AWSTemplateFormatVersion: 2010-09-09 Description: Reference Architecture to host WordPress on AWS - Creates Application Load Balancer Metadata: Authors: Description: Darryl Osborne (darrylo@amazon.com) License: Description: 'Copyright 2018 Amazon.com, Inc. and its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0' AWS::CloudFormation::Interface: ParameterGroups: - Label: default: ALB Parameters Parameters: - Vpc - PublicAlbAcmCertificate - PublicAlbSecurityGroup - NumberOfSubnets - Subnet ParameterLabels: Vpc: default: Vpc Id PublicAlbAcmCertificate: default: ALB Certificate ARN PublicAlbSecurityGroup: default: Public ALB Security Group NumberOfSubnets: default: Number of subnets Subnet: default: Subnets Parameters: NumberOfSubnets: AllowedValues: - 2 - 3 - 4 - 5 - 6 Default: 3 Description: Number of subnets. This must match your selections in the list of subnets below. Type: String PublicAlbAcmCertificate: AllowedPattern: ^$|(arn:aws:acm:)([a-z0-9/:-])*([a-z0-9])$ Description: '[ Optional ] The AWS Certification Manager certificate ARN for the ALB certificate - this certificate should be created in the region you wish to run the ALB and must reference the WordPress domain name you use below.' Type: String PublicAlbSecurityGroup: Description: Select the ALB security group. Type: AWS::EC2::SecurityGroup::Id Subnet: Description: Select existing subnets. The number selected must match the number of subnets above. Subnets selected must be in separate AZs. Type: List Vpc: Description: Select an existing Vpc Type: AWS::EC2::VPC::Id Conditions: SslCertificate: !Not [!Equals [ '', !Ref PublicAlbAcmCertificate ] ] NoSslCertificate: !Equals [ '', !Ref PublicAlbAcmCertificate ] NumberOfSubnets1: !Equals [ 1, !Ref NumberOfSubnets ] NumberOfSubnets2: !Equals [ 2, !Ref NumberOfSubnets ] NumberOfSubnets3: !Equals [ 3, !Ref NumberOfSubnets ] NumberOfSubnets4: !Equals [ 4, !Ref NumberOfSubnets ] NumberOfSubnets5: !Equals [ 5, !Ref NumberOfSubnets ] NumberOfSubnets6: !Equals [ 6, !Ref NumberOfSubnets ] Subnet0: !Or - !Condition NumberOfSubnets1 - !Condition NumberOfSubnets2 - !Condition NumberOfSubnets3 - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet1: !Or - !Condition NumberOfSubnets2 - !Condition NumberOfSubnets3 - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet2: !Or - !Condition NumberOfSubnets3 - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet3: !Or - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet4: !Or - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet5: !Condition NumberOfSubnets6 Resources: PublicAlbListenerNoSslCertificate: Type : AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref PublicAlbTargetGroup LoadBalancerArn: !Ref PublicApplicationLoadBalancer Port: 80 Protocol: HTTP PublicAlbListenerSslCertificate: Condition: SslCertificate Type : AWS::ElasticLoadBalancingV2::Listener Properties: Certificates: - CertificateArn: !Ref PublicAlbAcmCertificate DefaultActions: - Type: forward TargetGroupArn: !Ref PublicAlbTargetGroup LoadBalancerArn: !Ref PublicApplicationLoadBalancer Port: 443 Protocol: HTTPS PublicApplicationLoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Scheme: internet-facing Subnets: !If [ NumberOfSubnets1, [ !Select [ 0, !Ref Subnet ] ], !If [ NumberOfSubnets2, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ] ], !If [ NumberOfSubnets3, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ] ], !If [ NumberOfSubnets4, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ], !Select [ 3, !Ref Subnet ] ], !If [ NumberOfSubnets5, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ], !Select [ 3, !Ref Subnet ], !Select [ 4, !Ref Subnet ] ], [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ], !Select [ 3, !Ref Subnet ], !Select [ 4, !Ref Subnet ], !Select [ 5, !Ref Subnet ] ] ] ] ] ] ] LoadBalancerAttributes: - Key: idle_timeout.timeout_seconds Value: 60 SecurityGroups: - !Ref PublicAlbSecurityGroup Tags: - Key: Name Value: !Join [ '', [ 'Public ALB / ', !Ref 'AWS::StackName' ] ] PublicAlbTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 30 HealthCheckPath: /wp-login.php HealthCheckTimeoutSeconds: 5 Port: 80 Protocol: HTTP Tags: - Key: Name Value: !Join [ '', [ 'Public ALB / ', !Ref 'AWS::StackName' ] ] UnhealthyThresholdCount: 5 VpcId: !Ref Vpc Outputs: PublicAlbTargetGroupArn: Value: !Ref PublicAlbTargetGroup PublicAlbCanonicalHostedZoneId: Value: !GetAtt PublicApplicationLoadBalancer.CanonicalHostedZoneID PublicAlbDnsName: Value: !GetAtt PublicApplicationLoadBalancer.DNSName PublicAlbFullName: Value: !GetAtt PublicApplicationLoadBalancer.LoadBalancerFullName PublicAlbHostname: Value: !If [ NoSslCertificate, !Join [ '', [ 'http://', !GetAtt PublicApplicationLoadBalancer.DNSName ] ], !Join [ '', [ 'https://', !GetAtt PublicApplicationLoadBalancer.DNSName ] ] ] SslCertificate: Value: !If [ SslCertificate, True, False ]