How to build a Route53 route resource with cloudformation? - dns

I'm building a Route53 route utilizing AWS::Route53::RecordSet resource within cloudformation template ( sample below).
I looked at some samples and quite didn't understand what the HostedZoneId and HostedZoneName parameter were, I should pass in the template below. Do i need to create some other resource before this. What do these parameter refer to - HostedZone Id and name?
Record:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Ref 'HostedZoneName'
HostedZoneId: !Ref 'HostedZoneId'
Comment: DNS name for my instance.
Name: !Join ['', [!Ref 'Subdomain', ., !Ref 'HostedZoneName']]
Type: CNAME
....

Related

Defining sagemaker pipeline resource in Terraform

I'm rewriting a CloudFormation template into terraform and there is a CF resource I don't know the equivalent in TF.
The CF resource is AWS::SageMaker::Pipeline
Below is the fragment of the template.yaml
pipeline:
Type: AWS::SageMaker::Pipeline
Properties:
PipelineName: !Ref pPipelineName
PipelineDisplayName: !Ref pPipelineName
PipelineDescription: !Ref pPipelineDescription
PipelineDefinition:
PipelineDefinitionBody: !Sub "{\"Version\":\"2020-12-01\",........}}]}"
RoleArn: !Ref pPipelineRoleArn
Tags:
- Key: project
Value: !Ref pProjectName
Have someone defined this resource in Terraform?
It has not been officially added to the Terraform aws provider. However, recently a provider that helps people test different new features has been added to Terraform, and it is called AWS Cloud Control provider, awscc. An example on how to use this provider is given in [1]. There are also tutorials on HashiCorp Learn [2]. The resource you are looking for is given in [3].
[1] https://registry.terraform.io/providers/hashicorp/awscc
[2] https://learn.hashicorp.com/tutorials/terraform/aws-cloud-control
[3] https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/sagemaker_pipeline

How to specify custom domain and certificate for Azure Functions using Serverless?

We use serverless to deploy a graphql handler function as an Azure Function and access it via APIM.
We need to use our own custom domain (pointed via CNAME to Azure APIM domain), and can set this up manually via the Azure Portal, and uploading certificate + specifying certificate password for it.
However, if we execute "sls deploy" that custom domain setting gets removed, so we'd need to either retain it somehow or specify it via serverless.yml, but I cannot find any information on how to do this.
Current serverless.yml config:
service: my-service-${env:STAGE, 'develop'}
configValidationMode: off
provider:
name: azure
runtime: nodejs12
region: north-europe
resourceGroup: My-Service-Group
subscriptionId: MySubscriptionId
stage: ${env:STAGE, 'develop'}
apim: true
plugins:
- serverless-azure-functions
functions:
graphql:
handler: lib/azure.handler
events:
- http: true
methods:
- GET
- POST
authLevel: anonymous # can also be `function` or `admin`
route: graphql
- http: true
direction: out
name: "$return"
route: graphql
Any guidance in this would be much appreciated.
For setting up the certificate we need to select the option of TSL/SSL settings from Azure portal, then we can create App Service Managed Certificate.
To achieve this, we need to add the custom domain as below steps:
Map the domain to application
We would need to buy a wildcard certificate
Below is how we usually setup:
And lastly, we need to create the DNS rule.
Thanks to codeproject as we have all the info clearly drafted
Check for the below sample serverless.yml to from apim section:
# serverless.yml
apim:
apis:
- name: v1
subscriptionRequired: false # if true must provide an api key
displayName: v1
description: V1 sample app APIs
protocols:
- https
path: v1
tags:
- tag1
- tag2
authorization: none
cors:
allowCredentials: false
allowedOrigins:
- "*"
allowedMethods:
- GET
- POST
- PUT
- DELETE
- PATCH
allowedHeaders:
- "*"
exposeHeaders:
- "*"
And “sls deploy”
Check for serverless framework and azure deployment documentation

Cloud Custodian: Find all VMs without tags Azure

How to find all VMs in my Azure Subscription without any tags?
I tried below policy, but it doesn't seems to work:
policies:
- name: az-vm-tag-complience
resource: azure.vm
filters:
tag: none
This is not perfect but close:
policies:
- name: find-vms-without-any-tags
resource: azure.vm
filters:
- type: value
key: "tags"
value: absent
It will also filter out VMs that probably once had tags but they were removed so the tags container element is empty but present.

How to do cross-application with serverless AWS

I have two different applications in AWS, deployed by two serverless config files.
In the first one, I need to read the data from the DynamoDB of the second one.
serverless.yml n°1 :
service:
name: stack1
app: app1
org: globalorg
serverless.yml n°2 :
service:
name: stack2
app: app2
org: globalorg
If I put the 2 services in same app, I can access to the 2nd one with a line like this in iamRoleStatements :
Resource:
- ${output::${param:env}::stack2.TableArn}
But if they are not in the same app, I have "Service not found" error when I try to deploy.
How can I do this cross-application communication ?
Thanks
You will need to provide the actual ARN of the table now that this stack is not part of your app you cannot reference its components. Try something like this
custom:
table:
tableArn: "<insert-ARN-of-resource-here>"
IamRoleStatements:
Resource: ${self:custom.table.tableArn}

How to parametrize azureSubscription in azure devops template task

I am trying to use parameters in Azure Devops templates.
I can print any parameter inside the template.
But when I use parameter in a template with any task that requires azure subscription that will make the pipeline always fail with
"The pipeline is not valid. Job myDeployment: Step input
azureSubscription references service connection $(mySubscription)
which could not be found."
Example of pipeline and template below.
Is there any way to path azure Subscription to the template?strong text
pipeline.yml
- stage: myStage
pool: windows
variables:
- name: azureSubscription
value: mySubscription
- name: keyVaultName
name: myKeyVauld
jobs:
deployment: myDeployment
strategy:
runOnce:
deploy:
steps:
- template: myTemplate.yml
parameters:
subscription: $(azureSubscription) # changing this to literal will work but not what I need
vault: $(keyVaultName)
myTemplate.yml
parameters:
- name: subscription
type: string
default: ''
- name: vault
type: string
default: ''
steps:
- task: AzureKeyVault#1
inputs:
azureSubscription: '${{ parameters.subscription }}'
keyVaultName: '${{ parameters.vault }}'
secretsFilter: myKey
This is a known issue / limitation. You have to pass the Azure subscription as a literal. No way around it that I know of, unfortunately.
It's been a point of discussion for literally years on this GitHub issue: https://github.com/microsoft/azure-pipelines-agent/issues/1307
You need to go to Project setting -> Pipelines section -> Service connections and create a Service Connection for Azure Resource Manager, choose between Service principal and Managed identity authentication type.
After you can use the name of created Service Connection in your YAML file in azureSubscription parameter.

Resources