Toolset to render and manage AWS CloudFormation ( https://pypi.org/project/cloudbender )

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

Stefan Reimer 7d6135e099 ZeroDownTime/CloudBender/pipeline/head This commit looks good Details fix: code style / flake8 automation		1 year ago
cloudbender	fix: code style / flake8 automation	1 year ago
tests	First release on PyPy, Makefile and License	4 years ago
.flake8	fix: code style / flake8 automation	1 year ago
.gitignore	Initial checkin	5 years ago
CHANGES.md	feat: add DISABLE_SOPS	2 years ago
Dockerfile	ci: add git to build container to make versioning work	1 year ago
Jenkinsfile	ci: disable trivy fail for now	1 year ago
LICENSE.md	First release on PyPy, Makefile and License	4 years ago
Makefile	fix: code style / flake8 automation	1 year ago
README.md	chore: some more docs	2 years ago
cloudbender.png	Update logo	3 years ago
dev-requirements.txt	feat: Enabled Jinja2 V3 support	1 year ago
requirements.txt	feat: Enabled Jinja2 V3 support	1 year ago
setup.cfg	ci: use version number from Git tag	1 year ago
setup.py	ci: further versioning tweaks	1 year ago

README.md

CloudBender

About

Toolset to deploy and maintain infrastructure in automated and trackable manner.
First class support for:

Install

$ pip install cloudbender

State management

Cloudformation

All state is handled by AWS Cloudformation.
The required account and region are determined by CloudBender automatically from the configuration.

Pulumi

The state for all Pulumi resources are stored on S3 in your account and in the same region as the resources being deployed. No data is send to nor shared with the official Pulumi provided APIs.

CloudBender configures Pulumi with a local, temporary workspace on the fly. This incl. the injection of various common parameters like the AWS account ID and region etc.

CLI

Usage: cloudbender [OPTIONS] COMMAND [ARGS]...

Options:
  --version   Show the version and exit.
  --debug     Turn on debug logging.
  --dir TEXT  Specify cloudbender project directory.
  --help      Show this message and exit.

Commands:
  clean              Deletes all previously rendered files locally
  create-change-set  Creates a change set for an existing stack - CFN only
  create-docs        Parses all documentation fragments out of rendered...
  delete             Deletes stacks or stack groups
  get-config         Get a config value, decrypted if secret
  outputs            Prints all stack outputs
  preview            Preview of Pulumi stack up operation
  provision          Creates or updates stacks or stack groups
  refresh            Refreshes Pulumi stack / Drift detection
  render             Renders template and its parameters - CFN only
  set-config         Sets a config value, encrypts with stack key if secret
  sync               Renders template and provisions it right away
  validate           Validates already rendered templates using cfn-lint...

Config management

Within the config folder each directory represents either a stack group if it has sub-directories, or an actual Cloudformation stack in case it is a leaf folder.
The actual configuration for each stack is hierachly merged. Lower level config files overwrite higher-level values. Complex data structures like dictionaries and arrays are deep merged.

Quickstart

TBD

Secrets handling

Pulumi

CloudBender supports the native Pulumi secret handling. See Pulumi Docs for details.

Cloudformation

CloudBender supports SOPS to encrypt values in any config yaml file since version 0.8.1

If a sops encrypted config file is detected CloudBender will automatically try to decrypt the file during execution.
All required information to decrypt has to be present in the embedded sops config or set ahead of time via sops supported ENVIRONMENT variables.

SOPS support can be disabled by setting DISABLE_SOPS in order to reduce timeouts etc.