Created
May 17, 2021 14:44
-
-
Save aLucaz/2d1cb934a02cad9825a58ab22c7df92b to your computer and use it in GitHub Desktop.
Cloud Formation Yaml to Create Auto Scaled and Load Balanced Architecture
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: | |
| Goal | |
| -> create a VPC with | |
| -> 1 public subnet | |
| -> 1 private subnet | |
| -> create an Internet Gateway | |
| -> create a Nat Gateway | |
| -> create public instance as bastion | |
| -> create private instance | |
| -> create a load balancer | |
| -> add autoscaling support | |
| Parameters: | |
| VpcCidr: | |
| Type: String | |
| Default: 10.0.0.0/16 | |
| PublicSubnetACidr: | |
| Type: String | |
| Default: 10.0.1.0/24 | |
| PublicSubnetBCidr: | |
| Type: String | |
| Default: 10.0.2.0/24 | |
| PrivateSubnetACidr: | |
| Type: String | |
| Default: 10.0.11.0/24 | |
| PrivateSubnetBCidr: | |
| Type: String | |
| Default: 10.0.12.0/24 | |
| BastionKeyPairName: | |
| Type: AWS::EC2::KeyPair::KeyName | |
| Default: poc-cf-keypair | |
| PublicInstanceType: | |
| AllowedValues: | |
| - t2.micro | |
| - t2.small | |
| Default: t2.micro | |
| Type: String | |
| PublicSubnetAAZ: | |
| AllowedValues: | |
| - us-west-1a | |
| Default: us-west-1a | |
| Type: String | |
| PublicSubnetBAZ: | |
| AllowedValues: | |
| - us-west-1b | |
| Default: us-west-1b | |
| Type: String | |
| PrivateInstanceType: | |
| AllowedValues: | |
| - t2.micro | |
| - t2.small | |
| Default: t2.micro | |
| Type: String | |
| PrivateSubnetAAZ: | |
| AllowedValues: | |
| - us-west-1a | |
| Default: us-west-1a | |
| Type: String | |
| PrivateSubnetBAZ: | |
| AllowedValues: | |
| - us-west-1b | |
| Default: us-west-1b | |
| Type: String | |
| Mappings: | |
| RegionMap: | |
| us-west-1: | |
| HVM64: ami-0d382e80be7ffdae5 | |
| Resources: | |
| VPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: !Ref VpcCidr | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-vpc | |
| PublicSubnetA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Ref PublicSubnetAAZ | |
| CidrBlock: !Ref PublicSubnetACidr | |
| MapPublicIpOnLaunch: True | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-public-subnet-a | |
| PublicSubnetB: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Ref PublicSubnetBAZ | |
| CidrBlock: !Ref PublicSubnetBCidr | |
| MapPublicIpOnLaunch: True | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-public-subnet-b | |
| PrivateSubnetA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Ref PrivateSubnetAAZ | |
| CidrBlock: !Ref PrivateSubnetACidr | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-private-subnet-a | |
| PrivateSubnetB: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Ref PrivateSubnetBAZ | |
| CidrBlock: !Ref PrivateSubnetBCidr | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-private-subnet-b | |
| # Connecting VPC to internet | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: ig-vpc | |
| InternetGatewayAttachement: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref VPC | |
| # Creating VPC route table with an entry to route Internet traffic to the Internet Gateway | |
| PublicRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: Public routes | |
| DefaultPublicRoute: | |
| Type: AWS::EC2::Route | |
| DependsOn: InternetGatewayAttachement | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref InternetGateway | |
| # Creating public subnet A & B route table association | |
| PublicSubnetARouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnetA | |
| PublicSubnetBRouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnetB | |
| # Now we neer Nat Gateway Associations to our private subnet | |
| NatGatewayAIP: | |
| Type: AWS::EC2::EIP | |
| DependsOn: InternetGatewayAttachement | |
| Properties: | |
| Domain: vpc | |
| NatGatewayA: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt NatGatewayAIP.AllocationId | |
| SubnetId: !Ref PublicSubnetA | |
| # Creating a private subnet A & B route table association, to this we need a Nat Gateway | |
| PrivateRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: Private routes | |
| DefaultPrivateRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref NatGatewayA | |
| PrivateSubnetARouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable | |
| SubnetId: !Ref PrivateSubnetA | |
| PrivateSubnetBRouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable | |
| SubnetId: !Ref PrivateSubnetB | |
| # Creating a EC2 instance and SG as Bastion in public subnet | |
| BastionSG: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| GroupDescription: we use this instance as ssh bastion | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 22 | |
| ToPort: 22 | |
| CidrIp: 0.0.0.0/0 | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-bastion-sg | |
| BastionInstance: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: !FindInMap | |
| - RegionMap | |
| - !Ref AWS::Region | |
| - HVM64 | |
| InstanceType: !Ref PublicInstanceType | |
| KeyName: !Ref BastionKeyPairName | |
| SubnetId: !Ref PublicSubnetA | |
| SecurityGroupIds: | |
| - !Ref BastionSG | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-bastion-instance | |
| # Note: At this point i had to create a New Key Pair on AWS Console! named poc-cf-keypair | |
| # Creating a EC2 instance and DG as Private | |
| PrivateSG: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| GroupDescription: this is our private instance | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 22 | |
| ToPort: 22 | |
| SourceSecurityGroupId: !Ref BastionSG | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-private-dg | |
| # Creating Amazon Auto Scaling configuration | |
| LauchConfig: | |
| Type: AWS::AutoScaling::LaunchConfiguration | |
| Properties: | |
| ImageId: !FindInMap | |
| - RegionMap | |
| - !Ref AWS::Region | |
| - HVM64 | |
| InstanceType: !Ref PrivateInstanceType | |
| KeyName: !Ref BastionKeyPairName | |
| SecurityGroups: | |
| - !Ref PrivateSG | |
| AutoScalingGroup: | |
| Type: AWS::AutoScaling::AutoScalingGroup | |
| Properties: | |
| VPCZoneIdentifier: | |
| - !Ref PrivateSubnetA | |
| - !Ref PrivateSubnetB | |
| LaunchConfigurationName: !Ref LauchConfig | |
| TargetGroupARNs: | |
| - !Ref TargetGroup1 | |
| MaxSize: 2 | |
| MinSize: 1 | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-private-instance-asg | |
| PropagateAtLaunch: True | |
| UpdatePolicy: | |
| AutoScalingReplacingUpdate: | |
| WillReplace: True | |
| ScaleUpPolicy: | |
| Type: AWS::AutoScaling::ScalingPolicy | |
| Properties: | |
| AdjustmentType: ChangeInCapacity | |
| AutoScalingGroupName: !Ref AutoScalingGroup | |
| Cooldown: '100' | |
| ScalingAdjustment: 1 | |
| ScaleDownPolicy: | |
| Type: AWS::AutoScaling::ScalingPolicy | |
| Properties: | |
| AdjustmentType: ChangeInCapacity | |
| AutoScalingGroupName: !Ref AutoScalingGroup | |
| Cooldown: '100' | |
| ScalingAdjustment: -1 | |
| # Configuring target groups | |
| TargetGroup1: | |
| Type: AWS::ElasticLoadBalancingV2::TargetGroup | |
| Properties: | |
| Port: 80 | |
| Protocol: HTTP | |
| VpcId: !Ref VPC | |
| HealthCheckIntervalSeconds: 30 | |
| HealthCheckPath: / | |
| HealthCheckPort: 80 | |
| HealthCheckProtocol: HTTP | |
| HealthCheckTimeoutSeconds: 5 | |
| HealthyThresholdCount: 2 | |
| Tags: | |
| - Key: Name | |
| Value: TG-1 | |
| # Adding load balancer | |
| LoadBalancerSG: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| GroupDescription: we use this SG for the load balancer | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 80 | |
| ToPort: 80 | |
| CidrIp: 0.0.0.0/0 | |
| - IpProtocol: tcp | |
| FromPort: 443 | |
| ToPort: 443 | |
| CidrIp: 0.0.0.0/0 | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-lb-sg | |
| LoadBalancer: | |
| Type: AWS::ElasticLoadBalancingV2::LoadBalancer | |
| Properties: | |
| IpAddressType: ipv4 | |
| Scheme: internet-facing | |
| SecurityGroups: | |
| - !Ref LoadBalancerSG | |
| Subnets: | |
| - !Ref PublicSubnetA | |
| - !Ref PublicSubnetB | |
| Tags: | |
| - Key: Name | |
| Value: poc-cf-lb | |
| Type: application | |
| Listener: | |
| Type: AWS::ElasticLoadBalancingV2::Listener | |
| Properties: | |
| DefaultActions: | |
| - Type: forward | |
| TargetGroupArn: | |
| Ref: TargetGroup1 | |
| LoadBalancerArn: | |
| Ref: LoadBalancer | |
| Port: 80 | |
| Protocol: HTTP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment