Created
March 16, 2015 16:34
-
-
Save kerin/1f73d335176872c09294 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "CLA Stack", | |
| "Parameters": { | |
| "EnvName": { | |
| "Description": "Environment name", | |
| "Type": "String", | |
| "AllowedPattern": "[A-Za-z0-9-]+" | |
| }, | |
| "KeyName": { | |
| "Type": "String", | |
| "Description": "Name of an existing EC2 KeyPair to enable SSH access to the web server", | |
| "Default": "cla-test-default" | |
| }, | |
| "DBUser": { | |
| "Type": "String", | |
| "Description": "Database master user" | |
| }, | |
| "DBPassword": { | |
| "Type": "String", | |
| "Description": "Database master user password" | |
| }, | |
| "DBAllocatedStorage": { | |
| "Type": "Number", | |
| "Description": "Allocated database storage (in GB)" | |
| }, | |
| "DBInstanceClass": { | |
| "Type": "String", | |
| "Description": "Database instance type", | |
| "Default": "db.t2.small", | |
| "AllowedValues": [ | |
| "db.t2.small", | |
| "db.t2.medium", | |
| "db.m3.medium", | |
| "db.m3.large", | |
| "db.m3.xlarge" | |
| ] | |
| }, | |
| "DBBackupRetentionPeriod": { | |
| "Type": "Number", | |
| "Description": "DB backup retention period (days)", | |
| "Default": "7", | |
| "MinValue": "0", | |
| "MaxValue": "35" | |
| }, | |
| "InstanceType": { | |
| "Description": "WebServer EC2 instance type", | |
| "Type": "String", | |
| "Default": "t2.micro", | |
| "AllowedValues": [ | |
| "t1.micro", | |
| "t2.micro", | |
| "t2.small", | |
| "t2.medium", | |
| "m1.small", | |
| "m1.medium", | |
| "m1.large", | |
| "m1.xlarge", | |
| "m2.xlarge", | |
| "m2.2xlarge", | |
| "m2.4xlarge", | |
| "m3.medium", | |
| "m3.large", | |
| "m3.xlarge", | |
| "m3.2xlarge", | |
| "c1.medium", | |
| "c1.xlarge", | |
| "c3.large", | |
| "c3.xlarge", | |
| "c3.2xlarge", | |
| "c3.4xlarge", | |
| "c3.8xlarge", | |
| "c4.large", | |
| "c4.xlarge", | |
| "c4.2xlarge", | |
| "c4.4xlarge", | |
| "c4.8xlarge", | |
| "g2.2xlarge", | |
| "r3.large", | |
| "r3.xlarge", | |
| "r3.2xlarge", | |
| "r3.4xlarge", | |
| "r3.8xlarge", | |
| "i2.xlarge", | |
| "i2.2xlarge", | |
| "i2.4xlarge", | |
| "i2.8xlarge", | |
| "hi1.4xlarge", | |
| "hs1.8xlarge", | |
| "cr1.8xlarge", | |
| "cc2.8xlarge", | |
| "cg1.4xlarge" | |
| ], | |
| "ConstraintDescription": "must be a valid EC2 instance type." | |
| } | |
| }, | |
| "Mappings": { | |
| "RegionMap": { | |
| "eu-west-1": { | |
| "host": "ami-234ecc54", | |
| "nat": "ami-14913f63" | |
| } | |
| } | |
| }, | |
| "Resources": { | |
| "VPC": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": "10.0.0.0/16", | |
| "EnableDnsHostnames": "true", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Ref": "EnvName" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "InternetGateway": { | |
| "Type": "AWS::EC2::InternetGateway", | |
| "Properties": { | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Ref": "EnvName" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "GatewayToInternet": { | |
| "Type": "AWS::EC2::VPCGatewayAttachment", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "InternetGatewayId": { | |
| "Ref": "InternetGateway" | |
| } | |
| } | |
| }, | |
| "PublicSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.0.0/24", | |
| "AvailabilityZone": "eu-west-1a", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PublicSubnet1" | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.1.0/24", | |
| "AvailabilityZone": "eu-west-1b", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PublicSubnet2" | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet3": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.2.0/24", | |
| "AvailabilityZone": "eu-west-1c", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PublicSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.3.0/24", | |
| "AvailabilityZone": "eu-west-1a", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PrivateSubnet1" | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.4.0/24", | |
| "AvailabilityZone": "eu-west-1b", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PrivateSubnet2" | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet3": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.5.0/24", | |
| "AvailabilityZone": "eu-west-1c", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PrivateSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "RDSSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.6.0/24", | |
| "AvailabilityZone": "eu-west-1a", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "RDSSubnet1" | |
| } | |
| ] | |
| } | |
| }, | |
| "RDSSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.7.0/24", | |
| "AvailabilityZone": "eu-west-1b", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "RDSSubnet2" | |
| } | |
| ] | |
| } | |
| }, | |
| "RDSSubnet3": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "CidrBlock": "10.0.8.0/24", | |
| "AvailabilityZone": "eu-west-1c", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "RDSSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicRouteTable": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "Public" | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicInternetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "DependsOn": "GatewayToInternet", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "GatewayId": { | |
| "Ref": "InternetGateway" | |
| } | |
| } | |
| }, | |
| "PublicSubnet1AttachPublicRouteTable": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| } | |
| } | |
| }, | |
| "PublicSubnet2AttachPublicRouteTable": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| } | |
| } | |
| }, | |
| "PublicSubnet3AttachPublicRouteTable": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { | |
| "Ref": "PublicSubnet3" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| } | |
| } | |
| }, | |
| "PrivateRouteTable": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "Tags": [ | |
| { | |
| "Value": "Name", | |
| "Key": "PrivateRouteTable" | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateInternetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "DependsOn": "NATInstance", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "InstanceId": { | |
| "Ref": "NATInstance" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet1AttachPrivateRouteTable": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet1" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet2AttachPrivateRouteTable": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet2" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| } | |
| } | |
| }, | |
| "PrivateSubnet3AttachPrivateRouteTable": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { | |
| "Ref": "PrivateSubnet3" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| } | |
| } | |
| }, | |
| "PublicELB": { | |
| "Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
| "Properties": { | |
| "Subnets": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| { | |
| "Ref": "PublicSubnet3" | |
| } | |
| ], | |
| "Listeners": [ | |
| { | |
| "LoadBalancerPort": "80", | |
| "InstancePort": "80", | |
| "Protocol": "HTTP" | |
| } | |
| ], | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "PublicELBSecurityGroup" | |
| } | |
| ], | |
| "Scheme": "internet-facing", | |
| "CrossZone": "true" | |
| } | |
| }, | |
| "PublicELBSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "Public ELB Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PublicELBSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicHostSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "Public Host Security Group", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PublicHostSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicHostSecurityGroupRule80": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "ToPort": "80", | |
| "FromPort": "80", | |
| "GroupId": { | |
| "Ref": "PublicHostSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp", | |
| "SourceSecurityGroupId": { | |
| "Ref": "PublicELBSecurityGroup" | |
| } | |
| } | |
| }, | |
| "PublicHostSecurityGroupRule22": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "ToPort": "22", | |
| "FromPort": "22", | |
| "SourceSecurityGroupId": { | |
| "Ref": "SSHBastionSecurityGroup" | |
| }, | |
| "GroupId": { | |
| "Ref": "PublicHostSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp" | |
| } | |
| }, | |
| "PublicHostSecurityGroupRuleOutbound": { | |
| "Type": "AWS::EC2::SecurityGroupEgress", | |
| "Properties": { | |
| "ToPort": "65535", | |
| "FromPort": "0", | |
| "GroupId": { | |
| "Ref": "PublicHostSecurityGroup" | |
| }, | |
| "IpProtocol": "-1", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| }, | |
| "PublicHostLaunchConfig": { | |
| "Type": "AWS::AutoScaling::LaunchConfiguration", | |
| "DependsOn": "GatewayToInternet", | |
| "Properties": { | |
| "AssociatePublicIpAddress": "true", | |
| "KeyName": { | |
| "Ref": "KeyName" | |
| }, | |
| "ImageId": { | |
| "Fn::FindInMap": [ | |
| "RegionMap", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "host" | |
| ] | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "PublicHostSecurityGroup" | |
| } | |
| ], | |
| "InstanceType": { | |
| "Ref": "InstanceType" | |
| }, | |
| "BlockDeviceMappings": [ | |
| { | |
| "DeviceName": "/dev/sda1", | |
| "Ebs": { | |
| "VolumeSize": 10 | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicAutoScalingGroup": { | |
| "Type": "AWS::AutoScaling::AutoScalingGroup", | |
| "Properties": { | |
| "AvailabilityZones": { | |
| "Fn::GetAZs": { | |
| "Ref": "AWS::Region" | |
| } | |
| }, | |
| "LaunchConfigurationName": { | |
| "Ref": "PublicHostLaunchConfig" | |
| }, | |
| "MinSize": "3", | |
| "MaxSize": "3", | |
| "LoadBalancerNames": [ | |
| { | |
| "Ref": "PublicELB" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "PublicHost", | |
| "PropagateAtLaunch": "true" | |
| } | |
| ], | |
| "VPCZoneIdentifier": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| { | |
| "Ref": "PublicSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "CHSELB": { | |
| "Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
| "Properties": { | |
| "Subnets": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| { | |
| "Ref": "PublicSubnet3" | |
| } | |
| ], | |
| "Listeners": [ | |
| { | |
| "LoadBalancerPort": "80", | |
| "InstancePort": "80", | |
| "Protocol": "HTTP" | |
| } | |
| ], | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "CHSELBSecurityGroup" | |
| } | |
| ], | |
| "Scheme": "internet-facing", | |
| "CrossZone": "true" | |
| } | |
| }, | |
| "CHSELBSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "CHS ELB Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "CHSELBSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "CHSHostSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "CHS Host Security Group", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "CHSHostSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "CHSHostSecurityGroupRule80": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "ToPort": "80", | |
| "FromPort": "80", | |
| "GroupId": { | |
| "Ref": "CHSHostSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp", | |
| "SourceSecurityGroupId": { | |
| "Ref": "CHSELBSecurityGroup" | |
| } | |
| } | |
| }, | |
| "CHSHostSecurityGroupRule22": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "ToPort": "22", | |
| "FromPort": "22", | |
| "SourceSecurityGroupId": { | |
| "Ref": "SSHBastionSecurityGroup" | |
| }, | |
| "GroupId": { | |
| "Ref": "CHSHostSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp" | |
| } | |
| }, | |
| "CHSHostSecurityGroupRuleOutbound": { | |
| "Type": "AWS::EC2::SecurityGroupEgress", | |
| "Properties": { | |
| "ToPort": "65535", | |
| "FromPort": "0", | |
| "GroupId": { | |
| "Ref": "CHSHostSecurityGroup" | |
| }, | |
| "IpProtocol": "-1", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| }, | |
| "CHSHostLaunchConfig": { | |
| "Type": "AWS::AutoScaling::LaunchConfiguration", | |
| "DependsOn": "GatewayToInternet", | |
| "Properties": { | |
| "AssociatePublicIpAddress": "true", | |
| "KeyName": { | |
| "Ref": "KeyName" | |
| }, | |
| "ImageId": { | |
| "Fn::FindInMap": [ | |
| "RegionMap", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "host" | |
| ] | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "CHSHostSecurityGroup" | |
| } | |
| ], | |
| "InstanceType": { | |
| "Ref": "InstanceType" | |
| }, | |
| "BlockDeviceMappings": [ | |
| { | |
| "DeviceName": "/dev/sda1", | |
| "Ebs": { | |
| "VolumeSize": 10 | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "CHSAutoScalingGroup": { | |
| "Type": "AWS::AutoScaling::AutoScalingGroup", | |
| "Properties": { | |
| "AvailabilityZones": { | |
| "Fn::GetAZs": { | |
| "Ref": "AWS::Region" | |
| } | |
| }, | |
| "LaunchConfigurationName": { | |
| "Ref": "CHSHostLaunchConfig" | |
| }, | |
| "MinSize": "3", | |
| "MaxSize": "3", | |
| "LoadBalancerNames": [ | |
| { | |
| "Ref": "CHSELB" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "CHSHost", | |
| "PropagateAtLaunch": "true" | |
| } | |
| ], | |
| "VPCZoneIdentifier": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| { | |
| "Ref": "PublicSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "AdminELB": { | |
| "Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
| "Properties": { | |
| "Subnets": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| { | |
| "Ref": "PublicSubnet3" | |
| } | |
| ], | |
| "Listeners": [ | |
| { | |
| "LoadBalancerPort": "80", | |
| "InstancePort": "80", | |
| "Protocol": "HTTP" | |
| } | |
| ], | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "AdminELBSecurityGroup" | |
| } | |
| ], | |
| "Scheme": "internet-facing", | |
| "CrossZone": "true" | |
| } | |
| }, | |
| "AdminELBSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "Admin ELB Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "AdminELBSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "AdminHostSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "Admin Host Security Group", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "AdminHostSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "AdminHostSecurityGroupRule80": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "ToPort": "80", | |
| "FromPort": "80", | |
| "GroupId": { | |
| "Ref": "AdminHostSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp", | |
| "SourceSecurityGroupId": { | |
| "Ref": "AdminELBSecurityGroup" | |
| } | |
| } | |
| }, | |
| "AdminHostSecurityGroupRule22": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "ToPort": "22", | |
| "FromPort": "22", | |
| "SourceSecurityGroupId": { | |
| "Ref": "SSHBastionSecurityGroup" | |
| }, | |
| "GroupId": { | |
| "Ref": "AdminHostSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp" | |
| } | |
| }, | |
| "AdminHostSecurityGroupRuleOutbound": { | |
| "Type": "AWS::EC2::SecurityGroupEgress", | |
| "Properties": { | |
| "ToPort": "65535", | |
| "FromPort": "0", | |
| "GroupId": { | |
| "Ref": "AdminHostSecurityGroup" | |
| }, | |
| "IpProtocol": "-1", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| }, | |
| "AdminHostLaunchConfig": { | |
| "Type": "AWS::AutoScaling::LaunchConfiguration", | |
| "DependsOn": "GatewayToInternet", | |
| "Properties": { | |
| "AssociatePublicIpAddress": "true", | |
| "KeyName": { | |
| "Ref": "KeyName" | |
| }, | |
| "ImageId": { | |
| "Fn::FindInMap": [ | |
| "RegionMap", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "host" | |
| ] | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "AdminHostSecurityGroup" | |
| } | |
| ], | |
| "InstanceType": { | |
| "Ref": "InstanceType" | |
| }, | |
| "BlockDeviceMappings": [ | |
| { | |
| "DeviceName": "/dev/sda1", | |
| "Ebs": { | |
| "VolumeSize": 10 | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "AdminAutoScalingGroup": { | |
| "Type": "AWS::AutoScaling::AutoScalingGroup", | |
| "Properties": { | |
| "AvailabilityZones": { | |
| "Fn::GetAZs": { | |
| "Ref": "AWS::Region" | |
| } | |
| }, | |
| "LaunchConfigurationName": { | |
| "Ref": "AdminHostLaunchConfig" | |
| }, | |
| "MinSize": "1", | |
| "MaxSize": "1", | |
| "LoadBalancerNames": [ | |
| { | |
| "Ref": "AdminELB" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "AdminHost", | |
| "PropagateAtLaunch": "true" | |
| } | |
| ], | |
| "VPCZoneIdentifier": [ | |
| { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| { | |
| "Ref": "PublicSubnet2" | |
| }, | |
| { | |
| "Ref": "PublicSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "APIELB": { | |
| "Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
| "Properties": { | |
| "Subnets": [ | |
| { | |
| "Ref": "PrivateSubnet1" | |
| }, | |
| { | |
| "Ref": "PrivateSubnet2" | |
| }, | |
| { | |
| "Ref": "PrivateSubnet3" | |
| } | |
| ], | |
| "Listeners": [ | |
| { | |
| "LoadBalancerPort": "80", | |
| "InstancePort": "80", | |
| "Protocol": "HTTP" | |
| } | |
| ], | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "APIELBSecurityGroup" | |
| } | |
| ], | |
| "Scheme": "internal", | |
| "CrossZone": "true" | |
| } | |
| }, | |
| "APIELBSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "API ELB Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { | |
| "Ref": "PublicHostSecurityGroup" | |
| } | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "APIELBSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "APIHostSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "API Host Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { | |
| "Ref": "APIELBSecurityGroup" | |
| } | |
| }, | |
| { | |
| "ToPort": "22", | |
| "FromPort": "22", | |
| "SourceSecurityGroupId": { | |
| "Ref": "SSHBastionSecurityGroup" | |
| }, | |
| "IpProtocol": "tcp" | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "ToPort": "65535", | |
| "FromPort": "0", | |
| "IpProtocol": "-1", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "APIHostSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "APIHostLaunchConfig": { | |
| "Type": "AWS::AutoScaling::LaunchConfiguration", | |
| "DependsOn": "NATInstance", | |
| "Properties": { | |
| "AssociatePublicIpAddress": "false", | |
| "KeyName": { | |
| "Ref": "KeyName" | |
| }, | |
| "ImageId": { | |
| "Fn::FindInMap": [ | |
| "RegionMap", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "host" | |
| ] | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "APIHostSecurityGroup" | |
| } | |
| ], | |
| "InstanceType": { | |
| "Ref": "InstanceType" | |
| }, | |
| "BlockDeviceMappings": [ | |
| { | |
| "DeviceName": "/dev/sda1", | |
| "Ebs": { | |
| "VolumeSize": 10 | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "APIHostAutoScalingGroup": { | |
| "Type": "AWS::AutoScaling::AutoScalingGroup", | |
| "Properties": { | |
| "AvailabilityZones": { | |
| "Fn::GetAZs": { | |
| "Ref": "AWS::Region" | |
| } | |
| }, | |
| "LaunchConfigurationName": { | |
| "Ref": "APIHostLaunchConfig" | |
| }, | |
| "MinSize": "3", | |
| "MaxSize": "3", | |
| "LoadBalancerNames": [ | |
| { | |
| "Ref": "APIELB" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "APIHost", | |
| "PropagateAtLaunch": "true" | |
| } | |
| ], | |
| "VPCZoneIdentifier": [ | |
| { | |
| "Ref": "PrivateSubnet1" | |
| }, | |
| { | |
| "Ref": "PrivateSubnet2" | |
| }, | |
| { | |
| "Ref": "PrivateSubnet3" | |
| } | |
| ] | |
| } | |
| }, | |
| "SSHBastionSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "SSH Bastion Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "SSHBastionSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "SSHBastionInstance": { | |
| "Type": "AWS::EC2::Instance", | |
| "DependsOn": "GatewayToInternet", | |
| "Properties": { | |
| "KeyName": { | |
| "Ref": "KeyName" | |
| }, | |
| "ImageId": { | |
| "Fn::FindInMap": [ | |
| "RegionMap", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "host" | |
| ] | |
| }, | |
| "InstanceType": { | |
| "Ref": "InstanceType" | |
| }, | |
| "BlockDeviceMappings": [ | |
| { | |
| "DeviceName": "/dev/sda1", | |
| "Ebs": { | |
| "VolumeSize": 10 | |
| } | |
| } | |
| ], | |
| "NetworkInterfaces": [ | |
| { | |
| "GroupSet": [ | |
| { | |
| "Ref": "SSHBastionSecurityGroup" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| "AssociatePublicIpAddress": "true", | |
| "DeviceIndex": "0", | |
| "DeleteOnTermination": "true" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "SSHBastion" | |
| } | |
| ] | |
| } | |
| }, | |
| "MasterDBInstance": { | |
| "Type": "AWS::RDS::DBInstance", | |
| "Properties": { | |
| "DBParameterGroupName": "default.postgres9.3", | |
| "AllowMajorVersionUpgrade": "false", | |
| "MasterUsername": {"Ref": "DBUser"}, | |
| "LicenseModel": "postgresql-license", | |
| "VPCSecurityGroups": [ | |
| { | |
| "Ref": "MasterDBSecurityGroup" | |
| } | |
| ], | |
| "Engine": "postgres", | |
| "MultiAZ": "true", | |
| "AutoMinorVersionUpgrade": "true", | |
| "PreferredBackupWindow": "21:00-21:30", | |
| "DBSnapshotIdentifier": "", | |
| "AllocatedStorage": {"Ref": "DBAllocatedStorage"}, | |
| "BackupRetentionPeriod": {"Ref": "DBBackupRetentionPeriod"}, | |
| "DBName": "cla_backend", | |
| "PreferredMaintenanceWindow": "sun:12:00-sun:12:30", | |
| "EngineVersion": "9.3.5", | |
| "DBSubnetGroupName": { | |
| "Ref": "DBSubnetGroup" | |
| }, | |
| "MasterUserPassword": {"Ref": "DBPassword"}, | |
| "DBInstanceClass": {"Ref": "DBInstanceClass"}, | |
| "Port": 5432, | |
| "DBInstanceIdentifier": { | |
| "Fn::Join" : ["-", | |
| [ "cla", {"Ref": "EnvName"}, "db" ] | |
| ] | |
| } | |
| } | |
| }, | |
| "DBSubnetGroup" : { | |
| "Type" : "AWS::RDS::DBSubnetGroup", | |
| "Properties" : { | |
| "DBSubnetGroupDescription" : "DB subnet group", | |
| "SubnetIds" : [ | |
| {"Ref": "RDSSubnet1"}, | |
| {"Ref": "RDSSubnet2"}, | |
| {"Ref": "RDSSubnet3"} | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "DBSubnetGroup"} ] | |
| } | |
| }, | |
| "MasterDBSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "Master DB Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "5432", | |
| "ToPort": "5432", | |
| "SourceSecurityGroupId": { | |
| "Ref": "APIHostSecurityGroup" | |
| } | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "5432", | |
| "ToPort": "5432", | |
| "SourceSecurityGroupId": { | |
| "Ref": "AdminHostSecurityGroup" | |
| } | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "SSHBastionSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "NATSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" | |
| }, | |
| "GroupDescription": "SSH Bastion Security Group", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "10.0.0.0/16" | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "CidrIp": "10.0.0.0/16" | |
| }, | |
| { | |
| "IpProtocol": "icmp", | |
| "FromPort": "-1", | |
| "ToPort": "-1", | |
| "CidrIp": "10.0.0.0/16" | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "icmp", | |
| "FromPort": "-1", | |
| "ToPort": "-1", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ], | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "NATSecurityGroup" | |
| } | |
| ] | |
| } | |
| }, | |
| "NATInstance": { | |
| "Type": "AWS::EC2::Instance", | |
| "DependsOn": "GatewayToInternet", | |
| "Properties": { | |
| "KeyName": { | |
| "Ref": "KeyName" | |
| }, | |
| "ImageId": { | |
| "Fn::FindInMap": [ | |
| "RegionMap", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "nat" | |
| ] | |
| }, | |
| "InstanceType": { | |
| "Ref": "InstanceType" | |
| }, | |
| "BlockDeviceMappings": [ | |
| { | |
| "DeviceName": "/dev/xvda", | |
| "Ebs": { | |
| "VolumeSize": 10 | |
| } | |
| } | |
| ], | |
| "NetworkInterfaces": [ | |
| { | |
| "GroupSet": [ | |
| { | |
| "Ref": "NATSecurityGroup" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PublicSubnet1" | |
| }, | |
| "AssociatePublicIpAddress": "true", | |
| "DeviceIndex": "0", | |
| "DeleteOnTermination": "true" | |
| } | |
| ], | |
| "SourceDestCheck": "false", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "NATHost" | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment