-
Notifications
You must be signed in to change notification settings - Fork 1
/
module.yml
143 lines (143 loc) · 4.92 KB
/
module.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
---
# Copyright 2018 widdix GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules: ALB'
# cfn-modules:implements(ExposeArn, ExposeSecurityGroupId, LoadBalancer)
Parameters:
VpcModule:
Description: 'Stack name of vpc module.'
Type: String
AlertingModule:
Description: 'Optional but recommended stack name of alerting module.'
Type: String
Default: ''
BucketModule:
Description: 'Optional but recommended stack name of s3-bucket module to store access logs.'
Type: String
Default: ''
Scheme:
Description: 'Indicates whether the load balancer reachable from the public Internet or only from within the VPC.'
Type: String
Default: 'internet-facing'
AllowedValues:
- 'internet-facing'
- internal
IpAddressType:
Description: 'The IP adress type for the load balancer: IPv4 only or Dualstack (IPv4+IPv6)'
Type: String
Default: dualstack
AllowedValues:
- ipv4
- dualstack
IdleTimeoutInSeconds:
Description: 'The idle timeout value, in seconds.'
Type: Number
Default: 60
MinValue: 1
MaxValue: 4000
Conditions:
HasAlertingModule: !Not [!Equals [!Ref AlertingModule, '']]
HasBucketModule: !Not [!Equals [!Ref BucketModule, '']]
HasSchemeInternal: !Equals [!Ref Scheme, 'internal']
Resources:
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: !Ref 'AWS::StackName'
VpcId: {'Fn::ImportValue': !Sub '${VpcModule}-Id'}
LoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
LoadBalancerAttributes:
- Key: 'idle_timeout.timeout_seconds'
Value: !Ref IdleTimeoutInSeconds
- Key: 'routing.http2.enabled'
Value: 'true'
- Key: 'access_logs.s3.enabled'
Value: !If [HasBucketModule, 'true', 'false']
- !If [HasBucketModule, {Key: 'access_logs.s3.prefix', Value: !Ref 'AWS::StackName'}, !Ref 'AWS::NoValue']
- !If [HasBucketModule, {Key: 'access_logs.s3.bucket', Value: {'Fn::ImportValue': !Sub '${BucketModule}-Name'}}, !Ref 'AWS::NoValue']
Scheme: !Ref Scheme
IpAddressType: !Ref IpAddressType
SecurityGroups:
- !Ref SecurityGroup
Subnets: !If
- HasSchemeInternal
- !Split [',', {'Fn::ImportValue': !Sub '${VpcModule}-SubnetIdsPrivate'}]
- !Split [',', {'Fn::ImportValue': !Sub '${VpcModule}-SubnetIdsPublic'}]
Type: application
HTTPCodeELB5XXTooHighAlarm:
Condition: HasAlertingModule
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Application load balancer returns 5XX HTTP status codes'
Namespace: 'AWS/ApplicationELB'
MetricName: HTTPCode_ELB_5XX_Count
Statistic: Sum
Period: 60
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 0
AlarmActions:
- {'Fn::ImportValue': !Sub '${AlertingModule}-Arn'}
Dimensions:
- Name: LoadBalancer
Value: !GetAtt 'LoadBalancer.LoadBalancerFullName'
TreatMissingData: notBreaching
RejectedConnectionCountTooHighAlarm:
Condition: HasAlertingModule
Type: 'AWS::CloudWatch::Alarm'
Properties:
AlarmDescription: 'Application load balancer rejected connections because the load balancer had reached its maximum number of connections'
Namespace: 'AWS/ApplicationELB'
MetricName: RejectedConnectionCount
Statistic: Sum
Period: 60
EvaluationPeriods: 1
ComparisonOperator: GreaterThanThreshold
Threshold: 0
AlarmActions:
- {'Fn::ImportValue': !Sub '${AlertingModule}-Arn'}
Dimensions:
- Name: LoadBalancer
Value: !GetAtt 'LoadBalancer.LoadBalancerFullName'
TreatMissingData: notBreaching
Outputs:
ModuleId:
Value: 'alb'
ModuleVersion:
Value: '1.1.0'
StackName:
Value: !Ref 'AWS::StackName'
Arn:
Value: !Ref LoadBalancer
Export:
Name: !Sub '${AWS::StackName}-Arn'
CanonicalHostedZoneId:
Value: !GetAtt LoadBalancer.CanonicalHostedZoneID
Export:
Name: !Sub '${AWS::StackName}-CanonicalHostedZoneId'
DnsName:
Value: !GetAtt 'LoadBalancer.DNSName'
Export:
Name: !Sub '${AWS::StackName}-DnsName'
LoadBalancerFullName:
Value: !GetAtt 'LoadBalancer.LoadBalancerFullName'
Export:
Name: !Sub '${AWS::StackName}-LoadBalancerFullName'
SecurityGroupId:
Value: !Ref SecurityGroup
Export:
Name: !Sub '${AWS::StackName}-SecurityGroupId'