{ "info": { "author": "Ben Fortuna", "author_email": "fortuna@micronode.com", "bugtrack_url": null, "classifiers": [], "description": "# Bedrock - Building blocks for composable Cloud architectures \n\n[Docker]: https://docker.com\n[Terraform]: https://terraform.io\n[Cloudformation]: https://aws.amazon.com/cloudformation/\n\n[Introduction]: #introduction\n\n[Features]: #features\n\n[Getting started]: #getting-started\n[Requirements]: #requirements\n[Configuring]: #configuring\n\n\n[Examples]: #examples\n\n[Development]: #development\n\n[Contributing]: #contributing\n\n#### Table of Contents\n\n1. [Introduction - What is Bedrock?][Introduction]\n2. [Features][Features]\n3. [Getting started - How to use Bedrock][Getting started]\n\t- [Requirements]\n\t- [Configuring]\n - [Examples - common usage scenarios][Examples]\n4. [Development - Guide for contributing to the Bedrock project][Development]\n - [Contributing to Bedrock][Contributing]\n\n## Introduction\n\nBedrock is a collection of blueprints for building public Cloud infrastructure\nusing best-practice architectures and techniques. These blueprints are\nbased on popular tools such as [Terraform] and [Cloudformation], and provide\nboth an informative and practical approach to infrastructure provisioning.\n\n### Blueprint\n\n### Manifest\n\nA manifest provides a way to define one or more collections of blueprints (a constellation) and associated configurations that make up a complete architecture.\n\nOften a single blueprint is not sufficient to define a Cloud architecture as they are more likely to be distributed across multiple services. For example, you might have an ECS cluster for web/API applications, RDS or DynamDB for persistence, and S3 for archiving.\n\nWithin each of these tiers are additional ancillary services such as route53 for well-known endpoints and/or service discovery, cloudwatch events/triggers, etc. The collection of blueprints that encapsulates and independent function is called a constellation. Multiple constellations may be defined in a single manifest such that an entire architecture may be provisioned.\n\nA manifest also provides a higher-order language that can be used to unambiguously describe novel Cloud architectures that are composed of well-defined blueprints.\n\n## Features\n\nThe purpose of Bedrock is not only to provide best-practice blueprints for modern architectures, but to explore and\neducate about the challenges, decisions and opinions behind the designs themselves. As such, Bedrock aims to avoid\na \"black box\" approach and is designed to encourage hacking and examining the underlying code.\n\n### Exploration\n\nEach Bedrock module is designed to exist independently from the rest, to allow maximum portability and sharing of code.\nYou can go into any module directory and run `terraform init && terraform apply` to execute a blueprint in your\nconfigured environment.\n\nFor example, if you require a Bastion host in your AWS account, do the following:\n\n # provision IAM roles for creating Bastion host\n cd terraform/blueprints/bastion/roles\n terraform init && terraform apply\n\n # provision a new Bastion EC2 host\n cd ../aws\n terraform init && terraform apply -var bastion_user=bedrock \n\n\n### Run Anywhere\n\nYou can also build any Bedrock module as a [Docker] image, that can be run anywhere Docker is supported. Building images\nis supported via a Makefile in the root directory, which you can execute as follows:\n\n # Build Docker images for Bastion roles and instance\n make bastion-roles bastion-aws\n\nThe Makefile will ensure dependencies are build in the right order, and includes support for tagging and push to a\nremote Docker registry:\n\n # Tag and push to AWS ECR\n REGISTRY=.dkr.ecr.ap-southeast-2.amazonaws.com make tag push bastion-aws\n\nAfter building an image you can now use the provided scripts to execute the blueprint in the current working directory:\n\n # provision a new Bastion EC2 host\n export BEDROCK_REGISTRY=.dkr.ecr.ap-southeast-2.amazonaws.com\n bastion/scripts/bastion-aws.sh init && bastion/scripts/bastion-aws.sh apply\n\n\n### Automation\n\nAs the Docker images for Bedrock blueprints can be run anywhere that supports Docker, it is now possible to integrate\nwith automated deployment and provisioning tools also. This might include build tools such as Jenkins or Bamboo, and\nalso integrated with Cloud platforms such as AWS via the AWS Developer Tools (CodeBuild, CodePipeline, etc.).\n\nAs an example, we might configure a CodeBuild project to provision a blueprint using configuration from an S3 Bucket.\nUsing S3 Bucket notifications we can trigger a build by simply updating a blueprint configuration. This allows for a\nvery minimal effort approach to provisioning sophisticated and secure architectures whilst retaining the ability to\nmaintain and evolve the designs.\n\n\n## Getting started\n\n### Bedrock Manifest Tool\n\nA collection of helper tools for Bedrock are available in the Python Package Index (pypi.org),\nand can be installed as follows:\n\n $ pip install brock\n\nThe first manifest you run should initialise your environment, for example:\n\n ## Contents of bedrock-init.yml\n name: AWS Initialisation\n\n description: Create Bedrock IAM roles and an S3 bucket for storing Terraform state\n\n constellations:\n policies:\n iam-policies:\n\n roles:\n iam-roles:\n\n default:\n terraform-state-aws:\n\nYou can then run this using the Bedrock Manifest Tool:\n\n $ bmt init -m bedrock-init.yml\n $ TF_APPLY_ARGS=-auto-approve bmt apply -m bedrock-init.yml\n\nThe first command will initialise the Terraform providers/plugins, whilst the second will provision the IAM roles\nand S3 bucket required for Bedrock provisioning.\n\n_NOTE: As of this writing the above manifest will create 15 IAM policies, 2 IAM roles and 1 S3 bucket._\n\n\n### Examples\n\n#### Provision a Bastion host\n\nThe following manifest file describes how to deploy an EC2 instance as a Bastion host:\n\n name: AWS Bastion Host\n\n description: Provision an EC2 instance for Bastion\n\n constellations:\n bastion:\n bastion-roles:\n bastion-aws:\n bastion_user: fortuna\n\nYou can execute this file as follows:\n\n $ bmt apply -m bastion.yml -c ssh_key=@~/.ssh/id_rsa.pub\n\nThis command will apply the manifest in your AWS account, overriding the `ssh_key`\ninput variable using the public SSH key from your local SSH configuration.\n\n#### Deploy Lambda Layers\n\nThe following manifest will create common Lambda Layers for use in Lambda functions:\n\n name: Lambda Layers\n\n description: Create Lambda Layers to support Bedrock Lambda blueprints\n\n constellations:\n aws-java-sdk-lambda:\n lambda-layer:\n layer_name: aws-java-sdk-lambda\n description: Support for the AWS Lambda SDK for Java\n content_path: /tools/aws-java-sdk-lambda/build/layer\n runtimes:\n - java8\n\n groovy-runtime:\n lambda-layer:\n layer_name: groovy-runtime\n description: Support for the Groovy JVM language\n content_path: /tools/groovy-runtime/build/layer\n runtimes:\n - java8\n\n python-requests:\n lambda-layer:\n layer_name: python-requests\n description: Python requests package plus dependencies\n content_path: /tools/python-requests/packages\n runtimes:\n - python3.6\n\nNote that this manifest requires an additional volume to provide input for the `content_path` variable:\n\n $ bmt apply -m lambda-layers.yml -v \"$PWD/tools:/tools\"\n\n\n### Requirements\n\nTo make use of Bedrock you must have access to a public Cloud and a local\nenvironment with [Docker] installed.\n\nIf you intend to build the Docker images from source you will also require\nmake to be installed.\n\n### Configuring\n\nConfiguration will depend on the Cloud environment(s) available, but typically\nwill involve setting an API key in your environment that allows [Terraform]\naccess to resources in your account.\n\nWhen using API keys we want to restrict access to the bare minimum required\nto perform the required tasks (Principle of least privilege). As such you\nshould ensure the associated user has just the permissions outlined in the\ntable below:\n\n| Cloud Provider | Service | Permission |\n|----------------|:-------:|:----------:|\n|AWS|Codebuild|Execute|\n|Digital Ocean|API|Full access|\n\n### Terraform\n\nYou can manage your Terraform state using either local storage or with an AWS S3 bucket.\nIt is advisable to use S3 to protect your state, in which case you will require a user with\nthe following IAM permissions:\n\n| IAM Permission | Description | ARN |\n|----------------|-------------|-----|\n|S3 Bucket create|Creates an S3 bucket containing Terraform state|arn:aws:iam::<AWS account ID>:policy/bedrock-terraform-state|\n|IAM Policy create|Creates an IAM policy to allow access to read/write to the S3 Bucket|arn:aws:iam::<AWS account ID>:policy/bedrock-terraform-state|\n\n\n### AWS\n\nFor provisioning blueprints in AWS you will require a user with the following IAM permissions:\n\n| IAM Permission | Description | ARN |\n|----------------|-------------|-----|\n|Terraform state (*)|Read/write permissions to S3 bucket containing Terraform state|arn:aws:iam::<AWS account ID>:policy/bedrock-terraform-state|\n|Assume role|Can assume role required for blueprint provisioning|arn:aws:iam::<AWS account ID>:role/*-bedrock-*|\n\n* Note that the `Terraform state` permission is only required when state is stored in AWS.\n\n## Development\n\n### Building Docker images\n\nIf you want to build the blueprint Docker images locally a `Makefile` is provided that supports the following\ngoals:\n\n # Build all blueprints with the default settings\n make all \n\n # Build a specific set of blueprints \n make [...]\n\n # Build blueprints with a specific Terraform version\n BUILD_ARGS=\"--build-arg TERRAFORM_VERSION=0.11.4\" make all \n\n # Generate documentation (README) for all blueprints\n make docs\n\n # Tag and push blueprints to a custom registry\n REGISTRY=\"https://my.docker.registry/bedrock\" make tag push \n\n\n### Contributing\n\nOpen source software is made stronger by the community that supports it. Through participation you not only contribute to the quality of the software, but also gain a deeper insight into the inner workings.\n\nContributions may be in the form of feature enhancements, bug fixes, test cases, documentation and forum participation. If you have a question, just ask. If you have an answer, write it down.\n\nAnd if you are somehow constrained from participation, through corporate policy or otherwise, consider financial support. After all, if you are profiting from open source it's only fair to give something back to the community that make it all possible.\n\n## Developer Environment\n\nUse the following tools to provision a pre-configured developer environment.\n\n### Vagrant\n\n $ vagrant up\n $ ssh -p 2222 -L 8080:localhost:8080 vagrant@localhost # password: vagrant\n\n### Docker\n\n $ docker build -t bedrock-env .\n $ ./developer-env.sh\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/micronode/bedrock", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "brock", "package_url": "https://pypi.org/project/brock/", "platform": "", "project_url": "https://pypi.org/project/brock/", "project_urls": { "Homepage": "https://github.com/micronode/bedrock" }, "release_url": "https://pypi.org/project/brock/1.0.2/", "requires_dist": [ "PyYAML (>=5.1)", "docker (>=3.7.2)" ], "requires_python": ">=3.7", "summary": "A collection of Terraform-based blueprints", "version": "1.0.2" }, "last_serial": 5469271, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "f37746d5c4e6a7d8e8ddb3a4141df3b3", "sha256": "522839d992cb6832e08df43ae0aa4cc5fffbd4d07003d5bbcb65b08409761ec2" }, "downloads": -1, "filename": "brock-1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "f37746d5c4e6a7d8e8ddb3a4141df3b3", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8900, "upload_time": "2019-06-27T12:12:32", "url": "https://files.pythonhosted.org/packages/67/3f/d1e596a2d074096e86e333af7d58a1e30267365b2944a2e2914270c0e320/brock-1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "6ca577c5ee797393051ded05dbe73684", "sha256": "60bffab189051bb050550f12a06ca79b78a105a1ad383dcd7338f27e09b67e80" }, "downloads": -1, "filename": "brock-1.0.tar.gz", "has_sig": false, "md5_digest": "6ca577c5ee797393051ded05dbe73684", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8658, "upload_time": "2019-06-27T12:12:35", "url": "https://files.pythonhosted.org/packages/84/13/74f1b80ee64613254cc29b4bfec300e0aff84764b6b5e9cd45efdb2926cb/brock-1.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "16c5ae62d0a442d647cc3db23168149a", "sha256": "a432d1e01825097b5bb8499fff36026daa4ded6aa650183964c15f71eac67c88" }, "downloads": -1, "filename": "brock-1.0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "16c5ae62d0a442d647cc3db23168149a", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.7", "size": 8976, "upload_time": "2019-06-28T07:15:39", "url": "https://files.pythonhosted.org/packages/5e/70/d8beae28205bcc9277964dd9fe9a0fad6fb0ed694ca61fc7bcf402cd73af/brock-1.0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8cf247398a07aab103ade75140e3c3be", "sha256": "0829fec4ae76f6f20f87a09a06fa18b2586395ee901faea5b51a664aa2715f1a" }, "downloads": -1, "filename": "brock-1.0.1.tar.gz", "has_sig": false, "md5_digest": "8cf247398a07aab103ade75140e3c3be", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 8761, "upload_time": "2019-06-28T07:15:40", "url": "https://files.pythonhosted.org/packages/63/e7/0267bfc7c120e1f1342491e90649ee71dabddc0c16cefca461133ff5e39d/brock-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "8ed2a259d9f72608bf05b62054688374", "sha256": "70cf2b68812458afcc8d269afa193dc4c8907036568031883c78cb8257f7df7e" }, "downloads": -1, "filename": "brock-1.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "8ed2a259d9f72608bf05b62054688374", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.7", "size": 9290, "upload_time": "2019-07-01T01:56:49", "url": "https://files.pythonhosted.org/packages/77/c2/12f3ff2bb1f02906d60865f82e1d77ce3d67e52a3f4d5eae1197932632ed/brock-1.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "2f59c5434dc572c737fddc76b88c745c", "sha256": "32a6fa88b0dbbd468bd8b1ebeaa79b96324201a6e4626649017f4433667cf358" }, "downloads": -1, "filename": "brock-1.0.2.tar.gz", "has_sig": false, "md5_digest": "2f59c5434dc572c737fddc76b88c745c", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 9306, "upload_time": "2019-07-01T01:56:52", "url": "https://files.pythonhosted.org/packages/cb/df/235f016f3044cf98f46729a027d6385c860ff30969fffd5c3fe66c2e9d76/brock-1.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "8ed2a259d9f72608bf05b62054688374", "sha256": "70cf2b68812458afcc8d269afa193dc4c8907036568031883c78cb8257f7df7e" }, "downloads": -1, "filename": "brock-1.0.2-py3-none-any.whl", "has_sig": false, "md5_digest": "8ed2a259d9f72608bf05b62054688374", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.7", "size": 9290, "upload_time": "2019-07-01T01:56:49", "url": "https://files.pythonhosted.org/packages/77/c2/12f3ff2bb1f02906d60865f82e1d77ce3d67e52a3f4d5eae1197932632ed/brock-1.0.2-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "2f59c5434dc572c737fddc76b88c745c", "sha256": "32a6fa88b0dbbd468bd8b1ebeaa79b96324201a6e4626649017f4433667cf358" }, "downloads": -1, "filename": "brock-1.0.2.tar.gz", "has_sig": false, "md5_digest": "2f59c5434dc572c737fddc76b88c745c", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.7", "size": 9306, "upload_time": "2019-07-01T01:56:52", "url": "https://files.pythonhosted.org/packages/cb/df/235f016f3044cf98f46729a027d6385c860ff30969fffd5c3fe66c2e9d76/brock-1.0.2.tar.gz" } ] }