Untitled

 avatar
unknown
plain_text
4 years ago
6.6 kB
6
Indexable
Resources:
  # 01 Create VPC
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
      EnableDnsHostnames: true
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  GatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC

  # 2 Add Route Table
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  PublicRoute:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
      RouteTableId: !Ref PublicRouteTable

  ## 3 Add Public Subnets
  PublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]]
      CidrBlock: "10.0.0.0/24"
  PublicSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetA
      RouteTableId: !Ref PublicRouteTable
  PublicSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]]
      CidrBlock: "10.0.1.0/24"
  PublicSubnetBRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetB
      RouteTableId: !Ref PublicRouteTable

  # 4 Add NAT
  EIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
  NAT:
    DependsOn: GatewayAttachment
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !Sub "${EIP.AllocationId}"
      SubnetId: !Ref PublicSubnetA

  # 5 Add private Route Table
  PrivateSubnetRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: VPC
  PrivateRouteTableRouteNAT:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateSubnetRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NAT

  # 6 Add private subnets and associate route tables
  PrivateSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]]
      CidrBlock: "10.0.64.0/24"
  PrivateSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnetA
      RouteTableId: !Ref PrivateSubnetRouteTable
  PrivateSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]]
      CidrBlock: "10.0.65.0/24"
  PrivateSubnetBRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnetB
      RouteTableId: !Ref PrivateSubnetRouteTable

  # 7 add data route without any rules
  DataSubnetRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  DataSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]]
      CidrBlock: "10.0.128.0/24"
  DataSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref DataSubnetA
      RouteTableId: !Ref DataSubnetRouteTable
  DataSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]]
      CidrBlock: "10.0.129.0/24"
  DataSubnetBRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref DataSubnetB
      RouteTableId: !Ref DataSubnetRouteTable

  # fist sg
  ALBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow http to client host
        VpcId: !Ref VPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
  
  # second sg
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow ALB to reach the web services.
        VpcId: !Ref VPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          SourceSecurityGroupId: !Ref ALBSecurityGroup

  # third sg
  EFSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow 
        VpcId: !Ref VPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 2049
          ToPort: 2049
          SourceSecurityGroupId: !Ref WebSecurityGroup

  
  ElasticacheSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Elasticcache to instance
        VpcId: !Ref VPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 11211
          ToPort: 11211
          SourceSecurityGroupId: !Ref WebSecurityGroup

  DatabaseSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Database to the instance
        VpcId: !Ref VPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref WebSecurityGroup

  ALB:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties: 
      LoadBalancerAttributes: 
        -   Key: idle_timeout.timeout_seconds
            Value: "60"
      Scheme: internet-facing
      SecurityGroups: 
        - !Ref ALBSecurityGroup
      Subnets: 
        - !Ref PublicSubnetA
        - !Ref PublicSubnetB       

  ALBListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties: 
      DefaultActions: 
        - Type: "forward"
          TargetGroupArn: !Ref ALBTargetGroup
      LoadBalancerArn: !Ref ALB
      Port: 80
      Protocol: "HTTP"
    
  ALBTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties: 
      HealthCheckEnabled: true
      HealthCheckIntervalSeconds: 30
      HealthCheckPath: /wp-login.php
      HealthCheckTimeoutSeconds: 5
      Port: 80
      Protocol: "HTTP"
      UnhealthyThresholdCount: 5
      VpcId: !Ref VPC


  # elasticache
  ElastiCacheCluster:
    Type: 'AWS::ElastiCache::CacheCluster'
    Properties:    
      CacheSubnetGroupName: !Ref ElastiCacheSubnetGroup # was missing <------
      Engine: memcached
      CacheNodeType: cache.t2.micro
      NumCacheNodes: 1
      VpcSecurityGroupIds: 
        - !Ref ElasticacheSecurityGroup

  ElastiCacheSubnetGroup:
    Type: 'AWS::ElastiCache::SubnetGroup'
    Properties:
      Description: "Subnet group for WP ElastiCache"
      SubnetIds:
        - !Ref DataSubnetA
        - !Ref DataSubnetB 
Editor is loading...