Last active
December 11, 2023 11:33
-
-
Save Gershon-A/e9f8aaf0c1d021da4088ab10b1811b7c to your computer and use it in GitHub Desktop.
CloudFormation template for Global Accelerator with Listeners
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: >- | |
| CloudFormation template for Global Accelerator with Listeners port 443 and Endpoints to exist ALB. | |
| Exist ALB Arn is fettched by Lambda. | |
| Finaly, we updating Dns recoord for domain to point to the Global Accelerator. | |
| # ------------------------------------------------------------# | |
| # Input Parameters | |
| # ------------------------------------------------------------# | |
| Parameters: | |
| DomainName: | |
| Type: String | |
| Default: "example.com" | |
| Description: Domain name used in ALB | |
| AlbName: | |
| Type: String | |
| Default: "myalb-*" | |
| Description: ALB Name | |
| HostedZoneId: | |
| Type: String | |
| Description: Route53 domain hosted zone id | |
| usecase: | |
| Description: What is the use case? | |
| Type: String | |
| AllowedValues: | |
| - "prod" | |
| - "stage" | |
| - "dev" | |
| - "loadtest" | |
| - "dr" | |
| - "qa" | |
| Default: prod | |
| Resources: | |
| LambdaExecutionRole: | |
| Type: 'AWS::IAM::Role' | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - lambda.amazonaws.com | |
| Action: | |
| - 'sts:AssumeRole' | |
| Policies: | |
| - PolicyName: LambdaExecutionPolicy | |
| PolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - 'logs:CreateLogGroup' | |
| - 'logs:CreateLogStream' | |
| - 'logs:PutLogEvents' | |
| Resource: 'arn:aws:logs:*:*:*' | |
| - Effect: Allow | |
| Action: | |
| - 'elasticloadbalancing:DescribeLoadBalancers' | |
| Resource: '*' | |
| AlbArnFetcher: | |
| Type: 'AWS::Lambda::Function' | |
| Properties: | |
| Handler: index.handler | |
| Role: !GetAtt 'LambdaExecutionRole.Arn' | |
| Code: | |
| ZipFile: | | |
| const AWS = require('aws-sdk'); | |
| const response = require('cfn-response'); | |
| exports.handler = (event, context) => { | |
| const albNamePattern = process.env.ALB_NAME; | |
| if (event.RequestType === 'Delete') { | |
| response.send(event, context, response.SUCCESS); | |
| return; | |
| } | |
| const elbv2 = new AWS.ELBv2(); | |
| elbv2.describeLoadBalancers({}, (err, data) => { | |
| if (err) { | |
| response.send(event, context, response.FAILED, err); | |
| } else { | |
| const alb = data.LoadBalancers.find(lb => lb.LoadBalancerName.startsWith(albNamePattern)); | |
| if (alb) { | |
| response.send(event, context, response.SUCCESS, { AlbArn: alb.LoadBalancerArn }); | |
| } else { | |
| response.send(event, context, response.FAILED, { error: 'No matching ALB found' }); | |
| } | |
| } | |
| }); | |
| }; | |
| Runtime: nodejs16.x | |
| Timeout: 15 | |
| Environment: | |
| Variables: | |
| ALB_NAME: !Ref AlbName | |
| AlbArnCustomResource: | |
| Type: 'Custom::AlbArnFetcher' | |
| Properties: | |
| ServiceToken: !GetAtt 'AlbArnFetcher.Arn' | |
| AlbAccelerator: | |
| Type: 'AWS::GlobalAccelerator::Accelerator' | |
| Properties: | |
| Name: !Sub ${AWS::StackName}-alb | |
| IpAddressType: IPV4 | |
| Enabled: true | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${AWS::StackName}-alb | |
| - Key: usecase | |
| Value: !Ref usecase | |
| - Key: Env | |
| Value: !Ref usecase | |
| - Key: Region | |
| Value: !Ref "AWS::Region" | |
| AlbListener: | |
| Type: 'AWS::GlobalAccelerator::Listener' | |
| Properties: | |
| AcceleratorArn: !Ref AlbAccelerator | |
| PortRanges: | |
| - FromPort: 443 | |
| ToPort: 443 | |
| Protocol: TCP | |
| AlbEndpointGroup: | |
| Type: 'AWS::GlobalAccelerator::EndpointGroup' | |
| Properties: | |
| ListenerArn: !Ref AlbListener | |
| EndpointGroupRegion: !Ref 'AWS::Region' | |
| EndpointConfigurations: | |
| - EndpointId: !GetAtt 'AlbArnCustomResource.AlbArn' | |
| Weight: 100 | |
| ClientIPPreservationEnabled: 'true' | |
| TrafficDialPercentage: 100 | |
| # ------------------------------------------------------------# | |
| # Update DNS Recoord | |
| # The Hosted Zone ID for AWS Global Accelerator is a fixed value provided by AWS. | |
| # It does not change and is the same for all AWS Global Accelerators. | |
| # The Hosted Zone ID for AWS Global Accelerator is Z2BJ6XQ5FK7U4H. | |
| # ------------------------------------------------------------# | |
| RecordSetGroup: | |
| Type: 'AWS::Route53::RecordSetGroup' | |
| UpdateReplacePolicy: Delete | |
| DeletionPolicy: Delete | |
| Properties: | |
| HostedZoneId: !Ref HostedZoneId | |
| RecordSets: | |
| - Name: !Ref DomainName | |
| Type: A | |
| AliasTarget: | |
| DNSName: !GetAtt 'AlbAccelerator.DnsName' | |
| HostedZoneId: 'Z2BJ6XQ5FK7U4H' # this is the hosted zone ID for Global Accelerator | |
| EvaluateTargetHealth: 'false' | |
| Outputs: | |
| LambdaExecutionRole: | |
| Value: !GetAtt LambdaExecutionRole.Arn | |
| Export: | |
| Name: !Sub ${AWS::StackName}-LambdaExecutionRole | |
| AlbArn: | |
| Description: 'Lambda fethed ALB ARN' | |
| Value: !GetAtt 'AlbArnCustomResource.AlbArn' | |
| AlbAcceleratorDomain: | |
| Description: 'Global ALB Dns Name' | |
| Value: !GetAtt AlbAccelerator.DnsName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment