--- AWSTemplateFormatVersion: 2010-09-09 Description: Stack to deploy a highly available, elastic, scalable WordPress environment. This master stack launches multiple nested stacks for different tiers. !! This can only be run in certain AWS Regions - 'us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1'. Metadata: Authors: Description: Darryl Osborne (darrylo@amazon.com) License: Description: 'Copyright 2018 Amazon.com, Inc. and its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0' AWS::CloudFormation::Interface: ParameterGroups: - Label: default: General AWS Parameters: - EC2KeyName - SshAccessCidr - AdminEmail - WPDomainName - UseRoute53Boolean - UseCloudFrontBoolean - CloudFrontAcmCertificate - Label: default: Network Parameters: - NumberOfAZs - AvailabilityZones - VpcCidr - VpcTenancy - PublicSubnet0Cidr - PublicSubnet1Cidr - PublicSubnet2Cidr - PublicSubnet3Cidr - PublicSubnet4Cidr - PublicSubnet5Cidr - WebSubnet0Cidr - WebSubnet1Cidr - WebSubnet2Cidr - WebSubnet3Cidr - WebSubnet4Cidr - WebSubnet5Cidr - DataSubnet0Cidr - DataSubnet1Cidr - DataSubnet2Cidr - DataSubnet3Cidr - DataSubnet4Cidr - DataSubnet5Cidr - Label: default: File System Tier Parameters: - EfsPerformanceMode - EfsEncrpytedBoolean - EfsCmk - EfsGrowth - EfsGrowthInstanceType - EfsCreateAlarms - EfsAlarmsInstanceType - EfsWarningThreshold - EfsCriticalThreshold - Label: default: Database Tier Parameters: - DatabaseInstanceType - DatabaseEncrpytedBoolean - DatabaseCmk - DatabaseMasterUsername - DatabaseMasterPassword - DatabaseName - UseElastiCacheBoolean - ElastiCacheNodeType - Label: default: Bastion Tier Parameters: - BastionInstanceType - Label: default: Web Tier Parameters: - PublicAlbAcmCertificate - PHPVersion - PHPIniOverride - WebInstanceType - WebAsgMax - WebAsgMin - Label: default: WordPress Parameters: - WPVersion - WPTitle - WPAdminUsername - WPAdminPassword - WPDirectory - WPLocale ParameterLabels: BastionInstanceType: default: Bastion Instance Type CloudFrontAcmCertificate: default: CloudFront Certificate ARN DatabaseCmk: default: AWS KMS CMK for RDS DatabaseEncrpytedBoolean: default: Encrypted DB Cluster DatabaseInstanceType: default: DB Instance Class DatabaseMasterUsername: default: DB Master Username DatabaseMasterPassword: default: DB Master Password DatabaseName: default: DB Name EfsAlarmsInstanceType: default: Instance Type EfsCmk: default: AWS KMS CMK for EFS EfsCreateAlarms: default: Create EFS alarms EfsEncrpytedBoolean: default: Encrpyted EFS? EfsGrowth: default: Add dummy data (GiB) EfsGrowthInstanceType: default: Instance Type EfsCriticalThreshold: default: Critical Threshold (Minutes) EfsWarningThreshold: default: Warning Threshold (Minutes) EfsPerformanceMode: default: EFS Performance Mode ElastiCacheNodeType: default: Cache Cluster Node Type EC2KeyName: default: EC2 Key Pair PHPIniOverride: default: AWS php.ini Overrides PublicAlbAcmCertificate: default: ALB Certificate ARN SshAccessCidr: default: SSH Access From UseElastiCacheBoolean: default: Cache Cluster (ElastiCache) UseCloudFrontBoolean: default: CDN (CloudFront) UseRoute53Boolean: default: DNS record set (Route53) WebAsgMax: default: Web ASG Max WebAsgMin: default: Web ASG Min WebInstanceType: default: Web Tier Instance Type WPTitle: default: Site Title WPAdminUsername: default: Admin Username WPAdminPassword: default: Admin Password AdminEmail: default: Email Address WPDirectory: default: Site Directory WPDomainName: default: Site Domain WPLocale: default: Language Code WPVersion: default: WordPress Version AvailabilityZones: default: Availability Zones NumberOfAZs: default: Number of Availability Zones VpcCidr: default: VpcCidr VpcTenancy: default: VpcTenancy PHPVersion: default: PHP Version PublicSubnet0Cidr: default: Public Subnet 0 PublicSubnet1Cidr: default: Public Subnet 1 PublicSubnet2Cidr: default: Public Subnet 2 PublicSubnet3Cidr: default: Public Subnet 3 PublicSubnet4Cidr: default: Public Subnet 4 PublicSubnet5Cidr: default: Public Subnet 5 WebSubnet0Cidr: default: Web Subnet 0 WebSubnet1Cidr: default: Web Subnet 1 WebSubnet2Cidr: default: Web Subnet 2 WebSubnet3Cidr: default: Web Subnet 3 WebSubnet4Cidr: default: Web Subnet 4 WebSubnet5Cidr: default: Web Subnet 5 DataSubnet0Cidr: default: Data Subnet 0 DataSubnet1Cidr: default: Data Subnet 1 DataSubnet2Cidr: default: Data Subnet 2 DataSubnet3Cidr: default: Data Subnet 3 DataSubnet4Cidr: default: Data Subnet 4 DataSubnet5Cidr: default: Data Subnet 5 Parameters: BastionInstanceType: AllowedValues: - t3.medium - t3.micro - t3.nano - t3.small ConstraintDescription: Must be a valid Amazon EC2 instance type. Default: t3.nano Description: Bastion EC2 instance type. Type: String CloudFrontAcmCertificate: AllowedPattern: ^$|(arn:aws:acm:)([a-z0-9/:-])*([a-z0-9])$ Description: '[ Optional ] The AWS Certification Manager certificate ARN for the CloudFront distribution certificate - this certificate should be created in the us-east-1 (N. Virginia) region and must reference the WordPress domain name you use below.' Type: String DatabaseCmk: Description: AWS KMS Customer Master Key (CMK) to encrypt database cluster Type: String DatabaseEncrpytedBoolean: AllowedValues: - true - false Default: true Description: Indicates whether the DB instances in the cluster are encrypted. Type: String DatabaseInstanceType: AllowedValues: - db.t3.small - db.m5d.large - db.t3.medium - db.r5.large - db.r5.xlarge - db.r5.2xlarge - db.r5.4xlarge - db.r5.8xlarge - db.r5.12large - db.r5.16xlarge - db.r5.24xlarge ConstraintDescription: Must be a valid RDS instance class. Default: db.t3.medium Description: The Amazon RDS database instance class. Type: String DatabaseMasterUsername: AllowedPattern: ^([a-zA-Z0-9]*)$ Description: The Amazon RDS master username. ConstraintDescription: Must contain only alphanumeric characters (minimum 8; maximum 16). MaxLength: 16 MinLength: 8 Type: String DatabaseMasterPassword: AllowedPattern: ^([a-zA-Z0-9`~!#$%^&*()_+,\\-])*$ ConstraintDescription: Must be letters (upper or lower), numbers, spaces, and these special characters `~!#$%^&*()_+,- Description: The Amazon RDS master password. Letters, numbers, spaces, and these special characters `~!#$%^&*()_+,- MaxLength: 41 MinLength: 8 NoEcho: true Type: String DatabaseName: AllowedPattern: ^([a-zA-Z0-9]*)$ Description: The Amazon RDS master database name. Type: String EfsAlarmsInstanceType: AllowedValues: - t3.nano - t3.micro - t3.small - t3.medium ConstraintDescription: Must be a valid Amazon EC2 instance type. Default: t3.nano Description: The Amazon EC2 instance type that dynamically adjusts alarm thresholds based on permitted throughput changes. Type: String EfsEncrpytedBoolean: AllowedValues: - true - false Default: true Description: Create an encrypted Amazon EFS file system. Type: String EfsCmk: AllowedPattern: ^$|(arn:aws:kms:)([a-z0-9/:-])*([a-z0-9])$ ConstraintDescription: Must be an existing ARN for an AWS KMS CMK. Description: '[ Optional ] The AWS KMS customer-managed CMK ARN to encrypt & decrypt the EFS file system.' Type: String EfsCreateAlarms: AllowedValues: - true - false Default: true Description: Create Amazon EFS burst credit balance alarms. Type: String EfsCriticalThreshold: AllowedPattern: ^[0-9]+$ ConstraintDescription: Must be an integer. Default: 60 Description: Send critical alarm approx. this many minutes before Amazon EFS burst credit balance is zero. Type: String EfsGrowth: Default: 0 ConstraintDescription: Must be an integer. Description: Amount of dummy data (GiB) to add to the file system (max 6144 GiB). Amazon EFS storage charges apply. MaxValue: 6144 MinValue: 0 Type: Number EfsGrowthInstanceType: AllowedValues: - t3.nano - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - t3.nano - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - m4.16xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.12xlarge - m5.24xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5.9xlarge - c5.18xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - r4.large - r4.xlarge - r4.2xlarge - r4.4xlarge - r4.8xlarge - r4.16xlarge - x1.16xlarge - x1.32xlarge - x1e.xlarge - x1e.2xlarge - x1e.4xlarge - x1e.8xlarge - x1e.16xlarge - x1e.32xlarge - d2.xlarge - d2.2xlarge - d2.4xlarge - d2.8xlarge - h1.2xlarge - h1.4xlarge - h1.8xlarge - h1.16xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge - i3.large - i3.xlarge - i3.2xlarge - i3.4xlarge - i3.8xlarge - i3.16xlarge - f1.2xlarge - f1.16xlarge - g2.2xlarge - g2.8xlarge - g3.4xlarge - g3.8xlarge - g3.16xlarge - p2.xlarge - p2.8xlarge - p2.16xlarge - p3.2xlarge - p3.8xlarge - p3.16xlarge ConstraintDescription: Must be a valid Amazon EC2 instance type. Default: r4.large Description: The Amazon EC2 instance type that adds data to the file system. Type: String EfsPerformanceMode: AllowedValues: - generalPurpose - maxIO Default: generalPurpose Description: Select the performance mode of the file system. Type: String EfsWarningThreshold: AllowedPattern: ^[0-9]+$ ConstraintDescription: Must be an integer. Default: 180 Description: Send warning alarm approx. this many minutes before Amazon EFS burst credit balance is zero. Type: String ElastiCacheNodeType: AllowedValues: - cache.t3.micro - cache.t3.small - cache.t3.medium - cache.m4.large - cache.m4.xlarge - cache.m4.2xlarge - cache.m4.4xlarge - cache.m4.10xlarge - cache.m3.medium - cache.m3.large - cache.m3.xlarge - cache.m3.2xlarge - cache.r5.large - cache.r5.xlarge - cache.r5.2xlarge - cache.r5.4xlarge - cache.r5.12xlarge - cache.r5.24xlarge - cache.r6g.large ConstraintDescription: Must be a valid Amazon ElastiCache node type. Default: cache.r6g.large Description: The Amazon ElastiCache cluster node type. Type: String EC2KeyName: ConstraintDescription: Must be letters (upper or lower), numbers, and special characters. Description: Name of an EC2 KeyPair. Your bastion & Web instances will launch with this KeyPair. Type: AWS::EC2::KeyPair::KeyName PHPIniOverride: Description: Full Amazon S3 https path to a php.ini override file (e.g. https://s3.amazonaws.com/aws-refarch/wordpress/latest/bits/20-aws.ini) Type: String PHPVersion: AllowedValues: - 8.1 - 8.0 - 7.4 Default: 8.1 Description: The version of PHP to install. Type: String PublicAlbAcmCertificate: AllowedPattern: ^$|(arn:aws:acm:)([a-z0-9/:-])*([a-z0-9])$ Description: '[ Optional ] The AWS Certification Manager certificate ARN for the ALB certificate - this certificate should be created in the region you wish to run the ALB and must reference the WordPress domain name you use below.' Type: String SshAccessCidr: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: The CIDR IP range that is permitted to SSH to bastion instance. Note - a value of 0.0.0.0/0 will allow access from ANY IP address. Type: String Default: 0.0.0.0/0 UseCloudFrontBoolean: AllowedValues: - true - false Default: true Description: Specifies whether a CloudFront Distribution should be created to serve the WordPress website content. Type: String UseElastiCacheBoolean: AllowedValues: - true - false Default: true Description: Specifies whether an ElastiCache Cache Cluster should be created to cache WordPress database content. Type: String UseRoute53Boolean: AllowedValues: - true - false Default: true Description: Specifies whether a record set should be created in Route 53 for your WordPress domain name. Type: String WebAsgMax: AllowedPattern: ^((?!0$)[1-2]?[0-9]|30)$ ConstraintDescription: Must be a number between 1 and 30. Default: 4 Description: Specifies the maximum number of EC2 instances in the Web Autoscaling Group. Type: String WebAsgMin: AllowedPattern: ^([0-0]?[0-9]|10)$ ConstraintDescription: Must be a number between 0 and 10. Default: 2 Description: Specifies the minimum number of EC2 instances in the Web Autoscaling Group. Type: String WebInstanceType: AllowedValues: - t3.nano - t3.micro - t3.small - t3.medium - t3.large ConstraintDescription: Must be a valid Amazon EC2 instance type. Default: t3.large Description: The Amazon EC2 instance type for your web instances. Type: String AdminEmail: AllowedPattern: ^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$ Description: The admin email address for WordPress and AWS notifications. Type: String WPAdminPassword: AllowedPattern: ^([a-zA-Z0-9`~!#$%^&*()_+,\\-])*$ ConstraintDescription: Must be letters (upper or lower), numbers, spaces, and these special characters `~!#$%^&*()_+,- Description: The WordPress admin password. Letters, numbers, spaces, and these special characters `~!#$%^&*()_+,- Type: String NoEcho: true WPAdminUsername: AllowedPattern: ^([a-zA-Z0-9])([a-zA-Z0-9_-])*([a-zA-Z0-9])$ Description: The WordPress admin username. Type: String WPDirectory: AllowedPattern: ^([a-zA-Z0-9])([a-zA-Z0-9_-])*([a-zA-Z0-9])$ Description: The WordPress site directory. Type: String WPDomainName: AllowedPattern: ^$|(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ Description: '[ Optional ] The main domain name of the WordPress site (e.g. example.com).' Type: String WPLocale: Description: "The main language of the WordPress site, as per https://codex.WordPress.org/Installing_WordPress_in_Your_Language. The default is 'en_GB'." Type: String Default: en_GB WPTitle: Default: This is a new WordPress site on Amazon Web Services AllowedPattern: ^([a-zA-Z0-9])([a-zA-Z0-9 _-]*)([a-zA-Z0-9])$ Description: The WordPress website title. Type: String AvailabilityZones: Description: 'List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved.' Type: List NumberOfAZs: AllowedValues: - 2 - 3 - 4 - 5 - 6 Default: 3 Description: Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter. Type: Number VpcCidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC Type: String VpcTenancy: AllowedValues: - default - dedicated Default: default Description: The allowed tenancy of instances launched into the VPC Type: String DataSubnet0Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.100.0/24 Description: CIDR block for data subnet 0 located in Availability Zone 0 Type: String DataSubnet1Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.101.0/24 Description: CIDR block for data subnet 1 located in Availability Zone 1 Type: String DataSubnet2Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.102.0/24 Description: CIDR block for data subnet 2 located in Availability Zone 2 Type: String DataSubnet3Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.103.0/24 Description: CIDR block for data subnet 3 located in Availability Zone 3 Type: String DataSubnet4Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.104.0/24 Description: CIDR block for data subnet 4 located in Availability Zone 4 Type: String DataSubnet5Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.105.0/24 Description: CIDR block for data subnet 5 located in Availability Zone 5 Type: String PublicSubnet0Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.200.0/24 Description: CIDR block for Public subnet 0 located in Availability Zone 0 Type: String PublicSubnet1Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.201.0/24 Description: CIDR block for Public subnet 1 located in Availability Zone 1 Type: String PublicSubnet2Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.202.0/24 Description: CIDR block for Public subnet 2 located in Availability Zone 2 Type: String PublicSubnet3Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.203.0/24 Description: CIDR block for Public subnet 3 located in Availability Zone 3 Type: String PublicSubnet4Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.204.0/24 Description: CIDR block for Public subnet 4 located in Availability Zone 4 Type: String PublicSubnet5Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.205.0/24 Description: CIDR block for Public subnet 5 located in Availability Zone 5 Type: String WebSubnet0Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/22 Description: CIDR block for Web subnet 0 located in Availability Zone 0 Type: String WebSubnet1Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.4.0/22 Description: CIDR block for Web subnet 1 located in Availability Zone 1 Type: String WebSubnet2Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.8.0/22 Description: CIDR block for Web subnet 2 located in Availability Zone 2 Type: String WebSubnet3Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.12.0/22 Description: CIDR block for Web subnet 3 located in Availability Zone 3 Type: String WebSubnet4Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.16.0/22 Description: CIDR block for Web subnet 4 located in Availability Zone 4 Type: String WebSubnet5Cidr: AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$" ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.20.0/22 Description: CIDR block for Web subnet 5 located in Availability Zone 5 Type: String WPVersion: AllowedValues: - latest - nightly - 4.5 - 4.6 - 4.7 - 4.8 - 4.9 Default: latest Description: The WordPress version (make sure this version is compatible with the PHP version selected above). Type: String Conditions: AvailableAWSRegion: !Or [ !Equals [ !Ref 'AWS::Region', ap-southeast-2 ], !Equals [ !Ref 'AWS::Region', eu-central-1 ], !Equals [ !Ref 'AWS::Region', eu-west-1 ], !Equals [ !Ref 'AWS::Region', us-east-1 ], !Equals [ !Ref 'AWS::Region', us-east-2 ], !Equals [ !Ref 'AWS::Region', us-west-2 ] ] EfsCreateAlarms: !Equals [ true, !Ref EfsCreateAlarms ] EfsCreateNoAlarms: !Equals [ false, !Ref EfsCreateAlarms ] CreateRecordSet: !And - !Equals [ true, !Ref UseRoute53Boolean ] - !Condition AvailableAWSRegion DeployCloudFront: !And - !Equals [ true, !Ref UseCloudFrontBoolean ] - !Condition AvailableAWSRegion DeployElastiCache: !And - !Equals [ true, !Ref UseElastiCacheBoolean ] - !Condition AvailableAWSRegion Resources: bastion: Condition: AvailableAWSRegion DependsOn: [ newvpc, securitygroups ] Type: AWS::CloudFormation::Stack Properties: Parameters: BastionInstanceType: !Ref BastionInstanceType BastionSecurityGroup: !GetAtt [ securitygroups, Outputs.BastionSecurityGroup ] EC2KeyName: !Ref EC2KeyName NumberOfSubnets: !Ref NumberOfAZs Subnet: !GetAtt [ newvpc, Outputs.PublicSubnet ] TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-03-bastion.yaml cloudfront: Condition: DeployCloudFront DependsOn: [ publicalb, web ] Type: AWS::CloudFormation::Stack Properties: Parameters: CloudFrontAcmCertificate: !Ref CloudFrontAcmCertificate PublicAlbDnsName: !GetAtt [ publicalb, Outputs.PublicAlbDnsName ] WPDomainName: !Ref WPDomainName TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-04-cloudfront.yaml dashboardwithalarms: Condition: EfsCreateAlarms DependsOn: [ newvpc, securitygroups, publicalb, efsfilesystem, rds, efsalarms ] Type: AWS::CloudFormation::Stack Properties: Parameters: ElasticFileSystem: !GetAtt [ efsfilesystem, Outputs.ElasticFileSystem ] DatabaseCluster: !GetAtt [ rds, Outputs.DatabaseCluster ] BurstCreditBalanceDecreaseAlarmArn: !GetAtt [ efsalarms, Outputs.BurstCreditBalanceDecreaseAlarmArn ] BurstCreditBalanceIncreaseAlarmArn: !GetAtt [ efsalarms, Outputs.BurstCreditBalanceIncreaseAlarmArn ] CriticalAlarmArn: !GetAtt [ efsalarms, Outputs.CriticalAlarmArn ] WarningAlarmArn: !GetAtt [ efsalarms, Outputs.WarningAlarmArn ] PublicAlbFullName: !GetAtt [ publicalb, Outputs.PublicAlbFullName ] EfsCreateAlarms: !Ref EfsCreateAlarms TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-06-dashboard.yaml dashboardwithnoalarms: Condition: EfsCreateNoAlarms DependsOn: [ newvpc, securitygroups, publicalb, efsfilesystem, rds ] Type: AWS::CloudFormation::Stack Properties: Parameters: ElasticFileSystem: !GetAtt [ efsfilesystem, Outputs.ElasticFileSystem ] DatabaseCluster: !GetAtt [ rds, Outputs.DatabaseCluster ] PublicAlbFullName: !GetAtt [ publicalb, Outputs.PublicAlbFullName ] EfsCreateAlarms: !Ref EfsCreateAlarms TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-06-dashboard.yaml efsfilesystem: DependsOn: [ newvpc, securitygroups ] Type: AWS::CloudFormation::Stack Properties: Parameters: EncrpytedBoolean: !Ref EfsEncrpytedBoolean Cmk: !Ref EfsCmk EC2KeyName: !Ref EC2KeyName WPDirectory: !Ref WPDirectory SecurityGroup: !GetAtt [ securitygroups, Outputs.EfsSecurityGroup ] Growth: !Ref EfsGrowth InstanceType: !Ref EfsGrowthInstanceType NumberOfSubnets: !Ref NumberOfAZs PerformanceMode: !Ref EfsPerformanceMode Subnet: !GetAtt [ newvpc, Outputs.DataSubnet ] TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-03-efsfilesystem.yaml efsalarms: Condition: EfsCreateAlarms DependsOn: [ efsfilesystem ] Type: AWS::CloudFormation::Stack Properties: Parameters: CriticalThreshold: !Ref EfsCriticalThreshold EC2KeyName: !Ref EC2KeyName ElasticFileSystem: !GetAtt [ efsfilesystem, Outputs.ElasticFileSystem ] EmailAddress: !Ref AdminEmail SecurityGroup: !GetAtt [ securitygroups, Outputs.EfsSecurityGroup ] InstanceType: !Ref EfsAlarmsInstanceType NumberOfSubnets: !Ref NumberOfAZs Subnet: !GetAtt [ newvpc, Outputs.DataSubnet ] WarningThreshold: !Ref EfsWarningThreshold TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-03-efsalarms.yaml elasticache: Condition: DeployElastiCache DependsOn: [ newvpc, securitygroups ] Type: AWS::CloudFormation::Stack Properties: Parameters: Subnet: !GetAtt [ newvpc, Outputs.DataSubnet ] ElastiCacheNodeType: !Ref ElastiCacheNodeType ElastiCacheSecurityGroup: !GetAtt [ securitygroups, Outputs.ElastiCacheSecurityGroup ] NumberOfSubnets: !Ref NumberOfAZs TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-03-elasticache.yaml newvpc: Type: AWS::CloudFormation::Stack Properties: Parameters: NumberOfAZs: !Ref NumberOfAZs AvailabilityZones: !Join - ',' - !Ref AvailabilityZones VpcCidr: !Ref VpcCidr VpcTenancy: !Ref VpcTenancy PublicSubnet0Cidr: !Ref PublicSubnet0Cidr PublicSubnet1Cidr: !Ref PublicSubnet1Cidr PublicSubnet2Cidr: !Ref PublicSubnet2Cidr PublicSubnet3Cidr: !Ref PublicSubnet3Cidr PublicSubnet4Cidr: !Ref PublicSubnet4Cidr PublicSubnet5Cidr: !Ref PublicSubnet5Cidr WebSubnet0Cidr: !Ref WebSubnet0Cidr WebSubnet1Cidr: !Ref WebSubnet1Cidr WebSubnet2Cidr: !Ref WebSubnet2Cidr WebSubnet3Cidr: !Ref WebSubnet3Cidr WebSubnet4Cidr: !Ref WebSubnet4Cidr WebSubnet5Cidr: !Ref WebSubnet5Cidr DataSubnet0Cidr: !Ref DataSubnet0Cidr DataSubnet1Cidr: !Ref DataSubnet1Cidr DataSubnet2Cidr: !Ref DataSubnet2Cidr DataSubnet3Cidr: !Ref DataSubnet3Cidr DataSubnet4Cidr: !Ref DataSubnet4Cidr DataSubnet5Cidr: !Ref DataSubnet5Cidr TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-01-newvpc.yaml publicalb: Condition: AvailableAWSRegion DependsOn: [ newvpc, securitygroups ] Type: AWS::CloudFormation::Stack Properties: Parameters: NumberOfSubnets: !Ref NumberOfAZs Subnet: !GetAtt [ newvpc, Outputs.PublicSubnet ] PublicAlbAcmCertificate: !Ref PublicAlbAcmCertificate PublicAlbSecurityGroup: !GetAtt [ securitygroups, Outputs.PublicAlbSecurityGroup ] Vpc: !GetAtt [ newvpc, Outputs.Vpc ] TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-03-publicalb.yaml rds: Condition: AvailableAWSRegion DependsOn: [ newvpc, securitygroups ] Type: AWS::CloudFormation::Stack Properties: Parameters: DatabaseInstanceType: !Ref DatabaseInstanceType DatabaseMasterUsername: !Ref DatabaseMasterUsername DatabaseMasterPassword: !Ref DatabaseMasterPassword DatabaseName: !Ref DatabaseName DatabaseEncrpytedBoolean: !Ref DatabaseEncrpytedBoolean DatabaseCmk: !Ref DatabaseCmk DatabaseSecurityGroup: !GetAtt [ securitygroups, Outputs.DatabaseSecurityGroup ] Subnet: !GetAtt [ newvpc, Outputs.DataSubnet ] NumberOfSubnets: !Ref NumberOfAZs TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-03-rds.yaml route53: Condition: CreateRecordSet DependsOn: [ publicalb, web ] Type: AWS::CloudFormation::Stack Properties: Parameters: DnsEndpoint: !If [ DeployCloudFront, !GetAtt [ cloudfront, Outputs.DnsEndpoint ], !GetAtt [ publicalb, Outputs.PublicAlbDnsName ] ] DnsHostId: !If [ DeployCloudFront, 'Z2FDTNDATAQYW2', !GetAtt [ publicalb, Outputs.PublicAlbCanonicalHostedZoneId ] ] WPDomainName: !Ref WPDomainName TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-05-route53.yaml securitygroups: Condition: AvailableAWSRegion DependsOn: newvpc Type: AWS::CloudFormation::Stack Properties: Parameters: SshAccessCidr: !Ref SshAccessCidr Vpc: !GetAtt [ newvpc, Outputs.Vpc ] TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-02-securitygroups.yaml web: Condition: AvailableAWSRegion DependsOn: [ efsfilesystem, newvpc, publicalb, securitygroups ] Type: AWS::CloudFormation::Stack Properties: Parameters: DatabaseClusterEndpointAddress: !GetAtt [ rds, Outputs.DatabaseClusterEndpointAddress ] DatabaseMasterUsername: !Ref DatabaseMasterUsername DatabaseMasterPassword: !Ref DatabaseMasterPassword DatabaseName: !Ref DatabaseName ElasticFileSystem: !GetAtt [ efsfilesystem, Outputs.ElasticFileSystem ] EC2KeyName: !Ref EC2KeyName NumberOfSubnets: !Ref NumberOfAZs PHPIniOverride: !Ref PHPIniOverride PHPVersion: !Ref PHPVersion PublicAlbTargetGroupArn: !GetAtt [ publicalb, Outputs.PublicAlbTargetGroupArn ] PublicAlbHostname: !GetAtt [ publicalb, Outputs.PublicAlbHostname ] SslCertificate: !GetAtt [ publicalb, Outputs.SslCertificate ] WebAsgMax: !Ref WebAsgMax WebAsgMin: !Ref WebAsgMin WebInstanceType: !Ref WebInstanceType WebSecurityGroup: !GetAtt [ securitygroups, Outputs.WebSecurityGroup ] Subnet: !GetAtt [ newvpc, Outputs.WebSubnet ] WPAdminEmail: !Ref AdminEmail WPAdminPassword: !Ref WPAdminPassword WPAdminUsername: !Ref WPAdminUsername WPDirectory: !Ref WPDirectory WPDomainName: !Ref WPDomainName WPLocale: !Ref WPLocale WPTitle: !Ref WPTitle WPVersion: !Ref WPVersion TemplateURL: https://s3.amazonaws.com/aws-refarch/wordpress/latest/templates/aws-refarch-wordpress-04-web.yaml Outputs: StackStatus: Description: Master Stack Status Value: !If [ AvailableAWSRegion, !Join [ '', [ 'Stack created in an available region: ', !Ref 'AWS::Region' ] ], "!!ERROR!!! - Nothing to do! - unavailable AWS Region. You must create this stack in an available AWS Region: 'us-east-1', 'us-east-2', 'us-west-2', 'eu-west-1', 'ap-southeast-2'." ] WPSiteUrl: Description: The URL of the WordPress site Value: !If [ CreateRecordSet, !Join [ '', [ 'http://www.', !Ref WPDomainName ] ], !If [ DeployCloudFront, !GetAtt [ cloudfront, Outputs.DnsHostname ], !GetAtt [ publicalb, Outputs.PublicAlbHostname ] ] ] OpCacheValidationUrl: Description: A page to validate OpCache has been enabled for each instance in the ASG. Refresh the page to see the status of each instance in the ASG. Value: !Join [ '', [ !If [ CreateRecordSet, !Join [ '', [ 'http://www.', !Ref WPDomainName ] ], !If [ DeployCloudFront, !GetAtt [ cloudfront, Outputs.DnsHostname ], !GetAtt [ publicalb, Outputs.PublicAlbHostname ] ] ], '/opcache-instanceid.php' ] ]