Last active
August 30, 2017 15:06
-
-
Save hirokazumiyaji/4a834d5049b411e85d9832ff5d50420a to your computer and use it in GitHub Desktop.
cloud formation example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: VPC Network Template | |
| Parameters: | |
| ServiceName: | |
| Type: String | |
| Description: Service name use resource tag and name field etc. | |
| Default: example | |
| EnvName: | |
| Type: String | |
| Description: environment | |
| Default: production | |
| KeyName: | |
| Type: String | |
| Description: EC2 Key Pair Name | |
| Default: key | |
| AdminInstanceImageId: | |
| Type: String | |
| Description: Admin EC2 Instance Image Id | |
| Default: ami-3bd3c45c | |
| AdminInstanceType: | |
| Type: String | |
| Default: t2.small | |
| AllowedValues: ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "m4.16xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge"] | |
| WebInstanceImageId: | |
| Type: String | |
| Description: Web EC2 Instance Image Id | |
| Default: ami-3bd3c45c | |
| WebInstanceType: | |
| Type: String | |
| Default: t2.small | |
| AllowedValues: ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "m4.16xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge"] | |
| RDSInstanceType: | |
| Type: String | |
| Default: db.t2.small | |
| AllowedValues: ["db.t2.small", "db.t2.medium", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge"] | |
| Mappings: | |
| StackConfig: | |
| VPC: | |
| CIDR: 10.0.0.0/16 | |
| PublicManagementSubnetZoneA: | |
| CIDR: 10.0.0.0/24 | |
| AvailabilityZone: ap-northeast-1a | |
| PublicLBSubnetZoneA: | |
| CIDR: 10.0.4.0/24 | |
| AvailabilityZone: ap-northeast-1a | |
| PublicLBSubnetZoneC: | |
| CIDR: 10.0.5.0/24 | |
| AvailabilityZone: ap-northeast-1c | |
| PublicWebSubnetZoneA: | |
| CIDR: 10.0.6.0/24 | |
| AvailabilityZone: ap-northeast-1a | |
| PublicWebSubnetZoneC: | |
| CIDR: 10.0.7.0/24 | |
| AvailabilityZone: ap-northeast-1c | |
| PrivateDBSubnetZoneA: | |
| CIDR: 10.0.10.0/24 | |
| AvailabilityZone: ap-northeast-1a | |
| PrivateDBSubnetZoneC: | |
| CIDR: 10.0.11.0/24 | |
| AvailabilityZone: ap-northeast-1c | |
| Resources: | |
| VPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: !FindInMap ["StackConfig", "VPC", "CIDR"] | |
| InstanceTenancy: default | |
| EnableDnsHostnames: "true" | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: vpc | |
| - Key: Env | |
| Value: !Ref EnvName | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: internet-gateway | |
| - Key: Env | |
| Value: !Ref EnvName | |
| VPCGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref VPC | |
| RouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: route-table | |
| - Key: Env | |
| Value: !Ref EnvName | |
| Route: | |
| Type: AWS::EC2::Route | |
| DependsOn: VPCGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref RouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref InternetGateway | |
| PublicManagementSubnetZoneA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "CIDR"] | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: public-instance | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicWebSubnetZoneA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "CIDR"] | |
| MapPublicIpOnLaunch: false | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: web | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicWebSubnetZoneC: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "CIDR"] | |
| MapPublicIpOnLaunch: false | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: web | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicLBSubnetZoneA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicLBSubnetZoneA", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicLBSubnetZoneA", "CIDR"] | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: lb | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicLBSubnetZoneC: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicLBSubnetZoneC", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicLBSubnetZoneC", "CIDR"] | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: lb | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicWebSubnetZoneA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "CIDR"] | |
| MapPublicIpOnLaunch: false | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: web | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicWebSubnetZoneC: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "CIDR"] | |
| MapPublicIpOnLaunch: false | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: web | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PrivateDBSubnetZoneA: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PrivateDBSubnetZoneA", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PrivateDBSubnetZoneA", "CIDR"] | |
| MapPublicIpOnLaunch: false | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: db | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PrivateDBSubnetZoneC: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PrivateDBSubnetZoneC", "AvailabilityZone"] | |
| CidrBlock: !FindInMap ["StackConfig", "PrivateDBSubnetZoneC", "CIDR"] | |
| MapPublicIpOnLaunch: false | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: db | |
| - Key: Env | |
| Value: !Ref EnvName | |
| DBSubnetGroup: | |
| Type: AWS::RDS::DBSubnetGroup | |
| Properties: | |
| DBSubnetGroupDescription: RDS subnet group | |
| SubnetIds: | |
| - !Ref PrivateDBSubnetZoneA | |
| - !Ref PrivateDBSubnetZoneC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: db | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PublicManagementSubnetZoneAToRouteTable: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref RouteTable | |
| SubnetId: !Ref PublicManagementSubnetZoneA | |
| PublicLBSubnetZoneAToRouteTable: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref RouteTable | |
| SubnetId: !Ref PublicLBSubnetZoneA | |
| PublicLBSubnetZoneCToRouteTable: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref RouteTable | |
| SubnetId: !Ref PublicLBSubnetZoneC | |
| PublicLBSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: load balancer security group | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 443 | |
| ToPort: 443 | |
| CidrIp: 0.0.0.0/0 | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: lb | |
| - Key: Env | |
| Value: !Ref EnvName | |
| AdminSSHSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: admin server ssh security group | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 22 | |
| ToPort: 22 | |
| CidrIp: 0.0.0.0/0 | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: admin | |
| - Key: Env | |
| Value: !Ref EnvName | |
| AdminHTTPSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: admin server http security group | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 80 | |
| ToPort: 80 | |
| CidrIp: !FindInMap ["StackConfig", "PublicLBSubnetZoneA", "CIDR"] | |
| - IpProtocol: tcp | |
| FromPort: 80 | |
| ToPort: 80 | |
| CidrIp: !FindInMap ["StackConfig", "PublicLBSubnetZoneC", "CIDR"] | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: admin | |
| - Key: Env | |
| Value: !Ref EnvName | |
| WebSSHSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: web server ssh security group | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 22 | |
| ToPort: 22 | |
| CidrIp: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "CIDR"] | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: web | |
| - Key: Env | |
| Value: !Ref EnvName | |
| WebHTTPSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: web server http security group | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 80 | |
| ToPort: 80 | |
| CidrIp: 0.0.0.0/0 | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: web | |
| - Key: Env | |
| Value: !Ref EnvName | |
| DBSecurityGroup: | |
| Type: AWS::RDS::DBSecurityGroup | |
| Properties: | |
| EC2VpcId: !Ref VPC | |
| GroupDescription: rds security group | |
| DBSecurityGroupIngress: | |
| - CIDRIP: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "CIDR"] | |
| - CIDRIP: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "CIDR"] | |
| - CIDRIP: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "CIDR"] | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| - Key: Role | |
| Value: db | |
| - Key: Env | |
| Value: !Ref EnvName | |
| AdminInstance: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| AvailabilityZone: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "AvailabilityZone"] | |
| ImageId: !Ref AdminInstanceImageId | |
| InstanceInitiatedShutdownBehavior: stop | |
| InstanceType: !Ref AdminInstanceType | |
| KeyName: !Ref KeyName | |
| Monitoring: true | |
| SecurityGroupIds: | |
| - !Ref AdminSSHSecurityGroup | |
| - !Ref AdminHTTPSecurityGroup | |
| SubnetId: !Ref PublicManagementSubnetZoneA | |
| WebAutoScalingLauncherConfiguration: | |
| Type: AWS::AutoScaling::LaunchConfiguration | |
| Properties: | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/xvda | |
| Ebs: | |
| VolumeSize: 8 | |
| VolumeType: gp2 | |
| DeleteOnTermination: "true" | |
| ImageId: !Ref WebInstanceImageId | |
| InstanceMonitoring: true | |
| InstanceType: !Ref WebInstanceType | |
| KeyName: !Ref KeyName | |
| SecurityGroups: | |
| - !Ref WebSSHSecurityGroup | |
| - !Ref WebHTTPSecurityGroup | |
| UserData: | |
| Fn::Base64: | |
| Fn::Join: | |
| - "\n" | |
| - - "#!/bin/bash" | |
| - "yum update -y" | |
| - "yum install -y nginx" | |
| - "service nginx start" | |
| WebAutoScalingGroup: | |
| Type: AWS::AutoScaling::AutoScalingGroup | |
| UpdatePolicy: | |
| AutoScalingRollingUpdate: | |
| MaxBatchSize: "1" | |
| MinInstancesInService: "1" | |
| PauseTime: PT30S | |
| Properties: | |
| DesiredCapacity: "1" | |
| HealthCheckGracePeriod: 60 | |
| HealthCheckType: "EC2" | |
| LaunchConfigurationName: !Ref WebAutoScalingLauncherConfiguration | |
| MinSize: "1" | |
| MaxSize: "10" | |
| VPCZoneIdentifier: | |
| - !Ref PublicWebSubnetZoneA | |
| - !Ref PublicWebSubnetZoneC | |
| Tags: | |
| - Key: Service | |
| Value: !Ref ServiceName | |
| PropagateAtLaunch: true | |
| - Key: Role | |
| Value: web | |
| PropagateAtLaunch: true | |
| - Key: Env | |
| Value: !Ref EnvName | |
| PropagateAtLaunch: true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment