---
AWSTemplateFormatVersion: 2010-09-09
Description: Launches a Titian Mosaic application server and database. (qs-1pjap3ssl)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Titian configuration
Parameters:
- pDNSName
- Label:
default: Network configuration
Parameters:
- pVpcId
- pDmzSubnetA
- pDmzSubnetB
- pAppSubnetA
- pAppSubnetB
- pDBSubnetA
- pDBSubnetB
- pDnsHostedZoneID
- pDnsHostedZoneApexDomain
- pLoadBalancerType
- pSecurityGroupForWebAccess
- pWebAccessCIDR
- Label:
default: Amazon EC2 configuration
Parameters:
- pEC2KeyPair
- pAppServerInstanceType
- Label:
default: Amazon RDS configuration
Parameters:
- pDBName
- pDBTimezone
- pDBUsername
- pDBPassword
- pDBInstanceType
- pDBAllocatedStorage
- pDBEngine
- pDBEngineLicenseModel
- pDBMultiAZ
ParameterLabels:
pAppServerInstanceType:
default: App server instance type
pAppSubnetA:
default: Application subnet A
pAppSubnetB:
default: Application subnet B
pDBAllocatedStorage:
default: Database storage capacity
pDBEngine:
default: Database engine
pDBEngineLicenseModel:
default: Database license model
pDBInstanceType:
default: Database instance type
pDBMultiAZ:
default: Multi-AZ Amazon RDS
pDBTimezone:
default: Database time zone
pDBName:
default: Database name
pDBPassword:
default: Database password
pDBSubnetA:
default: Database subnet A
pDBSubnetB:
default: Database subnet B
pDBUsername:
default: Database user/owner
pDmzSubnetA:
default: DMZ subnet A
pDmzSubnetB:
default: DMZ subnet B
pDnsHostedZoneApexDomain:
default: Internal DNS apex domain
pDnsHostedZoneID:
default: Internal DNS hosted zone ID
pDNSName:
default: Mosaic server DNS name
pEC2KeyPair:
default: Key pair for mosaic server
pLoadBalancerType:
default: Load Balancer Type
pSecurityGroupForWebAccess:
default: Web access security group
pVpcId:
default: VPC for deployment
pWebAccessCIDR:
default: Web access CIDR (no SG)
Parameters:
pDBTimezone:
Description: The time zone to set the Mosaic FreezerManagement database to.
Type: String
AllowedValues:
- Africa/Cairo
- Africa/Casablanca
- Africa/Harare
- Africa/Lagos
- Africa/Luanda
- Africa/Monrovia
- Africa/Nairobi
- Africa/Tripoli
- Africa/Windhoek
- America/Araguaina
- America/Argentina/Buenos_Aires
- America/Asuncion
- America/Bogota
- America/Caracas
- America/Chicago
- America/Chihuahua
- America/Cuiaba
- America/Denver
- America/Detroit
- America/Fortaleza
- America/Godthab
- America/Guatemala
- America/Halifax
- America/Lima
- America/Los_Angeles
- America/Manaus
- America/Matamoros
- America/Mexico_City
- America/Monterrey
- America/Montevideo
- America/New_York
- America/Phoenix
- America/Santiago
- America/Sao_Paulo
- America/Tijuana
- America/Toronto
- Asia/Amman
- Asia/Ashgabat
- Asia/Baghdad
- Asia/Baku
- Asia/Bangkok
- Asia/Beirut
- Asia/Calcutta
- Asia/Damascus
- Asia/Dhaka
- Asia/Hong_Kong
- Asia/Irkutsk
- Asia/Jakarta
- Asia/Jerusalem
- Asia/Kabul
- Asia/Karachi
- Asia/Kathmandu
- Asia/Kolkata
- Asia/Krasnoyarsk
- Asia/Magadan
- Asia/Manila
- Asia/Muscat
- Asia/Novosibirsk
- Asia/Rangoon
- Asia/Riyadh
- Asia/Seoul
- Asia/Shanghai
- Asia/Singapore
- Asia/Taipei
- Asia/Tehran
- Asia/Tokyo
- Asia/Ulaanbaatar
- Asia/Vladivostok
- Asia/Yakutsk
- Asia/Yerevan
- Atlantic/Azores
- Atlantic/Cape_Verde
- Australia/Adelaide
- Australia/Brisbane
- Australia/Darwin
- Australia/Eucla
- Australia/Hobart
- Australia/Lord_Howe
- Australia/Perth
- Australia/Sydney
- Brazil/DeNoronha
- Brazil/East
- Canada/Newfoundland
- Canada/Saskatchewan
- Europe/Amsterdam
- Europe/Athens
- Europe/Berlin
- Europe/Dublin
- Europe/Helsinki
- Europe/Kaliningrad
- Europe/London
- Europe/Madrid
- Europe/Moscow
- Europe/Paris
- Europe/Prague
- Europe/Rome
- Europe/Sarajevo
- Pacific/Apia
- Pacific/Auckland
- Pacific/Chatham
- Pacific/Fiji
- Pacific/Guam
- Pacific/Honolulu
- Pacific/Kiritimati
- Pacific/Marquesas
- Pacific/Samoa
- Pacific/Tongatapu
- Pacific/Wake
- US/Alaska
- US/Central
- US/East-Indiana
- US/Eastern
- US/Pacific
pAppServerInstanceType:
Description: Titian Mosaic app server EC2 instance type.
Type: String
Default: t2.large
AllowedValues:
- t2.medium
- t2.large
- t2.xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
pAppSubnetA:
Description: Production App Subnet A. Target subnet for the app server.
Type: AWS::EC2::Subnet::Id
pAppSubnetB:
Description: Production App Subnet B. Target subnet for the app server.
Type: AWS::EC2::Subnet::Id
pDBEngine:
Description: Amazon RDS Oracle Version. Recommend the default.
Type: String
Default: oracle-se2
AllowedValues:
- oracle-se2
- oracle-ee
pDBEngineLicenseModel:
Description: Oracle license model.
AllowedValues:
- license-included
- bring-your-own-license
Type: String
Default: license-included
pDBAllocatedStorage:
Description: Database total storage size in GB. Default is 50 GB.
Type: String
Default: 50
pDBInstanceType:
Description: Database instance class. Default is db.t3.large.
Type: String
Default: db.t3.large
AllowedValues:
- db.t3.medium
- db.t3.large
- db.t3.xlarge
- db.t3.2xlarge
- db.r4.large
- db.r4.xlarge
- db.r4.2xlarge
- db.m4.large
- db.m4.xlarge
- db.m4.2xlarge
pDBMultiAZ:
Description: Multi-AZ Amazon RDS configuration. true/false - default is false.
Type: String
AllowedValues:
- "true"
- "false"
Default: "false"
pDBName:
Description: Titian Mosaic database name
Type: String
MaxLength: 8
Default: mosaic
pDBPassword:
Description: Database user/owner password
Type: String
NoEcho: true
pDBSubnetA:
Description: Subnet ID for production DB subnet A.
Type: AWS::EC2::Subnet::Id
pDBSubnetB:
Description: Subnet ID for production DB subnet B.
Type: AWS::EC2::Subnet::Id
pDBUsername:
Description: Database user/owner
Type: String
Default: mosaicowner
pDmzSubnetA:
Description: Production DMZ subnet A. Target subnet for the app server.
Type: AWS::EC2::Subnet::Id
pDmzSubnetB:
Description: Production DMZ subnet B. Target subnet for the app server.
Type: AWS::EC2::Subnet::Id
pDnsHostedZoneApexDomain:
Description: (Optional) Internal DNS apex domain
Type: String
Default: ""
pDnsHostedZoneID:
Description: (Optional) Internal DNS hosted zone ID.
Type: String
Default: ""
pDNSName:
Description: The internal DNS CNAME to be used for the Mosaic server. Leave the default if you are unsure of what this does.
Type: String
Default: mosaic
pEC2KeyPair:
Description: Key name for app server.
Type: AWS::EC2::KeyPair::KeyName
pLoadBalancerType:
Default: internet-facing
Type: String
AllowedValues:
- internet-facing
- internal
pSecurityGroupForWebAccess:
Description: Security group for web access
Type: String
Default: ""
pVpcId:
Description: VPC ID
Type: AWS::EC2::VPC::Id
pWebAccessCIDR:
Description: Will only be used if web access security group is not specified. Enter 0.0.0.0/0 if you want to open it to the world.
Type: String
Default: "10.0.0.0/16"
Mappings:
AWSAMIRegionMap:
us-east-1:
mAppServerAMI: ami-0359f842ee5349d55
us-west-2:
mAppServerAMI: ami-0669355b1258963d1
eu-west-1:
mAppServerAMI: ami-04d2535efb54356e9
Conditions:
cDNSRecord: !Not [ !Or [ !Equals [!Ref pDnsHostedZoneID, ""] , !Equals [!Ref pDnsHostedZoneApexDomain, ""] ] ]
cWebAccessSG: !Not [ !Equals [ !Ref pSecurityGroupForWebAccess, "" ] ]
cNoWebAccessSG: !Equals [ !Ref pSecurityGroupForWebAccess, "" ]
Resources:
# If a hosted zone is specified, create a DNS Record
rDNSRecord:
Type: AWS::Route53::RecordSet
Condition: cDNSRecord
Properties:
HostedZoneId: !Ref pDnsHostedZoneID
Comment: Internal DNS CNAME for Titian Mosaic.
Name: !Sub ${pDNSName}.${pDnsHostedZoneApexDomain}
Type: CNAME
TTL: 60
ResourceRecords:
- !GetAtt rApplicationLoadBalancer.DNSName
rALBCertificate:
Type: "AWS::CertificateManager::Certificate"
Condition: cDNSRecord
Properties:
DomainName: !Sub ${pDNSName}.${pDnsHostedZoneApexDomain}
DomainValidationOptions:
- DomainName: !Sub ${pDNSName}.${pDnsHostedZoneApexDomain}
ValidationDomain: !Ref pDnsHostedZoneApexDomain
###
### Security Groups
###
rSecurityGroupAppServers:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow access to Titian Mosasic App Servers.
VpcId: !Ref pVpcId
Tags:
- Key: Name
Value: sg-titian-mosaic-appserver
rSecurityGroupAppServersIngressHttp:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref rSecurityGroupAppServers
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref rSecurityGroupAlbs
rSecurityGroupAppServersIngressHttps:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref rSecurityGroupAppServers
IpProtocol: tcp
FromPort: 443
ToPort: 443
SourceSecurityGroupId: !Ref rSecurityGroupAlbs
rSecurityGroupAlbWithSG:
Type: AWS::EC2::SecurityGroup
Condition: cWebAccessSG
Properties:
GroupDescription: Allow access to Titian Mosaic ALBs. Open to SG.
VpcId: !Ref pVpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref pSecurityGroupForWebAccess
- IpProtocol: tcp
FromPort: 443
ToPort: 443
SourceSecurityGroupId: !Ref pSecurityGroupForWebAccess
Tags:
- Key: Name
Value: sg-titian-mosaic-access-ports-to-alb-bysg
rSecurityGroupAlbNoSG:
Type: AWS::EC2::SecurityGroup
Condition: cNoWebAccessSG
Properties:
GroupDescription: Allow access to Titian Mosaic ALB. Open to CIDR.
VpcId: !Ref pVpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !Ref pWebAccessCIDR
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !Ref pWebAccessCIDR
Tags:
- Key: Name
Value: sg-titian-mosaic-access-ports-to-alb-bycidr
rSecurityGroupAlbs:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow access to Titian Mosaic ALBs.
VpcId: !Ref pVpcId
Tags:
- Key: Name
Value: sg-titian-mosaic-alb
rSecurityGroupDB:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow access to Titian Mosaic DB to Titian App Server or other integration points
VpcId: !Ref pVpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 1521
ToPort: 1521
SourceSecurityGroupId: !Ref rSecurityGroupAppServers
###
### Application Load Balancer
###
rApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: !Ref pLoadBalancerType
SecurityGroups:
- !Ref rSecurityGroupAlbs
- !If [ cWebAccessSG, !Ref rSecurityGroupAlbWithSG, !Ref rSecurityGroupAlbNoSG ]
Subnets:
- !Ref pDmzSubnetA
- !Ref pDmzSubnetB
Tags:
- Key: Name
Value: "Titian Mosiac ALB"
Type: application
rLoadBalancerListenerHTTP:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref rApplicationLoadBalancer
Port: 80
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref rLoadBalancerTargetGroupHTTP
rLoadBalancerListenerHTTPS:
Type: AWS::ElasticLoadBalancingV2::Listener
Condition: cDNSRecord
Properties:
Certificates:
- CertificateArn: !Ref rALBCertificate
LoadBalancerArn: !Ref rApplicationLoadBalancer
Port: 443
Protocol: HTTPS
DefaultActions:
- Type: forward
TargetGroupArn: !Ref rLoadBalancerTargetGroupHTTPS
rLoadBalancerTargetGroupHTTP:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref pVpcId
Port: 80
HealthCheckIntervalSeconds: 180
HealthCheckTimeoutSeconds: 30
HealthyThresholdCount: 2
HealthCheckPort: 80
UnhealthyThresholdCount: 10
Protocol: HTTP
Matcher:
HttpCode: '200,401,302'
rLoadBalancerTargetGroupHTTPS:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
VpcId: !Ref pVpcId
Port: 443
HealthCheckIntervalSeconds: 180
HealthCheckTimeoutSeconds: 30
HealthyThresholdCount: 2
HealthCheckPort: 443
UnhealthyThresholdCount: 10
Protocol: HTTPS
Matcher:
HttpCode: '200,401,302'
###
### Auto Scaling Group
###
rAutoScalingGroupApp:
Type: AWS::AutoScaling::AutoScalingGroup
DependsOn: rAutoScalingConfigApp
Properties:
AutoScalingGroupName: !Sub Titian-Mosaic-ASG-${AWS::StackName}
TargetGroupARNs:
- !Ref rLoadBalancerTargetGroupHTTPS
- !Ref rLoadBalancerTargetGroupHTTP
VPCZoneIdentifier:
- !Ref pAppSubnetA
- !Ref pAppSubnetB
LaunchConfigurationName: !Ref rAutoScalingConfigApp
MinSize: 1
MaxSize: 1
HealthCheckType: ELB
HealthCheckGracePeriod: 900
Tags:
- Key: Name
Value: "Titian Mosaic AppServer"
PropagateAtLaunch: true
rAutoScalingConfigApp:
Type: AWS::AutoScaling::LaunchConfiguration
DependsOn:
- rDBInstance
Properties:
ImageId: !FindInMap [ AWSAMIRegionMap, !Ref "AWS::Region", mAppServerAMI ]
InstanceType: !Ref pAppServerInstanceType
KeyName: !Ref pEC2KeyPair
SecurityGroups:
- !Ref rSecurityGroupAppServers
UserData:
Fn::Base64: !Sub |
mkdir c:\cfn\installer
mkdir c:\cfn\logs
Invoke-WebRequest -OutFile c:\cfn\installer\aws-cfn-bootstrap-win64-latest.msi https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-win64-latest.msi
msiexec.exe /i c:\cfn\installer\aws-cfn-bootstrap-win64-latest.msi /QN /L*V "C:\cfn\logs\cfn-bootstrap-install.log"
& "C:\\Program Files\\Titian Software\\Bootstrap\\Main\\bootstrap-mosaic.cmd" ${rDBInstance.Endpoint.Address} ${pDBName} ${pDBUsername} ${pDBPassword} ${pDNSName} Administrator
& "C:\\Program Files\\Amazon\\cfn-bootstrap\\cfn-signal.exe" -e $lastexitcode "${rAppServerInitWaitHandle}"
true
###
### Wait Handle
###
rAppServerInitWaitHandle:
Type: AWS::CloudFormation::WaitConditionHandle
Properties: {}
rAppServerInitWaitCondition:
Type: AWS::CloudFormation::WaitCondition
DependsOn: rAutoScalingGroupApp
Properties:
Handle: !Ref rAppServerInitWaitHandle
Timeout: '1800'
###
### RDS Instance
###
rDBOptionGroup:
Type: AWS::RDS::OptionGroup
Properties:
OptionGroupDescription : "Timezone option config for Titian database."
EngineName: !Ref pDBEngine
MajorEngineVersion: "19"
OptionConfigurations:
-
OptionName: Timezone
OptionSettings:
-
Name: TIME_ZONE
Value: !Ref pDBTimezone
rDBInstance:
Type: AWS::RDS::DBInstance
DependsOn: rSecurityGroupDB
Properties:
DBSubnetGroupName: !Ref rDBSubnetGroup
VPCSecurityGroups:
- !Ref rSecurityGroupDB
StorageType: gp2
MultiAZ: !Ref pDBMultiAZ
AllocatedStorage: !Ref pDBAllocatedStorage
DBInstanceIdentifier: "titian-mosaic-db"
PubliclyAccessible: false
OptionGroupName: !Ref rDBOptionGroup
DBName: !Ref pDBName
DBInstanceClass: !Ref pDBInstanceType
MasterUsername: !Ref pDBUsername
MasterUserPassword: !Ref pDBPassword
LicenseModel: !Ref pDBEngineLicenseModel
Engine: !Ref pDBEngine
Tags:
- Key: Name
Value: Titian Mosaic DB
rDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnet group for Titian DB instances
SubnetIds:
- !Ref pDBSubnetA
- !Ref pDBSubnetB
Tags:
- Key: Name
Value: Titian Mosaic DB Subnet Group
Outputs:
oLoadBalancerDNS:
Description: DNS of Load Balancer to access Titian Mosaic
Value: !GetAtt rApplicationLoadBalancer.DNSName
oInternalDNSUrl:
Condition: cDNSRecord
Description: URL to Load Balancer to access Titian Mosaic
Value: !Sub http://mosaic.${pDnsHostedZoneApexDomain}