-
Notifications
You must be signed in to change notification settings - Fork 1
/
01-demo-internal-alb-asg.yaml
269 lines (244 loc) · 6.37 KB
/
01-demo-internal-alb-asg.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Demo for ELB and Autoscaling'
Parameters:
Environment:
Type: String
Description: Name for this Environment
Default: DEMO-ELB-ASG-STACK
KeyName:
Description: The EC2 Key Pair to allow SSH access to the instances
Type: AWS::EC2::KeyPair::KeyName
Default: hasselrot
InstanceType:
Description: EC2 instance type for the node instances
Type: String
Default: t3.small
ConstraintDescription: Must be a valid EC2 instance type
VpcBlock:
Type: String
Default: 10.30.0.0/16
Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range.
Subnet01Block:
Type: String
Default: 10.30.1.0/24
Description: CidrBlock for subnet 01 within the VPC
Subnet02Block:
Type: String
Default: 10.30.2.0/24
Description: CidrBlock for subnet 02 within the VPC
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Worker Network Configuration"
Parameters:
- VpcBlock
- Subnet01Block
- Subnet02Block
- Subnet03Block
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcBlock
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-VPC'
- Key: env
Value: !Ref Environment
InternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: env
Value: !Ref Environment
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PubRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
- Key: env
Value: !Ref Environment
Route:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PubRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PubSubnet01:
Type: AWS::EC2::Subnet
Metadata:
Comment: Public Subnet 01
Properties:
AvailabilityZone: "eu-west-1a"
CidrBlock:
Ref: Subnet01Block
VpcId:
Ref: VPC
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PubSubnet01"
- Key: env
Value: !Ref Environment
Subnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PubSubnet01
RouteTableId: !Ref PubRouteTable
PubSubnet02:
Type: AWS::EC2::Subnet
Metadata:
Comment: Public Subnet 02
Properties:
AvailabilityZone: "eu-west-1b"
CidrBlock:
Ref: Subnet02Block
VpcId:
Ref: VPC
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PubSubnet02"
- Key: env
Value: !Ref Environment
Subnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PubSubnet02
RouteTableId: !Ref PubRouteTable
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow node communication
VpcId: !Ref VPC
Tags:
- Key: env
Value: !Ref Environment
- Key: Name
Value: !Sub "${Environment}-SG"
SecurityGroupWEBIngress:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: SecurityGroup
Properties:
Description: Allow node communication
GroupId: !Ref SecurityGroup
CidrIp: '0.0.0.0/0'
IpProtocol: 'tcp'
FromPort: 80
ToPort: 80
SecurityGroupSSHIngress:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: SecurityGroup
Properties:
Description: Allow node communication
GroupId: !Ref SecurityGroup
CidrIp: '0.0.0.0/0'
IpProtocol: 'tcp'
FromPort: 22
ToPort: 22
loadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internal
Subnets:
- Ref: PubSubnet01
- Ref: PubSubnet02
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '50'
SecurityGroups:
- Ref: SecurityGroup
Tags:
- Key: env
Value: !Ref Environment
- Key: Name
Value: !Sub "${Environment}-ALB"
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 2
HealthyThresholdCount: 2
Matcher:
HttpCode: '200'
Name: MyTargets
Port: 80
Protocol: HTTP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
UnhealthyThresholdCount: 2
VpcId:
Ref: VPC
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: TargetGroup
LoadBalancerArn:
Ref: loadBalancer
Port: '80'
Protocol: HTTP
NodeGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
DesiredCapacity: 3
LaunchConfigurationName: !Ref LaunchConfig
MinSize: 1
MaxSize: 3
TargetGroupARNs:
- Ref: "TargetGroup"
VPCZoneIdentifier:
- !Ref PubSubnet01
Tags:
- Key: Name
Value: !Sub "${Environment}-Node"
PropagateAtLaunch: 'true'
- Key: env
Value: !Ref Environment
PropagateAtLaunch: 'true'
UpdatePolicy:
AutoScalingRollingUpdate:
MaxBatchSize: '1'
MinInstancesInService: 1
PauseTime: 'PT30S'
LaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: ami-08935252a36e25f85
InstanceType: !Ref InstanceType
KeyName: !Ref KeyName
SecurityGroups:
- !Ref SecurityGroup
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: 16
VolumeType: gp2
DeleteOnTermination: true
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
yum update -y
yum install -y httpd
echo "Hello World" > /var/www/html/index.html
service httpd start
chkconfig httpd on