From 272d3a0f8ceef23efeadc00138a41a8e969144ca Mon Sep 17 00:00:00 2001 From: Msudeep6 Date: Thu, 17 Oct 2019 16:12:52 +0530 Subject: [PATCH 1/2] cft template for vpc --- vpc.yml | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 vpc.yml diff --git a/vpc.yml b/vpc.yml new file mode 100644 index 0000000..f3885ff --- /dev/null +++ b/vpc.yml @@ -0,0 +1,156 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'cloudformation template for creating vpc' +Resources: + myVPC: + Type: AWS::EC2::VPC + Properties: + CidrBlock: 10.0.0.0/16 + EnableDnsSupport: true + Tags: + - Key: Name + Value: myvpc +#creating subnets + ibexpubsub1: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: us-east-1a + VpcId: !Ref myVPC + CidrBlock: 10.0.0.0/22 + Tags: + - Key: Name + Value: ibex-pub-sub1 + ibexpubsub2: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: us-east-1b + VpcId: !Ref myVPC + CidrBlock: 10.0.4.0/22 + Tags: + - Key: Name + Value: ibex-pub-sub2 + ibexprivsub1: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: us-east-1c + VpcId: !Ref myVPC + CidrBlock: 10.0.8.0/21 + Tags: + - Key: Name + Value: ibex-priv-sub1 + ibexprivsub2: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: us-east-1d + VpcId: !Ref myVPC + CidrBlock: 10.0.16.0/20 + Tags: + - Key: Name + Value: ibex-priv-sub2 +#creating a route tables + privateroutetable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref myVPC + Tags: + - Key: keyname + Value: value + publicroutetable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref myVPC + Tags: + - Key: keyname + Value: value +#making route table assosiation + publicrouteTableAssocName1: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref ibexpubsub1 + RouteTableId: !Ref publicroutetable + publicrouteTableAssocName2: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref ibexpubsub2 + RouteTableId: !Ref publicroutetable + privaterouteTableAssocName1: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref ibexprivsub1 + RouteTableId: !Ref privateroutetable + privaterouteTableAssocName2: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref ibexprivsub2 + RouteTableId: !Ref privateroutetable +#creating IGW + igw: + Type: AWS::EC2::InternetGateway + Properties: + Tags: + - Key: Name + Value: igw + AttachGateway: + Type: AWS::EC2::VPCGatewayAttachment + Properties: + VpcId: !Ref myVPC + InternetGatewayId: !Ref igw +#attaching a IGW + igwrouteName: + Type: AWS::EC2::Route + Properties: + RouteTableId: !Ref publicroutetable + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref igw +#creating Elastic IP for NAT gateway + eip: + Type: "AWS::EC2::EIP" + Properties: + Domain: vpc +#creating NAT gateway + natgateway: + Type: "AWS::EC2::NatGateway" + Properties: + AllocationId: !GetAtt 'eip.AllocationId' + SubnetId: !Ref ibexpubsub1 #required +#attaching NAT gateway + NATrouteName: + Type: AWS::EC2::Route + Properties: + RouteTableId: !Ref privateroutetable + DestinationCidrBlock: 0.0.0.0/0 + NatGatewayId: !Ref natgateway +#creating network acl for publicsubnet + NaclId: + Type: "AWS::EC2::NetworkAcl" + Properties: + VpcId: !Ref myVPC #required + Naclassosiationpub: + Type: "AWS::EC2::NetworkAclEntry" + Properties: + CidrBlock: 0.0.0.0/0 #required + Egress: 'true' + NetworkAclId: !Ref NaclId #required + Protocol: '-1' #required + RuleAction: allow #required + RuleNumber: '100' #required + LogicalID: + Type: "AWS::EC2::SubnetNetworkAclAssociation" + Properties: + NetworkAclId: !Ref NaclId #required + SubnetId: !Ref ibexprivsub1 #required + LogicalID: + Type: "AWS::EC2::SubnetNetworkAclAssociation" + Properties: + NetworkAclId: !Ref NaclId #required + SubnetId: !Ref ibexprivsub2 #required + LogicalID: + Type: "AWS::EC2::SubnetNetworkAclAssociation" + Properties: + NetworkAclId: !Ref NaclId #required + SubnetId: !Ref ibexpubsub1 #required + LogicalID: + Type: "AWS::EC2::SubnetNetworkAclAssociation" + Properties: + NetworkAclId: !Ref NaclId #required + SubnetId: !Ref ibexpubsub2 #required From b64d2553df37a9b0207d47f97a981295fd727763 Mon Sep 17 00:00:00 2001 From: Msudeep6 Date: Tue, 19 Nov 2019 11:18:22 +0530 Subject: [PATCH 2/2] added templates --- ebkawasaki.yml | 256 ++++++++++++++++++++++++++++++++++++++++++++++ ec2jenkins.yml | 268 +++++++++++++++++++++++++++++++++++++++++++++++++ efs.yml | 71 +++++++++++++ rds.yml | 53 ++++++++++ vpcfinal.yml | 242 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 890 insertions(+) create mode 100644 ebkawasaki.yml create mode 100644 ec2jenkins.yml create mode 100644 efs.yml create mode 100644 rds.yml create mode 100644 vpcfinal.yml diff --git a/ebkawasaki.yml b/ebkawasaki.yml new file mode 100644 index 0000000..69b549c --- /dev/null +++ b/ebkawasaki.yml @@ -0,0 +1,256 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'Create an ElasticBeanstalk Application, Environment and deploy the samplephp file from S3 bucket' +Parameters: + KeyPair: + Description: Select Key pair + Type: AWS::EC2::KeyPair::KeyName + VpcId: + Description: Select VPC + Type: AWS::EC2::VPC::Id + SubnetId: + Description: Select EB-Instance Subnet + Type: AWS::EC2::Subnet::Id + pubsubnet: + Description: Select Bastion Subnet + Type: AWS::EC2::Subnet::Id + ElbSubnets: + Type: List + Description: Select two public subnets in different Availability Zones! + InstanceType: + Description: WebServer EC2 instance type + Type: String + Default: t2.micro + AllowedValues: + - t1.micro + - t2.nano + - t2.micro + - t2.small + - t2.medium + KeyPair: + Description: Select Key pair + Type: AWS::EC2::KeyPair::KeyName + ELBCrossZone: + Type: String + Description: Configure the load balancer to route traffic evenly across all instances + in all Availability Zones rather than only within each zone. + AllowedValues: + - 'true' + - 'false' + Default: 'true' + ApplicationName: + Type: String + Description: 'Name of the ElasticBeanstalk Application' + Default: eb-cft + ApplicationDescription: + Type: String + Description: 'Discreption of the ElasticBeanstalk Application' + Default: eb-cft-with-wordpress + ApplicationS3Bucket: + Description: Application path in s3 + Type: String + Default: wpres-wpres + ApplicationS3Artifact: + Description: Application artifact file ebcft.zip + Type: String + Default: wordpresstest.zip +###################################################### +## RegionMap: + # us-west-2: + # AMI: ami-0a85857bfc5345c38 + #us-east-1: + # AMI: ami-00dc79254d0461090 + #us-west-1: + # AMI: ami-024c80694b5b3e51a +###################################################### +Resources: + BastionSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: Security Group for EC2 to allow SSH from Bastion and expose HTTP 80 + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + CidrIp: 0.0.0.0/0 + VpcId: !Ref VpcId + Tags: + - Key: Name + Value: Bastion-sg + EBSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: Security Group for EC2 to allow SSH from Bastion and expose HTTP 80 + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '80' + ToPort: '80' + SourceSecurityGroupId: !Ref ALBSecurityGroup + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + SourceSecurityGroupId: !Ref ALBSecurityGroup + VpcId: !Ref VpcId + Tags: + - Key: Name + Value: Eb-instance-sg + ALBSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: SecurityGroup for ElasticBeanstalk Balancer + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '80' + ToPort: '80' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '443' + ToPort: '443' + CidrIp: 0.0.0.0/0 + VpcId: + Ref: VpcId + Tags: + - Key: Name + Value: ALB-Sg +​ MyEC2Instance: + Type: "AWS::EC2::Instance" + Properties: + InstanceType: t2.micro + KeyName: !Ref KeyPair + ImageId: ami-0a85857bfc5345c38 + SubnetId: !Ref pubsubnet + SecurityGroupIds: + - Ref: BastionSecurityGroup + Tags: + - Key: Name + Value: Kawasaki-Bastion-host +​ #Elatsic beanstalk + WPApplication: + Type: AWS::ElasticBeanstalk::Application + Properties: + ApplicationName: !Ref ApplicationName + Description: !Ref ApplicationDescription +​ WordpressVersion: + Type: AWS::ElasticBeanstalk::ApplicationVersion + Properties: + Description: "1.0.0" + ApplicationName: + Ref: WPApplication + SourceBundle: + S3Bucket: !Ref ApplicationS3Bucket + S3Key: !Ref ApplicationS3Artifact + WordpressConfigTemplate: + Type: AWS::ElasticBeanstalk::ConfigurationTemplate + Properties: + ApplicationName: + Ref: WPApplication + Description: AWS Elastic Beanstalk Environment running Wordpress Application + EnvironmentId: '' + SolutionStackName: 64bit Amazon Linux 2018.03 v2.9.0 running PHP 7.3 + OptionSettings: + - Namespace: aws:autoscaling:asg + OptionName: MinSize + Value: "1" + - Namespace: aws:autoscaling:asg + OptionName: MaxSize + Value: "4" + - Namespace: aws:autoscaling:launchconfiguration + OptionName: InstanceType + Value: + Ref: InstanceType + - Namespace: aws:autoscaling:launchconfiguration + OptionName: SSHSourceRestriction + Value: + Fn::Join: + - '' + - - tcp,22,22, + - Ref: BastionSecurityGroup + - Namespace: aws:elasticbeanstalk:container:php:phpini + OptionName: document_root + Value: '/wordpress' + - Namespace: aws:autoscaling:launchconfiguration + OptionName: RootVolumeType + Value: gp2 + - Namespace: aws:autoscaling:launchconfiguration + OptionName: RootVolumeSize + Value: "10" + - Namespace: aws:autoscaling:launchconfiguration + OptionName: SecurityGroups + Value: + Ref: EBSecurityGroup + - Namespace: aws:autoscaling:launchconfiguration + OptionName: EC2KeyName + Value: + Ref: KeyPair + - Namespace: aws:autoscaling:trigger + OptionName: BreachDuration + Value: "4" + - Namespace: aws:autoscaling:trigger + OptionName: LowerBreachScaleIncrement + Value: "-1" + - Namespace: aws:autoscaling:trigger + OptionName: LowerThreshold + Value: "40" + - Namespace: aws:autoscaling:trigger + OptionName: MeasureName + Value: CPUUtilization + - Namespace: aws:autoscaling:trigger + OptionName: MeasureName + Value: CPUUtilization + - Namespace: aws:autoscaling:trigger + OptionName: Statistic + Value: Average + - Namespace: aws:autoscaling:trigger + OptionName: Unit + Value: Percent + - Namespace: aws:ec2:vpc + OptionName: VPCId + Value: + Ref: VpcId + - Namespace: aws:ec2:vpc + OptionName: Subnets + Value: + Ref: SubnetId + - Namespace: aws:ec2:vpc + OptionName: ELBSubnets + Value: !Join [",", [!Select [0, !Ref ElbSubnets], !Select [1, !Ref ElbSubnets]]] + - Namespace: aws:elasticbeanstalk:environment + OptionName: LoadBalancerType + Value: application + - Namespace: aws:autoscaling:launchconfiguration + OptionName: IamInstanceProfile + Value: aws-elasticbeanstalk-ec2-role + - Namespace: aws:elb:loadbalancer + OptionName: SecurityGroups + Value: + Ref: ALBSecurityGroup + - Namespace: aws:elbv2:listenerrule:default + OptionName: PathPatterns + Value: "/*" + - Namespace: aws:elbv2:listenerrule:default2 + OptionName: PathPatterns + Value: "/*" + Value: default2 + - Namespace: aws:elbv2:listenerrule:default + OptionName: Priority + Value: "1" + - Namespace: aws:elbv2:listenerrule:default2 + OptionName: Priority + Value: "2" + - Namespace: aws:elbv2:listener:default + OptionName: ListenerEnabled + Value: "true" +​ + WordpressEnvironment: + Type: AWS::ElasticBeanstalk::Environment + Properties: + ApplicationName: + Ref: WPApplication + EnvironmentName: Php-cft-test-EB + Description: AWS Elastic Beanstalk Environment running Wordpress Application. + TemplateName: + Ref: WordpressConfigTemplate + VersionLabel: + Ref: WordpressVersion +####################################################################################### + \ No newline at end of file diff --git a/ec2jenkins.yml b/ec2jenkins.yml new file mode 100644 index 0000000..bacbee0 --- /dev/null +++ b/ec2jenkins.yml @@ -0,0 +1,268 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'template for jenkins server' + +Parameters: + cidr: + Type: String + Default: 10.0.0.0/16 + subnetcount: + Type: String + Default: "4" + subnetmask: + Type: String + Default: "8" + keyName: + Type: AWS::EC2::KeyPair::KeyName + Description: select keypair foe ec2 insance + +Mappings: + RegionMap: + us-east-1: #n.verginia + amiID: ami-00dc79254d0461090 + us-west-1: #n.california + amiID: ami-024c80694b5b3e51a + us-west-2: #oregon + amiID: ami-0a85857bfc5345c38 + +Resources: + jenkinsserver: + Type: "AWS::EC2::Instance" + Properties: + ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", amiID] + InstanceType: t2.micro + KeyName: !Ref keyName + SecurityGroupIds: + - !Ref jenkinssecGroup + SubnetId: !Ref privsubnet1 + Tags: + - Key: Name + Value: jenkins-server + UserData: + "Fn::Base64": + !Sub | + #!/bin/bash + sud yum -y update + sudo yum remove java-1.7.0-openjdk -y + sudo yum install java-1.8.0 -y + sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo + sudo rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key + sudo yum clean all + sudo yum update -y + sudo yum install jenkins -y + sudo systemctl start jenkins + sudo systemctl enable jenkins + +#creating security group for Jenkins server + jenkinssecGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupName: jenkins security groups + GroupDescription: security group for jenkins server + VpcId: !Ref myVPC + SecurityGroupIngress: + + - ToPort: '8080' + IpProtocol: tcp + CidrIp: 0.0.0.0/0 + FromPort: '8080' + + - ToPort: '80' + IpProtocol: tcp + CidrIp: 0.0.0.0/0 + FromPort: '80' + + - ToPort: '22' + IpProtocol: tcp + CidrIp: 0.0.0.0/0 + FromPort: '22' + + - ToPort: '443' + IpProtocol: tcp + CidrIp: 0.0.0.0/0 + FromPort: '443' + + Tags: + - Key: Name + Value: jenkins-sg +#creating a vpc + myVPC: + Type: AWS::EC2::VPC + Properties: + CidrBlock: !Ref cidr + EnableDnsSupport: true + EnableDnsHostnames: true + Tags: + - Key: Name + Value: Ops-Kawasaki-Dev-VPC +#creating subnets + pubsubnet1: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 0 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [0, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Ops-Dev-PubSub1 + pubsubnet2: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 1 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [1, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Ops-Dev-PubSub2 + privsubnet1: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 0 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [2, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Ops-Dev-PrivSub1 + privsubnet2: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 1 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [3, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Ops-Dev-PrivSub + + + + +#creating route tables + + publicrouteTable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref myVPC + Tags: + - Key: Name + Value: Ops-PublicrouteTable + privaterouteTable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref myVPC + Tags: + - Key: Name + Value: Ops-PrivaterouteTable +#creating route table association + pubrouteTableAssoc1: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref pubsubnet1 + RouteTableId: !Ref publicrouteTable + pubrouteTableAssoc2: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref pubsubnet2 + RouteTableId: !Ref publicrouteTable + privrouteTableAssoc1: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet1 + RouteTableId: !Ref privaterouteTable + privrouteTableAssoc2: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet2 + RouteTableId: !Ref privaterouteTable +#creating an internet gateway + igwName: + Type: AWS::EC2::InternetGateway + Properties: + Tags: + - Key: Name + Value: IGWName-Kawasaki + AttachGateway: + Type: AWS::EC2::VPCGatewayAttachment + Properties: + VpcId: !Ref myVPC + InternetGatewayId: !Ref igwName +#attaching igw + igwroute: + Type: AWS::EC2::Route + Properties: + RouteTableId: !Ref publicrouteTable + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref igwName +#creating Eip gateway + eip: + Type: AWS::EC2::EIP + Properties: + Domain: !Ref myVPC +#creating nat gateway + natID: + Type: "AWS::EC2::NatGateway" + Properties: + AllocationId: !GetAtt 'eip.AllocationId' #required + SubnetId: !Ref pubsubnet1 #required +#attacing nat gateway + natroute: + Type: AWS::EC2::Route + Properties: + RouteTableId: !Ref privaterouteTable + DestinationCidrBlock: 0.0.0.0/0 + NatGatewayId: !Ref natID +#creatin load balncer for jenkins server + #elasticlaodbalncer: + #Type: "AWS::ElasticLoadBalancingV2::LoadBalancer" + #Properties: + #IpAddressType: ipv4 + #Scheme: internet-facing + #Subnets: + #- !Ref pubsubnet1 + #- !Ref pubsubnet2 + #ags: + #- Key: Name + #Value: Ops-jenkins-ALB + #Type: application +#creating target group for Load Blancer + #targetgroup: + #Type: "AWS::ElasticLoadBalancingV2::TargetGroup" + #Properties: + #HealthCheckEnabled: true + #HealthCheckPath: / + #HealthCheckPort: '80' + #HealthCheckProtocol: HTTP + #Port: '80' + #Protocol: HTTP + #TargetType: instance + #Targets: + #- ID: !Ref jenkinsserver + #VpcId: !Ref myVPC +#creatting listners + #listner: + #Type: "AWS::ElasticLoadBalancingV2::Listener" + #Properties: + #DefaultActions: #required + #- Type: forward + #TargetGroupArn: !Ref jenkinsserver + #LoadBalancerArn: String #required + #Port: 80 #required + #Protocol: HTTP #required + + +#Outputs: + #jenkinspasswords: + # Description: 1st time password of jeninks user + #Value: !Ref JenkinsPassword= +################################################################# \ No newline at end of file diff --git a/efs.yml b/efs.yml new file mode 100644 index 0000000..909ca7f --- /dev/null +++ b/efs.yml @@ -0,0 +1,71 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'Master stack: PathToMasterStackFile' + +Parameters: + myVPC: + Description: select the vpc + Type: AWS::EC2::VPC::Id + subnet: + Description: select the subnet + Type: AWS::EC2::Subnet::Id + #amiid: + #Description: select the amiid + #Type: AWS::EC2::Image::Id + #Default: ami-0a85857bfc5345c38 + #pemkey: + #Description: SELSECT THE PEM Key + #Type: AWS::EC2::KeyPair::KeyName + efssubnet: + Description: select the subnets for elastic file storage + Type: List + Default: subnet-0fab349ad05af4898 +Resources: + #myEC2Instance: + #Type: AWS::EC2::Instance + #Properties: + #KeyName: !Ref pemkey + #DisableApiTermination: false + #ImageId: !Ref amiid + #InstanceType: t2.micro + #Monitoring: false + #SubnetId: !Ref subnet + #UserData: + #Fn::Base64: !Sub | + #!/bin/bash -xe + # put your script here + #sudo yum install -y amazon-efs-utils + #sudo mkdir efs + #sudo mount -t efs fs-6955b0c3.efs.us-west-2.amazonaws.com:/ efs + #SecurityGroupIds: + #- Ref: SimpleInstanceSgS + SimpleInstanceSg: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: Enable SSH access via port 22 + VpcId: !Ref myVPC + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + CidrIp: 0.0.0.0/0 +# creating efs + efs: + Type: "AWS::EFS::FileSystem" + Properties: + Encrypted: false + PerformanceMode: generalPurpose + ThroughputMode: bursting +#creating mount target + mountefs: + Type: "AWS::EFS::MountTarget" + Properties: + FileSystemId: !Ref efs #required + SecurityGroups: #required + - !Ref SimpleInstanceSg + SubnetId: subnet-0fab349ad05af4898 #required + ################## diff --git a/rds.yml b/rds.yml new file mode 100644 index 0000000..19faef8 --- /dev/null +++ b/rds.yml @@ -0,0 +1,53 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'rds' + +Parameters: + securitygroup: + Type: AWS::EC2::SecurityGroup::Id + Description: selsect same vpc securtiy group + masterpass: + Type: string + Description: enter password for admin + adminName: + Type: string + Description: enter the admin name + + +Resources: + DBID: + Type: "AWS::RDS::DBInstance" + Properties: + DBInstanceClass: db.m1 #required + DBName: MySQL + DBSecurityGroups: + - !Ref DBsecGroupName + Engine: MySQL + EngineVersion: 10.3.13 + MasterUserPassword: !Ref masterpass + MasterUsername: !Ref adminName + MultiAZ: true + PubliclyAccessible: false + VPCSecurityGroups: + - !Ref securitygroup + + #creating security group for rds + DBsecGroupName: + Type: AWS::EC2::SecurityGroup + Properties: + GroupName: + GroupDescription: + VpcId: + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: '22' + ToPort: '22' + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: '3306' + ToPort: '3306' + CidrIp: 0.0.0.0/0 + + Tags: + - Key: Name + Value: Kawasaki-RDS \ No newline at end of file diff --git a/vpcfinal.yml b/vpcfinal.yml new file mode 100644 index 0000000..e6ada91 --- /dev/null +++ b/vpcfinal.yml @@ -0,0 +1,242 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: 'vpc with 6-privae & 3-public subnets' + +Parameters: + + pemkey: + Type: AWS::EC2::KeyPair::KeyName + Description: select your pem key + cidr: + Type: String + Default: 10.0.0.0/16 + subnetcount: + Type: String + Default: "9" + subnetmask: + Type: String + Default: "8" +Resources: +#creating a vpc + myVPC: + Type: AWS::EC2::VPC + Properties: + CidrBlock: !Ref cidr + EnableDnsSupport: true + EnableDnsHostnames: true + Tags: + - Key: Name + Value: Saga-Dev-VPC +#creating subnets + pubsubnet1: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 0 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [0, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PubSub1 + pubsubnet2: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 1 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [1, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PubSub2 + pubsubnet3: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 2 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [2, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PubSub3 + privsubnet1: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 0 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [3, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PrivSub1 + privsubnet2: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 1 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [4, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PrivSub2 + privsubnet3: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 2 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [5, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PrivSub3 + privsubnet4: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 3 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [6, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PrivSub4 + privsubnet5: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 4 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [7, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PrivSub5 + privsubnet6: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select + - 5 + - !GetAZs "" + MapPublicIpOnLaunch: true + VpcId: !Ref myVPC + CidrBlock: !Select [8, !Cidr [!Ref cidr, !Ref subnetcount, !Ref subnetmask]] + Tags: + - Key: Name + Value: Saga-Dev-PrivSub6 + + + +#creating route tables + + publicrouteTable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref myVPC + Tags: + - Key: Name + Value: Kawasaki-PublicrouteTable + privaterouteTable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !Ref myVPC + Tags: + - Key: Name + Value: Kawasaki-PrivaterouteTable +#creating route table association + pubrouteTableAssoc1: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref pubsubnet1 + RouteTableId: !Ref publicrouteTable + pubrouteTableAssoc2: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref pubsubnet2 + RouteTableId: !Ref publicrouteTable + pubrouteTableAssoc3: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref pubsubnet3 + RouteTableId: !Ref publicrouteTable + privrouteTableAssoc1: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet1 + RouteTableId: !Ref privaterouteTable + privrouteTableAssoc2: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet2 + RouteTableId: !Ref privaterouteTable + privrouteTableAssoc3: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet3 + RouteTableId: !Ref privaterouteTable + privrouteTableAssoc4: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet4 + RouteTableId: !Ref privaterouteTable + privrouteTableAssoc5: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet5 + RouteTableId: !Ref privaterouteTable + privrouteTableAssoc6: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + SubnetId: !Ref privsubnet6 + RouteTableId: !Ref privaterouteTable +#creating an internet gateway + igwName: + Type: AWS::EC2::InternetGateway + Properties: + Tags: + - Key: Name + Value: igw-saga + AttachGateway: + Type: AWS::EC2::VPCGatewayAttachment + Properties: + VpcId: !Ref myVPC + InternetGatewayId: !Ref igwName +#attaching igw + igwroute: + Type: AWS::EC2::Route + Properties: + RouteTableId: !Ref publicrouteTable + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref igwName +#creating Eip gateway + eip: + Type: AWS::EC2::EIP + Properties: + Domain: !Ref myVPC +#creating nat gateway + natID: + Type: "AWS::EC2::NatGateway" + Properties: + AllocationId: !GetAtt 'eip.AllocationId' #required + SubnetId: !Ref pubsubnet1 #required +#attacing nat gateway + natroute: + Type: AWS::EC2::Route + Properties: + RouteTableId: !Ref privaterouteTable + DestinationCidrBlock: 0.0.0.0/0 + NatGatewayId: !Ref natID + +