Skip to content

Instantly share code, notes, and snippets.

@anelson

anelson/cfn.yaml Secret

Created May 5, 2024 13:22
Show Gist options
  • Save anelson/4e5af3f511e8429a3b06b1c9d4294f71 to your computer and use it in GitHub Desktop.
Save anelson/4e5af3f511e8429a3b06b1c9d4294f71 to your computer and use it in GitHub Desktop.
Download ZIP
CFN template which reproduces issue with Localstack 3.4.0
Raw
cfn.yaml
# Autogenerated. To regenerate run 'just gencfn'
Resources:
Vpc8378EB38:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: farcast:default
Value: "true"
- Key: farcast:managed
Value: "true"
- Key: Name
Value: Farcast/Vpc
Metadata:
aws:cdk:path: Farcast/Vpc/Resource
VpcFarcastServerSubnet1Subnet2A70D879:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs: ""
CidrBlock: 10.0.0.0/16
MapPublicIpOnLaunch: true
Tags:
- Key: aws-cdk:subnet-name
Value: FarcastServer
- Key: aws-cdk:subnet-type
Value: Public
- Key: farcast:default
Value: "true"
- Key: farcast:managed
Value: "true"
- Key: Name
Value: Farcast/Vpc/FarcastServerSubnet1
VpcId:
Ref: Vpc8378EB38
Metadata:
aws:cdk:path: Farcast/Vpc/FarcastServerSubnet1/Subnet
VpcFarcastServerSubnet1RouteTable43A9A14A:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: farcast:default
Value: "true"
- Key: farcast:managed
Value: "true"
- Key: Name
Value: Farcast/Vpc/FarcastServerSubnet1
VpcId:
Ref: Vpc8378EB38
Metadata:
aws:cdk:path: Farcast/Vpc/FarcastServerSubnet1/RouteTable
VpcFarcastServerSubnet1RouteTableAssociationD73FDFFF:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: VpcFarcastServerSubnet1RouteTable43A9A14A
SubnetId:
Ref: VpcFarcastServerSubnet1Subnet2A70D879
Metadata:
aws:cdk:path: Farcast/Vpc/FarcastServerSubnet1/RouteTableAssociation
VpcFarcastServerSubnet1DefaultRouteD50DC9CA:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: VpcIGWD7BA715C
RouteTableId:
Ref: VpcFarcastServerSubnet1RouteTable43A9A14A
DependsOn:
- VpcVPCGWBF912B6E
Metadata:
aws:cdk:path: Farcast/Vpc/FarcastServerSubnet1/DefaultRoute
VpcIGWD7BA715C:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: farcast:default
Value: "true"
- Key: farcast:managed
Value: "true"
- Key: Name
Value: Farcast/Vpc
Metadata:
aws:cdk:path: Farcast/Vpc/IGW
VpcVPCGWBF912B6E:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId:
Ref: VpcIGWD7BA715C
VpcId:
Ref: Vpc8378EB38
Metadata:
aws:cdk:path: Farcast/Vpc/VPCGW
FarcastDefaultComputeB5C4A6CA:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Default security group that Farcast will apply to all Farcast-managed compute; allows incoming SSH and no other traffic
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic by default
IpProtocol: "-1"
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
Description: Allow SSH access from any IPv4
FromPort: 22
IpProtocol: tcp
ToPort: 22
- CidrIpv6: ::/0
Description: Allow SSH access from any IPv6
FromPort: 22
IpProtocol: tcp
ToPort: 22
Tags:
- Key: farcast:default
Value: "true"
- Key: farcast:managed
Value: "true"
VpcId:
Ref: Vpc8378EB38
Metadata:
aws:cdk:path: Farcast/FarcastDefaultCompute/Resource
FarcastApiKey6EEFCB47:
Type: AWS::SecretsManager::Secret
Properties:
Description: The API key which clients must present in order to authenticate to the Farcast server
GenerateSecretString:
ExcludePunctuation: true
IncludeSpace: false
PasswordLength: 32
Tags:
- Key: farcast:managed
Value: "true"
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
Metadata:
aws:cdk:path: Farcast/FarcastApiKey/Resource
EventQueueFD722DCD:
Type: AWS::SQS::Queue
Properties:
Tags:
- Key: farcast:managed
Value: "true"
VisibilityTimeout: 300
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
Metadata:
aws:cdk:path: Farcast/EventQueue/Resource
EventQueuePolicy4A12B969:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Statement:
- Action:
- sqs:GetQueueAttributes
- sqs:GetQueueUrl
- sqs:SendMessage
Condition:
ArnEquals:
aws:SourceArn:
Fn::GetAtt:
- EC2RuleDC19A4D8
- Arn
Effect: Allow
Principal:
Service: events.amazonaws.com
Resource:
Fn::GetAtt:
- EventQueueFD722DCD
- Arn
- Action:
- sqs:GetQueueAttributes
- sqs:GetQueueUrl
- sqs:SendMessage
Condition:
ArnEquals:
aws:SourceArn:
Fn::GetAtt:
- EBSRule66D908C4
- Arn
Effect: Allow
Principal:
Service: events.amazonaws.com
Resource:
Fn::GetAtt:
- EventQueueFD722DCD
- Arn
- Action:
- sqs:GetQueueAttributes
- sqs:GetQueueUrl
- sqs:SendMessage
Effect: Allow
Principal:
Service: events.amazonaws.com
Resource:
Fn::GetAtt:
- EventQueueFD722DCD
- Arn
Version: "2012-10-17"
Queues:
- Ref: EventQueueFD722DCD
Metadata:
aws:cdk:path: Farcast/EventQueue/Policy/Resource
EC2RuleDC19A4D8:
Type: AWS::Events::Rule
Properties:
EventPattern:
source:
- aws.ec2
detail-type:
- EC2 Instance State-change Notification
- EC2 Spot Instance Interruption Warning
detail:
state:
- pending
- running
- stopping
- stopped
- shutting-down
- terminated
- hibernating
tags:
farcast:managed:
- exists: true
State: ENABLED
Targets:
- Arn:
Fn::GetAtt:
- EventQueueFD722DCD
- Arn
Id: Target0
Metadata:
aws:cdk:path: Farcast/EC2Rule/Resource
EBSRule66D908C4:
Type: AWS::Events::Rule
Properties:
EventPattern:
source:
- aws.ec2
detail-type:
- EBS Volume Notification
- EBS Snapshot Notification
detail:
event:
- createVolume
- deleteVolume
- createSnapshot
- deleteSnapshot
tags:
farcast:managed:
- exists: true
State: ENABLED
Targets:
- Arn:
Fn::GetAtt:
- EventQueueFD722DCD
- Arn
Id: Target0
Metadata:
aws:cdk:path: Farcast/EBSRule/Resource
FarcastKeyF560C410:
Type: AWS::KMS::Key
Properties:
Description: Key used for securing Farcast resources
EnableKeyRotation: true
KeyPolicy:
Statement:
- Action: kms:*
Effect: Allow
Principal:
AWS:
Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- ":iam::"
- Ref: AWS::AccountId
- :root
Resource: "*"
Version: "2012-10-17"
Tags:
- Key: farcast:managed
Value: "true"
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Metadata:
aws:cdk:path: Farcast/FarcastKey/Resource
FarcastKeyAlias8E5DC577:
Type: AWS::KMS::Alias
Properties:
AliasName: alias/FarcastKey
TargetKeyId:
Fn::GetAtt:
- FarcastKeyF560C410
- Arn
Metadata:
aws:cdk:path: Farcast/FarcastKeyAlias/Resource
FarcastStateC822DE59:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
KMSMasterKeyID:
Fn::GetAtt:
- FarcastKeyF560C410
- Arn
SSEAlgorithm: aws:kms
LifecycleConfiguration:
Rules:
- ExpirationInDays: 30
Id: CacheLifecycleRule
NoncurrentVersionExpiration:
NoncurrentDays: 180
Prefix: cache/
Status: Enabled
- ExpirationInDays: 365
Id: ArtifactsLifecycleRule
NoncurrentVersionExpiration:
NoncurrentDays: 180
Prefix: artifacts/
Status: Enabled
- Id: ConfigLifecycleRule
NoncurrentVersionExpiration:
NoncurrentDays: 180
Prefix: config/
Status: Enabled
Tags:
- Key: farcast:managed
Value: "true"
VersioningConfiguration:
Status: Enabled
UpdateReplacePolicy: Retain
DeletionPolicy: Retain
Metadata:
aws:cdk:path: Farcast/FarcastState/Resource
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Analytics: v2:deflate64:H4sIAAAAAAAA/02RT3ODIBDFP0vvSBNz6Nl6yHR6qNVOrh3EbUNUsMAm4zh89/LHibmwb3/z4LGQ0/3hhe6e2M1kvOuzQbR0aSzjPfHoewGe0+U0cVL+yFNVkgrbQfAGWwk2sE3VCi18sXaAjW+sMEZxwaxQ8m4O4k1a0N55ZBZubF5j1q6w/iLnEaQlDXDUws5HrXCKAY/AEQNcgzUjk+wXtB8h9qvRK+/4M3T5RMCYm0RcK+Unmu8wtY7A1ef6LTWmiUJ1pB89eodoD6UYBDOhicKnHOjyirxP2Uk5R2owCjWPB32gnTA92QMtlexEeB5HpOqAXszzNd/Rfe4/52KEyDRKK0agdar/ROPGX7kBAAA=
Metadata:
aws:cdk:path: Farcast/CDKMetadata/Default
Condition: CDKMetadataAvailable
Outputs:
ApiKey:
Value:
Ref: FarcastApiKey6EEFCB47
SqsQueue:
Value:
Ref: EventQueueFD722DCD
KmsKey:
Value: alias/FarcastKey
S3Bucket:
Value:
Ref: FarcastStateC822DE59
Conditions:
CDKMetadataAvailable:
Fn::Or:
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- af-south-1
- Fn::Equals:
- Ref: AWS::Region
- ap-east-1
- Fn::Equals:
- Ref: AWS::Region
- ap-northeast-1
- Fn::Equals:
- Ref: AWS::Region
- ap-northeast-2
- Fn::Equals:
- Ref: AWS::Region
- ap-south-1
- Fn::Equals:
- Ref: AWS::Region
- ap-southeast-1
- Fn::Equals:
- Ref: AWS::Region
- ap-southeast-2
- Fn::Equals:
- Ref: AWS::Region
- ca-central-1
- Fn::Equals:
- Ref: AWS::Region
- cn-north-1
- Fn::Equals:
- Ref: AWS::Region
- cn-northwest-1
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- eu-central-1
- Fn::Equals:
- Ref: AWS::Region
- eu-north-1
- Fn::Equals:
- Ref: AWS::Region
- eu-south-1
- Fn::Equals:
- Ref: AWS::Region
- eu-west-1
- Fn::Equals:
- Ref: AWS::Region
- eu-west-2
- Fn::Equals:
- Ref: AWS::Region
- eu-west-3
- Fn::Equals:
- Ref: AWS::Region
- il-central-1
- Fn::Equals:
- Ref: AWS::Region
- me-central-1
- Fn::Equals:
- Ref: AWS::Region
- me-south-1
- Fn::Equals:
- Ref: AWS::Region
- sa-east-1
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- us-east-1
- Fn::Equals:
- Ref: AWS::Region
- us-east-2
- Fn::Equals:
- Ref: AWS::Region
- us-west-1
- Fn::Equals:
- Ref: AWS::Region
- us-west-2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment