Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
218 lines (183 sloc) 5.51 KB
# Avoid repeating yourself, include other YAML files here.
includes:
# route_tables: /path/to/common_route_tables_layout.yaml
# subnets: /path/to/webapp_subnets.yaml
# import the amis stanza from amis.yaml.
amis: nested/amis.yaml
# CIDR block to create the VPC.
# for example, when creating new vpc, use -e 'vpc_cidr=192.168.21.0/24'
vpc_cidr: {{ vpc_cidr }}
# Sometimes you want to pay a bunch of money for a dedicated hypervisor.
# set vpc_tenancy to 'dedicated' or 'default' or not at all.
#vpc_tenancy: {{ vpc_tenancy | default('default') }}
# optional way to add tags (key:value) to all resources.
tags:
env: dev
inspector: true
# DHCP Options Set
dhcp_options:
# max. of 4 domain name servers can be given
domain-name-servers:
- AmazonProvidedDNS
- 8.8.8.8
# VPN Gateway ID to attach to VPC,
# by default associated routes will be propagated
#vpn_gateway:
# id: 'vgw-xxxxxxxx'
# This is an example route_tables schema.
route_tables:
# private network without a default route to the Internet.
private:
main: true
routes:
#- ['10.0.0.0/8', 'vpn_gateway']
- ['0.0.0.0/0', 'nat']
# public network with a default route to the Internet.
public:
routes:
- ['0.0.0.0/0', 'internet_gateway']
# This is an example of a 4 subnet schema.
# Each subnet has a size of 27 which is a /27 CIDR (32 addresses).
# Two are attached to the private route_table, and two to the public.
# We round robin AZ letters if availability_zone is not defined.
# Instances will launch into subnet with public IPs, if public: True.
subnets:
private-1:
size: 27
route_table: private
description: private subnet 1
# availability_zone: a
private-2:
size: 27
route_table: private
description: private subnet 2
# availability_zone: b
public-1:
size: 27
route_table: public
description: public subnet 1
# The subnet's public IP addressing behavior, map public IP on instance launch?
public: True
public-2:
size: 27
route_table: public
description: public subnet 2
# The subnet's public IP addressing behavior, map public IP on instance launch?
public: True
# This is an example of how to create VPC Endpoints.
# This is optional, this allows private subnets to reach S3.
endpoints:
- private
# This is an example of how to create additional VPC ssh key pairs.
# This is optional, we always create a default key pair.
key_pairs:
- door
# security groups and rules.
# we reference these security_groups by name in:
# role_instances, load_balancers, cache_clusters, db_instances, and more.
security_groups:
all:
inbound:
- ['door', 'tcp', 22]
web-elb:
inbound:
- ['0.0.0.0/0', 'tcp', 80]
web:
inbound:
- ['web-elb', 'tcp', 80]
db:
inbound:
- ['web', 'tcp', 5432]
outbound:
# this is purely an example of an outbound rule.
# we typically default allow all outbound traffic.
- ['web', 'tcp', 5432]
nat:
inbound:
# allow subnets in VPC to ping the NAT hosts.
- ['{{ vpc_cidr }}', 'icmp', 'all']
# allow subnets in VPC to get NTP time via the NAT hosts.
- ['{{ vpc_cidr }}', 'udp', 123]
# allow subnets in VPC to http/https via the NAT hosts.
- ['{{ vpc_cidr }}', 'tcp', 80]
- ['{{ vpc_cidr }}', 'tcp', 443]
door:
inbound:
- ['0.0.0.0/0', 'tcp', 22]
psql-server:
inbound:
- ['web', 'tcp', 5432]
# define an RDS database.
#db_instances:
# 'webapp-psql':
# name : 'webapp'
# description: PostgreSQL Database For Persistence
# subnets: ['private-1', 'private-2']
# security_groups: ['psql-server']
# engine: postgres
# engine_version: 9.4.1
# class: db.t2.micro
# allocated_storage: 5
# backup_retention_period: 0
# master_username: postgres
# multi_az: False
# define a public ELB for webapp nodes.
load_balancers:
# The Name tag of the this ELB will end up as webapp01-web-elb:
web-elb:
instance_role: web
internal: false
security_groups: ['web-elb']
subnets: ['public-1', 'public-2']
listeners:
- [80, 80, 'tcp']
# define instance roles to create.
instance_roles:
# define how an instance in the web role should look.
web:
description: web nodes run Nginx/uWSGI/Pyramid on port 80
autoscaling: true
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 2
security_groups: ['all', 'web']
subnets: ['private-1', 'private-2']
block_devices:
"/dev/sda1":
size: 10
# define how an instance in the db role should look.
db:
description: db nodes run PostgreSQL on port 5432
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 1
security_groups: ['all', 'db']
subnets: ['private-1', 'private-2']
block_devices:
"/dev/sda1":
size: 10
# define how an instance in the nat role should look.
nat:
description: NAT nodes provide routes to other networks.
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 1
security_groups: ['all', 'nat']
subnets: ['public-1', 'public-2']
eip: true
block_devices:
"/dev/sda1":
size: 10
# define how an instance in the door role should look.
door:
description: door nodes run ssh on port 22
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 1
security_groups: ['all', 'door']
subnets: ['public-1', 'public-2']
key_pair: door
eip: true
block_devices:
"/dev/sda1":
size: 10