AWSTemplateFormatVersion: 2010-09-09 Description: > The template is designed for building infrastructure for ECS, included all necessary components. Metadata: Authors: Description: CC Parameters: s3cf: Description: "S3 bucket and folder where to store cloudformation templates." Type: String Default: "cloudformation-box/ecs-mesh-workshop" cidr4Vpc: Description: "CIDR for VPC." Type: String Default: "10.0.0.0/16" cidr4Subnet: Description: "Comma-delimited list of CIDR blocks." Type: String Default: "10.0.10.0/24, 10.0.30.0/24, 10.0.60.0/22, 10.0.80.0/22" keyPairName: Description: "Key pair name for EC2 and must be created before luanch stack." Type: String Default: "nx-keypair" #Have to moddify into existing keypair. ip4Ec2: Description: "DNS of the trusted identity provider for EC2." Type: String Default: "ec2.amazonaws.com.cn" ecsami: Description: ECS AMI ID - The Amazon Machine Image ID used for the cluster, leave it as the default value to get the latest AMI Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Conditions: OnZHY: !Equals [ !Ref 'AWS::Region', cn-north-1 ] OnBJS: !Equals [ !Ref 'AWS::Region', cn-northwest-1 ] Mappings: RegionMap: ap-east-1: S3Endpoint: "s3.ap-east-1.amazonaws.com" ap-northeast-1: S3Endpoint: "s3.ap-northeast-1.amazonaws.com" ap-northeast-2: S3Endpoint: "s3.ap-northeast-2.amazonaws.com" ap-northeast-3: S3Endpoint: "s3.ap-northeast-3.amazonaws.com" ap-south-1: S3Endpoint: "s3.ap-south-1.amazonaws.com" ap-southeast-1: S3Endpoint: "s3.ap-southeast-1.amazonaws.com" ap-southeast-2: S3Endpoint: "s3.ap-southeast-2.amazonaws.com" ca-central-1: S3Endpoint: "s3.ca-central-1.amazonaws.com" cn-north-1: S3Endpoint: "s3.cn-north-1.amazonaws.com.cn" cn-northwest-1: S3Endpoint: "s3.cn-northwest-1.amazonaws.com.cn" eu-central-1: S3Endpoint: "s3.eu-central-1.amazonaws.com" eu-north-1: S3Endpoint: "s3.eu-north-1.amazonaws.com" eu-west-1: S3Endpoint: "s3.eu-west-1.amazonaws.com" eu-west-2: S3Endpoint: "s3.eu-west-2.amazonaws.com" eu-west-3: S3Endpoint: "s3.eu-west-3.amazonaws.com" me-south-1: S3Endpoint: "s3.me-south-1.amazonaws.com" sa-east-1: S3Endpoint: "s3.sa-east-1.amazonaws.com" us-east-1: S3Endpoint: "s3.amazonaws.com" us-east-2: S3Endpoint: "s3.us-east-2.amazonaws.com" us-gov-east-1: S3Endpoint: "s3.us-gov-east-1.amazonaws.com" us-gov-west-1: S3Endpoint: "s3.us-gov-west-1.amazonaws.com" us-west-1: S3Endpoint: "s3.us-west-1.amazonaws.com" us-west-2: S3Endpoint: "s3.us-west-2.amazonaws.com" Resources: Network4C: Type: AWS::CloudFormation::Stack Properties: Parameters: vpcCidr: !Ref cidr4Vpc subnetCidr: !Ref cidr4Subnet Tags: - Key: Name Value: !Sub '${AWS::StackName}-network' TemplateURL: !Join - '' - - 'https://' - !FindInMap [ RegionMap, !Ref 'AWS::Region', S3Endpoint ] - '/' - !Ref s3cf - '/templates/infra/network.yaml' TimeoutInMinutes: "60" Policy4C: Type: AWS::CloudFormation::Stack Properties: Parameters: ip4Ec2: !If [OnZHY, !Ref ip4Ec2, !If [OnBJS, !Ref ip4Ec2, 'ec2.amazonaws.com']] Tags: - Key: Name Value: !Sub '${AWS::StackName}-policy' TemplateURL: !Join - '' - - 'https://' - !FindInMap [ RegionMap, !Ref 'AWS::Region', S3Endpoint ] - '/' - !Ref s3cf - '/templates/infra/policy.yaml' TimeoutInMinutes: "60" BastionServer: Type: AWS::CloudFormation::Stack Properties: Parameters: keyPairName: !Ref keyPairName ami: !Ref ecsami baseVpc: !GetAtt Network4C.Outputs.baseVpc s3cf: !Ref s3cf publicSubnet1a: !GetAtt Network4C.Outputs.publicSubnet1a publicSubnet1b: !GetAtt Network4C.Outputs.publicSubnet1b s3Dns: !FindInMap [ RegionMap, !Ref 'AWS::Region', S3Endpoint ] bostionRole: !GetAtt Policy4C.Outputs.bastionRole Tags: - Key: Name Value: !Sub '${AWS::StackName}-bastion' TemplateURL: !Join - '' - - 'https://' - Fn::FindInMap: [ RegionMap, !Ref 'AWS::Region', S3Endpoint ] - '/' - !Ref s3cf - '/templates/infra/bastion.yaml' TimeoutInMinutes: "60" Outputs: baseVpc: Description: VPC Stack ID. Value: !GetAtt Network4C.Outputs.baseVpc Export: Name: !Sub '${AWS::StackName}-baseVpc' publicSubnet1a: Description: Public subnet 1a. Value: !GetAtt Network4C.Outputs.publicSubnet1a Export: Name: !Sub '${AWS::StackName}-pub1aSubnet' publicSubnet1b: Description: Public subnet 1b. Value: !GetAtt Network4C.Outputs.publicSubnet1b Export: Name: !Sub '${AWS::StackName}-pub1bSubnet' privateSubnet1a: Description: Private subnet 1a. Value: !GetAtt Network4C.Outputs.privateSubnet1a Export: Name: !Sub '${AWS::StackName}-pri1aSubnet' privateSubnet1b: Description: Private subnet 1b. Value: !GetAtt Network4C.Outputs.privateSubnet1b Export: Name: !Sub '${AWS::StackName}-pri1bSubnet' bastionPolicy: Description: Policy ARN for bastion. Value: !GetAtt Policy4C.Outputs.bastionPolicy Export: Name: !Sub '${AWS::StackName}-bastionPolicy' nodesPolicy: Description: Policy ARN for auto scaling nodes, which are registered into ECS cluster. Value: !GetAtt Policy4C.Outputs.nodesPolicy Export: Name: !Sub '${AWS::StackName}-nodesPolicy' ecsPolicy: Description: Policy ARN for ECS service. Value: !GetAtt Policy4C.Outputs.ecsPolicy Export: Name: !Sub '${AWS::StackName}-ecsPolicy' bastionRole: Description: Policy Role for bastion. Value: !GetAtt Policy4C.Outputs.bastionRole Export: Name: !Sub '${AWS::StackName}-bastionRole' nodesRole: Description: Policy Role for auto scaling nodes, which are registered into ECS cluster. Value: !GetAtt Policy4C.Outputs.nodesRole Export: Name: !Sub '${AWS::StackName}-nodesRole' ecsRole: Description: Policy Role for ECS service. Value: !GetAtt Policy4C.Outputs.ecsRole Export: Name: !Sub '${AWS::StackName}-ecsRole'