Looping over collections (#238)

* Add lab: Looping over collections with Fn::ForEach. * Bump version: 3.0.0 → 3.1.0 * Fix cfn-nag issues * Few nitpicks; grammar cleanup code line numbers correction blank space cleanup * Couple more picked up by IDE --------- Co-authored-by: Franco Rezabek <[email protected]>
aws-samples · Aug 21, 2023 · 0c9b4ee · 0c9b4ee
1 parent f98f3dd
commit 0c9b4ee
Show file tree

Hide file tree

Showing 10 changed files with 801 additions and 16 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,4 +1,4 @@
 [bumpversion]
-current_version = 3.0.0
+current_version = 3.1.0
 commit = True
 tag = False
diff --git a/.cfnlintrc b/.cfnlintrc
@@ -4,6 +4,7 @@ templates:
 
 ignore_templates:
   - ./code/solutions/policy-as-code-with-guard/example_bucket_tests.yaml
+  - ./code/solutions/linting-and-testing/.taskcat.yml
 
 ignore_checks:
   # Supress "This code may only work with `package` cli command as the property <xyz> is a string".

diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml
@@ -29,15 +29,7 @@ jobs:
         python-version: '3.10' # have to use quotes due to 0 being removed
     - name: Install python packages
       run: pip install -Ur requirements.txt
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 3.1
-    - name: Install Ruby gems
-      run: gem install cfn-nag
 
     # Run Tests
-    - name: CloudFormation lint test
-      run: cfn-lint
-    - name: CloudFormation nag test
-      run: cfn_nag_scan --input-path code/solutions --ignore-fatal
+    - name: Run Pre-commit tests
+      run: pre-commit run --all-files
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -34,18 +34,30 @@ repos:
   hooks:
   - id: cfn-python-lint
     name: AWS CloudFormation Linter
-    files: solutions/.*\.(yaml|template)$
+    files: code/solutions/.*\.(ya?ml|template)$
     args:
       - --ignore-templates=code/solutions/policy-as-code-with-guard/example_bucket_tests.yaml
+      - --ignore-templates=code/solutions/linting-and-testing/.taskcat.yml
 
 - repo: https://github.com/aws-cloudformation/rain
   rev: v1.4.4
   hooks:
   - id: cfn-format
-    files: solutions/.*\.(yaml|template)$
-    exclude: code/solutions/policy-as-code-with-guard/example_bucket_tests.yaml
+    files: code/solutions/.*\.(ya?ml|template)$
+    exclude: code/solutions/policy-as-code-with-guard/example_bucket_tests\.yaml|code/solutions/linting-and-testing/\.taskcat\.yml
 
-# Python
+- repo: https://github.com/stelligent/cfn_nag
+  rev: v0.8.10
+  hooks:
+  -   id: cfn-nag
+      entry: cfn_nag
+      language: ruby
+      args:
+        - --ignore-fatal
+      files: code/solutions/.*\.(ya?ml|template)$
+      exclude: code/solutions/looping-over-collections/.*\.yaml
+
+    # Python
 - repo: https://github.com/pycqa/pylint
   rev: v3.0.0a6
   hooks:

diff --git a/Makefile b/Makefile
@@ -38,7 +38,7 @@ lint: $(VENV_NAME)
 	$(VENV_NAME)/bin/cfn-lint
 
 nag:
-	cfn_nag_scan --input-path code/solutions --ignore-fatal
+	cfn_nag $(path) --ignore-fatal
 
 # Versioning and releases
 .PHONY: version release

diff --git a/code/solutions/looping-over-collections/s3-buckets.yaml b/code/solutions/looping-over-collections/s3-buckets.yaml
@@ -0,0 +1,33 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Description: AWS CloudFormation workshop lab for looping over collections (uksb-1q9p31idr) (tag:looping-over-collections).
+
+Transform: AWS::LanguageExtensions
+
+Resources:
+  Fn::ForEach::S3Buckets:
+    - S3BucketLogicalId
+    - [S3Bucket1, S3Bucket2, S3Bucket3]
+    - ${S3BucketLogicalId}:
+        Type: AWS::S3::Bucket
+        Properties:
+          BucketEncryption:
+            ServerSideEncryptionConfiguration:
+              - ServerSideEncryptionByDefault:
+                  SSEAlgorithm: aws:kms
+          LifecycleConfiguration:
+            Rules:
+              - Id: Example Glacier Rule
+                ExpirationInDays: 365
+                Status: Enabled
+                Transitions:
+                  - TransitionInDays: 30
+                    StorageClass: GLACIER
+          PublicAccessBlockConfiguration:
+            BlockPublicAcls: true
+            BlockPublicPolicy: true
+            IgnorePublicAcls: true
+            RestrictPublicBuckets: true
+          Tags:
+            - Key: Name
+              Value: aws-cloudformation-workshop
diff --git a/code/solutions/looping-over-collections/vpc.yaml b/code/solutions/looping-over-collections/vpc.yaml
@@ -0,0 +1,153 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Description: AWS CloudFormation workshop lab for looping over collections (uksb-1q9p31idr) (tag:looping-over-collections).
+
+Mappings:
+  Vpc:
+    Configuration:
+      EnableDnsHostnames: true
+      EnableDnsSupport: true
+      Cidr: 172.31.0.0/16
+
+  SubnetAzIndexes:
+    Public:
+      "1": 0
+      "2": 1
+    Private:
+      "1": 0
+      "2": 1
+
+  SubnetCidrs:
+    Public:
+      "1": 172.31.1.0/24
+      "2": 172.31.2.0/24
+    Private:
+      "1": 172.31.11.0/24
+      "2": 172.31.12.0/24
+
+Transform: AWS::LanguageExtensions
+
+Resources:
+  Vpc:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: !FindInMap
+        - Vpc
+        - Configuration
+        - Cidr
+      EnableDnsHostnames: !FindInMap
+        - Vpc
+        - Configuration
+        - EnableDnsHostnames
+      EnableDnsSupport: !FindInMap
+        - Vpc
+        - Configuration
+        - EnableDnsSupport
+      Tags:
+        - Key: Name
+          Value: aws-cloudformation-workshop
+
+  InternetGateway:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: Name
+          Value: aws-cloudformation-workshop
+
+  VpcGatewayAttachment:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId: !Ref Vpc
+      InternetGatewayId: !Ref InternetGateway
+
+  Fn::ForEach::SubnetTypes:
+    - SubnetType
+    - [Public, Private]
+    - Fn::ForEach::SubnetNumbers:
+        - SubnetNumber
+        - ["1", "2"]
+        - ${SubnetType}Subnet${SubnetNumber}:
+            Type: AWS::EC2::Subnet
+            Properties:
+              AvailabilityZone: !Select
+                - !FindInMap
+                  - SubnetAzIndexes
+                  - !Ref SubnetType
+                  - !Ref SubnetNumber
+                - !GetAZs ""
+              CidrBlock: !FindInMap
+                - SubnetCidrs
+                - !Ref SubnetType
+                - !Ref SubnetNumber
+              Tags:
+                - Key: Name
+                  Value: aws-cloudformation-workshop
+              VpcId: !Ref Vpc
+          ${SubnetType}RouteTable${SubnetNumber}:
+            Type: AWS::EC2::RouteTable
+            Properties:
+              Tags:
+                - Key: Name
+                  Value: aws-cloudformation-workshop
+              VpcId: !Ref Vpc
+          ${SubnetType}SubnetRouteTableAssociation${SubnetNumber}:
+            Type: AWS::EC2::SubnetRouteTableAssociation
+            Properties:
+              RouteTableId: !Ref
+                Fn::Sub: ${SubnetType}RouteTable${SubnetNumber}
+              SubnetId: !Ref
+                Fn::Sub: ${SubnetType}Subnet${SubnetNumber}
+
+  Fn::ForEach::DefaultRoutesForPublicSubnets:
+    - SubnetNumber
+    - ["1", "2"]
+    - DefaultRouteForPublicSubnet${SubnetNumber}:
+        DependsOn: VpcGatewayAttachment
+        Type: AWS::EC2::Route
+        Properties:
+          RouteTableId: !Ref
+            Fn::Sub: PublicRouteTable${SubnetNumber}
+          DestinationCidrBlock: 0.0.0.0/0
+          GatewayId: !Ref InternetGateway
+
+  Fn::ForEach::NatGateways:
+    - SubnetNumber
+    - ["1", "2"]
+    - Eip${SubnetNumber}:
+        DependsOn: VpcGatewayAttachment
+        Type: AWS::EC2::EIP
+        Properties:
+          Domain: vpc
+      NatGateway${SubnetNumber}:
+        Type: AWS::EC2::NatGateway
+        Properties:
+          AllocationId: !GetAtt
+            - !Sub Eip${SubnetNumber}
+            - AllocationId
+          SubnetId: !Ref
+            Fn::Sub: PublicSubnet${SubnetNumber}
+          Tags:
+            - Key: Name
+              Value: aws-cloudformation-workshop
+      DefaultRouteForPrivateSubnet${SubnetNumber}:
+        Type: AWS::EC2::Route
+        Properties:
+          RouteTableId: !Ref
+            Fn::Sub: PrivateRouteTable${SubnetNumber}
+          DestinationCidrBlock: 0.0.0.0/0
+          NatGatewayId: !Ref
+            Fn::Sub: NatGateway${SubnetNumber}
+
+Outputs:
+  Fn::ForEach::SubnetIdsOutputs:
+    - SubnetType
+    - [Public, Private]
+    - Fn::ForEach::SubnetNumbers:
+        - SubnetNumber
+        - ["1", "2"]
+        - ${SubnetType}Subnet${SubnetNumber}:
+            Description: !Sub 'The ID of ${SubnetType}Subnet${SubnetNumber}.'
+            Export:
+              Name: !Sub ${AWS::AccountId}-${SubnetType}Subnet${SubnetNumber}Id
+            Value: !Ref
+              Fn::Sub: ${SubnetType}Subnet${SubnetNumber}
diff --git a/code/workspace/looping-over-collections/s3-buckets.yaml b/code/workspace/looping-over-collections/s3-buckets.yaml
@@ -0,0 +1,8 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Description: AWS CloudFormation workshop lab for looping over collections (uksb-1q9p31idr) (tag:looping-over-collections).
+
+Transform: AWS::LanguageExtensions
+
+Resources:
+  # TODO: add resources you wish to describe.
diff --git a/code/workspace/looping-over-collections/vpc.yaml b/code/workspace/looping-over-collections/vpc.yaml
@@ -0,0 +1,63 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Description: AWS CloudFormation workshop lab for looping over collections (uksb-1q9p31idr) (tag:looping-over-collections).
+
+Mappings:
+  Vpc:
+    Configuration:
+      EnableDnsHostnames: true
+      EnableDnsSupport: true
+      Cidr: 172.31.0.0/16
+
+  SubnetAzIndexes:
+    Public:
+      "1": 0
+      "2": 1
+    Private:
+      "1": 0
+      "2": 1
+
+  SubnetCidrs:
+    Public:
+      "1": 172.31.1.0/24
+      "2": 172.31.2.0/24
+    Private:
+      "1": 172.31.11.0/24
+      "2": 172.31.12.0/24
+
+Transform: AWS::LanguageExtensions
+
+Resources:
+  Vpc:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: !FindInMap
+        - Vpc
+        - Configuration
+        - Cidr
+      EnableDnsHostnames: !FindInMap
+        - Vpc
+        - Configuration
+        - EnableDnsHostnames
+      EnableDnsSupport: !FindInMap
+        - Vpc
+        - Configuration
+        - EnableDnsSupport
+      Tags:
+        - Key: Name
+          Value: aws-cloudformation-workshop
+
+  InternetGateway:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: Name
+          Value: aws-cloudformation-workshop
+
+  VpcGatewayAttachment:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId: !Ref Vpc
+      InternetGatewayId: !Ref InternetGateway
+
+  # TODO: add resources you wish to describe.