-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path2-tier-app-stack.yaml
177 lines (166 loc) · 4.74 KB
/
2-tier-app-stack.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
VpcID:
Description: VPC used to create the interfaces
Type: AWS::EC2::VPC::Id
AmiId:
Description: EC2 AMI ID
Type: AWS::EC2::Image::Id
Default: ami-09d95fab7fff3776c
Ec2InstanceType:
Description: EC2 Instance of Web Tier ASG
Type: String
Default: t2.micro
PublicSubnet1:
Description: subnet ID with a route to IGW
Type: String
PublicSubnet2:
Description: subnet ID with a route to IGW in a different AZ than PublicSubnet1
Type: String
PrivateSubnet1:
Description: Subnet ID with default route to NAT Gateway, this code uses public yum repo
Type: String
PrivateSubnet2:
Description: Subnet ID with Default route to NAT Gateway in different AZ than PrivateSubnet1
Type: String
SshKey:
Description: Name of SSH Key of EC2 Instances
Type: String
DBInstanceType:
Description: Hardware Class DB is run on
Type: String
Default: db.t2.small
DBSubnetGroup:
Description: Group of Subnets used for RDS
Type: String
DBPassword:
Description: Password for RDS
Type: String
NoEcho: true
Resources:
AppTierASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
VPCZoneIdentifier:
- !Ref PrivateSubnet1
- !Ref PrivateSubnet2
LaunchConfigurationName: !Ref LaunchConfigurationName
MaxSize: '2'
MinSize: '2'
TargetGroupARNs:
- !Ref LoadBalancerTargetGroup
Tags:
- Key: DontParkMe
Value: "true"
PropagateAtLaunch: true
LaunchConfigurationName:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: !Ref AmiId
SecurityGroups:
- !Ref HostSecurityGroup
InstanceType: !Ref Ec2InstanceType
KeyName: !Ref SshKey
UserData:
Fn::Base64: |
#!/bin/bash -xe
# Install Nginx
sudo amazon-linux-extras install -y nginx1
# Enable and start service
sudo systemctl enable nginx
sudo systemctl start nginx
sudo sh -c 'echo "<h1>IT WORKS!!!</h1>" > /usr/share/nginx/html/index.html'
LoadBalancerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'Web Traffic ELB SG'
VpcId: !Ref VpcID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
# CidrIp: 127.0.0.1/32
HostSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'EC2 ASG Web Tier SG'
VpcId: !Ref VpcID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 10.0.0.0/8
- IpProtocol: tcp
FromPort: 80
ToPort: 80
# SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
# CidrIp: 10.0.0.0/8
CidrIp: 127.0.0.1/32
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
IpAddressType: ipv4
SecurityGroups:
- !Ref LoadBalancerSecurityGroup
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn:
!Ref LoadBalancerTargetGroup
LoadBalancerArn:
!Ref LoadBalancer
Port: 80
Protocol: HTTP
LoadBalancerTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 80
Protocol: HTTP
VpcId: !Ref VpcID
HealthCheckIntervalSeconds: 30
HealthCheckPort: '80'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 10
HealthyThresholdCount: 3
DatabaseCluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora
MasterUsername: 'DemoUser'
MasterUserPassword: !Ref DBPassword
DBSubnetGroupName: !Ref DBSubnetGroup
VpcSecurityGroupIds:
- !Ref DBSecurityGroup
DatabasePrimaryInstance:
Type: AWS::RDS::DBInstance
Properties:
Engine: aurora
DBClusterIdentifier: !Ref DatabaseCluster
DBInstanceClass: !Ref DBInstanceType
DBSubnetGroupName: !Ref DBSubnetGroup
DatabaseReplicaInstance:
Type: AWS::RDS::DBInstance
Properties:
Engine: aurora
DBClusterIdentifier: !Ref DatabaseCluster
DBInstanceClass: !Ref DBInstanceType
DBSubnetGroupName: !Ref DBSubnetGroup
DBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: 'RDS SG'
VpcId: !Ref VpcID
SecurityGroupIngress:
- IpProtocol: tcp
# FromPort: 3306
# ToPort: 3306
FromPort: 306
ToPort: 306
SourceSecurityGroupId: !Ref HostSecurityGroup