AWSTemplateFormatVersion: 2010-09-09 Description: 'HashiCorp Nomad + VPC Aug,28,2019 (qs-1nae6brn2)' Metadata: LintSpellExclude: - datacenter - xxxxxxxx SentenceCaseExclude: - Nomad - Consul QuickStartDocumentation: EntrypointName: "Launch into a new VPC" LICENSE: 'Apache License, Version 2.0' 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: "VPC network configuration" Parameters: - AvailabilityZones - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - Label: default: "Access configuration" Parameters: - AccessCIDR - KeyPairName - Label: default: "Consul cluster configuration" Parameters: - CreateConsulCluster - ConsulServerInstanceType - ConsulServerNodeCount - EnableConsulServiceMesh - Label: default: "Nomad cluster setup" Parameters: - NomadServerInstanceType - NomadServerNodeCount - NomadClientInstanceType - NomadClientNodeCount - Label: default: "DNS and SSL configuration" Parameters: - LoadBalancerFQDN - HostedZoneID - SSLCertificateArn - Label: default: "AWS Quick Start configuration" Parameters: - QSS3BucketName - QSS3KeyPrefix ParameterLabels: AccessCIDR: default: Permitted IP range AvailabilityZones: default: Availability Zones KeyPairName: default: Key name PrivateSubnet1CIDR: default: Private Subnet 1 CIDR PrivateSubnet2CIDR: default: Private Subnet 2 CIDR PrivateSubnet3CIDR: default: Private Subnet 3 CIDR PublicSubnet1CIDR: default: Public Subnet 1 CIDR PublicSubnet2CIDR: default: Public Subnet 2 CIDR PublicSubnet3CIDR: default: Public Subnet 3 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix VPCCIDR: default: VPC CIDR SSLCertificateArn: default: SSL certificate ARN HostedZoneID: default: Route 53 hosted zone ID LoadBalancerFQDN: default: Load balancer FQDN CreateConsulCluster: default: Create Consul cluster ConsulServerInstanceType: default: Consul server node instance type ConsulServerNodeCount: default: Number of Consul server nodes NomadServerInstanceType: default: Nomad server node instance type NomadServerNodeCount: default: Number of Nomad server nodes NomadClientInstanceType: default: Nomad client node instance type NomadClientNodeCount: default: Number of Nomad client nodes EnableConsulServiceMesh: default: Enable Consul service mesh Parameters: AvailabilityZones: Description: >- List of Availability Zones to use for the subnets in the VPC. Note: the logical order is preserved; three Availability ZonesAZs are used for this deployment. Type: 'List' AccessCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Description: >- The CIDR IP range that is permitted to access Nomad. Note: a value of 0.0.0.0/0 will allow access from ANY IP address. Type: String CreateConsulCluster: Description: Create a Consul cluster to support this Nomad cluster. Type: String Default: "true" AllowedValues: - "true" - "false" ConsulServerNodeCount: Type: String Description: The number of Consul server nodes that will be created. You can choose 1, 3, 5, or 7 nodes, leave empty for none. AllowedValues: - "" - "1" - "3" - "5" - "7" Default: "3" ConsulServerInstanceType: Type: String Description: The EC2 instance type for the Consul instances. AllowedValues: - t2.micro - t2.small - t2.medium - t2.large - t3.micro - t3.small - t3.medium - t3.large - m5.large - m5.xlarge - m5.2xlarge - m4.large - m4.xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge ConstraintDescription: Choose an instance type. Default: m5.large EnableConsulServiceMesh: Description: Enable Consul service mesh for the Nomad cluster. Type: String Default: "true" AllowedValues: - "true" - "false" NomadServerInstanceType: Type: String Default: m5.large Description: The EC2 instance type for the Nomad instances. AllowedValues: - t2.micro - t2.small - t2.medium - t2.large - t3.micro - t3.small - t3.medium - t3.large - m5.large - m5.xlarge - m4.xlarge - m4.large - m4.xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge ConstraintDescription: Choose an instance type. m3.medium or larger recommended. NomadServerNodeCount: Type: String Description: The number of Nomad server nodes that will be created. You can choose 3, 5, or 7 nodes. AllowedValues: - "1" - "3" - "5" - "7" Default: "3" NomadClientInstanceType: Type: String Default: m5.large Description: The EC2 instance type for the Nomad instances. AllowedValues: - t2.micro - t2.small - t2.medium - t2.large - t3.micro - t3.small - t3.medium - t3.large - m5.large - m5.xlarge - m4.xlarge - m4.large - m4.xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge ConstraintDescription: Choose an instance type. m3.medium or larger recommended. NomadClientNodeCount: Type: String Description: The number of Nomad client nodes that will be created. Default: "3" KeyPairName: Description: >- Public/private key pairs allow you to securely connect to your instance after it launches. Type: 'AWS::EC2::KeyPair::KeyName' #MinLength: 1 PrivateSubnet1CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.0.0/19 Description: CIDR block for private subnet 1 located in Availability Zone 1. Type: String PrivateSubnet2CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.32.0/19 Description: CIDR block for private subnet 2 located in Availability Zone 2. Type: String PrivateSubnet3CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.64.0/19 Description: CIDR block for private subnet 3 located in Availability Zone 3. Type: String PublicSubnet1CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.128.0/20 Description: CIDR block for the public DMZ subnet 1 located in Availability Zone 1. Type: String PublicSubnet2CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.144.0/20 Description: CIDR block for the public DMZ subnet 2 located in Availability Zone 2. Type: String PublicSubnet3CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.160.0/20 Description: CIDR block for the public DMZ subnet 3 located in Availability Zone 3. Type: String QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: >- S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: >- Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-hashicorp-nomad/ Description: >- S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String VPCCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ Default: 10.0.0.0/16 Description: CIDR block for the VPC. Type: String SSLCertificateArn: Description: The Amazon resource name (ARN) of the SSL certificate to use for the load balancer. Use 'SSLCertificateArn' if you are not using 'LoadBalancerFQDN' and 'HostedZoneID'. Type: String Default: '' HostedZoneID: Description: Route 53 Hosted Zone ID of the domain name. Used in conjunction with 'LoadBalancerFQDN'. Type: String MaxLength: 32 Default: '' LoadBalancerFQDN: Description: The fully qualified domain name for the load balancer. Use with 'HostedZoneID' if you are NOT using SSL. Type: String Default: '' Conditions: # GovCloudCondition: !Equals [!Ref AWS::Region, "us-gov-west-1" ] SetupRoute53: !And - !Not [!Equals [!Ref HostedZoneID, '']] - !Not [!Equals [!Ref 'LoadBalancerFQDN', '']] DeployConsul: !Equals [!Ref 'CreateConsulCluster', 'true'] Resources: VPCStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub >- https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml Parameters: AvailabilityZones: !Join [",", !Ref AvailabilityZones ] NumberOfAZs: '3' PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PrivateSubnet3ACIDR: !Ref PrivateSubnet3CIDR PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR PublicSubnet3CIDR: !Ref PublicSubnet3CIDR VPCCIDR: !Ref VPCCIDR BastionStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub >- https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-linux-bastion/templates/linux-bastion.template Parameters: BastionAMIOS: Ubuntu-Server-20.04-LTS-HVM BastionInstanceType: 't3.medium' KeyPairName: !Ref KeyPairName PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-linux-bastion/' RemoteAccessCIDR: !Ref AccessCIDR VPCID: !GetAtt VPCStack.Outputs.VPCID HashiCorpNomadClusterStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub >- https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/quickstart-hashicorp-nomad-cluster.template.yaml Parameters: BastionSecurityGroupID: !GetAtt BastionStack.Outputs.BastionSecurityGroupID PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2ID: !GetAtt VPCStack.Outputs.PrivateSubnet2AID PrivateSubnet3ID: !GetAtt VPCStack.Outputs.PrivateSubnet3AID PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !GetAtt VPCStack.Outputs.PublicSubnet2ID PublicSubnet3ID: !GetAtt VPCStack.Outputs.PublicSubnet3ID VPCID: !GetAtt VPCStack.Outputs.VPCID VPCCIDR: !Ref VPCCIDR KeyPairName: !Ref KeyPairName CreateConsulCluster: !Ref CreateConsulCluster ConsulServerInstanceType: !Ref ConsulServerInstanceType ConsulServerNodeCount: !Ref ConsulServerNodeCount EnableConsulServiceMesh: !If [DeployConsul, !Ref EnableConsulServiceMesh, AWS::NoValue] NomadServerInstanceType: !Ref NomadServerInstanceType NomadServerNodeCount: !Ref NomadServerNodeCount NomadClientInstanceType: !Ref NomadClientInstanceType NomadClientNodeCount: !Ref NomadClientNodeCount QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix SSLCertificateArn: !Ref SSLCertificateArn HostedZoneID: !Ref HostedZoneID LoadBalancerFQDN: !Ref LoadBalancerFQDN Outputs: NomadServerALB: Description: The public URL of your Nomad Load Balancer. Create a CNAME record pointing at this Load Balancer. Value: !GetAtt HashiCorpNomadClusterStack.Outputs.NomadServerALB ConsulServerALB: Condition: DeployConsul Description: The public URL of your Consul Load Balancer. Create a CNAME record pointing at this Load Balancer. Value: !GetAtt HashiCorpNomadClusterStack.Outputs.ConsulServerALB NomadServerFQDN: Condition: SetupRoute53 Description: The public CNAME pointing to your Nomad Load Balancer. Value: !GetAtt HashiCorpNomadClusterStack.Outputs.NomadServerFQDN