-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmiddleware.yaml
138 lines (126 loc) · 4.06 KB
/
middleware.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
AWSTemplateFormatVersion: "2010-09-09"
Description: Middleware template
Parameters:
Environment:
Type: String
Default: test
AllowedValues: [ "test", "prod" ]
ImageId:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Default: mykey
Resources:
# Target Group for ASG and ELB, Middleware Instance SG
MiddlewareTg:
Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
Properties:
Port: 80
Protocol: HTTP
VpcId: !ImportValue VpcId
Tags:
- Key: Env
Value: !Ref Environment
- Key: Name
Value: !Join [ "-", [ !Ref Environment, !Ref "AWS::StackName", "lb-tg" ] ]
MiddlewareInstanceSg:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: Middleware Instance SG
SecurityGroupIngress:
- IpProtocol: tcp
SourceSecurityGroupId: !Ref MiddlewareLbSg
FromPort: 80
ToPort: 80
VpcId: !ImportValue VpcId
Tags:
- Key: Env
Value: !Ref Environment
- Key: Name
Value: !Join [ "-", [ !Ref Environment, !Ref "AWS::StackName", "inst-sg" ] ]
# Load balancer, listener, security group
MiddlewareLoadBalancer:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
Type: application
Subnets:
- !ImportValue MiddlewareSubnet1Id
- !ImportValue MiddlewareSubnet2Id
- !ImportValue MiddlewareSubnet3Id
Scheme: internal
SecurityGroups:
- !Ref MiddlewareLbSg
Tags:
- Key: Env
Value: !Ref Environment
- Key: Name
Value: !Join [ "-", [ !Ref Environment, !Ref "AWS::StackName", "lb" ] ]
MiddlewareLbListener:
Type: "AWS::ElasticLoadBalancingV2::Listener"
Properties:
Port: 80
Protocol: HTTP
DefaultActions:
- Type: "forward"
TargetGroupArn: !Ref MiddlewareTg
MiddlewareLbSg:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: LoadBalancer Security Group
SecurityGroupIngress:
- IpProtocol: tcp
SourceSecurityGroupId: !ImportValue WebInstanceSg
FromPort: 80
ToPort: 80
VpcId: !ImportValue VpcId
Tags:
- Key: Env
Value: !Ref Environment
- Key: Name
Value: !Join [ "-", [ !Ref Environment, !Ref "AWS::StackName", "lb-sg" ] ]
# Autoscaling group, launch template
MiddlewareInstanceLaunchTemplate:
Type: "AWS::EC2::LaunchTemplate"
Properties:
LaunchTemplateData:
ImageId: !Ref ImageId
InstanceType: t3.micro
KeyName: !Ref KeyName
SecurityGroupIds:
- !Ref MiddlewareInstanceSg
TagSpecifications:
- ResourceType: instance
Tags:
- Key: Env
Value: !Ref Environment
- Key: Name
Value: !Join [ "-", [ !Ref Environment, !Ref "AWS::StackName", "lt" ] ]
MiddlewareAsg:
DependsOn: MiddlewareLbListener
Type: "AWS::AutoScaling::AutoScalingGroup"
Properties:
MaxSize: !Join [":", [ "{{resolve:ssm", !ImportValue MiddlewareMaxSizeParameter, "1}}"]]
MinSize: !Join [":", [ "{{resolve:ssm", !ImportValue MiddlewareMinSizeParameter, "1}}"]]
DesiredCapacity: !Join [":", [ "{{resolve:ssm", !ImportValue MiddlewareDesSizeParameter, "1}}"]]
VPCZoneIdentifier:
- !ImportValue MiddlewareSubnet1Id
- !ImportValue MiddlewareSubnet2Id
- !ImportValue MiddlewareSubnet3Id
LaunchTemplate:
LaunchTemplateId: !Ref MiddlewareInstanceLaunchTemplate
Version: "1"
TargetGroupARNs:
- !Ref MiddlewareTg
Tags:
- Key: Env
Value: !Ref Environment
PropagateAtLaunch: True
- Key: Name
Value: !Join [ "-", [ !Ref Environment, !Ref "AWS::StackName", "asg" ] ]
PropagateAtLaunch: True
Outputs:
MiddlewareInstanceSg:
Value: !Ref MiddlewareInstanceSg
Export:
Name: MiddlewareInstanceSg