Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
355 lines (354 sloc) 12 KB
---
# Copyright 2018 widdix GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'State: ElastiCache redis, a cloudonaut.io template'
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: 'Parent Stacks'
Parameters:
- ParentVPCStack
- ParentClientStack
- ParentZoneStack
- ParentSSHBastionStack
- ParentAlertStack
- Label:
default: 'ElastiCache Parameters'
Parameters:
- CacheNodeType
- EngineVersion
- TransitEncryption
- AuthToken
- SubDomainName
Parameters:
ParentVPCStack:
Description: 'Stack name of parent VPC stack based on vpc/vpc-*azs.yaml template.'
Type: String
ParentClientStack:
Description: 'Stack name of parent client stack based on state/client-sg.yaml template.'
Type: String
ParentZoneStack:
Description: 'Optional stack name of parent zone stack based on vpc/vpc-zone-*.yaml template.'
Type: String
Default: ''
ParentSSHBastionStack:
Description: 'Optional but recommended stack name of parent SSH bastion host/instance stack based on vpc/vpc-ssh-bastion.yaml template.'
Type: String
Default: ''
ParentAlertStack:
Description: 'Optional but recommended stack name of parent alert stack based on operations/alert.yaml template.'
Type: String
Default: ''
EngineVersion:
Description: 'Version of the redis engine to be used'
Type: String
Default: '5.0.0'
AllowedValues:
- '5.0.0'
- '4.0.10'
- '3.2.6' # 3.2.4 and 3.2.10 do not support encryption
CacheNodeType:
Description: 'The compute and memory capacity of the nodes in the node group (shard).'
Type: 'String'
Default: 'cache.t2.micro'
AllowedValues:
- 'cache.t2.micro'
- 'cache.t2.small'
- 'cache.t2.medium'
- 'cache.m3.medium'
- 'cache.m3.large'
- 'cache.m3.xlarge'
- 'cache.m3.2xlarge'
- 'cache.m4.large'
- 'cache.m4.xlarge'
- 'cache.m4.2xlarge'
- 'cache.m4.4xlarge'
- 'cache.m4.10xlarge'
- 'cache.r3.large'
- 'cache.r3.xlarge'
- 'cache.r3.2xlarge'
- 'cache.r3.4xlarge'
- 'cache.r3.8xlarge'
- 'cache.r4.large'
- 'cache.r4.xlarge'
- 'cache.r4.2xlarge'
- 'cache.r4.4xlarge'
- 'cache.r4.8xlarge'
- 'cache.r4.16xlarge'
TransitEncryption:
Description: 'Enable encryption for data in transit? When transit encryption is enabled also specify an auth token.'
Type: 'String'
Default: 'true'
AllowedValues:
- 'true'
- 'false'
AuthToken:
Description: 'Password (16 to 128 characters) used to authenticate against Redis. Requried when TransitEncryption = true. Leave blank to disable password-protection.'
Type: 'String'
Default: ''
MaxLength: 128
SubDomainName:
Description: 'Name that is used to create the DNS entry §{SubDomainName}.§{HostedZoneName} (required when ParentZoneStack is set, otherwise not considered)'
Type: String
Default: redis
Mappings:
CacheParameterGroupFamilyMap:
'5.0.0':
redis: 'redis5.0'
'4.0.10':
redis: 'redis4.0'
'3.2.6':
redis: 'redis3.2'
Conditions:
HasZone: !Not [!Equals [!Ref ParentZoneStack, '']]
HasSSHBastionSecurityGroup: !Not [!Equals [!Ref ParentSSHBastionStack, '']]
HasAlertTopic: !Not [!Equals [!Ref ParentAlertStack, '']]
HasAuthToken: !Not [!Equals [!Ref AuthToken, '']]
Resources:
RecordSet:
Condition: HasZone
Type: 'AWS::Route53::RecordSet'
Properties:
HostedZoneId:
'Fn::ImportValue': !Sub '${ParentZoneStack}-HostedZoneId'
Name: !Sub
- '${SubDomainName}.${HostedZoneName}'
- SubDomainName: !Ref SubDomainName
HostedZoneName:
'Fn::ImportValue': !Sub '${ParentZoneStack}-HostedZoneName'
ResourceRecords:
- !GetAtt 'ReplicationGroup.PrimaryEndPoint.Address'
TTL: '60'
Type: CNAME
CacheParameterGroup:
Type: 'AWS::ElastiCache::ParameterGroup'
Properties:
CacheParameterGroupFamily: !FindInMap [CacheParameterGroupFamilyMap, !Ref EngineVersion, redis]
Description: !Ref 'AWS::StackName'
Properties: {}
CacheSubnetGroupName:
Type: 'AWS::ElastiCache::SubnetGroup'
Properties:
Description: !Ref 'AWS::StackName'
SubnetIds: !Split
- ','
- 'Fn::ImportValue': !Sub '${ParentVPCStack}-SubnetsPrivate'
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: !Ref 'AWS::StackName'
VpcId:
'Fn::ImportValue': !Sub '${ParentVPCStack}-VPC'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 6379
ToPort: 6379
SourceSecurityGroupId:
'Fn::ImportValue': !Sub '${ParentClientStack}-ClientSecurityGroup'
SecurityGroupInSSHBastion:
Type: 'AWS::EC2::SecurityGroupIngress'
Condition: HasSSHBastionSecurityGroup
Properties:
GroupId: !Ref SecurityGroup
IpProtocol: tcp
FromPort: 6379
ToPort: 6379
SourceSecurityGroupId:
'Fn::ImportValue': !Sub '${ParentSSHBastionStack}-SecurityGroup'
ReplicationGroup:
DeletionPolicy: Snapshot
UpdateReplacePolicy: Snapshot
Type: AWS::ElastiCache::ReplicationGroup
Properties:
ReplicationGroupDescription: !Ref 'AWS::StackName'
AtRestEncryptionEnabled: true
AuthToken: !If [HasAuthToken, !Ref AuthToken, !Ref 'AWS::NoValue']
AutomaticFailoverEnabled: true
CacheNodeType: !Ref CacheNodeType
CacheParameterGroupName: !Ref CacheParameterGroup
CacheSubnetGroupName: !Ref CacheSubnetGroupName
Engine: 'redis'
EngineVersion: !Ref EngineVersion
NotificationTopicArn: !If [HasAlertTopic, {'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'}, !Ref 'AWS::NoValue']
NumNodeGroups: 1
ReplicasPerNodeGroup: 1
PreferredMaintenanceWindow: 'sat:07:00-sat:08:00'
SecurityGroupIds:
- !Ref SecurityGroup
SnapshotRetentionLimit: 35
SnapshotWindow: '00:00-03:00'
TransitEncryptionEnabled: !Ref TransitEncryption
Node1CPUUtilizationTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average CPU utilization over last 10 minutes higher than 80%'
Namespace: 'AWS/ElastiCache'
MetricName: CPUUtilization
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 80
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-001'
Node2CPUUtilizationTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average CPU utilization over last 10 minutes higher than 80%'
Namespace: 'AWS/ElastiCache'
MetricName: CPUUtilization
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 80
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-002'
Node1SwapUsageTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average swap usage over last 10 minutes higher than 64 MB, performance may suffer'
Namespace: 'AWS/ElastiCache'
MetricName: SwapUsage
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 67108864 # 64 MB in Bytes
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-001'
Node2SwapUsageTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average swap usage over last 10 minutes higher than 64 MB, performance may suffer'
Namespace: 'AWS/ElastiCache'
MetricName: SwapUsage
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 67108864 # 64 MB in Bytes
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-002'
Node1EvictionsTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average evictions over last 10 minutes higher than 1000, may enough memory for all keys'
Namespace: 'AWS/ElastiCache'
MetricName: Evictions
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 1000
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-001'
Node2EvictionsTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average evictions over last 10 minutes higher than 1000, may enough memory for all keys'
Namespace: 'AWS/ElastiCache'
MetricName: Evictions
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 1000
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-002'
Node1ReplicationLagTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average replication lag over last 10 minutes higher than 30 seconds'
Namespace: 'AWS/ElastiCache'
MetricName: ReplicationLag
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 30
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-001'
Node2ReplicationLagTooHighAlarm:
Condition: HasAlertTopic
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Average replication lag over last 10 minutes higher than 30 seconds'
Namespace: 'AWS/ElastiCache'
MetricName: ReplicationLag
Statistic: Average
Period: 600
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 30
AlarmActions:
- 'Fn::ImportValue': !Sub '${ParentAlertStack}-TopicARN'
Dimensions:
- Name: CacheClusterId
Value: !Sub '${ReplicationGroup}-002'
Outputs:
TemplateID:
Description: 'cloudonaut.io template id.'
Value: 'state/elasticache-redis'
TemplateVersion:
Description: 'cloudonaut.io template version.'
Value: '__VERSION__'
StackName:
Description: 'Stack name.'
Value: !Sub '${AWS::StackName}'
ClusterName:
Description: 'The name of the cluster'
Value: !Ref ReplicationGroup
Export:
Name: !Sub '${AWS::StackName}-ClusterName'
PrimaryEndPointAddress:
Description: 'The DNS address of the primary read-write cache node.'
Value: !GetAtt 'ReplicationGroup.PrimaryEndPoint.Address'
Export:
Name: !Sub '${AWS::StackName}-PrimaryEndPointAddress'
PrimaryEndPointPort:
Description: 'The port that the primary read-write cache engine is listening on.'
Value: !GetAtt 'ReplicationGroup.PrimaryEndPoint.Port'
Export:
Name: !Sub '${AWS::StackName}-PrimaryEndPointPort'
You can’t perform that action at this time.