First commit

Vibhas · Vibhas · commit 982dde315dd0 · 2020-06-10T12:41:50.000+05:30
diff --git a/index.yaml b/index.yaml
@@ -0,0 +1,109 @@
+Parameters:
+    EnviromentName:
+        Description: An environment name that will be prefixed to resource names
+        Type: String
+        AllowedValues: [poc, dev, uat]
+        Default: poc
+    VPC:
+        Description: Choose which VPC the security groups should be deployed to
+        Type: AWS::EC2::VPC::Id
+    Subnets:
+        Description: Subnets for LoadBalancer
+        Type: List<AWS::EC2::Subnet::Id>
+    Ec2InstanceType:
+        Description: Instance Type of ecs ec2 cluster
+        Type: String
+        AllowedValues: [ t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge,
+     m5.large, m5.xlarge, m5.2large, m5.4xlarge, m5.12xlarge, m5.24large,
+     c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.18xlarge,
+     r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.12xlarge, r5.24xlarge ]
+    UserServicePath:
+        Description: The path to register with the Application Load Balancer
+        Type: String
+        Default: /users
+    DeptServicePath:
+        Description: The path to register with the Application Load Balancer
+        Type: String
+        Default: /dept
+
+
+Resources:
+    SecurityGroupsStack:
+        Type: AWS::CloudFormation::Stack
+        Properties:
+            TemplateURL: https://aws-practice-001.s3.amazonaws.com/securitygroups.yaml
+            Parameters:
+                EnviromentName: !Ref EnviromentName
+                VPC: !Ref VPC
+                Stackname: !Sub ${AWS::StackName}
+            TimeoutInMinutes: 5
+                
+
+    LoadBalancerStack:
+        Type: AWS::CloudFormation::Stack
+        Properties:
+            TemplateURL: https://aws-practice-001.s3.amazonaws.com/loadbalancer.yaml
+            Parameters:
+                EnviromentName: !Ref EnviromentName
+                Stackname: !Sub ${AWS::StackName}
+                LoadBalancerSecurityGroup: !GetAtt SecurityGroupsStack.Outputs.LoadBalancerSecurityGroup
+                LoadBalancerSubnets: !Join [",",!Ref Subnets]
+                VPC: !Ref VPC
+            TimeoutInMinutes: 5
+                
+
+    EcsClusterStack:
+        Type: AWS::CloudFormation::Stack
+        Properties:
+            TemplateURL: https://aws-practice-001.s3.amazonaws.com/ecs-cluster.yaml
+            Parameters:
+                EnviromentName: !Ref EnviromentName
+                Stackname: !Sub ${AWS::StackName}
+                LoadBalancerSubnets: !Join [",",!Ref Subnets]
+                EC2ClusterSecurityGroup: !GetAtt SecurityGroupsStack.Outputs.EC2ClusterSecurityGroup
+                SshSecurityGroup: !GetAtt SecurityGroupsStack.Outputs.SshSecurityGroup
+                Ec2InstanceType: !Ref Ec2InstanceType
+            TimeoutInMinutes: 5
+
+    LogGroupStack:
+        Type: AWS::CloudFormation::Stack
+        Properties:
+            TemplateURL: https://aws-practice-001.s3.amazonaws.com/logs.yaml
+            Parameters:
+                EnviromentName: !Ref EnviromentName
+                Stackname: !Sub ${AWS::StackName}
+            TimeoutInMinutes: 5
+
+    UserService:
+        Type: AWS::CloudFormation::Stack
+        Properties:
+            TemplateURL: https://aws-practice-001.s3.amazonaws.com/users-service.yaml
+            Parameters:
+                EnviromentName: !Ref EnviromentName
+                Stackname: !Sub ${AWS::StackName}
+                VPC: !Ref VPC
+                Cluster: !GetAtt EcsClusterStack.Outputs.Cluster
+                Path: !Ref UserServicePath
+                LoadBalancerListener: !GetAtt LoadBalancerStack.Outputs.LoadBalancerListener
+                LogGroupName: !GetAtt LogGroupStack.Outputs.LogGroupName
+            TimeoutInMinutes: 5
+
+    DeptService:
+        Type: AWS::CloudFormation::Stack
+        Properties:
+            TemplateURL: https://aws-practice-001.s3.amazonaws.com/dept-service.yaml
+            Parameters:
+                EnviromentName: !Ref EnviromentName
+                Stackname: !Sub ${AWS::StackName}
+                VPC: !Ref VPC
+                Cluster: !GetAtt EcsClusterStack.Outputs.Cluster
+                Path: !Ref DeptServicePath
+                LoadBalancerListener: !GetAtt LoadBalancerStack.Outputs.LoadBalancerListener
+                LogGroupName: !GetAtt LogGroupStack.Outputs.LogGroupName
+            TimeoutInMinutes: 5
+
+
+
+
+
+
diff --git a/infrastructure/ecs-cluster.yaml b/infrastructure/ecs-cluster.yaml
@@ -0,0 +1,79 @@
+Parameters:
+    LoadBalancerSubnets:
+        Type: String
+        Description: Subnets for ASG
+    EnviromentName:
+        Description: An environment name that will be prefixed to resource names
+        Type: String
+    Stackname:
+        Description: Stack name to be appended to nested security group stack
+        Type: String
+    EC2ClusterSecurityGroup:
+        Description: Ecs Sg for ASGLC
+        Type: AWS::EC2::SecurityGroup::Id
+    SshSecurityGroup:
+        Description: SSH Sg for ASGLC
+        Type: AWS::EC2::SecurityGroup::Id
+    Ec2InstanceType:
+        Description: Instance Type of ecs ec2 cluster
+        Type: String
+        AllowedValues: [ t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge,
+     m5.large, m5.xlarge, m5.2large, m5.4xlarge, m5.12xlarge, m5.24large,
+     c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.18xlarge,
+     r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.12xlarge, r5.24xlarge ]
+        
+  
+
+
+Resources:
+    Cluster:
+        Type: AWS::ECS::Cluster
+        Properties:
+            ClusterName: !Join ['-',[!Ref Stackname,'cluster',!Ref EnviromentName]]
+
+    AutoScalingGroup:
+        Type: AWS::AutoScaling::AutoScalingGroup
+        Properties:
+            AutoScalingGroupName: !Join ['-',[!Ref Stackname,'asg',!Ref EnviromentName]]
+            VPCZoneIdentifier: !Split [",",!Ref LoadBalancerSubnets]
+            LaunchConfigurationName: !Ref AutoScalingGroupLaunchConfiguration
+            MaxSize: 2
+            MinSize: 1
+            DesiredCapacity: 1
+            Tags:
+                - Key: Name
+                  Value: !Join ['-',[!Ref Stackname,'asg',!Ref EnviromentName]]
+                  PropagateAtLaunch: true
+        
+
+# Note Can create role similar to ecsInstanceRole
+
+    AutoScalingGroupLaunchConfiguration:
+        Type: AWS::AutoScaling::LaunchConfiguration
+        Properties:
+            KeyName: ecs-poc
+            ImageId: ami-07a63940735aebd38
+            InstanceType: !Ref Ec2InstanceType
+            IamInstanceProfile: ecsInstanceRole
+            SecurityGroups:
+                - !Ref EC2ClusterSecurityGroup
+                - !Ref SshSecurityGroup
+            UserData:
+                Fn::Base64:
+                    Fn::Sub:
+                        - |
+                           #!/bin/bash -xe
+                           echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config
+                           yum install -y aws-cfn-bootstrap
+                        - { ECSCluster: !Ref Cluster }
+
+Outputs:
+    Cluster:
+        Description: Name of cluster
+        Value: !Ref Cluster
+    ECSAutoScalingGroupName:
+        Description: A reference to ECS AutoScaling Group Name
+        Value: !Ref AutoScalingGroup
+
+
+
diff --git a/infrastructure/loadbalancer.yaml b/infrastructure/loadbalancer.yaml
@@ -0,0 +1,59 @@
+Parameters:
+    EnviromentName:
+        Description: An environment name that will be prefixed to resource names
+        Type: String
+    Stackname:
+        Description: Stack name to be appended to nested security group stack
+        Type: String
+    LoadBalancerSubnets:
+        Type: String
+        Description: Subnets for LoadBalancer
+    LoadBalancerSecurityGroup:
+        Description: Security group for internet facing alb
+        Type: AWS::EC2::SecurityGroup::Id
+    VPC:
+        Description: Choose which VPC the security groups should be deployed to
+        Type: AWS::EC2::VPC::Id
+
+Resources:
+    LoadBalancer:
+        Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+        Properties:
+            Name: !Join ['-',[!Ref Stackname,'alb',!Ref EnviromentName]]
+            Subnets: !Split [",",!Ref LoadBalancerSubnets]
+            SecurityGroups:
+                - !Ref LoadBalancerSecurityGroup
+
+
+    LoadBalancerListener:
+        Type: AWS::ElasticLoadBalancingV2::Listener
+        Properties:
+            LoadBalancerArn: !Ref LoadBalancer
+            Port: 80
+            Protocol: HTTP
+            DefaultActions:
+                - Type: fixed-response
+                  FixedResponseConfig:
+                    ContentType: text/plain
+                    MessageBody: No Route Detected
+                    StatusCode: 404
+                
+    DefaultTargetGroup:
+        Type: AWS::ElasticLoadBalancingV2::TargetGroup
+        Properties:
+            Name: !Join ['-',[!Ref Stackname,'default','tg',!Ref EnviromentName]]
+            Protocol: HTTP
+            VpcId: !Ref VPC
+            Port: 80
+
+
+
+Outputs:
+    LoadBalancerDns:
+        Description: DNS name of loadbalancer
+        Value: !GetAtt LoadBalancer.DNSName
+    LoadBalancerListener:
+        Description: Listener of alb
+        Value: !Ref LoadBalancerListener
+    
+    
diff --git a/infrastructure/logs.yaml b/infrastructure/logs.yaml
@@ -0,0 +1,20 @@
+Parameters:
+    EnviromentName:
+        Description: An environment name that will be prefixed to resource names
+        Type: String
+    Stackname:
+        Description: Stack name to be appended to nested security group stack
+        Type: String
+
+Resources:
+    CloudWatchLogGroup:
+        Type: AWS::Logs::LogGroup
+        Properties:
+            LogGroupName: !Join ['-',[!Ref Stackname,!Ref EnviromentName]]
+            RetentionInDays: 7
+
+
+Outputs:
+    LogGroupName:
+        Description: Cloudwatch log group
+        Value: !Ref CloudWatchLogGroup
diff --git a/infrastructure/securitygroups.yaml b/infrastructure/securitygroups.yaml
@@ -0,0 +1,93 @@
+Parameters:
+    EnviromentName:
+        Description: An environment name that will be prefixed to resource names
+        Type: String
+    VPC:
+        Description: Choose which VPC the security groups should be deployed to
+        Type: AWS::EC2::VPC::Id
+    Stackname:
+        Description: Stack name to be appended to nested security group stack
+        Type: String
+        
+
+Resources:
+
+    SshSecurityGroup:
+        Type: AWS::EC2::SecurityGroup
+        Properties:
+            GroupName: !Join ['-',[!Ref Stackname,'ssh']]
+            VpcId: !Ref VPC
+            GroupDescription: Enable SSH access via port 22
+            SecurityGroupIngress: 
+                - IpProtocol: tcp
+                  FromPort: 22
+                  ToPort: 22
+                  CidrIp: 0.0.0.0/0
+            Tags:
+                - Key: Name
+                  Value: !Join ['-',[!Ref Stackname,'ssh',!Ref EnviromentName]]
+
+                
+
+    HttpSecurityGroup:
+        Type: AWS::EC2::SecurityGroup 
+        Properties:
+            GroupName: !Join ['-',[!Ref Stackname,'http']]
+            VpcId: !Ref VPC
+            GroupDescription: Enable HTTP access via port 80
+            SecurityGroupIngress: 
+                - IpProtocol: tcp
+                  FromPort: 80
+                  ToPort: 80
+                  CidrIp: 0.0.0.0/0
+            Tags:
+                - Key: Name
+                  Value: !Join ['-',[!Ref Stackname,'http',!Ref EnviromentName]]
+
+
+    LoadBalancerSecurityGroup:
+        Type: AWS::EC2::SecurityGroup
+        Properties:
+            GroupName: !Join ['-',[!Ref Stackname,'alb']]
+            GroupDescription: Access to the public facing load balancer
+            VpcId: !Ref VPC
+            SecurityGroupIngress:
+                - CidrIp: 0.0.0.0/0
+                  IpProtocol: -1
+            Tags:
+                - Key: Name
+                  Value: !Join ['-',[!Ref Stackname,'alb',!Ref EnviromentName]]
+
+    EC2ClusterSecurityGroup:
+        Type: AWS::EC2::SecurityGroup
+        Properties:
+            GroupName: !Join ['-',[!Ref Stackname,'ecs']]
+            GroupDescription: Access to the ecs cluster behind load balancer
+            VpcId: !Ref VPC
+            SecurityGroupIngress: 
+                - IpProtocol: tcp
+                  FromPort: 0
+                  ToPort: 65535
+                  SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup 
+            Tags:
+                - Key: Name
+                  Value: !Join ['-',[!Ref Stackname,'cluster',!Ref EnviromentName]]
+                  
+
+Outputs:
+    SshSecurityGroup:
+        Description: A reference to security group for SSH
+        Value: !Ref SshSecurityGroup
+    HttpSecurityGroup:
+        Description: A reference to security group for HTTP
+        Value: !Ref HttpSecurityGroup
+    LoadBalancerSecurityGroup:
+        Description: A reference to security group for public facing ALB
+        Value: !Ref LoadBalancerSecurityGroup
+    EC2ClusterSecurityGroup:
+        Description: A reference to security group for ECS cluster from ALB
+        Value: !Ref EC2ClusterSecurityGroup
+
+
+
+
diff --git a/services/dept-service/dept-service.yaml b/services/dept-service/dept-service.yaml
diff --git a/services/users-service/users-service.yaml b/services/users-service/users-service.yaml
