-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcloudformation.example.yml
More file actions
330 lines (308 loc) · 9.35 KB
/
cloudformation.example.yml
File metadata and controls
330 lines (308 loc) · 9.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
AWSTemplateFormatVersion: 2010-09-09
Description: "EventManagerApplication"
Parameters:
VpcName:
Type: String
Default: EventManagerApplicationVPC
MyIpCidr:
Description: Tu IP pública en CIDR (ej. 1.2.3.4/32).
Type: String
Default: 83.39.6.196/32
KeyName:
Description: Key pair RSA (según TXT)
Type: AWS::EC2::KeyPair::KeyName
Default: EventManagerApplication
AmiId:
Description: AMI ID para AL2023 (ej. ami-09fc5668766215f32)
Type: String
Default: ami-09fc5668766215f32
DbInstanceIdentifier:
Type: String
Default: eventmanager-application-db
DbInstanceClass:
Type: String
Default: db.t3.micro
DbName:
Type: String
Default: eventmanagerdatabase
DbUsername:
Type: String
Default: admin
DbPassword:
Type: String
NoEcho: true
MinLength: 8
Default: password
S3BucketName:
Type: String
Default: event-manager-images-bucket
AppImage:
Type: String
Default: docker.io/user/eventmanagerapp
AppComposeArtifact:
Type: String
Default: docker.io/user/eventmanagerapp-compose:1.0.0
Resources:
# VPC (AWS VPC)
EventsVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref VpcName
# Internet Gateway (AWS VPC)
EventsInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: igw-eventmanager-tfg
# VPC Gateway Attachment (AWS VPC)
EventsVpcGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref EventsVpc
InternetGatewayId: !Ref EventsInternetGateway
# Subnet pública (AWS VPC)
EventsPublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EventsVpc
AvailabilityZone: !Select [0, !GetAZs ""]
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: subnet-public-a
# Subnet privada DB A (AWS VPC)
EventsPrivateDbSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EventsVpc
AvailabilityZone: !Select [0, !GetAZs ""]
CidrBlock: 10.0.11.0/24
Tags:
- Key: Name
Value: subnet-private-db-a
# Subnet privada DB B (AWS VPC)
EventsPrivateDbSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref EventsVpc
AvailabilityZone: !Select [1, !GetAZs ""]
CidrBlock: 10.0.12.0/24
Tags:
- Key: Name
Value: subnet-private-db-b
# Route table pública (AWS VPC)
EventsPublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref EventsVpc
Tags:
- Key: Name
Value: rt-public-eventmanager
# Ruta a Internet Gateway (AWS VPC)
EventsPublicRoute:
Type: AWS::EC2::Route
DependsOn: EventsVpcGatewayAttachment
Properties:
RouteTableId: !Ref EventsPublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref EventsInternetGateway
# Asociación subnet pública con route table (AWS VPC)
EventsPublicSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref EventsPublicSubnet
RouteTableId: !Ref EventsPublicRouteTable
# Bucket S3 para imágenes (Amazon S3)
EventsImageBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
BucketName: !Ref S3BucketName
VersioningConfiguration:
Status: Enabled
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
# Security Group EC2 (Amazon EC2)
EventsEC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "SG for EC2: SSH + 8090"
VpcId: !Ref EventsVpc
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref MyIpCidr
- IpProtocol: tcp
FromPort: 8090
ToPort: 8090
CidrIp: !Ref MyIpCidr
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
# Security Group RDS (Amazon EC2/VPC)
EventsRDSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "SG for RDS: allow Postgres from EC2"
VpcId: !Ref EventsVpc
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
SourceSecurityGroupId: !Ref EventsEC2SecurityGroup
# Subnet Group para RDS (Amazon RDS)
EventsRDSSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: "Private subnets for RDS"
SubnetIds:
- !Ref EventsPrivateDbSubnetA
- !Ref EventsPrivateDbSubnetB
# Instancia RDS PostgreSQL (Amazon RDS)
EventsRDSInstance:
Type: AWS::RDS::DBInstance
DeletionPolicy: Delete
Properties:
DBInstanceIdentifier: !Ref DbInstanceIdentifier
DBInstanceClass: !Ref DbInstanceClass
AllocatedStorage: 20
DBName: !Ref DbName
Engine: postgres
MasterUsername: !Ref DbUsername
MasterUserPassword: !Ref DbPassword
MultiAZ: false
PubliclyAccessible: false
StorageEncrypted: false
BackupRetentionPeriod: 1
VPCSecurityGroups:
- !Ref EventsRDSSecurityGroup
DBSubnetGroupName: !Ref EventsRDSSubnetGroup
# IAM Role para EC2 (AWS IAM)
EventsEC2IAMRole:
Type: AWS::IAM::Role
DependsOn: EventsImageBucket
Properties:
RoleName: role-ec2-eventmanager-s3
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action:
- "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: "S3AccessSingleBucket"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: ListBucket
Effect: "Allow"
Action:
- "s3:ListBucket"
- "s3:GetBucketLocation"
Resource:
- !Sub arn:aws:s3:::${S3BucketName}
- Sid: ObjectRW
Effect: "Allow"
Action:
- "s3:GetObject"
- "s3:PutObject"
- "s3:DeleteObject"
Resource:
- !Sub arn:aws:s3:::${S3BucketName}/*
# Instance Profile para EC2 (AWS IAM)
EventsEC2IAMProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: profile-ec2-eventmanager-s3
Roles:
- !Ref EventsEC2IAMRole
# Instancia EC2 (Amazon EC2)
EventsEC2Instance:
Type: AWS::EC2::Instance
DependsOn:
- EventsPublicSubnetRouteTableAssociation
Properties:
KeyName: !Ref KeyName
ImageId: !Ref AmiId
InstanceType: t3.micro
IamInstanceProfile: !Ref EventsEC2IAMProfile
# Opcional (no mencionado en el roadmap): Detailed monitoring
# Monitoring: true
NetworkInterfaces:
- DeviceIndex: 0
AssociatePublicIpAddress: true
SubnetId: !Ref EventsPublicSubnet
GroupSet:
- !Ref EventsEC2SecurityGroup
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
dnf update -y
dnf install -y docker dnf-plugins-core
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf config-manager --setopt=docker-ce-stable.baseurl=https://download.docker.com/linux/centos/9/x86_64/stable --save
dnf clean all
dnf makecache
dnf install -y docker-compose-plugin --setopt=install_weak_deps=False
systemctl enable docker
systemctl start docker
mkdir -p /opt/eventmanager
chown -R user:user /opt/eventmanager
cat > /opt/eventmanager/.env << 'EOF'
AWS_REGION=${AWS::Region}
RDS_ENDPOINT=jdbc:postgresql://${EventsRDSInstance.Endpoint.Address}:5432/${DbName}
RDS_USERNAME=${DbUsername}
RDS_PASSWORD=${DbPassword}
S3_BUCKET_NAME=${S3BucketName}
APP_IMAGE=${AppImage}
EOF
sudo docker compose --env-file /opt/eventmanager/.env -f oci://${AppComposeArtifact} up -d
# Elastic IP and association for EC2 (so the instance keeps a stable public IP)
EventsElasticIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
EventsEIPAssociation:
Type: AWS::EC2::EIPAssociation
Properties:
InstanceId: !Ref EventsEC2Instance
AllocationId: !GetAtt EventsElasticIP.AllocationId
Outputs:
PublicDnsName:
Value: !GetAtt EventsEC2Instance.PublicDnsName
Description: Public DNS for EC2
AppUrl:
Value: !Sub "http://${EventsEC2Instance.PublicDnsName}:8090"
Description: EventManager public URL (port 8090)
RdsEndpoint:
Value: !GetAtt EventsRDSInstance.Endpoint.Address
Description: RDS endpoint address
S3Bucket:
Value: !Ref EventsImageBucket
Description: S3 bucket name
ElasticIp:
Value: !GetAtt EventsElasticIP.PublicIp
Description: Elastic IP associated to the EC2 instance