Skip to content

bertrandmartel/cloudformation-templates

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
draw
draw
 
 
ecs
ecs
 
 
elasticache
elasticache
 
 
lambda
lambda
 
 
vpc-infra
vpc-infra
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

CloudFormation templates

A collection of cloudformation templates

Table of Content

VPC Infra

1 - Nat Instances

nat-instances.yml

nat_instances

Architecture featuring :

  • 1 VPC
  • 3 public subnet accross 3AZ
  • 3 private subnet accross 3AZ
  • 3 NAT instances accross 3AZ
  • 1 InternetGateway

The 3 NAT instances are living on different public subnet and have their own Security Group accepting incoming request (tcp & icmp) from their respective private subnet

Also 3 RoutingTable for each private subnet routes 0.0.0.0/0 to the corresponding NAT instance

2 - Nat Gateway

nat-gateway.yml

nat_gateway

Architecture featuring :

  • 1 VPC
  • 3 public subnet accross 3AZ
  • 3 private subnet accross 3AZ
  • 3 NATGateway accross 3AZ
  • 1 InternetGateway

3 RoutingTable for each private subnet routes 0.0.0.0/0 to the corresponding NAT Gateway

Pricing

Note that using the Nat Gateway infra is 3 times more expensive than using Nat Instance (see pricing)

ECS Infra

ecs-infra.yml

ecs-service.yml

ecs-infra

ECS Infra stack

Features :

  • 1 ECS Cluster
  • 1 Application Load Balancer (ALB) on 3 Public subnet
  • 1 Listener on 80 redirecting to https
  • 1 Listener on 443 forwarding to a default Target Group
  • 1 AutoScalingGroup on 3 Private subnet

The ALB Security Group accept incoming tcp requests from '0.0.0.0/0' on port 80 and 443

EC2 instances have SSM service installed (not installed by default on ECS optimized AMI)

ECS Service stack

Features :

  • 1 ECS Service
  • 1 ECS TaskDefinition
  • 1 Target Group which is targeted by the ECS Service
  • 1 Listener Rule which route traffic for a specific hostname to the previous Target Group
  • 1 Route53 DNS Record with the specific hostname pointing to the ALB (see ECS infra stack above)

Some notorious parameters :

  • HostZone: name of your hostzone
  • DockerImageURL: docker image URL

ElastiCache

elasticache.yml

  • ElastiCache Cluster

Security Group of Elasticache Cluster accept incoming tcp request from '0.0.0.0/0' on port 6379

The subnet parameter should use private subnets

Lambda launch at creation

In order to launch a lambda at stack creation, you need to use a Custom Resource. You need to create a lambda expecting to receive Custom Resource Request Input. Using go, it looks like that.

Also you need to create a physical resource ID when you receive the Create event. And then re-use the physical resource ID you will receive in the UPDATE or DELETE subsequent events. Failing to doing so would result in your stack getting stuck in DELETE_IN_PROGRESS state.

A minimal example in golang and the cloudformation stack :

Some useful resources about custom resources / lambda :

About

📚 A collection of AWS cloudformation templates

Topics

aws nat ecs subnet vpc infrastructure-as-code aws-cloudformation elasticache

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages