本文整理汇总了Python中troposphere.Sub方法的典型用法代码示例。如果您正苦于以下问题:Python troposphere.Sub方法的具体用法?Python troposphere.Sub怎么用?Python troposphere.Sub使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类troposphere
的用法示例。
在下文中一共展示了troposphere.Sub方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: create_instance_profile
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def create_instance_profile(c, RoleName, model, named=False):
cfn_name = scrub_name(RoleName + "InstanceProfile")
kw_args = {
"Path": "/",
"Roles": [Ref(scrub_name(RoleName + "Role"))]
}
if named:
kw_args["InstanceProfileName"] = RoleName
if "retain_on_delete" in model:
if model["retain_on_delete"] is True:
kw_args["DeletionPolicy"] = "Retain"
c.template[c.current_account].add_resource(InstanceProfile(
cfn_name,
**kw_args
))
if c.config['global']['template_outputs'] == "enabled":
c.template[c.current_account].add_output([
Output(
cfn_name + "Arn",
Description="Instance profile for Role " + RoleName + " ARN",
Value=Ref(cfn_name),
Export=Export(Sub("${AWS::StackName}-" + cfn_name + "Arn"))
)
])
示例2: add_role
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def add_role(c, RoleName, model, named=False):
cfn_name = scrub_name(RoleName + "Role")
kw_args = {
"Path": "/",
"AssumeRolePolicyDocument": build_role_trust(c, model['trusts']),
"ManagedPolicyArns": [],
"Policies": []
}
if named:
kw_args["RoleName"] = RoleName
if "managed_policies" in model:
kw_args["ManagedPolicyArns"] = parse_managed_policies(
c, model["managed_policies"], RoleName)
if "max_role_duration" in model:
kw_args['MaxSessionDuration'] = int(model["max_role_duration"])
if "retain_on_delete" in model:
if model["retain_on_delete"] is True:
kw_args["DeletionPolicy"] = "Retain"
c.template[c.current_account].add_resource(Role(
cfn_name,
**kw_args
))
if c.config['global']['template_outputs'] == "enabled":
c.template[c.current_account].add_output([
Output(
cfn_name + "Arn",
Description="Role " + RoleName + " ARN",
Value=GetAtt(cfn_name, "Arn"),
Export=Export(Sub("${AWS::StackName}-" + cfn_name + "Arn"))
)
])
示例3: as_ssm_parameter
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def as_ssm_parameter(self, command_name):
"""
Return representation of key-value tag for command in a form of SSM ParameterStore parameter.
:param command_name:
:return:
"""
return ssm.Parameter("{}{}Tag".format(command_name, self.name.title()),
Name=Sub('/owls/${{AWS::StackName}}/{}/{}'.format(command_name, self.name)),
Type=self.get_type(self.value),
Value=str(self.value))
示例4: test_as_ssm_parameter
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def test_as_ssm_parameter():
ttag = Tag('tname', 'tvalue')
t_parameter = ttag.as_ssm_parameter('tcommand')
assert t_parameter.title == 'tcommandTnameTag'
assert t_parameter.Name.to_dict() == Sub('/owls/${AWS::StackName}/tcommand/tname').to_dict()
assert t_parameter.Type == 'String'
assert t_parameter.Value == 'tvalue'
示例5: __init__
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def __init__(self, config_file):
# Read our YAML
with open(config_file, 'r') as stream:
self.config = yaml.load(stream, Loader=yaml.FullLoader)
# We will use our current timestamp in UTC as our build version
self.build_version = \
datetime.datetime.utcnow().strftime("%Y-%m-%dZ%H:%M:%S")
# To hold our Troposphere template objects
self.template = {}
# A list of our accounts by names and IDs.
self.account_ids = []
self.account_names = []
# A hash of IDs to names to help in forward and reverse resolution.
self.account_map_ids = {}
self.account_map_names = {}
# Our parent account.
self.parent = ""
# SAML Provider
self.saml_provider = ""
for account in self.config['accounts']:
account_id = str(self.config['accounts'][account]['id'])
# Append to our array of account IDS:
self.account_ids.append(account_id)
self.account_names.append(account)
self.account_map_names[account_id] = account
self.account_map_ids[account] = account_id
self.template[account] = Template()
self.template[account].add_version("2010-09-09")
self.template[account].add_description(
"Build " +
self.build_version +
" - IAM Users, Groups, Roles, and Policies for account " +
account +
" (" + self.account_map_ids[account] + ")"
)
self.template[account].add_output([
Output(
"TemplateBuild",
Description="CloudFormation Template Build Number",
Value=self.build_version,
Export=Export(Sub("${AWS::StackName}-" + "TemplateBuild"))
)
])
if "parent" in self.config['accounts'][account]:
if self.config['accounts'][account]['parent'] is True:
self.parent_account = account
self.parent_account_id = account_id
if "saml_provider" in self.config['accounts'][account]:
self.saml_provider = \
self.config['accounts'][account]["saml_provider"]
if self.parent_account == "":
raise Exception(
"No account is marked as parent in the configuration file. "
"One account should have parent: true"
)
# Converts between friendly names and ids for accounts.
示例6: parse_managed_policies
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def parse_managed_policies(c, managed_policies, working_on):
managed_policy_list = []
for managed_policy in managed_policies:
# If we have an ARN then we're explicit
if re.match(r"^arn:", managed_policy):
if re.search(r"\${[^}]+}", managed_policy):
managed_policy_list.append(Sub(managed_policy))
else:
managed_policy_list.append(managed_policy)
# If we have an import: then we're importing from another template.
elif re.match("^import:", managed_policy):
m = re.match("^import:(.*)", managed_policy)
managed_policy_list.append(ImportValue(m.group(1)))
# Alternately we're dealing with a managed policy locally that
# we need to 'Ref' to get an ARN.
else:
# Confirm this is a local policy, otherwise we'll error out.
if c.is_local_managed_policy(managed_policy):
# Policy name exists in the template,
# lets make sure it will exist in this account.
if c.is_managed_policy_in_account(
managed_policy,
c.map_account(c.current_account)
):
# If this is a ref we'll need to assure it's scrubbed
managed_policy_list.append(Ref(scrub_name(managed_policy)))
else:
raise ValueError(
"Working on: '{}' - Managed Policy: '{}' "
"is not configured to go into account: '{}'".format(
working_on,
managed_policy,
c.current_account
)
)
else:
raise ValueError(
"Working on: '{}' - Managed Policy: '{}' "
"does not exist in the configuration file".format(
working_on,
managed_policy
)
)
return(managed_policy_list)
# We use this over users/groups/roles:
# - Check if we have an import: syntax in use.
# - Under a 'user' context' a local 'group' can be referenced. If we're
# operating as named = false the group name won't match the template name
# so we need to assure we use a 'Ref' in that scenario.
示例7: add_managed_policy
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def add_managed_policy(
c,
ManagedPolicyName,
PolicyDocument,
model,
named=False
):
cfn_name = scrub_name(ManagedPolicyName)
kw_args = {
"Description": "Managed Policy " + ManagedPolicyName,
"PolicyDocument": PolicyDocument,
"Groups": [],
"Roles": [],
"Users": []
}
if named:
kw_args["ManagedPolicyName"] = ManagedPolicyName
if "description" in model:
kw_args["Description"] = model["description"]
if "groups" in model:
kw_args["Groups"] = parse_imports(c, "policy", model["groups"])
if "users" in model:
kw_args["Users"] = parse_imports(c, "user", model["users"])
if "roles" in model:
kw_args["Roles"] = parse_imports(c, "role", model["roles"])
if "retain_on_delete" in model:
if model["retain_on_delete"] is True:
kw_args["DeletionPolicy"] = "Retain"
c.template[c.current_account].add_resource(ManagedPolicy(
cfn_name,
**kw_args
))
if c.config['global']['template_outputs'] == "enabled":
c.template[c.current_account].add_output([
Output(
cfn_name + "PolicyArn",
Description=kw_args["Description"] + " Policy Document ARN",
Value=Ref(cfn_name),
Export=Export(Sub(
"${AWS::StackName}-"
+ cfn_name
+ "PolicyArn"
))
)
])
示例8: add_user
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def add_user(c, UserName, model, named=False):
cfn_name = scrub_name(UserName + "User")
kw_args = {
"Path": "/",
"Groups": [],
"ManagedPolicyArns": [],
"Policies": [],
}
if named:
kw_args["UserName"] = UserName
if "groups" in model:
kw_args["Groups"] = parse_imports(c, "user", model["groups"])
if "managed_policies" in model:
kw_args["ManagedPolicyArns"] = parse_managed_policies(
c,
model["managed_policies"],
UserName
)
if "password" in model:
kw_args["LoginProfile"] = LoginProfile(
Password=model["password"],
PasswordResetRequired=True
)
if "retain_on_delete" in model:
if model["retain_on_delete"] is True:
kw_args["DeletionPolicy"] = "Retain"
c.template[c.current_account].add_resource(User(
cfn_name,
**kw_args
))
if c.config['global']['template_outputs'] == "enabled":
c.template[c.current_account].add_output([
Output(
cfn_name + "Arn",
Description="User " + UserName + " ARN",
Value=GetAtt(cfn_name, "Arn"),
Export=Export(Sub("${AWS::StackName}-" + cfn_name + "Arn"))
)
])
示例9: _pipeline_role
# 需要导入模块: import troposphere [as 别名]
# 或者: from troposphere import Sub [as 别名]
def _pipeline_role(buckets: Iterable[s3.Bucket]) -> iam.Role:
"""Build and return the IAM Role resource to be used by CodePipeline to run the pipeline."""
bucket_statements = [
AWS.Statement(
Effect=AWS.Allow,
Action=[S3.GetBucketVersioning, S3.PutBucketVersioning],
Resource=[GetAtt(bucket, "Arn") for bucket in buckets],
),
AWS.Statement(
Effect=AWS.Allow,
Action=[S3.GetObject, S3.PutObject],
Resource=[Sub("${{{bucket}.Arn}}/*".format(bucket=bucket.title)) for bucket in buckets],
),
]
policy = iam.Policy(
"PipelinePolicy",
PolicyName="PipelinePolicy",
PolicyDocument=AWS.PolicyDocument(
Statement=bucket_statements
+ [
AllowEverywhere(Action=[CLOUDWATCH.Action("*"), IAM.PassRole]),
AllowEverywhere(Action=[LAMBDA.InvokeFunction, LAMBDA.ListFunctions]),
AllowEverywhere(
Action=[
CLOUDFORMATION.CreateStack,
CLOUDFORMATION.DeleteStack,
CLOUDFORMATION.DescribeStacks,
CLOUDFORMATION.UpdateStack,
CLOUDFORMATION.CreateChangeSet,
CLOUDFORMATION.DeleteChangeSet,
CLOUDFORMATION.DescribeChangeSet,
CLOUDFORMATION.ExecuteChangeSet,
CLOUDFORMATION.SetStackPolicy,
CLOUDFORMATION.ValidateTemplate,
]
),
AllowEverywhere(Action=[CODEBUILD.BatchGetBuilds, CODEBUILD.StartBuild]),
]
),
)
return iam.Role(
"CodePipelinesRole", AssumeRolePolicyDocument=_service_assume_role(CODEPIPELINE.prefix), Policies=[policy]
)