180 lines
5.5 KiB
YAML
180 lines
5.5 KiB
YAML
AWSTemplateFormatVersion: 2010-09-09
|
|
Description: VPC and Subnet definitions for Strapi + ELB project.
|
|
Resources:
|
|
PublicVPC:
|
|
Type: AWS::EC2::VPC
|
|
Properties:
|
|
CidrBlock: "172.31.0.0/16"
|
|
EnableDnsHostnames: true
|
|
EnableDnsSupport: true
|
|
ELBSecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupName: !Sub "${AWS::StackName}-ELBSecurityGroup"
|
|
GroupDescription: Security group for the Elastic Load Balancer.
|
|
This permits inbound 80/443 from any IP, to 80/443 to the
|
|
Auto Scaling security group.
|
|
VpcId: !Ref PublicVPC
|
|
ELBSecurityGroupIngressHttp:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Ingress for ELBSecurityGroup for HTTP.
|
|
GroupId: !Ref ELBSecurityGroup
|
|
IpProtocol: tcp
|
|
FromPort: 80
|
|
ToPort: 80
|
|
CidrIp: 0.0.0.0/0
|
|
ELBSecurityGroupIngressHttps:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Ingress for ELBSecurityGroup for HTTPS.
|
|
GroupId: !Ref ELBSecurityGroup
|
|
IpProtocol: tcp
|
|
FromPort: 443
|
|
ToPort: 443
|
|
CidrIp: 0.0.0.0/0
|
|
ELBSecurityGroupEgressHttp:
|
|
Type: AWS::EC2::SecurityGroupEgress
|
|
Properties:
|
|
Description: Egress for ELBSecurityGroup for HTTP.
|
|
GroupId: !Ref ELBSecurityGroup
|
|
IpProtocol: tcp
|
|
FromPort: 80
|
|
ToPort: 80
|
|
SourceSecurityGroupId: !Ref ASSecurityGroup
|
|
ELBSecurityGroupEgressHttps:
|
|
Type: AWS::EC2::SecurityGroupEgress
|
|
Properties:
|
|
Description: Egress for ELBSecurityGroup for HTTPS.
|
|
GroupId: !Ref ELBSecurityGroup
|
|
IpProtocol: tcp
|
|
FromPort: 443
|
|
ToPort: 443
|
|
SourceSecurityGroupId: !Ref ASSecurityGroup
|
|
ASSecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupName: !Sub "${AWS::StackName}-ASSecurityGroup"
|
|
GroupDescription: Security group for the Auto Scaler. This security group
|
|
will be applied to any EC2 instances that the Auto Scaler creates. This
|
|
group permits inbound 80/443 from the Elastic Load Balancer security
|
|
group.
|
|
VpcId: !Ref PublicVPC
|
|
ASSecurityGroupIngressHttp:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Ingress for ASSecurityGroup for HTTP.
|
|
GroupId: !Ref ASSecurityGroup
|
|
IpProtocol: tcp
|
|
FromPort: 80
|
|
ToPort: 80
|
|
SourceSecurityGroupId: !Ref ELBSecurityGroup
|
|
ASSecurityGroupIngressHttps:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Ingress for ASSecurityGroup for HTTPS.
|
|
GroupId: !Ref ASSecurityGroup
|
|
IpProtocol: tcp
|
|
FromPort: 443
|
|
ToPort: 443
|
|
SourceSecurityGroupId: !Ref ELBSecurityGroup
|
|
PublicSubnet0:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 0
|
|
- Fn::GetAZs: !Ref "AWS::Region"
|
|
VpcId: !Ref PublicVPC
|
|
CidrBlock: 172.31.0.0/20
|
|
MapPublicIpOnLaunch: true
|
|
PublicSubnet1:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 1
|
|
- Fn::GetAZs: !Ref "AWS::Region"
|
|
VpcId: !Ref PublicVPC
|
|
CidrBlock: 172.31.16.0/20
|
|
MapPublicIpOnLaunch: true
|
|
PublicSubnet2:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 2
|
|
- Fn::GetAZs: !Ref "AWS::Region"
|
|
VpcId: !Ref PublicVPC
|
|
CidrBlock: 172.31.32.0/20
|
|
MapPublicIpOnLaunch: true
|
|
InternetGateway:
|
|
Type: AWS::EC2::InternetGateway
|
|
InternetGatewayAttachment:
|
|
Type: AWS::EC2::VPCGatewayAttachment
|
|
Properties:
|
|
VpcId: !Ref PublicVPC
|
|
InternetGatewayId: !Ref InternetGateway
|
|
PublicRouteTable:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
VpcId: !Ref PublicVPC
|
|
PublicRoute:
|
|
Type: AWS::EC2::Route
|
|
DependsOn: InternetGatewayAttachment
|
|
Properties:
|
|
RouteTableId: !Ref PublicRouteTable
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
GatewayId: !Ref InternetGateway
|
|
PublicSubnet0RouteTableAssociation:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
SubnetId: !Ref PublicSubnet0
|
|
RouteTableId: !Ref PublicRouteTable
|
|
PublicSubnet1RouteTableAssociation:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
SubnetId: !Ref PublicSubnet1
|
|
RouteTableId: !Ref PublicRouteTable
|
|
PublicSubnet2RouteTableAssociation:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
SubnetId: !Ref PublicSubnet2
|
|
RouteTableId: !Ref PublicRouteTable
|
|
Outputs:
|
|
PublicVPCID:
|
|
Description: The VPC for the environment.
|
|
Value: !Ref PublicVPC
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-PublicVPC"
|
|
ELBSecurityGroupOutput:
|
|
Description: ELB Security Group
|
|
Value: !Ref ELBSecurityGroup
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ELBSecurityGroup"
|
|
ASSecurityGroupOutput:
|
|
Description: AS Security Group
|
|
Value: !Ref ASSecurityGroup
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-ASSecurityGroup"
|
|
# PublicVPCIDDefaultSecurityGroup:
|
|
# Description: The VPC default security group.
|
|
# Value: !GetAtt PublicVPC.DefaultSecurityGroup
|
|
# Export:
|
|
# Name: !Sub "${AWS::StackName}-PublicVPCIDDefaultSecurityGroup"
|
|
PublicSubnet0ID:
|
|
Description: The public subnet 0.
|
|
Value: !Ref PublicSubnet0
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-PublicSubnet0"
|
|
PublicSubnet1ID:
|
|
Description: The public subnet 1.
|
|
Value: !Ref PublicSubnet1
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-PublicSubnet1"
|
|
PublicSubnet2ID:
|
|
Description: The public subnet 2.
|
|
Value: !Ref PublicSubnet2
|
|
Export:
|
|
Name: !Sub "${AWS::StackName}-PublicSubnet2"
|