AWSTemplateFormatVersion: "2010-09-09"
|
Mappings:
|
RegionMapping:
|
us-east-1:
|
RHELAMI: ami-b63769a1
|
WIN2012R2AMI: ami-93118ee9
|
us-east-2:
|
RHELAMI: ami-0932686c
|
WIN2012R2AMI: ami-72745d17
|
us-west-1:
|
RHELAMI: ami-2cade64c
|
WIN2012R2AMI: ami-ef95ae8f
|
us-west-2:
|
RHELAMI: ami-6f68cf0f
|
WIN2012R2AMI: ami-af5980d7
|
eu-west-1:
|
RHELAMI: ami-02ace471
|
WIN2012R2AMI: ami-24f04d5d
|
eu-west-2:
|
WIN2012R2AMI: ami-6a746a0e
|
ca-central-1:
|
WIN2012R2AMI: ami-4e4cf72a
|
eu-central-1:
|
RHELAMI: ami-e4c63e8b
|
WIN2012R2AMI: ami-88c14ee7
|
ap-northeast-1:
|
RHELAMI: ami-5de0433c
|
WIN2012R2AMI: ami-dcdd66ba
|
ap-northeast-2:
|
RHELAMI: ami-44db152a
|
WIN2012R2AMI: ami-681cbb06
|
ap-southeast-1:
|
RHELAMI: ami-2c95344f
|
WIN2012R2AMI: ami-f887d59b
|
ap-southeast-2:
|
RHELAMI: ami-39ac915a
|
WIN2012R2AMI: ami-f601f494
|
sa-east-1:
|
RHELAMI: ami-7de77b11
|
WIN2012R2AMI: ami-42a5e12e
|
ap-south-1:
|
RHELAMI: ami-cdbdd7a2
|
WIN2012R2AMI: ami-b9e8a6d6
|
DNSMapping:
|
"us-east-1":
|
domain: "us-east-1.compute.internal"
|
"us-west-1":
|
domain: "us-west-1.compute.internal"
|
"us-west-2":
|
domain: "us-west-2.compute.internal"
|
"eu-west-1":
|
domain: "eu-west-1.compute.internal"
|
"eu-central-1":
|
domain: "eu-central-1.compute.internal"
|
"ap-northeast-1":
|
domain: "ap-northeast-1.compute.internal"
|
"ap-northeast-2":
|
domain: "ap-northeast-2.compute.internal"
|
"ap-southeast-1":
|
domain: "ap-southeast-1.compute.internal"
|
"ap-southeast-2":
|
domain: "ap-southeast-2.compute.internal"
|
"sa-east-1":
|
domain: "sa-east-1.compute.internal"
|
"ap-south-1":
|
domain: "ap-south-1.compute.internal"
|
Resources:
|
Vpc:
|
Type: "AWS::EC2::VPC"
|
Properties:
|
CidrBlock: "192.199.0.0/16"
|
EnableDnsSupport: true
|
EnableDnsHostnames: true
|
Tags:
|
- Key: Name
|
Value: "{{vpcid_name_tag}}"
|
- Key: Hostlication
|
Value:
|
Ref: "AWS::StackId"
|
VpcInternetGateway:
|
Type: "AWS::EC2::InternetGateway"
|
VpcGA:
|
Type: "AWS::EC2::VPCGatewayAttachment"
|
Properties:
|
InternetGatewayId:
|
Ref: VpcInternetGateway
|
VpcId:
|
Ref: Vpc
|
VpcRouteTable:
|
Type: "AWS::EC2::RouteTable"
|
Properties:
|
VpcId:
|
Ref: Vpc
|
VPCRouteInternetGateway:
|
DependsOn: VpcGA
|
Type: "AWS::EC2::Route"
|
Properties:
|
GatewayId:
|
Ref: VpcInternetGateway
|
DestinationCidrBlock: "0.0.0.0/0"
|
RouteTableId:
|
Ref: VpcRouteTable
|
PublicSubnet:
|
Type: "AWS::EC2::Subnet"
|
DependsOn:
|
- Vpc
|
Properties:
|
CidrBlock: "192.199.0.0/24"
|
Tags:
|
- Key: Name
|
Value: "{{project_tag}}"
|
- Key: Hostlication
|
Value:
|
Ref: "AWS::StackId"
|
MapPublicIpOnLaunch: true
|
VpcId:
|
Ref: Vpc
|
PublicSubnetRTA:
|
Type: "AWS::EC2::SubnetRouteTableAssociation"
|
Properties:
|
RouteTableId:
|
Ref: VpcRouteTable
|
SubnetId:
|
Ref: PublicSubnet
|
HostSG:
|
Type: "AWS::EC2::SecurityGroup"
|
Properties:
|
GroupDescription: Host
|
VpcId:
|
Ref: Vpc
|
Tags:
|
- Key: Name
|
Value: host_sg
|
HostUDPPorts:
|
Type: "AWS::EC2::SecurityGroupIngress"
|
Properties:
|
GroupId:
|
"Fn::GetAtt":
|
- HostSG
|
- GroupId
|
IpProtocol: udp
|
FromPort: 0
|
ToPort: 65535
|
CidrIp: "0.0.0.0/0"
|
HostTCPPorts:
|
Type: "AWS::EC2::SecurityGroupIngress"
|
Properties:
|
GroupId:
|
"Fn::GetAtt":
|
- HostSG
|
- GroupId
|
IpProtocol: tcp
|
FromPort: 0
|
ToPort: 65535
|
CidrIp: "0.0.0.0/0"
|
zoneinternalidns:
|
Type: "AWS::Route53::HostedZone"
|
Properties:
|
Name: "{{ zone_internal_dns }}"
|
VPCs:
|
- VPCId:
|
Ref: Vpc
|
VPCRegion:
|
Ref: "AWS::Region"
|
HostedZoneConfig:
|
Comment: "Created By ansible agnostic deployer"
|
BastionDNS:
|
Type: "AWS::Route53::RecordSetGroup"
|
DependsOn:
|
- BastionEIP
|
Properties:
|
HostedZoneId: "{{HostedZoneId}}"
|
RecordSets:
|
- Name: "bastion.{{subdomain_base}}."
|
Type: A
|
TTL: 10
|
ResourceRecords:
|
- "Fn::GetAtt":
|
- Bastion
|
- PublicIp
|
Bastion:
|
Type: "AWS::EC2::Instance"
|
Properties:
|
ImageId:
|
"Fn::FindInMap":
|
- RegionMapping
|
- Ref: "AWS::Region"
|
- RHELAMI
|
InstanceType: "{{bastion_instance_type}}"
|
KeyName: "{{key_name}}"
|
SecurityGroupIds:
|
- "Fn::GetAtt":
|
- HostSG
|
- GroupId
|
SubnetId:
|
Ref: PublicSubnet
|
Tags:
|
- Key: Name
|
Value: bastion
|
- Key: AnsibleGroup
|
Value: bastions
|
- Key: Project
|
Value: "{{project_tag}}"
|
- Key: "{{project_tag}}"
|
Value: bastion
|
- Key: internaldns
|
Value: "bastion.{{chomped_zone_internal_dns}}"
|
- Key: owner
|
Value: "{{ email | default('unknown')}}"
|
BastionEIP:
|
Type: "AWS::EC2::EIP"
|
DependsOn:
|
- VpcGA
|
Properties:
|
InstanceId:
|
Ref: Bastion
|
BastionInternalDNS:
|
Type: "AWS::Route53::RecordSetGroup"
|
Properties:
|
HostedZoneId:
|
Ref: zoneinternalidns
|
RecordSets:
|
- Name: "bastion.{{zone_internal_dns}}"
|
Type: A
|
TTL: 10
|
ResourceRecords:
|
- "Fn::GetAtt":
|
- Bastion
|
- PrivateIp
|
|
|
{% for instance in instances %}
|
{% if instance['loadbalancer'] is defined %}
|
{{instance['name']}}DNSLoadBalancer:
|
Type: "AWS::Route53::RecordSetGroup"
|
DependsOn: {{instance['name']}}{{instance['count']}}EIP
|
Properties:
|
HostedZoneId: {{HostedZoneId}}
|
RecordSets:
|
- Name: "{{instance['name']}}.{{subdomain_base}}."
|
Type: A
|
TTL: 900
|
ResourceRecords:
|
{% for c in range(1,(instance['count'] |int)+1) %}
|
{% set instancecount = loop %}
|
- "Fn::GetAtt":
|
- {{instance['name']}}{{loop.index}}
|
- PublicIp
|
{% endfor %}
|
|
{% endif %}
|
{% endfor %}
|
|
|
|
{% for instance in instances %}
|
{% for c in range(1,(instance['count'] |int)+1) %}
|
{% set instancecount = loop %}
|
#this is host {{instance['name']}}{{loop.index}}
|
|
{{instance['name']}}{{loop.index}}:
|
Type: "AWS::EC2::Instance"
|
Properties:
|
ImageId:
|
"Fn::FindInMap":
|
- RegionMapping
|
- Ref: "AWS::Region"
|
- {% if instance['ImageId'] is defined %}{{instance['ImageId']}}{% endif %}{% if instance['ImageId'] is not defined %}RHELAMI{% endif %}
|
|
InstanceType: "{{instance['flavor'][cloud_provider]}}"
|
KeyName: "{{instance['key_name'] | default(key_name)}}"
|
{% if instance['UserData'] is defined %}
|
{{instance['UserData']}}
|
{% endif %}
|
SecurityGroupIds:
|
- "Fn::GetAtt":
|
- HostSG
|
- GroupId
|
SubnetId:
|
Ref: PublicSubnet
|
Tags:
|
- Key: Name
|
Value: {{instance['name']}}{{instancecount.index}}
|
{% for tag in instance['tags'] %}
|
- Key: {{tag['key']}}
|
Value: {{tag['value']}}
|
{% endfor %}
|
BlockDeviceMappings:
|
- DeviceName: "/dev/sda1"
|
Ebs:
|
VolumeSize: 50
|
- DeviceName: "/dev/xvdb"
|
Ebs:
|
VolumeType: gp2
|
VolumeSize: 20
|
{{instance['name']}}{{loop.index}}InternalDNS:
|
Type: "AWS::Route53::RecordSetGroup"
|
Properties:
|
HostedZoneId:
|
Ref: zoneinternalidns
|
RecordSets:
|
- Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}"
|
Type: A
|
TTL: 10
|
ResourceRecords:
|
- "Fn::GetAtt":
|
- {{instance['name']}}{{loop.index}}
|
- PrivateIp
|
{% if instance['public_dns'] %}
|
{{instance['name']}}{{loop.index}}EIP:
|
Type: "AWS::EC2::EIP"
|
DependsOn:
|
- VpcGA
|
Properties:
|
InstanceId:
|
Ref: {{instance['name']}}{{loop.index}}
|
{{instance['name']}}{{loop.index}}PubliclDNS:
|
Type: "AWS::Route53::RecordSetGroup"
|
DependsOn:
|
- {{instance['name']}}{{loop.index}}EIP
|
Properties:
|
HostedZoneId: {{HostedZoneId}}
|
RecordSets:
|
- Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}."
|
Type: A
|
TTL: 10
|
ResourceRecords:
|
- "Fn::GetAtt":
|
- {{instance['name']}}{{loop.index}}
|
- PublicIp
|
{% endif %}
|
|
{% endfor %}
|
{% endfor %}
|