Merge pull request #161 from stelligent/develop

release 0.2.5
stelligent · Aug 16, 2017 · 80b6b4b · 80b6b4b
2 parents 52c2b8e + ebe25cc
commit 80b6b4b
Show file tree

Hide file tree

Showing 10 changed files with 106 additions and 14 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,3 +1,6 @@
+<img src="https://github.com/stelligent/mu/wiki/img/mu.png" width="150">
+<br/>
+
 # Contributing to Mu
 
 Help wanted!  We'd love your contributions to Mu.  Please review the following guidelines before contributing.  Also, feel free to propose changes to these guidelines by updating this file and submitting a pull request.

diff --git a/Makefile b/Makefile
@@ -34,6 +34,11 @@ lint: fmt
 	go vet $(SRC_FILES)
 	glide novendor | xargs -n1 golint -set_exit_status
 
+nag:
+	@echo "=== cfn_nag ==="
+	grep -l AWSTemplateFormatVersion: templates/assets/*.yml |xargs -t -n 1 cfn_nag
+
+
 test: lint gen
 	@echo "=== testing ==="
 ifneq ($(CIRCLE_TEST_REPORTS),)

diff --git a/README.md b/README.md
@@ -1,3 +1,6 @@
+<img src="https://github.com/stelligent/mu/wiki/img/mu.png" width="150">
+<br/>
+
 [![Build Status](https://circleci.com/gh/stelligent/mu.svg?style=shield)](https://circleci.com/gh/stelligent/mu) [![Join the chat at https://gitter.im/stelligent/mu](https://badges.gitter.im/stelligent/mu.svg)](https://gitter.im/stelligent/mu?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Go Report Card](https://goreportcard.com/badge/github.com/stelligent/mu)](https://goreportcard.com/report/github.com/stelligent/mu)
 
 
@@ -35,6 +38,7 @@ Check out the [examples](examples) to see snippets of `mu.yml` configuration fil
 * **[HTTPS](examples/elb-https)** - Enable HTTPS on the ALB for an environment
 * **[DNS](examples/elb-dns)** - Associate Route53 resource record with ALB for an environment
 * **[VPC Target](examples/vpc-target)** - Targeting an existing VPC for an environment
+* **[VPN Connection](examples/vpn)** - Demonstration of adding VPN via CloudFormation
 * **[Custom CloudFormation](examples/custom-cloudformation)** - Demonstration of adding custom AWS resources via CloudFormation
 * **[Traditional Infrastructure](examples/ec2-provider)** - Demonstration of using EC2 + CodeDeploy rather than ECS for running services
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.2.4
+0.2.5
diff --git a/examples/vpn/README.md b/examples/vpn/README.md
@@ -0,0 +1,5 @@
+# Examples
+These examples are not intended to be run directly.  Rather, they serve as a reference that can be consulted when creating your own `mu.yml` files.
+
+For detailed steps to create your own project, check out the [quickstart](https://github.com/stelligent/mu/wiki/Quickstart#steps).
+
diff --git a/examples/vpn/mu.yml b/examples/vpn/mu.yml
@@ -0,0 +1,70 @@
+---
+
+environments:
+  - name: prod
+
+templates:
+  mu-vpc-prod:
+    Resources:
+      CustomerGateway:
+        Type: "AWS::EC2::CustomerGateway"
+        Properties:
+          BgpAsn: 65000
+          IpAddress: 1.1.1.1 # Public IP of remote VPN device
+          Type: ipsec.1
+      VirtualPrivateGateway:
+        Type: "AWS::EC2::VPNGateway"
+        Properties: 
+          Type: ipsec.1
+      VPNconnection:
+        Type: "AWS::EC2::VPNConnection"
+        Properties: 
+          Type: ipsec.1
+          CustomerGatewayId:
+            Ref: CustomerGateway
+          StaticRoutesOnly: true
+          VpnGatewayId:
+            Ref: VirtualPrivateGateway
+        DependsOn: VPCGatewayAttachment
+      VPCGatewayAttachment:
+        Type: "AWS::EC2::VPCGatewayAttachment"
+        Properties: 
+          VpcId: 
+            Ref: VPC
+          VpnGatewayId: 
+            Ref: VirtualPrivateGateway
+        DependsOn: VirtualPrivateGateway
+      VPNInstanceInboundNetworkAclEntry1:
+        Type: AWS::EC2::NetworkAclEntry
+        Properties:
+          NetworkAclId: 
+            Ref: InstanceNetworkAcl
+          RuleNumber: '105'
+          Protocol: '6'
+          RuleAction: allow
+          Egress: 'false'
+          CidrBlock: 10.50.0.0/24 # CIDR at remote network
+          PortRange:
+            From: '0'
+            To: '65535'
+      VPNInstanceOutboundUdpNetworkAclEntry1:
+        Type: AWS::EC2::NetworkAclEntry
+        Properties:
+          NetworkAclId: 
+            Ref: InstanceNetworkAcl
+          RuleNumber: '105'
+          Protocol: '17'
+          RuleAction: allow
+          Egress: 'true'
+          CidrBlock: 10.50.0.0/24 # CIDR at remote network
+          PortRange:
+            From: '0'
+            To: '65535'
+      VPNRoutePropagation:
+        Type: "AWS::EC2::VPNGatewayRoutePropagation"
+        DependsOn: VPCGatewayAttachment
+        Properties: 
+          RouteTableIds:
+          - Ref: InstanceRouteTable
+          VpnGatewayId: 
+            Ref: VirtualPrivateGateway
diff --git a/templates/assets.go b/templates/assets.go
diff --git a/templates/assets/vpc.yml b/templates/assets/vpc.yml
@@ -217,7 +217,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 0
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: Public
@@ -293,7 +293,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 0
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: Private
@@ -309,7 +309,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 1
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: Private
@@ -325,7 +325,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 2
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: Private
@@ -463,7 +463,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 0
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: !If [ IsPublicElb, "Public", "Private" ]
@@ -479,7 +479,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 1
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: !If [ IsPublicElb, "Public", "Private" ]
@@ -495,7 +495,7 @@ Resources:
       AvailabilityZone:
         Fn::Select:
         - 2
-        - !GetAZs ''
+        - Fn::GetAZs: ""
       Tags:
       - Key: Network
         Value: !If [ IsPublicElb, "Public", "Private" ]

diff --git a/wiki b/wiki
diff --git a/workflows/service_deploy.go b/workflows/service_deploy.go
@@ -112,8 +112,13 @@ func (workflow *serviceWorkflow) serviceApplyEc2Params(params map[string]string)
 			"ConsulServerAutoScalingGroup",
 			"ElbSecurityGroup",
 			"ConsulRpcClientSecurityGroup",
-			"InstanceSubnetIds",
 			"InstanceSecurityGroup",
+		} {
+			params[key] = workflow.envStack.Outputs[key]
+		}
+
+		for _, key := range [...]string{
+			"InstanceSubnetIds",
 		} {
 			params[key] = workflow.envStack.Parameters[key]
 		}