-
Notifications
You must be signed in to change notification settings - Fork 0
/
pimcoreStack.yml
185 lines (171 loc) · 7.03 KB
/
pimcoreStack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
AWSTemplateFormatVersion: 2010-09-09
Description: "Deploys Pimcore ECS infrastructure based on nested stacks. Note: on deletion ensure that no ECS services are running."
Parameters:
App:
Type: String
Default: pimcore-app
Description: Your application's name.
MinLength: 2
MaxLength: 12 # "pimcore-app" (length: 11)
AllowedPattern: '[a-z\-]*'
Env:
Type: String
Description: The environment name your service, job, or workflow is being deployed to.
Default: staging
AllowedPattern: '[a-z]*'
AllowedValues:
- dev
- staging
- test
- production
DomainName:
Type: String
Description: Name of your (root) test domain, such as "pimcore.xyz", when app-staging.pimcore.xyz should be hosted.
Default: pimcore.xyz # todo - remove default params & change way how the domain is built
ExistingCertificateARN:
Type: String
Description: Pass a wildcard certificate or a preparte subdomain certificate. If missing, you need to switch to https://console.aws.amazon.com/route53 and validate the certificate manually while the stack is built.
Default: false
# todo cognito protection?
# CognitoProtection: true/false
Resources:
PimcoreUsers:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: pimcore-stack/users.yml
Parameters:
Prefix: !Sub '${App}-${Env}'
PimcoreVPC:
Type: AWS::CloudFormation::Stack
DependsOn: PimcoreUsers
Properties:
TemplateURL: pimcore-stack/vpc.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
PimcoreEcsClusterPermissions:
Type: AWS::CloudFormation::Stack
DependsOn:
- PimcoreVPC
Properties:
TemplateURL: pimcore-stack/ecs-permissions.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
VpcId: !GetAtt PimcoreVPC.Outputs.VpcId
PimcoreS3Stack:
Type: AWS::CloudFormation::Stack
DependsOn: PimcoreUsers
Properties:
TemplateURL: pimcore-stack/s3-with-cdn.yml
Parameters:
BucketName: !Sub '${App}-${Env}'
SetupUserArn: !GetAtt PimcoreUsers.Outputs.SetupUserArn
UploadUserArn: !GetAtt PimcoreUsers.Outputs.EcsContainerTaskRole
PimcoreLoadBalancerResources:
Type: AWS::CloudFormation::Stack
DependsOn:
- PimcoreUsers
- PimcoreVPC
Properties:
TemplateURL: pimcore-stack/load-balancer.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
DomainName: !Ref DomainName
VpcId: !GetAtt PimcoreVPC.Outputs.VpcId
Subnet1: !GetAtt PimcoreVPC.Outputs.PublicSubnet1
Subnet2: !GetAtt PimcoreVPC.Outputs.PublicSubnet2
SecurityGroup1: !GetAtt PimcoreVPC.Outputs.SecurityGroup1
ExistingCertificateARN: !Ref ExistingCertificateARN
PimcoreElastiCacheInstancesStack:
Type: AWS::CloudFormation::Stack
DependsOn:
- PimcoreUsers
- PimcoreVPC
- PimcoreEcsClusterPermissions
Properties:
TemplateURL: pimcore-stack/elasticache.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
Subnet1: !GetAtt PimcoreVPC.Outputs.Subnet1
Subnet2: !GetAtt PimcoreVPC.Outputs.Subnet2
cacheNodeType: cache.t2.medium
sessionNodeType: cache.t2.medium
SecurityGroupList: !Join [",", [
!GetAtt PimcoreVPC.Outputs.SecurityGroup1,
!GetAtt PimcoreEcsClusterPermissions.Outputs.SecurityGroupGreen,
!GetAtt PimcoreEcsClusterPermissions.Outputs.SecurityGroupBlue]]
PimcoreDBCluster:
Type: AWS::CloudFormation::Stack
DependsOn:
- PimcoreUsers
- PimcoreVPC
- PimcoreEcsClusterPermissions
Properties:
TemplateURL: pimcore-stack/db-cluster.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
SubnetId1: !GetAtt PimcoreVPC.Outputs.Subnet1
SubnetId2: !GetAtt PimcoreVPC.Outputs.Subnet2
SecurityGroupList: !Join [",", [
!GetAtt PimcoreVPC.Outputs.SecurityGroup1,
!GetAtt PimcoreEcsClusterPermissions.Outputs.SecurityGroupGreen,
!GetAtt PimcoreEcsClusterPermissions.Outputs.SecurityGroupBlue]]
#LambdaDbUserCreationRole: !GetAtt PimcoreUsers.Outputs.EcsContainerTaskExecutionRole
Tags:
- Key: Name
Value: !Sub '${App}-${Env}-rds-stack'
PimcoreEcsCluster:
Type: AWS::CloudFormation::Stack
DependsOn:
- PimcoreUsers
- PimcoreEcsClusterPermissions
- PimcoreVPC
- PimcoreS3Stack
- PimcoreElastiCacheInstancesStack
- PimcoreDBCluster
Properties:
TemplateURL: pimcore-stack/ecs-cluster.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
VpcId: !GetAtt PimcoreVPC.Outputs.VpcId
RedisCacheHost: !GetAtt PimcoreElastiCacheInstancesStack.Outputs.PimcoreRedisCacheEndpoint
RedisSessionHost: !GetAtt PimcoreElastiCacheInstancesStack.Outputs.PimcoreSessionCacheEndpoint
CloudfrontURL: !GetAtt PimcoreS3Stack.Outputs.PimcoreCloudFrontURL
S3BucketName: !GetAtt PimcoreS3Stack.Outputs.PimcoreS3BucketName
DbPrimaryEndpoint: !GetAtt PimcoreDBCluster.Outputs.DbPrimaryEndpoint
DbPrimaryPort: !GetAtt PimcoreDBCluster.Outputs.DbPrimaryPort
DbReadEndpoint: !GetAtt PimcoreDBCluster.Outputs.DbReadEndpoint
DbReadPort: !GetAtt PimcoreDBCluster.Outputs.DbReadPort
DbName: !GetAtt PimcoreDBCluster.Outputs.DbName
DbUser: !GetAtt PimcoreDBCluster.Outputs.DbUser
DbUserSecret: !GetAtt PimcoreDBCluster.Outputs.DbUserSecret
Subnet1: !GetAtt PimcoreVPC.Outputs.Subnet1
Subnet2: !GetAtt PimcoreVPC.Outputs.Subnet2
SecurityGroup1: !GetAtt PimcoreVPC.Outputs.SecurityGroup1
SecurityGroupBlue: !GetAtt PimcoreEcsClusterPermissions.Outputs.SecurityGroupBlue
SecurityGroupGreen: !GetAtt PimcoreEcsClusterPermissions.Outputs.SecurityGroupGreen
TaskExecutionRoleArn: !GetAtt PimcoreUsers.Outputs.EcsContainerTaskExecutionRole
TaskRoleArn: !GetAtt PimcoreUsers.Outputs.EcsContainerTaskRole
PimcoreBastion:
Type: AWS::CloudFormation::Stack
DependsOn:
- PimcoreUsers
- PimcoreVPC
- PimcoreDBCluster
Properties:
TemplateURL: pimcore-stack/ec2-bastion.yml
Parameters:
UniqueAppName: !Sub '${App}-${Env}'
VpcId: !GetAtt PimcoreVPC.Outputs.VpcId
VpcSecurityGroupId: !GetAtt PimcoreVPC.Outputs.SecurityGroup1
SubnetId: !GetAtt PimcoreVPC.Outputs.PublicSubnet1
DbPrimaryEndpoint: !GetAtt PimcoreDBCluster.Outputs.DbPrimaryEndpoint
DbReadEndpoint: !GetAtt PimcoreDBCluster.Outputs.DbReadEndpoint
DbName: !GetAtt PimcoreDBCluster.Outputs.DbName
DbMasterUser: !GetAtt PimcoreDBCluster.Outputs.DbMasterUser
DbMasterSecret: !GetAtt PimcoreDBCluster.Outputs.DbMasterSecret
#DbMasterPassword: !Join [ "{{resolve:secretsmanager:", [ !GetAtt PimcoreDBCluster.Outputs.DbMasterSecret, "::password}}'" ] ]
DbUser: !GetAtt PimcoreDBCluster.Outputs.DbUser
DbUserSecret: !GetAtt PimcoreDBCluster.Outputs.DbUserSecret
Outputs:
LoadBalancerDNS:
Value: !GetAtt PimcoreLoadBalancerResources.Outputs.HostedUrl