-
Notifications
You must be signed in to change notification settings - Fork 2
/
services.yaml
277 lines (241 loc) · 9.13 KB
/
services.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
AWSTemplateFormatVersion: 2010-09-09
Description: Udacity DevOps engineer nanodegree project 2 ( Highly scalable website).
Services infrastructure
Create a Launch Configuration in order to deploy four servers, two located in each of
your private subnets. The launch configuration will be used by an auto-scaling group.
You'll need two vCPUs and at least 4GB of RAM. The Operating System to be used is
Ubuntu 18. So, choose an Instance size and Machine Image (AMI) that best fits this spec
Be sure to allocate at least 10GB of disk space so that you don't run into issues.
Parameters:
Environment:
Description: Environment name, used as a prefix for resources
Type: String
Project:
Description: Project name, used for resources tagging
Type: String
WebServerImageId:
Description: Web serve image id
Type: String
Default: ami-005de95e8ff495156 # Ubuntu Server 18.04 LTS
WebServerVolumeSize:
Description: Web server disk volume size
Type: String
Default: 10
WebServerInstanceType:
AllowedValues:
- t2.nano
- t2.medium
- t2.large
- t3.medium
- t3.large
- t3.xlarge
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
ConstraintDescription: Web server instance type. t2.nano - dev instance, t3.medium - default
Default: t3.medium
Description: WebServer EC2 instance type
Type: String
CPUUsagePercentPolicyTargetValue:
Description: Average CPU utilization
Type: String
Default: 75.0
ALBRequestCompleteCountTargetValue:
Description: Number of requests completed per target in an Application Load Balancer target group.
How many requests the application can handle per instance
Type: String
Default: 3
Resources:
# An IAM role is an IAM identity that you can create in your account that has specific permissions.
# An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies
# that determine what the identity can and cannot do in AWS. However, instead of being uniquely
# associated with one person, a role is intended to be assumable by anyone who needs it. Also,
# a role does not have standard long-term credentials such as a password or access keys associated
# with it. Instead, when you assume a role, it provides you with temporary security credentials
# for your role session
# Web server Role
UdacityS3ReadOnlyEC2:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
# An instance profile is a container for an IAM role that you can use to pass role information
# to an EC2 instance when the instance starts.
ProfileWithRolesForApp:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref UdacityS3ReadOnlyEC2
# The LaunchConfiguration resource specifies the Amazon EC2 Auto Scaling launch
# configuration that can be used by an Auto Scaling group to configure Amazon EC2
# instances.
# ----------------- EC2 ------------------
# The LaunchConfiguration resource specifies the Amazon EC2 Auto Scaling launch configuration
# that can be used by an Auto Scaling group to configure Amazon EC2 instances
WebAppServer:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
UserData:
Fn::Base64: !Sub |
#!/bin/bash
apt-get update -y
apt-get install unzip awscli -y
apt-get install apache2 -y
systemctl start apache2.service
cd /var/www/html
aws s3 cp s3://udacity-demo-1/udacity.zip .
unzip -o udacity.zip
ImageId: !Ref WebServerImageId
IamInstanceProfile: !Ref ProfileWithRolesForApp
SecurityGroups:
- Fn::ImportValue:
!Sub "${Project}-AppSecurityGroupID"
InstanceType: !Ref WebServerInstanceType
BlockDeviceMappings:
- DeviceName: "/dev/sdk"
Ebs:
VolumeSize: !Ref WebServerVolumeSize
# ------------ Resource groups -----------
# Specifies a target group for an Application Load Balancer or Network Load Balancer.
WebAppTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 10
HealthCheckPath: / # physical file path check.
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 7
HealthyThresholdCount: 2
Port: 80
Protocol: HTTP
UnhealthyThresholdCount: 5
VpcId:
Fn::ImportValue:
Fn::Sub: "${Project}-VPCID"
# Defines an Amazon EC2 Auto Scaling group with the specified name and attributes.
WebAppServerGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
# Private Subnets
VPCZoneIdentifier:
- Fn::ImportValue: !Sub ${Project}-Private-Subnet-IDs
LaunchConfigurationName: !Ref WebAppServer
MinSize: '2'
MaxSize: '4'
TargetGroupARNs:
- Ref: WebAppTargetGroup
Tags:
- Key: Name
Value: EC2-Instance
PropagateAtLaunch: true
- Key: Project
Value: !Ref Project
PropagateAtLaunch: true
# ------------ Load balancer ---------------
# Specifies an Application Load Balancer or a Network Load Balancer
WebAppLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Subnets:
- Fn::ImportValue: !Sub ${Project}-Public-Subnet-1-ID
- Fn::ImportValue: !Sub ${Project}-Public-Subnet-2-ID
SecurityGroups:
- Fn::ImportValue: !Sub ${Project}-LBSecurityGroupID
Tags:
- Key: Name
Value: Load Balancer
- Key: Project
Value: !Ref Project
# Specifies a listener for an Application Load Balancer or Network Load Balancer
LoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref WebAppTargetGroup
LoadBalancerArn: !Ref WebAppLoadBalancer
Port: '80'
Protocol: HTTP
LoadBalancerListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref WebAppTargetGroup
Conditions:
- Field: path-pattern
Values: [/]
ListenerArn: !Ref LoadBalancerListener
Priority: 1
#---------------- Scaling Policies ---------------
# When you configure dynamic scaling, you define how to scale the capacity of your
# Auto Scaling group in response to changing demand. For example, let's say that you
# have a web application that currently runs on two instances, and you want the CPU
# utilization of the Auto Scaling group to stay at around 50 percent when the load
# on the application changes. This gives you extra capacity to handle traffic spikes
# without maintaining an excessive number of idle resources. You can configure your
# Auto Scaling group to scale dynamically to meet this need by creating a scaling policy.
# Amazon EC2 Auto Scaling can then scale out your group (add more instances) to deal
# with high demand at peak times, and scale in your group (run fewer instances) to reduce
# costs during periods of low utilization
# Specifies an Amazon EC2 Auto Scaling scaling policy so that the Auto Scaling group
# can change the number of instances available for your application in response to
# changing demand. If you create either a step scaling policy or a simple scaling policy,
# you must also create a CloudWatch alarm that monitors a CloudWatch metric for your
# Auto Scaling group. Note that you can associate a CloudWatch alarm with only one
# scaling policy
WebServerCPUPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AutoScalingGroupName: !Ref WebAppServerGroup
PolicyType: TargetTrackingScaling
TargetTrackingConfiguration:
PredefinedMetricSpecification:
PredefinedMetricType: ASGAverageCPUUtilization
TargetValue: !Ref CPUUsagePercentPolicyTargetValue
WebServerRequestCountPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AutoScalingGroupName: !Ref WebAppServerGroup
PolicyType: TargetTrackingScaling
TargetTrackingConfiguration:
PredefinedMetricSpecification:
PredefinedMetricType: ALBRequestCountPerTarget
ResourceLabel: !Join
- '/'
- - !GetAtt WebAppLoadBalancer.LoadBalancerFullName
- !GetAtt WebAppTargetGroup.TargetGroupFullName
TargetValue: !Ref ALBRequestCompleteCountTargetValue
# -------------Output ------------
Outputs:
DNS:
Description: The website URL
Value:
!Sub
- 'http://${DNSName}'
- {DNSName: !GetAtt 'WebAppLoadBalancer.DNSName'}
Export:
Name: !Sub "${Project}-SiteURL"