| commit | author | age | ||
| 83a3b0 | 1 | #jinja2: lstrip_blocks: True |
| 8d7955 | 2 | --- |
| WK | 3 | AWSTemplateFormatVersion: "2010-09-09" |
| 4 | Mappings: | |
| 4853d5 | 5 | RegionMapping: {{ aws_ami_region_mapping | to_json }} |
| JM | 6 | DNSMapping: {{ aws_dns_mapping | to_json }} |
| 8d7955 | 7 | |
| WK | 8 | Resources: |
| 9 | Vpc: | |
| 10 | Type: "AWS::EC2::VPC" | |
| 11 | Properties: | |
| fc2bc8 | 12 | CidrBlock: "192.168.0.0/16" |
| 8d7955 | 13 | EnableDnsSupport: true |
| WK | 14 | EnableDnsHostnames: true |
| 15 | Tags: | |
| 16 | - Key: Name | |
| 17 | Value: "{{vpcid_name_tag}}" | |
| 18 | - Key: Hostlication | |
| 19 | Value: | |
| 20 | Ref: "AWS::StackId" | |
| 21 | ||
| 22 | VpcInternetGateway: | |
| 23 | Type: "AWS::EC2::InternetGateway" | |
| 24 | ||
| 25 | VpcGA: | |
| 26 | Type: "AWS::EC2::VPCGatewayAttachment" | |
| 27 | Properties: | |
| 28 | InternetGatewayId: | |
| 29 | Ref: VpcInternetGateway | |
| 30 | VpcId: | |
| 31 | Ref: Vpc | |
| 32 | ||
| 33 | VpcRouteTable: | |
| 34 | Type: "AWS::EC2::RouteTable" | |
| 35 | Properties: | |
| 36 | VpcId: | |
| 37 | Ref: Vpc | |
| 38 | ||
| 39 | VPCRouteInternetGateway: | |
| 40 | DependsOn: VpcGA | |
| 41 | Type: "AWS::EC2::Route" | |
| 42 | Properties: | |
| 43 | GatewayId: | |
| 44 | Ref: VpcInternetGateway | |
| 45 | DestinationCidrBlock: "0.0.0.0/0" | |
| 46 | RouteTableId: | |
| 47 | Ref: VpcRouteTable | |
| 48 | ||
| 49 | PublicSubnet: | |
| 50 | Type: "AWS::EC2::Subnet" | |
| 51 | DependsOn: | |
| 52 | - Vpc | |
| 53 | Properties: | |
| fc2bc8 | 54 | CidrBlock: "192.168.0.0/24" |
| 8d7955 | 55 | Tags: |
| WK | 56 | - Key: Name |
| 57 | Value: "{{project_tag}}" | |
| 58 | - Key: Hostlication | |
| 59 | Value: | |
| 60 | Ref: "AWS::StackId" | |
| 61 | MapPublicIpOnLaunch: true | |
| 62 | VpcId: | |
| 63 | Ref: Vpc | |
| 64 | ||
| 65 | PublicSubnetRTA: | |
| 66 | Type: "AWS::EC2::SubnetRouteTableAssociation" | |
| 67 | Properties: | |
| 68 | RouteTableId: | |
| 69 | Ref: VpcRouteTable | |
| 70 | SubnetId: | |
| 71 | Ref: PublicSubnet | |
| 72 | ||
| 73 | HostSG: | |
| 74 | Type: "AWS::EC2::SecurityGroup" | |
| 75 | Properties: | |
| 76 | GroupDescription: Host | |
| 77 | VpcId: | |
| 78 | Ref: Vpc | |
| 79 | Tags: | |
| 80 | - Key: Name | |
| 81 | Value: host_sg | |
| 82 | ||
| 83 | HostUDPPorts: | |
| 84 | Type: "AWS::EC2::SecurityGroupIngress" | |
| 85 | Properties: | |
| 86 | GroupId: | |
| 87 | Fn::GetAtt: | |
| 88 | - HostSG | |
| 89 | - GroupId | |
| 90 | IpProtocol: udp | |
| 0c0b9c | 91 | FromPort: 60000 |
| WK | 92 | ToPort: 60003 |
| 8d7955 | 93 | CidrIp: "0.0.0.0/0" |
| WK | 94 | |
| 0c0b9c | 95 | HostTCPPortsSSH: |
| 8d7955 | 96 | Type: "AWS::EC2::SecurityGroupIngress" |
| WK | 97 | Properties: |
| 98 | GroupId: | |
| 99 | Fn::GetAtt: | |
| 100 | - HostSG | |
| 101 | - GroupId | |
| 102 | IpProtocol: tcp | |
| 0c0b9c | 103 | FromPort: 22 |
| WK | 104 | ToPort: 22 |
| 105 | CidrIp: "0.0.0.0/0" | |
| 106 | HostTCPPortsHTTP: | |
| 107 | Type: "AWS::EC2::SecurityGroupIngress" | |
| 108 | Properties: | |
| 109 | GroupId: | |
| 110 | Fn::GetAtt: | |
| 111 | - HostSG | |
| 112 | - GroupId | |
| 113 | IpProtocol: tcp | |
| 114 | FromPort: 80 | |
| 115 | ToPort: 80 | |
| 116 | CidrIp: "0.0.0.0/0" | |
| 117 | HostTCPPortsHTTPS: | |
| 118 | Type: "AWS::EC2::SecurityGroupIngress" | |
| 119 | Properties: | |
| 120 | GroupId: | |
| 121 | Fn::GetAtt: | |
| 122 | - HostSG | |
| 123 | - GroupId | |
| 124 | IpProtocol: tcp | |
| 125 | FromPort: 443 | |
| 126 | ToPort: 443 | |
| 8d7955 | 127 | CidrIp: "0.0.0.0/0" |
| WK | 128 | |
| 129 | zoneinternalidns: | |
| 130 | Type: "AWS::Route53::HostedZone" | |
| 131 | Properties: | |
| 132 | Name: "{{ zone_internal_dns }}" | |
| 133 | VPCs: | |
| 134 | - VPCId: | |
| 135 | Ref: Vpc | |
| 136 | VPCRegion: | |
| 137 | Ref: "AWS::Region" | |
| 138 | HostedZoneConfig: | |
| 139 | Comment: "Created By ansible agnostic deployer" | |
| 140 | ||
| 4853d5 | 141 | {# if deploying many clientvms #} |
| 7246db | 142 | {% if num_users|d(1)|int > 1 %} |
| WK | 143 | {% for c in range(1,num_users|int+1) %} |
| 144 | ||
| 145 | clientvm{{loop.index}}: | |
| 146 | Type: "AWS::EC2::Instance" | |
| 147 | Properties: | |
| 6af01e | 148 | {% if custom_image is defined %} |
| GC | 149 | ImageId: {{ custom_image.image_id }} |
| 150 | {% else %} | |
| 7246db | 151 | ImageId: |
| WK | 152 | Fn::FindInMap: |
| 153 | - RegionMapping | |
| 154 | - Ref: AWS::Region | |
| 379595 | 155 | {% if 'image_id' in instances[0] %} |
| GC | 156 | - {{ instances[0].image_id }} |
| 157 | {% else %} | |
| 4853d5 | 158 | - 'RHEL81' |
| 6af01e | 159 | {% endif %} |
| 379595 | 160 | {% endif %} |
| 7246db | 161 | InstanceType: "{{instances[0]['flavor'][cloud_provider]}}" |
| WK | 162 | KeyName: "{{instances[0]['key_name'] | default(key_name)}}" |
| 163 | SecurityGroupIds: | |
| 164 | - "Fn::GetAtt": | |
| 165 | - HostSG | |
| 166 | - GroupId | |
| 167 | SubnetId: | |
| 168 | Ref: PublicSubnet | |
| 169 | Tags: | |
| 170 | - Key: Name | |
| 171 | Value: clientvm{{loop.index}} | |
| 172 | - Key: internaldns | |
| 173 | Value: clientvm{{loop.index}}.{{chomped_zone_internal_dns}} | |
| 174 | - Key: "owner" | |
| 175 | Value: "{{ email | default('unknownuser') }}" | |
| 176 | - Key: "Project" | |
| 177 | Value: "{{project_tag}}" | |
| 178 | - Key: "{{project_tag}}" | |
| 179 | Value: "{{ instances[0]['name'] }}" | |
| 180 | {% for tag in instances[0]['tags'] %} | |
| 181 | - Key: {{tag['key']}} | |
| 182 | Value: {{tag['value']}} | |
| 183 | {% endfor %} | |
| 184 | BlockDeviceMappings: | |
| 185 | - DeviceName: "/dev/sda1" | |
| 186 | Ebs: | |
| 187 | VolumeSize: {{ instances[0]['rootfs_size'] | default('50') }} | |
| 188 | {% for vol in instances[0]['volumes']|default([]) %} | |
| 189 | - DeviceName: "{{ vol['device_name'] }}" | |
| 190 | Ebs: | |
| 191 | VolumeType: "{{ vol['volume_type'] | d('gp2') }}" | |
| 192 | VolumeSize: "{{ vol['volume_size'] | d('20') }}" | |
| 193 | {% endfor %} | |
| 194 | ||
| 195 | clientvm{{loop.index}}InternalDNS: | |
| 196 | Type: "AWS::Route53::RecordSetGroup" | |
| 197 | Properties: | |
| 198 | HostedZoneId: | |
| 199 | Ref: zoneinternalidns | |
| 200 | RecordSets: | |
| 201 | - Name: "clientvm{{loop.index}}.{{zone_internal_dns}}" | |
| 202 | Type: A | |
| 203 | TTL: 10 | |
| 204 | ResourceRecords: | |
| 205 | - "Fn::GetAtt": | |
| 206 | - clientvm{{loop.index}} | |
| 207 | - PrivateIp | |
| 208 | - Name: "bastion{{loop.index}}.{{zone_internal_dns}}" | |
| 209 | Type: A | |
| 210 | TTL: 10 | |
| 211 | ResourceRecords: | |
| 212 | - "Fn::GetAtt": | |
| 213 | - clientvm{{loop.index}} | |
| 214 | - PrivateIp | |
| 215 | ||
| 216 | clientvm{{loop.index}}EIP: | |
| 217 | Type: "AWS::EC2::EIP" | |
| 218 | DependsOn: | |
| 219 | - VpcGA | |
| 220 | Properties: | |
| 221 | InstanceId: | |
| 222 | Ref: clientvm{{loop.index}} | |
| 223 | ||
| 224 | clientvm{{loop.index}}PublicDNS: | |
| 225 | Type: "AWS::Route53::RecordSetGroup" | |
| 226 | DependsOn: | |
| 227 | - clientvm{{loop.index}}EIP | |
| 228 | Properties: | |
| 229 | HostedZoneId: {{HostedZoneId}} | |
| 230 | RecordSets: | |
| 231 | - Name: "clientvm{{loop.index}}.{{subdomain_base}}." | |
| 232 | Type: A | |
| 233 | TTL: 10 | |
| 234 | ResourceRecords: | |
| 235 | - "Fn::GetAtt": | |
| 236 | - clientvm{{loop.index}} | |
| 237 | - PublicIp | |
| 238 | - Name: "bastion{{loop.index}}.{{subdomain_base}}." | |
| 239 | Type: A | |
| 240 | TTL: 10 | |
| 241 | ResourceRecords: | |
| 242 | - "Fn::GetAtt": | |
| 243 | - clientvm{{loop.index}} | |
| 244 | - PublicIp | |
| 245 | {% endfor %} | |
| 246 | ||
| 4853d5 | 247 | |
| JM | 248 | {# deploying just one clientvm #} |
| 7246db | 249 | {% else %} |
| 8d7955 | 250 | clientvm: |
| WK | 251 | Type: "AWS::EC2::Instance" |
| 252 | Properties: | |
| 6af01e | 253 | {% if custom_image is defined %} |
| GC | 254 | ImageId: {{ custom_image.image_id }} |
| 255 | {% else %} | |
| 8d7955 | 256 | ImageId: |
| WK | 257 | Fn::FindInMap: |
| 258 | - RegionMapping | |
| 259 | - Ref: AWS::Region | |
| 4853d5 | 260 | {% if 'image_id' in instances[0] %} |
| JM | 261 | - {{ instances[0].image_id }} |
| 262 | {% else %} | |
| 263 | - 'RHEL81' | |
| 264 | {% endif %} | |
| 6af01e | 265 | {% endif %} |
| 8d7955 | 266 | InstanceType: "{{instances[0]['flavor'][cloud_provider]}}" |
| WK | 267 | KeyName: "{{instances[0]['key_name'] | default(key_name)}}" |
| 268 | SecurityGroupIds: | |
| 269 | - "Fn::GetAtt": | |
| 270 | - HostSG | |
| 271 | - GroupId | |
| 272 | SubnetId: | |
| 273 | Ref: PublicSubnet | |
| 274 | Tags: | |
| 275 | - Key: Name | |
| 276 | Value: clientvm | |
| 277 | - Key: internaldns | |
| 278 | Value: clientvm.{{chomped_zone_internal_dns}} | |
| 279 | - Key: "owner" | |
| 280 | Value: "{{ email | default('unknownuser') }}" | |
| 281 | - Key: "Project" | |
| 282 | Value: "{{project_tag}}" | |
| 283 | - Key: "{{project_tag}}" | |
| 284 | Value: "{{ instances[0]['name'] }}" | |
| 285 | {% for tag in instances[0]['tags'] %} | |
| 286 | - Key: {{tag['key']}} | |
| 287 | Value: {{tag['value']}} | |
| 288 | {% endfor %} | |
| 289 | BlockDeviceMappings: | |
| 290 | - DeviceName: "/dev/sda1" | |
| 291 | Ebs: | |
| 292 | VolumeSize: {{ instances[0]['rootfs_size'] | default('50') }} | |
| 293 | {% for vol in instances[0]['volumes']|default([]) %} | |
| 294 | - DeviceName: "{{ vol['device_name'] }}" | |
| 295 | Ebs: | |
| 296 | VolumeType: "{{ vol['volume_type'] | d('gp2') }}" | |
| 297 | VolumeSize: "{{ vol['volume_size'] | d('20') }}" | |
| 298 | {% endfor %} | |
| 299 | ||
| 300 | clientvmInternalDNS: | |
| 301 | Type: "AWS::Route53::RecordSetGroup" | |
| 302 | Properties: | |
| 303 | HostedZoneId: | |
| 304 | Ref: zoneinternalidns | |
| 305 | RecordSets: | |
| 306 | - Name: "clientvm.{{zone_internal_dns}}" | |
| 307 | Type: A | |
| 308 | TTL: 10 | |
| 309 | ResourceRecords: | |
| 310 | - "Fn::GetAtt": | |
| 311 | - clientvm | |
| 312 | - PrivateIp | |
| 0a2561 | 313 | - Name: "bastion.{{zone_internal_dns}}" |
| WK | 314 | Type: A |
| 315 | TTL: 10 | |
| 316 | ResourceRecords: | |
| 317 | - "Fn::GetAtt": | |
| 318 | - clientvm | |
| 319 | - PrivateIp | |
| 8d7955 | 320 | |
| WK | 321 | clientvmEIP: |
| 322 | Type: "AWS::EC2::EIP" | |
| 323 | DependsOn: | |
| 324 | - VpcGA | |
| 325 | Properties: | |
| 326 | InstanceId: | |
| 327 | Ref: clientvm | |
| 328 | ||
| 329 | clientvmPublicDNS: | |
| 330 | Type: "AWS::Route53::RecordSetGroup" | |
| 331 | DependsOn: | |
| 332 | - clientvmEIP | |
| 333 | Properties: | |
| 334 | HostedZoneId: {{HostedZoneId}} | |
| 335 | RecordSets: | |
| 336 | - Name: "clientvm.{{subdomain_base}}." | |
| 337 | Type: A | |
| 338 | TTL: 10 | |
| 339 | ResourceRecords: | |
| 340 | - "Fn::GetAtt": | |
| 341 | - clientvm | |
| 342 | - PublicIp | |
| 0a2561 | 343 | - Name: "bastion.{{subdomain_base}}." |
| WK | 344 | Type: A |
| 345 | TTL: 10 | |
| 346 | ResourceRecords: | |
| 347 | - "Fn::GetAtt": | |
| 348 | - clientvm | |
| 349 | - PublicIp | |
| 7246db | 350 | {% endif %} |
| 8d7955 | 351 | |
| WK | 352 | Outputs: |
| 353 | Route53internalzoneOutput: | |
| 354 | Description: The ID of the internal route 53 zone | |
| 355 | Value: | |
| 0c0b9c | 356 | Ref: zoneinternalidns |
