Skip to content

Instantly share code, notes, and snippets.

@sakamaki-kazuyoshi

sakamaki-kazuyoshi/sample-2018-01.template

Last active January 28, 2018 11:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sakamaki-kazuyoshi/4594e443ee1aef6a30d236b8bc6b5c84 to your computer and use it in GitHub Desktop.
Save sakamaki-kazuyoshi/4594e443ee1aef6a30d236b8bc6b5c84 to your computer and use it in GitHub Desktop.
Download ZIP
sample-2018-01_bk
Raw
sample-2018-01.template
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters" : {
"KeyName" : {
"Description" : "input EC2 Keyname",
"Type" : "AWS::EC2::KeyPair::KeyName"
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.0.0.0/16",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"InstanceTenancy" : "default",
"Tags" : [ {"Key" : "Name", "Value" : "VPC"}]
}
},
"IGW" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [ {"Key" : "Name", "Value" : "IGW"}]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [ {"Key" : "Name", "Value" : "PublicRoute"}]
}
},
"PrivateRoute" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [ {"Key" : "Name", "Value" : "PrivateRoute"}]
}
},
"Route" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRoute" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "IGW" }
}
},
"AttachIGW" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"InternetGatewayId" : { "Ref" : "IGW" },
"VpcId" : { "Ref" : "VPC" }
}
},
"BastionSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : "10.0.1.0/24",
"VpcId" : { "Ref" : "VPC" },
"Tags" : [ {"Key" : "Name", "Value" : "BastionSubnet1"}]
}
},
"FrontendSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : "10.0.2.0/24",
"VpcId" : { "Ref" : "VPC" },
"Tags" : [ {"Key" : "Name", "Value" : "FrontendSubnet1"}]
}
},
"FrontendSubnet2" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1c",
"CidrBlock" : "10.0.3.0/24",
"VpcId" : { "Ref" : "VPC" },
"Tags" : [ {"Key" : "Name", "Value" : "FrontendSubnet2"}]
}
},
"BastionSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "BastionSubnet1" },
"RouteTableId" : { "Ref" : "PublicRoute" }
}
},
"FrontendSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "FrontendSubnet1" },
"RouteTableId" : { "Ref" : "PublicRoute" }
}
},
"FrontendSubnet2RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "FrontendSubnet2" },
"RouteTableId" : { "Ref" : "PublicRoute" }
}
},
"BastionSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "BastionServerSG",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" },
],
"Tags" : [ {"Key" : "Name", "Value" : "BastionServerSG"}]
}
},
"FrontendELBSG" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "FrontendELBSG",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" },
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" }
],
"Tags" : [ {"Key" : "Name", "Value" : "FrontendELBSG"}]
}
},
"FrontendServiceSG" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "FrontendServiceSG",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "SourceSecurityGroupId" : { "Ref" : "FrontendELBSG" } },
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "SourceSecurityGroupId" : { "Ref" : "FrontendELBSG" } }
],
"Tags" : [ {"Key" : "Name", "Value" : "FrontendServiceSG"}]
}
},
"FrontendAdminSG" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "FrontendAdminSG",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "SourceSecurityGroupId" : { "Ref" : "BastionSecurityGroup" } }
],
"Tags" : [ {"Key" : "Name", "Value" : "FrontendAdminSG"}]
}
},
"PowerUserRole" : {
"Type" : "AWS::IAM::Role",
"Properties" : {
"AssumeRolePolicyDocument" : {
"Statement": [ {
"Effect": "Allow",
"Principal": { "Service": [ "ec2.amazonaws.com" ] },
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path" : "/",
"Policies" :[ {
"PolicyName" : "PowerUserPolicy",
"PolicyDocument" : {
"Statement": [ {
"Sid": "PowerUserStmt",
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
} ]
}
}]
}
},
"PowerUserProfile" : {
"Type" : "AWS::IAM::InstanceProfile",
"Properties" : {
"Path": "/",
"Roles" : [ { "Ref" : "PowerUserRole" } ]
}
},
"BastionInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"IamInstanceProfile": { "Ref" : "PowerUserProfile" },
"ImageId": "ami-33c25b55",
"InstanceType" : "t2.micro",
"KeyName": { "Ref": "KeyName" },
"SubnetId" : {"Ref" : "FrontendSubnet1" },
"SecurityGroupIds" : [ { "Ref": "BastionSecurityGroup" } ],
"Tags" : [ {"Key" : "Name", "Value" : "BastionServer"} ]
}
},
"BastionInstanceEIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"InstanceId": { "Ref": "BastionInstance" },
}
},
"FrontendInstance1" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"IamInstanceProfile": { "Ref" : "PowerUserProfile" },
"ImageId": "ami-33c25b55",
"InstanceType" : "t2.micro",
"KeyName": { "Ref": "KeyName" },
"SubnetId" : {"Ref" : "FrontendSubnet1" },
"SecurityGroupIds" : [
{ "Ref": "FrontendServiceSG" },
{ "Ref": "FrontendAdminSG" }
],
"Tags" : [ {"Key" : "Name", "Value" : "Frontend01"} ]
}
},
"FrontendInstance2" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1c",
"IamInstanceProfile": { "Ref" : "PowerUserProfile" },
"ImageId": "ami-33c25b55",
"InstanceType" : "t2.micro",
"KeyName": { "Ref": "KeyName" },
"SubnetId" : {"Ref" : "FrontendSubnet2" },
"SecurityGroupIds" : [
{ "Ref": "FrontendServiceSG" },
{ "Ref": "FrontendAdminSG" }
],
"Tags" : [ {"Key" : "Name", "Value" : "Frontend02"} ]
}
},
"ElasticLoadBalancer" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"Subnets" : [
{ "Ref" : "FrontendSubnet1" },
{ "Ref" : "FrontendSubnet2" }
],
"Listeners" : [
{ "LoadBalancerPort" : "80", "InstancePort" : "80", "Protocol" : "HTTP" }
],
"HealthCheck" : {
"Target" : "HTTP:80/index.html",
"HealthyThreshold" : "2",
"UnhealthyThreshold" : "2",
"Interval" : "6",
"Timeout" : "5"
},
"SecurityGroups" : [
{ "Ref" : "FrontendELBSG" }
],
"Instances" : [
{ "Ref" : "FrontendInstance1" },
{ "Ref" : "FrontendInstance2" }
]
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment