Troposphere

From Public wiki of Kevin P. Inscoe
Jump to navigation Jump to search

What is Troposphere

Troposphere is a Python library to create AWS CloudFormation descriptions

Why would I use it?

At some point you get tired of hand rolling JSON using Vim or an editor. Also you wish to share common components between environments, and especially repeated resources perhaps such as a NAT in each AZ or perhaps a required Security Group (like HMH SSH SG) in new environments with repeatability. The later requiring scoped IP addresses for the internal HMH network.

"troposphere allows you to describe AWS CloudFormation stacks in Python. You can then generate your JSON. The main advantage here for me was keeping my stack definitions DRY. Instead of doing the same thing over and over again in JSON, I just define it once in Python and import it when I need it." -- http://dustinrcollins.com/infrastructure-with-python

A deep knowledge of Python is really not needed the same as knowing Ruby is not a requirement of knowing Chef. However having said that I did find knowing Python Built-in Functions useful when you lookup properties. For example in ec2.py:

class SecurityGroup(AWSObject):
    resource_type = "AWS::EC2::SecurityGroup"

    props = {
        'GroupDescription': (basestring, True),
        'SecurityGroupEgress': (list, False),
        'SecurityGroupIngress': (list, False),
        'VpcId': (basestring, False),
        'Tags': (list, False),
    }

You will need to understand how to format a basestring, list, etc..

How can I get it?

It can be found here https://github.com/cloudtools/troposphere or installing using pip:

$ (sudo) (-H) pip install troposphere (--upgrade)

Give me some examples

Let's say given our example above we have a certain set of IP addresses we wish to allow SSH access to and that pattern is repeatable in nearly all AWS environments.

One would write the following brief Python code to create the Cloud Formation template usable in all environments (but you must specify the VPC ID):

#!/usr/bin/env python

#
# Renders CFN JSON to create an HMH SSH internal Security group
#

# Import troposphere
from troposphere import Template, Ref, Output, Join, GetAtt, Parameter
import troposphere.ec2 as ec2

# Create a template for resources to live in
template = Template()

# Create a security group
sg = ec2.SecurityGroup('SSHInternal')
sg.GroupDescription = "Allow SSH access to approved internal networks"
sg.VpcId = 'vpc-34ce3351'
sg.SecurityGroupIngress = [
    ec2.SecurityGroupRule(
        IpProtocol="tcp",
        FromPort="22",
        ToPort="22",
        CidrIp="10.82.0.0/16,10.87.0.0/0",
    )]

# Add security group to template
template.add_resource(sg)

# Print out CloudFormation template in JSON
print template.to_json()

Yields

{
    "Resources": {
        "HMHSSHInternal": {
            "Properties": {
                "GroupDescription": "Allow SSH access to approved HMH internal networks",
                "SecurityGroupIngress": [
                    {
                        "CidrIp": "10.82.0.0/16,155.44.0.0/0",
                        "FromPort": "22",
                        "IpProtocol": "tcp",
                        "ToPort": "22"
                    }
                ],
                "VpcId": "vpc-34ce3351"
            },
            "Type": "AWS::EC2::SecurityGroup"
        }
    }
}

How do I learn more?

The case for Python

http://dustinrcollins.com/infrastructure-with-python