AWSTemplateFormatVersion: '2010-09-09'
Description: This Cloudformation template shows you how to use Cloudformation to deploy
WordPress using Helm charts. You will be deploying this into the "Amazon EKS QuickStart"
which is a qre-requist. "https://docs.aws.amazon.com/quickstart/latest/amazon-eks-architecture/welcome.html" **WARNING** You will be billed for the AWS resources used if you create a stack from this template.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Wordpress
Parameters:
- wordpressUsername
- wordpressPassword
- Label:
default: Kube Cluster
Parameters:
- EKSClusterName
- Namespace
- Name
- Label:
default: MariaDB (RDS)
Parameters:
- DBMasterUsername
- DBMasterUserPassword
- DBName
- Subnet1ID
- Subnet2ID
- VPCID
- NodeGroupSecurityGroupId
- BastionSecurityGroupId
ParameterLabels:
wordpressUsername:
default: Wordpress Username
wordpressPassword:
default: Wordpress Password
EKSClusterName:
default: EKS Kube Cluster Name
Namespace:
default: Kube Namespace for this function
Name:
default: Kube Name for this function
DBMasterUsername:
default: MariaDB Master User Name
DBMasterUserPassword:
default: MariaDB Master User Password
DBName:
default: MariaDB Database Name
Subnet1ID:
default: Private Subnet One
Subnet2ID:
default: Private Subnet Two
VPCID:
default: EKS Stack VPC ID
NodeGroupSecurityGroupId:
default: Node SecurityGroup ID
BastionSecurityGroupId:
default: Bastion SecurityGroup ID
Parameters:
wordpressUsername:
AllowedPattern: ^[a-z][a-z0-9_]*$
ConstraintDescription: User name parameter must be lowercase, begin with a letter,
contain only alphanumeric characters or underscores, and be less than 60 characters.
Default: admin
Description: 'The user name that is associated with the master user account for
Wordpress. The user name must contain fewer than 60 alphanumeric
characters or underscores, and must be lowercase and begin with a letter. '
MaxLength: '60'
MinLength: '1'
Type: String
wordpressPassword:
Description: 'The password that is associated with the master user account for
Wordpress. The password must contain 8 to 64 printable ASCII
characters, excluding: /, ", \'', \ and @. It must contain one uppercase letter,
one lowercase letter, and one number.'
MaxLength: '64'
NoEcho: 'true'
Type: String
EKSClusterName:
Description: 'Use the "EKSClusterName" from the EKSStack outputs section in CloudFormation.'
Type: String
Namespace:
Description: 'Modify to use a custom Namespace. The Namespace up to 63 characters
long. The characters allowed in names are: digits (0-9), lower case letters (a-z),
and underscore(s)(cannot start or end with)'
Type: String
Default: "example-helm-rds"
Name:
Description: 'Modify to use a custom Names. The Names up to 253 characters
long. The characters allowed in names are: digits (0-9), lower case letters (a-z), -,
and ..'
Type: String
Default: "myrelease-rds"
DBMasterUsername:
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
Default: mariadb
Description: "The database admin account username"
MaxLength: '16'
MinLength: '1'
NoEcho: 'true'
Type: String
DBMasterUserPassword:
AllowedPattern: '(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*'
ConstraintDescription: "Min 8 chars. Must include 1 uppercase, 1 lowercase, 1 number, 1 (non / @ \" ') symbol"
Description: "Password for the master ('mariadb') account. Password must meeting the following: Min 8 chars. Must include 1 uppercase, 1 lowercase, 1 number, 1 (non / @ \" ') symbol."
MinLength: 8
MaxLength: 128
NoEcho: true
Type: String
DBName:
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters. Cannot be longer than 64 charcters.
Default: wordpress
Description: "The database name to create."
MaxLength: '64'
MinLength: '1'
Type: String
Subnet1ID:
Description: 'Get Private Subnet 1 ID from the VPCStack outputs section in CloudFormation.'
Type: AWS::EC2::Subnet::Id
Subnet2ID:
Description: 'Get Private Subnet 2 ID from the VPCStack outputs section in CloudFormation.'
Type: AWS::EC2::Subnet::Id
NodeGroupSecurityGroupId:
Description: 'Get NodeGroupSecurityGroupId from the EKSStack outputs section in CloudFormation.'
Type: String
BastionSecurityGroupId:
Description: 'Get BastionSecurityGroupId from the EKSStack outputs section in CloudFormation.'
Type: String
VPCID:
Type: AWS::EC2::VPC::Id
Description: 'Get VCP ID from the VPCStack outputs section in CloudFormation.'
Resources:
DBEC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Open database for access
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref NodeGroupSecurityGroupId
Description: "This rule is needed to allow RDS from the Node Instances."
DBInboundRule:
Type: "AWS::EC2::SecurityGroupIngress"
Properties:
Description: "This rule is needed to allow RDS from the Bastion Instance."
GroupId: !GetAtt DBEC2SecurityGroup.GroupId
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref BastionSecurityGroupId
DBSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "Subnets available for the MariaDB database instance"
SubnetIds:
- !Ref Subnet1ID
- !Ref Subnet2ID
WPDB:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: '10'
AutoMinorVersionUpgrade: true
BackupRetentionPeriod: 7
DBInstanceClass: db.m5.large
# In the next line of code the '-DB' delimeter is used to get the root stack name for database identifier
# 'AWS::StackName' produces MASTER_STACK_NAME-DB (as DB is the name of the nested stack resource).
DBInstanceIdentifier: !Sub ["${RootStack}-db", RootStack: !Select [0, !Split ['-DB', !Ref 'AWS::StackName']]]
DBSubnetGroupName: !Ref DBSubnetGroup
Engine: mariadb
EngineVersion: '10.3'
MasterUsername: !Ref DBMasterUsername
MasterUserPassword: !Ref DBMasterUserPassword
MultiAZ: false
StorageEncrypted: true
StorageType: gp2
DBName: !Ref DBName
Tags:
- Key: Name
Value: !Sub ["${StackName} Confluence MariaDB Database", StackName: !Ref 'AWS::StackName']
VPCSecurityGroups:
- !GetAtt DBEC2SecurityGroup.GroupId
HelmExample:
Type: "AWSQS::Kubernetes::Helm"
Properties:
ClusterID: !Ref EKSClusterName
Namespace: !Ref Namespace
Chart: stable/wordpress
Name: !Ref Name
Values:
wordpressUsername: !Ref wordpressUsername
wordpressPassword: !Ref wordpressPassword
mariadb.enabled: false
externalDatabase.host: !GetAtt WPDB.Endpoint.Address
externalDatabase.user: !Ref DBMasterUsername
externalDatabase.password: !Ref DBMasterUserPassword
externalDatabase.database: !Ref DBName
externalDatabase.port: 3306
WPElbHostName:
DependsOn: HelmExample
Type: "Custom::KubeGet"
Version: '1.0'
Properties:
ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeGet-${EKSClusterName}"
ClusterName: !Ref EKSClusterName
Namespace: !Ref Namespace
Name: !Sub 'service/${Name}-wordpress'
JsonPath: '{.status.loadBalancer.ingress[0].hostname}'
Outputs:
WPElbHostName:
Value: !Ref WPElbHostName
RDSDBEndpoint:
Value: !GetAtt WPDB.Endpoint.Address