AWSTemplateFormatVersion: 2010-09-09 Description: "This template create the EKS Cluster resources for the Microservice Observability with Amazon OpenSearch Service Workshop." Parameters: EKSClusterName: Type: String S3BucketName: Type: String VPC: Type: String PublicSubnet1: Type: String PublicSubnet2: Type: String PublicSubnet3: Type: String PrivateSubnet1: Type: String PrivateSubnet2: Type: String PrivateSubnet3: Type: String C9Role: Type: String EKSIAMRole: Type: String DeployCloudformationStackLambdaRole: Type: String Resources: ClusterControlPlaneSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Cluster communication with worker nodes VpcId: !Ref VPC TriggerStack: Type: "Custom::TriggerStack" Properties: ServiceToken: !GetAtt DeployCloudformationStack.Arn cfStackName: "eksDeploy" assumeRoleARN: !Ref C9Role templateUrl: !Sub https://${S3BucketName}.s3.amazonaws.com/assets/eks.yaml stackParameters: - ParameterKey: EksClusterName ParameterValue: !Ref EKSClusterName - ParameterKey: EksClusterRole ParameterValue: !Ref EKSIAMRole - ParameterKey: EksSubnet1 ParameterValue: !Ref PublicSubnet1 - ParameterKey: EksSubnet2 ParameterValue: !Ref PublicSubnet2 - ParameterKey: EksSubnet3 ParameterValue: !Ref PublicSubnet3 - ParameterKey: EksNodeSubnet1 ParameterValue: !Ref PrivateSubnet1 - ParameterKey: EksNodeSubnet2 ParameterValue: !Ref PrivateSubnet2 - ParameterKey: EksNodeSubnet3 ParameterValue: !Ref PrivateSubnet3 DeployCloudformationStack: Type: AWS::Lambda::Function Properties: Description: Deploy cloudformation stack Handler: index.lambda_handler Runtime: python3.9 Role: !Ref DeployCloudformationStackLambdaRole MemorySize: 128 Timeout: 30 Code: ZipFile: | import cfnresponse import json, os, boto3, logging from botocore.exceptions import ClientError def lambda_handler(event, context): print("Received event: " + json.dumps(event, indent=2)) payload = "" result = cfnresponse.SUCCESS logger = logging.getLogger() logger.setLevel(logging.INFO) try: if event['RequestType'] == 'Create': payload = deployStack(event['ResourceProperties']) elif event['RequestType'] == 'Delete': payload = deleteStack(event['ResourceProperties']) else: responseData = {'Success': 'Update or delete event'} cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData) except ClientError as e: logger.error('Error: %s', e) result = cfnresponse.FAILED cfnresponse.send(event, context, result, payload) def deployStack(input): sts = boto3.client('sts').assume_role(RoleArn=input['assumeRoleARN'],RoleSessionName="lambda_assume_role") client = boto3.client('cloudformation', aws_access_key_id=sts['Credentials']['AccessKeyId'], aws_secret_access_key=sts['Credentials']['SecretAccessKey'], aws_session_token=sts['Credentials']['SessionToken'] ) response = client.create_stack(StackName=input['cfStackName'], TemplateURL=input['templateUrl'],Parameters=input['stackParameters'], TimeoutInMinutes=60, Capabilities=['CAPABILITY_IAM','CAPABILITY_NAMED_IAM','CAPABILITY_AUTO_EXPAND']) def deleteStack(input): client = boto3.client('cloudformation') response = client.delete_stack(StackName=input['cfStackName'])