Last active
January 26, 2020 12:12
-
-
Save myaser/68964dbe6e71841f9df7d43d987619ce to your computer and use it in GitHub Desktop.
cloudformation template to create EFS volumes for cloudstor https://medium.com/@MahmoudGaballah/4d6be0ae9ba3?source=friends_link&sk=be0b9905fa51a36306604a8b5029829b
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Conditions": { | |
| "EFSEncrypted": { | |
| "Fn::Equals": [ | |
| { | |
| "Ref": "EncryptEFS" | |
| }, | |
| "true" | |
| ] | |
| }, | |
| "HasOnly2AZs": { | |
| "Fn::Equals": [ | |
| { | |
| "Fn::FindInMap": [ | |
| "AWSRegion2AZ", | |
| { | |
| "Ref": "AWS::Region" | |
| }, | |
| "NumAZs" | |
| ] | |
| }, | |
| "2" | |
| ] | |
| } | |
| }, | |
| "Description": "EFS volumes stack to be used with docker swarm", | |
| "Mappings": { | |
| "AWSRegion2AZ": { | |
| "ap-northeast-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "Tokyo", | |
| "NumAZs": "2" | |
| }, | |
| "ap-northeast-2": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "Seoul", | |
| "NumAZs": "2" | |
| }, | |
| "ap-south-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "Mumbai", | |
| "NumAZs": "2" | |
| }, | |
| "ap-southeast-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "Singapore", | |
| "NumAZs": "2" | |
| }, | |
| "ap-southeast-2": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "2", | |
| "EFSSupport": "yes", | |
| "LambdaSupport": "no", | |
| "Name": "Sydney", | |
| "NumAZs": "3" | |
| }, | |
| "ca-central-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "Central", | |
| "NumAZs": "2" | |
| }, | |
| "eu-central-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "2", | |
| "EFSSupport": "yes", | |
| "LambdaSupport": "no", | |
| "Name": "Frankfurt", | |
| "NumAZs": "3" | |
| }, | |
| "eu-west-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "2", | |
| "EFSSupport": "yes", | |
| "LambdaSupport": "no", | |
| "Name": "Ireland", | |
| "NumAZs": "3" | |
| }, | |
| "eu-west-2": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "London", | |
| "NumAZs": "2" | |
| }, | |
| "sa-east-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "Sao Paulo", | |
| "NumAZs": "2" | |
| }, | |
| "us-east-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "2", | |
| "EFSSupport": "yes", | |
| "LambdaSupport": "no", | |
| "Name": "N. Virgina", | |
| "NumAZs": "4" | |
| }, | |
| "us-east-2": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "2", | |
| "EFSSupport": "yes", | |
| "LambdaSupport": "no", | |
| "Name": "Ohio", | |
| "NumAZs": "3" | |
| }, | |
| "us-gov-west-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "GovCloud", | |
| "NumAZs": "2" | |
| }, | |
| "us-west-1": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "0", | |
| "EFSSupport": "no", | |
| "LambdaSupport": "no", | |
| "Name": "N. California", | |
| "NumAZs": "2" | |
| }, | |
| "us-west-2": { | |
| "AZ0": "0", | |
| "AZ1": "1", | |
| "AZ2": "2", | |
| "EFSSupport": "yes", | |
| "LambdaSupport": "no", | |
| "Name": "Oregon", | |
| "NumAZs": "3" | |
| } | |
| }, | |
| "VpcCidrs": { | |
| "pubsubnet1": { | |
| "cidr": "172.31.0.0/20" | |
| }, | |
| "pubsubnet2": { | |
| "cidr": "172.31.16.0/20" | |
| }, | |
| "pubsubnet3": { | |
| "cidr": "172.31.32.0/20" | |
| }, | |
| "pubsubnet4": { | |
| "cidr": "172.31.48.0/20" | |
| }, | |
| "vpc": { | |
| "cidr": "172.31.0.0/16" | |
| } | |
| } | |
| }, | |
| "Metadata": { | |
| "AWS::CloudFormation::Interface": { | |
| "ParameterGroups": [ | |
| { | |
| "Label": { | |
| "default": "VPC/Network" | |
| }, | |
| "Parameters": [ | |
| "Vpc", | |
| "VpcCidr", | |
| "PubSubnetAz1", | |
| "PubSubnetAz2", | |
| "PubSubnetAz3" | |
| ] | |
| } | |
| ], | |
| "ParameterLabels": { | |
| "EncryptEFS": { | |
| "default": "Encrypt EFS objects?" | |
| }, | |
| "PubSubnetAz1": { | |
| "default": "Public Subnet 1" | |
| }, | |
| "PubSubnetAz2": { | |
| "default": "Public Subnet 2" | |
| }, | |
| "PubSubnetAz3": { | |
| "default": "Public Subnet 3" | |
| }, | |
| "Vpc": { | |
| "default": "VPC" | |
| }, | |
| "VpcCidr": { | |
| "default": "VPC CIDR Range" | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "SwarmWideSecurityGroupID": { | |
| "Description": "SecurityGroup ID of SwarmWideSG", | |
| "Value": { | |
| "Ref": "SwarmWideSG" | |
| } | |
| }, | |
| "ZoneAvailabilityComment": { | |
| "Description": "Availabilty Zones Comment", | |
| "Value": { | |
| "Fn::If": [ | |
| "HasOnly2AZs", | |
| "This region only has 2 Availabiliy Zones (AZ). If one of those AZs goes away, it will cause problems for your Swarm Managers. Please use a Region with at least 3 AZs.", | |
| "This region has at least 3 Availability Zones (AZ). This is ideal to ensure a fully functional Swarm in case you lose an AZ." | |
| ] | |
| } | |
| } | |
| }, | |
| "Parameters": { | |
| "EncryptEFS": { | |
| "AllowedValues": [ | |
| "false", | |
| "true" | |
| ], | |
| "Default": "false", | |
| "Description": "Specifies whether any EFS objects created will be encrypted", | |
| "Type": "String" | |
| }, | |
| "PubSubnetAz1": { | |
| "Description": "Public Subnet 1", | |
| "Type": "AWS::EC2::Subnet::Id" | |
| }, | |
| "PubSubnetAz2": { | |
| "Description": "Public Subnet 2", | |
| "Type": "AWS::EC2::Subnet::Id" | |
| }, | |
| "PubSubnetAz3": { | |
| "Description": "Public Subnet 3", | |
| "Type": "AWS::EC2::Subnet::Id" | |
| }, | |
| "Vpc": { | |
| "Description": "VPC must have internet access (with Internet Gateway or Virtual Private Gateway)", | |
| "Type": "AWS::EC2::VPC::Id" | |
| }, | |
| "VpcCidr": { | |
| "ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x.", | |
| "Description": "The CIDR range for your VPC in form x.x.x.x/x", | |
| "Type": "String" | |
| } | |
| }, | |
| "Resources": { | |
| "EBSUserRole": { | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Statement": [ | |
| { | |
| "Action": [ | |
| "sts:AssumeRole" | |
| ], | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": [ | |
| "ec2.amazonaws.com", | |
| "autoscaling.amazonaws.com" | |
| ] | |
| } | |
| } | |
| ], | |
| "Version": "2012-10-17" | |
| }, | |
| "Path": "/" | |
| }, | |
| "Type": "AWS::IAM::Role" | |
| }, | |
| "EBSUserInstanceProfile": { | |
| "DependsOn": "EBSUserRole", | |
| "Properties": { | |
| "Path": "/", | |
| "Roles": [ | |
| { | |
| "Ref": "EBSUserRole" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::IAM::InstanceProfile" | |
| }, | |
| "CloudstorEBSPolicy": { | |
| "Properties": { | |
| "PolicyDocument": { | |
| "Statement": [ | |
| { | |
| "Action": [ | |
| "ec2:CreateTags", | |
| "ec2:AttachVolume", | |
| "ec2:DetachVolume", | |
| "ec2:CreateVolume", | |
| "ec2:DeleteVolume", | |
| "ec2:DescribeVolumes", | |
| "ec2:DescribeVolumeStatus", | |
| "ec2:CreateSnapshot", | |
| "ec2:DeleteSnapshot", | |
| "ec2:DescribeSnapshots" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": "*" | |
| } | |
| ], | |
| "Version": "2012-10-17" | |
| }, | |
| "PolicyName": "cloudstor-ebs-policy", | |
| "Roles": [ | |
| { | |
| "Ref": "EBSUserRole" | |
| } | |
| ] | |
| }, | |
| "Type": "AWS::IAM::Policy" | |
| }, | |
| "FileSystemGP": { | |
| "Properties": { | |
| "Encrypted": { | |
| "Fn::If": [ | |
| "EFSEncrypted", | |
| { | |
| "Ref": "EncryptEFS" | |
| }, | |
| { | |
| "Ref": "AWS::NoValue" | |
| } | |
| ] | |
| }, | |
| "FileSystemTags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Join": [ | |
| "-", | |
| [ | |
| { | |
| "Ref": "AWS::StackName" | |
| }, | |
| "EFS-GP" | |
| ] | |
| ] | |
| } | |
| } | |
| ], | |
| "PerformanceMode": "generalPurpose" | |
| }, | |
| "Type": "AWS::EFS::FileSystem" | |
| }, | |
| "FileSystemMaxIO": { | |
| "Properties": { | |
| "Encrypted": { | |
| "Fn::If": [ | |
| "EFSEncrypted", | |
| { | |
| "Ref": "EncryptEFS" | |
| }, | |
| { | |
| "Ref": "AWS::NoValue" | |
| } | |
| ] | |
| }, | |
| "FileSystemTags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Join": [ | |
| "-", | |
| [ | |
| { | |
| "Ref": "AWS::StackName" | |
| }, | |
| "EFS-MaxIO" | |
| ] | |
| ] | |
| } | |
| } | |
| ], | |
| "PerformanceMode": "maxIO" | |
| }, | |
| "Type": "AWS::EFS::FileSystem" | |
| }, | |
| "MountTargetGP1": { | |
| "DependsOn": [ | |
| "FileSystemGP", | |
| "SwarmWideSG" | |
| ], | |
| "Properties": { | |
| "FileSystemId": { | |
| "Ref": "FileSystemGP" | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "SwarmWideSG" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PubSubnetAz1" | |
| } | |
| }, | |
| "Type": "AWS::EFS::MountTarget" | |
| }, | |
| "MountTargetGP2": { | |
| "DependsOn": [ | |
| "FileSystemGP", | |
| "SwarmWideSG" | |
| ], | |
| "Properties": { | |
| "FileSystemId": { | |
| "Ref": "FileSystemGP" | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "SwarmWideSG" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PubSubnetAz2" | |
| } | |
| }, | |
| "Type": "AWS::EFS::MountTarget" | |
| }, | |
| "MountTargetGP3": { | |
| "DependsOn": [ | |
| "FileSystemGP", | |
| "SwarmWideSG" | |
| ], | |
| "Properties": { | |
| "FileSystemId": { | |
| "Ref": "FileSystemGP" | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "SwarmWideSG" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PubSubnetAz3" | |
| } | |
| }, | |
| "Type": "AWS::EFS::MountTarget" | |
| }, | |
| "MountTargetMaxIO1": { | |
| "DependsOn": [ | |
| "FileSystemMaxIO", | |
| "SwarmWideSG" | |
| ], | |
| "Properties": { | |
| "FileSystemId": { | |
| "Ref": "FileSystemMaxIO" | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "SwarmWideSG" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PubSubnetAz1" | |
| } | |
| }, | |
| "Type": "AWS::EFS::MountTarget" | |
| }, | |
| "MountTargetMaxIO2": { | |
| "DependsOn": [ | |
| "FileSystemMaxIO", | |
| "SwarmWideSG" | |
| ], | |
| "Properties": { | |
| "FileSystemId": { | |
| "Ref": "FileSystemMaxIO" | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "SwarmWideSG" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PubSubnetAz2" | |
| } | |
| }, | |
| "Type": "AWS::EFS::MountTarget" | |
| }, | |
| "MountTargetMaxIO3": { | |
| "DependsOn": [ | |
| "FileSystemMaxIO", | |
| "SwarmWideSG" | |
| ], | |
| "Properties": { | |
| "FileSystemId": { | |
| "Ref": "FileSystemMaxIO" | |
| }, | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "SwarmWideSG" | |
| } | |
| ], | |
| "SubnetId": { | |
| "Ref": "PubSubnetAz3" | |
| } | |
| }, | |
| "Type": "AWS::EFS::MountTarget" | |
| }, | |
| "SwarmWideSG": { | |
| "Properties": { | |
| "GroupDescription": "NFS enabled", | |
| "SecurityGroupIngress": [ | |
| { | |
| "CidrIp": { | |
| "Ref": "VpcCidr" | |
| }, | |
| "FromPort": "2049", | |
| "ToPort": "2049", | |
| "IpProtocol": "tcp" | |
| } | |
| ], | |
| "VpcId": { | |
| "Ref": "Vpc" | |
| } | |
| }, | |
| "Type": "AWS::EC2::SecurityGroup" | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "ParameterKey": "Vpc", | |
| "ParameterValue": "vpc-XXX" | |
| }, | |
| { | |
| "ParameterKey": "VpcCidr", | |
| "ParameterValue": "x.x.x.x/x" | |
| }, | |
| { | |
| "ParameterKey": "PubSubnetAz1", | |
| "ParameterValue": "subnet-XXX" | |
| }, | |
| { | |
| "ParameterKey": "PubSubnetAz2", | |
| "ParameterValue": "subnet-XXX" | |
| }, | |
| { | |
| "ParameterKey": "PubSubnetAz3", | |
| "ParameterValue": "subnet-XXX" | |
| }, | |
| { | |
| "ParameterKey": "EncryptEFS", | |
| "ParameterValue": "true/false" | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment