AWSTemplateFormatVersion: '2010-09-09' Description: Sample Beanstalk environmment template (qs-1rt5l9ase) Metadata: QSLint: Exclusions: [ W9002, W9003, W9004, W9006 ] cfn-lint: config: ignore_checks: - E9904 - E9902 - E9010 - W9901 Conditions: CreateNewBeanstalkApp: !Equals - !Ref 'ExistingBeanstalkApplicationName' - '' CreateNewBeanstalkEnv: !Equals - !Ref 'ExistingBlueEnvironmentName' - '' CreateSampleAppForBeanstalk: !Equals - !Ref 'AppPackageS3Bucket' - elasticbeanstalk-samples Parameters: AppPackageS3Bucket: Default: elasticbeanstalk-samples Description: Provide the S3 bucket where the Application Package exists for creating a new Beanstalk environment. This parameter can be ignored if using an existing Environment. Type: String AppPackageS3key: Default: php-sample.zip Description: Provide the S3 bucket key with the zip file package name for creating a new Beanstalk environment. This parameter can be ignored if using an existing Environment Type: String ExistingBeanstalkApplicationName: Default: '' Description: >- OPTIONAL: Required if the parameter 'ExistingBlueEnvironmentName' is provided. Give the Name of the Existing Beantalk Application where the existing Beanstalk Environment is running. Leave in blank if you want to create a new Application Type: String ExistingBlueEnvironmentName: Default: '' Description: >- Name of the Existing Beanstalk Environment as Blue Environment. Leave it blank if you want to create a new Environment. Provide a value to this parameter for which you would like to utilize the cost efficient Blue-Green deployments by creating a temporary cloned environment for routing the live traffic when this environment is in the Deployment/Test lifecycle Type: String GreenEnvironmentName: Default: GreenEnvironment Description: >- Provide a Name for the Green Environment, which will be the clone of the Blue Environment where the traffic will be routed temporarily for the amount of time the Blue Environment is completed with the deployment and tested. After the successful deployment to Blue Environment, the traffic will be routed back to Blue and the Green Environment will be terminated Type: String NewBeanstalkApplicationName: Default: BlueGreenBeanstalkApplication Description: >- OPTIONAL:Provide a name for a new Beantalk Application where the new Blue Environment and the clone will be created. If not provided, the name will be 'BlueGreenBeanstalkApplication' by default. Value for this parameter is required only when you leave the 'ExistingBlueEnvironmentName' and 'ExistingBeanstalkApplicationName' property empty Type: String NewBlueEnvironmentName: Default: BlueEnvironment Description: >- Provide a name for creating a new Beanstalk Environment as Blue Environment that uses a Sample Application. This is the main environment from which a temporary clone called 'Green Environment' will be created to route the live traffic until the deployment is completed and tested with this one. Value for this parameter is required only when you leave the 'ExistingBlueEnvironmentName' property empty Type: String SolutionStackForNewBeanstalkEnv: Default: 64bit Amazon Linux 2 v3.5.0 running PHP 8.0 Description: >- Provide a name for the Beanstalk Solution stack for launching the new Blue Environment. If not provided, the default will be a PHP solution stack. Please refer the following document https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html for all the solution stack values. Value for this parameter is required only when you leave the 'ExistingBlueEnvironmentName' property empty Type: String Resources: BeanstalkAppVersion: Condition: CreateNewBeanstalkEnv Properties: ApplicationName: !If - CreateNewBeanstalkApp - !Ref 'BeanstalkApplication' - !Ref 'ExistingBeanstalkApplicationName' Description: my sample version SourceBundle: S3Bucket: !If - CreateSampleAppForBeanstalk - !Join - '' - - !Ref 'AppPackageS3Bucket' - '-' - !Ref 'AWS::Region' - !Ref 'AppPackageS3Bucket' S3Key: !Ref 'AppPackageS3key' Type: AWS::ElasticBeanstalk::ApplicationVersion BeanstalkApplication: Condition: CreateNewBeanstalkApp Properties: ApplicationName: !Ref 'NewBeanstalkApplicationName' Description: AWS Elastic Beanstalk PHP Sample Application Type: AWS::ElasticBeanstalk::Application BeanstalkEnvironment: Condition: CreateNewBeanstalkEnv Properties: ApplicationName: !If - CreateNewBeanstalkApp - !Ref 'BeanstalkApplication' - !Ref 'ExistingBeanstalkApplicationName' Description: AWS Elastic Beanstalk Environment running PHP Sample Application EnvironmentName: !Ref 'NewBlueEnvironmentName' OptionSettings: - Namespace: aws:autoscaling:launchconfiguration OptionName: IamInstanceProfile Value: !Ref 'BeanstalkInstanceProfile' - Namespace: aws:elasticbeanstalk:environment OptionName: ServiceRole Value: !Ref 'BeanstalkServiceRole' SolutionStackName: !Ref 'SolutionStackForNewBeanstalkEnv' VersionLabel: !Ref 'BeanstalkAppVersion' Type: AWS::ElasticBeanstalk::Environment BeanstalkInstanceProfile: Condition: CreateNewBeanstalkEnv Properties: Path: / Roles: - !Ref 'BeanstalkInstanceProfileRole' Type: AWS::IAM::InstanceProfile BeanstalkInstanceProfileRole: Condition: CreateNewBeanstalkEnv Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com Version: '2012-10-17' Path: / Policies: - PolicyDocument: Statement: - Action: - s3:GetStorageLensDashboard - s3:GetAccessPoint - s3:GetObject - s3:GetAccessPointPolicyStatus - s3:GetReplicationConfiguration - s3:GetObjectTagging - s3:GetBucketLocation - s3:GetAccessPointForObjectLambda - s3:GetBucketRequestPayment - s3:GetObjectVersionTorrent - s3:GetBucketAcl - s3:GetBucketPublicAccessBlock - s3:GetAnalyticsConfiguration - s3:GetAccessPointPolicy - s3:GetObjectLegalHold - s3:GetAccelerateConfiguration - s3:GetBucketOwnershipControls - s3:GetBucketPolicyStatus - s3:GetObjectVersionAcl - s3:GetBucketLogging - s3:GetBucketPolicy - s3:GetAccessPointPolicyForObjectLambda - s3:GetBucketWebsite - s3:GetObjectAcl - s3:GetObjectRetention - s3:GetJobTagging - s3:GetMetricsConfiguration - s3:GetStorageLensConfiguration - s3:GetBucketNotification - s3:GetBucketTagging - s3:GetEncryptionConfiguration - s3:GetAccessPointPolicyStatusForObjectLambda - s3:GetObjectTorrent - s3:GetAccountPublicAccessBlock - s3:GetBucketObjectLockConfiguration - s3:GetIntelligentTieringConfiguration - s3:GetObjectVersionForReplication - s3:GetBucketVersioning - s3:GetInventoryConfiguration - s3:GetObjectVersion - s3:GetBucketCORS - s3:GetAccessPointConfigurationForObjectLambda - s3:GetObjectVersionTagging - s3:GetLifecycleConfiguratio - s3:GetStorageLensConfigurationTagging - s3:listmultipartuploadparts - s3:listbucketmultipartuploads - s3:listjobs - s3:listallmybuckets - s3:listbucket - s3:listaccesspoints - s3:listaccesspointsforobjectlambda - s3:liststoragelensconfigurations - s3:listbucketversions - s3:PutObject Effect: Allow Resource: - !Join - '' - - 'arn:' - !Ref 'AWS::Partition' - :s3:::elasticbeanstalk-*- - !Ref 'AWS::AccountId' - !Join - '' - - 'arn:' - !Ref 'AWS::Partition' - :s3:::elasticbeanstalk-*- - !Ref 'AWS::AccountId' - /* - !Join - '' - - 'arn:' - !Ref 'AWS::Partition' - :s3:::elasticbeanstalk-*- - !Ref 'AWS::AccountId' - -* - !Join - '' - - 'arn:' - !Ref 'AWS::Partition' - :s3:::elasticbeanstalk-*- - !Ref 'AWS::AccountId' - -*/* Sid: BucketAccess - Action: - cloudwatch:PutMetricData Effect: Allow Resource: '*' Sid: MetricsAccess - Action: - logs:PutLogEvents - logs:CreateLogStream - logs:DescribeLogStreams - logs:DescribeLogGroups Effect: Allow Resource: - !Sub 'arn:${AWS::Partition}:logs:*:*:log-group:/aws/elasticbeanstalk*' Sid: CloudWatchLogsAccess Version: '2012-10-17' PolicyName: root Type: AWS::IAM::Role BeanstalkServiceRole: Metadata: cfn-lint: config: ignore_checks: - EIAMPolicyWildcardResource ignore_reasons: EIAMPolicyWildcardResource: Done by Design Condition: CreateNewBeanstalkEnv Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Condition: StringEquals: sts:ExternalId: elasticbeanstalk Effect: Allow Principal: Service: elasticbeanstalk.amazonaws.com Sid: '' Version: '2012-10-17' Path: / Policies: - PolicyDocument: Statement: - Action: - elasticloadbalancing:DescribeInstanceHealth - ec2:DescribeInstances - ec2:DescribeInstanceStatus - ec2:GetConsoleOutput - ec2:AssociateAddress - ec2:DescribeAddresses - ec2:DescribeSecurityGroups - sqs:GetQueueAttributes - sqs:GetQueueUrl - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeAutoScalingInstances - autoscaling:DescribeScalingActivities - autoscaling:DescribeNotificationConfigurations Effect: Allow Resource: - '*' Version: '2012-10-17' PolicyName: root Type: AWS::IAM::Role Outputs: BeanstalkEnvironment: Value: !If - CreateNewBeanstalkEnv - !Ref 'BeanstalkEnvironment' - '' BeanstalkEnvEndPointUrl: Description: New Beanstalk Environment Endpoint URL Value: !If - CreateNewBeanstalkEnv - !GetAtt 'BeanstalkEnvironment.EndpointURL' - ''