Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- Description: "BC Workbench Setup"
- Parameters:
- UserName:
- Type: String
- Description: Enter workbench username.
- WorkbenchSecurityGroupIDS:
- Type: "List<AWS::EC2::SecurityGroup::Id>"
- Description: Enter Security group ids for this workbench.
- WorkbenchSubnetIDS:
- Type: "List<AWS::EC2::Subnet::Id>"
- Description: Enter Subnet IDs for this workbench.
- SaltedPassword:
- Type: String
- Description: Enter salted password for new user.
- Resources:
- BCHTTPListener:
- Type: "AWS::ElasticLoadBalancingV2::Listener"
- Properties:
- DefaultActions:
- - Type: forward
- TargetGroupArn: !Ref BCHTTPTargetGroup
- LoadBalancerArn: !Ref ALB
- Port: 80
- Protocol: HTTP
- BCHTTPTargetGroup:
- Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
- Properties:
- HealthCheckIntervalSeconds: 30
- HealthCheckPath: "/"
- HealthCheckPort: "traffic-port"
- HealthCheckProtocol: "HTTP"
- HealthCheckTimeoutSeconds: 5
- HealthyThresholdCount: 5
- Matcher:
- HttpCode: 301
- Name: ${UserName}-bc-http
- Port: 80
- Protocol: HTTP
- Tags:
- - Key: Department
- Value: development
- - Key: chaos
- Value: dev
- TargetGroupAttributes:
- - Key: deregistration_delay.timeout_seconds
- Value: 300
- - Key: stickiness.enabled
- Value: false
- Targets:
- - Id: !Ref Workbench
- Port: 80
- TargetType: instance
- UnhealthyThresholdCount: 2
- VpcId: vpc-891ad7ed
- BCHTTPSListener:
- Type: "AWS::ElasticLoadBalancingV2::Listener"
- Properties:
- DefaultActions:
- - Type: forward
- TargetGroupArn: !Ref BCHTTPSTargetGroup
- LoadBalancerArn: !Ref ALB
- Port: 443
- Protocol: HTTPS
- Certificates:
- - CertificateArn: "arn:aws:acm:us-east-1:687433828854:certificate/0a3d771d-440a-49cb-8617-0fe7f4e28a17"
- SslPolicy: "ELBSecurityPolicy-2016-08"
- BCHTTPSTargetGroup:
- Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
- Properties:
- HealthCheckIntervalSeconds: 30
- HealthCheckPath: "/"
- HealthCheckPort: "traffic-port"
- HealthCheckProtocol: "HTTP"
- HealthCheckTimeoutSeconds: 5
- HealthyThresholdCount: 5
- Matcher:
- HttpCode: 200
- Name: ${UserName}-bc-https
- Port: 443
- Protocol: HTTPS
- Tags:
- - Key: Department
- Value: development
- - Key: chaos
- Value: dev
- TargetGroupAttributes:
- - Key: deregistration_delay.timeout_seconds
- Value: 300
- - Key: stickiness.enabled
- Value: false
- Targets:
- - Id: !Ref Workbench
- Port: 443
- TargetType: instance
- UnhealthyThresholdCount: 2
- VpcId: vpc-891ad7ed
- APIRule:
- Type: "AWS::ElasticLoadBalancingV2::ListenerRule"
- Properties:
- Actions:
- - Type: forward
- TargetGroupArn: !Ref APITargetGroup
- Conditions:
- - Field: path-pattern
- Values:
- - "/api/*"
- ListenerArn: !Ref BCHTTPSListener
- Priority: 1000
- APITargetGroup:
- Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
- Properties:
- HealthCheckIntervalSeconds: 30
- HealthCheckPath: "/api/"
- HealthCheckPort: "traffic-port"
- HealthCheckProtocol: "HTTP"
- HealthCheckTimeoutSeconds: 5
- HealthyThresholdCount: 5
- Matcher:
- HttpCode: 200
- Name: ${UserName}-bc-api
- Port: 5000
- Protocol: HTTP
- Tags:
- - Key: Department
- Value: development
- - Key: chaos
- Value: dev
- TargetGroupAttributes:
- - Key: deregistration_delay.timeout_seconds
- Value: 300
- - Key: stickiness.enabled
- Value: false
- Targets:
- - Id: !Ref Workbench
- Port: 5000
- TargetType: instance
- UnhealthyThresholdCount: 2
- VpcId: vpc-891ad7ed
- ALB:
- Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
- Properties:
- LoadBalancerAttributes:
- - Key: idle_timeout.timeout_seconds
- Value: 60
- Name: ${UserName}-workbench
- Scheme: internet-facing
- SecurityGroups: !Ref WorkbenchSecurityGroupIDS
- Subnets: !Ref WorkbenchSubnetIDS
- Tags:
- - Key: Department
- Value: development
- - Key: chaos
- Value: dev
- Type: application
- IpAddressType: ipv4
- Workbench:
- Type: "AWS::EC2::Instance"
- Properties:
- AvailabilityZone: "us-east-1c" ## This might need to be variable in the future
- IamInstanceProfile: "BC_Sandbox"
- ImageId: ami-80861296
- KeyName: sheetzam
- InstanceType: t2.medium
- SecurityGroupIds: !Ref WorkbenchSecurityGroupIDS
- SubnetId: "subnet-ffcee3a6"
- BlockDeviceMappings:
- - DeviceName: /dev/sda1
- Ebs:
- VolumeSize: 50
- Tags:
- - Key: Name
- Value: ${UserName}-bc-workbench
- - Key: Department
- Value: development
- - Key: chaos
- Value: dev
- - Key: ghe
- Value: dev-vm
- UserData:
- Fn::Base64:
- !Sub |
- #!/bin/bash -xe
- apt-get update
- debconf-set-selections <<< \"postfix postfix/mailname string dev.inspire.com\"
- debconf-set-selections <<< \"postfix postfix/main_mailer_type string 'Internet Site'\"
- DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -yq -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold'
- apt-get install -y redis-tools mutt exuberant-ctags git build-essential tree tmux docker-compose mysql-client python-pip docker.io
- useradd -m -p ${SaltedPassword} -s /bin/bash ${UserName}
- adduser ${UserName} sudo; adduser ${UserName} docker
- mkdir -p /home/${UserName}/.ssh
- cp /home/ubuntu/.ssh/authorized_keys /home/${UserName}/.ssh/authorized_keys
- chown -R ${UserName}:${UserName} /home/${UserName}/.ssh
- sudo -u ${UserName} pip install awscli --upgrade --user
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement