-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnextworkwebapp.yaml
More file actions
147 lines (134 loc) · 3.83 KB
/
nextworkwebapp.yaml
File metadata and controls
147 lines (134 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
---
AWSTemplateFormatVersion: 2010-09-09
Parameters:
AmazonLinuxAMIID:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
MyIP:
Type: String
Description: My IP address e.g. 1.2.3.4/32 for Security Group HTTP access rule. Get your IP from http://checkip.amazonaws.com/.
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/32
ConstraintDescription: must be a valid IP address of the form x.x.x.x/32
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.11.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: 'Name'
Value: !Join ['', [!Ref 'AWS::StackName', '::VPC'] ]
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: 'Name'
Value: !Join ['', [!Ref 'AWS::StackName', '::InternetGateway'] ]
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref 'AWS::Region'
VpcId: !Ref VPC
CidrBlock: 10.11.0.0/20
MapPublicIpOnLaunch: true
Tags:
- Key: 'Name'
Value: !Join ['', [!Ref 'AWS::StackName', '::PublicSubnetA'] ]
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: 'Name'
Value: !Join ['', [!Ref 'AWS::StackName', '::PublicRouteTable'] ]
PublicInternetRoute:
Type: AWS::EC2::Route
DependsOn: VPCGatewayAttachment
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref PublicRouteTable
PublicSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetA
PublicSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId:
Ref: VPC
GroupDescription: Access to our Web server
SecurityGroupIngress:
- Description: Enable HTTP access via port 80 IPv4
IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: !Ref MyIP
SecurityGroupEgress:
- Description: Allow all traffic egress
IpProtocol: -1
CidrIp: 0.0.0.0/0
Tags:
- Key: 'Name'
Value: !Join ['', [!Ref 'AWS::StackName', '::PublicSecurityGroup'] ]
ServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
- "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
DeployRoleProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
-
Ref: ServerRole
WebServer:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmazonLinuxAMIID
InstanceType: t2.micro
IamInstanceProfile: !Ref DeployRoleProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- Ref: PublicSecurityGroup
SubnetId:
Ref: PublicSubnetA
Tags:
- Key: 'Name'
Value: !Join ['', [!Ref 'AWS::StackName', '::WebServer'] ]
- Key: 'role'
Value: 'webserver'
Outputs:
URL:
Value:
Fn::Join:
- ''
- - http://
- Fn::GetAtt:
- WebServer
- PublicIp
Description: NextWork web server