stelligent/cloudformation-custom-resources stelligent/cloudformation-custom-resources

  • Stars
    star
    122
  • Rank 290,366 (Top 6 %)
  • Language
    Java
  • License
    MIT License
  • Created almost 7 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
stelligent/cloudformation-custom-resources
github

stelligent

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

cloudformation-custom-resources

This repository contains stub code for setting up Lambda-backed CloudFormation Custom Resources.

What is a custom resource?

CloudFormation has lots of defined resources that you can use to provision AWS resources. However, if you want to provision an AWS resource that CloudFormation doesn't support yet, or if you want to include some complicated logic during your CloudFormation stack creation / update / deletion, you can use a custom resource to do that easily. Custom resources are basically just Lambda functions that get called by CloudFormation. While not complicated, they do require a bit of configuration to get going. This repository is design to kickstart building custom resources, having the scaffolding for Python, Node.js, and Java functions (Ruby coming soon!) and examples in both YML and JSON.

How do I use this repository?

This repository contains a superset of what you'll need to get started using custom resources. It has sample templates in both JSON and YML formats (in the cfn/ dir), as well as the scaffolding for Lambda functions in Node.js, Python, and Java (in the lambdas/ dir). You can pick whichever one is the best choice for you and run with it.

For the sample templates, there are two flavors available: create-and-use of a custom resource in a single template, or separate templates for creation and use of the custom resouce. If you're going to be re-using your custom resource from a lot of other templates, you'll probably want to use separate templates for each, as having them in the same template will create a copy of the Lambda function for each stack. While the costs associated with that are negligible, if you're provisioning a lot of stacks it can make a mess pretty easily.

Once you've decided on which languages you'll want to use, you simply have to implement the logic for the create, read, and update actions that CloudFormation will send you. Depending on what your custom resource does, you may not need to implement them all, or you may re-use the logic for multiple actions. The documentation for CloudFormation custom resources is here, and gives details on the request object your code should expect, and the responses that CloudFormation accepts.

Running the templates

Note: these directions assume you have the AWS CLI installed and configured.

These templates are designed to load the Lambda functions from an S3 bucket. While it is possible to keep the entire Lambda code inside the template, that is a road that gets painful very quickly so it's best avoid. So there first thing you'll need to do is to create a bucket to stage your Lambda function code in:

aws s3 mb s3://whatever-you-wanna-call-your-bucket

Once that's in place, you can use the following commands to zip, upload, and then kick off the CloudFormation templates. These examples are for the Python flavor, but are easily adaptable to Node.js or Java:

create_stack=create-custom-rsc
use_stack=use-custom-rsc
bucket=whatever-you-wanna-call-your-bucket

# if you're using Node.js or Java, change this to match that directory name
pushd lambda/python
rm -rf tmp
mkdir -p tmp
zip tmp/custom-resource.zip customresource.* 
aws s3 cp tmp/custom-resource.zip s3://${bucket}/custom-resource.zip
rm -rf tmp
popd 
# And then change the LambdaRuntime parameter
aws cloudformation create-stack \
  --stack-name $create_stack \
  --template-body file://cfn/json/create-custom-resource.json \
  --capabilities CAPABILITY_IAM \
  --disable-rollback \
  --parameters \
    ParameterKey="S3Bucket",ParameterValue="${bucket}" \
    ParameterKey="S3Key",ParameterValue="custom-resource.zip" \
    ParameterKey="ModuleName",ParameterValue="customresource" \
    ParameterKey="LambdaRuntime",ParameterValue="python2.7"

# the sleep call is here if you're running this in a script -- it takes about that long for the Lambda function to deploy.
# if you're running this by hand, you can skip that part.
sleep 30
custom_function_arn=$(aws cloudformation describe-stacks --stack-name $create_stack --query Stacks[*].Outputs[?OutputKey==\'CustomFunctionArn\'].OutputValue --output text)

aws cloudformation create-stack \
  --stack-name $use_stack \
  --template-body file://cfn/json/use-custom-resource.json \
  --disable-rollback \
  --parameters \
    ParameterKey="CustomFunctionArn",ParameterValue="$custom_function_arn"

But, Java.

If you're looking to get the Java function running, the concepts are the same but the steps differ slightly because everything is harder in Java. :) Instead of making a zip file, we'll use maven to download all the dependencies and create a jar file, which we'll then upload into S3. You'll also need to include an extra parameter, HandlerName, so that Lambda knows which class and method to call. Here's an example of how you build and deploy the Java function:

pushd lambda/java 
rm -rf target 
mvn package
aws s3 cp target/customresource-1.0.0.jar s3://${bucket}/customresource-1.0.0.jar
mvn clean
popd
aws cloudformation create-stack \
  --stack-name $create_stack \
  --template-body file://cfn/json/create-custom-resource.json \
  --capabilities CAPABILITY_IAM \
  --disable-rollback \
  --parameters \
    ParameterKey="S3Bucket",ParameterValue="${bucket}" \
    ParameterKey="S3Key",ParameterValue="customresource-1.0.0.jar" \
    ParameterKey="ModuleName",ParameterValue="com.stelligent.customresource" \
    ParameterKey="LambdaRuntime",ParameterValue="java8" \
    ParameterKey="HandlerName",ParameterValue="CustomResourceHandler"

Looking up the ARN of the function and creating a stack that uses the Java Lambda function is exactly the same.

Problems?

We did our best to test out these examples, but if you notice any problems with any of them, we would be much obliged if you could let us know by opening an issue!

Special Thanks

In true CloudFormation fashion, most of this work was built by finding something that kinda did what we wanted and then tweaking it until it worked. A lot of the concepts were based off the Looking Up Amazon Machine Image IDs from the official AWS documentation.

Also, I wanted to extend a special thank you to @dghadge for putting together the Java Lambda function and to @lhitchon for providing very helpful advice about the Python function.

More Repositories

1

cfn_nag

Linting tool for CloudFormation templates
Ruby
1,253
star
2

mu

A full-stack DevOps on AWS framework
Go
973
star
3

cloudformation_templates

AWS - CloudFormation Templates
Shell
571
star
4

config-lint

Command line tool to validate configuration files
HCL
193
star
5

devops-essentials

Source code samples for DevOps Essentials on AWS Complete Video Course
HTML
161
star
6

pipeline-dashboard

Simple dashboard for pipelines on AWS
JavaScript
155
star
7

dromedary

Sample app to demonstrate a working pipeline using Infrastructure as Code and AWS Code Services
JavaScript
106
star
8

stelligent-u

Templates and code for Stelligent U lessons
JavaScript
98
star
9

sagemaker-pipeline

Sagemaker pipeline for AWS Summit New York
Python
58
star
10

devopsinthecloud

HTML
50
star
11

stelligent_commons

Scripts and other utilities we commonly use
Ruby
48
star
12

aws-devsecops-workshop

A continuous security pipeline demo for the AWS DevSecOps Workshop.
Ruby
45
star
13

cfn-leaprog

cfn-LEAst-Privilege-ROle-Generator: Experimental tool for generating least privileged IAM roles for CloudFormation and Service Catalog Launch Constraints.
Ruby
40
star
14

dromedary-serverless

Dromedary...without servers.
JavaScript
38
star
15

serverspec-aws-resources

Some serverspec resources to allow testing AWS resources. This repository is deprecated - you should instead use: https://github.com/k1LoW/awspec
Ruby
27
star
16

microservice-exemplar

Sample microservice built with Spring Boot to manage bananas. 🍌
Java
23
star
17

mutato

Repo formerly known as mu-cdk. A.K.A Mu2. Pronounced: mew-tah-toe
TypeScript
23
star
18

config-rule-status

A project to create AWS Config Rules and use them to test AWS Resource compliance.
JavaScript
21
star
19

skaffold_on_aws

example of running skaffold on an aws eks cluster
HTML
21
star
20

continuous_integration_example

Demo project for Continuous Integration - from the book Continuous Integration (Duvall, et. al)
XSLT
20
star
21

opendelivery_platform

Open platform for CD
Ruby
17
star
22

tophat

If I have to stand up a Jenkins server ONE MORE TIME, I'm going to turn this car around!
Ruby
12
star
23

asgard-in-the-cloud

Setup Asgard in ten minutes using a CloudFormation and Chef.
Ruby
11
star
24

potemkin-decorator

Potemkin is a decorator to setup initial conditions for a boto "integration test" with real AWS services via CloudFormation, and to tear them down as well.
Python
11
star
25

keystore

Secure storage of secrets using Amazon Web Services
Ruby
10
star
26

crossing

Utility for storing objects in S3 while taking advantage of client side envelope encryption with KMS
Ruby
10
star
27

packer-ami-pipeline

Demo CodePipeline for building and publishing AMIs with Packer
Ruby
10
star
28

cfn-nag-pipeline

Lambda function to run cfn_nag in CodePipeline
Ruby
10
star
29

stelligent_pipelines

CI/CD pipelines
Shell
9
star
30

crossing-go

Utility for storing objects in S3 while taking advantage of client side envelope encryption with KMS
Go
9
star
31

aws-anchore-engine-scanner

This guide details steps and procedures you can follow to create, launch and implement your own standalone container scanning solution within AWS ecosystem. This approach uses an opensource container scanning tool called Anchore Engine as a proof-of-concept and provides examples of how Anchore integrates with your favorite CI/CD systems orchestration platforms.
Python
9
star
32

minimal-pipeline-gem

Minimal helpers for automating CloudFormation pipelines with ruby
Ruby
8
star
33

python-testing

Examples of testing with python related to AWS boto3 use
Python
7
star
34

zap

Build tools for OWASP Zed Attack Proxy
Ruby
7
star
35

cloudpatrol

Rails App for AWS Policy Management and Cleanup
Ruby
7
star
36

cfn-model

An object model for CloudFormation templates
Ruby
6
star
37

cfnctl

Control Cloudformation lifecycle
Python
6
star
38

inspector-status

A pipeline plugin to get the AWS Inspector findings from AWS Resources
Ruby
6
star
39

stelligent_demo

Python
6
star
40

aws_group_policy

templates for creating a full privilege group and a read only group, as well as a script for moving non-mfa'd users from the privileged group to the read only group
Ruby
6
star
41

aws-inspector-quickstart

aws-inspector-quickstart
Python
6
star
42

test-platform

Python
5
star
43

cfn_nag_examples

5
star
44

lockdown

AWS Emergency Compromise Response
Python
5
star
45

openvpn-ami

Automation for generating an OpenVPN AMI
Ruby
5
star
46

aws-int-test-rspec-helper

RSpec helper for doing AWS SDK integration testing
Ruby
5
star
47

ciexample_jenkins

5
star
48

honolulu_jenkins_cookbooks

Cookbooks for spinning up a Jenkins Server for the Honolulu Answers application
Ruby
5
star
49

jenkins_chef_cookbooks

A collection of cookbooks used to set up a Jenkins server
Ruby
4
star
50

empty-stack

Creating an empty stack in cloudformation to reduce the errors on creation.
Python
4
star
51

yq

YAML query, tool for querying YAML from the command line
Go
4
star
52

mu-cloud9

mu extension for AWS Cloud9
4
star
53

vpc-with-client-vpn

Shell
4
star
54

developer-sandboxes

Using Access Based Access Controls (Tags) in AWS to create Developer Sandboxes for EC2.
Python
4
star
55

stellitime-api

Example mini-app to use during interview process.
Python
3
star
56

cfn-nag-service

Exposes cfn-nag as a service through a Lambda/APIGW or Docker image
Ruby
3
star
57

drifter

Demo of CloudFormation Drift Detection
Shell
3
star
58

stelligent_jenkins_cookbooks

Cloudformation template, startup script, OpsWorks repo for setting up a production account VPC + Jenkins instance
Ruby
3
star
59

ghost-in-shell

Stelligent ghost in shell project repository
CSS
3
star
60

cloud-custodian-example

Example project for Cloud Custodian deployment using CloudFormation
3
star
61

cumulogenesis

Python
3
star
62

nando_automation_demo

nando_automation_demo
Python
3
star
63

sample-pipeline-with-cfn-nag

Sample repository to demonstrate using cfn_nag in CodePipeline
Makefile
3
star
64

deploy-button

functions and templates to have a deploy button for your code pipeline
Python
3
star
65

hab-demo-pipeline

POC for automating Habitat with AWS CodePipeline
JavaScript
2
star
66

utility-vagrants

A collection of utility VMs defined in a Vagrantfile
Shell
2
star
67

hamburgerstore

Data store for pipeline instance metadata. Nothing to do with hamburgers. Sorry.
Ruby
2
star
68

jenkins-factory

Ruby
2
star
69

banana-service

Sample microservice for mu Edit Add topics
Java
2
star
70

amz-linux-hardening

Ruby
2
star
71

aws-stubs-intro

Demonstrates the use of AWS Stubs for the Ruby v2 SDK
Ruby
2
star
72

devopsinthecloudpuppet

Puppet
2
star
73

jenkins_cookbooks

This is Stelligent's open source Jenkins server setup. It only have a few Jenkins-server-maintenance jobs, but is designed to be easily extended to create a pipeline for your application.
Ruby
2
star
74

mu-cfn_nag

mu extension for adding cfn_nag to your pipeline
2
star
75

parameter-store-example

Shows an example how to use the AWS Parameter Store Service
Ruby
2
star
76

serverless-synchronous-resource-plugin

Serverless plugin for deploying custom CFN stacks
JavaScript
2
star
77

mu-extension-example

JavaScript
2
star
78

docker-api-ecr-sample

Ruby
2
star
79

devopsinthecloudjenkins

1
star
80

mu-pipeline-dashboard

mu extension for Stelligent's Pipeline Dashboard
1
star
81

mu-elasticsearch

1
star
82

mu-minimal-ec2

Continuous Delivery for Microservices on EC2 with mu
Shell
1
star
83

iam_complexity_metrics

Experimenting with the notion of complexity metrics for IAM policy documents
Ruby
1
star
84

aws-trend-micro-dssc

An example of how to integrate Trend Micro Deep Security Smart Check with AWS CodePipeline
Makefile
1
star
85

dns-test

Testing multi-account public hosted zones
HTML
1
star
86

cfn-man

command line documentation for cloud formation resources
Python
1
star
87

MySQL-Vault

Shell
1
star
88

BenchOps-Resources

Useful resources from the bench
1
star
89

homebrew-tap

This is Stelligent's homebrew tap. Formulas should go in here.
Ruby
1
star
90

mu-workshop-lab1

Lab for learning mu
Java
1
star
91

lz-lambdas

Landing Zone Lambda Code
Python
1
star
92

iot-pipeline

JavaScript
1
star
93

elastic-volumes-lambda

Lambda and example terraform to demo automation of elastic volume live modifications
HCL
1
star
94

mu-workshop-lab2

Lab for learning mu
1
star
95

jenkins-worker-base

Provide a base docker image for jenkins workers
Shell
1
star
96

munatra

Mu implementation with Sinatra 'Hello World' app and CasperJS acceptance testing.
Ruby
1
star
97

opendelivery_jenkins

1
star
98

mu-workshop-lab3

Lab for learning mu
Java
1
star
99

cfn-nag-rule-repository-complete

Ruby
1
star
100

chat-app

A simple chat application for demo purposes
CSS
1
star