diff --git a/README.md b/README.md index e69de29..bcd2dfb 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,64 @@ + +# VPC-Scenario2 + +Amazon's [VPC Scenario 2](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html) is the classic network architecture. It can support public-facing and private components. + +### Resources Created + + * A `vpc`. + * An `internet_gateway`. + * A `public_subnet`. + * A `private_subnet`. + * A `public_subnet_routetable`. + * A `private_subnet_routetable`. + * A `route_public_subnet_internet_gateway`. + * A `nat_gateway_ip` - created with the `update-blueprint.yaml`. + * A `nat_gateway` - created with the `update-blueprint.yaml`. + * A `route_private_subnet_nat_gateway` - created with the `update-blueprint.yaml`. + + +## Compatibility + +Tested with: + * Cloudify 4.2 + + +## Pre-installation steps + +Upload the required plugins: + + * [AWSSDK Plugin](https://github.com/cloudify-incubator/cloudify-awssdk-plugin/releases). + +_Check the blueprint for the exact version of the plugin._ + + +If you do not provide your own `deployment inputs` below, you must add these secrets to your Cloudify Manager `tenant`: + + * aws_access_key_id + * aws_secret_access_key + * ec2_region_name, such as `us-east-1`. + * ec2_region_endpoint, such as `ec2.us-east-1.amazonaws.com`. + * availability_zone, such as `us-east-1c`. + + +## Installation + +On your Cloudify Manager, navigate to `Local Blueprints` select `Upload`. + +[Right-click and copy URL](https://github.com/cloudify-examples/vpc-scenario2-blueprint/archive/master.zip). Paste where it says `Enter blueprint url`. Provide a blueprint name, such as `aws-vpc-scenario2` in the field labeled `blueprint name`. Select `simple-blueprint.yaml` from `Blueprint filename` menu. + +After the new blueprint has been created, click the `Deploy` button. + +Navigate to `Deployments`, find your new deployment, select `Install` from the `workflow`'s menu. At this stage, you may provide your own values for any of the default `deployment inputs`. + + +## Update Deployment + +In order to provide outbound internet access to the private subnet, you can update the deployment. + +Navigate to `Deployments`, find your deployment, click on it. Once the deployment's page has loaded, click the `Update Deployment` button. [Right-click and copy URL](https://github.com/cloudify-examples/vpc-scenario2-blueprint/archive/master.zip). Paste where it says `Enter new blueprint url`. This time, select `update-blueprint.yaml` from `Blueprint filename` menu. + + +## Uninstallation + +Navigate to the deployment and select `Uninstall`. When the uninstall workflow is finished, select `Delete deployment`. diff --git a/simple-blueprint.yaml b/simple-blueprint.yaml new file mode 100644 index 0000000..94a264e --- /dev/null +++ b/simple-blueprint.yaml @@ -0,0 +1,145 @@ +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + Create an AWS VPC based on the Scenario 2 design. + +imports: + - http://www.getcloudify.org/spec/cloudify/4.2/types.yaml + - http://www.getcloudify.org/spec/awssdk-plugin/1.2.0.1/plugin.yaml + +inputs: + + aws_access_key_id: + description: YOUR AWS ACCESS KEY ID + default: { get_secret: aws_access_key_id } + + aws_secret_access_key: + description: YOUR AWS SECRET ACCESS KEY + default: { get_secret: aws_secret_access_key } + + ec2_region_name: + default: { get_secret: ec2_region_name } + + ec2_region_endpoint: + default: { get_secret: ec2_region_endpoint } + + availability_zone: + default: { get_secret: availability_zone } + + vpc_cidr: + default: 10.10.0.0/16 + + public_subnet_cidr: + default: 10.10.0.0/24 + + private_subnet_cidr: + default: 10.10.1.0/24 + +dsl_definitions: + + aws_config: &client_config + aws_access_key_id: { get_input: aws_access_key_id } + aws_secret_access_key: { get_input: aws_secret_access_key } + region_name: { get_input: ec2_region_name } + +node_templates: + + vpc: + type: cloudify.nodes.aws.ec2.Vpc + properties: + resource_config: + kwargs: + CidrBlock: { get_input: vpc_cidr } + client_config: *client_config + + internet_gateway: + type: cloudify.nodes.aws.ec2.InternetGateway + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.connected_to + target: vpc + + public_subnet: + type: cloudify.nodes.aws.ec2.Subnet + properties: + resource_config: + kwargs: + CidrBlock: { get_input: public_subnet_cidr } + AvailabilityZone: { get_input: availability_zone } + client_config: *client_config + relationships: + - type: cloudify.relationships.depends_on + target: vpc + - type: cloudify.relationships.depends_on + target: internet_gateway + + private_subnet: + type: cloudify.nodes.aws.ec2.Subnet + properties: + resource_config: + kwargs: + CidrBlock: { get_input: private_subnet_cidr } + AvailabilityZone: { get_input: availability_zone } + client_config: *client_config + relationships: + - type: cloudify.relationships.depends_on + target: vpc + - type: cloudify.relationships.depends_on + target: internet_gateway + + public_subnet_routetable: + type: cloudify.nodes.aws.ec2.RouteTable + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: vpc + - type: cloudify.relationships.connected_to + target: public_subnet + + private_subnet_routetable: + type: cloudify.nodes.aws.ec2.RouteTable + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: vpc + - type: cloudify.relationships.connected_to + target: private_subnet + + route_public_subnet_internet_gateway: + type: cloudify.nodes.aws.ec2.Route + properties: + resource_config: + kwargs: + DestinationCidrBlock: '0.0.0.0/0' + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: public_subnet_routetable + - type: cloudify.relationships.connected_to + target: internet_gateway + interfaces: + cloudify.interfaces.lifecycle: + stop: {} + +outputs: + + vpc_id: + value: { get_attribute: [ vpc, aws_resource_id ] } + + public_subnet_id: + value: { get_attribute: [ public_subnet, aws_resource_id ] } + + private_subnet_id: + value: { get_attribute: [ private_subnet, aws_resource_id ] } + + ec2_region_name: + value: { get_input: ec2_region_name } + + ec2_region_endpoint: + value: { get_input: ec2_region_endpoint } + + availability_zone: + value: { get_input: availability_zone } diff --git a/update-blueprint.yaml b/update-blueprint.yaml new file mode 100644 index 0000000..1ca4765 --- /dev/null +++ b/update-blueprint.yaml @@ -0,0 +1,182 @@ +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + Create an AWS VPC based on the Scenario 2 design. + +imports: + - http://www.getcloudify.org/spec/cloudify/4.2/types.yaml + - http://www.getcloudify.org/spec/awssdk-plugin/1.2.0.1/plugin.yaml + +inputs: + + aws_access_key_id: + description: YOUR AWS ACCESS KEY ID + default: { get_secret: aws_access_key_id } + + aws_secret_access_key: + description: YOUR AWS SECRET ACCESS KEY + default: { get_secret: aws_secret_access_key } + + ec2_region_name: + default: { get_secret: ec2_region_name } + + ec2_region_endpoint: + default: { get_secret: ec2_region_endpoint } + + availability_zone: + default: { get_secret: availability_zone } + + vpc_cidr: + default: 10.10.0.0/16 + + public_subnet_cidr: + default: 10.10.0.0/24 + + private_subnet_cidr: + default: 10.10.1.0/24 + +dsl_definitions: + + aws_config: &client_config + aws_access_key_id: { get_input: aws_access_key_id } + aws_secret_access_key: { get_input: aws_secret_access_key } + region_name: { get_input: ec2_region_name } + +node_templates: + + vpc: + type: cloudify.nodes.aws.ec2.Vpc + properties: + resource_config: + kwargs: + CidrBlock: { get_input: vpc_cidr } + client_config: *client_config + + internet_gateway: + type: cloudify.nodes.aws.ec2.InternetGateway + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.connected_to + target: vpc + + public_subnet: + type: cloudify.nodes.aws.ec2.Subnet + properties: + resource_config: + kwargs: + CidrBlock: { get_input: public_subnet_cidr } + AvailabilityZone: { get_input: availability_zone } + client_config: *client_config + relationships: + - type: cloudify.relationships.depends_on + target: vpc + - type: cloudify.relationships.depends_on + target: internet_gateway + + private_subnet: + type: cloudify.nodes.aws.ec2.Subnet + properties: + resource_config: + kwargs: + CidrBlock: { get_input: private_subnet_cidr } + AvailabilityZone: { get_input: availability_zone } + client_config: *client_config + relationships: + - type: cloudify.relationships.depends_on + target: vpc + - type: cloudify.relationships.depends_on + target: internet_gateway + + public_subnet_routetable: + type: cloudify.nodes.aws.ec2.RouteTable + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: vpc + - type: cloudify.relationships.connected_to + target: public_subnet + + private_subnet_routetable: + type: cloudify.nodes.aws.ec2.RouteTable + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: vpc + - type: cloudify.relationships.connected_to + target: private_subnet + + route_public_subnet_internet_gateway: + type: cloudify.nodes.aws.ec2.Route + properties: + resource_config: + kwargs: + DestinationCidrBlock: '0.0.0.0/0' + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: public_subnet_routetable + - type: cloudify.relationships.connected_to + target: internet_gateway + interfaces: + cloudify.interfaces.lifecycle: + stop: {} + + nat_gateway_ip: + type: cloudify.nodes.aws.ec2.ElasticIP + properties: + resource_config: + kwargs: + Domain: 'vpc' + client_config: *client_config + interfaces: + cloudify.interfaces.lifecycle: + stop: {} + + nat_gateway: + type: cloudify.nodes.aws.ec2.NATGateway + properties: + client_config: *client_config + relationships: + - type: cloudify.relationships.depends_on + target: public_subnet + - type: cloudify.relationships.depends_on + target: nat_gateway_ip + + route_private_subnet_nat_gateway: + type: cloudify.nodes.aws.ec2.Route + properties: + resource_config: + kwargs: + DestinationCidrBlock: '0.0.0.0/0' + client_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: private_subnet_routetable + - type: cloudify.relationships.connected_to + target: nat_gateway + interfaces: + cloudify.interfaces.lifecycle: + stop: {} + +outputs: + + vpc_id: + value: { get_attribute: [ vpc, aws_resource_id ] } + + public_subnet_id: + value: { get_attribute: [ public_subnet, aws_resource_id ] } + + private_subnet_id: + value: { get_attribute: [ private_subnet, aws_resource_id ] } + + ec2_region_name: + value: { get_input: ec2_region_name } + + ec2_region_endpoint: + value: { get_input: ec2_region_endpoint } + + availability_zone: + value: { get_input: availability_zone }