Skip to content

Instantly share code, notes, and snippets.

@zduymz

zduymz/aurora-values.json Secret

Last active January 26, 2021 01:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save zduymz/be826fa7a99489dca6326d99444bd9f3 to your computer and use it in GitHub Desktop.
Save zduymz/be826fa7a99489dca6326d99444bd9f3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aurora-values.json
[
{
"ParameterKey": "DbClusterIdentifier",
"ParameterValue": "aurora-1"
},
{
"ParameterKey": "Database",
"ParameterValue": "aurora"
},
{
"ParameterKey": "MasterUserName",
"ParameterValue": "aurora"
},
{
"ParameterKey": "MasterPassword",
"ParameterValue": "aurora12345678"
},
{
"ParameterKey": "EngineVersion",
"ParameterValue": "10.7"
},
{
"ParameterKey": "VpcId",
"ParameterValue": "vpc-9931a0fc"
},
{
"ParameterKey": "Subnets",
"ParameterValue": "subnet-0095562e1724671c1,subnet-02cd647095b17fc58,subnet-05e04028ac3ee0dd1"
},
{
"ParameterKey": "DbInstanceClass",
"ParameterValue": "db.t3.medium"
}
]
Raw
aurora.yml
Parameters:
DbClusterIdentifier:
Type: String
Default: aurora-1
Description: The name must be unique across all DB clusters owned by your AWS account in the current AWS Region.
Database:
Type: String
Default: aurora
Description: Initial database name
MasterUserName:
Type: String
Default: aurora
Description: Specify an alphanumeric string that defines the login ID for the master user
MasterPassword:
Type: String
Default: aurora
Description: Specify a string that defines the password for the master user. Master Password must be at least eight characters long
EngineVersion:
Type: String
Default: "10.7"
Description: DB engine versions
VpcId:
Type: AWS::EC2::VPC::Id
Default: aurora
Description: vpc-9931a0fc
Subnets:
Type: List<AWS::EC2::Subnet::Id>
DbInstanceClass:
Type: String
Default: db.t3.medium
Description: DB instance class that allocates the computational, network, and memory capacity required by planned workload of this DB instance
Resources:
AuroraSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnet group to access aurora
SubnetIds:
Ref: Subnets
DBSubnetGroupName: aurora-subnet-group
EksWorkerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: EksWorkerSecurityGroup
GroupName: EksWorkerSecurityGroup
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
VpcId:
Ref: VpcId
AuroraSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: AuroraSecurityGroup
GroupName: AuroraSecurityGroup
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
SecurityGroupIngress:
- FromPort: 5432
IpProtocol: tcp
SourceSecurityGroupId:
Fn::GetAtt:
- EksWorkerSG
- GroupId
ToPort: 5432
VpcId:
Ref: VpcId
DependsOn:
- EksWorkerSG
AuroraCluster:
Type: AWS::RDS::DBCluster
Properties:
Engine: aurora-postgresql
DatabaseName:
Ref: Database
DBClusterIdentifier:
Ref: DbClusterIdentifier
DBSubnetGroupName: aurora-subnet-group
DeletionProtection: false
EngineMode: provisioned
EngineVersion:
Ref: EngineVersion
MasterUsername:
Ref: MasterUserName
MasterUserPassword:
Ref: MasterPassword
Port: 5432
VpcSecurityGroupIds:
- Fn::GetAtt:
- AuroraSG
- GroupId
DependsOn:
- AuroraSubnetGroup
DBIntance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass:
Ref: DbInstanceClass
DBClusterIdentifier:
Ref: DbClusterIdentifier
Engine: aurora-postgresql
PubliclyAccessible: false
DependsOn:
- AuroraCluster
Outputs:
EksWorkerSGOutut:
Description: Security Group that need to attach to EKS Worker
Value:
Fn::GetAtt:
- EksWorkerSG
- GroupId
Raw
efs-values.json
[
{
"ParameterKey": "ElasticFileSystem",
"ParameterValue": "efs-testtt"
},
{
"ParameterKey": "VpcId",
"ParameterValue": "vpc-9931a0fc"
},
{
"ParameterKey": "SubnetZoneA",
"ParameterValue": "subnet-02cd647095b17fc58"
},
{
"ParameterKey": "SubnetZoneB",
"ParameterValue": "subnet-0095562e1724671c1"
},
{
"ParameterKey": "SubnetZoneC",
"ParameterValue": "subnet-02d39f4e3d9df8fb4"
},
{
"ParameterKey": "EksWorkerSecurityGroup",
"ParameterValue": "sg-8913e3ed"
}
]
Raw
efs.yml
Parameters:
ElasticFileSystem:
Type: String
Default: ""
Description: EFS Name
VpcId:
Type: AWS::EC2::VPC::Id
Default: ""
Description: vpc-9931a0fc
SubnetZoneA:
Type: AWS::EC2::Subnet::Id
Default: ""
Description: Subnet zone A
SubnetZoneB:
Type: AWS::EC2::Subnet::Id
Default: ""
Description: Subnet zone B
SubnetZoneC:
Type: AWS::EC2::Subnet::Id
Default: ""
Description: Subnet zone C
EksWorkerSecurityGroup:
Type: AWS::EC2::SecurityGroup::Id
Default: ""
Description: Security Group from Aurora output
Resources:
EFSFileSystem:
Type: AWS::EFS::FileSystem
Properties:
Encrypted: false
FileSystemPolicy:
Statement:
- Action:
- elasticfilesystem:ClientMount
- elasticfilesystem:ClientWrite
- elasticfilesystem:ClientRootAccess
Effect: Allow
Principal: "*"
Resource: "*"
Version: "2012-10-17"
FileSystemTags:
- Key: Name
Value:
Ref: ElasticFileSystem
LifecyclePolicies:
- TransitionToIA: AFTER_30_DAYS
EfsSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: EfsSecurityGroup
GroupName: EfsSecurityGroup
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
SecurityGroupIngress:
- FromPort: 2049
IpProtocol: tcp
SourceSecurityGroupId:
Ref: EksWorkerSecurityGroup
ToPort: 2049
VpcId:
Ref: VpcId
MountTargetZoneA:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId:
Fn::GetAtt:
- EFSFileSystem
- FileSystemId
SecurityGroups:
- Fn::GetAtt:
- EfsSecurityGroup
- GroupId
SubnetId:
Ref: SubnetZoneA
DependsOn:
- EFSFileSystem
MountTargetZoneB:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId:
Fn::GetAtt:
- EFSFileSystem
- FileSystemId
SecurityGroups:
- Fn::GetAtt:
- EfsSecurityGroup
- GroupId
SubnetId:
Ref: SubnetZoneB
DependsOn:
- EFSFileSystem
MountTargetZoneC:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId:
Fn::GetAtt:
- EFSFileSystem
- FileSystemId
SecurityGroups:
- Fn::GetAtt:
- EfsSecurityGroup
- GroupId
SubnetId:
Ref: SubnetZoneC
DependsOn:
- EFSFileSystem
Raw
eks-aurora-instructions.md

Instruction

To accomplish this task, you have to install these tools

Setup aurora cluster

There are 2 files:

  • aurora.yml - cloudformation template
  • aurora-values.json - variables value file
aws cloudformation create-stack --stack-name aurora-cluster-test --template-body file://aurora.yml --parameters file://aurora-values.json

Setup S3

  • s3.yml - cloudformation template
  • s3-values.json - variables value file
aws cloudformation create-stack --stack-name s3-test --template-body file://s3.yml --parameters file://s3-values.json

Setup EFS

  • efs.yml - cloudformation template
  • efs-values.json - variables value file Note efs-values.json require 3 different subnet in different zone A, B,C. And Security Group from aurora stack output.
aws cloudformation create-stack --stack-name efs-test --template-body file://efs.yml --parameters file://efs-values.json

Setup eks cluster

Before setting up eks cluster. you have to create a new security group (<CLUSTER_SECURITY_GROUP> for later use) that allow inbound port 443 from 0.0.0.0/0

eks-cluster.yml break out

metadata:
  name: <CLUSTER_NAME>
  region: <AWS_REGION>
  version: "<EKS_VERSION>"

vpc:
  id: <VPC_ID>
  cidr: <VPC_CIDR>
  securityGroup: "<CLUSTER_SECURITY_GROUP>"
  cidr: "10.1.0.0/16"
  autoAllocateIPv6: false
  clusterEndpoints:
    publicAccess: false
    privateAccess: true
  subnets:
    private:
      us-west-2a:
        id: <PRIVATE_SUBNET_IN_ZONE_A>
      us-west-2b:
        id: <PRIVATE_SUBNET_IN_ZONE_B>
      us-wesst-2c:
        id: <PRIVATE_SUBNET_IN_ZONE_C>

nodeGroups:
  - name: <WORKER_GROUP_NAME>
    instanceType: <WORKER_INSTANCE_TYPE>
    securityGroups:
      withShared: true
      attachIDs:
        - <SECURITY_GROUP_FROM_AURORA_OUTPUT>
    desiredCapacity: 4
...

# Eks setup could take 15-20 mins or longer
eksctl create cluster -f eks-cluster.yml

Clean up the cluster

eksctl delete cluster -f eks-cluster.yml
Raw
eks-cluster.yml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: test-1
region: us-west-2
version: "1.18"
cloudWatch:
clusterLogging:
enableTypes: ["*"]
iam:
withOIDC: true
serviceAccounts:
- metadata:
name: default
namespace: default
roleName: default-worker-iam-role
attachPolicyARNs:
- "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
attachPolicy:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "elasticfilesystem:*"
Resource: '*'
vpc:
id: "vpc-9931a0fc"
securityGroup: "sg-ec2-instance-securitygroup"
cidr: "10.1.0.0/16"
autoAllocateIPv6: false
clusterEndpoints:
publicAccess: false
privateAccess: true
subnets:
private:
us-west-2a:
id: "subnet-02cd647095b17fc58"
us-west-2b:
id: "subnet-0095562e1724671c1"
us-wesst-2c:
id: "subnet-02d39f4e3d9df8fb4"
nodeGroups:
- name: ng-1
instanceType: m5.large
ssh:
allow: true
publicKeyName: learnpython-use1-ky
securityGroups:
withShared: true
attachIDs:
- sg-078d73e6aea521ffd
desiredCapacity: 1
minSize: 1
maxSize: 30
volumeSize: 50
volumeType: gp2
volumeEncrypted: false
maxPodsPerNode: 15
labels:
Name: ng-1
privateNetworking: true
kubeletExtraConfig:
kubeReserved:
cpu: "300m"
memory: "1G"
ephemeral-storage: "1G"
systemReserved:
cpu: "300m"
memory: "0.2G"
ephemeral-storage: "1G"
evictionHard:
memory.available: "200Mi"
nodefs.available: "10%"
Raw
s3-values.json
[
{
"ParameterKey": "BucketName",
"ParameterValue": "dmai-testttt"
}
]
Raw
s3.yml
Parameters:
BucketName:
Type: String
Default: bucket-example-112233
Description: Name of the bucket
Resources:
Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName:
Ref: BucketName
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment