-
Notifications
You must be signed in to change notification settings - Fork 1
/
infrastructure.yaml
319 lines (319 loc) · 9.02 KB
/
infrastructure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
AWSTemplateFormatVersion: "2010-09-09"
# Version 1.0 - Initial version
# Version 1.1 - Add IAM Role to allow start and stop EC2 Instance
Description: Template to create the client infrastructure. Version 1.1
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "Network Definition"
Parameters:
- VPCId
- VPCName
- SubnetId
- Environment
- Label:
default: "EC2 Configuration"
Parameters:
- EC2Options
- EC2Ami
- EC2OS
- EC2Size
- Label:
default: "EC2 Additional Configuration"
Parameters:
- UserData
- Schedule
- Label:
default: "EBS Volumes"
Parameters:
- EC2RootVolumeSize
- EBSVolume1Mount
- EBSVolume1Size
- EBSVolume2Mount
- EBSVolume2Size
- RootVolumeSize
- Label:
default: "RDS Configuration"
Parameters:
- RDSOptions
- RDSSnapshot
- RDSEngine
- RDSEngineVersion
- RDSSize
- RDSStorage
- RDSMaxStorage
- DBName
- RDSMasterUserPassword
- Label:
default: "Tags"
Parameters:
- ISEDProjectId
- CostCentre
ParameterLabels:
VPCId:
default: "(*) The vpc ID to launch the instance into."
VPCName:
default: "(*) The vpc name to launch the instance into."
SubnetId:
default: "(*) The subnet ID to launch the instance into."
Environment:
default: "(*) Environment."
EC2Options:
default: "(*) EC2 Options. Create or Restore instance"
EC2Ami:
default: "Specify if restoring from Ami, otherwise leave blank"
EC2OS:
default: "(*) The instace OS"
EC2Size:
default: "(*) The instance type."
Environment:
default: "(*) Environment."
UserData:
default: "The user data to make available to the instance."
Schedule:
default: "(*) EC2 Schedule"
EC2RootVolumeSize:
default: "(*) Root Volume Size in GB"
EBSVolume1Size:
default: "EBS Volume 1 Size in GB"
EBSVolume2Size:
default: "EBS Volume 2 Size in GB"
EBSVolume1Mount:
default: "EBS Volume 1 mount point (Leave Blanc if attaching this volume)"
EBSVolume2Mount:
default: "EBS Volume 2 mount point (Leave Blanc if attaching this volume)"
RDSOptions:
default: "(*) RDS Options. Create or Restore instance"
DBName:
default: "(*) A name for the DB instance."
RDSMasterUserPassword:
default: "(*) The password for the master user. The password can include any printable ASCII character except /, \", or @"
RDSEngine:
default: "(*) The name of the database engine that you want to use for this DB instance."
RDSEngineVersion:
default: "(*) The version number of the database engine to use."
RDSSize:
default: "(*) The compute and memory capacity of the DB instance"
RDSStorage:
default: "(*) The amount of storage (in gigabytes) to be initially allocated for the database instance."
RDSMaxStorage:
default: "(*) The upper limit to which Amazon RDS can automatically scale the storage of the DB instance. The value must be greater than default storage or left blanc"
RDSSnapshot:
default: "Specify if restoring from Snapshot, otherwise leave blank"
ISEDProjectId:
default: "(*) Project Id Cost Tag"
CostCentre:
default: "(*) Cost Centre Cost Tag"
Parameters:
# ===== Network Section =====
VPCId:
Type: AWS::EC2::VPC::Id
VPCName:
Type: String
SubnetId:
Type: AWS::EC2::Subnet::Id
Environment:
Type: String
Default: dev
AllowedValues:
- dev
- uat
- qa
- prod
# ===== EC2 Section =====
EC2Options:
Type: String
Default: <None>
AllowedValues:
- <None>
- Create
- Restore
EC2Ami:
Type: String
EC2OS:
Type: String
Default: Linux
AllowedValues:
- Linux
- Windows-2016
- Windows-2019
- Ubuntu-Server-18.04-LTS
EC2Size:
Type: String
Default: t3.small
AllowedValues:
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- r5.small
- r5.medium
- r5.large
- r5.xlarge
# ===== Additional Configuration Section =====
UserData:
Type: String
Schedule:
Type: String
Default: <Always On>
AllowedValues:
- <Always On>
- end-of-week-shutdown
- mon-6am-fri-6pm
- office-hours
- 24-7
# ===== EBS Volume Section =====
EC2RootVolumeSize:
Type: String
Default: 8
EBSVolume1Size:
Type: String
EBSVolume1Mount:
Type: String
EBSVolume2Size:
Type: String
EBSVolume2Mount:
Type: String
# ===== RDS Section =====
RDSOptions:
Type: String
Default: <None>
AllowedValues:
- <None>
- Create
- Restore
DBName:
Description: My database
Type: String
#MinLength: '1'
#MaxLength: '64'
#AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
#ConstraintDescription: Must begin with a letter and contain only alphanumeric characters.
RDSMasterUserPassword:
NoEcho: 'true'
Description: Password database access
Type: String
#MinLength: '8'
#MaxLength: '41'
#AllowedPattern: '[a-zA-Z0-9]*'
#ConstraintDescription: must contain only alphanumeric characters.
RDSEngine:
Type: String
Default: postgres
AllowedValues:
- postgres
RDSEngineVersion:
Type: String
Default: 11.5
RDSSize:
Type: String
Default: db.t3.small
AllowedValues:
- db.t3.small
- db.t3.medium
- db.t3.large
- db.t3.xlarge
RDSStorage:
Type: String
Default: 20
RDSMaxStorage:
Type: String
# ===== Tags Section =====
ISEDProjectId:
Type: String
Default: cops-aws
CostCentre:
Type: String
Default: cio-rdad
# ===== Other Section =====
S3Templates:
Type: AWS::SSM::Parameter::Value<String>
Default: S3Templates
RDSSnapshot:
Description: Specify if restoring from snapshot
Type: String
Conditions:
IsProd: !Equals [ !Ref Environment, prod ]
IsEC2: !Not [ !Equals [ !Ref EC2Options, <None> ] ]
IsRDS: !Not [ !Equals [ !Ref RDSOptions, <None> ] ]
Resources:
EC2:
Type: AWS::CloudFormation::Stack
Condition: IsEC2
Properties:
TemplateURL: !Join [ '', [!Ref S3Templates, "ec2.yaml" ]]
Parameters:
# ===== General Section =====
VPCId: !Ref VPCId
SubnetId: !Ref SubnetId
Environment: !Ref Environment
# ===== General Section =====
Schedule: !Ref Schedule
# ===== EC2 Section =====
EC2Options: !Ref EC2Options
EC2OS: !Ref EC2OS
EC2Ami: !Ref EC2Ami
EC2Size: !Ref EC2Size
UserData: !Ref UserData
EC2RootVolumeSize: !Ref EC2RootVolumeSize
EBSVolume1Size: !Ref EBSVolume1Size
EBSVolume1Mount: !Ref EBSVolume1Mount
EBSVolume2Size: !Ref EBSVolume2Size
EBSVolume2Mount: !Ref EBSVolume2Mount
# ===== Tags =====
ISEDProjectId: !Ref ISEDProjectId
CostCentre: !Ref CostCentre
RDS:
Type: AWS::CloudFormation::Stack
Condition: IsRDS
Properties:
TemplateURL: !Join [ '', [!Ref S3Templates, "rds.yaml" ]]
Parameters:
# ===== General Section =====
VPCId: !Ref VPCId
VPCName: !Ref VPCName
Environment: !Ref Environment
# ===== RDS Section =====
RDSOptions: !Ref RDSOptions
RDSEngine: !Ref RDSEngine
RDSEngineVersion: !Ref RDSEngineVersion
DBName: !Ref DBName
RDSMasterUserPassword: !Ref RDSMasterUserPassword
RDSStorage: !Ref RDSStorage
RDSMaxStorage: !Ref RDSMaxStorage
RDSSize: !Ref RDSSize
Ec2IpAddress: !GetAtt EC2.Outputs.EC2PrivateIp
# ===== Parameters =====
RDSSnapshot: !Ref RDSSnapshot
Schedule: !Ref Schedule
RDSBackupRetentionPeriod: !If [ IsProd, 30, 7 ]
# ===== Tags =====
ISEDProjectId: !Ref ISEDProjectId
CostCentre: !Ref CostCentre
IAMPolicy:
Type: 'AWS::IAM::ManagedPolicy'
DependsOn: EC2
Properties:
ManagedPolicyName: !Join [ "-" , [ ised-ec2-client-policy, !Ref ISEDProjectId ] ]
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ec2:StartInstances
- ec2:StopInstances
Resource: !Join [ ":" , ["arn:aws:ec2:ca-central-1", !Ref "AWS::AccountId", !Join [ "/", ["instance", !GetAtt EC2.Outputs.InstanceId ] ] ] ]
- Effect: Allow
Action:
- ec2:DescribeInstances
Resource: "*"
Users:
- !Ref IAMUser
IAMUser:
Type: AWS::IAM::User
Properties:
UserName: !Join [ "-" , [ ised-client-user, !Ref ISEDProjectId ] ]
LoginProfile:
Password: "CanadaIsed123!"
PasswordResetRequired: true