Last active
February 11, 2020 20:00
-
-
Save mreferre/d6de51102c6773e6767b34b67cec14d7 to your computer and use it in GitHub Desktop.
Yelb Plumbing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'EC2 Postgres and EC2 Redis deployments for Yelb backends' | |
| Parameters: | |
| KeyName: | |
| Description: Name of an existing EC2 KeyPair to enable SSH access to the instance | |
| (where applicable) | |
| Type: AWS::EC2::KeyPair::KeyName | |
| ConstraintDescription: Can contain only ASCII characters. | |
| InstanceType: | |
| Description: Yelb EC2 instance type (where applicable) | |
| Type: String | |
| Default: t2.small | |
| AllowedValues: | |
| - t2.small | |
| - t2.medium | |
| - m5.large | |
| ConstraintDescription: Must be a valid EC2 instance type | |
| VPC: | |
| Description: The VPC that the ECS cluster is deployed to | |
| Type: AWS::EC2::VPC::Id | |
| Subnet: | |
| Type: AWS::EC2::Subnet::Id | |
| Description: Subnet | |
| Mappings: | |
| AWSInstanceType2Arch: | |
| t2.small: | |
| Arch: HVMG2 | |
| t2.medium: | |
| Arch: HVMG2 | |
| m5.large: | |
| Arch: HVMG2 | |
| AWSRegionArch2AMI: | |
| us-east-1: | |
| HVMG2: ami-1853ac65 | |
| us-west-1: | |
| HVMG2: ami-bf5540df | |
| us-west-2: | |
| HVMG2: ami-d874e0a0 | |
| eu-west-1: | |
| HVMG2: ami-3bfab942 | |
| eu-central-1: | |
| HVMG2: ami-ac442ac3 | |
| ap-southeast-2: | |
| HVMG2: ami-43874721 | |
| Resources: | |
| RedisCache: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: | |
| Fn::FindInMap: | |
| - AWSRegionArch2AMI | |
| - Ref: AWS::Region | |
| - Fn::FindInMap: | |
| - AWSInstanceType2Arch | |
| - Ref: InstanceType | |
| - Arch | |
| InstanceType: | |
| Ref: InstanceType | |
| SecurityGroupIds: | |
| - Ref: YelbSecurityGroupRedisCache | |
| KeyName: | |
| Ref: KeyName | |
| Tags: | |
| - Key: Name | |
| Value: redis-cache | |
| SubnetId: !Ref 'Subnet' | |
| UserData: | |
| Fn::Base64: | |
| Fn::Join: | |
| - '' | |
| - - "#!/bin/bash -ex" | |
| - "\n" | |
| - "\n" | |
| - curl https://raw.githubusercontent.com/mreferre/yelb/master/deployments/platformdeployment/Linux/redis-server.sh | |
| | bash | |
| YelbDb: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: | |
| Fn::FindInMap: | |
| - AWSRegionArch2AMI | |
| - Ref: AWS::Region | |
| - Fn::FindInMap: | |
| - AWSInstanceType2Arch | |
| - Ref: InstanceType | |
| - Arch | |
| InstanceType: | |
| Ref: InstanceType | |
| SecurityGroupIds: | |
| - Ref: YelbSecurityGroupYelbDb | |
| KeyName: | |
| Ref: KeyName | |
| Tags: | |
| - Key: Name | |
| Value: yelb-db | |
| SubnetId: !Ref 'Subnet' | |
| UserData: | |
| Fn::Base64: | |
| Fn::Join: | |
| - '' | |
| - - "#!/bin/bash -ex" | |
| - "\n" | |
| - "\n" | |
| - curl https://raw.githubusercontent.com/mreferre/yelb/master/deployments/platformdeployment/Linux/yelb-db.sh | |
| | bash | |
| YelbSecurityGroupRedisCache: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Enable Redis access from inside the VPC and SSH access from | |
| the Internet | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: '6379' | |
| ToPort: '6379' | |
| CidrIp: 0.0.0.0/0 | |
| VpcId: !Ref 'VPC' | |
| YelbSecurityGroupYelbDb: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: Enable Postgres access from inside the VPC and SSH access | |
| from the Internet | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: '5432' | |
| ToPort: '5432' | |
| CidrIp: 0.0.0.0/0 | |
| VpcId: !Ref 'VPC' | |
| Outputs: | |
| RedisCacheEndPoint: | |
| Description: The private dns name of the redis server | |
| Value: !GetAtt RedisCache.PrivateDnsName | |
| YelbDbEndPoint: | |
| Description: The private dns name of the yelb-db server | |
| Value: !GetAtt YelbDb.PrivateDnsName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: This template deploys a VPC, with a pair of public and private subnets spread | |
| across two Availability Zones. It deploys an internet gateway, with a default | |
| route on the public subnets. It deploys a pair of NAT gateways (one in each AZ), | |
| and default routes for them in the private subnets. | |
| Parameters: | |
| EnvironmentName: | |
| Description: An environment name that is prefixed to resource names | |
| Type: String | |
| VpcCIDR: | |
| Description: Please enter the IP range (CIDR notation) for this VPC | |
| Type: String | |
| Default: 10.192.0.0/16 | |
| PublicSubnet1CIDR: | |
| Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone | |
| Type: String | |
| Default: 10.192.10.0/24 | |
| PublicSubnet2CIDR: | |
| Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone | |
| Type: String | |
| Default: 10.192.11.0/24 | |
| PrivateSubnet1CIDR: | |
| Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone | |
| Type: String | |
| Default: 10.192.20.0/24 | |
| PrivateSubnet2CIDR: | |
| Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone | |
| Type: String | |
| Default: 10.192.21.0/24 | |
| Resources: | |
| VPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: !Ref VpcCIDR | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| Tags: | |
| - Key: Name | |
| Value: !Ref EnvironmentName | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Ref EnvironmentName | |
| InternetGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref VPC | |
| PublicSubnet1: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Select [ 0, !GetAZs '' ] | |
| CidrBlock: !Ref PublicSubnet1CIDR | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Public Subnet (AZ1) | |
| PublicSubnet2: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Select [ 1, !GetAZs '' ] | |
| CidrBlock: !Ref PublicSubnet2CIDR | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Public Subnet (AZ2) | |
| PrivateSubnet1: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Select [ 0, !GetAZs '' ] | |
| CidrBlock: !Ref PrivateSubnet1CIDR | |
| MapPublicIpOnLaunch: false | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Subnet (AZ1) | |
| PrivateSubnet2: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref VPC | |
| AvailabilityZone: !Select [ 1, !GetAZs '' ] | |
| CidrBlock: !Ref PrivateSubnet2CIDR | |
| MapPublicIpOnLaunch: false | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Subnet (AZ2) | |
| NatGateway1EIP: | |
| Type: AWS::EC2::EIP | |
| DependsOn: InternetGatewayAttachment | |
| Properties: | |
| Domain: vpc | |
| NatGateway2EIP: | |
| Type: AWS::EC2::EIP | |
| DependsOn: InternetGatewayAttachment | |
| Properties: | |
| Domain: vpc | |
| NatGateway1: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt NatGateway1EIP.AllocationId | |
| SubnetId: !Ref PublicSubnet1 | |
| NatGateway2: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: !GetAtt NatGateway2EIP.AllocationId | |
| SubnetId: !Ref PublicSubnet2 | |
| PublicRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Public Routes | |
| DefaultPublicRoute: | |
| Type: AWS::EC2::Route | |
| DependsOn: InternetGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref InternetGateway | |
| PublicSubnet1RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnet1 | |
| PublicSubnet2RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PublicRouteTable | |
| SubnetId: !Ref PublicSubnet2 | |
| PrivateRouteTable1: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Routes (AZ1) | |
| DefaultPrivateRoute1: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable1 | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref NatGateway1 | |
| PrivateSubnet1RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable1 | |
| SubnetId: !Ref PrivateSubnet1 | |
| PrivateRouteTable2: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub ${EnvironmentName} Private Routes (AZ2) | |
| DefaultPrivateRoute2: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable2 | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref NatGateway2 | |
| PrivateSubnet2RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: !Ref PrivateRouteTable2 | |
| SubnetId: !Ref PrivateSubnet2 | |
| NoIngressSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupName: "no-ingress-sg" | |
| GroupDescription: "Security group with no ingress rule" | |
| VpcId: !Ref VPC | |
| Outputs: | |
| VPC: | |
| Description: A reference to the created VPC | |
| Value: !Ref VPC | |
| PublicSubnets: | |
| Description: A list of the public subnets | |
| Value: !Join [ ",", [ !Ref PublicSubnet1, !Ref PublicSubnet2 ]] | |
| PrivateSubnets: | |
| Description: A list of the private subnets | |
| Value: !Join [ ",", [ !Ref PrivateSubnet1, !Ref PrivateSubnet2 ]] | |
| PublicSubnet1: | |
| Description: A reference to the public subnet in the 1st Availability Zone | |
| Value: !Ref PublicSubnet1 | |
| PublicSubnet2: | |
| Description: A reference to the public subnet in the 2nd Availability Zone | |
| Value: !Ref PublicSubnet2 | |
| PrivateSubnet1: | |
| Description: A reference to the private subnet in the 1st Availability Zone | |
| Value: !Ref PrivateSubnet1 | |
| PrivateSubnet2: | |
| Description: A reference to the private subnet in the 2nd Availability Zone | |
| Value: !Ref PrivateSubnet2 | |
| NoIngressSecurityGroup: | |
| Description: Security group with no ingress rule | |
| Value: !Ref NoIngressSecurityGroup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment