AWS Cloud Formation (example 7)

  • Load Balancers Stickiness
  • EC2
  • Security Group
    • for Load Balancer
    • for EC2 Web Instances
AWSTemplateFormatVersion: 2010-09-09

Parameters:
  BastionKeyName:
    Description: The EC2 Key Pair to allow SSH access to the bastion
    Type: 'AWS::EC2::KeyPair::KeyName'
    Default: bastion
  InstanceKeyName:
    Description: The EC2 Key Pair to allow SSH access to the instance
    Type: 'AWS::EC2::KeyPair::KeyName'
    Default: instance
  ParameterVPC:
    Type: 'AWS::EC2::VPC::Id'
    Description: The list of VPC in your Virtual Private Cloud (VPC)
  ParameterSubnet1:
    Type: AWS::EC2::Subnet::Id
    Description: The SubnetId
  ParameterSubnet2:
    Type: AWS::EC2::Subnet::Id
    Description: The SubnetId

Resources:

  Web1Ec2Instance:
    DependsOn: InstanceSecurityGroup
    Type: 'AWS::EC2::Instance'
    Properties:
      NetworkInterfaces:
      - AssociatePublicIpAddress: True
        DeviceIndex: "0"
        GroupSet:
        - !Ref InstanceSecurityGroup
        SubnetId:
          !Ref ParameterSubnet1
      KeyName: !Ref InstanceKeyName
      ImageId: 'ami-035b3c7efe6d061d5'
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-web-1
      UserData:
        Fn::Base64:
          !Sub |
            #!/bin/bash -xe
            yum update -y
            yum install httpd -y
            /etc/init.d/httpd start
            echo "Server 1" > /var/www/html/index.html

  Web2Ec2Instance:
    DependsOn: InstanceSecurityGroup
    Type: 'AWS::EC2::Instance'
    Properties:
      NetworkInterfaces:
      - AssociatePublicIpAddress: True
        DeviceIndex: "0"
        GroupSet:
        - !Ref InstanceSecurityGroup
        SubnetId:
          !Ref ParameterSubnet1
      KeyName: !Ref InstanceKeyName
      ImageId: 'ami-035b3c7efe6d061d5'
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-web-2
      UserData:
        Fn::Base64:
          !Sub |
            #!/bin/bash -xe
            yum update -y
            yum install httpd -y
            /etc/init.d/httpd start
            echo "Server 2" > /var/www/html/index.html

  Web3Ec2Instance:
    DependsOn: InstanceSecurityGroup
    Type: 'AWS::EC2::Instance'
    Properties:
      NetworkInterfaces:
      - AssociatePublicIpAddress: True
        DeviceIndex: "0"
        GroupSet:
        - !Ref InstanceSecurityGroup
        SubnetId:
          !Ref ParameterSubnet1
      KeyName: !Ref InstanceKeyName
      ImageId: 'ami-035b3c7efe6d061d5'
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-web-3
      UserData:
        Fn::Base64:
          !Sub |
            #!/bin/bash -xe
            yum update -y
            yum install httpd -y
            /etc/init.d/httpd start
            echo "Server 3" > /var/www/html/index.html

# SecurityGroup --------------------------------------------------------------------

  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      VpcId: !Ref ParameterVPC
      GroupDescription: Instance access
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-instance
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '80'
        ToPort: '80'
        "SourceSecurityGroupId": {
          "Fn::GetAtt": [
            "LBSecurityGroup",
            "GroupId"
          ]
        }
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp: 0.0.0.0/0

  LBSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      VpcId: !Ref ParameterVPC
      GroupDescription: LB access
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-lb
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '80'
        ToPort: '80'
        CidrIp: 0.0.0.0/0


# LoadBalancer --------------------------------------------------------------------

  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Subnets:
      - !Ref ParameterSubnet1
      - !Ref ParameterSubnet2
      SecurityGroups:
      - Fn::GetAtt: [ LBSecurityGroup, GroupId ]
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-lb

  LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: HTTP
      DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref DefaultTargetGroup

  DefaultTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: !Sub ${AWS::StackName}-dtg
      VpcId: !Ref ParameterVPC
      Port: 80
      Protocol: HTTP
      TargetGroupAttributes:
      - Key: stickiness.enabled
        Value: true
      - Key: stickiness.lb_cookie.duration_seconds
        Value: 45
      Targets:
      - Id: !Ref Web1Ec2Instance
      - Id: !Ref Web2Ec2Instance
      - Id: !Ref Web3Ec2Instance