Merge pull request aws-samples#326 from buzzsurfr/master

Automated IDE Deployment

Author: dalbhanj

cloud9-development/readme.adoc

@@ -84,3 +84,102 @@ The workshop repo has configuration files that are used to create Kubernetes res
   $ git clone https://github.com/aws-samples/aws-workshop-for-kubernetes
 
 At this point, you should have everything you need to complete any of the section of the this workshop using your Cloud9 Environment.
+
+=== Automated Deployment using CloudFormation
+
+You can also use a CloudFormation template to create the Kubernetes Development Environment. These templates will create the Cloud9 IDE with IAM Role as well as the kops state store bucket.
+
+To launch the template in your account, you will need to download one of the following:
+
+* To use an existing Subnet, download link:templates/lab-ide-novpc.template[lab-ide-novpc.template]
+* To use a new VPC/Subnet, download link:templates/lab-ide-vpc.template[lab-ide-vpc.template]
+
+==== Option 1: Console
+
+1. Log into the AWS CloudFormation Console by visiting https://console.aws.amazon.com/cloudformation/home
+
+2. Click on **Create Stack**.
+
+3. Under **Choose a Template**, click to *Upload a template to Amazon S3* and upload the file you downloaded earlier.
+
+4. Click **Next**.
+
+5. Specify a `Stack Name` and optionally a `SubnetId`. Click **Next**.
+
+6. Scroll down to the bottom and click **Next**.
+
+7. Under **Capabilities**, acknowledge that CloudFormation will create IAM resources, and click **Create**.
+
+8. Wait until the stack you just launched has a status of `CREATE_COMPLETE` (you may need to refresh), then check the box next to the new stack and select the **Outputs** tab. This will show the URL to the Cloud9 IDE (`LabIdeUrl`). Click the URL to go into your IDE.
+
+9. Download the build script: link:scripts/lab-ide-build.sh[lab-ide-build.sh].
+
+10. Copy the contents of the build script and paste into the *Terminal* window in the IDE (near the bottom).
+
+At this point, you should have everything you need to complete any of the section of the this workshop using your Cloud9 Environment.
+
+==== Option 2: CLI
+
+Get a list of existing public subnets.
+
+.Command
+[source,bash]
+----
+aws ec2 describe-subnets --query 'Subnets[?MapPublicIpOnLaunch==`true`].SubnetId'
+----
+
+.Output
+[source,output]
+----
+[
+    "subnet-1234abcd",
+    "subnet-5678ef12",
+    ...
+]
+----
+
+Launch the CloudFormation stack, substituting a SubnetId for `<SubnetId>`.
+
+.Command
+[source,bash]
+----
+aws cloudformation create-stack --stack-name "LabIDE" --template-body file://lab-ide-novpc.template --capabilities CAPABILITY_NAMED_IAM --parameters ParameterKey=SubnetId,ParameterValue=<SubnetId>
+----
+
+If you are using the link:templates/lab-ide-vpc.template[lab-ide-vpc.template], launch the stack using:
+
+.Command
+[source,bash]
+----
+aws cloudformation create-stack --stack-name "LabIDE" --template-body file://lab-ide-vpc.template --capabilities CAPABILITY_NAMED_IAM
+----
+
+Once launched, occasionally poll the status of the stack.
+
+.Command
+[source,bash]
+----
+aws cloudformation describe-stacks --stack-name LabIDE --query "Stacks[0].StackStatus" --output text
+----
+
+When this changes from `CREATE_IN_PROGRESS` to `CREATE_COMPLETE`, get the URL of the Cloud9 IDE.
+
+.Command
+[source,bash]
+----
+aws cloudformation describe-stacks --stack-name LabIDE --query 'Stacks[0].Outputs[?OutputKey==`LabIdeUrl`].OutputValue' --output text
+----
+
+.Output
+[source,output]
+----
+https://console.aws.amazon.com/cloud9/ide/<EnvironmentId>
+----
+
+Launch the IDE by copying the URL into your browser.
+
+Download the build script: link:scripts/lab-ide-build.sh[lab-ide-build.sh].
+
+Copy the contents of the build script and paste into the *Terminal* window in the IDE (near the bottom).
+
+At this point, you should have everything you need to complete any of the section of the this workshop using your Cloud9 Environment.

cloud9-development/scripts/lab-ide-build.sh

@@ -0,0 +1,45 @@
+# IDE-Build script
+#title           lab-ide-build.sh
+#description     This script will make a header for a bash script.
+#author          [email protected]
+#date            2018-01-19
+#version         0.1
+#usage           curl -sSL https://s3.amazonaws.com/lab-ide-theomazonian/lab-ide-build.sh | bash -s stable
+#notes           Install Vim and Emacs to use this script.
+#==============================================================================
+
+# Install jq
+sudo yum -y install jq
+
+# Install kubectl
+curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
+chmod +x kubectl && sudo mv kubectl /usr/local/bin/
+source <(kubectl completion bash)
+
+# Install kops
+curl -LO https://github.com/kubernetes/kops/releases/download/$(curl -s https://api.github.com/repos/kubernetes/kops/releases/latest | grep tag_name | cut -d '"' -f 4)/kops-linux-amd64
+chmod +x kops-linux-amd64
+sudo mv kops-linux-amd64 /usr/local/bin/kops
+
+# Configure AWS CLI
+availability_zone=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)
+export AWS_DEFAULT_REGION=${availability_zone%?}
+
+# Lab-specific configuration
+export AWS_AVAILABILITY_ZONES="$(aws ec2 describe-availability-zones --query 'AvailabilityZones[].ZoneName' --output text | awk -v OFS="," '$1=$1')"
+export AWS_INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
+aws ec2 describe-instances --instance-ids $AWS_INSTANCE_ID > /tmp/instance.json
+export AWS_STACK_NAME=$(jq -r '.Reservations[0].Instances[0]|(.Tags[]|select(.Key=="aws:cloudformation:stack-name")|.Value)' /tmp/instance.json)
+export AWS_ENVIRONMENT=$(jq -r '.Reservations[0].Instances[0]|(.Tags[]|select(.Key=="aws:cloud9:environment")|.Value)' /tmp/instance.json)
+export AWS_MASTER_STACK=${AWS_STACK_NAME%$AWS_ENVIRONMENT}
+export AWS_MASTER_STACK=${AWS_MASTER_STACK%?}
+export AWS_MASTER_STACK=${AWS_MASTER_STACK#aws-cloud9-}
+export KOPS_STATE_STORE=s3://$(aws cloudformation describe-stack-resource --stack-name $AWS_MASTER_STACK --logical-resource-id "KopsStateStore" | jq -r '.StackResourceDetail.PhysicalResourceId')
+
+# Persist lab variables
+echo "AWS_AVAILABILITY_ZONES=$AWS_AVAILABILITY_ZONES" >> ~/.bash_profile
+echo "KOPS_STATE_STORE=$KOPS_STATE_STORE" >> ~/.bash_profile
+echo "export AWS_AVAILABILITY_ZONES KOPS_STATE_STORE" >> ~/.bash_profile
+
+# Download lab Repository
+git clone https://github.com/aws-samples/aws-workshop-for-kubernetes

cloud9-development/templates/lab-ide-novpc.template

@@ -0,0 +1,242 @@
+{
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Lab IDE using existing Subnet for container workshop v0.4",
+  "Metadata": {},
+  "Parameters": {
+    "SubnetId": {
+      "Description": "Public Subnet for the Lab IDE.",
+      "Type": "AWS::EC2::Subnet::Id",
+      "Default": ""
+    }
+  },
+  "Mappings": {},
+  "Conditions": {},
+  "Resources": {
+    "LabIDE": {
+      "Description": "-",
+      "Type": "AWS::Cloud9::EnvironmentEC2",
+      "Properties": {
+        "Description": "Lab IDE for container workshop",
+        "AutomaticStopTimeMinutes": 60,
+        "InstanceType": "t2.micro",
+        "Name": {
+          "Ref": "AWS::StackName"
+        },
+        "SubnetId": {
+          "Ref": "SubnetId"
+        }
+      }
+    },
+    "KopsStateStore": {
+      "Description": "-",
+      "Type": "AWS::S3::Bucket",
+      "Properties": {
+        "VersioningConfiguration": {
+          "Status": "Enabled"
+        }
+      }
+    },
+    "LabIdeRole": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "ec2.amazonaws.com"
+                ]
+              },
+              "Action": [
+                "sts:AssumeRole"
+              ]
+            }
+          ]
+        },
+        "ManagedPolicyArns": [
+          "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
+          "arn:aws:iam::aws:policy/AmazonRoute53FullAccess",
+          "arn:aws:iam::aws:policy/AmazonS3FullAccess",
+          "arn:aws:iam::aws:policy/IAMFullAccess",
+          "arn:aws:iam::aws:policy/AmazonVPCFullAccess"
+        ],
+        "Path": "/"
+      }
+    },
+    "LabIdeInstanceProfile": {
+      "Type": "AWS::IAM::InstanceProfile",
+      "Properties": {
+        "Path": "/",
+        "Roles": [
+          {
+            "Ref": "LabIdeRole"
+          }
+        ]
+      }
+    },
+    "AddRoleToInstance": {
+      "Description": "Add LabIdeRole to Cloud9 IDE Instance",
+      "Type": "Custom::AddRoleToInstance",
+      "DependsOn": ["AddRoleToInstanceFunction"],
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "AddRoleToInstanceFunction",
+            "Arn"
+          ]
+        },
+        "Region": {
+          "Ref": "AWS::Region"
+        },
+        "StackName": {
+          "Ref": "AWS::StackName"
+        },
+        "EnvironmentId": {
+          "Ref": "LabIDE"
+        },
+        "LabIdeInstanceProfileName": {
+          "Ref": "LabIdeInstanceProfile"
+        },
+        "LabIdeInstanceProfileArn": {
+          "Fn::GetAtt": [
+            "LabIdeInstanceProfile",
+            "Arn"
+          ]
+        }
+      }
+    },
+    "AddRoleToInstanceFunction": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "ZipFile": {
+            "Fn::Join": [
+              "\n",
+              [
+                "import boto3",
+                "import time",
+                "import traceback",
+                "import cfnresponse",
+                "",
+                "def handler(event, context):",
+                "    responseData = {}",
+                "    ",
+                "    # Immediately respond on Delete (no work to be done)",
+                "    if event['RequestType'] == 'Delete':",
+                "        cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'CustomResourcePhysicalID')",
+                "    ",
+                "    try:",
+                "        # Open AWS clients",
+                "        ec2 = boto3.client('ec2')",
+                "        ",
+                "        # Get the InstanceId of the Cloud9 IDE",
+                "        instance = ec2.describe_instances(Filters=[{'Name': 'tag:Name','Values': ['aws-cloud9-'+event['ResourceProperties']['StackName']+'-'+event['ResourceProperties']['EnvironmentId']]}])['Reservations'][0]['Instances'][0]",
+                "        ",
+                "        # Create the IamInstanceProfile request object",
+                "        iam_instance_profile = {",
+                "            'Arn': event['ResourceProperties']['LabIdeInstanceProfileArn'],",
+                "            'Name': event['ResourceProperties']['LabIdeInstanceProfileName']",
+                "        }",
+                "        ",
+                "        # Wait for Instance to become ready before adding Role",
+                "        instance_state = instance['State']['Name']",
+                "        while instance_state != 'running':",
+                "            time.sleep(5)",
+                "            instance_state = ec2.describe_instances(InstanceIds=[instance['InstanceId']])",
+                "        ec2.associate_iam_instance_profile(IamInstanceProfile=iam_instance_profile, InstanceId=instance['InstanceId'])",
+                "        ",
+                "        responseData = {'Success': 'Role added to instance'+instance['InstanceId']+'.'}",
+                "        cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'CustomResourcePhysicalID')",
+                "    except Exception as e:",
+                "        responseData = {'Error': traceback.format_exc(e)}",
+                "        cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID')"
+              ]
+            ]
+          }
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "LambdaExecutionRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "python2.7",
+        "Timeout": "30"
+      }
+    },
+    "LambdaExecutionRole": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Principal": {
+                "Service": [
+                  "lambda.amazonaws.com"
+                ]
+              },
+              "Action": [
+                "sts:AssumeRole"
+              ]
+            }
+          ]
+        },
+        "Path": "/",
+        "Policies": [
+          {
+            "PolicyName": "root",
+            "PolicyDocument": {
+              "Version": "2012-10-17",
+              "Statement": [
+                {
+                  "Effect": "Allow",
+                  "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                  ],
+                  "Resource": "arn:aws:logs:*:*:*"
+                },
+                {
+                  "Effect": "Allow",
+                  "Action": [
+                    "cloudformation:DescribeStacks",
+                    "cloudformation:DescribeStackEvents",
+                    "cloudformation:DescribeStackResource",
+                    "cloudformation:DescribeStackResources",
+                    "ec2:DescribeInstances",
+                    "ec2:AssociateIamInstanceProfile",
+                    "ec2:ReplaceIamInstanceProfileAssociation",
+                    "iam:ListInstanceProfiles",
+                    "iam:PassRole"
+                  ],
+                  "Resource": "*"
+                }
+              ]
+            }
+          }
+        ]
+      }
+    }
+  },
+  "Outputs": {
+    "LabIdeUrl": {
+      "Value": {
+        "Fn::Join": [
+          "",
+          [
+            "https://console.aws.amazon.com/cloud9/ide/",
+            {
+              "Ref": "LabIDE"
+            }
+          ]
+        ]
+      }
+    }
+  }
+}