#4 マルチAZ対応していないインフラを構築する

cloudformation-v2/main.yml

@@ -0,0 +1,114 @@
+# ------------------------------------------------------------#
+# Create Resource
+# ------------------------------------------------------------#
+AWSTemplateFormatVersion: "2010-09-09"
+Description:
+  Laravel on ECS
+
+Metadata:
+  "AWS::CloudFormation::Interface":
+    ParameterGroups:
+      - Label:
+          default: "Project Name Prefix"
+        Parameters:
+          - PJPrefix
+      - Label:
+          default: VPC
+        Parameters:
+          - VPCCIDR
+      - Label:
+          default: PublicSubnet
+        Parameters:
+          - PublicSubnet1CIDR
+      - Label:
+          default: PrivateSubnet
+        Parameters:
+          - PrivateSubnet1CIDR
+
+Parameters:
+  PJPrefix:
+    Type: String
+    Default: laravel-template
+    ConstraintDescription: Invalid input value for the PJPrefix.
+
+  VPCCIDR:
+    Type: String
+    Default: 10.0.0.0/16
+    MinLength: 9
+    MaxLength: 18
+    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
+    ConstraintDescription: must be a valid VPCCidrBlock.
+
+  PublicSubnet1CIDR:
+    Type: String
+    Default: 10.0.10.0/24
+    MinLength: 9
+    MaxLength: 18
+    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
+    ConstraintDescription: must be a valid PublicSubnet1CidrBlock.
+
+  PrivateSubnet1CIDR:
+    Type: String
+    Default: 10.0.20.0/24
+    MinLength: 9
+    MaxLength: 18
+    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
+    ConstraintDescription: must be a valid PrivateSubnet1CidrBlock.
+
+  PrivateSubnet2CIDR:
+    Type: String
+    Default: 10.0.21.0/24
+    MinLength: 9
+    MaxLength: 18
+    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
+    ConstraintDescription: must be a valid PrivateSubnet2CidrBlock.
+
+Resources:
+  # ------------ IAM Role ----------------
+  iamRole:
+    Type      : AWS::CloudFormation::Stack
+    Properties:
+      Parameters:
+        PJPrefix : !Ref PJPrefix
+      TemplateURL: ./stacks/iam-role.yml
+  # ------------ cloudwatch ----------------
+  cloudwatch:
+    Type      : AWS::CloudFormation::Stack
+    Properties:
+      Parameters:
+        PJPrefix : !Ref PJPrefix
+      TemplateURL: ./stacks/cloudwatch.yml
+  # ------------ vpx ----------------
+  vpc:
+    Type      : AWS::CloudFormation::Stack
+    Properties:
+      Parameters:
+        PJPrefix : !Ref PJPrefix
+        VPCCIDR : !Sub "${VPCCIDR}"
+        PublicSubnet1CIDR : !Sub "${PublicSubnet1CIDR}"
+        PrivateSubnet1CIDR : !Sub "${PrivateSubnet1CIDR}"
+        PrivateSubnet2CIDR : !Sub "${PrivateSubnet2CIDR}"
+      TemplateURL: ./stacks/vpc.yml
+  # ------------ rds ----------------
+  rds:
+    Type      : AWS::CloudFormation::Stack
+    DependsOn : [vpc]
+    Properties:
+      Parameters:
+        PJPrefix : !Ref PJPrefix
+        DatabaseName : !Sub "/${PJPrefix}/database"
+        MasterUsername : !Sub "/${PJPrefix}/master/username"
+        MasterUserPassword : !Sub "/${PJPrefix}/master/password"
+      TemplateURL: stacks/rds.yml
+  # ------------ ecs ----------------
+  ecs:
+    Type      : AWS::CloudFormation::Stack
+    DependsOn : [vpc, iamRole, cloudwatch, rds]
+    Properties:
+      Parameters:
+        PJPrefix : !Ref PJPrefix
+        AppKey : !Sub "/${PJPrefix}/APP_KEY"
+        DatabaseName : !Sub "/${PJPrefix}/database"
+        MasterUsername : !Sub "/${PJPrefix}/master/username"
+        MasterUserPassword : !Sub "/${PJPrefix}/master/password"
+      TemplateURL: stacks/ecs.yml

cloudformation-v2/output/.gitignore

@@ -0,0 +1 @@
+main-stack.yml

cloudformation-v2/stacks/cloudwatch.yml

@@ -0,0 +1,35 @@
+# ------------------------------------------------------------#
+# Create Resource
+# - CloudWatch LogGroup
+# ------------------------------------------------------------#
+
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Create CloudWatch LogGroup
+
+Parameters:
+  PJPrefix:
+    Type: String
+    Default: laravel
+    ConstraintDescription: Invalid input value for the PJPrefix.
+
+Resources:
+# ------------------------------------------------------------#
+#  LogGroup
+# ------------------------------------------------------------#
+  LogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: !Sub "${PJPrefix}-log-group"
+      RetentionInDays: 30
+      Tags:
+        - Key: Name
+          Value: !Sub "${PJPrefix}-log-group"
+
+# ------------------------------------------------------------#
+# Output Parameters
+# ------------------------------------------------------------#
+Outputs:
+  LogGroup:
+    Value: !Ref LogGroup
+    Export:
+      Name: !Sub "${PJPrefix}-log-group"

cloudformation-v2/stacks/ecs.yml

@@ -0,0 +1,111 @@
+# ------------------------------------------------------------#
+# Create Resource
+# - Service
+# - Cluster Service
+# - Task Definition
+# ------------------------------------------------------------#
+
+AWSTemplateFormatVersion: '2010-09-09'
+Description: CloudFormation template for ECS resources
+
+
+Parameters:
+  PJPrefix:
+    Type: String
+    Default: laravel
+    ConstraintDescription: Invalid input value for the PJPrefix.
+  AppKey:
+    Type   : String
+  DatabaseName:
+    Type   : String
+  MasterUsername:
+    Type   : String
+  MasterUserPassword:
+    Type   : String
+
+Resources:
+  # ECS Cluster
+  ECSCluster:
+    Type: "AWS::ECS::Cluster"
+    Properties:
+      ClusterName: !Sub "${PJPrefix}-cluster"
+
+  # Task Definition
+  ECSWebTaskDefinition:
+    Type: "AWS::ECS::TaskDefinition"
+    Properties:
+      Family: !Sub "${PJPrefix}-run-web-task"
+      TaskRoleArn:
+        Fn::ImportValue:
+          !Sub "${PJPrefix}-ECSTaskRole-arn"
+      ExecutionRoleArn:
+        Fn::ImportValue:
+          !Sub "${PJPrefix}-ECSTaskRole-arn"
+      NetworkMode: "awsvpc"
+      ContainerDefinitions:
+        - Name: "nginx"
+          Image: !Sub "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${PJPrefix}/build-nginx:latest"
+          Essential: true
+          PortMappings:
+            - ContainerPort: 80
+              HostPort: 80
+              Protocol: "tcp"
+          Environment:
+          - Name: "APP_ENV"
+            Value: "production"
+          - Name: "APP_KEY"
+            Value: !Sub "{{resolve:ssm:${AppKey}}}"
+          - Name: "DB_HOST"
+            Value:
+              Fn::ImportValue:
+                !Sub "${PJPrefix}-rds-endpoint"
+          - Name: "DB_DATABASE"
+            Value: !Sub "{{resolve:ssm:${DatabaseName}}}"
+          - Name: "DB_USERNAME"
+            Value: !Sub "{{resolve:ssm:${MasterUsername}}}"
+          - Name: "DB_PASSWORD"
+            Value: !Sub "{{resolve:ssm:${MasterUserPassword}}}"
+          LogConfiguration:
+            LogDriver: "awslogs"
+            Options:
+              awslogs-create-group: true
+              awslogs-group: !Sub "${PJPrefix}-log-group"
+              awslogs-region: !Ref "AWS::Region"
+              awslogs-stream-prefix: "nginx"
+      RequiresCompatibilities:
+        - "FARGATE"
+      Cpu: "256"
+      Memory: "512"
+
+  # ECS Service
+  ECSService:
+    Type: "AWS::ECS::Service"
+    DependsOn: ECSCluster
+    Properties:
+      ServiceName: !Sub "${PJPrefix}-service"
+      Cluster: !Ref ECSCluster
+      TaskDefinition: !Ref ECSWebTaskDefinition
+      LaunchType: FARGATE
+      DesiredCount: 1
+      NetworkConfiguration:
+        AwsvpcConfiguration:
+          AssignPublicIp: ENABLED
+          Subnets:
+            - Fn::ImportValue:
+                !Sub "${PJPrefix}-private-subnet-1"
+          SecurityGroups:
+            - Fn::ImportValue:
+                !Sub "${PJPrefix}-SG"
+
+Outputs:
+  ClusterArn:
+    Value: !Ref ECSCluster
+    Description: The ARN of the ECS cluster
+
+  ECSWebTaskDefinitionArn:
+    Description: The ARN of the created web task definition
+    Value: !Ref ECSWebTaskDefinition
+
+  ServiceArn:
+    Value: !Ref ECSService
+    Description: The ARN of the ECS service

cloudformation-v2/stacks/iam-role.yml

@@ -0,0 +1,38 @@
+# ------------------------------------------------------------#
+# Create Resource
+# - IAM Role (ECSTaskRole)
+# ------------------------------------------------------------#
+
+AWSTemplateFormatVersion: "2010-09-09"
+Description:
+  IAM Role (ECSTaskRole)
+
+Parameters:
+  PJPrefix:
+    Type: String
+    Default: laravel
+    ConstraintDescription: Invalid input value for the PJPrefix.
+
+Resources:
+  ECSTaskRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: !Sub "${PJPrefix}-ECSTaskRole"
+      Path: /
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: ecs-tasks.amazonaws.com
+            Action: sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
+        - arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess
+
+Outputs:
+  ECSTaskRoleArn:
+    Description: ARN of the ECS Task Role
+    Value: !GetAtt ECSTaskRole.Arn
+    Export:
+      Name: !Sub "${PJPrefix}-ECSTaskRole-arn"

cloudformation-v2/stacks/rds.yml

@@ -0,0 +1,95 @@
+# ------------------------------------------------------------#
+# Create Resource
+# - DBSubnetGroup
+# - DBClusterParameterGroup
+# - DBCluster
+# - DBInstance
+# ------------------------------------------------------------#
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Create RDS
+
+Parameters:
+  PJPrefix:
+    Type: String
+    Default: laravel
+    ConstraintDescription: Invalid input value for the PJPrefix.
+  DatabaseName:
+    Type   : String
+  MasterUsername:
+    Type   : String
+  MasterUserPassword:
+    Type   : String
+
+Resources:
+  # RDSを配置するサブネットを指定
+  DBSubnetGroup:
+    Type: AWS::RDS::DBSubnetGroup
+    Properties:
+      DBSubnetGroupDescription: !Sub "${PJPrefix}-subnet-group"
+      SubnetIds:
+        - Fn::ImportValue:
+            !Sub "${PJPrefix}-private-subnet-1"
+        - Fn::ImportValue:
+            !Sub "${PJPrefix}-private-subnet-2"
+
+  # RDSクラスターの動作と設定を制御するためのパラメータのセットを定義
+  ClusterParameterGroup:
+    Type: AWS::RDS::DBClusterParameterGroup
+    Properties:
+      Description: !Sub "${PJPrefix}-parameter-group"
+      Family : "aurora-mysql8.0"
+      Parameters:
+        time_zone               : Asia/Tokyo
+        character_set_client    : utf8
+        character_set_connection: utf8
+        character_set_database  : utf8
+        character_set_results   : utf8
+        character_set_server    : utf8
+
+  # RDSインスタンスと共有のデータベースエンジンとストレージをグループ化
+  RDSCluster:
+    Type: AWS::RDS::DBCluster
+    DependsOn: DBSubnetGroup
+    Properties:
+      DBClusterIdentifier        : !Sub "${PJPrefix}-cluster"
+      DBClusterParameterGroupName: !Ref ClusterParameterGroup
+      DBSubnetGroupName          : !Ref DBSubnetGroup
+      Engine                     : "aurora-mysql"
+      DatabaseName               : !Sub "{{resolve:ssm:${DatabaseName}}}"
+      MasterUsername             : !Sub "{{resolve:ssm:${MasterUsername}}}"
+      MasterUserPassword         : !Sub "{{resolve:ssm:${MasterUserPassword}}}"
+      Port                       : 3306
+      PreferredBackupWindow      : "07:00-09:00"
+      PreferredMaintenanceWindow : sun:05:00-sun:05:30
+
+ # 個別のRDSインスタンスの設定を定義
+  RDSInstancePrimary:
+    Type: AWS::RDS::DBInstance
+    DependsOn: RDSCluster
+    Properties:
+      DBInstanceIdentifier        : !Sub "${PJPrefix}-instance-primary"
+      DBInstanceClass             : "db.t4g.medium"
+      Engine                      : "aurora-mysql"
+      AvailabilityZone            : !Sub "${AWS::Region}a"
+      DBClusterIdentifier         : !Ref RDSCluster
+      DBSubnetGroupName           : !Ref DBSubnetGroup
+      PromotionTier               : 1
+
+  RDSInstanceSecondary:
+    Type: AWS::RDS::DBInstance
+    DependsOn: RDSCluster
+    Properties:
+      DBInstanceIdentifier        : !Sub "${PJPrefix}-instance-secondary"
+      DBInstanceClass             : "db.t4g.medium"
+      Engine                      : "aurora-mysql"
+      AvailabilityZone            : !Sub "${AWS::Region}c"
+      DBClusterIdentifier         : !Ref RDSCluster
+      DBSubnetGroupName           : !Ref DBSubnetGroup
+      PromotionTier               : 2
+
+
+Outputs:
+  RDSEndpoint:
+    Value: !GetAtt RDSInstancePrimary.Endpoint.Address
+    Export:
+      Name: !Sub "${PJPrefix}-rds-endpoint"