first commit + bug in alb, need to replace to elb

2023-09-03 15:12:43 +03:00 · 2023-09-03 15:12:43 +03:00 · 992d9a6039
commit 992d9a6039
7 changed files with 285 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
+Self Signed Certificate: 
+
+openssl genpkey -algorithm RSA -out private-key.pem - this is the private key
+openssl req -new -key private-key.pem -x509 -days 365 -out certificate.pem - this is the certificate
+
--- a/certificates/certificate.pem
+++ b/certificates/certificate.pem
@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaACCQCVOFor5ub8RTANBgkqhkiG9w0BAQsFADAeMQswCQYDVQQGEwJJ
+TDEPMA0GA1UECAwGSXNyYWVsMB4XDTIzMDgzMTExNDI0NFoXDTI0MDgzMDExNDI0
+NFowHjELMAkGA1UEBhMCSUwxDzANBgNVBAgMBklzcmFlbDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALEmvhycPlaP6/QroRbEq4P8iKtwIr5Ep6AgTcrD
+tFhxB6/15nwQkFnEk0LP41St6U8ChwW6SlekZGOHUzyqA8xpQM1X97AMSd9xUGbo
+3DQLfFCOZV/9TUV9MLtXaAkgN5n/1I3DCAZzZITAzI1NeD8H9PXYidfRYIHPwjQe
+17acPA8XagQEpexF/upDwSgNPcWRGS3hBcRu+Pd5ZwDfaE2TqU92Oe5vP5u5AIRu
+mxuQLMB8b6xi6xnudBG75N5dFqd4KfVJU67JNwYlCz2d+qCVlP8nSU5ocRHo8RTE
+cg2ISKt2rO+n1cah0hyJZxfsAV+lYZx++YzIO7GMzxcPhHECAwEAATANBgkqhkiG
+9w0BAQsFAAOCAQEAjU/gIjnyhyiqUzsaGpLP9WcnLQguSAB0DIWzCG7leXsGMYIN
+TqwH1AinYiV5/7IXWNvnSwzmH+SWtcT5dJ6h7E54wxID72qGhaELI8Ov2UdgmT0r
+lMJR6QOzhZdeY/OcydNtXThFNFFDhF5ueYvB8Id/PSF9aBKGAiBIgCRkLy6eT/MM
+zk/VEr8OxJ6J0I4QjV8poQN1ob0S5M9INNzQkfKK0BEf50OPFV294HbF58yRtnCL
+IQmj1taMRlwyvO73esv3rX6+q2E3/LodhbuSx+Nv6fyxapTDICG2MMt4boTjZzdT
+KswffhUqCiJxxxRj6nZpHEprG/JugukySOzYJw==
+-----END CERTIFICATE-----
--- a/certificates/private-key.pem
+++ b/certificates/private-key.pem
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxJr4cnD5Wj+v0
+K6EWxKuD/IircCK+RKegIE3Kw7RYcQev9eZ8EJBZxJNCz+NUrelPAocFukpXpGRj
+h1M8qgPMaUDNV/ewDEnfcVBm6Nw0C3xQjmVf/U1FfTC7V2gJIDeZ/9SNwwgGc2SE
+wMyNTXg/B/T12InX0WCBz8I0Hte2nDwPF2oEBKXsRf7qQ8EoDT3FkRkt4QXEbvj3
+eWcA32hNk6lPdjnubz+buQCEbpsbkCzAfG+sYusZ7nQRu+TeXRaneCn1SVOuyTcG
+JQs9nfqglZT/J0lOaHER6PEUxHINiEirdqzvp9XGodIciWcX7AFfpWGcfvmMyDux
+jM8XD4RxAgMBAAECggEAWB4UXLjfTUGDtc3p8CBdzGZWOSirL4eI9d57s4tLbt6y
+WzVus3Gty+k68vXjd2CWd+Wi8hdrGVM9WECdB8Tt5MTKJhpGqzxBlrKPstDLj9vS
+t2NNS8T8pb8S+W0N49QxtBmMSgOkP0kwy9P3K6ZIVNoJYCyYzFBqt8d3K2PYGw2h
+wWfVZocKH6/O146k1AyBzQuxg1U83j+ZzGoTlzBJXW1Egi75uk0cWcIheJ1v/yag
+Pcvx3R948TKc43wLcLfuzIIYu57dzgYc82G4XLz93W7PTpkPh/7+SRDhvb6PZ9n3
+A9CXahzrqSppFZ9fdyqHMDrKfYv9n8vpxjcO0XIu7QKBgQDe8njFHrNk/9UB4v9+
+Zb2Oq/ziy99BErICQSeuF1D7DQqntZBg7p8KtBKzW2RfwTeb14WXgVMPZM+fuC8O
+SXu2XEW0gQ6Wl++zFEl5uns27P3Ied9xa1Q+UdagI9Y2/sbNfPhou32sYu5CJMs6
+OZJyzAb2lnhNB/Ca3QRyVM2yuwKBgQDLai3eYn+m4ZrRMqqXGEaDSqH9dMsSEu5Z
+0yYJOQ+kwGKK8lWkyFFB/S/GNV6xpVpafELzVMpHtmFiDHEqMb++2yrAzEXI0o+E
+S1RbgOkeYnlY1blRc3fJrTkYhzIGRDtYWPEZXDBV/muylWFkME/I9zHuWLzqy33V
+IVQXrgsgwwKBgQCV2746IczMEvsG7aJ3P8QO5qRxfkBu6TYmNc2KQ7n3RmjnGjAW
+N89HzorTbJcnliTe6BuwHwnJyyWUYqWeoN47UgK4thcsOqywXu6UmDjCTsK3wtPi
+1RYnXbM6qVwQU2kmLt5656wt98HXTAwe8xvxdhsoHTR38uJT9kRK5Z3uiQKBgEpa
+4bFsp+TEiub1ck4Q3ZWYbmZLjv9oVCAZgsnURdefS2Ym9w9o+er5NcFqONcO7lwt
+F/wCfn6AOFCy45rc3I5TZulawheKgFOHhap9ELm+nUTPuxH+90aNP1Wr9ak8v8Sn
+nln6zOBiQ9Pfrt4EmuWHFoVdgpEBGVoS+L4/LGopAoGBALffVDtB3lmCqJ+v/hxG
+g/MIArmug2bCy9kKA1xpKkQzb+nEh/Fe/QjhTBveetFXkTJOSKUAwIJGW1BmP+9W
+J867oEDOJbm2l968Jwo+/hrHC4SMqQhSVfGvnx3zYD86UC2x1pi2tvWT2te98rgv
+GaSEdJB4yfPDy80Uk1qiJ+0f
+-----END PRIVATE KEY-----
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@ -0,0 +1,9 @@
+# Use the official NGINX image as the base image
+FROM nginx
+
+# Copy your custom HTML and logo files to the NGINX web root
+COPY index.html /usr/share/nginx/html/
+COPY logo.png /usr/share/nginx/html/
+
+# Expose port 80 for HTTP traffic
+EXPOSE 80
--- a/nginx/index.html
+++ b/nginx/index.html
@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Hello Commit</title>
+</head>
+<body>
+    <h1>Hello Commit</h1>
+    <img src="logo.png" alt="Logo">
+</body>
+</html>
--- a/nginx/logo.png
+++ b/nginx/logo.png
--- a/vpc-subnets-stack.yml
+++ b/vpc-subnets-stack.yml
@ -0,0 +1,216 @@
+AWSTemplateFormatVersion: "2010-09-09"
+
+Resources:
+  VPC:
+    Type: AWS::EC2::VPC # or AWS::RDS::DBSubnetGroup
+    Properties: # or Properties
+      CidrBlock: 10.0.0.0/16 # this is the VPC CIDR block (CIDR = Classless Inter-Domain Routing, it means you can use 0.0.0.0/0 for all IPs)
+      EnableDnsSupport: true # Enable DNS hostnames (EnableDnsSupport is true by default)
+      EnableDnsHostnames: true # Enable DNS hostnames (EnableDnsHostnames is true by default)
+
+  SubnetA:
+    Type: AWS::EC2::Subnet # this subnet is for the ECS instances (webserver)
+    Properties:
+      VpcId: !Ref VPC
+      CidrBlock: 10.0.0.0/24 # this is the subnet CIDR block it means that you can use 10.0.0.0/24
+      AvailabilityZone: eu-central-1a
+
+  SubnetB:
+    Type: AWS::EC2::Subnet # this subnet is for the RDS
+    Properties:
+      VpcId: !Ref VPC
+      CidrBlock: 10.0.1.0/24
+      AvailabilityZone: eu-central-1b
+
+  Nacl:
+    Type: AWS::EC2::NetworkAcl
+    Properties:
+      VpcId: !Ref VPC
+
+  InboundRuleHttps:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId: !Ref Nacl
+      RuleNumber: "1"
+      Protocol: 6
+      RuleAction: allow
+      PortRange:
+        From: 443
+        To: 443
+      Egress: false # Egress means outbound
+      CidrBlock: 0.0.0.0/0
+
+  InboundRuleHttp:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId: !Ref Nacl
+      RuleNumber: "2"
+      Protocol: 6
+      RuleAction: allow
+      PortRange:
+        From: 80
+        To: 80
+      Egress: false # Egress means outbound
+      CidrBlock: 0.0.0.0/0
+
+  OutboundRuleHttps:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId: !Ref Nacl
+      RuleNumber: "3"
+      Protocol: 6
+      PortRange:
+        From: 443
+        To: 443
+      RuleAction: allow
+      Egress: true
+      CidrBlock: 0.0.0.0/0
+
+  OutboundRuleHttp:
+    Type: AWS::EC2::NetworkAclEntry
+    Properties:
+      NetworkAclId: !Ref Nacl
+      RuleNumber: "4"
+      Protocol: 6
+      PortRange:
+        From: 80
+        To: 80
+      RuleAction: allow
+      Egress: true
+      CidrBlock: 0.0.0.0/0
+
+  RDSInstance:
+    Type: AWS::RDS::DBInstance
+    Properties:
+      AllocatedStorage: 20
+      DBInstanceClass: db.t2.micro
+      Engine: mysql # or postgres
+      MasterUsername: root_user
+      MasterUserPassword: root_password
+      DBName: root_db
+      MultiAZ: false
+
+  ECSCluster:
+    Type: AWS::ECS::Cluster # this ECSCluster is to run the ECS tasks
+
+  ECSTaskDefinition:
+    Type: AWS::ECS::TaskDefinition
+    Properties:
+      NetworkMode: awsvpc
+      RequiresCompatibilities:
+        - FARGATE
+      ExecutionRoleArn: !Ref ExecutionRole
+      TaskRoleArn: !Ref TaskRole
+      Cpu: 256
+      Memory: 0.5GB
+      Family: !Ref ECSCluster
+      ContainerDefinitions:
+        - Name: commit-nginx
+          Image: 539634357948.dkr.ecr.eu-central-1.amazonaws.com/commit-nginx:latest
+          Memory: 512 # Specify memory here (in MiB)
+          PortMappings:
+            - ContainerPort: 80
+            - ContainerPort: 443
+
+  ECSService:
+    Type: AWS::ECS::Service
+    Properties:
+      Cluster: !Ref ECSCluster
+      LoadBalancers:
+        - ContainerName: commit-nginx
+          ContainerPort: 80
+          LoadBalancerName: !GetAtt LoadBalancer.Name
+      TaskDefinition: !Ref ECSTaskDefinition
+      DesiredCount: 1
+      LaunchType: EC2
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          Subnets:
+            - !Ref SubnetA
+            - !Ref SubnetB
+    DependsOn:
+         - "LoadBalancer"
+
+
+  LoadBalancer:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      Name: "Commit-elb"
+      LoadBalancerAttributes:
+        # this is the default, but is specified here in case it needs to be changed
+        - Key: idle_timeout.timeout_seconds
+          Value: 60
+      # "internal" is also an option
+      Scheme: internet-facing
+      Subnets:
+        - !Ref SubnetA
+        - !Ref SubnetB
+
+  ExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: "Commit-ECSRole"
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: ecs-tasks.amazonaws.com
+            Action: "sts:AssumeRole"
+      ManagedPolicyArns:
+        - "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+
+  TaskRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: "Commit-TaskRole"
+      AssumeRolePolicyDocument:
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: ecs-tasks.amazonaws.com
+            Action: "sts:AssumeRole"
+
+  MyInternetGateway:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: stack
+          Value: production
+
+  MyVPCGatewayAttachment:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      InternetGatewayId: !Ref MyInternetGateway
+      VpcId: !Ref VPC
+
+
+
+  ListenerHTTPS:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      DefaultActions:
+        - TargetGroupArn: !Ref TargetGroup
+          Type: forward
+      LoadBalancerArn: !Ref LoadBalancer
+      Port: 80
+      Protocol: HTTP
+      # Certificates:
+      #   - CertificateArn: "arn:aws:acm:eu-central-1:539634357948:certificate/584cfb24-bc7a-431b-9150-16d47bdb8ea9"
+
+  TargetGroup:
+    Type: AWS::ElasticLoadBalancingV2::TargetGroup
+    Properties:
+      HealthCheckIntervalSeconds: 10
+      # will look for a 200 status code by default unless specified otherwise
+      HealthCheckPath: "/"
+      HealthCheckTimeoutSeconds: 5
+      UnhealthyThresholdCount: 2
+      HealthyThresholdCount: 2
+      Name: MyTargetGroup
+      Port: 80
+      Protocol: HTTP
+      TargetGroupAttributes:
+        - Key: deregistration_delay.timeout_seconds
+          Value: 60 # default is 300
+      TargetType: ip
+      VpcId: !Ref VPC