Untitled
unknown
plain_text
4 years ago
6.6 kB
6
Indexable
Resources: # 01 Create VPC VPC: Type: AWS::EC2::VPC Properties: CidrBlock: "10.0.0.0/16" EnableDnsHostnames: true InternetGateway: Type: AWS::EC2::InternetGateway GatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC # 2 Add Route Table PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PublicRoute: Type: AWS::EC2::Route Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway RouteTableId: !Ref PublicRouteTable ## 3 Add Public Subnets PublicSubnetA: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]] CidrBlock: "10.0.0.0/24" PublicSubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnetA RouteTableId: !Ref PublicRouteTable PublicSubnetB: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]] CidrBlock: "10.0.1.0/24" PublicSubnetBRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnetB RouteTableId: !Ref PublicRouteTable # 4 Add NAT EIP: Type: AWS::EC2::EIP Properties: Domain: vpc NAT: DependsOn: GatewayAttachment Type: AWS::EC2::NatGateway Properties: AllocationId: !Sub "${EIP.AllocationId}" SubnetId: !Ref PublicSubnetA # 5 Add private Route Table PrivateSubnetRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: VPC PrivateRouteTableRouteNAT: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateSubnetRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NAT # 6 Add private subnets and associate route tables PrivateSubnetA: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]] CidrBlock: "10.0.64.0/24" PrivateSubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnetA RouteTableId: !Ref PrivateSubnetRouteTable PrivateSubnetB: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]] CidrBlock: "10.0.65.0/24" PrivateSubnetBRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnetB RouteTableId: !Ref PrivateSubnetRouteTable # 7 add data route without any rules DataSubnetRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC DataSubnetA: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Join ["", [!Ref "AWS::Region", "a"]] CidrBlock: "10.0.128.0/24" DataSubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref DataSubnetA RouteTableId: !Ref DataSubnetRouteTable DataSubnetB: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Join ["", [!Ref "AWS::Region", "b"]] CidrBlock: "10.0.129.0/24" DataSubnetBRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref DataSubnetB RouteTableId: !Ref DataSubnetRouteTable # fist sg ALBSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow http to client host VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 # second sg WebSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow ALB to reach the web services. VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupId: !Ref ALBSecurityGroup # third sg EFSSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 2049 ToPort: 2049 SourceSecurityGroupId: !Ref WebSecurityGroup ElasticacheSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Elasticcache to instance VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 11211 ToPort: 11211 SourceSecurityGroupId: !Ref WebSecurityGroup DatabaseSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Database to the instance VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 3306 ToPort: 3306 SourceSecurityGroupId: !Ref WebSecurityGroup ALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: "60" Scheme: internet-facing SecurityGroups: - !Ref ALBSecurityGroup Subnets: - !Ref PublicSubnetA - !Ref PublicSubnetB ALBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: "forward" TargetGroupArn: !Ref ALBTargetGroup LoadBalancerArn: !Ref ALB Port: 80 Protocol: "HTTP" ALBTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckEnabled: true HealthCheckIntervalSeconds: 30 HealthCheckPath: /wp-login.php HealthCheckTimeoutSeconds: 5 Port: 80 Protocol: "HTTP" UnhealthyThresholdCount: 5 VpcId: !Ref VPC # elasticache ElastiCacheCluster: Type: 'AWS::ElastiCache::CacheCluster' Properties: CacheSubnetGroupName: !Ref ElastiCacheSubnetGroup # was missing <------ Engine: memcached CacheNodeType: cache.t2.micro NumCacheNodes: 1 VpcSecurityGroupIds: - !Ref ElasticacheSecurityGroup ElastiCacheSubnetGroup: Type: 'AWS::ElastiCache::SubnetGroup' Properties: Description: "Subnet group for WP ElastiCache" SubnetIds: - !Ref DataSubnetA - !Ref DataSubnetB
Editor is loading...