Skip to content

Instantly share code, notes, and snippets.

@aLucaz
Created May 17, 2021 14:44
Show Gist options
  • Save aLucaz/2d1cb934a02cad9825a58ab22c7df92b to your computer and use it in GitHub Desktop.
Save aLucaz/2d1cb934a02cad9825a58ab22c7df92b to your computer and use it in GitHub Desktop.
Cloud Formation Yaml to Create Auto Scaled and Load Balanced Architecture
Description:
Goal
-> create a VPC with
-> 1 public subnet
-> 1 private subnet
-> create an Internet Gateway
-> create a Nat Gateway
-> create public instance as bastion
-> create private instance
-> create a load balancer
-> add autoscaling support
Parameters:
VpcCidr:
Type: String
Default: 10.0.0.0/16
PublicSubnetACidr:
Type: String
Default: 10.0.1.0/24
PublicSubnetBCidr:
Type: String
Default: 10.0.2.0/24
PrivateSubnetACidr:
Type: String
Default: 10.0.11.0/24
PrivateSubnetBCidr:
Type: String
Default: 10.0.12.0/24
BastionKeyPairName:
Type: AWS::EC2::KeyPair::KeyName
Default: poc-cf-keypair
PublicInstanceType:
AllowedValues:
- t2.micro
- t2.small
Default: t2.micro
Type: String
PublicSubnetAAZ:
AllowedValues:
- us-west-1a
Default: us-west-1a
Type: String
PublicSubnetBAZ:
AllowedValues:
- us-west-1b
Default: us-west-1b
Type: String
PrivateInstanceType:
AllowedValues:
- t2.micro
- t2.small
Default: t2.micro
Type: String
PrivateSubnetAAZ:
AllowedValues:
- us-west-1a
Default: us-west-1a
Type: String
PrivateSubnetBAZ:
AllowedValues:
- us-west-1b
Default: us-west-1b
Type: String
Mappings:
RegionMap:
us-west-1:
HVM64: ami-0d382e80be7ffdae5
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: poc-cf-vpc
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PublicSubnetAAZ
CidrBlock: !Ref PublicSubnetACidr
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: poc-cf-public-subnet-a
PublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PublicSubnetBAZ
CidrBlock: !Ref PublicSubnetBCidr
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: poc-cf-public-subnet-b
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PrivateSubnetAAZ
CidrBlock: !Ref PrivateSubnetACidr
Tags:
- Key: Name
Value: poc-cf-private-subnet-a
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PrivateSubnetBAZ
CidrBlock: !Ref PrivateSubnetBCidr
Tags:
- Key: Name
Value: poc-cf-private-subnet-b
# Connecting VPC to internet
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ig-vpc
InternetGatewayAttachement:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# Creating VPC route table with an entry to route Internet traffic to the Internet Gateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public routes
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachement
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Creating public subnet A & B route table association
PublicSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetA
PublicSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetB
# Now we neer Nat Gateway Associations to our private subnet
NatGatewayAIP:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachement
Properties:
Domain: vpc
NatGatewayA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGatewayAIP.AllocationId
SubnetId: !Ref PublicSubnetA
# Creating a private subnet A & B route table association, to this we need a Nat Gateway
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private routes
DefaultPrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGatewayA
PrivateSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnetA
PrivateSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnetB
# Creating a EC2 instance and SG as Bastion in public subnet
BastionSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: we use this instance as ssh bastion
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: poc-cf-bastion-sg
BastionInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap
- RegionMap
- !Ref AWS::Region
- HVM64
InstanceType: !Ref PublicInstanceType
KeyName: !Ref BastionKeyPairName
SubnetId: !Ref PublicSubnetA
SecurityGroupIds:
- !Ref BastionSG
Tags:
- Key: Name
Value: poc-cf-bastion-instance
# Note: At this point i had to create a New Key Pair on AWS Console! named poc-cf-keypair
# Creating a EC2 instance and DG as Private
PrivateSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: this is our private instance
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref BastionSG
Tags:
- Key: Name
Value: poc-cf-private-dg
# Creating Amazon Auto Scaling configuration
LauchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: !FindInMap
- RegionMap
- !Ref AWS::Region
- HVM64
InstanceType: !Ref PrivateInstanceType
KeyName: !Ref BastionKeyPairName
SecurityGroups:
- !Ref PrivateSG
AutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
VPCZoneIdentifier:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
LaunchConfigurationName: !Ref LauchConfig
TargetGroupARNs:
- !Ref TargetGroup1
MaxSize: 2
MinSize: 1
Tags:
- Key: Name
Value: poc-cf-private-instance-asg
PropagateAtLaunch: True
UpdatePolicy:
AutoScalingReplacingUpdate:
WillReplace: True
ScaleUpPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref AutoScalingGroup
Cooldown: '100'
ScalingAdjustment: 1
ScaleDownPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref AutoScalingGroup
Cooldown: '100'
ScalingAdjustment: -1
# Configuring target groups
TargetGroup1:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 80
Protocol: HTTP
VpcId: !Ref VPC
HealthCheckIntervalSeconds: 30
HealthCheckPath: /
HealthCheckPort: 80
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
Tags:
- Key: Name
Value: TG-1
# Adding load balancer
LoadBalancerSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: we use this SG for the load balancer
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: poc-cf-lb-sg
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Scheme: internet-facing
SecurityGroups:
- !Ref LoadBalancerSG
Subnets:
- !Ref PublicSubnetA
- !Ref PublicSubnetB
Tags:
- Key: Name
Value: poc-cf-lb
Type: application
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: TargetGroup1
LoadBalancerArn:
Ref: LoadBalancer
Port: 80
Protocol: HTTP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment