-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathservers.yml
199 lines (178 loc) · 6.41 KB
/
servers.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
Description: This template deploys the servers and other resources for Udagram web application.
Parameters:
EnvironmentName:
Description: This name will be prefixed to all the resources.
Type: String
ServerAMIId:
Description: AMI ID for EC2 instances.
Type: String
InstanceType:
Description: EC2 instance type
Type: String
Resources:
## Security Groups ##
# Security Group for Load Balancer
LBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to our load balancer
VpcId:
Fn::ImportValue: !Sub "${EnvironmentName}-VPCID"
SecurityGroupIngress: #Allowing inbound traffic on port 80
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
SecurityGroupEgress: #Allowing outbound traffic on port 80
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
# Security group for Udagram app servers
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to our hosts and SSH from local only
VpcId:
Fn::ImportValue: !Sub "${EnvironmentName}-VPCID"
SecurityGroupIngress: #Allowing inbound traffic on port 80 for accessing application and on port 22 for SSH in case of troubleshooting any issues.
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
SecurityGroupEgress: # Allowing outbound traffic on all ports so that updates or patches can be downloaded.
- IpProtocol: tcp
FromPort: 0
ToPort: 65535
CidrIp: 0.0.0.0/0
## IAM Roles and Policies ##
# An IAM role that allows ec2 to list.
S3BucketsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
# An IAM instance profile
S3BucketsInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- Ref: S3BucketsRole
# An IAM policy that allows EC2 to list items in S3
S3BucketsPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: S3BucketsPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:*
Resource: "*"
Roles:
- Ref: S3BucketsRole
## Launch Configuration ##
# Launch configuration that will be used when server will spin up.
WebAppLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
UserData:
Fn::Base64: !Sub |
#!/bin/bash
apt-get update -y
apt-get install unzip awscli -y
apt-get install apache2 -y
systemctl start apache2.service
cd /var/www/html
aws s3 cp s3://udagram-webapp/index.html .
ImageId: !Ref ServerAMIId
IamInstanceProfile: !Ref S3BucketsInstanceProfile
SecurityGroups:
- Ref: WebServerSecurityGroup
InstanceType: !Ref InstanceType
BlockDeviceMappings:
- DeviceName: "/dev/sdk"
Ebs:
VolumeSize: "10"
## Auto Scaling Group ##
# Auto scaling group for Udagram App
WebAppGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
VPCZoneIdentifier:
- Fn::ImportValue: !Sub "${EnvironmentName}-PRI-NETS"
LaunchConfigurationName:
Ref: WebAppLaunchConfig
MinSize: "4"
MaxSize: "6"
TargetGroupARNs:
- Ref: WebAppTargetGroup
## Load Balancer ##
# Load balancer for public subnets with load balancer security group attached
WebAppLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Subnets:
- Fn::ImportValue: !Sub "${EnvironmentName}-PUB-SN01"
- Fn::ImportValue: !Sub "${EnvironmentName}-PUB-SN02"
SecurityGroups:
- Ref: LBSecurityGroup
## Load Balancer Listner ##
Listener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: WebAppTargetGroup
LoadBalancerArn:
Ref: WebAppLB
Port: "80"
Protocol: HTTP
## Load Balancer Listner Rule ##
ALBListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref "WebAppTargetGroup"
Conditions:
- Field: path-pattern
Values: [/]
ListenerArn: !Ref "Listener"
Priority: 1
## Target Group ##
# It checks / path for respose code 200 in every 10 seconds interval
WebAppTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 10
HealthCheckPath: /
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 8
HealthyThresholdCount: 2
Port: 80
Protocol: HTTP
UnhealthyThresholdCount: 5
VpcId:
Fn::ImportValue:
Fn::Sub: "${EnvironmentName}-VPCID"
Outputs:
WebAppLBDNSName:
Description: DNS name or Public URL of the Load Balancer
Value: !Join ["", ["http://", !GetAtt WebAppLB.DNSName]]
Export:
Name: !Sub ${EnvironmentName}-LB-DNSName