-
-
Save jquass/bc5e69e2f7680c959ba6deb96fcff050 to your computer and use it in GitHub Desktop.
v4_1_2_quickstart.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: Mastodon on AWS | |
Parameters: | |
DomainName: | |
Description: The domain name for the Mastodon instance (e.g. social.cloudonaut.io) | |
Type: String | |
SecretKeyBase: | |
Description: Mastodon config SECRET_KEY_BASE (README explains how to gennerate | |
the secret) | |
Type: String | |
NoEcho: true | |
OtpSecret: | |
Description: Mastodon config OTP_SECRET (README explains how to gennerate the | |
secret) | |
Type: String | |
NoEcho: true | |
VapidPrivateKey: | |
Description: Mastodon config VAPID_PRIVATE_KEY (README explains how to gennerate | |
the key) | |
Type: String | |
NoEcho: true | |
VapidPublicKey: | |
Description: Mastodon config VAPID_PUBLIC_KEY (README explains how to gennerate | |
the key) | |
Type: String | |
NoEcho: true | |
Spot: | |
Description: Reduce costs and decrease availability by running on Fargate Spot? | |
Type: String | |
Default: true | |
AllowedValues: | |
- true | |
- false | |
AlertingHttpsEndpoint: | |
Description: Send infrastructure alarms and notifications to this HTTPS endpoint. | |
(optional) | |
Type: String | |
Default: '' | |
AlertingEmail: | |
Description: Send infrastructure alarms and notifications to this email address. | |
(optional) | |
Type: String | |
Default: '' | |
DatabaseAllocatedStorage: | |
Description: Provisioned storage for MySQL database (RDS) | |
Type: String | |
Default: '5' | |
Resources: | |
Alerting: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
HttpsEndpoint: | |
Ref: AlertingHttpsEndpoint | |
Email: | |
Ref: AlertingEmail | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/bb25315db98353a3d0ee920383fcf41f.template | |
Key: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
AliasName: '' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/08045067565895d23a4b4fa47ee66870.template | |
Secret: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
KmsKeyModule: | |
Fn::GetAtt: | |
- Key | |
- Outputs.StackName | |
Description: Database password for Mastodon on AWS | |
CharactersToExclude: '"@/\' | |
PasswordLength: 30 | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/19f2f47723b74267bec8f1ff82c0508d.template | |
HostedZone: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
Name: | |
Ref: DomainName | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/369ea5b32e3bcb94d153cde2903d60ab.template | |
Vpc: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
ClassB: 0 | |
NumberOfAvailabilityZones: 2 | |
S3Endpoint: true | |
DynamoDBEndpoint: true | |
FlowLog: reject-only | |
FlowLogRetentionInDays: 14 | |
NatGateways: false | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/d9306812f0b4190bc044fcb6bba68266.template | |
ClientSg: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/25b0546b4bb148dde1059393c09a1008.template | |
Bucket: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
Access: CloudFrontRead | |
Versioning: 'false' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/81dd1a7734943407662ba884615029b1.template | |
CloudFront: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
OriginBucketModule: | |
Fn::GetAtt: | |
- Bucket | |
- Outputs.StackName | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/101adbf59794ab7a723685b60ecd8324.template | |
Cache: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
ClientSgModule: | |
Fn::GetAtt: | |
- ClientSg | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
KmsKeyModule: | |
Fn::GetAtt: | |
- Key | |
- Outputs.StackName | |
EngineVersion: 5.0.6 | |
CacheNodeType: cache.t4g.micro | |
TransitEncryption: 'false' | |
AuthToken: '' | |
SnapshotRetentionLimit: '35' | |
SnapshotName: '' | |
NumShards: '1' | |
NumReplicas: '0' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/cbd918d6953c5f64f556cd969e415b3e.template | |
Database: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
ClientSgModule: | |
Fn::GetAtt: | |
- ClientSg | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
KmsKeyModule: | |
Fn::GetAtt: | |
- Key | |
- Outputs.StackName | |
SecretModule: | |
Fn::GetAtt: | |
- Secret | |
- Outputs.StackName | |
DBAllocatedStorage: | |
Ref: DatabaseAllocatedStorage | |
DBInstanceClass: db.t4g.micro | |
DBName: mastodon | |
DBBackupRetentionPeriod: '30' | |
DBMasterUsername: mastodon | |
DBMultiAZ: 'false' | |
EngineVersion: '14.5' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/90f6f6b0175104c2983da54d3840cf1d.template | |
Cluster: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/fae57f7dd124d2017a71d8b8f43aea04.template | |
WebService: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
ClusterModule: | |
Fn::GetAtt: | |
- Cluster | |
- Outputs.StackName | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
TargetModule: | |
Fn::GetAtt: | |
- Target | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
ClientSgModule1: | |
Fn::GetAtt: | |
- ClientSg | |
- Outputs.StackName | |
ManagedPolicyArns: | |
Ref: S3Policy | |
AppImage: tootsuite/mastodon:v4.1.2 | |
AppCommand: bash,-c,bundle exec rails db:migrate && bundle exec rails s -p | |
3000 | |
AppPort: '3000' | |
AppEnvironment1Key: LOCAL_DOMAIN | |
AppEnvironment1Value: | |
Ref: DomainName | |
AppEnvironment2Key: REDIS_HOST | |
AppEnvironment2Value: | |
Fn::GetAtt: | |
- Cache | |
- Outputs.DnsName | |
AppEnvironment3Key: DB_PASS | |
AppEnvironment3SecretModule: | |
Fn::GetAtt: | |
- Secret | |
- Outputs.StackName | |
AppEnvironment4Key: ES_ENABLED | |
AppEnvironment4Value: 'false' | |
AppEnvironment4SecretModule: '' | |
AppEnvironment5Key: SECRET_KEY_BASE | |
AppEnvironment5Value: | |
Ref: SecretKeyBase | |
AppEnvironment5SecretModule: '' | |
AppEnvironment6Key: OTP_SECRET | |
AppEnvironment6Value: | |
Ref: OtpSecret | |
AppEnvironment7Key: VAPID_PRIVATE_KEY | |
AppEnvironment7Value: | |
Ref: VapidPrivateKey | |
AppEnvironment8Key: VAPID_PUBLIC_KEY | |
AppEnvironment8Value: | |
Ref: VapidPublicKey | |
AppEnvironment9Key: S3_ENABLED | |
AppEnvironment9Value: 'true' | |
AppEnvironment10Key: S3_BUCKET | |
AppEnvironment10Value: | |
Fn::GetAtt: | |
- Bucket | |
- Outputs.Name | |
AppEnvironment11Key: DB_NAME | |
AppEnvironment11Value: mastodon | |
AppEnvironment12Key: DB_USER | |
AppEnvironment12Value: mastodon | |
AppEnvironment13Key: DB_HOST | |
AppEnvironment13Value: | |
Fn::GetAtt: | |
- Database | |
- Outputs.DnsName | |
AppEnvironment14Key: RAILS_ENV | |
AppEnvironment14Value: production | |
AppEnvironment15Key: SMTP_SERVER | |
AppEnvironment15Value: | |
Fn::Sub: email-smtp.${AWS::Region}.amazonaws.com | |
AppEnvironment16Key: SMTP_PORT | |
AppEnvironment16Value: '587' | |
AppEnvironment17Key: SMTP_LOGIN | |
AppEnvironment17Value: | |
Ref: EmailUserAccessKey | |
AppEnvironment18Key: SMTP_PASSWORD | |
AppEnvironment18Value: | |
Fn::GetAtt: | |
- SmtpPasswordConverter | |
- SmtpPassword | |
AppEnvironment19Key: SMTP_FROM_ADDRESS | |
AppEnvironment19Value: | |
Fn::Sub: noreply@${DomainName} | |
AppEnvironment20Key: S3_REGION | |
AppEnvironment20Value: | |
Ref: AWS::Region | |
AppEnvironment21Key: S3_ALIAS_HOST | |
AppEnvironment21Value: | |
Fn::GetAtt: | |
- CloudFront | |
- Outputs.DistributionDomainName | |
AppEnvironment22Key: S3_PERMISSION | |
AppEnvironment22Value: private | |
Cpu: '0.5' | |
Memory: '1' | |
DesiredCount: '1' | |
MaxCapacity: '1' | |
MinCapacity: '1' | |
LogsRetentionInDays: '14' | |
SubnetsReach: Public | |
AutoScaling: 'false' | |
HealthCheckGracePeriodSeconds: '60' | |
Spot: | |
Ref: Spot | |
CpuArchitecture: X86_64 | |
OperatingSystemFamily: LINUX | |
ExecuteCommand: true | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/76f6b76d113845619c7428d55aeb4357.template | |
StreamingApiService: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
ClusterModule: | |
Fn::GetAtt: | |
- Cluster | |
- Outputs.StackName | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
TargetModule: | |
Fn::GetAtt: | |
- StreamingApiTarget | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
ClientSgModule1: | |
Fn::GetAtt: | |
- ClientSg | |
- Outputs.StackName | |
ManagedPolicyArns: | |
Ref: S3Policy | |
AppImage: tootsuite/mastodon:v4.1.2 | |
AppCommand: bash,-c,node ./streaming | |
AppPort: '4000' | |
AppEnvironment1Key: LOCAL_DOMAIN | |
AppEnvironment1Value: | |
Ref: DomainName | |
AppEnvironment2Key: REDIS_HOST | |
AppEnvironment2Value: | |
Fn::GetAtt: | |
- Cache | |
- Outputs.DnsName | |
AppEnvironment3Key: DB_PASS | |
AppEnvironment3SecretModule: | |
Fn::GetAtt: | |
- Secret | |
- Outputs.StackName | |
AppEnvironment4Key: ES_ENABLED | |
AppEnvironment4Value: 'false' | |
AppEnvironment4SecretModule: '' | |
AppEnvironment5Key: SECRET_KEY_BASE | |
AppEnvironment5Value: | |
Ref: SecretKeyBase | |
AppEnvironment5SecretModule: '' | |
AppEnvironment6Key: OTP_SECRET | |
AppEnvironment6Value: | |
Ref: OtpSecret | |
AppEnvironment7Key: VAPID_PRIVATE_KEY | |
AppEnvironment7Value: | |
Ref: VapidPrivateKey | |
AppEnvironment8Key: VAPID_PUBLIC_KEY | |
AppEnvironment8Value: | |
Ref: VapidPublicKey | |
AppEnvironment9Key: S3_ENABLED | |
AppEnvironment9Value: 'true' | |
AppEnvironment10Key: S3_BUCKET | |
AppEnvironment10Value: | |
Fn::GetAtt: | |
- Bucket | |
- Outputs.Name | |
AppEnvironment11Key: DB_NAME | |
AppEnvironment11Value: mastodon | |
AppEnvironment12Key: DB_USER | |
AppEnvironment12Value: mastodon | |
AppEnvironment13Key: DB_HOST | |
AppEnvironment13Value: | |
Fn::GetAtt: | |
- Database | |
- Outputs.DnsName | |
AppEnvironment14Key: RAILS_ENV | |
AppEnvironment14Value: production | |
AppEnvironment15Key: SMTP_SERVER | |
AppEnvironment15Value: | |
Fn::Sub: email-smtp.${AWS::Region}.amazonaws.com | |
AppEnvironment16Key: SMTP_PORT | |
AppEnvironment16Value: '587' | |
AppEnvironment17Key: SMTP_LOGIN | |
AppEnvironment17Value: | |
Ref: EmailUserAccessKey | |
AppEnvironment18Key: SMTP_PASSWORD | |
AppEnvironment18Value: | |
Fn::GetAtt: | |
- SmtpPasswordConverter | |
- SmtpPassword | |
AppEnvironment19Key: SMTP_FROM_ADDRESS | |
AppEnvironment19Value: | |
Fn::Sub: noreply@${DomainName} | |
AppEnvironment20Key: S3_REGION | |
AppEnvironment20Value: | |
Ref: AWS::Region | |
AppEnvironment21Key: S3_ALIAS_HOST | |
AppEnvironment21Value: | |
Fn::GetAtt: | |
- CloudFront | |
- Outputs.DistributionDomainName | |
AppEnvironment22Key: S3_PERMISSION | |
AppEnvironment22Value: private | |
Cpu: '0.25' | |
Memory: '0.5' | |
DesiredCount: '1' | |
MaxCapacity: '1' | |
MinCapacity: '1' | |
LogsRetentionInDays: '14' | |
SubnetsReach: Public | |
AutoScaling: 'false' | |
HealthCheckGracePeriodSeconds: '60' | |
Spot: | |
Ref: Spot | |
CpuArchitecture: X86_64 | |
OperatingSystemFamily: LINUX | |
ExecuteCommand: true | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/76f6b76d113845619c7428d55aeb4357.template | |
SidekiqService: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
ClusterModule: | |
Fn::GetAtt: | |
- Cluster | |
- Outputs.StackName | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
ClientSgModule1: | |
Fn::GetAtt: | |
- ClientSg | |
- Outputs.StackName | |
ManagedPolicyArns: | |
Ref: S3Policy | |
AppImage: tootsuite/mastodon:v4.1.2 | |
AppCommand: bash,-c,bundle exec sidekiq | |
AppEnvironment1Key: LOCAL_DOMAIN | |
AppEnvironment1Value: | |
Ref: DomainName | |
AppEnvironment2Key: REDIS_HOST | |
AppEnvironment2Value: | |
Fn::GetAtt: | |
- Cache | |
- Outputs.DnsName | |
AppEnvironment3Key: DB_PASS | |
AppEnvironment3SecretModule: | |
Fn::GetAtt: | |
- Secret | |
- Outputs.StackName | |
AppEnvironment4Key: ES_ENABLED | |
AppEnvironment4Value: 'false' | |
AppEnvironment4SecretModule: '' | |
AppEnvironment5Key: SECRET_KEY_BASE | |
AppEnvironment5Value: | |
Ref: SecretKeyBase | |
AppEnvironment5SecretModule: '' | |
AppEnvironment6Key: OTP_SECRET | |
AppEnvironment6Value: | |
Ref: OtpSecret | |
AppEnvironment7Key: VAPID_PRIVATE_KEY | |
AppEnvironment7Value: | |
Ref: VapidPrivateKey | |
AppEnvironment8Key: VAPID_PUBLIC_KEY | |
AppEnvironment8Value: | |
Ref: VapidPublicKey | |
AppEnvironment9Key: S3_ENABLED | |
AppEnvironment9Value: 'true' | |
AppEnvironment10Key: S3_BUCKET | |
AppEnvironment10Value: | |
Fn::GetAtt: | |
- Bucket | |
- Outputs.Name | |
AppEnvironment11Key: DB_NAME | |
AppEnvironment11Value: mastodon | |
AppEnvironment12Key: DB_USER | |
AppEnvironment12Value: mastodon | |
AppEnvironment13Key: DB_HOST | |
AppEnvironment13Value: | |
Fn::GetAtt: | |
- Database | |
- Outputs.DnsName | |
AppEnvironment14Key: RAILS_ENV | |
AppEnvironment14Value: production | |
AppEnvironment15Key: SMTP_SERVER | |
AppEnvironment15Value: | |
Fn::Sub: email-smtp.${AWS::Region}.amazonaws.com | |
AppEnvironment16Key: SMTP_PORT | |
AppEnvironment16Value: '587' | |
AppEnvironment17Key: SMTP_LOGIN | |
AppEnvironment17Value: | |
Ref: EmailUserAccessKey | |
AppEnvironment18Key: SMTP_PASSWORD | |
AppEnvironment18Value: | |
Fn::GetAtt: | |
- SmtpPasswordConverter | |
- SmtpPassword | |
AppEnvironment19Key: SMTP_FROM_ADDRESS | |
AppEnvironment19Value: | |
Fn::Sub: noreply@${DomainName} | |
AppEnvironment20Key: S3_REGION | |
AppEnvironment20Value: | |
Ref: AWS::Region | |
AppEnvironment21Key: S3_ALIAS_HOST | |
AppEnvironment21Value: | |
Fn::GetAtt: | |
- CloudFront | |
- Outputs.DistributionDomainName | |
AppEnvironment22Key: S3_PERMISSION | |
AppEnvironment22Value: private | |
Cpu: '0.25' | |
Memory: '1' | |
DesiredCount: '1' | |
MaxCapacity: '1' | |
MinCapacity: '1' | |
LogsRetentionInDays: '14' | |
SubnetsReach: Public | |
AutoScaling: 'false' | |
HealthCheckGracePeriodSeconds: '60' | |
Spot: | |
Ref: Spot | |
CpuArchitecture: X86_64 | |
OperatingSystemFamily: LINUX | |
ExecuteCommand: true | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/76f6b76d113845619c7428d55aeb4357.template | |
AlbAccessLogBucket: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
Access: ElbAccessLogWrite | |
Versioning: 'false' | |
ExpirationInDays: '14' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/81dd1a7734943407662ba884615029b1.template | |
Alb: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
BucketModule: | |
Fn::GetAtt: | |
- AlbAccessLogBucket | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
Scheme: internet-facing | |
IdleTimeoutInSeconds: '60' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/019c64cd88283500bd1046f6667fd3da.template | |
AlbListener: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlbModule: | |
Fn::GetAtt: | |
- Alb | |
- Outputs.StackName | |
Port: '443' | |
CertificateArn: | |
Fn::GetAtt: | |
- Certificate | |
- Outputs.Arn | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/60d376baf9df177ef409a6cbbc9844cd.template | |
HttpListener: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlbModule: | |
Fn::GetAtt: | |
- Alb | |
- Outputs.StackName | |
Port: '80' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/60d376baf9df177ef409a6cbbc9844cd.template | |
Redirect: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlbListenerModule: | |
Fn::GetAtt: | |
- HttpListener | |
- Outputs.StackName | |
RedirectPort: '443' | |
Priority: '1' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/cb8719b3126c24164e7f50a144ae6d70.template | |
Target: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlbModule: | |
Fn::GetAtt: | |
- Alb | |
- Outputs.StackName | |
AlbListenerModule: | |
Fn::GetAtt: | |
- AlbListener | |
- Outputs.StackName | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
HealthCheckPath: /health | |
Priority: 3 | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/24cf8ac2cb4ef96915ed55c63019e1eb.template | |
StreamingApiTarget: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
AlbModule: | |
Fn::GetAtt: | |
- Alb | |
- Outputs.StackName | |
AlbListenerModule: | |
Fn::GetAtt: | |
- AlbListener | |
- Outputs.StackName | |
VpcModule: | |
Fn::GetAtt: | |
- Vpc | |
- Outputs.StackName | |
AlertingModule: | |
Fn::GetAtt: | |
- Alerting | |
- Outputs.StackName | |
HealthCheckPath: /api/v1/streaming/health | |
PathPattern: /api/v1/streaming/* | |
Priority: 2 | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/24cf8ac2cb4ef96915ed55c63019e1eb.template | |
Certificate: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
HostedZoneModule: | |
Fn::GetAtt: | |
- HostedZone | |
- Outputs.StackName | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/a511f8593b7d394e9bc0060224f63264.template | |
Record: | |
Type: AWS::CloudFormation::Stack | |
Properties: | |
Parameters: | |
HostedZoneModule: | |
Fn::GetAtt: | |
- HostedZone | |
- Outputs.StackName | |
LoadBalancerModule: | |
Fn::GetAtt: | |
- Alb | |
- Outputs.StackName | |
SubDomainNameWithDot: '' | |
TemplateURL: https://s3.eu-central-1.amazonaws.com/mastodon-on-aws-cloudformation/845bd72ad5102ba5fcc43072100f2c23.template | |
S3Policy: | |
Type: AWS::IAM::ManagedPolicy | |
Properties: | |
Description: Accessing S3 bucket | |
PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: s3:* | |
Resource: | |
Fn::Split: | |
- ',' | |
- Fn::GetAtt: | |
- Bucket | |
- Outputs.IamResources | |
EmailIdentity: | |
Type: AWS::SES::EmailIdentity | |
Properties: | |
DkimAttributes: | |
SigningEnabled: true | |
EmailIdentity: | |
Ref: DomainName | |
Dkim1Record: | |
Type: AWS::Route53::RecordSet | |
Properties: | |
HostedZoneId: | |
Fn::GetAtt: | |
- HostedZone | |
- Outputs.Id | |
Name: | |
Fn::GetAtt: | |
- EmailIdentity | |
- DkimDNSTokenName1 | |
ResourceRecords: | |
- Fn::GetAtt: | |
- EmailIdentity | |
- DkimDNSTokenValue1 | |
TTL: 300 | |
Type: CNAME | |
Dkim2Record: | |
Type: AWS::Route53::RecordSet | |
Properties: | |
HostedZoneId: | |
Fn::GetAtt: | |
- HostedZone | |
- Outputs.Id | |
Name: | |
Fn::GetAtt: | |
- EmailIdentity | |
- DkimDNSTokenName2 | |
ResourceRecords: | |
- Fn::GetAtt: | |
- EmailIdentity | |
- DkimDNSTokenValue2 | |
TTL: 300 | |
Type: CNAME | |
Dkim3Record: | |
Type: AWS::Route53::RecordSet | |
Properties: | |
HostedZoneId: | |
Fn::GetAtt: | |
- HostedZone | |
- Outputs.Id | |
Name: | |
Fn::GetAtt: | |
- EmailIdentity | |
- DkimDNSTokenName3 | |
ResourceRecords: | |
- Fn::GetAtt: | |
- EmailIdentity | |
- DkimDNSTokenValue3 | |
TTL: 300 | |
Type: CNAME | |
EmailUser: | |
Type: AWS::IAM::User | |
Properties: | |
Policies: | |
- PolicyName: ses | |
PolicyDocument: | |
Statement: | |
- Effect: Allow | |
Action: ses:SendRawEmail | |
Resource: '*' | |
EmailUserAccessKey: | |
Type: AWS::IAM::AccessKey | |
Properties: | |
Serial: 1 | |
Status: Active | |
UserName: | |
Ref: EmailUser | |
LambdaRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: lambda.amazonaws.com | |
Action: sts:AssumeRole | |
LambdaPolicy: | |
Type: AWS::IAM::Policy | |
Properties: | |
Roles: | |
- Ref: LambdaRole | |
PolicyName: lambda | |
PolicyDocument: | |
Statement: | |
- Effect: Allow | |
Action: | |
- logs:CreateLogStream | |
- logs:PutLogEvents | |
Resource: | |
Fn::GetAtt: | |
- LambdaLogGroup | |
- Arn | |
SmtpPasswordConverterLamdaFunction: | |
Type: AWS::Lambda::Function | |
Properties: | |
Code: | |
ZipFile: "'use strict';\nconst response = require('cfn-response');\nconst\ | |
\ buffer = require('buffer');\nconst crypto = require('crypto');\n\nfunction\ | |
\ sign(key, message) {\n const hmac = crypto.createHmac('sha256', buffer.Buffer.from(key.map((a)\ | |
\ => a.charCodeAt(0)))).update(message);\n return hmac.digest('binary').toString().split('');\n\ | |
};\n\nfunction calculateSesSmtpPassword(secretAccessKey, region) {\n const\ | |
\ date = '11111111';\n const service = 'ses';\n const terminal = 'aws4_request';\n\ | |
\ const message = 'SendRawEmail';\n const version = [0x04];\n let signature\ | |
\ = sign(`AWS4${secretAccessKey}`.split(''), date);\n signature = sign(signature,\ | |
\ region);\n signature = sign(signature, service);\n signature = sign(signature,\ | |
\ terminal);\n signature = sign(signature, message);\n const signatureAndVersion\ | |
\ = version.slice();\n signature.forEach((a) => signatureAndVersion.push(a.charCodeAt(0)));\n\ | |
\ return buffer.Buffer.from(signatureAndVersion).toString('base64');\n\ | |
};\n\nexports.handler = (event, context, cb) => {\n const key = event.ResourceProperties.SecretAccessKey;\n\ | |
\ const region = event.ResourceProperties.Region;\n if (event.RequestType\ | |
\ === 'Delete') {\n response.send(event, context, response.SUCCESS, {});\n\ | |
\ } else if (event.RequestType === 'Create') {\n response.send(event,\ | |
\ context, response.SUCCESS, {SmtpPassword: calculateSesSmtpPassword(key,\ | |
\ region)});\n } else if (event.RequestType === 'Update') {\n response.send(event,\ | |
\ context, response.SUCCESS, {SmtpPassword: calculateSesSmtpPassword(key,\ | |
\ region)});\n } else {\n response.send(event, context, response.FAILED,\ | |
\ {});\n }\n};\n" | |
Handler: index.handler | |
MemorySize: 128 | |
Role: | |
Fn::GetAtt: | |
- LambdaRole | |
- Arn | |
Runtime: nodejs16.x | |
Timeout: 60 | |
LambdaLogGroup: | |
Type: AWS::Logs::LogGroup | |
Properties: | |
LogGroupName: | |
Fn::Sub: /aws/lambda/${SmtpPasswordConverterLamdaFunction} | |
RetentionInDays: 14 | |
SmtpPasswordConverter: | |
Type: Custom::SmtpPasswordConverter | |
DependsOn: | |
- LambdaLogGroup | |
- LambdaPolicy | |
Version: '1.0' | |
Properties: | |
SecretAccessKey: | |
Fn::GetAtt: | |
- EmailUserAccessKey | |
- SecretAccessKey | |
Region: | |
Ref: AWS::Region | |
ServiceToken: | |
Fn::GetAtt: | |
- SmtpPasswordConverterLamdaFunction | |
- Arn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment