github.com/greenboxal/deis@v1.12.1/contrib/aws/deis.template.json (about) 1 { 2 "AWSTemplateFormatVersion" : "2010-09-09", 3 "Description": "Deis on EC2: http://deis.io/", 4 "Parameters" : { 5 "KeyPair" : { 6 "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the Deis hosts", 7 "Type" : "String", 8 "MinLength": "1", 9 "MaxLength": "64", 10 "AllowedPattern" : "[-_ a-zA-Z0-9]*", 11 "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." 12 }, 13 "ClusterSize": { 14 "Default": "3", 15 "MinValue": "3", 16 "MaxValue": "12", 17 "Description": "Number of nodes in cluster (3-12).", 18 "Type": "Number" 19 }, 20 "IamInstanceProfile" : { 21 "Description" : "(Optional) Set IAM instance profile for Deis hosts (default: none)", 22 "Type" : "String", 23 "Default": "" 24 }, 25 "SSHFrom" : { 26 "Description" : "Lockdown SSH access to the Deis hosts (default: can be accessed from anywhere)", 27 "Type" : "String", 28 "MinLength": "9", 29 "MaxLength": "18", 30 "Default" : "0.0.0.0/0", 31 "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", 32 "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." 33 }, 34 "InstanceType" : { 35 "Description" : "EC2 instance type (see http://aws.amazon.com/ec2/instance-types/)", 36 "Type" : "String", 37 "Default" : "m3.large", 38 "AllowedValues" : [ 39 "m3.medium", 40 "m3.large", 41 "m3.xlarge", 42 "m3.2xlarge", 43 "m4.large", 44 "m4.xlarge", 45 "m4.2xlarge", 46 "m4.4xlarge", 47 "m4.10xlarge", 48 "m1.medium", 49 "m1.large", 50 "m1.xlarge", 51 "c3.large", 52 "c3.xlarge", 53 "c3.2xlarge", 54 "c3.4xlarge", 55 "c3.8xlarge", 56 "c4.large", 57 "c4.xlarge", 58 "c4.2xlarge", 59 "c4.4xlarge", 60 "c4.8xlarge", 61 "c1.medium", 62 "c1.xlarge", 63 "cc2.8xlarge", 64 "g2.2xlarge", 65 "cg1.4xlarge", 66 "m2.xlarge", 67 "m2.4xlarge", 68 "cr1.8xlarge", 69 "hi1.4xlarge", 70 "hs1.8xlarge", 71 "i2.xlarge", 72 "i2.2xlarge", 73 "i2.4xlarge", 74 "i2.8xlarge", 75 "r3.large", 76 "r3.xlarge", 77 "r3.2xlarge", 78 "r3.4xlarge", 79 "r3.8xlarge", 80 "t2.medium" 81 ], 82 "ConstraintDescription" : "must be a valid EC2 instance type." 83 }, 84 "EC2VirtualizationType" : { 85 "Description" : "EC2 AMI virtualization type (see http://aws.amazon.com/amazon-linux-ami/instance-type-matrix/)", 86 "Type": "String", 87 "Default": "PV", 88 "AllowedValues" : [ "PV", "HVM" ], 89 "ConstraintDescription" : "must be either PV or HVM" 90 }, 91 "EC2EBSVolumeType" : { 92 "Description" : "EC2 EBS VolumeType", 93 "Type": "String", 94 "Default": "gp2", 95 "AllowedValues" : [ "gp2", "standard" ], 96 "ConstraintDescription" : "must be either 'gp2' for SSD or 'standard' for magnetic (provisioned iOPS requires further manual changes)" 97 }, 98 "AssociatePublicIP": { 99 "Description": "Whether to associate a public IP address to the instances", 100 "Type": "String", 101 "Default": "true", 102 "AllowedValues" : [ "true", "false" ], 103 "ConstraintDescription" : "must be either true or false" 104 }, 105 "ELBScheme": { 106 "Description": "Whether to create an internal-only load balancer, or a public-facing one (default)", 107 "Type": "String", 108 "Default": "internet-facing", 109 "AllowedValues" : [ "internet-facing", "internal" ], 110 "ConstraintDescription" : "must be either 'internet-facing' for public use, or 'internal' for private use" 111 }, 112 "RootVolumeSize": { 113 "Description": "Desired size of the root volume, in GB", 114 "Type": "Number", 115 "Default": "50" 116 }, 117 "DockerVolumeSize": { 118 "Description": "Desired size of the Docker volume, in GB", 119 "Type": "Number", 120 "Default": "100" 121 }, 122 "EtcdVolumeSize": { 123 "Description": "Desired size of the etcd volume, in GB", 124 "Type": "Number", 125 "Default": "10" 126 } 127 }, 128 129 "Mappings" : { 130 "CoreOSAMIs" : {}, 131 "RootDevices" : { 132 "HVM" : { "Name": "/dev/xvda" }, 133 "PV" : { "Name": "/dev/sda" } 134 }, 135 "SubnetConfig" : { 136 "VPC" : { "CIDR" : "10.21.0.0/16" }, 137 "Subnet1" : { "CIDR" : "10.21.1.0/24" }, 138 "Subnet2" : { "CIDR" : "10.21.2.0/24" } 139 } 140 }, 141 142 "Conditions" : { 143 "UseIamInstanceProfile" : { 144 "Fn::Not" : [{ 145 "Fn::Equals" : [ 146 { "Ref" : "IamInstanceProfile" }, 147 "" 148 ] 149 }] 150 } 151 }, 152 153 "Resources" : { 154 "VPC" : { 155 "Type" : "AWS::EC2::VPC", 156 "Properties" : { 157 "EnableDnsSupport" : "true", 158 "EnableDnsHostnames" : "true", 159 "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]}, 160 "Tags" : [ 161 { "Key" : "Application", "Value" : "Deis" } 162 ] 163 } 164 }, 165 "Subnet1" : { 166 "Type" : "AWS::EC2::Subnet", 167 "Properties" : { 168 "VpcId" : { "Ref" : "VPC" }, 169 "AvailabilityZone": { "Fn::Select" : [ 0, { "Fn::GetAZs" : "" } ] }, 170 "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Subnet1", "CIDR" ]}, 171 "Tags" : [ 172 { "Key" : "Application", "Value" : "Deis" }, 173 { "Key" : "Network", "Value" : "Private" } 174 ] 175 } 176 }, 177 "Subnet2" : { 178 "Type" : "AWS::EC2::Subnet", 179 "Properties" : { 180 "VpcId" : { "Ref" : "VPC" }, 181 "AvailabilityZone": { "Fn::Select" : [ 1, { "Fn::GetAZs" : "" } ] }, 182 "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Subnet2", "CIDR" ]}, 183 "Tags" : [ 184 { "Key" : "Application", "Value" : "Deis" }, 185 { "Key" : "Network", "Value" : "Private" } 186 ] 187 } 188 }, 189 "InternetGateway" : { 190 "Type" : "AWS::EC2::InternetGateway", 191 "Properties" : { 192 "Tags" : [ 193 { "Key" : "Application", "Value" : "Deis" }, 194 { "Key" : "Network", "Value" : "Public" } 195 ] 196 } 197 }, 198 "GatewayToInternet" : { 199 "Type" : "AWS::EC2::VPCGatewayAttachment", 200 "Properties" : { 201 "VpcId" : { "Ref" : "VPC" }, 202 "InternetGatewayId" : { "Ref" : "InternetGateway" } 203 } 204 }, 205 "PublicRouteTable" : { 206 "Type" : "AWS::EC2::RouteTable", 207 "DependsOn" : "GatewayToInternet", 208 "Properties" : { 209 "VpcId" : { "Ref" : "VPC" }, 210 "Tags" : [ 211 { "Key" : "Application", "Value" : "Deis" }, 212 { "Key" : "Network", "Value" : "Public" } 213 ] 214 } 215 }, 216 "PublicRoute" : { 217 "Type" : "AWS::EC2::Route", 218 "DependsOn" : "GatewayToInternet", 219 "Properties" : { 220 "RouteTableId" : { "Ref" : "PublicRouteTable" }, 221 "DestinationCidrBlock" : "0.0.0.0/0", 222 "GatewayId" : { "Ref" : "InternetGateway" } 223 } 224 }, 225 "Subnet1RouteTableAssociation" : { 226 "Type" : "AWS::EC2::SubnetRouteTableAssociation", 227 "Properties" : { 228 "SubnetId" : { "Ref" : "Subnet1" }, 229 "RouteTableId" : { "Ref" : "PublicRouteTable" } 230 } 231 }, 232 "Subnet2RouteTableAssociation" : { 233 "Type" : "AWS::EC2::SubnetRouteTableAssociation", 234 "Properties" : { 235 "SubnetId" : { "Ref" : "Subnet2" }, 236 "RouteTableId" : { "Ref" : "PublicRouteTable" } 237 } 238 }, 239 "CoreOSServerAutoScale": { 240 "Type": "AWS::AutoScaling::AutoScalingGroup", 241 "Properties": { 242 "AvailabilityZones": [ 243 { "Fn::GetAtt" : [ "Subnet1", "AvailabilityZone" ] }, 244 { "Fn::GetAtt" : [ "Subnet2", "AvailabilityZone" ] } 245 ], 246 "VPCZoneIdentifier": [ 247 { "Ref" : "Subnet1" }, 248 { "Ref" : "Subnet2" } 249 ], 250 "LaunchConfigurationName": {"Ref": "CoreOSServerLaunchConfig"}, 251 "MinSize": "3", 252 "MaxSize": "12", 253 "DesiredCapacity": {"Ref": "ClusterSize"}, 254 "Tags": [ 255 {"Key": "Name", "Value": "Deis", "PropagateAtLaunch": true} 256 ], 257 "LoadBalancerNames": [ 258 { "Ref": "DeisWebELB" } 259 ] 260 } 261 }, 262 "CoreOSServerLaunchConfig": { 263 "Type": "AWS::AutoScaling::LaunchConfiguration", 264 "DependsOn" : "GatewayToInternet", 265 "Properties": { 266 "ImageId" : { "Fn::FindInMap" : [ "CoreOSAMIs", { "Ref" : "AWS::Region" }, { "Ref" : "EC2VirtualizationType" }]}, 267 "InstanceType": {"Ref": "InstanceType"}, 268 "IamInstanceProfile" : { 269 "Fn::If" : [ 270 "UseIamInstanceProfile", 271 { "Ref" : "IamInstanceProfile" }, 272 { "Ref" : "AWS::NoValue" } 273 ] 274 }, 275 "KeyName": {"Ref": "KeyPair"}, 276 "UserData" : { "Fn::Base64": { "Fn::Join": [ "", [ ] ] } }, 277 "AssociatePublicIpAddress": {"Ref": "AssociatePublicIP"}, 278 "SecurityGroups": [ { "Fn::GetAtt": ["VPCSecurityGroup", "GroupId"] } ], 279 "BlockDeviceMappings" : [ 280 { 281 "DeviceName" : { "Fn::FindInMap": [ "RootDevices", { "Ref": "EC2VirtualizationType" }, "Name" ] }, 282 "Ebs" : { "VolumeSize" : { "Ref": "RootVolumeSize" }, "VolumeType": { "Ref": "EC2EBSVolumeType" } } 283 }, 284 { 285 "DeviceName" : "/dev/xvdf", 286 "Ebs" : { "VolumeSize" : { "Ref": "DockerVolumeSize" }, "VolumeType": { "Ref": "EC2EBSVolumeType" } } 287 }, 288 { 289 "DeviceName" : "/dev/xvdg", 290 "Ebs" : { "VolumeSize" : { "Ref": "EtcdVolumeSize" }, "VolumeType": { "Ref": "EC2EBSVolumeType" } } 291 } 292 ] 293 } 294 }, 295 "DeisWebELB": { 296 "Type": "AWS::ElasticLoadBalancing::LoadBalancer", 297 "DependsOn" : "GatewayToInternet", 298 "Properties": { 299 "Scheme" : {"Ref": "ELBScheme"}, 300 "HealthCheck": { 301 "HealthyThreshold": "4", 302 "Interval": "15", 303 "Target": "HTTP:9090/health-check", 304 "Timeout": "5", 305 "UnhealthyThreshold": "2" 306 }, 307 "Subnets": [ 308 { "Ref" : "Subnet1" }, 309 { "Ref" : "Subnet2" } 310 ], 311 "Policies" : [{ 312 "PolicyName" : "EnableProxyProtocol", 313 "PolicyType" : "ProxyProtocolPolicyType", 314 "Attributes" : [{ 315 "Name" : "ProxyProtocol", 316 "Value" : "true" 317 }], 318 "InstancePorts" : ["80", "443"] 319 }], 320 "Listeners": [ 321 { 322 "InstancePort": "80", 323 "InstanceProtocol": "TCP", 324 "LoadBalancerPort": "80", 325 "Protocol": "TCP" 326 }, 327 { 328 "InstancePort": "443", 329 "InstanceProtocol": "TCP", 330 "LoadBalancerPort": "443", 331 "Protocol": "TCP" 332 }, 333 { 334 "InstancePort": "2222", 335 "InstanceProtocol": "TCP", 336 "LoadBalancerPort": "2222", 337 "Protocol": "TCP" 338 } 339 ], 340 "SecurityGroups": [ 341 { 342 "Fn::GetAtt": ["DeisWebELBSecurityGroup", "GroupId"] 343 } 344 ], 345 "ConnectionSettings": { 346 "IdleTimeout": 1200 347 } 348 } 349 }, 350 "DeisWebELBSecurityGroup": { 351 "Type": "AWS::EC2::SecurityGroup", 352 "Properties": { 353 "GroupDescription": "Deis Web ELB SecurityGroup", 354 "SecurityGroupIngress": [ 355 {"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0"}, 356 {"IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0"}, 357 {"IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "CidrIp": "0.0.0.0/0"} 358 ], 359 "VpcId": { "Ref" : "VPC" } 360 } 361 }, 362 "VPCSecurityGroup" : { 363 "Type" : "AWS::EC2::SecurityGroup", 364 "Properties" : { 365 "GroupDescription" : "Enable public SSH and intra-VPC communication", 366 "SecurityGroupIngress" : [ 367 {"IpProtocol": "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHFrom" }}, 368 {"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "SourceSecurityGroupId": { "Ref": "DeisWebELBSecurityGroup" } }, 369 {"IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "SourceSecurityGroupId": { "Ref": "DeisWebELBSecurityGroup" } }, 370 {"IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "SourceSecurityGroupId": { "Ref": "DeisWebELBSecurityGroup" } }, 371 {"IpProtocol": "tcp", "FromPort": "9090", "ToPort": "9090", "SourceSecurityGroupId": { "Ref": "DeisWebELBSecurityGroup" } } 372 ], 373 "VpcId" : { "Ref" : "VPC" } 374 } 375 }, 376 "VPCSecurityGroupIngress": { 377 "Type": "AWS::EC2::SecurityGroupIngress", 378 "Properties": { 379 "GroupId": { "Ref": "VPCSecurityGroup" }, 380 "IpProtocol": "-1", 381 "FromPort": "0", 382 "ToPort": "65535", 383 "SourceSecurityGroupId": { "Ref": "VPCSecurityGroup" } 384 } 385 } 386 }, 387 "Outputs" : { 388 "DNSName" : { 389 "Description" : "DNS Name of the ELB", 390 "Value" : { "Fn::GetAtt" : ["DeisWebELB", "DNSName"] } 391 } 392 } 393 }