Last active
January 28, 2018 11:49
-
-
Save sakamaki-kazuyoshi/4594e443ee1aef6a30d236b8bc6b5c84 to your computer and use it in GitHub Desktop.
sample-2018-01_bk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Parameters" : { | |
| "KeyName" : { | |
| "Description" : "input EC2 Keyname", | |
| "Type" : "AWS::EC2::KeyPair::KeyName" | |
| } | |
| }, | |
| "Resources" : { | |
| "VPC" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : "10.0.0.0/16", | |
| "EnableDnsSupport" : "true", | |
| "EnableDnsHostnames" : "true", | |
| "InstanceTenancy" : "default", | |
| "Tags" : [ {"Key" : "Name", "Value" : "VPC"}] | |
| } | |
| }, | |
| "IGW" : { | |
| "Type" : "AWS::EC2::InternetGateway", | |
| "Properties" : { | |
| "Tags" : [ {"Key" : "Name", "Value" : "IGW"}] | |
| } | |
| }, | |
| "PublicRoute" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ {"Key" : "Name", "Value" : "PublicRoute"}] | |
| } | |
| }, | |
| "PrivateRoute" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ {"Key" : "Name", "Value" : "PrivateRoute"}] | |
| } | |
| }, | |
| "Route" : { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PublicRoute" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "GatewayId" : { "Ref" : "IGW" } | |
| } | |
| }, | |
| "AttachIGW" : { | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "InternetGatewayId" : { "Ref" : "IGW" }, | |
| "VpcId" : { "Ref" : "VPC" } | |
| } | |
| }, | |
| "BastionSubnet1" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "ap-northeast-1a", | |
| "CidrBlock" : "10.0.1.0/24", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ {"Key" : "Name", "Value" : "BastionSubnet1"}] | |
| } | |
| }, | |
| "FrontendSubnet1" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "ap-northeast-1a", | |
| "CidrBlock" : "10.0.2.0/24", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ {"Key" : "Name", "Value" : "FrontendSubnet1"}] | |
| } | |
| }, | |
| "FrontendSubnet2" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "ap-northeast-1c", | |
| "CidrBlock" : "10.0.3.0/24", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ {"Key" : "Name", "Value" : "FrontendSubnet2"}] | |
| } | |
| }, | |
| "BastionSubnet1RouteTableAssociation" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "BastionSubnet1" }, | |
| "RouteTableId" : { "Ref" : "PublicRoute" } | |
| } | |
| }, | |
| "FrontendSubnet1RouteTableAssociation" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "FrontendSubnet1" }, | |
| "RouteTableId" : { "Ref" : "PublicRoute" } | |
| } | |
| }, | |
| "FrontendSubnet2RouteTableAssociation" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "FrontendSubnet2" }, | |
| "RouteTableId" : { "Ref" : "PublicRoute" } | |
| } | |
| }, | |
| "BastionSecurityGroup" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "GroupDescription" : "BastionServerSG", | |
| "SecurityGroupIngress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" }, | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "BastionServerSG"}] | |
| } | |
| }, | |
| "FrontendELBSG" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "GroupDescription" : "FrontendELBSG", | |
| "SecurityGroupIngress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" }, | |
| { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" } | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "FrontendELBSG"}] | |
| } | |
| }, | |
| "FrontendServiceSG" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "GroupDescription" : "FrontendServiceSG", | |
| "SecurityGroupIngress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupId" : { "Ref" : "FrontendELBSG" } }, | |
| { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "SourceSecurityGroupId" : { "Ref" : "FrontendELBSG" } } | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "FrontendServiceSG"}] | |
| } | |
| }, | |
| "FrontendAdminSG" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "GroupDescription" : "FrontendAdminSG", | |
| "SecurityGroupIngress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "SourceSecurityGroupId" : { "Ref" : "BastionSecurityGroup" } } | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "FrontendAdminSG"}] | |
| } | |
| }, | |
| "PowerUserRole" : { | |
| "Type" : "AWS::IAM::Role", | |
| "Properties" : { | |
| "AssumeRolePolicyDocument" : { | |
| "Statement": [ { | |
| "Effect": "Allow", | |
| "Principal": { "Service": [ "ec2.amazonaws.com" ] }, | |
| "Action": [ "sts:AssumeRole" ] | |
| } ] | |
| }, | |
| "Path" : "/", | |
| "Policies" :[ { | |
| "PolicyName" : "PowerUserPolicy", | |
| "PolicyDocument" : { | |
| "Statement": [ { | |
| "Sid": "PowerUserStmt", | |
| "Effect": "Allow", | |
| "NotAction": "iam:*", | |
| "Resource": "*" | |
| } ] | |
| } | |
| }] | |
| } | |
| }, | |
| "PowerUserProfile" : { | |
| "Type" : "AWS::IAM::InstanceProfile", | |
| "Properties" : { | |
| "Path": "/", | |
| "Roles" : [ { "Ref" : "PowerUserRole" } ] | |
| } | |
| }, | |
| "BastionInstance" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "AvailabilityZone" : "ap-northeast-1a", | |
| "IamInstanceProfile": { "Ref" : "PowerUserProfile" }, | |
| "ImageId": "ami-33c25b55", | |
| "InstanceType" : "t2.micro", | |
| "KeyName": { "Ref": "KeyName" }, | |
| "SubnetId" : {"Ref" : "FrontendSubnet1" }, | |
| "SecurityGroupIds" : [ { "Ref": "BastionSecurityGroup" } ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "BastionServer"} ] | |
| } | |
| }, | |
| "BastionInstanceEIP": { | |
| "Type": "AWS::EC2::EIP", | |
| "Properties": { | |
| "InstanceId": { "Ref": "BastionInstance" }, | |
| } | |
| }, | |
| "FrontendInstance1" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "AvailabilityZone" : "ap-northeast-1a", | |
| "IamInstanceProfile": { "Ref" : "PowerUserProfile" }, | |
| "ImageId": "ami-33c25b55", | |
| "InstanceType" : "t2.micro", | |
| "KeyName": { "Ref": "KeyName" }, | |
| "SubnetId" : {"Ref" : "FrontendSubnet1" }, | |
| "SecurityGroupIds" : [ | |
| { "Ref": "FrontendServiceSG" }, | |
| { "Ref": "FrontendAdminSG" } | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "Frontend01"} ] | |
| } | |
| }, | |
| "FrontendInstance2" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "AvailabilityZone" : "ap-northeast-1c", | |
| "IamInstanceProfile": { "Ref" : "PowerUserProfile" }, | |
| "ImageId": "ami-33c25b55", | |
| "InstanceType" : "t2.micro", | |
| "KeyName": { "Ref": "KeyName" }, | |
| "SubnetId" : {"Ref" : "FrontendSubnet2" }, | |
| "SecurityGroupIds" : [ | |
| { "Ref": "FrontendServiceSG" }, | |
| { "Ref": "FrontendAdminSG" } | |
| ], | |
| "Tags" : [ {"Key" : "Name", "Value" : "Frontend02"} ] | |
| } | |
| }, | |
| "ElasticLoadBalancer" : { | |
| "Type" : "AWS::ElasticLoadBalancing::LoadBalancer", | |
| "Properties" : { | |
| "Subnets" : [ | |
| { "Ref" : "FrontendSubnet1" }, | |
| { "Ref" : "FrontendSubnet2" } | |
| ], | |
| "Listeners" : [ | |
| { "LoadBalancerPort" : "80", "InstancePort" : "80", "Protocol" : "HTTP" } | |
| ], | |
| "HealthCheck" : { | |
| "Target" : "HTTP:80/index.html", | |
| "HealthyThreshold" : "2", | |
| "UnhealthyThreshold" : "2", | |
| "Interval" : "6", | |
| "Timeout" : "5" | |
| }, | |
| "SecurityGroups" : [ | |
| { "Ref" : "FrontendELBSG" } | |
| ], | |
| "Instances" : [ | |
| { "Ref" : "FrontendInstance1" }, | |
| { "Ref" : "FrontendInstance2" } | |
| ] | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment