--- AWSTemplateFormatVersion: "2010-09-09" Description: This template will launch the Player Account Environment for .Net Modernization Workshop. Parameters: BucketName: Type: String Description: "S3 Bucket Name where nested templates are Stored in" BucketPrefix: Type: String Description: S3 Prefix for nested template artifacts UnicornStoreDBUsername: Type: String Description: UnicornStore Database Username for RDS Default: "awssa" UnicornStoreDBPassword: AllowedPattern: "^(?=.*[0-9])(?=.*[a-zA-Z])([a-zA-Z0-9]+)" ConstraintDescription: Must contain only alphanumeric characters with at least one capital letter and one number Description: UnicornStore Database Username for RDS MaxLength: '41' MinLength: '8' Type: String Default: BBTh123ca Resources: BasicVPC: Type: "AWS::CloudFormation::Stack" Properties: TemplateURL: !Sub "https://${BucketName}.s3.amazonaws.com/${BucketPrefix}/templates/player-vpc-template.yaml" TimeoutInMinutes: 10 WorkshopIDE: Type: "AWS::Cloud9::EnvironmentEC2" Properties: Description: "Cloud9 Browser Based IDE for executing the modernization AWS Workshop" AutomaticStopTimeMinutes: 60 InstanceType: t3.small SubnetId: !GetAtt BasicVPC.Outputs.PublicSubnet1 UnicornStoreRDSSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: UnicornStoreRDSSecurityGroup SecurityGroupIngress: - IpProtocol: tcp FromPort: 1433 ToPort: 1433 CidrIp: !GetAtt BasicVPC.Outputs.VPCCIDR VpcId: !GetAtt BasicVPC.Outputs.VPCId UnicornStoreRDS: Type: "AWS::RDS::DBInstance" Properties: AllocatedStorage: 20 DBInstanceClass: db.t2.medium Port: 1433 PubliclyAccessible: 'true' StorageType: gp2 MasterUsername: !Ref UnicornStoreDBUsername MasterUserPassword: !Ref UnicornStoreDBPassword Engine: sqlserver-web EngineVersion: 14.00.3223.3.v1 LicenseModel: license-included MultiAZ: false DBSubnetGroupName: !Ref UnicornStoreSubnetGroup VPCSecurityGroups: - Fn::GetAtt: - UnicornStoreRDSSecurityGroup - GroupId Tags: - Key: "Name" Value: "UnicornStoreDB" UnicornStoreSubnetGroup: Type: "AWS::RDS::DBSubnetGroup" Properties: DBSubnetGroupDescription: UnicornStore-SubnetGroup SubnetIds: - !GetAtt BasicVPC.Outputs.PublicSubnet1 - !GetAtt BasicVPC.Outputs.PublicSubnet2 UnicornStoreECR: Type: "AWS::ECR::Repository" Properties: RepositoryName : modernization-unicorn-store UnicornStoreCloudwatchLogGroup: Type: "AWS::Logs::LogGroup" Properties: LogGroupName: UnicornStore RetentionInDays: 30 ECSExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "ecs-tasks.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess" Policies: - PolicyName: RetrieveUnicornSecret PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - secretsmanager:GetSecretValue Resource: - !Ref UnicornStoreDBSecret - !Ref DefaultAdminPasswordSecret - !Ref DefaultAdminUsernameSecret RoleName: "UnicornStoreExecutionRole" UnicornStoreLbSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupName: UnicornStoreLbSecurityGroup GroupDescription: Security group the the Unicornstore Application Load Balancer SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 VpcId: !GetAtt BasicVPC.Outputs.VPCId UnicornStoreTaskSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupName: UnicornStoreTaskSecurityGroup GroupDescription: Security group the the Unicornstore Fargate Task VpcId: !GetAtt BasicVPC.Outputs.VPCId UnicornStoreTaskSecurityGroupIngress: Type: "AWS::EC2::SecurityGroupIngress" Properties: GroupId: !Ref UnicornStoreTaskSecurityGroup IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupId: !Ref UnicornStoreLbSecurityGroup UnicornStoreLoadBalancer: Type: "AWS::ElasticLoadBalancingV2::LoadBalancer" Properties: Name: UnicornStore-LB Scheme: internet-facing SecurityGroups: - !Ref UnicornStoreLbSecurityGroup Subnets: - !GetAtt BasicVPC.Outputs.PublicSubnet1 - !GetAtt BasicVPC.Outputs.PublicSubnet2 Tags: - Key: Name Value: UnicornStore-LB Type: application IpAddressType: ipv4 DependsOn: UnicornStoreLbSecurityGroup ECSCluster: Type: "AWS::ECS::Cluster" Properties: ClusterName: UnicornStoreCluster UnicornStoreDBSecret: Type: "AWS::SecretsManager::Secret" Properties: Name: UNICORNSTORE_DBSECRET Description: UnicornStoreDB RDS Secret SecretString: !Join - '' - - '{"username":' - !Sub '"${UnicornStoreDBUsername}",' - '"password":' - !Sub '"${UnicornStoreDBPassword}",' - '"engine":' - '"sqlserver",' - '"host":' - !Sub '"${UnicornStoreRDS.Endpoint.Address}",' - '"port":' - !Sub "${UnicornStoreRDS.Endpoint.Port}," - '"dbInstanceIdentifier":' - !Sub '"${UnicornStoreRDS}"' - '}' DefaultAdminPasswordSecret: Type: "AWS::SecretsManager::Secret" Properties: Name: DefaultAdminPassword Description: UnicornStore DefaultAdminPassword SecretString: Secret1* DefaultAdminUsernameSecret: Type: "AWS::SecretsManager::Secret" Properties: Name: DefaultAdminUsername Description: UnicornStore DefaultAdminUsername SecretString: Administrator@test.com Outputs: Cloud9IDE: Description: "The IDE Login URL" Value: !Sub "https://${AWS::Region}.console.aws.amazon.com/cloud9/ide/${WorkshopIDE}"