first commit + bug in alb, need to replace to elb

2023-09-03 15:12:43 +03:00 · 2023-09-03 15:12:43 +03:00 · 992d9a6039
commit 992d9a6039
7 changed files with 285 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,5 @@
 Self Signed Certificate: 
 openssl genpkey -algorithm RSA -out private-key.pem - this is the private key
 openssl req -new -key private-key.pem -x509 -days 365 -out certificate.pem - this is the certificate
--- a/certificates/certificate.pem
+++ b/certificates/certificate.pem
@ -0,0 +1,17 @@
 -----BEGIN CERTIFICATE-----
 MIICuDCCAaACCQCVOFor5ub8RTANBgkqhkiG9w0BAQsFADAeMQswCQYDVQQGEwJJ
 TDEPMA0GA1UECAwGSXNyYWVsMB4XDTIzMDgzMTExNDI0NFoXDTI0MDgzMDExNDI0
 NFowHjELMAkGA1UEBhMCSUwxDzANBgNVBAgMBklzcmFlbDCCASIwDQYJKoZIhvcN
 AQEBBQADggEPADCCAQoCggEBALEmvhycPlaP6/QroRbEq4P8iKtwIr5Ep6AgTcrD
 tFhxB6/15nwQkFnEk0LP41St6U8ChwW6SlekZGOHUzyqA8xpQM1X97AMSd9xUGbo
 3DQLfFCOZV/9TUV9MLtXaAkgN5n/1I3DCAZzZITAzI1NeD8H9PXYidfRYIHPwjQe
 17acPA8XagQEpexF/upDwSgNPcWRGS3hBcRu+Pd5ZwDfaE2TqU92Oe5vP5u5AIRu
 mxuQLMB8b6xi6xnudBG75N5dFqd4KfVJU67JNwYlCz2d+qCVlP8nSU5ocRHo8RTE
 cg2ISKt2rO+n1cah0hyJZxfsAV+lYZx++YzIO7GMzxcPhHECAwEAATANBgkqhkiG
 9w0BAQsFAAOCAQEAjU/gIjnyhyiqUzsaGpLP9WcnLQguSAB0DIWzCG7leXsGMYIN
 TqwH1AinYiV5/7IXWNvnSwzmH+SWtcT5dJ6h7E54wxID72qGhaELI8Ov2UdgmT0r
 lMJR6QOzhZdeY/OcydNtXThFNFFDhF5ueYvB8Id/PSF9aBKGAiBIgCRkLy6eT/MM
 zk/VEr8OxJ6J0I4QjV8poQN1ob0S5M9INNzQkfKK0BEf50OPFV294HbF58yRtnCL
 IQmj1taMRlwyvO73esv3rX6+q2E3/LodhbuSx+Nv6fyxapTDICG2MMt4boTjZzdT
 KswffhUqCiJxxxRj6nZpHEprG/JugukySOzYJw==
 -----END CERTIFICATE-----
--- a/certificates/private-key.pem
+++ b/certificates/private-key.pem
@ -0,0 +1,28 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxJr4cnD5Wj+v0
 K6EWxKuD/IircCK+RKegIE3Kw7RYcQev9eZ8EJBZxJNCz+NUrelPAocFukpXpGRj
 h1M8qgPMaUDNV/ewDEnfcVBm6Nw0C3xQjmVf/U1FfTC7V2gJIDeZ/9SNwwgGc2SE
 wMyNTXg/B/T12InX0WCBz8I0Hte2nDwPF2oEBKXsRf7qQ8EoDT3FkRkt4QXEbvj3
 eWcA32hNk6lPdjnubz+buQCEbpsbkCzAfG+sYusZ7nQRu+TeXRaneCn1SVOuyTcG
 JQs9nfqglZT/J0lOaHER6PEUxHINiEirdqzvp9XGodIciWcX7AFfpWGcfvmMyDux
 jM8XD4RxAgMBAAECggEAWB4UXLjfTUGDtc3p8CBdzGZWOSirL4eI9d57s4tLbt6y
 WzVus3Gty+k68vXjd2CWd+Wi8hdrGVM9WECdB8Tt5MTKJhpGqzxBlrKPstDLj9vS
 t2NNS8T8pb8S+W0N49QxtBmMSgOkP0kwy9P3K6ZIVNoJYCyYzFBqt8d3K2PYGw2h
 wWfVZocKH6/O146k1AyBzQuxg1U83j+ZzGoTlzBJXW1Egi75uk0cWcIheJ1v/yag
 Pcvx3R948TKc43wLcLfuzIIYu57dzgYc82G4XLz93W7PTpkPh/7+SRDhvb6PZ9n3
 A9CXahzrqSppFZ9fdyqHMDrKfYv9n8vpxjcO0XIu7QKBgQDe8njFHrNk/9UB4v9+
 Zb2Oq/ziy99BErICQSeuF1D7DQqntZBg7p8KtBKzW2RfwTeb14WXgVMPZM+fuC8O
 SXu2XEW0gQ6Wl++zFEl5uns27P3Ied9xa1Q+UdagI9Y2/sbNfPhou32sYu5CJMs6
 OZJyzAb2lnhNB/Ca3QRyVM2yuwKBgQDLai3eYn+m4ZrRMqqXGEaDSqH9dMsSEu5Z
 0yYJOQ+kwGKK8lWkyFFB/S/GNV6xpVpafELzVMpHtmFiDHEqMb++2yrAzEXI0o+E
 S1RbgOkeYnlY1blRc3fJrTkYhzIGRDtYWPEZXDBV/muylWFkME/I9zHuWLzqy33V
 IVQXrgsgwwKBgQCV2746IczMEvsG7aJ3P8QO5qRxfkBu6TYmNc2KQ7n3RmjnGjAW
 N89HzorTbJcnliTe6BuwHwnJyyWUYqWeoN47UgK4thcsOqywXu6UmDjCTsK3wtPi
 1RYnXbM6qVwQU2kmLt5656wt98HXTAwe8xvxdhsoHTR38uJT9kRK5Z3uiQKBgEpa
 4bFsp+TEiub1ck4Q3ZWYbmZLjv9oVCAZgsnURdefS2Ym9w9o+er5NcFqONcO7lwt
 F/wCfn6AOFCy45rc3I5TZulawheKgFOHhap9ELm+nUTPuxH+90aNP1Wr9ak8v8Sn
 nln6zOBiQ9Pfrt4EmuWHFoVdgpEBGVoS+L4/LGopAoGBALffVDtB3lmCqJ+v/hxG
 g/MIArmug2bCy9kKA1xpKkQzb+nEh/Fe/QjhTBveetFXkTJOSKUAwIJGW1BmP+9W
 J867oEDOJbm2l968Jwo+/hrHC4SMqQhSVfGvnx3zYD86UC2x1pi2tvWT2te98rgv
 GaSEdJB4yfPDy80Uk1qiJ+0f
 -----END PRIVATE KEY-----
--- a/nginx/Dockerfile
+++ b/nginx/Dockerfile
@ -0,0 +1,9 @@
 # Use the official NGINX image as the base image
 FROM nginx
 # Copy your custom HTML and logo files to the NGINX web root
 COPY index.html /usr/share/nginx/html/
 COPY logo.png /usr/share/nginx/html/
 # Expose port 80 for HTTP traffic
 EXPOSE 80
--- a/nginx/index.html
+++ b/nginx/index.html
@ -0,0 +1,10 @@
 <!DOCTYPE html>
 <html>
 <head>
    <title>Hello Commit</title>
 </head>
 <body>
    <h1>Hello Commit</h1>
    <img src="logo.png" alt="Logo">
 </body>
 </html>
--- a/nginx/logo.png
+++ b/nginx/logo.png
--- a/vpc-subnets-stack.yml
+++ b/vpc-subnets-stack.yml
@ -0,0 +1,216 @@
 AWSTemplateFormatVersion: "2010-09-09"
 Resources:
  VPC:
    Type: AWS::EC2::VPC # or AWS::RDS::DBSubnetGroup
    Properties: # or Properties
      CidrBlock: 10.0.0.0/16 # this is the VPC CIDR block (CIDR = Classless Inter-Domain Routing, it means you can use 0.0.0.0/0 for all IPs)
      EnableDnsSupport: true # Enable DNS hostnames (EnableDnsSupport is true by default)
      EnableDnsHostnames: true # Enable DNS hostnames (EnableDnsHostnames is true by default)
  SubnetA:
    Type: AWS::EC2::Subnet # this subnet is for the ECS instances (webserver)
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.0.0/24 # this is the subnet CIDR block it means that you can use 10.0.0.0/24
      AvailabilityZone: eu-central-1a
  SubnetB:
    Type: AWS::EC2::Subnet # this subnet is for the RDS
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: eu-central-1b
  Nacl:
    Type: AWS::EC2::NetworkAcl
    Properties:
      VpcId: !Ref VPC
  InboundRuleHttps:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "1"
      Protocol: 6
      RuleAction: allow
      PortRange:
        From: 443
        To: 443
      Egress: false # Egress means outbound
      CidrBlock: 0.0.0.0/0
  InboundRuleHttp:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "2"
      Protocol: 6
      RuleAction: allow
      PortRange:
        From: 80
        To: 80
      Egress: false # Egress means outbound
      CidrBlock: 0.0.0.0/0
  OutboundRuleHttps:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "3"
      Protocol: 6
      PortRange:
        From: 443
        To: 443
      RuleAction: allow
      Egress: true
      CidrBlock: 0.0.0.0/0
  OutboundRuleHttp:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId: !Ref Nacl
      RuleNumber: "4"
      Protocol: 6
      PortRange:
        From: 80
        To: 80
      RuleAction: allow
      Egress: true
      CidrBlock: 0.0.0.0/0
  RDSInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t2.micro
      Engine: mysql # or postgres
      MasterUsername: root_user
      MasterUserPassword: root_password
      DBName: root_db
      MultiAZ: false
  ECSCluster:
    Type: AWS::ECS::Cluster # this ECSCluster is to run the ECS tasks
  ECSTaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ExecutionRoleArn: !Ref ExecutionRole
      TaskRoleArn: !Ref TaskRole
      Cpu: 256
      Memory: 0.5GB
      Family: !Ref ECSCluster
      ContainerDefinitions:
        - Name: commit-nginx
          Image: 539634357948.dkr.ecr.eu-central-1.amazonaws.com/commit-nginx:latest
          Memory: 512 # Specify memory here (in MiB)
          PortMappings:
            - ContainerPort: 80
            - ContainerPort: 443
  ECSService:
    Type: AWS::ECS::Service
    Properties:
      Cluster: !Ref ECSCluster
      LoadBalancers:
        - ContainerName: commit-nginx
          ContainerPort: 80
          LoadBalancerName: !GetAtt LoadBalancer.Name
      TaskDefinition: !Ref ECSTaskDefinition
      DesiredCount: 1
      LaunchType: EC2
      NetworkConfiguration:
        AwsvpcConfiguration:
          Subnets:
            - !Ref SubnetA
            - !Ref SubnetB
    DependsOn:
         - "LoadBalancer"
  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: "Commit-elb"
      LoadBalancerAttributes:
        # this is the default, but is specified here in case it needs to be changed
        - Key: idle_timeout.timeout_seconds
          Value: 60
      # "internal" is also an option
      Scheme: internet-facing
      Subnets:
        - !Ref SubnetA
        - !Ref SubnetB
  ExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "Commit-ECSRole"
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: "sts:AssumeRole"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
  TaskRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: "Commit-TaskRole"
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: "sts:AssumeRole"
  MyInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: stack
          Value: production
  MyVPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref MyInternetGateway
      VpcId: !Ref VPC
  ListenerHTTPS:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref TargetGroup
          Type: forward
      LoadBalancerArn: !Ref LoadBalancer
      Port: 80
      Protocol: HTTP
      # Certificates:
      #   - CertificateArn: "arn:aws:acm:eu-central-1:539634357948:certificate/584cfb24-bc7a-431b-9150-16d47bdb8ea9"
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 10
      # will look for a 200 status code by default unless specified otherwise
      HealthCheckPath: "/"
      HealthCheckTimeoutSeconds: 5
      UnhealthyThresholdCount: 2
      HealthyThresholdCount: 2
      Name: MyTargetGroup
      Port: 80
      Protocol: HTTP
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 60 # default is 300
      TargetType: ip
      VpcId: !Ref VPC