├── .gitignore
├── Chapter-11
├── application.py
├── cloudwatch.config
├── static
│ └── stylesheet.css
└── templates
│ ├── index.html
│ └── results.html
├── Chapter-12
├── lambda-role-policy.json
├── lambda_function.py
└── step_function.yml
├── Chapter-14
└── agents.sh
├── Chapter-15
└── cw_events.py
├── Chapter-16
├── cloudtrail_s3.json
├── cross-stack-website.yaml
└── vpc.yaml
├── Chapter-17
├── MOCK_DATA.csv
└── lambda_stack.yml
├── Chapter-20
├── clamav.json
└── configTemplate.yaml
├── Chapter-4
├── batch
│ ├── BATCH_COMMAND
│ ├── S3_Batch_IAM.json
│ ├── eight.txt
│ ├── eighteen.txt
│ ├── eleven.txt
│ ├── fifteen.txt
│ ├── fifty-eight.txt
│ ├── fifty-five.txt
│ ├── fifty-four.txt
│ ├── fifty-nine.txt
│ ├── fifty-one.txt
│ ├── fifty-seven.txt
│ ├── fifty-six.txt
│ ├── fifty-three.txt
│ ├── fifty-two.txt
│ ├── fifty.txt
│ ├── five.txt
│ ├── four.txt
│ ├── fourteen.txt
│ ├── fourty-eight.txt
│ ├── fourty-five.txt
│ ├── fourty-four.txt
│ ├── fourty-nine.txt
│ ├── fourty-one.txt
│ ├── fourty-seven.txt
│ ├── fourty-six.txt
│ ├── fourty-three.txt
│ ├── fourty-two.txt
│ ├── fourty.txt
│ ├── manifest.csv
│ ├── manifest2.csv
│ ├── nine.txt
│ ├── nineteen.txt
│ ├── one.txt
│ ├── seven.txt
│ ├── seventeen.txt
│ ├── seventy-five.txt
│ ├── seventy-four.txt
│ ├── seventy-one.txt
│ ├── seventy-three.txt
│ ├── seventy-two.txt
│ ├── seventy.txt
│ ├── six.txt
│ ├── sixteen.txt
│ ├── sixty-eight.txt
│ ├── sixty-five.txt
│ ├── sixty-four.txt
│ ├── sixty-nine.txt
│ ├── sixty-one.txt
│ ├── sixty-seven.txt
│ ├── sixty-six.txt
│ ├── sixty-three.txt
│ ├── sixty-two.txt
│ ├── sixty.txt
│ ├── ten.txt
│ ├── thirteen.txt
│ ├── thirty-five.txt
│ ├── thirty-four.txt
│ ├── thirty-one.txt
│ ├── thirty-three.txt
│ ├── thirty-two.txt
│ ├── thirty.txt
│ ├── three.txt
│ ├── thrity-eight.txt
│ ├── thrity-nine.txt
│ ├── thrity-seven.txt
│ ├── thrity-six.txt
│ ├── twelve.txt
│ ├── twenty-eight.txt
│ ├── twenty-five.txt
│ ├── twenty-four.txt
│ ├── twenty-nine.txt
│ ├── twenty-one.txt
│ ├── twenty-seven.txt
│ ├── twenty-six.txt
│ ├── twenty-three.txt
│ ├── twenty-two.txt
│ ├── twenty.txt
│ └── two.txt
└── sns-topic-access.json
├── Chapter-5
├── project_item.json
├── projects.json
├── projects_bulk.json
├── query-attributes-1.json
├── query-values.json
└── scan-values.json
├── Chapter-7
├── nested
│ ├── .gitignore
│ ├── nested_bucket.yml
│ ├── nested_dynamo.yml
│ ├── nested_lambda.yml
│ └── nested_root.yml
├── sqs-queues.yml
└── sqs-queues_change_set.yml
├── Chapter-8
├── IAM_Developers.json
├── docker
│ ├── Dockerfile
│ ├── buildspec.yml
│ └── flask.py
├── hello.py
└── loops.py
├── Chapter-9
├── IAM_Developers.json
├── IAM_Tools.json
├── code
│ ├── buildspec.yml
│ └── src
│ │ └── app.py
└── pipeline1.yml
├── LICENSE
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 | Chapter-9/pipeline.old
2 | Chapter-8/change_password.json
3 | Chapter-8/docker2/
4 |
--------------------------------------------------------------------------------
/Chapter-11/application.py:
--------------------------------------------------------------------------------
1 | import os
2 | from flask import Flask, render_template, request
3 | from flask_bootstrap import Bootstrap
4 | app = Flask (__name__)
5 | Bootstrap(app)
6 | application = app # for beanstalk
7 |
8 | questions = [
9 | {
10 | "id": "1",
11 | "question": "What are the maximum read replicas for MySQL, PostGreSQL, and MariaDB RDS?",
12 | "answers": [
13 | "a) 3",
14 | "b) 5",
15 | "c) 10",
16 | "d) 25"
17 | ],
18 | "correct": "b) 5"
19 | },
20 | {
21 | "id": "2",
22 | "question": "Which of the following is not a valid type of AWS Load Balancer?",
23 | "answers": [
24 | "a) Application Load Balancer",
25 | "b) Classic Load Balancer",
26 | "c) Internal Load Balancer",
27 | "d) Network Load Balancer"
28 | ],
29 | "correct": "c) Internal Load Balancer"
30 | },
31 | {
32 | "id": "3",
33 | "question": "What is the max size for an Elastic Beanstalk Source Bundle?",
34 | "answers": [
35 | "a) 128 mb",
36 | "b) 256 mb",
37 | "c) 512 mb",
38 | "d) 1024 mb"
39 | ],
40 | "correct": "c) 512 mb"
41 | }
42 | ]
43 |
44 | labels = [ 'correct', 'incorrect']
45 | values = [ 3, 1 ]
46 | colors = ["#F7464A", "#46FBD", "#FDB45C", "#FEDCBA"]
47 |
48 | @app.route("/", methods=['POST', 'GET'])
49 | def quiz():
50 | if request.method == 'GET':
51 | return render_template("index.html", data=questions)
52 | else:
53 | result = 0
54 | total = 0
55 | for question in questions:
56 | if request.form[question.get('id')] == question.get('correct'):
57 | result +=1
58 | total += 1
59 | return render_template('results.html', total=total, result=result)
60 |
61 | if __name__ == "__main__":
62 | # Setting debug to True enables debug output. This line should be
63 | # removed before deploying to production.
64 | app.debug = True
65 | app.run()
--------------------------------------------------------------------------------
/Chapter-11/cloudwatch.config:
--------------------------------------------------------------------------------
1 | packages:
2 | yum:
3 | perl-DateTime: []
4 | perl-Sys-Syslog: []
5 | perl-LWP-Protocol-https: []
6 | perl-Switch: []
7 | perl-URI: []
8 | perl-Bundle-LWP: []
9 |
10 | sources:
11 | /opt/cloudwatch: https://aws-cloudwatch.s3.amazonaws.com/downloads/CloudWatchMonitoringScripts-1.2.1.zip
12 |
13 | container_commands:
14 | 01-setupcron:
15 | command: |
16 | echo '*/5 * * * * root perl /opt/cloudwatch/aws-scripts-mon/mon-put-instance-data.pl `{"Fn::GetOptionSetting" : { "OptionName" : "CloudWatchMetrics", "DefaultValue" : "--mem-util --disk-space-util --disk-path=/" }}` >> /var/log/cwpump.log 2>&1' > /etc/cron.d/cwpump
17 | 02-changeperm:
18 | command: chmod 644 /etc/cron.d/cwpump
19 | 03-changeperm:
20 | command: chmod u+x /opt/cloudwatch/aws-scripts-mon/mon-put-instance-data.pl
21 |
22 | option_settings:
23 | "aws:autoscaling:launchconfiguration" :
24 | IamInstanceProfile : "aws-elasticbeanstalk-ec2-role"
25 | "aws:elasticbeanstalk:customoption" :
26 | CloudWatchMetrics : "--mem-util --mem-used --mem-avail --disk-space-util --disk-space-used --disk-space-avail --disk-path=/ --auto-scaling"
--------------------------------------------------------------------------------
/Chapter-11/static/stylesheet.css:
--------------------------------------------------------------------------------
1 | body {
2 | background-color: #e1b382;
3 | }
4 |
5 | h1 {
6 | color: #daf57a;
7 | font-family: Arial, Helvetica, sans-serif;
8 | font-size: 26px;
9 | margin-left: 100px;
10 | margin-top: 100px;
11 | }
12 |
13 | h2 {
14 | color: #8076ac;
15 | font-family: Arial, Helvetica, sans-serif;
16 | font-size: 21px;
17 | margin-left: 0px;
18 | }
19 |
20 | form {
21 | color: #7c677f;
22 | font-family: Arial;
23 | font-size: 18px;
24 | margin-left: 100px;
25 | }
--------------------------------------------------------------------------------
/Chapter-11/templates/index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Beanstalk Mini-Quiz
6 |
7 |
8 |
9 |
10 |
11 |
Welcome to the Quiz
12 |
13 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/Chapter-11/templates/results.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Beanstalk Mini-Quiz
6 |
7 |
8 |
9 |
10 |
11 |
Quiz Results
12 |
13 | You scored {{result }} out of {{ total }} !
14 |
15 |
16 |
--------------------------------------------------------------------------------
/Chapter-12/lambda-role-policy.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | { "Effect": "Allow",
5 | "Principal": {
6 | "Service": "lambda.amazonaws.com"
7 | },
8 | "Action": "sts:AssumeRole"
9 | }
10 | ]
11 | }
12 |
--------------------------------------------------------------------------------
/Chapter-12/lambda_function.py:
--------------------------------------------------------------------------------
1 | import requests
2 | from bs4 import BeautifulSoup
3 | from collections import Counter
4 | from string import punctuation # already included in lambda modules
5 |
6 | def lambda_handler(event, context):
7 |
8 | # get the URL from the event
9 | r = requests.get("https://aws.amazon.com/blogs/compute/using-lambda-layers-to-simplify-your-development-process/") #demo
10 | #r = requests.get(event['url'])
11 | bs = BeautifulSoup(r.content, "html.parser")
12 |
13 | # gather all the words within the paragraphs
14 | p_txt = (''.join(s.findAll(text=True))for s in bs.findAll('p'))
15 | count_p = Counter((x.rstrip(punctuation).lower() for y in p_txt for x in y.split()))
16 |
17 | # gather all the text in the divs
18 | d_txt = (''.join(s.findAll(text=True))for s in bs.findAll('div'))
19 | count_div = Counter((x.rstrip(punctuation).lower() for y in d_txt for x in y.split()))
20 |
21 | # create a sum total of the words
22 | word_sum = countp + count_div
23 | # return the number of words
24 | return word_sum
--------------------------------------------------------------------------------
/Chapter-12/step_function.yml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: '2010-09-09'
2 | Description: Step function to migrate between accounts
3 |
4 | Parameters:
5 | LambdaFunctionBucket:
6 | Description: The S3 bucket where the lambda functions are placed
7 | Type: String
8 |
9 | Resources:
10 |
11 | FindWCFunction:
12 | Properties:
13 | Code:
14 | S3Bucket: !Sub ${LambdaFunctionBucket}
15 | #S3Bucket: !Join ['', ['arn:aws:s3:::', !Ref 'LambdaFunctionBucket', /]]
16 | S3Key: my-wc-package.zip
17 | Description: Finds all snapshots for instance ID
18 | Handler: lambda_function.lambda_handler
19 | Role: !GetAtt 'RoleLambda.Arn'
20 | Runtime: python3.8
21 | Timeout: 120
22 | Type: AWS::Lambda::Function
23 |
24 | RoleLambda:
25 | Type: AWS::IAM::Role
26 | Properties:
27 | AssumeRolePolicyDocument:
28 | Version: '2012-10-17'
29 | Statement:
30 | - Effect: Allow
31 | Principal:
32 | Service: [lambda.amazonaws.com ]
33 | Action: ['sts:AssumeRole']
34 | ManagedPolicyArns: ['arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole']
35 |
36 | StateMachineRole:
37 | Properties:
38 | AssumeRolePolicyDocument:
39 | Statement:
40 | - Action:
41 | - sts:AssumeRole
42 | Effect: Allow
43 | Principal:
44 | Service:
45 | Fn::Sub: states.${AWS::Region}.amazonaws.com
46 | Version: '2012-10-17'
47 | Policies:
48 | - PolicyDocument:
49 | Statement:
50 | - Action:
51 | - lambda:InvokeFunction
52 | Effect: Allow
53 | Resource: '*'
54 | Sid: InvokeLambda
55 | Version: '2012-10-17'
56 | PolicyName: InvokeLambda
57 | Type: AWS::IAM::Role
58 |
59 | StateMachine:
60 | Type: AWS::StepFunctions::StateMachine
61 | Properties:
62 | StateMachineName: Chapter-Twelve
63 | DefinitionString:
64 | !Sub
65 | - |-
66 | {
67 | "Comment": "A Demonstration State Machine with Lambda",
68 | "StartAt": "Find Words",
69 | "States": {
70 | "Find Words": {
71 | "Type": "Task",
72 | "Resource": "${FindWCFunction}",
73 | "ResultPath": "$.wordCount",
74 | "Next": "ChoiceStateCountdown"
75 | },
76 | "ChoiceStateCountdown": {
77 | "Type": "Choice",
78 | "Choices": [
79 | {
80 | "Variable": "$.wordCount",
81 | "IsNull": false,
82 | "Next": "Small Pause"
83 | },
84 | {
85 | "Variable": "$.wordCount",
86 | "IsNull": true,
87 | "Next": "Error State"
88 | }
89 | ],
90 | "Default": "DefaultState"
91 | },
92 | "Small Pause": {
93 | "Type": "Wait",
94 | "Seconds": 10,
95 | "End": true
96 | },
97 | "Error State": {
98 | "Type": "Fail",
99 | "Cause": "Invalid Choice"
100 | },
101 | "DefaultState": {
102 | "Type": "Fail",
103 | "Cause": "Default"
104 | }
105 | }
106 | }
107 | - {FindWCFunction: !GetAtt [FindWCFunction, Arn]}
108 | RoleArn: !GetAtt 'StateMachineRole.Arn'
109 |
110 |
--------------------------------------------------------------------------------
/Chapter-14/agents.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | mkdir /tmp/ssm
3 | mkdir /tmp/cw-agent
4 | # Download and Install the SSM Agent
5 | cd /tmp/ssm
6 | wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
7 | sudo dpkg -i amazon-ssm-agent.deb
8 | sudo systemctl enable amazon-ssm-agent
9 | # Install CollectD
10 | sudo apt-get update -y
11 | sudo apt-get install -y collectd
12 | # Download and Install the Unified CloudWatch agent
13 | cd /tmp/cw-agent
14 | wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
15 | sudo dpkg -i -E ./amazon-cloudwatch-agent.deb
16 | sudo systemctl enable amazon-cloudwatch-agent
17 |
--------------------------------------------------------------------------------
/Chapter-15/cw_events.py:
--------------------------------------------------------------------------------
1 | import boto3
2 | import random
3 |
4 | logging.basicConfig(level=os.environ.get('LOG_LEVEL', 'INFO'))
5 |
6 | # Resources
7 | events = boto3.client('events')
8 | cw = boto3.client('cloudwatch')
9 |
10 | #logger = logging.getLogger(__name__)
11 | # The Lambda handler
12 | def lambda_handler(event, context):
13 | put_metric = custom_metric()
14 | put_event = eb()
15 | return put_metric
16 |
17 | ###################################
18 | # Create CW Custom Metric
19 | ###################################
20 |
21 | def custom_metric():
22 | create_metric = cw.put_metric_data(
23 | Namespace='custom_metric',
24 | MetricData = [
25 | {
26 | 'MetricName': 'Signups',
27 | 'Dimensions': [
28 | {
29 | 'Name': 'EMAIL_CAMPAIGN',
30 | 'Value': 'cableTV_spot2'
31 | },
32 | {
33 |
34 | },
35 | ],
36 | 'Unit': 'None',
37 | 'Value': random.randint(1,100)
38 | },
39 | ],
40 | )
41 | return create_metric
42 |
43 | ###################################
44 | # Create EventBridge event
45 | ###################################
46 | def eb():
47 | action_list = ['SUBSCRIBE', 'UNSUBSCRIBE', 'PURCHASE']
48 | fname_list = ['Joe', 'Jane', 'Jack','Jessica', 'James', 'Josh', 'Jade']
49 | lname_list = ['Smith', 'Jones', 'Miller', 'Davis', 'Garcia', 'Brown', 'Moore']
50 | create_event = events.put_events(
51 | Entries=[
52 | {
53 | 'Action': random.choice(action_list),
54 | 'Subscriber': random.choice(fname_list) + " " + random.choice(lname_list),
55 | 'Source': 'cableTV_spot2',
56 | 'EventBusName': 'chapter15'
57 | }
58 | ]
59 | )
60 |
--------------------------------------------------------------------------------
/Chapter-16/cloudtrail_s3.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Statement": [
4 | {
5 | "Sid": "AWSCloudTrailAclCheck20150319",
6 | "Effect": "Allow",
7 | "Principal": {"Service": "cloudtrail.amazonaws.com"},
8 | "Action": "s3:GetBucketAcl",
9 | "Resource": "arn:aws:s3:::BucketName"
10 | },
11 | {
12 | "Sid": "AWSCloudTrailWrite20150319",
13 | "Effect": "Allow",
14 | "Principal": {"Service": "cloudtrail.amazonaws.com"},
15 | "Action": "s3:PutObject",
16 | "Resource": "arn:aws:s3:::BucketName/*",
17 | "Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}}
18 | }
19 | ]
20 | }
21 |
--------------------------------------------------------------------------------
/Chapter-16/cross-stack-website.yaml:
--------------------------------------------------------------------------------
1 | Description: This CloudFormation template uses cross-stack references for the VPC and then creates a Load Balancer and
2 |
3 | Parameters:
4 | NetworkStackName:
5 | Description: Name of an active CloudFormation stack that contains the networking resources, such as the subnet and security group, that will be used in this stack
6 | Type: String
7 | MinLength: 1
8 | MaxLength: 255
9 | #AllowedPattern: "^[a-zA-Z0-9][-a-zA-Z]*$"
10 | Default: "Chapter16-VPC"
11 | Mappings:
12 | AWSRegionArch2AMI:
13 | us-east-1:
14 | HVM64: ami-0c2b8ca1dad447f8a
15 | HVMG2: ami-06cf15d6d096df5d2
16 | us-east-2:
17 | HVM64: ami-0443305dabd4be2bc
18 | HVMG2: ami-0806cc3ac66515671
19 |
20 | Resources:
21 | WebServerInstance1:
22 | Type: 'AWS::EC2::Instance'
23 | Metadata:
24 | 'AWS::CloudFormation::Init':
25 | configSets:
26 | All:
27 | - SampleWebApp
28 | SampleWebApp:
29 | packages:
30 | yum:
31 | httpd: []
32 | files:
33 | /var/www/html/index.html:
34 | content: !Join
35 | - |+
36 |
37 | - - >-
38 | Sample Web App
39 | - >-
40 | This is my webpage, there are many like it but this ONE is mine.
41 | mode: '000644'
42 | owner: root
43 | group: root
44 | services:
45 | sysvinit:
46 | httpd:
47 | enabled: 'true'
48 | ensureRunning: 'true'
49 | Properties:
50 | InstanceType: t2.micro
51 | KeyName: pqueryOhio
52 | ImageId: !FindInMap
53 | - AWSRegionArch2AMI
54 | - !Ref 'AWS::Region'
55 | - HVM64
56 | NetworkInterfaces:
57 | - GroupSet:
58 | - !ImportValue
59 | 'Fn::Sub': '${NetworkStackName}-SECGROUP'
60 | AssociatePublicIpAddress: 'true'
61 | DeviceIndex: '0'
62 | DeleteOnTermination: 'true'
63 | SubnetId: !ImportValue
64 | 'Fn::Sub': '${NetworkStackName}-PUBSN1'
65 | UserData: !Base64
66 | 'Fn::Join':
67 | - ''
68 | - - |
69 | #!/bin/bash -xe
70 | - |
71 | yum update -y aws-cfn-bootstrap
72 | - |
73 | # Install the files and packages from the metadata
74 | - '/opt/aws/bin/cfn-init -v '
75 | - ' --stack '
76 | - !Ref 'AWS::StackName'
77 | - ' --resource WebServerInstance1 '
78 | - ' --configsets All '
79 | - ' --region '
80 | - !Ref 'AWS::Region'
81 | - |+
82 |
83 | - |
84 | # Signal the status from cfn-init
85 | - '/opt/aws/bin/cfn-signal -e $? '
86 | - ' --stack '
87 | - !Ref 'AWS::StackName'
88 | - ' --resource WebServerInstance1 '
89 | - ' --region '
90 | - !Ref 'AWS::Region'
91 | - |+
92 |
93 | CreationPolicy:
94 | ResourceSignal:
95 | Timeout: PT5M
96 |
97 | WebServerInstance2:
98 | Type: 'AWS::EC2::Instance'
99 | Metadata:
100 | 'AWS::CloudFormation::Init':
101 | configSets:
102 | All:
103 | - SampleWebApp
104 | SampleWebApp:
105 | packages:
106 | yum:
107 | httpd: []
108 | files:
109 | /var/www/html/index.html:
110 | content: !Join
111 | - |+
112 |
113 | - - >-
114 | Sample Web App
115 | - >-
116 | This is my webpage, there are many like it but these TWO are mine.
117 | mode: '000644'
118 | owner: root
119 | group: root
120 | services:
121 | sysvinit:
122 | httpd:
123 | enabled: 'true'
124 | ensureRunning: 'true'
125 | Properties:
126 | InstanceType: t2.micro
127 | KeyName: pqueryOhio
128 | ImageId: !FindInMap
129 | - AWSRegionArch2AMI
130 | - !Ref 'AWS::Region'
131 | - HVM64
132 | NetworkInterfaces:
133 | - GroupSet:
134 | - !ImportValue
135 | 'Fn::Sub': '${NetworkStackName}-SECGROUP'
136 | AssociatePublicIpAddress: 'true'
137 | DeviceIndex: '0'
138 | DeleteOnTermination: 'true'
139 | SubnetId: !ImportValue
140 | 'Fn::Sub': '${NetworkStackName}-PUBSN2'
141 | UserData: !Base64
142 | 'Fn::Join':
143 | - ''
144 | - - |
145 | #!/bin/bash -xe
146 | - |
147 | yum update -y aws-cfn-bootstrap
148 | - |
149 | # Install the files and packages from the metadata
150 | - '/opt/aws/bin/cfn-init -v '
151 | - ' --stack '
152 | - !Ref 'AWS::StackName'
153 | - ' --resource WebServerInstance2 '
154 | - ' --configsets All '
155 | - ' --region '
156 | - !Ref 'AWS::Region'
157 | - |+
158 |
159 | - |
160 | # Signal the status from cfn-init
161 | - '/opt/aws/bin/cfn-signal -e $? '
162 | - ' --stack '
163 | - !Ref 'AWS::StackName'
164 | - ' --resource WebServerInstance2 '
165 | - ' --region '
166 | - !Ref 'AWS::Region'
167 | - |+
168 |
169 | CreationPolicy:
170 | ResourceSignal:
171 | Timeout: PT5M
172 |
173 | ElasticLoadBalancer:
174 | Type: AWS::ElasticLoadBalancing::LoadBalancer
175 | Properties:
176 | SecurityGroups:
177 | - !ImportValue
178 | 'Fn::Sub': '${NetworkStackName}-SECGROUP'
179 | Listeners:
180 | - LoadBalancerPort: '80'
181 | InstancePort: '80'
182 | Protocol: HTTP
183 | Instances:
184 | - !Ref WebServerInstance1
185 | - !Ref WebServerInstance2
186 | Subnets:
187 | - !ImportValue
188 | 'Fn::Sub': '${NetworkStackName}-PUBSN1'
189 |
190 |
191 | Outputs:
192 | URL:
193 | Description: URL of the sample website
194 | Value: !Join
195 | - ''
196 | - - 'http://'
197 | - !GetAtt
198 | - ElasticLoadBalancer
199 | - DNSName
200 |
--------------------------------------------------------------------------------
/Chapter-16/vpc.yaml:
--------------------------------------------------------------------------------
1 | Description: This creates a vpc using 2 AZs and then allows for access via cross stack reference
2 |
3 | Resources:
4 | VPC:
5 | Type: AWS::EC2::VPC
6 | Properties:
7 | CidrBlock: 11.192.0.0/16
8 | EnableDnsSupport: true
9 | EnableDnsHostnames: true
10 |
11 | InternetGateway:
12 | Type: AWS::EC2::InternetGateway
13 |
14 | InternetGatewayAttachment:
15 | Type: AWS::EC2::VPCGatewayAttachment
16 | Properties:
17 | InternetGatewayId: !Ref InternetGateway
18 | VpcId: !Ref VPC
19 |
20 | NAT:
21 | DependsOn: PublicSubnet1
22 | Type: AWS::EC2::NatGateway
23 | Properties:
24 | SubnetId: !Ref PublicSubnet1
25 | AllocationId:
26 | Fn::GetAtt:
27 | - EIP
28 | - AllocationId
29 | EIP:
30 | #DependsOn: VPCGatewayAttach
31 | Type: AWS::EC2::EIP
32 | Properties:
33 | Domain: vpc
34 |
35 | PublicSubnet1:
36 | Type: AWS::EC2::Subnet
37 | Properties:
38 | VpcId: !Ref VPC
39 | AvailabilityZone: !Select [ 0, !GetAZs '' ]
40 | CidrBlock: 11.192.10.0/24
41 | MapPublicIpOnLaunch: true
42 |
43 | PublicSubnet2:
44 | Type: AWS::EC2::Subnet
45 | Properties:
46 | VpcId: !Ref VPC
47 | AvailabilityZone: !Select [ 1, !GetAZs '' ]
48 | CidrBlock: 11.192.11.0/24
49 | MapPublicIpOnLaunch: true
50 |
51 | PrivateSubnet1:
52 | Type: AWS::EC2::Subnet
53 | Properties:
54 | VpcId: !Ref VPC
55 | AvailabilityZone: !Select [ 0, !GetAZs '' ]
56 | CidrBlock: 11.192.20.0/24
57 | MapPublicIpOnLaunch: false
58 |
59 | PrivateSubnet2:
60 | Type: AWS::EC2::Subnet
61 | Properties:
62 | VpcId: !Ref VPC
63 | AvailabilityZone: !Select [ 1, !GetAZs '' ]
64 | CidrBlock: 11.192.21.0/24
65 | MapPublicIpOnLaunch: false
66 |
67 | PublicRouteTable:
68 | Type: AWS::EC2::RouteTable
69 | Properties:
70 | VpcId: !Ref VPC
71 |
72 | DefaultPublicRoute:
73 | Type: AWS::EC2::Route
74 | DependsOn: InternetGatewayAttachment
75 | Properties:
76 | RouteTableId: !Ref PublicRouteTable
77 | DestinationCidrBlock: 0.0.0.0/0
78 | GatewayId: !Ref InternetGateway
79 |
80 | PublicSubnet1RouteTableAssociation:
81 | Type: AWS::EC2::SubnetRouteTableAssociation
82 | Properties:
83 | RouteTableId: !Ref PublicRouteTable
84 | SubnetId: !Ref PublicSubnet1
85 |
86 | PublicSubnet2RouteTableAssociation:
87 | Type: AWS::EC2::SubnetRouteTableAssociation
88 | Properties:
89 | RouteTableId: !Ref PublicRouteTable
90 | SubnetId: !Ref PublicSubnet2
91 |
92 | PrivateRouteTable1:
93 | Type: AWS::EC2::RouteTable
94 | Properties:
95 | VpcId: !Ref VPC
96 |
97 | PrivateRoute1:
98 | Type: AWS::EC2::Route
99 | Properties:
100 | RouteTableId: !Ref PrivateRouteTable1
101 | DestinationCidrBlock: 0.0.0.0/0
102 | NatGatewayId:
103 | Ref: NAT
104 |
105 | PrivateSubnet1RouteTableAssociation:
106 | Type: AWS::EC2::SubnetRouteTableAssociation
107 | Properties:
108 | RouteTableId: !Ref PrivateRouteTable1
109 | SubnetId: !Ref PrivateSubnet1
110 |
111 | PrivateSubnet2RouteTableAssociation:
112 | Type: AWS::EC2::SubnetRouteTableAssociation
113 | Properties:
114 | RouteTableId: !Ref PrivateRouteTable1
115 | SubnetId: !Ref PrivateSubnet2
116 |
117 | ServerSecurityGroup:
118 | Type: AWS::EC2::SecurityGroup
119 | Properties:
120 | GroupDescription: "Enable HTTP Ingress"
121 | VpcId: !Ref VPC
122 | SecurityGroupIngress:
123 | - CidrIp: 0.0.0.0/0
124 | IpProtocol: tcp
125 | FromPort: 80
126 | ToPort: 80
127 |
128 | VpcFlowLogRole:
129 | Type: AWS::IAM::Role
130 | Properties:
131 | AssumeRolePolicyDocument:
132 | Version: "2012-10-17"
133 | Statement:
134 | - Effect: Allow
135 | Principal:
136 | Service:
137 | - vpc-flow-logs.amazonaws.com
138 | Action:
139 | - 'sts:AssumeRole'
140 | Path: /
141 | Policies:
142 | - PolicyName: root
143 | PolicyDocument:
144 | Version: "2012-10-17"
145 | Statement:
146 | - Effect: Allow
147 | Action:
148 | - logs:CreateLogGroup
149 | - logs:CreateLogStream
150 | - logs:PutLogEvents
151 | - logs:DescribeLogGroups
152 | - logs:DescribeLogStreams
153 | Resource: '*'
154 |
155 |
156 | Outputs:
157 | VPCId:
158 | Description: VPC ID
159 | Value: !Ref VPC
160 | Export:
161 | Name: !Sub '${AWS::StackName}-VPCID'
162 |
163 | PublicSubnet1:
164 | Description: PublicSubnet1
165 | Value: !Ref PublicSubnet1
166 | Export:
167 | Name: !Sub '${AWS::StackName}-PUBSN1'
168 |
169 | PublicSubnet2:
170 | Description: PublicSubnet2
171 | Value: !Ref PublicSubnet2
172 | Export:
173 | Name: !Sub '${AWS::StackName}-PUBSN2'
174 |
175 | PrivateSubnet1:
176 | Description: PrivateSubnet1
177 | Value: !Ref PrivateSubnet1
178 | Export:
179 | Name: !Sub '${AWS::StackName}-PRISN1'
180 |
181 | PrivateSubnet2:
182 | Description: PrivateSubnet2
183 | Value: !Ref PrivateSubnet2
184 | Export:
185 | Name: !Sub '${AWS::StackName}-PRISN2'
186 |
187 | ServerSecurityGroup:
188 | Description: instance security group
189 | Value: !Ref ServerSecurityGroup
190 | Export:
191 | Name: !Sub '${AWS::StackName}-SECGROUP'
192 |
193 |
--------------------------------------------------------------------------------
/Chapter-17/lambda_stack.yml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: 2010-09-09
2 | Description: >-
3 | Create Lambda function to write logs to a CloudWatch log group for ingestion
4 | into an ElasticSearch Cluster
5 | Resources:
6 | LogScheduledRule:
7 | Type: 'AWS::Events::Rule'
8 | Properties:
9 | Description: ScheduledRule
10 | ScheduleExpression: "rate(5 minutes)"
11 | State: ENABLED
12 | Targets:
13 | - Arn: !GetAtt
14 | - LambdaLogGenerator
15 | - Arn
16 | Id: LambdaLogGeneratorTargetId
17 | PermissionForLogScheduleToInvokeLambda:
18 | Type: 'AWS::Lambda::Permission'
19 | Properties:
20 | FunctionName: !Ref LambdaLogGenerator
21 | Action: 'lambda:InvokeFunction'
22 | Principal: events.amazonaws.com
23 | SourceArn: !GetAtt
24 | - LogScheduledRule
25 | - Arn
26 |
27 | LambdaLogGenerator:
28 | Type: 'AWS::Lambda::Function'
29 | Properties:
30 | Description: 'Creates Log files with OS environment variables and event'
31 | Code:
32 | ZipFile: !Join
33 | - |+
34 |
35 | - - import boto3
36 | - import os
37 | - import datetime
38 | - 'def lambda_handler(event, context):'
39 | - ' print("#### ENVIRONMENT VARIABLES ####")'
40 | - ' print(os.environ)'
41 | - ' print("#### EVENT DATA ####")'
42 | - ' print(event)'
43 | Handler: index.lambda_handler
44 | Runtime: python3.8
45 | Timeout: '300'
46 | Role: !GetAtt
47 | - LambdaLoggerExecutionRole
48 | - Arn
49 |
50 | LambdaLoggerExecutionRole:
51 | Type: 'AWS::IAM::Role'
52 | Properties:
53 | AssumeRolePolicyDocument:
54 | Version: 2012-10-17
55 | Statement:
56 | - Effect: Allow
57 | Principal:
58 | Service:
59 | - lambda.amazonaws.com
60 | Action:
61 | - 'sts:AssumeRole'
62 | Policies:
63 | - PolicyName: LambdaLoggerPolicy
64 | PolicyDocument:
65 | Version: 2012-10-17
66 | Statement:
67 | - Effect: Allow
68 | Action:
69 | - 'logs:CreateLogGroup'
70 | - 'logs:CreateLogStream'
71 | - 'logs:PutLogEvents'
72 | - 'es:*'
73 | Resource: '*'
74 | Outputs: {}
--------------------------------------------------------------------------------
/Chapter-20/clamav.json:
--------------------------------------------------------------------------------
1 | {
2 | "description": "Install ClamAV on Amazon Linux, Run freshclam and clamscan",
3 | "schemaVersion": "2.2",
4 | "mainSteps": [
5 | {
6 | "inputs": {
7 | "runCommand": [
8 | "#!/bin/bash",
9 | "sudo amazon-linux-extras install -y epel",
10 | "sudo yum -y install clamav",
11 | "sudo touch /var/log/freshclam.log",
12 | "sudo chmod 600 /var/log/freshclam.log",
13 | "sudo freshclam ",
14 | "sudo clamscan -r /var --leave-temps"
15 | ]
16 | },
17 | "name": "ALclamInstall",
18 | "action": "aws:runShellScript"
19 | }
20 | ]
21 | }
--------------------------------------------------------------------------------
/Chapter-20/configTemplate.yaml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: 2010-09-09
2 |
3 | Parameters:
4 |
5 | # DeliveryChannelS3Prefix:
6 | # Description: The key prefix ('folder') into which to insert config snapshots
7 | # Type: String
8 | # DeliveryChannelS3Bucket:
9 | # Description: The full ARN of the bucket to which you wish to periodically push config snapshots.
10 | # Type: String
11 |
12 | MaximumExecutionFrequency:
13 | Type: String
14 | Default: TwentyFour_Hours
15 | Description: The frequency that you want AWS Config to run evaluations for the rule.
16 | MinLength: '1'
17 | ConstraintDescription: This parameter is required.
18 | AllowedValues:
19 | - One_Hour
20 | - Three_Hours
21 | - Six_Hours
22 | - Twelve_Hours
23 | - TwentyFour_Hours
24 |
25 | ConfigRule1:
26 | Type: String
27 | Default: iam-user-no-policies-check
28 | Description: The name that you assign to the AWS Config rule.
29 | MinLength: '1'
30 | ConstraintDescription: This parameter is required.
31 |
32 | ConfigRuleNameTwo:
33 | Type: String
34 | Default: iam-user-unused-credentials-check
35 | Description: The name that you assign to the AWS Config rule.
36 | MinLength: '1'
37 | ConstraintDescription: This parameter is required.
38 |
39 | ConfigRuleNameThree:
40 | Type: String
41 | Default: root-account-mfa-enabled
42 | Description: The name that you assign to the AWS Config rule.
43 | MinLength: '1'
44 | ConstraintDescription: This parameter is required.
45 |
46 | # s3BucketName:
47 | # Type: String
48 | # Default: ''
49 | # Description: Name of S3 bucket for CloudTrail to deliver log files to.
50 |
51 |
52 |
53 | Resources:
54 |
55 | ConfigRole:
56 | Type: AWS::IAM::Role
57 | Properties:
58 | AssumeRolePolicyDocument:
59 | Version: '2012-10-17'
60 | Statement:
61 | - Effect: Allow
62 | Principal:
63 | Service: [config.amazonaws.com]
64 | Action: ['sts:AssumeRole']
65 | ManagedPolicyArns: ['arn:aws:iam::aws:policy/service-role/AWSConfigRole']
66 | Policies:
67 | - PolicyName: "AWSConfigDeliveryPermissions"
68 | PolicyDocument:
69 | Version: '2012-10-17'
70 | Statement:
71 | - Effect: Allow
72 | Action: s3:GetBucketAcl
73 | Resource: !Join ['', ['arn:aws:s3:::', !Ref 'ConfigBucket']]
74 | - Effect: Allow
75 | Action: s3:PutObject
76 | Resource: !Join ['', ['arn:aws:s3:::', !Ref 'ConfigBucket', /AWSLogs/,
77 | !Ref 'AWS::AccountId', /*]]
78 | Condition:
79 | StringEquals:
80 | s3:x-amz-acl: bucket-owner-full-control
81 | - Effect: Allow
82 | Action: config:Put*
83 | Resource: '*'
84 | - Effect: "Allow"
85 | Action: "lambda:InvokeFunction"
86 | Resource: "*"
87 | - Effect: "Allow"
88 | Action: "sns:Publish"
89 | Resource: "*"
90 |
91 | AutomatedRole:
92 | Type: AWS::IAM::Role
93 | Properties:
94 | AssumeRolePolicyDocument:
95 | Version: '2012-10-17'
96 | Statement:
97 | - Effect: Allow
98 | Principal:
99 | Service: [config.amazonaws.com, ssm.amazonaws.com, ec2.amazonaws.com ]
100 | Action: ['sts:AssumeRole']
101 | ManagedPolicyArns: ['arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole']
102 | Policies:
103 | - PolicyName: "snsStar"
104 | PolicyDocument:
105 | Version: '2012-10-17'
106 | Statement:
107 | - Effect: Allow
108 | Action: sns:*
109 | Resource: '*'
110 |
111 | ConfigBucket:
112 | Type: AWS::S3::Bucket
113 | ConfigTopic:
114 | Type: AWS::SNS::Topic
115 |
116 | ConfigTopicPolicy:
117 | Type: AWS::SNS::TopicPolicy
118 | Properties:
119 | PolicyDocument:
120 | Id: ConfigTopicPolicy
121 | Version: '2012-10-17'
122 | Statement:
123 | - Effect: Allow
124 | Principal:
125 | Service: config.amazonaws.com
126 | Action: SNS:Publish
127 | Resource: '*'
128 | Topics: [!Ref 'ConfigTopic']
129 |
130 | EC2VolumeRecorder:
131 | Type: AWS::Config::ConfigurationRecorder
132 | Properties:
133 | Name: default
134 | RecordingGroup:
135 | ResourceTypes:
136 | - "AWS::EC2::Volume"
137 | RoleARN:
138 | Fn::GetAtt:
139 | - ConfigRole
140 | - Arn
141 | DependsOn: ConfigRole
142 |
143 | DeliveryChannel:
144 | Type: AWS::Config::DeliveryChannel
145 | Properties:
146 | Name: default
147 | S3BucketName: !Ref ConfigBucket
148 | SnsTopicARN: !Ref 'ConfigTopic'
149 | DependsOn:
150 | - ConfigRole
151 |
152 | AWSConfig1:
153 | Type: 'AWS::Config::ConfigRule'
154 | Properties:
155 | ConfigRuleName: !Ref ConfigRule1
156 | Description: >-
157 | Checks that none of your IAM users have policies attached. IAM users
158 | must inherit permissions from IAM groups or roles.
159 | InputParameters: {}
160 | Scope:
161 | ComplianceResourceTypes:
162 | - 'AWS::IAM::User'
163 | Source:
164 | Owner: AWS
165 | SourceIdentifier: IAM_USER_NO_POLICIES_CHECK
166 | DependsOn: EC2VolumeRecorder
167 |
168 |
169 | AWSConfigRuleThree:
170 | Type: 'AWS::Config::ConfigRule'
171 | Properties:
172 | ConfigRuleName: !Ref ConfigRuleNameThree
173 | Description: >-
174 | Checks whether the root user of your AWS account requires multi-factor
175 | authentication for console sign-in.
176 | InputParameters: {}
177 | Scope: {}
178 | Source:
179 | Owner: AWS
180 | SourceIdentifier: ROOT_ACCOUNT_MFA_ENABLED
181 | MaximumExecutionFrequency: !Ref MaximumExecutionFrequency
182 | DependsOn: EC2VolumeRecorder
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 | # Conditions:
191 |
192 | # s3BucketName: !Not
193 | # - !Equals
194 | # - ''
195 | # - !Ref s3BucketName
196 |
197 |
--------------------------------------------------------------------------------
/Chapter-4/batch/BATCH_COMMAND:
--------------------------------------------------------------------------------
1 | aws s3control create-job \
2 | --region us-east-2 \ --account-id acct-id \
3 | --operation '{"S3PutObjectTagging": { "TagSet": [{"Key":"DELETE", "Value":"TRUE"}] }}' \
4 | --manifest '{"Spec":{"Format":"S3BatchOperations_CSV_20180820","Fields":["Bucket","Key"]},"Location":{"ObjectArn":"arn:aws:s3:::devopspro-beyond/manifest.csv","ETag":"60e460c9d1046e73f7dde5043ac3ae85"}}'
5 | --report '{"Bucket":"arn:aws:s3:::devopspro-beyond","Prefix":"final-reports", "Format":"Report_CSV_20180820","Enabled":true,"ReportScope":"AllTasks"}' \
6 | --priority 42 \
7 | --role-arn IAM-role \
8 | --client-request-token $(uuidgen) \
9 | --description "S3 Batch job Description" \
10 | --no-confirmation-required
11 |
--------------------------------------------------------------------------------
/Chapter-4/batch/S3_Batch_IAM.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version":"2012-10-17",
3 | "Statement":[
4 | {
5 | "Effect":"Allow",
6 | "Action":[
7 | "s3:PutObjectTagging",
8 | "s3:PutObjectVersionTagging"
9 | ],
10 | "Resource": "arn:aws:s3:::<>/*"
11 | },
12 | {
13 | "Effect": "Allow",
14 | "Action": [
15 | "s3:GetObject",
16 | "s3:GetObjectVersion",
17 | "s3:GetBucketLocation"
18 | ],
19 | "Resource": [
20 | "arn:aws:s3:::<>",
21 | "arn:aws:s3:::<>/*"
22 | ]
23 | },
24 | {
25 | "Effect":"Allow",
26 | "Action":[
27 | "s3:PutObject",
28 | "s3:GetBucketLocation"
29 | ],
30 | "Resource":[
31 | "arn:aws:s3:::<>",
32 | "arn:aws:s3:::<>/*"
33 | ]
34 | }
35 | ]
36 | }
37 |
--------------------------------------------------------------------------------
/Chapter-4/batch/eight.txt:
--------------------------------------------------------------------------------
1 | eight
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/eighteen.txt:
--------------------------------------------------------------------------------
1 | eighteen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/eleven.txt:
--------------------------------------------------------------------------------
1 | eleven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifteen.txt:
--------------------------------------------------------------------------------
1 | fifteen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-eight.txt:
--------------------------------------------------------------------------------
1 | fifty eight
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-five.txt:
--------------------------------------------------------------------------------
1 | fifty five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-four.txt:
--------------------------------------------------------------------------------
1 | fifty four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-nine.txt:
--------------------------------------------------------------------------------
1 | fifty nine
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-one.txt:
--------------------------------------------------------------------------------
1 | fifty one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-seven.txt:
--------------------------------------------------------------------------------
1 | fifty seven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-six.txt:
--------------------------------------------------------------------------------
1 | fifty six
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-three.txt:
--------------------------------------------------------------------------------
1 | fifty three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty-two.txt:
--------------------------------------------------------------------------------
1 | fifty two
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fifty.txt:
--------------------------------------------------------------------------------
1 | fifty.txt
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/five.txt:
--------------------------------------------------------------------------------
1 | five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/four.txt:
--------------------------------------------------------------------------------
1 | four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourteen.txt:
--------------------------------------------------------------------------------
1 | fourteen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-eight.txt:
--------------------------------------------------------------------------------
1 | fourty-eight
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-five.txt:
--------------------------------------------------------------------------------
1 | fourty five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-four.txt:
--------------------------------------------------------------------------------
1 | fourty four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-nine.txt:
--------------------------------------------------------------------------------
1 | fourty nine
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-one.txt:
--------------------------------------------------------------------------------
1 | fourty one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-seven.txt:
--------------------------------------------------------------------------------
1 | fourty seven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-six.txt:
--------------------------------------------------------------------------------
1 | fourty six
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-three.txt:
--------------------------------------------------------------------------------
1 | fourty three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty-two.txt:
--------------------------------------------------------------------------------
1 | fourty two
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/fourty.txt:
--------------------------------------------------------------------------------
1 | fourty
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/manifest.csv:
--------------------------------------------------------------------------------
1 | devopspro-beyond,one.txt
2 | devopspro-beyond,two.txt
3 | devopspro-beyond,three.txt
4 | devopspro-beyond,four.txt
5 | devopspro-beyond,five.txt
6 | devopspro-beyond,six.txt
7 | devopspro-beyond,seven.txt
8 | devopspro-beyond,eight.txt
9 | devopspro-beyond,nine.txt
10 | devopspro-beyond,ten.txt
11 | devopspro-beyond,eleven.txt
12 | devopspro-beyond,twelve.txt
13 | devopspro-beyond,thirteen.txt
14 | devopspro-beyond,fourteen.txt
15 | devopspro-beyond,fifteen.txt
16 | devopspro-beyond,sixteen.txt
17 | devopspro-beyond,seventeen.txt
18 | devopspro-beyond,eighteen.txt
19 | devopspro-beyond,ninteen.txt
20 | devopspro-beyond,twenty.txt
21 | devopspro-beyond,twenty-one.txt
22 | devopspro-beyond,twenty-two.txt
23 | devopspro-beyond,twenty-three.txt
24 | devopspro-beyond,twenty-four.txt
25 | devopspro-beyond,twenty-five.txt
26 | devopspro-beyond,twenty-six.txt
27 | devopspro-beyond,twenty-seven.txt
28 | devopspro-beyond,twenty-eight.txt
29 | devopspro-beyond,twenty-nine.txt
30 | devopspro-beyond,thirty.txt
31 | devopspro-beyond,thirty-one.txt
32 | devopspro-beyond,thirty-two.txt
33 | devopspro-beyond,thirty-three.txt
34 | devopspro-beyond,thirty-four.txt
35 | devopspro-beyond,thirty-five.txt
36 | devopspro-beyond,thirty-six.txt
37 | devopspro-beyond,thirty-seven.txt
38 | devopspro-beyond,thirty-eight.txt
39 | devopspro-beyond,thirty-nine.txt
40 | devopspro-beyond,fourty.txt
41 | devopspro-beyond,fourty-one.txt
42 | devopspro-beyond,fourty-two.txt
43 | devopspro-beyond,fourty-three.txt
44 | devopspro-beyond,fourty-four.txt
45 | devopspro-beyond,foruty-five.txt
46 | devopspro-beyond,fourty-six.txt
47 | devopspro-beyond,fourty-seven.txt
48 | devopspro-beyond,fourty-eight.txt
49 | devopspro-beyond,fourty-nine.txt
50 | devopspro-beyond,fifty.txt
51 | devopspro-beyond,fifty-one.txt
52 | devopspro-beyond,fifty-two.txt
53 | devopspro-beyond,fifty-three.txt
54 | devopspro-beyond,fifty-four.txt
55 | devopspro-beyond,fifty-five.txt
56 | devopspro-beyond,fifty-six.txt
57 | devopspro-beyond,fifty-seven.txt
58 | devopspro-beyond,fifty-eight.txt
59 | devopspro-beyond,fifty-nine.txt
60 | devopspro-beyond,sixty.txt
61 | devopspro-beyond,sixty-one.txt
62 | devopspro-beyond,sixty-two.txt
63 | devopspro-beyond,sixty-three.txt
64 | devopspro-beyond,sixty-three.txt
65 | devopspro-beyond,sixty-four.txt
66 | devopspro-beyond,sixty-five.txt
67 | devopspro-beyond,sixty-six.txt
68 | devopspro-beyond,sixty-seven.txt
69 | devopspro-beyond,sixty-eight.txt
70 | devopspro-beyond,sixty-nine.txt
71 | devopspro-beyond,seventy.txt
72 | devopspro-beyond,seventy-one.txt
73 | devopspro-beyond,seventy-two.txt
74 | devopspro-beyond,seventy-three.txt
75 | devopspro-beyond,seventy-four.txt
76 | devopspro-beyond,seventy-five.txt
77 |
--------------------------------------------------------------------------------
/Chapter-4/batch/manifest2.csv:
--------------------------------------------------------------------------------
1 | devopspro-beyond,one.txt
2 | devopspro-beyond,two.txt
3 | devopspro-beyond,three.txt
4 | devopspro-beyond,four.txt
5 | devopspro-beyond,five.txt
6 | devopspro-beyond,six.txt
7 |
--------------------------------------------------------------------------------
/Chapter-4/batch/nine.txt:
--------------------------------------------------------------------------------
1 | nine
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/nineteen.txt:
--------------------------------------------------------------------------------
1 | nineteen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/one.txt:
--------------------------------------------------------------------------------
1 | one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seven.txt:
--------------------------------------------------------------------------------
1 | seven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventeen.txt:
--------------------------------------------------------------------------------
1 | seventeen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventy-five.txt:
--------------------------------------------------------------------------------
1 | seventy five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventy-four.txt:
--------------------------------------------------------------------------------
1 | seventy four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventy-one.txt:
--------------------------------------------------------------------------------
1 | seventy one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventy-three.txt:
--------------------------------------------------------------------------------
1 | seventy three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventy-two.txt:
--------------------------------------------------------------------------------
1 | seventy two
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/seventy.txt:
--------------------------------------------------------------------------------
1 | seventy
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/six.txt:
--------------------------------------------------------------------------------
1 | six
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixteen.txt:
--------------------------------------------------------------------------------
1 | sixteen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-eight.txt:
--------------------------------------------------------------------------------
1 | sixty eight
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-five.txt:
--------------------------------------------------------------------------------
1 | sixty five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-four.txt:
--------------------------------------------------------------------------------
1 | sixty four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-nine.txt:
--------------------------------------------------------------------------------
1 | sixty nine
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-one.txt:
--------------------------------------------------------------------------------
1 | sixty one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-seven.txt:
--------------------------------------------------------------------------------
1 | sixty seven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-six.txt:
--------------------------------------------------------------------------------
1 | sixty six
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-three.txt:
--------------------------------------------------------------------------------
1 | sixty three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty-two.txt:
--------------------------------------------------------------------------------
1 | sixty two
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/sixty.txt:
--------------------------------------------------------------------------------
1 | sixty
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/ten.txt:
--------------------------------------------------------------------------------
1 | tex
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirteen.txt:
--------------------------------------------------------------------------------
1 | thirteen
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirty-five.txt:
--------------------------------------------------------------------------------
1 | thrity five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirty-four.txt:
--------------------------------------------------------------------------------
1 | thirty four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirty-one.txt:
--------------------------------------------------------------------------------
1 | thirty one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirty-three.txt:
--------------------------------------------------------------------------------
1 | thirty three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirty-two.txt:
--------------------------------------------------------------------------------
1 | thirty two
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thirty.txt:
--------------------------------------------------------------------------------
1 | thirty
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/three.txt:
--------------------------------------------------------------------------------
1 | three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thrity-eight.txt:
--------------------------------------------------------------------------------
1 | thrity eight
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thrity-nine.txt:
--------------------------------------------------------------------------------
1 | thrity nine
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thrity-seven.txt:
--------------------------------------------------------------------------------
1 | thrity seven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/thrity-six.txt:
--------------------------------------------------------------------------------
1 | thrity six
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twelve.txt:
--------------------------------------------------------------------------------
1 | twelve
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-eight.txt:
--------------------------------------------------------------------------------
1 | twenty eight
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-five.txt:
--------------------------------------------------------------------------------
1 | twenty-five
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-four.txt:
--------------------------------------------------------------------------------
1 | twenty-four
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-nine.txt:
--------------------------------------------------------------------------------
1 | twenty nine
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-one.txt:
--------------------------------------------------------------------------------
1 | twenty-one
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-seven.txt:
--------------------------------------------------------------------------------
1 | twenty seven
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-six.txt:
--------------------------------------------------------------------------------
1 | twenty six
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-three.txt:
--------------------------------------------------------------------------------
1 | twenty-three
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty-two.txt:
--------------------------------------------------------------------------------
1 | twenty-two
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/twenty.txt:
--------------------------------------------------------------------------------
1 | twenty
2 |
--------------------------------------------------------------------------------
/Chapter-4/batch/two.txt:
--------------------------------------------------------------------------------
1 | two
2 |
--------------------------------------------------------------------------------
/Chapter-4/sns-topic-access.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version": "2012-10-17",
3 | "Id": "s3-event-sns-ID",
4 | "Statement": [
5 | {
6 | "Sid": "s3-publish-ID",
7 | "Effect": "Allow",
8 | "Principal": {
9 | "Service": "s3.amazonaws.com"
10 | },
11 | "Action": "SNS:Publish",
12 | "Resource": "arn:aws:sns:region:account-num:sns-topic",
13 | "Condition": {
14 | "StringEquals": {
15 | "aws:SourceAccount": "account-num"
16 | },
17 | "ArnLike": {
18 | "aws:SourceArn": "arn:aws:s3:::bucket-name"
19 | }
20 | }
21 | }
22 | ]
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/Chapter-5/project_item.json:
--------------------------------------------------------------------------------
1 | {
2 | "Project_ID": {"N": "0100"},
3 | "Dept": {"S": "Test Team"},
4 | "Dept_ID": {"N": "0001"},
5 | "Project_Name": {"S": "Serverless Forms"},
6 | "Owner": {"S": "Jerry Imoto"},
7 | "Builds": {"NS": ["2212121"] },
8 | "Language": {"S": "python" },
9 | "Contact": {"S": "test_team@testcompany.com" }
10 | }
--------------------------------------------------------------------------------
/Chapter-5/projects.json:
--------------------------------------------------------------------------------
1 | { "projects": [
2 | {
3 | "PutRequest": {
4 | "Item": {
5 | "Project_ID": {"N": "0000"},
6 | "Dept": {"S": "Operations"},
7 | "Dept_ID": {"N": "0000"},
8 | "Project_Name": {"S": "IAM Buildout"},
9 | "Owner": {"S": "Amit Omar"},
10 | "Language": {"S": "JSON"},
11 | "Contact": {"S": "cloud_ops@testcompany.com"}
12 | }
13 | }
14 | },
15 | {
16 | "PutRequest": {
17 | "Item": {
18 | "Project_ID": {"N": "0001"},
19 | "Dept": {"S": "Operations"},
20 | "Dept_ID": {"N": "0000"},
21 | "Project_Name": {"S": "Transit VPC"},
22 | "Owner": {"S": "Joey Balogney"},
23 | "Builds": {"NS": ["25263352"]},
24 | "Language": {"S": "YAML"},
25 | "Contact": {"S": "cloud_ops@testcompany.com"}
26 | }
27 | }
28 | },
29 | {
30 | "PutRequest": {
31 | "Item": {
32 | "Project_ID": {"N": "0003"},
33 | "Dept": {"S": "Customer Service"},
34 | "Dept_ID": {"N": "0040"},
35 | "Project_Name": {"S": "Ticket Tracker"},
36 | "Owner": {"S": "Debra Rondell"},
37 | "Builds": {"NS": ["215261512","215244542"] },
38 | "Language": {"S": "Javascript" },
39 | "Contact": {"S": "customer_service@testcompany.com" }
40 | }
41 | }
42 | },
43 | {
44 | "PutRequest": {
45 | "Item": {
46 | "Project_ID": {"N": "0004"},
47 | "Dept": {"S": "DevSec"},
48 | "Dept_ID": {"N": "0002"},
49 | "Project_Name": {"S": "Static Code Scan"},
50 | "Contact": {"S": "devsec@testcompany.com"}
51 | }
52 | }
53 | },
54 | {
55 | "PutRequest": {
56 | "Item": {
57 | "Project_ID": {"N": "0005"},
58 | "Dept": {"S": "Training"},
59 | "Dept_ID": {"N": "0100"},
60 | "Project_Name": {"S": "Moodle Test"},
61 | "Owner": {"S": "Wanda Johanson"},
62 | "Language": {"S": "php"},
63 | "Contact": {"S": "training@testcompany.com"}
64 | }
65 | }
66 | },
67 | {
68 | "PutRequest": {
69 | "Item": {
70 | "Project_ID": {"N": "0006"},
71 | "Dept": {"S": "DevSec"},
72 | "Dept_ID": {"N": "0002"},
73 | "Project_Name": {"S": "Config Rules"},
74 | "Owner": {"S": "Manesh Patel"},
75 | "Builds": {"NS": ["2255464"] },
76 | "Language": {"S": "python" },
77 | "Contact": {"S": "devsec@testcompany.com" }
78 | }
79 | }
80 | },
81 | {
82 | "PutRequest": {
83 | "Item": {
84 | "Project_ID": {"N": "0007"},
85 | "Dept": {"S": "Training"},
86 | "Dept_ID": {"N": "0100"},
87 | "Project_Name": {"S": "Compliance Tracker"},
88 | "Owner": {"S": "Wanda Johanson"},
89 | "Language": {"S": "javascript" },
90 | "Contact": {"S": "training@testcompany.com" }
91 | }
92 | }
93 | },
94 | {
95 | "PutRequest": {
96 | "Item": {
97 | "Project_ID": {"N": "0008"},
98 | "Dept": {"S": "Operations"},
99 | "Dept_ID": {"N": "0000"},
100 | "Project_Name": {"S": "Artifactory Server"},
101 | "Owner": {"S": "Joey Balogney"},
102 | "Builds": {"NS": ["2255712", "2255723"] },
103 | "Language": {"S": "yaml" },
104 | "Contact": {"S": "cloud_ops@testcompany.com" }
105 | }
106 | }
107 | },
108 | {
109 | "PutRequest": {
110 | "Item": {
111 | "Project_ID": {"N": "0009"},
112 | "Dept": {"S": "Test Team"},
113 | "Dept_ID": {"N": "0060"},
114 | "Project_Name": {"S": "JMeter FrontEnd Test"},
115 | "Owner": {"S": "Barnie Buston"},
116 | "Builds": {"NS": ["2255013"] },
117 | "Language": {"S": "Java" },
118 | "Contact": {"S": "bbuston@testcompany.com" }
119 | }
120 | }
121 | },
122 | {
123 | "PutRequest": {
124 | "Item": {
125 | "Project_ID": {"N": "0010"},
126 | "Dept": {"S": "Development"},
127 | "Dept_ID": {"N": "0010"},
128 | "Project_Name": {"S": "Bitwolf"},
129 | "Owner": {"S": "Selby Downse"},
130 | "Language": {"S": "python" },
131 | "Contact": {"S": "sdownse@testcompany.com" }
132 | }
133 | }
134 | }
135 |
136 | ] }
--------------------------------------------------------------------------------
/Chapter-5/projects_bulk.json:
--------------------------------------------------------------------------------
1 | { "projects": [
2 | {
3 | "PutRequest": {
4 | "Item": {
5 | "Project_ID": {"N": "0000"},
6 | "Dept": {"S": "Operations"},
7 | "Dept_ID": {"N": "0000"},
8 | "Project_Name": {"S": "IAM Buildout"},
9 | "Owner": {"S": "Amit Omar"},
10 | "Language": {"S": "JSON"},
11 | "Contact": {"S": "cloud_ops@testcompany.com"}
12 | }
13 | }
14 | },
15 | {
16 | "PutRequest": {
17 | "Item": {
18 | "Project_ID": {"N": "0001"},
19 | "Dept": {"S": "Operations"},
20 | "Dept_ID": {"N": "0000"},
21 | "Project_Name": {"S": "Transit VPC"},
22 | "Owner": {"S": "Joey Balogney"},
23 | "Builds": {"NS": ["25263352"]},
24 | "Language": {"S": "YAML"},
25 | "Contact": {"S": "cloud_ops@testcompany.com"}
26 | }
27 | }
28 | },
29 | {
30 | "PutRequest": {
31 | "Item": {
32 | "Project_ID": {"N": "0003"},
33 | "Dept": {"S": "Customer Service"},
34 | "Dept_ID": {"N": "0040"},
35 | "Project_Name": {"S": "Ticket Tracker"},
36 | "Owner": {"S": "Debra Rondell"},
37 | "Builds": {"NS": ["215261512","215244542"] },
38 | "Language": {"S": "Javascript" },
39 | "Contact": {"S": "customer_servce@testcompany.com" }
40 | }
41 | }
42 | },
43 | {
44 | "PutRequest": {
45 | "Item": {
46 | "Project_ID": {"N": "0004"},
47 | "Dept": {"S": "DevSec"},
48 | "Dept_ID": {"N": "0002"},
49 | "Project_Name": {"S": "Static Code Scan"},
50 | "Contact": {"S": "devsec@testcompany.com"}
51 | }
52 | }
53 | },
54 | {
55 | "PutRequest": {
56 | "Item": {
57 | "Project_ID": {"N": "0005"},
58 | "Dept": {"S": "Training"},
59 | "Dept_ID": {"N": "0100"},
60 | "Project_Name": {"S": "Moodle Test"},
61 | "Owner": {"S": "Wanda Johanson"},
62 | "Language": {"S": "php"},
63 | "Contact": {"S": "training@testcompany.com"}
64 | }
65 | }
66 | }
67 | ] }
--------------------------------------------------------------------------------
/Chapter-5/query-attributes-1.json:
--------------------------------------------------------------------------------
1 | {
2 | ":v1": {"S": "Operations"},
3 | ":v2": {"S": "Artifactory Server"}
4 | }
5 |
--------------------------------------------------------------------------------
/Chapter-5/query-values.json:
--------------------------------------------------------------------------------
1 | {
2 | ":v1": {"S": "Moodle Test"}
3 | }
4 |
--------------------------------------------------------------------------------
/Chapter-5/scan-values.json:
--------------------------------------------------------------------------------
1 | {
2 | ":d": {"S": "Operations"}
3 | }
--------------------------------------------------------------------------------
/Chapter-7/nested/.gitignore:
--------------------------------------------------------------------------------
1 | packaged_template.yml
2 |
--------------------------------------------------------------------------------
/Chapter-7/nested/nested_bucket.yml:
--------------------------------------------------------------------------------
1 | ---
2 | AWSTemplateFormatVersion: '2010-09-09'
3 | Description: S3 Bucket with outputs from nested stack
4 | # Parameters:
5 | # S3url:
6 | # !GetAtt
7 | # - chapt7
8 | # - Outputs.S3url
9 | # # # Description: The shared value will be passed to this parameter by parent stack.
10 | Resources:
11 | NestedBucket:
12 | Type: AWS::S3::Bucket
13 | Properties:
14 | AccessControl: Private
15 |
16 |
17 |
18 | Outputs:
19 | BucketName:
20 | Description: Name of the Nested Bucket
21 | Value: !Ref NestedBucket
22 |
--------------------------------------------------------------------------------
/Chapter-7/nested/nested_dynamo.yml:
--------------------------------------------------------------------------------
1 | ---
2 | AWSTemplateFormatVersion: '2010-09-09'
3 | Description: A Basic DynamoDB to catch egress from Lambda Function
4 | Resources:
5 | ProjectTable:
6 | Type: AWS::DynamoDB::Table
7 | Properties:
8 | AttributeDefinitions:
9 | -
10 | AttributeName: "Project_ID"
11 | AttributeType: "N"
12 | KeySchema:
13 | -
14 | AttributeName: Project_ID
15 | KeyType: HASH
16 | ProvisionedThroughput:
17 | ReadCapacityUnits: 5
18 | WriteCapacityUnits: 5
19 |
20 | Outputs:
21 | ProjectTable:
22 | Value: !Ref ProjectTable
23 | ProjectTableArn:
24 | Value: !GetAtt ProjectTable.Arn
--------------------------------------------------------------------------------
/Chapter-7/nested/nested_lambda.yml:
--------------------------------------------------------------------------------
1 | Description: "AWS CloudFormation Sample Template SQS_With_CloudWatch_Alarms: Sample template showing how to create an SQS queue with Amazon CloudWatch alarms on queue depth. **WARNING** This template creates an Amazon SQS queue and one or more Amazon CloudWatch alarms. You will be billed for the AWS resources used if you create a stack from this template."
2 |
3 | Resources:
4 | LambdaExecutionRole:
5 | Type: "AWS::IAM::Role"
6 | Properties:
7 | AssumeRolePolicyDocument:
8 | Version: "2012-10-17"
9 | Statement:
10 | - Effect: Allow
11 | Principal:
12 | Service: lambda.amazonaws.com
13 | Action: "sts:AssumeRole"
14 | Path: /
15 | Policies:
16 | - PolicyName: dynamo-policy
17 | PolicyDocument:
18 | Version: '2012-10-17'
19 | Statement:
20 | - Action:
21 | - sqs:DeleteMessage
22 | - sqs:ReceiveMessage
23 | - sqs:SendMessage
24 | Resource: "*"
25 | Effect: Allow
26 |
27 | - PolicyName: cloudwatchlogswrite-policy
28 | PolicyDocument:
29 | Version: '2012-10-17'
30 | Statement:
31 | - Action:
32 | - logs:CreateLogGroup
33 | - logs:CreateLogStream
34 | - logs:PutLogEvents
35 | Resource: "*"
36 | Effect: Allow
37 |
38 | CreateLambda:
39 | Type: AWS::Lambda::Function
40 | Properties:
41 | Role: !GetAtt LambdaExecutionRole.Arn
42 | Runtime: "python3.8"
43 | Timeout: 60
44 | Handler: "index.lambda_handler"
45 | Code:
46 | ZipFile: |
47 | from __future__ import print_function # Python 2/3 compatibility
48 | import boto3
49 | import botocore
50 | import json
51 | import decimal
52 | import urllib
53 | import cfnresponse
54 |
55 | # Resource
56 | s3 = boto3.client('s3')
57 | dynamo = boto3.client('dynamodb')
58 |
59 | # Constants
60 | #table = dynamodb.Table('AlertConfiguration')
61 |
62 | def lambda_handler(event, context):
63 | try:
64 |
65 |
66 | print(event)
67 | print( event['RequestType'] )
68 |
69 | Outputs:
70 | LambdaARN:
71 | Description: "ARN of newly created Lambda"
72 | Value:
73 | Fn::GetAtt:
74 | - "CreateLambda"
75 | - "Arn"
76 |
--------------------------------------------------------------------------------
/Chapter-7/nested/nested_root.yml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: '2010-09-09'
2 | Parameters:
3 | S3url:
4 | Type: String
5 | Default: 'https://devopspro-beyond.s3.us-east-2.amazonaws.com'
6 | Description: 'The URL of the S3 bucket to upload the child templates, to be passed to the child stacks'
7 | Resources:
8 | BucketStack:
9 | Type: AWS::CloudFormation::Stack
10 | Properties:
11 | TemplateURL: nested_bucket.yml
12 | TimeoutInMinutes: '10'
13 | LambdaStack:
14 | Type: AWS::CloudFormation::Stack
15 | Properties:
16 | TemplateURL: nested_lambda.yml
17 | # Parameters:
18 | # BucketName:
19 | # Fn::GetAtt:
20 | # - BucketStack
21 | # - Outputs.BucketName
22 | DataStack:
23 | Type: AWS::CloudFormation::Stack
24 | Properties:
25 | #TemplateURL: !Join [ '', [ !Ref S3url,'/nested_dynamo.yml' ]]
26 | TemplateURL: nested_dynamo.yml
27 | TimeoutInMinutes: '15'
28 |
29 | Outputs:
30 | StackRef:
31 | Value: !Ref BucketStack
32 | OutputFromNestedStack:
33 | Value: !GetAtt BucketStack.Outputs.BucketName
34 | S3url:
35 | Value: !Ref S3url
--------------------------------------------------------------------------------
/Chapter-7/sqs-queues.yml:
--------------------------------------------------------------------------------
1 | Description: "AWS CloudFormation Sample Template SQS_With_CloudWatch_Alarms: Sample template showing how to create an SQS queue with Amazon CloudWatch alarms on queue depth. **WARNING** This template creates an Amazon SQS queue and one or more Amazon CloudWatch alarms. You will be billed for the AWS resources used if you create a stack from this template."
2 | Parameters:
3 | QueueName:
4 | Description: "QueueName"
5 | Type: "String"
6 | MaxMessageSize:
7 | Default: "4048"
8 | Description: "Maximum message size default of 4048 bytes or 4 KiB"
9 | Type: "Number"
10 | QueueDepthAlarmThreshold:
11 | Default: "10"
12 | Description: "Email address to notify if operational problems arise"
13 | Type: "Number"
14 | AlarmEmail:
15 | Default: "nobody@amazon.com"
16 | Description: "Email address to notify if operational problems arise"
17 | Type: "String"
18 | Resources:
19 | MyQueue:
20 | Type: "AWS::SQS::Queue"
21 | Properties:
22 | QueueName:
23 | Ref: "QueueName"
24 | MaximumMessageSize:
25 | Ref: "MaxMessageSize"
26 | AlarmTopic:
27 | Type: "AWS::SNS::Topic"
28 | Properties:
29 | Subscription:
30 | -
31 | Endpoint:
32 | Ref: "AlarmEmail"
33 | Protocol: "email"
34 | QueueDepthAlarm:
35 | Type: "AWS::CloudWatch::Alarm"
36 | Properties:
37 | AlarmDescription: "Alarm if queue depth grows beyond 10 messages"
38 | Namespace: "AWS/SQS"
39 | MetricName: "ApproximateNumberOfMessagesVisible"
40 | Dimensions:
41 | -
42 | Name: "QueueName"
43 | Value:
44 | Fn::GetAtt:
45 | - "MyQueue"
46 | - "QueueName"
47 | Statistic: "Sum"
48 | Period: "300"
49 | EvaluationPeriods: "1"
50 | Threshold:
51 | Ref: "QueueDepthAlarmThreshold"
52 | ComparisonOperator: "GreaterThanThreshold"
53 | AlarmActions:
54 | -
55 | Ref: "AlarmTopic"
56 | InsufficientDataActions:
57 | -
58 | Ref: "AlarmTopic"
59 | Outputs:
60 | QueueURL:
61 | Description: "URL of newly created SQS Queue"
62 | Value:
63 | Ref: "MyQueue"
64 | QueueARN:
65 | Description: "ARN of newly created SQS Queue"
66 | Value:
67 | Fn::GetAtt:
68 | - "MyQueue"
69 | - "Arn"
70 | QueueName:
71 | Description: "Name newly created SQS Queue"
72 | Value:
73 | Fn::GetAtt:
74 | - "MyQueue"
75 | - "QueueName"
76 |
--------------------------------------------------------------------------------
/Chapter-7/sqs-queues_change_set.yml:
--------------------------------------------------------------------------------
1 | Description: "AWS CloudFormation Sample Template SQS_With_CloudWatch_Alarms: Sample template showing how to create an SQS queue with Amazon CloudWatch alarms on queue depth. **WARNING** This template creates an Amazon SQS queue and one or more Amazon CloudWatch alarms. You will be billed for the AWS resources used if you create a stack from this template."
2 | Parameters:
3 | QueueName:
4 | Description: "QueueName"
5 | Type: "String"
6 | MaxMessageSize:
7 | Default: "4048"
8 | Description: "Maximum message size default of 4048 bytes or 4 KiB"
9 | Type: "Number"
10 | QueueDepthAlarmThreshold:
11 | Default: "10"
12 | Description: "Email address to notify if operational problems arise"
13 | Type: "Number"
14 | AlarmEmail:
15 | Default: "nobody@amazon.com"
16 | Description: "Email address to notify if operational problems arise"
17 | Type: "String"
18 | # LambdaFunctionBucketName:
19 | # Description: Bucket name where the lambda function resides
20 | # Type: String
21 | # LambdaFunctionFileName:
22 | # Description: Lambda function file name
23 | # Type: String
24 | Resources:
25 | LambdaExecutionRole:
26 | Type: "AWS::IAM::Role"
27 | Properties:
28 | AssumeRolePolicyDocument:
29 | Version: "2012-10-17"
30 | Statement:
31 | - Effect: Allow
32 | Principal:
33 | Service: lambda.amazonaws.com
34 | Action: "sts:AssumeRole"
35 | Path: /
36 | Policies:
37 | - PolicyName: sqs-policy
38 | PolicyDocument:
39 | Version: '2012-10-17'
40 | Statement:
41 | - Action:
42 | - sqs:DeleteMessage
43 | - sqs:ReceiveMessage
44 | - sqs:SendMessage
45 | Resource: "*"
46 | Effect: Allow
47 |
48 | - PolicyName: cloudwatchlogswrite-policy
49 | PolicyDocument:
50 | Version: '2012-10-17'
51 | Statement:
52 | - Action:
53 | - logs:CreateLogGroup
54 | - logs:CreateLogStream
55 | - logs:PutLogEvents
56 | Resource: "*"
57 | Effect: Allow
58 | MyQueue:
59 | Type: "AWS::SQS::Queue"
60 | Properties:
61 | QueueName:
62 | Ref: "QueueName"
63 | MaximumMessageSize:
64 | Ref: "MaxMessageSize"
65 | AlarmTopic:
66 | Type: "AWS::SNS::Topic"
67 | Properties:
68 | Subscription:
69 | -
70 | Endpoint:
71 | Ref: "AlarmEmail"
72 | Protocol: "email"
73 | QueueDepthAlarm:
74 | Type: "AWS::CloudWatch::Alarm"
75 | Properties:
76 | AlarmDescription: "Alarm if queue depth grows beyond 10 messages"
77 | Namespace: "AWS/SQS"
78 | MetricName: "ApproximateNumberOfMessagesVisible"
79 | Dimensions:
80 | -
81 | Name: "QueueName"
82 | Value:
83 | Fn::GetAtt:
84 | - "MyQueue"
85 | - "QueueName"
86 | Statistic: "Sum"
87 | Period: "300"
88 | EvaluationPeriods: "1"
89 | Threshold:
90 | Ref: "QueueDepthAlarmThreshold"
91 | ComparisonOperator: "GreaterThanThreshold"
92 | AlarmActions:
93 | -
94 | Ref: "AlarmTopic"
95 | InsufficientDataActions:
96 | -
97 | Ref: "AlarmTopic"
98 |
99 | CreateLambda:
100 | Type: AWS::Lambda::Function
101 | Properties:
102 | Role: !GetAtt LambdaExecutionRole.Arn
103 | Runtime: "python3.8"
104 | Timeout: 60
105 | Handler: "index.lambda_handler"
106 | Code:
107 | ZipFile: |
108 | from __future__ import print_function # Python 2/3 compatibility
109 | import boto3
110 | import botocore
111 | import json
112 | import decimal
113 | import urllib
114 | import cfnresponse
115 |
116 | # Resource
117 | sqs = boto3.resource('sqs')
118 | #s3 = boto3.client('s3')
119 |
120 | # Constants
121 | #table = dynamodb.Table('AlertConfiguration')
122 |
123 | def lambda_handler(event, context):
124 | try:
125 |
126 |
127 | print(event)
128 | print( event['RequestType'] )
129 |
130 | Outputs:
131 | QueueURL:
132 | Description: "URL of newly created SQS Queue"
133 | Value:
134 | Ref: "MyQueue"
135 | QueueARN:
136 | Description: "ARN of newly created SQS Queue"
137 | Value:
138 | Fn::GetAtt:
139 | - "MyQueue"
140 | - "Arn"
141 | QueueName:
142 | Description: "Name newly created SQS Queue"
143 | Value:
144 | Fn::GetAtt:
145 | - "MyQueue"
146 | - "QueueName"
147 |
--------------------------------------------------------------------------------
/Chapter-8/IAM_Developers.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version":"2012-10-17",
3 | "Statement":[
4 | {
5 | "Effect":"Allow",
6 | "Action":[
7 | "codecommit:BatchGet*",
8 | "codecommit:BatchDescribe*",
9 | "codecommit:Describe*",
10 | "codecommit:EvaluatePullRequestApprovalRules",
11 | "codecommit:CreatePullRequest",
12 | "codecommit:Get*",
13 | "codecommit:List*",
14 | "codecommit:Put*",
15 | "codecommit:Post*",
16 | "codecommit:TagResource",
17 | "codecommit:Test*",
18 | "codecommit:GitPull",
19 | "codecommit:GitPush"
20 | ],
21 | "Resource":"*"
22 | },
23 | {
24 | "Sid": "IAMReadOnlyListAccess",
25 | "Effect": "Allow",
26 | "Action": [
27 | "iam:ListUsers"
28 | ],
29 | "Resource": "*"
30 | },
31 | {
32 | "Sid": "IAMReadOnlyConsoleAccess",
33 | "Effect": "Allow",
34 | "Action": [
35 | "iam:ListAccessKeys",
36 | "iam:ListSSHPublicKeys",
37 | "iam:ListServiceSpecificCredentials"
38 | ],
39 | "Resource": "arn:aws:iam::*:user/${aws:username}"
40 | },
41 | {
42 | "Sid": "SNSTopicAndSubscriptionAccess",
43 | "Effect": "Allow",
44 | "Action": [
45 | "sns:Subscribe",
46 | "sns:Unsubscribe"
47 | ],
48 | "Resource": "arn:aws:sns:*:*:codecommit*"
49 | },
50 | {
51 | "Sid": "SNSTopicAndSubscriptionReadAccess",
52 | "Effect": "Allow",
53 | "Action": [
54 | "sns:ListTopics",
55 | "sns:ListSubscriptionsByTopic",
56 | "sns:GetTopicAttributes"
57 | ],
58 | "Resource": "*"
59 | },
60 | {
61 | "Sid": "IAMUserSSHKeys",
62 | "Effect": "Allow",
63 | "Action": [
64 | "iam:DeleteSSHPublicKey",
65 | "iam:GetSSHPublicKey",
66 | "iam:ListSSHPublicKeys",
67 | "iam:UpdateSSHPublicKey",
68 | "iam:UploadSSHPublicKey"
69 | ],
70 | "Resource": "arn:aws:iam::*:user/${aws:username}"
71 | },
72 | {
73 | "Sid": "IAMSelfManageServiceSpecificCredentials",
74 | "Effect": "Allow",
75 | "Action": [
76 | "iam:CreateServiceSpecificCredential",
77 | "iam:UpdateServiceSpecificCredential",
78 | "iam:DeleteServiceSpecificCredential",
79 | "iam:ResetServiceSpecificCredential"
80 | ],
81 | "Resource": "arn:aws:iam::*:user/${aws:username}"
82 | }
83 | ]
84 | }
--------------------------------------------------------------------------------
/Chapter-8/docker/Dockerfile:
--------------------------------------------------------------------------------
1 | ARG REPO_LOCATION=public.ecr.aws/ubuntu/
2 | FROM public.ecr.aws/ubuntu/ubuntu:latest
3 | COPY . /app
4 | WORKDIR /app
5 | RUN apt-get update -y
6 | RUN apt-get install -y python-3 pip python-dev build-essential git
7 | RUN pip3 install flask
8 | EXPOSE 5001
9 | ENTRYPOINT [ "python3" ]
10 | CMD [ "flask.py"]
11 |
--------------------------------------------------------------------------------
/Chapter-8/docker/buildspec.yml:
--------------------------------------------------------------------------------
1 | version: 0.2
2 |
3 | phases:
4 | install:
5 | pre-build:
6 | commands:
7 | - echo Logging INTO Amazon ECR
8 | - aws --version
9 | - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
10 | - echo ECR_URI is $ECR_URI
11 | - echo REGION is $REGION
12 | build:
13 | commands:
14 | - echo Build started on `date`
15 | - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
16 | - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
17 | post_build:
18 | commands:
19 | - echo Build completed on `date`
20 | - echo Pushing the Docker image...
21 | - docker push AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
22 | - echo Writing the image definitions file...
23 | - printf '[[{"name":"Eight","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
24 | artifacts:
25 | files:
26 | imagedefinitions.json
27 |
--------------------------------------------------------------------------------
/Chapter-8/docker/flask.py:
--------------------------------------------------------------------------------
1 | from flask import Flask
2 | app = Flask(__name__)
3 |
4 | @app.route('/')
5 | def hello():
6 | return "DevOps Pro here I go"
7 |
8 |
9 | if __name__ == "__main__":
10 | app.run(host ='0.0.0.0', port = 5001, debug = True)
--------------------------------------------------------------------------------
/Chapter-8/hello.py:
--------------------------------------------------------------------------------
1 | #
2 | # Hello World
3 | #
4 |
5 | def main():
6 | print("Hello World")
7 |
8 |
9 | if __name__ == "__main__":
10 | main()
11 |
12 |
13 | print("me too")
14 |
--------------------------------------------------------------------------------
/Chapter-8/loops.py:
--------------------------------------------------------------------------------
1 | def main(type):
2 | x = 0
3 | print(type)
4 | if type=="wl":
5 | #a while loop
6 | while (x <5):
7 | print(x)
8 | x = x + 1
9 | elif type=="fl":
10 | #a for loop
11 | for x in range(5,10):
12 | print(x)
13 | elif type=="cl":
14 | #a for loop over a collection
15 | days = ["Mon", "Tue", "Wed", "Thurs", "Fri", "Sat", "Sun"]
16 | for d in days:
17 | print(d)
18 |
19 | elif type=="en":
20 | # enumerate() function to get index
21 | directions = ["East", "West", "North", "South", "SouthWest", "NorthEast", "NorthWest"]
22 | for i, d in enumerate(directions):
23 | print (i,d)
24 |
25 | else:
26 | print("Invalid loop type specified")
27 |
28 | if __name__ == "__main__":
29 | main('wl')
30 |
--------------------------------------------------------------------------------
/Chapter-9/IAM_Developers.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version":"2012-10-17",
3 | "Statement":[
4 | {
5 | "Effect":"Allow",
6 | "Action":[
7 | "codecommit:BatchGet*",
8 | "codecommit:BatchDescribe*",
9 | "codecommit:Describe*",
10 | "codecommit:EvaluatePullRequestApprovalRules",
11 | "codecommit:CreatePullRequest",
12 | "codecommit:Get*",
13 | "codecommit:List*",
14 | "codecommit:Put*",
15 | "codecommit:Post*",
16 | "codecommit:TagResource",
17 | "codecommit:Test*",
18 | "codecommit:GitPull",
19 | "codecommit:GitPush"
20 | ],
21 | "Resource":"*"
22 | },
23 | {
24 | "Sid": "IAMReadOnlyListAccess",
25 | "Effect": "Allow",
26 | "Action": [
27 | "iam:ListUsers"
28 | ],
29 | "Resource": "*"
30 | },
31 | {
32 | "Sid": "IAMReadOnlyConsoleAccess",
33 | "Effect": "Allow",
34 | "Action": [
35 | "iam:ListAccessKeys",
36 | "iam:ListSSHPublicKeys",
37 | "iam:ListServiceSpecificCredentials"
38 | ],
39 | "Resource": "arn:aws:iam::*:user/${aws:username}"
40 | },
41 | {
42 | "Sid": "SNSTopicAndSubscriptionAccess",
43 | "Effect": "Allow",
44 | "Action": [
45 | "sns:Subscribe",
46 | "sns:Unsubscribe"
47 | ],
48 | "Resource": "arn:aws:sns:*:*:codecommit*"
49 | },
50 | {
51 | "Sid": "SNSTopicAndSubscriptionReadAccess",
52 | "Effect": "Allow",
53 | "Action": [
54 | "sns:ListTopics",
55 | "sns:ListSubscriptionsByTopic",
56 | "sns:GetTopicAttributes"
57 | ],
58 | "Resource": "*"
59 | },
60 | {
61 | "Sid": "IAMUserSSHKeys",
62 | "Effect": "Allow",
63 | "Action": [
64 | "iam:DeleteSSHPublicKey",
65 | "iam:GetSSHPublicKey",
66 | "iam:ListSSHPublicKeys",
67 | "iam:UpdateSSHPublicKey",
68 | "iam:UploadSSHPublicKey"
69 | ],
70 | "Resource": "arn:aws:iam::*:user/${aws:username}"
71 | },
72 | {
73 | "Sid": "IAMSelfManageServiceSpecificCredentials",
74 | "Effect": "Allow",
75 | "Action": [
76 | "iam:CreateServiceSpecificCredential",
77 | "iam:UpdateServiceSpecificCredential",
78 | "iam:DeleteServiceSpecificCredential",
79 | "iam:ResetServiceSpecificCredential"
80 | ],
81 | "Resource": "arn:aws:iam::*:user/${aws:username}"
82 | },
83 | {
84 | "Sid": "ExtraPermissionsForCodePipeline",
85 | "Effect": "Allow",
86 | "Action": [
87 | "codepipeline:GetPipeline",
88 | "codepipeline:GetPipelineState",
89 | "codepipeline:GetPipelineExecution",
90 | "codepipeline:ListPipelineExecutions",
91 | "codepipeline:ListActionTypes",
92 | "codepipeline:ListPipelines",
93 | "iam:ListRoles",
94 | "s3:GetBucketPolicy",
95 | "s3:GetObject",
96 | "s3:ListAllMyBuckets",
97 | "s3:ListBucket",
98 | "codedeploy:GetApplication",
99 | "codedeploy:GetDeploymentGroup",
100 | "codedeploy:ListApplications",
101 | "codedeploy:ListDeploymentGroups",
102 | "elasticbeanstalk:DescribeApplications",
103 | "elasticbeanstalk:DescribeEnvironments",
104 | "lambda:GetFunctionConfiguration",
105 | "lambda:ListFunctions",
106 | "opsworks:DescribeApps",
107 | "opsworks:DescribeLayers",
108 | "opsworks:DescribeStacks"
109 | ],
110 | "Resource": "arn:aws:codepipeline:us-west-2:*"
111 | }
112 | ]
113 | }
--------------------------------------------------------------------------------
/Chapter-9/IAM_Tools.json:
--------------------------------------------------------------------------------
1 | {
2 | "Version":"2012-10-17",
3 | "Statement":[
4 | {
5 | "Effect":"Allow",
6 | "Action":[
7 | "codecommit:BatchGet*",
8 | "codecommit:BatchDescribe*",
9 | "codecommit:Describe*",
10 | "codecommit:Get*",
11 | "codecommit:List*",
12 | "codecommit:Put*",
13 | "codecommit:Post*",
14 | "codecommit:GitPull",
15 | "codecommit:GitPush",
16 | "codepipeline:ListPipelines",
17 | "codepipeline:*",
18 | "codebuild:*",
19 | "codedeploy:*"
20 | ],
21 | "Resource":"*"
22 | },
23 | {
24 | "Sid": "IAMReadOnlyListAccess",
25 | "Effect": "Allow",
26 | "Action": [
27 | "s3:DeleteBucket"
28 | ],
29 | "Resource": "*"
30 | },
31 | {
32 | "Sid": "CleanUpCreatedS3buckets",
33 | "Effect": "Allow",
34 | "Action": [
35 | "iam:ListUsers"
36 | ],
37 | "Resource": "*"
38 | },
39 | {
40 | "Sid": "IAMReadOnlyConsoleAccess",
41 | "Effect": "Allow",
42 | "Action": [
43 | "iam:ListAccessKeys",
44 | "iam:ListSSHPublicKeys",
45 | "iam:ListServiceSpecificCredentials"
46 | ],
47 | "Resource": "arn:aws:iam::*:user/${aws:username}"
48 | },
49 | {
50 | "Sid": "SNSTopicAndSubscriptionAccess",
51 | "Effect": "Allow",
52 | "Action": [
53 | "sns:Subscribe",
54 | "sns:Unsubscribe"
55 | ],
56 | "Resource": "arn:aws:sns:*:*:codecommit*"
57 | },
58 | {
59 | "Sid": "SNSTopicAndSubscriptionReadAccess",
60 | "Effect": "Allow",
61 | "Action": [
62 | "sns:ListTopics",
63 | "sns:CreateTopic",
64 | "sns:DeleteTopic",
65 | "sns:Subscribe",
66 | "sns:ListSubscriptionsByTopic",
67 | "sns:GetTopicAttributes"
68 | ],
69 | "Resource": "*"
70 | },
71 | {
72 | "Sid": "ECSPermissions",
73 | "Effect": "Allow",
74 | "Action": [
75 | "ecs:CreateCluster",
76 | "ecs:CreateService",
77 | "ecs:DeleteCluster",
78 | "ecs:DescribeServices",
79 | "ecs:DeleteService",
80 | "ecs:DeleteTaskSet",
81 | "ecs:RegisterTaskDefinition",
82 | "ecr:GetDownloadUrlForLayer",
83 | "ecr:GetAuthorizationToken"
84 | ],
85 | "Resource": "*"
86 | },
87 | {
88 | "Sid": "CloudFormationPermissions",
89 | "Effect": "Allow",
90 | "Action": [
91 | "iam:CreateRole",
92 | "iam:CreateInstanceProfile",
93 | "iam:DeleteInstanceProfile",
94 | "iam:AddRoleToInstanceProfile",
95 | "s3:CreateBucket",
96 | "iam:GetRole",
97 | "iam:ListRoles",
98 | "iam:PassRole",
99 | "iam:DeleteRolePolicy",
100 | "iam:GetRolePolicy",
101 | "iam:DeleteRole",
102 | "iam:PutRolePolicy",
103 | "iam:RemoveRoleFromInstanceProfile",
104 | "cloudformation:*",
105 | "cloudwatch:PutMetricAlarm",
106 | "cloudwatch:DeleteAlarms",
107 | "logs:CreateLogGroup",
108 | "logs:DeleteLogGroup",
109 | "elasticloadbalancing:Describe*",
110 | "elasticloadbalancing:CreateTargetGroup",
111 | "elasticloadbalancing:CreateLoadBalancer",
112 | "elasticloadbalancing:CreateListener",
113 | "elasticloadbalancing:DeleteListener",
114 | "elasticloadbalancing:DeleteTargetGroup",
115 | "elasticloadbalancing:ModifyListener",
116 | "elasticloadbalancing:ModifyLoadBalancerAttributes",
117 | "application-autoscaling:DeleteScalingPolicy",
118 | "application-autoscaling:Describe*",
119 | "application-autoscaling:PutScalingPolicy",
120 | "application-autoscaling:DeregisterScalableTarget",
121 | "application-autoscaling:RegisterScalableTarget",
122 | "autoscaling:*"
123 | ],
124 | "Resource":"*"
125 | },
126 | {
127 | "Sid": "LambdaLimitedAccess",
128 | "Effect": "Allow",
129 | "Action": [
130 | "lambda:ListFunctions",
131 | "lambda:GetFunctionConfiguration",
132 | "lambda:InvokeFunction"
133 | ],
134 | "Resource": "*"
135 | },
136 | {
137 | "Sid": "IAMUserSSHKeys",
138 | "Effect": "Allow",
139 | "Action": [
140 | "iam:DeleteSSHPublicKey",
141 | "iam:GetSSHPublicKey",
142 | "iam:ListSSHPublicKeys",
143 | "iam:UpdateSSHPublicKey",
144 | "iam:UploadSSHPublicKey"
145 | ],
146 | "Resource": "arn:aws:iam::*:user/${aws:username}"
147 | },
148 | {
149 | "Sid":"UploadTemplatesToS3",
150 | "Effect": "Allow",
151 | "Action": [
152 | "s3:PutObject",
153 | "s3:CreateBucket",
154 | "s3:GetObject",
155 | "s3:ListBucket"
156 | ],
157 | "Resource": "arn:aws:s3:::cf-template*"
158 | },
159 | {
160 | "Sid": "IAMSelfManageServiceSpecificCredentials",
161 | "Effect": "Allow",
162 | "Action": [
163 | "iam:CreateServiceSpecificCredential",
164 | "iam:UpdateServiceSpecificCredential",
165 | "iam:DeleteServiceSpecificCredential",
166 | "iam:ResetServiceSpecificCredential"
167 | ],
168 | "Resource": "arn:aws:iam::*:user/${aws:username}"
169 | }
170 | ]
171 | }
--------------------------------------------------------------------------------
/Chapter-9/code/buildspec.yml:
--------------------------------------------------------------------------------
1 | version: 0.2
2 |
3 | phases:
4 | install:
5 | runtime-versions:
6 | python: 3.8
7 | pre_build:
8 | commands:
9 | - apt-get install -y python3-venv
10 | - python3.6 -m venv test_venv
11 | - . test_venv/bin/activate
12 | - pip install --upgrade pip
13 | - pip install .
14 | - pip install -r tests/requirements.txt
15 | - rm -rf dspt
16 | - mkdir test-reports
17 | build:
18 | commands:
19 | - pytest
20 | --html=test-reports/report.html
21 | --self-contained-html
22 | -s
23 | -v
24 | --cov=dspt
25 | --cov-report=html:test-reports/coverage
26 | --junitxml=test-reports/junit.xml
27 | --log-file=test-reports/logs.txt
28 | tests
29 | post_build:
30 | commands:
31 | - echo Build completed on `date`
32 |
33 | reports:
34 | coverage:
35 | files:
36 | - "coverage/*"
37 | base-directory: 'test-reports'
38 | discard-paths: yes
39 | report:
40 | files:
41 | - 'junit.xml'
42 | - 'report.html'
43 | - 'assets/*'
44 | base-directory: 'test-reports'
45 | discard-paths: yes
46 | file-format: JunitXml
47 |
--------------------------------------------------------------------------------
/Chapter-9/code/src/app.py:
--------------------------------------------------------------------------------
1 | import json
2 | import random
3 |
4 | def lambda_handler(event, context):
5 | # randint generates a random integar between the first parameter and the second
6 | print(random.randint(1, 100))
7 |
--------------------------------------------------------------------------------
/Chapter-9/pipeline1.yml:
--------------------------------------------------------------------------------
1 | AWSTemplateFormatVersion: 2010-09-09
2 | Description: >
3 | Example Pipeline to Create resouces
4 | for Chapter 9 of Packt Publishings
5 | DevOps Engineer Professional and Beyond
6 |
7 | Parameters:
8 | LayerName:
9 | Type: String
10 | Description: Name of the Project
11 | Default: "chapt9"
12 | PipelineName:
13 | Type: String
14 | Description: A name for pipeline
15 | Default: "c9-demo"
16 | BranchName:
17 | Type: String
18 | Description: CodeCommit branch name
19 | Default: main
20 | Email:
21 | Type: String
22 | Description: The email address where CodePipeline sends pipeline notifications
23 | Default: test@test.com
24 | CodeCommitRepoName:
25 | Type: String
26 | Description: The name of the Code Commit Repository
27 | Default: "chapt9"
28 | ECSStackName:
29 | Type: String
30 | Description: The name of the CloudFormation Stack for the ECS CFT
31 | Default: "ECS-Stack"
32 | RepositoryURL:
33 | Type: String
34 | Description: The Clone URL for the Code Commit Repository
35 | Default: "https://git-codecommit.us-east-2.amazonaws.com/v1/repos/chapter9"
36 |
37 | Resources:
38 |
39 | ##-- IAM Roles
40 | CodePipelineServiceRole:
41 | Type: 'AWS::IAM::Role'
42 | Properties:
43 | AssumeRolePolicyDocument:
44 | Version: 2012-10-17
45 | Statement:
46 | - Effect: Allow
47 | Principal:
48 | Service:
49 | - codepipeline.amazonaws.com
50 | Action: 'sts:AssumeRole'
51 | Path: /
52 | Policies:
53 | - PolicyName: AWS-CodePipeline-Service-3
54 | PolicyDocument:
55 | Version: 2012-10-17
56 | Statement:
57 | - Effect: Allow
58 | Action:
59 | - 'codecommit:CancelUploadArchive'
60 | - 'codecommit:GetBranch'
61 | - 'codecommit:GetCommit'
62 | - 'codecommit:GetUploadArchiveStatus'
63 | - 'codecommit:UploadArchive'
64 | Resource: '*'
65 | - Effect: Allow
66 | Action:
67 | - 'codedeploy:CreateDeployment'
68 | - 'codedeploy:GetApplicationRevision'
69 | - 'codedeploy:GetDeployment'
70 | - 'codedeploy:GetDeploymentConfig'
71 | - 'codedeploy:RegisterApplicationRevision'
72 | Resource: '*'
73 | - Effect: Allow
74 | Action:
75 | - 'codebuild:BatchGetBuilds'
76 | - 'codebuild:StartBuild'
77 | Resource: '*'
78 | - Effect: Allow
79 | Action:
80 | - 'lambda:InvokeFunction'
81 | - 'lambda:ListFunctions'
82 | Resource: '*'
83 | - Effect: Allow
84 | Action:
85 | - 'iam:PassRole'
86 | Resource: '*'
87 | - Effect: Allow
88 | Action:
89 | # - 'elasticbeanstalk:*'
90 | # - 'ec2:*'
91 | # - 'elasticloadbalancing:*'
92 | # - 'autoscaling:*'
93 | - 'cloudwatch:*'
94 | - 's3:*'
95 | - 'sns:*'
96 | - 'cloudformation:*'
97 | - 'rds:*'
98 | - 'sqs:*'
99 | - 'ecs:*'
100 | Resource: '*'
101 |
102 | CodebuildRole:
103 | Type: AWS::IAM::Role
104 | Properties:
105 | AssumeRolePolicyDocument:
106 | Version: 2012-10-17
107 | Statement:
108 | - Action:
109 | - sts:AssumeRole
110 | Effect: Allow
111 | Principal:
112 | Service:
113 | - codebuild.amazonaws.com
114 | Path: /
115 | Policies:
116 | - PolicyName: DefaultCodeBuildPolicy0
117 | PolicyDocument:
118 | Version: 2012-10-17
119 | Statement:
120 | - Resource: "*"
121 | Effect: Allow
122 | Action:
123 | - codebuild:StartBuild
124 | - codecommit:GitPull
125 | - ecr:GetAuthorizationToken
126 | - ecr:InitiateLayerUpload
127 | - ecr:UploadLayerPart
128 | - ecr:CompleteLayerUpload
129 | - ecr:BatchCheckLayerAvailability
130 | - ecr:PutImage
131 | - codeguru-reviewer:ListCodeReviews
132 | - codeguru-reviewer:DescribeCodeReview
133 | - Resource: "*"
134 | Effect: Allow
135 | Action:
136 | - lambda:DeleteLayerVersion
137 | - lambda:GetLayerVersion
138 | - lambda:ListLayers
139 | - lambda:PublishLayerVersion
140 | - lambda:RemoveLayerVersionPermission
141 | - Resource: "*"
142 | Effect: Allow
143 | Action:
144 | - logs:CreateLogGroup
145 | - logs:CreateLogStream
146 | - logs:PutLogEvents
147 | - Resource: "*"
148 | Effect: Allow
149 | Action:
150 | - 'iam:PassRole'
151 | - 'sns:Publish'
152 | - 's3:*'
153 |
154 | CFNRole:
155 | Type: 'AWS::IAM::Role'
156 | Properties:
157 | AssumeRolePolicyDocument:
158 | Statement:
159 | - Action:
160 | - 'sts:AssumeRole'
161 | Effect: Allow
162 | Principal:
163 | Service:
164 | - cloudformation.amazonaws.com
165 | Version: 2012-10-17
166 | Path: /
167 | Policies:
168 | - PolicyName: CloudFormationRole
169 | PolicyDocument:
170 | Version: 2012-10-17
171 | Statement:
172 | - Action:
173 | - 'ec2:*'
174 | - iam:CreateRole
175 | - iam:CreateInstanceProfile
176 | - iam:DeleteInstanceProfile
177 | - iam:AddRoleToInstanceProfile
178 | - iam:GetRole
179 | - iam:PassRole
180 | - iam:RemoveRoleFromInstanceProfile
181 | - cloudwatch:PutMetricAlarm
182 | - cloudwatch:DeleteAlarms
183 | - logs:CreateLogGroup
184 | - logs:PutRetentionPolicy
185 | - logs:DeleteLogGroup
186 | - ecs:DescribeClusters
187 | - ecs:CreateCluster
188 | - ecs:CreateService
189 | - ecs:CreateTaskSet
190 | - ecs:DeleteCluster
191 | - ecs:DescribeServices
192 | - ecs:DeleteService
193 | - ecs:DeleteTaskSet
194 | - ecs:RegisterTaskDefinition
195 | - ecs:DeregisterTaskDefinition
196 | - iam:DeleteRolePolicy
197 | - iam:DeleteRole
198 | - iam:PutRolePolicy
199 | - elasticloadbalancing:Describe*
200 | - elasticloadbalancing:CreateTargetGroup
201 | - elasticloadbalancing:CreateLoadBalancer
202 | - elasticloadbalancing:CreateListener
203 | - elasticloadbalancing:DeleteListener
204 | - elasticloadbalancing:DeleteLoadBalancer
205 | - elasticloadbalancing:DeleteTargetGroup
206 | - elasticloadbalancing:ModifyListener
207 | - elasticloadbalancing:ModifyLoadBalancerAttributes
208 | - application-autoscaling:DeleteScalingPolicy
209 | - application-autoscaling:Describe*
210 | - application-autoscaling:PutScalingPolicy
211 | - application-autoscaling:DeregisterScalableTarget
212 | - application-autoscaling:RegisterScalableTarget
213 | - autoscaling:*
214 | Effect: Allow
215 | Resource: '*'
216 |
217 | ##-- Code Build
218 | CodeBuild:
219 | Type: AWS::CodeBuild::Project
220 | Properties:
221 | Name: !Ref PipelineName
222 | Description: !Sub Build project for ${PipelineName}
223 | ServiceRole: !Ref CodebuildRole
224 | Artifacts:
225 | # Type: CODEPIPELINE
226 | Location: !Ref 'CodePipelineArtifactStoreBucket'
227 | Name: 'build-output.zip'
228 | NamespaceType: BUILD_ID
229 | Packaging: ZIP
230 | Path: 'codebuild'
231 | Type: S3
232 | Environment:
233 | ComputeType: BUILD_GENERAL1_SMALL
234 | Image: aws/codebuild/standard:1.0
235 | Type: LINUX_CONTAINER
236 | PrivilegedMode: true
237 | EnvironmentVariables:
238 | - Name: GIT_REPO
239 | Type: PLAINTEXT
240 | Value: !Ref 'CodeCommitRepoName'
241 | # - Name: ECR_URI
242 | # Type: PLAINTEXT
243 | # Value: !Ref ElasticContainerRepo
244 | Source:
245 | Type: CODECOMMIT
246 | Location: !Join
247 | - ''
248 | - - 'https://git-codecommit.'
249 | - !Ref 'AWS::Region'
250 | - '.amazonaws.com/v1/repos/'
251 | - !Ref 'CodeCommitRepoName'
252 | BuildSpec: 'buildspecs/buildspec.yml'
253 | TimeoutInMinutes: 10
254 |
255 | ReviewCodeBuild:
256 | Type: AWS::CodeBuild::Project
257 | Properties:
258 | Name: !Join
259 | - '-'
260 | - - !Ref PipelineName
261 | - 'CodGuruReview'
262 | Description: !Sub CG Review Build project for ${PipelineName}
263 | ServiceRole: !Ref CodebuildRole
264 | Artifacts:
265 | Location: !Ref 'CodePipelineArtifactStoreBucket'
266 | Name: 'review-build-output.zip'
267 | NamespaceType: BUILD_ID
268 | Packaging: ZIP
269 | Path: 'codebuild'
270 | Type: S3
271 | Environment:
272 | ComputeType: BUILD_GENERAL1_SMALL
273 | Image: aws/codebuild/standard:1.0
274 | Type: LINUX_CONTAINER
275 | PrivilegedMode: true
276 | EnvironmentVariables:
277 | - Name: SNS_ARN
278 | Type: PLAINTEXT
279 | Value: !Ref CodePipelineSNSTopic
280 | - Name: GIT_REPO
281 | Type: PLAINTEXT
282 | Value: !Ref 'CodeCommitRepoName'
283 | Source:
284 | Type: CODECOMMIT
285 | Location: !Join
286 | - ''
287 | - - 'https://git-codecommit.'
288 | - !Ref 'AWS::Region'
289 | - '.amazonaws.com/v1/repos/'
290 | - !Ref 'CodeCommitRepoName'
291 | BuildSpec: 'buildspecs/buildspec-check.yml'
292 | TimeoutInMinutes: 10
293 |
294 | ##-- Code Pipeline
295 | CodePipelineArtifactStoreBucket:
296 | Type: 'AWS::S3::Bucket'
297 |
298 | CodePipelineSNSTopic:
299 | Type: 'AWS::SNS::Topic'
300 | Properties:
301 | Subscription:
302 | - Endpoint: !Ref Email
303 | Protocol: email
304 | TopicName: !Ref PipelineName
305 | Pipeline:
306 | Type: 'AWS::CodePipeline::Pipeline'
307 | Properties:
308 | ArtifactStore:
309 | Location: !Ref CodePipelineArtifactStoreBucket
310 | Type: S3
311 | DisableInboundStageTransitions: []
312 | Name: !Ref PipelineName
313 | RoleArn: !GetAtt
314 | - CodePipelineServiceRole
315 | - Arn
316 | Stages:
317 | - Name: Source
318 | Actions:
319 | - Name: SourceAction
320 | ActionTypeId:
321 | Category: Source
322 | Owner: AWS
323 | Provider: CodeCommit
324 | Version: '1'
325 | OutputArtifacts:
326 | - Name: SourceOutput
327 | Namespace: SourceVariables
328 | Configuration:
329 | BranchName: !Ref BranchName
330 | RepositoryName: !Ref CodeCommitRepoName
331 | PollForSourceChanges: false
332 | RunOrder: 1
333 | - Name: Build
334 | Actions:
335 | - Name: CodeBuild
336 | InputArtifacts:
337 | - Name: SourceOutput
338 | ActionTypeId:
339 | Category: Build
340 | Owner: AWS
341 | Version: 1
342 | Provider: CodeBuild
343 | OutputArtifacts:
344 | - Name: Built
345 | Configuration:
346 | ProjectName: !Ref CodeBuild
347 | RunOrder: 1
348 | - Name: Deploy
349 | Actions:
350 | - Name: ApproveDeploy
351 | ActionTypeId:
352 | Category: Approval
353 | Owner: AWS
354 | Provider: Manual
355 | Version: '1'
356 | Configuration:
357 | NotificationArn: !Ref CodePipelineSNSTopic
358 | CustomData: !Sub >-
359 | Do you want to deploy the code?
360 | RunOrder: 2
361 | - Name: CFTcreation
362 | InputArtifacts:
363 | - Name: SourceOutput
364 | ActionTypeId:
365 | Category: Deploy
366 | Owner: AWS
367 | Version: 1
368 | Provider: CloudFormation
369 | RunOrder: 2
370 | Configuration:
371 | ActionMode: CREATE_UPDATE
372 | RoleArn: !GetAtt
373 | - CFNRole
374 | - Arn
375 | Capabilities: CAPABILITY_NAMED_IAM
376 | StackName: !Ref ECSStackName
377 | TemplatePath: "SourceOutput::ecs_stack2.yml"
378 | OutputFileName: CreateStackOutput.json
379 | OutputArtifacts:
380 | - Name: ProvisionOutput
381 |
382 |
383 | #Outputs:
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2021 Packt
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | # AWS Certified DevOps Engineer - Professional Certification and Beyond
5 |
6 | 
7 |
8 | This is the code repository for [AWS Certified DevOps Engineer - Professional Certification and Beyond](https://www.packtpub.com/product/aws-certified-devops-engineer-professional-certification-and-beyond/9781801074452), published by Packt.
9 |
10 | **Pass the DOP-C01 exam and prepare for the real world using case studies and real-life examples**
11 |
12 | ## What is this book about?
13 | The AWS Certified DevOps Engineer certification is one of the highest AWS credentials, vastly recognized in cloud computing or software development industries. This book is an extensive guide to helping you strengthen your DevOps skills as you work with your AWS workloads on a day-to-day basis.
14 |
15 | This book covers the following exciting features:
16 | * Automate your pipelines, build phases, and deployments with AWS-native tooling
17 | * Discover how to implement logging and monitoring using AWS-native tooling
18 | * Gain a solid understanding of the services included in the AWS DevOps Professional exam
19 | * Reinforce security practices on the AWS platform from an exam point of view
20 | * Find out how to automatically enforce standards and policies in AWS environments
21 | * Explore AWS best practices and anti-patterns
22 |
23 | If you feel this book is for you, get your [copy](https://www.amazon.com/Certified-DevOps-Engineer-Professional-Certification-ebook/dp/B099266M2M) today!
24 |
25 | 
26 |
27 | ## Instructions and Navigations
28 | All of the code is organized into folders. For example, Chapter12.
29 |
30 | The code will look like the following:
31 | ```
32 | aws ec2 run-instances \
33 | --image-id $AMI \
34 | --instance-type t2.micro \
35 | --user-data file://agents.sh \
36 | --iam-instance-profile 'Name=CW_SSM' \
37 | --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=Ubuntu},{Key=Inspector,Value=TRUE}]' \
38 | --region us-east-2
39 |
40 | ```
41 |
42 | **Following is what you need for this book:**
43 | This book is for AWS developers and SysOps administrators looking to advance their careers by achieving the highly sought-after DevOps Professional certification. Basic knowledge of AWS as well as its core services (EC2, S3, and RDS) is needed. Familiarity with DevOps concepts such as source control, monitoring, and logging, not necessarily in the AWS context, will be helpful.
44 |
45 | With the following software and hardware list you can run all code files present in the book (Chapter 1-24).
46 |
47 | ### Software and Hardware List
48 |
49 | | Chapter | Software required | OS required |
50 | | -------- | ---------------------------------------------------------------------------------------------------| -----------------------------------|
51 | | 1-24 | AWS Account, AWS CLI, Python 3.x, Git | Windows, Mac OS X, and Linux (Any) |
52 |
53 |
54 | We also provide a PDF file that has color images of the screenshots/diagrams used in this book. [Click here to download it](https://static.packt-cdn.com/downloads/9781801074452_ColorImages.pdf).
55 |
56 | ### Related products
57 | * Implementing Identity Management on AWS [[Packt]](https://www.packtpub.com/product/implementing-identity-management-on-aws/9781800562288) [[Amazon]](https://www.amazon.com/Implementing-Identity-Management-AWS-environments/dp/1800562284)
58 |
59 | * AWS for Solutions Architects [[Packt]](https://www.packtpub.com/product/aws-for-solutions-architects/9781789539233) [[Amazon]](https://www.amazon.com/AWS-Solutions-Architects-infrastructure-implementing/dp/1789539234)
60 |
61 | ## Get to Know the Author
62 | **Adam Book**
63 | He has been programming since the age of six and has been constantly tapped by founders and CEOs as one of the pillars to start their online or cloud businesses. Adam has developed applications, and websites. He’s been involved in cloud computing and datacenter transformation professionally since 1996 focusing on bringing the benefits of cloud computing to his clients. He’s led technology teams in transformative changes such as the shift to programming in sprints, with Agile formats. Adam is a cloud evangelist with a track record of migrating thousands of applications to the cloud and guiding businesses in understanding cloud economics to create use cases and identify operating model gaps. He has been certified on AWS since 2014.
64 | ### Download a free PDF
65 |
66 | If you have already purchased a print or Kindle version of this book, you can get a DRM-free PDF version at no cost.
Simply click on the link to claim your free PDF.
67 | https://packt.link/free-ebook/9781801074452
--------------------------------------------------------------------------------