-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial version of HA and dev environments with deployment
- Loading branch information
milashenko
committed
Mar 3, 2024
1 parent
4da168e
commit 81c541c
Showing
16 changed files
with
1,619 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
AWSTemplateFormatVersion: '2010-09-09' | ||
Transform: AWS::Serverless-2016-10-31 | ||
Description: > | ||
Creates a ECR | ||
Parameters: | ||
TagName: | ||
Description: Name of the tag | ||
Type: String | ||
AllowedPattern: ^[a-zA-Z0-9-]*$ | ||
ConstraintDescription: Only alphanumeric values are allowed | ||
Value: | ||
Description: Name of the eenvironment | ||
Type: String | ||
AllowedPattern: ^[a-zA-Z0-9-]*$ | ||
ConstraintDescription: Only alphanumeric values are allowed | ||
Resources: | ||
TagBasedGroup: | ||
Type: "AWS::ResourceGroups::Group" | ||
Properties: | ||
Name: !Ref Value | ||
Description: "A group that is based on a tag query" | ||
ResourceQuery: | ||
Type: | ||
"TAG_FILTERS_1_0" | ||
Query: | ||
ResourceTypeFilters: | ||
- "AWS::AllSupported" | ||
TagFilters: | ||
- | ||
Key: !Ref TagName | ||
Values: | ||
- !Ref Value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
AWSTemplateFormatVersion: '2010-09-09' | ||
Transform: AWS::Serverless-2016-10-31 | ||
Description: > | ||
Creates a MySQL Aurora cluster in a single region | ||
Parameters: | ||
EnvName: | ||
Description: An environment name that is prefixed to resource names | ||
Type: String | ||
AllowedPattern: ^[a-zA-Z0-9-]*$ | ||
ConstraintDescription: Only alphanumeric values are allowed | ||
SecondaryRegion: | ||
Description: A region to replicate secret to | ||
Type: String | ||
Default: eu-west-1 | ||
AllowedValues: | ||
- eu-west-1 | ||
- eu-west-2 | ||
- eu-west-3 | ||
Resources: | ||
|
||
MasterSecret: | ||
Type: AWS::SecretsManager::Secret | ||
Properties: | ||
Name: !Sub '${EnvName}' | ||
ReplicaRegions: | ||
- Region: !Ref SecondaryRegion | ||
Tags: | ||
- Key: Name | ||
Value: !Ref EnvName | ||
- Key: StackID | ||
Value: !Ref 'AWS::StackId' | ||
GenerateSecretString: | ||
SecretStringTemplate: '{"username":"dbadmin"}' | ||
GenerateStringKey: "password" | ||
ExcludeCharacters: '"!@#$%^&*/\+-,._~' | ||
PasswordLength: 16 | ||
|
||
Outputs: | ||
MasterSecret: | ||
Description: DB Secret | ||
Value: !Sub ${MasterSecret} | ||
Export: | ||
Name: !Sub '${EnvName}-MasterSecret' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,264 @@ | ||
AWSTemplateFormatVersion: '2010-09-09' | ||
Transform: AWS::Serverless-2016-10-31 | ||
Description: > | ||
This template deploys a VPC, with a pair of public and private subnets spread | ||
across two Availability Zones. It deploys an internet gateway, with a default | ||
route on the public subnets. It deploys a pair of NAT gateways (one in each AZ), | ||
and default routes for them in the private subnets. | ||
Parameters: | ||
EnvName: | ||
Description: An environment name that is prefixed to resource names | ||
Type: String | ||
AllowedPattern: ^[a-zA-Z0-9-]*$ | ||
ConstraintDescription: Only alphanumeric values are allowed | ||
|
||
VpcCIDR: | ||
Description: Please enter the IP range (CIDR notation) for this VPC | ||
Type: String | ||
Default: 10.192.0.0/16 | ||
|
||
PublicSubnet1CIDR: | ||
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone | ||
Type: String | ||
Default: 10.192.10.0/24 | ||
|
||
PublicSubnet2CIDR: | ||
Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone | ||
Type: String | ||
Default: 10.192.11.0/24 | ||
|
||
PrivateSubnet1CIDR: | ||
Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone | ||
Type: String | ||
Default: 10.192.20.0/24 | ||
|
||
PrivateSubnet2CIDR: | ||
Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone | ||
Type: String | ||
Default: 10.192.21.0/24 | ||
|
||
Resources: | ||
VPC: | ||
Type: AWS::EC2::VPC | ||
Properties: | ||
CidrBlock: !Ref VpcCIDR | ||
EnableDnsSupport: true | ||
EnableDnsHostnames: true | ||
Tags: | ||
- Key: Name | ||
Value: !Ref EnvName | ||
|
||
InternetGateway: | ||
Type: AWS::EC2::InternetGateway | ||
Properties: | ||
Tags: | ||
- Key: Name | ||
Value: !Ref EnvName | ||
|
||
InternetGatewayAttachment: | ||
Type: AWS::EC2::VPCGatewayAttachment | ||
Properties: | ||
InternetGatewayId: !Ref InternetGateway | ||
VpcId: !Ref VPC | ||
|
||
PublicSubnet1: | ||
Type: AWS::EC2::Subnet | ||
Properties: | ||
VpcId: !Ref VPC | ||
AvailabilityZone: !Select [ 0, !GetAZs '' ] | ||
CidrBlock: !Ref PublicSubnet1CIDR | ||
MapPublicIpOnLaunch: true | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Public Subnet (AZ1) | ||
|
||
PublicSubnet2: | ||
Type: AWS::EC2::Subnet | ||
Properties: | ||
VpcId: !Ref VPC | ||
AvailabilityZone: !Select [ 1, !GetAZs '' ] | ||
CidrBlock: !Ref PublicSubnet2CIDR | ||
MapPublicIpOnLaunch: true | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Public Subnet (AZ2) | ||
|
||
PrivateSubnet1: | ||
Type: AWS::EC2::Subnet | ||
Properties: | ||
VpcId: !Ref VPC | ||
AvailabilityZone: !Select [ 0, !GetAZs '' ] | ||
CidrBlock: !Ref PrivateSubnet1CIDR | ||
MapPublicIpOnLaunch: false | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Private Subnet (AZ1) | ||
|
||
PrivateSubnet2: | ||
Type: AWS::EC2::Subnet | ||
Properties: | ||
VpcId: !Ref VPC | ||
AvailabilityZone: !Select [ 1, !GetAZs '' ] | ||
CidrBlock: !Ref PrivateSubnet2CIDR | ||
MapPublicIpOnLaunch: false | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Private Subnet (AZ2) | ||
|
||
NatGateway1EIP: | ||
Type: AWS::EC2::EIP | ||
DependsOn: InternetGatewayAttachment | ||
Properties: | ||
Domain: vpc | ||
|
||
NatGateway2EIP: | ||
Type: AWS::EC2::EIP | ||
DependsOn: InternetGatewayAttachment | ||
Properties: | ||
Domain: vpc | ||
|
||
NatGateway1: | ||
Type: AWS::EC2::NatGateway | ||
Properties: | ||
AllocationId: !GetAtt NatGateway1EIP.AllocationId | ||
SubnetId: !Ref PublicSubnet1 | ||
|
||
NatGateway2: | ||
Type: AWS::EC2::NatGateway | ||
Properties: | ||
AllocationId: !GetAtt NatGateway2EIP.AllocationId | ||
SubnetId: !Ref PublicSubnet2 | ||
|
||
PublicRouteTable: | ||
Type: AWS::EC2::RouteTable | ||
Properties: | ||
VpcId: !Ref VPC | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Public Routes | ||
|
||
DefaultPublicRoute: | ||
Type: AWS::EC2::Route | ||
DependsOn: InternetGatewayAttachment | ||
Properties: | ||
RouteTableId: !Ref PublicRouteTable | ||
DestinationCidrBlock: 0.0.0.0/0 | ||
GatewayId: !Ref InternetGateway | ||
|
||
PublicSubnet1RouteTableAssociation: | ||
Type: AWS::EC2::SubnetRouteTableAssociation | ||
Properties: | ||
RouteTableId: !Ref PublicRouteTable | ||
SubnetId: !Ref PublicSubnet1 | ||
|
||
PublicSubnet2RouteTableAssociation: | ||
Type: AWS::EC2::SubnetRouteTableAssociation | ||
Properties: | ||
RouteTableId: !Ref PublicRouteTable | ||
SubnetId: !Ref PublicSubnet2 | ||
|
||
|
||
PrivateRouteTable1: | ||
Type: AWS::EC2::RouteTable | ||
Properties: | ||
VpcId: !Ref VPC | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Private Routes (AZ1) | ||
|
||
DefaultPrivateRoute1: | ||
Type: AWS::EC2::Route | ||
Properties: | ||
RouteTableId: !Ref PrivateRouteTable1 | ||
DestinationCidrBlock: 0.0.0.0/0 | ||
NatGatewayId: !Ref NatGateway1 | ||
|
||
PrivateSubnet1RouteTableAssociation: | ||
Type: AWS::EC2::SubnetRouteTableAssociation | ||
Properties: | ||
RouteTableId: !Ref PrivateRouteTable1 | ||
SubnetId: !Ref PrivateSubnet1 | ||
|
||
PrivateRouteTable2: | ||
Type: AWS::EC2::RouteTable | ||
Properties: | ||
VpcId: !Ref VPC | ||
Tags: | ||
- Key: Name | ||
Value: !Sub ${EnvName} Private Routes (AZ2) | ||
|
||
DefaultPrivateRoute2: | ||
Type: AWS::EC2::Route | ||
Properties: | ||
RouteTableId: !Ref PrivateRouteTable2 | ||
DestinationCidrBlock: 0.0.0.0/0 | ||
NatGatewayId: !Ref NatGateway2 | ||
|
||
PrivateSubnet2RouteTableAssociation: | ||
Type: AWS::EC2::SubnetRouteTableAssociation | ||
Properties: | ||
RouteTableId: !Ref PrivateRouteTable2 | ||
SubnetId: !Ref PrivateSubnet2 | ||
|
||
NoIngressSecurityGroup: | ||
Type: AWS::EC2::SecurityGroup | ||
Properties: | ||
GroupName: "no-ingress-sg" | ||
GroupDescription: "Security group with no ingress rule" | ||
VpcId: !Ref VPC | ||
|
||
S3VPCEndpoint: | ||
Type: 'AWS::EC2::VPCEndpoint' | ||
Properties: | ||
VpcId: !Ref VPC | ||
SubnetIds: [!Ref PrivateSubnet1, !Ref PrivateSubnet2] | ||
ServiceName: !Sub 'com.amazonaws.${AWS::Region}.s3' | ||
VpcEndpointType: Interface | ||
|
||
Outputs: | ||
VPC: | ||
Description: A reference to the created VPC | ||
Value: !Ref VPC | ||
Export: | ||
Name: !Sub '${EnvName}-VPC' | ||
|
||
PublicSubnets: | ||
Description: A list of the public subnets | ||
Value: !Join [ ",", [ !Ref PublicSubnet1, !Ref PublicSubnet2 ]] | ||
Export: | ||
Name: !Sub '${EnvName}-PublicSubnets' | ||
|
||
PrivateSubnets: | ||
Description: A list of the private subnets | ||
Value: !Join [ ",", [ !Ref PrivateSubnet1, !Ref PrivateSubnet2 ]] | ||
Export: | ||
Name: !Sub '${EnvName}-PrivateSubnets' | ||
|
||
PublicSubnet1: | ||
Description: A reference to the public subnet in the 1st Availability Zone | ||
Value: !Ref PublicSubnet1 | ||
Export: | ||
Name: !Sub '${EnvName}-PublicSubnet1' | ||
|
||
PublicSubnet2: | ||
Description: A reference to the public subnet in the 2nd Availability Zone | ||
Value: !Ref PublicSubnet2 | ||
Export: | ||
Name: !Sub '${EnvName}-PublicSubnet2' | ||
|
||
PrivateSubnet1: | ||
Description: A reference to the private subnet in the 1st Availability Zone | ||
Value: !Ref PrivateSubnet1 | ||
Export: | ||
Name: !Sub '${EnvName}-PrivateSubnet1' | ||
|
||
PrivateSubnet2: | ||
Description: A reference to the private subnet in the 2nd Availability Zone | ||
Value: !Ref PrivateSubnet2 | ||
Export: | ||
Name: !Sub '${EnvName}-PrivateSubnet2' | ||
|
||
NoIngressSecurityGroup: | ||
Description: Security group with no ingress rule | ||
Value: !Ref NoIngressSecurityGroup |
Oops, something went wrong.