--- AWSTemplateFormatVersion: "2010-09-09" Description: This template uses and existing VPC to deploy WordPress in a Serverless architecture. **WARNING** You will be billed for the AWS resources used if you create a stack from this template. (qs-1sn331dqf) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying into an existing VPC" Order: 1 LICENSE: Apache License Version 2.0 AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Basic configuration Parameters: - DBName - DBUsername - DBPassword - Label: default: DNS and SSL configuration Parameters: - UseSSL - DomainName - HostedZoneID - CertificateArn - Label: default: Network configuration Parameters: - VPCID - PrivateSubnet1AID - PrivateSubnet2AID - PrivateSubnet3AID - PublicSubnet1ID - PublicSubnet2ID - PublicSubnet3ID - Label: default: AWS WAF configuration Parameters: - ActivateSQLInjectionRule - ActivateWordPressRule - Label: default: Database configuration Parameters: - DBMaxCapacity - DBMinCapacity - DBBackupRetentionPeriod - DBPreferredBackupWindow - Label: default: Amazon ECS configuration Parameters: - ContainerImage - ContainerMemory - ContainerCpu - ContainerMaxCount - ContainerMinCount - ContainerDesiredCount - ALBAccessCIDR - Label: default: Amazon EFS configuration Parameters: - EFSPerformanceMode - EFSThroughputMode - EFSProvisionedThroughputInMibps - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion ParameterLabels: QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region DomainName: default: Domain Name UseSSL: default: Use SSL CertificateArn: default: SSL certificate ARN HostedZoneID: default: Route 53 Hosted Zone ID ALBAccessCIDR: default: ALB access CIDR ContainerCpu: default: Container CPU ContainerDesiredCount: default: Container desired count ContainerImage: default: Container image ContainerMaxCount: default: Container max count ContainerMemory: default: Container memory ContainerMinCount: default: Container min count DBBackupRetentionPeriod: default: Database backup retention period DBMaxCapacity: default: Database max capacity DBMinCapacity: default: Database min capacity DBName: default: Database name DBPreferredBackupWindow: default: Database preferred backup window DBUsername: default: Database username DBPassword: default: Database password EFSProvisionedThroughputInMibps: default: File system provisioned throughput EFSPerformanceMode: default: File system performance mode EFSThroughputMode: default: File system throughput mode PrivateSubnet1AID: default: Private subnet 1 ID PrivateSubnet2AID: default: Private subnet 2 ID PrivateSubnet3AID: default: Private subnet 3 ID PublicSubnet1ID: default: Public subnet 1 ID PublicSubnet2ID: default: Public subnet 2 ID PublicSubnet3ID: default: Public subnet 3 ID VPCID: default: VPC ID Parameters: QSS3BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: The Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html. Type: String QSS3KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). The prefix should end with a forward slash (/). Default: quickstart-sudo-consultants-serverless-wordpress/ Description: S3 key prefix that is used to simulate a folder for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html. Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.' Type: String EFSProvisionedThroughputInMibps: Type: Number Default: 0 Description: The throughput, measured in MiB/s, that you want to provision for the file system. Valid values are 1-1024. Required if ThroughputMode is set to provisioned. MinValue: 0 MaxValue: 1024 EFSPerformanceMode: Type: String Default: generalPurpose Description: The performance mode of the file system. AllowedValues: - generalPurpose - maxIO EFSThroughputMode: Type: String Default: bursting Description: Specifies the throughput mode for the file system, either bursting or provisioned. AllowedValues: - bursting - provisioned DBName: Type: String # Default: wordpressDB Description: The name of your database. If you don't provide a name, then Amazon RDS won't create a database in this DB cluster. AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' MaxLength: '64' MinLength: '5' DBUsername: NoEcho: 'true' Description: Username for MySQL database access Type: String MinLength: '1' MaxLength: '16' AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*' ConstraintDescription: Must begin with a letter and contain only alphanumeric characters. DBPassword: NoEcho: 'true' Description: Password for MySQL database access Type: String MinLength: '8' MaxLength: '41' AllowedPattern: '[a-zA-Z0-9]*' ConstraintDescription: Must contain only alphanumeric characters. DBBackupRetentionPeriod: Type: Number Default: '1' Description: The number of days for which automated backups are retained. ConstraintDescription: Database backup retention period must be 1–35 days. MaxValue: '35' MinValue: '1' DBMaxCapacity: Type: Number Default: '2' Description: The maximum capacity for an Aurora DB cluster in serverless DB engine mode. AllowedValues: ['1', '2', '4', '8', '16', '32', '64', '128', '256'] DBMinCapacity: Type: Number Default: '1' Description: The minimum capacity for an Aurora DB cluster in serverless DB engine mode. AllowedValues: ['1', '2', '4', '8', '16', '32', '64', '128', '256'] DBPreferredBackupWindow: Type: String Default: '' Description: (Optional) The daily time range during which automated backups are created. AllowedPattern: '^(|([0-1][0-9]|2[0-3]):[0-5][0-9]-([0-1][0-9]|2[0-3]):[0-5][0-9])$' ConstraintDescription: Preferred backup window must be left blank or in the form HH:MM-HH:MM. ContainerCpu: Type: String Default: '256' Description: The number of CPU units used by the task. AllowedValues: - '256' - '512' - '1024' - '2048' - '4096' ContainerMemory: Type: String Default: 0.5GB Description: The amount of memory used by the task (in GB). AllowedValues: - '0.5GB' - '1GB' - '2GB' - '3GB' - '4GB' - '5GB' - '6GB' - '7GB' - '8GB' - '16GB' - '30GB' # 512 (0.5 GB), 1024 (1 GB), 2048 (2 GB) - Available cpu values: 256 (.25 vCPU) # 1024 (1 GB), 2048 (2 GB), 3072 (3 GB), 4096 (4 GB) - Available cpu values: 512 (.5 vCPU) # 2048 (2 GB), 3072 (3 GB), 4096 (4 GB), 5120 (5 GB), 6144 (6 GB), 7168 (7 GB), 8192 (8 GB) - Available cpu values: 1024 (1 vCPU) # Between 4096 (4 GB) and 16384 (16 GB) in increments of 1024 (1 GB) - Available cpu values: 2048 (2 vCPU) # Between 8192 (8 GB) and 30720 (30 GB) in increments of 1024 (1 GB) - Available cpu values: 4096 (4 vCPU) ContainerDesiredCount: Type: Number Default: '1' Description: Desired number of WordPress containers. ContainerImage: Type: String Default: 'docker.io/wordpress:latest' Description: The image used to start a container. By default, the Quick Start uses the official WordPress Docker image. ContainerMaxCount: Type: Number Default: '3' Description: Maximum number of WordPress containers in the Auto Scaling group. ContainerMinCount: Type: Number Default: '1' Description: Minimum number of WordPress containers in the Auto Scaling group. DomainName: Description: >- (Optional) Domain name for the web site. It must be an existing, publicly resolvable domain. Type: String Default: '' ConstraintDescription: Must be a valid domain name. CertificateArn: Description: (Optional) The ARN of the SSL certificate to use for the Application Load Balancer. Type: String Default: '' HostedZoneID: Description: >- (Optional) Route 53 hosted zone ID of the domain name. You must also provide a value for the DomainName parameter. Leave blank to setup DNS manually without configuring Route 53. Type: String Default: '' MaxLength: '32' ActivateWordPressRule: Type: String Description: Activate AWS WAF rule that protects against common WordPress attacks. Default: 'true' AllowedValues: - 'true' - 'false' ActivateSQLInjectionRule: Type: String Description: Activate AWS WAF rule that protects against common SQL injection attacks. Default: 'true' AllowedValues: - 'true' - 'false' ALBAccessCIDR: Type: String Default: 0.0.0.0/0 Description: >- Allowed CIDR block for external web access to the Application Load Balancer, in the form x.x.x.x/x. AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x. UseSSL: Type: String Description: Use SSL to encrypt sensitive information sent across the internet. Default: 'false' AllowedValues: - 'true' - 'false' # Existing VPC parameters PrivateSubnet1AID: Type: AWS::EC2::Subnet::Id Description: ID of the private subnet 1A, located in Availability Zone 1. PrivateSubnet2AID: Type: AWS::EC2::Subnet::Id Description: ID of the private subnet 2A, located in Availability Zone 2. PrivateSubnet3AID: Type: String Default: "" Description: ID of the private subnet 3A, located in Availability Zone 3. PublicSubnet1ID: Type: AWS::EC2::Subnet::Id Description: ID of the public subnet 1, located in Availability Zone 1. PublicSubnet2ID: Type: AWS::EC2::Subnet::Id Description: ID of the public subnet 2, located in Availability Zone 2. PublicSubnet3ID: Type: String Default: "" Description: ID of the public subnet 3, located in Availability Zone 3. VPCID: Type: AWS::EC2::VPC::Id Description: VPC ID Rules: ProvisionedThroughput: RuleCondition: !Equals - !Ref EFSThroughputMode - provisioned Assertions: - Assert: !Not - !Equals - '0' - !Ref EFSProvisionedThroughputInMibps AssertDescription: >- EfsProvisionedThroughputInMibps must be greater than 0 when ThroughputMode is provisioned BurstingThroughput: RuleCondition: !Equals - !Ref EFSThroughputMode - bursting Assertions: - Assert: !Equals - '0' - !Ref EFSProvisionedThroughputInMibps AssertDescription: >- EfsProvisionedThroughputInMibps must be 0 when ThroughputMode is bursting CorrectCpuMemConfigRule: Assertions: - Assert: !Or - !And - !Equals - '256' - !Ref ContainerCpu - !Contains - ['0.5GB', '1GB', '2GB'] - !Ref ContainerMemory - !And - !Equals - '512' - !Ref ContainerCpu - !Contains - ['1GB', '2GB', '3GB', '4GB'] - !Ref ContainerMemory - !And - !Equals - '1024' - !Ref ContainerCpu - !Contains - ['2GB','3GB', '4GB', '5GB', '6GB', '7GB', '8GB'] - !Ref ContainerMemory - !And - !Equals - '2048' - !Ref ContainerCpu - !Contains - ['4GB', '5GB', '6GB', '7GB', '8GB', '12GB', '16GB'] - !Ref ContainerMemory - !And - !Equals - '4096' - !Ref ContainerCpu - !Contains - ['8GB', '12GB', '16GB', '30GB'] - !Ref ContainerMemory AssertDescription: Please choose a compatible CPU and memory configuration CertificateArnOrDomainNameIsPresentIfUseSSL: # Checked post 'Create stack' RuleCondition: !Equals - !Ref UseSSL - 'true' Assertions: - Assert: !Or - !Not [!Equals [!Ref CertificateArn, '']] - !Not [!Equals [!Ref DomainName, '']] AssertDescription: Please specify a 'Certificate ARN' or 'Domain Name' if you specify 'Use SSL' DomainNameIsPresentIfHostedZoneIDRule: # Checked post 'Create stack' Assertions: - Assert: !Or - !Equals [!Ref HostedZoneID, ''] - !Not [!Equals [!Ref DomainName, '']] AssertDescription: Please specify a 'Domain Name' if you specify 'Route 53 HostedZone ID' Conditions: 3AZDeployment: !And - !Not [!Equals [!Ref PrivateSubnet3AID, ""]] - !Not [!Equals [!Ref PublicSubnet3ID, ""]] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] UseSSL: !Equals [!Ref UseSSL, 'true'] GenerateSSLCertificate: !And - !Equals [!Ref CertificateArn, ''] - Condition: UseSSL - !Not [!Equals [!Ref DomainName, '']] AddDNSRecord: !And - !Not - !Equals - !Ref DomainName - '' - !Not - !Equals - !Ref HostedZoneID - '' Resources: ConfigureSSLStack: Condition: GenerateSSLCertificate Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-acm-certificate/templates/quickstart-aws-acm-certificate.template.yml - S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: QSS3BucketName: !Ref QSS3BucketName QSS3BucketRegion: !Ref QSS3BucketRegion QSS3KeyPrefix: !Sub '${QSS3KeyPrefix}submodules/quickstart-aws-acm-certificate/' DomainName: !Ref DomainName HostedZoneID: !Ref HostedZoneID WordPressStack: Type: 'AWS::CloudFormation::Stack' Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/wordpress.template.yaml - S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref QSS3BucketRegion S3Bucket: !If - UsingDefaultBucket - !Sub '${QSS3BucketName}-${AWS::Region}' - !Ref QSS3BucketName Parameters: QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix QSS3BucketRegion: !Ref QSS3BucketRegion ALBAccessCIDR: !Ref ALBAccessCIDR ContainerCpu: !Ref ContainerCpu ContainerImage: !Ref ContainerImage ContainerDesiredCount: !Ref ContainerDesiredCount ContainerMaxCount: !Ref ContainerMaxCount ContainerMinCount: !Ref ContainerMinCount ContainerMemory: !Ref ContainerMemory DBBackupRetentionPeriod: !Ref DBBackupRetentionPeriod DBMaxCapacity: !Ref DBMaxCapacity DBMinCapacity: !Ref DBMinCapacity DBName: !Ref DBName DBPreferredBackupWindow: !Ref DBPreferredBackupWindow DBUsername: !Ref DBUsername DBPassword: !Ref DBPassword EFSProvisionedThroughputInMibps: !Ref EFSProvisionedThroughputInMibps EFSPerformanceMode: !Ref EFSPerformanceMode EFSThroughputMode: !Ref EFSThroughputMode ActivateWordPressRule: !Ref ActivateWordPressRule ActivateSQLInjectionRule: !Ref ActivateSQLInjectionRule DomainName: !Ref DomainName CertificateArn: !If - UseSSL - !If - GenerateSSLCertificate - !GetAtt ConfigureSSLStack.Outputs.ACMCertificate - !Ref CertificateArn - !Ref 'AWS::NoValue' HostedZoneID: !Ref HostedZoneID PrivateSubnet1AID: !Ref PrivateSubnet1AID PrivateSubnet2AID: !Ref PrivateSubnet2AID PrivateSubnet3AID: !If [3AZDeployment, !Ref PrivateSubnet3AID, ''] PublicSubnet1ID: !Ref PublicSubnet1ID PublicSubnet2ID: !Ref PublicSubnet2ID PublicSubnet3ID: !If [3AZDeployment, !Ref PublicSubnet3ID, ''] VPCID: !Ref VPCID Outputs: ApplicationURL: Condition: AddDNSRecord Description: The URL of the application. Value: !GetAtt WordPressStack.Outputs.ApplicationURL ApplicationLoadBalancerDNSName: Description: The URL of the Application Load Balancer. Point your domain to it using a CNAME or alias record. Value: !GetAtt WordPressStack.Outputs.ApplicationLoadBalancerDNSName Postdeployment: Description: See the deployment guide for postdeployment steps. Value: https://fwd.aws/JeM3V?