-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathasg.yml
279 lines (263 loc) · 10.6 KB
/
asg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
---
AWSTemplateFormatVersion: "2010-09-09"
Description: >-
Resources to create an autoscaling group for BackEnd.
Parameters:
Identifier:
Type: String
Default: wp-asg
InstanceType:
Type: String
Default: t2.nano
Description: Instance type for the nodes of the ECS cluster
AllowedValues: [ t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, t3a.nano, t3a.micro, t3a.small, t3a.medium, t3a.large, t3a.xlarge, t3a.2xlarge, t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge, m5ad.large, m5ad.xlarge, m5ad.2xlarge, m5ad.4xlarge, m5ad.12xlarge, m5ad.24xlarge, m5a.large, m5a.xlarge, m5a.2xlarge, m5a.4xlarge, m5a.12xlarge, m5a.24xlarge, m5d.large, m5d.xlarge, m5d.2xlarge, m5d.4xlarge, m5d.12xlarge, m5d.24xlarge, m5d.metal, m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge, m5.12xlarge, m5.24xlarge, m5.metal, m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge, m4.16xlarge, a1.medium, a1.large, a1.xlarge, a1.2xlarge, a1.4xlarge, c5n.large, c5n.xlarge, c5n.2xlarge, c5n.4xlarge, c5n.9xlarge, c5n.18xlarge, c5d.large, c5d.xlarge, c5d.2xlarge, c5d.4xlarge, c5d.9xlarge, c5d.18xlarge, c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.18xlarge, c4.large, c4.xlarge, c4.2xlarge, c4.4xlarge, c4.8xlarge, f1.2xlarge, f1.4xlarge, f1.16xlarge, g2.2xlarge, g2.8xlarge, g3s.xlarge, g3.4xlarge, g3.8xlarge, g3.16xlarge, p2.xlarge, p2.8xlarge, p2.16xlarge, p3.2xlarge, p3.8xlarge, p3.16xlarge, p3dn.24xlarge, r5ad.large, r5ad.xlarge, r5ad.2xlarge, r5ad.4xlarge, r5ad.12xlarge, r5ad.24xlarge, r5a.large, r5a.xlarge, r5a.2xlarge, r5a.4xlarge, r5a.12xlarge, r5a.24xlarge, r5d.large, r5d.xlarge, r5d.2xlarge, r5d.4xlarge, r5d.12xlarge, r5d.24xlarge, r5d.metal, r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.12xlarge, r5.24xlarge, r5.metal, r4.large, r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge, r4.16xlarge, x1.16xlarge, x1e.xlarge, x1e.2xlarge, x1e.4xlarge, x1e.8xlarge, x1e.16xlarge, x1e.32xlarge, x1.32xlarge, z1d.large, z1d.xlarge, z1d.2xlarge, z1d.3xlarge, z1d.6xlarge, z1d.12xlarge, z1d.metal, d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge, i2.xlarge, i2.2xlarge, i2.4xlarge, i2.8xlarge, h1.2xlarge, h1.4xlarge, h1.8xlarge, h1.16xlarge, i3.large, i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge, i3.16xlarge, i3.metal, i3en.large, i3en.xlarge, i3en.2xlarge, i3en.3xlarge, i3en.6xlarge, i3en.12xlarge, i3en.24xlarge ]
EbsVolumeSize:
Type: Number
Default: 8
Description: Size of the EBS volume of the instances in GB
Ec2AmiId:
Type: String
Default: ""
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH access to the ECS instances
DesiredCapacity:
Type: Number
Default: 1
Description: Desired number of instances for the for the ECS cluster
MinClusterSize:
Type: Number
Default: 1
Description: Minimum number of instances for the ECS cluster
MaxClusterSize:
Type: Number
Default: 1
Description: Maximun number of instances for the ECS cluster
VPCId:
Type: String
VPCCidr:
Type: String
PrivateSubnets:
Type: String
Environment:
Type: String
Description: Environment name to append to resources names and tags
Default: develop
DatabaseName:
Type: String
Default: wordpress
MasterUserName:
Type: String
Default: admin
Resources:
# ############### Roles ##############
InstanceRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: !Sub ${Identifier}-${Environment}-role
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
- arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
- arn:aws:iam::aws:policy/AmazonSSMFullAccess
Policies:
- PolicyName: "S3Policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: "S3Permissions"
Effect: "Allow"
Action:
- "s3:*"
Resource: "*"
Tags:
- Key: Env
Value: !Ref Environment
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref InstanceRole
# ########## Security Groups #########
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPCId
GroupName: !Sub ${Identifier}-${Environment}-asg-sg
GroupDescription: Security group for EC2 conatiner instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref VPCCidr
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId:
Fn::ImportValue:
Fn::Sub: "${Environment}-LoadBalancerSecurityGroupId"
- IpProtocol: tcp
FromPort: 1024
ToPort: 65535
SourceSecurityGroupId:
Fn::ImportValue:
Fn::Sub: "${Environment}-EfsSg"
Tags:
- Key: Name
Value: !Sub ${Identifier}-${Environment}-asg-sg
- Key: Env
Value: !Ref Environment
# ########## Launch Template #########
LaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: !Sub ${Identifier}-${Environment}
LaunchTemplateData:
ImageId: !Ref Ec2AmiId
KeyName: !Ref KeyName
InstanceType: !Ref InstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref EbsVolumeSize
SecurityGroupIds:
- !Ref SecurityGroup
IamInstanceProfile:
Arn: !GetAtt InstanceProfile.Arn
TagSpecifications:
- ResourceType: instance
Tags:
- Key: Name
Value: !Sub ${Identifier}-${Environment}-asg
- Key: Env
Value: !Ref Environment
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash
set -x
yum update -y
yum install -y aws-cfn-bootstrap awscli git amazon-efs-utils python-pip
mkdir -p /var/www/html
mount -t efs ${EfsId}:/ /var/www/html
DB_NAME=${DatabaseName}
DB_PASSWORD=$(aws ssm get-parameter --name 'RDS_PASSWORD' --with-decryption --query 'Parameter.Value' --region=us-east-1)
DB_USER=${MasterUserName}
DB_HOST=$(aws ssm get-parameter --name 'DB_HOST' --query 'Parameter.Value' --region=us-east-1)
sudo yum install -y httpd
sudo systemctl start httpd
sudo systemctl enable httpd
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cd wordpress
cp wp-config-sample.php wp-config.php
sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
mysql -h $DB_HOST -u $DB_USER -p"$DB_PASSWORD" -e "CREATE DATABASE $DB_NAME;"
cd /var/www/
DB_HOST=$(echo "$DB_HOST" | tr -d '"')
DB_PASSWORD=$(echo "$DB_PASSWORD" | tr -d '"')
if [ -z "$(ls -A html)" ];then sudo cp -r /wordpress/* /var/www/html/;fi
sed -i "s/database_name_here/$DB_NAME/g" /var/www/html/wp-config.php
sed -i "s/username_here/$DB_USER/g" /var/www/html/wp-config.php
sed -i "s/password_here/$DB_PASSWORD/g" /var/www/html/wp-config.php
sed -i "s/localhost/$DB_HOST/g" /var/www/html/wp-config.php
cd /
sudo chown -R apache:apache /var/www/
sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/ s/AllowOverride None/AllowOverride all/' /etc/httpd/conf/httpd.conf
sudo systemctl restart httpd
- EfsId:
Fn::ImportValue:
Fn::Sub: "${Environment}-EFSId"
AutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: !Sub ${Identifier}-${Environment}
Cooldown: 300
VPCZoneIdentifier: !Split [ "," , !Ref "PrivateSubnets" ]
MinSize: !Ref MinClusterSize
MaxSize: !Ref MaxClusterSize
NewInstancesProtectedFromScaleIn: true
DesiredCapacity: !Ref DesiredCapacity
LaunchTemplate:
LaunchTemplateId: !Ref LaunchTemplate
Version: !GetAtt LaunchTemplate.LatestVersionNumber
HealthCheckType: 'ELB'
HealthCheckGracePeriod: 60
TargetGroupARNs:
- Fn::ImportValue: !Sub "${Environment}-DefaultTargetGroup"
Tags:
- Key: Name
Value: !Sub ${Identifier}-${Environment}
PropagateAtLaunch: true
- Key: Env
Value: !Ref Environment
PropagateAtLaunch: true
AutoScalingGroupScaleOutPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref AutoScalingGroup
EstimatedInstanceWarmup: 90
MetricAggregationType: Average
PolicyType: StepScaling
StepAdjustments:
- MetricIntervalLowerBound: 0
ScalingAdjustment: 1
AutoScalingGroupScaleInPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref AutoScalingGroup
EstimatedInstanceWarmup: 90
MetricAggregationType: Average
PolicyType: StepScaling
StepAdjustments:
- MetricIntervalUpperBound: 0
ScalingAdjustment: -1
CpuAlarmUp:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ${Environment}-CPUAlarmUp
DatapointsToAlarm: 1
AlarmDescription: Trigger scaling based on cpu
Namespace: AWS/ECS
MetricName: CPUUtilization
ComparisonOperator: GreaterThanOrEqualToThreshold
Dimensions:
- Name: AutoScalingGroupName
Value: !Ref AutoScalingGroup
EvaluationPeriods: 1
Period: 300
Statistic: 'Average'
Threshold: 40
AlarmActions:
- !Ref AutoScalingGroupScaleOutPolicy
CpuAlarmDown:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ${Environment}-CPUAlarmDown
DatapointsToAlarm: 1
AlarmDescription: Trigger scaling based on cpu
Namespace: AWS/ECS
MetricName: CPUUtilization
ComparisonOperator: LessThanThreshold
Dimensions:
- Name: AutoScalingGroupName
Value: !Ref AutoScalingGroup
EvaluationPeriods: 1
Period: 300
Statistic: 'Average'
Threshold: 20
AlarmActions:
- !Ref AutoScalingGroupScaleInPolicy