-
Notifications
You must be signed in to change notification settings - Fork 37
/
aws.yaml
123 lines (113 loc) · 2.89 KB
/
aws.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
parameters:
tags:
type: Hash[String,String]
lookup: aws.tags
returns:
vpc_id:
type: String
steps:
iam_role:
resource: Aws::Iam_role
value:
name: lyra-iam-role
assume_role_policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRoleWithSAML",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
},
"Principal": {
"Federated": "arn:aws:iam::1234567890:saml-provider/myidp"
}
}
]
}
#
# Application of key_pair succeeds on the first run then fails: see https://github.com/lyraproj/lyra/issues/203
#
# key_pair:
# Aws::Key_pair:
# key_name: lyra-test-keypair
# public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCX363gh/q6DGSL963/LlYcILkYKtEjrq5Ze4gr1BJdY0pqLMIKFt/VMJ5UTyx85N4Chjb/jEQhZzlWGC1SMsXOQ+EnY72fYrpOV0wZ4VraxZAz3WASikEglHJYALTQtsL8RGPxlBhIv0HpgevBkDlHvR+QGFaEQCaUhXCWDtLWYw== nyx-test-keypair-nopassword"
vpc:
# type is implicit and is derived from the
# step name, in contrast to subnets below
returns: vpc_id
resource: Aws::Vpc
value:
cidr_block: 192.168.0.0/16
instance_tenancy: default
tags: $tags
route_table:
resource: Aws::Route_table
value:
vpc_id: $vpc_id
tags:
name: lyra-routetable
created_by: lyra
#
# Deletion of internet_gateway fails: see https://github.com/lyraproj/lyra/issues/204
#
# internet_gateway:
# Aws::Internet_gateway:
# vpc_id: $vpc_id
security_group:
resource: Aws::Security_group
value:
name: "lyra"
description: "lyra security group"
vpc_id: $vpc_id
ingress:
- from_port: 0
to_port: 0
protocol: "-1"
cidr_blocks: ["0.0.0.0/0"]
egress:
- from_port: 0
to_port: 0
protocol: "-1"
cidr_blocks: ["0.0.0.0/0"]
subnet1:
returns:
subnet_id1: subnet_id
resource: Aws::Subnet
value:
vpc_id: $vpc_id
cidr_block: 192.168.1.0/24
tags:
name: lyra-subnet-1
created_by: lyra
subnet2:
returns:
subnet_id2: subnet_id
resource: Aws::Subnet
value:
vpc_id: $vpc_id
cidr_block: 192.168.2.0/24
tags:
name: lyra-subnet-2
created_by: lyra
instance1:
resource: Aws::Instance
value:
instance_type: 't2.nano'
ami: 'ami-f90a4880'
subnet_id: $subnet_id1
tags:
name: lyra-instance-1
created_by: lyra
instance2:
resource: Aws::Instance
value:
instance_type: 't2.nano'
ami: 'ami-f90a4880'
subnet_id: $subnet_id2
tags:
name: lyra-instance-2
created_by: lyra