Created
September 17, 2018 18:17
-
-
Save infamousjoeg/1eaf97f046a125f23bc5f969e1b4d48e to your computer and use it in GitHub Desktop.
AWS CloudFormation Template for CyberArk Conjur v5.1.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: '2010-09-09' | |
Parameters: | |
ConjurVersion: | |
Description: Select the version of Conjur to launch. | |
Type: String | |
Default: 5.1.2 | |
AllowedValues: | |
- 5.1.2 | |
Subnets: | |
Description: Subnets to launch Conjur instances in. Do not specify multiple subnets that | |
are in the same Availability Zone. | |
Type: List<AWS::EC2::Subnet::Id> | |
NumberInstances: | |
Description: 'Total number of Conjur instances to launch across all subnets (Default: 2)' | |
Type: Number | |
MinValue: 1 | |
MaxValue: 16 | |
Default: 2 | |
VpcId: | |
Description: The VPC ID this stack will be launched into | |
Type: AWS::EC2::VPC::Id | |
KeyName: | |
Description: Key pair to use for SSH | |
Type: AWS::EC2::KeyPair::KeyName | |
InstanceType: | |
Description: 'Instance type for all instances (Recommended: m4.large)' | |
Type: String | |
Default: m4.large | |
IamRole: | |
Description: 'Optional. IAM Role to launch all EC2 instances as' | |
Type: String | |
Mappings: | |
ConjurAmi: | |
us-east-1: | |
v49210: ami-0b002e3187cf5f295 | |
PrettyVersion: | |
5.1.2: | |
Id: v512 | |
Conditions: | |
IamRoleSpecified: !Not [!Equals [!Ref IamRole, ""]] | |
Resources: | |
ConjurInstanceConfiguration: | |
Type: AWS::AutoScaling::LaunchConfiguration | |
Properties: | |
ImageId: !FindInMap [ConjurAmi, !Ref 'AWS::Region', !FindInMap [PrettyVersion, !Ref ConjurVersion, Id]] | |
KeyName: !Ref KeyName | |
InstanceType: !Ref InstanceType | |
IamInstanceProfile: !If [IamRoleSpecified, !Ref IamRole, !Ref 'AWS::NoValue'] | |
SecurityGroups: | |
- !Ref ConjurSecurityGroup | |
AutoScaling: | |
Type: AWS::AutoScaling::AutoScalingGroup | |
Properties: | |
HealthCheckType: EC2 | |
LaunchConfigurationName: !Ref ConjurInstanceConfiguration | |
MaxSize: !Ref NumberInstances | |
MinSize: !Ref NumberInstances | |
VPCZoneIdentifier: !Ref Subnets | |
LoadBalancerNames: | |
- !Ref LoadBalancer | |
Tags: | |
- Key: Name | |
Value: !Ref AWS::StackName | |
PropagateAtLaunch: true | |
LoadBalancer: | |
Type: AWS::ElasticLoadBalancing::LoadBalancer | |
Properties: | |
SecurityGroups: | |
- !Ref ConjurSecurityGroup | |
Subnets: !Ref Subnets | |
Listeners: | |
- LoadBalancerPort: '443' | |
InstancePort: '443' | |
Protocol: TCP | |
- LoadBalancerPort: '636' | |
InstancePort: '636' | |
Protocol: TCP | |
HealthCheck: | |
Target: HTTPS:443/health | |
HealthyThreshold: '3' | |
UnhealthyThreshold: '5' | |
Interval: '30' | |
Timeout: '5' | |
####### Uncomment below for a Classic Load Balancer instead of Elastic | |
# Scheme: internal | |
ConjurSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: '636' | |
ToPort: '636' | |
CidrIp: 0.0.0.0/0 | |
- IpProtocol: tcp | |
FromPort: '443' | |
ToPort: '443' | |
CidrIp: 0.0.0.0/0 | |
- IpProtocol: tcp | |
FromPort: '5432' | |
ToPort: '5432' | |
CidrIp: 0.0.0.0/0 | |
- IpProtocol: tcp | |
FromPort: '1999' | |
ToPort: '1999' | |
CidrIp: 0.0.0.0/0 | |
- IpProtocol: tcp | |
FromPort: '22' | |
ToPort: '22' | |
CidrIp: 0.0.0.0/0 | |
GroupDescription: Conjur Security Group w/ SSH | |
VpcId: !Ref VpcId |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment