Last active
December 30, 2016 16:59
-
-
Save PaulDuvall/2ed66837fc82a934c54cd4b0756a5c5e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Description":"Automate provisioning of ECS using CodeBuild with CodePipeline, and CodeCommit. **WARNING** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.", | |
"AWSTemplateFormatVersion":"2010-09-09", | |
"Parameters":{ | |
"Owner":{ | |
"Description":"Enter Team or Individual Name Responsible for the Stack.", | |
"Type":"String", | |
"Default":"FirstName LastName" | |
}, | |
"Project":{ | |
"Description":"Enter Project Name.", | |
"Type":"String", | |
"Default":"VPC Creation" | |
}, | |
"DeleteAfter":{ | |
"Description":"Enter Date (MM/DD/YYYY). It's Ok to Delete the Stack or 'Never' if meant to be persistent.", | |
"Type":"String", | |
"Default":"00/00/201x" | |
}, | |
"VPCSubnetCidrBlock":{ | |
"Description":"Enter VPC CIDR Block. (i.e. 10.0.0.0/16 = 10.0.0.0-10.0.255.255 = 256 Subnets - 65534 hosts)", | |
"Type":"String", | |
"Default":"10.0.0.0/16", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"AvailabilityZone1":{ | |
"Description":"Enter Availability Zone 1 for Public and Private Subnets to use.", | |
"Type":"String", | |
"Default":"c", | |
"AllowedValues":[ | |
"a", | |
"b", | |
"c", | |
"d", | |
"e", | |
"f" | |
] | |
}, | |
"AvailabilityZone2":{ | |
"Description":"Enter Availability Zone 1 for Public and Private Subnets to use.", | |
"Type":"String", | |
"Default":"d", | |
"AllowedValues":[ | |
"a", | |
"b", | |
"c", | |
"d", | |
"e", | |
"f" | |
] | |
}, | |
"AvailabilityZone3":{ | |
"Description":"Enter Availability Zone 1 for Public and Private Subnets to use.", | |
"Type":"String", | |
"Default":"e", | |
"AllowedValues":[ | |
"a", | |
"b", | |
"c", | |
"d", | |
"e", | |
"f" | |
] | |
}, | |
"PublicSubnetCidrBlock1":{ | |
"Description":"Enter Public Subnet 1 CIDR Block.", | |
"Type":"String", | |
"Default":"10.0.1.0/24", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"PublicSubnetCidrBlock2":{ | |
"Description":"Enter Public Subnet 2 CIDR Block.", | |
"Type":"String", | |
"Default":"10.0.2.0/24", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"PublicSubnetCidrBlock3":{ | |
"Description":"Enter Public Subnet 3 CIDR Block.", | |
"Type":"String", | |
"Default":"10.0.3.0/24", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"PrivateSubnetCidrBlock1":{ | |
"Description":"Enter Private Subnet 1 CIDR Block.", | |
"Type":"String", | |
"Default":"10.0.4.0/24", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"PrivateSubnetCidrBlock2":{ | |
"Description":"Enter Private Subnet 2 CIDR Block.", | |
"Type":"String", | |
"Default":"10.0.5.0/24", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"PrivateSubnetCidrBlock3":{ | |
"Description":"Enter Private Subnet 3 CIDR Block.", | |
"Type":"String", | |
"Default":"10.0.6.0/24", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
}, | |
"RemoteAccessNetwork":{ | |
"Description":"Source Network IP CIDR Block such as an Office that can access instances say over VPN. (i.e. 192.168.100.0/24)", | |
"Type":"String", | |
"MinLength":"9", | |
"MaxLength":"18", | |
"Default":"192.168.100.0/24", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription":"must be a valid CIDR range of the form x.x.x.x/x." | |
}, | |
"AllowHttpToPublicRuleNumber":{ | |
"Description":"Enter Public Network ACL Rule Number to Allow HTTP From Internet to Public Network.", | |
"Type":"Number", | |
"Default":"100" | |
}, | |
"AllowHttpsToPublicRuleNumber":{ | |
"Description":"Enter Public Network ACL Rule Number to Allow HTTPS From Internet to Public Network.", | |
"Type":"Number", | |
"Default":"105" | |
}, | |
"AllowReturnTrafficToPublicRuleNumber":{ | |
"Description":"Enter Public Network ACL Rule Number to Allow Return Traffic From Internet to Public Network.", | |
"Type":"Number", | |
"Default":"110" | |
}, | |
"AllowVpcSubnetsRuleNumber":{ | |
"Description":"Enter Public Network ACL Rule Number to Allow All VPC Subnets Cross Access to Public Network.", | |
"Type":"Number", | |
"Default":"115" | |
}, | |
"AllowAllOutboundPublicRuleNumber":{ | |
"Description":"Enter Public Network ACL Rule Number to Allow All Outbound Traffic from the Public Network.", | |
"Type":"Number", | |
"Default":"100" | |
}, | |
"AllowAllInboundPrivateRuleNumber":{ | |
"Description":"Enter Private Network ACL Rule Number to Allow All Inbound Traffic.", | |
"Type":"Number", | |
"Default":"100" | |
}, | |
"AllowAllOutboundPrivateRuleNumber":{ | |
"Description":"Enter Private Network ACL Rule Number to Allow All Outbound Traffic.", | |
"Type":"Number", | |
"Default":"100" | |
}, | |
"EmailAddress":{ | |
"Description":"Email Address for sending SNS notifications for CodeCommit", | |
"Default":"paul.duvall@stelligent.com", | |
"Type":"String" | |
}, | |
"EC2KeyPairName":{ | |
"Description":"Name of an existing Amazon EC2 key pair to enable SSH access to the instances.", | |
"Type":"AWS::EC2::KeyPair::KeyName", | |
"MinLength":"1", | |
"MaxLength":"255", | |
"AllowedPattern":"[\\x20-\\x7E]*", | |
"ConstraintDescription":"Can contain only ASCII characters." | |
}, | |
"S3ArtifactObject":{ | |
"Type":"String", | |
"Default":"public/jenkins/aws-codepipeline-s3-aws-codedeploy-linux-pmd.zip", | |
"Description":"Application artfiact name in S3." | |
}, | |
"S3ArtifactBucket":{ | |
"Type":"String", | |
"Default":"stelligent-training-public", | |
"Description":"Name of the bucket that the application artifact will be based in." | |
}, | |
"YourIP":{ | |
"Description":"IP address to connect to SSH from. Check http://checkip.amazonaws.com/ to find yours.", | |
"Type":"String", | |
"Default":"99.99.99.99/32", | |
"MinLength":"10", | |
"MaxLength":"18", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x." | |
}, | |
"RepositoryName":{ | |
"Description":"The name of the CodeCommit repo", | |
"Type":"String", | |
"Default":"ecs-demo", | |
"AllowedPattern":"[\\x20-\\x7E]*", | |
"ConstraintDescription":"Can contain only ASCII characters." | |
}, | |
"RepositoryBranch":{ | |
"Description":"The name of the branch for the CodeCommit repo", | |
"Type":"String", | |
"Default":"master", | |
"AllowedPattern":"[\\x20-\\x7E]*", | |
"ConstraintDescription":"Can contain only ASCII characters." | |
}, | |
"ECSRepoName":{ | |
"Type":"String", | |
"Default":"pmd-ecr-1240", | |
"Description":"The name of the ECR Repo" | |
}, | |
"ImageTag":{ | |
"Type":"String", | |
"Description":"The version of the image tag", | |
"Default":"latest" | |
}, | |
"DesiredCapacity":{ | |
"Type":"Number", | |
"Default":"1", | |
"Description":"Number of instances to launch in your ECS cluster" | |
}, | |
"MaxSize":{ | |
"Type":"Number", | |
"Default":"1", | |
"Description":"Maximum number of instances that can be launched in your ECS cluster" | |
}, | |
"InstanceType":{ | |
"Description":"The EC2 instance type", | |
"Type":"String", | |
"Default":"m3.xlarge", | |
"AllowedValues":[ | |
"t2.micro", | |
"t2.small", | |
"t2.medium", | |
"m3.medium", | |
"m3.large", | |
"m3.xlarge", | |
"m3.2xlarge", | |
"c3.large", | |
"c3.xlarge", | |
"c3.2xlarge", | |
"c3.4xlarge", | |
"c3.8xlarge", | |
"c4.large", | |
"c4.xlarge", | |
"c4.2xlarge", | |
"c4.4xlarge", | |
"c4.8xlarge", | |
"r3.large", | |
"r3.xlarge", | |
"r3.2xlarge", | |
"r3.4xlarge", | |
"r3.8xlarge", | |
"i2.xlarge", | |
"i2.2xlarge", | |
"i2.4xlarge", | |
"i2.8xlarge", | |
"d2.xlarge", | |
"d2.2xlarge", | |
"d2.4xlarge", | |
"d2.8xlarge", | |
"hi1.4xlarge", | |
"hs1.8xlarge", | |
"cr1.8xlarge", | |
"cc2.8xlarge" | |
], | |
"ConstraintDescription":"must be a valid EC2 instance type." | |
}, | |
"SSHLocation":{ | |
"Description":" The IP address range that can be used to SSH to the EC2 instances", | |
"Type":"String", | |
"MinLength":"9", | |
"MaxLength":"18", | |
"Default":"0.0.0.0/0", | |
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x." | |
} | |
}, | |
"Mappings":{ | |
"AWSInstanceType2Virt":{ | |
"t2.micro":{ | |
"Virt":"HVM" | |
}, | |
"t2.small":{ | |
"Virt":"HVM" | |
}, | |
"t2.medium":{ | |
"Virt":"HVM" | |
}, | |
"t2.large":{ | |
"Virt":"HVM" | |
} | |
}, | |
"AWSInstanceType2EBSOpt":{ | |
"t2.micro":{ | |
"EBSOpt":"false" | |
}, | |
"t2.small":{ | |
"EBSOpt":"false" | |
}, | |
"t2.medium":{ | |
"EBSOpt":"false" | |
}, | |
"t2.large":{ | |
"EBSOpt":"false" | |
} | |
}, | |
"AWSRegionVirt2AMI":{ | |
"us-east-1":{ | |
"HVM":"ami-8fcee4e5" | |
}, | |
"us-west-2":{ | |
"HVM":"ami-63b25203" | |
} | |
}, | |
"AWSRegionToAMI":{ | |
"us-east-1":{ | |
"AMIID":"ami-2b3b6041" | |
}, | |
"us-west-2":{ | |
"AMIID":"ami-ac6872cd" | |
}, | |
"eu-west-1":{ | |
"AMIID":"ami-03238b70" | |
}, | |
"ap-northeast-1":{ | |
"AMIID":"ami-fb2f1295" | |
}, | |
"ap-southeast-2":{ | |
"AMIID":"ami-43547120" | |
}, | |
"us-west-1":{ | |
"AMIID":"ami-bfe095df" | |
}, | |
"ap-southeast-1":{ | |
"AMIID":"ami-c78f43a4" | |
}, | |
"eu-central-1":{ | |
"AMIID":"ami-e1e6f88d" | |
} | |
} | |
}, | |
"Resources":{ | |
"MyVPC":{ | |
"Type":"AWS::EC2::VPC", | |
"Properties":{ | |
"EnableDnsSupport":"true", | |
"EnableDnsHostnames":"true", | |
"CidrBlock":{ | |
"Ref":"VPCSubnetCidrBlock" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Ref":"AWS::StackName" | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PublicSubnet1":{ | |
"Type":"AWS::EC2::Subnet", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"AvailabilityZone":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::Region" | |
}, | |
{ | |
"Ref":"AvailabilityZone1" | |
} | |
] | |
] | |
}, | |
"CidrBlock":{ | |
"Ref":"PublicSubnetCidrBlock1" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-public-az1" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PublicSubnet2":{ | |
"Type":"AWS::EC2::Subnet", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"AvailabilityZone":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::Region" | |
}, | |
{ | |
"Ref":"AvailabilityZone2" | |
} | |
] | |
] | |
}, | |
"CidrBlock":{ | |
"Ref":"PublicSubnetCidrBlock2" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-public-az2" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PublicSubnet3":{ | |
"Type":"AWS::EC2::Subnet", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"AvailabilityZone":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::Region" | |
}, | |
{ | |
"Ref":"AvailabilityZone3" | |
} | |
] | |
] | |
}, | |
"CidrBlock":{ | |
"Ref":"PublicSubnetCidrBlock3" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-public-az3" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"InternetGateway":{ | |
"Type":"AWS::EC2::InternetGateway", | |
"Properties":{ | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Ref":"AWS::StackName" | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"GatewayToInternet":{ | |
"Type":"AWS::EC2::VPCGatewayAttachment", | |
"DependsOn":[ | |
"InternetGateway", | |
"MyVPC" | |
], | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"InternetGatewayId":{ | |
"Ref":"InternetGateway" | |
} | |
} | |
}, | |
"PublicRouteTable":{ | |
"Type":"AWS::EC2::RouteTable", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-public" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PublicRoute":{ | |
"Type":"AWS::EC2::Route", | |
"DependsOn":[ | |
"PublicRouteTable", | |
"InternetGateway" | |
], | |
"Properties":{ | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
}, | |
"DestinationCidrBlock":"0.0.0.0/0", | |
"GatewayId":{ | |
"Ref":"InternetGateway" | |
} | |
} | |
}, | |
"PublicSubnetRouteTableAssociation1":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn":[ | |
"PublicSubnet1", | |
"PublicRouteTable" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet1" | |
}, | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
} | |
} | |
}, | |
"PublicSubnetRouteTableAssociation2":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn":[ | |
"PublicSubnet2", | |
"PublicRouteTable", | |
"GatewayToInternet" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet2" | |
}, | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
} | |
} | |
}, | |
"PublicSubnetRouteTableAssociation3":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn":[ | |
"PublicSubnet3", | |
"PublicRouteTable", | |
"GatewayToInternet" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet3" | |
}, | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
} | |
} | |
}, | |
"PrivateSubnet1":{ | |
"Type":"AWS::EC2::Subnet", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"AvailabilityZone":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::Region" | |
}, | |
{ | |
"Ref":"AvailabilityZone1" | |
} | |
] | |
] | |
}, | |
"CidrBlock":{ | |
"Ref":"PrivateSubnetCidrBlock1" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-private-az1" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateSubnet2":{ | |
"Type":"AWS::EC2::Subnet", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"AvailabilityZone":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::Region" | |
}, | |
{ | |
"Ref":"AvailabilityZone2" | |
} | |
] | |
] | |
}, | |
"CidrBlock":{ | |
"Ref":"PrivateSubnetCidrBlock2" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-private-az2" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateSubnet3":{ | |
"Type":"AWS::EC2::Subnet", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"AvailabilityZone":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::Region" | |
}, | |
{ | |
"Ref":"AvailabilityZone3" | |
} | |
] | |
] | |
}, | |
"CidrBlock":{ | |
"Ref":"PrivateSubnetCidrBlock3" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-private-az3" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Network", | |
"Value":"Private" | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateRouteTable":{ | |
"Type":"AWS::EC2::RouteTable", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-private" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateSubnetRouteTableAssociation1":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn":[ | |
"PrivateSubnet1", | |
"PrivateRouteTable" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet1" | |
}, | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable" | |
} | |
} | |
}, | |
"PrivateSubnetRouteTableAssociation2":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn":[ | |
"PrivateSubnet2", | |
"PrivateRouteTable" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet2" | |
}, | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable" | |
} | |
} | |
}, | |
"PrivateSubnetRouteTableAssociation3":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"DependsOn":[ | |
"PrivateSubnet3", | |
"PrivateRouteTable" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet3" | |
}, | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable" | |
} | |
} | |
}, | |
"S3VpcEndpoint":{ | |
"Type":"AWS::EC2::VPCEndpoint", | |
"DependsOn":[ | |
"MyVPC", | |
"PrivateRouteTable", | |
"PublicRouteTable" | |
], | |
"Properties":{ | |
"PolicyDocument":{ | |
"Statement":[ | |
{ | |
"Action":"*", | |
"Effect":"Allow", | |
"Resource":"*", | |
"Principal":"*" | |
} | |
] | |
}, | |
"RouteTableIds":[ | |
{ | |
"Ref":"PrivateRouteTable" | |
}, | |
{ | |
"Ref":"PublicRouteTable" | |
} | |
], | |
"ServiceName":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"com.amazonaws.", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
".s3" | |
] | |
] | |
}, | |
"VpcId":{ | |
"Ref":"MyVPC" | |
} | |
} | |
}, | |
"PublicNetworkAcl":{ | |
"Type":"AWS::EC2::NetworkAcl", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-public-acl" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"InboundPublicNetworkAclAllowHTTP":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PublicNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowHttpToPublicRuleNumber" | |
}, | |
"Protocol":"6", | |
"RuleAction":"allow", | |
"Egress":"false", | |
"CidrBlock":"0.0.0.0/0", | |
"PortRange":{ | |
"From":"80", | |
"To":"80" | |
} | |
} | |
}, | |
"InboundPublicNetworkAclAllowHTTPS":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PublicNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowHttpsToPublicRuleNumber" | |
}, | |
"Protocol":"6", | |
"RuleAction":"allow", | |
"Egress":"false", | |
"CidrBlock":"0.0.0.0/0", | |
"PortRange":{ | |
"From":"443", | |
"To":"443" | |
} | |
} | |
}, | |
"InboundPublicNetworkAclAllowReturnTraffic":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PublicNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowReturnTrafficToPublicRuleNumber" | |
}, | |
"Protocol":"6", | |
"RuleAction":"allow", | |
"Egress":"false", | |
"CidrBlock":"0.0.0.0/0", | |
"PortRange":{ | |
"From":"49152", | |
"To":"65535" | |
} | |
} | |
}, | |
"InboundPublicNetworkAclAllowVPCSubnets":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PublicNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowVpcSubnetsRuleNumber" | |
}, | |
"Protocol":"-1", | |
"RuleAction":"allow", | |
"Egress":"false", | |
"CidrBlock":{ | |
"Ref":"VPCSubnetCidrBlock" | |
}, | |
"PortRange":{ | |
"From":"0", | |
"To":"65535" | |
} | |
} | |
}, | |
"OutboundPublicNetworkAclAllowAll":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PublicNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowAllOutboundPublicRuleNumber" | |
}, | |
"Protocol":"-1", | |
"RuleAction":"allow", | |
"Egress":"true", | |
"CidrBlock":"0.0.0.0/0", | |
"PortRange":{ | |
"From":"0", | |
"To":"65535" | |
} | |
} | |
}, | |
"PublicSubnetNetworkAclAssociation1":{ | |
"Type":"AWS::EC2::SubnetNetworkAclAssociation", | |
"DependsOn":[ | |
"PublicSubnet1", | |
"PublicNetworkAcl" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet1" | |
}, | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
} | |
} | |
}, | |
"PublicSubnetNetworkAclAssociation2":{ | |
"Type":"AWS::EC2::SubnetNetworkAclAssociation", | |
"DependsOn":[ | |
"PublicSubnet2", | |
"PublicNetworkAcl" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet2" | |
}, | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
} | |
} | |
}, | |
"PublicSubnetNetworkAclAssociation3":{ | |
"Type":"AWS::EC2::SubnetNetworkAclAssociation", | |
"DependsOn":[ | |
"PublicSubnet3", | |
"PublicNetworkAcl" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet3" | |
}, | |
"NetworkAclId":{ | |
"Ref":"PublicNetworkAcl" | |
} | |
} | |
}, | |
"PrivateNetworkAcl":{ | |
"Type":"AWS::EC2::NetworkAcl", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-private-acl" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"InboundEphemeralPrivateNetworkAclAllowAll":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PrivateNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PrivateNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowAllInboundPrivateRuleNumber" | |
}, | |
"Protocol":"-1", | |
"RuleAction":"allow", | |
"Egress":"false", | |
"CidrBlock":"0.0.0.0/0", | |
"PortRange":{ | |
"From":"0", | |
"To":"65535" | |
} | |
} | |
}, | |
"OutboundPrivateNetworkAclAllowAll":{ | |
"Type":"AWS::EC2::NetworkAclEntry", | |
"DependsOn":"PrivateNetworkAcl", | |
"Properties":{ | |
"NetworkAclId":{ | |
"Ref":"PrivateNetworkAcl" | |
}, | |
"RuleNumber":{ | |
"Ref":"AllowAllOutboundPrivateRuleNumber" | |
}, | |
"Protocol":"-1", | |
"RuleAction":"allow", | |
"Egress":"true", | |
"CidrBlock":"0.0.0.0/0", | |
"PortRange":{ | |
"From":"0", | |
"To":"65535" | |
} | |
} | |
}, | |
"PrivateSubnetNetworkAclAssociation1":{ | |
"Type":"AWS::EC2::SubnetNetworkAclAssociation", | |
"DependsOn":[ | |
"PrivateSubnet1", | |
"PrivateNetworkAcl" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet1" | |
}, | |
"NetworkAclId":{ | |
"Ref":"PrivateNetworkAcl" | |
} | |
} | |
}, | |
"PrivateSubnetNetworkAclAssociation2":{ | |
"Type":"AWS::EC2::SubnetNetworkAclAssociation", | |
"DependsOn":[ | |
"PrivateSubnet2", | |
"PrivateNetworkAcl" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet2" | |
}, | |
"NetworkAclId":{ | |
"Ref":"PrivateNetworkAcl" | |
} | |
} | |
}, | |
"PrivateSubnetNetworkAclAssociation3":{ | |
"Type":"AWS::EC2::SubnetNetworkAclAssociation", | |
"DependsOn":[ | |
"PrivateSubnet3", | |
"PrivateNetworkAcl" | |
], | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet3" | |
}, | |
"NetworkAclId":{ | |
"Ref":"PrivateNetworkAcl" | |
} | |
} | |
}, | |
"InternalAccessSecurityGroup":{ | |
"Type":"AWS::EC2::SecurityGroup", | |
"DependsOn":"MyVPC", | |
"Properties":{ | |
"GroupDescription":"Instance to Instance Access in VPC", | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-instance-to-instance" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
] | |
} | |
}, | |
"InternalAccessSecurityGroupIngress":{ | |
"Type":"AWS::EC2::SecurityGroupIngress", | |
"DependsOn":"InternalAccessSecurityGroup", | |
"Properties":{ | |
"GroupId":{ | |
"Ref":"InternalAccessSecurityGroup" | |
}, | |
"IpProtocol":"-1", | |
"SourceSecurityGroupId":{ | |
"Ref":"InternalAccessSecurityGroup" | |
} | |
} | |
}, | |
"RemoteAccessSecurityGroup":{ | |
"Type":"AWS::EC2::SecurityGroup", | |
"Properties":{ | |
"GroupDescription":"Instance Access over VPN/Direct Connect", | |
"VpcId":{ | |
"Ref":"MyVPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"-remote-to-instance" | |
] | |
] | |
} | |
}, | |
{ | |
"Key":"Owner", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
{ | |
"Key":"Project", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
{ | |
"Key":"DeleteAfter", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
], | |
"SecurityGroupIngress":[ | |
{ | |
"IpProtocol":"-1", | |
"CidrIp":{ | |
"Ref":"RemoteAccessNetwork" | |
} | |
} | |
], | |
"SecurityGroupEgress":[ | |
{ | |
"IpProtocol":"-1", | |
"CidrIp":"0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"EcsCluster":{ | |
"Type":"AWS::ECS::Cluster", | |
"DependsOn":[ | |
"MyVPC" | |
] | |
}, | |
"PhpTaskDefinition":{ | |
"Type":"AWS::ECS::TaskDefinition", | |
"DependsOn":[ | |
"MyVPC" | |
], | |
"Properties":{ | |
"ContainerDefinitions":[ | |
{ | |
"Name":"php-simple-app", | |
"Cpu":"10", | |
"Essential":"true", | |
"Image":{ | |
"Fn::Join":[ | |
"", | |
[ | |
{ | |
"Ref":"AWS::AccountId" | |
}, | |
".dkr.ecr.us-east-1.amazonaws.com/", | |
{ | |
"Ref":"ECSRepoName" | |
}, | |
":", | |
{ | |
"Ref":"ImageTag" | |
} | |
] | |
] | |
}, | |
"Memory":"300", | |
"PortMappings":[ | |
{ | |
"HostPort":80, | |
"ContainerPort":80 | |
} | |
] | |
} | |
], | |
"Volumes":[ | |
{ | |
"Name":"my-vol" | |
} | |
] | |
} | |
}, | |
"EcsElb":{ | |
"Type":"AWS::ElasticLoadBalancing::LoadBalancer", | |
"DependsOn":[ | |
"MyVPC" | |
], | |
"Properties":{ | |
"Subnets":[ | |
{ | |
"Ref":"PublicSubnet1" | |
}, | |
{ | |
"Ref":"PublicSubnet2" | |
} | |
], | |
"Listeners":[ | |
{ | |
"LoadBalancerPort":"80", | |
"InstancePort":"80", | |
"Protocol":"HTTP" | |
} | |
], | |
"SecurityGroups":[ | |
{ | |
"Ref":"RemoteAccessSecurityGroup" | |
}, | |
{ | |
"Ref":"RemoteAccessSecurityGroup" | |
} | |
], | |
"HealthCheck":{ | |
"Target":"HTTP:80/", | |
"HealthyThreshold":"2", | |
"UnhealthyThreshold":"10", | |
"Interval":"30", | |
"Timeout":"5" | |
} | |
} | |
}, | |
"ECSAutoScalingGroup":{ | |
"Type":"AWS::AutoScaling::AutoScalingGroup", | |
"DependsOn":[ | |
"MyVPC" | |
], | |
"Properties":{ | |
"VPCZoneIdentifier":[ | |
{ | |
"Ref":"PublicSubnet1" | |
}, | |
{ | |
"Ref":"PublicSubnet2" | |
} | |
], | |
"LaunchConfigurationName":{ | |
"Ref":"ContainerInstances" | |
}, | |
"MinSize":"1", | |
"MaxSize":{ | |
"Ref":"MaxSize" | |
}, | |
"DesiredCapacity":{ | |
"Ref":"DesiredCapacity" | |
} | |
}, | |
"CreationPolicy":{ | |
"ResourceSignal":{ | |
"Timeout":"PT15M" | |
} | |
}, | |
"UpdatePolicy":{ | |
"AutoScalingRollingUpdate":{ | |
"MinInstancesInService":"1", | |
"MaxBatchSize":"1", | |
"PauseTime":"PT15M", | |
"WaitOnResourceSignals":"true" | |
} | |
} | |
}, | |
"ContainerInstances":{ | |
"Type":"AWS::AutoScaling::LaunchConfiguration", | |
"DependsOn":[ | |
"MyVPC" | |
], | |
"Metadata":{ | |
"AWS::CloudFormation::Init":{ | |
"config":{ | |
"commands":{ | |
"01_add_instance_to_cluster":{ | |
"command":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"#!/bin/bash\n", | |
"echo ECS_CLUSTER=", | |
{ | |
"Ref":"EcsCluster" | |
}, | |
" >> /etc/ecs/ecs.config" | |
] | |
] | |
} | |
} | |
}, | |
"files":{ | |
"/etc/cfn/cfn-hup.conf":{ | |
"content":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"[main]\n", | |
"stack=", | |
{ | |
"Ref":"AWS::StackId" | |
}, | |
"\n", | |
"region=", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"\n" | |
] | |
] | |
}, | |
"mode":"000400", | |
"owner":"root", | |
"group":"root" | |
}, | |
"/etc/cfn/hooks.d/cfn-auto-reloader.conf":{ | |
"content":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"[cfn-auto-reloader-hook]\n", | |
"triggers=post.update\n", | |
"path=Resources.ContainerInstances.Metadata.AWS::CloudFormation::Init\n", | |
"action=/opt/aws/bin/cfn-init -v ", | |
" --stack ", | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
" --resource ContainerInstances ", | |
" --region ", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"\n", | |
"runas=root\n" | |
] | |
] | |
} | |
} | |
}, | |
"services":{ | |
"sysvinit":{ | |
"cfn-hup":{ | |
"enabled":"true", | |
"ensureRunning":"true", | |
"files":[ | |
"/etc/cfn/cfn-hup.conf", | |
"/etc/cfn/hooks.d/cfn-auto-reloader.conf" | |
] | |
} | |
} | |
} | |
} | |
} | |
}, | |
"Properties":{ | |
"ImageId":{ | |
"Fn::FindInMap":[ | |
"AWSRegionToAMI", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"AMIID" | |
] | |
}, | |
"SecurityGroups":[ | |
{ | |
"Ref":"RemoteAccessSecurityGroup" | |
}, | |
{ | |
"Ref":"RemoteAccessSecurityGroup" | |
} | |
], | |
"InstanceType":{ | |
"Ref":"InstanceType" | |
}, | |
"IamInstanceProfile":{ | |
"Ref":"EC2InstanceProfile" | |
}, | |
"KeyName":{ | |
"Ref":"EC2KeyPairName" | |
}, | |
"UserData":{ | |
"Fn::Base64":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"#!/bin/bash -xe\n", | |
"yum install -y aws-cfn-bootstrap\n", | |
"/opt/aws/bin/cfn-init -v ", | |
" --stack ", | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
" --resource ContainerInstances ", | |
" --region ", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"\n", | |
"/opt/aws/bin/cfn-signal -e $? ", | |
" --stack ", | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
" --resource ECSAutoScalingGroup ", | |
" --region ", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"\n" | |
] | |
] | |
} | |
} | |
} | |
}, | |
"EcsService":{ | |
"Type":"AWS::ECS::Service", | |
"DependsOn":[ | |
"MyVPC", | |
"ECSAutoScalingGroup" | |
], | |
"Properties":{ | |
"Cluster":{ | |
"Ref":"EcsCluster" | |
}, | |
"DesiredCount":"1", | |
"DeploymentConfiguration":{ | |
"MaximumPercent":100, | |
"MinimumHealthyPercent":0 | |
}, | |
"LoadBalancers":[ | |
{ | |
"ContainerName":"php-simple-app", | |
"ContainerPort":"80", | |
"LoadBalancerName":{ | |
"Ref":"EcsElb" | |
} | |
} | |
], | |
"Role":{ | |
"Ref":"EcsServiceRole" | |
}, | |
"TaskDefinition":{ | |
"Ref":"PhpTaskDefinition" | |
} | |
} | |
}, | |
"EcsServiceRole":{ | |
"Type":"AWS::IAM::Role", | |
"Properties":{ | |
"AssumeRolePolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Principal":{ | |
"Service":[ | |
"ecs.amazonaws.com" | |
] | |
}, | |
"Action":[ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
}, | |
"Path":"/", | |
"Policies":[ | |
{ | |
"PolicyName":"ecs-service", | |
"PolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Action":[ | |
"elasticloadbalancing:Describe*", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"ec2:Describe*", | |
"ec2:AuthorizeSecurityGroupIngress" | |
], | |
"Resource":"*" | |
} | |
] | |
} | |
} | |
] | |
} | |
}, | |
"EC2Role":{ | |
"Type":"AWS::IAM::Role", | |
"DependsOn":[ | |
"MyVPC" | |
], | |
"Properties":{ | |
"AssumeRolePolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Principal":{ | |
"Service":[ | |
"ec2.amazonaws.com" | |
] | |
}, | |
"Action":[ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
}, | |
"Path":"/", | |
"Policies":[ | |
{ | |
"PolicyName":"ecs-service", | |
"PolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Action":[ | |
"ecs:CreateCluster", | |
"ecs:RegisterContainerInstance", | |
"ecs:DeregisterContainerInstance", | |
"ecs:DiscoverPollEndpoint", | |
"ecs:Submit*", | |
"ecr:*", | |
"ecs:Poll" | |
], | |
"Resource":"*" | |
} | |
] | |
} | |
} | |
] | |
} | |
}, | |
"EC2InstanceProfile":{ | |
"Type":"AWS::IAM::InstanceProfile", | |
"DependsOn":[ | |
"MyVPC" | |
], | |
"Properties":{ | |
"Path":"/", | |
"Roles":[ | |
{ | |
"Ref":"EC2Role" | |
} | |
] | |
} | |
}, | |
"CodeBuildRole":{ | |
"Type":"AWS::IAM::Role", | |
"Properties":{ | |
"AssumeRolePolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Principal":{ | |
"Service":[ | |
"codebuild.amazonaws.com" | |
] | |
}, | |
"Action":[ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
}, | |
"Path":"/", | |
"Policies":[ | |
{ | |
"PolicyName":"codebuild-service", | |
"PolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Action":"*", | |
"Resource":"*" | |
} | |
], | |
"Version":"2012-10-17" | |
} | |
} | |
] | |
} | |
}, | |
"CodePipelineRole":{ | |
"Type":"AWS::IAM::Role", | |
"Properties":{ | |
"AssumeRolePolicyDocument":{ | |
"Statement":[ | |
{ | |
"Effect":"Allow", | |
"Principal":{ | |
"Service":[ | |
"codepipeline.amazonaws.com" | |
] | |
}, | |
"Action":[ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
}, | |
"Path":"/", | |
"Policies":[ | |
{ | |
"PolicyName":"codepipeline-service", | |
"PolicyDocument":{ | |
"Statement":[ | |
{ | |
"Action":[ | |
"codecommit:GetBranch", | |
"codecommit:GetCommit", | |
"codecommit:UploadArchive", | |
"codecommit:GetUploadArchiveStatus", | |
"codecommit:CancelUploadArchive", | |
"codebuild:*" | |
], | |
"Resource":"*", | |
"Effect":"Allow" | |
}, | |
{ | |
"Action":[ | |
"s3:GetObject", | |
"s3:GetObjectVersion", | |
"s3:GetBucketVersioning" | |
], | |
"Resource":"*", | |
"Effect":"Allow" | |
}, | |
{ | |
"Action":[ | |
"s3:PutObject" | |
], | |
"Resource":[ | |
"arn:aws:s3:::codepipeline*" | |
], | |
"Effect":"Allow" | |
}, | |
{ | |
"Action":[ | |
"codedeploy:CreateDeployment", | |
"codedeploy:GetApplicationRevision", | |
"codedeploy:GetDeployment", | |
"codedeploy:GetDeploymentConfig", | |
"codedeploy:RegisterApplicationRevision" | |
], | |
"Resource":"*", | |
"Effect":"Allow" | |
}, | |
{ | |
"Action":[ | |
"elasticbeanstalk:*", | |
"ec2:*", | |
"elasticloadbalancing:*", | |
"autoscaling:*", | |
"cloudwatch:*", | |
"s3:*", | |
"sns:*", | |
"cloudformation:*", | |
"rds:*", | |
"sqs:*", | |
"ecs:*", | |
"iam:PassRole" | |
], | |
"Resource":"*", | |
"Effect":"Allow" | |
}, | |
{ | |
"Action":[ | |
"lambda:InvokeFunction", | |
"lambda:ListFunctions" | |
], | |
"Resource":"*", | |
"Effect":"Allow" | |
} | |
], | |
"Version":"2012-10-17" | |
} | |
} | |
] | |
} | |
}, | |
"CodeBuildEcsProject":{ | |
"Type":"AWS::CodeBuild::Project", | |
"DependsOn":"CodeBuildRole", | |
"Properties":{ | |
"Name":{ | |
"Ref":"AWS::StackName" | |
}, | |
"Description":"Build ECS application", | |
"ServiceRole":{ | |
"Fn::GetAtt":[ | |
"CodeBuildRole", | |
"Arn" | |
] | |
}, | |
"Artifacts":{ | |
"Type":"no_artifacts" | |
}, | |
"Environment":{ | |
"Type":"linuxContainer", | |
"ComputeType":"BUILD_GENERAL1_SMALL", | |
"Image":"aws/codebuild/java:openjdk-8" | |
}, | |
"Source":{ | |
"Location":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"https://git-codecommit.", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
".amazonaws.com/v1/repos/", | |
{ | |
"Ref":"AWS::StackName" | |
} | |
] | |
] | |
}, | |
"Type":"CODECOMMIT" | |
}, | |
"TimeoutInMinutes":10, | |
"Tags":[ | |
{ | |
"Key":"Owner", | |
"Value":"ECSProject" | |
} | |
] | |
} | |
}, | |
"MySNSTopic":{ | |
"Type":"AWS::SNS::Topic", | |
"Properties":{ | |
"Subscription":[ | |
{ | |
"Endpoint":{ | |
"Ref":"EmailAddress" | |
}, | |
"Protocol":"email" | |
} | |
] | |
} | |
}, | |
"CodeCommitEcsRepo":{ | |
"Type":"AWS::CodeCommit::Repository", | |
"Properties":{ | |
"RepositoryName":{ | |
"Ref":"AWS::StackName" | |
}, | |
"RepositoryDescription":"CodeCommit Repository for ECS", | |
"Triggers":[ | |
{ | |
"Name":"MasterTrigger", | |
"CustomData":{ | |
"Ref":"AWS::StackName" | |
}, | |
"DestinationArn":{ | |
"Ref":"MySNSTopic" | |
}, | |
"Events":[ | |
"all" | |
] | |
} | |
] | |
} | |
}, | |
"CodePipelineStack":{ | |
"Type":"AWS::CodePipeline::Pipeline", | |
"DependsOn":"CodeBuildEcsProject", | |
"Properties":{ | |
"RoleArn":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"arn:aws:iam::", | |
{ | |
"Ref":"AWS::AccountId" | |
}, | |
":role/", | |
{ | |
"Ref":"CodePipelineRole" | |
} | |
] | |
] | |
}, | |
"Stages":[ | |
{ | |
"Name":"Source", | |
"Actions":[ | |
{ | |
"InputArtifacts":[ | |
], | |
"Name":"Source", | |
"ActionTypeId":{ | |
"Category":"Source", | |
"Owner":"AWS", | |
"Version":"1", | |
"Provider":"CodeCommit" | |
}, | |
"OutputArtifacts":[ | |
{ | |
"Name":"MyApp" | |
} | |
], | |
"Configuration":{ | |
"BranchName":{ | |
"Ref":"RepositoryBranch" | |
}, | |
"RepositoryName":{ | |
"Ref":"AWS::StackName" | |
} | |
}, | |
"RunOrder":1 | |
} | |
] | |
}, | |
{ | |
"Name":"Build", | |
"Actions":[ | |
{ | |
"InputArtifacts":[ | |
{ | |
"Name":"MyApp" | |
} | |
], | |
"Name":"Build", | |
"ActionTypeId":{ | |
"Category":"Build", | |
"Owner":"AWS", | |
"Version":"1", | |
"Provider":"CodeBuild" | |
}, | |
"OutputArtifacts":[ | |
{ | |
"Name":"MyAppBuild" | |
} | |
], | |
"Configuration":{ | |
"ProjectName":{ | |
"Ref":"CodeBuildEcsProject" | |
} | |
}, | |
"RunOrder":1 | |
} | |
] | |
} | |
], | |
"ArtifactStore":{ | |
"Type":"S3", | |
"Location":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"codepipeline-", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"-", | |
{ | |
"Ref":"AWS::AccountId" | |
} | |
] | |
] | |
} | |
} | |
} | |
} | |
}, | |
"Outputs":{ | |
"CodeBuildURL":{ | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"https://console.aws.amazon.com/codebuild/home?region=", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"#/projects/", | |
{ | |
"Ref":"CodeBuildEcsProject" | |
}, | |
"/view" | |
] | |
] | |
}, | |
"Description":"CodeBuild URL" | |
}, | |
"CodeCommitURL":{ | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"https://console.aws.amazon.com/codecommit/home?region=", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"#/repository/", | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"/browse/HEAD/--/" | |
] | |
] | |
}, | |
"Description":"Git Repository URL" | |
}, | |
"CloneUrlSsh":{ | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"git clone ", | |
{ | |
"Fn::GetAtt":[ | |
"CodeCommitEcsRepo", | |
"CloneUrlSsh" | |
] | |
}, | |
"" | |
] | |
] | |
}, | |
"Description":"Git command for CodeCommit repository" | |
}, | |
"CodePipelineURL":{ | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"https://console.aws.amazon.com/codepipeline/home?region=", | |
{ | |
"Ref":"AWS::Region" | |
}, | |
"#/view/", | |
{ | |
"Ref":"CodePipelineStack" | |
} | |
] | |
] | |
}, | |
"Description":"CodePipeline URL" | |
}, | |
"Owner":{ | |
"Description":"Team or Individual that Owns this Formation.", | |
"Value":{ | |
"Ref":"Owner" | |
} | |
}, | |
"Project":{ | |
"Description":"The project name", | |
"Value":{ | |
"Ref":"Project" | |
} | |
}, | |
"VPC":{ | |
"Description":"Created VPC", | |
"Value":{ | |
"Ref":"MyVPC" | |
} | |
}, | |
"VPCCIDR":{ | |
"Description":"VPC Subnet CIDR Block", | |
"Value":{ | |
"Ref":"VPCSubnetCidrBlock" | |
} | |
}, | |
"VPCe":{ | |
"Description":"Created VPC Endpoint", | |
"Value":{ | |
"Ref":"S3VpcEndpoint" | |
} | |
}, | |
"PublicRouteTable":{ | |
"Description":"Public Route Table Created for VPC", | |
"Value":{ | |
"Ref":"PublicRouteTable" | |
} | |
}, | |
"PrivateRouteTable":{ | |
"Description":"Private Route Table Created for VPC", | |
"Value":{ | |
"Ref":"PrivateRouteTable" | |
} | |
}, | |
"PublicNetworkAcl":{ | |
"Description":"Public Network ACL Created for VPC", | |
"Value":{ | |
"Ref":"PublicNetworkAcl" | |
} | |
}, | |
"PrivateNetworkAcl":{ | |
"Description":"Private Netowrk ACL Created for VPC", | |
"Value":{ | |
"Ref":"PrivateNetworkAcl" | |
} | |
}, | |
"PublicSubnet1":{ | |
"Description":"Public Subnet 1 Created for VPC", | |
"Value":{ | |
"Ref":"PublicSubnet1" | |
} | |
}, | |
"PublicSubnet2":{ | |
"Description":"Public Subnet 2 Created for VPC", | |
"Value":{ | |
"Ref":"PublicSubnet2" | |
} | |
}, | |
"PublicSubnet3":{ | |
"Description":"Public Subnet 3 Created for VPC", | |
"Value":{ | |
"Ref":"PublicSubnet3" | |
} | |
}, | |
"PrivateSubnet1":{ | |
"Description":"Private Subnet 1 Created for VPC", | |
"Value":{ | |
"Ref":"PrivateSubnet1" | |
} | |
}, | |
"PrivateSubnet2":{ | |
"Description":"Private Subnet 1 Created for VPC", | |
"Value":{ | |
"Ref":"PrivateSubnet2" | |
} | |
}, | |
"PrivateSubnet3":{ | |
"Description":"Private Subnet 1 Created for VPC", | |
"Value":{ | |
"Ref":"PrivateSubnet3" | |
} | |
}, | |
"AvailabilityZone1":{ | |
"Description":"Private Subnet IDs Created for VPC", | |
"Value":{ | |
"Fn::GetAtt":[ | |
"PublicSubnet1", | |
"AvailabilityZone" | |
] | |
} | |
}, | |
"AvailabilityZone2":{ | |
"Description":"Private Subnet IDs Created for VPC", | |
"Value":{ | |
"Fn::GetAtt":[ | |
"PublicSubnet2", | |
"AvailabilityZone" | |
] | |
} | |
}, | |
"AvailabilityZone3":{ | |
"Description":"Private Subnet IDs Created for VPC", | |
"Value":{ | |
"Fn::GetAtt":[ | |
"PublicSubnet3", | |
"AvailabilityZone" | |
] | |
} | |
}, | |
"PublicSubnetCidr1":{ | |
"Description":"Public Subnet IDs Created for VPC", | |
"Value":{ | |
"Ref":"PublicSubnetCidrBlock1" | |
} | |
}, | |
"PublicSubnetCidr2":{ | |
"Description":"Public Subnet IDs Created for VPC", | |
"Value":{ | |
"Ref":"PublicSubnetCidrBlock2" | |
} | |
}, | |
"PublicSubnetCidr3":{ | |
"Description":"Public Subnet IDs Created for VPC", | |
"Value":{ | |
"Ref":"PublicSubnetCidrBlock3" | |
} | |
}, | |
"PrivateSubnetCidr1":{ | |
"Description":"Private Subnet IDs Created for VPC", | |
"Value":{ | |
"Ref":"PrivateSubnetCidrBlock1" | |
} | |
}, | |
"PrivateSubnetCidr2":{ | |
"Description":"Private Subnet IDs Created for VPC", | |
"Value":{ | |
"Ref":"PrivateSubnetCidrBlock2" | |
} | |
}, | |
"PrivateSubnetCidr3":{ | |
"Description":"Private Subnet IDs Created for VPC", | |
"Value":{ | |
"Ref":"PrivateSubnetCidrBlock3" | |
} | |
}, | |
"InternetGateway":{ | |
"Description":"Internet Gateway Created for VPC", | |
"Value":{ | |
"Ref":"InternetGateway" | |
} | |
}, | |
"InternalAccessSecurityGroup":{ | |
"Description":"Instance to Instance Access within VPC", | |
"Value":{ | |
"Ref":"InternalAccessSecurityGroup" | |
} | |
}, | |
"RemoteAccessSecurityGroup":{ | |
"Description":"Remote Network or IP that can Access the instances of VPN or Direct Connect.", | |
"Value":{ | |
"Ref":"RemoteAccessSecurityGroup" | |
} | |
}, | |
"PublicNetworkACLRuleNumbers":{ | |
"Description":"Public Network ACL Rules Numbers Created.", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"Inbound (", | |
{ | |
"Ref":"AllowHttpToPublicRuleNumber" | |
}, | |
", ", | |
{ | |
"Ref":"AllowHttpsToPublicRuleNumber" | |
}, | |
", ", | |
{ | |
"Ref":"AllowReturnTrafficToPublicRuleNumber" | |
}, | |
", ", | |
{ | |
"Ref":"AllowVpcSubnetsRuleNumber" | |
}, | |
") ", | |
"Outbound (", | |
{ | |
"Ref":"AllowAllOutboundPublicRuleNumber" | |
}, | |
")" | |
] | |
] | |
} | |
}, | |
"PrivateNetworkACLRuleNumbers":{ | |
"Description":"Private Network ACL Rules Numbers Created.", | |
"Value":{ | |
"Fn::Join":[ | |
"", | |
[ | |
"Inbound (", | |
{ | |
"Ref":"AllowAllInboundPrivateRuleNumber" | |
}, | |
") ", | |
"Outbound (", | |
{ | |
"Ref":"AllowAllOutboundPrivateRuleNumber" | |
}, | |
")" | |
] | |
] | |
} | |
}, | |
"DeleteAfter":{ | |
"Description":"It is ok to delete this Formation after this date", | |
"Value":{ | |
"Ref":"DeleteAfter" | |
} | |
} | |
}, | |
"Metadata":{ | |
"AWS::CloudFormation::Interface":{ | |
"ParameterGroups":[ | |
{ | |
"Label":{ | |
"default":"Ownership" | |
}, | |
"Parameters":[ | |
"Owner", | |
"Project", | |
"DeleteAfter" | |
] | |
}, | |
{ | |
"Label":{ | |
"default":"Remote Configurations" | |
}, | |
"Parameters":[ | |
"RemoteAccessNetwork" | |
] | |
}, | |
{ | |
"Label":{ | |
"default":"AWS Network Configurations" | |
}, | |
"Parameters":[ | |
"VPCSubnetCidrBlock", | |
"PublicSubnetCidrBlock1", | |
"PublicSubnetCidrBlock2", | |
"PublicSubnetCidrBlock3", | |
"PrivateSubnetCidrBlock1", | |
"PrivateSubnetCidrBlock2", | |
"PrivateSubnetCidrBlock3", | |
"AvailabilityZone1", | |
"AvailabilityZone2", | |
"AvailabilityZone3" | |
] | |
}, | |
{ | |
"Label":{ | |
"default":"AWS Network ACL Rule Numbers" | |
}, | |
"Parameters":[ | |
"AllowHttpToPublicRuleNumber", | |
"AllowHttpsToPublicRuleNumber", | |
"AllowReturnTrafficToPublicRuleNumber", | |
"AllowVpcSubnetsRuleNumber", | |
"AllowAllOutboundPublicRuleNumber", | |
"AllowAllInboundPrivateRuleNumber", | |
"AllowAllOutboundPrivateRuleNumber" | |
] | |
} | |
], | |
"ParameterLabels":{ | |
"Owner":{ | |
"default":"Team or Individual Owner" | |
}, | |
"DeleteAfter":{ | |
"default":"Delete After Date" | |
}, | |
"VPCSubnetCidrBlock":{ | |
"default":"VPC Subnet" | |
}, | |
"PublicSubnetCidrBlock1":{ | |
"default":"Public Subnet 1" | |
}, | |
"PublicSubnetCidrBlock2":{ | |
"default":"Public Subnet 2" | |
}, | |
"PublicSubnetCidrBlock3":{ | |
"default":"Public Subnet 3" | |
}, | |
"PrivateSubnetCidrBlock1":{ | |
"default":"Private Subnet 1" | |
}, | |
"PrivateSubnetCidrBlock2":{ | |
"default":"Private Subnet 2" | |
}, | |
"PrivateSubnetCidrBlock3":{ | |
"default":"Private Subnet 3" | |
}, | |
"AvailabilityZone1":{ | |
"default":"Availability Zone 1" | |
}, | |
"AvailabilityZone2":{ | |
"default":"Availability Zone 2" | |
}, | |
"AvailabilityZone3":{ | |
"default":"Availability Zone 3" | |
}, | |
"AllowHttpToPublicRuleNumber":{ | |
"default":"HTTP to Public" | |
}, | |
"AllowHttpsToPublicRuleNumber":{ | |
"default":"HTTPS to Public" | |
}, | |
"AllowReturnTrafficToPublicRuleNumber":{ | |
"default":"Return Traffic to Public" | |
}, | |
"AllowVpcSubnetsRuleNumber":{ | |
"default":"VPC Subnets to Public" | |
}, | |
"AllowAllOutboundPublicRuleNumber":{ | |
"default":"Public Outbound" | |
}, | |
"AllowAllInboundPrivateRuleNumber":{ | |
"default":"Private Inbound" | |
}, | |
"AllowAllOutboundPrivateRuleNumber":{ | |
"default":"Private Outbound" | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment