AWSTemplateFormatVersion: 2010-09-09 Description: Creating infrastructure Resources Resources: VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 10.0.0.0/24 PrivateSubnet1: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/26 AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" PrivateSubnet2: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.64/26 AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: "" PublicSubnet1: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.128/26 AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" PublicSubnet2: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.192/26 AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: "" InternetGateway: Type: 'AWS::EC2::InternetGateway' GatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC RouteIGW: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway NAT1: Type: AWS::EC2::NatGateway Properties: AllocationId: Fn::GetAtt: - EIP1 - AllocationId SubnetId: !Ref PublicSubnet1 EIP1: Type: AWS::EC2::EIP Properties: Domain: vpc Route1: Type: AWS::EC2::Route Properties: RouteTableId: Ref: PrivateRouteTable1 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: NAT1 NAT2: Type: AWS::EC2::NatGateway Properties: AllocationId: Fn::GetAtt: - EIP2 - AllocationId SubnetId: !Ref PublicSubnet2 EIP2: Type: AWS::EC2::EIP Properties: Domain: vpc Route2: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTable2 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NAT2 PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PrivateRouteTable1: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PrivateRouteTable2: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC RouteTableAssociation1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicRouteTable RouteTableAssociation2: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet2 RouteTableId: !Ref PublicRouteTable RouteTableAssociation3: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet1 RouteTableId: !Ref PrivateRouteTable1 RouteTableAssociation4: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet2 RouteTableId: !Ref PrivateRouteTable2 ECSCluster: Type: AWS::ECS::Cluster ALBPublic: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Scheme: internet-facing SecurityGroups: - !GetAtt SecurityGroupPublic.GroupId Subnets: - !Ref PublicSubnet1 - !Ref PublicSubnet2 ALBPrivate: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Scheme: internal SecurityGroups: - !GetAtt SecurityGroupWebapp.GroupId Subnets: - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 SecurityGroupPublic: Type: AWS::EC2::SecurityGroup Properties: GroupName: ALBPublic GroupDescription: AllowWebTraffic VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 SecurityGroupWebapp: Type: AWS::EC2::SecurityGroup Properties: GroupName: WebAppSecurityGroup GroupDescription: WebAppSecurityGroupRules VpcId: !Ref VPC IngressRuleWebapp: Type: AWS::EC2::SecurityGroupIngress Properties: IpProtocol: tcp FromPort: 8080 ToPort: 8082 SourceSecurityGroupId: !GetAtt SecurityGroupPublic.GroupId GroupId: !GetAtt SecurityGroupWebapp.GroupId IngressRuleWebapp001: Type: AWS::EC2::SecurityGroupIngress Properties: IpProtocol: tcp FromPort: 8080 ToPort: 8082 SourceSecurityGroupId: !GetAtt SecurityGroupWebapp.GroupId GroupId: !GetAtt SecurityGroupWebapp.GroupId targetgroupwebapp: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 60 UnhealthyThresholdCount: 10 HealthCheckPath: / Name: webapp-svc Port: 8080 Protocol: HTTP VpcId: !Ref VPC TargetType: ip listenerweb: Type: AWS::ElasticLoadBalancingV2::Listener DependsOn: ECSRole Properties: DefaultActions: - Type: forward TargetGroupArn: Ref: targetgroupwebapp LoadBalancerArn: !Ref ALBPublic Port: 80 Protocol: HTTP targetgroupname: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 60 UnhealthyThresholdCount: 10 HealthCheckPath: /resources/names/1 Name: name-svc Port: 8082 Protocol: HTTP VpcId: !Ref VPC TargetType: ip listenername: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: Ref: targetgroupname LoadBalancerArn: !Ref ALBPrivate Port: 8082 Protocol: HTTP targetgroupgreeting: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 60 UnhealthyThresholdCount: 10 HealthCheckPath: /resources/greeting Name: greeting-svc Port: 8081 Protocol: HTTP VpcId: !Ref VPC TargetType: ip listenergreeting: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: Ref: targetgroupgreeting LoadBalancerArn: !Ref ALBPrivate Port: 8081 Protocol: HTTP LogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: /ecs/ecs-demo ECSRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com - ecs-tasks.amazonaws.com ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role Outputs: ECSCluster: Value: !Ref ECSCluster VPC: Value: !Ref VPC PrivateSubnet1: Value: !Ref PrivateSubnet1 PrivateSubnet2: Value: !Ref PrivateSubnet2 PublicSubnet1: Value: !Ref PublicSubnet1 PublicSubnet2: Value: !Ref PublicSubnet2 ALBPublic: Value: !Ref ALBPublic ALBPrivate: Value: !Ref ALBPrivate ALBPublicCNAME: Value: !GetAtt ALBPublic.DNSName ALBPrivateCNAME: Value: !GetAtt ALBPrivate.DNSName SecurityGroupWebapp: Value: !GetAtt SecurityGroupWebapp.GroupId ECSRole: Value: !Ref ECSRole WebappTargetGroupArn: Value: !Ref targetgroupwebapp NameTargetGroupArn: Value: !Ref targetgroupname GreetingTargetGroupArn: Value: !Ref targetgroupgreeting LogGroup: Value: !Ref LogGroup