forked from aws-samples/aws-refarch-drupal
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-refarch-drupal-03-publicalb.yaml
144 lines (132 loc) · 4.34 KB
/
aws-refarch-drupal-03-publicalb.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
AWSTemplateFormatVersion: 2010-09-09
Description: Reference Architecture to host Drupal on AWS - Creates an Application Load Balancer
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: ALB Parameters
Parameters:
- Vpc
- PublicAlbAcmCertificate
- PublicAlbSecurityGroup
- PublicSubnet0
- PublicSubnet1
- PublicSubnet2
ParameterLabels:
Vpc:
default: Vpc Id
PublicAlbAcmCertificate:
default: ALB Certificate ARN
PublicAlbSecurityGroup:
default: Public ALB Security Group
PublicSubnet0:
default: Public Subnet for AZ 0
PublicSubnet1:
default: Public Subnet for AZ 1
PublicSubnet2:
default: Public Subnet for AZ 2
Parameters:
PublicAlbAcmCertificate:
AllowedPattern: ^$|(arn:aws:acm:)([a-z0-9/:-])*([a-z0-9])$
Description: '[ Optional ] The AWS Certification Manager certificate ARN for the ALB certificate - this certificate should be created in the region you wish to run the ALB and must reference the Drupal domain name you use below.'
Type: String
PublicAlbSecurityGroup:
Description: Select the ALB security group.
Type: AWS::EC2::SecurityGroup::Id
PublicSubnet0:
Description: Select an existing public subnet for AZ 0.
Type: AWS::EC2::Subnet::Id
PublicSubnet1:
Description: Select an existing public subnet for AZ 1.
Type: AWS::EC2::Subnet::Id
PublicSubnet2:
Description: Select an existing public subnet for AZ 2.
Type: AWS::EC2::Subnet::Id
Vpc:
Description: Select an existing Vpc
Type: AWS::EC2::VPC::Id
Conditions:
SslCertificate:
!Not [!Equals [ '', !Ref PublicAlbAcmCertificate ] ]
NoSslCertificate:
!Equals [ '', !Ref PublicAlbAcmCertificate ]
MoreThan2AZ:
!Or [
!Equals [ !Ref 'AWS::Region', us-east-1 ],
!Equals [ !Ref 'AWS::Region', us-east-2 ],
!Equals [ !Ref 'AWS::Region', us-west-2 ],
!Equals [ !Ref 'AWS::Region', eu-west-1 ],
!Equals [ !Ref 'AWS::Region', sa-east-1 ],
!Equals [ !Ref 'AWS::Region', ap-northeast-1 ],
!Equals [ !Ref 'AWS::Region', ap-southeast-2 ]
]
Resources:
PublicAlbListenerNoSslCertificate:
Type : AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref PublicAlbTargetGroup
LoadBalancerArn: !Ref PublicApplicationLoadBalancer
Port: 80
Protocol: HTTP
PublicAlbListenerSslCertificate:
Condition: SslCertificate
Type : AWS::ElasticLoadBalancingV2::Listener
Properties:
Certificates:
- CertificateArn: !Ref PublicAlbAcmCertificate
DefaultActions:
- Type: forward
TargetGroupArn: !Ref PublicAlbTargetGroup
LoadBalancerArn: !Ref PublicApplicationLoadBalancer
Port: 443
Protocol: HTTPS
PublicApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets:
!If [
MoreThan2AZ,
[ !Ref PublicSubnet0, !Ref PublicSubnet1, !Ref PublicSubnet2 ],
[ !Ref PublicSubnet0, !Ref PublicSubnet1 ]
]
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: 60
SecurityGroups:
- !Ref PublicAlbSecurityGroup
Tags:
- Key: Name
Value: !Join [ '', [ 'Public ALB / ', !Ref 'AWS::StackName' ] ]
PublicAlbTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 30
HealthCheckPath: /
HealthCheckTimeoutSeconds: 5
Name: 'DrupalPublicAlb'
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: !Join [ '', [ 'Public ALB / ', !Ref 'AWS::StackName' ] ]
UnhealthyThresholdCount: 5
VpcId: !Ref Vpc
Outputs:
PublicAlbTargetGroupArn:
Value:
!Ref PublicAlbTargetGroup
PublicAlbCanonicalHostedZoneId:
Value:
!GetAtt PublicApplicationLoadBalancer.CanonicalHostedZoneID
PublicAlbDnsName:
Value:
!GetAtt PublicApplicationLoadBalancer.DNSName
PublicAlbHostname:
Value:
!If [ NoSslCertificate, !Join [ '', [ 'http://', !GetAtt PublicApplicationLoadBalancer.DNSName ] ], !Join [ '', [ 'https://', !GetAtt PublicApplicationLoadBalancer.DNSName ] ] ]
SslCertificate:
Value:
!If [ SslCertificate, True, False ]