This repository has been archived by the owner on Jul 7, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 12
/
webapp.yaml
217 lines (183 loc) · 5.51 KB
/
webapp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# Avoid repeating yourself, include other YAML files here.
includes:
# route_tables: /path/to/common_route_tables_layout.yaml
# subnets: /path/to/webapp_subnets.yaml
# import the amis stanza from amis.yaml.
amis: nested/amis.yaml
# CIDR block to create the VPC.
# for example, when creating new vpc, use -e 'vpc_cidr=192.168.21.0/24'
vpc_cidr: {{ vpc_cidr }}
# Sometimes you want to pay a bunch of money for a dedicated hypervisor.
# set vpc_tenancy to 'dedicated' or 'default' or not at all.
#vpc_tenancy: {{ vpc_tenancy | default('default') }}
# optional way to add tags (key:value) to all resources.
tags:
env: dev
inspector: true
# DHCP Options Set
dhcp_options:
# max. of 4 domain name servers can be given
domain-name-servers:
- AmazonProvidedDNS
- 8.8.8.8
# VPN Gateway ID to attach to VPC,
# by default associated routes will be propagated
#vpn_gateway:
# id: 'vgw-xxxxxxxx'
# This is an example route_tables schema.
route_tables:
# private network without a default route to the Internet.
private:
main: true
routes:
#- ['10.0.0.0/8', 'vpn_gateway']
- ['0.0.0.0/0', 'nat']
# public network with a default route to the Internet.
public:
routes:
- ['0.0.0.0/0', 'internet_gateway']
# This is an example of a 4 subnet schema.
# Each subnet has a size of 27 which is a /27 CIDR (32 addresses).
# Two are attached to the private route_table, and two to the public.
# We round robin AZ letters if availability_zone is not defined.
# Instances will launch into subnet with public IPs, if public: True.
subnets:
private-1:
size: 27
route_table: private
description: private subnet 1
# availability_zone: a
private-2:
size: 27
route_table: private
description: private subnet 2
# availability_zone: b
public-1:
size: 27
route_table: public
description: public subnet 1
# The subnet's public IP addressing behavior, map public IP on instance launch?
public: True
public-2:
size: 27
route_table: public
description: public subnet 2
# The subnet's public IP addressing behavior, map public IP on instance launch?
public: True
# This is an example of how to create VPC Endpoints.
# This is optional, this allows private subnets to reach S3.
endpoints:
- private
# This is an example of how to create additional VPC ssh key pairs.
# This is optional, we always create a default key pair.
key_pairs:
- door
# security groups and rules.
# we reference these security_groups by name in:
# role_instances, load_balancers, cache_clusters, db_instances, and more.
security_groups:
all:
inbound:
- ['door', 'tcp', 22]
web-elb:
inbound:
- ['0.0.0.0/0', 'tcp', 80]
web:
inbound:
- ['web-elb', 'tcp', 80]
db:
inbound:
- ['web', 'tcp', 5432]
outbound:
# this is purely an example of an outbound rule.
# we typically default allow all outbound traffic.
- ['web', 'tcp', 5432]
nat:
inbound:
# allow subnets in VPC to ping the NAT hosts.
- ['{{ vpc_cidr }}', 'icmp', 'all']
# allow subnets in VPC to get NTP time via the NAT hosts.
- ['{{ vpc_cidr }}', 'udp', 123]
# allow subnets in VPC to http/https via the NAT hosts.
- ['{{ vpc_cidr }}', 'tcp', 80]
- ['{{ vpc_cidr }}', 'tcp', 443]
door:
inbound:
- ['0.0.0.0/0', 'tcp', 22]
psql-server:
inbound:
- ['web', 'tcp', 5432]
# define an RDS database.
#db_instances:
# 'webapp-psql':
# name : 'webapp'
# description: PostgreSQL Database For Persistence
# subnets: ['private-1', 'private-2']
# security_groups: ['psql-server']
# engine: postgres
# engine_version: 9.4.1
# class: db.t2.micro
# allocated_storage: 5
# backup_retention_period: 0
# master_username: postgres
# multi_az: False
# define a public ELB for webapp nodes.
load_balancers:
# The Name tag of the this ELB will end up as webapp01-web-elb:
web-elb:
instance_role: web
internal: false
security_groups: ['web-elb']
subnets: ['public-1', 'public-2']
listeners:
- [80, 80, 'tcp']
# define instance roles to create.
instance_roles:
# define how an instance in the web role should look.
web:
description: web nodes run Nginx/uWSGI/Pyramid on port 80
autoscaling: true
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 2
security_groups: ['all', 'web']
subnets: ['private-1', 'private-2']
block_devices:
"/dev/sda1":
size: 10
# define how an instance in the db role should look.
db:
description: db nodes run PostgreSQL on port 5432
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 1
security_groups: ['all', 'db']
subnets: ['private-1', 'private-2']
block_devices:
"/dev/sda1":
size: 10
# define how an instance in the nat role should look.
nat:
description: NAT nodes provide routes to other networks.
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 1
security_groups: ['all', 'nat']
subnets: ['public-1', 'public-2']
eip: true
block_devices:
"/dev/sda1":
size: 10
# define how an instance in the door role should look.
door:
description: door nodes run ssh on port 22
instance_type: t2.micro
ami: 'ubuntu-14.04-lts-hvm'
count: 1
security_groups: ['all', 'door']
subnets: ['public-1', 'public-2']
key_pair: door
eip: true
block_devices:
"/dev/sda1":
size: 10