Lionel Martin li0nel
li0nel
/ nginx.conf
Created
December 9, 2017 11:12
Enable Nginx rewrite to serve assets from CloudFront
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location ~ \.php$ { | |
| root /var/www/html/public; | |
| fastcgi_cache cache_key; | |
| fastcgi_cache_valid 200 204 1m; | |
| fastcgi_ignore_headers Cache-Control; | |
| fastcgi_no_cache $http_authorization $cookie_laravel_session; | |
| fastcgi_cache_lock on; | |
| fastcgi_cache_lock_timeout 10s; | |
| add_header X-Proxy-Cache $upstream_cache_status; |
li0nel
/ storage-high-availability.yaml
Created
December 9, 2017 11:15
CloudFormation stack for a DB Cluster read replica
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DatabaseReplicaInstance: | |
| Type: AWS::RDS::DBInstance | |
| DependsOn: DatabasePrimaryInstance | |
| Properties: | |
| Engine: aurora | |
| DBClusterIdentifier: !Ref DatabaseCluster | |
| DBInstanceClass: !Ref DatabaseInstanceType | |
| DBSubnetGroupName: !Ref DatabaseSubnetGroup |
li0nel
/ elasticsearch.yml
Created
December 9, 2017 15:38
CloudFormation stack for an ElasticSearch domain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Elasticsearch: | |
| Type: AWS::Elasticsearch::Domain | |
| Properties: | |
| DomainName: !Sub ${AWS::StackName}-es | |
| ElasticsearchVersion: 5.5 | |
| ElasticsearchClusterConfig: | |
| InstanceType: t2.small.elasticsearch | |
| ZoneAwarenessEnabled: false | |
| InstanceCount: 1 | |
| EBSOptions: |
li0nel
/ security-group-ecs.yml
Created
December 10, 2017 12:14
CloudFormation template for ECS security group
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This security group defines who/where is allowed to access the ECS hosts directly. | |
| # By default we're just allowing access from the load balancer. If you want to SSH | |
| # into the hosts, or expose non-load balanced services you can open their ports here. | |
| ECSSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| GroupDescription: Access to the ECS hosts and the tasks/containers that run on them | |
| SecurityGroupIngress: | |
| # Only allow inbound access to ECS from the ELB |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This security group defines who/where is allowed to access the Application Load Balancer. | |
| # By default, we've opened this up to the public internet (0.0.0.0/0) but can you restrict | |
| # it further if you want. | |
| LoadBalancerSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| GroupDescription: Access to the load balancer that sits in front of ECS | |
| SecurityGroupIngress: | |
| # Allow access from anywhere to our ECS services |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This security group defines who/where is allowed to access the RDS instance. | |
| # Only instances associated with our ECS security group can reach to the database endpoint. | |
| DBSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Open database for access | |
| VpcId: !Ref VPC | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: '3306' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CloudFormation will generate one unique bucket name for us | |
| # Nothing else to do! | |
| Bucket: | |
| Type: AWS::S3::Bucket | |
| Properties: | |
| AccessControl: PublicRead |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This template defines our ECS cluster and its desired size. | |
| # The Launch Configuration defines how each new instance in our cluster should be bootstrapped | |
| # through its User Data | |
| # The Metadata object gets EC2 instances to register in the ECS cluster | |
| ECSCluster: | |
| Type: AWS::ECS::Cluster | |
| Properties: | |
| ClusterName: !Ref EnvironmentName | |
| ECSAutoScalingGroup: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This IAM Role is attached to all of the ECS hosts. It is based on the default role | |
| # published here: | |
| # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/instance_IAM_role.html | |
| # | |
| # You can add other IAM policy statements here to allow access from your ECS hosts | |
| # to other AWS services. Please note that this role will be used by ALL containers | |
| # running on the ECS host. | |
| ECSRole: | |
| Type: AWS::IAM::Role |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # One Docker registry that we will use both for the Laravel application | |
| # image and our Nginx image. | |
| # Note that if you give a name to the repository, CloudFormation can't | |
| # update it without a full replacement. | |
| ECR: | |
| Type: AWS::ECR::Repository | |
| Properties: | |
| # RepositoryName: !Sub ${AWS::StackName}-nginx | |
| RepositoryPolicyText: | |
| Version: "2012-10-17" |