Skip to content

Instantly share code, notes, and snippets.

@jonesd jonesd/aws.template
Created Jan 24, 2014

Embed
What would you like to do?
CloudFormation template to crete an AWS Elastic Load Balancer setup for VPC with Multi-Availability Zones. For more details see: http://i-proving.com/2014/01/14/aws-elastic-load-balancer-setup-for-vpc-with-multi-availability-zones/
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "ELB with Multi-AZ template",
"Parameters" : {
"WebInstanceType" : {
"Description" : "Web machine instance type",
"Type" : "String",
"Default": "m1.small"
},
"NatInstanceType" : {
"Description" : "NAT machine instance type",
"Type" : "String",
"Default": "m1.small"
},
"WebAMI" : {
"Description" : "Web Instance AMI",
"Type" : "String"
},
"WebKernelID" : {
"Description" : "Web Instance Kernel ID for AMI",
"Type" : "String",
"Default" : "aki-88aa75e1"
},
"NatAMI" : {
"Description" : "Nat Instance AMI",
"Type" : "String"
},
"NatKernelID" : {
"Description" : "Nat Instance Kernel ID for AMI",
"Type" : "String",
"Default" : "aki-88aa75e1"
},
"KeyName" : {
"Description" : "The EC2 Key Pair name to allow SSH access to the instances (Must already be present)",
"Type" : "String"
},
"AccessOperationsCidr" : {
"Description" : "IP from which all operations SSH requsts come from, eg: 199.199.199.199/32",
"Type" : "String"
},
"AccesElbCidr" : {
"Description" : "HTTP access IPs for the ELB (default 0.0.0.0/0 is public internet)",
"Type" : "String",
"Default" : "0.0.0.0/0"
},
"Zone1" : {
"Description" : "Availablity Zone 1 (Zones 1 & 2 must be in same region)",
"Type" : "String",
"Default": "us-east-1a"
},
"Zone2" : {
"Description" : "Availablity Zone 2 (Zone 1 & 2 must be in same region)",
"Type" : "String",
"Default": "us-east-1c"
}
},
"Resources": {
"vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true"
}
},
"subnetprivate1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.10.0/24",
"AvailabilityZone": {"Ref":"Zone1"},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": "subnetprivate1"
}
]
}
},
"subnetpublic1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.20.0/24",
"AvailabilityZone": {"Ref":"Zone1"},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": "subnetpublic1"
}
]
}
},
"subnetprivate2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.11.0/24",
"AvailabilityZone": {"Ref":"Zone2"},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": "subnetprivate2"
}
]
}
},
"subnetpublic2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.21.0/24",
"AvailabilityZone": {"Ref":"Zone2"},
"VpcId": {
"Ref": "vpc"
},
"Tags": [
{
"Key": "Name",
"Value": "subnetpublic2"
}
]
}
},
"igw611e1403": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
}
},
"dopt8d6d64ef": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "ec2.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"acld09683b2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"rtba64551c4": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"rtbe2eafe80": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"rtba74551c5": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"rtbd0beaab2": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpc"
}
}
},
"elbelb1": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Subnets": [
{"Ref":"subnetpublic1"},
{"Ref":"subnetpublic2"}
],
"HealthCheck": {
"HealthyThreshold": "2",
"Interval": "30",
"Target": "HTTP:8080/",
"Timeout": "5",
"UnhealthyThreshold": "5"
},
"Instances": [
{
"Ref": "instanceweb2"
},
{
"Ref": "instanceweb1"
}
],
"SecurityGroups": [
{
"Ref": "sgelbsg"
}
],
"Listeners": [
{
"InstancePort": "8080",
"LoadBalancerPort": "80",
"Protocol": "HTTP",
"InstanceProtocol": "HTTP"
}
]
}
},
"eippublic2": {
"Type": "AWS::EC2::EIP",
"DependsOn": "gw2",
"Properties": {
"Domain": "vpc",
"InstanceId": {
"Ref": "instancenat2"
}
}
},
"eippublic1": {
"Type": "AWS::EC2::EIP",
"DependsOn": "gw2",
"Properties": {
"Domain": "vpc",
"InstanceId": {
"Ref": "instancenat1"
}
}
},
"instancenat1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "FALSE",
"ImageId": {"Ref":"NatAMI"},
"InstanceType": {"Ref":"NatInstanceType"},
"KernelId": {"Ref":"NatKernelID"},
"KeyName": {"Ref":"KeyName"},
"Monitoring": "false",
"SourceDestCheck": "false",
"Tags": [
{
"Key": "Name",
"Value": "nat1"
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"Description": "Primary network interface",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetpublic1"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.20.228",
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgsshsg"
},
{
"Ref": "sgnatsg"
}
]
}
]
}
},
"instanceweb1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "FALSE",
"ImageId": {"Ref":"WebAMI"},
"InstanceType": {"Ref":"WebInstanceType"},
"KernelId": {"Ref":"WebKernelID"},
"KeyName": {"Ref":"KeyName"},
"Monitoring": "false",
"Tags": [
{
"Key": "Name",
"Value": "web-1"
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"Description": "Primary network interface",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetprivate1"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.10.16",
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgsshsg"
},
{
"Ref": "sgwebsg"
}
]
}
]
}
},
"instanceweb2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "FALSE",
"ImageId": {"Ref":"WebAMI"},
"InstanceType": {"Ref":"WebInstanceType"},
"KernelId": {"Ref":"WebKernelID"},
"KeyName": {"Ref":"KeyName"},
"Monitoring": "false",
"Tags": [
{
"Key": "Name",
"Value": "web-2"
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"Description": "Primary network interface",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetprivate2"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.11.186",
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgsshsg"
},
{
"Ref": "sgwebsg"
}
]
}
]
}
},
"instancenat2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "FALSE",
"ImageId": {"Ref":"NatAMI"},
"InstanceType": {"Ref":"NatInstanceType"},
"KernelId": {"Ref":"NatKernelID"},
"KeyName": {"Ref":"KeyName"},
"Monitoring": "false",
"SourceDestCheck": "false",
"Tags": [
{
"Key": "Name",
"Value": "nat-2"
}
],
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"Description": "Primary network interface",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "subnetpublic2"
},
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.21.219",
"Primary": "true"
}
],
"GroupSet": [
{
"Ref": "sgsshsg"
},
{
"Ref": "sgnatsg"
}
]
}
]
}
},
"sgsshsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SSH access SG",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {"Ref":"AccessOperationsCidr"}
}
]
}
},
"sgwebsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web SG",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"sgnatsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "NAT SG",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {"Ref":"AccessOperationsCidr"}
},
{
"IpProtocol": "tcp",
"FromPort": "10000",
"ToPort": "10255",
"CidrIp": {"Ref":"AccessOperationsCidr"}
},
{
"IpProtocol": "tcp",
"FromPort": "11000",
"ToPort": "11255",
"CidrIp": {"Ref":"AccessOperationsCidr"}
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"sgelbsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "ELB SG",
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {"Ref":"AccesElbCidr"}
}
]
}
},
"acl3": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": true,
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "acld09683b2"
}
}
},
"acl4": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "acld09683b2"
}
}
},
"subnetacl5": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acld09683b2"
},
"SubnetId": {
"Ref": "subnetpublic2"
}
}
},
"subnetacl6": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acld09683b2"
},
"SubnetId": {
"Ref": "subnetprivate1"
}
}
},
"subnetacl7": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acld09683b2"
},
"SubnetId": {
"Ref": "subnetprivate2"
}
}
},
"subnetacl8": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "acld09683b2"
},
"SubnetId": {
"Ref": "subnetpublic1"
}
}
},
"gw2": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"InternetGatewayId": {
"Ref": "igw611e1403"
}
}
},
"subnetroute7": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtbe2eafe80"
},
"SubnetId": {
"Ref": "subnetprivate2"
}
}
},
"subnetroute8": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtba74551c5"
},
"SubnetId": {
"Ref": "subnetpublic2"
}
}
},
"subnetroute9": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtba74551c5"
},
"SubnetId": {
"Ref": "subnetpublic1"
}
}
},
"subnetroute10": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtbd0beaab2"
},
"SubnetId": {
"Ref": "subnetprivate1"
}
}
},
"route6": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtbe2eafe80"
},
"InstanceId": {
"Ref": "instancenat2"
}
}
},
"route7": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtba74551c5"
},
"GatewayId": {
"Ref": "igw611e1403"
}
},
"DependsOn": "gw2"
},
"route8": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtbd0beaab2"
},
"InstanceId": {
"Ref": "instancenat1"
}
}
},
"dchpassoc2": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"DhcpOptionsId": {
"Ref": "dopt8d6d64ef"
}
}
},
"ingress14": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgsshsg"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "sgnatsg"
}
}
},
"ingress15": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgwebsg"
},
"IpProtocol": "tcp",
"FromPort": "8080",
"ToPort": "8080",
"SourceSecurityGroupId": {
"Ref": "sgelbsg"
}
}
},
"ingress18": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
}
}
},
"ingress19": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
}
}
},
"egress7": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
}
}
},
"egress8": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgelbsg"
},
"IpProtocol": "tcp",
"FromPort": "8080",
"ToPort": "8080",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
}
}
}
},
"Outputs": {
"vpcId": {
"Value": {
"Ref": "vpc"
}
},
"subnetprivate1Id": {
"Value": {
"Ref": "subnetprivate1"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.