Skip to content

Instantly share code, notes, and snippets.

@turntayble81

turntayble81/gist:5f8a04d062474b8382f2

Last active August 29, 2015 14:21
Show Gist options
  • Save turntayble81/5f8a04d062474b8382f2 to your computer and use it in GitHub Desktop.
Save turntayble81/5f8a04d062474b8382f2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "QLoans production cloud formation template",
"Parameters" : {
"envName": {
"Default": "test",
"Description": "Friendly tag for environment",
"Type": "String"
},
"domain": {
"Default": "puff1.com",
"Description" : "Domain name this environment will be set up in",
"Type": "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedValues" : ["puff1.com"],
"ConstraintDescription" : "must be a domain already set up with route53."
},
"EnvType":
{
"Description" : "Environment type. Prod will create a public cloudfront dist, test will give direct s3 access restricted to a set of IPs",
"Default" : "test",
"Type" : "String",
"AllowedValues" : ["prod", "test"],
"ConstraintDescription" : "must specify prod or test."
},
"clientsReadCapacityUnits":
{
"Default": "2",
"Description": "Clients table provisioned number of reads per second",
"Type": "Number",
"MinValue": "1",
"MaxValue": "100"
},
"clientsWriteCapacityUnits":
{
"Default": "2",
"Description": "Clients table provisioned number of writes per second",
"Type": "Number",
"MinValue": "1",
"MaxValue": "100"
},
"loansReadCapacityUnits":
{
"Default": "2",
"Description": "Loans table provisioned number of reads per second",
"Type": "Number",
"MinValue": "1",
"MaxValue": "100"
},
"loansWriteCapacityUnits":
{
"Default": "2",
"Description": "Loans table provisioned number of writes per second",
"Type": "Number",
"MinValue": "1",
"MaxValue": "100"
},
"sessionsReadCapacityUnits":
{
"Default": "2",
"Description": "Sessions table provisioned number of reads per second",
"Type": "Number",
"MinValue": "1",
"MaxValue": "100"
},
"sessionsWriteCapacityUnits":
{
"Default": "2",
"Description": "Sessions table provisioned number of writes per second",
"Type": "Number",
"MinValue": "1",
"MaxValue": "100"
},
"CoreAPIInstanceType" : {
"Description" : "CoreAPI Autoscale EC2 instance type",
"Type" : "String",
"Default" : "t2.micro",
"AllowedValues" : ["t2.micro", "t2.small", "t2.medium", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge"],
"ConstraintDescription" : "must be a valid EC2 instance type."
}
},
"Mappings" : {
"AWSRegionToAMI": {
"us-east-1" : {"AMI": "ami-9a562df2"},
"us-west-2" : {"AMI": "ami-29ebb519"},
"us-west-1" : {"AMI": "ami-5c120b19"}
},
"AWSRegionToAmazonLinuxAMI": {
"us-east-1": {
"AMI": "ami-b66ed3de"
},
"us-west-1": {
"AMI": "ami-4b6f650e"
},
"us-west-2": {
"AMI": "ami-b5a7ea85"
},
"eu-west-1": {
"AMI": "ami-6e7bd919"
},
"sa-east-1": {
"AMI": "ami-8737829a"
},
"ap-southeast-1": {
"AMI": "ami-ac5c7afe"
},
"ap-southeast-2": {
"AMI": "ami-63f79559"
},
"ap-northeast-1": {
"AMI": "ami-4985b048"
}
}
},
"Conditions" : {
"CreateProdResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.101.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "vpc"]]}
}
]
}
},
"subnetPub0": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.10.0/24",
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-0"]]}
}
]
}
},
"subnetPub1": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.11.0/24",
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-1"]]}
}
]
}
},
"subnetPub2": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.12.0/24",
"AvailabilityZone": { "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-2"]]}
}
]
}
},
"subnetPriv0": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.100.0/24",
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-0"]]}
}
]
}
},
"subnetPriv1": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.101.0/24",
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-1"]]}
}
]
}
},
"subnetPriv2": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.102.0/24",
"AvailabilityZone": { "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-2"]]}
}
]
}
},
"subnetELB0": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.20.0/24",
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "elb-0"]]}
}
]
}
},
"subnetELB1": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.21.0/24",
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "elb-1"]]}
}
]
}
},
"subnetELB2": {
"Type": "AWS::EC2::Subnet",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"CidrBlock": "10.101.22.0/24",
"AvailabilityZone": { "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] },
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "elb-2"]]}
}
]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"DependsOn": "vpc"
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"DependsOn": ["vpc", "InternetGateway"],
"Properties": {
"VpcId": {"Ref": "vpc"},
"InternetGatewayId": {"Ref": "InternetGateway"}
}
},
"networkACL": {
"Type": "AWS::EC2::NetworkAcl",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"DependsOn": ["vpc", "InternetGateway"],
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-route"]]}
}
]
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"DependsOn": "PublicRouteTable",
"Properties": {
"RouteTableId": {"Ref": "PublicRouteTable"},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {"Ref": "InternetGateway"}
}
},
"PublicSubnet0RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetPriv0"],
"Properties": {
"SubnetId": {"Ref": "subnetPub0"},
"RouteTableId": {"Ref": "PublicRouteTable"}
}
},
"PublicSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetPub1"],
"Properties": {
"SubnetId": {"Ref": "subnetPub1"},
"RouteTableId": {"Ref": "PublicRouteTable"}
}
},
"PublicSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetPub2"],
"Properties": {
"SubnetId": {"Ref": "subnetPub2"},
"RouteTableId": {"Ref": "PublicRouteTable"}
}
},
"PrivateRouteTable": {
"Type": "AWS::EC2::RouteTable",
"DependsOn": "vpc",
"Properties": {
"VpcId": {"Ref": "vpc"},
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-route"]]}
}
]
}
},
"PrivateRoute": {
"Type": "AWS::EC2::Route",
"DependsOn": ["NATInstance", "PrivateRouteTable", "AttachGateway", "vpc"],
"Properties": {
"RouteTableId": {"Ref": "PrivateRouteTable"},
"DestinationCidrBlock": "0.0.0.0/0",
"InstanceId": {"Ref": "NATInstance"}
}
},
"PrivateSubnet0RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetPriv0"],
"Properties": {
"SubnetId": {"Ref": "subnetPriv0"},
"RouteTableId": {"Ref": "PrivateRouteTable"}
}
},
"PrivateSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetPriv1"],
"Properties": {
"SubnetId": {"Ref": "subnetPriv1"},
"RouteTableId": {"Ref": "PrivateRouteTable"}
}
},
"PrivateSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetPriv2"],
"Properties": {
"SubnetId": {"Ref": "subnetPriv2"},
"RouteTableId": {"Ref": "PrivateRouteTable"}
}
},
"ELBSubnet0RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetELB0"],
"Properties": {
"SubnetId": {"Ref": "subnetELB0"},
"RouteTableId": {"Ref": "PublicRouteTable"}
}
},
"ELBSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetELB1"],
"Properties": {
"SubnetId": {"Ref": "subnetELB1"},
"RouteTableId": {"Ref": "PublicRouteTable"}
}
},
"ELBSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": ["PublicRouteTable", "subnetELB2"],
"Properties": {
"SubnetId": {"Ref": "subnetELB2"},
"RouteTableId": {"Ref": "PublicRouteTable"}
}
},
"elbcfqloanscoreapielb": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Subnets": [
{
"Ref": "subnetELB0"
},
{
"Ref": "subnetELB1"
},
{
"Ref": "subnetELB2"
}
],
"HealthCheck": {
"HealthyThreshold": "2",
"Interval": "15",
"Target": "HTTP:8080/v1/status",
"Timeout": "10",
"UnhealthyThreshold": "5"
},
"SecurityGroups": [
{
"Ref": "sgcfqloanscoreapielbsg"
}
],
"Listeners": [
{
"InstancePort": "8080",
"LoadBalancerPort": "80",
"Protocol": "HTTP",
"InstanceProtocol": "HTTP"
}
]
}
},
"asgcfqloanscoreapiautoscalegroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"DependsOn": ["elbcfqloanscoreapielb", "lccfqloanscoreapilaunchconfig"],
"Properties": {
"AvailabilityZones": [
{ "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] },
{ "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] },
{ "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] }
],
"Cooldown": "300",
"DesiredCapacity": "1",
"MaxSize": "3",
"MinSize": "1",
"HealthCheckGracePeriod": "300",
"HealthCheckType": "EC2",
"Tags": [
{
"Key": "Name",
"Value": {"Fn::Join": ["-", [{"Ref": "envName"}, "coreapi-instance"]]},
"PropagateAtLaunch": "true"
},
{
"Key": "docker-hub-repo",
"Value": {"Fn::Join": ["-", ["core-api", {"Ref": "envName"}]]},
"PropagateAtLaunch": "true"
},
{
"Key": "envName",
"Value": {"Ref": "envName"},
"PropagateAtLaunch": "true"
}
],
"VPCZoneIdentifier": [
{"Ref": "subnetPriv0"},
{"Ref": "subnetPriv1"},
{"Ref": "subnetPriv2"}
],
"LaunchConfigurationName": {
"Ref": "lccfqloanscoreapilaunchconfig"
},
"LoadBalancerNames": [
{
"Ref": "elbcfqloanscoreapielb"
}
]
}
},
"NATInstance": {
"Type": "AWS::EC2::Instance",
"DependsOn": ["vpc", "AttachGateway", "subnetPub0", "NATSecurityGroup"],
"Properties": {
"KeyName": "jump-key",
"ImageId": {
"Fn::FindInMap": [
"AWSRegionToAmazonLinuxAMI",
{
"Ref": "AWS::Region"
},
"AMI"
]
},
"InstanceType": "t2.small",
"NetworkInterfaces": [
{
"DeviceIndex": "0",
"AssociatePublicIpAddress": "true",
"SubnetId": {"Ref": "subnetPub0"},
"GroupSet": [{"Ref": "NATSecurityGroup"}
]
}
],
"SourceDestCheck": "false",
"Tags": [
{
"Key": "Name",
"Value": {"Fn::Join": ["-", [{"Ref": "envName"}, "nat-instance"]]}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"yum -y update\n",
"echo 1 > /proc/sys/net/ipv4/ip_forward\n",
"echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects\n",
"/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE\n",
"/sbin/iptables-save > /etc/sysconfig/iptables\n",
"mkdir -p /etc/sysctl.d/\n",
"cat <<EOF > /etc/sysctl.d/nat.conf\n",
"net.ipv4.ip_forward = 1\n",
"net.ipv4.conf.eth0.send_redirects = 0\n",
"EOF\n",
"/opt/aws/bin/cfn-signal -s true '",
{
"Ref": "WaitHandle01"
},
"'\n"
]
]
}
}
}
},
"WaitHandle01": {
"Type": "AWS::CloudFormation::WaitConditionHandle",
"Properties": {}
},
"WaitCondition01": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": ["NATInstance", "WaitHandle01"],
"Properties": {
"Handle": {
"Ref": "WaitHandle01"
},
"Timeout": "900"
}
},
"NATSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"DependsOn": ["vpc", "AttachGateway"],
"Properties": {
"GroupDescription": "Enable internal access to the NAT device",
"VpcId": {"Ref": "vpc"},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "1024",
"CidrIp": "10.101.100.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "1024",
"CidrIp": "10.101.101.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "1024",
"CidrIp": "10.101.102.0/24"
},
{
"IpProtocol": "udp",
"FromPort": "0",
"ToPort": "1024",
"CidrIp": "10.101.100.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "1024",
"CidrIp": "10.101.101.0/24"
},
{
"IpProtocol": "udp",
"FromPort": "0",
"ToPort": "1024",
"CidrIp": "10.101.102.0/24"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "udp",
"FromPort": "0",
"ToPort": "65535",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"tableclients": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"TableName": {"Fn::Join": ["-", [{"Ref": "envName"}, "clients"]]},
"AttributeDefinitions": [{
"AttributeName": "clientId",
"AttributeType": "S"
},
{
"AttributeName": "email",
"AttributeType": "S"
}
],
"KeySchema": [
{
"AttributeName": "clientId",
"KeyType": "HASH"
}
],
"GlobalSecondaryIndexes":[
{
"IndexName" : "email-clientId-index",
"KeySchema" : [
{
"AttributeName": "email",
"KeyType": "HASH"
}
],
"Projection" : {
"ProjectionType": "ALL"
},
"ProvisionedThroughput" : {
"ReadCapacityUnits": {"Ref": "clientsReadCapacityUnits"},
"WriteCapacityUnits": {"Ref": "clientsWriteCapacityUnits"}
}
}
],
"ProvisionedThroughput": {
"ReadCapacityUnits": {"Ref": "clientsReadCapacityUnits"},
"WriteCapacityUnits": {"Ref": "clientsWriteCapacityUnits"}
}
}
},
"tableloans": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"TableName": {"Fn::Join": ["-", [{"Ref": "envName"}, "loans"]]},
"KeySchema": {
"HashKeyElement": {
"AttributeName": "clientId",
"AttributeType": "S"
},
"RangeKeyElement": {
"AttributeName": "loanId",
"AttributeType": "S"
}
},
"ProvisionedThroughput": {
"ReadCapacityUnits": {"Ref": "loansReadCapacityUnits"},
"WriteCapacityUnits": {"Ref": "loansWriteCapacityUnits"}
}
}
},
"tablesessions": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"TableName": {"Fn::Join": ["-", [{"Ref": "envName"}, "sessions"]]},
"KeySchema": {
"HashKeyElement": {
"AttributeName": "id",
"AttributeType": "S"
}
},
"ProvisionedThroughput": {
"ReadCapacityUnits": {"Ref": "sessionsReadCapacityUnits"},
"WriteCapacityUnits": {"Ref": "sessionsWriteCapacityUnits"}
}
}
},
"CodeDeployTrustRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.us-east-1.amazonaws.com",
"codedeploy.us-west-2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
},
"Path": "/"
}
},
"CodeDeployRolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "CodeDeployPolicy",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"ec2:Describe*"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat"
]
}
]
},
"Roles": [
{
"Ref": "CodeDeployTrustRole"
}
]
}
},
"InstanceRoleInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "InstanceRole"
}
]
}
},
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/"
}
},
"InstanceRolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "InstanceRole",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:GetTemplate",
"s3:Get*",
"ec2:DescribeTags"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Resource": [
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "sessions"]]},
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "loans"]]},
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "clients"]]},
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "clients", "/*"]]}
],
"Action": [
"dynamodb:*"
]
}
]
},
"Roles": [
{
"Ref": "InstanceRole"
}
]
}
},
"lccfqloanscoreapilaunchconfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Metadata": {
"AWS::CloudFormation::Init": {
"services": {
"sysvint": {
"codedeploy-agent": {
"enabled": "true",
"ensureRunning": "true"
}
}
}
}
},
"Properties": {
"ImageId": {"Fn::FindInMap": [ "AWSRegionToAMI", {"Ref": "AWS::Region"}, "AMI"] },
"InstanceType": {"Ref": "CoreAPIInstanceType"},
"KeyName": "jump-key",
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"apt-get update\n",
"apt-get -y install wget awscli ruby2.0\n",
"wget -qO- https://get.docker.com/ | sh\n",
"echo 'docker login -u qloandockerhub -p qL0an1321 -e [email protected]' > /dockerLogin.sh\n",
"/bin/sh /dockerLogin.sh\n",
"cd /home/ubuntu\n",
"aws s3 cp s3://aws-codedeploy-us-west-2/latest/install . --region us-west-2\n",
"chmod +x ./install\n",
"./install auto\n",
""
]
]
}
},
"IamInstanceProfile": { "Ref": "InstanceRoleInstanceProfile" },
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "sgcfqloanscoreapiappsg"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 8, "DeleteOnTermination": "true"
}
}
]
}
},
"sgcfqloanscoreapiappsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group for Core API app (this is limited to ELB access)",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "8080",
"ToPort": "8080",
"SourceSecurityGroupId": {"Ref": "sgcfqloanscoreapielbsg"}
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"SourceSecurityGroupId": {"Ref": "sgcfqloanscoreapielbsg"}
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"sgcfqloanscoreapielbsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for core API Elastic Load Balancer",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"sgcfqloansnatsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Qloans NAT security group",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "10.101.100.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "10.101.101.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "10.101.102.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "10.101.100.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "10.101.101.0/24"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "10.101.102.0/24"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"scalingDecreaseGroupSize": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"Cooldown": "90",
"ScalingAdjustment": "-1",
"AutoScalingGroupName": {
"Ref": "asgcfqloanscoreapiautoscalegroup"
}
}
},
"scalingcfqloans": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"Cooldown": "300",
"ScalingAdjustment": "1",
"AutoScalingGroupName": {
"Ref": "asgcfqloanscoreapiautoscalegroup"
}
}
},
"alarmawsec2cfqloanscoreapiautoscalegroupCPUUtilization": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"ActionsEnabled": "true",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": "1",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Period": "300",
"Statistic": "Average",
"Threshold": "60.0",
"AlarmActions": [
{
"Ref": "scalingcfqloans"
}
],
"Dimensions": [
{
"Name": "AutoScalingGroupName",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "coreapi-autoscale-group"]]}
}
]
}
},
"alarmawsec2cfqloanscoreapiautoscalegroupHighCPUUtilization": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"ActionsEnabled": "true",
"ComparisonOperator": "LessThanOrEqualToThreshold",
"EvaluationPeriods": "1",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Period": "300",
"Statistic": "Average",
"Threshold": "30.0",
"AlarmActions": [
{
"Ref": "scalingDecreaseGroupSize"
}
],
"Dimensions": [
{
"Name": "AutoScalingGroupName",
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "coreapi-autoscale-group"]]}
}
]
}
},
"webuiCloudFrontDistribution" : {
"Type" : "AWS::CloudFront::Distribution",
"Condition": "CreateProdResources",
"Properties" : {
"DistributionConfig" : {
"Origins" : [ {
"DomainName": "web-ui.s3.amazonaws.com",
"Id" : {"Fn::Join": ["-", ["s3-web-ui", {"Ref": "envName"}]]},
"OriginPath": {"Fn::Join": ["", ["/", {"Ref": "envName"}, "/", "live"]]},
"S3OriginConfig" : {
}
}],
"Enabled" : "true",
"Comment" : "Some comment",
"DefaultRootObject" : "index.html",
"Logging" : {
"IncludeCookies" : "false",
"Bucket" : "qloan-logs.s3.amazonaws.com",
"Prefix" : {"Fn::Join": ["/", ["logs", {"Ref": "envName"}, "webui"]]}
},
"Aliases" : [ {"Fn::Join": [".", [{"Ref": "envName"}, {"Ref": "domain"}]]} ],
"DefaultCacheBehavior" : {
"AllowedMethods" : [ "GET", "HEAD", "OPTIONS" ],
"TargetOriginId" : {"Fn::Join": ["-", ["s3-web-ui", {"Ref": "envName"}]]},
"ForwardedValues" : {
"QueryString" : "false",
"Cookies" : { "Forward" : "none" }
},
"ViewerProtocolPolicy" : "allow-all"
},
"PriceClass" : "PriceClass_100",
"ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" }
}
}
},
"dnsapiservices": {
"Type": "AWS::Route53::RecordSetGroup",
"Properties": {
"HostedZoneName": {"Fn::Join": ["", [{"Ref": "domain"}, "."]]},
"RecordSets": [
{
"Name": {"Fn::Join": [".", ["api", {"Ref": "envName"}, {"Ref": "domain"}]]},
"Type": "CNAME",
"TTL": "300",
"ResourceRecords": [
{
"Fn::GetAtt": [
"elbcfqloanscoreapielb",
"DNSName"
]
}
]
}, {
"Name": {"Fn::Join": [".", ["api", "admin", {"Ref": "envName"}, {"Ref": "domain"}]]},
"Type": "CNAME",
"TTL": "300",
"ResourceRecords": [
{
"Fn::GetAtt": [
"elbcfqloanscoreapielb",
"DNSName"
]
}
]
}
]
}
},
"dnsuiservices": {
"Type": "AWS::Route53::RecordSetGroup",
"Properties": {
"HostedZoneName": {"Fn::Join": ["", [{"Ref": "domain"}, "."]]},
"RecordSets": [
{
"Name": {"Fn::Join": [".", [{"Ref": "envName"}, {"Ref": "domain"}]]},
"Type": "CNAME",
"TTL": "300",
"ResourceRecords": [
{
"Fn::If": [
"CreateProdResources",
{
"Fn::GetAtt": [
"webuiCloudFrontDistribution",
"DomainName"
]
},
{
"Fn::Join": [
".",
[{"Ref": "envName"}, {"Ref": "domain"}, "s3-website-us-west-2.amazonaws.com"]
]
}
]
}
]
}, {
"Name": {"Fn::Join": [".", "admin", [{"Ref": "envName"}, {"Ref": "domain"}]]},
"Type": "CNAME",
"TTL": "300",
"ResourceRecords": [
{
"Fn::If": [
"CreateProdResources",
{
"Fn::GetAtt": [
"webuiCloudFrontDistribution",
"DomainName"
]
},
{
"Fn::Join": [
".",
["admin", {"Ref": "envName"}, {"Ref": "domain"}, "s3-website-us-west-2.amazonaws.com"]
]
}
]
}
]
}
]
}
}
},
"Outputs": {
"elbcfqloanscoreapielbDNS": {
"Value": {
"Fn::GetAtt": [
"elbcfqloanscoreapielb",
"DNSName"
]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment