.0.0.0/0
UserIdGroupPairs: [ { GroupId: { get_attribute: [ rds_security_group, aws_resource_id ] } } ]
relationships:
- type: cloudify.relationships.contained_in
target: rds_security_group
rds_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: 10.10.0.0/16
cloudify.nodes.aws.cloudwatch.Alarm
This node type refers to an AWS CloudWatch Alarm
For more information, and possible keyword arguments, see: CloudWatch Alarm:put_metric_alarm.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutMetricAlarm action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteAlarms action.
CloudWatch Alarm Example
Creates a CloudWatch alarm
my_alarm:
type: cloudify.nodes.aws.cloudwatch.Alarm
properties:
client_config:
aws_access_key_id: { get_input: aws_access_key_id }
aws_secret_access_key: { get_input: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: { concat: [ {get_input: aws_region_name }, 'cwa' ] }
resource_config:
kwargs:
AlarmName: cwa
ActionsEnabled: true
AlarmActions:
- { concat: [ 'arn:aws:automate:', { get_input: aws_region_name }, ':ec2:terminate'] }
ComparisonOperator: 'LessThanThreshold'
Statistic: Minimum
MetricName: CPUUtilization
Namespace: AWS/EC2
Period: 60
EvaluationPeriods: 5
Threshold: 60
cloudify.nodes.aws.cloudwatch.Event
This node type refers to an AWS CloudWatch Event
For more information, and possible keyword arguments, see: CloudWatch Event:put_events.
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutEvents action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.cloudwatch.Target
: Associate with target to invoke when an event matches.
CloudWatch Event Example
Creates an event matches the event pattern defined
my_event:
type: cloudify.nodes.aws.cloudwatch.Event
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Entries:
- Source: autoscaling.amazonaws.com
Resources:
- { concat: [ 'arn:aws:automate:', { get_input: aws_region_name }, ':ec2:terminate'] }
DetailType: Cloudwatch Event Demo
Detail: |
{
"instance-id": "i-12345678",
"state": "terminated"
}
relationships:
- type: cloudify.relationships.depends_on
target: cloudwatch_target
cloudwatch_target:
type: cloudify.nodes.aws.cloudwatch.Target
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Targets:
- Id : topic1
Arn: { get_attribute: [ topic1, aws_resource_arn ] }
relationships:
- type: cloudify.relationships.depends_on
target: cloudwatch_rule
- type: cloudify.relationships.depends_on
target: topic
cloudwatch_rule:
type: cloudify.nodes.aws.cloudwatch.Rule
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: test-cloudwatch1
ScheduleExpression: "rate(5 minutes)"
EventPattern: |
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"autoscaling.amazonaws.com"
]
}
}
State: 'ENABLED'
topic:
type: cloudify.nodes.aws.SNS.Topic
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs: {}
cloudify.nodes.aws.cloudwatch.Rule
This node type refers to an AWS CloudWatch Rule
Resource Config
For more information, and possible keyword arguments, see: CloudWatch Rule:put_rule
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutRule action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteRule action.
CloudWatch Rule Example
Defines CloudWatch rule
my_cloudwatch_rule:
type: cloudify.nodes.aws.cloudwatch.Rule
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: test-cloudwatch1
ScheduleExpression: "rate(5 minutes)"
EventPattern: |
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"autoscaling.amazonaws.com"
]
}
}
State: 'ENABLED'
cloudify.nodes.aws.cloudwatch.Target
This node type refers to an AWS CloudWatch Target
Resource Config
For more information, and possible keyword arguments, see: CloudWatch Target:put_targets
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PutTargets action.cloudify.interfaces.lifecycle.delete
: Executes the RemoveTargets action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.cloudwatch.Rule
: Associate target with rule.cloudify.nodes.aws.SNS.Topic
: It could be any AWS target resources such as Topic, Lambda, etc..
CloudWatch Target Example
Creates a target (topic) that associated with rule to be notified when triggered event matches the event pattern defined
my_cloudwatch_target:
type: cloudify.nodes.aws.cloudwatch.Target
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Targets:
- Id : topic
Arn: { get_attribute: [ topic1, aws_resource_arn ] }
relationships:
- type: cloudify.relationships.depends_on
target: cloudwatch_rule
- type: cloudify.relationships.depends_on
target: topic
cloudwatch_rule:
type: cloudify.nodes.aws.cloudwatch.Rule
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: test-cloudwatch
ScheduleExpression: "rate(5 minutes)"
EventPattern: |
{
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"autoscaling.amazonaws.com"
]
}
}
State: 'ENABLED'
topic:
type: cloudify.nodes.aws.SNS.Topic
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs: {}
cloudify.nodes.aws.dynamodb.Table
This node type refers to an AWS DynamoDB Table
Resource Config
TableName
: String. The name of the table to create.AttributeDefinitions
: List. An array of attributes that describe the key schema (dict) for the table and indexes. Keys are AttributeName, AttributeType.KeySchema
: List. Specifies the attributes that make up the primary key for a table or an index. The attributes in KeySchema must also be defined in the AttributeDefinitions array. For more information, see Data Model in the Amazon DynamoDB Developer Guide .LocalSecondaryIndexes
: List. One or more local secondary indexes (the maximum is five) to be created on the table. Each index is scoped to a given partition key value. There is a 10 GB size limit per partition key value; otherwise, the size of a local secondary index is unconstrained.GlobalSecondaryIndexes
: List. One or more global secondary indexes (the maximum is five) to be created on the table.BillingMode
: String. Controls how you are charged for read and write throughput and how you manage capacity. This setting can be changed later. Either ‘PROVISIONED’ or ‘PAY_PER_REQUEST’.ProvisionedThroughput
: Map. Represents the provisioned throughput settings for a specified table or index. The settings can be modified using the UpdateTable operation.StreamSpecification
: Map. The settings for DynamoDB Streams on the table.SSESpecification
: Map. Represents the settings used to enable server-side encryption.
For more information, and possible keyword arguments, see: DynamoDB:create_table
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTable action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTable action.
DynamoDB Table Example
Creates DynamoDB table
my_dynamodb_table:
type: cloudify.nodes.aws.dynamodb.Table
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
TableName: !!str abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-.0123456789
AttributeDefinitions:
- AttributeName: RandomKeyUUID
AttributeType: S
KeySchema:
- AttributeName: RandomKeyUUID
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
cloudify.nodes.aws.ecs.Cluster
This node type refers to an AWS ECS Cluster
Resource Config
For more information, and possible keyword arguments, see: ECS Cluster:create_cluster
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateCluster action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteCluster action.
ECS Cluster Example
Creates a new Amazon ECS cluster
ecs_cluster:
type: cloudify.nodes.aws.ecs.Cluster
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
clusterName: { get_input: ecs_cluster_name }
cloudify.nodes.aws.ecs.Service
This node type refers to an AWS ECS Service
Resource Config
For more information, and possible keyword arguments, see: ECS Service:create_service
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateService action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteService action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ecs.Cluster
: Associate service with cluster.cloudify.nodes.aws.ecs.TaskDefinition
: Associate service with task definition.cloudify.nodes.aws.iam.Role
: Associate service with iam rolecloudify.nodes.aws.elb.TargetGroup
: Associate service with load balancer target group
ECS Service Example
Creates ECS service that runs and maintains a desired number of tasks from a specified task definition
my_ecs_service:
type: cloudify.nodes.aws.ecs.Service
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: ecs_cluster
- type: cloudify.relationships.depends_on
target: forward_target_group
- type: cloudify.relationships.depends_on
target: task_definition
- type: cloudify.relationships.depends_on
target: ecs_service_iam_role
interfaces:
cloudify.interfaces.lifecycle:
configure:
inputs:
resource_config:
serviceName: 'service_name'
taskDefinition: { get_property: [ task_definition, resource_config, kwargs, family ] }
desiredCount: 1
role: { get_attribute: [ ecs_service_iam_role, aws_resource_arn ] }
loadBalancers:
- targetGroupArn: { get_attribute: [ forward_target_group, aws_resource_arn ] }
containerName: { get_input: container_name }
containerPort: { get_input: container_port }
ecs_cluster:
type: cloudify.nodes.aws.ecs.Cluster
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
clusterName: { get_input: ecs_cluster_name }
task_definition:
type: cloudify.nodes.aws.ecs.TaskDefinition
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
family: 'task_definition_1'
containerDefinitions: [
{
"name": "wordpress",
"links": [
"mysql"
],
"image": "wordpress",
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"memory": 500,
"cpu": 10
}, {
"environment": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "password"
}
],
"name": "mysql",
"image": "mysql",
"cpu": 10,
"memory": 500,
"essential": true
}]
relationships:
- type: cloudify.relationships.depends_on
target: ecs_cluster
forward_target_group:
type: cloudify.nodes.aws.elb.TargetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: test-elb-target-group
Protocol: HTTP
Port: 80
HealthCheckProtocol: HTTP
HealthCheckPort: '80'
HealthCheckPath: '/wp-admin'
HealthCheckIntervalSeconds: 30
HealthCheckTimeoutSeconds: 20
HealthyThresholdCount: 7
UnhealthyThresholdCount: 7
Matcher:
HttpCode: '404'
Attributes:
- Key: stickiness.enabled
Value: 'true'
relationships:
- type: cloudify.relationships.depends_on
target: vpc
ecs_service_iam_role:
type: cloudify.nodes.aws.iam.Role
properties:
resource_id: ecs_service_iam_role
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Path: !!str /ecs-service-role/
AssumeRolePolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: !!str ecs.amazonaws.com
Action: !!str sts:AssumeRole
relationships:
- type: cloudify.relationships.aws.iam.role.connected_to
target: ecs_service_access
ecs_service_access:
type: cloudify.nodes.aws.iam.Policy
properties:
resource_id: ecs_service_access_policy
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: >-
Grants access for ECS service to the Amazon EC2 and Elastic Load Balancing APIs
Path: !!str /ecs-service-access/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ec2:AuthorizeSecurityGroupIngress
- !!str ec2:Describe*
- !!str elasticloadbalancing:DeregisterInstancesFromLoadBalancer
- !!str elasticloadbalancing:DeregisterTargets
- !!str elasticloadbalancing:Describe*
- !!str elasticloadbalancing:RegisterInstancesWithLoadBalancer
- !!str elasticloadbalancing:RegisterTargets
Resource: '*'
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.ecs.TaskDefinition
This node type refers to an AWS ECS Task Definition
Resource Config
For more information, and possible keyword arguments, see: ECS TaskDefinition:register_task_definition
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the RegisterTaskDefinition action.cloudify.interfaces.lifecycle.delete
: Executes the DeregisterTaskDefinition action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ecs.Cluster
: Associate task definition with cluster.
ECS Task Definition Example
Registers a new task definition from the supplied family and containerDefinitions
my_task_definition:
type: cloudify.nodes.aws.ecs.TaskDefinition
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
family: 'task_definition_1'
containerDefinitions: [
{
"name": "wordpress",
"links": [
"mysql"
],
"image": "wordpress",
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"memory": 500,
"cpu": 10
}, {
"environment": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "password"
}
],
"name": "mysql",
"image": "mysql",
"cpu": 10,
"memory": 500,
"essential": true
}]
relationships:
- type: cloudify.relationships.depends_on
target: ecs_cluster
ecs_cluster:
type: cloudify.nodes.aws.ecs.Cluster
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
clusterName: { get_input: ecs_cluster_name }
cloudify.nodes.aws.efs.FileSystem
This node type refers to an AWS EFS File System
Resource Config
For more information, and possible keyword arguments, see: EFS FileSystem:create_file_system
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateFileSystem action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteFileSystem action.
EFS File System Example
Creates a new, empty file system
my_file_system:
type: cloudify.nodes.aws.efs.FileSystem
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config: {}
cloudify.nodes.aws.efs.FileSystemTags
This node type refers to an AWS EFS File System Tags
Resource Config
For more information, and possible keyword arguments, see: EFS FileSystemTags:create_tags
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTags action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTags action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.efs.FileSystem
: Associate tags with file system.
EFS File System Tags Example
Creates or overwrites tags associated with a file system
my_file_system_tags:
type: cloudify.nodes.aws.efs.FileSystemTags
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Tags:
- Key: Name
Value: file_system_tags
relationships:
- type: cloudify.relationships.depends_on
target: file_system
file_system:
type: cloudify.nodes.aws.efs.FileSystem
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config: {}
cloudify.nodes.aws.efs.MountTarget
This node type refers to an AWS EFS Mount Target
Resource Config
For more information, and possible keyword arguments, see: EFS MountTarget:create_mount_target
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateMountTarget action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteMountTarget action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.efs.FileSystem
: Associate mount target with file system.cloudify.nodes.aws.ec2.Subnet
: Associate mount target with subnet.cloudify.nodes.aws.ec2.SecurityGroup
: Associate mount target with security group.
EFS Mount Target Example
Creates a mount target for a file system
my_mount_target:
type: cloudify.nodes.aws.efs.MountTarget
properties:
resource_config: {}
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: security_group
- type: cloudify.relationships.depends_on
target: subnet
- type: cloudify.relationships.depends_on
target: file_system
file_system:
type: cloudify.nodes.aws.efs.FileSystem
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config: {}
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
GroupName: security_group1
Description: efs security group
VpcId: { get_attribute: [ vpc, aws_resource_id ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: 172.30.0.0/24
AvailabilityZone: { get_input: availability_zone }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
CidrBlock: 172.30.0.0/16
cloudify.nodes.aws.elb.Classic.HealthCheck
This node type refers to an AWS Health Check For Classic Load Balancer
Resource Config
For more information, and possible keyword arguments, see: ELB Classic HealthCheck:configure_health_check
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the ConfigureHealthCheck action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.elb.Classic.LoadBalancer
: Configure health check for classic load balancer.
Classic ELB Health Check Example
Creates health check settings to use when evaluating the health state of EC2 instance
my_classic_health_check:
type: cloudify.nodes.aws.elb.Classic.HealthCheck
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
HealthCheck:
Target: HTTP:80/
Interval: 15
Timeout: 5
UnhealthyThreshold: 2
HealthyThreshold: 5
relationships:
- type: cloudify.relationships.depends_on
target: classic_elb
classic_elb:
type: cloudify.nodes.aws.elb.Classic.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
LoadBalancerName: myclassicelb
Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: SecurityGroup1
Description: Example Security Group 1
Tags:
- Key: Name
Value: MyGroup
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
Tags:
- Key: Name
Value: MySubnet1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: MySubnet2
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.elb.Classic.Listener
This node type refers to an AWS Listener For Classic Load Balancer
Resource Config
LoadBalancerName
: String. The name of the load balancer.Listeners
: List. The listeners required to configure load balancer.
For more information, and possible keyword arguments, see: ELB Classic Listener:create_load_balancer_listeners
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateLoadBalancerListeners action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteLoadBalancerListeners action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.elb.Classic.LoadBalancer
: Configure listener for classic load balancer.
Classic ELB Listeners Example
Creates listener for the specified load balancer
my_classic_elb_listener:
type: cloudify.nodes.aws.elb.Classic.Listener
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Listeners:
- Protocol: HTTP
LoadBalancerPort: 80
InstancePort: 8080
relationships:
- type: cloudify.relationships.depends_on
target: classic_elb
interfaces:
cloudify.interfaces.lifecycle:
start:
implementation: aws.cloudify_aws.elb.resources.classic.load_balancer.start
inputs:
resource_config:
LoadBalancerAttributes:
CrossZoneLoadBalancing:
Enabled: true
ConnectionSettings:
IdleTimeout: 120
classic_elb:
type: cloudify.nodes.aws.elb.Classic.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
LoadBalancerName: myclassicelb
Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: SecurityGroup1
Description: Example Security Group 1
Tags:
- Key: Name
Value: MyGroup
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
Tags:
- Key: Name
Value: MySubnet1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: MySubnet2
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.elb.Classic.LoadBalancer
This node type refers to an AWS Classic Load Balancer
Resource Config
LoadBalancerName
: String. The name of the load balancer.Listeners
: List. The listeners required to configure load balancer.
For more information, and possible keyword arguments, see: ELB Classic:create_load_balancer
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateLoadBalancer action.cloudify.interfaces.lifecycle.start
: Executes the ModifyLoadBalancerAttributes action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteLoadBalancer action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.SecurityGroup
: Associate one or more security groups with load balancer.cloudify.nodes.aws.ec2.Subnet
: Associate one or more subnets with load balancer.
Classic ELB Example
Creates a classic load balancer
classic_elb:
type: cloudify.nodes.aws.elb.Classic.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
LoadBalancerName: myclassicelb
Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: SecurityGroup1
Description: Example Security Group 1
Tags:
- Key: Name
Value: MyGroup
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
Tags:
- Key: Name
Value: MySubnet1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: MySubnet2
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.elb.Classic.Policy
This node type refers to an AWS Policy For Classic Load Balancer
Resource Config
LoadBalancerName
: String. The name of the load balancer.PolicyName
: String. The name of the load balancer policy to be created. This name must be unique within the set of policies for this load balancer.PolicyTypeName
: String. The name of the base policy type. To get the list of policy types, use DescribeLoadBalancerPolicyTypes.
For more information, and possible keyword arguments, see: ELB Classic Policy:create_load_balancer_policy
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateLoadBalancerPolicy action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteLoadBalancerPolicy action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.elb.Classic.LoadBalancer
: Configure policy for classic load balancer.
Classic ELB Policy Example
Creates a policy with the specified attributes for the specified load balancer
my_classic_policy:
type: cloudify.nodes.aws.elb.Classic.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: myclassicpolicy
PolicyTypeName: ProxyProtocolPolicyType
kwargs:
PolicyAttributes:
- AttributeName: ProxyProtocol
AttributeValue: 'true'
relationships:
- type: cloudify.relationships.depends_on
target: classic_elb
classic_elb:
type: cloudify.nodes.aws.elb.Classic.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
LoadBalancerName: myclassicelb
Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: SecurityGroup1
Description: Example Security Group 1
Tags:
- Key: Name
Value: MyGroup
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
Tags:
- Key: Name
Value: MySubnet1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: MySubnet2
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.elb.Classic.Policy.Stickiness
This node type refers to an AWS Policy Stickiness For Classic Load Balancer
Resource Config
LoadBalancerName
: String. The name of the load balancer.PolicyName
: String. The name of the load balancer policy to be created. This name must be unique within the set of policies for this load balancer.CookieExpirationPeriod
: Integer. The time period, in seconds, after which the cookie should be considered stale.
For more information, and possible keyword arguments, see: ELB Classic PolicyStickiness:create_lb_cookie_stickiness_policy
Operations
cloudify.interfaces.lifecycle.configure
: Executes the CreateLBCookieStickinessPolicy action.cloudify.interfaces.lifecycle.start
: Executes the SetLoadBalancerPoliciesOfListener action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.elb.Classic.LoadBalancer
: Configure policy stickiness for classic load balancer.
Classic ELB Policy Stickiness Example
Creates a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-agent)
my_classic_stickiness_policy:
type: cloudify.nodes.aws.elb.Classic.Policy.Stickiness
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: myclassicstickinesspolicy
CookieExpirationPeriod: 3600
relationships:
- type: cloudify.relationships.depends_on
target: classic_elb
classic_elb:
type: cloudify.nodes.aws.elb.Classic.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_input: aws_access_key_id }
aws_secret_access_key: { get_input: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
LoadBalancerName: myclassicelb
Listeners: { get_property: [ classic_elb_listener, resource_config, Listeners ] }
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: SecurityGroup1
Description: Example Security Group 1
Tags:
- Key: Name
Value: MyGroup
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
Tags:
- Key: Name
Value: MySubnet1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: MySubnet2
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: MyVPC
cloudify.nodes.aws.elb.Listener
This node type refers to an AWS ELB V2 Listener
Resource Config
Protocol
: String. The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocol is TCP.Port
: Integer. The port on which the load balancer is listening.DefaultActions
: List. The actions for the default rule.
For more information, and possible keyword arguments, see: ELB V2 Listener:create_listener
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateListener action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteListener action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.elb.LoadBalancer
: Associate listener with load balancer (Application | NetWork).cloudify.nodes.aws.elb.TargetGroup
: Associate listener with target group.
ELB V2 Listener Example
Creates a listener for the specified application load balancer
my_http_listener:
type: cloudify.nodes.aws.elb.Listener
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Protocol: HTTP
Port: 8080
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTP
Port: '8080'
Host: www.example.com
Path: /
StatusCode: HTTP_301
relationships:
- type: cloudify.relationships.depends_on
target: elb
- type: cloudify.relationships.depends_on
target: forward_target_group
elb:
type: cloudify.nodes.aws.elb.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Name: test-elb
kwargs:
Attributes:
- Key: idle_timeout.timeout_seconds
Value: '120'
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.elb.LoadBalancer
This node type refers to an AWS ELB V2 (Application | NetWork)
Resource Config
Name
: String. The name of the load balancer.
For more information, and possible keyword arguments, see: ELB V2:create_load_balancer
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateLoadBalancer action.cloudify.interfaces.lifecycle.start
: Executes the ModifyLoadBalancerAttributes action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteLoadBalancer action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.SecurityGroup
: Associate one or more security groups with load balancer.cloudify.nodes.aws.ec2.Subnet
: Associate one or more subnets with load balancer.
ELB V2 Example
Creates an application load balancer
my_elb:
type: cloudify.nodes.aws.elb.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Name: test-elb
kwargs:
Attributes:
- Key: idle_timeout.timeout_seconds
Value: '120'
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.elb.Rule
This node type refers to an AWS ELB V2 Rule
Resource Config
Conditions
: List. The conditions. Each condition specifies a field name and a single value.Priority
: Integer. The rule priority. A listener can’t have multiple rules with the same priority.Actions
: List. The actions. Each rule must include exactly one of the following types of actions - forward, fixed-response, or redirect.
For more information, and possible keyword arguments, see: ELB V2 Rule:create_rule
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateRule action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteRule action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.elb.Listener
: Associate rule with listener.cloudify.nodes.aws.elb.TargetGroup
: Associate rule with target group.
Classic ELB Rule Examples
Creates an application load balancer
my_forward_rule:
type: cloudify.nodes.aws.elb.Rule
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Priority: 101
Conditions:
- Field: 'host-header'
Values:
- example.com
Actions:
- Type: forward
TargetGroupArn: { get_attribute: [ forward_target_group, aws_resource_arn ] }
relationships:
- type: cloudify.relationships.depends_on
target: http_listener
- type: cloudify.relationships.depends_on
target: forward_target_group
interfaces:
cloudify.interfaces.lifecycle:
configure:
implementation: aws.cloudify_aws.elb.resources.rule.create
inputs:
resource_config:
Priority: 101
Conditions:
- Field: 'host-header'
Values:
- example.com
Actions:
- Type: forward
TargetGroupArn: { get_attribute: [ forward_target_group, aws_resource_arn ] }
http_listener:
type: cloudify.nodes.aws.elb.Listener
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Protocol: HTTP
Port: 8080
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTP
Port: '8080'
Host: www.example.com
Path: /
StatusCode: HTTP_301
relationships:
- type: cloudify.relationships.depends_on
target: elb
- type: cloudify.relationships.depends_on
target: forward_target_group
forward_target_group:
type: cloudify.nodes.aws.elb.TargetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Name: test-elb-target-group
Protocol: HTTP
Port: 8080
HealthCheckProtocol: HTTP
HealthCheckPort: '80'
kwargs:
HealthCheckIntervalSeconds: 30
HealthCheckTimeoutSeconds: 5
UnhealthyThresholdCount: 3
Matcher:
HttpCode: '404'
Attributes:
- Key: stickiness.enabled
Value: 'true'
relationships:
- type: cloudify.relationships.depends_on
target: vpc
elb:
type: cloudify.nodes.aws.elb.LoadBalancer
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Name: test-elb
kwargs:
Attributes:
- Key: idle_timeout.timeout_seconds
Value: '120'
relationships:
- type: cloudify.relationships.depends_on
target: subnet1
- type: cloudify.relationships.depends_on
target: subnet2
- type: cloudify.relationships.depends_on
target: security_group
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: SecurityGroup1
Description: Example Security Group 1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.2.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'a' ] }
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.elb.TargetGroup
This node type refers to an AWS ELB V2 Target Group
Resource Config
Name
: String. The name of the target group.Protocol
: String. The protocol to use for routing traffic to the targets.Actions
: String. The port on which the targets receive traffic.HealthCheckProtocol
: String. The protocol the load balancer uses when performing health checks on targets.HealthCheckPort
: String. The port the load balancer uses when performing health checks on targets.
For more information, and possible keyword arguments, see: ELB V2 TargetGroup:create_target_group
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTargetGroup action.cloudify.interfaces.lifecycle.start
: Executes the ModifyTargetGroupAttributes action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTargetGroup action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.ec2.Vpc
: Associate target group with vpc.
ELB V2 Target Group Example
Creates a target group
my_forward_target_group:
type: cloudify.nodes.aws.elb.TargetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Name: test-elb-target-group
Protocol: HTTP
Port: 8080
HealthCheckProtocol: HTTP
HealthCheckPort: '80'
kwargs:
HealthCheckIntervalSeconds: 30
HealthCheckTimeoutSeconds: 5
UnhealthyThresholdCount: 3
Matcher:
HttpCode: '404'
Attributes:
- Key: stickiness.enabled
Value: 'true'
relationships:
- type: cloudify.relationships.depends_on
target: vpc
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
cloudify.nodes.aws.iam.AccessKey
This node type refers to an AWS IAM Access Key
Resource Config
For more information, and possible keyword arguments, see: IAM AccessKey:create_access_key
Operations
cloudify.interfaces.lifecycle.configure
: Storeresource_config
in runtime properties.
Relationships
cloudify.relationships.aws.iam.access_key.connected_to
:cloudify.nodes.aws.iam.User
: Associate access key with user.
IAM Access Key Example
Creates a new AWS secret access key and corresponding AWS access key ID for the specified user
my_iam_user_api_access:
type: cloudify.nodes.aws.iam.AccessKey
relationships:
- type: cloudify.relationships.aws.iam.access_key.connected_to
target: iam_user
iam_user:
type: cloudify.nodes.aws.iam.User
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
UserName: !!str CloudifyUser=,.@-Test
Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
relationships:
- type: cloudify.relationships.aws.iam.user.connected_to
target: iam_group
- type: cloudify.relationships.aws.iam.user.connected_to
target: iam_policy_vpc_access
iam_group:
type: cloudify.nodes.aws.iam.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: !!str pmcfy_CloudifyGroup
Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
relationships:
- type: cloudify.relationships.aws.iam.group.connected_to
target: iam_policy_vpc_access
iam_policy_vpc_access:
type: cloudify.nodes.aws.iam.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_vpcpolicy
Description: >-
Grants access to EC2 network components
Path: !!str /service-role/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ec2:CreateNetworkInterface
- !!str ec2:DeleteNetworkInterface
- !!str ec2:DescribeNetworkInterfaces
Resource: '*'
cloudify.nodes.aws.iam.Group
This node type refers to an AWS IAM Group
Resource Config
Path
: String. The path to the group. For more information about paths, see IAM Identifiers in the IAM User Guide.GroupName
: String. The name of the group to create. Do not include the path in this value.
For more information, and possible keyword arguments, see: IAM Group:create_group
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateGroup action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteGroup action.
Relationships
cloudify.relationships.aws.iam.group.connected_to
:cloudify.nodes.aws.iam.User
: Associate the created group with user.cloudify.nodes.aws.iam.Policy
: Associate the created group with policy.
IAM Group Example
Creates a new group
iam_group:
type: cloudify.nodes.aws.iam.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: !!str pmcfy_CloudifyGroup
Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
relationships:
- type: cloudify.relationships.aws.iam.group.connected_to
target: iam_policy_vpc_access
iam_policy_vpc_access:
type: cloudify.nodes.aws.iam.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_vpcpolicy
Description: >-
Grants access to EC2 network components
Path: !!str /service-role/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ec2:CreateNetworkInterface
- !!str ec2:DeleteNetworkInterface
- !!str ec2:DescribeNetworkInterfaces
Resource: '*'
cloudify.nodes.aws.iam.InstanceProfile
This node type refers to an AWS IAM Instance Profile
Resource Config
InstanceProfileName
: String. The name of the instance profile to create.Path
: String. The path to the instance profile.
For more information, and possible keyword arguments, see: IAM InstanceProfile:create_instance_profile
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateInstanceProfile action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteInstanceProfile action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.iam.Role
: Associate the instance profile with certain role.
IAM Instance Profile Example
Creates a new instance profile
iam_user_instance_profile:
type: cloudify.nodes.aws.iam.InstanceProfile
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
InstanceProfileName: pmcfy_iam_user_instance_profile
Path: '/pmcfy_iam_user_instance_profile/'
relationships:
- type: cloudify.relationships.depends_on
target: iam_role
iam_role:
type: cloudify.nodes.aws.iam.Role
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
RoleName: pmcfy_lambdarole
Path: !!str /service-role/
AssumeRolePolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: !!str lambda.amazonaws.com
Action: !!str sts:AssumeRole
cloudify.nodes.aws.iam.LoginProfile
This node type refers to an AWS IAM Login Profile
Resource Config
UserName
: String. The name of the IAM user that the new key will belong to.Password
: String. The new password for the user.PasswordResetRequired
: Boolean. Specifies whether the user is required to set a new password on next sign-in.
For more information, and possible keyword arguments, see: IAM LoginProfile:create_login_profile
Operations
cloudify.interfaces.lifecycle.configure
: Storeresource_config
in runtime properties.
Relationships
cloudify.relationships.aws.iam.login_profile.connected_to
:cloudify.nodes.aws.iam.User
: Create login profile for certain user.
IAM Login Profile Example
Creates a password for the specified user, giving the user the ability to access AWS services through the AWS Management Console
iam_login_profile:
type: cloudify.nodes.aws.iam.LoginProfile
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
UserName: !!str PMCfy=,.@-User
Password: !!str Cl0ud1fy2017
relationships:
- type: cloudify.relationships.aws.iam.login_profile.connected_to
target: iam_user
iam_user:
type: cloudify.nodes.aws.iam.User
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
UserName: !!str CloudifyUser=,.@-Test
Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
cloudify.nodes.aws.iam.Policy
This node type refers to an AWS IAM Policy
Resource Config
PolicyName
: String. The friendly name of the policy.Path
: String. The path to the policy.PolicyDocument
: String. The policy document.Description
: String. A friendly description of the policy.
For more information, and possible keyword arguments, see: IAM Policy:create_policy
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreatePolicy action.cloudify.interfaces.lifecycle.delete
: Executes the DeletePolicy action.
IAM Policy Example
Creates a new managed policy for your AWS account
iam_policy:
type: cloudify.nodes.aws.iam.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_vpcpolicy
Description: >-
Grants access to EC2 network components
Path: !!str /service-role/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ec2:CreateNetworkInterface
- !!str ec2:DeleteNetworkInterface
- !!str ec2:DescribeNetworkInterfaces
Resource: '*'
cloudify.nodes.aws.iam.Role
This node type refers to an AWS IAM Role
Resource Config
AssumeRolePolicyDocument
: String. The trust relationship policy document that grants an entity permission to assume the role.RoleName
: String. The name of the role to create.Path
: String. The path to the role.
For more information, and possible keyword arguments, see: IAM Role:create_role
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateRole action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteRole action.
Relationships
cloudify.relationships.aws.iam.role.connected_to
:cloudify.nodes.aws.iam.Policy
: Associate role with certain policy.
IAM Role Example
Creates a new role for your AWS account
iam_role:
type: cloudify.nodes.aws.iam.Role
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
RoleName: pmcfy_lambdarole
Path: !!str /service-role/
AssumeRolePolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: !!str lambda.amazonaws.com
Action: !!str sts:AssumeRole
relationships:
- type: cloudify.relationships.aws.iam.role.connected_to
target: iam_policy_vpc_access
- type: cloudify.relationships.aws.iam.role.connected_to
target: iam_policy_cloudwatch_access
iam_policy_vpc_access:
type: cloudify.nodes.aws.iam.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_vpcpolicy
Description: >-
Grants access to EC2 network components
Path: !!str /service-role/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ec2:CreateNetworkInterface
- !!str ec2:DeleteNetworkInterface
- !!str ec2:DescribeNetworkInterfaces
Resource: '*'
iam_policy_cloudwatch_access:
type: cloudify.nodes.aws.iam.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_iampolicy
Description: >-
Grants access to CloudWatch logs
Path: !!str /service-role/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action: !!str logs:CreateLogGroup
Resource: '*'
- Effect: Allow
Action:
- !!str logs:CreateLogStream
- !!str logs:PutLogEvents
Resource:
- { get_input: aws_cloudwatch_log_arn }
cloudify.nodes.aws.iam.RolePolicy
This node type refers to an AWS IAM Role Policy
Resource Config
RoleName
: String. The name of the role to associate the policy with. Required if no relationship to a Role was provided.PolicyName
: String. The name of the policy document.PolicyDocument
: String. The policy document.
For more information, and possible keyword arguments, see: IAM RolePolicy:put_role_policy
Policy ARN
- List of ARN policies to be provided. The list needs to contain dictionaries containing a single ARN policy with the key ‘PolicyArn’
In the following example 2 policies are added using the Policy ARNs property:
policy_arns:
- PolicyArn: "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
- PolicyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
Operations
cloudify.interfaces.lifecycle.create
: Executes the PutRolePolicy action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteRolePolicy action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.iam.Role
: Associate policy with certain role.
IAM Role Policy Example
Adds or updates an inline policy document that is embedded in the specified IAM role
iam_role_policy:
type: cloudify.nodes.aws.iam.RolePolicy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_iam_role_policy
PolicyDocument:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Resource": "*",
"Action": "sts:AssumeRole"
}
}
relationships:
- type: cloudify.relationships.depends_on
target: iam_role
iam_role:
type: cloudify.nodes.aws.iam.Role
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
RoleName: pmcfy_lambdarole
Path: !!str /service-role/
AssumeRolePolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: !!str lambda.amazonaws.com
Action: !!str sts:AssumeRole
cloudify.nodes.aws.iam.User
This node type refers to an AWS IAM User
Resource Config
UserName
: String. The name of the IAM user that the new key will belong to.Path
: String. The path to the user. For more information about paths, see IAM Identifiers in the IAM User Guide.PermissionsBoundary
: String. The ARN of the policy that is used to set the permissions boundary for the user.Tags
: List. A list of tags that you want to attach to the newly created user. Each tag consists of a key name and an associated value. For more information about tagging, see Tagging IAM Identities in the IAM User Guide.
For more information, and possible keyword arguments, see: IAM User:create_user
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateUser action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteUser action.
Relationships
cloudify.relationships.aws.iam.user.connected_to
:cloudify.nodes.aws.iam.Group
: Associate user with certain group.cloudify.nodes.aws.iam.Policy
: Associate user with certain certain policy.cloudify.nodes.aws.iam.LoginProfile
: Create login profile for user.cloudify.nodes.aws.iam.AccessKey
: Create access key for user.
IAM User Example
Creates a new IAM user for AWS account
iam_user:
type: cloudify.nodes.aws.iam.User
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
UserName: !!str CloudifyUser=,.@-Test
Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
relationships:
- type: cloudify.relationships.aws.iam.user.connected_to
target: iam_group
- type: cloudify.relationships.aws.iam.user.connected_to
target: iam_policy_vpc_access
iam_group:
type: cloudify.nodes.aws.iam.Group
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: !!str pmcfy_CloudifyGroup
Path: !!str /!"#$%&'()*+,-.0123456789:;<=>?@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~/
relationships:
- type: cloudify.relationships.aws.iam.group.connected_to
target: iam_policy_vpc_access
iam_policy_vpc_access:
type: cloudify.nodes.aws.iam.Policy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
PolicyName: pmcfy_vpcpolicy
Description: >-
Grants access to EC2 network components
Path: !!str /service-role/
PolicyDocument:
Version: !!str 2012-10-17
Statement:
- Effect: Allow
Action:
- !!str ec2:CreateNetworkInterface
- !!str ec2:DeleteNetworkInterface
- !!str ec2:DescribeNetworkInterfaces
Resource: '*'
cloudify.nodes.aws.kms.Alias
This node type refers to an AWS KMS Alias
Resource Config
For more information, and possible keyword arguments, see: KMS Alias:create_alias
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateAlias action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteAlias action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.kms.CustomerMasterKey
: Associate alias with certain key.
KMS Alias Example
Creates a display name for a customer managed customer master key (CMK)
my_alias:
type: cloudify.nodes.aws.kms.Alias
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
AliasName: alias/test_key
relationships:
- type: cloudify.relationships.depends_on
target: cmk
cmk:
type: cloudify.nodes.aws.kms.CustomerMasterKey
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: An example CMK.
Tags:
- TagKey: Cloudify
TagValue: Example
cloudify.nodes.aws.kms.CustomerMasterKey
This node type refers to an AWS KMS Customer Master Key
Resource Config
For more information, and possible keyword arguments, see: KMS CustomerMasterKey:create_key
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateKey action.cloudify.interfaces.lifecycle.start
: Executes the EnableKey action.cloudify.interfaces.lifecycle.stop
: Executes the DisableKey action.cloudify.interfaces.lifecycle.delete
: Executes the ScheduleKeyDeletion action.
KMS Customer Master Key Example
Creates a customer managed customer master key (CMK) in AWS account
my_cmk:
type: cloudify.nodes.aws.kms.CustomerMasterKey
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: An example CMK.
Tags:
- TagKey: Cloudify
TagValue: Example
cloudify.nodes.aws.kms.Grant
This node type refers to an AWS KMS Grant
Resource Config
For more information, and possible keyword arguments, see: KMS Grant:create_grant
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateGrant action.cloudify.interfaces.lifecycle.delete
: Executes the RevokeGrant action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.kms.CustomerMasterKey
: Associate grant with certain key.
KMS Grant Example
Adds a grant to a customer master key (CMK)
my_grant:
type: cloudify.nodes.aws.kms.Grant
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: TestGrant
GranteePrincipal: { get_input: iam_arn }
Operations: [Encrypt, Decrypt]
relationships:
- type: cloudify.relationships.depends_on
target: cmk
cmk:
type: cloudify.nodes.aws.kms.CustomerMasterKey
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Description: An example CMK.
Tags:
- TagKey: Cloudify
TagValue: Example
cloudify.nodes.aws.lambda.Function
This node type refers to an AWS Lambda Function
Resource Config
FunctionName
: String. The name of the Lambda function.Runtime
: String. The runtime version for the function.Handler
: String. The name of the method within your code that Lambda calls to execute your function.Code
: String. The code for the function.
For more information, and possible keyword arguments, see: Lambda Function:create_function
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateFunction action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteFunction action.
Relationships
cloudify.relationships.connected_to
:cloudify.nodes.aws.ec2.Subnet
: Associate function with one or more subnets.cloudify.nodes.aws.ec2.SecurityGroup
: Associate function with one or more security group.cloudify.nodes.aws.iam.Role
: Associate function with iam role.
Lambda Function Example
Creates a Lambda function
my_lambda_function:
type: cloudify.nodes.aws.lambda.Function
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
FunctionName: myLambdaFunction
Runtime: python2.7
Handler: main.lambda_handler
Code:
ZipFile: function/main.zip
kwargs:
MemorySize: 128
relationships:
- type: cloudify.relationships.connected_to
target: subnet_1
- type: cloudify.relationships.connected_to
target: subnet_2
- type: cloudify.relationships.connected_to
target: security_group
- type: cloudify.relationships.connected_to
target: iam_role_lambda_function
subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: Subnet1
relationships:
- type: cloudify.relationships.depends_on
target: vpc
subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.1.0/24'
AvailabilityZone: { concat: [ { get_input: aws_region_name }, 'c' ] }
Tags:
- Key: Name
Value: Subnet2
relationships:
- type: cloudify.relationships.depends_on
target: vpc
security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
GroupName: Lambda Security Group
Description: Lambda Feature Demo Test Group
Tags:
- Key: Name
Value: MyGroup
relationships:
- type: cloudify.relationships.depends_on
target: vpc
security_group_rules:
type: cloudify.nodes.aws.ec2.SecurityGroupRuleIngress
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
IpPermissions:
- IpProtocol: "-1"
FromPort: -1
ToPort: -1
IpRanges:
- CidrIp: 0.0.0.0/0
UserIdGroupPairs: [ { GroupId: { get_attribute: [ security_group, aws_resource_id ] } } ]
relationships:
- type: cloudify.relationships.contained_in
target: security_group
interfaces:
cloudify.interfaces.lifecycle:
start:
implementation: aws.cloudify_aws.ec2.resources.securitygroup.authorize_ingress_rules
inputs:
resource_config:
IpPermissions:
- IpProtocol: "-1"
FromPort: -1
ToPort: -1
IpRanges:
- CidrIp: 0.0.0.0/0
UserIdGroupPairs: [ { GroupId: { get_attribute: [ security_group, aws_resource_id ] } } ]
stop:
implementation: aws.cloudify_aws.ec2.resources.securitygroup.revoke_ingress_rules
inputs:
resource_config:
IpPermissions:
- IpProtocol: "-1"
FromPort: -1
ToPort: -1
IpRanges:
- CidrIp: 0.0.0.0/0
UserIdGroupPairs: [ { GroupId: { get_attribute: [ security_group, aws_resource_id ] } } ]
vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: '10.0.0.0/16'
Tags:
- Key: Name
Value: VPC
cloudify.nodes.aws.lambda.Invoke
This node type refers to an AWS Lambda Invoke
Resource Config
For more information, and possible keyword arguments, see: Lambda Invoke:invoke
Operations
cloudify.interfaces.lifecycle.configure
: Storeresource_config
in runtime properties.
Relationships
cloudify.relationships.aws.lambda.invoke.connected_to
:cloudify.nodes.aws.lambda.Function
: Invoke associated lambda function.
Lambda Invoke Example
Invokes a Lambda function
my_lambda_function_invocation:
type: cloudify.nodes.aws.lambda.Invoke
relationships:
- type: cloudify.relationships.aws.lambda.invoke.connected_to
target: lambda_function
lambda_function:
type: cloudify.nodes.aws.lambda.Function
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
FunctionName: myLambdaFunction
Runtime: python2.7
Handler: main.lambda_handler
Code:
ZipFile: function/main.zip
kwargs:
MemorySize: 128
cloudify.nodes.aws.lambda.Permission
This node type refers to an AWS Lambda Permission
Resource Config
FunctionName
: String. The name of the Lambda function. Required. May also be provided from a relationship to a cloudify.nodes.aws.lambda.Function.StatementId
: String. A unique statement identifier.Action
: String. The AWS Lambda action you want to allow in this statement.Principal
: String. The principal who is getting this permission.
For more information, and possible keyword arguments, see: Lambda Permission:add_permission
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the AddPermission action.cloudify.interfaces.lifecycle.delete
: Executes the RemovePermission action.
Relationships
cloudify.relationships.aws.lambda.permission.connected_to
:cloudify.nodes.aws.lambda.Function
: Associate permission with certain function.
Lambda Permission Example
Grants an AWS service or another account permission to use a function
my_lambda_function_permission:
type: cloudify.nodes.aws.lambda.Permission
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
FunctionName: { get_attribute: [ lambda_function, aws_resource_arn ] }
StatementId: apigateway-id-2
Action: !!str lambda:*
Principal: !!str apigateway.amazonaws.com
relationships:
- type: cloudify.relationships.aws.lambda.permission.connected_to
target: lambda_function
lambda_function:
type: cloudify.nodes.aws.lambda.Function
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
FunctionName: myLambdaFunction
Runtime: python2.7
Handler: main.lambda_handler
Code:
ZipFile: function/main.zip
kwargs:
MemorySize: 128
cloudify.nodes.aws.rds.Instance
This node type refers to an AWS RDS Instance
Resource Config
For more information, and possible keyword arguments, see: RDS Instance:create_db_instance
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateDBInstance action.cloudify.interfaces.lifecycle.start
: Updates an AWS RDS instance runtime properties by executing the DescribeDBInstances action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteDBInstance action.
Relationships
cloudify.relationships.aws.rds.instance.connected_to
:cloudify.nodes.aws.rds.SubnetGroup
: Associate rds instance with certain subnet group.cloudify.nodes.aws.rds.OptionGroup
: Associate rds instance with certain option group.cloudify.nodes.aws.rds.ParameterGroup
: Associate rds instance with certain parameter group.cloudify.aws.nodes.SecurityGroup
: Associate rds instance with certain security group.cloudify.nodes.aws.iam.Role
: Associate rds instance with certain role.
RDS Instance Example
Creates a new DB instance
my_rds_mysql_instance:
type: cloudify.nodes.aws.rds.Instance
properties:
resource_id: devdbinstance
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
DBInstanceClass: db.t2.small
Engine: mysql
EngineVersion: 5.7.16
AvailabilityZone: us-west-1a
StorageType: gp2
AllocatedStorage: 10
DBName: devdb
MasterUsername: root
MasterUserPassword: Password1234
relationships:
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_subnet_group
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_option_group
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_parameter_group
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_security_group
rds_subnet_group:
type: cloudify.nodes.aws.rds.SubnetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-subnet-group
resource_config:
kwargs:
DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_1
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_2
rds_subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_1_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_2_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id }
cloudify.nodes.aws.rds.InstanceReadReplica
This node type refers to an AWS RDS Instance Read Replica
Resource Config
For more information, and possible keyword arguments, see: RDS Instance Read Replica:create_db_instance_read_replica
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateDBInstanceReadReplica action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteDBInstance action.
Relationships
cloudify.relationships.aws.rds.instance_read_replica.connected_to
:cloudify.nodes.aws.rds.SubnetGroup
: Associate rds instance read replica with certain subnet group.cloudify.nodes.aws.rds.OptionGroup
: Associate rds instance read replica with certain option group.cloudify.nodes.aws.rds.Instance
: Associate rds instance read replica with certain rds instance.cloudify.nodes.aws.iam.Role
: Associate rds instance read replica with certain role.
RDS Instance Read Replica Example
Creates a new DB instance that acts as a Read Replica for an existing source DB instance
my_rds_mysql_read_replica:
type: cloudify.nodes.aws.rds.InstanceReadReplica
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: devdbinstance-replica
resource_config:
kwargs:
SourceDBInstanceIdentifier: { get_property: [rds_mysql_instance, resource_id] }
DBInstanceClass: db.t2.small
AvailabilityZone: us-west-1c
relationships:
- type: cloudify.relationships.aws.rds.instance_read_replica.connected_to
target: rds_mysql_instance
- type: cloudify.relationships.aws.rds.instance_read_replica.connected_to
target: rds_option_group
- type: cloudify.relationships.aws.rds.instance_read_replica.connected_to
target: rds_parameter_group
rds_option_group:
type: cloudify.nodes.aws.rds.OptionGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-option-group
resource_config:
kwargs:
EngineName: mysql
MajorEngineVersion: '5.7'
OptionGroupDescription: MySQL5.7 Option Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.option_group.connected_to
target: rds_option_1
rds_option_1:
type: cloudify.nodes.aws.rds.Option
properties:
resource_id: MEMCACHED
resource_config:
kwargs:
Port: 21212
relationships:
- type: cloudify.relationships.aws.rds.option.connected_to
target: rds_security_group
rds_security_group:
type: cloudify.nodes.aws.ec2.SecurityGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_security_group_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id }
rds_parameter_group:
type: cloudify.nodes.aws.rds.ParameterGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-param-group
resource_config:
kwargs:
DBParameterGroupFamily: mysql5.7
Description: MySQL5.7 Parameter Group for Dev
interfaces:
cloudify.interfaces.lifecycle:
configure:
inputs:
resource_config:
Parameters:
- ParameterName: time_zone
ParameterValue: US/Eastern
ApplyMethod: immediate
- ParameterName: lc_time_names
ParameterValue: en_US
ApplyMethod: immediate
rds_mysql_instance:
type: cloudify.nodes.aws.rds.Instance
properties:
resource_id: devdbinstance
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
DBInstanceClass: db.t2.small
Engine: mysql
EngineVersion: 5.7.16
AvailabilityZone: us-west-1a
StorageType: gp2
AllocatedStorage: 10
DBName: devdb
MasterUsername: root
MasterUserPassword: Password1234
relationships:
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_subnet_group
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_option_group
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_parameter_group
- type: cloudify.relationships.aws.rds.instance.connected_to
target: rds_security_group
rds_subnet_group:
type: cloudify.nodes.aws.rds.SubnetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-subnet-group
resource_config:
kwargs:
DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_1
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_2
rds_subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_1_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_2_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
cloudify.nodes.aws.rds.Option
This node type refers to an AWS RDS Option
Resource Config
For more information, and possible keyword arguments, see: RDS Option:modify_option_group
Operations
cloudify.interfaces.lifecycle.configure
: Storeresource_config
in runtime properties.
Relationships
cloudify.relationships.aws.rds.option.connected_to
:cloudify.nodes.aws.rds.OptionGroup
: Associate rds option with certain option group.cloudify.nodes.aws.ec2.SecurityGroup
: Associate rds option with certain security group.
RDS Option Example
Creates new option to an existing option group
my_rds_option:
type: cloudify.nodes.aws.rds.Option
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: MEMCACHED
resource_config:
kwargs:
Port: 21212
relationships:
- type: cloudify.relationships.aws.rds.option.connected_to
target: rds_security_group
rds_subnet_group:
type: cloudify.nodes.aws.rds.SubnetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-subnet-group
resource_config:
kwargs:
DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_1
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_2
rds_subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_1_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_2_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id }
cloudify.nodes.aws.rds.OptionGroup
This node type refers to an AWS RDS Option Group
Resource Config
For more information, and possible keyword arguments, see: RDS Option Group:create_option_group
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateOptionGroup action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteOptionGroup action.
Relationships
cloudify.relationships.aws.rds.option_group.connected_to
:cloudify.nodes.aws.rds.Option
: Add certain rds option to option group.
RDS Option Group Example
Creates new option to an existing option group
my_rds_option_group:
type: cloudify.nodes.aws.rds.OptionGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-option-group
resource_config:
kwargs:
EngineName: mysql
MajorEngineVersion: '5.7'
OptionGroupDescription: MySQL5.7 Option Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.option_group.connected_to
target: rds_option_1
rds_option_1:
type: cloudify.nodes.aws.rds.Option
properties:
resource_id: MEMCACHED
resource_config:
kwargs:
Port: 21212
relationships:
- type: cloudify.relationships.aws.rds.option.connected_to
target: rds_security_group
rds_subnet_group:
type: cloudify.nodes.aws.rds.SubnetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-subnet-group
resource_config:
kwargs:
DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_1
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_2
rds_subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_1_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_2_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_id }
cloudify.nodes.aws.rds.Parameter
This node type refers to an AWS RDS Parameter
Resource Config
For more information, and possible keyword arguments, see: RDS Parameter:modify_db_parameter_group
Operations
cloudify.interfaces.lifecycle.configure
: Storeresource_config
in runtime properties.
Relationships
cloudify.relationships.aws.rds.parameter.connected_to
:cloudify.nodes.aws.rds.ParameterGroup
: Associate rds parameter with certain parameter group.
RDS Parameter Example
Creates new parameter to an existing parameter group
my_rds_parameter:
type: cloudify.nodes.aws.rds.Parameter
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: binlog_cache_size
resource_config:
kwargs:
ApplyMethod: immediate
relationships:
- type: cloudify.relationships.aws.rds.parameter.connected_to
target: rds_parameter_group
rds_parameter_group:
type: cloudify.nodes.aws.rds.ParameterGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-param-group
resource_config:
kwargs:
DBParameterGroupFamily: mysql5.7
Description: MySQL5.7 Parameter Group for Dev
interfaces:
cloudify.interfaces.lifecycle:
configure:
inputs:
resource_config:
Parameters:
- ParameterName: time_zone
ParameterValue: US/Eastern
ApplyMethod: immediate
- ParameterName: lc_time_names
ParameterValue: en_US
ApplyMethod: immediate
cloudify.nodes.aws.rds.ParameterGroup
This node type refers to an AWS RDS Parameter Group
Resource Config
For more information, and possible keyword arguments, see: RDS Parameter Group:create_db_parameter_group
Operations
cloudify.interfaces.lifecycle.create
: Executes the CreateDBParameterGroup action.cloudify.interfaces.lifecycle.configure
: Executes the ModifyDBParameterGroup action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteDBParameterGroup action.
Relationships
cloudify.relationships.aws.rds.parameter_group.connected_to
:cloudify.nodes.aws.rds.Parameter
: Add certain rds parameter to parameter group.
RDS Parameter Group Example
Creates a new DB parameter group
my_rds_parameter_group:
type: cloudify.nodes.aws.rds.ParameterGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-param-group
resource_config:
kwargs:
DBParameterGroupFamily: mysql5.7
Description: MySQL5.7 Parameter Group for Dev
interfaces:
cloudify.interfaces.lifecycle:
configure:
inputs:
resource_config:
Parameters:
- ParameterName: time_zone
ParameterValue: US/Eastern
ApplyMethod: immediate
- ParameterName: lc_time_names
ParameterValue: en_US
ApplyMethod: immediate
relationships:
- type: cloudify.relationships.aws.rds.parameter_group.connected_to
target: rds_parameter
rds_parameter:
type: cloudify.nodes.aws.rds.Parameter
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: binlog_cache_size
resource_config:
kwargs:
ApplyMethod: immediate
cloudify.nodes.aws.rds.SubnetGroup
This node type refers to an AWS RDS Subnet Group
Resource Config
For more information, and possible keyword arguments, see: RDS Subnet Group:create_db_subnet_group
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateDBSubnetGroup action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteDBSubnetGroup action.
Relationships
cloudify.relationships.aws.rds.subnet_group.connected_to
:cloudify.nodes.aws.ec2.Subnet
: Associate one or more subnets with subnet group.
RDS Subnet Group Example
Creates a new DB subnet group
my_rds_subnet_group:
type: cloudify.nodes.aws.rds.SubnetGroup
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: dev-rds-subnet-group
resource_config:
kwargs:
DBSubnetGroupDescription: MySQL5.7 Subnet Group for Dev
relationships:
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_1
- type: cloudify.relationships.aws.rds.subnet_group.connected_to
target: rds_subnet_2
rds_subnet_1:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_1_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
rds_subnet_2:
type: cloudify.nodes.aws.ec2.Subnet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
use_external_resource: true
resource_id: { get_input: aws_vpc_subnet_2_id }
relationships:
- type: cloudify.relationships.depends_on
target: rds_vpc
cloudify.nodes.aws.route53.HostedZone
This node type refers to an AWS Route53 Hosted Zone
Resource Config
For more information, and possible keyword arguments, see: Route53 HostedZone:create_hosted_zone
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateHostedZone action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteHostedZone action.
Relationships
cloudify.relationships.aws.route53.hosted_zone.connected_to
:cloudify.aws.nodes.VPC
: Associate hosted zone with certain vpc.
Route53 Hosted Zone Example
Creates a new private hosted zone
my_dns_hosted_zone:
type: cloudify.nodes.aws.route53.HostedZone
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_id: !!str getcloudify.org
resource_config:
kwargs:
HostedZoneConfig:
Comment: !!str Cloudify-generated DNS Hosted Zone
PrivateZone: !!bool true
VPC:
VPCRegion: { get_input: aws_region_name }
VPCId: { get_attribute: [ dns_vpc, aws_resource_id ] }
relationships:
- type: cloudify.relationships.aws.route53.hosted_zone.connected_to
target: dns_vpc
dns_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: { get_input: vpc_cidr }
cloudify.nodes.aws.route53.RecordSet
This node type refers to an AWS Route53 Record Set
Resource Config
For more information, and possible keyword arguments, see: Route53 RecordSet:change_resource_record_sets
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the ChangeResourceRecordSets action.cloudify.interfaces.lifecycle.delete
: Executes the ChangeResourceRecordSets action.
Relationships
cloudify.relationships.aws.route53.record_set.connected_to
:cloudify.nodes.aws.route53.HostedZone
: Associate record set with certain hosted zone.
Route53 Record Set Example
Creates a resource record set
my_dns_record_set:
type: cloudify.nodes.aws.route53.RecordSet
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Action: UPSERT
ResourceRecordSet:
Name: { concat: ["staging.", { get_property: [dns_hosted_zone, resource_id] }] }
Type: !!str TXT
TTL: !!int 60
ResourceRecords:
- Value: '"Created using Cloudify"'
relationships:
- type: cloudify.relationships.aws.route53.record_set.connected_to
target: dns_hosted_zone
dns_hosted_zone:
type: cloudify.nodes.aws.route53.HostedZone
properties:
resource_id: !!str getcloudify.org
client_config:
aws_access_key_id: { get_input: aws_access_key_id }
aws_secret_access_key: { get_input: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
HostedZoneConfig:
Comment: !!str Cloudify-generated DNS Hosted Zone
PrivateZone: !!bool true
VPC:
VPCRegion: { get_input: aws_region_name }
VPCId: { get_attribute: [ dns_vpc, aws_resource_id ] }
relationships:
- type: cloudify.relationships.aws.route53.hosted_zone.connected_to
target: dns_vpc
dns_vpc:
type: cloudify.nodes.aws.ec2.Vpc
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
CidrBlock: { get_input: vpc_cidr }
cloudify.nodes.aws.s3.Bucket
This node type refers to an AWS S3 Bucket
Resource Config
Bucket
: String. The bucket name.ACL
: String. The canned ACL to apply to the bucket.CreateBucketConfiguration
: Map. Specifies the region where the bucket will be created.LocationConstraint
: String. If you don’t specify a region, the bucket will be created in US Standard.
For more information, and possible keyword arguments, see: S3 Bucket:create_bucket
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PUT Bucket action.cloudify.interfaces.lifecycle.delete
: Executes the DELETE Bucket action.
S3 Bucket Example
creates a new bucket
my_bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
cloudify.nodes.aws.s3.BucketLifecycleConfiguration
This node type refers to an AWS S3 Bucket Lifecycle Configuration
Resource Config
Bucket
: String. The bucket name.LifecycleConfiguration
: Map. The lifecycle configuration.Rules
: List. A list of rules in dict format with keys Prefix, Status, etc.
For more information, and possible keyword arguments, see: S3 BucketLifecycleConfiguration:put_bucket_lifecycle
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PUT Bucket lifecycle action.cloudify.interfaces.lifecycle.delete
: Executes the DELETE Bucket lifecycle action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.s3.Bucket
: Associate lifecycle configuration with certain bucket.
S3 Bucket Lifecycle Configuration Example
Creates a new lifecycle configuration for the bucket
my_bucket_lifecycle_configuration:
type: cloudify.nodes.aws.s3.BucketLifecycleConfiguration
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
LifecycleConfiguration:
Rules:
- ID: Standard Rule LFC
Prefix: boto3
Status: Disabled
Transition:
Days: 31
StorageClass: STANDARD_IA
Expiration:
Days: 95
relationships:
- type: cloudify.relationships.depends_on
target: bucket
bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
cloudify.nodes.aws.s3.BucketPolicy
This node type refers to an AWS S3 Bucket Policy
Resource Config
Bucket
: String. The bucket name.ConfirmRemoveSelfBucketAccess
: Boolean. Set this parameter to true to confirm that you want to remove your permissions to change this bucket policy in the future.Policy
: Map. The bucket policy.
For more information, and possible keyword arguments, see: S3 BucketPolicy:put_bucket_policy
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PUT Bucket Policy action.cloudify.interfaces.lifecycle.delete
: Executes the DELETE Bucket Policy action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.s3.Bucket
: Associate bucket policy with certain bucket.
S3 Bucket Policy Example
Creates a new bucket policy for the bucket
my_bucket_policy:
type: cloudify.nodes.aws.s3.BucketPolicy
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Policy:
Version: '2012-10-17'
Statement:
- Sid: EveryoneGetPlugin
Effect: Allow
Principal: "*"
Action:
- "s3:GetObject"
Resource: { concat: [ 'arn:aws:s3:::', { get_property: [ bucket, resource_config, Bucket ] } , '/*' ] }
relationships:
- type: cloudify.relationships.depends_on
target: bucket
bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
cloudify.nodes.aws.s3.BucketTagging
This node type refers to an AWS S3 Bucket Tagging
Resource Config
Bucket
: String. The bucket to tag.Tagging
: Map. The tagging set.TagSet
: List. A list of maps with a keys Key and Value.
For more information, and possible keyword arguments, see: S3 BucketTagging:put_bucket_tagging
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PUT Bucket Tagging action.cloudify.interfaces.lifecycle.delete
: Executes the DELETE Bucket Tagging action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.s3.Bucket
: Associate bucket tagging with certain bucket.
S3 Bucket Tagging Example
Creates a set of tags to an existing bucket
my_bucket_tagging:
type: cloudify.nodes.aws.s3.BucketTagging
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Tagging:
TagSet:
- Key: Name
Value: aws-test-bucket-tagging
relationships:
- type: cloudify.relationships.depends_on
target: bucket
bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
cloudify.nodes.aws.s3.BucketObject
This node type refers to an AWS S3 Bucket Tagging
Resource Config
Bucket
: String. The bucket name.Key
: String. Object key for which the PUT operation was initiated.ACL
: String. The canned ACL to apply to the object.
For more information, and possible keyword arguments, see: S3 BucketObject:put_object
Properties
source_type
: String. This property represents the source type of the object that need to be upload to the S3. the following options supported:- remote: Read data from remote url
- local: Read data from local url exists with blueprint
- bytes: Read data as sequence of bytes.These bytes should be specified inside “Body” param inside “resource_config”
path
: String. This property represents the path to read file that need to be uploaded to the S3 and this param should only provided when the source_type is “local” or “remote”
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the PUT Object action.cloudify.interfaces.lifecycle.delete
: Executes the DELETE Object action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.s3.Bucket
: Associate bucket object with certain bucket.
S3 Bucket Object Examples
Adds an object to a bucket
This example demonstrates how to add new object to the bucket by reading bytes data in Body
my_bucket_object_bytes:
type: cloudify.nodes.aws.s3.BucketObject
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
source_type: 'bytes'
resource_config:
ACL: 'public-read'
Bucket: { get_property: [ bucket, resource_config, Bucket ] }
Key: 'test-byte-data.txt'
kwargs:
Body: 'Test Bytes Mode'
relationships:
- type: cloudify.relationships.depends_on
target: bucket
bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
This example demonstrates how to add new object to the bucket by reading local file data in path
my_bucket_object_bytes:
type: cloudify.nodes.aws.s3.BucketObject
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
source_type: 'local'
path: './local-s3-object.txt'
resource_config:
ACL: 'public-read'
Bucket: { get_property: [ bucket, resource_config, Bucket ] }
Key: 'local-s3-object.txt'
relationships:
- type: cloudify.relationships.depends_on
target: bucket
bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
This example demonstrates how to add new object to the bucket by reading remote file url in path
my_bucket_object_bytes:
type: cloudify.nodes.aws.s3.BucketObject
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
source_type: 'remote'
path: 'https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf'
resource_config:
ACL: 'public-read'
Bucket: { get_property: [ bucket, resource_config, Bucket ] }
Key: 'dummy.pdf'
relationships:
- type: cloudify.relationships.depends_on
target: bucket
bucket:
type: cloudify.nodes.aws.s3.Bucket
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
Bucket: test-cloudify-bucket
ACL: public-read-write
CreateBucketConfiguration:
LocationConstraint: { get_input: aws_region_name }
cloudify.nodes.aws.SNS.Subscription
This node type refers to an AWS SNS Subscription
Resource Config
For more information, and possible keyword arguments, see: SNS Subscription:subscribe
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the Subscribe action.cloudify.interfaces.lifecycle.start
: Executes the GetSubscriptionAttributes action.cloudify.interfaces.lifecycle.delete
: Executes the Unsubscribe action.
Relationships
cloudify.relationships.depends_on
:cloudify.nodes.aws.SNS.Topic
: Associate subscription with certain topic.
SNS Subscription Example
Creates a subscription to endpoint
my_subscription:
type: cloudify.nodes.aws.SNS.Subscription
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Protocol: sqs
Endpoint: queue
relationships:
- type: cloudify.relationships.depends_on
target: topic
topic:
type: cloudify.nodes.aws.SNS.Topic
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: TestCloudifyTopic
cloudify.nodes.aws.SNS.Topic
This node type refers to an AWS SNS Topic
Resource Config
For more information, and possible keyword arguments, see: SNS Topic:create_topic
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateTopic action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteTopic action.
SNS Topic Example
Creates a topic to which notifications can be published
my_topic:
type: cloudify.nodes.aws.SNS.Topic
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Name: TestCloudifyTopic
cloudify.nodes.aws.SQS.Queue
This node type refers to an AWS SQS Queue
Resource Config
For more information, and possible keyword arguments, see: SQS Queue:create_queue
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes the CreateQueue action.cloudify.interfaces.lifecycle.delete
: Executes the DeleteQueue action.
SQS Example
Creates a new standard
my_queue:
type: cloudify.nodes.aws.SQS.Queue
properties:
client_config:
aws_access_key_id: { get_secret: aws_access_key_id }
aws_secret_access_key: { get_secret: aws_secret_access_key }
region_name: { get_input: aws_region_name }
resource_config:
kwargs:
Attributes:
Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Sid1",
"Effect": "Deny",
"Principal": "*",
"Action": [
"SQS:SendMessage",
"SQS:ReceiveMessage"
],
"Resource": "test-queue",
"Condition": {
"DateGreaterThan" : {
"aws:CurrentTime" : "2013-12-15T12:00:00Z"
}
}
}
]
}
MessageRetentionPeriod: '86400'
VisibilityTimeout: '180'
Known Issues
1. AWS plugin clock sync issue
in some cases, even if your credentials are correct and a error like this appears:
AWS was not able to validate the provided access credentials
Causes (most recent cause last):
--------------------------------
Traceback (most recent call last):
File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-aws-plugin-2.0.0/lib/python2.7/site-packages/cloudify_aws/common/__init__.py", line 87, in make_client_call
res = client_method(**client_method_args)
File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-aws-plugin-2.0.0/lib/python2.7/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/opt/mgmtworker/env/plugins/default_tenant/cloudify-aws-plugin-2.0.0/lib/python2.7/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
ClientError: An error occurred (AuthFailure) when calling the CreateNetworkInterface operation: AWS was not able to validate the provided access credentials
If the credentials are correct and no boto/aws CLI configuration files are on the filesystem, try resyncing your clock, e.g.
sudo ntpdate 1.ro.pool.ntp.org
cloudify.nodes.aws.eks.Cluster
This node type refers to an AWS EKS Cluster
Resource Config
For more information, and possible keyword arguments, see: EKS Cluster:create_cluster
Operations
cloudify.interfaces.lifecycle.create
: Storekube_config
in runtime properties.cloudify.interfaces.lifecycle.delete
: Executes the DeleteCluster action.
Relationships
cloudify.relationships.aws.eks.connected_to_eks_cluster
: Refreshes the access token of the kubeconfig that stored insidekubeconf
runtime property ifstore_kube_config_in_runtime
is true. Use this relationship on kubernetes resources which use thekubeconf
runtime property ofcloudify.nodes.aws.eks.Cluster
in oder to authenticate.
EKS Examples
Creates a new EKS Cluster
eks_cluster:
type: cloudify.nodes.aws.eks.Cluster
properties:
resource_config:
kwargs:
name: { get_input: eks_cluster_name }
version: { get_input: kubernetes_version }
roleArn: { get_attribute: [ eks_service_iam_role, aws_resource_arn ] }
resourcesVpcConfig:
subnetIds:
- { get_attribute: [ private_subnet_01, aws_resource_id ] }
- { get_attribute: [ private_subnet_02, aws_resource_id ] }
- { get_attribute: [ public_subnet_01, aws_resource_id ] }
- { get_attribute: [ public_subnet_02, aws_resource_id ] }
securityGroupIds:
- { get_attribute: [ security_group, aws_resource_id ] }
endpointPublicAccess: True
endpointPrivateAccess: False
client_config: *client_config
store_kube_config_in_runtime: True
Uses connected_to_eks_cluster Relationship
new_service_account:
type: cloudify.kubernetes.resources.ServiceAccount
properties:
client_config:
configuration:
file_content: { get_attribute: [ eks_cluster, kubeconf ] }
definition:
apiVersion: v1
kind: ServiceAccount
metadata:
name: { get_input: service_account_name }
namespace: { get_input: service_account_namespace }
options:
namespace: { get_input: service_account_namespace }
relationships:
- type: cloudify.relationships.aws.eks.connected_to_eks_cluster
target: eks_cluster
cloudify.nodes.aws.eks.NodeGroup
This node type refers to an AWS EKS NodeGroup
Resource Config
For more information, and possible keyword arguments, see: Node Group:create_nodegroup
Operations
cloudify.interfaces.lifecycle.create
: it will create nodegroup on EKS cluster.cloudify.interfaces.lifecycle.delete
: Executes the DeleteNodeGroup action.
NodeGroup Example
Creates a new EKS Cluster NodeGroup
eks_node_group:
type: cloudify.nodes.aws.eks.NodeGroup
properties:
resource_config:
kwargs:
clusterName: { get_input: eks_cluster_name }
nodegroupName: { get_input: eks_nodegroup_name }
scalingConfig:
minSize: 1
maxSize: 1
desiredSize: 1
diskSize: 20
subnets:
- { get_attribute: [ private_subnet_01, aws_resource_id ] }
- { get_attribute: [ private_subnet_02, aws_resource_id ] }
- { get_attribute: [ public_subnet_01, aws_resource_id ] }
- { get_attribute: [ public_subnet_02, aws_resource_id ] }
instanceTypes:
- t3.medium
amiType: AL2_x86_64
nodeRole: { get_attribute: [ eks_nodegroup_iam_role, aws_resource_arn ] }
remoteAccess:
ec2SshKey: { get_input: ssh_keypair }
client_config: *client_config
cloudify.nodes.aws.codepipeline.Pipeline
This node type refers to an AWS Codepipeline pipeline.
Resource Config
For more information, and possible keyword arguments, see: CodePipeline:create_pipeline
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes create_pipeline action.cloudify.interfaces.lifecycle.delete
: Executes delete_pipeline action.aws.codepipeline.pipeline.start_pipeline_execution
Executes start_pipeline_execution action.Pipeline Examples
Creates a new pipeline.
codepipeline:
type: cloudify.nodes.aws.codepipeline.Pipeline
properties:
client_config: *client_config
resource_config:
kwargs:
pipeline:
name: { get_input: pipeline_name }
roleArn: { get_input: code_pipeline_service_role }
artifactStore:
type: 'S3'
location: { get_input: artifact_store_bucket_name }
stages:
- name: 'Source-stage'
actions:
- name: 'source-action'
actionTypeId:
category: 'Source'
owner: 'AWS'
provider: 'S3'
version: '1'
outputArtifacts:
- name: 'My-source'
configuration:
S3Bucket: { get_input: source_code_bucket }
S3ObjectKey: test-app.zip
PollForSourceChanges: 'false'
region: { get_input: aws_region_name }
- name: 'Deploy-stage'
actions:
- name: 'deploy-action'
actionTypeId:
category: 'Deploy'
owner: 'AWS'
provider: 'S3'
version: '1'
inputArtifacts:
- name: 'My-source'
configuration:
"BucketName": { get_input: deployment_bucket_name }
"Extract": "true"
region: { get_input: aws_region_name }
version: 1
Invoke start_pipeline_execution operation:
cfy exec start -d pipelinedep execute_operation -p '{"node_instance_ids": ["codepipeline_uasi97"], "operation": "aws.codepipeline.pipeline.start_pipeline_execution", "operation_kwargs": {"name": "Demopipeline"}}'
cloudify.nodes.resources.AmazonWebServices
This resources does not represent any particular resource, but can be used to represent an AWS Account. This account can be used to discover AWS resource types.
Properties
resource_config
:resource_types
: A list of resources to discover. For example, [‘AWS::EKS::CLUSTER’].
regions
: A list of regions to discover resources in, for example, [‘us-east-1’, ‘us-east-2’].
Workflows
discover_and_deploy
: Discover resources and deploy blueprints to interact with them from Cloudify.- parameters
node_id
: The name of the deployment’s cloudify.nodes.resources.AmazonWebServices node template that you wish to use to discover. Defaults to the only node in the deployment.resource_types
: Defaults to those resource_types in the node template.blueprint_id
: The blueprint ID to use to deploy the resources. For example,existing-eks-cluster
.
- parameters
cloudify.nodes.aws.ec2.SpotFleetRequest
This node type refers to an AWS spot fleet request.
Resource Config
For more information, and possible keyword arguments, see: EC2:request_spot_fleet
Operations
cloudify.interfaces.lifecycle.create
: Storeresource_config
in runtime properties.cloudify.interfaces.lifecycle.configure
: Executes create_pipeline action.cloudify.interfaces.lifecycle.delete
: Executes delete_pipeline action.
Spot Fleet Example
fleet:
type: cloudify.nodes.aws.ec2.SpotFleetRequest
properties:
client_config: *client_config
resource_config:
kwargs:
SpotFleetRequestConfig:
IamFleetRole: { get_attribute: [ cfy_fleet_role, aws_resource_arn ] }
LaunchSpecifications:
- IamInstanceProfile:
Arn: { get_attribute: [ cfy_fleet_profile, aws_resource_arn ] }
ImageId: { get_attribute: [ ami, aws_resource_id ] }
InstanceType: { get_input: instance_type }
KeyName: { get_input: key_name }
Placement:
AvailabilityZone: { get_input: availability_zone }
SubnetId: { get_attribute: [ subnet, aws_resource_id ] }
SecurityGroups:
- GroupId: { get_attribute: [ security_group, aws_resource_id ] }
SpotPrice: '0.04'
TargetCapacity: 4