Create Auto Scaling Stack(Single Stack / Nested Stack) by using AWS CDK
The post is a personal summary of the AWS CDK Example(EC2). Env versions Getting Started Initialize AWS CDK pr […]
目次
The post is a
Env versions
$ cdk --version
0.14.1 (build c87f3ec)
$ node -v
v10.5.0
Getting Started
Initialize AWS CDK project
To beginning, initialize the AWS CDK project.
$ mkdir autoscaling
$ cd autoscaling
$ cdk init app --language=typescript
Install dependencies
The example will launch the following resources.
- VPC
- AutoScaling Group
- ELB (Classic Load Balancer)
Let’s install these resources packages.
$ npm i -S @aws-cdk/[email protected] @aws-cdk/[email protected] @aws-cdk/[email protected]
First: create a stack as a single CloudFormation template
This is a example code to launch AutoScaling Stack by a single CloudFormation template.
#!/usr/bin/env node
import ec2 = require('@aws-cdk/aws-ec2');
import autoscaling = require('@aws-cdk/aws-autoscaling');
import elb = require('@aws-cdk/aws-elasticloadbalancing')
import cdk = require('@aws-cdk/cdk');
class AppWithVpc extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props)
// Create VPC Network (with SG/IGW/and more)
const vpc = new ec2.VpcNetwork(this, 'MyVPC')
// Create AutoScaling Group(t2.small / Amazon Linux)
const asg = new autoscaling.AutoScalingGroup(this, 'ExampleASG', {
vpc,
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.T2, ec2.InstanceSize.Small),
machineImage: new ec2.AmazonLinuxImage()
})
// Create Classic Load Balancer
const clb = new elb.LoadBalancer(this, 'LB', {
vpc,
internetFacing: true
})
clb.addListener({ externalPort: 80})
clb.addTarget(asg)
}
}
const app = new cdk.App()
new AppWithVpc(app, 'app-with-vpc')
app.run()
You can get the CloudFormation template by following command.
$ npm run build
$ cdk synth
And this is an export result.new ec2.VpcNetwork(this, 'MyVPC')
method has created Security Group and Internet Gateway and EIP and more….
Resources:
MyVPCAFB07A31:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC
MyVPCPublicSubnet1Subnet0C75866A:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.0.0/19
VpcId:
Ref: MyVPCAFB07A31
AvailabilityZone: us-west-2a
MapPublicIpOnLaunch: true
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet1
MyVPCPublicSubnet1RouteTable538A9511:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: MyVPCAFB07A31
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet1
MyVPCPublicSubnet1RouteTableAssociation8A950D8E:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: MyVPCPublicSubnet1RouteTable538A9511
SubnetId:
Ref: MyVPCPublicSubnet1Subnet0C75866A
MyVPCPublicSubnet1DefaultRouteAF81AA9B:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: MyVPCPublicSubnet1RouteTable538A9511
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: MyVPCIGW30AB6DD6
MyVPCPublicSubnet1EIP5EB6147D:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
MyVPCPublicSubnet1NATGateway838228A5:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId:
'Fn::GetAtt':
- MyVPCPublicSubnet1EIP5EB6147D
- AllocationId
SubnetId:
Ref: MyVPCPublicSubnet1Subnet0C75866A
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet1
MyVPCPublicSubnet2Subnet4DDFF14C:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.32.0/19
VpcId:
Ref: MyVPCAFB07A31
AvailabilityZone: us-west-2b
MapPublicIpOnLaunch: true
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet2
MyVPCPublicSubnet2RouteTableA6A1CD3D:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: MyVPCAFB07A31
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet2
MyVPCPublicSubnet2RouteTableAssociationF22D63CA:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: MyVPCPublicSubnet2RouteTableA6A1CD3D
SubnetId:
Ref: MyVPCPublicSubnet2Subnet4DDFF14C
MyVPCPublicSubnet2DefaultRoute24460202:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: MyVPCPublicSubnet2RouteTableA6A1CD3D
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: MyVPCIGW30AB6DD6
MyVPCPublicSubnet2EIP6F364C5D:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
MyVPCPublicSubnet2NATGateway4D6E78B8:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId:
'Fn::GetAtt':
- MyVPCPublicSubnet2EIP6F364C5D
- AllocationId
SubnetId:
Ref: MyVPCPublicSubnet2Subnet4DDFF14C
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet2
MyVPCPublicSubnet3Subnet1F5F6FC2:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.64.0/19
VpcId:
Ref: MyVPCAFB07A31
AvailabilityZone: us-west-2c
MapPublicIpOnLaunch: true
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet3
MyVPCPublicSubnet3RouteTableAC210F4D:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: MyVPCAFB07A31
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet3
MyVPCPublicSubnet3RouteTableAssociation2F72E244:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: MyVPCPublicSubnet3RouteTableAC210F4D
SubnetId:
Ref: MyVPCPublicSubnet3Subnet1F5F6FC2
MyVPCPublicSubnet3DefaultRouteB9A2FDF0:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: MyVPCPublicSubnet3RouteTableAC210F4D
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: MyVPCIGW30AB6DD6
MyVPCPublicSubnet3EIPEA990C55:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
MyVPCPublicSubnet3NATGateway7590C9CF:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId:
'Fn::GetAtt':
- MyVPCPublicSubnet3EIPEA990C55
- AllocationId
SubnetId:
Ref: MyVPCPublicSubnet3Subnet1F5F6FC2
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PublicSubnet3
MyVPCPrivateSubnet1Subnet641543F4:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.96.0/19
VpcId:
Ref: MyVPCAFB07A31
AvailabilityZone: us-west-2a
MapPublicIpOnLaunch: false
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PrivateSubnet1
MyVPCPrivateSubnet1RouteTable133BD901:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: MyVPCAFB07A31
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PrivateSubnet1
MyVPCPrivateSubnet1RouteTableAssociation85DFBFBB:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: MyVPCPrivateSubnet1RouteTable133BD901
SubnetId:
Ref: MyVPCPrivateSubnet1Subnet641543F4
MyVPCPrivateSubnet1DefaultRouteA8EE6636:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: MyVPCPrivateSubnet1RouteTable133BD901
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: MyVPCPublicSubnet1NATGateway838228A5
MyVPCPrivateSubnet2SubnetA420D3F0:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.128.0/19
VpcId:
Ref: MyVPCAFB07A31
AvailabilityZone: us-west-2b
MapPublicIpOnLaunch: false
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PrivateSubnet2
MyVPCPrivateSubnet2RouteTableDF3CB76C:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: MyVPCAFB07A31
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PrivateSubnet2
MyVPCPrivateSubnet2RouteTableAssociationC373B6FE:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: MyVPCPrivateSubnet2RouteTableDF3CB76C
SubnetId:
Ref: MyVPCPrivateSubnet2SubnetA420D3F0
MyVPCPrivateSubnet2DefaultRoute37F90B5D:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: MyVPCPrivateSubnet2RouteTableDF3CB76C
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: MyVPCPublicSubnet2NATGateway4D6E78B8
MyVPCPrivateSubnet3SubnetE1B8B1B4:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.160.0/19
VpcId:
Ref: MyVPCAFB07A31
AvailabilityZone: us-west-2c
MapPublicIpOnLaunch: false
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PrivateSubnet3
MyVPCPrivateSubnet3RouteTableC4FF197F:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: MyVPCAFB07A31
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC/PrivateSubnet3
MyVPCPrivateSubnet3RouteTableAssociation31B18386:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: MyVPCPrivateSubnet3RouteTableC4FF197F
SubnetId:
Ref: MyVPCPrivateSubnet3SubnetE1B8B1B4
MyVPCPrivateSubnet3DefaultRouteE65E8A8F:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: MyVPCPrivateSubnet3RouteTableC4FF197F
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: MyVPCPublicSubnet3NATGateway7590C9CF
MyVPCIGW30AB6DD6:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
-
Key: Name
Value: app-with-vpc/MyVPC
MyVPCVPCGWE6F260E1:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
VpcId:
Ref: MyVPCAFB07A31
InternetGatewayId:
Ref: MyVPCIGW30AB6DD6
ExampleASGInstanceSecurityGroup57423FC2:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: app-with-vpc/ExampleASG/InstanceSecurityGroup
SecurityGroupEgress:
-
CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic by default
IpProtocol: '-1'
SecurityGroupIngress: []
Tags:
-
Key: Name
Value: app-with-vpc/ExampleASG
VpcId:
Ref: MyVPCAFB07A31
ExampleASGInstanceSecurityGroupfromappwithvpcLBSecurityGroup451C8F6C80BB3EACE2:
Type: 'AWS::EC2::SecurityGroupIngress'
Properties:
IpProtocol: tcp
Description: Port 80 LB to fleet
FromPort: 80
GroupId:
'Fn::GetAtt':
- ExampleASGInstanceSecurityGroup57423FC2
- GroupId
SourceSecurityGroupId:
'Fn::GetAtt':
- LBSecurityGroup8A41EA2B
- GroupId
ToPort: 80
ExampleASGInstanceRole1F5D9A6B:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
-
Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: ec2.amazonaws.com
Version: '2012-10-17'
ExampleASGInstanceProfileD70200DE:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
-
Ref: ExampleASGInstanceRole1F5D9A6B
ExampleASGLaunchConfig020480C8:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Properties:
ImageId: ami-a0cfeed8
InstanceType: t2.small
IamInstanceProfile:
Ref: ExampleASGInstanceProfileD70200DE
SecurityGroups:
-
'Fn::GetAtt':
- ExampleASGInstanceSecurityGroup57423FC2
- GroupId
UserData:
'Fn::Base64': |
#!/bin/bash
DependsOn:
- ExampleASGInstanceRole1F5D9A6B
ExampleASG61DF90B6:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
MaxSize: '1'
MinSize: '1'
DesiredCapacity: '1'
LaunchConfigurationName:
Ref: ExampleASGLaunchConfig020480C8
LoadBalancerNames:
-
Ref: LB8A12904C
Tags:
-
Key: Name
PropagateAtLaunch: true
Value: app-with-vpc/ExampleASG
VPCZoneIdentifier:
-
Ref: MyVPCPrivateSubnet1Subnet641543F4
-
Ref: MyVPCPrivateSubnet2SubnetA420D3F0
-
Ref: MyVPCPrivateSubnet3SubnetE1B8B1B4
UpdatePolicy:
AutoScalingScheduledAction:
IgnoreUnmodifiedGroupSizeProperties: true
LBSecurityGroup8A41EA2B:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: app-with-vpc/LB/SecurityGroup
SecurityGroupEgress: []
SecurityGroupIngress:
-
CidrIp: 0.0.0.0/0
Description: Default rule allow on 80
FromPort: 80
IpProtocol: tcp
ToPort: 80
VpcId:
Ref: MyVPCAFB07A31
LBSecurityGrouptoappwithvpcExampleASGInstanceSecurityGroup4481B23A80C5F0238E:
Type: 'AWS::EC2::SecurityGroupEgress'
Properties:
GroupId:
'Fn::GetAtt':
- LBSecurityGroup8A41EA2B
- GroupId
IpProtocol: tcp
Description: Port 80 LB to fleet
DestinationSecurityGroupId:
'Fn::GetAtt':
- ExampleASGInstanceSecurityGroup57423FC2
- GroupId
FromPort: 80
ToPort: 80
LB8A12904C:
Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
Properties:
Listeners:
-
InstancePort: '80'
InstanceProtocol: http
LoadBalancerPort: '80'
Protocol: http
Scheme: internet-facing
SecurityGroups:
-
'Fn::GetAtt':
- LBSecurityGroup8A41EA2B
- GroupId
Subnets:
-
Ref: MyVPCPublicSubnet1Subnet0C75866A
-
Ref: MyVPCPublicSubnet2Subnet4DDFF14C
-
Ref: MyVPCPublicSubnet3Subnet1F5F6FC2
CDKMetadata:
Type: 'AWS::CDK::Metadata'
Properties:
Modules: >-
@aws-cdk/aws-autoscaling=0.14.1,@aws-cdk/aws-codedeploy-api=0.14.1,@aws-cdk/aws-ec2=0.14.1,@aws-cdk/aws-elasticloadbalancing=0.14.1,@aws-cdk/aws-elasticloadbalancingv2=0.14.1,@aws-cdk/aws-iam=0.14.1,@aws-cdk/cdk=0.14.1,@aws-cdk/cx-api=0.14.1,cdk=0.1.0
Second: Create the stack as Nested CloudFormation template
Next, We’ll create same stack as Nested CloudFormation template.
Create VPC Stack
To beginning, create VPC stack.
#!/usr/bin/env node
import ec2 = require('@aws-cdk/aws-ec2');
import autoscaling = require('@aws-cdk/aws-autoscaling');
import elb = require('@aws-cdk/aws-elasticloadbalancing')
import cdk = require('@aws-cdk/cdk');
class CommonInfrastructure extends cdk.Stack {
public vpc: ec2.VpcNetworkRefProps;
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props)
// Create VPC Network
const vpc = new ec2.VpcNetwork(this, 'VPC')
// Export VPC information
this.vpc = vpc.export()
}
}
Create another stack for application
And this is another templates for application.
// ↑ VPC Stack data
// Type
interface MyAppProps extends cdk.StackProps {
infra: CommonInfrastructure
}
class MyApp extends cdk.Stack {
constructor(parent: cdk.App, name: string, props: MyAppProps) {
super(parent, name, props)
// Import the VPC stack information
const vpc = ec2.VpcNetwork.import(this, 'VPC', props.infra.vpc)
// Create AutoScaling
const fleet = new autoscaling.AutoScalingGroup(this, 'MyASG', {
vpc,
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.T2, ec2.InstanceSize.Micro),
machineImage: new ec2.AmazonLinuxImage()
})
// Create Classic Load Balancer
const clb = new elb.LoadBalancer(this, 'LB', {
vpc,
internetFacing: true
})
clb.addListener({ externalPort: 80})
clb.addTarget(fleet)
}
}
Connect these stack
// ↑ VPC/Application Stack data
// Launch the VPC stack named 'infra'
const infra = new CommonInfrastructure(app, 'infra')
// Launch the Application stack
// And inport VPC stack data
new MyApp(app, 'my-app', {
infra
})
app.run()
Exports CloudFormation templates
If you want to export Nested Stack, your should run cdk synth
command with a ---output
option.
$ npm run build
$ cdk synth --output ./test
./test/infra.template.yaml
./test/my-app.template.yaml
infra.template.yml
Resources:
VPCB9E5F0B4:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
-
Key: Name
Value: infra/VPC
VPCPublicSubnet1SubnetB4246D30:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.0.0/19
VpcId:
Ref: VPCB9E5F0B4
AvailabilityZone: us-west-2a
MapPublicIpOnLaunch: true
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet1
VPCPublicSubnet1RouteTableFEE4B781:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPCB9E5F0B4
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet1
VPCPublicSubnet1RouteTableAssociation0B0896DC:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: VPCPublicSubnet1RouteTableFEE4B781
SubnetId:
Ref: VPCPublicSubnet1SubnetB4246D30
VPCPublicSubnet1DefaultRoute91CEF279:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: VPCPublicSubnet1RouteTableFEE4B781
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: VPCIGWB7E252D3
VPCPublicSubnet1EIP6AD938E8:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
VPCPublicSubnet1NATGatewayE0556630:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId:
'Fn::GetAtt':
- VPCPublicSubnet1EIP6AD938E8
- AllocationId
SubnetId:
Ref: VPCPublicSubnet1SubnetB4246D30
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet1
VPCPublicSubnet2Subnet74179F39:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.32.0/19
VpcId:
Ref: VPCB9E5F0B4
AvailabilityZone: us-west-2b
MapPublicIpOnLaunch: true
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet2
VPCPublicSubnet2RouteTable6F1A15F1:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPCB9E5F0B4
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet2
VPCPublicSubnet2RouteTableAssociation5A808732:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: VPCPublicSubnet2RouteTable6F1A15F1
SubnetId:
Ref: VPCPublicSubnet2Subnet74179F39
VPCPublicSubnet2DefaultRouteB7481BBA:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: VPCPublicSubnet2RouteTable6F1A15F1
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: VPCIGWB7E252D3
VPCPublicSubnet2EIP4947BC00:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
VPCPublicSubnet2NATGateway3C070193:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId:
'Fn::GetAtt':
- VPCPublicSubnet2EIP4947BC00
- AllocationId
SubnetId:
Ref: VPCPublicSubnet2Subnet74179F39
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet2
VPCPublicSubnet3Subnet631C5E25:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.64.0/19
VpcId:
Ref: VPCB9E5F0B4
AvailabilityZone: us-west-2c
MapPublicIpOnLaunch: true
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet3
VPCPublicSubnet3RouteTable98AE0E14:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPCB9E5F0B4
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet3
VPCPublicSubnet3RouteTableAssociation427FE0C6:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: VPCPublicSubnet3RouteTable98AE0E14
SubnetId:
Ref: VPCPublicSubnet3Subnet631C5E25
VPCPublicSubnet3DefaultRouteA0D29D46:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: VPCPublicSubnet3RouteTable98AE0E14
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: VPCIGWB7E252D3
VPCPublicSubnet3EIPAD4BC883:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
VPCPublicSubnet3NATGatewayD3048F5C:
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId:
'Fn::GetAtt':
- VPCPublicSubnet3EIPAD4BC883
- AllocationId
SubnetId:
Ref: VPCPublicSubnet3Subnet631C5E25
Tags:
-
Key: Name
Value: infra/VPC/PublicSubnet3
VPCPrivateSubnet1Subnet8BCA10E0:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.96.0/19
VpcId:
Ref: VPCB9E5F0B4
AvailabilityZone: us-west-2a
MapPublicIpOnLaunch: false
Tags:
-
Key: Name
Value: infra/VPC/PrivateSubnet1
VPCPrivateSubnet1RouteTableBE8A6027:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPCB9E5F0B4
Tags:
-
Key: Name
Value: infra/VPC/PrivateSubnet1
VPCPrivateSubnet1RouteTableAssociation347902D1:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: VPCPrivateSubnet1RouteTableBE8A6027
SubnetId:
Ref: VPCPrivateSubnet1Subnet8BCA10E0
VPCPrivateSubnet1DefaultRouteAE1D6490:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: VPCPrivateSubnet1RouteTableBE8A6027
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: VPCPublicSubnet1NATGatewayE0556630
VPCPrivateSubnet2SubnetCFCDAA7A:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.128.0/19
VpcId:
Ref: VPCB9E5F0B4
AvailabilityZone: us-west-2b
MapPublicIpOnLaunch: false
Tags:
-
Key: Name
Value: infra/VPC/PrivateSubnet2
VPCPrivateSubnet2RouteTable0A19E10E:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPCB9E5F0B4
Tags:
-
Key: Name
Value: infra/VPC/PrivateSubnet2
VPCPrivateSubnet2RouteTableAssociation0C73D413:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: VPCPrivateSubnet2RouteTable0A19E10E
SubnetId:
Ref: VPCPrivateSubnet2SubnetCFCDAA7A
VPCPrivateSubnet2DefaultRouteF4F5CFD2:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: VPCPrivateSubnet2RouteTable0A19E10E
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: VPCPublicSubnet2NATGateway3C070193
VPCPrivateSubnet3Subnet3EDCD457:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 10.0.160.0/19
VpcId:
Ref: VPCB9E5F0B4
AvailabilityZone: us-west-2c
MapPublicIpOnLaunch: false
Tags:
-
Key: Name
Value: infra/VPC/PrivateSubnet3
VPCPrivateSubnet3RouteTable192186F8:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId:
Ref: VPCB9E5F0B4
Tags:
-
Key: Name
Value: infra/VPC/PrivateSubnet3
VPCPrivateSubnet3RouteTableAssociationC28D144E:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId:
Ref: VPCPrivateSubnet3RouteTable192186F8
SubnetId:
Ref: VPCPrivateSubnet3Subnet3EDCD457
VPCPrivateSubnet3DefaultRoute27F311AE:
Type: 'AWS::EC2::Route'
Properties:
RouteTableId:
Ref: VPCPrivateSubnet3RouteTable192186F8
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: VPCPublicSubnet3NATGatewayD3048F5C
VPCIGWB7E252D3:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
-
Key: Name
Value: infra/VPC
VPCVPCGW99B986DC:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
VpcId:
Ref: VPCB9E5F0B4
InternetGatewayId:
Ref: VPCIGWB7E252D3
CDKMetadata:
Type: 'AWS::CDK::Metadata'
Properties:
Modules: >-
@aws-cdk/aws-autoscaling=0.14.1,@aws-cdk/aws-codedeploy-api=0.14.1,@aws-cdk/aws-ec2=0.14.1,@aws-cdk/aws-elasticloadbalancing=0.14.1,@aws-cdk/aws-elasticloadbalancingv2=0.14.1,@aws-cdk/aws-iam=0.14.1,@aws-cdk/cdk=0.14.1,@aws-cdk/cx-api=0.14.1,cdk=0.1.0
Outputs:
VPCPublicSubnetIDs428979F9:
Value:
'Fn::Join':
- ','
-
-
Ref: VPCPublicSubnet1SubnetB4246D30
-
Ref: VPCPublicSubnet2Subnet74179F39
-
Ref: VPCPublicSubnet3Subnet631C5E25
Export:
Name: 'infra:VPCPublicSubnetIDs428979F9'
VPCPrivateSubnetIDsA55EE406:
Value:
'Fn::Join':
- ','
-
-
Ref: VPCPrivateSubnet1Subnet8BCA10E0
-
Ref: VPCPrivateSubnet2SubnetCFCDAA7A
-
Ref: VPCPrivateSubnet3Subnet3EDCD457
Export:
Name: 'infra:VPCPrivateSubnetIDsA55EE406'
VPCVpcId2F75874A:
Value:
Ref: VPCB9E5F0B4
Export:
Name: 'infra:VPCVpcId2F75874A'
my-app.template.yml
Resources:
MyASGInstanceSecurityGroupBF55119F:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: my-app/MyASG/InstanceSecurityGroup
SecurityGroupEgress:
-
CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic by default
IpProtocol: '-1'
SecurityGroupIngress: []
Tags:
-
Key: Name
Value: my-app/MyASG
VpcId:
'Fn::ImportValue': 'infra:VPCVpcId2F75874A'
MyASGInstanceSecurityGroupfrommyappLBSecurityGroupFC6760E08066F1683E:
Type: 'AWS::EC2::SecurityGroupIngress'
Properties:
IpProtocol: tcp
Description: Port 80 LB to fleet
FromPort: 80
GroupId:
'Fn::GetAtt':
- MyASGInstanceSecurityGroupBF55119F
- GroupId
SourceSecurityGroupId:
'Fn::GetAtt':
- LBSecurityGroup8A41EA2B
- GroupId
ToPort: 80
MyASGInstanceRoleE40FF11D:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
-
Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: ec2.amazonaws.com
Version: '2012-10-17'
MyASGInstanceProfile2A2CDB5D:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
-
Ref: MyASGInstanceRoleE40FF11D
MyASGLaunchConfig075E9F95:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Properties:
ImageId: ami-a0cfeed8
InstanceType: t2.micro
IamInstanceProfile:
Ref: MyASGInstanceProfile2A2CDB5D
SecurityGroups:
-
'Fn::GetAtt':
- MyASGInstanceSecurityGroupBF55119F
- GroupId
UserData:
'Fn::Base64': |
#!/bin/bash
DependsOn:
- MyASGInstanceRoleE40FF11D
MyASG63588E97:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
MaxSize: '1'
MinSize: '1'
DesiredCapacity: '1'
LaunchConfigurationName:
Ref: MyASGLaunchConfig075E9F95
LoadBalancerNames:
-
Ref: LB8A12904C
Tags:
-
Key: Name
PropagateAtLaunch: true
Value: my-app/MyASG
VPCZoneIdentifier:
-
'Fn::Select':
- 0
-
'Fn::Split':
- ','
-
'Fn::ImportValue': 'infra:VPCPrivateSubnetIDsA55EE406'
-
'Fn::Select':
- 1
-
'Fn::Split':
- ','
-
'Fn::ImportValue': 'infra:VPCPrivateSubnetIDsA55EE406'
-
'Fn::Select':
- 2
-
'Fn::Split':
- ','
-
'Fn::ImportValue': 'infra:VPCPrivateSubnetIDsA55EE406'
UpdatePolicy:
AutoScalingScheduledAction:
IgnoreUnmodifiedGroupSizeProperties: true
LBSecurityGroup8A41EA2B:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: my-app/LB/SecurityGroup
SecurityGroupEgress: []
SecurityGroupIngress:
-
CidrIp: 0.0.0.0/0
Description: Default rule allow on 80
FromPort: 80
IpProtocol: tcp
ToPort: 80
VpcId:
'Fn::ImportValue': 'infra:VPCVpcId2F75874A'
LBSecurityGrouptomyappMyASGInstanceSecurityGroupF7B2EE4D80FD563A93:
Type: 'AWS::EC2::SecurityGroupEgress'
Properties:
GroupId:
'Fn::GetAtt':
- LBSecurityGroup8A41EA2B
- GroupId
IpProtocol: tcp
Description: Port 80 LB to fleet
DestinationSecurityGroupId:
'Fn::GetAtt':
- MyASGInstanceSecurityGroupBF55119F
- GroupId
FromPort: 80
ToPort: 80
LB8A12904C:
Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
Properties:
Listeners:
-
InstancePort: '80'
InstanceProtocol: http
LoadBalancerPort: '80'
Protocol: http
Scheme: internet-facing
SecurityGroups:
-
'Fn::GetAtt':
- LBSecurityGroup8A41EA2B
- GroupId
Subnets:
-
'Fn::Select':
- 0
-
'Fn::Split':
- ','
-
'Fn::ImportValue': 'infra:VPCPublicSubnetIDs428979F9'
-
'Fn::Select':
- 1
-
'Fn::Split':
- ','
-
'Fn::ImportValue': 'infra:VPCPublicSubnetIDs428979F9'
-
'Fn::Select':
- 2
-
'Fn::Split':
- ','
-
'Fn::ImportValue': 'infra:VPCPublicSubnetIDs428979F9'
CDKMetadata:
Type: 'AWS::CDK::Metadata'
Properties:
Modules: >-
@aws-cdk/aws-autoscaling=0.14.1,@aws-cdk/aws-codedeploy-api=0.14.1,@aws-cdk/aws-ec2=0.14.1,@aws-cdk/aws-elasticloadbalancing=0.14.1,@aws-cdk/aws-elasticloadbalancingv2=0.14.1,@aws-cdk/aws-iam=0.14.1,@aws-cdk/cdk=0.14.1,@aws-cdk/cx-api=0.14.1,cdk=0.1.0