-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathload-balancer.yml
More file actions
151 lines (139 loc) · 3.73 KB
/
load-balancer.yml
File metadata and controls
151 lines (139 loc) · 3.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
AWSTemplateFormatVersion: 2010-09-09
Description: Application Load Balancer Stack
Parameters:
Vpc:
Description: VPC identifier
Type: String
Subnets:
Description: Public Subnet list
Type: List<AWS::EC2::Subnet::Id>
CertificateArn:
Description: Amazon TLS Certificate ARN
Type: String
BaseDomain:
Description: Base domain for the app
Type: String
Resources:
TargetSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: ALB target security group
VpcId: !Ref Vpc
SecurityGroupIngress:
- IpProtocol: -1
SourceSecurityGroupId: !Ref SecurityGroup
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: ALB security group
VpcId: !Ref Vpc
SecurityGroupIngress:
- FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
IpProtocol: tcp
- FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
IpProtocol: tcp
SecurityGroupEgress:
- IpProtocol: '-1'
CidrIp: 0.0.0.0/0
Alb:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Subnets: !Ref Subnets
Scheme: internet-facing
SecurityGroups:
- !Ref SecurityGroup
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: 300
WebappTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 80
Protocol: HTTP
VpcId: !Ref Vpc
ApiTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Port: 3000
Protocol: HTTP
VpcId: !Ref Vpc
HttpListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
StatusCode: HTTP_301
LoadBalancerArn: !Ref Alb
Port: 80
Protocol: HTTP
HttpsListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref WebappTargetGroup
LoadBalancerArn: !Ref Alb
Port: 443
Protocol: HTTPS
Certificates:
- CertificateArn: !Ref CertificateArn
ApiListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref ApiTargetGroup
Conditions:
- Field: host-header
HostHeaderConfig:
Values:
- api.*
ListenerArn: !Ref HttpsListener
Priority: 1
DnsEntry:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: !Sub '${BaseDomain}.'
RecordSets:
- Name: !Sub '${BaseDomain}.'
Type: A
AliasTarget:
HostedZoneId: !GetAtt Alb.CanonicalHostedZoneID
DNSName: !GetAtt Alb.DNSName
- Name: !Sub '*.${BaseDomain}.'
Type: A
AliasTarget:
HostedZoneId: !GetAtt Alb.CanonicalHostedZoneID
DNSName: !GetAtt Alb.DNSName
Outputs:
AlbHttpListener:
Description: ALB Listener for HTTP (80)
Value: !Ref HttpListener
AlbHttpsListener:
Description: ALB Listener for HTTPS (443)
Value: !Ref HttpsListener
TargetSecurityGroup:
Description: Security Group for Load Balancer targets
Value: !Ref TargetSecurityGroup
HostedZoneId:
Description: ALB Hosted ZoneID
Value: !GetAtt Alb.CanonicalHostedZoneID
DNSName:
Description: ALB Hostname
Value: !GetAtt Alb.DNSName
Alb:
Description: Alb
Value: !Ref Alb
ApiTargetGroup:
Description: ApiTargetGroup
Value: !Ref ApiTargetGroup
WebappTargetGroup:
Description: WebappTargetGroup
Value: !Ref WebappTargetGroup