./priv/layers/admin-api.json in stacco-0.1.37 vs ./priv/layers/admin-api.json in stacco-0.1.38
- old
+ new
@@ -1,107 +1,35 @@
{
-"Resources": {
-
-
-"AdminAPISecurityGroup": {"Type": "AWS::EC2::SecurityGroup", "Properties": {
- "GroupDescription": "Admin API security group",
- "VpcId": {"Ref": "VPC"},
-
- "SecurityGroupIngress": [
- {"IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "10.0.0.0/16"},
- {"IpProtocol": "tcp", "FromPort": "51607", "ToPort": "51607", "CidrIp": "10.0.0.0/16"}
- ],
- "SecurityGroupEgress": [
- {"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0"},
- {"IpProtocol": "tcp", "FromPort": "51607", "ToPort": "51607", "CidrIp": "0.0.0.0/0"}
- ]
-}},
-
-"BackendSecurityGroup" : {
- "Type" : "AWS::EC2::SecurityGroup",
- "Properties" : {
- "GroupDescription" : "Allow the application instances to access the NAT device",
- "VpcId" : { "Ref" : "VPC" },
- "SecurityGroupIngress": [
- {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0"},
- {"IpProtocol": "tcp", "FromPort": "51607", "ToPort": "51607", "SourceSecurityGroupId": {"Ref": "AdminAPISecurityGroup"}},
- {"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "SourceSecurityGroupId": {"Ref": "AdminAPISecurityGroup"}}
- ],
- "SecurityGroupEgress": [
- {"IpProtocol": "-1", "CidrIp": "0.0.0.0/0"}
- ]
- }
+"Parameters": {
+ "AdminAPIScalingGroupMinSizeVar": {"Type": "Number", "MinValue": "0", "Default": "0"},
+ "AdminAPIScalingGroupMaxSizeVar": {"Type": "Number", "MinValue": "1", "Default": "1"}
},
-"BackendDBIngress": {
- "Type": "AWS::EC2::SecurityGroupIngress",
- "Properties": {
- "GroupId": {"Fn::GetAtt": ["DBSecurityGroup", "GroupId"]},
- "IpProtocol": "-1",
- "SourceSecurityGroupId": {"Fn::GetAtt": ["BackendSecurityGroup", "GroupId"]}
- }
-},
-"AdminAPILoadBalancer": {"Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": {
- "Subnets": [{"Ref": "PublicSubnet"}],
- "Scheme": "internal",
- "SecurityGroups": [{"Ref": "AdminAPISecurityGroup"}],
+"Resources": {
- "HealthCheck": {
- "HealthyThreshold": "3",
- "Interval": "60",
- "Target": "HTTP:80/health",
- "Timeout": "5",
- "UnhealthyThreshold": "10"
- },
-
- "Listeners": [
- {
- "LoadBalancerPort": "443",
- "InstancePort": "80",
- "Protocol": "SSL",
- "InstanceProtocol": "TCP",
-
- "SSLCertificateId": {"Fn::FindInMap": ["StackZoneRecords", "AdminAPI", "ServerCertificateARN" ]}
- },
-
- {
- "LoadBalancerPort": "51607",
- "InstancePort": "51607",
- "Protocol": "TCP",
- "InstanceProtocol": "TCP"
- }
- ]
-}},
-
-"AdminAPIDNSRecord": {"Type": "AWS::Route53::RecordSet", "Properties": {
- "HostedZoneId": {"Fn::FindInMap": ["StackZoneRecords", "AdminAPI", "HostedZoneId" ]},
- "Name": {"Fn::FindInMap": ["StackZoneRecords", "AdminAPI", "DNSName" ]},
- "Type": "CNAME", "TTL": "300",
- "ResourceRecords": [{"Fn::GetAtt": ["AdminAPILoadBalancer", "DNSName"]}]
-}},
-
"AdminAPIScalingGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
- "DependsOn": "BastionBoxReady",
+ "DependsOn": "PrivateRouteThroughBastionBox",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
- "MinInstancesInService": "1",
+ "MinInstancesInService": {"Ref": "AdminAPIScalingGroupMinSizeVar"},
"MaxBatchSize": "1",
"PauseTime": "PT0S"
}
},
"Properties": {
"AvailabilityZones": [{"Fn::GetAtt": ["PrivateSubnet", "AvailabilityZone"]}],
"VPCZoneIdentifier": [{"Ref": "PrivateSubnet"}],
"LaunchConfigurationName": {"Ref": "BackendLaunchConfiguration"},
- "MinSize": "1",
- "MaxSize": "2",
+ "MinSize": {"Ref": "AdminAPIScalingGroupMinSizeVar"},
+ "MaxSize": {"Ref": "AdminAPIScalingGroupMaxSizeVar"},
+ "DesiredCapacity": {"Ref": "AdminAPIScalingGroupMinSizeVar"},
"HealthCheckType": "ELB",
"HealthCheckGracePeriod": "6000",
"LoadBalancerNames": [
{"Ref": "AdminAPILoadBalancer"}
@@ -111,99 +39,9 @@
"MetricsCollection": [{
"Granularity": "1Minute",
"Metrics": ["GroupMinSize", "GroupMaxSize"]
}]
- }
-},
-
-"AdminAPIScalingGroupReadyWaitHandle": {"Type": "AWS::CloudFormation::WaitConditionHandle", "Properties": {}},
-
-"AdminAPIScalingGroupReady": {
- "Type": "AWS::CloudFormation::WaitCondition",
- "DependsOn": "AdminAPIScalingGroup",
- "Properties": {
- "Handle": {"Ref": "AdminAPIScalingGroupReadyWaitHandle"},
- "Count": "1",
- "Timeout": "5000"
- }
-},
-
-
-
-"BitcoinDaemonRole": {
- "Type": "AWS::IAM::Role",
- "Properties": {
-
- "AssumeRolePolicyDocument": {
- "Statement": [ {
- "Effect": "Allow",
- "Principal": {
- "Service": [ "ec2.amazonaws.com" ]
- },
- "Action": [ "sts:AssumeRole" ]
- } ]
- },
-
- "Path": "/",
-
- "Policies": [{
- "PolicyName": "BlockchainAccess",
-
- "PolicyDocument": {
- "Statement": [{
- "Effect": "Allow",
- "Action": "s3:*",
- "Resource": [
- "arn:aws:s3:::bex-blockchain-main",
- "arn:aws:s3:::bex-blockchain-main/*",
- "arn:aws:s3:::bex-blockchain-testnet3",
- "arn:aws:s3:::bex-blockchain-testnet3/*"
- ]
- }]
- }
- }]
-
- }
-},
-
-"BackendProfile": {
- "Type": "AWS::IAM::InstanceProfile",
- "Properties": {
- "Path": "/",
- "Roles": [{"Ref": "BitcoinDaemonRole"}]
- }
-},
-
-
-
-"BackendLaunchConfiguration" : {
- "Type" : "AWS::AutoScaling::LaunchConfiguration",
-
- "Metadata": {
- "AWS::CloudFormation::Init": {}
- },
-
- "Properties" : {
- "InstanceType": "m3.medium",
- "ImageId": {"Ref": "InstanceAMIVar"},
- "KeyName": {"Ref": "IAMKeypairNameVar"},
- "SecurityGroups": [{"Ref": "BackendSecurityGroup"}],
-
- "IamInstanceProfile" : {"Ref": "BackendProfile"},
-
- "UserData": {"Fn::Base64": {"Fn::Join": ["", [
- "#!/bin/bash\n",
- "export AWS_REGION='", {"Ref": "AWS::Region"}, "'\n",
- "export AWS_STACK_NAME='", {"Ref": "AWS::StackName"}, "'\n",
- "export AWS_INSTANCE_LOGICAL_NAME='BackendLaunchConfiguration'\n",
- "export AWS_INSTANCE_WAIT_HANDLE='", {"Ref": "AdminAPIScalingGroupReadyWaitHandle"}, "'\n",
- "export DB_HOST='", {"Fn::GetAtt": ["DB", "Endpoint.Address"]}, "'\n",
- "export DB_PORT='", {"Fn::GetAtt": ["DB", "Endpoint.Port"]}, "'\n",
- {"Ref": "UserDataEnvironmentVar"}, "\n",
- {"Ref": "CommonRoleScriptVar"}, "\n",
- {"Ref": "BackendRoleScriptVar"}, "\n"
- ]]}}
}
}
}