Skip to content

Commit

Permalink
Update Python examples to use classes (pulumi#801)
Browse files Browse the repository at this point in the history
  • Loading branch information
justinvp authored Sep 25, 2020
1 parent c2571f4 commit f0732dc
Show file tree
Hide file tree
Showing 50 changed files with 1,137 additions and 1,028 deletions.
20 changes: 10 additions & 10 deletions aws-py-appsync/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@
table = dynamodb.Table(
"tenants",
hash_key="id",
attributes=[{
"name": "id",
"type": "S"
}],
attributes=[dynamodb.TableAttributeArgs(
name="id",
type="S"
)],
read_capacity=1,
write_capacity=1)

Expand Down Expand Up @@ -44,7 +44,7 @@

attachment = iam.RolePolicyAttachment(
"iam-policy-attachment",
role=role,
role=role.name,
policy_arn=policy.arn)

## GraphQL Schema
Expand Down Expand Up @@ -82,8 +82,8 @@
random_string = random.RandomString(
"random-datasource-name",
length=15,
special="false",
number="false",
special=False,
number=False,
)

## Link a data source to the Dynamo DB Table
Expand All @@ -92,9 +92,9 @@
name=random_string.result,
api_id=api.id,
type="AMAZON_DYNAMODB",
dynamodb_config={
"table_name": table.name
},
dynamodb_config=appsync.DataSourceDynamodbConfigArgs(
table_name=table.name,
),
service_role_arn=role.arn)

## A resolver for the [getTenantById] query
Expand Down
12 changes: 6 additions & 6 deletions aws-py-ec2-provisioners/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,19 @@ def decode_key(key):
secgrp = aws.ec2.SecurityGroup('secgrp',
description='Foo',
ingress=[
{ 'protocol': 'tcp', 'from_port': 22, 'to_port': 22, 'cidr_blocks': ['0.0.0.0/0'] },
{ 'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0'] },
aws.ec2.SecurityGroupIngressArgs(protocol='tcp', from_port=22, to_port=22, cidr_blocks=['0.0.0.0/0']),
aws.ec2.SecurityGroupIngressArgs(protocol='tcp', from_port=80, to_port=80, cidr_blocks=['0.0.0.0/0']),
],
)

# Get the AMI
ami = aws.get_ami(
owners=['amazon'],
most_recent=True,
filters=[{
'name': 'name',
'values': ['amzn2-ami-hvm-2.0.????????-x86_64-gp2'],
}],
filters=[aws.GetAmiFilterArgs(
name='name',
values=['amzn2-ami-hvm-2.0.????????-x86_64-gp2'],
)],
)

# Create an EC2 server that we'll then provision stuff onto.
Expand Down
26 changes: 14 additions & 12 deletions aws-py-eks/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,14 @@
eks_cluster = eks.Cluster(
'eks-cluster',
role_arn=iam.eks_role.arn,
tags= {'Name':'pulumi-eks-cluster'},
vpc_config = {
'publicAccessCidrs': ['0.0.0.0/0'],
'security_group_ids': [vpc.eks_security_group.id],
'subnet_ids': vpc.subnet_ids,
}
tags={
'Name': 'pulumi-eks-cluster',
},
vpc_config=eks.ClusterVpcConfigArgs(
public_access_cidrs=['0.0.0.0/0'],
security_group_ids=[vpc.eks_security_group.id],
subnet_ids=vpc.subnet_ids,
),
)

eks_node_group = eks.NodeGroup(
Expand All @@ -23,13 +25,13 @@
node_role_arn=iam.ec2_role.arn,
subnet_ids=vpc.subnet_ids,
tags={
'Name' : 'pulumi-cluster-nodeGroup'
'Name': 'pulumi-cluster-nodeGroup',
},
scaling_config = {
'desired_size': 2,
'max_size': 2,
'min_size': 1,
},
scaling_config=eks.NodeGroupScalingConfigArgs(
desired_size=2,
max_size=2,
min_size=1,
),
)

pulumi.export('cluster-name', eks_cluster.name)
21 changes: 10 additions & 11 deletions aws-py-eks/iam.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@

eks_role = iam.Role(
'eks-iam-role',

assume_role_policy=json.dumps({
'Version': '2012-10-17',
'Statement': [
Expand All @@ -17,21 +16,21 @@
'Effect': 'Allow',
'Sid': ''
}
]
})
],
}),
)

iam.RolePolicyAttachment(
'eks-service-policy-attachment',
role=eks_role.id,
policy_arn='arn:aws:iam::aws:policy/AmazonEKSServicePolicy'
)
policy_arn='arn:aws:iam::aws:policy/AmazonEKSServicePolicy',
)


iam.RolePolicyAttachment(
'eks-cluster-policy-attachment',
role=eks_role.id,
policy_arn='arn:aws:iam::aws:policy/AmazonEKSClusterPolicy'
policy_arn='arn:aws:iam::aws:policy/AmazonEKSClusterPolicy',
)

## Ec2 NodeGroup Role
Expand All @@ -49,25 +48,25 @@
'Effect': 'Allow',
'Sid': ''
}
]
})
],
}),
)

iam.RolePolicyAttachment(
'eks-workernode-policy-attachment',
role=ec2_role.id,
policy_arn='arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy'
policy_arn='arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy',
)


iam.RolePolicyAttachment(
'eks-cni-policy-attachment',
role=ec2_role.id,
policy_arn='arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy'
policy_arn='arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy',
)

iam.RolePolicyAttachment(
'ec2-container-ro-policy-attachment',
role=ec2_role.id,
policy_arn='arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly'
policy_arn='arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly',
)
66 changes: 33 additions & 33 deletions aws-py-eks/vpc.py
Original file line number Diff line number Diff line change
@@ -1,37 +1,36 @@
from pulumi_aws import config, ec2, get_availability_zones
from pulumi_aws import ec2, get_availability_zones

## VPC

vpc = ec2.Vpc(
'eks-vpc',
'eks-vpc',
cidr_block='10.100.0.0/16',
instance_tenancy='default',
enable_dns_hostnames=True,
enable_dns_support=True,
tags={
'Name' : 'pulumi-eks-vpc'
}
'Name': 'pulumi-eks-vpc',
},
)

igw = ec2.InternetGateway(
'vpc-ig',
vpc_id=vpc.id,
tags={
'Name' : 'pulumi-vpc-ig'
}
'Name': 'pulumi-vpc-ig',
},
)

eks_route_table = ec2.RouteTable(
'vpc-route-table',
vpc_id=vpc.id,
routes=[{
'cidr_block' : '0.0.0.0/0',
'gateway_id' : igw.id
}
],
routes=[ec2.RouteTableRouteArgs(
cidr_block='0.0.0.0/0',
gateway_id=igw.id,
)],
tags={
'Name' : 'pulumi-vpc-rt'
}
'Name': 'pulumi-vpc-rt',
},
)

## Subnets, one for each AZ in a region
Expand All @@ -41,15 +40,15 @@

for zone in zones.names:
vpc_subnet = ec2.Subnet(
f'vpc-subnet-{zone}' ,
f'vpc-subnet-{zone}',
assign_ipv6_address_on_creation=False,
vpc_id=vpc.id,
map_public_ip_on_launch=True,
cidr_block=f'10.100.{len(subnet_ids)}.0/24',
availability_zone= zone,
availability_zone=zone,
tags={
'Name' : f'pulumi-sn-{zone}'
}
'Name': f'pulumi-sn-{zone}',
},
)
ec2.RouteTableAssociation(
f'vpc-route-table-assoc-{zone}',
Expand All @@ -65,21 +64,22 @@
vpc_id=vpc.id,
description='Allow all HTTP(s) traffic to EKS Cluster',
tags={
'Name' : 'pulumi-cluster-sg'
'Name': 'pulumi-cluster-sg',
},
ingress=[{
'cidr_blocks' : ['0.0.0.0/0'],
'from_port' : '443',
'to_port' : '443',
'protocol' : 'tcp',
'description' : 'Allow pods to communicate with the cluster API Server.'
},
{
'cidr_blocks' : ['0.0.0.0/0'],
'from_port' : '80',
'to_port' : '80',
'protocol' : 'tcp',
'description' : 'Allow internet access to pods'
}
]
ingress=[
ec2.SecurityGroupIngressArgs(
cidr_blocks=['0.0.0.0/0'],
from_port=443,
to_port=443,
protocol='tcp',
description='Allow pods to communicate with the cluster API Server.'
),
ec2.SecurityGroupIngressArgs(
cidr_blocks=['0.0.0.0/0'],
from_port=80,
to_port=80,
protocol='tcp',
description='Allow internet access to pods'
),
],
)
62 changes: 31 additions & 31 deletions aws-py-fargate/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,47 +6,47 @@
cluster = aws.ecs.Cluster('cluster')

# Read back the default VPC and public subnets, which we will use.
default_vpc = aws.ec2.get_vpc(default='true')
default_vpc = aws.ec2.get_vpc(default=True)
default_vpc_subnets = aws.ec2.get_subnet_ids(vpc_id=default_vpc.id)

# Create a SecurityGroup that permits HTTP ingress and unrestricted egress.
group = aws.ec2.SecurityGroup('web-secgrp',
vpc_id=default_vpc.id,
description='Enable HTTP access',
ingress=[{
'protocol': 'tcp',
'from_port': 80,
'to_port': 80,
'cidr_blocks': ['0.0.0.0/0'],
}],
egress=[{
'protocol': '-1',
'from_port': 0,
'to_port': 0,
'cidr_blocks': ['0.0.0.0/0'],
}]
ingress=[aws.ec2.SecurityGroupIngressArgs(
protocol='tcp',
from_port=80,
to_port=80,
cidr_blocks=['0.0.0.0/0'],
)],
egress=[aws.ec2.SecurityGroupEgressArgs(
protocol='-1',
from_port=0,
to_port=0,
cidr_blocks=['0.0.0.0/0'],
)],
)

# Create a load balancer to listen for HTTP traffic on port 80.
alb = aws.lb.LoadBalancer('app-lb',
security_groups=[group.id],
subnets=default_vpc_subnets.ids
subnets=default_vpc_subnets.ids,
)

atg = aws.lb.TargetGroup('app-tg',
port=80,
protocol='HTTP',
target_type='ip',
vpc_id=default_vpc.id
vpc_id=default_vpc.id,
)

wl = aws.lb.Listener('web',
load_balancer_arn=alb.arn,
port=80,
default_actions=[{
'type': 'forward',
'target_group_arn': atg.arn
}]
default_actions=[aws.lb.ListenerDefaultActionArgs(
type='forward',
target_group_arn=atg.arn,
)],
)

# Create an IAM role that can be used by our service's task.
Expand All @@ -61,12 +61,12 @@
},
'Action': 'sts:AssumeRole',
}]
})
}),
)

rpa = aws.iam.RolePolicyAttachment('task-exec-policy',
role=role.name,
policy_arn='arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
policy_arn='arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy',
)

# Spin up a load balanced service running our container image.
Expand All @@ -93,16 +93,16 @@
desired_count=3,
launch_type='FARGATE',
task_definition=task_definition.arn,
network_configuration={
'assign_public_ip': 'true',
'subnets': default_vpc_subnets.ids,
'security_groups': [group.id]
},
load_balancers=[{
'target_group_arn': atg.arn,
'container_name': 'my-app',
'container_port': 80
}],
network_configuration=aws.ecs.ServiceNetworkConfigurationArgs(
assign_public_ip=True,
subnets=default_vpc_subnets.ids,
security_groups=[group.id],
),
load_balancers=[aws.ecs.ServiceLoadBalancerArgs(
target_group_arn=atg.arn,
container_name='my-app',
container_port=80,
)],
opts=ResourceOptions(depends_on=[wl]),
)

Expand Down
Loading

0 comments on commit f0732dc

Please sign in to comment.