AWSTemplateFormatVersion: 2010-09-09 Description: Reference Architecture to host Moodle on AWS - Creates Application Load Balancer Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: ALB Parameters Parameters: - Vpc - PublicAlbAcmCertificate - PublicAlbSecurityGroup - NumberOfSubnets - Subnet ParameterLabels: Vpc: default: Vpc Id PublicAlbAcmCertificate: default: ALB Certificate ARN PublicAlbSecurityGroup: default: Public ALB Security Group NumberOfSubnets: default: Number of subnets Subnet: default: Subnets Parameters: NumberOfSubnets: AllowedValues: - 1 - 2 - 3 Default: 2 Description: Number of subnets. This must match your selections in the list of subnets below. Type: String PublicAlbAcmCertificate: AllowedPattern: ^$|(arn:aws:acm:)([a-z0-9/:-])*([a-z0-9])$ Description: '[ Optional ] The AWS Certification Manager certificate ARN for the ALB certificate - this certificate should be created in the region you wish to run the ALB and must reference the Moodle domain name you use below.' Type: String PublicAlbSecurityGroup: Description: Select the ALB security group. Type: AWS::EC2::SecurityGroup::Id Subnet: Description: Select existing subnets. The number selected must match the number of subnets above. Subnets selected must be in separate AZs. Type: List Vpc: Description: Select an existing Vpc Type: AWS::EC2::VPC::Id ProjectName: AllowedPattern: ^([a-zA-Z0-9]*)$ Default: App Description: The Moodle Project Name Type: String Conditions: SslCertificate: !Not [!Equals [ '', !Ref PublicAlbAcmCertificate ] ] NoSslCertificate: !Equals [ '', !Ref PublicAlbAcmCertificate ] NumberOfSubnets1: !Equals [ 1, !Ref NumberOfSubnets ] NumberOfSubnets2: !Equals [ 2, !Ref NumberOfSubnets ] NumberOfSubnets3: !Equals [ 3, !Ref NumberOfSubnets ] Subnet0: !Or - !Condition NumberOfSubnets1 - !Condition NumberOfSubnets2 - !Condition NumberOfSubnets3 Subnet1: !Or - !Condition NumberOfSubnets2 - !Condition NumberOfSubnets3 Subnet2: !Condition NumberOfSubnets3 Resources: PublicAlbListenerNoSslCertificate: Type : AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref PublicAlbTargetGroup LoadBalancerArn: !Ref PublicApplicationLoadBalancer Port: 80 Protocol: HTTP PublicAlbListenerSslCertificate: Condition: SslCertificate Type : AWS::ElasticLoadBalancingV2::Listener Properties: Certificates: - CertificateArn: !Ref PublicAlbAcmCertificate DefaultActions: - Type: forward TargetGroupArn: !Ref PublicAlbTargetGroup LoadBalancerArn: !Ref PublicApplicationLoadBalancer Port: 443 Protocol: HTTPS PublicApplicationLoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Scheme: internet-facing Subnets: !If [ NumberOfSubnets1, [ !Select [ 0, !Ref Subnet ] ], !If [ NumberOfSubnets2, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ] ], [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ] ] ] ] LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: '60' SecurityGroups: - !Ref PublicAlbSecurityGroup Tags: - Key: Name Value: !Join [ '-', [ 'Moodle',!Ref ProjectName,'alb' ] ] PublicAlbTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 30 HealthCheckPath: /status.txt HealthCheckTimeoutSeconds: 5 Name: !Join [ '', [ 'PublicALB-', !Ref Vpc ] ] Port: 80 Protocol: HTTP Tags: - Key: Name Value: !Join [ '-', [ 'Moodle',!Ref ProjectName,'alb-TG' ] ] UnhealthyThresholdCount: 5 VpcId: !Ref Vpc Outputs: PublicAlbTargetGroupArn: Value: !Ref PublicAlbTargetGroup PublicAlbTargetGroupName: Value: !GetAtt PublicAlbTargetGroup.TargetGroupName PublicAlbCanonicalHostedZoneId: Value: !GetAtt PublicApplicationLoadBalancer.CanonicalHostedZoneID PublicAlbDnsName: Value: !GetAtt PublicApplicationLoadBalancer.DNSName PublicAlbFullName: Value: !GetAtt PublicApplicationLoadBalancer.LoadBalancerFullName PublicAlbName: Value: !GetAtt PublicApplicationLoadBalancer.LoadBalancerName PublicAlbHostname: Value: !If [ NoSslCertificate, !Join [ '', [ 'http://', !GetAtt PublicApplicationLoadBalancer.DNSName ] ], !Join [ '', [ 'https://', !GetAtt PublicApplicationLoadBalancer.DNSName ] ] ] SslCertificate: Value: !If [ SslCertificate, True, False ]