Skip to content

Instantly share code, notes, and snippets.

@Twinuma

Twinuma/vpc-eb-bestpractice-develop.template

Created March 30, 2016 01:56
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Twinuma/cce97a2c86c00aca41d35c5e7ce718ff to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Twinuma/cce97a2c86c00aca41d35c5e7ce718ff to your computer and use it in GitHub Desktop.
Download ZIP
elasticbeanstalk in vpc bestpractice template for development
Raw
vpc-eb-bestpractice-develop.template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "ElasticBeanstalk in VPC Bestpractice Template For MonstarLab,Inc.",
"Parameters": {
"SSHLocation" : {
"Description" : " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"VPCName": {
"Description": "select your VPC Name",
"Type": "String",
"Default": "dev-vpc",
"AllowedValues" : [
"dev-vpc",
"stg-vpc",
"prod-vpc"
],
"ConstraintDescription" : ""
},
"VPCCidr": {
"Description": "input your VPC cidr",
"Type": "String",
"Default": "10.2.0.0/16",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/16",
"ConstraintDescription": ""
},
"FrontendSubnetACidr": {
"Description": "input your VPC FrontendSubnetA cidr",
"Type": "String",
"Default": "10.2.10.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"FrontendSubnetCCidr": {
"Description": "input your VPC FrontendSubnetC cidr",
"Type": "String",
"Default": "10.2.20.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"BackendSubnetACidr": {
"Description": "input your VPC BackendSubnetA cidr",
"Type": "String",
"Default": "10.2.50.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"BackendSubnetCCidr": {
"Description": "input your VPC BackendSubnetC cidr",
"Type": "String",
"Default": "10.2.60.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
}
},
"Conditions" : {},
"Mappings": {},
"Resources": {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : {"Ref": "VPCCidr"},
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"InstanceTenancy" : "default",
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{"Key" : "Network", "Value" : "Public" },
{"Key" : "Name", "Value" : { "Ref" : "VPCName" } }
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{"Key" : "Network", "Value" : "Public" },
{"Key" : "Name", "Value" : "vpc-igw" }
]
}
},
"AttachGateway" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"InternetGatewayId" : {"Ref" : "InternetGateway"}
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Network", "Value" : "Public" },
{"Key" : "Name", "Value" : "public-route-table" }
]
}
},
"PrivateRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{"Key" : "Name", "Value" : "private-route-table" }
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "AttachGateway",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"FrontendSubnetA": {
"Type": "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId": { "Ref": "VPC" },
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock": {"Ref": "FrontendSubnetACidr"},
"MapPublicIpOnLaunch" : true,
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Network", "Value" : "Public" },
{"Key" : "Name", "Value" : "front-a" }
]
}
},
"FrontendSubnetC": {
"Type": "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties": {
"VpcId": { "Ref": "VPC" },
"AvailabilityZone" : "ap-northeast-1c",
"CidrBlock": {"Ref": "FrontendSubnetCCidr"},
"MapPublicIpOnLaunch" : true,
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Network", "Value" : "Public" },
{"Key" : "Name", "Value" : "front-c" }
]
}
},
"BackendSubnetA" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : {"Ref": "BackendSubnetACidr"},
"AvailabilityZone" : "ap-northeast-1a",
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{"Key" : "Network", "Value" : "Private" },
{"Key" : "Name", "Value" : "backend-a" }
]
}
},
"BackendSubnetC" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : {"Ref": "BackendSubnetCCidr"},
"AvailabilityZone" : "ap-northeast-1c",
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{"Key" : "Network", "Value" : "Private" },
{"Key" : "Name", "Value" : "backend-c" }
]
}
},
"FrontendSubnetARouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "FrontendSubnetA" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"FrontendSubnetCRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "FrontendSubnetC" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"SSHSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation" } }
],
"Tags" : [
{"Key" : "Name", "Value" : "ssh-only" }
]
}
},
"ELBSecurityGroup1" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "ELB SECURITY GROUP",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" },
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" }
],
"Tags" : [
{"Key" : "Name", "Value" : "elb-sg" }
]
}
},
"ELBSecurityGroup2" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "ADMIN ELB SECURITY GROUP",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" },
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" }
],
"Tags" : [
{"Key" : "Name", "Value" : "admin-elb-sg" }
]
}
},
"WEBAPPSecurityGroup1" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"GroupDescription" : "WEBAPP SECURITY GROUP",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupId": {"Fn::GetAtt": ["ELBSecurityGroup1", "GroupId"]}},
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "SourceSecurityGroupId": {"Fn::GetAtt": ["SSHSecurityGroup", "GroupId"]}}
],
"Tags" : [
{"Key" : "Name", "Value" : "web-sg" }
]
}
},
"WEBAPPSecurityGroup2" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"GroupDescription" : "ADMIN WEBAPP SECURITY GROUP",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupId": {"Fn::GetAtt": ["ELBSecurityGroup2", "GroupId"]}},
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "SourceSecurityGroupId": {"Fn::GetAtt": ["SSHSecurityGroup", "GroupId"]}}
],
"Tags" : [
{"Key" : "Name", "Value" : "admin-web-sg" }
]
}
},
"DBSecurityGroupForMySQL" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"GroupDescription" : "DB SECURITY GROUP",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "3306", "ToPort" : "3306", "SourceSecurityGroupId": {"Fn::GetAtt": ["WEBAPPSecurityGroup1", "GroupId"]}},
{ "IpProtocol" : "tcp", "FromPort" : "3306", "ToPort" : "3306", "SourceSecurityGroupId": {"Fn::GetAtt": ["WEBAPPSecurityGroup2", "GroupId"]}}
],
"Tags" : [
{"Key" : "Name", "Value" : "mysql-db-sg" }
]
}
},
"DBSecurityGroupForPostgreSQL" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"GroupDescription" : "DB SECURITY GROUP",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "5432", "ToPort" : "5432", "SourceSecurityGroupId": {"Fn::GetAtt": ["WEBAPPSecurityGroup1", "GroupId"]}},
{ "IpProtocol" : "tcp", "FromPort" : "5432", "ToPort" : "5432", "SourceSecurityGroupId": {"Fn::GetAtt": ["WEBAPPSecurityGroup2", "GroupId"]}}
],
"Tags" : [
{"Key" : "Name", "Value" : "postgre-db-sg" }
]
}
},
"CACHESecurityGroupForMemcached" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"GroupDescription" : "CACHE SECURITY GROUP for Memcached",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "11212", "ToPort" : "11212", "SourceSecurityGroupId": {"Fn::GetAtt": ["WEBAPPSecurityGroup1", "GroupId"]}}
],
"Tags" : [
{"Key" : "Name", "Value" : "memcached-cache-sg" }
]
}
},
"CACHESecurityGroupforRedis" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"GroupDescription" : "CACHE SECURITY GROUP for Redis",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "6379", "ToPort" : "6379", "SourceSecurityGroupId": {"Fn::GetAtt": ["WEBAPPSecurityGroup1", "GroupId"]}}
],
"Tags" : [
{"Key" : "Name", "Value" : "redis-cache-sg" }
]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment