Automation for the People
' + mode: '000644' + owner: root + group: root + services: + sysvinit: + nginx: + enabled: 'true' + ensureRunning: 'true' + + MyTargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: true + HealthCheckPath: "/index.html" + HealthCheckPort: "traffic-port" + HealthCheckProtocol: HTTP + HealthyThresholdCount: 2 + UnhealthyThresholdCount: 2 + HealthCheckIntervalSeconds: 30 + HealthCheckTimeoutSeconds: 5 + VpcId: !ImportValue fidelisVpc + Protocol: HTTP + Port: 80 + Matcher: + HttpCode: "200" \ No newline at end of file diff --git a/07-load-balancing/alb-7-1-2.yaml b/07-load-balancing/alb-7-1-2.yaml new file mode 100644 index 00000000..c0152b0c --- /dev/null +++ b/07-load-balancing/alb-7-1-2.yaml @@ -0,0 +1,144 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: Create basic ec2 instance + +Parameters: + LinuxAMI: + Type: String + Description: AMI ID for ec2 instance + + Ec2InstanceType: + Type: String + Description: Instance Type for ec2 + + LaunchTemplateVersionNumber: + Default: 1 + Type: String + +Resources: + + ALBSG: + Type: "AWS::EC2::SecurityGroup" + Properties: + GroupDescription: "security group for ALB" + GroupName: "test-ALB-SG" + VpcId: !ImportValue fidelisVpc + SecurityGroupIngress: + - + CidrIp: "0.0.0.0/0" + FromPort: 80 + IpProtocol: "tcp" + ToPort: 80 + - + CidrIp: "0.0.0.0/0" + FromPort: 443 + IpProtocol: "tcp" + ToPort: 443 + + ALB: + Type: "AWS::ElasticLoadBalancingV2::LoadBalancer" + Properties: + Name: "test-Application-Load-Balancer" + Scheme: "internet-facing" + Type: "application" + Subnets: + - !ImportValue fidelisPubSubnet + - !ImportValue fidelisPubSubnet2 + SecurityGroups: + - !Ref ALBSG + IpAddressType: "ipv4" + + TargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: true + HealthCheckPath: "/BADindex.html" + HealthCheckPort: "traffic-port" + HealthCheckProtocol: HTTP + HealthyThresholdCount: 2 + UnhealthyThresholdCount: 2 + HealthCheckIntervalSeconds: 30 + HealthCheckTimeoutSeconds: 5 + VpcId: !ImportValue fidelisVpc + Protocol: HTTP + Port: 80 + Matcher: + HttpCode: "200" + TargetGroupAttributes: + - Key: deregistration_delay.timeout_seconds + Value: "20" + + MyAlbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref ALB + Port: 80 + Protocol: "HTTP" + DefaultActions: + - Order: 1 + TargetGroupArn: !Ref TargetGroup + Type: "forward" + + WebServerAsg: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + AutoScalingGroupName: 'AutomationBoxes' + VPCZoneIdentifier: + - !ImportValue fidelisPubSubnet + - !ImportValue fidelisPubSubnet2 + DesiredCapacity: '3' + HealthCheckType: 'ELB' + HealthCheckGracePeriod: 30 + LaunchConfigurationName: !Ref WebServersLC + MaxSize: '3' + MinSize: '3' + TargetGroupARNs: + - !Ref TargetGroup + + WebServersLC: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Properties: + ImageId: 'ami-0cff7528ff583bf9a' + InstanceType: 't2.micro' + LaunchConfigurationName: 'SimpleWebServerLC' + SecurityGroups: + - !ImportValue InstancegroupID + UserData: + Fn::Base64: + Fn::Sub: | + #!/bin/bash -xe + + yum install -y aws-cfn-bootstrap + + # Install the files and packages from the metadata + /opt/aws/bin/cfn-init -v \ + --stack ${AWS::StackName} \ + --resource WebServersLC \ + --configsets All \ + --region ${AWS::Region} + + # Signal the status from cfn-init + /opt/aws/bin/cfn-signal -e $? \ + --stack ${AWS::StackName} \ + --resource WebServersLC \ + --region ${AWS::Region} + + Metadata: + 'AWS::CloudFormation::Init': + configSets: + All: + - ConfigureStelligentProject + ConfigureStelligentProject: + packages: + yum: + nginx: [] + files: + /usr/share/nginx/html/index.html: + content: 'Automation for the People
' + mode: '000644' + owner: root + group: root + services: + sysvinit: + nginx: + enabled: 'true' + ensureRunning: 'true' \ No newline at end of file diff --git a/07-load-balancing/alb-7-1-3.yaml b/07-load-balancing/alb-7-1-3.yaml new file mode 100644 index 00000000..335eba07 --- /dev/null +++ b/07-load-balancing/alb-7-1-3.yaml @@ -0,0 +1,158 @@ +AWSTemplateFormatVersion: 2010-09-09 +Description: Create basic ec2 instance + +Parameters: + LinuxAMI: + Type: String + Description: AMI ID for ec2 instance + + Ec2InstanceType: + Type: String + Description: Instance Type for ec2 + + LaunchTemplateVersionNumber: + Default: 1 + Type: String + +Resources: + + ALBSG: + Type: "AWS::EC2::SecurityGroup" + Properties: + GroupDescription: "security group for ALB" + GroupName: "test-ALB-SG" + VpcId: !ImportValue fidelisVpc + SecurityGroupIngress: + - + CidrIp: "0.0.0.0/0" + FromPort: 80 + IpProtocol: "tcp" + ToPort: 80 + - + CidrIp: "0.0.0.0/0" + FromPort: 443 + IpProtocol: "tcp" + ToPort: 443 + + ALB: + Type: "AWS::ElasticLoadBalancingV2::LoadBalancer" + Properties: + Name: "test-Application-Load-Balancer" + Scheme: "internet-facing" + Type: "application" + Subnets: + - !ImportValue fidelisPubSubnet + - !ImportValue fidelisPubSubnet2 + SecurityGroups: + - !Ref ALBSG + IpAddressType: "ipv4" + + TargetGroup: + Type: AWS::ElasticLoadBalancingV2::TargetGroup + Properties: + HealthCheckEnabled: true + HealthCheckPath: "/index.html" + HealthCheckPort: "traffic-port" + HealthCheckProtocol: HTTP + HealthyThresholdCount: 2 + UnhealthyThresholdCount: 2 + HealthCheckIntervalSeconds: 30 + HealthCheckTimeoutSeconds: 5 + VpcId: !ImportValue fidelisVpc + Protocol: HTTP + Port: 80 + Matcher: + HttpCode: "200" + TargetGroupAttributes: + - Key: deregistration_delay.timeout_seconds + Value: "20" + + MyAlbListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref ALB + Port: 80 + Protocol: "HTTP" + DefaultActions: + - Order: 1 + TargetGroupArn: !Ref TargetGroup + Type: "forward" + + SecureListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref ALB + Port: 443 + Protocol: "HTTPS" + Certificates: + - CertificateArn: arn:aws:acm:us-east-1:324320755747:certificate/93563cb7-4bc8-464c-bcd4-dd13edb955c8 + SslPolicy: ELBSecurityPolicy-FS-1-2-Res-2020-10 + DefaultActions: + - Order: 1 + TargetGroupArn: !Ref TargetGroup + Type: "forward" + + WebServerAsg: + Type: 'AWS::AutoScaling::AutoScalingGroup' + Properties: + AutoScalingGroupName: 'AutomationBoxes' + VPCZoneIdentifier: + - !ImportValue fidelisPubSubnet + - !ImportValue fidelisPubSubnet2 + DesiredCapacity: '3' + HealthCheckType: 'ELB' + HealthCheckGracePeriod: 30 + LaunchConfigurationName: !Ref WebServersLC + MaxSize: '3' + MinSize: '3' + TargetGroupARNs: + - !Ref TargetGroup + + WebServersLC: + Type: 'AWS::AutoScaling::LaunchConfiguration' + Properties: + ImageId: 'ami-0cff7528ff583bf9a' + InstanceType: 't2.micro' + LaunchConfigurationName: 'SimpleWebServerLC' + SecurityGroups: + - !ImportValue InstancegroupID + UserData: + Fn::Base64: + Fn::Sub: | + #!/bin/bash -xe + + yum install -y aws-cfn-bootstrap + + # Install the files and packages from the metadata + /opt/aws/bin/cfn-init -v \ + --stack ${AWS::StackName} \ + --resource WebServersLC \ + --configsets All \ + --region ${AWS::Region} + + # Signal the status from cfn-init + /opt/aws/bin/cfn-signal -e $? \ + --stack ${AWS::StackName} \ + --resource WebServersLC \ + --region ${AWS::Region} + + Metadata: + 'AWS::CloudFormation::Init': + configSets: + All: + - ConfigureStelligentProject + ConfigureStelligentProject: + packages: + yum: + nginx: [] + files: + /usr/share/nginx/html/index.html: + content: 'Automation for the People
' + mode: '000644' + owner: root + group: root + services: + sysvinit: + nginx: + enabled: 'true' + ensureRunning: 'true' \ No newline at end of file diff --git a/07-load-balancing/exec.sh b/07-load-balancing/exec.sh new file mode 100755 index 00000000..1ad58779 --- /dev/null +++ b/07-load-balancing/exec.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +PROFILE="labmfa" +STACK_NAME="fidelisalb" +TEMPLATE="alb-7-1-3.yaml" +PARAMETER="file://params.json" +KEY_NAME="fidelis" +REGION="us-east-1" + +# deploy stack +aws cloudformation deploy --template-file $TEMPLATE \ + --stack-name $STACK_NAME --profile $PROFILE \ + --parameter-overrides $PARAMETER \ + --region $REGION + +# create ec2 keypair +# aws ec2 create-key-pair --key-name $KEY_NAME \ +# --query 'KeyMaterial' \ +# --region $REGION --profile $PROFILE \ +# --output text > fidelis.pem + +# WHAT IS A SELF SIGNED CERTIFICATE +# self-signed certificate is an SSL/TSL certificate not signed by a public or private certificate authority. +# Instead, it is signed by the creator’s own personal or root CA certificate. +# Openssl is a handy utility to create self-signed certificates. You can use OpenSSL on all the +# operating systems such as Windows, MAC, and Linux flavors. + +# USER creates his own CA (rootCA and private key) + +# generate server private key and create csr +# mkdir openssl && cd openssl +# openssl req -x509 -nodes -days 365 \ +# -newkey rsa:2048 \ +# -keyout privateKey.key \ +# -out certificate.crt + +# verify the key and cert generated +# openssl rsa -in privateKey.key -check +# openssl x509 -in certificate.crt -text -noout +# import both private key and csr to acm +# aws acm import-certificate --certificate file://certificate.crt \ +# --private-key file://privateKey.key \ +# --region $REGION \ +# --profile $PROFILE diff --git a/07-load-balancing/params.json b/07-load-balancing/params.json new file mode 100644 index 00000000..035a037a --- /dev/null +++ b/07-load-balancing/params.json @@ -0,0 +1,6 @@ +{ + "Parameters": { + "LinuxAMI": "ami-052efd3df9dad4825", + "Ec2InstanceType": "t2.small" + } +} \ No newline at end of file