AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template to launch resources for the Amazon MQ workshop.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: General Configuration
Parameters:
- CIDR
- Label:
default: Broker Configuration
Parameters:
- AmazonMQBrokerUser
- AmazonMQBrokerPassword
ParameterLabels:
AmazonMQBrokerUser:
default: Broker Username
AmazonMQBrokerPassword:
default: Broker Password
Parameters:
CIDR:
Description: CIDR block, from which the access to the EC2 instance is allowed.
Type: String
# Using the same CIDR block as the VPC for the Cloud9 instance
Default: '10.42.0.0/16'
MinLength: 1
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: The CIDR block is required!
AmazonMQBrokerUser:
Description: The user to access the Amazon MQ broker.
Type: String
Default: workshopUser
MinLength: 2
ConstraintDescription: The Amazon MQ broker user is required !
AmazonMQBrokerPassword:
Description: The password to access the Amazon MQ broker. Min 12 characters
Type: String
Default: workshopUser
MinLength: 12
ConstraintDescription: The Amazon MQ broker password is required !
NoEcho: true
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.42.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'VPC'
InternetGatewayId: !Ref 'InternetGateway'
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'VPC'
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- RouteTable
Route:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref 'RouteTable'
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: 10.42.0.0/24
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- PublicSubnet1
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: 10.42.1.0/24
AvailabilityZone: !Select
- '1'
- !GetAZs ''
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- PublicSubnet2
PublicSubnet3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref 'VPC'
CidrBlock: 10.42.2.0/24
AvailabilityZone: !Select
- '2'
- !GetAZs ''
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- PublicSubnet3
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PublicSubnet1'
RouteTableId: !Ref 'RouteTable'
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PublicSubnet2'
RouteTableId: !Ref 'RouteTable'
PublicSubnet3RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref 'PublicSubnet3'
RouteTableId: !Ref 'RouteTable'
AmazonMQSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Limits security group ingress and egress traffic for the Amazon
MQ instance
VpcId: !Ref 'VPC'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 8162
ToPort: 8162
CidrIp: !Ref 'CIDR'
- IpProtocol: tcp
FromPort: 61617
ToPort: 61617
CidrIp: !Ref 'CIDR'
- IpProtocol: tcp
FromPort: 5671
ToPort: 5671
CidrIp: !Ref 'CIDR'
- IpProtocol: tcp
FromPort: 61614
ToPort: 61614
CidrIp: !Ref 'CIDR'
- IpProtocol: tcp
FromPort: 8883
ToPort: 8883
CidrIp: !Ref 'CIDR'
Tags:
- Key: Name
Value: !Join
- '-'
- - !Ref 'AWS::StackName'
- AmazonMQSecurityGroup
AmazonMQBrokerLarge:
Type: AWS::AmazonMQ::Broker
DependsOn: AttachGateway
Properties:
BrokerName: Broker
EngineType: ActiveMQ
EngineVersion: 5.15.9
HostInstanceType: mq.m5.large
DeploymentMode: ACTIVE_STANDBY_MULTI_AZ
PubliclyAccessible: true
AutoMinorVersionUpgrade: false
SecurityGroups:
- !Ref 'AmazonMQSecurityGroup'
SubnetIds:
- !Ref 'PublicSubnet1'
- !Ref 'PublicSubnet2'
Logs:
Audit: true
General: true
Users:
- ConsoleAccess: true
Groups:
- admin
Username: !Ref 'AmazonMQBrokerUser'
Password: !Ref 'AmazonMQBrokerPassword'
Broker1:
Properties:
BrokerName: NoB1
DeploymentMode: ACTIVE_STANDBY_MULTI_AZ
EngineType: ACTIVEMQ
EngineVersion: 5.15.9
HostInstanceType: mq.t2.micro
Logs:
Audit: true
General: true
PubliclyAccessible: true
AutoMinorVersionUpgrade: false
SecurityGroups:
- !Ref 'AmazonMQSecurityGroup'
SubnetIds:
- !Ref 'PublicSubnet1'
- !Ref 'PublicSubnet2'
Users:
- ConsoleAccess: true
Groups:
- admin
Username: !Ref 'AmazonMQBrokerUser'
Password: !Ref 'AmazonMQBrokerPassword'
Type: AWS::AmazonMQ::Broker
DependsOn: AttachGateway
Broker2:
Properties:
AutoMinorVersionUpgrade: false
BrokerName: NoB2
DeploymentMode: ACTIVE_STANDBY_MULTI_AZ
EngineType: ACTIVEMQ
EngineVersion: 5.15.9
HostInstanceType: mq.t2.micro
Logs:
Audit: true
General: true
PubliclyAccessible: true
AutoMinorVersionUpgrade: false
SecurityGroups:
- !Ref 'AmazonMQSecurityGroup'
SubnetIds:
- !Ref 'PublicSubnet2'
- !Ref 'PublicSubnet3'
Users:
- ConsoleAccess: true
Groups:
- admin
Username: !Ref 'AmazonMQBrokerUser'
Password: !Ref 'AmazonMQBrokerPassword'
Type: AWS::AmazonMQ::Broker
DependsOn: AttachGateway
Broker3:
Properties:
AutoMinorVersionUpgrade: false
BrokerName: NoB3
DeploymentMode: ACTIVE_STANDBY_MULTI_AZ
EngineType: ACTIVEMQ
EngineVersion: 5.15.9
HostInstanceType: mq.t2.micro
Logs:
Audit: true
General: true
PubliclyAccessible: true
AutoMinorVersionUpgrade: false
SecurityGroups:
- !Ref 'AmazonMQSecurityGroup'
SubnetIds:
- !Ref 'PublicSubnet1'
- !Ref 'PublicSubnet3'
Users:
- ConsoleAccess: true
Groups:
- admin
Username: !Ref 'AmazonMQBrokerUser'
Password: !Ref 'AmazonMQBrokerPassword'
Type: AWS::AmazonMQ::Broker
DependsOn: AttachGateway
Configuration1:
Properties:
Data:
Fn::Base64:
Fn::Join:
- ''
- - |-
Description: Generated configuration to build a network of brokers.
EngineType: ACTIVEMQ
EngineVersion: 5.15.9
Name: NoB1Configuration
Type: AWS::AmazonMQ::Configuration
Configuration2:
Properties:
Data:
Fn::Base64:
Fn::Join:
- ''
- - |-
Description: Generated configuration to build a network of brokers.
EngineType: ACTIVEMQ
EngineVersion: 5.15.9
Name: NoB2Configuration
Type: AWS::AmazonMQ::Configuration
Configuration3:
Properties:
Data:
Fn::Base64:
Fn::Join:
- ''
- - |-
Description: Generated configuration to build a network of brokers.
EngineType: ACTIVEMQ
EngineVersion: 5.15.9
Name: NoB3Configuration
Type: AWS::AmazonMQ::Configuration
ConfigurationAssociation1:
Properties:
Broker:
Ref: Broker1
Configuration:
Id:
Ref: Configuration1
Revision:
Fn::GetAtt:
- Configuration1
- Revision
Type: AWS::AmazonMQ::ConfigurationAssociation
ConfigurationAssociation2:
Properties:
Broker:
Ref: Broker2
Configuration:
Id:
Ref: Configuration2
Revision:
Fn::GetAtt:
- Configuration2
- Revision
Type: AWS::AmazonMQ::ConfigurationAssociation
ConfigurationAssociation3:
Properties:
Broker:
Ref: Broker3
Configuration:
Id:
Ref: Configuration3
Revision:
Fn::GetAtt:
- Configuration3
- Revision
Type: AWS::AmazonMQ::ConfigurationAssociation
MQBrokerUserPassword:
Type: AWS::SSM::Parameter
Properties:
Name: MQBrokerUserPassword
Type: String
Value: !Join
- ','
- - !Ref 'AmazonMQBrokerUser'
- !Ref 'AmazonMQBrokerPassword'
Description: SSM Param for broker user and password
MQBrokerUserPasswordSecret:
Type: 'AWS::SecretsManager::Secret'
Properties:
Name: MQBrokerUserPasswordSecret
Description: "Secret for accessing a queue on the ActiveMQ broker."
SecretString: !Join
- ''
- - '{'
- '"username"'
- ':'
- !Ref 'AmazonMQBrokerUser'
- ','
- '"password"'
- ':'
- !Ref 'AmazonMQBrokerPassword'
- '}'
C9MQClient:
Type: AWS::Cloud9::EnvironmentEC2
Properties:
AutomaticStopTimeMinutes: 30
Description: MQ Client Workspace
InstanceType: m4.large
Name:
Fn::Join:
- ''
- - Ref: AWS::StackName
- MQClient
Repositories:
- PathComponent: /amazon-mq-workshop
RepositoryUrl: https://github.com/aws-samples/amazon-mq-workshop.git
SubnetId: !Ref 'PublicSubnet1'
OwnerArn: !Ref "AWS::NoValue"