infamousjoeg/Conjur_CFT_5_1_2.template

## Conjur_CFT_5_1_2.template
---
AWSTemplateFormatVersion: '2010-09-09'

Parameters:
  ConjurVersion:
    Description: Select the version of Conjur to launch.
    Type: String
    Default: 5.1.2
    AllowedValues:
      - 5.1.2

  Subnets:
    Description: Subnets to launch Conjur instances in. Do not specify multiple subnets that
      are in the same Availability Zone.
    Type: List<AWS::EC2::Subnet::Id>

  NumberInstances:
    Description: 'Total number of Conjur instances to launch across all subnets (Default: 2)'
    Type: Number
    MinValue: 1
    MaxValue: 16
    Default: 2

  VpcId:
    Description: The VPC ID this stack will be launched into
    Type: AWS::EC2::VPC::Id

  KeyName:
    Description: Key pair to use for SSH
    Type: AWS::EC2::KeyPair::KeyName

  InstanceType:
    Description: 'Instance type for all instances (Recommended: m4.large)'
    Type: String
    Default: m4.large

  IamRole:
    Description: 'Optional. IAM Role to launch all EC2 instances as'
    Type: String

Mappings:
  ConjurAmi:
    us-east-1:
      v49210: ami-0b002e3187cf5f295

  PrettyVersion:
    5.1.2:
      Id: v512

Conditions:
  IamRoleSpecified: !Not [!Equals [!Ref IamRole, ""]]

Resources:
  ConjurInstanceConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: !FindInMap [ConjurAmi, !Ref 'AWS::Region', !FindInMap [PrettyVersion, !Ref ConjurVersion, Id]]
      KeyName: !Ref KeyName
      InstanceType: !Ref InstanceType
      IamInstanceProfile: !If [IamRoleSpecified, !Ref IamRole, !Ref 'AWS::NoValue']
      SecurityGroups:
      - !Ref ConjurSecurityGroup

  AutoScaling:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      HealthCheckType: EC2
      LaunchConfigurationName: !Ref ConjurInstanceConfiguration
      MaxSize: !Ref NumberInstances
      MinSize: !Ref NumberInstances
      VPCZoneIdentifier: !Ref Subnets
      LoadBalancerNames:
        - !Ref LoadBalancer
      Tags:
      - Key: Name
        Value: !Ref AWS::StackName
        PropagateAtLaunch: true

  LoadBalancer:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    Properties:
      SecurityGroups:
      - !Ref ConjurSecurityGroup
      Subnets: !Ref Subnets
      Listeners:
      - LoadBalancerPort: '443'
        InstancePort: '443'
        Protocol: TCP
      - LoadBalancerPort: '636'
        InstancePort: '636'
        Protocol: TCP
      HealthCheck:
        Target: HTTPS:443/health
        HealthyThreshold: '3'
        UnhealthyThreshold: '5'
        Interval: '30'
        Timeout: '5'
####### Uncomment below for a Classic Load Balancer instead of Elastic
#      Scheme: internal

  ConjurSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '636'
        ToPort: '636'
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: '443'
        ToPort: '443'
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: '5432'
        ToPort: '5432'
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: '1999'
        ToPort: '1999'
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp: 0.0.0.0/0
      GroupDescription: Conjur Security Group w/ SSH
      VpcId: !Ref VpcId
	---
	AWSTemplateFormatVersion: '2010-09-09'

	Parameters:
	ConjurVersion:
	Description: Select the version of Conjur to launch.
	Type: String
	Default: 5.1.2
	AllowedValues:
	- 5.1.2

	Subnets:
	Description: Subnets to launch Conjur instances in. Do not specify multiple subnets that
	are in the same Availability Zone.
	Type: List<AWS::EC2::Subnet::Id>

	NumberInstances:
	Description: 'Total number of Conjur instances to launch across all subnets (Default: 2)'
	Type: Number
	MinValue: 1
	MaxValue: 16
	Default: 2

	VpcId:
	Description: The VPC ID this stack will be launched into
	Type: AWS::EC2::VPC::Id

	KeyName:
	Description: Key pair to use for SSH
	Type: AWS::EC2::KeyPair::KeyName

	InstanceType:
	Description: 'Instance type for all instances (Recommended: m4.large)'
	Type: String
	Default: m4.large

	IamRole:
	Description: 'Optional. IAM Role to launch all EC2 instances as'
	Type: String

	Mappings:
	ConjurAmi:
	us-east-1:
	v49210: ami-0b002e3187cf5f295

	PrettyVersion:
	5.1.2:
	Id: v512

	Conditions:
	IamRoleSpecified: !Not [!Equals [!Ref IamRole, ""]]

	Resources:
	ConjurInstanceConfiguration:
	Type: AWS::AutoScaling::LaunchConfiguration
	Properties:
	ImageId: !FindInMap [ConjurAmi, !Ref 'AWS::Region', !FindInMap [PrettyVersion, !Ref ConjurVersion, Id]]
	KeyName: !Ref KeyName
	InstanceType: !Ref InstanceType
	IamInstanceProfile: !If [IamRoleSpecified, !Ref IamRole, !Ref 'AWS::NoValue']
	SecurityGroups:
	- !Ref ConjurSecurityGroup

	AutoScaling:
	Type: AWS::AutoScaling::AutoScalingGroup
	Properties:
	HealthCheckType: EC2
	LaunchConfigurationName: !Ref ConjurInstanceConfiguration
	MaxSize: !Ref NumberInstances
	MinSize: !Ref NumberInstances
	VPCZoneIdentifier: !Ref Subnets
	LoadBalancerNames:
	- !Ref LoadBalancer
	Tags:
	- Key: Name
	Value: !Ref AWS::StackName
	PropagateAtLaunch: true

	LoadBalancer:
	Type: AWS::ElasticLoadBalancing::LoadBalancer
	Properties:
	SecurityGroups:
	- !Ref ConjurSecurityGroup
	Subnets: !Ref Subnets
	Listeners:
	- LoadBalancerPort: '443'
	InstancePort: '443'
	Protocol: TCP
	- LoadBalancerPort: '636'
	InstancePort: '636'
	Protocol: TCP
	HealthCheck:
	Target: HTTPS:443/health
	HealthyThreshold: '3'
	UnhealthyThreshold: '5'
	Interval: '30'
	Timeout: '5'
	####### Uncomment below for a Classic Load Balancer instead of Elastic
	# Scheme: internal

	ConjurSecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: '636'
	ToPort: '636'
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: '443'
	ToPort: '443'
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: '5432'
	ToPort: '5432'
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: '1999'
	ToPort: '1999'
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: '22'
	ToPort: '22'
	CidrIp: 0.0.0.0/0
	GroupDescription: Conjur Security Group w/ SSH
	VpcId: !Ref VpcId