Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Using CloudFormation, Packr, etc. for Immutable Infrastructure to build DC/OS and deploy it to Amazon Web Services

We setup a dev env for DC/OS in AWS (subnets, multi-az, ags groups, ami images, etc), tagged everything as dcos-dev, and then used Cloudformer to generate a starter AWS CloudFormation script. Cloudformer allows you to reverse engineer your AWS environment into cloudformation scripts. We then modified what cloudformer produced (to make it work as cloudformer just gets you about 90% of the way there), and then we added mappings, parameters and outputs to our cloudformation script.

Included are the cloudformation and packer scripts. Hope it helps you get setup. Feedback is welcome.

We in this case is my client, DC/OS support, Amazon support, and I. We did this instead of using the canned Amazon support because we needed to run masters, and agents in multiple AZs per region.

Production servers are setup, and integration servers are also setup. It is all immutable infrastructure (for the most part). We have scripts that build a DC/OS cluster from nothing to the full network, security, ELB, auto-scale groups for public agents & private agents, master instances, user-data etc. stack using AWS cloud formation.

The two parts that are not yet automated are the enterprise marathon-lb setup (you have to fire up a micro into bastion security group, install DCOS cli and then run one script which is checked into git), and the CNAME/DNS bits which are controlled by IT. We might install an NS record to delegate to AWS Route53 and then control virtual host setup with Route53 aliases, which means that we can automate via cloud formation. Then we might add a Lambda/SNS/event to our cloud formation to handle the marathon-lb install when the cloud formation is done running.

All the AMI image creation is automated as well. The cloud formations point to AMI images which we create using Packr that have all of the advance prequisites for DC/OS. Packr has excellent support for Amazon AMIs as well as Docker, and just about every other image container that exists. We choose CentOS over Amazon Linux so we are less locked in and could move images to other clouds or containers more readily.

The cloudformation script has a drop down cloudformation parameter which picks which env (prod, int, dev) and it sets up all of the CIDR addresses etc. via cloudformation mappings.

The DC/OS advanced install tar files and config were uploaded to S3. We use IAM roles, and s3 bucket policies to lock down the S3 bucket where the DC/OS advanced install params are. (We run sudo bash dcos_generate_config.ee.sh and aws s3 sync genconf/serve/ s3://somebucket-dcos-install-bootstrap/prod to upload the install packages from the DC/OS advanced install.)

The cloudformation script supports multiple AWS regions and multiple AZs. To do this support we use cloudformation mappings, parameters and outputs.

We plan on improving the cloudformation scripts and packer script as follows:

{
"variables": {
"aws_access_key": "",
"aws_secret_key": "",
"aws_region": "us-east-1",
"aws_ami_image": "ami-6d1c2007",
"aws_instance_type": "m4.large"
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `aws_region`}}",
"source_ami": "{{user `aws_ami_image`}}",
"instance_type": "{{user `aws_instance_type`}}",
"ssh_username": "centos",
"ami_name": "base-centos-7-dcos-{{timestamp}}",
"tags": {
"Name": "ami-centos7-dcos-v1",
"OS_Version": "LinuxCentOs7",
"Release": "7",
"Description": "Base CentOs7 image with prerequisites for DC/OS"
},
"user_data_file": "files/user-data.txt"
}
],
"provisioners": [
{
"type": "file",
"source": "files/overlay.conf",
"destination": "/home/centos/install/overlay.conf"
},
{
"type": "shell",
"inline": [
"sudo mkdir -p /etc/modules-load.d",
"sudo mv /home/centos/install/overlay.conf /etc/modules-load.d/overlay.conf",
"sudo reboot"
]
},
{
"type": "file",
"source": "files/docker.repo",
"destination": "/home/centos/install/docker.repo"
},
{
"type": "file",
"source": "files/override.conf",
"destination": "/home/centos/install/override.conf"
},
{
"type": "shell",
"inline": [
"echo installing Docker -----------------------------------",
"sudo mkdir -p /etc/systemd/system/docker.service.d",
"sudo mv /home/centos/install/override.conf /etc/systemd/system/docker.service.d/override.conf",
"sudo mv /home/centos/install/docker.repo /etc/yum.repos.d/docker.repo",
"sudo yum install -y docker-engine-1.11.2",
"sudo systemctl start docker",
"sudo systemctl enable docker",
"sudo docker ps",
"echo DONE installing Docker -----------------------------",
"sudo yum install -y tar xz unzip curl ipset nano tree",
"sudo sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/selinux/config",
"sudo groupadd nogroup",
"sudo reboot"
]
},
{
"type": "shell",
"inline": [
"echo installing aws cli -------------------------------",
"mkdir /tmp/awscli",
"cd /tmp/awscli",
"curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o awscli-bundle.zip",
"unzip awscli-bundle.zip",
"sudo ./awscli-bundle/install -i /usr/lib/aws -b /usr/bin/aws",
"echo DONE installing aws cli -------------------------------"
]
},
{
"type": "shell",
"inline": [
"echo DONE installing packages for CentOS7 DC/OS"
]
}
]
}
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create VPC, subnets, auto-scale groups for DC/OS",
"Conditions": {
"RegionIsUsEast1": {
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-east-1"
]
}
},
"Parameters": {
"Env": {
"Type": "String",
"Default": "int",
"AllowedValues": [
"dev",
"int",
"prod"
],
"Description": "Enter an environment"
},
"MasterInstanceType" : {
"Type" : "String",
"Default" : "m4.large",
"AllowedValues" : [ "m3.medium", "m4.large", "m4.xlarge"],
"Description" : "Enter in master instance type"
},
"PvtAgentInstanceType" : {
"Type" : "String",
"Default" : "m4.2xlarge",
"AllowedValues" : [ "m3.medium", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "m4.16xlarge"],
"Description" : "Enter in dcos private agent instance type"
},
"PubAgentInstanceType" : {
"Type" : "String",
"Default" : "m4.xlarge",
"AllowedValues" : [ "m3.medium", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge"],
"Description" : "Enter in dcos private agent instance type"
},
"SSLCertificateId": {
"Type": "String",
"Default": "arn:aws:acm:us-west-2:REDACTED:certificate/REDACTED",
"AllowedValues" : ["arn:aws:acm:us-east-1:REDACTED:certificate/REDACTED",
"arn:aws:acm:us-west-2:REDACTED:certificate/REDACTED-4bb3-41f1-REDACTED-REDACTED"],
"Description": "The ARN of the SSL certificate to use."
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
}
},
"Mappings": {
"AMIRegionMap": {
"us-east-1": {
"baseCentOs": "ami-3a81a52d"
},
"us-west-2": {
"baseCentOs": "ami-a164c5c1"
}
},
"VpcCidrs": {
"dev": {
"vpc": "10.16.193.0/24",
"subnetPvtA": "10.16.193.0/26",
"subnetPvtB": "10.16.193.64/26",
"subnetExtA": "10.16.193.128/27",
"subnetExtB": "10.16.193.160/27",
"subnetPubA": "10.16.193.192/27",
"subnetPubB": "10.16.193.224/27"
},
"int": {
"vpc": "10.16.194.0/24",
"subnetPvtA": "10.16.194.0/26",
"subnetPvtB": "10.16.194.64/26",
"subnetExtA": "10.16.194.128/27",
"subnetExtB": "10.16.194.160/27",
"subnetPubA": "10.16.194.192/27",
"subnetPubB": "10.16.194.224/27"
},
"prod": {
"vpc": "10.16.197.0/24",
"subnetPvtA": "10.16.197.0/26",
"subnetPvtB": "10.16.197.64/26",
"subnetExtA": "10.16.197.128/27",
"subnetExtB": "10.16.197.160/27",
"subnetPubA": "10.16.197.192/27",
"subnetPubB": "10.16.197.224/27"
},
"prodW1": {
"vpc": "10.16.196.0/24",
"subnetPvtA": "10.16.196.0/26",
"subnetPvtB": "10.16.196.64/26",
"subnetExtA": "10.16.196.128/27",
"subnetExtB": "10.16.196.160/27",
"subnetPubA": "10.16.196.192/27",
"subnetPubB": "10.16.196.224/27"
}
},
"Ips": {
"dev": {
"master0": "10.16.193.205",
"master1": "10.16.193.206",
"master2": "10.16.193.230"
},
"int": {
"master0": "10.16.194.205",
"master1": "10.16.194.206",
"master2": "10.16.194.230"
},
"prod": {
"master0": "10.16.197.205",
"master1": "10.16.197.206",
"master2": "10.16.197.230"
},
"prodW2": {
"master0": "10.16.196.205",
"master1": "10.16.196.206",
"master2": "10.16.196.230"
}
}
},
"Outputs" : {
"vpc" : {
"Description": "VPC id",
"Value" : { "Ref":"vpc"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-vpc" }
}
},
"subnetExtA" : {
"Description": "subnetExtA id",
"Value" : { "Ref":"subnetExtA"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-subnetExtA" }
}
},
"subnetExtB" : {
"Description": "subnetExtB id",
"Value" : { "Ref":"subnetExtB"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-subnetExtB" }
}
},
"subnetPubA" : {
"Description": "subnetPubA id",
"Value" : { "Ref":"subnetPubA"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-subnetPubA" }
}
},
"subnetPubB" : {
"Description": "subnetPubB id",
"Value" : { "Ref":"subnetPubB"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-subnetPubB" }
}
},
"subnetPvtA" : {
"Description": "subnetPvtA id",
"Value" : { "Ref":"subnetPvtA"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-subnetPvtA" }
}
},
"subnetPvtB" : {
"Description": "subnetPvtB id",
"Value" : { "Ref":"subnetPvtB"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-subnetPvtB" }
}
},
"instanceMaster0" : {
"Description": "instanceMaster0 id",
"Value" : { "Ref":"instanceMaster0"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-instanceMaster0" }
}
},
"instanceMaster1" : {
"Description": "instanceMaster1 id",
"Value" : { "Ref":"instanceMaster1"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-instanceMaster1" }
}
},
"instanceMaster2" : {
"Description": "instanceMaster2 id",
"Value" : { "Ref":"instanceMaster2"},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-instanceMaster2" }
}
},
"instanceMaster0PubIp" : {
"Description": "instanceMaster0 Public IP",
"Value" : { "Fn::GetAtt" : [ "instanceMaster0", "PublicIp" ]},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-instanceMaster0PupIp" }
}
},
"instanceMaster1PubIp" : {
"Description": "instanceMaster1 Public IP",
"Value" : { "Fn::GetAtt" : [ "instanceMaster1", "PublicIp" ]},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-instanceMaster1PupIp" }
}
},
"instanceMaster2PubIp" : {
"Description": "instanceMaster2 Public IP",
"Value" : { "Fn::GetAtt" : [ "instanceMaster2", "PublicIp" ]},
"Export" : {
"Name" : {"Fn::Sub": "${AWS::StackName}-instanceMaster2PupIp" }
}
}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"vpc"
]
},
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "false",
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"vpc",
{
"Ref": "Env"
},
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"subnetExtA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"subnetExtA"
]
},
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"net",
{
"Ref": "Env"
},
"ext",
{
"Ref": "AWS::Region"
},
"a"
]
]
}
}
]
}
},
"subnetExtB": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"subnetExtB"
]
},
"AvailabilityZone": {
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"net",
{
"Ref": "Env"
},
"ext",
{
"Ref": "AWS::Region"
},
"b"
]
]
}
}
]
}
},
"subnetPvtA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"subnetPvtA"
]
},
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"net",
{
"Ref": "Env"
},
"pvt",
{
"Ref": "AWS::Region"
},
"a"
]
]
}
}
]
}
},
"subnetPubB": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"subnetPubB"
]
},
"AvailabilityZone": {
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"net",
{
"Ref": "Env"
},
"pub",
{
"Ref": "AWS::Region"
},
"b"
]
]
}
}
]
}
},
"subnetPvtB": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"subnetPvtB"
]
},
"AvailabilityZone": {
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"net",
{
"Ref": "Env"
},
"pvt",
{
"Ref": "AWS::Region"
},
"b"
]
]
}
}
]
}
},
"subnetPubA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": [
"VpcCidrs",
{
"Ref": "Env"
},
"subnetPubA"
]
},
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"net",
{
"Ref": "Env"
},
"pub",
{
"Ref": "AWS::Region"
},
"a"
]
]
}
},
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
}
]
}
},
"internetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"igw",
{
"Ref": "Env"
},
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"elbPub": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Policies": [
{
"PolicyName": "AWSConsole-SSLNegotiationPolicy-elb-dev-pub-1477609307891",
"PolicyType": "SSLNegotiationPolicyType",
"Attributes": [
{
"Name": "Reference-Security-Policy",
"Value": "ELBSecurityPolicy-2016-08"
}
]
}
],
"Subnets": [
{
"Ref": "subnetPubA"
},
{
"Ref": "subnetPubB"
}
],
"HealthCheck": {
"HealthyThreshold": "10",
"Interval": "30",
"Target": "HTTP:9090/_haproxy_health_check",
"Timeout": "5",
"UnhealthyThreshold": "2"
},
"ConnectionDrainingPolicy": {
"Enabled": "true",
"Timeout": "300"
},
"ConnectionSettings": {
"IdleTimeout": "60"
},
"CrossZone": "true",
"SecurityGroups": [
{
"Ref": "sgPubAgent"
},
{
"Ref": "sgDefault"
}
],
"Listeners": [
{
"InstancePort": "80",
"LoadBalancerPort": "443",
"Protocol": "HTTPS",
"InstanceProtocol": "HTTP",
"SSLCertificateId": {
"Ref": "SSLCertificateId"
}
}
],
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
}
]
}
},
"dhcpOptions": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainNameServers": [
"AmazonProvidedDNS"
],
"DomainName": {
"Fn::If": [
"RegionIsUsEast1",
"ec2.internal",
{
"Fn::Join": [
"",
[
{
"Ref": "AWS::Region"
},
".compute.internal"
]
]
}
]
}
}
},
"networkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"routeTableNatB": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"rtb",
{
"Ref": "Env"
},
"nat",
{
"Ref": "AWS::Region"
},
"b"
]
]
}
}
]
}
},
"routeTableNatA": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"rtb",
{
"Ref": "Env"
},
"nat",
{
"Ref": "AWS::Region"
},
"a"
]
]
}
}
]
}
},
"routeTablePublic": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"rtb",
{
"Ref": "Env"
},
"public",
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"natGatewayA": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"eipNatGatewayA",
"AllocationId"
]
},
"SubnetId": {
"Ref": "subnetPubA"
}
},
"DependsOn": [
"instanceMaster0",
"instanceMaster1",
"instanceMaster2"
]
},
"natGatewayB": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"eipNatGatewayB",
"AllocationId"
]
},
"SubnetId": {
"Ref": "subnetPubB"
}
},
"DependsOn": [
"instanceMaster0",
"instanceMaster1",
"instanceMaster2"
]
},
"eipNatGatewayA": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"eipNatGatewayB": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"agsPvtAgent": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
{
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
{
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
}
],
"Cooldown": "30",
"DesiredCapacity": "2",
"HealthCheckGracePeriod": "30",
"HealthCheckType": "EC2",
"MaxSize": "2",
"MinSize": "2",
"VPCZoneIdentifier": [
{
"Ref": "subnetPvtA"
},
{
"Ref": "subnetPvtB"
}
],
"LaunchConfigurationName": {
"Ref": "agsLaunchConfigPvtAgent"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
},
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"i",
{
"Ref": "Env"
},
"dcos-pvt-agent",
{
"Ref": "AWS::Region"
}
]
]
},
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
]
},
"DependsOn": [
"instanceMaster0",
"instanceMaster1",
"instanceMaster2",
"natGatewayB",
"natGatewayA"
]
},
"asgPubAgent": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
{
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
{
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
}
],
"Cooldown": "30",
"DesiredCapacity": "2",
"HealthCheckGracePeriod": "30",
"HealthCheckType": "EC2",
"MaxSize": "4",
"MinSize": "2",
"VPCZoneIdentifier": [
{
"Ref": "subnetPubB"
},
{
"Ref": "subnetPubA"
}
],
"LaunchConfigurationName": {
"Ref": "agsLaunchConfigPubAgent"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
},
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"i",
{
"Ref": "Env"
},
"dcos-pub-agent",
{
"Ref": "AWS::Region"
}
]
]
},
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
],
"LoadBalancerNames": [
{
"Ref": "elbPub"
}
]
},
"DependsOn": [
"instanceMaster0",
"instanceMaster1",
"instanceMaster2"
]
},
"agsLaunchConfigPvtAgent": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AMIRegionMap",
{
"Ref": "AWS::Region"
},
"baseCentOs"
]
},
"InstanceType": {"Ref" : "PvtAgentInstanceType"},
"KeyName": {
"Ref": "KeyName"
},
"IamInstanceProfile": "ROLE-DCOS",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "sgPvtAgent"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 400
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"ROLE=slave",
{
"Fn::Join": [
"=",
[
"DEPLOY_ENV",
{
"Ref": "Env"
}
]
]
},
"AZ=`curl http://169.254.169.254/latest/meta-data/placement/availability-zone`",
"BOOTSTRAP_BUCKET_FOLDER=\"s3://some-bucket-name-dcos-install-bootstrap/$DEPLOY_ENV\"",
"echo \"Installing from $BOOTSTRAP_BUCKET_FOLDER FOR ROLE $ROLE, ENV $DEPLOY_ENV for AZ $AZ\"",
"mkdir /tmp/dcos && cd /tmp/dcos",
"mkdir -p /var/lib/dcos/",
"echo \"MESOS_ATTRIBUTES=AZ:$AZ\" > /var/lib/dcos/mesos-slave-common",
"aws s3 cp $BOOTSTRAP_BUCKET_FOLDER/dcos_install.sh . ",
"/bin/bash dcos_install.sh \"$ROLE\" \n"
]
]
}
}
}
},
"agsLaunchConfigPubAgent": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": {
"Fn::FindInMap": [
"AMIRegionMap",
{
"Ref": "AWS::Region"
},
"baseCentOs"
]
},
"InstanceType": {"Ref" : "PubAgentInstanceType"},
"KeyName": {
"Ref": "KeyName"
},
"IamInstanceProfile": "ROLE-DCOS",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "sgPubAgent"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 400
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"ROLE=slave_public",
{
"Fn::Join": [
"=",
[
"DEPLOY_ENV",
{
"Ref": "Env"
}
]
]
},
"AZ=`curl http://169.254.169.254/latest/meta-data/placement/availability-zone`",
"BOOTSTRAP_BUCKET_FOLDER=\"s3://somebucketname-dcos-install-bootstrap/$DEPLOY_ENV\"",
"echo \"Installing from $BOOTSTRAP_BUCKET_FOLDER FOR ROLE $ROLE, ENV $DEPLOY_ENV for AZ $AZ\"",
"mkdir /tmp/dcos && cd /tmp/dcos",
"mkdir -p /var/lib/dcos/",
"echo \"MESOS_ATTRIBUTES=AZ:$AZ\" > /var/lib/dcos/mesos-slave-common",
"aws s3 cp $BOOTSTRAP_BUCKET_FOLDER/dcos_install.sh . ",
"/bin/bash dcos_install.sh \"$ROLE\" \n"
]
]
}
}
}
},
"instanceMaster0Profile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
"ROLE-DCOS"
]
}
},
"instanceMaster1Profile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
"ROLE-DCOS"
]
}
},
"instanceMaster2Profile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
"ROLE-DCOS"
]
}
},
"instanceMaster2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"InstanceInitiatedShutdownBehavior": "stop",
"IamInstanceProfile": {
"Ref": "instanceMaster2Profile"
},
"ImageId": {
"Fn::FindInMap": [
"AMIRegionMap",
{
"Ref": "AWS::Region"
},
"baseCentOs"
]
},
"InstanceType": {"Ref" : "MasterInstanceType"},
"KeyName": {
"Ref": "KeyName"
},
"Monitoring": "true",
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"i",
{
"Ref": "Env"
},
"dcos-master2",
{
"Ref": "AWS::Region"
},
"b"
]
]
}
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetPubB"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": {
"Fn::FindInMap": [
"Ips",
{
"Ref": "Env"
},
"master2"
]
},
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgMaster"
}
],
"AssociatePublicIpAddress": "true"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"ROLE=master",
{
"Fn::Join": [
"=",
[
"DEPLOY_ENV",
{
"Ref": "Env"
}
]
]
},
"AZ=`curl http://169.254.169.254/latest/meta-data/placement/availability-zone`",
"BOOTSTRAP_BUCKET_FOLDER=\"s3://somebucket-dcos-install-bootstrap/$DEPLOY_ENV\"",
"echo \"Installing from $BOOTSTRAP_BUCKET_FOLDER FOR ROLE $ROLE, ENV $DEPLOY_ENV for AZ $AZ\"",
"mkdir /tmp/dcos && cd /tmp/dcos",
"aws s3 cp $BOOTSTRAP_BUCKET_FOLDER/dcos_install.sh . ",
"/bin/bash dcos_install.sh \"$ROLE\" \n"
]
]
}
}
}
},
"instanceMaster1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"InstanceInitiatedShutdownBehavior": "stop",
"IamInstanceProfile": {
"Ref": "instanceMaster1Profile"
},
"ImageId": {
"Fn::FindInMap": [
"AMIRegionMap",
{
"Ref": "AWS::Region"
},
"baseCentOs"
]
},
"InstanceType": {"Ref" : "MasterInstanceType"},
"KeyName": {
"Ref": "KeyName"
},
"Monitoring": "true",
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"i",
{
"Ref": "Env"
},
"dcos-master1",
{
"Ref": "AWS::Region"
},
"a"
]
]
}
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetPubA"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": {
"Fn::FindInMap": [
"Ips",
{
"Ref": "Env"
},
"master1"
]
},
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgMaster"
}
],
"AssociatePublicIpAddress": "true"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"ROLE=master",
{
"Fn::Join": [
"=",
[
"DEPLOY_ENV",
{
"Ref": "Env"
}
]
]
},
"AZ=`curl http://169.254.169.254/latest/meta-data/placement/availability-zone`",
"BOOTSTRAP_BUCKET_FOLDER=\"s3://somebucket-dcos-install-bootstrap/$DEPLOY_ENV\"",
"echo \"Installing from $BOOTSTRAP_BUCKET_FOLDER FOR ROLE $ROLE, ENV $DEPLOY_ENV for AZ $AZ\"",
"mkdir /tmp/dcos && cd /tmp/dcos",
"aws s3 cp $BOOTSTRAP_BUCKET_FOLDER/dcos_install.sh . ",
"/bin/bash dcos_install.sh \"$ROLE\" \n"
]
]
}
}
}
},
"instanceMaster0": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"InstanceInitiatedShutdownBehavior": "stop",
"IamInstanceProfile": {
"Ref": "instanceMaster0Profile"
},
"ImageId": {
"Fn::FindInMap": [
"AMIRegionMap",
{
"Ref": "AWS::Region"
},
"baseCentOs"
]
},
"InstanceType": {"Ref" : "MasterInstanceType"},
"KeyName": {
"Ref": "KeyName"
},
"Monitoring": "true",
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"i",
{
"Ref": "Env"
},
"dcos-master0",
{
"Ref": "AWS::Region"
},
"a"
]
]
}
},
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetPubA"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": {
"Fn::FindInMap": [
"Ips",
{
"Ref": "Env"
},
"master0"
]
},
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgMaster"
}
],
"AssociatePublicIpAddress": "true"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"ROLE=master",
{
"Fn::Join": [
"=",
[
"DEPLOY_ENV",
{
"Ref": "Env"
}
]
]
},
"AZ=`curl http://169.254.169.254/latest/meta-data/placement/availability-zone`",
"BOOTSTRAP_BUCKET_FOLDER=\"s3://somebucket-dcos-install-bootstrap/$DEPLOY_ENV\"",
"echo \"Installing from $BOOTSTRAP_BUCKET_FOLDER FOR ROLE $ROLE, ENV $DEPLOY_ENV for AZ $AZ\"",
"mkdir /tmp/dcos && cd /tmp/dcos",
"aws s3 cp $BOOTSTRAP_BUCKET_FOLDER/dcos_install.sh . ",
"/bin/bash dcos_install.sh \"$ROLE\" \n"
]
]
}
}
}
},
"sgBastion": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "This security group was generated by AWS Marketplace and is based on recommended settings for CentOS 7 (x86_64) - with Updates HVM version 1602 provided by Centos.org",
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"sg",
{
"Ref": "Env"
},
"bastion",
{
"Ref": "AWS::Region"
}
]
]
}
},
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
}
]
}
},
"sgMaster": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Master DCOS security group",
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"sg",
{
"Ref": "Env"
},
"dcos-master",
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"sgDefault": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "default VPC security group",
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"sg",
{
"Ref": "Env"
},
"default",
{
"Ref": "AWS::Region"
}
]
]
}
},
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
}
]
}
},
"sgPvtAgent": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Agent for Agent Subnet running DC/OS agents",
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"sg",
{
"Ref": "Env"
},
"dcos-pvt-agent",
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"sgPubAgent": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Public agent ",
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"sg",
{
"Ref": "Env"
},
"dcos-pub-agent",
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"sgInfluxDb": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "InfluxDb SG",
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "CFID",
"Value": {
"Fn::Join": [
"-",
[
"dcos",
{
"Ref": "Env"
}
]
]
}
},
{
"Key": "Name",
"Value": {
"Fn::Join": [
".",
[
"sg",
{
"Ref": "Env"
},
"influxdb",
{
"Ref": "AWS::Region"
}
]
]
}
}
]
}
},
"netAclEntryEgress": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "networkAcl"
}
}
},
"netAclEntryIngress": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "networkAcl"
}
}
},
"subnetAclExt": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "networkAcl"
},
"SubnetId": {
"Ref": "subnetExtB"
}
}
},
"subnetAclPubA": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "networkAcl"
},
"SubnetId": {
"Ref": "subnetPubA"
}
}
},
"subnetAclPvtB": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "networkAcl"
},
"SubnetId": {
"Ref": "subnetPvtB"
}
}
},
"subnetAclPubB": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "networkAcl"
},
"SubnetId": {
"Ref": "subnetPubB"
}
}
},
"subnetAclExtA": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "networkAcl"
},
"SubnetId": {
"Ref": "subnetExtA"
}
}
},
"subnetToNetAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "networkAcl"
},
"SubnetId": {
"Ref": "subnetPvtA"
}
}
},
"vpcToInternetGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"InternetGatewayId": {
"Ref": "internetGateway"
}
}
},
"subnetroute14": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "routeTableNatB"
},
"SubnetId": {
"Ref": "subnetExtB"
}
}
},
"subnetroute15": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "routeTableNatB"
},
"SubnetId": {
"Ref": "subnetPvtB"
}
}
},
"subnetroute16": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "routeTableNatA"
},
"SubnetId": {
"Ref": "subnetPvtA"
}
}
},
"subnetroute17": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "routeTableNatA"
},
"SubnetId": {
"Ref": "subnetExtA"
}
}
},
"subnetroute18": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "routeTablePublic"
},
"SubnetId": {
"Ref": "subnetPubA"
}
}
},
"subnetroute19": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "routeTablePublic"
},
"SubnetId": {
"Ref": "subnetPubB"
}
}
},
"route14": {
"Type": "AWS::EC2::Route",
"Properties": {
"NatGatewayId": {
"Ref": "natGatewayB"
},
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "routeTableNatB"
}
}
},
"route17": {
"Type": "AWS::EC2::Route",
"Properties": {
"NatGatewayId": {
"Ref": "natGatewayA"
},
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "routeTableNatA"
}
}
},
"route20": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "routeTablePublic"
},
"GatewayId": {
"Ref": "internetGateway"
}
},
"DependsOn": "vpcToInternetGatewayAttachment"
},
"dchpassoc6": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"DhcpOptionsId": {
"Ref": "dhcpOptions"
}
}
},
"ingress31": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgBastion"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Ref": "sgMaster"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress32": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgBastion"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Ref": "sgPvtAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress33": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgBastion"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Ref": "sgPubAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress34": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgBastion"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
},
"ingress35": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgMaster"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgPvtAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress36": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgMaster"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgPubAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress37": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgMaster"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgMaster"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress39": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgMaster"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
},
"ingress49": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgMaster"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgBastion"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress40": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgDefault"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgDefault"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress41": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPvtAgent"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgMaster"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress42": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPvtAgent"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgPvtAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress43": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPvtAgent"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgPubAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress44": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPvtAgent"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "sgBastion"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress45": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
},
"ingress46": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgMaster"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress47": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgBastion"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress48": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgPubAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress50": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "tcp",
"FromPort": "9090",
"ToPort": "9090",
"CidrIp": "0.0.0.0/0"
}
},
"ingress51": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
},
"ingress52": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgInfluxDb"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
},
"ingress53": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgInfluxDb"
},
"IpProtocol": "tcp",
"FromPort": "8086",
"ToPort": "8086",
"SourceSecurityGroupId": {
"Ref": "sgPubAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress54": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgInfluxDb"
},
"IpProtocol": "tcp",
"FromPort": "8086",
"ToPort": "8086",
"SourceSecurityGroupId": {
"Ref": "sgMaster"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress55": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgInfluxDb"
},
"IpProtocol": "tcp",
"FromPort": "8086",
"ToPort": "8086",
"SourceSecurityGroupId": {
"Ref": "sgPvtAgent"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"ingress56": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgInfluxDb"
},
"IpProtocol": "tcp",
"FromPort": "8086",
"ToPort": "8086",
"SourceSecurityGroupId": {
"Ref": "sgBastion"
},
"SourceSecurityGroupOwnerId": "309159580642"
}
},
"egress10": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgBastion"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress11": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgMaster"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress12": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgDefault"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress13": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgPvtAgent"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress14": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgPubAgent"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress15": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgInfluxDb"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
}
}
}
#!/usr/bin/env bash
### As is from DC/OS guys.
set -e
set -o pipefail
dcos config set core.ssl_verify false