AWS Services Pack
The AMP AWS Services pack provides AMP integrations for a range of AWS specific services. These allow blueprints to be composed which take advantage of some of the wide selection of services specific to AWS.
As with VMs, they expect to be deployed to a location; in these cases the location must be
an Amazon Web Services cloud (eg aws-ec2:us-east-1),
it must supply the access identity and secret key (or in some cases it will take them from .aws/ config),
and it must specify the region where the AWS service instance should be created.
CloudFormation Templates
AMP can deploy and manage CFN templates, as follows:
services:
- type: aws-cloudformation
brooklyn.config:
name.prefix: stack1
cfn.template.contents: |
AWSTemplateFormatVersion: 2010-09-09
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
You can supply the cfn.template.contents or a cfn.template.url,
and either a name.prefix (which will append a unique identifiers)
or name (in which case the name must not be in use by any stacks)
or cfn.stack.id (to update an existing stack rather than deploy a new one).
Sensors will present information on the stack.status and all the stack.resources.
Networking
Virtual Private Clouds
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
See: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html
- A virtual private cloud is a virtual network dedicated to an AWS account.
- Full type:
io.cloudsoft.aws.networking.vpc.VirtualPrivateCloud - AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
cidrBlock |
String | ✓ | The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. | |
name |
String | ✓ | Creates a tag with key=Name and value set to specified string. | |
amazonProvidedIpv6CidrBlock |
True/False | False | Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. | |
instanceTenancy |
Default, Dedicated, Host | Default | The tenancy options for instances launched into the VPC. For ‘default’, instances are launched with shared tenancy by default. You can launch instances with any tenancy into a shared tenancy VPC. For dedicated, instances are launched as ‘dedicated’ tenancy instances by default. You can only launch instances with a tenancy of ‘dedicated’ or ‘host’ into a dedicated tenancy VPC. |
Sensors
| Name | Type | Description |
|---|---|---|
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
vpcId |
String | The ID of the VPC. |
Example
- type: io.cloudsoft.aws.networking.vpc.VirtualPrivateCloud
brooklyn.config:
name: my-vpc
cidrBlock: 10.0.0.0/16
location: amazon-location-with-region
Subnets
- A subnet is a range of IP addresses in a VPC.
- Full type:
io.cloudsoft.aws.networking.vpc.subnet.Subnet - AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
cidrBlock |
String | ✓ | The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. | |
name |
String | ✓ | Creates a tag with key ‘Name’ and value set to specified string. | |
vpcId |
String | ✓ | The ID of the VPC. | |
availabilityZone |
String | The Availability Zone for the subnet. | ||
ipv6CidrBlock |
String | The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length. |
Sensors
| Name | Type | Description |
|---|---|---|
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
subnetId |
String | Id of the created Subnet |
Example
- type: io.cloudsoft.aws.networking.vpc.subnet.Subnet
brooklyn.config:
name: my-subnet
vpcId: vpc-1234
availabilityZone: eu-west-1
cidrBlock: 10.0.0.0/24
location: amazon-location-with-region
Other options
To deploy instances to a subnet that already exists set the AWS-specific key subnetId in an entity’s
provisioning properties:
- type: my-entity
brooklyn.config:
provisioning.properties:
templateOptions:
subnetId: subnet-1234
location: amazon-location-with-region
Refer to the documentation on custom template options for further details.
The same property may alternatively be set when configuring a location:
location:
amazon-location-with-region:
templateOptions:
subnetId: subnet-1234
Route Tables
- A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.
- Every subnet in a VPC must be associated with one route table. Many subnets can be associated with the same route table.
- Full type:
io.cloudsoft.aws.networking.vpc.routetable.RouteTable - AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
name |
String | ✓ | Creates a tag with key ‘Name’ and value set to specified string. | |
vpcId |
String | ✓ | The ID of the VPC. | |
associations |
List | The associations between the route table and one or more subnets. | ||
routes |
List | The routes in the route table. |
Sensors
| Name | Type | Description |
|---|---|---|
routeTableId |
String | The ID of the route table. |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
Example
- type: io.cloudsoft.aws.networking.vpc.routetable.RouteTable
brooklyn.config:
name: my-route-table
vpcId: vpc1234
location: amazon-location-with-region
Internet Gateways
- An internet gateway allows communication between instances in a VPC and the Internet. They have two purposes: to provide a target in route tables for Internet-routeable traffic and to perform network address translation for instances that have been assigned public IPv4 addresses.
- Full type:
io.cloudsoft.aws.networking.vpc.igw.InternetGateway - AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_Gateway.html
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
name |
String | ✓ | Creates a tag with key ‘Name’ and value set to specified string. | |
vpcId |
String | The ID of the VPC to be attached. |
Sensors
| Name | Type | Description |
|---|---|---|
internetGatewayId |
String | The ID of the Internet gateway. |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
Example
- type: io.cloudsoft.aws.networking.vpc.igw.InternetGateway
brooklyn.config:
name: my-gateway
vpcId: vpc1234
location: amazon-location-with-region
Elastic IP Addresses
- An Elastic IP address is a static public IPv4 address that can be associated with any instance or network interface for any VPC in an account.
- Full type:
io.cloudsoft.aws.networking.vpc.eip.ElasticIp - AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-eips.html
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
domain |
Vpc, Standard | Vpc | Set to ‘vpc’ to allocate the address for use with instances in a VPC, or ‘standard’ for use with instances in EC2-Classic. |
Sensors
| Name | Type | Description |
|---|---|---|
allocationId |
String | The ID that AWS assigns to represent the allocation of the Elastic IP address for use with instances in a VPC. |
publicIp |
String | The Elastic IP address. |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
Example
- type: io.cloudsoft.aws.networking.vpc.eip.ElasticIp
id: eip1
location: amazon-location-with-region
The Elastic IP public address can be referenced as $brooklyn:entity("eip1").attributeWhenReady("publicIp").
To connect it to a NAT Gateway, see the NAT Gateway setup.
These entities do not yet support associating/disassociating an Elastic IP with an EC2 instance, or with a given network inteface. This functionality will be added in future releases.
Network Address Translation Gateways
- A network address translation (NAT) gateway allows instances in private subnets to connect to the internet or other AWS services, but not vice-versa.
- Full type:
io.cloudsoft.aws.networking.vpc.nat.NatGateway - AWS documentation: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
allocationId |
String | ✓ | The allocation ID of an Elastic IP address to associate with the NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it. | |
name |
String | ✓ | Creates a tag with key ‘Name’ and value set to specified string. | |
subnetId |
String | ✓ | The subnet in which to create the NAT gateway. |
Sensors
| Name | Type | Description |
|---|---|---|
natGatewayId |
String | The ID of the NAT gateway. |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
Example
- type: io.cloudsoft.aws.networking.vpc.nat.NatGateway
brooklyn.config:
name: my-nat-gateway
subnetId: subnet2345
allocationId: $brooklyn:entity("ip").attributeWhenReady("allocationId")
- type: io.cloudsoft.aws.networking.vpc.eip.ElasticIp
id: ip
Route 53
Amazon Route 53 is a DNS service.
The AWS service pack has several entities for different Route 53 usage pattern: one that registers a single node (host) entity, one that registers groups of node entities, and one that registers selected AWS services as aliases.
The AWS region you deploy to for Route 53 is not significant.
The region only affects which AWS endpoint is used to create the Route53 entries.
There is no requirement that it be the same region as the target(s), although they usually are.
Single Entities
- Full type:
io.cloudsoft.aws.networking.dns.Route53SingleNodeIpRecord
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
target |
Entity | ✓ | The entity whose address.sensor gives the IP address to assign | |
zone |
String | ✓ | The name or ID of the Route53 hosted zone where this record set should be created | |
address.sensor |
Attribute Sensor | Sensor: host.address (java.lang.String) | The sensor on the target entity(ies) providing the IP address(es) for which to create a DNS record | |
dns.record.type |
SOA, A, TXT, NS, CNAME, MX, NAPTR, PTR, SRV, SPF, AAAA, CAA | A | The resource record type, default value A |
|
hostname |
String | The hostname to assign to the target entity’s IP address, defaulting to |
||
ttl |
java.lang.Long | 300 | The time-to-live value to set for this record, in seconds (default 300, ie 5m) |
Sensors
| Name | Type | Description |
|---|---|---|
addresses |
List | The IP addresses mapped from hostname in this record |
host.address |
String | Host IP address |
hostname.fqdn |
String | The fully qualified hostname assigned for this record set |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
update.time |
Date | When this was last updated, or blank if removed or in process of updating |
zoneId |
String | The Hosted Zone where this record is created |
Example
- type: org.apache.brooklyn.entity.webapp.tomcat.TomcatServer
id: web-server
- type: io.cloudsoft.aws.networking.dns.Route53SingleNodeIpRecord
brooklyn.config:
target: $brooklyn:entity("web-server")
zone: example.com.
Alias Entities
This entity works only with AWS resources that support ALIAS record. For more information, please check the documentation
- Full type:
io.cloudsoft.aws.networking.dns.Route53SingleServiceAliasRecord
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
target |
Entity | ✓ | The entity whose address.sensor gives the IP address to assign | |
zone |
String | ✓ | The name or ID of the Route53 hosted zone where this record set should be created | |
alias.zone.id.sensor |
Attribute Sensor | Automatically detected based on the target implementation. Can be overridden by setting it | The sensor on the target entity providing the zone ID for the alias | |
alias.dns.name.sensor |
Attribute Sensor | Automatically detected based on the target implementation. Can be overridden by setting it | The resource on the target entity providing the DNS name for the alias | |
hostname |
String | The hostname to assign to the target, defaulting to |
||
ttl |
java.lang.Long | 300 | The time-to-live value to set for this record, in seconds (default 300, ie 5m) |
Sensors
| Name | Type | Description |
|---|---|---|
alias.zone.id |
String | The zone ID where the target is located |
alias.dns.name |
String | The DNS name of the target |
hostname.fqdn |
String | The fully qualified hostname assigned for this record set |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
update.time |
Date | When this was last updated, or blank if removed or in process of updating |
zoneId |
String | The Hosted Zone where this record is created |
Example
- type: io.cloudsoft.aws.compute.ec2.elb.ElasticLoadBalancer
id: elb
- type: io.cloudsoft.aws.networking.dns.Route53SingleServiceAliasRecord
brooklyn.config:
target: $brooklyn:entity("elb")
zone: example.com.
hostname: alias
Groups of Entities
- Full type:
io.cloudsoft.aws.networking.dns.Route53NodeGroupIpsRecord
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
target |
Group | ✓ | The group whose members supply the IP addresses in sensors in ‘address.sensor’ | |
zone |
java.lang.Object | ✓ | The name or ID of the Route53 hosted zone where this record set should be created | |
address.sensor |
Attribute Sensor | Sensor: host.address (java.lang.String) | The sensor on the target entity(ies) providing the IP address(es) for which to create a DNS record | |
available.sensor |
Attribute Sensor | Sensor: service.isUp (java.lang.Boolean) | Boolean sensor indicating that entity should be included in record | |
dns.record.type |
SOA, A, TXT, NS, CNAME, MX, NAPTR, PTR, SRV, SPF, AAAA, CAA | A | The resource record type, default value A |
|
hostname |
String | The hostname to assign to the target entity’s IP address, defaulting to |
||
ttl |
java.lang.Long | 300 | The time-to-live value to set for this record, in seconds (default 300, ie 5m) |
Sensors
| Name | Type | Description |
|---|---|---|
addresses |
List | The IP addresses mapped from hostname in this record |
hostname.fqdn |
String | The fully qualified hostname assigned for this record set |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
update.time |
Date | When this was last updated, or blank if removed or in process of updating |
zoneId |
String | The Hosted Zone where this record is created |
Example
- id: cluster
type: org.apache.brooklyn.entity.group.DynamicCluster
brooklyn.config:
memberSpec:
$brooklyn:entitySpec:
type: org.apache.brooklyn.entity.webapp.tomcat.TomcatServer
- type: io.cloudsoft.aws.networking.dns.Route53NodeGroupIpsRecord
brooklyn.config:
target: $brooklyn:entity("cluster")
zone: example.com.
Elastic Load Balancer
- Full type:
io.cloudsoft.aws.compute.ec2.elb.ElasticLoadBalancer - Creates a Classic Load Balancer.
- Implements AMP’s AbstractNonProvisionedController interface, so may be used in place of AMP’s other load balancing entities.
Configuration
| Name | Type | Default | Required | Description |
|---|---|---|---|---|
aws.elb.availabilityZones |
List | The availability zones to balance across (defaults to all in region) | ||
aws.elb.bindToExisting |
True/False | False | Whether to bind to an existing load balancer or create a new one | |
aws.elb.healthCheck.enabled |
True/False | True | Whether to do health checks for the instances | |
aws.elb.healthCheck.healthyThreshold |
Integer | 2 | The number of consecutive health probe successes required before moving the instance to the Healthy state | |
aws.elb.healthCheck.interval |
Integer | 20 | Approximate interval, in seconds, between health checks of an individual instance (1 to 300) | |
aws.elb.healthCheck.target |
String | ${instanceProtocol}:${instancePort?c}/ |
Specifies the instance being checked | |
aws.elb.healthCheck.timeout |
Integer | 10 | The amount of time, in seconds, during which no response means a failed health probe. This value must be less than the Interval value | |
aws.elb.healthCheck.unhealthyThreshold |
Integer | 2 | The number of consecutive health probe failures required before moving the instance to the Unhealthy state | |
aws.elb.instancePort |
Integer | 8080 | The port for instances being balanced | |
aws.elb.instanceProtocol |
String | HTTP | The protocol for routing traffic to back-end instances (HTTP, HTTPS, TCP, or SSL) | |
aws.elb.loadBalancerName |
String | The ELB name | ||
aws.elb.loadBalancerPort |
Integer | 80 | The ELB port | |
aws.elb.loadBalancerProtocol |
String | HTTP | The load-balancer transport protocol to use for routing (HTTP, HTTPS, TCP, or SSL) | |
aws.elb.loadBalancerScheme |
String | The type of a LoadBalancer. This option is only available for LoadBalancers attached to a Amazon VPC. By default, Elastic Load Balancer creates an internet-facing load balancer with publicly resolvable DNS name that resolves to public IP addresses. Specify the value internal for this option to create an internal load balancer with a DNS name that resolves to private IP addresses. | ||
aws.elb.loadBalancerSecurityGroups |
List | The security groups assigned to your LoadBalancer within your VPC | ||
aws.elb.loadBalancerSubnets |
List | A list of subnet IDs in your VPC to attach to your LoadBalancer | ||
aws.elb.replaceExisting |
True/False | False | Whether to replace an existing load balance (if one exists with this name), or fail if one already exists | |
aws.elb.sslCertificateId |
String | The ARN string of the server certificate | ||
loadbalancer.serverpool |
Group | The default servers to route messages to (points at an entity of type ‘Group’ or ‘Cluster’) | ||
loadbalancer.urlmappings |
Group | Special mapping rules (e.g. for domain/path matching, rewrite, etc); not supported by all load balancers | ||
member.sensor.hostandport |
Attribute Sensor | host:port sensor on members (invalid to configure this and the portNumber or hostname sensors) | ||
member.sensor.hostname |
Attribute Sensor | Sensor: host.subnet.hostname (java.lang.String) | Hostname/IP sensor on members (defaults to host.subnet.hostname; not supported in all implementations) | |
member.sensor.portNumber |
Attribute Sensor | Sensor: http.port (java.lang.Integer) | Port number sensor on members (defaults to http.port; not supported in all implementations) | |
proxy.http.port |
PortRange | 8000,8001-65535 | Main port where this proxy listens if using HTTP | |
proxy.https.port |
PortRange | 8443,8443-65535 | Main port where this proxy listens if using HTTPS | |
proxy.protocol |
String | Main URL protocol this proxy answers (typically http or https) |
Sensors
| Name | Type | Description |
|---|---|---|
aws.elb.canonicalHostedZoneId |
String | The hosted zone ID of the ELB |
aws.elb.canonicalHostedZoneName |
String | The hosted zone name of the ELB |
aws.elb.isRunning |
True/False | Whether the ELB is confirmed as running |
aws.elb.jcloudsLocation |
JcloudsLocation | AWS jclouds location |
aws.elb.loadBalancerName |
String | The ELB name |
aws.elb.loadBalancerSecurityGroups |
List | The security groups assigned to your LoadBalancer within your VPC |
aws.elb.loadBalancerSubnets |
List | A list of subnet IDs in your VPC to attach to your LoadBalancer |
aws.elb.vpcId |
String | The id of the VPC the ELB is attached to |
host.name |
String | Host name |
main.uri |
URI | Main URI for contacting the service/endpoint offered by this entity |
member.sensor.hostandport |
Attribute Sensor | host:port sensor on members (invalid to configure this and the portNumber or hostname sensors) |
member.sensor.hostname |
Attribute Sensor | Hostname/IP sensor on members (defaults to host.subnet.hostname; not supported in all implementations) |
member.sensor.portNumber |
Attribute Sensor | Port number sensor on members (defaults to http.port; not supported in all implementations) |
proxy.http.port |
Integer | Main port where this proxy listens if using HTTP |
proxy.https.port |
Integer | Main port where this proxy listens if using HTTPS |
proxy.protocol |
String | Main URL protocol this proxy answers (typically http or https) |
proxy.serverpool.targets |
Map | The downstream targets in the server pool |
service.isUp |
True/False | Whether the service is active and available (confirmed and monitored) |
service.state |
Lifecycle | Actual lifecycle state of the service |
service.state.expected |
Lifecycle Transition | Last controlled change to service state, indicating what the expected state should be |
webapp.url |
String | URL |
Example
- type: io.cloudsoft.aws.compute.ec2.elb.ElasticLoadBalancer
name: ELB
brooklyn.config:
aws.elb.loadBalancerName: my-elb
aws.elb.availabilityZones:
- us-east-1a
- us-east-1b
aws.elb.loadBalancerProtocol: HTTP
aws.elb.instancePort: 8080
loadbalancer.serverpool: $brooklyn:entity("cluster")
- type: org.apache.brooklyn.entity.group.DynamicCluster
id: cluster
name: cluster
brooklyn.config:
initialSize: 1
memberSpec:
$brooklyn:entitySpec:
type: org.apache.brooklyn.entity.software.base.EmptySoftwareProcess
Amazon SNS
The Amazon services pack contains an AWS SNS integration. This allows your blueprint to publish messages to an AWS SNS topic via an effector or upon an event such as a sensor change.
The AWS SNS integration consists of two components, a policy, StateChangeNotifyPolicy and an entity, SNSPublisher.
SNSPublisher
SNSPublisher is an entity which controls communication with the AWS SNS service. It has an effector, publish which takes
parameters of topic and message. On execution, the effector publishes the message to the AWS SNS topic using the
entities’ location configuration. This means that the SNSPublisher can be launched in a different location to the rest
of the blueprint, a location specifically configured for publishing to SNS.
StateChangeNotifyPolicy
Any compatible policy can be used to trigger the publish effector on the SNSPublisher entity. The StateChangeNotifyPolicy
is a specialised policy designed to simplify this process however. Add the policy to the target entity to easily monitor and notify
the SNSPublisher of sensor changes.
The following configuration is available
| Config Key | Default | Description |
|---|---|---|
| sensor | SERVICE_STATE_ACTUAL | The sensor to monitor on the target entity |
| notifier | A reference to the SNSPublisher entity to notify |
|
| topic.identifier | The ID of the topic to which notifiations should be sent, for example, an AWS SNS ARN | |
| message.template | The template of the message to send written in freemarker | |
| predicate | Lifecycle.ON_FIRE | A predicate which determines if the Notifier is notified upon a change or not |
Below is a basic example which uses the AWS SNS integration to monitor when a Tomcat entity goes on fire:
location: my-location
services:
- type: org.apache.brooklyn.entity.webapp.tomcat.TomcatServer
brooklyn.policies:
- type: io.cloudsoft.notification.StateChangeNotifyPolicy
brooklyn.config:
notifier: $brooklyn:entity("sns-publisher")
topic.identifier: "arn:aws:sns:eu-central-1:734887186692:topic-test"
message.template: "The entity ${entity.displayName} has gone on fire"
- type: io.cloudsoft.aws.integration.sns.SNSPublisher
id: sns-publisher
The default StateChangeNotifyPolicy sensor is SERVICE_STATE_ACTUAL and the default predicate is when ON_FIRE.
This means the SNSPublisher will be notified when the Tomcat entity goes on fire and the message.template will be
published as a message to the topic in topic.identifier.