- remove lambda-backed custom resources to create the key pair
- add cloudformation-native key pair resource - minor corresponding edits
This commit is contained in:
Scottpedia
parent
f86c1eff4b
commit
78a5b708d5
@ -52,10 +52,7 @@
|
|||||||
"Type": "AWS::IAM::InstanceProfile",
|
"Type": "AWS::IAM::InstanceProfile",
|
||||||
"Properties": {
|
"Properties": {
|
||||||
"InstanceProfileName": {
|
"InstanceProfileName": {
|
||||||
"Fn::GetAtt": [
|
"Ref": "KeyPair"
|
||||||
"KeyPairInfo",
|
|
||||||
"KeyName"
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
"Path": "/setup-ipsec-vpn/",
|
"Path": "/setup-ipsec-vpn/",
|
||||||
"Roles": [
|
"Roles": [
|
||||||
@ -66,7 +63,7 @@
|
|||||||
},
|
},
|
||||||
"DependsOn": [
|
"DependsOn": [
|
||||||
"S3ExecutionRole",
|
"S3ExecutionRole",
|
||||||
"KeyPairInfo"
|
"KeyPair"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"Ikev2S3Bucket": {
|
"Ikev2S3Bucket": {
|
||||||
@ -89,15 +86,20 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"BucketName": {
|
"BucketName": {
|
||||||
"Fn::GetAtt": [
|
"Fn::Join": [
|
||||||
"KeyPairInfo",
|
"-",
|
||||||
"KeyName"
|
[
|
||||||
|
"setup-ipsec-vpn",
|
||||||
|
{
|
||||||
|
"Ref": "AWS::StackName"
|
||||||
|
}
|
||||||
|
]
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"Metadata": {},
|
"Metadata": {},
|
||||||
"DependsOn": [
|
"DependsOn": [
|
||||||
"KeyPairInfo"
|
"KeyPair"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"OpenBucketPolicy": {
|
"OpenBucketPolicy": {
|
||||||
@ -295,10 +297,7 @@
|
|||||||
"Ref": "InstanceType"
|
"Ref": "InstanceType"
|
||||||
},
|
},
|
||||||
"KeyName": {
|
"KeyName": {
|
||||||
"Fn::GetAtt": [
|
"Ref": "KeyPair"
|
||||||
"KeyPairInfo",
|
|
||||||
"KeyName"
|
|
||||||
]
|
|
||||||
},
|
},
|
||||||
"ImageId": {
|
"ImageId": {
|
||||||
"Fn::GetAtt": [
|
"Fn::GetAtt": [
|
||||||
@ -310,13 +309,29 @@
|
|||||||
"Metadata": {},
|
"Metadata": {},
|
||||||
"DependsOn": [
|
"DependsOn": [
|
||||||
"VpnRouteTable",
|
"VpnRouteTable",
|
||||||
"KeyPairCreation",
|
"KeyPair",
|
||||||
"AMIInfoFunction",
|
"AMIInfoFunction",
|
||||||
"VpnSecurityGroup",
|
"VpnSecurityGroup",
|
||||||
"Ikev2S3Bucket",
|
"Ikev2S3Bucket",
|
||||||
"IAMInstanceProfile"
|
"IAMInstanceProfile"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"KeyPair": {
|
||||||
|
"Type": "AWS::EC2::KeyPair",
|
||||||
|
"Properties": {
|
||||||
|
"KeyName": {
|
||||||
|
"Fn::Join": [
|
||||||
|
"-",
|
||||||
|
[
|
||||||
|
"setup-ipsec-vpn",
|
||||||
|
{
|
||||||
|
"Ref": "AWS::StackName"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"VpnSecurityGroup": {
|
"VpnSecurityGroup": {
|
||||||
"Type": "AWS::EC2::SecurityGroup",
|
"Type": "AWS::EC2::SecurityGroup",
|
||||||
"Properties": {
|
"Properties": {
|
||||||
@ -374,53 +389,6 @@
|
|||||||
},
|
},
|
||||||
"Metadata": {}
|
"Metadata": {}
|
||||||
},
|
},
|
||||||
"KeyPairCreation": {
|
|
||||||
"Type": "AWS::Lambda::Function",
|
|
||||||
"Properties": {
|
|
||||||
"Handler": "index.handler",
|
|
||||||
"Runtime": "python3.8",
|
|
||||||
"Role": {
|
|
||||||
"Fn::GetAtt": [
|
|
||||||
"LambdaExecutionRole",
|
|
||||||
"Arn"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"Timeout": 30,
|
|
||||||
"Code": {
|
|
||||||
"ZipFile": {
|
|
||||||
"Fn::Join": [
|
|
||||||
"\n",
|
|
||||||
[
|
|
||||||
"import boto3",
|
|
||||||
"import cfnresponse",
|
|
||||||
"import string",
|
|
||||||
"import random",
|
|
||||||
"'''",
|
|
||||||
"This python program should be embedded into its designated cloudformation",
|
|
||||||
"template as the inline code of one of the lambda functions.",
|
|
||||||
"'''",
|
|
||||||
"def handler(event, context):",
|
|
||||||
" try:",
|
|
||||||
" keyName = 'setup-ipsec-vpn-' + ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(20)).lower()",
|
|
||||||
" region = event['ResourceProperties']['Region']",
|
|
||||||
" ec2 = boto3.client('ec2',region)",
|
|
||||||
" response = ec2.create_key_pair(",
|
|
||||||
" KeyName=keyName",
|
|
||||||
" )",
|
|
||||||
" keyMaterial = response['KeyMaterial']",
|
|
||||||
" cfnresponse.send(event, context, cfnresponse.SUCCESS, {'KeyMaterial':keyMaterial, 'KeyName':keyName}, 'KeyPairInfo')",
|
|
||||||
" except Exception:",
|
|
||||||
" cfnresponse.send(event, context, cfnresponse.FAILED, {})"
|
|
||||||
]
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"Metadata": {},
|
|
||||||
"DependsOn": [
|
|
||||||
"LambdaExecutionRole"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"AMIInfo": {
|
"AMIInfo": {
|
||||||
"Type": "Custom::AMIInfo",
|
"Type": "Custom::AMIInfo",
|
||||||
"Properties": {
|
"Properties": {
|
||||||
@ -588,24 +556,6 @@
|
|||||||
},
|
},
|
||||||
"Metadata": {}
|
"Metadata": {}
|
||||||
},
|
},
|
||||||
"KeyPairInfo": {
|
|
||||||
"Type": "Custom::KeyPairInfo",
|
|
||||||
"Properties": {
|
|
||||||
"Region": {
|
|
||||||
"Ref": "AWS::Region"
|
|
||||||
},
|
|
||||||
"ServiceToken": {
|
|
||||||
"Fn::GetAtt": [
|
|
||||||
"KeyPairCreation",
|
|
||||||
"Arn"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"Metadata": {},
|
|
||||||
"DependsOn": [
|
|
||||||
"KeyPairCreation"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"InternetGatewayAttachment": {
|
"InternetGatewayAttachment": {
|
||||||
"Type": "AWS::EC2::VPCGatewayAttachment",
|
"Type": "AWS::EC2::VPCGatewayAttachment",
|
||||||
"Properties": {
|
"Properties": {
|
||||||
@ -694,12 +644,12 @@
|
|||||||
"Ref": "VpnIpsecPsk"
|
"Ref": "VpnIpsecPsk"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"5EC2PrivateKeyMaterial": {
|
"5EC2PrivateKeyId": {
|
||||||
"Description": "The content of your private key for accessing the VPN server via SSH. Save it as a file for use when connecting.",
|
"Description": "The ID of the key pair created. For more information regarding how to retrieve the private key for authentication, please refer to: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/aws/README.md#faqs",
|
||||||
"Value": {
|
"Value": {
|
||||||
"Fn::GetAtt": [
|
"Fn::GetAtt": [
|
||||||
"KeyPairInfo",
|
"KeyPair",
|
||||||
"KeyMaterial"
|
"KeyPairId"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user