AWSTemplateFormatVersion: 2010-09-09 Description: >- OpenEdge Database infrastructure with Replication Set (qs-1rus69tf0) Metadata: cfn-lint: config: ignore_checks: - W9002 - W9003 - W9006 Parameters: DeployBucket: Description: S3 bucket containing deployment packages. Type: String MinLength: 1 DeployBucketRegion: Description: Region in which the deployment packages are stored. Type: String MinLength: 1 Default: us-east-1 DBDeployPackage: Description: URL to package to deploy databases into database EC2 instances Type: String InstanceType: Description: EC2 instance type Type: String Default: t3.large AllowedValues: - t3.large - t3.xlarge - t3.2xlarge - t3a.large - t3a.xlarge - t3a.2xlarge - m6i.large - m6i.xlarge - m6i.2xlarge - m6i.4xlarge - m6i.8xlarge - m6i.12xlarge - m6i.16xlarge - m6i.24xlarge - m6i.32xlarge - m6id.large - m6id.xlarge - m6id.2xlarge - m6id.4xlarge - m6id.8xlarge - m6id.12xlarge - m6id.16xlarge - m6id.24xlarge - m6id.32xlarge - m6in.large - m6in.xlarge - m6in.2xlarge - m6in.4xlarge - m6in.8xlarge - m6in.12xlarge - m6in.16xlarge - m6in.24xlarge - m6in.32xlarge - m6idn.large - m6idn.xlarge - m6idn.2xlarge - m6idn.4xlarge - m6idn.8xlarge - m6idn.12xlarge - m6idn.16xlarge - m6idn.24xlarge - m6idn.32xlarge - m6a.large - m6a.xlarge - m6a.2xlarge - m6a.4xlarge - m6a.8xlarge - m6a.12xlarge - m6a.16xlarge - m6a.24xlarge - m6a.32xlarge - m6a.48xlarge - c6i.xlarge - c6i.2xlarge - c6i.4xlarge - c6i.8xlarge - c6i.12xlarge - c6i.16xlarge - c6i.24xlarge - c6i.32xlarge - c6id.xlarge - c6id.2xlarge - c6id.4xlarge - c6id.8xlarge - c6id.12xlarge - c6id.16xlarge - c6id.24xlarge - c6id.32xlarge - c6in.xlarge - c6in.2xlarge - c6in.4xlarge - c6in.8xlarge - c6in.12xlarge - c6in.16xlarge - c6in.24xlarge - c6in.32xlarge - c6a.xlarge - c6a.2xlarge - c6a.4xlarge - c6a.8xlarge - c6a.12xlarge - c6a.16xlarge - c6a.24xlarge - c6a.32xlarge - c6a.48xlarge - r6i.large - r6i.xlarge - r6i.2xlarge - r6i.4xlarge - r6i.8xlarge - r6i.12xlarge - r6i.16xlarge - r6i.24xlarge - r6i.32xlarge - r6id.large - r6id.xlarge - r6id.2xlarge - r6id.4xlarge - r6id.8xlarge - r6id.12xlarge - r6id.16xlarge - r6id.24xlarge - r6id.32xlarge - r6in.large - r6in.xlarge - r6in.2xlarge - r6in.4xlarge - r6in.8xlarge - r6in.12xlarge - r6in.16xlarge - r6in.24xlarge - r6in.32xlarge - r6idn.large - r6idn.xlarge - r6idn.2xlarge - r6idn.4xlarge - r6idn.8xlarge - r6idn.12xlarge - r6idn.16xlarge - r6idn.24xlarge - r6idn.32xlarge - r6a.large - r6a.xlarge - r6a.2xlarge - r6a.4xlarge - r6a.8xlarge - r6a.12xlarge - r6a.16xlarge - r6a.24xlarge - r6a.32xlarge - r6a.48xlarge ConstraintDescription: must be a valid EC2 instance type. EmailAddress: Description: Email Address for notification Type: String AllowedPattern: >- ([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) ConstraintDescription: Must be a valid email id. KeyPairName: Type: "AWS::EC2::KeyPair::KeyName" Description: Name of an existing EC2 KeyPair. PrivateSubnet1ID: Description: Private Subnet Id 1 Type: "AWS::EC2::Subnet::Id" PrivateSubnet2ID: Description: Private Subnet Id 2 Type: "AWS::EC2::Subnet::Id" VPCID: Description: "ID of the VPC (e.g., vpc-0343606e)" Type: "AWS::EC2::VPC::Id" PortNumber: Description: Port number to use to connect to the database broker process Type: Number MinPort: Description: Use Minimum Dynamic Server (-minport) number to specify the lowest port number in a specified range of port numbers accessible to a client. Type: Number Default: 1025 MaxPort: Description: Use Maximum Dynamic Server (-minport) number to specify the highest port number in a specified range of port numbers accessible to a client. Type: Number Default: 2000 Mappings: AWSAMIRegionMap: AMI: OEDBAMZNLINUX2: Amazon Linux 2 AMI with OpenEdge Database af-south-1: OEDBAMZNLINUX2: ami-02b75f15c4cef540b ap-east-1: OEDBAMZNLINUX2: ami-0e7f1dfd20e0231c3 ap-northeast-1: OEDBAMZNLINUX2: ami-085a33252f1fee74e ap-northeast-2: OEDBAMZNLINUX2: ami-063b65912dda0e599 ap-south-1: OEDBAMZNLINUX2: ami-0bcf9f77667f96966 ap-southeast-1: OEDBAMZNLINUX2: ami-07f9924758aab9a9f ap-southeast-2: OEDBAMZNLINUX2: ami-0193dcf39b9412dc0 ca-central-1: OEDBAMZNLINUX2: ami-0931351a82f0fafcf eu-central-1: OEDBAMZNLINUX2: ami-0f57299ef84865a60 eu-north-1: OEDBAMZNLINUX2: ami-0eb6d8e034c3b26c9 eu-south-1: OEDBAMZNLINUX2: ami-005303d2d2ca3b842 eu-west-1: OEDBAMZNLINUX2: ami-064aba9f09a2f0773 eu-west-2: OEDBAMZNLINUX2: ami-09c70c861bd6b80b0 eu-west-3: OEDBAMZNLINUX2: ami-0e4dfcd87921f1198 sa-east-1: OEDBAMZNLINUX2: ami-0f1f1431655455b8d us-east-1: OEDBAMZNLINUX2: ami-079ae64665ebf4925 us-east-2: OEDBAMZNLINUX2: ami-01bb7ffe18ddf4fe3 us-west-1: OEDBAMZNLINUX2: ami-0bc216181300e667e us-west-2: OEDBAMZNLINUX2: ami-0c99cc3a6bede73e6 Resources: NotificationTopic: Type: "AWS::SNS::Topic" Properties: Subscription: - Endpoint: !Ref EmailAddress Protocol: email S3AccessRole: Type: "AWS::IAM::Role" Properties: Path: "/" AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - 'ec2.amazonaws.com' Action: sts:AssumeRole S3AccessRolePolicy: Type: "AWS::IAM::Policy" Properties: PolicyName: S3AccessRolePolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:Get* - s3:List* - s3:AbortMultipartUpload Resource: - !Sub "arn:${AWS::Partition}:s3:::${DeployBucket}/${DBDeployPackage}*" - !Sub "arn:${AWS::Partition}:s3:::${DeployBucket}" - !Sub "arn:${AWS::Partition}:s3:::${DeployBucket}/*" Roles: - Ref: S3AccessRole S3AccessProfile: Type: "AWS::IAM::InstanceProfile" Properties: Path: / Roles: - !Ref S3AccessRole TargetReplicaOne: Type: "AWS::EC2::Instance" Metadata: 'AWS::CloudFormation::Authentication': S3AccessCreds: type: S3 roleName: !Ref S3AccessRole Properties: IamInstanceProfile: !Ref S3AccessProfile ImageId: !FindInMap - AWSAMIRegionMap - !Ref 'AWS::Region' - OEDBAMZNLINUX2 InstanceType: !Ref InstanceType SubnetId: !Ref PrivateSubnet2ID SecurityGroupIds: - !Ref InstanceSecurityGroup Tags: - Key: Name Value: db1 KeyName: !Ref KeyPairName UserData: !Base64 'Fn::Sub': - > #!/bin/bash -x # Setup Databases mkdir -p /install aws configure set default.s3.signature_version s3v4 aws configure set default.region ${DeployRegion} aws s3 cp ${DeployPackage} /install/app.tar.gz OE_ENV=db1 export OE_ENV /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource SourceReplica --region ${AWS::Region} tar xCf /install /install/app.tar.gz /install/app/deploy.sh - DeployRegion: !Ref DeployBucketRegion DeployPackage: !Sub 's3://${DeployBucket}/${DBDeployPackage}' TargetReplicaTwo: Type: "AWS::EC2::Instance" Metadata: 'AWS::CloudFormation::Authentication': S3AccessCreds: type: S3 roleName: !Ref S3AccessRole Properties: IamInstanceProfile: !Ref S3AccessProfile ImageId: !FindInMap - AWSAMIRegionMap - !Ref 'AWS::Region' - OEDBAMZNLINUX2 InstanceType: !Ref InstanceType SubnetId: !Ref PrivateSubnet1ID SecurityGroupIds: - !Ref InstanceSecurityGroup Tags: - Key: Name Value: db2 KeyName: !Ref KeyPairName UserData: !Base64 'Fn::Sub': - > #!/bin/bash -x # Setup Databases mkdir -p /install aws configure set default.s3.signature_version s3v4 aws configure set default.region ${DeployRegion} aws s3 cp ${DeployPackage} /install/app.tar.gz OE_ENV=db2 export OE_ENV /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource SourceReplica --region ${AWS::Region} tar xCf /install /install/app.tar.gz /install/app/deploy.sh - DeployRegion: !Ref DeployBucketRegion DeployPackage: !Sub 's3://${DeployBucket}/${DBDeployPackage}' SourceReplica: Type: "AWS::EC2::Instance" Metadata: 'AWS::CloudFormation::Authentication': S3AccessCreds: type: S3 roleName: !Ref S3AccessRole Properties: IamInstanceProfile: !Ref S3AccessProfile ImageId: !FindInMap - AWSAMIRegionMap - !Ref 'AWS::Region' - OEDBAMZNLINUX2 InstanceType: !Ref InstanceType SubnetId: !Ref PrivateSubnet1ID SecurityGroupIds: - !Ref InstanceSecurityGroup Tags: - Key: Name Value: db0 KeyName: !Ref KeyPairName UserData: !Base64 'Fn::Sub': - > #!/bin/bash -x # Setup Databases aws configure set default.s3.signature_version s3v4 aws configure set default.region ${DeployRegion} mkdir -p /install aws s3 cp ${DeployPackage} /install/app.tar.gz export OE_ENV=db0 export DBHostName=`curl http://169.254.169.254/latest/meta-data/local-ipv4` export DBHostName1=${DBHostName1} export DBHostName2=${DBHostName2} /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource SourceReplica --region ${AWS::Region} tar xCf /install /install/app.tar.gz /install/app/deploy.sh - DeployRegion: !Ref DeployBucketRegion DeployPackage: !Sub 's3://${DeployBucket}/${DBDeployPackage}' DBHostName1: Fn::GetAtt: - TargetReplicaOne - PrivateIp DBHostName2: Fn::GetAtt: - TargetReplicaTwo - PrivateIp InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Metadata: cfn_nag: rules_to_suppress: - id: F1000 reason: "Standard Amazon practice" Properties: GroupDescription: Enable access to the Database Instance (SSH, DB) SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: !Ref MinPort ToPort: !Ref MaxPort CidrIp: '0.0.0.0/0' - IpProtocol: tcp FromPort: !Ref PortNumber ToPort: !Ref PortNumber CidrIp: '0.0.0.0/0' VpcId: !Ref VPCID Outputs: DBHostName: Description: Private IP Address of db0 instance Value: Fn::GetAtt: - SourceReplica - PrivateIp DBHostName1: Description: Private IP Address of db0 instance Value: Fn::GetAtt: - TargetReplicaOne - PrivateIp DBHostName2: Description: Private IP Address of db0 instance Value: Fn::GetAtt: - TargetReplicaTwo - PrivateIp