Created
January 24, 2014 01:56
-
-
Save jonesd/8590733 to your computer and use it in GitHub Desktop.
CloudFormation template to crete an AWS Elastic Load Balancer setup for VPC with Multi-Availability Zones. For more details see: http://i-proving.com/2014/01/14/aws-elastic-load-balancer-setup-for-vpc-with-multi-availability-zones/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "ELB with Multi-AZ template", | |
| "Parameters" : { | |
| "WebInstanceType" : { | |
| "Description" : "Web machine instance type", | |
| "Type" : "String", | |
| "Default": "m1.small" | |
| }, | |
| "NatInstanceType" : { | |
| "Description" : "NAT machine instance type", | |
| "Type" : "String", | |
| "Default": "m1.small" | |
| }, | |
| "WebAMI" : { | |
| "Description" : "Web Instance AMI", | |
| "Type" : "String" | |
| }, | |
| "WebKernelID" : { | |
| "Description" : "Web Instance Kernel ID for AMI", | |
| "Type" : "String", | |
| "Default" : "aki-88aa75e1" | |
| }, | |
| "NatAMI" : { | |
| "Description" : "Nat Instance AMI", | |
| "Type" : "String" | |
| }, | |
| "NatKernelID" : { | |
| "Description" : "Nat Instance Kernel ID for AMI", | |
| "Type" : "String", | |
| "Default" : "aki-88aa75e1" | |
| }, | |
| "KeyName" : { | |
| "Description" : "The EC2 Key Pair name to allow SSH access to the instances (Must already be present)", | |
| "Type" : "String" | |
| }, | |
| "AccessOperationsCidr" : { | |
| "Description" : "IP from which all operations SSH requsts come from, eg: 199.199.199.199/32", | |
| "Type" : "String" | |
| }, | |
| "AccesElbCidr" : { | |
| "Description" : "HTTP access IPs for the ELB (default 0.0.0.0/0 is public internet)", | |
| "Type" : "String", | |
| "Default" : "0.0.0.0/0" | |
| }, | |
| "Zone1" : { | |
| "Description" : "Availablity Zone 1 (Zones 1 & 2 must be in same region)", | |
| "Type" : "String", | |
| "Default": "us-east-1a" | |
| }, | |
| "Zone2" : { | |
| "Description" : "Availablity Zone 2 (Zone 1 & 2 must be in same region)", | |
| "Type" : "String", | |
| "Default": "us-east-1c" | |
| } | |
| }, | |
| "Resources": { | |
| "vpc": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": "10.0.0.0/16", | |
| "InstanceTenancy": "default", | |
| "EnableDnsSupport": "true", | |
| "EnableDnsHostnames": "true" | |
| } | |
| }, | |
| "subnetprivate1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": "10.0.10.0/24", | |
| "AvailabilityZone": {"Ref":"Zone1"}, | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "subnetprivate1" | |
| } | |
| ] | |
| } | |
| }, | |
| "subnetpublic1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": "10.0.20.0/24", | |
| "AvailabilityZone": {"Ref":"Zone1"}, | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "subnetpublic1" | |
| } | |
| ] | |
| } | |
| }, | |
| "subnetprivate2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": "10.0.11.0/24", | |
| "AvailabilityZone": {"Ref":"Zone2"}, | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "subnetprivate2" | |
| } | |
| ] | |
| } | |
| }, | |
| "subnetpublic2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": "10.0.21.0/24", | |
| "AvailabilityZone": {"Ref":"Zone2"}, | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "subnetpublic2" | |
| } | |
| ] | |
| } | |
| }, | |
| "igw611e1403": { | |
| "Type": "AWS::EC2::InternetGateway", | |
| "Properties": { | |
| } | |
| }, | |
| "dopt8d6d64ef": { | |
| "Type": "AWS::EC2::DHCPOptions", | |
| "Properties": { | |
| "DomainName": "ec2.internal", | |
| "DomainNameServers": [ | |
| "AmazonProvidedDNS" | |
| ] | |
| } | |
| }, | |
| "acld09683b2": { | |
| "Type": "AWS::EC2::NetworkAcl", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| } | |
| } | |
| }, | |
| "rtba64551c4": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| } | |
| } | |
| }, | |
| "rtbe2eafe80": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| } | |
| } | |
| }, | |
| "rtba74551c5": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| } | |
| } | |
| }, | |
| "rtbd0beaab2": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| } | |
| } | |
| }, | |
| "elbelb1": { | |
| "Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
| "Properties": { | |
| "Subnets": [ | |
| {"Ref":"subnetpublic1"}, | |
| {"Ref":"subnetpublic2"} | |
| ], | |
| "HealthCheck": { | |
| "HealthyThreshold": "2", | |
| "Interval": "30", | |
| "Target": "HTTP:8080/", | |
| "Timeout": "5", | |
| "UnhealthyThreshold": "5" | |
| }, | |
| "Instances": [ | |
| { | |
| "Ref": "instanceweb2" | |
| }, | |
| { | |
| "Ref": "instanceweb1" | |
| } | |
| ], | |
| "SecurityGroups": [ | |
| { | |
| "Ref": "sgelbsg" | |
| } | |
| ], | |
| "Listeners": [ | |
| { | |
| "InstancePort": "8080", | |
| "LoadBalancerPort": "80", | |
| "Protocol": "HTTP", | |
| "InstanceProtocol": "HTTP" | |
| } | |
| ] | |
| } | |
| }, | |
| "eippublic2": { | |
| "Type": "AWS::EC2::EIP", | |
| "DependsOn": "gw2", | |
| "Properties": { | |
| "Domain": "vpc", | |
| "InstanceId": { | |
| "Ref": "instancenat2" | |
| } | |
| } | |
| }, | |
| "eippublic1": { | |
| "Type": "AWS::EC2::EIP", | |
| "DependsOn": "gw2", | |
| "Properties": { | |
| "Domain": "vpc", | |
| "InstanceId": { | |
| "Ref": "instancenat1" | |
| } | |
| } | |
| }, | |
| "instancenat1": { | |
| "Type": "AWS::EC2::Instance", | |
| "Properties": { | |
| "DisableApiTermination": "FALSE", | |
| "ImageId": {"Ref":"NatAMI"}, | |
| "InstanceType": {"Ref":"NatInstanceType"}, | |
| "KernelId": {"Ref":"NatKernelID"}, | |
| "KeyName": {"Ref":"KeyName"}, | |
| "Monitoring": "false", | |
| "SourceDestCheck": "false", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "nat1" | |
| } | |
| ], | |
| "NetworkInterfaces": [ | |
| { | |
| "DeleteOnTermination": "true", | |
| "Description": "Primary network interface", | |
| "DeviceIndex": 0, | |
| "SubnetId": { | |
| "Ref": "subnetpublic1" | |
| }, | |
| "PrivateIpAddresses": [ | |
| { | |
| "PrivateIpAddress": "10.0.20.228", | |
| "Primary": "true" | |
| } | |
| ], | |
| "GroupSet": [ | |
| { | |
| "Ref": "sgsshsg" | |
| }, | |
| { | |
| "Ref": "sgnatsg" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| "instanceweb1": { | |
| "Type": "AWS::EC2::Instance", | |
| "Properties": { | |
| "DisableApiTermination": "FALSE", | |
| "ImageId": {"Ref":"WebAMI"}, | |
| "InstanceType": {"Ref":"WebInstanceType"}, | |
| "KernelId": {"Ref":"WebKernelID"}, | |
| "KeyName": {"Ref":"KeyName"}, | |
| "Monitoring": "false", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "web-1" | |
| } | |
| ], | |
| "NetworkInterfaces": [ | |
| { | |
| "DeleteOnTermination": "true", | |
| "Description": "Primary network interface", | |
| "DeviceIndex": 0, | |
| "SubnetId": { | |
| "Ref": "subnetprivate1" | |
| }, | |
| "PrivateIpAddresses": [ | |
| { | |
| "PrivateIpAddress": "10.0.10.16", | |
| "Primary": "true" | |
| } | |
| ], | |
| "GroupSet": [ | |
| { | |
| "Ref": "sgsshsg" | |
| }, | |
| { | |
| "Ref": "sgwebsg" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| "instanceweb2": { | |
| "Type": "AWS::EC2::Instance", | |
| "Properties": { | |
| "DisableApiTermination": "FALSE", | |
| "ImageId": {"Ref":"WebAMI"}, | |
| "InstanceType": {"Ref":"WebInstanceType"}, | |
| "KernelId": {"Ref":"WebKernelID"}, | |
| "KeyName": {"Ref":"KeyName"}, | |
| "Monitoring": "false", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "web-2" | |
| } | |
| ], | |
| "NetworkInterfaces": [ | |
| { | |
| "DeleteOnTermination": "true", | |
| "Description": "Primary network interface", | |
| "DeviceIndex": 0, | |
| "SubnetId": { | |
| "Ref": "subnetprivate2" | |
| }, | |
| "PrivateIpAddresses": [ | |
| { | |
| "PrivateIpAddress": "10.0.11.186", | |
| "Primary": "true" | |
| } | |
| ], | |
| "GroupSet": [ | |
| { | |
| "Ref": "sgsshsg" | |
| }, | |
| { | |
| "Ref": "sgwebsg" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| "instancenat2": { | |
| "Type": "AWS::EC2::Instance", | |
| "Properties": { | |
| "DisableApiTermination": "FALSE", | |
| "ImageId": {"Ref":"NatAMI"}, | |
| "InstanceType": {"Ref":"NatInstanceType"}, | |
| "KernelId": {"Ref":"NatKernelID"}, | |
| "KeyName": {"Ref":"KeyName"}, | |
| "Monitoring": "false", | |
| "SourceDestCheck": "false", | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": "nat-2" | |
| } | |
| ], | |
| "NetworkInterfaces": [ | |
| { | |
| "DeleteOnTermination": "true", | |
| "Description": "Primary network interface", | |
| "DeviceIndex": 0, | |
| "SubnetId": { | |
| "Ref": "subnetpublic2" | |
| }, | |
| "PrivateIpAddresses": [ | |
| { | |
| "PrivateIpAddress": "10.0.21.219", | |
| "Primary": "true" | |
| } | |
| ], | |
| "GroupSet": [ | |
| { | |
| "Ref": "sgsshsg" | |
| }, | |
| { | |
| "Ref": "sgnatsg" | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| }, | |
| "sgsshsg": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "SSH access SG", | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "CidrIp": {"Ref":"AccessOperationsCidr"} | |
| } | |
| ] | |
| } | |
| }, | |
| "sgwebsg": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "Web SG", | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ] | |
| } | |
| }, | |
| "sgnatsg": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "NAT SG", | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "CidrIp": {"Ref":"AccessOperationsCidr"} | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "10000", | |
| "ToPort": "10255", | |
| "CidrIp": {"Ref":"AccessOperationsCidr"} | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "11000", | |
| "ToPort": "11255", | |
| "CidrIp": {"Ref":"AccessOperationsCidr"} | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": "0.0.0.0/0" | |
| }, | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "CidrIp": "0.0.0.0/0" | |
| } | |
| ] | |
| } | |
| }, | |
| "sgelbsg": { | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "ELB SG", | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "CidrIp": {"Ref":"AccesElbCidr"} | |
| } | |
| ] | |
| } | |
| }, | |
| "acl3": { | |
| "Type": "AWS::EC2::NetworkAclEntry", | |
| "Properties": { | |
| "CidrBlock": "0.0.0.0/0", | |
| "Egress": true, | |
| "Protocol": "-1", | |
| "RuleAction": "allow", | |
| "RuleNumber": "100", | |
| "NetworkAclId": { | |
| "Ref": "acld09683b2" | |
| } | |
| } | |
| }, | |
| "acl4": { | |
| "Type": "AWS::EC2::NetworkAclEntry", | |
| "Properties": { | |
| "CidrBlock": "0.0.0.0/0", | |
| "Protocol": "-1", | |
| "RuleAction": "allow", | |
| "RuleNumber": "100", | |
| "NetworkAclId": { | |
| "Ref": "acld09683b2" | |
| } | |
| } | |
| }, | |
| "subnetacl5": { | |
| "Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
| "Properties": { | |
| "NetworkAclId": { | |
| "Ref": "acld09683b2" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetpublic2" | |
| } | |
| } | |
| }, | |
| "subnetacl6": { | |
| "Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
| "Properties": { | |
| "NetworkAclId": { | |
| "Ref": "acld09683b2" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetprivate1" | |
| } | |
| } | |
| }, | |
| "subnetacl7": { | |
| "Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
| "Properties": { | |
| "NetworkAclId": { | |
| "Ref": "acld09683b2" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetprivate2" | |
| } | |
| } | |
| }, | |
| "subnetacl8": { | |
| "Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
| "Properties": { | |
| "NetworkAclId": { | |
| "Ref": "acld09683b2" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetpublic1" | |
| } | |
| } | |
| }, | |
| "gw2": { | |
| "Type": "AWS::EC2::VPCGatewayAttachment", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "InternetGatewayId": { | |
| "Ref": "igw611e1403" | |
| } | |
| } | |
| }, | |
| "subnetroute7": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "rtbe2eafe80" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetprivate2" | |
| } | |
| } | |
| }, | |
| "subnetroute8": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "rtba74551c5" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetpublic2" | |
| } | |
| } | |
| }, | |
| "subnetroute9": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "rtba74551c5" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetpublic1" | |
| } | |
| } | |
| }, | |
| "subnetroute10": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { | |
| "Ref": "rtbd0beaab2" | |
| }, | |
| "SubnetId": { | |
| "Ref": "subnetprivate1" | |
| } | |
| } | |
| }, | |
| "route6": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { | |
| "Ref": "rtbe2eafe80" | |
| }, | |
| "InstanceId": { | |
| "Ref": "instancenat2" | |
| } | |
| } | |
| }, | |
| "route7": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { | |
| "Ref": "rtba74551c5" | |
| }, | |
| "GatewayId": { | |
| "Ref": "igw611e1403" | |
| } | |
| }, | |
| "DependsOn": "gw2" | |
| }, | |
| "route8": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { | |
| "Ref": "rtbd0beaab2" | |
| }, | |
| "InstanceId": { | |
| "Ref": "instancenat1" | |
| } | |
| } | |
| }, | |
| "dchpassoc2": { | |
| "Type": "AWS::EC2::VPCDHCPOptionsAssociation", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "vpc" | |
| }, | |
| "DhcpOptionsId": { | |
| "Ref": "dopt8d6d64ef" | |
| } | |
| } | |
| }, | |
| "ingress14": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { | |
| "Ref": "sgsshsg" | |
| }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "SourceSecurityGroupId": { | |
| "Ref": "sgnatsg" | |
| } | |
| } | |
| }, | |
| "ingress15": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { | |
| "Ref": "sgwebsg" | |
| }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "8080", | |
| "ToPort": "8080", | |
| "SourceSecurityGroupId": { | |
| "Ref": "sgelbsg" | |
| } | |
| } | |
| }, | |
| "ingress18": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { | |
| "Ref": "sgnatsg" | |
| }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { | |
| "Ref": "sgwebsg" | |
| } | |
| } | |
| }, | |
| "ingress19": { | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { | |
| "Ref": "sgnatsg" | |
| }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "SourceSecurityGroupId": { | |
| "Ref": "sgwebsg" | |
| } | |
| } | |
| }, | |
| "egress7": { | |
| "Type": "AWS::EC2::SecurityGroupEgress", | |
| "Properties": { | |
| "GroupId": { | |
| "Ref": "sgnatsg" | |
| }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "SourceSecurityGroupId": { | |
| "Ref": "sgwebsg" | |
| } | |
| } | |
| }, | |
| "egress8": { | |
| "Type": "AWS::EC2::SecurityGroupEgress", | |
| "Properties": { | |
| "GroupId": { | |
| "Ref": "sgelbsg" | |
| }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "8080", | |
| "ToPort": "8080", | |
| "SourceSecurityGroupId": { | |
| "Ref": "sgwebsg" | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "vpcId": { | |
| "Value": { | |
| "Ref": "vpc" | |
| } | |
| }, | |
| "subnetprivate1Id": { | |
| "Value": { | |
| "Ref": "subnetprivate1" | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment