Infrastructure as Code - Builds an entire AWS environment with Templates
The AWS architecture is managed using CloudFormation templates.
The diagram below outlines the process to build the entire architecture from the ground up.
- User starts the build by launching the wrapper stack via the AWS console or an API call.
- The wrapper template launches the vpc stack and builds the VPC infrastructure.
- Once the VPC build has completed, wrapper calls the security template to deploy the security groups.
- After the security stack is completed, all the dependencies required to build the rest of the services are in place. The elb, cache, rds-replica and bastion templates are launched.
- After successful completion, 6 CloudFormation stacks (including the wrapper stack) are created.
Each VPC contains the following resources:
- Two availability zones to provide local redundancy
- Two NAT servers for outbound initiated traffic
- Two servers in an Autoscale group attached to a Load Balancer (ELB)
- Two ElastiCache nodes
- One read-replica Db node (The master should be located in another region.)
- One bastion host for remote access and management
Autoscale
At a minimum, the Autoscale policy will keep 2 instances running, 1 in each availability zone, at all times. Autoscale will scale up by adding an instance in each availability zone after exceeding the total connection count threshold for 1 evaluation period. The policy will scale down after the connection count drops below the threshold for 4 evaluation periods.
Security
- The ELB security group (443, 80) permits all traffic.
- The Bastion security group (22) permits your admin CIDR.
- The Common security group applied to the instances permits traffic (80, 8082) from the ELB security group.
- The Cache security group (11211) and RDS security group (3306) permit connections from the Common security group.
| Template | Purpose |
|---|---|
| bastion-template.json | Launches a Bastion host into the public subnet in availability-zone 1 |
| cache-template.json | Launches the Cache node cluster |
| elb-template.json | Deploys a Load Balancer and Autoscale group |
| rds-master-template.json | Creates the master mySQL database (Note: Not launched by the wrapper template) |
| rds-replica-template.json | Creates a mySQL read-replica node |
| security-template.json | Creates all the needed security groups for each service |
| vpc-template.json | Creates the VPC and all it's resources |
| wrapper-template.json | Used to build the entire site from scratch |
Regions currently supported:
- N. Virginia (us-east-1)
- Oregon (us-west-2)
- Ireland (eu-west-1)
- Tokyo (ap-northeast-1)
Note: Update template "Mappings" to add more regions.