Inception template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: Configure the initial networking resources to deploy the Ghost blog host | |
| Parameters: | |
| VpcCidr: | |
| Type: String | |
| Default: 192.168.0.0/16 | |
| PublicSubnetCidr: | |
| Type: String | |
| Default: 192.168.0.0/20 # Have 16 subnets for us to go multi tier multi-az if needed. | |
| HostedZone: | |
| Type: String | |
| Default: mydomain.com | |
| BucketName: | |
| Type: String | |
| Default: ghost.mydomain.com | |
| Resources: | |
| MyGhostVPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: !Ref VpcCidr | |
| Tags: | |
| - Key: name | |
| Value: Ghost Blog VPC | |
| MyGhostEIP: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| Tags: | |
| - Key: name | |
| Value: Ghost host EIP | |
| MyGhostSubnet: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref MyGhostVPC | |
| CidrBlock: !Ref PublicSubnetCidr | |
| Tags: | |
| - Key: name | |
| Value: Ghost Blog Subnet | |
| MyGhostSG: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: SecurityGroup for the Ghost Blog | |
| GroupName: MyGhostSG | |
| VpcId: !Ref MyGhostVPC | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: 80 | |
| ToPort: 80 | |
| CidrIp: 0.0.0.0/0 | |
| - FromPort: '443' | |
| IpProtocol: tcp | |
| ToPort: '443' | |
| CidrIp: 0.0.0.0/0 | |
| Tags: | |
| - Key: name | |
| Value: Ghost Blog SG | |
| MyGhostNetworkXface: | |
| Type: AWS::EC2::NetworkInterface | |
| Properties: | |
| SubnetId: !Ref MyGhostSubnet | |
| Description: Network Interface for the ghost host | |
| GroupSet: | |
| - !Ref MyGhostSG | |
| Tags: | |
| - Key: name | |
| Value: Ghost Host NetworkInterface | |
| MyGhostEipAssociation: | |
| Type: AWS::EC2::EIPAssociation | |
| Properties: | |
| AllocationId: !GetAtt MyGhostEIP.AllocationId | |
| NetworkInterfaceId: !Ref MyGhostNetworkXface | |
| MyGhostIGW: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: name | |
| Value: Ghost Blog InternetGateway | |
| MyGhostVpcIGWAttachment: | |
| DependsOn: MyGhostEIP | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref MyGhostIGW | |
| VpcId: !Ref MyGhostVPC | |
| MyGhostRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref MyGhostVPC | |
| Tags: | |
| - Key: name | |
| Value: Ghost Blog RouteTable | |
| MyGhostRouteToIGW: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref MyGhostRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref MyGhostIGW | |
| MyGhostSubnetToRoutTableAss: | |
| Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| Properties: | |
| RouteTableId: !Ref MyGhostRouteTable | |
| SubnetId: !Ref MyGhostSubnet | |
| MyGhostS3Bucket: | |
| Type: AWS::S3::Bucket | |
| #DeletionPolicy: Retain | |
| Properties: | |
| BucketName: !Ref BucketName | |
| PublicAccessBlockConfiguration: | |
| BlockPublicAcls: True | |
| BlockPublicPolicy: True | |
| IgnorePublicAcls: True | |
| RestrictPublicBuckets: True | |
| BucketEncryption: | |
| ServerSideEncryptionConfiguration: | |
| - ServerSideEncryptionByDefault: | |
| SSEAlgorithm: AES256 | |
| MyGhostHostedZone: | |
| Type: "AWS::Route53::HostedZone" | |
| Properties: | |
| HostedZoneConfig: | |
| Comment: 'Hosted zone for the ghost domain' | |
| Name: !Ref HostedZone | |
| MyMailGunMxRecordSet: | |
| Type: AWS::Route53::RecordSet | |
| DependsOn: MyGhostHostedZone | |
| Properties: | |
| HostedZoneId: !Ref MyGhostHostedZone | |
| Name: !Sub mg.${HostedZone}. | |
| ResourceRecords: | |
| - 10 mxa.mailgun.org. | |
| - 10 mxb.mailgun.org. | |
| TTL: '300' | |
| Type: MX | |
| MyMailGunOrgRecordSet: | |
| Type: AWS::Route53::RecordSet | |
| DependsOn: MyGhostHostedZone | |
| Properties: | |
| HostedZoneId: !Ref MyGhostHostedZone | |
| Name: !Sub mg.${HostedZone}. | |
| ResourceRecords: | |
| - '"v=spf1 include:mailgun.org ~all"' | |
| TTL: '300' | |
| Type: TXT | |
| MyMailGunDomainKeyRecordSet: | |
| Type: AWS::Route53::RecordSet | |
| DependsOn: MyGhostHostedZone | |
| Properties: | |
| HostedZoneId: !Ref MyGhostHostedZone | |
| Name: !Sub smtp._domainkey.mg.${HostedZone}. | |
| ResourceRecords: # If your key is longer than 255 characters split it into "long""key" without any line break | |
| - >- | |
| "YOUR VERY LONG""DOMAIN KEY GOES HERE" | |
| TTL: '300' | |
| Type: TXT | |
| MyMailGunCNAMERecordSet: | |
| Type: AWS::Route53::RecordSet | |
| DependsOn: MyGhostHostedZone | |
| Properties: | |
| HostedZoneId: !Ref MyGhostHostedZone | |
| Name: !Sub email.mg.${HostedZone}. | |
| ResourceRecords: | |
| - mailgun.org | |
| TTL: '300' | |
| Type: CNAME | |
| Outputs: | |
| MyGhostEIP: | |
| Description: EIP to be used on the ghost host | |
| Value: !Ref MyGhostEIP | |
| Export: | |
| Name: PRIMARY-EIP | |
| MyGhostNetworkXface: | |
| Description: Network Interface ID to be used with ghost host | |
| Value: !Ref MyGhostNetworkXface | |
| Export: | |
| Name: PRIMARY-NETWORK-XFACE-ID | |
| MyGhostS3Bucket: | |
| Description: S3 Bucket for config file storage and backups | |
| Value: !Ref MyGhostS3Bucket | |
| Export: | |
| Name: PRIMARY-S3-BUCKET | |
| MyHostedZone: | |
| Description: Public hosted zone to hold DNS record sets | |
| Value: !Ref MyGhostHostedZone | |
| Export: | |
| Name: PRIMARY-PUBLIC-HOSTED-ZONE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment