Skip to content

Instantly share code, notes, and snippets.

@hirokazumiyaji
Last active August 30, 2017 15:06
Show Gist options
  • Save hirokazumiyaji/4a834d5049b411e85d9832ff5d50420a to your computer and use it in GitHub Desktop.
Save hirokazumiyaji/4a834d5049b411e85d9832ff5d50420a to your computer and use it in GitHub Desktop.
cloud formation example
AWSTemplateFormatVersion: 2010-09-09
Description: VPC Network Template
Parameters:
ServiceName:
Type: String
Description: Service name use resource tag and name field etc.
Default: example
EnvName:
Type: String
Description: environment
Default: production
KeyName:
Type: String
Description: EC2 Key Pair Name
Default: key
AdminInstanceImageId:
Type: String
Description: Admin EC2 Instance Image Id
Default: ami-3bd3c45c
AdminInstanceType:
Type: String
Default: t2.small
AllowedValues: ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "m4.16xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge"]
WebInstanceImageId:
Type: String
Description: Web EC2 Instance Image Id
Default: ami-3bd3c45c
WebInstanceType:
Type: String
Default: t2.small
AllowedValues: ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "m4.16xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge"]
RDSInstanceType:
Type: String
Default: db.t2.small
AllowedValues: ["db.t2.small", "db.t2.medium", "db.r3.large", "db.r3.xlarge", "db.r3.2xlarge", "db.r3.4xlarge", "db.r3.8xlarge"]
Mappings:
StackConfig:
VPC:
CIDR: 10.0.0.0/16
PublicManagementSubnetZoneA:
CIDR: 10.0.0.0/24
AvailabilityZone: ap-northeast-1a
PublicLBSubnetZoneA:
CIDR: 10.0.4.0/24
AvailabilityZone: ap-northeast-1a
PublicLBSubnetZoneC:
CIDR: 10.0.5.0/24
AvailabilityZone: ap-northeast-1c
PublicWebSubnetZoneA:
CIDR: 10.0.6.0/24
AvailabilityZone: ap-northeast-1a
PublicWebSubnetZoneC:
CIDR: 10.0.7.0/24
AvailabilityZone: ap-northeast-1c
PrivateDBSubnetZoneA:
CIDR: 10.0.10.0/24
AvailabilityZone: ap-northeast-1a
PrivateDBSubnetZoneC:
CIDR: 10.0.11.0/24
AvailabilityZone: ap-northeast-1c
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !FindInMap ["StackConfig", "VPC", "CIDR"]
InstanceTenancy: default
EnableDnsHostnames: "true"
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: vpc
- Key: Env
Value: !Ref EnvName
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: internet-gateway
- Key: Env
Value: !Ref EnvName
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: route-table
- Key: Env
Value: !Ref EnvName
Route:
Type: AWS::EC2::Route
DependsOn: VPCGatewayAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicManagementSubnetZoneA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "CIDR"]
MapPublicIpOnLaunch: true
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: public-instance
- Key: Env
Value: !Ref EnvName
PublicWebSubnetZoneA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "CIDR"]
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: web
- Key: Env
Value: !Ref EnvName
PublicWebSubnetZoneC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "CIDR"]
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: web
- Key: Env
Value: !Ref EnvName
PublicLBSubnetZoneA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicLBSubnetZoneA", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicLBSubnetZoneA", "CIDR"]
MapPublicIpOnLaunch: true
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: lb
- Key: Env
Value: !Ref EnvName
PublicLBSubnetZoneC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicLBSubnetZoneC", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicLBSubnetZoneC", "CIDR"]
MapPublicIpOnLaunch: true
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: lb
- Key: Env
Value: !Ref EnvName
PublicWebSubnetZoneA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "CIDR"]
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: web
- Key: Env
Value: !Ref EnvName
PublicWebSubnetZoneC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "CIDR"]
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: web
- Key: Env
Value: !Ref EnvName
PrivateDBSubnetZoneA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PrivateDBSubnetZoneA", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PrivateDBSubnetZoneA", "CIDR"]
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: db
- Key: Env
Value: !Ref EnvName
PrivateDBSubnetZoneC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PrivateDBSubnetZoneC", "AvailabilityZone"]
CidrBlock: !FindInMap ["StackConfig", "PrivateDBSubnetZoneC", "CIDR"]
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: db
- Key: Env
Value: !Ref EnvName
DBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: RDS subnet group
SubnetIds:
- !Ref PrivateDBSubnetZoneA
- !Ref PrivateDBSubnetZoneC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: db
- Key: Env
Value: !Ref EnvName
PublicManagementSubnetZoneAToRouteTable:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref PublicManagementSubnetZoneA
PublicLBSubnetZoneAToRouteTable:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref PublicLBSubnetZoneA
PublicLBSubnetZoneCToRouteTable:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref PublicLBSubnetZoneC
PublicLBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: load balancer security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: lb
- Key: Env
Value: !Ref EnvName
AdminSSHSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: admin server ssh security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: admin
- Key: Env
Value: !Ref EnvName
AdminHTTPSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: admin server http security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !FindInMap ["StackConfig", "PublicLBSubnetZoneA", "CIDR"]
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !FindInMap ["StackConfig", "PublicLBSubnetZoneC", "CIDR"]
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: admin
- Key: Env
Value: !Ref EnvName
WebSSHSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: web server ssh security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "CIDR"]
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: web
- Key: Env
Value: !Ref EnvName
WebHTTPSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: web server http security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: web
- Key: Env
Value: !Ref EnvName
DBSecurityGroup:
Type: AWS::RDS::DBSecurityGroup
Properties:
EC2VpcId: !Ref VPC
GroupDescription: rds security group
DBSecurityGroupIngress:
- CIDRIP: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "CIDR"]
- CIDRIP: !FindInMap ["StackConfig", "PublicWebSubnetZoneA", "CIDR"]
- CIDRIP: !FindInMap ["StackConfig", "PublicWebSubnetZoneC", "CIDR"]
Tags:
- Key: Service
Value: !Ref ServiceName
- Key: Role
Value: db
- Key: Env
Value: !Ref EnvName
AdminInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: !FindInMap ["StackConfig", "PublicManagementSubnetZoneA", "AvailabilityZone"]
ImageId: !Ref AdminInstanceImageId
InstanceInitiatedShutdownBehavior: stop
InstanceType: !Ref AdminInstanceType
KeyName: !Ref KeyName
Monitoring: true
SecurityGroupIds:
- !Ref AdminSSHSecurityGroup
- !Ref AdminHTTPSecurityGroup
SubnetId: !Ref PublicManagementSubnetZoneA
WebAutoScalingLauncherConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: 8
VolumeType: gp2
DeleteOnTermination: "true"
ImageId: !Ref WebInstanceImageId
InstanceMonitoring: true
InstanceType: !Ref WebInstanceType
KeyName: !Ref KeyName
SecurityGroups:
- !Ref WebSSHSecurityGroup
- !Ref WebHTTPSecurityGroup
UserData:
Fn::Base64:
Fn::Join:
- "\n"
- - "#!/bin/bash"
- "yum update -y"
- "yum install -y nginx"
- "service nginx start"
WebAutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
UpdatePolicy:
AutoScalingRollingUpdate:
MaxBatchSize: "1"
MinInstancesInService: "1"
PauseTime: PT30S
Properties:
DesiredCapacity: "1"
HealthCheckGracePeriod: 60
HealthCheckType: "EC2"
LaunchConfigurationName: !Ref WebAutoScalingLauncherConfiguration
MinSize: "1"
MaxSize: "10"
VPCZoneIdentifier:
- !Ref PublicWebSubnetZoneA
- !Ref PublicWebSubnetZoneC
Tags:
- Key: Service
Value: !Ref ServiceName
PropagateAtLaunch: true
- Key: Role
Value: web
PropagateAtLaunch: true
- Key: Env
Value: !Ref EnvName
PropagateAtLaunch: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment