-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Vibhas
committed
Jun 10, 2020
0 parents
commit 982dde3
Showing
7 changed files
with
534 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,109 @@ | ||
| Parameters: | ||
| EnviromentName: | ||
| Description: An environment name that will be prefixed to resource names | ||
| Type: String | ||
| AllowedValues: [poc, dev, uat] | ||
| Default: poc | ||
| VPC: | ||
| Description: Choose which VPC the security groups should be deployed to | ||
| Type: AWS::EC2::VPC::Id | ||
| Subnets: | ||
| Description: Subnets for LoadBalancer | ||
| Type: List<AWS::EC2::Subnet::Id> | ||
| Ec2InstanceType: | ||
| Description: Instance Type of ecs ec2 cluster | ||
| Type: String | ||
| AllowedValues: [ t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, | ||
| m5.large, m5.xlarge, m5.2large, m5.4xlarge, m5.12xlarge, m5.24large, | ||
| c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.18xlarge, | ||
| r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.12xlarge, r5.24xlarge ] | ||
| UserServicePath: | ||
| Description: The path to register with the Application Load Balancer | ||
| Type: String | ||
| Default: /users | ||
| DeptServicePath: | ||
| Description: The path to register with the Application Load Balancer | ||
| Type: String | ||
| Default: /dept | ||
|
|
||
|
|
||
| Resources: | ||
| SecurityGroupsStack: | ||
| Type: AWS::CloudFormation::Stack | ||
| Properties: | ||
| TemplateURL: https://aws-practice-001.s3.amazonaws.com/securitygroups.yaml | ||
| Parameters: | ||
| EnviromentName: !Ref EnviromentName | ||
| VPC: !Ref VPC | ||
| Stackname: !Sub ${AWS::StackName} | ||
| TimeoutInMinutes: 5 | ||
|
|
||
|
|
||
| LoadBalancerStack: | ||
| Type: AWS::CloudFormation::Stack | ||
| Properties: | ||
| TemplateURL: https://aws-practice-001.s3.amazonaws.com/loadbalancer.yaml | ||
| Parameters: | ||
| EnviromentName: !Ref EnviromentName | ||
| Stackname: !Sub ${AWS::StackName} | ||
| LoadBalancerSecurityGroup: !GetAtt SecurityGroupsStack.Outputs.LoadBalancerSecurityGroup | ||
| LoadBalancerSubnets: !Join [",",!Ref Subnets] | ||
| VPC: !Ref VPC | ||
| TimeoutInMinutes: 5 | ||
|
|
||
|
|
||
| EcsClusterStack: | ||
| Type: AWS::CloudFormation::Stack | ||
| Properties: | ||
| TemplateURL: https://aws-practice-001.s3.amazonaws.com/ecs-cluster.yaml | ||
| Parameters: | ||
| EnviromentName: !Ref EnviromentName | ||
| Stackname: !Sub ${AWS::StackName} | ||
| LoadBalancerSubnets: !Join [",",!Ref Subnets] | ||
| EC2ClusterSecurityGroup: !GetAtt SecurityGroupsStack.Outputs.EC2ClusterSecurityGroup | ||
| SshSecurityGroup: !GetAtt SecurityGroupsStack.Outputs.SshSecurityGroup | ||
| Ec2InstanceType: !Ref Ec2InstanceType | ||
| TimeoutInMinutes: 5 | ||
|
|
||
| LogGroupStack: | ||
| Type: AWS::CloudFormation::Stack | ||
| Properties: | ||
| TemplateURL: https://aws-practice-001.s3.amazonaws.com/logs.yaml | ||
| Parameters: | ||
| EnviromentName: !Ref EnviromentName | ||
| Stackname: !Sub ${AWS::StackName} | ||
| TimeoutInMinutes: 5 | ||
|
|
||
| UserService: | ||
| Type: AWS::CloudFormation::Stack | ||
| Properties: | ||
| TemplateURL: https://aws-practice-001.s3.amazonaws.com/users-service.yaml | ||
| Parameters: | ||
| EnviromentName: !Ref EnviromentName | ||
| Stackname: !Sub ${AWS::StackName} | ||
| VPC: !Ref VPC | ||
| Cluster: !GetAtt EcsClusterStack.Outputs.Cluster | ||
| Path: !Ref UserServicePath | ||
| LoadBalancerListener: !GetAtt LoadBalancerStack.Outputs.LoadBalancerListener | ||
| LogGroupName: !GetAtt LogGroupStack.Outputs.LogGroupName | ||
| TimeoutInMinutes: 5 | ||
|
|
||
| DeptService: | ||
| Type: AWS::CloudFormation::Stack | ||
| Properties: | ||
| TemplateURL: https://aws-practice-001.s3.amazonaws.com/dept-service.yaml | ||
| Parameters: | ||
| EnviromentName: !Ref EnviromentName | ||
| Stackname: !Sub ${AWS::StackName} | ||
| VPC: !Ref VPC | ||
| Cluster: !GetAtt EcsClusterStack.Outputs.Cluster | ||
| Path: !Ref DeptServicePath | ||
| LoadBalancerListener: !GetAtt LoadBalancerStack.Outputs.LoadBalancerListener | ||
| LogGroupName: !GetAtt LogGroupStack.Outputs.LogGroupName | ||
| TimeoutInMinutes: 5 | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| Parameters: | ||
| LoadBalancerSubnets: | ||
| Type: String | ||
| Description: Subnets for ASG | ||
| EnviromentName: | ||
| Description: An environment name that will be prefixed to resource names | ||
| Type: String | ||
| Stackname: | ||
| Description: Stack name to be appended to nested security group stack | ||
| Type: String | ||
| EC2ClusterSecurityGroup: | ||
| Description: Ecs Sg for ASGLC | ||
| Type: AWS::EC2::SecurityGroup::Id | ||
| SshSecurityGroup: | ||
| Description: SSH Sg for ASGLC | ||
| Type: AWS::EC2::SecurityGroup::Id | ||
| Ec2InstanceType: | ||
| Description: Instance Type of ecs ec2 cluster | ||
| Type: String | ||
| AllowedValues: [ t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, | ||
| m5.large, m5.xlarge, m5.2large, m5.4xlarge, m5.12xlarge, m5.24large, | ||
| c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.18xlarge, | ||
| r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.12xlarge, r5.24xlarge ] | ||
|
|
||
|
|
||
|
|
||
|
|
||
| Resources: | ||
| Cluster: | ||
| Type: AWS::ECS::Cluster | ||
| Properties: | ||
| ClusterName: !Join ['-',[!Ref Stackname,'cluster',!Ref EnviromentName]] | ||
|
|
||
| AutoScalingGroup: | ||
| Type: AWS::AutoScaling::AutoScalingGroup | ||
| Properties: | ||
| AutoScalingGroupName: !Join ['-',[!Ref Stackname,'asg',!Ref EnviromentName]] | ||
| VPCZoneIdentifier: !Split [",",!Ref LoadBalancerSubnets] | ||
| LaunchConfigurationName: !Ref AutoScalingGroupLaunchConfiguration | ||
| MaxSize: 2 | ||
| MinSize: 1 | ||
| DesiredCapacity: 1 | ||
| Tags: | ||
| - Key: Name | ||
| Value: !Join ['-',[!Ref Stackname,'asg',!Ref EnviromentName]] | ||
| PropagateAtLaunch: true | ||
|
|
||
|
|
||
| # Note Can create role similar to ecsInstanceRole | ||
|
|
||
| AutoScalingGroupLaunchConfiguration: | ||
| Type: AWS::AutoScaling::LaunchConfiguration | ||
| Properties: | ||
| KeyName: ecs-poc | ||
| ImageId: ami-07a63940735aebd38 | ||
| InstanceType: !Ref Ec2InstanceType | ||
| IamInstanceProfile: ecsInstanceRole | ||
| SecurityGroups: | ||
| - !Ref EC2ClusterSecurityGroup | ||
| - !Ref SshSecurityGroup | ||
| UserData: | ||
| Fn::Base64: | ||
| Fn::Sub: | ||
| - | | ||
| #!/bin/bash -xe | ||
| echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config | ||
| yum install -y aws-cfn-bootstrap | ||
| - { ECSCluster: !Ref Cluster } | ||
|
|
||
| Outputs: | ||
| Cluster: | ||
| Description: Name of cluster | ||
| Value: !Ref Cluster | ||
| ECSAutoScalingGroupName: | ||
| Description: A reference to ECS AutoScaling Group Name | ||
| Value: !Ref AutoScalingGroup | ||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| Parameters: | ||
| EnviromentName: | ||
| Description: An environment name that will be prefixed to resource names | ||
| Type: String | ||
| Stackname: | ||
| Description: Stack name to be appended to nested security group stack | ||
| Type: String | ||
| LoadBalancerSubnets: | ||
| Type: String | ||
| Description: Subnets for LoadBalancer | ||
| LoadBalancerSecurityGroup: | ||
| Description: Security group for internet facing alb | ||
| Type: AWS::EC2::SecurityGroup::Id | ||
| VPC: | ||
| Description: Choose which VPC the security groups should be deployed to | ||
| Type: AWS::EC2::VPC::Id | ||
|
|
||
| Resources: | ||
| LoadBalancer: | ||
| Type: AWS::ElasticLoadBalancingV2::LoadBalancer | ||
| Properties: | ||
| Name: !Join ['-',[!Ref Stackname,'alb',!Ref EnviromentName]] | ||
| Subnets: !Split [",",!Ref LoadBalancerSubnets] | ||
| SecurityGroups: | ||
| - !Ref LoadBalancerSecurityGroup | ||
|
|
||
|
|
||
| LoadBalancerListener: | ||
| Type: AWS::ElasticLoadBalancingV2::Listener | ||
| Properties: | ||
| LoadBalancerArn: !Ref LoadBalancer | ||
| Port: 80 | ||
| Protocol: HTTP | ||
| DefaultActions: | ||
| - Type: fixed-response | ||
| FixedResponseConfig: | ||
| ContentType: text/plain | ||
| MessageBody: No Route Detected | ||
| StatusCode: 404 | ||
|
|
||
| DefaultTargetGroup: | ||
| Type: AWS::ElasticLoadBalancingV2::TargetGroup | ||
| Properties: | ||
| Name: !Join ['-',[!Ref Stackname,'default','tg',!Ref EnviromentName]] | ||
| Protocol: HTTP | ||
| VpcId: !Ref VPC | ||
| Port: 80 | ||
|
|
||
|
|
||
|
|
||
| Outputs: | ||
| LoadBalancerDns: | ||
| Description: DNS name of loadbalancer | ||
| Value: !GetAtt LoadBalancer.DNSName | ||
| LoadBalancerListener: | ||
| Description: Listener of alb | ||
| Value: !Ref LoadBalancerListener | ||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| Parameters: | ||
| EnviromentName: | ||
| Description: An environment name that will be prefixed to resource names | ||
| Type: String | ||
| Stackname: | ||
| Description: Stack name to be appended to nested security group stack | ||
| Type: String | ||
|
|
||
| Resources: | ||
| CloudWatchLogGroup: | ||
| Type: AWS::Logs::LogGroup | ||
| Properties: | ||
| LogGroupName: !Join ['-',[!Ref Stackname,!Ref EnviromentName]] | ||
| RetentionInDays: 7 | ||
|
|
||
|
|
||
| Outputs: | ||
| LogGroupName: | ||
| Description: Cloudwatch log group | ||
| Value: !Ref CloudWatchLogGroup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| Parameters: | ||
| EnviromentName: | ||
| Description: An environment name that will be prefixed to resource names | ||
| Type: String | ||
| VPC: | ||
| Description: Choose which VPC the security groups should be deployed to | ||
| Type: AWS::EC2::VPC::Id | ||
| Stackname: | ||
| Description: Stack name to be appended to nested security group stack | ||
| Type: String | ||
|
|
||
|
|
||
| Resources: | ||
|
|
||
| SshSecurityGroup: | ||
| Type: AWS::EC2::SecurityGroup | ||
| Properties: | ||
| GroupName: !Join ['-',[!Ref Stackname,'ssh']] | ||
| VpcId: !Ref VPC | ||
| GroupDescription: Enable SSH access via port 22 | ||
| SecurityGroupIngress: | ||
| - IpProtocol: tcp | ||
| FromPort: 22 | ||
| ToPort: 22 | ||
| CidrIp: 0.0.0.0/0 | ||
| Tags: | ||
| - Key: Name | ||
| Value: !Join ['-',[!Ref Stackname,'ssh',!Ref EnviromentName]] | ||
|
|
||
|
|
||
|
|
||
| HttpSecurityGroup: | ||
| Type: AWS::EC2::SecurityGroup | ||
| Properties: | ||
| GroupName: !Join ['-',[!Ref Stackname,'http']] | ||
| VpcId: !Ref VPC | ||
| GroupDescription: Enable HTTP access via port 80 | ||
| SecurityGroupIngress: | ||
| - IpProtocol: tcp | ||
| FromPort: 80 | ||
| ToPort: 80 | ||
| CidrIp: 0.0.0.0/0 | ||
| Tags: | ||
| - Key: Name | ||
| Value: !Join ['-',[!Ref Stackname,'http',!Ref EnviromentName]] | ||
|
|
||
|
|
||
| LoadBalancerSecurityGroup: | ||
| Type: AWS::EC2::SecurityGroup | ||
| Properties: | ||
| GroupName: !Join ['-',[!Ref Stackname,'alb']] | ||
| GroupDescription: Access to the public facing load balancer | ||
| VpcId: !Ref VPC | ||
| SecurityGroupIngress: | ||
| - CidrIp: 0.0.0.0/0 | ||
| IpProtocol: -1 | ||
| Tags: | ||
| - Key: Name | ||
| Value: !Join ['-',[!Ref Stackname,'alb',!Ref EnviromentName]] | ||
|
|
||
| EC2ClusterSecurityGroup: | ||
| Type: AWS::EC2::SecurityGroup | ||
| Properties: | ||
| GroupName: !Join ['-',[!Ref Stackname,'ecs']] | ||
| GroupDescription: Access to the ecs cluster behind load balancer | ||
| VpcId: !Ref VPC | ||
| SecurityGroupIngress: | ||
| - IpProtocol: tcp | ||
| FromPort: 0 | ||
| ToPort: 65535 | ||
| SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup | ||
| Tags: | ||
| - Key: Name | ||
| Value: !Join ['-',[!Ref Stackname,'cluster',!Ref EnviromentName]] | ||
|
|
||
|
|
||
| Outputs: | ||
| SshSecurityGroup: | ||
| Description: A reference to security group for SSH | ||
| Value: !Ref SshSecurityGroup | ||
| HttpSecurityGroup: | ||
| Description: A reference to security group for HTTP | ||
| Value: !Ref HttpSecurityGroup | ||
| LoadBalancerSecurityGroup: | ||
| Description: A reference to security group for public facing ALB | ||
| Value: !Ref LoadBalancerSecurityGroup | ||
| EC2ClusterSecurityGroup: | ||
| Description: A reference to security group for ECS cluster from ALB | ||
| Value: !Ref EC2ClusterSecurityGroup | ||
|
|
||
|
|
||
|
|
||
|
|
Oops, something went wrong.