Skip to content

C
configuration
Commit 7f1e1a65 by e0d
Options

initial version of complete reference architecture template

parent 0fec6229
Showing with 3184 additions and 0 deletions
cloudformation_templates/edx-reference-architecture.json 0 → 100644
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"A sample template to bring up a minimal, but complete version of the edX stack. **WARNING** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters":{
"EnvironmentTag":{
"Type":"String",
"Description":"A tag value applied to the hosts in the VPC indicating which environment to use during the configuration phase, e.g., development, stage, production"
},
"KeyName":{
"Type":"String",
"Description":"Name of an existing EC2 KeyPair to enable SSH access to the web server"
},
"InstanceType":{
"Description":"WebServer EC2 instance type",
"Type":"String",
"Default":"m1.small",
"AllowedValues":[
"t1.micro",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge",
"m3.xlarge",
"m3.2xlarge",
"c1.medium",
"c1.xlarge",
"cc1.4xlarge",
"cc2.8xlarge",
"cg1.4xlarge"
],
"ConstraintDescription":"must be a valid EC2 instance type."
},
"SSHLocation":{
"Description":"The IP address range that can be used to SSH to the EC2 instances",
"Type":"String",
"MinLength":"9",
"MaxLength":"18",
"Default":"0.0.0.0/0",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x."
},
"WebServerPort":{
"Description":"The TCP port for the Web Server",
"Type":"Number",
"Default":"8888"
},
"BastionInstanceType":{
"Description":"Bastion Host EC2 instance type",
"Type":"String",
"Default":"m1.small",
"AllowedValues":[
"t1.micro",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge",
"m3.xlarge",
"m3.2xlarge",
"c1.medium",
"c1.xlarge",
"cc1.4xlarge",
"cc2.8xlarge",
"cg1.4xlarge"
],
"ConstraintDescription":"must be a valid EC2 instance type."
},
"NATInstanceType":{
"Description":"NET Device EC2 instance type",
"Type":"String",
"Default":"m1.small",
"AllowedValues":[
"t1.micro",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge",
"m3.xlarge",
"m3.2xlarge",
"c1.medium",
"c1.xlarge",
"cc1.4xlarge",
"cc2.8xlarge",
"cg1.4xlarge"
],
"ConstraintDescription":"must be a valid EC2 instance type."
},
"EdxappDesiredCapacity":{
"Description":"The Auto-scaling group desired capacity for the edxapp hosts",
"Type":"Number",
"Default":"2"
},
"XqueueDesiredCapacity":{
"Description":"The Auto-scaling group desired capacity for the xqueue hosts",
"Type":"Number",
"Default":"2"
},
"XServerDesiredCapacity":{
"Description":"The Auto-scaling group desired capacity for the xserver hosts",
"Type":"Number",
"Default":"2"
},
"RabbitMQDesiredCapacity":{
"Description":"The Auto-scaling group desired capacity for the RabbitMQ hosts",
"Type":"Number",
"Default":"2"
},
"CacheNodeType":{
"Default":"cache.m1.small",
"Description":"The compute and memory capacity of the nodes in the Cache Cluster",
"Type":"String",
"AllowedValues":[
"cache.t1.micro",
"cache.m1.small",
"cache.m1.large",
"cache.m1.xlarge",
"cache.m2.xlarge",
"cache.m2.2xlarge",
"cache.m2.4xlarge",
"cache.c1.xlarge"
],
"ConstraintDescription":"must select a valid Cache Node type."
},
"NumberOfCacheNodes":{
"Default":"2",
"Description":"The number of Cache Nodes the Cache Cluster should have",
"Type":"Number",
"MinValue":"2",
"MaxValue":"10",
"ConstraintDescription":"must be between 2 and 10."
},
"DBName":{
"Default":"wwc",
"Description":"The database name",
"Type":"String",
"MinLength":"1",
"MaxLength":"64",
"AllowedPattern":"[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription":"must begin with a letter and contain only alphanumeric characters."
},
"DBUsername":{
"Default":"edxapp",
"NoEcho":"true",
"Description":"The database admin account username",
"Type":"String",
"MinLength":"1",
"MaxLength":"16",
"AllowedPattern":"[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription":"must begin with a letter and contain only alphanumeric characters."
},
"DBPassword":{
"Default":"changeme",
"NoEcho":"true",
"Description":"The database admin account password",
"Type":"String",
"MinLength":"8",
"MaxLength":"41",
"ConstraintDescription":"must contain only alphanumeric characters."
},
"DBClass":{
"Default":"db.m1.small",
"Description":"Database instance class",
"Type":"String",
"AllowedValues":[
"db.m1.micro",
"db.m1.small",
"db.m1.large",
"db.m1.xlarge",
"db.m2.xlarge",
"db.m2.2xlarge",
"db.m2.4xlarge"
],
"ConstraintDescription":"must select a valid database instance type."
},
"DBAllocatedStorage":{
"Default":"5",
"Description":"The size of the database (Gb)",
"Type":"Number",
"MinValue":"5",
"MaxValue":"3072",
"ConstraintDescription":"must be between 5 and 3072Gb."
}
},
"Mappings":{
"AWSInstanceType2Arch":{
"t1.micro":{
"Arch":"64"
},
"m1.small":{
"Arch":"64"
},
"m1.medium":{
"Arch":"64"
},
"m1.large":{
"Arch":"64"
},
"m1.xlarge":{
"Arch":"64"
},
"m2.xlarge":{
"Arch":"64"
},
"m2.2xlarge":{
"Arch":"64"
},
"m2.4xlarge":{
"Arch":"64"
},
"m3.xlarge":{
"Arch":"64"
},
"m3.2xlarge":{
"Arch":"64"
},
"c1.medium":{
"Arch":"64"
},
"c1.xlarge":{
"Arch":"64"
}
},
"AWSRegionArch2AMI":{
"us-east-1":{
"32":"ami-def89fb7",
"64":"ami-d0f89fb9"
},
"us-west-1":{
"32":"ami-fc002cb9",
"64":"ami-ce7b6fba"
},
"us-west-2":{
"32":"ami-0ef96e3e",
"64":"ami-70f96e40"
},
"eu-west-1":{
"32":"ami-c27b6fb6",
"64":"ami-ce7b6fba"
},
"sa-east-1":{
"32":"ami-a1da00bc",
"64":"ami-a3da00be"
},
"ap-southeast-1":{
"32":"ami-66084734",
"64":"ami-64084736"
},
"ap-southeast-2":{
"32":"ami-06ea7a3c",
"64":"ami-04ea7a3e"
},
"ap-northeast-1":{
"32":"ami-fc6ceefd",
"64":"ami-fe6ceeff"
}
},
"AWSNATAMI":{
"us-east-1":{
"AMI":"ami-c6699baf"
},
"us-west-2":{
"AMI":"ami-52ff7262"
},
"us-west-1":{
"AMI":"ami-3bcc9e7e"
},
"eu-west-1":{
"AMI":"ami-0b5b6c7f"
},
"ap-southeast-1":{
"AMI":"ami-02eb9350"
},
"ap-southeast-2":{
"AMI":"ami-ab990e91"
},
"ap-northeast-1":{
"AMI":"ami-14d86d15"
},
"sa-east-1":{
"AMI":"ami-0439e619"
}
},
"SubnetConfig":{
"VPC":{
"CIDR":"10.0.0.0/16"
},
"Public01":{
"CIDR":"10.0.0.0/24"
},
"Public02":{
"CIDR":"10.0.1.0/24"
},
"Edxapp01":{
"CIDR":"10.0.10.0/24"
},
"Edxapp02":{
"CIDR":"10.0.11.0/24"
},
"XServerJail01":{
"CIDR":"10.0.20.0/24"
},
"XServerJail02":{
"CIDR":"10.0.21.0/24"
},
"Xqueue01":{
"CIDR":"10.0.30.0/24"
},
"Xqueue02":{
"CIDR":"10.0.31.0/24"
},
"Rabbit01":{
"CIDR":"10.0.40.0/24"
},
"Rabbit02":{
"CIDR":"10.0.41.0/24"
},
"Data01":{
"CIDR":"10.0.50.0/24"
},
"Data02":{
"CIDR":"10.0.51.0/24"
},
"Cache01":{
"CIDR":"10.0.60.0/24"
},
"Cache02":{
"CIDR":"10.0.61.0/24"
}
}
},
"Resources":{
"EdxVPC":{
"Type":"AWS::EC2::VPC",
"Properties":{
"CidrBlock":"10.0.0.0/16",
"InstanceTenancy":"default"
}
},
"PublicSubnet01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Public01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b"
}
},
"PublicSubnet02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Public02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c"
}
},
"EdxappSubnet01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Edxapp01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b",
"Tags":[
{
"Key":"Application",
"Value":"edxapp"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"EdxappSubnet02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Edxapp02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c",
"Tags":[
{
"Key":"Application",
"Value":"edxapp"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"XqueueSubnet01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Xqueue01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b",
"Tags":[
{
"Key":"Application",
"Value":"xqueue"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"XqueueSubnet02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Xqueue02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c",
"Tags":[
{
"Key":"Application",
"Value":"xqueue"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"RabbitSubnet01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Rabbit01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b",
"Tags":[
{
"Key":"Application",
"Value":"RabbitMQ"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"RabbitSubnet02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Rabbit02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c",
"Tags":[
{
"Key":"Application",
"Value":"RabbitMQ"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"XServerSubnet01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"XServerJail01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b",
"Tags":[
{
"Key":"Application",
"Value":"xserver"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"XServerSubnet02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"XServerJail02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c",
"Tags":[
{
"Key":"Application",
"Value":"xserver"
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"Data01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Data01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b",
"Tags":[
{
"Key":"Application",
"Value":"RDS"
},
{
"Key":"Network",
"Value":"Data"
}
]
}
},
"Data02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Data02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c",
"Tags":[
{
"Key":"Application",
"Value":"RDS"
},
{
"Key":"Network",
"Value":"Data"
}
]
}
},
"Cache01":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Cache01",
"CIDR"
]
},
"AvailabilityZone":"us-east-1b",
"Tags":[
{
"Key":"Application",
"Value":"Elasticache"
},
{
"Key":"Network",
"Value":"Cache"
}
]
}
},
"Cache02":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"CidrBlock":{
"Fn::FindInMap":[
"SubnetConfig",
"Cache02",
"CIDR"
]
},
"AvailabilityZone":"us-east-1c",
"Tags":[
{
"Key":"Application",
"Value":"Elasticache"
},
{
"Key":"Network",
"Value":"Cache"
}
]
}
},
"InternetGateway":{
"Type":"AWS::EC2::InternetGateway",
"Properties":{
"Tags":[
{
"Key":"Application",
"Value":{
"Ref":"AWS::StackId"
}
},
{
"Key":"Network",
"Value":"Public"
}
]
}
},
"GatewayToInternet":{
"Type":"AWS::EC2::VPCGatewayAttachment",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"InternetGatewayId":{
"Ref":"InternetGateway"
}
}
},
"PublicRouteTable":{
"Type":"AWS::EC2::RouteTable",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"Tags":[
{
"Key":"Application",
"Value":{
"Ref":"AWS::StackId"
}
},
{
"Key":"Network",
"Value":"Public"
}
]
}
},
"PublicRoute":{
"Type":"AWS::EC2::Route",
"Properties":{
"RouteTableId":{
"Ref":"PublicRouteTable"
},
"DestinationCidrBlock":"0.0.0.0/0",
"GatewayId":{
"Ref":"InternetGateway"
}
}
},
"PublicSubnetRouteTableAssociation01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet01"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PublicSubnetRouteTableAssociation02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet02"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PublicNetworkAcl":{
"Type":"AWS::EC2::NetworkAcl",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"Tags":[
{
"Key":"Application",
"Value":{
"Ref":"AWS::StackId"
}
},
{
"Key":"Network",
"Value":"Public"
}
]
}
},
"InboundHTTPPublicNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":"100",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"80",
"To":"80"
}
}
},
"InboundHTTPSPublicNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":"101",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"443",
"To":"443"
}
}
},
"InboundSSHPublicNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":"102",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":{
"Ref":"SSHLocation"
},
"PortRange":{
"From":"22",
"To":"22"
}
}
},
"InboundEmphemeralPublicNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":"103",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"1024",
"To":"65535"
}
}
},
"OutboundPublicNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":"100",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"true",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"PublicSubnetNetworkAclAssociation01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet01"
},
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
}
}
},
"PublicSubnetNetworkAclAssociation02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet02"
},
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
}
}
},
"PrivateRouteTable":{
"Type":"AWS::EC2::RouteTable",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"Tags":[
{
"Key":"Application",
"Value":{
"Ref":"AWS::StackId"
}
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"PrivateRoute":{
"Type":"AWS::EC2::Route",
"Properties":{
"RouteTableId":{
"Ref":"PrivateRouteTable"
},
"DestinationCidrBlock":"0.0.0.0/0",
"InstanceId":{
"Ref":"NATDevice"
}
}
},
"PrivateSubnetRouteTableAssociationEdxapp01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"EdxappSubnet01"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationEdxapp02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"EdxappSubnet02"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationXqueue01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"XqueueSubnet01"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationXqueue02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"XqueueSubnet02"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationRabbit01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"RabbitSubnet01"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationRabbit02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"RabbitSubnet02"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationXServer01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"XServerSubnet01"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationXServer02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"XServerSubnet02"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationData01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"Data01"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationData02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"Data02"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationCache01":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"Cache01"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociationCache02":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"Cache02"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateNetworkAcl":{
"Type":"AWS::EC2::NetworkAcl",
"Properties":{
"VpcId":{
"Ref":"EdxVPC"
},
"Tags":[
{
"Key":"Application",
"Value":{
"Ref":"AWS::StackId"
}
},
{
"Key":"Network",
"Value":"Private"
}
]
}
},
"InboundPrivateNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
},
"RuleNumber":"100",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"OutBoundPrivateNetworkAclEntry":{
"Type":"AWS::EC2::NetworkAclEntry",
"Properties":{
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
},
"RuleNumber":"100",
"Protocol":"6",
"RuleAction":"allow",
"Egress":"true",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"PrivateSubnetNetworkAclAssociationEdxapp01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"EdxappSubnet01"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationEdxapp02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"EdxappSubnet02"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationXqueue01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"XqueueSubnet01"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationXqueue02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"XqueueSubnet02"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationRabbit01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"RabbitSubnet01"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationRabbit02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"RabbitSubnet02"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationXServer01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"XServerSubnet01"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationXServer02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"XServerSubnet02"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationData01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"Data01"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationData02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"Data02"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationCache01":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"Cache01"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociationCache02":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"Properties":{
"SubnetId":{
"Ref":"Cache02"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"NATIPAddress":{
"Type":"AWS::EC2::EIP",
"Properties":{
"Domain":"vpc",
"InstanceId":{
"Ref":"NATDevice"
}
}
},
"NATDevice":{
"Type":"AWS::EC2::Instance",
"Properties":{
"InstanceType":{
"Ref":"NATInstanceType"
},
"KeyName":{
"Ref":"KeyName"
},
"SubnetId":{
"Ref":"PublicSubnet01"
},
"SourceDestCheck":"false",
"ImageId":{
"Fn::FindInMap":[
"AWSNATAMI",
{
"Ref":"AWS::Region"
},
"AMI"
]
},
"SecurityGroupIds":[
{
"Ref":"NATSecurityGroup"
}
]
}
},
"NATSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Enable internal access to the NAT device",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Ref":"SSHLocation"
}
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"BastionIPAddress":{
"Type":"AWS::EC2::EIP",
"Properties":{
"Domain":"vpc",
"InstanceId":{
"Ref":"BastionHost"
}
}
},
"BastionHost":{
"Type":"AWS::EC2::Instance",
"Properties":{
"InstanceType":{
"Ref":"BastionInstanceType"
},
"KeyName":{
"Ref":"KeyName"
},
"SubnetId":{
"Ref":"PublicSubnet01"
},
"ImageId":{
"Fn::FindInMap":[
"AWSRegionArch2AMI",
{
"Ref":"AWS::Region"
},
{
"Fn::FindInMap":[
"AWSInstanceType2Arch",
{
"Ref":"BastionInstanceType"
},
"Arch"
]
}
]
},
"SecurityGroupIds":[
{
"Ref":"BastionSecurityGroup"
}
]
}
},
"BastionSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Enable access to the Bastion host",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Ref":"SSHLocation"
}
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Fn::FindInMap":[
"SubnetConfig",
"Edxapp01",
"CIDR"
]
}
},
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Fn::FindInMap":[
"SubnetConfig",
"Edxapp02",
"CIDR"
]
}
}
]
}
},
"EdxServerUser":{
"Type":"AWS::IAM::User",
"Properties":{
"Path":"/",
"Policies":[
{
"PolicyName":"root",
"PolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Action":[
"cloudformation:DescribeStackResource",
"s3:Put"
],
"Resource":"*"
}
]
}
}
]
}
},
"HostKeys":{
"Type":"AWS::IAM::AccessKey",
"Properties":{
"UserName":{
"Ref":"EdxServerUser"
}
}
},
"AdminSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Admin Security Group",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Ref":"SSHLocation"
}
}
]
}
},
"EdxappServer":{
"Type":"AWS::AutoScaling::LaunchConfiguration",
"Metadata":{
"AWS::CloudFormation::Init":{
"config":{
"files":{
"/home/ubuntu/.s3cfg":{
"content":{
"Fn::Join":[
"",
[
"[default]\n",
"access_key = ",
{
"Ref":"HostKeys"
},
"\n",
"secret_key = ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
"\n",
"use_https = True\n"
]
]
},
"mode":"000644",
"owner":"ubuntu",
"group":"ubuntu"
}
}
}
}
},
"Properties":{
"SecurityGroups":[
{
"Ref":"EdxappServerSecurityGroup"
}
],
"ImageId":{
"Fn::FindInMap":[
"AWSRegionArch2AMI",
{
"Ref":"AWS::Region"
},
{
"Fn::FindInMap":[
"AWSInstanceType2Arch",
{
"Ref":"InstanceType"
},
"Arch"
]
}
]
},
"UserData":{
"Fn::Base64":{
"Fn::Join":[
"",
[
"#!/bin/bash\n",
"exec >> /home/ubuntu/cflog.log\n",
"exec 2>> /home/ubuntu/cflog.log\n",
"function error_exit\n",
"{\n",
" cfn-signal -e 1 -r \"$1\" '",
{
"Ref":"EdxServerWaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"apt-get -y update\n",
"apt-get -y install python-setuptools\n",
"echo \"Python Tools installed\" - `date` >> /home/ubuntu/cflog.txt\n",
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"echo \"Cloudformation Boostrap installed \" - `date` >> /home/ubuntu/cflog.txt\n",
"cfn-init --region ",
{
"Ref":"AWS::Region"
},
" -s ",
{
"Ref":"AWS::StackName"
},
" -r EdxappServer ",
" --access-key ",
{
"Ref":"HostKeys"
},
" --secret-key ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
" || error_exit 'Failed to run cfn-init'\n",
"echo \"cfn-init run \" - `date` >> /home/ubuntu/cflog.txt\n",
"# If all went well, signal success\n",
"cfn-signal -e $? -r 'Edx Server configuration' '",
{
"Ref":"EdxServerWaitHandle"
},
"'\n"
]
]
}
},
"KeyName":{
"Ref":"KeyName"
},
"InstanceType":{
"Ref":"InstanceType"
},
"BlockDeviceMappings":[
{
"DeviceName":"/dev/xvdb",
"Ebs":{
"VolumeSize":"50"
}
},
{
"DeviceName":"/dev/xvdc",
"Ebs":{
"VolumeSize":"50"
}
}
]
}
},
"EdxappServerASGroup":{
"Type":"AWS::AutoScaling::AutoScalingGroup",
"Properties":{
"AvailabilityZones":[
{
"Fn::GetAtt":[
"EdxappSubnet01",
"AvailabilityZone"
]
},
{
"Fn::GetAtt":[
"EdxappSubnet02",
"AvailabilityZone"
]
}
],
"VPCZoneIdentifier":[
{
"Ref":"EdxappSubnet01"
},
{
"Ref":"EdxappSubnet02"
}
],
"Tags":[
{
"Key":"group",
"Value":"edxapp",
"PropagateAtLaunch":true
},
{
"Key":"environment",
"Value":{
"Ref":"EnvironmentTag"
},
"PropagateAtLaunch":true
}
],
"LaunchConfigurationName":{
"Ref":"EdxappServer"
},
"MinSize":"2",
"MaxSize":"2",
"DesiredCapacity":{
"Ref":"EdxappDesiredCapacity"
},
"LoadBalancerNames":[
{
"Ref":"EdxappELB"
}
]
}
},
"EdxappServerScaleUpPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"EdxappServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"1"
}
},
"EdxappServerScaleDownPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"EdxappServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"-1"
}
},
"EdxappCPUAlarmHigh":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-up if CPU > 90% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"90",
"AlarmActions":[
{
"Ref":"EdxappServerScaleUpPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"EdxappServerASGroup"
}
}
],
"ComparisonOperator":"GreaterThanThreshold"
}
},
"EdxappCPUAlarmLow":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-down if CPU < 70% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"70",
"AlarmActions":[
{
"Ref":"EdxappServerScaleDownPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"EdxappServerASGroup"
}
}
],
"ComparisonOperator":"LessThanThreshold"
}
},
"EdxappELB":{
"Type":"AWS::ElasticLoadBalancing::LoadBalancer",
"Properties":{
"SecurityGroups":[
{
"Ref":"EdxappELBSecurityGroup"
}
],
"Listeners":[
{
"LoadBalancerPort":"80",
"InstancePort":{
"Ref":"WebServerPort"
},
"Protocol":"HTTP"
}
],
"HealthCheck":{
"Target":"TCP:22",
"HealthyThreshold":"3",
"UnhealthyThreshold":"5",
"Interval":"30",
"Timeout":"5"
},
"Subnets":[
{
"Ref":"PublicSubnet01"
}
]
}
},
"EdxappELBSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Enable HTTP access on port 80",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"EdxappServerSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Open up SSH access plus Edx Server required ports",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Ref":"SSHLocation"
}
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"EdxServerWaitHandle":{
"Type":"AWS::CloudFormation::WaitConditionHandle"
},
"EdxServerWaitCondition":{
"Type":"AWS::CloudFormation::WaitCondition",
"DependsOn":"EdxappServer",
"Properties":{
"Handle":{
"Ref":"EdxServerWaitHandle"
},
"Timeout":"1200"
}
},
"XqueueServer":{
"Type":"AWS::AutoScaling::LaunchConfiguration",
"Metadata":{
"AWS::CloudFormation::Init":{
"config":{
"files":{
"/home/ubuntu/.s3cfg":{
"content":{
"Fn::Join":[
"",
[
"[default]\n",
"access_key = ",
{
"Ref":"HostKeys"
},
"\n",
"secret_key = ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
"\n",
"use_https = True\n"
]
]
},
"mode":"000644",
"owner":"ubuntu",
"group":"ubuntu"
}
}
}
}
},
"Properties":{
"SecurityGroups":[
{
"Ref":"XqueueServerSecurityGroup"
}
],
"ImageId":{
"Fn::FindInMap":[
"AWSRegionArch2AMI",
{
"Ref":"AWS::Region"
},
{
"Fn::FindInMap":[
"AWSInstanceType2Arch",
{
"Ref":"InstanceType"
},
"Arch"
]
}
]
},
"UserData":{
"Fn::Base64":{
"Fn::Join":[
"",
[
"#!/bin/bash\n",
"exec >> /home/ubuntu/cflog.log\n",
"exec 2>> /home/ubuntu/cflog.log\n",
"function error_exit\n",
"{\n",
" cfn-signal -e 1 -r \"$1\" '",
{
"Ref":"XqueueServerWaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"apt-get -y update\n",
"apt-get -y install python-setuptools\n",
"echo \"Python Tools installed\" - `date` >> /home/ubuntu/cflog.txt\n",
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"echo \"Cloudformation Boostrap installed \" - `date` >> /home/ubuntu/cflog.txt\n",
"cfn-init --region ",
{
"Ref":"AWS::Region"
},
" -s ",
{
"Ref":"AWS::StackName"
},
" -r EdxappServer ",
" --access-key ",
{
"Ref":"HostKeys"
},
" --secret-key ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
" || error_exit 'Failed to run cfn-init'\n",
"echo \"cfn-init run \" - `date` >> /home/ubuntu/cflog.txt\n",
"# If all went well, signal success\n",
"cfn-signal -e $? -r 'Edx Server configuration' '",
{
"Ref":"XqueueServerWaitHandle"
},
"'\n"
]
]
}
},
"KeyName":{
"Ref":"KeyName"
},
"InstanceType":{
"Ref":"InstanceType"
},
"BlockDeviceMappings":[
{
"DeviceName":"/dev/xvdb",
"Ebs":{
"VolumeSize":"50"
}
},
{
"DeviceName":"/dev/xvdc",
"Ebs":{
"VolumeSize":"50"
}
}
]
}
},
"XqueueServerASGroup":{
"Type":"AWS::AutoScaling::AutoScalingGroup",
"Properties":{
"AvailabilityZones":[
{
"Fn::GetAtt":[
"XqueueSubnet01",
"AvailabilityZone"
]
},
{
"Fn::GetAtt":[
"XqueueSubnet02",
"AvailabilityZone"
]
}
],
"VPCZoneIdentifier":[
{
"Ref":"XqueueSubnet01"
},
{
"Ref":"XqueueSubnet02"
}
],
"Tags":[
{
"Key":"group",
"Value":"xqueue",
"PropagateAtLaunch":true
},
{
"Key":"environment",
"Value":{
"Ref":"EnvironmentTag"
},
"PropagateAtLaunch":true
}
],
"LaunchConfigurationName":{
"Ref":"XqueueServer"
},
"MinSize":"2",
"MaxSize":"2",
"DesiredCapacity":{
"Ref":"XqueueDesiredCapacity"
},
"LoadBalancerNames":[
{
"Ref":"XqueueELB"
}
]
}
},
"XqueueScaleUpPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"XqueueServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"1"
}
},
"XqueueScaleDownPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"XqueueServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"-1"
}
},
"XqueueCPUAlarmHigh":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-up if CPU > 90% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"90",
"AlarmActions":[
{
"Ref":"XqueueScaleUpPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"XqueueServerASGroup"
}
}
],
"ComparisonOperator":"GreaterThanThreshold"
}
},
"XqueueCPUAlarmLow":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-down if CPU < 70% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"70",
"AlarmActions":[
{
"Ref":"XqueueScaleDownPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"XqueueServerASGroup"
}
}
],
"ComparisonOperator":"LessThanThreshold"
}
},
"XqueueELB":{
"Type":"AWS::ElasticLoadBalancing::LoadBalancer",
"Properties":{
"SecurityGroups":[
{
"Ref":"XqueueELBSecurityGroup"
}
],
"Listeners":[
{
"LoadBalancerPort":"80",
"InstancePort":"80",
"Protocol":"HTTP"
},
{
"LoadBalancerPort":"443",
"InstancePort":"443",
"Protocol":"HTTP"
}
],
"HealthCheck":{
"Target":"TCP:22",
"HealthyThreshold":"3",
"UnhealthyThreshold":"5",
"Interval":"30",
"Timeout":"5"
},
"Subnets":[
{
"Ref":"PublicSubnet01"
}
]
}
},
"XqueueELBSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Enable HTTP access on port 80",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
},
{
"IpProtocol":"tcp",
"FromPort":"443",
"ToPort":"443",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"XqueueServerSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Open up SSH access plus Edx Server required ports",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":{
"Ref":"SSHLocation"
}
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"XqueueServerWaitHandle":{
"Type":"AWS::CloudFormation::WaitConditionHandle"
},
"XqueueServerWaitCondition":{
"Type":"AWS::CloudFormation::WaitCondition",
"DependsOn":"XqueueServer",
"Properties":{
"Handle":{
"Ref":"XqueueServerWaitHandle"
},
"Timeout":"1200"
}
},
"RabbitMQServer":{
"Type":"AWS::AutoScaling::LaunchConfiguration",
"Metadata":{
"AWS::CloudFormation::Init":{
"config":{
"files":{
"/home/ubuntu/.s3cfg":{
"content":{
"Fn::Join":[
"",
[
"[default]\n",
"access_key = ",
{
"Ref":"HostKeys"
},
"\n",
"secret_key = ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
"\n",
"use_https = True\n"
]
]
},
"mode":"000644",
"owner":"ubuntu",
"group":"ubuntu"
}
}
}
}
},
"Properties":{
"SecurityGroups":[
{
"Ref":"RabbitMQServerSecurityGroup"
}
],
"ImageId":{
"Fn::FindInMap":[
"AWSRegionArch2AMI",
{
"Ref":"AWS::Region"
},
{
"Fn::FindInMap":[
"AWSInstanceType2Arch",
{
"Ref":"InstanceType"
},
"Arch"
]
}
]
},
"UserData":{
"Fn::Base64":{
"Fn::Join":[
"",
[
"#!/bin/bash\n",
"exec >> /home/ubuntu/cflog.log\n",
"exec 2>> /home/ubuntu/cflog.log\n",
"function error_exit\n",
"{\n",
" cfn-signal -e 1 -r \"$1\" '",
{
"Ref":"RabbitMQServerWaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"apt-get -y update\n",
"apt-get -y install python-setuptools\n",
"echo \"Python Tools installed\" - `date` >> /home/ubuntu/cflog.txt\n",
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"echo \"Cloudformation Boostrap installed \" - `date` >> /home/ubuntu/cflog.txt\n",
"cfn-init --region ",
{
"Ref":"AWS::Region"
},
" -s ",
{
"Ref":"AWS::StackName"
},
" -r RabbitMQServer ",
" --access-key ",
{
"Ref":"HostKeys"
},
" --secret-key ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
" || error_exit 'Failed to run cfn-init'\n",
"echo \"cfn-init run \" - `date` >> /home/ubuntu/cflog.txt\n",
"# If all went well, signal success\n",
"cfn-signal -e $? -r 'Edx Server configuration' '",
{
"Ref":"RabbitMQServerWaitHandle"
},
"'\n"
]
]
}
},
"KeyName":{
"Ref":"KeyName"
},
"InstanceType":{
"Ref":"InstanceType"
},
"BlockDeviceMappings":[
{
"DeviceName":"/dev/xvdb",
"Ebs":{
"VolumeSize":"50"
}
},
{
"DeviceName":"/dev/xvdc",
"Ebs":{
"VolumeSize":"50"
}
}
]
}
},
"RabbitMQServerASGroup":{
"Type":"AWS::AutoScaling::AutoScalingGroup",
"Properties":{
"AvailabilityZones":[
{
"Fn::GetAtt":[
"RabbitSubnet01",
"AvailabilityZone"
]
},
{
"Fn::GetAtt":[
"RabbitSubnet02",
"AvailabilityZone"
]
}
],
"VPCZoneIdentifier":[
{
"Ref":"RabbitSubnet01"
},
{
"Ref":"RabbitSubnet02"
}
],
"Tags":[
{
"Key":"group",
"Value":"rabbitmq",
"PropagateAtLaunch":true
},
{
"Key":"environment",
"Value":{
"Ref":"EnvironmentTag"
},
"PropagateAtLaunch":true
}
],
"LaunchConfigurationName":{
"Ref":"RabbitMQServer"
},
"MinSize":"2",
"MaxSize":"2",
"DesiredCapacity":{
"Ref":"RabbitMQDesiredCapacity"
},
"LoadBalancerNames":[
{
"Ref":"RabbitMQELB"
}
]
}
},
"RabbitMQScaleUpPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"RabbitMQServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"1"
}
},
"RabbitMQScaleDownPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"RabbitMQServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"-1"
}
},
"RabbitMQCPUAlarmHigh":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-up if CPU > 90% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"90",
"AlarmActions":[
{
"Ref":"RabbitMQScaleUpPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"RabbitMQServerASGroup"
}
}
],
"ComparisonOperator":"GreaterThanThreshold"
}
},
"RabbitMQCPUAlarmLow":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-down if CPU < 70% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"70",
"AlarmActions":[
{
"Ref":"RabbitMQScaleDownPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"RabbitMQServerASGroup"
}
}
],
"ComparisonOperator":"LessThanThreshold"
}
},
"RabbitMQELB":{
"Type":"AWS::ElasticLoadBalancing::LoadBalancer",
"Properties":{
"Scheme":"internal",
"SecurityGroups":[
{
"Ref":"RabbitMQELBSecurityGroup"
}
],
"Listeners":[
{
"LoadBalancerPort":"5672",
"InstancePort":"5672",
"Protocol":"TCP"
},
{
"LoadBalancerPort":"6163",
"InstancePort":"6163",
"Protocol":"TCP"
}
],
"HealthCheck":{
"Target":"TCP:22",
"HealthyThreshold":"3",
"UnhealthyThreshold":"5",
"Interval":"30",
"Timeout":"5"
},
"Subnets":[
{
"Ref":"PublicSubnet01"
},
{
"Ref":"PublicSubnet02"
}
]
}
},
"RabbitMQELBSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Enable TCP access on rabbit ports",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"5672",
"ToPort":"5672",
"CidrIp":"10.0.0.0/16"
},
{
"IpProtocol":"tcp",
"FromPort":"6163",
"ToPort":"6163",
"CidrIp":"10.0.0.0/16"
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"5672",
"ToPort":"5672",
"CidrIp":"10.0.0.0/16"
},
{
"IpProtocol":"tcp",
"FromPort":"6163",
"ToPort":"6163",
"CidrIp":"10.0.0.0/16"
}
]
}
},
"RabbitMQServerSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Open up SSH access plus Edx Server required ports",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":"10.0.0.0/16"
},
{
"IpProtocol":"tcp",
"FromPort":"5672",
"ToPort":"5672",
"SourceSecurityGroupID" : {
"Ref" : "RabbitMQELBSecurityGroup"
}
},
{
"IpProtocol":"tcp",
"FromPort":"6163",
"ToPort":"6163",
"SourceSecurityGroupId" : {
"Ref" : "RabbitMQELBSecurityGroup"
}
}
]
}
},
"RabbitMQServerWaitHandle":{
"Type":"AWS::CloudFormation::WaitConditionHandle"
},
"RabbitMQServerWaitCondition":{
"Type":"AWS::CloudFormation::WaitCondition",
"DependsOn":"RabbitMQServer",
"Properties":{
"Handle":{
"Ref":"RabbitMQServerWaitHandle"
},
"Timeout":"1200"
}
},
"XServer":{
"Type":"AWS::AutoScaling::LaunchConfiguration",
"Metadata":{
"AWS::CloudFormation::Init":{
"config":{
"files":{
"/home/ubuntu/.s3cfg":{
"content":{
"Fn::Join":[
"",
[
"[default]\n",
"access_key = ",
{
"Ref":"HostKeys"
},
"\n",
"secret_key = ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
"\n",
"use_https = True\n"
]
]
},
"mode":"000644",
"owner":"ubuntu",
"group":"ubuntu"
}
}
}
}
},
"Properties":{
"SecurityGroups":[
{
"Ref":"XServerSecurityGroup"
}
],
"ImageId":{
"Fn::FindInMap":[
"AWSRegionArch2AMI",
{
"Ref":"AWS::Region"
},
{
"Fn::FindInMap":[
"AWSInstanceType2Arch",
{
"Ref":"InstanceType"
},
"Arch"
]
}
]
},
"UserData":{
"Fn::Base64":{
"Fn::Join":[
"",
[
"#!/bin/bash\n",
"exec >> /home/ubuntu/cflog.log\n",
"exec 2>> /home/ubuntu/cflog.log\n",
"function error_exit\n",
"{\n",
" cfn-signal -e 1 -r \"$1\" '",
{
"Ref":"XServerWaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"apt-get -y update\n",
"apt-get -y install python-setuptools\n",
"echo \"Python Tools installed\" - `date` >> /home/ubuntu/cflog.txt\n",
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"echo \"Cloudformation Boostrap installed \" - `date` >> /home/ubuntu/cflog.txt\n",
"cfn-init --region ",
{
"Ref":"AWS::Region"
},
" -s ",
{
"Ref":"AWS::StackName"
},
" -r XServer ",
" --access-key ",
{
"Ref":"HostKeys"
},
" --secret-key ",
{
"Fn::GetAtt":[
"HostKeys",
"SecretAccessKey"
]
},
" || error_exit 'Failed to run cfn-init'\n",
"echo \"cfn-init run \" - `date` >> /home/ubuntu/cflog.txt\n",
"# If all went well, signal success\n",
"cfn-signal -e $? -r 'Edx Server configuration' '",
{
"Ref":"XServerWaitHandle"
},
"'\n"
]
]
}
},
"KeyName":{
"Ref":"KeyName"
},
"InstanceType":{
"Ref":"InstanceType"
},
"BlockDeviceMappings":[
{
"DeviceName":"/dev/xvdb",
"Ebs":{
"VolumeSize":"50"
}
},
{
"DeviceName":"/dev/xvdc",
"Ebs":{
"VolumeSize":"50"
}
}
]
}
},
"XServerASGroup":{
"Type":"AWS::AutoScaling::AutoScalingGroup",
"Properties":{
"AvailabilityZones":[
{
"Fn::GetAtt":[
"XServerSubnet01",
"AvailabilityZone"
]
},
{
"Fn::GetAtt":[
"XServerSubnet02",
"AvailabilityZone"
]
}
],
"VPCZoneIdentifier":[
{
"Ref":"XServerSubnet01"
},
{
"Ref":"XServerSubnet02"
}
],
"Tags":[
{
"Key":"group",
"Value":"xserver",
"PropagateAtLaunch":true
},
{
"Key":"environment",
"Value":{
"Ref":"EnvironmentTag"
},
"PropagateAtLaunch":true
}
],
"LaunchConfigurationName":{
"Ref":"XServer"
},
"MinSize":"2",
"MaxSize":"2",
"DesiredCapacity":{
"Ref":"XServerDesiredCapacity"
},
"LoadBalancerNames":[
{
"Ref":"XServerELB"
}
]
}
},
"XServerScaleUpPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"XServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"1"
}
},
"XServerScaleDownPolicy":{
"Type":"AWS::AutoScaling::ScalingPolicy",
"Properties":{
"AdjustmentType":"ChangeInCapacity",
"AutoScalingGroupName":{
"Ref":"XServerASGroup"
},
"Cooldown":"60",
"ScalingAdjustment":"-1"
}
},
"XServerCPUAlarmHigh":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-up if CPU > 90% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"90",
"AlarmActions":[
{
"Ref":"XServerScaleUpPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"XServerASGroup"
}
}
],
"ComparisonOperator":"GreaterThanThreshold"
}
},
"XServerCPUAlarmLow":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Scale-down if CPU < 70% for 10 minutes",
"MetricName":"CPUUtilization",
"Namespace":"AWS/EC2",
"Statistic":"Average",
"Period":"300",
"EvaluationPeriods":"2",
"Threshold":"70",
"AlarmActions":[
{
"Ref":"XServerScaleDownPolicy"
}
],
"Dimensions":[
{
"Name":"AutoScalingGroupName",
"Value":{
"Ref":"XServerASGroup"
}
}
],
"ComparisonOperator":"LessThanThreshold"
}
},
"XServerELB":{
"Type":"AWS::ElasticLoadBalancing::LoadBalancer",
"Properties":{
"Scheme":"internal",
"SecurityGroups":[
{
"Ref":"XServerELBSecurityGroup"
}
],
"Listeners":[
{
"LoadBalancerPort":"5672",
"InstancePort":"5672",
"Protocol":"TCP"
},
{
"LoadBalancerPort":"6163",
"InstancePort":"6163",
"Protocol":"TCP"
}
],
"HealthCheck":{
"Target":"TCP:22",
"HealthyThreshold":"3",
"UnhealthyThreshold":"5",
"Interval":"30",
"Timeout":"5"
},
"Subnets":[
{
"Ref":"PublicSubnet01"
},
{
"Ref":"PublicSubnet02"
}
]
}
},
"XServerELBSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Enable TCP access on xserver ports",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"10.0.0.0/16"
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"10.0.0.0/16"
}
]
}
},
"XServerSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Open up SSH access plus XServer required ports",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp":"10.0.0.0/16"
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp":"10.0.0.0/16"
},
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"SourceSecurityGroupId" : {
"Ref" : "XServerELBSecurityGroup"
}
}
]
}
},
"XServerWaitHandle":{
"Type":"AWS::CloudFormation::WaitConditionHandle"
},
"XServerWaitCondition":{
"Type":"AWS::CloudFormation::WaitCondition",
"DependsOn":"XServer",
"Properties":{
"Handle":{
"Ref":"XServerWaitHandle"
},
"Timeout":"1200"
}
},
"EdxDataSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Open up access to the data subnet",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"3306",
"ToPort":"3306",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"EdxDBSubnetGroup":{
"Type":"AWS::RDS::DBSubnetGroup",
"Properties":{
"DBSubnetGroupDescription":"Subnets available for the RDS DB Instance",
"SubnetIds":[
{
"Ref":"Data01"
},
{
"Ref":"Data02"
}
]
}
},
"DBSecurityGroup":{
"Type":"AWS::RDS::DBSecurityGroup",
"Properties":{
"EC2VpcId":{
"Ref":"EdxVPC"
},
"DBSecurityGroupIngress":[
{
"EC2SecurityGroupId":{
"Ref":"EdxappServerSecurityGroup"
}
}
],
"GroupDescription":"Data access"
}
},
"EdxDB":{
"Type":"AWS::RDS::DBInstance",
"Properties":{
"DBName":{
"Ref":"DBName"
},
"AllocatedStorage":{
"Ref":"DBAllocatedStorage"
},
"DBInstanceClass":{
"Ref":"DBClass"
},
"Engine":"MySQL",
"EngineVersion":"5.5",
"MasterUsername":{
"Ref":"DBUsername"
},
"MasterUserPassword":{
"Ref":"DBPassword"
},
"DBSubnetGroupName":{
"Ref":"EdxDBSubnetGroup"
},
"DBSecurityGroups":[
{
"Ref":"DBSecurityGroup"
}
],
"MultiAZ":"true"
}
},
"CacheSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Access to the elastic cache cluster",
"VpcId":{
"Ref":"EdxVPC"
},
"SecurityGroupIngress":[
{
"IpProtocol":"tcp",
"FromPort":"12345",
"ToPort":"12345",
"SourceSecurityGroupId":{
"Ref":"EdxappELBSecurityGroup"
}
}
]
}
}
},
"Outputs":{
"EdxSecurityGroup":{
"Description":"EC2 Security Group with access to the Edx server",
"Value":{
"Ref":"EdxappServerSecurityGroup"
}
},
"DatabaseConfigurationString":{
"Description":"JDBC connection string for database",
"Value":{
"Fn::Join":[
"",
[
"'DATABASES': {\n",
" 'default': {\n",
" 'ENGINE': 'django.db.backends.mysql',\n",
" 'NAME': '",
{
"Ref":"DBName"
},
"',\n",
" 'USER': '",
{
"Ref":"DBUsername"
},
"',\n",
" 'PASSWORD': '",
{
"Ref":"DBPassword"
},
"',\n",
" 'HOST': '",
{
"Fn::GetAtt":[
"EdxDB",
"Endpoint.Address"
]
},
"'\n",
" 'PORT': '",
{
"Fn::GetAtt":[
"EdxDB",
"Endpoint.Port"
]
},
"'\n",
" }\n",
"}\n"
]
]
}
},
"ElasticCacheCreateSubnetGroupCommand":{
"Description":"Commands to be run to create the elatic cache. Creation isn't fully supported in CF today.",
"Value":{
"Fn::Join":[
"",
[
"elasticache-create-cache-subnet-group",
" ",
{
"Ref":"EdxVPC"
},
"_ElasticCacheSubnetGroup --description 'VPC ElasticCache Subnet Group'",
"--subnet-ID-list",
" ",
{
"Ref":"Cache01"
},
" ",
{
"Ref":"Cache02"
}
]
]
}
},
"ElasticCacheCreateCacheClusterCommand":{
"Description":"Foo",
"Value":{
"Fn::Join":[
"",
[
"elasticache-create-cache-cluster",
" ",
{
"Ref":"EdxVPC"
},
"_ElacticCacheCluster --num-cache-nodes ",
{
"Ref":"NumberOfCacheNodes"
},
" --cache-node-type ",
{
"Ref":"CacheNodeType"
},
" --engine memcached --engine-version 1.4.5 --port 12345 --preferred-availability-zone us-east-1b",
" --cache-parameter-group-name default.memcached1.4 --auto-minor-version-upgrade true",
" --cache-subnet-group-name ElasticCacheSubnetGroup",
"bar"
]
]
}
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment