Created
June 29, 2019 06:57
-
-
Save amit-naudiyal/69d4c60f781ea5439b810de55735e569 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "EKS cluster (dedicated VPC: true, dedicated IAM: true) [created and managed by eksctl]", | |
"Resources": { | |
"ClusterSharedNodeSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Communication between all nodes in the cluster", | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/ClusterSharedNodeSecurityGroup" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"ControlPlane": { | |
"Type": "AWS::EKS::Cluster", | |
"Properties": { | |
"Name": "eksworkshop-eksctl", | |
"ResourcesVpcConfig": { | |
"SecurityGroupIds": [{ | |
"Ref": "ControlPlaneSecurityGroup" | |
}], | |
"SubnetIds": [{ | |
"Ref": "SubnetPublicUSEAST1A" | |
}, { | |
"Ref": "SubnetPublicUSEAST1B" | |
}, { | |
"Ref": "SubnetPrivateUSEAST1A" | |
}, { | |
"Ref": "SubnetPrivateUSEAST1B" | |
}] | |
}, | |
"RoleArn": { | |
"Fn::GetAtt": "ServiceRole.Arn" | |
}, | |
"Version": "1.12" | |
} | |
}, | |
"ControlPlaneSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Communication between the control plane and worker nodegroups", | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/ControlPlaneSecurityGroup" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"IngressInterNodeGroupSG": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"Description": "Allow nodes to communicate with each other (all ports)", | |
"FromPort": 0, | |
"GroupId": { | |
"Ref": "ClusterSharedNodeSecurityGroup" | |
}, | |
"IpProtocol": "-1", | |
"SourceSecurityGroupId": { | |
"Ref": "ClusterSharedNodeSecurityGroup" | |
}, | |
"ToPort": 65535 | |
} | |
}, | |
"InternetGateway": { | |
"Type": "AWS::EC2::InternetGateway", | |
"Properties": { | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/InternetGateway" | |
} | |
}] | |
} | |
}, | |
"NATGateway": { | |
"Type": "AWS::EC2::NatGateway", | |
"Properties": { | |
"AllocationId": { | |
"Fn::GetAtt": "NATIP.AllocationId" | |
}, | |
"SubnetId": { | |
"Ref": "SubnetPublicUSEAST1A" | |
}, | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/NATGateway" | |
} | |
}] | |
} | |
}, | |
"NATIP": { | |
"Type": "AWS::EC2::EIP", | |
"Properties": { | |
"Domain": "vpc" | |
} | |
}, | |
"PolicyCloudWatchMetrics": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyDocument": { | |
"Statement": [{ | |
"Action": ["cloudwatch:PutMetricData"], | |
"Effect": "Allow", | |
"Resource": "*" | |
}], | |
"Version": "2012-10-17" | |
}, | |
"PolicyName": { | |
"Fn::Sub": "${AWS::StackName}-PolicyCloudWatchMetrics" | |
}, | |
"Roles": [{ | |
"Ref": "ServiceRole" | |
}] | |
} | |
}, | |
"PolicyNLB": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyDocument": { | |
"Statement": [{ | |
"Action": ["elasticloadbalancing:*", "ec2:CreateSecurityGroup", "ec2:Describe*"], | |
"Effect": "Allow", | |
"Resource": "*" | |
}], | |
"Version": "2012-10-17" | |
}, | |
"PolicyName": { | |
"Fn::Sub": "${AWS::StackName}-PolicyNLB" | |
}, | |
"Roles": [{ | |
"Ref": "ServiceRole" | |
}] | |
} | |
}, | |
"PrivateRouteTable": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/PrivateRouteTable" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"PrivateSubnetRoute": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"NatGatewayId": { | |
"Ref": "NATGateway" | |
}, | |
"RouteTableId": { | |
"Ref": "PrivateRouteTable" | |
} | |
} | |
}, | |
"PublicRouteTable": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/PublicRouteTable" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"PublicSubnetRoute": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"GatewayId": { | |
"Ref": "InternetGateway" | |
}, | |
"RouteTableId": { | |
"Ref": "PublicRouteTable" | |
} | |
} | |
}, | |
"RouteTableAssociationPrivateUSEAST1A": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "PrivateRouteTable" | |
}, | |
"SubnetId": { | |
"Ref": "SubnetPrivateUSEAST1A" | |
} | |
} | |
}, | |
"RouteTableAssociationPrivateUSEAST1B": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "PrivateRouteTable" | |
}, | |
"SubnetId": { | |
"Ref": "SubnetPrivateUSEAST1B" | |
} | |
} | |
}, | |
"RouteTableAssociationPublicUSEAST1A": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "PublicRouteTable" | |
}, | |
"SubnetId": { | |
"Ref": "SubnetPublicUSEAST1A" | |
} | |
} | |
}, | |
"RouteTableAssociationPublicUSEAST1B": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "PublicRouteTable" | |
}, | |
"SubnetId": { | |
"Ref": "SubnetPublicUSEAST1B" | |
} | |
} | |
}, | |
"ServiceRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"AssumeRolePolicyDocument": { | |
"Statement": [{ | |
"Action": ["sts:AssumeRole"], | |
"Effect": "Allow", | |
"Principal": { | |
"Service": ["eks.amazonaws.com"] | |
} | |
}], | |
"Version": "2012-10-17" | |
}, | |
"ManagedPolicyArns": ["arn:aws:iam::aws:policy/AmazonEKSServicePolicy", "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"] | |
} | |
}, | |
"SubnetPrivateUSEAST1A": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"AvailabilityZone": "us-east-1a", | |
"CidrBlock": "192.168.64.0/19", | |
"Tags": [{ | |
"Key": "kubernetes.io/role/internal-elb", | |
"Value": "1" | |
}, { | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/SubnetPrivateUSEAST1A" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"SubnetPrivateUSEAST1B": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"AvailabilityZone": "us-east-1b", | |
"CidrBlock": "192.168.96.0/19", | |
"Tags": [{ | |
"Key": "kubernetes.io/role/internal-elb", | |
"Value": "1" | |
}, { | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/SubnetPrivateUSEAST1B" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"SubnetPublicUSEAST1A": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"AvailabilityZone": "us-east-1a", | |
"CidrBlock": "192.168.0.0/19", | |
"Tags": [{ | |
"Key": "kubernetes.io/role/elb", | |
"Value": "1" | |
}, { | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/SubnetPublicUSEAST1A" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"SubnetPublicUSEAST1B": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"AvailabilityZone": "us-east-1b", | |
"CidrBlock": "192.168.32.0/19", | |
"Tags": [{ | |
"Key": "kubernetes.io/role/elb", | |
"Value": "1" | |
}, { | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/SubnetPublicUSEAST1B" | |
} | |
}], | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
}, | |
"VPC": { | |
"Type": "AWS::EC2::VPC", | |
"Properties": { | |
"CidrBlock": "192.168.0.0/16", | |
"EnableDnsHostnames": true, | |
"EnableDnsSupport": true, | |
"Tags": [{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}/VPC" | |
} | |
}] | |
} | |
}, | |
"VPCGatewayAttachment": { | |
"Type": "AWS::EC2::VPCGatewayAttachment", | |
"Properties": { | |
"InternetGatewayId": { | |
"Ref": "InternetGateway" | |
}, | |
"VpcId": { | |
"Ref": "VPC" | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"ARN": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::ARN" | |
} | |
}, | |
"Value": { | |
"Fn::GetAtt": "ControlPlane.Arn" | |
} | |
}, | |
"CertificateAuthorityData": { | |
"Value": { | |
"Fn::GetAtt": "ControlPlane.CertificateAuthorityData" | |
} | |
}, | |
"ClusterStackName": { | |
"Value": { | |
"Ref": "AWS::StackName" | |
} | |
}, | |
"Endpoint": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::Endpoint" | |
} | |
}, | |
"Value": { | |
"Fn::GetAtt": "ControlPlane.Endpoint" | |
} | |
}, | |
"SecurityGroup": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::SecurityGroup" | |
} | |
}, | |
"Value": { | |
"Ref": "ControlPlaneSecurityGroup" | |
} | |
}, | |
"ServiceRoleARN": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::ServiceRoleARN" | |
} | |
}, | |
"Value": { | |
"Fn::GetAtt": "ServiceRole.Arn" | |
} | |
}, | |
"SharedNodeSecurityGroup": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::SharedNodeSecurityGroup" | |
} | |
}, | |
"Value": { | |
"Ref": "ClusterSharedNodeSecurityGroup" | |
} | |
}, | |
"SubnetsPrivate": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::SubnetsPrivate" | |
} | |
}, | |
"Value": { | |
"Fn::Join": [",", [{ | |
"Ref": "SubnetPrivateUSEAST1A" | |
}, { | |
"Ref": "SubnetPrivateUSEAST1B" | |
}]] | |
} | |
}, | |
"SubnetsPublic": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::SubnetsPublic" | |
} | |
}, | |
"Value": { | |
"Fn::Join": [",", [{ | |
"Ref": "SubnetPublicUSEAST1A" | |
}, { | |
"Ref": "SubnetPublicUSEAST1B" | |
}]] | |
} | |
}, | |
"VPC": { | |
"Export": { | |
"Name": { | |
"Fn::Sub": "${AWS::StackName}::VPC" | |
} | |
}, | |
"Value": { | |
"Ref": "VPC" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment