Skip to content

Instantly share code, notes, and snippets.

@jayanath
Created May 20, 2021
Embed
What would you like to do?
Inception template
AWSTemplateFormatVersion: 2010-09-09
Description: Configure the initial networking resources to deploy the Ghost blog host
Parameters:
VpcCidr:
Type: String
Default: 192.168.0.0/16
PublicSubnetCidr:
Type: String
Default: 192.168.0.0/20 # Have 16 subnets for us to go multi tier multi-az if needed.
HostedZone:
Type: String
Default: mydomain.com
BucketName:
Type: String
Default: ghost.mydomain.com
Resources:
MyGhostVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
Tags:
- Key: name
Value: Ghost Blog VPC
MyGhostEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: name
Value: Ghost host EIP
MyGhostSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyGhostVPC
CidrBlock: !Ref PublicSubnetCidr
Tags:
- Key: name
Value: Ghost Blog Subnet
MyGhostSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for the Ghost Blog
GroupName: MyGhostSG
VpcId: !Ref MyGhostVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- FromPort: '443'
IpProtocol: tcp
ToPort: '443'
CidrIp: 0.0.0.0/0
Tags:
- Key: name
Value: Ghost Blog SG
MyGhostNetworkXface:
Type: AWS::EC2::NetworkInterface
Properties:
SubnetId: !Ref MyGhostSubnet
Description: Network Interface for the ghost host
GroupSet:
- !Ref MyGhostSG
Tags:
- Key: name
Value: Ghost Host NetworkInterface
MyGhostEipAssociation:
Type: AWS::EC2::EIPAssociation
Properties:
AllocationId: !GetAtt MyGhostEIP.AllocationId
NetworkInterfaceId: !Ref MyGhostNetworkXface
MyGhostIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: name
Value: Ghost Blog InternetGateway
MyGhostVpcIGWAttachment:
DependsOn: MyGhostEIP
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyGhostIGW
VpcId: !Ref MyGhostVPC
MyGhostRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyGhostVPC
Tags:
- Key: name
Value: Ghost Blog RouteTable
MyGhostRouteToIGW:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref MyGhostRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyGhostIGW
MyGhostSubnetToRoutTableAss:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId: !Ref MyGhostRouteTable
SubnetId: !Ref MyGhostSubnet
MyGhostS3Bucket:
Type: AWS::S3::Bucket
#DeletionPolicy: Retain
Properties:
BucketName: !Ref BucketName
PublicAccessBlockConfiguration:
BlockPublicAcls: True
BlockPublicPolicy: True
IgnorePublicAcls: True
RestrictPublicBuckets: True
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
MyGhostHostedZone:
Type: "AWS::Route53::HostedZone"
Properties:
HostedZoneConfig:
Comment: 'Hosted zone for the ghost domain'
Name: !Ref HostedZone
MyMailGunMxRecordSet:
Type: AWS::Route53::RecordSet
DependsOn: MyGhostHostedZone
Properties:
HostedZoneId: !Ref MyGhostHostedZone
Name: !Sub mg.${HostedZone}.
ResourceRecords:
- 10 mxa.mailgun.org.
- 10 mxb.mailgun.org.
TTL: '300'
Type: MX
MyMailGunOrgRecordSet:
Type: AWS::Route53::RecordSet
DependsOn: MyGhostHostedZone
Properties:
HostedZoneId: !Ref MyGhostHostedZone
Name: !Sub mg.${HostedZone}.
ResourceRecords:
- '"v=spf1 include:mailgun.org ~all"'
TTL: '300'
Type: TXT
MyMailGunDomainKeyRecordSet:
Type: AWS::Route53::RecordSet
DependsOn: MyGhostHostedZone
Properties:
HostedZoneId: !Ref MyGhostHostedZone
Name: !Sub smtp._domainkey.mg.${HostedZone}.
ResourceRecords: # If your key is longer than 255 characters split it into "long""key" without any line break
- >-
"YOUR VERY LONG""DOMAIN KEY GOES HERE"
TTL: '300'
Type: TXT
MyMailGunCNAMERecordSet:
Type: AWS::Route53::RecordSet
DependsOn: MyGhostHostedZone
Properties:
HostedZoneId: !Ref MyGhostHostedZone
Name: !Sub email.mg.${HostedZone}.
ResourceRecords:
- mailgun.org
TTL: '300'
Type: CNAME
Outputs:
MyGhostEIP:
Description: EIP to be used on the ghost host
Value: !Ref MyGhostEIP
Export:
Name: PRIMARY-EIP
MyGhostNetworkXface:
Description: Network Interface ID to be used with ghost host
Value: !Ref MyGhostNetworkXface
Export:
Name: PRIMARY-NETWORK-XFACE-ID
MyGhostS3Bucket:
Description: S3 Bucket for config file storage and backups
Value: !Ref MyGhostS3Bucket
Export:
Name: PRIMARY-S3-BUCKET
MyHostedZone:
Description: Public hosted zone to hold DNS record sets
Value: !Ref MyGhostHostedZone
Export:
Name: PRIMARY-PUBLIC-HOSTED-ZONE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment