├── .gitignore
├── Chapter02
    ├── codecommit.tf
    ├── example.tf
    ├── main.tf
    ├── terraform_install.sh
    └── users.tf
├── Chapter03
    ├── aws_s3_bucket_Using object lifecycle.txt
    ├── aws_s3_bucket_Using replication configuration.txt
    ├── cloudpatterns-zone.tf
    ├── gtm.tf
    ├── instanceAZ1c.tf
    ├── instances.tf
    ├── loadbalancer.tf
    ├── ltm.tf
    ├── main.tf
    ├── vpc.tf
    └── web-sg.tf
├── Chapter04
    ├── Custom IAM Policy.txt
    ├── aws_cognito_identity_pool.txt
    ├── aws_flow_log.txt
    └── aws_network_acl.txt
├── Chapter05
    ├── bucket-state.tf
    ├── buildspec.yml
    ├── chapter5vars.tf
    ├── cloudpatterns.tfplan
    ├── cloudpatterns_lambda.zip
    ├── codebuild.tf
    ├── codetest.tf
    ├── lambda_terraform.tf
    ├── main.tf
    ├── private.tf
    ├── sonarqube.yml
    └── terraform.py
├── Chapter06
    └── locustfile.py
├── Chapter08
    ├── CloudFront.tf
    ├── alb.tf
    ├── alb_lambda.js
    ├── cloudfront_lambda.js
    ├── cloudfront_lambda_terraform.tf
    └── main.tf
├── LICENSE
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Local .terraform directories
 2 | **/.terraform/*
 3 | 
 4 | # .tfstate files
 5 | *.tfstate
 6 | *.tfstate.*
 7 | 
 8 | # Crash log files
 9 | crash.log
10 | 
11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
12 | # .tfvars files are managed as part of configuration and so should be included in
13 | # version control.
14 | #
15 | # example.tfvars
16 | 
17 | # Ignore override files as they are usually used to override resources locally and so
18 | # are not checked in
19 | override.tf
20 | override.tf.json
21 | *_override.tf
22 | *_override.tf.json
23 | 
24 | # Include override files you do wish to add to version control using negated pattern
25 | #
26 | # !example_override.tf


--------------------------------------------------------------------------------
/Chapter02/codecommit.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | 
3 |   region     = "us-east-1"
4 | }
5 | data "aws_codecommit_repository" "cloudpatterns" {
6 |   repository_name = "cloudpatternsrepo"
7 | }


--------------------------------------------------------------------------------
/Chapter02/example.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 | 
 3 |   region     = "us-east-1"
 4 | }
 5 | resource "aws_instance" "example" {
 6 |   ami = "ami-2757f631"
 7 |   instance_type = "t2.micro"
 8 |   availability_zone  = "us-east-1f"
 9 | }
10 | output "id" {
11 |   value = "${aws_instance.example.id}"
12 | }


--------------------------------------------------------------------------------
/Chapter02/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | 
3 |   region     = "us-east-1"
4 | }


--------------------------------------------------------------------------------
/Chapter02/terraform_install.sh:
--------------------------------------------------------------------------------
1 | #! /bin/bash 
2 | mkdir download
3 | cd download/
4 | wget https://releases.hashicorp.com/terraform/0.11.7/terraform_0.11.7_linux_amd64.zip
5 | unzip terraform_0.11.7_linux_amd64.zip 
6 | mv terraform /usr/bin/terraform
7 | terraform
8 | exit


--------------------------------------------------------------------------------
/Chapter02/users.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_user" "cloudpatterns" {
 2 |   name = "loadbalancer"
 3 | }
 4 | 
 5 | resource "aws_iam_group_membership" "admin" {
 6 |   name = "tf-admin-group-membership"
 7 | 
 8 |   users = [
 9 |     "${aws_iam_user.cloudpatterns.name}",
10 |   ]
11 | 
12 |   group = "${aws_iam_group.group.name}"
13 | }
14 | 
15 | resource "aws_iam_group" "group" {
16 |   name = "cloudpatterngroup"
17 | }
18 | 
19 | resource "aws_iam_group_policy_attachment" "test-attach" {
20 |   group      = "${aws_iam_group.group.name}"
21 |   policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess"
22 | }
23 | 


--------------------------------------------------------------------------------
/Chapter03/aws_s3_bucket_Using object lifecycle.txt:
--------------------------------------------------------------------------------
 1 | resource "aws_s3_bucket" "bucket" {
 2 |   bucket = "my-bucket"
 3 |   acl    = "private"
 4 | 
 5 |   lifecycle_rule {
 6 |     id      = "log"
 7 |     enabled = true
 8 | 
 9 |     prefix = "log/"
10 | 
11 |     tags = {
12 |       "rule"      = "log"
13 |       "autoclean" = "true"
14 |     }
15 | 
16 |     transition {
17 |       days          = 30
18 |       storage_class = "STANDARD_IA" # or "ONEZONE_IA"
19 |     }
20 | 
21 |     transition {
22 |       days          = 60
23 |       storage_class = "GLACIER"
24 |     }
25 | 
26 |     expiration {
27 |       days = 90
28 |     }
29 |   }
30 | 
31 |   lifecycle_rule {
32 |     id      = "tmp"
33 |     prefix  = "tmp/"
34 |     enabled = true
35 | 
36 |     expiration {
37 |       date = "2016-01-12"
38 |     }
39 |   }
40 | }
41 | 
42 | resource "aws_s3_bucket" "versioning_bucket" {
43 |   bucket = "my-versioning-bucket"
44 |   acl    = "private"
45 | 
46 |   versioning {
47 |     enabled = true
48 |   }
49 | 
50 |   lifecycle_rule {
51 |     prefix  = "config/"
52 |     enabled = true
53 | 
54 |     noncurrent_version_transition {
55 |       days          = 30
56 |       storage_class = "STANDARD_IA"
57 |     }
58 | 
59 |     noncurrent_version_transition {
60 |       days          = 60
61 |       storage_class = "GLACIER"
62 |     }
63 | 
64 |     noncurrent_version_expiration {
65 |       days = 90
66 |     }
67 |   }
68 | }


--------------------------------------------------------------------------------
/Chapter03/aws_s3_bucket_Using replication configuration.txt:
--------------------------------------------------------------------------------
  1 | provider "aws" {
  2 |   region = "eu-west-1"
  3 | }
  4 | 
  5 | provider "aws" {
  6 |   alias  = "central"
  7 |   region = "eu-central-1"
  8 | }
  9 | 
 10 | resource "aws_iam_role" "replication" {
 11 |   name = "tf-iam-role-replication-12345"
 12 | 
 13 |   assume_role_policy = <<POLICY
 14 | {
 15 |   "Version": "2012-10-17",
 16 |   "Statement": [
 17 |     {
 18 |       "Action": "sts:AssumeRole",
 19 |       "Principal": {
 20 |         "Service": "s3.amazonaws.com"
 21 |       },
 22 |       "Effect": "Allow",
 23 |       "Sid": ""
 24 |     }
 25 |   ]
 26 | }
 27 | POLICY
 28 | }
 29 | 
 30 | resource "aws_iam_policy" "replication" {
 31 |   name = "tf-iam-role-policy-replication-12345"
 32 | 
 33 |   policy = <<POLICY
 34 | {
 35 |   "Version": "2012-10-17",
 36 |   "Statement": [
 37 |     {
 38 |       "Action": [
 39 |         "s3:GetReplicationConfiguration",
 40 |         "s3:ListBucket"
 41 |       ],
 42 |       "Effect": "Allow",
 43 |       "Resource": [
 44 |         "${aws_s3_bucket.bucket.arn}"
 45 |       ]
 46 |     },
 47 |     {
 48 |       "Action": [
 49 |         "s3:GetObjectVersion",
 50 |         "s3:GetObjectVersionAcl"
 51 |       ],
 52 |       "Effect": "Allow",
 53 |       "Resource": [
 54 |         "${aws_s3_bucket.bucket.arn}/*"
 55 |       ]
 56 |     },
 57 |     {
 58 |       "Action": [
 59 |         "s3:ReplicateObject",
 60 |         "s3:ReplicateDelete"
 61 |       ],
 62 |       "Effect": "Allow",
 63 |       "Resource": "${aws_s3_bucket.destination.arn}/*"
 64 |     }
 65 |   ]
 66 | }
 67 | POLICY
 68 | }
 69 | 
 70 | resource "aws_iam_policy_attachment" "replication" {
 71 |   name       = "tf-iam-role-attachment-replication-12345"
 72 |   roles      = ["${aws_iam_role.replication.name}"]
 73 |   policy_arn = "${aws_iam_policy.replication.arn}"
 74 | }
 75 | 
 76 | resource "aws_s3_bucket" "destination" {
 77 |   bucket = "tf-test-bucket-destination-12345"
 78 |   region = "eu-west-1"
 79 | 
 80 |   versioning {
 81 |     enabled = true
 82 |   }
 83 | }
 84 | 
 85 | resource "aws_s3_bucket" "bucket" {
 86 |   provider = "aws.central"
 87 |   bucket   = "tf-test-bucket-12345"
 88 |   acl      = "private"
 89 |   region   = "eu-central-1"
 90 | 
 91 |   versioning {
 92 |     enabled = true
 93 |   }
 94 | 
 95 |   replication_configuration {
 96 |     role = "${aws_iam_role.replication.arn}"
 97 | 
 98 |     rules {
 99 |       id     = "foobar"
100 |       prefix = "foo"
101 |       status = "Enabled"
102 | 
103 |       destination {
104 |         bucket        = "${aws_s3_bucket.destination.arn}"
105 |         storage_class = "STANDARD"
106 |       }
107 |     }
108 |   }
109 | }


--------------------------------------------------------------------------------
/Chapter03/cloudpatterns-zone.tf:
--------------------------------------------------------------------------------
 1 | # grab the existing cloudpatterns-zone in Route53
 2 | data "aws_route53_zone" "main" {
 3 |   name = "cloudpatterns.uk."
 4 | }
 5 | 
 6 | resource "aws_route53_zone" "book" {
 7 |   name = "book.cloudpatterns.uk"
 8 | 
 9 |   tags {
10 |     Environment = "book"
11 |   }
12 | }
13 | 
14 | resource "aws_route53_record" "book-ns" {
15 |   zone_id = "${data.aws_route53_zone.main.zone_id}"
16 |   name    = "book.cloudpatterns.uk"
17 |   type    = "NS"
18 |   ttl     = "30"
19 | 
20 |   records = [
21 |     "${aws_route53_zone.book.name_servers.0}",
22 |     "${aws_route53_zone.book.name_servers.1}",
23 |     "${aws_route53_zone.book.name_servers.2}",
24 |     "${aws_route53_zone.book.name_servers.3}",
25 |   ]
26 | }


--------------------------------------------------------------------------------
/Chapter03/gtm.tf:
--------------------------------------------------------------------------------
1 | # Global Traffic Management using DNS
2 | resource "aws_route53_record" "www" {
3 |   zone_id = "${aws_route53_zone.book.zone_id}"
4 |   name    = "www"
5 |   type    = "A"
6 |   ttl     = "300"
7 |   records = ["${aws_instance.cheap_worker.public_ip}","${aws_instance.cheap_worker_west.public_ip}"]
8 | }


--------------------------------------------------------------------------------
/Chapter03/instanceAZ1c.tf:
--------------------------------------------------------------------------------
 1 | # Virginia 1c
 2 | resource "aws_instance" "cheap_worker1c" {
 3 |   # the below ami is for the latest Bitnami Wordpress East
 4 |   ami           = "ami-001e1c1159ccfe992"
 5 |   instance_type = "t2.micro"
 6 |   availability_zone  = "us-east-1c"
 7 | 
 8 |   tags {
 9 |     Name = "CheapWorker"
10 |   }
11 | }
12 | output "id1c" {
13 |   value = "${aws_instance.cheap_worker1c.id}"
14 | }


--------------------------------------------------------------------------------
/Chapter03/instances.tf:
--------------------------------------------------------------------------------
 1 | # Virginia
 2 | resource "aws_instance" "cheap_worker" {
 3 |   # the below ami is for the latest Bitnami Wordpress East
 4 |   ami           = "ami-001e1c1159ccfe992"
 5 |   instance_type = "t2.micro"
 6 |   availability_zone  = "us-east-1d"
 7 |   associate_public_ip_address = true
 8 | 
 9 |   tags {
10 |     Name = "CheapWorker"
11 |   }
12 | }
13 | output "id" {
14 |   value = "${aws_instance.cheap_worker.id}"
15 | }
16 | output "ip" {
17 |   value = "${aws_instance.cheap_worker.public_ip}"
18 | }
19 | 
20 | # Oregon
21 | resource "aws_instance" "cheap_worker_west" {
22 |   # the below ami is for the latest Bitnami Wordpress West
23 |   ami           = "ami-000ce50ab0df5943f"
24 |   provider = "aws.west"
25 |   instance_type = "t2.micro"
26 |   availability_zone  = "us-west-2c"
27 |   associate_public_ip_address = true
28 | 
29 |   tags {
30 |     Name = "CheapWorker"
31 |   }
32 | }
33 | output "id_west" {
34 |   value = "${aws_instance.cheap_worker_west.id}"
35 | }
36 | output "ip_west" {
37 |   value = "${aws_instance.cheap_worker_west.public_ip}"
38 | }


--------------------------------------------------------------------------------
/Chapter03/loadbalancer.tf:
--------------------------------------------------------------------------------
 1 | # Create a new load balancer
 2 | resource "aws_elb" "cloudelb" {
 3 |   name               = "cloudpatterns-elb"
 4 |   availability_zones = ["us-east-1c"]
 5 | 
 6 |   listener {
 7 |     instance_port     = 80
 8 |     instance_protocol = "http"
 9 |     lb_port           = 80
10 |     lb_protocol       = "http"
11 |   }
12 | 
13 |   health_check {
14 |     healthy_threshold   = 2
15 |     unhealthy_threshold = 2
16 |     timeout             = 3
17 |     target              = "HTTP:80/"
18 |     interval            = 30
19 |   }
20 | 
21 |   instances                   = ["${aws_instance.cheap_worker1c.id}"]
22 |   cross_zone_load_balancing   = true
23 |   idle_timeout                = 400
24 |   connection_draining         = true
25 |   connection_draining_timeout = 400
26 | 
27 | }


--------------------------------------------------------------------------------
/Chapter03/ltm.tf:
--------------------------------------------------------------------------------
1 | # Global Traffic Management using DNS
2 | resource "aws_route53_record" "wwwltm" {
3 |   zone_id = "${aws_route53_zone.book.zone_id}"
4 |   name    = "www"
5 |   type    = "CNAME"
6 |   ttl     = "300"
7 |   records = ["${aws_elb.cloudelb.dns_name}"]
8 | }


--------------------------------------------------------------------------------
/Chapter03/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region = "us-east-1"
3 | }
4 | 
5 | provider "aws" {
6 |     region = "us-west-2"
7 |     alias = "west"
8 | }


--------------------------------------------------------------------------------
/Chapter03/vpc.tf:
--------------------------------------------------------------------------------
1 | resource "aws_vpc" "mainvpc" {
2 |   cidr_block = "10.1.0.0/16"
3 | }
4 | 
5 | resource "aws_vpc" "mainvpc_west" {
6 |   provider = "aws.west"
7 |   cidr_block = "10.1.0.0/16"
8 | }
9 | 


--------------------------------------------------------------------------------
/Chapter03/web-sg.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_default_security_group" "default" {
 2 |   vpc_id = "${aws_vpc.mainvpc.id}"
 3 | #  provider = "aws.west"
 4 |   
 5 |   ingress {
 6 |     from_port   = 80
 7 |     to_port     = 80
 8 |     protocol    = "tcp"
 9 |     cidr_blocks = ["0.0.0.0/0"]
10 |   }
11 |   
12 |     ingress {
13 |     from_port   = 443
14 |     to_port     = 443
15 |     protocol    = "tcp"
16 |     cidr_blocks = ["0.0.0.0/0"]
17 |   }
18 |   
19 |   ingress {
20 |     protocol  = -1
21 |     self      = true
22 |     from_port = 0
23 |     to_port   = 0
24 |   }
25 | 
26 |   egress {
27 |     from_port   = 0
28 |     to_port     = 0
29 |     protocol    = "-1"
30 |     cidr_blocks = ["0.0.0.0/0"]
31 |   }
32 | }
33 | 
34 | resource "aws_default_security_group" "default_west" {
35 |   vpc_id = "${aws_vpc.mainvpc_west.id}"
36 |   provider = "aws.west"
37 |   
38 |   ingress {
39 |     from_port   = 80
40 |     to_port     = 80
41 |     protocol    = "tcp"
42 |     cidr_blocks = ["0.0.0.0/0"]
43 |   }
44 |   
45 |     ingress {
46 |     from_port   = 443
47 |     to_port     = 443
48 |     protocol    = "tcp"
49 |     cidr_blocks = ["0.0.0.0/0"]
50 |   }
51 |   
52 |   ingress {
53 |     protocol  = -1
54 |     self      = true
55 |     from_port = 0
56 |     to_port   = 0
57 |   }
58 | 
59 |   egress {
60 |     from_port   = 0
61 |     to_port     = 0
62 |     protocol    = "-1"
63 |     cidr_blocks = ["0.0.0.0/0"]
64 |   }
65 | }
66 | 


--------------------------------------------------------------------------------
/Chapter04/Custom IAM Policy.txt:
--------------------------------------------------------------------------------
 1 | {
 2 |  "Version": "2012-10-17",
 3 |  "Statement": [
 4 |  {
 5 |  "Effect": "Allow",
 6 |  "Action": [
 7 |  "guardduty:*"
 8 |  ],
 9 |  "Resource": "*"
10 |  },
11 |  {
12 |  "Effect": "Allow",
13 |  "Action": [
14 |  "iam:CreateServiceLinkedRole"
15 |  ],
16 |  "Resource": "arn:aws:iam::123456789123:role/aws-service-role/
17 | guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
18 |  "Condition": {
19 |  "StringLike": {
20 |  "iam:AWSServiceName": "guardduty.amazonaws.com"
21 |  }
22 |  }
23 |  },
24 |  {
25 |  "Effect": "Allow",
26 |  "Action": [
27 |  "iam:PutRolePolicy",
28 |  "iam:DeleteRolePolicy"
29 |  ],
30 |  "Resource": "arn:aws:iam::123456789123:role/aws-service-role/
31 | guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty"
32 |  }
33 |  ]
34 | }


--------------------------------------------------------------------------------
/Chapter04/aws_cognito_identity_pool.txt:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_saml_provider" "default" {
 2 |   name                   = "my-saml-provider"
 3 |   saml_metadata_document = "${file("saml-metadata.xml")}"
 4 | }
 5 | 
 6 | resource "aws_cognito_identity_pool" "main" {
 7 |   identity_pool_name               = "identity pool"
 8 |   allow_unauthenticated_identities = false
 9 | 
10 |   cognito_identity_providers {
11 |     client_id               = "6lhlkkfbfb4q5kpp90urffae"
12 |     provider_name           = "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ"
13 |     server_side_token_check = false
14 |   }
15 | 
16 |   cognito_identity_providers {
17 |     client_id               = "7kodkvfqfb4qfkp39eurffae"
18 |     provider_name           = "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu"
19 |     server_side_token_check = false
20 |   }
21 | 
22 |   supported_login_providers = {
23 |     "graph.facebook.com"  = "7346241598935552"
24 |     "accounts.google.com" = "123456789012.apps.googleusercontent.com"
25 |   }
26 | 
27 |   saml_provider_arns           = ["${aws_iam_saml_provider.default.arn}"]
28 |   openid_connect_provider_arns = ["arn:aws:iam::123456789012:oidc-provider/foo.example.com"]
29 | }


--------------------------------------------------------------------------------
/Chapter04/aws_flow_log.txt:
--------------------------------------------------------------------------------
 1 | resource "aws_flow_log" "test_flow_log" {
 2 |   # log_group_name needs to exist before hand
 3 |   # until we have a CloudWatch Log Group Resource
 4 |   log_group_name = "tf-test-log-group"
 5 |   iam_role_arn = "${aws_iam_role.test_role.arn}"
 6 |   vpc_id = "${aws_vpc.default.id}"
 7 |   traffic_type = "ALL"
 8 | }
 9 | 
10 | resource "aws_iam_role" "test_role" {
11 |     name = "test_role"
12 |     assume_role_policy = <<EOF
13 | {
14 |   "Version": "2012-10-17",
15 |   "Statement": [
16 |     {
17 |       "Sid": "",
18 |       "Effect": "Allow",
19 |       "Principal": {
20 |         "Service": "vpc-flow-logs.amazonaws.com"
21 |       },
22 |       "Action": "sts:AssumeRole"
23 |     }
24 |   ]
25 | } 
26 | EOF
27 | }
28 | 
29 | resource "aws_iam_role_policy" "test_policy" {
30 |     name = "test_policy"
31 |     role = "${aws_iam_role.test_role.id}"
32 |     policy = <<EOF
33 | {
34 |   "Version": "2012-10-17",
35 |   "Statement": [
36 |     {
37 |       "Action": [
38 |         "logs:CreateLogGroup",
39 |         "logs:CreateLogStream",
40 |         "logs:PutLogEvents",
41 |         "logs:DescribeLogGroups",
42 |         "logs:DescribeLogStreams"
43 |       ],
44 |       "Effect": "Allow",
45 |       "Resource": "*"
46 |     }
47 |   ]
48 | }   
49 | EOF
50 | }


--------------------------------------------------------------------------------
/Chapter04/aws_network_acl.txt:
--------------------------------------------------------------------------------
 1 | resource "aws_network_acl" "main" {
 2 |   vpc_id = "${aws_vpc.main.id}"
 3 | 
 4 |   egress {
 5 |     protocol   = "tcp"
 6 |     rule_no    = 200
 7 |     action     = "allow"
 8 |     cidr_block = "10.3.0.0/18"
 9 |     from_port  = 443
10 |     to_port    = 443
11 |   }
12 | 
13 |   ingress {
14 |     protocol   = "tcp"
15 |     rule_no    = 100
16 |     action     = "allow"
17 |     cidr_block = "10.3.0.0/18"
18 |     from_port  = 80
19 |     to_port    = 80
20 |   }
21 | 
22 |   tags = {
23 |     Name = "main"
24 |   }
25 | }


--------------------------------------------------------------------------------
/Chapter05/bucket-state.tf:
--------------------------------------------------------------------------------
1 | resource "aws_s3_bucket" "cloudpatterns-state" {
2 |   bucket = "cloudpatterns-state"
3 |   acl    = "private"
4 | 
5 |   versioning {
6 |     enabled = true
7 |   }
8 | }


--------------------------------------------------------------------------------
/Chapter05/buildspec.yml:
--------------------------------------------------------------------------------
 1 | version: 0.2
 2 | # adapted from https://github.com/cloudreach/awsloft-terraform-ci/blob/master/buildspec-dev.yml
 3 | # and https://stackoverflow.com/questions/44005005/aws-codebuild-terraform-provider
 4 | 
 5 | env:
 6 |   variables:
 7 |     TF_VERSION: "0.11.8"
 8 | phases:
 9 | 
10 |   install:
11 |     commands:
12 |       - cd /usr/bin
13 |       - curl -s -qL -o terraform.zip https://releases.hashicorp.com/terraform/0.11.8/terraform_0.11.8_linux_amd64.zip
14 |       - unzip -o terraform.zip
15 | 
16 |   build:
17 |     commands:
18 |       - echo "changing directory to $CODEBUILD_SRC_DIR"
19 |       - cd $CODEBUILD_SRC_DIR/Chapter5/
20 |       - terraform init
21 |       - terraform plan -no-color -out cloudpatterns.tfplan
22 | 
23 |   post_build:
24 |     commands:
25 |       - echo "terraform plan completed on `date`"
26 | 
27 | 
28 | artifacts:
29 |   files:
30 |     - '**/*'


--------------------------------------------------------------------------------
/Chapter05/chapter5vars.tf:
--------------------------------------------------------------------------------
 1 | variable "vpc_id" {
 2 |   default = "vpc-1802fb62"
 3 | }
 4 | 
 5 | variable "default_security_group_id" {
 6 |   default = "sg-0be574956123abb87"
 7 | }
 8 | 
 9 | variable "aws_codecommit_repository_url" {
10 |   default = "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/cloudpatternsrepo"
11 | }
12 | 
13 | variable "aws_build_subnet_id" {
14 |   default = ["subnet-034a9e5e46cce777c"]
15 | }
16 | 
17 | variable "aws_public_subnet_id" {
18 |   default = "subnet-476f170d"
19 | }


--------------------------------------------------------------------------------
/Chapter05/cloudpatterns.tfplan:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Implementing-Cloud-Design-Patterns-for-AWS-Second-Edition/a32fb1b1de35c96eb928496da5951bc8ef2086e9/Chapter05/cloudpatterns.tfplan


--------------------------------------------------------------------------------
/Chapter05/cloudpatterns_lambda.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PacktPublishing/Implementing-Cloud-Design-Patterns-for-AWS-Second-Edition/a32fb1b1de35c96eb928496da5951bc8ef2086e9/Chapter05/cloudpatterns_lambda.zip


--------------------------------------------------------------------------------
/Chapter05/codebuild.tf:
--------------------------------------------------------------------------------
  1 | resource "aws_s3_bucket" "cloudpatterns-codebuild" {
  2 |   bucket = "cloudpatterns-codebuild"
  3 |   acl    = "private"
  4 |   
  5 |   versioning {
  6 |     enabled = true
  7 |   }
  8 | }
  9 | 
 10 | data "aws_subnet_ids" "example" {
 11 |   vpc_id = "${var.vpc_id}"
 12 | }
 13 | 
 14 | resource "aws_iam_role" "cloudpatterns-codebuild" {
 15 |   name = "cloudpatterns-codebuild"
 16 | 
 17 |   assume_role_policy = <<EOF
 18 | {
 19 |   "Version": "2012-10-17",
 20 |   "Statement": [
 21 |     {
 22 |       "Effect": "Allow",
 23 |       "Principal": {
 24 |         "Service": "codebuild.amazonaws.com"
 25 |       },
 26 |       "Action": "sts:AssumeRole"
 27 |     }
 28 |   ]
 29 | }
 30 | EOF
 31 | }
 32 | 
 33 | resource "aws_iam_role_policy" "cloudpatterns-codebuild" {
 34 |   role        = "${aws_iam_role.cloudpatterns-codebuild.name}"
 35 | 
 36 |   policy = <<POLICY
 37 | {
 38 |   "Version": "2012-10-17",
 39 |   "Statement": [
 40 |     {
 41 |       "Effect": "Allow",
 42 |       "Resource": [
 43 |         "*"
 44 |       ],
 45 |       "Action": [
 46 |         "logs:CreateLogGroup",
 47 |         "logs:CreateLogStream",
 48 |         "logs:PutLogEvents"
 49 |       ]
 50 |     },
 51 |     {
 52 |       "Effect": "Allow",
 53 |       "Action": [
 54 |         "ec2:*"
 55 |       ],
 56 |       "Resource": "*"
 57 |     },
 58 |     {
 59 |       "Effect": "Allow",
 60 |       "Action": [
 61 |         "codecommit:*"
 62 |       ],
 63 |       "Resource": "*"
 64 |     },
 65 |     {
 66 |       "Effect": "Allow",
 67 |       "Action": [
 68 |         "s3:*"
 69 |       ],
 70 |       "Resource": [
 71 |         "${aws_s3_bucket.cloudpatterns-codebuild.arn}",
 72 |         "${aws_s3_bucket.cloudpatterns-codebuild.arn}/*"
 73 |       ]
 74 |     }
 75 |   ]
 76 | }
 77 | POLICY
 78 | }
 79 | 
 80 | resource "aws_codebuild_project" "cloudpatterns-codebuild" {
 81 |   name         = "cloudpatterns-project"
 82 |   description  = "cloudpatterns_codebuild_project"
 83 |   build_timeout      = "5"
 84 |   service_role = "${aws_iam_role.cloudpatterns-codebuild.arn}"
 85 | 
 86 |   artifacts {
 87 |     type = "S3"
 88 |     location = "${aws_s3_bucket.cloudpatterns-codebuild.bucket}"
 89 |   }
 90 | 
 91 | /*  cache {
 92 |     type     = "S3"
 93 |     location = "${aws_s3_bucket.cloudpatterns-codebuild.bucket}"
 94 |   } */
 95 | 
 96 |   environment {
 97 |     compute_type = "BUILD_GENERAL1_SMALL"
 98 |     image        = "aws/codebuild/ubuntu-base:14.04"
 99 |     type         = "LINUX_CONTAINER"
100 |   }
101 | 
102 |   source {
103 |     type            = "CODECOMMIT"
104 |     location        = "${var.aws_codecommit_repository_url}"
105 | #   auth            = {type = "OAUTH"}
106 |     git_clone_depth = 1
107 |       buildspec = "sonarqube.yml"
108 |   }
109 | 
110 |   vpc_config {
111 |     vpc_id = "${var.vpc_id}"
112 | 
113 |     subnets = [
114 |       "${var.aws_build_subnet_id}",
115 |     ]
116 | 
117 |     security_group_ids = [
118 |       "${var.default_security_group_id}",
119 |     ]
120 |   }
121 | 
122 |   tags {
123 |     "Environment" = "cloudpatterns"
124 |   }
125 | }


--------------------------------------------------------------------------------
/Chapter05/codetest.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_codebuild_project" "cloudpatterns-codetest" {
 2 |   name         = "cloudpatterns-project"
 3 |   description  = "cloudpatterns_codebuild_project"
 4 |   build_timeout      = "5"
 5 |   service_role = "${aws_iam_role.cloudpatterns-codebuild.arn}"
 6 | 
 7 |   artifacts {
 8 |     type = "S3"
 9 |     location = "${aws_s3_bucket.cloudpatterns-codebuild.bucket}"
10 |   }
11 | 
12 | /*  cache {
13 |     type     = "S3"
14 |     location = "${aws_s3_bucket.cloudpatterns-codebuild.bucket}"
15 |   } */
16 | 
17 |   environment {
18 |     compute_type = "BUILD_GENERAL1_SMALL"
19 |     image        = "aws/codebuild/ubuntu-base:14.04"
20 |     type         = "LINUX_CONTAINER"
21 |   }
22 | 
23 |   source {
24 |     type            = "CODECOMMIT"
25 |     location        = "${var.aws_codecommit_repository_url}"
26 | #   auth            = {type = "OAUTH"}
27 |     git_clone_depth = 1
28 |   }
29 | 
30 |   vpc_config {
31 |     vpc_id = "${var.vpc_id}"
32 | 
33 |     subnets = [
34 |       "${var.aws_build_subnet_id}",
35 |     ]
36 | 
37 |     security_group_ids = [
38 |       "${var.default_security_group_id}",
39 |     ]
40 |   }
41 | 
42 |   tags {
43 |     "Environment" = "cloudpatterns"
44 |   }
45 | }


--------------------------------------------------------------------------------
/Chapter05/lambda_terraform.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_role" "iam_for_lambda" {
 2 |   name = "iam_for_lambda"
 3 | 
 4 |   assume_role_policy = <<EOF
 5 | {
 6 |   "Version": "2012-10-17",
 7 |   "Statement": [
 8 |     {
 9 |       "Action": "sts:AssumeRole",
10 |       "Principal": {
11 |         "Service": "lambda.amazonaws.com"
12 |       },
13 |       "Effect": "Allow"
14 |     },
15 |     {
16 |       "Sid": "",
17 |       "Effect": "Allow",
18 |       "Principal": {
19 |         "Service": "cloudtrail.amazonaws.com"
20 |       },
21 |       "Action": "sts:AssumeRole"
22 |     }
23 |   ]
24 | }
25 | EOF
26 | }
27 | 
28 | resource "aws_lambda_permission" "allow_bucket" {
29 |   statement_id  = "AllowExecutionFromS3Bucket"
30 |   action        = "lambda:InvokeFunction"
31 |   function_name = "${aws_lambda_function.cloudpatterns_terraform_lambda.arn}"
32 |   principal     = "s3.amazonaws.com"
33 |   source_arn    = "${aws_s3_bucket.cloudpatterns-codebuild.arn}"
34 | }
35 | 
36 | /* resource "aws_lambda_function" "cloudpatterns_terraform_lambda" {
37 |   filename      = "cloudpatterns-terraform-function.zip"
38 |   function_name = "cloudpatterns_terraform_lambda"
39 |   role          = "${aws_iam_role.iam_for_lambda.arn}"
40 |   handler       = "terraform.my_handler"
41 |   runtime   = "python2.7"
42 | } */ 
43 | 
44 | resource "aws_lambda_function" "cloudpatterns_terraform_lambda" {
45 |   filename         = "cloudpatterns_lambda.zip"
46 |   function_name    = "cloudpatterns_terraform_lambda"
47 |   role             = "${aws_iam_role.iam_for_lambda.arn}"
48 |   handler          = "terraform.handler"
49 |   runtime          = "python2.7"
50 |   source_code_hash = "${base64sha256(file("cloudpatterns_lambda.zip"))}"
51 | 
52 |   environment {
53 |     variables = {
54 |       foo = "bar"
55 |     }
56 |   }
57 | }
58 | 
59 | resource "aws_s3_bucket_notification" "bucket_notification" {
60 |   bucket = "${aws_s3_bucket.cloudpatterns-codebuild.id}"
61 | 
62 |   lambda_function {
63 |     lambda_function_arn = "${aws_lambda_function.cloudpatterns_terraform_lambda.arn}"
64 |     events              = ["s3:ObjectCreated:*"]
65 | #   filter_prefix       = "/"
66 |     filter_suffix       = ".tfplan"
67 |   }
68 | }


--------------------------------------------------------------------------------
/Chapter05/main.tf:
--------------------------------------------------------------------------------
 1 | provider "aws" {
 2 |   region = "us-east-1"
 3 | }
 4 | 
 5 | provider "aws" {
 6 |     region = "us-west-2"
 7 |     alias = "west"
 8 | }
 9 | 
10 | terraform {
11 |   backend "s3" {
12 |     bucket = "cloudpatterns-state"
13 |     key    = "tfstate"
14 |     region = "us-east-1"
15 |   }
16 | }


--------------------------------------------------------------------------------
/Chapter05/private.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_subnet" "cloudpatterns_private" {
 2 |   vpc_id                  = "${var.vpc_id}"
 3 |   cidr_block              = "172.31.96.0/20"
 4 |   map_public_ip_on_launch = false
 5 | }
 6 | 
 7 | resource "aws_eip" "natgw_eip" {
 8 |   vpc = true
 9 | }
10 | 
11 | resource "aws_nat_gateway" "cloudpatterns_nat_gw" {
12 |   allocation_id = "${aws_eip.natgw_eip.id}"
13 |   subnet_id     = "${var.aws_public_subnet_id}"
14 | 
15 | }
16 | 
17 | resource "aws_route_table" "nat_route_table" {
18 |   vpc_id = "${var.vpc_id}"
19 | 
20 |   route {
21 |     cidr_block = "0.0.0.0/0"
22 |     gateway_id = "${aws_nat_gateway.cloudpatterns_nat_gw.id}"
23 |   }
24 |   
25 | }
26 | 
27 | resource "aws_route_table_association" "a" {
28 |   subnet_id      = "${aws_subnet.cloudpatterns_private.id}"
29 |   route_table_id = "${aws_route_table.nat_route_table.id}"
30 | }
31 | 
32 | resource "aws_security_group" "nat_security_group" {
33 |   name        = "allow_all"
34 |   description = "Allow all inbound traffic"
35 |   vpc_id      = "${var.vpc_id}"
36 | 
37 |   ingress {
38 |     from_port   = 0
39 |     to_port     = 0
40 |     protocol    = "-1"
41 |     cidr_blocks = ["0.0.0.0/0"]
42 |   }
43 | 
44 |   egress {
45 |     from_port       = 0
46 |     to_port         = 0
47 |     protocol        = "-1"
48 |     cidr_blocks     = ["0.0.0.0/0"]
49 |   }
50 | }


--------------------------------------------------------------------------------
/Chapter05/sonarqube.yml:
--------------------------------------------------------------------------------
 1 | version: 0.2
 2 | # adapted from https://github.com/aws-samples/aws-codebuild-samples/blob/master/buildspecs/sonarqube.yml
 3 | 
 4 | phases:
 5 |   install:
 6 |     commands:
 7 |       - wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
 8 |       - unzip sonar-scanner-cli-3.2.0.1227-linux.zip
 9 |       - export PATH=$PATH:./sonar-scanner-3.2.0.1227-linux/bin/
10 |   build:
11 |     commands:
12 |       - sonar-scanner -Dsonar.projectKey=cure51-gapes -Dsonar.organization=skibum55-github -Dsonar.sources=. -Dsonar.host.url=https://sonarcloud.io -Dsonar.login=b85ce42d96cc973761366dfbeeb8ede60cc0ab4f
13 | 


--------------------------------------------------------------------------------
/Chapter05/terraform.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | # adapted from https://github.com/FitnessKeeper/terraform-lambda
 3 | 
 4 | import os
 5 | import subprocess
 6 | import urllib
 7 | 
 8 | import boto3
 9 | 
10 | 
11 | # Version of Terraform that we're using
12 | TERRAFORM_VERSION = '0.11.8'
13 | 
14 | # Download URL for Terraform
15 | TERRAFORM_DOWNLOAD_URL = (
16 |     'https://releases.hashicorp.com/terraform/%s/terraform_%s_linux_amd64.zip'
17 |     % (TERRAFORM_VERSION, TERRAFORM_VERSION))
18 | 
19 | # Paths where Terraform should be installed
20 | TERRAFORM_DIR = os.path.join('/tmp', 'terraform_%s' % TERRAFORM_VERSION)
21 | TERRAFORM_PATH = os.path.join(TERRAFORM_DIR, 'terraform')
22 | 
23 | 
24 | def check_call(args):
25 |     """Wrapper for subprocess that checks if a process runs correctly,
26 |     and if not, prints stdout and stderr.
27 |     """
28 |     proc = subprocess.Popen(args,
29 |         stdout=subprocess.PIPE,
30 |         stderr=subprocess.PIPE,
31 |         cwd='/tmp')
32 |     stdout, stderr = proc.communicate()
33 |     if proc.returncode != 0:
34 |         print(stdout)
35 |         print(stderr)
36 |         raise subprocess.CalledProcessError(
37 |             returncode=proc.returncode,
38 |             cmd=args)
39 | 
40 | 
41 | def install_terraform():
42 |     """Install Terraform on the Lambda instance."""
43 |     # Most of a Lambda's disk is read-only, but some transient storage is
44 |     # provided in /tmp, so we install Terraform here.  This storage may
45 |     # persist between invocations, so we skip downloading a new version if
46 |     # it already exists.
47 |     # http://docs.aws.amazon.com/lambda/latest/dg/lambda-introduction.html
48 |     if os.path.exists(TERRAFORM_PATH):
49 |         return
50 | 
51 |     urllib.urlretrieve(TERRAFORM_DOWNLOAD_URL, '/tmp/terraform.zip')
52 | 
53 |     # Flags:
54 |     #   '-o' = overwrite existing files without prompting
55 |     #   '-d' = output directory
56 |     check_call(['unzip', '-o', '/tmp/terraform.zip', '-d', TERRAFORM_DIR])
57 | 
58 |     check_call([TERRAFORM_PATH, '--version'])
59 | 
60 | 
61 | def apply_terraform_plan(s3_bucket, path):
62 |     """Download a Terraform plan from S3 and run a 'terraform apply'.
63 | 
64 |     :param s3_bucket: Name of the S3 bucket where the plan is stored.
65 |     :param path: Path to the Terraform planfile in the S3 bucket.
66 | 
67 |     """
68 |     # Although the /tmp directory may persist between invocations, we always
69 |     # download a new copy of the planfile, as it may have changed externally.
70 |     s3 = boto3.resource('s3')
71 |     planfile = s3.Object(s3_bucket, path)
72 |     planfile.download_file('/tmp/terraform.plan')
73 |     check_call([TERRAFORM_PATH, 'apply', '/tmp/terraform.plan'])
74 | 
75 | 
76 | def handler(event, context):
77 |     s3_bucket = event['Records'][0]['s3']['bucket']['name']
78 |     path = event['Records'][0]['s3']['object']['key']
79 | 
80 |     install_terraform()
81 |     apply_terraform_plan(s3_bucket=s3_bucket, path=path)


--------------------------------------------------------------------------------
/Chapter06/locustfile.py:
--------------------------------------------------------------------------------
 1 | from locust import HttpLocust, TaskSet, task
 2 | 
 3 | class UserBehavior(TaskSet):
 4 |     def on_start(self):
 5 |         """ on_start is called when a Locust start before any task is scheduled """
 6 |         self.login()
 7 | 
 8 |     def on_stop(self):
 9 |         """ on_stop is called when the TaskSet is stopping """
10 |         self.logout()
11 | 
12 |     def login(self):
13 |         self.client.post("/wp-admin", {"username":"user", "password":"fUQhOhtZLt4'"})
14 | 
15 |     def logout(self):
16 |         self.client.post("/logout", {"username":"user", "password":"fUQhOhtZLt4'"})
17 | 
18 |     @task(2)
19 |     def index(self):
20 |         self.client.get("/")
21 | 
22 |     @task(1)
23 |     def profile(self):
24 |         self.client.get("/profile")
25 | 
26 | class WebsiteUser(HttpLocust):
27 |     task_set = UserBehavior
28 |     min_wait = 5000
29 |     max_wait = 9000


--------------------------------------------------------------------------------
/Chapter08/CloudFront.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_s3_bucket" "cloudpatterns-cloudfrontbucket" {
 2 |   bucket = "cloudpatterns-cloudfront"
 3 |   acl = "public-read"
 4 |   
 5 |   website {
 6 |     index_document = "index.html"
 7 |   }
 8 | 
 9 |   tags = {
10 |     Name = "My cloudfront bucket"
11 |   }
12 | }
13 | 
14 | resource "aws_s3_bucket_object" "helloA" {
15 |     bucket = "${aws_s3_bucket.cloudpatterns-cloudfrontbucket.bucket}"
16 |     key = "index.html"
17 |     content = "Hello world from Terraform!"
18 |     content_type = "text/plain"
19 |     acl = "public-read"
20 | }
21 | 
22 | resource "aws_s3_bucket_object" "helloB" {
23 |     bucket = "${aws_s3_bucket.cloudpatterns-cloudfrontbucket.bucket}"
24 |     key = "indexB.html"
25 |     content = "Hello world from TerraformB!"
26 |     content_type = "text/plain"
27 |     acl = "public-read"
28 | }
29 | 
30 | resource "aws_cloudfront_distribution" "s3_distribution" {
31 |   origin {
32 |     domain_name = "${aws_s3_bucket.cloudpatterns-cloudfrontbucket.bucket_domain_name}"
33 |     origin_id = "cloudpatterns-cloudfront"
34 |   }
35 | 
36 |   enabled = true
37 |   default_root_object = "index.html"
38 | 
39 |   default_cache_behavior {
40 |     allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
41 |     cached_methods = ["GET", "HEAD"]
42 |     target_origin_id = "cloudpatterns-cloudfront"
43 |     
44 |     lambda_function_association {
45 |       event_type = "viewer-request"
46 |       lambda_arn = "${aws_lambda_function.cloudfront_terraform_lambda.qualified_arn}"
47 |       include_body = false
48 |     }
49 | 
50 |     forwarded_values {
51 |       query_string = false
52 | 
53 |       cookies {
54 |         forward = "none"
55 |       }
56 |     }
57 | 
58 |     viewer_protocol_policy = "allow-all"
59 |     min_ttl = 0
60 |     default_ttl = 3600
61 |     max_ttl = 86400
62 |   }
63 |   
64 |   restrictions {
65 |     geo_restriction {
66 |       restriction_type = "none"
67 |     }
68 |   }
69 | 
70 |   tags = {
71 |     Environment = "production"
72 |   }
73 | 
74 |   viewer_certificate {
75 |     cloudfront_default_certificate = true
76 |   }
77 | }


--------------------------------------------------------------------------------
/Chapter08/alb.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_lb" "lambda-alb" {
 2 |   name               = "lambda-lb-tf"
 3 |   internal           = false
 4 |   load_balancer_type = "application"
 5 |   subnets            = ["subnet-447dd623","subnet-476f170d"]
 6 |   security_groups    = ["${aws_security_group.alb_sg.id}"]
 7 |   
 8 | //    access_logs {
 9 | //    bucket  = "${aws_s3_bucket.lb_logs.bucket}"
10 | //    prefix  = "test-lb"
11 | //    enabled = true
12 | //  }
13 | }
14 | 
15 | resource "aws_security_group" "alb_sg" {
16 |   name        = "alb_sg"
17 |   description = "Load Balancer port 80"
18 | //  vpc_id      = "${aws_vpc.main.id}"
19 | 
20 |   ingress {
21 |     from_port   = 80
22 |     to_port     = 80
23 |     protocol    = "tcp"
24 |     cidr_blocks = ["0.0.0.0/0"]
25 |   }
26 | 
27 |   egress {
28 |     from_port       = 0
29 |     to_port         = 0
30 |     protocol        = "-1"
31 |     cidr_blocks     = ["0.0.0.0/0"]
32 |   }
33 | }
34 | // add logging policies
35 | 
36 | 
37 | resource "aws_lb_listener" "alb_listener" {  
38 |   load_balancer_arn = "${aws_lb.lambda-alb.arn}"  
39 |   port              = "80"  
40 |   protocol          = "HTTP"
41 |   
42 |   default_action {    
43 |     target_group_arn = "${aws_lb_target_group.lambda-target-group.arn}"
44 |     type             = "forward"  
45 |   }
46 | }
47 | 
48 | resource "aws_lb_target_group" "lambda-target-group" {
49 |   name        = "alb-lambda-group"
50 |   target_type = "lambda"
51 | }
52 | 
53 | resource "aws_lb_target_group_attachment" "lamdba-target-attachment" {
54 |   target_group_arn  = "${aws_lb_target_group.lambda-target-group.arn}"
55 |   target_id         = "${aws_lambda_function.alb_terraform_lambda.arn}"
56 |   depends_on        = ["aws_lambda_permission.iam_for_alb"]
57 | }


--------------------------------------------------------------------------------
/Chapter08/alb_lambda.js:
--------------------------------------------------------------------------------
 1 | 'use strict';
 2 | 
 3 | exports.handler = (event, context, callback) => {
 4 |     const request = event;
 5 |     const headers = request.headers;
 6 | 
 7 |     if (request.path !== '/') {
 8 |         // do not process if this is not an A-B test request
 9 |         callback(null, request);
10 |         return;
11 |     }
12 | 
13 |     const cookieExperimentA = 'X-Experiment-Name=A';
14 |     const cookieExperimentB = 'X-Experiment-Name=B';
15 |     const pathExperimentA = '/index.html';
16 |     const pathExperimentB = '/indexB.html';
17 | 
18 |     let experimentUri;
19 |     if (headers.cookie == cookieExperimentB ) {
20 |         console.log('Experiment B cookie found');
21 |         experimentUri = pathExperimentB;
22 |     } else {
23 |         console.log('No valid cookie found');
24 |         experimentUri = pathExperimentA;
25 |     }
26 | 
27 |     if (!experimentUri) {
28 |         console.log('Experiment cookie has not been found. Throwing dice...');
29 |         if (Math.random() < 0.75) {
30 |             experimentUri = pathExperimentA;
31 |         } else {
32 |             experimentUri = pathExperimentB;
33 |         }
34 |     }
35 | 
36 |     request.uri = experimentUri;
37 |     console.log(`Request uri set to "${request.uri}"`);
38 |     callback(null, request);
39 | };


--------------------------------------------------------------------------------
/Chapter08/cloudfront_lambda.js:
--------------------------------------------------------------------------------
 1 | 'use strict';
 2 | 
 3 | exports.handler = (event, context, callback) => {
 4 |     const request = event.Records[0].cf.request;
 5 |     const headers = request.headers;
 6 | 
 7 |     if (request.uri !== '/index.html') {
 8 |         // do not process if this is not an A-B test request
 9 |         callback(null, request);
10 |         return;
11 |     }
12 | 
13 |     const cookieExperimentA = 'X-Experiment-Name=A';
14 |     const cookieExperimentB = 'X-Experiment-Name=B';
15 |     const pathExperimentA = '/index.html';
16 |     const pathExperimentB = '/indexB.html';
17 | 
18 |     let experimentUri;
19 |     if (headers.cookie) {
20 |         for (let i = 0; i < headers.cookie.length; i++) {
21 |             if (headers.cookie[i].value.indexOf(cookieExperimentA) >= 0) {
22 |                 console.log('Experiment A cookie found');
23 |                 experimentUri = pathExperimentA;
24 |                 break;
25 |             } else if (headers.cookie[i].value.indexOf(cookieExperimentB) >= 0) {
26 |                 console.log('Experiment B cookie found');
27 |                 experimentUri = pathExperimentB;
28 |                 break;
29 |             }
30 |         }
31 |     }
32 | 
33 |     if (!experimentUri) {
34 |         console.log('Experiment cookie has not been found. Throwing dice...');
35 |         if (Math.random() < 0.75) {
36 |             experimentUri = pathExperimentA;
37 |         } else {
38 |             experimentUri = pathExperimentB;
39 |         }
40 |     }
41 | 
42 |     request.uri = experimentUri;
43 |     console.log(`Request uri set to "${request.uri}"`);
44 |     callback(null, request);
45 | };


--------------------------------------------------------------------------------
/Chapter08/cloudfront_lambda_terraform.tf:
--------------------------------------------------------------------------------
  1 | resource "aws_iam_role" "iam_for_lambda" {
  2 |   name = "iam_for_lambda"
  3 | 
  4 |   assume_role_policy = <<EOF
  5 | {
  6 |   "Version": "2012-10-17",
  7 |   "Statement": [
  8 |     {
  9 |       "Action": "sts:AssumeRole",
 10 |       "Principal": {
 11 |         "Service": "lambda.amazonaws.com"
 12 |       },
 13 |       "Effect": "Allow"
 14 |     },
 15 |     {
 16 |       "Action": "sts:AssumeRole",
 17 |       "Principal": {
 18 |         "Service": "edgelambda.amazonaws.com"
 19 |       },
 20 |       "Effect": "Allow"
 21 |     },
 22 |     {
 23 |       "Sid": "",
 24 |       "Effect": "Allow",
 25 |       "Principal": {
 26 |         "Service": "cloudtrail.amazonaws.com"
 27 |       },
 28 |       "Action": "sts:AssumeRole"
 29 |     }
 30 |   ]
 31 | }
 32 | EOF
 33 | }
 34 | 
 35 | resource "aws_iam_role_policy" "test_policy" {
 36 |   name = "test_policy"
 37 |   role = "${aws_iam_role.iam_for_lambda.id}"
 38 | 
 39 |   policy = <<EOF
 40 | {
 41 |   "Version": "2012-10-17",
 42 |   "Statement": [
 43 |     {
 44 |             "Effect": "Allow",
 45 |             "Action": [
 46 |                 "logs:*"
 47 |             ],
 48 |             "Resource": "arn:aws:logs:*:*:*"
 49 |         },
 50 |         {
 51 |             "Effect": "Allow",
 52 |             "Action": [
 53 |                 "s3:GetObject",
 54 |                 "s3:PutObject"
 55 |             ],
 56 |             "Resource": "arn:aws:s3:::*"
 57 |         }
 58 |   ]
 59 | }
 60 | EOF
 61 | }
 62 | 
 63 | resource "aws_lambda_permission" "allow_bucket" {
 64 |   statement_id  = "AllowExecutionFromS3Bucket"
 65 |   action        = "lambda:InvokeFunction"
 66 |   function_name = "${aws_lambda_function.cloudfront_terraform_lambda.arn}"
 67 |   principal     = "s3.amazonaws.com"
 68 |   source_arn    = "${aws_s3_bucket.cloudpatterns-cloudfrontbucket.arn}"
 69 | }
 70 | 
 71 | resource "aws_lambda_permission" "allow_cloudfront" {
 72 |   statement_id   = "AllowExecutionFromCloudFront"
 73 |   action         = "lambda:GetFunction"
 74 |   function_name = "${aws_lambda_function.cloudfront_terraform_lambda.arn}"
 75 |   principal      = "edgelambda.amazonaws.com"
 76 | }
 77 | 
 78 | resource "aws_lambda_function" "cloudfront_terraform_lambda" {
 79 |   filename         = "cloudfront_lambda.zip"
 80 |   function_name    = "cloudfront_terraform_lambda"
 81 |   role             = "${aws_iam_role.iam_for_lambda.arn}"
 82 |   handler          = "cloudfront_lambda.handler"
 83 |   runtime          = "nodejs8.10"
 84 |   source_code_hash = "${base64sha256(file("cloudfront_lambda.zip"))}"
 85 |   publish          = "true"
 86 | }
 87 | 
 88 | resource "aws_lambda_permission" "iam_for_alb" {
 89 |   statement_id  = "AllowExecutionFromlb"
 90 |   action        = "lambda:InvokeFunction"
 91 |   function_name = "alb_lambda"
 92 |   principal     = "elasticloadbalancing.amazonaws.com"
 93 |   source_arn    = "${aws_lb_target_group.lambda-target-group.arn}"
 94 | }
 95 | 
 96 | resource "aws_lambda_function" "alb_terraform_lambda" {
 97 |   filename         = "alb_lambda.zip"
 98 |   function_name    = "alb_lambda"
 99 |   role             = "${aws_iam_role.iam_for_lambda.arn}"
100 |   handler          = "alb_lambda.handler"
101 |   runtime          = "nodejs8.10"
102 |   source_code_hash = "${base64sha256(file("alb_lambda.zip"))}"
103 |   publish          = "true"
104 | }


--------------------------------------------------------------------------------
/Chapter08/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 |   region = "us-east-1"
3 | }
4 | 
5 | provider "aws" {
6 |     region = "us-west-2"
7 |     alias = "west"
8 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Packt
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Implementing Cloud Design Patterns for AWS - Second Edition
 2 | 
 3 | <a href="https://www.packtpub.com/virtualization-and-cloud/implementing-cloud-design-patterns-aws-second-edition?utm_source=github&utm_medium=repository&utm_campaign=9781789136203"><img src="https://dz13w8afd47il.cloudfront.net/sites/default/files/imagecache/ppv4_main_book_cover/B10419_MockupCover.png" alt="Implementing Cloud Design Patterns for AWS - Second Edition" height="256px" align="right"></a>
 4 | 
 5 | This is the code repository for [Implementing Cloud Design Patterns for AWS - Second Edition](https://www.packtpub.com/virtualization-and-cloud/implementing-cloud-design-patterns-aws-second-edition?utm_source=github&utm_medium=repository&utm_campaign=9781789136203), published by Packt.
 6 | 
 7 | **Create highly efficient design patterns for scalability, redundancy, and high availability in the AWS Cloud**
 8 | 
 9 | ## What is this book about?
10 | Whether you're just getting your feet wet in cloud infrastructure or already creating complex systems, this book will guide you through using the patterns to fit your system needs.
11 | 
12 | * This book covers the following exciting features:
13 | * Implement scaling policies on schedules, influxes in traffic, and deep health checks 
14 | * Make complete use of highly available and redundant storage 
15 | * Design content delivery networks to improve user experience 
16 | * Optimize databases through caching and sharding  
17 | 
18 | If you feel this book is for you, get your [copy](https://www.amazon.com/dp/1789136202) today!
19 | 
20 | <a href="https://www.packtpub.com/?utm_source=github&utm_medium=banner&utm_campaign=GitHubBanner"><img src="https://raw.githubusercontent.com/PacktPublishing/GitHub/master/GitHub.png" 
21 | alt="https://www.packtpub.com/" border="5" /></a>
22 | 
23 | ## Instructions and Navigations
24 | All of the code is organized into folders. For example, Chapter02.
25 | 
26 | The code will look like the following:
27 | ```
28 | provider "aws" {
29 | region = "us-east-1"
30 | }
31 | resource "aws_codecommit_repository" "cloudpatterns" {
32 | repository_name = "cloudpatternsrepo"
33 | description = "This is a demonstration repository for the AWS Cloud
34 | Patterns book."
35 | }
36 | ```
37 | 
38 | **Following is what you need for this book:**
39 | If you’re an architect, solution provider, or DevOps community member looking to implement repeatable patterns for deploying and maintaining services in the Amazon cloud infrastructure, this book is for you.
40 | You’ll need prior experience of using AWS understand key concepts covered in the book, as it focuses on the patterns rather than the basics of using AWS.
41 | 
42 | With the following software and hardware list you can run all code files present in the book (Chapter 1-13).
43 | ### Software and Hardware List
44 | | Chapter | Software required | OS required |
45 | | -------- | ------------------------------------ | ----------------------------------- |
46 | | All | AWS subscription | Windows, Mac OS X, and Linux (Any) |
47 | 
48 | ### Related products
49 | * Designing AWS Environments [[Packt]](https://prod.packtpub.com/in/virtualization-and-cloud/designing-aws-environments?utm_source=github&utm_medium=repository&utm_campaign=) [[Amazon]](https://www.amazon.com/dp/1789535549)
50 | 
51 | * Expert AWS Development [[Packt]](https://prod.packtpub.com/in/virtualization-and-cloud/expert-aws-development?utm_source=github&utm_medium=repository&utm_campaign=) [[Amazon]](https://www.amazon.com/dp/1788477588)
52 | 
53 | 
54 | ## Get to Know the Author
55 | **Sean Keery**
56 | began hacking obscure video game systems at the age of 13. Sean then developed interpersonal skills while teaching snowboarding. Nowadays, Cloud Foundry, choreography, containers and plenty of .io. Cluster deployments, IaaS independence, and his studies for a master's in data science keep Sean occupied. The daily commute is filled with podcasts and chipmunk bunny hops. Some family time, spicy food, a good book, and wrecking the latest toys keep Sean busy at home.
57 | 
58 | 
59 | **Clive Harber**
60 | has been programming computers since he was 13, when Commodore Basic was all the rage and the internet, as an idea, was something that was only just starting to appear in films such as WarGames. Fast-forward a decade, he gained a master's degree in chemical engineering from University of Wales, Swansea, which he used briefly in a stint when he worked in a semi-conductor foundry making microchips. Not being totally satisfied with this, he decided to change fields and learn how to write stuff for the internet. Now, he runs his own consultancy, Distorted Thinking, providing services to organizations that find themselves in digital transition, whether that's software changes or infrastructure to cloud service migration.
61 | 
62 | **Marcus Young**
63 | obtained a degree in computer science and mathematics before getting involved in system administration and DevOps. He currently works in software automation using open source tools and technologies. His hobbies include playing ice hockey and brewing homebrew beer. He also enjoys hardware projects based on microcontrollers and single-board computers.
64 | 
65 | 
66 | ## Other books by the authors
67 | [Implementing Cloud Design Patterns for AWS](https://www.packtpub.com/web-development/implementing-cloud-design-patterns-aws?utm_source=github&utm_medium=repository&utm_campaign=)
68 | 
69 | 
70 | ### Suggestions and Feedback
71 | [Click here](https://docs.google.com/forms/d/e/1FAIpQLSdy7dATC6QmEL81FIUuymZ0Wy9vH1jHkvpY57OiMeKGqib_Ow/viewform) if you have any feedback or suggestions.
72 | 
73 | 
74 | 


--------------------------------------------------------------------------------