Created
June 29, 2019 06:57
-
-
Save amit-naudiyal/69d4c60f781ea5439b810de55735e569 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "EKS cluster (dedicated VPC: true, dedicated IAM: true) [created and managed by eksctl]", | |
| "Resources": { | |
| "ClusterSharedNodeSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "Communication between all nodes in the cluster", | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/ClusterSharedNodeSecurityGroup" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "ControlPlane": { | |
| "Type": "AWS::EKS::Cluster", | |
| "Properties": { | |
| "Name": "eksworkshop-eksctl", | |
| "ResourcesVpcConfig": { | |
| "SecurityGroupIds": [{ | |
| "Ref": "ControlPlaneSecurityGroup" | |
| }], | |
| "SubnetIds": [{ | |
| "Ref": "SubnetPublicUSEAST1A" | |
| }, { | |
| "Ref": "SubnetPublicUSEAST1B" | |
| }, { | |
| "Ref": "SubnetPrivateUSEAST1A" | |
| }, { | |
| "Ref": "SubnetPrivateUSEAST1B" | |
| }] | |
| }, | |
| "RoleArn": { | |
| "Fn::GetAtt": "ServiceRole.Arn" | |
| }, | |
| "Version": "1.12" | |
| } | |
| }, | |
| "ControlPlaneSecurityGroup": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "Communication between the control plane and worker nodegroups", | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/ControlPlaneSecurityGroup" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "IngressInterNodeGroupSG": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "Description": "Allow nodes to communicate with each other (all ports)", | |
| "FromPort": 0, | |
| "GroupId": { | |
| "Ref": "ClusterSharedNodeSecurityGroup" | |
| }, | |
| "IpProtocol": "-1", | |
| "SourceSecurityGroupId": { | |
| "Ref": "ClusterSharedNodeSecurityGroup" | |
| }, | |
| "ToPort": 65535 | |
| } | |
| }, | |
| "InternetGateway": { | |
| "Type": "AWS::EC2::InternetGateway", | |
| "Properties": { | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/InternetGateway" | |
| } | |
| }] | |
| } | |
| }, | |
| "NATGateway": { | |
| "Type": "AWS::EC2::NatGateway", | |
| "Properties": { | |
| "AllocationId": { | |
| "Fn::GetAtt": "NATIP.AllocationId" | |
| }, | |
| "SubnetId": { | |
| "Ref": "SubnetPublicUSEAST1A" | |
| }, | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/NATGateway" | |
| } | |
| }] | |
| } | |
| }, | |
| "NATIP": { | |
| "Type": "AWS::EC2::EIP", | |
| "Properties": { | |
| "Domain": "vpc" | |
| } | |
| }, | |
| "PolicyCloudWatchMetrics": { | |
| "Type": "AWS::IAM::Policy", | |
| "Properties": { | |
| "PolicyDocument": { | |
| "Statement": [{ | |
| "Action": ["cloudwatch:PutMetricData"], | |
| "Effect": "Allow", | |
| "Resource": "*" | |
| }], | |
| "Version": "2012-10-17" | |
| }, | |
| "PolicyName": { | |
| "Fn::Sub": "${AWS::StackName}-PolicyCloudWatchMetrics" | |
| }, | |
| "Roles": [{ | |
| "Ref": "ServiceRole" | |
| }] | |
| } | |
| }, | |
| "PolicyNLB": { | |
| "Type": "AWS::IAM::Policy", | |
| "Properties": { | |
| "PolicyDocument": { | |
| "Statement": [{ | |
| "Action": ["elasticloadbalancing:*", "ec2:CreateSecurityGroup", "ec2:Describe*"], | |
| "Effect": "Allow", | |
| "Resource": "*" | |
| }], | |
| "Version": "2012-10-17" | |
| }, | |
| "PolicyName": { | |
| "Fn::Sub": "${AWS::StackName}-PolicyNLB" | |
| }, | |
| "Roles": [{ | |
| "Ref": "ServiceRole" | |
| }] | |
| } | |
| }, | |
| "PrivateRouteTable": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/PrivateRouteTable" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "PrivateSubnetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "NatGatewayId": { | |
| "Ref": "NATGateway" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| } | |
| } | |
| }, | |
| "PublicRouteTable": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/PublicRouteTable" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "PublicSubnetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "GatewayId": { | |
| "Ref": "InternetGateway" | |
| }, | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| } | |
| } | |
| }, | |
| "RouteTableAssociationPrivateUSEAST1A": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| }, | |
| "SubnetId": { | |
| "Ref": "SubnetPrivateUSEAST1A" | |
| } | |
| } | |
| }, | |
| "RouteTableAssociationPrivateUSEAST1B": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PrivateRouteTable" | |
| }, | |
| "SubnetId": { | |
| "Ref": "SubnetPrivateUSEAST1B" | |
| } | |
| } | |
| }, | |
| "RouteTableAssociationPublicUSEAST1A": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| }, | |
| "SubnetId": { | |
| "Ref": "SubnetPublicUSEAST1A" | |
| } | |
| } | |
| }, | |
| "RouteTableAssociationPublicUSEAST1B": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "PublicRouteTable" | |
| }, | |
| "SubnetId": { | |
| "Ref": "SubnetPublicUSEAST1B" | |
| } | |
| } | |
| }, | |
| "ServiceRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Statement": [{ | |
| "Action": ["sts:AssumeRole"], | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": ["eks.amazonaws.com"] | |
| } | |
| }], | |
| "Version": "2012-10-17" | |
| }, | |
| "ManagedPolicyArns": ["arn:aws:iam::aws:policy/AmazonEKSServicePolicy", "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"] | |
| } | |
| }, | |
| "SubnetPrivateUSEAST1A": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "AvailabilityZone": "us-east-1a", | |
| "CidrBlock": "192.168.64.0/19", | |
| "Tags": [{ | |
| "Key": "kubernetes.io/role/internal-elb", | |
| "Value": "1" | |
| }, { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/SubnetPrivateUSEAST1A" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "SubnetPrivateUSEAST1B": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "AvailabilityZone": "us-east-1b", | |
| "CidrBlock": "192.168.96.0/19", | |
| "Tags": [{ | |
| "Key": "kubernetes.io/role/internal-elb", | |
| "Value": "1" | |
| }, { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/SubnetPrivateUSEAST1B" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "SubnetPublicUSEAST1A": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "AvailabilityZone": "us-east-1a", | |
| "CidrBlock": "192.168.0.0/19", | |
| "Tags": [{ | |
| "Key": "kubernetes.io/role/elb", | |
| "Value": "1" | |
| }, { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/SubnetPublicUSEAST1A" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "SubnetPublicUSEAST1B": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "AvailabilityZone": "us-east-1b", | |
| "CidrBlock": "192.168.32.0/19", | |
| "Tags": [{ | |
| "Key": "kubernetes.io/role/elb", | |
| "Value": "1" | |
| }, { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/SubnetPublicUSEAST1B" | |
| } | |
| }], | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| }, | |
| "VPC": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": "192.168.0.0/16", | |
| "EnableDnsHostnames": true, | |
| "EnableDnsSupport": true, | |
| "Tags": [{ | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}/VPC" | |
| } | |
| }] | |
| } | |
| }, | |
| "VPCGatewayAttachment": { | |
| "Type": "AWS::EC2::VPCGatewayAttachment", | |
| "Properties": { | |
| "InternetGatewayId": { | |
| "Ref": "InternetGateway" | |
| }, | |
| "VpcId": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "ARN": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::ARN" | |
| } | |
| }, | |
| "Value": { | |
| "Fn::GetAtt": "ControlPlane.Arn" | |
| } | |
| }, | |
| "CertificateAuthorityData": { | |
| "Value": { | |
| "Fn::GetAtt": "ControlPlane.CertificateAuthorityData" | |
| } | |
| }, | |
| "ClusterStackName": { | |
| "Value": { | |
| "Ref": "AWS::StackName" | |
| } | |
| }, | |
| "Endpoint": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::Endpoint" | |
| } | |
| }, | |
| "Value": { | |
| "Fn::GetAtt": "ControlPlane.Endpoint" | |
| } | |
| }, | |
| "SecurityGroup": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::SecurityGroup" | |
| } | |
| }, | |
| "Value": { | |
| "Ref": "ControlPlaneSecurityGroup" | |
| } | |
| }, | |
| "ServiceRoleARN": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::ServiceRoleARN" | |
| } | |
| }, | |
| "Value": { | |
| "Fn::GetAtt": "ServiceRole.Arn" | |
| } | |
| }, | |
| "SharedNodeSecurityGroup": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::SharedNodeSecurityGroup" | |
| } | |
| }, | |
| "Value": { | |
| "Ref": "ClusterSharedNodeSecurityGroup" | |
| } | |
| }, | |
| "SubnetsPrivate": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::SubnetsPrivate" | |
| } | |
| }, | |
| "Value": { | |
| "Fn::Join": [",", [{ | |
| "Ref": "SubnetPrivateUSEAST1A" | |
| }, { | |
| "Ref": "SubnetPrivateUSEAST1B" | |
| }]] | |
| } | |
| }, | |
| "SubnetsPublic": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::SubnetsPublic" | |
| } | |
| }, | |
| "Value": { | |
| "Fn::Join": [",", [{ | |
| "Ref": "SubnetPublicUSEAST1A" | |
| }, { | |
| "Ref": "SubnetPublicUSEAST1B" | |
| }]] | |
| } | |
| }, | |
| "VPC": { | |
| "Export": { | |
| "Name": { | |
| "Fn::Sub": "${AWS::StackName}::VPC" | |
| } | |
| }, | |
| "Value": { | |
| "Ref": "VPC" | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment