diff --git a/NetworkACL/networkackentry.yaml b/NetworkACL/networkackentry.yaml index cf07485..9f5090b 100644 --- a/NetworkACL/networkackentry.yaml +++ b/NetworkACL/networkackentry.yaml @@ -1,99 +1,100 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: VpcId: - Type: 'AWS::EC2::VPC::Id' + Type: AWS::EC2::VPC::Id + Default: !Ref 'VpcId' Resources: MyNACL: - Type: 'AWS::EC2::NetworkAcl' + Type: AWS::EC2::NetworkAcl Properties: - VpcId: !Ref VpcId + VpcId: !Ref 'VpcId' EC2NetworkAclentryIngress1: - Type: 'AWS::EC2::NetworkAclEntry' + Type: AWS::EC2::NetworkAclEntry Properties: Icmp: Code: -1 Type: -1 - NetworkAclId: !Ref MyNACL + NetworkAclId: !Ref 'MyNACL' RuleNumber: 1 Egress: false Protocol: 1 RuleAction: allow - CidrBlock: 0.0.0.0/0 + CidrBlock: '0.0.0.0/0' PortRange: From: 22 To: 22 EC2NetworkAclentryIngress2: - Type: 'AWS::EC2::NetworkAclEntry' + Type: AWS::EC2::NetworkAclEntry Properties: Icmp: Code: -1 Type: -1 - NetworkAclId: !Ref MyNACL + NetworkAclId: !Ref 'MyNACL' RuleNumber: 2 Egress: false Protocol: 1 RuleAction: allow - Ipv6CidrBlock: '::/0' + Ipv6CidrBlock: ::/0 PortRange: From: 22 To: 22 EC2NetworkAclentryIngress3: - Type: 'AWS::EC2::NetworkAclEntry' + Type: AWS::EC2::NetworkAclEntry Properties: Icmp: Code: -1 Type: -1 - NetworkAclId: !Ref MyNACL + NetworkAclId: !Ref 'MyNACL' RuleNumber: 3 Egress: false Protocol: -1 RuleAction: allow - CidrBlock: 0.0.0.0/0 + CidrBlock: '0.0.0.0/0' PortRange: From: 22 To: 22 EC2NetworkAclentryEngress1: - Type: 'AWS::EC2::NetworkAclEntry' + Type: AWS::EC2::NetworkAclEntry Properties: Icmp: Code: -1 Type: -1 - NetworkAclId: !Ref MyNACL + NetworkAclId: !Ref 'MyNACL' RuleNumber: 4 Egress: true Protocol: 1 RuleAction: allow - CidrBlock: 0.0.0.0/0 + CidrBlock: '0.0.0.0/0' PortRange: From: 22 To: 22 EC2NetworkAclentryEngress2: - Type: 'AWS::EC2::NetworkAclEntry' + Type: AWS::EC2::NetworkAclEntry Properties: Icmp: Code: -1 Type: -1 - NetworkAclId: !Ref MyNACL + NetworkAclId: !Ref 'MyNACL' RuleNumber: 5 Egress: true Protocol: 1 RuleAction: allow - Ipv6CidrBlock: '::/0' + Ipv6CidrBlock: ::/0 PortRange: From: 22 To: 22 EC2NetworkAclentryEngress3: - Type: 'AWS::EC2::NetworkAclEntry' + Type: AWS::EC2::NetworkAclEntry Properties: Icmp: Code: -1 Type: -1 - NetworkAclId: !Ref MyNACL + NetworkAclId: !Ref 'MyNACL' RuleNumber: 6 Egress: true Protocol: -1 RuleAction: allow - CidrBlock: 0.0.0.0/0 + CidrBlock: '0.0.0.0/0' PortRange: From: 22 To: 22 diff --git a/acm/acm.yaml b/acm/acm.yaml index 9916888..4dbc451 100644 --- a/acm/acm.yaml +++ b/acm/acm.yaml @@ -3,7 +3,7 @@ Parameters: domain: Type: String Description: DNS domain to create a SES email for - Default: "*" + Default: '*' Resources: SslCertificate: Type: AWS::CertificateManager::Certificate diff --git a/api_gateway/api_gateway.yaml b/api_gateway/api_gateway.yaml index 7a9a5c2..7712c8e 100644 --- a/api_gateway/api_gateway.yaml +++ b/api_gateway/api_gateway.yaml @@ -1,7 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: | - Example REST API with a Lambda authorizer. To invoke the API, clients must include specific - header and query string values in the request. +Description: "Example REST API with a Lambda authorizer. To invoke the API, clients\ + \ must include specific\nheader and query string values in the request.\n" Resources: MyAPI: Type: AWS::ApiGateway::RestApi @@ -9,35 +8,33 @@ Resources: Name: example-rest-api-with-auth EndpointConfiguration: Types: - - EDGE + - EDGE MyAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: - AuthorizerCredentials: !GetAtt InvokeRole.Arn - AuthorizerUri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyAuthFunction.Arn}/invocations + AuthorizerCredentials: !GetAtt 'InvokeRole.Arn' + AuthorizerUri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyAuthFunction.Arn}/invocations' IdentitySource: method.request.header.HeaderAuth1,method.request.querystring.QueryString1 Name: my-authorizer - RestApiId: !Ref MyAPI + RestApiId: !Ref 'MyAPI' Type: COGNITO_USER_POOLS Method: Type: AWS::ApiGateway::Method Properties: HttpMethod: GET - ResourceId: !GetAtt MyAPI.RootResourceId - RestApiId: !Ref MyAPI - AuthorizationType: CUSTOM - AuthorizerId: !Ref MyAuthorizer + ResourceId: !Ref 'PetsResource' + RestApiId: !Ref 'MyAPI' + AuthorizationType: NONE Integration: - Type: AWS_PROXY - Uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyProxyFunction.Arn}/invocations - Credentials: !GetAtt InvokeRole.Arn - IntegrationHttpMethod: POST + Type: HTTP_PROXY + Uri: http://petstore.execute-api.us-west-1.amazonaws.com/petstore/pets + IntegrationHttpMethod: GET Deployment: DependsOn: Method Type: AWS::ApiGateway::Deployment Properties: - RestApiId: !Ref MyAPI - StageName: test + RestApiId: !Ref 'MyAPI' + StageName: tempstage InvokeRole: Type: AWS::IAM::Role Properties: @@ -47,9 +44,9 @@ Resources: - Effect: Allow Principal: Service: - - apigateway.amazonaws.com + - apigateway.amazonaws.com Action: - - 'sts:AssumeRole' + - sts:AssumeRole Policies: - PolicyName: invokeauth PolicyDocument: @@ -57,108 +54,68 @@ Resources: Statement: - Effect: Allow Action: lambda:InvokeFunction - Resource: !GetAtt MyAuthFunction.Arn + Resource: !GetAtt 'MyAuthFunction.Arn' - PolicyName: invokelambdaproxy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: lambda:InvokeFunction - Resource: !GetAtt MyProxyFunction.Arn + Resource: !GetAtt 'MyProxyFunction.Arn' MyAuthFunction: Type: AWS::Lambda::Function Properties: Runtime: nodejs12.x - Role: !GetAtt FunctionExecutionRole.Arn + Role: !GetAtt 'FunctionExecutionRole.Arn' Handler: index.handler Code: - ZipFile: | - exports.handler = function(event, context, callback) { - console.log('Received event:', JSON.stringify(event, null, 2)); - // A simple request-based authorizer example to demonstrate how to use request - // parameters to allow or deny a request. In this example, a request is - // authorized if the client-supplied HeaderAuth1 header and QueryString1 - // query parameter match 'headerValue1' and 'queryValue1'. - // Retrieve request parameters from the Lambda function input: - var headers = event.headers; - var queryStringParameters = event.queryStringParameters; - var pathParameters = event.pathParameters; - var stageVariables = event.stageVariables; - - // Parse the input for the parameter values - var tmp = event.methodArn.split(':'); - var apiGatewayArnTmp = tmp[5].split('/'); - var awsAccountId = tmp[4]; - var region = tmp[3]; - var restApiId = apiGatewayArnTmp[0]; - var stage = apiGatewayArnTmp[1]; - var method = apiGatewayArnTmp[2]; - var resource = '/'; // root resource - if (apiGatewayArnTmp[3]) { - resource += apiGatewayArnTmp[3]; - } - - // Perform authorization to return the Allow policy for correct parameters and - // the 'Unauthorized' error, otherwise. - var authResponse = {}; - var condition = {}; - condition.IpAddress = {}; - - if (headers.HeaderAuth1 === "headerValue1" - && queryStringParameters.QueryString1 === "queryValue1") { - callback(null, generateAllow('me', event.methodArn)); - } else { - callback("Unauthorized"); - } - } - - // Helper function to generate an IAM policy - var generatePolicy = function(principalId, effect, resource) { - // Required output: - var authResponse = {}; - authResponse.principalId = principalId; - if (effect && resource) { - var policyDocument = {}; - policyDocument.Version = '2012-10-17'; // default version - policyDocument.Statement = []; - var statementOne = {}; - statementOne.Action = 'execute-api:Invoke'; // default action - statementOne.Effect = effect; - statementOne.Resource = resource; - policyDocument.Statement[0] = statementOne; - authResponse.policyDocument = policyDocument; - } - // Optional output with custom properties of the String, Number or Boolean type. - authResponse.context = { - "stringKey": "stringval", - "numberKey": 123, - "booleanKey": true - }; - return authResponse; - } - - var generateAllow = function(principalId, resource) { - return generatePolicy(principalId, 'Allow', resource); - } - - var generateDeny = function(principalId, resource) { - return generatePolicy(principalId, 'Deny', resource); - } + ZipFile: "exports.handler = function(event, context, callback) {\n console.log('Received\ + \ event:', JSON.stringify(event, null, 2));\n // A simple request-based\ + \ authorizer example to demonstrate how to use request\n // parameters\ + \ to allow or deny a request. In this example, a request is\n // authorized\ + \ if the client-supplied HeaderAuth1 header and QueryString1\n // query\ + \ parameter match 'headerValue1' and 'queryValue1'.\n // Retrieve request\ + \ parameters from the Lambda function input:\n var headers = event.headers;\n\ + \ var queryStringParameters = event.queryStringParameters;\n var pathParameters\ + \ = event.pathParameters;\n var stageVariables = event.stageVariables;\n\ + \ \n // Parse the input for the parameter values\n var tmp = event.methodArn.split(':');\n\ + \ var apiGatewayArnTmp = tmp[5].split('/');\n var awsAccountId = tmp[4];\n\ + \ var region = tmp[3];\n var restApiId = apiGatewayArnTmp[0];\n var stage\ + \ = apiGatewayArnTmp[1];\n var method = apiGatewayArnTmp[2];\n var resource\ + \ = '/'; // root resource\n if (apiGatewayArnTmp[3]) {\n resource\ + \ += apiGatewayArnTmp[3];\n }\n \n // Perform authorization to return\ + \ the Allow policy for correct parameters and \n // the 'Unauthorized'\ + \ error, otherwise.\n var authResponse = {};\n var condition = {};\n \ + \ condition.IpAddress = {};\n \n if (headers.HeaderAuth1 === \"headerValue1\"\ + \n && queryStringParameters.QueryString1 === \"queryValue1\") {\n \ + \ callback(null, generateAllow('me', event.methodArn));\n } else {\n\ + \ callback(\"Unauthorized\");\n }\n }\n \n // Helper function to\ + \ generate an IAM policy\n var generatePolicy = function(principalId, effect,\ + \ resource) {\n // Required output:\n var authResponse = {};\n authResponse.principalId\ + \ = principalId;\n if (effect && resource) {\n var policyDocument\ + \ = {};\n policyDocument.Version = '2012-10-17'; // default version\n\ + \ policyDocument.Statement = [];\n var statementOne = {};\n \ + \ statementOne.Action = 'execute-api:Invoke'; // default action\n \ + \ statementOne.Effect = effect;\n statementOne.Resource = resource;\n\ + \ policyDocument.Statement[0] = statementOne;\n authResponse.policyDocument\ + \ = policyDocument;\n }\n // Optional output with custom properties of\ + \ the String, Number or Boolean type.\n authResponse.context = {\n \ + \ \"stringKey\": \"stringval\",\n \"numberKey\": 123,\n \"booleanKey\"\ + : true\n };\n return authResponse;\n }\n \n var generateAllow =\ + \ function(principalId, resource) {\n return generatePolicy(principalId,\ + \ 'Allow', resource);\n }\n \n var generateDeny = function(principalId,\ + \ resource) {\n return generatePolicy(principalId, 'Deny', resource);\n\ + \ }\n" MyProxyFunction: Type: AWS::Lambda::Function Properties: Runtime: nodejs12.x - Role: !GetAtt FunctionExecutionRole.Arn + Role: !GetAtt 'FunctionExecutionRole.Arn' Handler: index.handler Code: - ZipFile: | - exports.handler = async (event) => { - const response = { - statusCode: 200, - body: JSON.stringify('Hello from Lambda!'), - }; - return response; - }; + ZipFile: "exports.handler = async (event) => {\n const response = {\n \ + \ statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n\ + \ };\n return response;\n};\n" FunctionExecutionRole: Type: AWS::IAM::Role Properties: @@ -168,61 +125,45 @@ Resources: - Effect: Allow Principal: Service: - - lambda.amazonaws.com + - lambda.amazonaws.com Action: - - 'sts:AssumeRole' + - sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole PetsResource: Type: AWS::ApiGateway::Resource Properties: - ParentId: !GetAtt - - MyAPI - - RootResourceId + ParentId: !GetAtt 'MyAPI.RootResourceId' PathPart: pets - RestApiId: !Ref MyAPI - Method: - Type: AWS::ApiGateway::Method - Properties: - HttpMethod: GET - ResourceId: !Ref PetsResource - RestApiId: !Ref MyAPI - AuthorizationType: NONE - Integration: - Type: HTTP_PROXY - Uri: http://petstore.execute-api.us-west-1.amazonaws.com/petstore/pets - IntegrationHttpMethod: GET - Deployment: - DependsOn: Method - Type: AWS::ApiGateway::Deployment - Properties: - RestApiId: !Ref MyAPI - StageName: tempstage + RestApiId: !Ref 'MyAPI' TestStage: Type: AWS::ApiGateway::Stage Properties: - ClientCertificateId: "" + ClientCertificateId: '' StageName: test - RestApiId: !Ref MyAPI - DeploymentId: !Ref Deployment - Description: "test stage description" + RestApiId: !Ref 'MyAPI' + DeploymentId: !Ref 'Deployment' + Description: test stage description AccessLogSetting: - DestinationArn: !GetAtt MyLogGroup.Arn - Format: $context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] "$context.httpMethod $context.resourcePath $context.protocol" $context.status $context.responseLength $context.requestId + DestinationArn: !GetAtt 'MyLogGroup.Arn' + Format: >- + $context.identity.sourceIp $context.identity.caller $context.identity.user + [$context.requestTime] "$context.httpMethod $context.resourcePath $context.protocol" + $context.status $context.responseLength $context.requestId MyLogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Join - '-' - - - !Ref MyAPI + - - !Ref 'MyAPI' - access-logs RequestValidator: Type: AWS::ApiGateway::RequestValidator Properties: Name: RequestValidatorAPI - RestApiId: !Ref MyAPI - ValidateRequestBody: !false + RestApiId: !Ref 'MyAPI' + ValidateRequestBody: !false '' ValidateRequestParameters: false Outputs: InvokeURL: - Value: !Sub https://${MyAPI}.execute-api.${AWS::Region}.amazonaws.com/test \ No newline at end of file + Value: !Sub 'https://${MyAPI}.execute-api.${AWS::Region}.amazonaws.com/test' diff --git a/auto_scale/autoscale.yaml b/auto_scale/autoscale.yaml index 519386c..08fc489 100644 --- a/auto_scale/autoscale.yaml +++ b/auto_scale/autoscale.yaml @@ -2,20 +2,22 @@ AWSTemplateFormatVersion: '2010-09-09' Parameters: LatestAmiId: Description: Region specific image from the Parameter Store - Type: 'AWS::SSM::Parameter::Value' - Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' + Type: AWS::SSM::Parameter::Value + Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 myLaunchTemplateVersionNumber: Type: String + Default: !Ref 'myLaunchTemplateVersionNumber' Subnets: Type: List + Default: !Ref 'Subnets' Resources: myLaunchTemplate: Type: AWS::EC2::LaunchTemplate - Properties: - LaunchTemplateData: - CreditSpecification: + Properties: + LaunchTemplateData: + CreditSpecification: CpuCredits: Unlimited - ImageId: !Ref LatestAmiId + ImageId: !Ref 'LatestAmiId' InstanceType: t2.micro myASG: Type: AWS::AutoScaling::AutoScalingGroup @@ -24,14 +26,13 @@ Resources: MaxSize: '1' DesiredCapacity: '1' LaunchTemplate: - LaunchTemplateId: !Ref myLaunchTemplate - Version: !Ref myLaunchTemplateVersionNumber - VPCZoneIdentifier: !Ref Subnets + LaunchTemplateId: !Ref 'myLaunchTemplate' + Version: !Ref 'myLaunchTemplateVersionNumber' + VPCZoneIdentifier: !Ref 'Subnets' HealthCheckType: ELB HealthCheckGracePeriod: 300 LoadBalancerNames: - - !Ref ElasticLoadBalancer - + - !Ref 'ElasticLoadBalancer' ElasticLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: diff --git a/backup/backup.json b/backup/backup.json index fb9135e..36fba09 100644 --- a/backup/backup.json +++ b/backup/backup.json @@ -85,13 +85,9 @@ "TargetBackupVault": { "Ref": "BackupVault" }, - "ScheduleExpression": { - "Ref": "CronExpression" - }, + "ScheduleExpression": "cron(0 0 ? * * *)", "Lifecycle": { - "DeleteAfterDays": { - "Ref": "Retention" - } + "DeleteAfterDays": 31 } } ] diff --git a/cloudfront/cloudfront.yaml b/cloudfront/cloudfront.yaml index 5133ab7..4d22a65 100644 --- a/cloudfront/cloudfront.yaml +++ b/cloudfront/cloudfront.yaml @@ -1,7 +1,7 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: - Type: 'AWS::CloudFront::Distribution' + Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: diff --git a/cloudtrail/cloudtrail.yaml b/cloudtrail/cloudtrail.yaml index ed2fcbf..f3b622d 100644 --- a/cloudtrail/cloudtrail.yaml +++ b/cloudtrail/cloudtrail.yaml @@ -1,40 +1,38 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: Topic: - Type: 'AWS::SNS::Topic' + Type: AWS::SNS::Topic Properties: {} CT: - Type: 'AWS::CloudTrail::Trail' + Type: AWS::CloudTrail::Trail Properties: IsLogging: true IsMultiRegionTrail: false EnableLogFileValidation: false IncludeGlobalServiceEvents: true - S3BucketName: !Ref S3Bucket + S3BucketName: !Ref 'S3Bucket' DependsOn: - Topic - S3BucketPolicy S3Bucket: - Type: 'AWS::S3::Bucket' + Type: AWS::S3::Bucket Properties: {} S3BucketPolicy: - Type: 'AWS::S3::BucketPolicy' + Type: AWS::S3::BucketPolicy Properties: - Bucket: !Ref S3Bucket + Bucket: !Ref 'S3Bucket' PolicyDocument: Id: CrossAccessPolicy - Version: 2012-10-17 + Version: '2012-10-17' Statement: - Sid: AllowEveryoneReadOnlyAccess Effect: Allow Principal: '*' Action: - - 's3:*' + - s3:* Resource: - - !GetAtt - - S3Bucket - - Arn + - !GetAtt 'S3Bucket.Arn' - !Sub '${S3Bucket.Arn}/*' Condition: Bool: - 'aws:SecureTransport': true + aws:SecureTransport: true diff --git a/codebuild/codebuild.json b/codebuild/codebuild.json index 7156121..1cbb90f 100644 --- a/codebuild/codebuild.json +++ b/codebuild/codebuild.json @@ -25,7 +25,10 @@ "GitHubOAuthToken": { "Description": "OAuth token used by AWS CodeBuild to connect to GitHub", "NoEcho": true, - "Type": "String" + "Type": "String", + "Default": { + "Ref": "GitHubOAuthToken" + } }, "GitHubOwner": { "Description": "GitHub username owning the repo", diff --git a/codepipeline/codepipeline.yaml b/codepipeline/codepipeline.yaml index 310e513..3845d25 100644 --- a/codepipeline/codepipeline.yaml +++ b/codepipeline/codepipeline.yaml @@ -1,133 +1,111 @@ AWSTemplateFormatVersion: '2010-09-09' -# *** Change this to something useful for you! Description: github-codepipeline - Parameters: - # *** This value must always be passed in when creating / updating stack - # "NoEcho" is set to true, for security, so token won't be visible when examining the resulting stack GitHubOAuthToken: Type: String NoEcho: true AllowedPattern: '[a-z0-9A-Z_]*' - - # *** The remaining parameters should either be: - # - overridden via changing "Default" here (PREFERABLE, since then they're in source control) - # - or you can pass them in when creating / updating the stack - - # *** The owner of the Github repo for this application. + Default: !Ref 'GitHubOAuthToken' GitHubOwner: Type: String Default: symphoniacloud - AllowedPattern: "[A-Za-z0-9-]+" - + AllowedPattern: '[A-Za-z0-9-]+' GitHubRepo: Type: String Default: github-codepipeline - AllowedPattern: "[A-Za-z0-9-]+" - + AllowedPattern: '[A-Za-z0-9-]+' GitHubBranch: Type: String Default: master - AllowedPattern: "[A-Za-z0-9-]+" - - # *** The stack name for the actual application we're deploying + AllowedPattern: '[A-Za-z0-9-]+' ApplicationStackName: Type: String Default: github-codepipeline-app - AllowedPattern: "[A-Za-z0-9-]+" - + AllowedPattern: '[A-Za-z0-9-]+' Resources: PipelineArtifactsBucket: Type: AWS::S3::Bucket Properties: VersioningConfiguration: Status: Enabled - CodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Type: S3 - Location: !Ref PipelineArtifactsBucket + Location: !Ref 'PipelineArtifactsBucket' RestartExecutionOnUpdate: true - RoleArn: !GetAtt CodePipelineRole.Arn + RoleArn: !GetAtt 'CodePipelineRole.Arn' Stages: - - Name: Source - Actions: - Name: Source - InputArtifacts: [] - ActionTypeId: - Category: Source - Owner: ThirdParty - Version: 1 - Provider: GitHub - OutputArtifacts: - - Name: SourceCode - Configuration: - Owner: !Ref GitHubOwner - Repo: !Ref GitHubRepo - Branch: !Ref GitHubBranch - PollForSourceChanges: false - OAuthToken: !Ref GitHubOAuthToken - RunOrder: 1 - # Build and Deploy, etc., stages would follow. Here is an example - - Name: Deploy - Actions: - - Name: CloudFormationDeploy - ActionTypeId: - Category: Deploy - Owner: AWS - Provider: CloudFormation - Version: '1' - InputArtifacts: - - Name: SourceCode - Configuration: - ActionMode: CREATE_UPDATE - Capabilities: CAPABILITY_IAM - RoleArn: !GetAtt CloudformationRole.Arn - StackName: !Ref ApplicationStackName - TemplatePath: !Sub "SourceCode::application.yaml" - RunOrder: 1 - - # 'GithubWebhook' satisfies two requirements: - # -- Means that updates are pushed from GitHub, rather than AWS having to poll - # -- Means we can filter for required changes + Actions: + - Name: Source + InputArtifacts: [] + ActionTypeId: + Category: Source + Owner: ThirdParty + Version: 1 + Provider: GitHub + OutputArtifacts: + - Name: SourceCode + Configuration: + Owner: symphoniacloud + Repo: github-codepipeline + Branch: master + PollForSourceChanges: false + OAuthToken: !Ref 'GitHubOAuthToken' + RunOrder: 1 + - Name: Deploy + Actions: + - Name: CloudFormationDeploy + ActionTypeId: + Category: Deploy + Owner: AWS + Provider: CloudFormation + Version: '1' + InputArtifacts: + - Name: SourceCode + Configuration: + ActionMode: CREATE_UPDATE + Capabilities: CAPABILITY_IAM + RoleArn: !GetAtt 'CloudformationRole.Arn' + StackName: github-codepipeline-app + TemplatePath: !Sub 'SourceCode::application.yaml' + RunOrder: 1 GithubWebhook: - Type: 'AWS::CodePipeline::Webhook' + Type: AWS::CodePipeline::Webhook Properties: Authentication: GITHUB_HMAC AuthenticationConfiguration: - SecretToken: !Ref GitHubOAuthToken + SecretToken: !Ref 'GitHubOAuthToken' RegisterWithThirdParty: 'true' Filters: - - JsonPath: "$.ref" - MatchEquals: refs/heads/{Branch} - TargetPipeline: !Ref CodePipeline + - JsonPath: $.ref + MatchEquals: refs/heads/{Branch} + TargetPipeline: !Ref 'CodePipeline' TargetAction: Source - TargetPipelineVersion: !GetAtt CodePipeline.Version - + TargetPipelineVersion: !GetAtt 'CodePipeline.Version' CodePipelineRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: "2012-10-17" + Version: '2012-10-17' Statement: - - Effect: Allow - Principal: - Service: codepipeline.amazonaws.com - Action: sts:AssumeRole + - Effect: Allow + Principal: + Service: codepipeline.amazonaws.com + Action: sts:AssumeRole ManagedPolicyArns: - - arn:aws:iam::aws:policy/AdministratorAccess #TODO: Reduce permissions - + - arn:aws:iam::aws:policy/AdministratorAccess CloudformationRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: "2012-10-17" + Version: '2012-10-17' Statement: - - Effect: Allow - Principal: - Service: cloudformation.amazonaws.com - Action: sts:AssumeRole + - Effect: Allow + Principal: + Service: cloudformation.amazonaws.com + Action: sts:AssumeRole ManagedPolicyArns: - - arn:aws:iam::aws:policy/AdministratorAccess #TODO: Reduce permissions \ No newline at end of file + - arn:aws:iam::aws:policy/AdministratorAccess diff --git a/config/config.yaml b/config/config.yaml index 6b89c1a..8d6124a 100644 --- a/config/config.yaml +++ b/config/config.yaml @@ -1,59 +1,59 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Metadata: License: Apache-2.0 Description: >- - AWS CloudFormation Sample Template Config: This template demonstrates the - usage of AWS Config resources. **WARNING** You will be billed for the AWS - resources used if you create a stack from this template. + AWS CloudFormation Sample Template Config: This template demonstrates the usage + of AWS Config resources. **WARNING** You will be billed for the AWS resources used + if you create a stack from this template. Resources: ConfigRecorder: - Type: 'AWS::Config::ConfigurationRecorder' + Type: AWS::Config::ConfigurationRecorder Properties: Name: MyConfigRecorder RecordingGroup: ResourceTypes: [] - RoleARN: !GetAtt - - ConfigRole - - Arn + RoleARN: !GetAtt 'ConfigRole.Arn' ConfigBucket: - Type: 'AWS::S3::Bucket' + Type: AWS::S3::Bucket + Properties: + Tags: null ConfigRole: - Type: 'AWS::IAM::Role' + Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: 2012-10-17 + Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - config.amazonaws.com Action: - - 'sts:AssumeRole' + - sts:AssumeRole ManagedPolicyArns: - - 'arn:aws:iam::aws:policy/service-role/AWSConfigRole' + - arn:aws:iam::aws:policy/service-role/AWSConfigRole Policies: - PolicyName: root PolicyDocument: - Version: 2012-10-17 + Version: '2012-10-17' Statement: - Effect: Allow - Action: 's3:GetBucketAcl' - Resource: !Join + Action: s3:GetBucketAcl + Resource: !Join - '' - - 'arn:aws:s3:::' - - !Ref ConfigBucket + - !Ref 'ConfigBucket' - Effect: Allow - Action: 's3:PutObject' - Resource: !Join + Action: s3:PutObject + Resource: !Join - '' - - 'arn:aws:s3:::' - - !Ref ConfigBucket + - !Ref 'ConfigBucket' - /AWSLogs/ - !Ref 'AWS::AccountId' - /* Condition: StringEquals: - 's3:x-amz-acl': bucket-owner-full-control + s3:x-amz-acl: bucket-owner-full-control - Effect: Allow - Action: 'config:Put*' + Action: config:Put* Resource: '*' diff --git a/dms/dms.yaml b/dms/dms.yaml index eccab50..4b69ce5 100644 --- a/dms/dms.yaml +++ b/dms/dms.yaml @@ -1,15 +1,17 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: This CloudFormation sample template DMSAuroraToS3FullLoadAndOngoingReplication - creates an Aurora RDS instance and DMS instance in a VPC, and a S3 bucket. The Aurora - RDS instance is configured as the DMS Source Endpoint and the S3 bucket is configured +Description: >- + This CloudFormation sample template DMSAuroraToS3FullLoadAndOngoingReplication creates + an Aurora RDS instance and DMS instance in a VPC, and a S3 bucket. The Aurora RDS + instance is configured as the DMS Source Endpoint and the S3 bucket is configured as the DMS Target Endpoint. A DMS task is created and configured to migrate existing data and replicate ongoing changes from the source endpoint to the target endpoint. You will be billed for the AWS resources used if you create a stack from this template. Parameters: ClientIP: - Description: The IP address range that can be used to connect to the RDS instances - from your local machine. It must be a valid IP CIDR range of the form x.x.x.x/x. - Pls get your address using checkip.amazonaws.com or whatsmyip.org + Description: >- + The IP address range that can be used to connect to the RDS instances from your + local machine. It must be a valid IP CIDR range of the form x.x.x.x/x. Pls get + your address using checkip.amazonaws.com or whatsmyip.org Type: String MinLength: '9' MaxLength: '18' @@ -50,11 +52,7 @@ Resources: CidrBlock: 10.0.0.0/24 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' - Tags: - - Key: Application - Value: !Ref 'AWS::StackId' - - Key: Name - Value: !Ref 'AWS::StackName' + Tags: null DBSubnet1: Type: AWS::EC2::Subnet Properties: @@ -63,9 +61,7 @@ Resources: AvailabilityZone: !Select - '0' - !GetAZs '' - Tags: - - Key: Application - Value: !Ref 'AWS::StackId' + Tags: null DBSubnet2: Type: AWS::EC2::Subnet Properties: @@ -74,15 +70,11 @@ Resources: AvailabilityZone: !Select - '1' - !GetAZs '' - Tags: - - Key: Application - Value: !Ref 'AWS::StackId' + Tags: null InternetGateway: Type: AWS::EC2::InternetGateway Properties: - Tags: - - Key: Application - Value: !Ref 'AWS::StackId' + Tags: null AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: @@ -92,9 +84,7 @@ Resources: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref 'VPC' - Tags: - - Key: Application - Value: !Ref 'AWS::StackId' + Tags: null Route: Type: AWS::EC2::Route Properties: @@ -130,7 +120,7 @@ Resources: - IpProtocol: tcp FromPort: '3306' ToPort: '3306' - CidrIp: !Ref 'ClientIP' + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '3306' ToPort: '3306' @@ -163,9 +153,7 @@ Resources: Engine: aurora MultiAZ: 'false' PubliclyAccessible: 'true' - Tags: - - Key: Application - Value: !Ref 'AWS::StackId' + Tags: null DependsOn: - AuroraCluster S3Bucket: @@ -297,11 +285,11 @@ Resources: Properties: MigrationType: full-load-and-cdc ReplicationInstanceArn: !Ref 'DMSReplicationInstance' - ReplicationTaskSettings: '{ "Logging" : { "EnableLogging" : true, "LogComponents": - [ { "Id" : "SOURCE_UNLOAD", "Severity" : "LOGGER_SEVERITY_DEFAULT" }, { "Id" - : "SOURCE_CAPTURE", "Severity" : "LOGGER_SEVERITY_DEFAULT" }, { "Id" : "TARGET_LOAD", - "Severity" : "LOGGER_SEVERITY_DEFAULT" }, { "Id" : "TARGET_APPLY", "Severity" - : "LOGGER_SEVERITY_DEFAULT" } ] } }' + ReplicationTaskSettings: >- + { "Logging" : { "EnableLogging" : true, "LogComponents": [ { "Id" : "SOURCE_UNLOAD", + "Severity" : "LOGGER_SEVERITY_DEFAULT" }, { "Id" : "SOURCE_CAPTURE", "Severity" + : "LOGGER_SEVERITY_DEFAULT" }, { "Id" : "TARGET_LOAD", "Severity" : "LOGGER_SEVERITY_DEFAULT" + }, { "Id" : "TARGET_APPLY", "Severity" : "LOGGER_SEVERITY_DEFAULT" } ] } } SourceEndpointArn: !Ref 'AuroraSourceEndpoint' TableMappings: '{ "rules": [ { "rule-type" : "selection", "rule-id" : "1", "rule-name" : "1", "object-locator" : { "schema-name" : "dms_sample", "table-name" : "%" diff --git a/doc_db/docdb.yaml b/doc_db/docdb.yaml index 546bbd7..b7f755b 100644 --- a/doc_db/docdb.yaml +++ b/doc_db/docdb.yaml @@ -1,27 +1,23 @@ -AWSTemplateFormatVersion: "2010-09-09" -Resources: - myDBInstance: - Type: "AWS::DocDB::DBCluster" - Properties: - BackupRetentionPeriod : 8 - DBClusterIdentifier : "sample-cluster" - DBSubnetGroupName : "default" - MasterUsername : "Root" - MasterUserPassword : "Root1234" - Port : "27017" - StorageEncrypted : false - - myDBInstanceParameter: - Type: "AWS::DocDB::DBClusterParameterGroup" - Properties: - Description: "description" - Family: "docdb3.6" - Name: "sampleParameterGroup" - Parameters: - audit_logs: "disabled" - tls: "disabled" - ttl_monitor: "disabled" - Tags: - - - Key: "String" - Value: "String" +AWSTemplateFormatVersion: '2010-09-09' +Resources: + myDBInstance: + Type: AWS::DocDB::DBCluster + Properties: + BackupRetentionPeriod: 8 + DBClusterIdentifier: sample-cluster + DBSubnetGroupName: default + MasterUsername: Root + MasterUserPassword: Root1234 + Port: '27017' + StorageEncrypted: false + myDBInstanceParameter: + Type: AWS::DocDB::DBClusterParameterGroup + Properties: + Description: description + Family: docdb3.6 + Name: sampleParameterGroup + Parameters: + audit_logs: disabled + tls: disabled + ttl_monitor: disabled + Tags: null diff --git a/dynamodb/dynamodb.yaml b/dynamodb/dynamodb.yaml index ee7104d..2b7d995 100644 --- a/dynamodb/dynamodb.yaml +++ b/dynamodb/dynamodb.yaml @@ -1,79 +1,64 @@ -AWSTemplateFormatVersion: "2010-09-09" -Resources: - myDynamoDBTable: +AWSTemplateFormatVersion: '2010-09-09' +Resources: + myDynamoDBTable: Type: AWS::DynamoDB::Table - Properties: - AttributeDefinitions: - - - AttributeName: "Album" - AttributeType: "S" - - - AttributeName: "Artist" - AttributeType: "S" - - - AttributeName: "Sales" - AttributeType: "N" - - - AttributeName: "NumberOfSongs" - AttributeType: "N" - KeySchema: - - - AttributeName: "Album" - KeyType: "HASH" - - - AttributeName: "Artist" - KeyType: "RANGE" - ProvisionedThroughput: - ReadCapacityUnits: "5" - WriteCapacityUnits: "5" - TableName: "myTableName" - GlobalSecondaryIndexes: - - - IndexName: "myGSI" - KeySchema: - - - AttributeName: "Sales" - KeyType: "HASH" - - - AttributeName: "Artist" - KeyType: "RANGE" - Projection: - NonKeyAttributes: - - "Album" - - "NumberOfSongs" - ProjectionType: "INCLUDE" - ProvisionedThroughput: - ReadCapacityUnits: "5" - WriteCapacityUnits: "5" - - - IndexName: "myGSI2" - KeySchema: - - - AttributeName: "NumberOfSongs" - KeyType: "HASH" - - - AttributeName: "Sales" - KeyType: "RANGE" - Projection: - NonKeyAttributes: - - "Album" - - "Artist" - ProjectionType: "INCLUDE" - ProvisionedThroughput: - ReadCapacityUnits: "5" - WriteCapacityUnits: "5" - LocalSecondaryIndexes: - - - IndexName: "myLSI" - KeySchema: - - - AttributeName: "Album" - KeyType: "HASH" - - - AttributeName: "Sales" - KeyType: "RANGE" - Projection: - NonKeyAttributes: - - "Artist" - - "NumberOfSongs" - ProjectionType: "INCLUDE" + Properties: + AttributeDefinitions: + - AttributeName: Album + AttributeType: S + - AttributeName: Artist + AttributeType: S + - AttributeName: Sales + AttributeType: N + - AttributeName: NumberOfSongs + AttributeType: N + KeySchema: + - AttributeName: Album + KeyType: HASH + - AttributeName: Artist + KeyType: RANGE + ProvisionedThroughput: + ReadCapacityUnits: '5' + WriteCapacityUnits: '5' + TableName: myTableName + GlobalSecondaryIndexes: + - IndexName: myGSI + KeySchema: + - AttributeName: Sales + KeyType: HASH + - AttributeName: Artist + KeyType: RANGE + Projection: + NonKeyAttributes: + - Album + - NumberOfSongs + ProjectionType: INCLUDE + ProvisionedThroughput: + ReadCapacityUnits: '5' + WriteCapacityUnits: '5' + - IndexName: myGSI2 + KeySchema: + - AttributeName: NumberOfSongs + KeyType: HASH + - AttributeName: Sales + KeyType: RANGE + Projection: + NonKeyAttributes: + - Album + - Artist + ProjectionType: INCLUDE + ProvisionedThroughput: + ReadCapacityUnits: '5' + WriteCapacityUnits: '5' + LocalSecondaryIndexes: + - IndexName: myLSI + KeySchema: + - AttributeName: Album + KeyType: HASH + - AttributeName: Sales + KeyType: RANGE + Projection: + NonKeyAttributes: + - Artist + - NumberOfSongs + ProjectionType: INCLUDE diff --git a/ec2/deploy.json b/ec2/deploy.json index 69da423..7fda950 100644 --- a/ec2/deploy.json +++ b/ec2/deploy.json @@ -3,16 +3,21 @@ "Parameters": { "KeyPair": { "Description": "The EC2 Key Pair to allow SSH access to the instance", - "Type": "String" + "Type": "String", + "Default": { + "Ref": "KeyPair" + } } }, "Resources": { - "MyIamInstanceProfile":{ - "Type":"AWS::IAM::InstanceProfile", - "Properties":{ - "InstanceProfileName":"MyIamInstanceProfile", - "Path":"/", - "Roles":["MyAdminRole"] + "MyIamInstanceProfile": { + "Type": "AWS::IAM::InstanceProfile", + "Properties": { + "InstanceProfileName": "MyIamInstanceProfile", + "Path": "/", + "Roles": [ + "MyAdminRole" + ] } }, "Ec2Instance": { @@ -22,8 +27,13 @@ "Ref": "KeyPair" }, "ImageId": "ami-3b355a52", - "IamInstanceProfile":{ - "Arn":{"Fn::GetAtt": ["MyIamInstanceProfile", "Arn"]} + "IamInstanceProfile": { + "Arn": { + "Fn::GetAtt": [ + "MyIamInstanceProfile", + "Arn" + ] + } } } } diff --git a/ec2/ec2.yaml b/ec2/ec2.yaml index de3ded9..6c80749 100644 --- a/ec2/ec2.yaml +++ b/ec2/ec2.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: InstanceType: Description: WebServer EC2 instance type @@ -49,23 +49,23 @@ Parameters: - d2.8xlarge ConstraintDescription: must be a valid EC2 instance type. LatestAmiId: - Type: 'AWS::SSM::Parameter::Value' + Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Resources: EC2Instance: - Type: 'AWS::EC2::Instance' + Type: AWS::EC2::Instance Properties: - InstanceType: !Ref InstanceType - ImageId: !Ref LatestAmiId + InstanceType: !Ref 'InstanceType' + ImageId: !Ref 'LatestAmiId' NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: 0 NewVolume: - Type: 'AWS::EC2::Volume' + Type: AWS::EC2::Volume Properties: Size: 100 Encrypted: false - AvailabilityZone: !Select + AvailabilityZone: !Select - '0' - - !GetAZs - Ref: 'AWS::Region' + - !GetAZs + Ref: AWS::Region diff --git a/ecr/ecr.yaml b/ecr/ecr.yaml index c80367d..d3d2887 100644 --- a/ecr/ecr.yaml +++ b/ecr/ecr.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: MyRepository: Type: AWS::ECR::Repository @@ -6,7 +6,6 @@ Resources: ImageTagMutability: MUTABLE ImageScanningConfiguration: ScanOnPush: true - RepositoryPolicyText: Version: '2008-10-17' Statement: @@ -14,7 +13,7 @@ Resources: Effect: Allow Principal: AWS: - - "*" + - '*' - arn:aws:iam::123456789012:user/Alice Action: - ecr:GetDownloadUrlForLayer diff --git a/ecs/ecs.yaml b/ecs/ecs.yaml index 32388d2..960e7b7 100644 --- a/ecs/ecs.yaml +++ b/ecs/ecs.yaml @@ -33,11 +33,11 @@ Resources: RequiresCompatibilities: - FARGATE ContainerDefinitions: - - Name: !Ref 'ServiceName' - User: 'root' - Cpu: !Ref 'ContainerCpu' - Memory: !Ref 'ContainerMemory' - Image: !Ref 'ImageUrl' + - Name: nginx + User: root + Cpu: 0 + Memory: 0 + Image: nginx Privileged: true PortMappings: - - ContainerPort: !Ref 'ContainerPort' + - ContainerPort: 80 diff --git a/efs/efs.yaml b/efs/efs.yaml index d34f00f..2a6c52f 100644 --- a/efs/efs.yaml +++ b/efs/efs.yaml @@ -1,7 +1,7 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: FileSystemResource: - Type: 'AWS::EFS::FileSystem' + Type: AWS::EFS::FileSystem Properties: BackupPolicy: Status: ENABLED @@ -13,30 +13,28 @@ Resources: - Key: Name Value: TestFileSystem FileSystemPolicy: - Version: 2012-10-17 + Version: '2012-10-17' Statement: - Effect: Allow Action: '*' Principal: '*' - KmsKeyId: !GetAtt - - key - - Arn + KmsKeyId: !GetAtt 'key.Arn' key: - Type: 'AWS::KMS::Key' + Type: AWS::KMS::Key Properties: KeyPolicy: - Version: 2012-10-17 + Version: '2012-10-17' Id: key-default-1 Statement: - Sid: Allow administration of the key Effect: Allow Principal: - AWS: !Join + AWS: !Join - '' - - 'arn:aws:iam::' - !Ref 'AWS::AccountId' - - ':root' + - :root Action: - - 'kms:*' + - kms:* Resource: - '*' diff --git a/eks/eks.template b/eks/eks.template index 648d4c3..a1152a3 100644 --- a/eks/eks.template +++ b/eks/eks.template @@ -1,21 +1,24 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: Subnets: - Description: Choose which subnets the Application Load Balancer should be deployed to - Type: 'List' + Description: Choose which subnets the Application Load Balancer should be deployed + to + Type: List + Default: !Ref 'Subnets' SecurityGroups: Description: Choose which security group you want to apply - Type: 'List' + Type: List + Default: !Ref 'SecurityGroups' RoleArn: Type: String - Default: 'arn:aws:iam::155603667260:role/eks-cluster' + Default: arn:aws:iam::155603667260:role/eks-cluster Resources: myCluster: - Type: 'AWS::EKS::Cluster' + Type: AWS::EKS::Cluster Properties: Name: prod - RoleArn: !Ref RoleArn + RoleArn: !Ref 'RoleArn' ResourcesVpcConfig: EndpointPublicAccess: true - SecurityGroupIds: !Ref SecurityGroups - SubnetIds: !Ref Subnets + SecurityGroupIds: !Ref 'SecurityGroups' + SubnetIds: !Ref 'Subnets' diff --git a/eks/eks.txt b/eks/eks.txt index 648d4c3..a1152a3 100644 --- a/eks/eks.txt +++ b/eks/eks.txt @@ -1,21 +1,24 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: Subnets: - Description: Choose which subnets the Application Load Balancer should be deployed to - Type: 'List' + Description: Choose which subnets the Application Load Balancer should be deployed + to + Type: List + Default: !Ref 'Subnets' SecurityGroups: Description: Choose which security group you want to apply - Type: 'List' + Type: List + Default: !Ref 'SecurityGroups' RoleArn: Type: String - Default: 'arn:aws:iam::155603667260:role/eks-cluster' + Default: arn:aws:iam::155603667260:role/eks-cluster Resources: myCluster: - Type: 'AWS::EKS::Cluster' + Type: AWS::EKS::Cluster Properties: Name: prod - RoleArn: !Ref RoleArn + RoleArn: !Ref 'RoleArn' ResourcesVpcConfig: EndpointPublicAccess: true - SecurityGroupIds: !Ref SecurityGroups - SubnetIds: !Ref Subnets + SecurityGroupIds: !Ref 'SecurityGroups' + SubnetIds: !Ref 'Subnets' diff --git a/eks/eks.yaml b/eks/eks.yaml index bdfad44..e688d17 100644 --- a/eks/eks.yaml +++ b/eks/eks.yaml @@ -1,23 +1,26 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: Subnets: - Description: Choose which subnets the Application Load Balancer should be deployed to - Type: 'List' + Description: Choose which subnets the Application Load Balancer should be deployed + to + Type: List + Default: !Ref 'Subnets' SecurityGroups: Description: Choose which security group you want to apply - Type: 'List' + Type: List + Default: !Ref 'SecurityGroups' RoleArn: Type: String - Default: 'arn:aws:iam::155603667260:role/eks-cluster' + Default: arn:aws:iam::155603667260:role/eks-cluster Resources: myCluster: - Type: 'AWS::EKS::Cluster' + Type: AWS::EKS::Cluster Properties: - Version: '1.9.1' + Version: 1.9.1 Name: prod - RoleArn: !Ref RoleArn + RoleArn: !Ref 'RoleArn' EndpointPrivateAccess: false EndpointPublicAccess: true ResourcesVpcConfig: - SecurityGroupIds: !Ref SecurityGroups - SubnetIds: !Ref Subnets + SecurityGroupIds: !Ref 'SecurityGroups' + SubnetIds: !Ref 'Subnets' diff --git a/elasticache/elasticache.yaml b/elasticache/elasticache.yaml index 724ff67..8eb9af6 100644 --- a/elasticache/elasticache.yaml +++ b/elasticache/elasticache.yaml @@ -1,5 +1,5 @@ -AWSTemplateFormatVersion: 2010-09-09 -Transform: 'AWS::Serverless-2016-10-31' +AWSTemplateFormatVersion: '2010-09-09' +Transform: AWS::Serverless-2016-10-31 Description: AWS ElatiCache for Redis - Cluster Mode Demonstration Parameters: EnvironmentName: @@ -7,34 +7,35 @@ Parameters: Type: String Subnets: Description: Choose which subnets this ECS cluster should be deployed to - Type: 'List' + Type: List + Default: !Ref 'Subnets' InstanceType: Description: Which instance type should we use to build the ECS cluster? Type: String Default: cache.t3.medium SecurityGroups: Description: Select the Security Group to use for the ECS cluster hosts - Type: 'AWS::EC2::SecurityGroup::Id' + Type: AWS::EC2::SecurityGroup::Id Resources: CacheSubnetGroup: - Type: 'AWS::ElastiCache::SubnetGroup' + Type: AWS::ElastiCache::SubnetGroup Properties: CacheSubnetGroupName: !Sub '${EnvironmentName}-Subnet-${AWS::Region}' Description: The subnet group for the reactive application architecture - SubnetIds: !Ref Subnets + SubnetIds: !Ref 'Subnets' ReplicationGroup: - Type: 'AWS::ElastiCache::ReplicationGroup' + Type: AWS::ElastiCache::ReplicationGroup Properties: - KmsKeyId: "" - CacheNodeType: !Ref InstanceType - CacheSubnetGroupName: !Ref CacheSubnetGroup + KmsKeyId: '' + CacheNodeType: !Ref 'InstanceType' + CacheSubnetGroupName: !Ref 'CacheSubnetGroup' Engine: redis EngineVersion: 6.x NumCacheClusters: 2 Port: 6379 ReplicationGroupDescription: !Sub '${EnvironmentName}-ReplicationGroup-${AWS::Region}' SecurityGroupIds: - - !Ref SecurityGroups + - !Ref 'SecurityGroups' AutomaticFailoverEnabled: false TransitEncryptionEnabled: false AtRestEncryptionEnabled: false diff --git a/elasticsearch/elasticsearch.yaml b/elasticsearch/elasticsearch.yaml index 681aef4..b71187a 100644 --- a/elasticsearch/elasticsearch.yaml +++ b/elasticsearch/elasticsearch.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: InstanceType: Description: WebServer EC2 instance type @@ -49,20 +49,21 @@ Parameters: - d2.8xlarge ConstraintDescription: must be a valid EC2 instance type. LatestAmiId: - Type: 'AWS::SSM::Parameter::Value' + Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 SecurityGroup: Description: Select the Security Group to use for the ECS cluster hosts - Type: 'List' + Type: List + Default: !Ref 'SecurityGroup' Resources: EC2Instance: - Type: 'AWS::EC2::Instance' + Type: AWS::EC2::Instance Properties: - InstanceType: !Ref InstanceType - SecurityGroupIds: !Ref SecurityGroup - ImageId: !Ref LatestAmiId + InstanceType: !Ref 'InstanceType' + SecurityGroupIds: !Ref 'SecurityGroup' + ImageId: !Ref 'LatestAmiId' ElasticsearchDomain: - Type: 'AWS::Elasticsearch::Domain' + Type: AWS::Elasticsearch::Domain Properties: DomainName: test1 ElasticsearchVersion: '7.10' @@ -82,14 +83,11 @@ Resources: Enabled: true LogPublishingOptions: ES_APPLICATION_LOGS: - CloudWatchLogsLogGroupArn: >- - arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-application-logs + CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-application-logs Enabled: false SEARCH_SLOW_LOGS: - CloudWatchLogsLogGroupArn: >- - arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-slow-logs + CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-slow-logs Enabled: false INDEX_SLOW_LOGS: - CloudWatchLogsLogGroupArn: >- - arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-index-slow-logs + CloudWatchLogsLogGroupArn: arn:aws:logs:us-east-1:123456789012:log-group:/aws/aes/domains/es-index-slow-logs Enabled: false diff --git a/elb/elb.yaml b/elb/elb.yaml index 46aab99..44185a0 100644 --- a/elb/elb.yaml +++ b/elb/elb.yaml @@ -1,27 +1,31 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Description: Elastic Load Balancer Parameters: VPC: - Type: 'AWS::EC2::VPC::Id' - Description: Choose which VPC the Application Load Balancer should be deployed to + Type: AWS::EC2::VPC::Id + Description: Choose which VPC the Application Load Balancer should be deployed + to + Default: !Ref 'VPC' Subnets: - Description: Choose which subnets the Application Load Balancer should be deployed to - Type: 'List' + Description: Choose which subnets the Application Load Balancer should be deployed + to + Type: List + Default: !Ref 'Subnets' Resources: S3BUCKET: - Type: 'AWS::S3::Bucket' + Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: VersioningConfiguration: Status: Enabled MyLoadBalancer: - Type: 'AWS::ElasticLoadBalancing::LoadBalancer' + Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AccessLoggingPolicy: Enabled: false - S3BucketName: !Ref S3BUCKET + S3BucketName: !Ref 'S3BUCKET' CrossZone: false - Subnets: !Ref Subnets + Subnets: !Ref 'Subnets' ConnectionDrainingPolicy: Enabled: false Listeners: @@ -31,7 +35,7 @@ Resources: Protocol: HTTPS PolicyNames: - My-SSLNegotiation-Policy - SSLCertificateId: 'arn:aws:iam::123456789012:server-certificate/my-server-certificate' + SSLCertificateId: arn:aws:iam::123456789012:server-certificate/my-server-certificate Policies: - PolicyName: My-SSLNegotiation-Policy PolicyType: SSLNegotiationPolicyType @@ -183,40 +187,40 @@ Resources: - Name: Protocol-TLSv1.1 Value: 'true' MyLoadBalancerV2: - Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' + Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: LoadBalancerAttributes: - Key: access_logs.s3.enabled Value: false - Subnets: !Ref Subnets + Subnets: !Ref 'Subnets' DummyTargetGroupPublic: - Type: 'AWS::ElasticLoadBalancingV2::TargetGroup' + Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 6 HealthCheckPath: / HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 2 - Name: !Join + Name: !Join - '-' - - !Ref 'AWS::StackName' - drop-1 Port: 80 Protocol: HTTP UnhealthyThresholdCount: 2 - VpcId: !Ref VPC + VpcId: !Ref 'VPC' PublicLoadBalancerListener: - Type: 'AWS::ElasticLoadBalancingV2::Listener' + Type: AWS::ElasticLoadBalancingV2::Listener DependsOn: - MyLoadBalancerV2 Properties: DefaultActions: - - TargetGroupArn: !Ref DummyTargetGroupPublic + - TargetGroupArn: !Ref 'DummyTargetGroupPublic' Type: redirect RedirectConfig: Protocol: http - - TargetGroupArn: !Ref DummyTargetGroupPublic + - TargetGroupArn: !Ref 'DummyTargetGroupPublic' Type: authenticate-cognito - LoadBalancerArn: !Ref MyLoadBalancerV2 + LoadBalancerArn: !Ref 'MyLoadBalancerV2' Port: 80 Protocol: HTTP diff --git a/emr/emr.yaml b/emr/emr.yaml index f558fe7..0e8dd69 100644 --- a/emr/emr.yaml +++ b/emr/emr.yaml @@ -1,8 +1,8 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Conditions: - WithSpotPrice: !Not - - !Equals - - !Ref SpotPrice + WithSpotPrice: !Not + - !Equals + - !Ref 'SpotPrice' - '0' Description: Sample CloudFormation template for creating an EMR cluster Parameters: @@ -16,31 +16,32 @@ Parameters: Type: Number Subnet: Description: Subnet ID for creating the EMR cluster - Type: 'AWS::EC2::Subnet::Id' + Type: AWS::EC2::Subnet::Id + Default: !Ref 'Subnet' Resources: EMRInstanceProfile: Properties: Roles: - - !Ref EMRJobFlowRole - Type: 'AWS::IAM::InstanceProfile' + - !Ref 'EMRJobFlowRole' + Type: AWS::IAM::InstanceProfile Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: id: 4ce96dbe-d564-4f30-a44e-a0e7f6e46690 EMRJobFlowRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - - 'sts:AssumeRole' + - sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com ManagedPolicyArns: - - 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role' - Type: 'AWS::IAM::Role' + - arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role + Type: AWS::IAM::Role Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: id: 7935bef0-f0ed-4ee1-826b-75b2baadba34 EMRSampleCluster: Properties: @@ -55,7 +56,7 @@ Resources: Args: - dummy - parameter - Path: 'file:/usr/share/aws/emr/scripts/install-hue' + Path: file:/usr/share/aws/emr/scripts/install-hue Configurations: - Classification: core-site ConfigurationProperties: @@ -70,10 +71,7 @@ Resources: - Classification: export ConfigurationProperties: HADOOP_DATANODE_HEAPSIZE: '2048' - HADOOP_NAMENODE_OPTS: !Join - - '' - - - '-XX:GCTimeRatio=' - - !Ref GcTimeRatioValue + HADOOP_NAMENODE_OPTS: -XX:GCTimeRatio=19 Instances: MasterInstanceGroup: InstanceCount: 1 @@ -107,10 +105,12 @@ Resources: Statistic: AVERAGE Threshold: '50' Unit: PERCENT - BidPrice: !If - - WithSpotPrice - - !Ref SpotPrice - - !Ref 'AWS::NoValue' + BidPrice: + Fn::If: + - WithSpotPrice + - !Ref 'SpotPrice' + - !Ref 'AWS::NoValue' + Ref: SpotPrice EbsConfiguration: EbsBlockDeviceConfigs: - VolumeSpecification: @@ -120,25 +120,20 @@ Resources: EbsOptimized: true InstanceCount: '1' InstanceType: m4.large - Market: !If - - WithSpotPrice - - SPOT - - ON_DEMAND + Market: SPOT Name: Core Instance - Ec2SubnetId: !Ref Subnet - JobFlowRole: !Ref EMRInstanceProfile + Ec2SubnetId: !Ref 'Subnet' + JobFlowRole: !Ref 'EMRInstanceProfile' Name: EMR Sample Cluster ReleaseLabel: emr-6.3.0 - SecurityConfiguration: !Ref EMRSecurityConfiguration - ServiceRole: !Ref EMRServiceRole - Tags: - - Key: Name - Value: EMR Sample Cluster + SecurityConfiguration: !Ref 'EMRSecurityConfiguration' + ServiceRole: !Ref 'EMRServiceRole' + Tags: null VisibleToAllUsers: true - AutoScalingRole: 'EMR_AutoScaling_DefaultRole' - Type: 'AWS::EMR::Cluster' + AutoScalingRole: EMR_AutoScaling_DefaultRole + Type: AWS::EMR::Cluster Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: id: e94a5475-45f5-44f6-80e8-0d3fb38f6bfd EMRSecurityConfiguration: Properties: @@ -147,36 +142,36 @@ Resources: EncryptionConfiguration: AtRestEncryptionConfiguration: LocalDiskEncryptionConfiguration: - AwsKmsKey: 'arn:aws:kms:us-east-1:123456789012:key/1234-1234-1234-1234-1234' + AwsKmsKey: arn:aws:kms:us-east-1:123456789012:key/1234-1234-1234-1234-1234 EncryptionKeyProviderType: AwsKms S3EncryptionConfiguration: - AwsKmsKey: 'arn:aws:kms:us-east-1:123456789012:key/1234-1234-1234-1234-1234' + AwsKmsKey: arn:aws:kms:us-east-1:123456789012:key/1234-1234-1234-1234-1234 EncryptionMode: SSE-KMS EnableAtRestEncryption: false EnableInTransitEncryption: false InTransitEncryptionConfiguration: TLSCertificateConfiguration: CertificateProviderType: PEM - S3Object: 's3://MyConfigStore/artifacts/MyCerts.zip' - Type: 'AWS::EMR::SecurityConfiguration' + S3Object: s3://MyConfigStore/artifacts/MyCerts.zip + Type: AWS::EMR::SecurityConfiguration Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: id: 400d803c-fd1e-4a9e-92e9-4bb90f23831b EMRServiceRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - - 'sts:AssumeRole' + - sts:AssumeRole Effect: Allow Principal: Service: - elasticmapreduce.amazonaws.com ManagedPolicyArns: - - 'arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole' - Type: 'AWS::IAM::Role' + - arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole + Type: AWS::IAM::Role Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: id: 487939b2-57e4-4bfd-bb48-b361400d29ae TestStep: Properties: @@ -185,26 +180,26 @@ Resources: Args: - '5' - '10' - Jar: 's3://emr-cfn-test/hadoop-mapreduce-examples-2.6.0.jar' + Jar: s3://emr-cfn-test/hadoop-mapreduce-examples-2.6.0.jar MainClass: pi StepProperties: - Key: my.custom.property Value: my.custom.value Name: TestStep - VpcId: !Ref EMRSampleCluster - Type: 'AWS::EMR::Step' + VpcId: !Ref 'EMRSampleCluster' + Type: AWS::EMR::Step Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: id: 3cea84fe-dd19-4f81-a096-11f383b7a893 Metadata: - 'AWS::CloudFormation::Designer': + AWS::CloudFormation::Designer: 487939b2-57e4-4bfd-bb48-b361400d29ae: size: width: 60 height: 60 position: x: 190 - 'y': 120 + y: 120 z: 1 embeds: [] 400d803c-fd1e-4a9e-92e9-4bb90f23831b: @@ -213,7 +208,7 @@ Metadata: height: 60 position: x: 430 - 'y': 120 + y: 120 z: 1 embeds: [] 7935bef0-f0ed-4ee1-826b-75b2baadba34: @@ -222,7 +217,7 @@ Metadata: height: 60 position: x: 60 - 'y': 230 + y: 230 z: 1 embeds: [] 4ce96dbe-d564-4f30-a44e-a0e7f6e46690: @@ -231,7 +226,7 @@ Metadata: height: 60 position: x: 320 - 'y': 230 + y: 230 z: 1 embeds: [] isassociatedwith: @@ -242,7 +237,7 @@ Metadata: height: 60 position: x: 320 - 'y': 120 + y: 120 z: 1 embeds: [] 3cea84fe-dd19-4f81-a096-11f383b7a893: @@ -251,7 +246,7 @@ Metadata: height: 60 position: x: 320 - 'y': 0 + y: 0 z: 0 embeds: [] iscontainedinside: diff --git a/iam/iam.yaml b/iam/iam.yaml index b75a392..a1748d9 100644 --- a/iam/iam.yaml +++ b/iam/iam.yaml @@ -54,4 +54,4 @@ Resources: Type: AWS::IAM::UserToGroupAddition Properties: GroupName: !Ref 'CFNAdminGroup' - Users: [] \ No newline at end of file + Users: [] diff --git a/kms/kms.yaml b/kms/kms.yaml index b4cbf6e..0973be0 100644 --- a/kms/kms.yaml +++ b/kms/kms.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: myKey: Type: AWS::KMS::Key @@ -11,39 +11,39 @@ Resources: Version: '2012-10-17' Id: key-default-1 Statement: - - Sid: Enable IAM User Permissions - Effect: Allow - Principal: - AWS: '*' - Action: kms:* - Resource: '*' - - Sid: Allow administration of the key - Effect: Allow - Principal: - AWS: '*' - Action: - - kms:Create* - - kms:Describe* - - kms:Enable* - - kms:List* - - kms:Put* - - kms:Update* - - kms:Revoke* - - kms:Disable* - - kms:Get* - - kms:Delete* - - kms:ScheduleKeyDeletion - - kms:CancelKeyDeletion - Resource: '*' - - Sid: Allow use of the key - Effect: Allow - Principal: - AWS: '*' - Action: - - kms:DescribeKey - - kms:Encrypt - - kms:Decrypt - - kms:ReEncrypt* - - kms:GenerateDataKey - - kms:GenerateDataKeyWithoutPlaintext - Resource: '*' \ No newline at end of file + - Sid: Enable IAM User Permissions + Effect: Allow + Principal: + AWS: '*' + Action: kms:* + Resource: '*' + - Sid: Allow administration of the key + Effect: Allow + Principal: + AWS: '*' + Action: + - kms:Create* + - kms:Describe* + - kms:Enable* + - kms:List* + - kms:Put* + - kms:Update* + - kms:Revoke* + - kms:Disable* + - kms:Get* + - kms:Delete* + - kms:ScheduleKeyDeletion + - kms:CancelKeyDeletion + Resource: '*' + - Sid: Allow use of the key + Effect: Allow + Principal: + AWS: '*' + Action: + - kms:DescribeKey + - kms:Encrypt + - kms:Decrypt + - kms:ReEncrypt* + - kms:GenerateDataKey + - kms:GenerateDataKeyWithoutPlaintext + Resource: '*' diff --git a/lambda/lambda-sample.yaml b/lambda/lambda-sample.yaml index 15bb90d..481167b 100644 --- a/lambda/lambda-sample.yaml +++ b/lambda/lambda-sample.yaml @@ -1,70 +1,62 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Description: Template for Lambda Sample. Parameters: EnvName: Type: String - Description: 'Name of an environment. ''dev'', ''staging'', ''prod'' and any name.' - AllowedPattern: '^.*[^0-9]$' + Description: Name of an environment. 'dev', 'staging', 'prod' and any name. + AllowedPattern: ^.*[^0-9]$ ConstraintDescription: Must end with non-numeric character. LambdaHandlerPath: Type: String Description: Path of a Lambda Handler. - AllowedPattern: '^.*[^0-9]$' + AllowedPattern: ^.*[^0-9]$ ConstraintDescription: Must end with non-numeric character. Outputs: LambdaRoleARN: Description: Role for Lambda execution. - Value: !GetAtt - - LambdaRole - - Arn + Value: !GetAtt 'LambdaRole.Arn' Export: - Name: !Sub LambdaRole + Name: !Sub 'LambdaRole' LambdaFunctionName: - Value: !Ref LambdaFunction + Value: !Ref 'LambdaFunction' LambdaFunctionARN: Description: Lambda function ARN. - Value: !GetAtt - - LambdaFunction - - Arn + Value: !GetAtt 'LambdaFunction.Arn' Export: Name: !Sub 'LambdaARN-${EnvName}' Resources: LambdaRole: - Type: 'AWS::IAM::Role' + Type: AWS::IAM::Role Properties: - RoleName: !Sub lambda-role + RoleName: !Sub 'lambda-role' AssumeRolePolicyDocument: Statement: - Action: - - 'sts:AssumeRole' + - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com - Version: 2012-10-17 + Version: '2012-10-17' ManagedPolicyArns: - - 'arn:aws:iam::aws:policy/AWSLambdaExecute' - - 'arn:aws:iam::aws:policy/AmazonS3FullAccess' - - 'arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess' - - 'arn:aws:iam::aws:policy/AmazonKinesisFullAccess' + - arn:aws:iam::aws:policy/AWSLambdaExecute + - arn:aws:iam::aws:policy/AmazonS3FullAccess + - arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess + - arn:aws:iam::aws:policy/AmazonKinesisFullAccess Path: / LambdaFunction: - Type: 'AWS::Lambda::Function' + Type: AWS::Lambda::Function Properties: PackageType: Image FunctionName: !Sub 'lambda-function-${EnvName}' Description: LambdaFunctioni of nodejs10.x. Runtime: nodejs10.x Code: - ZipFile: |- - exports.handler = function(event, context){ - var sample = sample; - Handler: '${LambdaHandlerPath}' + ZipFile: "exports.handler = function(event, context){\n var sample = sample;" + Handler: ${LambdaHandlerPath} MemorySize: 128 Timeout: 10 - Role: !GetAtt - - LambdaRole - - Arn + Role: !GetAtt 'LambdaRole.Arn' TracingConfig: Mode: PassThrough Environment: @@ -75,23 +67,15 @@ Resources: Type: AWS::Lambda::EventSourceMapping Properties: SourceAccessConfigurations: - - Type: "BASIC_AUTH" - URI: "http://localhost:8000" - EventSourceArn: - Fn::Join: - - "" - - - - "arn:aws:kinesis:" - - - Ref: "AWS::Region" - - ":" - - - Ref: "AWS::AccountId" - - ":stream/" - - - Ref: "KinesisStream" - FunctionName: - Fn::GetAtt: - - "LambdaFunction" - - "Arn" - StartingPosition: "TRIM_HORIZON" \ No newline at end of file + - Type: BASIC_AUTH + URI: http://localhost:8000 + EventSourceArn: !Join + - '' + - - 'arn:aws:kinesis:' + - !Ref 'AWS::Region' + - ':' + - !Ref 'AWS::AccountId' + - :stream/ + - !Ref 'KinesisStream' + FunctionName: !GetAtt 'LambdaFunction.Arn' + StartingPosition: TRIM_HORIZON diff --git a/leaked_secret/secret.yaml b/leaked_secret/secret.yaml index 3db5d8a..1233591 100644 --- a/leaked_secret/secret.yaml +++ b/leaked_secret/secret.yaml @@ -1,38 +1,31 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: MyProxyFunction: - Type: 'AWS::Lambda::Function' + Type: AWS::Lambda::Function Properties: - Environment: + Environment: Variables: - AWS_SECRET_ACCESS_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" - AWS_ACCESS_KEY_ID: "ASIAIOSFODNN7EXAMPLE" - AWS_ACCOUNT_ID: "123456789012" + AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + AWS_ACCESS_KEY_ID: ASIAIOSFODNN7EXAMPLE + AWS_ACCOUNT_ID: '123456789012' Runtime: nodejs12.x - Role: !GetAtt - - FunctionExecutionRole - - Arn + Role: !GetAtt 'FunctionExecutionRole.Arn' Handler: index.handler Code: - ZipFile: | - exports.handler = async (event) => { - const response = { - statusCode: 200, - body: JSON.stringify('Hello from Lambda!'), - }; - return response; - }; + ZipFile: "exports.handler = async (event) => {\n const response = {\n \ + \ statusCode: 200,\n body: JSON.stringify('Hello from Lambda!'),\n\ + \ };\n return response;\n};\n" FunctionExecutionRole: - Type: 'AWS::IAM::Role' + Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: - Version: 2012-10-17 + Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - - 'sts:AssumeRole' + - sts:AssumeRole ManagedPolicyArns: - - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole' \ No newline at end of file + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole diff --git a/msk/msk.yaml b/msk/msk.yaml index 4ffa700..0c76bb0 100644 --- a/msk/msk.yaml +++ b/msk/msk.yaml @@ -1,13 +1,15 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Description: MSK Cluster with all properties Parameters: SubnetIds: Type: List + Default: !Ref 'SubnetIds' SecurityGroups: Type: List + Default: !Ref 'SecurityGroups' Resources: TestCluster: - Type: 'AWS::MSK::Cluster' + Type: AWS::MSK::Cluster Properties: ClusterName: ClusterWithAllProperties KafkaVersion: 2.2.1 @@ -15,18 +17,16 @@ Resources: EnhancedMonitoring: PER_BROKER EncryptionInfo: EncryptionAtRest: - DataVolumeKMSKeyId: "" + DataVolumeKMSKeyId: '' EncryptionInTransit: ClientBroker: PLAINTEXT InCluster: false - Tags: - Environment: Test - Owner: QATeam + Tags: null BrokerNodeGroupInfo: BrokerAZDistribution: DEFAULT InstanceType: kafka.m5.large - SecurityGroups: !Ref SecurityGroups + SecurityGroups: !Ref 'SecurityGroups' StorageInfo: EBSStorageInfo: VolumeSize: 100 - ClientSubnets: !Ref SubnetIds \ No newline at end of file + ClientSubnets: !Ref 'SubnetIds' diff --git a/rds/rds.yaml b/rds/rds.yaml index 6d38a34..953f7f4 100644 --- a/rds/rds.yaml +++ b/rds/rds.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Description: Aurora serverless cluster Parameters: DatabaseName: @@ -15,7 +15,7 @@ Parameters: NoEcho: true Default: masterpassword VpcSecurityGroupId: - Type: 'AWS::EC2::SecurityGroup::Id' + Type: AWS::EC2::SecurityGroup::Id DBUser: NoEcho: 'true' Description: The database admin account username @@ -24,7 +24,8 @@ Parameters: MinLength: '1' MaxLength: '16' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' - ConstraintDescription: must begin with a letter and contain only alphanumeric characters. + ConstraintDescription: must begin with a letter and contain only alphanumeric + characters. DBPassword: NoEcho: 'true' Description: The database admin account password @@ -36,37 +37,36 @@ Parameters: ConstraintDescription: must contain only alphanumeric characters. Resources: Cluster: - Type: 'AWS::RDS::DBCluster' + Type: AWS::RDS::DBCluster Properties: Engine: aurora EngineMode: serverless - EngineVersion: !Ref EngineVersion - DatabaseName: !Ref DatabaseName - MasterUsername: !Ref MasterUsername + EngineVersion: !Ref 'EngineVersion' + DatabaseName: !Ref 'DatabaseName' + MasterUsername: !Ref 'MasterUsername' MasterUserPassword: Root1234 BackupRetentionPeriod: 0 DeletionProtection: false StorageEncrypted: false VpcSecurityGroupIds: - - !Ref VpcSecurityGroupId + - !Ref 'VpcSecurityGroupId' myDB: - Type: 'AWS::RDS::DBInstance' + Type: AWS::RDS::DBInstance Properties: AllocatedStorage: '100' DBInstanceClass: db.t2.small Engine: MySQL Iops: '1000' - MasterUsername: !Ref DBUser - MasterUserPassword: !Ref DBPassword + MasterUsername: !Ref 'DBUser' + MasterUserPassword: !Ref 'DBPassword' StorageEncrypted: false MultiAZ: false CopyTagsToSnapshot: false BackupRetentionPeriod: 0 AutoMinorVersionUpgrade: false PubliclyAccessible: true - GlobalCluster: - Type: 'AWS::RDS::GlobalCluster' + Type: AWS::RDS::GlobalCluster Properties: - GlobalClusterIdentifier: "" - SourceDBClusterIdentifier: !Ref Cluster + GlobalClusterIdentifier: '' + SourceDBClusterIdentifier: !Ref 'Cluster' diff --git a/route53/route53.yaml b/route53/route53.yaml index 9258979..8c44c47 100644 --- a/route53/route53.yaml +++ b/route53/route53.yaml @@ -3,10 +3,10 @@ Resources: myDNSRecord: Type: AWS::Route53::RecordSet Properties: - HostedZoneId : Z8VLZEXAMPLE + HostedZoneId: Z8VLZEXAMPLE Name: test.example.com ResourceRecords: - - 192.0.2.99 + - 192.0.2.99 TTL: 900 Type: AAAA myDNSOne: diff --git a/s3/deploy.yaml b/s3/deploy.yaml index c8d3fe1..c1010cc 100644 --- a/s3/deploy.yaml +++ b/s3/deploy.yaml @@ -1,16 +1,15 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Metadata: License: Apache-2.0 Description: >- - AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: - Sample template showing how to create a publicly accessible S3 bucket - configured for website access with a deletion policy of retain on delete. - **WARNING** This template creates an S3 bucket that will NOT be deleted when - the stack is deleted. You will be billed for the AWS resources used if you - create a stack from this template. + AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: Sample + template showing how to create a publicly accessible S3 bucket configured for website + access with a deletion policy of retain on delete. **WARNING** This template creates + an S3 bucket that will NOT be deleted when the stack is deleted. You will be billed + for the AWS resources used if you create a stack from this template. Resources: S3Bucket: - Type: 'AWS::S3::Bucket' + Type: AWS::S3::Bucket Properties: AccessControl: PublicRead WebsiteConfiguration: @@ -18,45 +17,41 @@ Resources: ErrorDocument: error.html DeletionPolicy: Retain S3BUCKETPOL: - Type: 'AWS::S3::BucketPolicy' + Type: AWS::S3::BucketPolicy Properties: - Bucket: !Ref S3BUCKET + Bucket: !Ref 'S3BUCKET' PolicyDocument: Id: CrossAccessPolicy - Version: 2012-10-17 + Version: '2012-10-17' Statement: - Sid: CrossAccPolicyDoc Action: - - 's3:GetObject' + - s3:GetObject Effect: Allow Resource: !Sub 'arn:aws:s3:::${S3BUCKET}/*' Principal: '*' - Sid: HttpsOnly Action: - - 's3:DeleteObject' + - s3:DeleteObject Effect: Allow Resource: !Sub 'arn:aws:s3:::${BucketName}/*' Principal: '*' Condition: StringLike: - 'aws:SecureTransport': false + aws:SecureTransport: false - Sid: IPAllow Action: - - 's3:PutObject' + - s3:PutObject Effect: Allow Resource: !Sub 'arn:aws:s3:::${BucketName}/*' Principal: '*' Outputs: WebsiteURL: - Value: !GetAtt - - S3Bucket - - WebsiteURL + Value: !GetAtt 'S3Bucket.WebsiteURL' Description: URL for website hosted on S3 S3BucketSecureURL: - Value: !Join + Value: !Join - '' - - - 'https://' - - !GetAtt - - S3Bucket - - DomainName + - - https:// + - !GetAtt 'S3Bucket.DomainName' Description: Name of S3 bucket to hold website content diff --git a/secret_manager/secret_manager.yaml b/secret_manager/secret_manager.yaml index 5faee19..169c867 100644 --- a/secret_manager/secret_manager.yaml +++ b/secret_manager/secret_manager.yaml @@ -1,4 +1,3 @@ ---- AWSTemplateFormatVersion: '2010-09-09' Resources: TestVPC: @@ -11,40 +10,32 @@ Resources: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.96.0/19 - AvailabilityZone: - Fn::Select: + AvailabilityZone: !Select - '0' - - Fn::GetAZs: - Ref: AWS::Region - VpcId: - Ref: TestVPC + - !GetAZs + Ref: AWS::Region + VpcId: !Ref 'TestVPC' TestSubnet02: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.128.0/19 - AvailabilityZone: - Fn::Select: + AvailabilityZone: !Select - '1' - - Fn::GetAZs: - Ref: AWS::Region - VpcId: - Ref: TestVPC + - !GetAZs + Ref: AWS::Region + VpcId: !Ref 'TestVPC' SecretsManagerVPCEndpoint: Type: AWS::EC2::VPCEndpoint Properties: SubnetIds: - - Ref: TestSubnet01 - - Ref: TestSubnet02 + - !Ref 'TestSubnet01' + - !Ref 'TestSubnet02' SecurityGroupIds: - - Fn::GetAtt: - - TestVPC - - DefaultSecurityGroup + - !GetAtt 'TestVPC.DefaultSecurityGroup' VpcEndpointType: Interface - ServiceName: - Fn::Sub: com.amazonaws.${AWS::Region}.secretsmanager + ServiceName: !Sub 'com.amazonaws.${AWS::Region}.secretsmanager' PrivateDnsEnabled: true - VpcId: - Ref: TestVPC + VpcId: !Ref 'TestVPC' MyRDSInstanceRotationSecret: Type: AWS::SecretsManager::Secret Properties: @@ -52,54 +43,41 @@ Resources: SecretStringTemplate: '{"username": "admin"}' GenerateStringKey: password PasswordLength: 16 - ExcludeCharacters: "\"@/\\" - Tags: - - Key: AppName - Value: MyApp + ExcludeCharacters: '"@/\' + Tags: null MyDBInstance: Type: AWS::RDS::DBInstance Properties: AllocatedStorage: 20 DBInstanceClass: db.t3.micro Engine: mysql - DBSubnetGroupName: - Ref: MyDBSubnetGroup - MasterUsername: - Fn::Sub: "{{resolve:secretsmanager:${MyRDSInstanceRotationSecret}::username}}" - MasterUserPassword: - Fn::Sub: "{{resolve:secret:${MyRDSInstanceRotationSecret}::password}}" + DBSubnetGroupName: !Ref 'MyDBSubnetGroup' + MasterUsername: !Sub '{{resolve:secretsmanager:${MyRDSInstanceRotationSecret}::username}}' + MasterUserPassword: !Sub '{{resolve:secret:${MyRDSInstanceRotationSecret}::password}}' BackupRetentionPeriod: 0 VPCSecurityGroups: - - Fn::GetAtt: - - TestVPC - - DefaultSecurityGroup + - !GetAtt 'TestVPC.DefaultSecurityGroup' MyDBSubnetGroup: Type: AWS::RDS::DBSubnetGroup Properties: DBSubnetGroupDescription: Test Group SubnetIds: - - Ref: TestSubnet01 - - Ref: TestSubnet02 + - !Ref 'TestSubnet01' + - !Ref 'TestSubnet02' SecretRDSInstanceAttachment: Type: AWS::SecretsManager::SecretTargetAttachment Properties: - SecretId: - Ref: MyRDSInstanceRotationSecret - TargetId: - Ref: MyDBInstance + SecretId: !Ref 'MyRDSInstanceRotationSecret' + TargetId: !Ref 'MyDBInstance' TargetType: AWS::RDS::DBInstance MySecretRotationSchedule: Type: AWS::SecretsManager::RotationSchedule DependsOn: SecretRDSInstanceAttachment Properties: - SecretId: - Ref: MyRDSInstanceRotationSecret + SecretId: !Ref 'MyRDSInstanceRotationSecret' HostedRotationLambda: RotationType: MySQLSingleUser RotationLambdaName: SecretsManagerRotation - VpcSecurityGroupIds: - Fn::GetAtt: - - TestVPC - - DefaultSecurityGroup + VpcSecurityGroupIds: !GetAtt 'TestVPC.DefaultSecurityGroup' RotationRules: AutomaticallyAfterDays: 30 diff --git a/security_group/security_group.yaml b/security_group/security_group.yaml index a75d42d..50ceb0b 100644 --- a/security_group/security_group.yaml +++ b/security_group/security_group.yaml @@ -1,13 +1,13 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Metadata: License: Apache-2.0 Description: >- - AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create - an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based - on the region in which the stack is run. This example creates an EC2 security - group for the instance to give you SSH access. **WARNING** This template - creates an Amazon EC2 instance. You will be billed for the AWS resources used - if you create a stack from this template. + AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create an + Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the + region in which the stack is run. This example creates an EC2 security group for + the instance to give you SSH access. **WARNING** This template creates an Amazon + EC2 instance. You will be billed for the AWS resources used if you create a stack + from this template. Parameters: InstanceType: Description: WebServer EC2 instance type @@ -62,22 +62,22 @@ Parameters: Type: String MinLength: 9 MaxLength: 18 - Default: 0.0.0.0/0 - AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' + Default: '0.0.0.0/0' + AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. LatestAmiId: - Type: 'AWS::SSM::Parameter::Value' + Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Resources: EC2Instance: - Type: 'AWS::EC2::Instance' + Type: AWS::EC2::Instance Properties: - InstanceType: !Ref InstanceType + InstanceType: !Ref 'InstanceType' SecurityGroups: - - !Ref InstanceSecurityGroup - ImageId: !Ref LatestAmiId + - !Ref 'InstanceSecurityGroup' + ImageId: !Ref 'LatestAmiId' InstanceSecurityGroup: - Type: 'AWS::EC2::SecurityGroup' + Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable SSH access via internet GroupName: default @@ -85,183 +85,177 @@ Resources: - IpProtocol: tcp FromPort: '8080' ToPort: '8080' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '445' ToPort: '445' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '53' ToPort: '53' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '20' ToPort: '23' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '20' ToPort: '20' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '4333' ToPort: '4333' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '3306' ToPort: '3306' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '137' ToPort: '137' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '138' ToPort: '138' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '5432' ToPort: '5432' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '3389' ToPort: '3389' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '25' ToPort: '25' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '1433' ToPort: '1433' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '1434' ToPort: '1434' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '23' ToPort: '23' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '5500' ToPort: '5500' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '5900' ToPort: '5900' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '135' ToPort: '135' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '22' ToPort: '22' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '8080' ToPort: '8080' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '8001' ToPort: '8001' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '8332' ToPort: '8333' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '8545' ToPort: '8545' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '30303' ToPort: '30303' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '1521' ToPort: '1521' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '5000' ToPort: '5000' - CidrIp: 0.0.0.0/0 + CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: '5984' ToPort: '5984' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '6379' ToPort: '6380' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '9042' ToPort: '9042' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '11211' ToPort: '11211' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '27017' ToPort: '27017' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '28015' ToPort: '28015' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '29015' ToPort: '29015' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '50000' ToPort: '50000' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '69' ToPort: '69' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '9300' ToPort: '9300' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '5601' ToPort: '5601' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '2379' ToPort: '2379' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '5986' ToPort: '5986' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '5985' ToPort: '5985' - CidrIpv6: '::/0' + CidrIpv6: ::/0 - IpProtocol: tcp FromPort: '1270' ToPort: '1270' - CidrIpv6: '::/0' + CidrIpv6: ::/0 Outputs: InstanceId: Description: InstanceId of the newly created EC2 instance - Value: !Ref EC2Instance + Value: !Ref 'EC2Instance' AZ: Description: Availability Zone of the newly created EC2 instance - Value: !GetAtt - - EC2Instance - - AvailabilityZone + Value: !GetAtt 'EC2Instance.AvailabilityZone' PublicDNS: Description: Public DNSName of the newly created EC2 instance - Value: !GetAtt - - EC2Instance - - PublicDnsName + Value: !GetAtt 'EC2Instance.PublicDnsName' PublicIP: Description: Public IP address of the newly created EC2 instance - Value: !GetAtt - - EC2Instance - - PublicIp + Value: !GetAtt 'EC2Instance.PublicIp' diff --git a/sns/sns.yaml b/sns/sns.yaml index 846a1bf..64fb3b3 100644 --- a/sns/sns.yaml +++ b/sns/sns.yaml @@ -1,37 +1,39 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: myHttpEndpoint: Type: String + Default: !Ref 'myHttpEndpoint' OperatorEmail: Description: Email address to notify when new logs are published. Type: String + Default: !Ref 'OperatorEmail' Resources: Topic: - Type: 'AWS::SNS::Topic' + Type: AWS::SNS::Topic Properties: Subscription: - - Endpoint: !Ref OperatorEmail + - Endpoint: !Ref 'OperatorEmail' Protocol: email TopicPolicy: - Type: 'AWS::SNS::TopicPolicy' + Type: AWS::SNS::TopicPolicy Properties: Topics: - - !Ref Topic + - !Ref 'Topic' PolicyDocument: - Version: 2008-10-17 + Version: '2008-10-17' Statement: - Sid: AWSCloudTrailSNSPolicy Effect: Allow Principal: Service: cloudtrail.amazonaws.com - AWS: "*" + AWS: '*' Resource: '*' - Action: 'SNS:Publish' + Action: SNS:Publish SCMSubscription: - Type: 'AWS::SNS::Subscription' + Type: AWS::SNS::Subscription Properties: - TopicArn: !Ref Topic - Endpoint: !Ref myHttpEndpoint + TopicArn: !Ref 'Topic' + Endpoint: !Ref 'myHttpEndpoint' Protocol: http DeliveryPolicy: healthyRetryPolicy: diff --git a/sqs/sqs.yaml b/sqs/sqs.yaml index 62a9f36..36ac3ca 100644 --- a/sqs/sqs.yaml +++ b/sqs/sqs.yaml @@ -1,19 +1,19 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: SampleSQSPolicy: Type: AWS::SQS::QueuePolicy Properties: Queues: - - "https://sqs:us-east-2.amazonaws.com/444455556666/queue2" + - https://sqs:us-east-2.amazonaws.com/444455556666/queue2 PolicyDocument: Statement: - Action: - - "SQS:SendMessage" - - "SQS:ReceiveMessage" - - "*" - Effect: "Allow" - Resource: "arn:aws:sqs:us-east-2:444455556666:queue2" + - SQS:SendMessage + - SQS:ReceiveMessage + - '*' + Effect: Allow + Resource: arn:aws:sqs:us-east-2:444455556666:queue2 Principal: AWS: - - "111122223333" - - "*" + - '111122223333' + - '*' diff --git a/synthetic/synthetic.yaml b/synthetic/synthetic.yaml index 058ed93..f6a1651 100644 --- a/synthetic/synthetic.yaml +++ b/synthetic/synthetic.yaml @@ -1,16 +1,43 @@ AWSTemplateFormatVersion: '2010-09-09' Resources: - SyntheticsCanary: - Type: 'AWS::Synthetics::Canary' - Properties: - Name: samplecanary - ExecutionRoleArn: 'arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary' - Code: {Handler: pageLoadBlueprint.handler, Script: "var synthetics = require('Synthetics');\nconst log = require('SyntheticsLogger');\nconst pageLoadBlueprint = async function () {\n// INSERT URL here\nconst URL = \"https://amazon.com\";\n\nlet page = await synthetics.getPage();\nconst response = await page.goto(URL, {waitUntil: 'domcontentloaded', timeout: 30000});\n//Wait for page to render.\n//Increase or decrease wait time based on endpoint being monitored.\nawait page.waitFor(15000);\nawait synthetics.takeScreenshot('loaded', 'loaded');\nlet pageTitle = await page.title();\nlog.info('Page title: ' + pageTitle);\nif (response.status() !== 200) {\n throw \"Failed to load page!\";\n}\n};\n\nexports.handler = async () => {\nreturn await pageLoadBlueprint();\n};\n"} - ArtifactS3Location: "" - RuntimeVersion: syn-1.0 - Schedule: {Expression: 'rate(1 minute)', DurationInSeconds: 3600} - RunConfig: {TimeoutInSeconds: 60} - FailureRetentionPeriod: 30 - SuccessRetentionPeriod: 30 - Tags: [{Key: key00AtCreate, Value: value001AtCreate}] - StartCanaryAfterCreation: false + SyntheticsCanary: + Type: AWS::Synthetics::Canary + Properties: + Name: samplecanary + ExecutionRoleArn: arn:aws:iam::123456789012:role/my-lambda-execution-role-to-run-canary + Code: + Handler: pageLoadBlueprint.handler + Script: | + var synthetics = require('Synthetics'); + const log = require('SyntheticsLogger'); + const pageLoadBlueprint = async function () { + // INSERT URL here + const URL = "https://amazon.com"; + + let page = await synthetics.getPage(); + const response = await page.goto(URL, {waitUntil: 'domcontentloaded', timeout: 30000}); + //Wait for page to render. + //Increase or decrease wait time based on endpoint being monitored. + await page.waitFor(15000); + await synthetics.takeScreenshot('loaded', 'loaded'); + let pageTitle = await page.title(); + log.info('Page title: ' + pageTitle); + if (response.status() !== 200) { + throw "Failed to load page!"; + } + }; + + exports.handler = async () => { + return await pageLoadBlueprint(); + }; + ArtifactS3Location: '' + RuntimeVersion: syn-1.0 + Schedule: + Expression: rate(1 minute) + DurationInSeconds: 3600 + RunConfig: + TimeoutInSeconds: 60 + FailureRetentionPeriod: 30 + SuccessRetentionPeriod: 30 + Tags: null + StartCanaryAfterCreation: false diff --git a/timestream/timestream.yaml b/timestream/timestream.yaml index 57f7b5e..6cac15b 100644 --- a/timestream/timestream.yaml +++ b/timestream/timestream.yaml @@ -1,10 +1,8 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Resources: TimeStreamDatabase: Type: AWS::Timestream::Database Properties: - DatabaseName: "TimeStream" - KmsKeyId: "" - Tags: - - key: "timestream" - value: database + DatabaseName: TimeStream + KmsKeyId: '' + Tags: null diff --git a/transfer/transfer.json b/transfer/transfer.json index 40754a5..b4b4f3b 100644 --- a/transfer/transfer.json +++ b/transfer/transfer.json @@ -27,12 +27,7 @@ "Url": "API_GATEWAY-Invocation-URL" }, "IdentityProviderType": "API_GATEWAY", - "Tags": [ - { - "Key": "KeyName", - "Value": "ValueName" - } - ] + "Tags": null } } } diff --git a/vpc/vpc.yaml b/vpc/vpc.yaml index 981ab4d..bf38c7f 100644 --- a/vpc/vpc.yaml +++ b/vpc/vpc.yaml @@ -1,20 +1,21 @@ -AWSTemplateFormatVersion: 2010-09-09 +AWSTemplateFormatVersion: '2010-09-09' Parameters: MyVPC: - Type: 'AWS::EC2::VPC::Id' - Description: Choose which VPC the Application Load Balancer should be deployed to + Type: AWS::EC2::VPC::Id + Description: Choose which VPC the Application Load Balancer should be deployed + to + Default: !Ref 'MyVPC' Resources: mySubnet: - Type: 'AWS::EC2::Subnet' + Type: AWS::EC2::Subnet Properties: MapPublicIpOnLaunch: true - VpcId: !Ref MyVPC + VpcId: !Ref 'MyVPC' CidrBlock: 172.31.48.0/20 - AvailabilityZone: !Select + AvailabilityZone: !Select - '0' - - !GetAZs - Ref: 'AWS::Region' - + - !GetAZs + Ref: AWS::Region VPCEndpointService: Type: AWS::EC2::VPCEndpointService Properties: {} diff --git a/workspace/workspace.json b/workspace/workspace.json index ebca75d..cbe4cb6 100644 --- a/workspace/workspace.json +++ b/workspace/workspace.json @@ -7,9 +7,7 @@ "BundleId": "", "DirectoryId": "", "RootVolumeEncryptionEnabled": false, - "Tags": [ - "Tag" - ], + "Tags": null, "UserName": "root", "UserVolumeEncryptionEnabled": false, "VolumeEncryptionKey": "",