-
Notifications
You must be signed in to change notification settings - Fork 0
/
wordpress_host.yaml
154 lines (140 loc) · 4.69 KB
/
wordpress_host.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
AWSTemplateFormatVersion: 2010-09-09
Description: Template is reusable will create WordPress Instance with WordPress Security Grp
Parameters:
WebInstanceType: # Instance Type.
Type: String
Default: t2.micro
AllowedValues: [t2.micro, t2.small, t2.medium]
Description: Please choose a valid instance type.
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: 9
MaxLength: 18
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
SSHKeyName: # Key Name
Type: String
Default: ""
Description: Must be the Name of an existing EC2 KeyPair.
VolumeSize: # Volume Size
Type: Number
Default: 20
Description: Please choose a valid Number
AllowedValues: [20, 30, 40, 50]
MyVPC:
Description: Enter the VPC Id where you want to create WordPress Instance
Type: String
Default: ""
PrivateSubnet1: # Private Subnet Id
Description: Enter the Private Subnet Id where you want to create WordPress Instance
Type: String
Default: ""
PublicSubnet2: # Public Subnet Id
Description: Enter the Public Subnet Id where you want to create WordPress Instance
Type: String
Default: ""
TeamTagKey: # Tags
Type: String
Default: Team
TeamTagValue:
Type: String
Default: Infra
EnvTagKey:
Type: String
Default: Env
EnvTagValue:
Type: String
Default: Dev
Mappings:
RegionMap:
us-east-1:
HVM64: ami-04d29b6f966df1537
us-east-2:
HVM64: ami-09558250a3419e7d0
us-west-1:
HVM64: ami-08d9a394ac1c2994c
us-west-2:
HVM64: ami-0e472933a1395e172
Resources:
WebServerSecurityGroup: # Web Server Sec Group for WordPress host build to avoid circular dependencies
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Allow http to ALB sec group, 3306 to RDS database sec group, ssh to bastion sec group"
VpcId: !Ref MyVPC
MySecGroupIngressSSH:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref WebServerSecurityGroup
IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref SSHLocation # delete this cidr ip when you have bastion sg
#SourceSecurityGroupId: !Ref BastionSecurityGroup
MySecGroupIngressHTTP:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref WebServerSecurityGroup
IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: !Ref SSHLocation # delete this cidr ip when you have elb sg
#SourceSecurityGroupId: !Ref ELBSecurityGroup
MySecGroupIngressRDS:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref WebServerSecurityGroup
IpProtocol: tcp
FromPort: 3306
ToPort: 3306
CidrIp: !Ref SSHLocation # delete this cidr ip when you have rds sg
#SourceSecurityGroupId: !Ref RDSSecurityGroup
WordpressWebInstance: # WordPress Web Instance
Description: Web Server needs to be created with bastion-key that's why its separate from the VPC stack
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", HVM64]
KeyName: !Ref SSHKeyName
InstanceType: !Ref WebInstanceType
SubnetId: !Ref PrivateSubnet1
SecurityGroupIds:
- !Ref WebServerSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -e
sudo hostnamectl set-hostname wordpress-web
sudo amazon-linux-extras install -y php7.2
sudo yum install -y httpd
sudo systemctl start httpd
sudo systemctl enable httpd
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
sudo yum install php-gd -y
sudo yum install mysql -y
sudo systemctl restart httpd
sudo cp -r wordpress/* /var/www/html
sudo chown -R apache:apache /var/www/html
sudo systemctl restart httpd
BlockDeviceMappings:
-
DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
VolumeSize: !Ref VolumeSize
Tags:
- Key: Name
Value: WordPressInstance
- Key: !Ref TeamTagKey
Value: !Ref TeamTagValue
- Key: !Ref EnvTagKey
Value: !Ref EnvTagValue
Outputs:
WebServerSecurityGroup:
Description: "WordPress Web Server's Security Group"
Value:
!Ref WebServerSecurityGroup
WordpressWebInstance:
Description: "WordPress Web Server Id"
Value: !Ref WordpressWebInstance