Last active
August 29, 2015 14:21
-
-
Save turntayble81/5f8a04d062474b8382f2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "QLoans production cloud formation template", | |
"Parameters" : { | |
"envName": { | |
"Default": "test", | |
"Description": "Friendly tag for environment", | |
"Type": "String" | |
}, | |
"domain": { | |
"Default": "puff1.com", | |
"Description" : "Domain name this environment will be set up in", | |
"Type": "String", | |
"MinLength": "1", | |
"MaxLength": "64", | |
"AllowedValues" : ["puff1.com"], | |
"ConstraintDescription" : "must be a domain already set up with route53." | |
}, | |
"EnvType": | |
{ | |
"Description" : "Environment type. Prod will create a public cloudfront dist, test will give direct s3 access restricted to a set of IPs", | |
"Default" : "test", | |
"Type" : "String", | |
"AllowedValues" : ["prod", "test"], | |
"ConstraintDescription" : "must specify prod or test." | |
}, | |
"clientsReadCapacityUnits": | |
{ | |
"Default": "2", | |
"Description": "Clients table provisioned number of reads per second", | |
"Type": "Number", | |
"MinValue": "1", | |
"MaxValue": "100" | |
}, | |
"clientsWriteCapacityUnits": | |
{ | |
"Default": "2", | |
"Description": "Clients table provisioned number of writes per second", | |
"Type": "Number", | |
"MinValue": "1", | |
"MaxValue": "100" | |
}, | |
"loansReadCapacityUnits": | |
{ | |
"Default": "2", | |
"Description": "Loans table provisioned number of reads per second", | |
"Type": "Number", | |
"MinValue": "1", | |
"MaxValue": "100" | |
}, | |
"loansWriteCapacityUnits": | |
{ | |
"Default": "2", | |
"Description": "Loans table provisioned number of writes per second", | |
"Type": "Number", | |
"MinValue": "1", | |
"MaxValue": "100" | |
}, | |
"sessionsReadCapacityUnits": | |
{ | |
"Default": "2", | |
"Description": "Sessions table provisioned number of reads per second", | |
"Type": "Number", | |
"MinValue": "1", | |
"MaxValue": "100" | |
}, | |
"sessionsWriteCapacityUnits": | |
{ | |
"Default": "2", | |
"Description": "Sessions table provisioned number of writes per second", | |
"Type": "Number", | |
"MinValue": "1", | |
"MaxValue": "100" | |
}, | |
"CoreAPIInstanceType" : { | |
"Description" : "CoreAPI Autoscale EC2 instance type", | |
"Type" : "String", | |
"Default" : "t2.micro", | |
"AllowedValues" : ["t2.micro", "t2.small", "t2.medium", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge"], | |
"ConstraintDescription" : "must be a valid EC2 instance type." | |
} | |
}, | |
"Mappings" : { | |
"AWSRegionToAMI": { | |
"us-east-1" : {"AMI": "ami-9a562df2"}, | |
"us-west-2" : {"AMI": "ami-29ebb519"}, | |
"us-west-1" : {"AMI": "ami-5c120b19"} | |
}, | |
"AWSRegionToAmazonLinuxAMI": { | |
"us-east-1": { | |
"AMI": "ami-b66ed3de" | |
}, | |
"us-west-1": { | |
"AMI": "ami-4b6f650e" | |
}, | |
"us-west-2": { | |
"AMI": "ami-b5a7ea85" | |
}, | |
"eu-west-1": { | |
"AMI": "ami-6e7bd919" | |
}, | |
"sa-east-1": { | |
"AMI": "ami-8737829a" | |
}, | |
"ap-southeast-1": { | |
"AMI": "ami-ac5c7afe" | |
}, | |
"ap-southeast-2": { | |
"AMI": "ami-63f79559" | |
}, | |
"ap-northeast-1": { | |
"AMI": "ami-4985b048" | |
} | |
} | |
}, | |
"Conditions" : { | |
"CreateProdResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]} | |
}, | |
"Resources": { | |
"vpc": { | |
"Type": "AWS::EC2::VPC", | |
"Properties": { | |
"CidrBlock": "10.101.0.0/16", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "vpc"]]} | |
} | |
] | |
} | |
}, | |
"subnetPub0": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.10.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-0"]]} | |
} | |
] | |
} | |
}, | |
"subnetPub1": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.11.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-1"]]} | |
} | |
] | |
} | |
}, | |
"subnetPub2": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.12.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-2"]]} | |
} | |
] | |
} | |
}, | |
"subnetPriv0": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.100.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-0"]]} | |
} | |
] | |
} | |
}, | |
"subnetPriv1": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.101.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-1"]]} | |
} | |
] | |
} | |
}, | |
"subnetPriv2": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.102.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-2"]]} | |
} | |
] | |
} | |
}, | |
"subnetELB0": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.20.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "elb-0"]]} | |
} | |
] | |
} | |
}, | |
"subnetELB1": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.21.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "elb-1"]]} | |
} | |
] | |
} | |
}, | |
"subnetELB2": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"CidrBlock": "10.101.22.0/24", | |
"AvailabilityZone": { "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] }, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "elb-2"]]} | |
} | |
] | |
} | |
}, | |
"InternetGateway": { | |
"Type": "AWS::EC2::InternetGateway", | |
"DependsOn": "vpc" | |
}, | |
"AttachGateway": { | |
"Type": "AWS::EC2::VPCGatewayAttachment", | |
"DependsOn": ["vpc", "InternetGateway"], | |
"Properties": { | |
"VpcId": {"Ref": "vpc"}, | |
"InternetGatewayId": {"Ref": "InternetGateway"} | |
} | |
}, | |
"networkACL": { | |
"Type": "AWS::EC2::NetworkAcl", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
} | |
} | |
}, | |
"PublicRouteTable": { | |
"Type": "AWS::EC2::RouteTable", | |
"DependsOn": ["vpc", "InternetGateway"], | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "public-route"]]} | |
} | |
] | |
} | |
}, | |
"PublicRoute": { | |
"Type": "AWS::EC2::Route", | |
"DependsOn": "PublicRouteTable", | |
"Properties": { | |
"RouteTableId": {"Ref": "PublicRouteTable"}, | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"GatewayId": {"Ref": "InternetGateway"} | |
} | |
}, | |
"PublicSubnet0RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetPriv0"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetPub0"}, | |
"RouteTableId": {"Ref": "PublicRouteTable"} | |
} | |
}, | |
"PublicSubnet1RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetPub1"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetPub1"}, | |
"RouteTableId": {"Ref": "PublicRouteTable"} | |
} | |
}, | |
"PublicSubnet2RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetPub2"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetPub2"}, | |
"RouteTableId": {"Ref": "PublicRouteTable"} | |
} | |
}, | |
"PrivateRouteTable": { | |
"Type": "AWS::EC2::RouteTable", | |
"DependsOn": "vpc", | |
"Properties": { | |
"VpcId": {"Ref": "vpc"}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "private-route"]]} | |
} | |
] | |
} | |
}, | |
"PrivateRoute": { | |
"Type": "AWS::EC2::Route", | |
"DependsOn": ["NATInstance", "PrivateRouteTable", "AttachGateway", "vpc"], | |
"Properties": { | |
"RouteTableId": {"Ref": "PrivateRouteTable"}, | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"InstanceId": {"Ref": "NATInstance"} | |
} | |
}, | |
"PrivateSubnet0RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetPriv0"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetPriv0"}, | |
"RouteTableId": {"Ref": "PrivateRouteTable"} | |
} | |
}, | |
"PrivateSubnet1RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetPriv1"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetPriv1"}, | |
"RouteTableId": {"Ref": "PrivateRouteTable"} | |
} | |
}, | |
"PrivateSubnet2RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetPriv2"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetPriv2"}, | |
"RouteTableId": {"Ref": "PrivateRouteTable"} | |
} | |
}, | |
"ELBSubnet0RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetELB0"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetELB0"}, | |
"RouteTableId": {"Ref": "PublicRouteTable"} | |
} | |
}, | |
"ELBSubnet1RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetELB1"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetELB1"}, | |
"RouteTableId": {"Ref": "PublicRouteTable"} | |
} | |
}, | |
"ELBSubnet2RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn": ["PublicRouteTable", "subnetELB2"], | |
"Properties": { | |
"SubnetId": {"Ref": "subnetELB2"}, | |
"RouteTableId": {"Ref": "PublicRouteTable"} | |
} | |
}, | |
"elbcfqloanscoreapielb": { | |
"Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
"Properties": { | |
"Subnets": [ | |
{ | |
"Ref": "subnetELB0" | |
}, | |
{ | |
"Ref": "subnetELB1" | |
}, | |
{ | |
"Ref": "subnetELB2" | |
} | |
], | |
"HealthCheck": { | |
"HealthyThreshold": "2", | |
"Interval": "15", | |
"Target": "HTTP:8080/v1/status", | |
"Timeout": "10", | |
"UnhealthyThreshold": "5" | |
}, | |
"SecurityGroups": [ | |
{ | |
"Ref": "sgcfqloanscoreapielbsg" | |
} | |
], | |
"Listeners": [ | |
{ | |
"InstancePort": "8080", | |
"LoadBalancerPort": "80", | |
"Protocol": "HTTP", | |
"InstanceProtocol": "HTTP" | |
} | |
] | |
} | |
}, | |
"asgcfqloanscoreapiautoscalegroup": { | |
"Type": "AWS::AutoScaling::AutoScalingGroup", | |
"DependsOn": ["elbcfqloanscoreapielb", "lccfqloanscoreapilaunchconfig"], | |
"Properties": { | |
"AvailabilityZones": [ | |
{ "Fn::Select": [ "0", { "Fn::GetAZs": "" } ] }, | |
{ "Fn::Select": [ "1", { "Fn::GetAZs": "" } ] }, | |
{ "Fn::Select": [ "2", { "Fn::GetAZs": "" } ] } | |
], | |
"Cooldown": "300", | |
"DesiredCapacity": "1", | |
"MaxSize": "3", | |
"MinSize": "1", | |
"HealthCheckGracePeriod": "300", | |
"HealthCheckType": "EC2", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": {"Fn::Join": ["-", [{"Ref": "envName"}, "coreapi-instance"]]}, | |
"PropagateAtLaunch": "true" | |
}, | |
{ | |
"Key": "docker-hub-repo", | |
"Value": {"Fn::Join": ["-", ["core-api", {"Ref": "envName"}]]}, | |
"PropagateAtLaunch": "true" | |
}, | |
{ | |
"Key": "envName", | |
"Value": {"Ref": "envName"}, | |
"PropagateAtLaunch": "true" | |
} | |
], | |
"VPCZoneIdentifier": [ | |
{"Ref": "subnetPriv0"}, | |
{"Ref": "subnetPriv1"}, | |
{"Ref": "subnetPriv2"} | |
], | |
"LaunchConfigurationName": { | |
"Ref": "lccfqloanscoreapilaunchconfig" | |
}, | |
"LoadBalancerNames": [ | |
{ | |
"Ref": "elbcfqloanscoreapielb" | |
} | |
] | |
} | |
}, | |
"NATInstance": { | |
"Type": "AWS::EC2::Instance", | |
"DependsOn": ["vpc", "AttachGateway", "subnetPub0", "NATSecurityGroup"], | |
"Properties": { | |
"KeyName": "jump-key", | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"AWSRegionToAmazonLinuxAMI", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"AMI" | |
] | |
}, | |
"InstanceType": "t2.small", | |
"NetworkInterfaces": [ | |
{ | |
"DeviceIndex": "0", | |
"AssociatePublicIpAddress": "true", | |
"SubnetId": {"Ref": "subnetPub0"}, | |
"GroupSet": [{"Ref": "NATSecurityGroup"} | |
] | |
} | |
], | |
"SourceDestCheck": "false", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": {"Fn::Join": ["-", [{"Ref": "envName"}, "nat-instance"]]} | |
} | |
], | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"", | |
[ | |
"#!/bin/bash\n", | |
"yum -y update\n", | |
"echo 1 > /proc/sys/net/ipv4/ip_forward\n", | |
"echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects\n", | |
"/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE\n", | |
"/sbin/iptables-save > /etc/sysconfig/iptables\n", | |
"mkdir -p /etc/sysctl.d/\n", | |
"cat <<EOF > /etc/sysctl.d/nat.conf\n", | |
"net.ipv4.ip_forward = 1\n", | |
"net.ipv4.conf.eth0.send_redirects = 0\n", | |
"EOF\n", | |
"/opt/aws/bin/cfn-signal -s true '", | |
{ | |
"Ref": "WaitHandle01" | |
}, | |
"'\n" | |
] | |
] | |
} | |
} | |
} | |
}, | |
"WaitHandle01": { | |
"Type": "AWS::CloudFormation::WaitConditionHandle", | |
"Properties": {} | |
}, | |
"WaitCondition01": { | |
"Type": "AWS::CloudFormation::WaitCondition", | |
"DependsOn": ["NATInstance", "WaitHandle01"], | |
"Properties": { | |
"Handle": { | |
"Ref": "WaitHandle01" | |
}, | |
"Timeout": "900" | |
} | |
}, | |
"NATSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"DependsOn": ["vpc", "AttachGateway"], | |
"Properties": { | |
"GroupDescription": "Enable internal access to the NAT device", | |
"VpcId": {"Ref": "vpc"}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "0", | |
"ToPort": "1024", | |
"CidrIp": "10.101.100.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "0", | |
"ToPort": "1024", | |
"CidrIp": "10.101.101.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "0", | |
"ToPort": "1024", | |
"CidrIp": "10.101.102.0/24" | |
}, | |
{ | |
"IpProtocol": "udp", | |
"FromPort": "0", | |
"ToPort": "1024", | |
"CidrIp": "10.101.100.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "0", | |
"ToPort": "1024", | |
"CidrIp": "10.101.101.0/24" | |
}, | |
{ | |
"IpProtocol": "udp", | |
"FromPort": "0", | |
"ToPort": "1024", | |
"CidrIp": "10.101.102.0/24" | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "0", | |
"ToPort": "65535", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "udp", | |
"FromPort": "0", | |
"ToPort": "65535", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"tableclients": { | |
"Type": "AWS::DynamoDB::Table", | |
"Properties": { | |
"TableName": {"Fn::Join": ["-", [{"Ref": "envName"}, "clients"]]}, | |
"AttributeDefinitions": [{ | |
"AttributeName": "clientId", | |
"AttributeType": "S" | |
}, | |
{ | |
"AttributeName": "email", | |
"AttributeType": "S" | |
} | |
], | |
"KeySchema": [ | |
{ | |
"AttributeName": "clientId", | |
"KeyType": "HASH" | |
} | |
], | |
"GlobalSecondaryIndexes":[ | |
{ | |
"IndexName" : "email-clientId-index", | |
"KeySchema" : [ | |
{ | |
"AttributeName": "email", | |
"KeyType": "HASH" | |
} | |
], | |
"Projection" : { | |
"ProjectionType": "ALL" | |
}, | |
"ProvisionedThroughput" : { | |
"ReadCapacityUnits": {"Ref": "clientsReadCapacityUnits"}, | |
"WriteCapacityUnits": {"Ref": "clientsWriteCapacityUnits"} | |
} | |
} | |
], | |
"ProvisionedThroughput": { | |
"ReadCapacityUnits": {"Ref": "clientsReadCapacityUnits"}, | |
"WriteCapacityUnits": {"Ref": "clientsWriteCapacityUnits"} | |
} | |
} | |
}, | |
"tableloans": { | |
"Type": "AWS::DynamoDB::Table", | |
"Properties": { | |
"TableName": {"Fn::Join": ["-", [{"Ref": "envName"}, "loans"]]}, | |
"KeySchema": { | |
"HashKeyElement": { | |
"AttributeName": "clientId", | |
"AttributeType": "S" | |
}, | |
"RangeKeyElement": { | |
"AttributeName": "loanId", | |
"AttributeType": "S" | |
} | |
}, | |
"ProvisionedThroughput": { | |
"ReadCapacityUnits": {"Ref": "loansReadCapacityUnits"}, | |
"WriteCapacityUnits": {"Ref": "loansWriteCapacityUnits"} | |
} | |
} | |
}, | |
"tablesessions": { | |
"Type": "AWS::DynamoDB::Table", | |
"Properties": { | |
"TableName": {"Fn::Join": ["-", [{"Ref": "envName"}, "sessions"]]}, | |
"KeySchema": { | |
"HashKeyElement": { | |
"AttributeName": "id", | |
"AttributeType": "S" | |
} | |
}, | |
"ProvisionedThroughput": { | |
"ReadCapacityUnits": {"Ref": "sessionsReadCapacityUnits"}, | |
"WriteCapacityUnits": {"Ref": "sessionsWriteCapacityUnits"} | |
} | |
} | |
}, | |
"CodeDeployTrustRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"AssumeRolePolicyDocument": { | |
"Statement": [ | |
{ | |
"Sid": "1", | |
"Effect": "Allow", | |
"Principal": { | |
"Service": [ | |
"codedeploy.us-east-1.amazonaws.com", | |
"codedeploy.us-west-2.amazonaws.com" | |
] | |
}, | |
"Action": "sts:AssumeRole" | |
} | |
] | |
}, | |
"Path": "/" | |
} | |
}, | |
"CodeDeployRolePolicies": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "CodeDeployPolicy", | |
"PolicyDocument": { | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Action": [ | |
"ec2:Describe*" | |
] | |
}, | |
{ | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Action": [ | |
"autoscaling:CompleteLifecycleAction", | |
"autoscaling:DeleteLifecycleHook", | |
"autoscaling:DescribeLifecycleHooks", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:PutLifecycleHook", | |
"autoscaling:RecordLifecycleActionHeartbeat" | |
] | |
} | |
] | |
}, | |
"Roles": [ | |
{ | |
"Ref": "CodeDeployTrustRole" | |
} | |
] | |
} | |
}, | |
"InstanceRoleInstanceProfile": { | |
"Type": "AWS::IAM::InstanceProfile", | |
"Properties": { | |
"Path": "/", | |
"Roles": [ | |
{ | |
"Ref": "InstanceRole" | |
} | |
] | |
} | |
}, | |
"InstanceRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"AssumeRolePolicyDocument": { | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": [ | |
"ec2.amazonaws.com" | |
] | |
}, | |
"Action": [ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
}, | |
"Path": "/" | |
} | |
}, | |
"InstanceRolePolicies": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "InstanceRole", | |
"PolicyDocument": { | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"autoscaling:Describe*", | |
"cloudformation:Describe*", | |
"cloudformation:GetTemplate", | |
"s3:Get*", | |
"ec2:DescribeTags" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Resource": [ | |
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "sessions"]]}, | |
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "loans"]]}, | |
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "clients"]]}, | |
{"Fn::Join": ["", ["arn:aws:dynamodb:us-west-2:839092195441:table/", {"Ref": "envName"}, "-", "clients", "/*"]]} | |
], | |
"Action": [ | |
"dynamodb:*" | |
] | |
} | |
] | |
}, | |
"Roles": [ | |
{ | |
"Ref": "InstanceRole" | |
} | |
] | |
} | |
}, | |
"lccfqloanscoreapilaunchconfig": { | |
"Type": "AWS::AutoScaling::LaunchConfiguration", | |
"Metadata": { | |
"AWS::CloudFormation::Init": { | |
"services": { | |
"sysvint": { | |
"codedeploy-agent": { | |
"enabled": "true", | |
"ensureRunning": "true" | |
} | |
} | |
} | |
} | |
}, | |
"Properties": { | |
"ImageId": {"Fn::FindInMap": [ "AWSRegionToAMI", {"Ref": "AWS::Region"}, "AMI"] }, | |
"InstanceType": {"Ref": "CoreAPIInstanceType"}, | |
"KeyName": "jump-key", | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"", | |
[ | |
"#!/bin/bash\n", | |
"apt-get update\n", | |
"apt-get -y install wget awscli ruby2.0\n", | |
"wget -qO- https://get.docker.com/ | sh\n", | |
"echo 'docker login -u qloandockerhub -p qL0an1321 -e [email protected]' > /dockerLogin.sh\n", | |
"/bin/sh /dockerLogin.sh\n", | |
"cd /home/ubuntu\n", | |
"aws s3 cp s3://aws-codedeploy-us-west-2/latest/install . --region us-west-2\n", | |
"chmod +x ./install\n", | |
"./install auto\n", | |
"" | |
] | |
] | |
} | |
}, | |
"IamInstanceProfile": { "Ref": "InstanceRoleInstanceProfile" }, | |
"InstanceMonitoring": "true", | |
"SecurityGroups": [ | |
{ | |
"Ref": "sgcfqloanscoreapiappsg" | |
} | |
], | |
"BlockDeviceMappings": [ | |
{ | |
"DeviceName": "/dev/sda1", | |
"Ebs": { | |
"VolumeSize": 8, "DeleteOnTermination": "true" | |
} | |
} | |
] | |
} | |
}, | |
"sgcfqloanscoreapiappsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Security Group for Core API app (this is limited to ELB access)", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "8080", | |
"ToPort": "8080", | |
"SourceSecurityGroupId": {"Ref": "sgcfqloanscoreapielbsg"} | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"SourceSecurityGroupId": {"Ref": "sgcfqloanscoreapielbsg"} | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"sgcfqloanscoreapielbsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Security group for core API Elastic Load Balancer", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "0.0.0.0/0" | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"sgcfqloansnatsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Qloans NAT security group", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "10.101.100.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "10.101.101.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "10.101.102.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "10.101.100.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "10.101.101.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "10.101.102.0/24" | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"scalingDecreaseGroupSize": { | |
"Type": "AWS::AutoScaling::ScalingPolicy", | |
"Properties": { | |
"AdjustmentType": "ChangeInCapacity", | |
"Cooldown": "90", | |
"ScalingAdjustment": "-1", | |
"AutoScalingGroupName": { | |
"Ref": "asgcfqloanscoreapiautoscalegroup" | |
} | |
} | |
}, | |
"scalingcfqloans": { | |
"Type": "AWS::AutoScaling::ScalingPolicy", | |
"Properties": { | |
"AdjustmentType": "ChangeInCapacity", | |
"Cooldown": "300", | |
"ScalingAdjustment": "1", | |
"AutoScalingGroupName": { | |
"Ref": "asgcfqloanscoreapiautoscalegroup" | |
} | |
} | |
}, | |
"alarmawsec2cfqloanscoreapiautoscalegroupCPUUtilization": { | |
"Type": "AWS::CloudWatch::Alarm", | |
"Properties": { | |
"ActionsEnabled": "true", | |
"ComparisonOperator": "GreaterThanOrEqualToThreshold", | |
"EvaluationPeriods": "1", | |
"MetricName": "CPUUtilization", | |
"Namespace": "AWS/EC2", | |
"Period": "300", | |
"Statistic": "Average", | |
"Threshold": "60.0", | |
"AlarmActions": [ | |
{ | |
"Ref": "scalingcfqloans" | |
} | |
], | |
"Dimensions": [ | |
{ | |
"Name": "AutoScalingGroupName", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "coreapi-autoscale-group"]]} | |
} | |
] | |
} | |
}, | |
"alarmawsec2cfqloanscoreapiautoscalegroupHighCPUUtilization": { | |
"Type": "AWS::CloudWatch::Alarm", | |
"Properties": { | |
"ActionsEnabled": "true", | |
"ComparisonOperator": "LessThanOrEqualToThreshold", | |
"EvaluationPeriods": "1", | |
"MetricName": "CPUUtilization", | |
"Namespace": "AWS/EC2", | |
"Period": "300", | |
"Statistic": "Average", | |
"Threshold": "30.0", | |
"AlarmActions": [ | |
{ | |
"Ref": "scalingDecreaseGroupSize" | |
} | |
], | |
"Dimensions": [ | |
{ | |
"Name": "AutoScalingGroupName", | |
"Value": { "Fn::Join": ["-", [{"Ref": "envName"}, "coreapi-autoscale-group"]]} | |
} | |
] | |
} | |
}, | |
"webuiCloudFrontDistribution" : { | |
"Type" : "AWS::CloudFront::Distribution", | |
"Condition": "CreateProdResources", | |
"Properties" : { | |
"DistributionConfig" : { | |
"Origins" : [ { | |
"DomainName": "web-ui.s3.amazonaws.com", | |
"Id" : {"Fn::Join": ["-", ["s3-web-ui", {"Ref": "envName"}]]}, | |
"OriginPath": {"Fn::Join": ["", ["/", {"Ref": "envName"}, "/", "live"]]}, | |
"S3OriginConfig" : { | |
} | |
}], | |
"Enabled" : "true", | |
"Comment" : "Some comment", | |
"DefaultRootObject" : "index.html", | |
"Logging" : { | |
"IncludeCookies" : "false", | |
"Bucket" : "qloan-logs.s3.amazonaws.com", | |
"Prefix" : {"Fn::Join": ["/", ["logs", {"Ref": "envName"}, "webui"]]} | |
}, | |
"Aliases" : [ {"Fn::Join": [".", [{"Ref": "envName"}, {"Ref": "domain"}]]} ], | |
"DefaultCacheBehavior" : { | |
"AllowedMethods" : [ "GET", "HEAD", "OPTIONS" ], | |
"TargetOriginId" : {"Fn::Join": ["-", ["s3-web-ui", {"Ref": "envName"}]]}, | |
"ForwardedValues" : { | |
"QueryString" : "false", | |
"Cookies" : { "Forward" : "none" } | |
}, | |
"ViewerProtocolPolicy" : "allow-all" | |
}, | |
"PriceClass" : "PriceClass_100", | |
"ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" } | |
} | |
} | |
}, | |
"dnsapiservices": { | |
"Type": "AWS::Route53::RecordSetGroup", | |
"Properties": { | |
"HostedZoneName": {"Fn::Join": ["", [{"Ref": "domain"}, "."]]}, | |
"RecordSets": [ | |
{ | |
"Name": {"Fn::Join": [".", ["api", {"Ref": "envName"}, {"Ref": "domain"}]]}, | |
"Type": "CNAME", | |
"TTL": "300", | |
"ResourceRecords": [ | |
{ | |
"Fn::GetAtt": [ | |
"elbcfqloanscoreapielb", | |
"DNSName" | |
] | |
} | |
] | |
}, { | |
"Name": {"Fn::Join": [".", ["api", "admin", {"Ref": "envName"}, {"Ref": "domain"}]]}, | |
"Type": "CNAME", | |
"TTL": "300", | |
"ResourceRecords": [ | |
{ | |
"Fn::GetAtt": [ | |
"elbcfqloanscoreapielb", | |
"DNSName" | |
] | |
} | |
] | |
} | |
] | |
} | |
}, | |
"dnsuiservices": { | |
"Type": "AWS::Route53::RecordSetGroup", | |
"Properties": { | |
"HostedZoneName": {"Fn::Join": ["", [{"Ref": "domain"}, "."]]}, | |
"RecordSets": [ | |
{ | |
"Name": {"Fn::Join": [".", [{"Ref": "envName"}, {"Ref": "domain"}]]}, | |
"Type": "CNAME", | |
"TTL": "300", | |
"ResourceRecords": [ | |
{ | |
"Fn::If": [ | |
"CreateProdResources", | |
{ | |
"Fn::GetAtt": [ | |
"webuiCloudFrontDistribution", | |
"DomainName" | |
] | |
}, | |
{ | |
"Fn::Join": [ | |
".", | |
[{"Ref": "envName"}, {"Ref": "domain"}, "s3-website-us-west-2.amazonaws.com"] | |
] | |
} | |
] | |
} | |
] | |
}, { | |
"Name": {"Fn::Join": [".", "admin", [{"Ref": "envName"}, {"Ref": "domain"}]]}, | |
"Type": "CNAME", | |
"TTL": "300", | |
"ResourceRecords": [ | |
{ | |
"Fn::If": [ | |
"CreateProdResources", | |
{ | |
"Fn::GetAtt": [ | |
"webuiCloudFrontDistribution", | |
"DomainName" | |
] | |
}, | |
{ | |
"Fn::Join": [ | |
".", | |
["admin", {"Ref": "envName"}, {"Ref": "domain"}, "s3-website-us-west-2.amazonaws.com"] | |
] | |
} | |
] | |
} | |
] | |
} | |
] | |
} | |
} | |
}, | |
"Outputs": { | |
"elbcfqloanscoreapielbDNS": { | |
"Value": { | |
"Fn::GetAtt": [ | |
"elbcfqloanscoreapielb", | |
"DNSName" | |
] | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment