AWSTemplateFormatVersion: 2010-09-09 Resources: ApplicationLoadBalancer: Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' Properties: Subnets: - !Ref pubnet1 - !Ref pubnet2 SecurityGroups: - !Ref elbgroup Metadata: 'AWS::CloudFormation::Designer': id: 01cf8a1b-c08c-4410-b833-5bab98a4cc0d ALBListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref ALBTargetGroup LoadBalancerArn: !Ref ApplicationLoadBalancer Port: '81' Protocol: HTTP Metadata: 'AWS::CloudFormation::Designer': id: cf883cbd-fd01-45a1-b42e-3cc732475a48 ALBListenerRule: Type: 'AWS::ElasticLoadBalancingV2::ListenerRule' Properties: Actions: - Type: forward TargetGroupArn: !Ref ALBTargetGroup Conditions: - Field: path-pattern Values: - / ListenerArn: !Ref ALBListener Priority: 1 Metadata: 'AWS::CloudFormation::Designer': id: bfa5c894-73f0-40e1-a0ad-7a6d83d61f84 ALBTargetGroup: Type: 'AWS::ElasticLoadBalancingV2::TargetGroup' Properties: HealthCheckIntervalSeconds: 30 HealthCheckPath: / HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 3 Port: 7777 Protocol: HTTP UnhealthyThresholdCount: 5 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: da90ade6-53eb-497d-a36a-b4ab683f9948 RootRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com - ec2.amazonaws.com.cn - ecs-tasks.amazonaws.com - vpc-flow-logs.amazonaws.com Action: - 'sts:AssumeRole' Path: / RoleName: !Ref roleName Metadata: 'AWS::CloudFormation::Designer': id: 5a809822-8fad-40ca-bd0f-7aae64ae7b4a RolePolicies: Type: 'AWS::IAM::Policy' Properties: PolicyName: root PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: '*' Resource: '*' Roles: - Ref: RootRole Metadata: 'AWS::CloudFormation::Designer': id: 41ab1589-d187-45a1-99aa-379280c9f643 RootInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - Ref: RootRole Metadata: 'AWS::CloudFormation::Designer': id: 15050a6e-6cfb-43ec-b19f-c3c3102187d3 vpc1: Type: 'AWS::EC2::VPC' Properties: CidrBlock: !Ref vpccidr EnableDnsHostnames: 'true' EnableDnsSupport: 'true' Tags: - Key: Name Value: vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 36050a81-2f2b-4482-9d6a-763dbad1b527 pubnet1: Type: 'AWS::EC2::Subnet' Properties: MapPublicIpOnLaunch: true AvailabilityZone: !Select - '0' - !GetAZs '' CidrBlock: !Ref pubnet1cidr Tags: - Key: Name Value: pubnet1 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: d00fad60-d71a-4bfc-988a-65236dea5a6f pubnet2: Type: 'AWS::EC2::Subnet' Properties: MapPublicIpOnLaunch: true AvailabilityZone: !Select - '1' - !GetAZs '' CidrBlock: !Ref pubnet2cidr Tags: - Key: Name Value: pubnet2 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: dbc87cce-6f33-46fb-8684-24fc5008ad91 webnet1: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select - '0' - !GetAZs '' CidrBlock: !Ref webnet1cidr Tags: - Key: Name Value: webnet1 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 30f1713d-c319-4dcb-8730-c4baf0cb207a webnet2: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select - '1' - !GetAZs '' CidrBlock: !Ref webnet2cidr Tags: - Key: Name Value: webnet2 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: bd5423c4-721b-4194-a7ba-b8d4b437683a dbnet1: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select - '0' - !GetAZs '' CidrBlock: !Ref dbnet1cidr Tags: - Key: Name Value: dbnet1 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: d721de76-5cf2-416c-985d-2bd9d10d4c3c dbnet2: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select - '1' - !GetAZs '' CidrBlock: !Ref dbnet2cidr Tags: - Key: Name Value: dbnet2 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: d3655dff-3e6c-4e71-b429-782c249ead24 table1: Type: 'AWS::EC2::RouteTable' Properties: Tags: - Key: Name Value: table1 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 5a28c477-28f7-4f63-96e4-eba4f2af91c8 table2: Type: 'AWS::EC2::RouteTable' Properties: Tags: - Key: Name Value: table2 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: e7cb3a54-60cc-4806-b6c5-51dd541555b2 table3: Type: 'AWS::EC2::RouteTable' Properties: Tags: - Key: Name Value: table3 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: b031b8a3-c571-4e9b-967f-e777ca927d08 igw1: Type: 'AWS::EC2::InternetGateway' Properties: {} Metadata: 'AWS::CloudFormation::Designer': id: 4f2d896c-333a-4e40-acf1-a4d29c7f1e04 EC2VPCG2BPGG: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: InternetGatewayId: !Ref igw1 VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 544c5488-107f-4d4f-99d7-f22003afd889 natgateway1: Type: 'AWS::EC2::NatGateway' Properties: AllocationId: !GetAtt - eip1 - AllocationId SubnetId: !Ref pubnet1 Metadata: 'AWS::CloudFormation::Designer': id: df5bea53-45ac-47d0-ae9e-32e7d54a37a5 natgateway2: Type: 'AWS::EC2::NatGateway' Properties: AllocationId: !GetAtt - eip2 - AllocationId SubnetId: !Ref pubnet2 Metadata: 'AWS::CloudFormation::Designer': id: b8570bf1-7fe5-4d58-8fb9-83e3660f2170 eip1: Type: 'AWS::EC2::EIP' Properties: {} Metadata: 'AWS::CloudFormation::Designer': id: d77dbe47-fc90-4338-8ff2-af4000405dde eip2: Type: 'AWS::EC2::EIP' Properties: {} Metadata: 'AWS::CloudFormation::Designer': id: e8777cd9-8375-401a-ad6f-52051c09dc89 EC2SRTA51E2B: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref pubnet1 RouteTableId: !Ref table1 Metadata: 'AWS::CloudFormation::Designer': id: 72574f43-a5f8-4c3b-bcf7-f8b199887e9c EC2SRTA2YHOD: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref pubnet2 RouteTableId: !Ref table1 Metadata: 'AWS::CloudFormation::Designer': id: f7e5fe7c-a1c1-48e0-8743-daa1f0e3fb06 EC2SRTA2VWB8: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: RouteTableId: !Ref table2 SubnetId: !Ref webnet1 Metadata: 'AWS::CloudFormation::Designer': id: 5b9f52cd-7dd4-4a0e-88d2-ebd48368e2a4 EC2SRTA26CTN: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref dbnet1 RouteTableId: !Ref table2 Metadata: 'AWS::CloudFormation::Designer': id: 3cedd898-d918-44c1-938d-cfc6512301ea EC2SRTAH6LA: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref webnet2 RouteTableId: !Ref table3 Metadata: 'AWS::CloudFormation::Designer': id: 91524a30-078a-41c2-a34e-0f16b37b3691 EC2SRTA1VSM: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref dbnet2 RouteTableId: !Ref table3 Metadata: 'AWS::CloudFormation::Designer': id: 1220e1c3-e8c3-4f7a-998d-e60203564b8d route1: Type: 'AWS::EC2::Route' Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref igw1 RouteTableId: !Ref table1 Metadata: 'AWS::CloudFormation::Designer': id: d037ea69-ec83-4c36-92f7-12c199349fd9 route2: Type: 'AWS::EC2::Route' Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref natgateway1 RouteTableId: !Ref table2 Metadata: 'AWS::CloudFormation::Designer': id: 64d213ca-d8f7-45f3-a53b-6001ad55ba0a route3: Type: 'AWS::EC2::Route' Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref natgateway2 RouteTableId: !Ref table3 Metadata: 'AWS::CloudFormation::Designer': id: c5cec4ea-e367-424f-9e78-92220722b760 elbgroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: sg_elb GroupName: sg_elb Tags: - Key: Name Value: sg_elb SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 41ff46eb-edb8-456f-9183-4d7eea31e49a webgroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: !Ref sgName GroupName: !Ref sgName Tags: - Key: Name Value: !Ref sgName SecurityGroupIngress: - IpProtocol: tcp FromPort: 7777 ToPort: 7777 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 3d3c83e4-c428-4628-a0e2-d4415ec6cfd6 dbgroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: dbgroup GroupName: !Ref elasticachSg Tags: - Key: Name Value: !Ref elasticachSg SecurityGroupIngress: - SourceSecurityGroupId: !Ref webgroup FromPort: !Ref cacheport ToPort: !Ref cacheport IpProtocol: tcp - SourceSecurityGroupId: !Ref webgroup FromPort: '2049' ToPort: '2049' IpProtocol: tcp - SourceSecurityGroupId: !Ref webgroup FromPort: '5432' ToPort: '5432' IpProtocol: tcp SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1 redissg: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: redissg GroupName: elasticache_redis Tags: - Key: Name Value: elasticache_redis SecurityGroupIngress: - SourceSecurityGroupId: !Ref webgroup FromPort: '6379' ToPort: '6379' IpProtocol: tcp - SourceSecurityGroupId: !Ref webgroup FromPort: '2049' ToPort: '2049' IpProtocol: tcp SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: e2fe8abf-7e4a-472a-88e6-52c5b75b9924 efssg: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: sgefs GroupName: sg_efs Tags: - Key: Name Value: sg_efs SecurityGroupIngress: - SourceSecurityGroupId: !Ref webgroup FromPort: '2049' ToPort: '2049' IpProtocol: tcp - SourceSecurityGroupId: !Ref lambdasg FromPort: '2049' ToPort: '2049' IpProtocol: tcp SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: a2a71bad-d448-4630-ae7a-ac51d0366306 cachegroup: Type: 'AWS::ElastiCache::SubnetGroup' Properties: CacheSubnetGroupName: cachegroup Description: cachegroup SubnetIds: - !Ref dbnet1 - !Ref dbnet2 Metadata: 'AWS::CloudFormation::Designer': id: 4c252f4a-8901-40df-b0a2-386cee29c258 rdsgroup: Type: 'AWS::RDS::DBSubnetGroup' Properties: DBSubnetGroupDescription: rdsgroup DBSubnetGroupName: rdsgroup Tags: - Key: Name Value: rdsgroup SubnetIds: - !Ref dbnet1 - !Ref dbnet2 Metadata: 'AWS::CloudFormation::Designer': id: 00338a06-280d-4c12-9255-b77136a19138 rdssg: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: sg_rds GroupName: sg_rds Tags: - Key: Name Value: sg_rds SecurityGroupIngress: - SourceSecurityGroupId: !Ref webgroup FromPort: '3306' ToPort: '3306' IpProtocol: tcp - SourceSecurityGroupId: !Ref webgroup FromPort: '5432' ToPort: '5432' IpProtocol: tcp - SourceSecurityGroupId: !Ref lambdasg FromPort: '5432' ToPort: '5432' IpProtocol: tcp - SourceSecurityGroupId: !Ref lambdasg FromPort: '3306' ToPort: '3306' IpProtocol: tcp SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1 lambdasg: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: sg_lambda GroupName: sg_lambda Tags: - Key: Name Value: sg_lambda SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: '-1' VpcId: !Ref vpc1 Metadata: 'AWS::CloudFormation::Designer': id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1 Parameters: vpccidr: Type: String Default: 192.168.0.0/16 pubnet1cidr: Type: String Default: 192.168.1.0/24 pubnet2cidr: Type: String Default: 192.168.2.0/24 webnet1cidr: Type: String Default: 192.168.3.0/24 webnet2cidr: Type: String Default: 192.168.4.0/24 dbnet1cidr: Type: String Default: 192.168.5.0/24 dbnet2cidr: Type: String Default: 192.168.6.0/24 elasticachSg: Type: String Default: elasticache_memcache cacheport: Type: String Default: '11211' sgName: Type: String Default: sg_ai roleName: Type: String Default: BaseRole Outputs: PUBnet1id: Value: !Ref pubnet1 PUBnet2id: Value: !Ref pubnet2 WEBbnet1id: Value: !Ref webnet1 WEBnet2id: Value: !Ref webnet2 DBnet1id: Value: !Ref dbnet1 DBnet2id: Value: !Ref dbnet2 Vpcid: Value: !Ref vpc1 ELBsecurityGroup: Value: !Ref elbgroup ServerSecurityGroup: Value: !Ref webgroup MemcacheSecurityid: Value: !Ref dbgroup EFSSecurityGroup: Value: !Ref efssg RedisSG: Value: !Ref redissg