cloudsoft.io

AWS Services Pack

The AMP AWS Services pack provides AMP integrations for a range of AWS specific services. These allow blueprints to be composed which take advantage of some of the wide selection of services specific to AWS.

As with VMs, they expect to be deployed to a location; in these cases the location must be an Amazon Web Services cloud (eg aws-ec2:us-east-1), it must supply the access identity and secret key (or in some cases it will take them from .aws/ config), and it must specify the region where the AWS service instance should be created.

CloudFormation Templates

AMP can deploy and manage CFN templates, as follows:

services:
- type: aws-cloudformation
  brooklyn.config:
    name.prefix: stack1
    cfn.template.contents: |
      AWSTemplateFormatVersion: 2010-09-09
      Resources:
        MyS3Bucket:
          Type: AWS::S3::Bucket

You can supply the cfn.template.contents or a cfn.template.url, and either a name.prefix (which will append a unique identifiers) or name (in which case the name must not be in use by any stacks) or cfn.stack.id (to update an existing stack rather than deploy a new one).

Sensors will present information on the stack.status and all the stack.resources.

Networking

Virtual Private Clouds

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

See: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html

  • A virtual private cloud is a virtual network dedicated to an AWS account.
  • Full type: io.cloudsoft.aws.networking.vpc.VirtualPrivateCloud
  • AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Configuration

Name Type Default Required Description
cidrBlock String   The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16.
name String   Creates a tag with key=Name and value set to specified string.
amazonProvidedIpv6CidrBlock True/False False   Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block.
instanceTenancy Default, Dedicated, Host Default   The tenancy options for instances launched into the VPC. For ‘default’, instances are launched with shared tenancy by default. You can launch instances with any tenancy into a shared tenancy VPC. For dedicated, instances are launched as ‘dedicated’ tenancy instances by default. You can only launch instances with a tenancy of ‘dedicated’ or ‘host’ into a dedicated tenancy VPC.

Sensors

Name Type Description
service.isUp True/False Whether the service is active and available (confirmed and monitored)
vpcId String The ID of the VPC.

Example

- type: io.cloudsoft.aws.networking.vpc.VirtualPrivateCloud
  brooklyn.config:
    name: my-vpc
    cidrBlock: 10.0.0.0/16
  location: amazon-location-with-region

Subnets

  • A subnet is a range of IP addresses in a VPC.
  • Full type: io.cloudsoft.aws.networking.vpc.subnet.Subnet
  • AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

Configuration

Name Type Default Required Description
cidrBlock String   The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24.
name String   Creates a tag with key ‘Name’ and value set to specified string.
vpcId String   The ID of the VPC.
availabilityZone String     The Availability Zone for the subnet.
ipv6CidrBlock String     The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

Sensors

Name Type Description
service.isUp True/False Whether the service is active and available (confirmed and monitored)
subnetId String Id of the created Subnet

Example

- type: io.cloudsoft.aws.networking.vpc.subnet.Subnet
  brooklyn.config:
    name: my-subnet
    vpcId: vpc-1234
    availabilityZone: eu-west-1
    cidrBlock: 10.0.0.0/24
  location: amazon-location-with-region

Other options

To deploy instances to a subnet that already exists set the AWS-specific key subnetId in an entity’s provisioning properties:

- type: my-entity
  brooklyn.config:
    provisioning.properties:
      templateOptions:
        subnetId: subnet-1234
  location: amazon-location-with-region

Refer to Cloudsoft AMP’s documentation on custom template options for further details.

The same property may alternatively be set when configuring a location:

location:
  amazon-location-with-region:
    templateOptions:
      subnetId: subnet-1234

Route Tables

  • A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
  • Every subnet in a VPC must be associated with one route table. Many subnets can be associated with the same route table.
  • Full type: io.cloudsoft.aws.networking.vpc.routetable.RouteTable
  • AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html

Configuration

Name Type Default Required Description
name String   Creates a tag with key ‘Name’ and value set to specified string.
vpcId String   The ID of the VPC.
associations List     The associations between the route table and one or more subnets.
routes List     The routes in the route table.

Sensors

Name Type Description
routeTableId String The ID of the route table.
service.isUp True/False Whether the service is active and available (confirmed and monitored)

Example

- type: io.cloudsoft.aws.networking.vpc.routetable.RouteTable
  brooklyn.config:
    name: my-route-table
    vpcId: vpc1234
  location: amazon-location-with-region

Internet Gateways

  • An internet gateway allows communication between instances in a VPC and the Internet. They have two purposes: to provide a target in route tables for Internet-routeable traffic and to perform network address translation for instances that have been assigned public IPv4 addresses.
  • Full type: io.cloudsoft.aws.networking.vpc.igw.InternetGateway
  • AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html

Configuration

Name Type Default Required Description
name String   Creates a tag with key ‘Name’ and value set to specified string.
vpcId String     The ID of the VPC to be attached.

Sensors

Name Type Description
internetGatewayId String The ID of the Internet gateway.
service.isUp True/False Whether the service is active and available (confirmed and monitored)

Example

- type: io.cloudsoft.aws.networking.vpc.igw.InternetGateway
  brooklyn.config:
    name: my-gateway
    vpcId: vpc1234
  location: amazon-location-with-region

Elastic IP Addresses

  • An Elastic IP address is a static public IPv4 address that can be associated with any instance or network interface for any VPC in an account.
  • Full type: io.cloudsoft.aws.networking.vpc.eip.ElasticIp
  • AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-eips.html

Configuration

Name Type Default Required Description
domain Vpc, Standard Vpc   Set to ‘vpc’ to allocate the address for use with instances in a VPC, or ‘standard’ for use with instances in EC2-Classic.

Sensors

Name Type Description
allocationId String The ID that AWS assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.
publicIp String The Elastic IP address.
service.isUp True/False Whether the service is active and available (confirmed and monitored)

Example

- type: io.cloudsoft.aws.networking.vpc.eip.ElasticIp
  id: eip1
  location: amazon-location-with-region

The Elastic IP public address can be referenced as $brooklyn:entity("eip1").attributeWhenReady("publicIp"). To connect it to a NAT Gateway, see the NAT Gateway setup.

These entities do not yet support associating/disassociating an Elastic IP with an EC2 instance, or with a given network inteface. This functionality will be added in future releases.

Network Address Translation Gateways

  • A network address translation (NAT) gateway allows instances in private subnets to connect to the internet or other AWS services, but not vice-versa.
  • Full type: io.cloudsoft.aws.networking.vpc.nat.NatGateway
  • AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html

Configuration

Name Type Default Required Description
allocationId String   The allocation ID of an Elastic IP address to associate with the NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.
name String   Creates a tag with key ‘Name’ and value set to specified string.
subnetId String   The subnet in which to create the NAT gateway.

Sensors

Name Type Description
natGatewayId String The ID of the NAT gateway.
service.isUp True/False Whether the service is active and available (confirmed and monitored)

Example

- type: io.cloudsoft.aws.networking.vpc.nat.NatGateway
  brooklyn.config:
    name: my-nat-gateway
    subnetId: subnet2345
    allocationId: $brooklyn:entity("ip").attributeWhenReady("allocationId")

- type: io.cloudsoft.aws.networking.vpc.eip.ElasticIp
  id: ip

Route 53

Amazon Route 53 is a DNS service.

The AWS service pack has several entities for different Route 53 usage pattern: one that registers a single node (host) entity, one that registers groups of node entities, and one that registers selected AWS services as aliases.

The AWS region you deploy to for Route 53 is not significant. The region only affects which AWS endpoint is used to create the Route53 entries. There is no requirement that it be the same region as the target(s), although they usually are.

Single Entities

  • Full type: io.cloudsoft.aws.networking.dns.Route53SingleNodeIpRecord

Configuration

Name Type Default Required Description
target Entity   The entity whose address.sensor gives the IP address to assign
zone String   The name or ID of the Route53 hosted zone where this record set should be created
address.sensor Attribute Sensor Sensor: host.address (java.lang.String)   The sensor on the target entity(ies) providing the IP address(es) for which to create a DNS record
dns.record.type SOA, A, TXT, NS, CNAME, MX, NAPTR, PTR, SRV, SPF, AAAA, CAA A   The resource record type, default value A
hostname String     The hostname to assign to the target entity’s IP address, defaulting to .; if this includes a suffix matching the zone name, that suffix will be removed, so the FQDN can be supplied here without the zone domain name being repeated
ttl java.lang.Long 300   The time-to-live value to set for this record, in seconds (default 300, ie 5m)

Sensors

Name Type Description
addresses List The IP addresses mapped from hostname in this record
host.address String Host IP address
hostname.fqdn String The fully qualified hostname assigned for this record set
service.isUp True/False Whether the service is active and available (confirmed and monitored)
update.time Date When this was last updated, or blank if removed or in process of updating
zoneId String The Hosted Zone where this record is created

Example

- type: org.apache.brooklyn.entity.webapp.tomcat.TomcatServer
  id: web-server

- type: io.cloudsoft.aws.networking.dns.Route53SingleNodeIpRecord
  brooklyn.config:
    target: $brooklyn:entity("web-server")
    zone: example.com.

Alias Entities

This entity works only with AWS resources that support ALIAS record. For more information, please check the documentation

  • Full type: io.cloudsoft.aws.networking.dns.Route53SingleServiceAliasRecord

Configuration

Name Type Default Required Description
target Entity   The entity whose address.sensor gives the IP address to assign
zone String   The name or ID of the Route53 hosted zone where this record set should be created
alias.zone.id.sensor Attribute Sensor Automatically detected based on the target implementation. Can be overridden by setting it   The sensor on the target entity providing the zone ID for the alias
alias.dns.name.sensor Attribute Sensor Automatically detected based on the target implementation. Can be overridden by setting it   The resource on the target entity providing the DNS name for the alias
hostname String     The hostname to assign to the target, defaulting to .; if this includes a suffix matching the zone name, that suffix will be removed, so the FQDN can be supplied here without the zone domain name being repeated
ttl java.lang.Long 300   The time-to-live value to set for this record, in seconds (default 300, ie 5m)

Sensors

Name Type Description
alias.zone.id String The zone ID where the target is located
alias.dns.name String The DNS name of the target
hostname.fqdn String The fully qualified hostname assigned for this record set
service.isUp True/False Whether the service is active and available (confirmed and monitored)
update.time Date When this was last updated, or blank if removed or in process of updating
zoneId String The Hosted Zone where this record is created

Example

- type: io.cloudsoft.aws.compute.ec2.elb.ElasticLoadBalancer
  id: elb

- type: io.cloudsoft.aws.networking.dns.Route53SingleServiceAliasRecord
  brooklyn.config:
    target: $brooklyn:entity("elb")
    zone: example.com.
    hostname: alias

Groups of Entities

  • Full type: io.cloudsoft.aws.networking.dns.Route53NodeGroupIpsRecord

Configuration

Name Type Default Required Description
target Group   The group whose members supply the IP addresses in sensors in ‘address.sensor’
zone java.lang.Object   The name or ID of the Route53 hosted zone where this record set should be created
address.sensor Attribute Sensor Sensor: host.address (java.lang.String)   The sensor on the target entity(ies) providing the IP address(es) for which to create a DNS record
available.sensor Attribute Sensor Sensor: service.isUp (java.lang.Boolean)   Boolean sensor indicating that entity should be included in record
dns.record.type SOA, A, TXT, NS, CNAME, MX, NAPTR, PTR, SRV, SPF, AAAA, CAA A   The resource record type, default value A
hostname String     The hostname to assign to the target entity’s IP address, defaulting to .; if this includes a suffix matching the zone name, that suffix will be removed, so the FQDN can be supplied here without the zone domain name being repeated
ttl java.lang.Long 300   The time-to-live value to set for this record, in seconds (default 300, ie 5m)

Sensors

Name Type Description
addresses List The IP addresses mapped from hostname in this record
hostname.fqdn String The fully qualified hostname assigned for this record set
service.isUp True/False Whether the service is active and available (confirmed and monitored)
update.time Date When this was last updated, or blank if removed or in process of updating
zoneId String The Hosted Zone where this record is created

Example

- id: cluster
  type: org.apache.brooklyn.entity.group.DynamicCluster
  brooklyn.config:
    memberSpec:
      $brooklyn:entitySpec:
        type: org.apache.brooklyn.entity.webapp.tomcat.TomcatServer

- type: io.cloudsoft.aws.networking.dns.Route53NodeGroupIpsRecord
  brooklyn.config:
    target: $brooklyn:entity("cluster")
    zone: example.com.

Elastic Load Balancer

Configuration

Name Type Default Required Description
aws.elb.availabilityZones List     The availability zones to balance across (defaults to all in region)
aws.elb.bindToExisting True/False False   Whether to bind to an existing load balancer or create a new one
aws.elb.healthCheck.enabled True/False True   Whether to do health checks for the instances
aws.elb.healthCheck.healthyThreshold Integer 2   The number of consecutive health probe successes required before moving the instance to the Healthy state
aws.elb.healthCheck.interval Integer 20   Approximate interval, in seconds, between health checks of an individual instance (1 to 300)
aws.elb.healthCheck.target String ${instanceProtocol}:${instancePort?c}/   Specifies the instance being checked
aws.elb.healthCheck.timeout Integer 10   The amount of time, in seconds, during which no response means a failed health probe. This value must be less than the Interval value
aws.elb.healthCheck.unhealthyThreshold Integer 2   The number of consecutive health probe failures required before moving the instance to the Unhealthy state
aws.elb.instancePort Integer 8080   The port for instances being balanced
aws.elb.instanceProtocol String HTTP   The protocol for routing traffic to back-end instances (HTTP, HTTPS, TCP, or SSL)
aws.elb.loadBalancerName String     The ELB name
aws.elb.loadBalancerPort Integer 80   The ELB port
aws.elb.loadBalancerProtocol String HTTP   The load-balancer transport protocol to use for routing (HTTP, HTTPS, TCP, or SSL)
aws.elb.loadBalancerScheme String     The type of a LoadBalancer. This option is only available for LoadBalancers attached to a Amazon VPC. By default, Elastic Load Balancer creates an internet-facing load balancer with publicly resolvable DNS name that resolves to public IP addresses. Specify the value internal for this option to create an internal load balancer with a DNS name that resolves to private IP addresses.
aws.elb.loadBalancerSecurityGroups List     The security groups assigned to your LoadBalancer within your VPC
aws.elb.loadBalancerSubnets List     A list of subnet IDs in your VPC to attach to your LoadBalancer
aws.elb.replaceExisting True/False False   Whether to replace an existing load balance (if one exists with this name), or fail if one already exists
aws.elb.sslCertificateId String     The ARN string of the server certificate
loadbalancer.serverpool Group     The default servers to route messages to (points at an entity of type ‘Group’ or ‘Cluster’)
loadbalancer.urlmappings Group     Special mapping rules (e.g. for domain/path matching, rewrite, etc); not supported by all load balancers
member.sensor.hostandport Attribute Sensor     host:port sensor on members (invalid to configure this and the portNumber or hostname sensors)
member.sensor.hostname Attribute Sensor Sensor: host.subnet.hostname (java.lang.String)   Hostname/IP sensor on members (defaults to host.subnet.hostname; not supported in all implementations)
member.sensor.portNumber Attribute Sensor Sensor: http.port (java.lang.Integer)   Port number sensor on members (defaults to http.port; not supported in all implementations)
proxy.http.port PortRange 8000,8001-65535   Main port where this proxy listens if using HTTP
proxy.https.port PortRange 8443,8443-65535   Main port where this proxy listens if using HTTPS
proxy.protocol String     Main URL protocol this proxy answers (typically http or https)

Sensors

Name Type Description
aws.elb.canonicalHostedZoneId String The hosted zone ID of the ELB
aws.elb.canonicalHostedZoneName String The hosted zone name of the ELB
aws.elb.isRunning True/False Whether the ELB is confirmed as running
aws.elb.jcloudsLocation JcloudsLocation AWS jclouds location
aws.elb.loadBalancerName String The ELB name
aws.elb.loadBalancerSecurityGroups List The security groups assigned to your LoadBalancer within your VPC
aws.elb.loadBalancerSubnets List A list of subnet IDs in your VPC to attach to your LoadBalancer
aws.elb.vpcId String The id of the VPC the ELB is attached to
host.name String Host name
main.uri URI Main URI for contacting the service/endpoint offered by this entity
member.sensor.hostandport Attribute Sensor host:port sensor on members (invalid to configure this and the portNumber or hostname sensors)
member.sensor.hostname Attribute Sensor Hostname/IP sensor on members (defaults to host.subnet.hostname; not supported in all implementations)
member.sensor.portNumber Attribute Sensor Port number sensor on members (defaults to http.port; not supported in all implementations)
proxy.http.port Integer Main port where this proxy listens if using HTTP
proxy.https.port Integer Main port where this proxy listens if using HTTPS
proxy.protocol String Main URL protocol this proxy answers (typically http or https)
proxy.serverpool.targets Map The downstream targets in the server pool
service.isUp True/False Whether the service is active and available (confirmed and monitored)
service.state Lifecycle Actual lifecycle state of the service
service.state.expected Lifecycle Transition Last controlled change to service state, indicating what the expected state should be
webapp.url String URL

Example

- type: io.cloudsoft.aws.compute.ec2.elb.ElasticLoadBalancer
  name: ELB
  brooklyn.config:
    aws.elb.loadBalancerName: my-elb
    aws.elb.availabilityZones:
    - us-east-1a
    - us-east-1b
    aws.elb.loadBalancerProtocol: HTTP
    aws.elb.instancePort: 8080
    loadbalancer.serverpool: $brooklyn:entity("cluster")

- type: org.apache.brooklyn.entity.group.DynamicCluster
  id: cluster
  name: cluster
  brooklyn.config:
    initialSize: 1
    memberSpec:
      $brooklyn:entitySpec:
        type: org.apache.brooklyn.entity.software.base.EmptySoftwareProcess

Amazon SNS

The Amazon services pack contains an AWS SNS integration. This allows your blueprint to publish messages to an AWS SNS topic via an effector or upon an event such as a sensor change.

The AWS SNS integration consists of two components, a policy, StateChangeNotifyPolicy and an entity, SNSPublisher.

SNSPublisher

SNSPublisher is an entity which controls communication with the AWS SNS service. It has an effector, publish which takes parameters of topic and message. On execution, the effector publishes the message to the AWS SNS topic using the entities’ location configuration. This means that the SNSPublisher can be launched in a different location to the rest of the blueprint, a location specifically configured for publishing to SNS.

StateChangeNotifyPolicy

Any compatible policy can be used to trigger the publish effector on the SNSPublisher entity. The StateChangeNotifyPolicy is a specialised policy designed to simplify this process however. Add the policy to the target entity to easily monitor and notify the SNSPublisher of sensor changes.

The following configuration is available

Config Key Default Description
sensor SERVICE_STATE_ACTUAL The sensor to monitor on the target entity
notifier   A reference to the SNSPublisher entity to notify
topic.identifier   The ID of the topic to which notifiations should be sent, for example, an AWS SNS ARN
message.template   The template of the message to send written in freemarker
predicate Lifecycle.ON_FIRE A predicate which determines if the Notifier is notified upon a change or not

Below is a basic example which uses the AWS SNS integration to monitor when a Tomcat entity goes on fire:

location: my-location
services:
  - type: org.apache.brooklyn.entity.webapp.tomcat.TomcatServer
    brooklyn.policies:
    - type: io.cloudsoft.notification.StateChangeNotifyPolicy
      brooklyn.config:
        notifier: $brooklyn:entity("sns-publisher")
        topic.identifier: "arn:aws:sns:eu-central-1:734887186692:topic-test"
        message.template: "The entity ${entity.displayName} has gone on fire"

  - type: io.cloudsoft.aws.integration.sns.SNSPublisher
    id: sns-publisher

The default StateChangeNotifyPolicy sensor is SERVICE_STATE_ACTUAL and the default predicate is when ON_FIRE. This means the SNSPublisher will be notified when the Tomcat entity goes on fire and the message.template will be published as a message to the topic in topic.identifier.