Created
January 24, 2014 01:56
-
-
Save jonesd/8590733 to your computer and use it in GitHub Desktop.
CloudFormation template to crete an AWS Elastic Load Balancer setup for VPC with Multi-Availability Zones. For more details see: http://i-proving.com/2014/01/14/aws-elastic-load-balancer-setup-for-vpc-with-multi-availability-zones/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "ELB with Multi-AZ template", | |
"Parameters" : { | |
"WebInstanceType" : { | |
"Description" : "Web machine instance type", | |
"Type" : "String", | |
"Default": "m1.small" | |
}, | |
"NatInstanceType" : { | |
"Description" : "NAT machine instance type", | |
"Type" : "String", | |
"Default": "m1.small" | |
}, | |
"WebAMI" : { | |
"Description" : "Web Instance AMI", | |
"Type" : "String" | |
}, | |
"WebKernelID" : { | |
"Description" : "Web Instance Kernel ID for AMI", | |
"Type" : "String", | |
"Default" : "aki-88aa75e1" | |
}, | |
"NatAMI" : { | |
"Description" : "Nat Instance AMI", | |
"Type" : "String" | |
}, | |
"NatKernelID" : { | |
"Description" : "Nat Instance Kernel ID for AMI", | |
"Type" : "String", | |
"Default" : "aki-88aa75e1" | |
}, | |
"KeyName" : { | |
"Description" : "The EC2 Key Pair name to allow SSH access to the instances (Must already be present)", | |
"Type" : "String" | |
}, | |
"AccessOperationsCidr" : { | |
"Description" : "IP from which all operations SSH requsts come from, eg: 199.199.199.199/32", | |
"Type" : "String" | |
}, | |
"AccesElbCidr" : { | |
"Description" : "HTTP access IPs for the ELB (default 0.0.0.0/0 is public internet)", | |
"Type" : "String", | |
"Default" : "0.0.0.0/0" | |
}, | |
"Zone1" : { | |
"Description" : "Availablity Zone 1 (Zones 1 & 2 must be in same region)", | |
"Type" : "String", | |
"Default": "us-east-1a" | |
}, | |
"Zone2" : { | |
"Description" : "Availablity Zone 2 (Zone 1 & 2 must be in same region)", | |
"Type" : "String", | |
"Default": "us-east-1c" | |
} | |
}, | |
"Resources": { | |
"vpc": { | |
"Type": "AWS::EC2::VPC", | |
"Properties": { | |
"CidrBlock": "10.0.0.0/16", | |
"InstanceTenancy": "default", | |
"EnableDnsSupport": "true", | |
"EnableDnsHostnames": "true" | |
} | |
}, | |
"subnetprivate1": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": "10.0.10.0/24", | |
"AvailabilityZone": {"Ref":"Zone1"}, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "subnetprivate1" | |
} | |
] | |
} | |
}, | |
"subnetpublic1": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": "10.0.20.0/24", | |
"AvailabilityZone": {"Ref":"Zone1"}, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "subnetpublic1" | |
} | |
] | |
} | |
}, | |
"subnetprivate2": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": "10.0.11.0/24", | |
"AvailabilityZone": {"Ref":"Zone2"}, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "subnetprivate2" | |
} | |
] | |
} | |
}, | |
"subnetpublic2": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": "10.0.21.0/24", | |
"AvailabilityZone": {"Ref":"Zone2"}, | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "subnetpublic2" | |
} | |
] | |
} | |
}, | |
"igw611e1403": { | |
"Type": "AWS::EC2::InternetGateway", | |
"Properties": { | |
} | |
}, | |
"dopt8d6d64ef": { | |
"Type": "AWS::EC2::DHCPOptions", | |
"Properties": { | |
"DomainName": "ec2.internal", | |
"DomainNameServers": [ | |
"AmazonProvidedDNS" | |
] | |
} | |
}, | |
"acld09683b2": { | |
"Type": "AWS::EC2::NetworkAcl", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
} | |
} | |
}, | |
"rtba64551c4": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
} | |
} | |
}, | |
"rtbe2eafe80": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
} | |
} | |
}, | |
"rtba74551c5": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
} | |
} | |
}, | |
"rtbd0beaab2": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
} | |
} | |
}, | |
"elbelb1": { | |
"Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
"Properties": { | |
"Subnets": [ | |
{"Ref":"subnetpublic1"}, | |
{"Ref":"subnetpublic2"} | |
], | |
"HealthCheck": { | |
"HealthyThreshold": "2", | |
"Interval": "30", | |
"Target": "HTTP:8080/", | |
"Timeout": "5", | |
"UnhealthyThreshold": "5" | |
}, | |
"Instances": [ | |
{ | |
"Ref": "instanceweb2" | |
}, | |
{ | |
"Ref": "instanceweb1" | |
} | |
], | |
"SecurityGroups": [ | |
{ | |
"Ref": "sgelbsg" | |
} | |
], | |
"Listeners": [ | |
{ | |
"InstancePort": "8080", | |
"LoadBalancerPort": "80", | |
"Protocol": "HTTP", | |
"InstanceProtocol": "HTTP" | |
} | |
] | |
} | |
}, | |
"eippublic2": { | |
"Type": "AWS::EC2::EIP", | |
"DependsOn": "gw2", | |
"Properties": { | |
"Domain": "vpc", | |
"InstanceId": { | |
"Ref": "instancenat2" | |
} | |
} | |
}, | |
"eippublic1": { | |
"Type": "AWS::EC2::EIP", | |
"DependsOn": "gw2", | |
"Properties": { | |
"Domain": "vpc", | |
"InstanceId": { | |
"Ref": "instancenat1" | |
} | |
} | |
}, | |
"instancenat1": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"DisableApiTermination": "FALSE", | |
"ImageId": {"Ref":"NatAMI"}, | |
"InstanceType": {"Ref":"NatInstanceType"}, | |
"KernelId": {"Ref":"NatKernelID"}, | |
"KeyName": {"Ref":"KeyName"}, | |
"Monitoring": "false", | |
"SourceDestCheck": "false", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "nat1" | |
} | |
], | |
"NetworkInterfaces": [ | |
{ | |
"DeleteOnTermination": "true", | |
"Description": "Primary network interface", | |
"DeviceIndex": 0, | |
"SubnetId": { | |
"Ref": "subnetpublic1" | |
}, | |
"PrivateIpAddresses": [ | |
{ | |
"PrivateIpAddress": "10.0.20.228", | |
"Primary": "true" | |
} | |
], | |
"GroupSet": [ | |
{ | |
"Ref": "sgsshsg" | |
}, | |
{ | |
"Ref": "sgnatsg" | |
} | |
] | |
} | |
] | |
} | |
}, | |
"instanceweb1": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"DisableApiTermination": "FALSE", | |
"ImageId": {"Ref":"WebAMI"}, | |
"InstanceType": {"Ref":"WebInstanceType"}, | |
"KernelId": {"Ref":"WebKernelID"}, | |
"KeyName": {"Ref":"KeyName"}, | |
"Monitoring": "false", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "web-1" | |
} | |
], | |
"NetworkInterfaces": [ | |
{ | |
"DeleteOnTermination": "true", | |
"Description": "Primary network interface", | |
"DeviceIndex": 0, | |
"SubnetId": { | |
"Ref": "subnetprivate1" | |
}, | |
"PrivateIpAddresses": [ | |
{ | |
"PrivateIpAddress": "10.0.10.16", | |
"Primary": "true" | |
} | |
], | |
"GroupSet": [ | |
{ | |
"Ref": "sgsshsg" | |
}, | |
{ | |
"Ref": "sgwebsg" | |
} | |
] | |
} | |
] | |
} | |
}, | |
"instanceweb2": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"DisableApiTermination": "FALSE", | |
"ImageId": {"Ref":"WebAMI"}, | |
"InstanceType": {"Ref":"WebInstanceType"}, | |
"KernelId": {"Ref":"WebKernelID"}, | |
"KeyName": {"Ref":"KeyName"}, | |
"Monitoring": "false", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "web-2" | |
} | |
], | |
"NetworkInterfaces": [ | |
{ | |
"DeleteOnTermination": "true", | |
"Description": "Primary network interface", | |
"DeviceIndex": 0, | |
"SubnetId": { | |
"Ref": "subnetprivate2" | |
}, | |
"PrivateIpAddresses": [ | |
{ | |
"PrivateIpAddress": "10.0.11.186", | |
"Primary": "true" | |
} | |
], | |
"GroupSet": [ | |
{ | |
"Ref": "sgsshsg" | |
}, | |
{ | |
"Ref": "sgwebsg" | |
} | |
] | |
} | |
] | |
} | |
}, | |
"instancenat2": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"DisableApiTermination": "FALSE", | |
"ImageId": {"Ref":"NatAMI"}, | |
"InstanceType": {"Ref":"NatInstanceType"}, | |
"KernelId": {"Ref":"NatKernelID"}, | |
"KeyName": {"Ref":"KeyName"}, | |
"Monitoring": "false", | |
"SourceDestCheck": "false", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "nat-2" | |
} | |
], | |
"NetworkInterfaces": [ | |
{ | |
"DeleteOnTermination": "true", | |
"Description": "Primary network interface", | |
"DeviceIndex": 0, | |
"SubnetId": { | |
"Ref": "subnetpublic2" | |
}, | |
"PrivateIpAddresses": [ | |
{ | |
"PrivateIpAddress": "10.0.21.219", | |
"Primary": "true" | |
} | |
], | |
"GroupSet": [ | |
{ | |
"Ref": "sgsshsg" | |
}, | |
{ | |
"Ref": "sgnatsg" | |
} | |
] | |
} | |
] | |
} | |
}, | |
"sgsshsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "SSH access SG", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": {"Ref":"AccessOperationsCidr"} | |
} | |
] | |
} | |
}, | |
"sgwebsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Web SG", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"sgnatsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "NAT SG", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": {"Ref":"AccessOperationsCidr"} | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "10000", | |
"ToPort": "10255", | |
"CidrIp": {"Ref":"AccessOperationsCidr"} | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "11000", | |
"ToPort": "11255", | |
"CidrIp": {"Ref":"AccessOperationsCidr"} | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"sgelbsg": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "ELB SG", | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": {"Ref":"AccesElbCidr"} | |
} | |
] | |
} | |
}, | |
"acl3": { | |
"Type": "AWS::EC2::NetworkAclEntry", | |
"Properties": { | |
"CidrBlock": "0.0.0.0/0", | |
"Egress": true, | |
"Protocol": "-1", | |
"RuleAction": "allow", | |
"RuleNumber": "100", | |
"NetworkAclId": { | |
"Ref": "acld09683b2" | |
} | |
} | |
}, | |
"acl4": { | |
"Type": "AWS::EC2::NetworkAclEntry", | |
"Properties": { | |
"CidrBlock": "0.0.0.0/0", | |
"Protocol": "-1", | |
"RuleAction": "allow", | |
"RuleNumber": "100", | |
"NetworkAclId": { | |
"Ref": "acld09683b2" | |
} | |
} | |
}, | |
"subnetacl5": { | |
"Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties": { | |
"NetworkAclId": { | |
"Ref": "acld09683b2" | |
}, | |
"SubnetId": { | |
"Ref": "subnetpublic2" | |
} | |
} | |
}, | |
"subnetacl6": { | |
"Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties": { | |
"NetworkAclId": { | |
"Ref": "acld09683b2" | |
}, | |
"SubnetId": { | |
"Ref": "subnetprivate1" | |
} | |
} | |
}, | |
"subnetacl7": { | |
"Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties": { | |
"NetworkAclId": { | |
"Ref": "acld09683b2" | |
}, | |
"SubnetId": { | |
"Ref": "subnetprivate2" | |
} | |
} | |
}, | |
"subnetacl8": { | |
"Type": "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties": { | |
"NetworkAclId": { | |
"Ref": "acld09683b2" | |
}, | |
"SubnetId": { | |
"Ref": "subnetpublic1" | |
} | |
} | |
}, | |
"gw2": { | |
"Type": "AWS::EC2::VPCGatewayAttachment", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"InternetGatewayId": { | |
"Ref": "igw611e1403" | |
} | |
} | |
}, | |
"subnetroute7": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "rtbe2eafe80" | |
}, | |
"SubnetId": { | |
"Ref": "subnetprivate2" | |
} | |
} | |
}, | |
"subnetroute8": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "rtba74551c5" | |
}, | |
"SubnetId": { | |
"Ref": "subnetpublic2" | |
} | |
} | |
}, | |
"subnetroute9": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "rtba74551c5" | |
}, | |
"SubnetId": { | |
"Ref": "subnetpublic1" | |
} | |
} | |
}, | |
"subnetroute10": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "rtbd0beaab2" | |
}, | |
"SubnetId": { | |
"Ref": "subnetprivate1" | |
} | |
} | |
}, | |
"route6": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { | |
"Ref": "rtbe2eafe80" | |
}, | |
"InstanceId": { | |
"Ref": "instancenat2" | |
} | |
} | |
}, | |
"route7": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { | |
"Ref": "rtba74551c5" | |
}, | |
"GatewayId": { | |
"Ref": "igw611e1403" | |
} | |
}, | |
"DependsOn": "gw2" | |
}, | |
"route8": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { | |
"Ref": "rtbd0beaab2" | |
}, | |
"InstanceId": { | |
"Ref": "instancenat1" | |
} | |
} | |
}, | |
"dchpassoc2": { | |
"Type": "AWS::EC2::VPCDHCPOptionsAssociation", | |
"Properties": { | |
"VpcId": { | |
"Ref": "vpc" | |
}, | |
"DhcpOptionsId": { | |
"Ref": "dopt8d6d64ef" | |
} | |
} | |
}, | |
"ingress14": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "sgsshsg" | |
}, | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"SourceSecurityGroupId": { | |
"Ref": "sgnatsg" | |
} | |
} | |
}, | |
"ingress15": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "sgwebsg" | |
}, | |
"IpProtocol": "tcp", | |
"FromPort": "8080", | |
"ToPort": "8080", | |
"SourceSecurityGroupId": { | |
"Ref": "sgelbsg" | |
} | |
} | |
}, | |
"ingress18": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "sgnatsg" | |
}, | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"SourceSecurityGroupId": { | |
"Ref": "sgwebsg" | |
} | |
} | |
}, | |
"ingress19": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "sgnatsg" | |
}, | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"SourceSecurityGroupId": { | |
"Ref": "sgwebsg" | |
} | |
} | |
}, | |
"egress7": { | |
"Type": "AWS::EC2::SecurityGroupEgress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "sgnatsg" | |
}, | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"SourceSecurityGroupId": { | |
"Ref": "sgwebsg" | |
} | |
} | |
}, | |
"egress8": { | |
"Type": "AWS::EC2::SecurityGroupEgress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "sgelbsg" | |
}, | |
"IpProtocol": "tcp", | |
"FromPort": "8080", | |
"ToPort": "8080", | |
"SourceSecurityGroupId": { | |
"Ref": "sgwebsg" | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"vpcId": { | |
"Value": { | |
"Ref": "vpc" | |
} | |
}, | |
"subnetprivate1Id": { | |
"Value": { | |
"Ref": "subnetprivate1" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment