This reference architecture provides a set of YAML templates for deploying the following AWS services :
- Amazon IAM
- Amazon VPC
- Amazon EC2
- Amazon ELB
- Amazon AutoScaling
- Amazon RDS
- Amazon S3
- Amazon Cloudwatch
- Amazon Route53
- Amazon Security Group & NACL
The Cloudformation Security Group IP address is open by default (testing purpose). You should update the Security Group Access with your own IP Address to ensure your instances security.
Before you can deploy this process, you need the following:
- Your AWS account must have one VPC available to be created in the selected region
- Amazon EC2 key pair
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
- US East (N. Virginia)
- US East (Ohio)
- US West (N. California)
- Asia Pacific (Sydney)
The repository consists of a set of nested templates that deploy the following:
- A tiered VPC with public and private subnets, spanning an AWS region.
- A highly available ECS cluster deployed across two Availability Zones in an Auto Scaling group.
- Two NAT gateways to handle outbound traffic.
- Two interconnecting microservices deployed as ECS services (website-service and product-service).
- An Application Load Balancer (ALB) to the public subnets to handle inbound traffic.
- ALB path-based routes for each ECS service to route the inbound traffic to the correct service.
- Centralized container logging with Amazon CloudWatch Logs.
A template can be used repeatedly to create identical copies of the same stack (or to use as a foundation to start a new stack). Templates are simple YAML- or JSON-formatted text files that can be placed under your normal source control mechanisms, stored in private or public locations such as Amazon S3, and exchanged via email. With CloudFormation, you can see exactly which AWS resources make up a stack. You retain full control and have the ability to modify any of the AWS resources created as part of a stack.
Fed up with outdated documentation on your infrastructure or environments? Still keep manual documentation of IP ranges, security group rules, etc.?
With CloudFormation, your template becomes your documentation. Want to see exactly what you have deployed? Just look at your template. If you keep it in source control, then you can also look back at exactly which changes were made and by whom.
CloudFormation not only handles the initial deployment of your infrastructure and environments, but it can also manage the whole lifecycle, including future updates. During updates, you have fine-grained control and visibility over how changes are applied, using functionality such as change sets, rolling update policies and stack policies.
The templates below are included in this repository and reference architecture:
Template | Description |
---|---|
master.yaml | This is the master template - deploy it to CloudFormation and it includes all of the nested templates automatically. |
infrastructure/webapp-iam.yaml | This template deploys will create policy to allow EC2 instance full access to S3 & CloudWatch, and VPC Logs to CloudWatch. |
infrastructure/webapp-s3bucket.yaml | This template deploys Backup Data Bucket with security data at rest and archive objects greater than 60 days, ELB logging, and Webhosting static content. |
infrastructure/webapp-vpc.yaml | This template deploys a VPC with a pair of public and private subnets spread across two Availability Zones. It deploys an Internet gateway, with a default route on the public subnets. It deploys 2 NAT gateways, and default routes for them in the private subnets. |
infrastructure/webapp-securitygroup.yaml | This template contains the security groups and Network ACLs required by the entire stack. |
infrastructure/webapp-rds.yaml | This template deploys a (Mysql) Relational Database Service. |
infrastructure/webapp-elb-appserver.yaml | This template deploys an Application Load Balancer that exposes our PHP APP services. |
infrastructure/webapp-autoscaling-appserver.yaml | This template deploys an ECS cluster to the private subnets using an Auto Scaling group. |
infrastructure/webapp-elb-webserver.yaml | This template deploys a Webserver Load Balancer that exposes our Nginx Proxy services. |
infrastructure/webapp-autoscaling-webserver.yaml | This template deploys an ECS cluster to the private subnets using an Auto Scaling group. |
infrastructure/webapp-cdn.yaml | Run this template separately. CDN Deployment is time consuming ~(30-40min to complete deploy). |
infrastructure/webapp-cloudwatch.yaml | This template deploys Cloudwatch Service, CPU Utilization Alarm. |
infrastructure/webapp-route53.yaml | This template deploys Route 53 recordset to update ELB Alias and CNAME CDN. |
A template can be used repeatedly to create identical copies of the same stack (or to use as a foundation to start a new stack). Templates are simple YAML- or JSON-formatted text files that can be placed under your normal source control mechanisms, stored in private or public locations such as Amazon S3, and exchanged via email. With CloudFormation, you can see exactly which AWS resources make up a stack. You retain full control and have the ability to modify any of the AWS resources created as part of a stack.
-------------- Example using AWS CLI Command ---------------------------------------
aws cloudformation create-stack --stack-name --capabilities=CAPABILITY_IAM --template-body file:////<path_to_template>//master.yaml
aws cloudformation update-stack --stack-name --capabilities=CAPABILITY_IAM --template-body file:////<path_to_template>//master.yaml
aws cloudformation delete-stack --stack-name
- Note :stack-name that can be used are (dev, staging, prod)
#!/bin/bash -xe
apt-get update
apt-get install apache2 php php-mysql git curl
chkconfig httpd on
service apache2 start
#echo "<?php phpinfo();?>" > /var/www/html/index.php
cd /var/www/html
git clone https://github.com/ajobayer/demo-webapp-frontend.git
cp -r demo-webapp-frontend/* .
#!/bin/bash -xe
yum install httpd php php-mysql git -y
yum update -y
chkconfig httpd on
service httpd start
#echo "<?php phpinfo();?>" > /var/www/html/index.php
cd /var/www/html
git clone https://github.com/ajobayer/demo-webapp-frontend.git
cp -r demo-webapp-frontend/* .