AWSTemplateFormatVersion: "2010-09-09" Description: AWS Hands-on for Beginners monitoing-1 template Parameters: EC2InstanceType: Type: String Default: t3.micro EC2AMI: Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 RDSInstanceType: Type: String Default: db.t3.micro DBUser: Type: String Default: dbmaster DBPassword: Type: String Default: H&ppyHands0n NoEcho: true Resources: CFnVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 InstanceTenancy: default EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-vpc PublicSubnet1: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.0.0/24 VpcId: !Ref CFnVPC AvailabilityZone: !Select [0, !GetAZs ] MapPublicIpOnLaunch: true Tags: - Key: Name Value: PublicSubnet1 PublicSubnet2: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.1.0/24 VpcId: !Ref CFnVPC AvailabilityZone: !Select [1, !GetAZs ] MapPublicIpOnLaunch: true Tags: - Key: Name Value: PublicSubnet2 PrivateSubnet1: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.2.0/24 VpcId: !Ref CFnVPC AvailabilityZone: !Select [0, !GetAZs ] Tags: - Key: Name Value: PrivateSubnet1 PrivateSubnet2: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.3.0/24 VpcId: !Ref CFnVPC AvailabilityZone: !Select [1, !GetAZs ] Tags: - Key: Name Value: PrivateSubnet2 CFnVPCIGW: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Sub ${AWS::StackName}-igw CFnVPCIGWAttach: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref CFnVPCIGW VpcId: !Ref CFnVPC PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref CFnVPC Tags: - Key: Name Value: Public Route PublicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref CFnVPCIGW PublicSubnet1Assoc: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicRouteTable PublicSubnet2Assoc: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet2 RouteTableId: !Ref PublicRouteTable EC2WebServer01: Type: AWS::EC2::Instance Properties: Tags: - Key: Name Value: !Sub ${AWS::StackName}-WebServer01 ImageId: !Ref EC2AMI InstanceType: !Ref EC2InstanceType NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: '0' SubnetId: !Ref PublicSubnet1 GroupSet: - !Ref SecurityGroupWebServer UserData: !Base64 | #! /bin/bash yum update -y amazon-linux-extras install php7.2 -y yum -y install mysql httpd php-mbstring php-xml wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/ tar zxvf /tmp/latest-ja.tar.gz -C /tmp cp -r /tmp/wordpress/* /var/www/html/ touch /var/www/html/.check_alive chown apache:apache -R /var/www/html systemctl enable httpd.service systemctl start httpd.service wget https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm -P /tmp/ sudo rpm -U /tmp/amazon-cloudwatch-agent.rpm mv /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default /home/ec2-user/ wget https://raw.githubusercontent.com/midnight480/aws-monitoring-hands-on-1/master/amazon-cloudwatch-agent.json -P /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/ sudo systemctl restart amazon-cloudwatch-agent IamInstanceProfile: !Ref IAMInstanceProfile DependsOn: IAMInstanceProfile EC2WebServer02: Type: AWS::EC2::Instance Properties: Tags: - Key: Name Value: !Sub ${AWS::StackName}-WebServer02 ImageId: !Ref EC2AMI InstanceType: !Ref EC2InstanceType NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: '0' SubnetId: !Ref PublicSubnet2 GroupSet: - !Ref SecurityGroupWebServer UserData: !Base64 | #! /bin/bash yum update -y amazon-linux-extras install php7.2 -y yum -y install mysql httpd php-mbstring php-xml wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/ tar zxvf /tmp/latest-ja.tar.gz -C /tmp cp -r /tmp/wordpress/* /var/www/html/ touch /var/www/html/.check_alive chown apache:apache -R /var/www/html systemctl enable httpd.service systemctl start httpd.service wget https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm -P /tmp/ sudo rpm -U /tmp/amazon-cloudwatch-agent.rpm mv /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/default /home/ec2-user/ wget https://raw.githubusercontent.com/midnight480/aws-monitoring-hands-on-1/master/amazon-cloudwatch-agent.json -P /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/ sudo systemctl restart amazon-cloudwatch-agent IamInstanceProfile: !Ref IAMInstanceProfile DependsOn: IAMInstanceProfile SecurityGroupWebServer: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref CFnVPC GroupName: !Sub ${AWS::StackName}-WebServer GroupDescription: !Sub ${AWS::StackName}-WebServer Tags: - Key: Name Value: !Sub ${AWS::StackName}-WebServer SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 Monitoring1EC2RoleforSSM: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: 'sts:AssumeRole' Effect: Allow Principal: Service: ec2.amazonaws.com Description: Allows EC2 instances to call AWS services on your behalf. ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy MaxSessionDuration: 3600 Path: "/" RoleName: Monitoring1EC2RoleforSSM IAMInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Roles: [ !Ref Monitoring1EC2RoleforSSM ] Path: "/" FrontLB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Name: !Sub ${AWS::StackName}-elb Subnets: - !Ref PublicSubnet1 - !Ref PublicSubnet2 SecurityGroups: - !Ref SecurityGroupLB FrontLBListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: LoadBalancerArn: !Ref FrontLB Port: 80 Protocol: HTTP DefaultActions: - Type: forward TargetGroupArn: !Ref FrontLBTargetGroup FrontLBTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Sub ${AWS::StackName}-tg VpcId: !Ref CFnVPC Port: 80 Protocol: HTTP HealthCheckPath: /.check_alive Targets: - Id: !Ref EC2WebServer01 - Id: !Ref EC2WebServer02 SecurityGroupLB: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref CFnVPC GroupName: !Sub ${AWS::StackName}-lb-security-group GroupDescription: !Sub ${AWS::StackName}-lb-security-group Tags: - Key: Name Value: !Sub ${AWS::StackName}-lb-security-group SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 DBInstance: Type: AWS::RDS::DBInstance DeletionPolicy: Delete Properties: DBInstanceIdentifier: !Sub ${AWS::StackName}-rds DBName: wordpress Engine: MySQL MasterUsername: !Ref DBUser MasterUserPassword: !Ref DBPassword DBInstanceClass: !Ref RDSInstanceType StorageType: gp3 AllocatedStorage: '20' BackupRetentionPeriod: 0 DBSubnetGroupName: !Ref DBSubnetGroup MultiAZ: true VPCSecurityGroups: - !Ref SecurityGroupDB DBSubnetGroup: Type: AWS::RDS::DBSubnetGroup Properties: DBSubnetGroupDescription: DB Subnet Group for Private Subnet SubnetIds: - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 SecurityGroupDB: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref CFnVPC GroupName: !Sub ${AWS::StackName}-MySQL GroupDescription: !Sub ${AWS::StackName}-MySQL Tags: - Key: Name Value: !Sub ${AWS::StackName}-MySQL SecurityGroupIngress: - IpProtocol: tcp FromPort: 3306 ToPort: 3306 CidrIp: 10.0.0.0/16 Outputs: VPCID: Description: VPC ID Value: !Ref CFnVPC PublicSubnet1: Description: PublicSubnet 1 Value: !Ref PublicSubnet1 PublicSubnet2: Description: PublicSubnet 2 Value: !Ref PublicSubnet2 PrivateSubnet1: Description: PrivateSubnet 1 Value: !Ref PrivateSubnet1 PrivateSubnet2: Description: PrivateSubnet 2 Value: !Ref PrivateSubnet2 EC2WebServer01: Value: !Ref EC2WebServer01 EC2WebServer01DNS: Value: !GetAtt EC2WebServer01.PublicDnsName EC2WebServer02: Value: !Ref EC2WebServer02 EC2WebServer02DNS: Value: !GetAtt EC2WebServer02.PublicDnsName FrontLBEndpoint: Value: !GetAtt FrontLB.DNSName RDSEndpointAddress: Value: !GetAtt DBInstance.Endpoint.Address