deprecated Nov 2024
Custom CloudFormation resource to enable "Default Encryption for New EBS Volumes".
Please refer to the links below to lean the features (more secure) and limitations this provides.
- https://aws.amazon.com/blogs/aws/new-opt-in-to-default-encryption-for-new-ebs-volumes/
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
After cloning this directory you have to following make targets at your command:
make - builds a zip file to target/.
make test - execute the tests, requires a working AWS connection.
make deploy - deploy to the default region eu-central-1.
make deploy-all-regions - deploy to all regions.
make release - builds a zip file and deploys it to s3.
make deploy-provider - deploys the provider.
make delete-provider - deletes the provider.
make demo - deploys the demo cloudformation stack.
make delete-demo - deletes the demo cloudformation stack.
make clean - the workspace.
You need to have awscli, python, jq and Docker installed.
this template contains all the stuff to create, test and deploy a simple Custom Resource provider for the resource Custom::Custom.
The idea is that the resource just copies the property Value
to return it as an atttribute of the CFN resource. To experience a complete development cycle, you need to implement the create
, update
and delete
methods in src/cfn_custom_provider.py
until the following command succeeds:
make test
The source implements a ResourceProvider class defined by Python module cfn_resource_provider.
Set the variable S3_BUCKET_PREFIX
and AWS_REGION
in the Makefile to point to your bucket (See #S3 buckets for details).
After that succeeds, deploy the provider by typing:
make deploy
make deploy-provider
After the provider is deployed, you can create the demo stack:
make demo
Now you are ready to create useful Custom CloudFormation Providers!
Checkout Kong API Gateway, Secrets and SES for example.
To deploy your lambda to all AWS regions, you need to have s3 buckets in all regions matching the name pattern:
<s3-bucket-prefix>-<aws-region>
For the development cycle, you need to have at least a bucket in your default region, for instance binxio-public-eu-central-1
.
To ease the creation of all buckets, you could use the create-global-s3-buckets script.