Untitled
unknown
plain_text
4 years ago
6.6 kB
7
Indexable
Resources:
# 01 Create VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/16"
EnableDnsHostnames: true
InternetGateway:
Type: AWS::EC2::InternetGateway
GatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# 2 Add Route Table
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
PublicRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref PublicRouteTable
## 3 Add Public Subnets
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]]
CidrBlock: "10.0.0.0/24"
PublicSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetA
RouteTableId: !Ref PublicRouteTable
PublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]]
CidrBlock: "10.0.1.0/24"
PublicSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetB
RouteTableId: !Ref PublicRouteTable
# 4 Add NAT
EIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NAT:
DependsOn: GatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !Sub "${EIP.AllocationId}"
SubnetId: !Ref PublicSubnetA
# 5 Add private Route Table
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
PrivateRouteTableRouteNAT:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NAT
# 6 Add private subnets and associate route tables
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]]
CidrBlock: "10.0.64.0/24"
PrivateSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetA
RouteTableId: !Ref PrivateSubnetRouteTable
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]]
CidrBlock: "10.0.65.0/24"
PrivateSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetB
RouteTableId: !Ref PrivateSubnetRouteTable
# 7 add data route without any rules
DataSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
DataSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]]
CidrBlock: "10.0.128.0/24"
DataSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref DataSubnetA
RouteTableId: !Ref DataSubnetRouteTable
DataSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]]
CidrBlock: "10.0.129.0/24"
DataSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref DataSubnetB
RouteTableId: !Ref DataSubnetRouteTable
# fist sg
ALBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to client host
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
# second sg
WebSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow ALB to reach the web services.
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref ALBSecurityGroup
# third sg
EFSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 2049
ToPort: 2049
SourceSecurityGroupId: !Ref WebSecurityGroup
ElasticacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Elasticcache to instance
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 11211
ToPort: 11211
SourceSecurityGroupId: !Ref WebSecurityGroup
DatabaseSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Database to the instance
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref WebSecurityGroup
ALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: "60"
Scheme: internet-facing
SecurityGroups:
- !Ref ALBSecurityGroup
Subnets:
- !Ref PublicSubnetA
- !Ref PublicSubnetB
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: "forward"
TargetGroupArn: !Ref ALBTargetGroup
LoadBalancerArn: !Ref ALB
Port: 80
Protocol: "HTTP"
ALBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 30
HealthCheckPath: /wp-login.php
HealthCheckTimeoutSeconds: 5
Port: 80
Protocol: "HTTP"
UnhealthyThresholdCount: 5
VpcId: !Ref VPC
# elasticache
ElastiCacheCluster:
Type: 'AWS::ElastiCache::CacheCluster'
Properties:
CacheSubnetGroupName: !Ref ElastiCacheSubnetGroup # was missing <------
Engine: memcached
CacheNodeType: cache.t2.micro
NumCacheNodes: 1
VpcSecurityGroupIds:
- !Ref ElasticacheSecurityGroup
ElastiCacheSubnetGroup:
Type: 'AWS::ElastiCache::SubnetGroup'
Properties:
Description: "Subnet group for WP ElastiCache"
SubnetIds:
- !Ref DataSubnetA
- !Ref DataSubnetB Editor is loading...