initial commit

Author: toshke

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 base2Services
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,51 @@
+# CloudFormation custom resource catalogue
+
+Collection of Cloud Formation custom resources written in python 3.6, result
+of months of continuous efforts to automate infrastructure management trough
+AWS CloudFormation. You may find some of these CloudFormation resources obsolete,
+as AWS team fills in the gaps. There is also some more complex ones, or developed
+to suite specific needs, such as copying s3 objects between buckets
+
+## Custom resources
+
+### Creating CloudFormation stack in specific region
+
+It is easy to create sub-stacks in CloudFormation as long as they are in same region.
+In some cases, there is need to create stack in region different than region where
+parent stack is being create, or for example, to create same stack in multiple regions.
+Such (sub)stack lifecycle can be controlled via custom resource having it's code in
+`src/regional-cfn-stack` folder
+
+handler: `src/regional-cfn-stack/handler.lambda_handler`
+runtime: `python3.6`
+
+Required parameters:
+- `Region` - AWS Region to create stack in
+- `StackName` - Name of the stack to be created
+- `TemplateUrl` - S3 Url of stack template
+- `Capabilities` - Comma seperated list of capabilities. Set to empty value if no IAM capabilities required.
+- `EnabledRegions` - Comma separated list of regions that stack is allowed to be created in.
+ Useful when passing this list is template parameters.
+
+
+Optional parameters:
+- `StackParam_Key` - Will pass value of this param down to stack's `Key` parameter
+- `OnFailure` - Behaviour on stack creation failure. Accepted values are `DO_NOTHING`,`ROLLBACK` and `DELETE`
+
+### Copy or unpack objects between S3 buckets
+
+This custom resource allows copying from source to destination s3 buckets. For source, if you provide prefix
+(without trailing slash), all objects under that prefix will be copied. Alternatively, if you provide s3 object
+with `*.zip` extensions, this object will be unpacked before it's files are unpacked to target bucket / prefix.
+Please note that this lambda function design does not include recursive calls if lambda is timing out, thus it does not
+permit mass file unpacking, but is rather designed for deployment of smaller files, such as client side web applications.
+
+handler: `src/s3-copy/handler.lambda_handler`
+runtime:  `python3.6`
+
+Required parameters:
+
+- `Source` - Source object/prefix/zip-file in `s3://bucket-name/path/to/prefix/or/object.zip` format
+- `Destination` - Destination bucket and prefix in `s3://bucket-name/destination-prefix` format
+- `CannedAcl` - Canned ACL for created objects in destination
+No optional parameters.

regional-cfn-stack/__init__.py

@@ -0,0 +1 @@
+# package marker

regional-cfn-stack/cr_response.py

@@ -0,0 +1,50 @@
+import logging
+from urllib.request import urlopen, Request, HTTPError, URLError
+import json
+
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+
+
+class CustomResourceResponse:
+    def __init__(self, request_payload):
+        self.payload = request_payload
+        self.response = {
+            "StackId": request_payload["StackId"],
+            "RequestId": request_payload["RequestId"],
+            "LogicalResourceId": request_payload["LogicalResourceId"],
+            "Status": 'SUCCESS',
+        }
+    
+    def respond(self):
+        event = self.payload
+        response = self.response
+        ####
+        #### copied from https://github.com/ryansb/cfn-wrapper-python/blob/master/cfn_resource.py
+        ####
+        
+        if event.get("PhysicalResourceId", False):
+            response["PhysicalResourceId"] = event["PhysicalResourceId"]
+        
+        logger.debug("Received %s request with event: %s" % (event['RequestType'], json.dumps(event)))
+        
+        serialized = json.dumps(response)
+        logger.info(f"Responding to {event['RequestType']} request with: {serialized}")
+        
+        req_data = serialized.encode('utf-8')
+        
+        req = Request(
+            event['ResponseURL'],
+            data=req_data,
+            headers={'Content-Length': len(req_data),'Content-Type': ''}
+        )
+        req.get_method = lambda: 'PUT'
+        
+        try:
+            urlopen(req)
+            logger.debug("Request to CFN API succeeded, nothing to do here")
+        except HTTPError as e:
+            logger.error("Callback to CFN API failed with status %d" % e.code)
+            logger.error("Response: %s" % e.reason)
+        except URLError as e:
+            logger.error("Failed to reach the server - %s" % e.reason)

regional-cfn-stack/handler.py

@@ -0,0 +1,246 @@
+import boto3
+import json
+import os
+import sys
+
+sys.path.append(f"{os.environ['LAMBDA_TASK_ROOT']}/lib")
+sys.path.append(os.path.dirname(os.path.realpath(__file__)))
+
+import cr_response
+import stack_manage
+import lambda_invoker
+import traceback
+
+create_stack_success_states = ['CREATE_COMPLETE']
+update_stack_success_states = ['CREATE_COMPLETE', 'UPDATE_COMPLETE']
+delete_stack_success_states = ['DELETE_COMPLETE']
+
+create_stack_failure_states = ['CREATE_FAILED',
+                               'DELETE_FAILED',
+                               'UPDATE_FAILED',
+                               'ROLLBACK_FAILED',
+                               'DELETE_COMPLETE',
+                               'ROLLBACK_COMPLETE']
+update_stack_failure_states = ['CREATE_FAILED', 'DELETE_FAILED', 'UPDATE_FAILED', 'ROLLBACK_COMPLETE','UPDATE_ROLLBACK_COMPLETE']
+delete_stack_failure_states = ['DELETE_FAILED']
+
+
+def respond_disabled_region(region, payload):
+    cfn_response = cr_response.CustomResourceResponse(payload)
+    payload['PhysicalResourceId'] = f"Disabled{region.replace('-','')}{payload['ResourceProperties']['StackName']}"
+    cfn_response.response['Status'] = 'SUCCESS'
+    cfn_response.respond()
+    return
+
+
+def create_update_stack(cmd, payload):
+    if 'Capabilities' not in payload['ResourceProperties']:
+        payload['ResourceProperties']['Capabilities'] = 'CAPABILITY_IAM'
+    
+    # compile stack parameters
+    stack_params = {}
+    for key, value in payload['ResourceProperties'].items():
+        if key.startswith('StackParam_'):
+            param_key = key.replace('StackParam_', '')
+            param_value = value
+            stack_params[param_key] = param_value
+    
+    # instantiate and use management handler
+    manage = stack_manage.StackManagement()
+    
+    on_failure = 'DELETE'
+    if 'OnFailure' in payload['ResourceProperties']:
+        on_failure = payload['ResourceProperties']['OnFailure']
+    
+    stack_id = ''
+    if cmd == 'create':
+        stack_id = manage.create(
+            payload['ResourceProperties']['Region'],
+            payload['ResourceProperties']['StackName'],
+            payload['ResourceProperties']['TemplateUrl'],
+            stack_params,
+            payload['ResourceProperties']['Capabilities'].split(','),
+            on_failure
+        )
+    elif cmd == 'update':
+        stack_id = payload['PhysicalResourceId']
+        result = manage.update(
+            payload['ResourceProperties']['Region'],
+            stack_id,
+            payload['ResourceProperties']['TemplateUrl'],
+            stack_params,
+            payload['ResourceProperties']['Capabilities'].split(','),
+        )
+        # no updates to be performed
+        if result is None:
+            cfn_response = cr_response.CustomResourceResponse(payload)
+            cfn_response.respond()
+            return None
+    else:
+        raise 'Cmd must be create or update'
+    
+    return stack_id
+
+
+def delete_stack(payload):
+    manage = stack_manage.StackManagement()
+    region = payload['ResourceProperties']['Region']
+    stack_id = payload['PhysicalResourceId']
+    manage.delete(region, payload['ResourceProperties']['StackName'])
+    return stack_id
+
+
+def wait_stack_states(success_states, failure_states, lambda_payload, lambda_context):
+    """
+    Wait for stack states, either be it success or failure. If none of the states
+    appear and lambda is running out of time, it will be re-invoked with lambda_payload
+    parameters
+    :param lambda_context:
+    :param stack_id:
+    :param success_states:
+    :param failure_states:
+    :param lambda_payload:
+    :return:
+    """
+    manage = stack_manage.StackManagement()
+    result = manage.wait_stack_status(
+        lambda_payload['ResourceProperties']['Region'],
+        lambda_payload['PhysicalResourceId'],
+        success_states,
+        failure_states,
+        lambda_context
+    )
+    
+    # in this case we need to restart lambda execution
+    if result is None:
+        invoke = lambda_invoker.LambdaInvoker()
+        invoke.invoke(lambda_payload)
+    else:
+        # one of the states is reached, and reply should be sent back to cloud formation
+        cfn_response = cr_response.CustomResourceResponse(lambda_payload)
+        cfn_response.response['PhysicalResourceId'] = lambda_payload['PhysicalResourceId']
+        cfn_response.response['Status'] = result.status
+        cfn_response.response['Reason'] = result.reason
+        cfn_response.response['StackId'] = lambda_payload['StackId']
+        cfn_response.respond()
+
+
+def lambda_handler(payload, context):
+    # if lambda invoked to wait for stack status
+    print(f"Received event:{json.dumps(payload)}")
+    
+    # handle disable region situation
+    if 'EnabledRegions' in payload['ResourceProperties']:
+        region_list = payload['ResourceProperties']['EnabledRegions'].split(',')
+        current_region = payload['ResourceProperties']['Region']
+        print(f"EnabledRegions: {region_list}. Current region={current_region}")
+        
+        if current_region not in region_list:
+            # if this is create request just skip
+            if payload['RequestType'] == 'Create' or payload['RequestType'] == 'Update':
+                print(f"{current_region} not enabled, skipping")
+                # report disabled
+                # in case of region disable (update), physical record changes, so cleanup delete request is
+                # sent subsequently via Cf, which will delete the stack
+                respond_disabled_region(current_region, payload)
+                return
+    
+    
+    
+    # lambda was invoked by itself, we just have to wait for stack operation to be completed
+    if ('WaitComplete' in payload) and (payload['WaitComplete']):
+        print("Waiting for stack status...")
+        if payload['RequestType'] == 'Create':
+            wait_stack_states(
+                create_stack_success_states,
+                create_stack_failure_states,
+                payload,
+                context
+            )
+        
+        elif payload['RequestType'] == 'Update':
+            wait_stack_states(
+                update_stack_success_states,
+                update_stack_failure_states,
+                payload,
+                context
+            )
+        
+        elif payload['RequestType'] == 'Delete':
+            wait_stack_states(
+                delete_stack_success_states,
+                delete_stack_failure_states,
+                payload,
+                context
+            )
+    
+    # lambda was invoked directly by cf
+    else:
+        # depending on request type different handler is called
+        print("Executing stack CRUD...")
+        stack_id = None
+        if 'PhysicalResourceId' in payload:
+            stack_id = payload['PhysicalResourceId']
+        try:
+            manage = stack_manage.StackManagement()
+            stack_name = payload['ResourceProperties']['StackName']
+            region = payload['ResourceProperties']['Region']
+            stack_exists = manage.stack_exists(region, stack_name)
+            
+            if payload['RequestType'] == 'Create':
+                # stack exists, create request => update
+                # stack not exists, create request => create
+                if stack_exists:
+                    print(f"Create request came for {stack_name}, but it already exists in {region}, updating...")
+                    payload['RequestType'] = 'Update'
+                    lambda_handler(payload, context)
+                    return
+                else:
+                    stack_id = create_update_stack('create', payload)
+            
+            elif payload['RequestType'] == 'Update':
+                # stack exists, update request => update
+                # stack not exists, update request => create
+                if stack_exists:
+                    stack_id = create_update_stack('update', payload)
+                    if stack_id is None:
+                        # no updates to be performed
+                        return
+                else:
+                    print(f"Update request came for {stack_name}, but it does not exist in {region}, creating...")
+                    payload['RequestType'] = 'Create'
+                    lambda_handler(payload, context)
+                    return
+            
+            elif payload['RequestType'] == 'Delete':
+                # stack exists, delete request => delete
+                # stack not exists, delete request => report ok
+                # for delete we are interested in actual stack id
+                stack_exists = manage.stack_exists(region, stack_id)
+                if stack_exists:
+                    delete_stack(payload)
+                else:
+                    # reply with success
+                    print(f"Delete request came for {stack_name}, but it is nowhere to be found...")
+                    cfn_response = cr_response.CustomResourceResponse(payload)
+                    cfn_response.response['Reason'] = 'CloudFormation stack has not been found, may be removed manually'
+                    cfn_response.respond()
+                    return
+            
+            # if haven't moved to other operation, set payloads stack id to created/updated stack and wait
+            # for appropriate stack status
+            payload['PhysicalResourceId'] = stack_id
+            payload['WaitComplete'] = True
+            invoker = lambda_invoker.LambdaInvoker()
+            invoker.invoke(payload)
+        
+        except Exception as e:
+            print(f"Exception:{e}\n{str(e)}")
+            print(traceback.format_exc())
+            cfn_response = cr_response.CustomResourceResponse(payload)
+            if 'PhysicalResourceId' in payload:
+                cfn_response.response['PhysicalResourceId'] = payload['PhysicalResourceId']
+            cfn_response.response['Status'] = 'FAILED'
+            cfn_response.response['Reason'] = str(e)
+            cfn_response.respond()
+            raise e

regional-cfn-stack/lambda_invoker.py

@@ -0,0 +1,20 @@
+import boto3
+import os
+import json
+
+
+class LambdaInvoker:
+    def __init__(self):
+        print(f"Initialize lambda invoker")
+    
+    def invoke(self, payload):
+        bytes_payload = bytearray()
+        bytes_payload.extend(map(ord, json.dumps(payload)))
+        function_name = os.environ['AWS_LAMBDA_FUNCTION_NAME']
+        function_payload = bytes_payload
+        client = boto3.client('lambda')
+        client.invoke(
+            FunctionName=function_name,
+            InvocationType='Event',
+            Payload=function_payload
+        )