cloudformation_templates icon indicating copy to clipboard operation
cloudformation_templates copied to clipboard

Published 20 hours ago verified publisher icon bonusbits

Metadata

AWS - CloudFormation Templates

BonusBits CloudFormation Templates

Purpose

This repository contains a collaboration of general and specific Amazon Web Services CloudFormation Template Examples. The basic design is a layered approach so there is less repeat content between all the templates. That way you can build a custom environment by picking the solution templates you wish to use. In other words you won't see a VPC created over and over throughout the templates. You simply use the VPC template then move to the next piece you would like to create.

Also, The general design leans towards not having to refactor the template to fit your account/environment. By using the configured parameters from the console or CLI you should be able to use the template without the need to edit it. The templates generally output all the information you may need for another template. So, be sure to examine the Outputs tab after creating the stack.

The AWS CLI examples can be dropped in a shell script and/or added to your CI/CD solution to spin up solutions in a fully automated fashion. Of course logic around updating stacks, deleting and checking for success/failure should be addressed.

With a simple shell script and a customized parameter json file you can spin up stacks quickly and consistently. Furthermore it's just as easy to tear a CloudFormation stack versus if all the objects where created manually.

Templates

Categories

  • Orchestrators
  • Infrastructure
  • Storage
  • Database
  • Autoscaling
  • Labs

Orchestrators

Back to Top

One template to rule them all... These are master templates that call nested templates. These are good to build out a full environment without having to run each template individually. Coupled with a custom parameters JSON file can give you a one command solution to a complex setup and eliminate the need to duplicate code.

For instance you could have a VPC, NAT, RDS and Autoscaling Webapp behind an ELB and Update DNS all in one command using various foundational templates that I've creates to be used together.

Infrastructure

Select the foundational pieces for building out an infrastructure from the ground up.

Create Details
  1. VPC
  2. Nat Gateway (Optional)
  3. Bastion Host (Optinoal)
  4. VPN (Optional)
Public S3 URL
    https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/infrastructure.yml
Launch
View in Designer
View in Designer

Infrastructure

Back to Top

VPC (Virtual Private Cloud)

Creates an entire VPC from scratch for Lab or Permanent.

Create Details
  1. Single VPC
  2. 3 Public Subnets
  3. 3 Private Subnets
  4. Public Route Table
  5. Private Route Table
  6. Internet Gateway
  • Attached to the Public Route Table
  • Public Network ACL
  • Private Network ACL
  • VPC Endpoint
  • Instance Access Security Group
    • Instance to Instance Access
  • Remote Access Security Group
    • This can be used for to allow site-to-site VPN or Direct Connect Networks access to instances.
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/vpc.yml
    Launch
    View in Designer
    View in Designer
    How To Video
    HowTo Video

    NAT Gateway (Network Addresss Translation)

    Creates a NAT Gateway on an existing VPC with Public (IGW) and Private subnets. Private route table is updated to route traffic to the NAT gateway a Public subnet that has an Internet Gateway Attached.

    Prerequisites
    1. VPC
    • Public Subnet, IGW, Private Subnet/s.
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
  • AWS Privileges
    • Create Details
    1. NAT Gateway
    2. EIP
    3. Add Route to Private Route Table
    Advantages over NAT Instance
    1. Redundancy built in.
    2. Easier setup and management.
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/nat-gateway.yml
    Launch
    View in Designer
    View in Designer
    How To Video
    HowTo Video

    VPN BGP (Virtual Private Network using Border Gateway Protocol)

    Creates a Site-to-Site BGP VPN Connection in and existing VPC with public and/or private networks. There is an option to not exclude allowing VPN access to the public networks. Simply select false for the 'Include Public Subnets', leave default value in Public Network ACL and Route Table. The values will just be ignored. This only sets up the AWS side of the VPN. After the CloudFormation creates the objects you'll then need to configure your remote VPN Device. Here's an article that gives the configuration steps for configuring a Sophos UTM v9 VPN endpoint. This assumes that the Private Network ACL allows all outbound. Lastly, the Private Network ACL inbound is updated to allow the remote network block specified.

    Prerequisites
    1. VPC
    • Public Subnet, IGW, Private Subnet/s.
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
  • Remote Network (Office) VPN Device WAN IP
  • Remote Network CIDR Block to Allow Access and Propagate.
    • Create Details
    1. Customer Gateway
    2. Virtual Private Gateway
    3. VPN Connection
    4. Enable Route Propagation on Route Table/s
    5. Add Network ACL to Allow Remote Network
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/vpn-bgp.yml
    Launch
    View in Designer
    View in Designer
    How To Video
    HowTo Video

    Bastion

    Creates a single Bastion host on a Public subnet in an existing VPC. Select from either a RHEL, Ubuntu or Windows OS.

    Prerequisites
    1. VPC
    • Public Subnet, IGW, Private Subnet/s.
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
  • Available EIP
    • Create Details
    1. EC2 Instance
    2. EIP
    3. IAM Role
    4. IAM Instance Profile
    5. Security Group
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/bastion.yml
    Launch
    us-west-2
    View in Designer
    View in Designer

    Proxy AWSAPI & DevOps Sites Access for Private Instances

    Create EC2 Single Proxy Instance

    Prerequisites
    1. VPC
    2. 1 Public Subnet
    CloudFormation Tasks
    1. Create Single EC2 Instance on Public Network with Public IP
    2. Create Autoscaling Group of 1 for DR
    3. Create Proxy Access Security Group
    4. Install Chef Client
    5. Create Chef Configurations Files (environment, roles, etc.)
    6. Download Cookbooks from Github Repo
    7. Checkout Specific Version of Cookbook
    8. Run Chef Client using Chef Zero
    9. Warm EBS Volume
    Chef Cookbook Tasks
    1. Install, Configure and Start Squid Proxy
    2. Setup CloudWatch Logs
    3. Create Route53 DNS Update Script
    4. Configure DNS Update Cron Job
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/proxy-awsapi-devops-access.yml
    Launch
    View in Designer
    View in Designer

    Storage

    Back to Top

    EFS

    Creates an Elastic File System with 3 Mounts

    Prerequisites
    1. VPC
    2. 3 Subnets
    Create Details
    1. EFS Filesystem
    2. 3 Mount Targets
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/efs.yml
    Launch
    View in Designer
    View in Designer

    S3 Backup Bucket

    Create S3 Backup Bucket

    Prerequisites
    1. VPC
    2. VPC Endpoint
    Create Details
    1. Single S3 Bucket
    2. Enabled Versioning
    3. Enforced Encryption
    4. Creates LifeCycle to Delete Previous Versions after X Days
    Launch
    View in Designer
    View in Designer

    Database

    Back to Top

    MySQL RDS

    Creates a MySQL RDS Database Instance.

    Prerequisites
    1. VPC
    • Public Subnet, IGW, Private Subnet/s.
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
    Create Details
    1. DB Instance
    2. DB Subnet Group
    3. Security Group
    4. Cloud Watch Alarms
    5. Route 53 Record Set (Optional)
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/mysql-rds.yml
    Launch
    View in Designer
    View in Designer

    Create RDS From Snapshot

    Creates an RDS Instance From Snapshot. Can be great for Blue/Green or pull Prd DB to Nonprod for testing.

    Prerequisites
    1. RDS Snapshot in Same Region
    2. 2+ Subnets if Enabling Multi AZ
    Create Details
    1. Create RDS Instance from Snapshot
    2. Create Subnet Group
    3. Create Access Security Group
    4. Optionally Configure DNS Record in Route53
    Notes
    1. Because it's a restore several options are not available. Such as:
      1. Can't set Master User and Password
      2. Can't select what DB Engine
      3. Can't set allocated storage
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/create-rds-from-snapshot.yml
    Launch
    View in Designer
    View in Designer

    Autoscaling

    Back to Top

    Baked AMI, ELB, RDS Backend

    Create an Autoscaling group in 3 private subnets from a baked AMI, an Elastic Load Balancer in 3 public subnets and S3 ELB Logging Bucket. Option to use SSL/TLS on ELB. Option to update Route 53 Hosted DNS alias to point to the ELB. Setup to add RDS Access Security Group. Does not create an RDS Instance. Use an RDS Instance Cloudformation Template first.

    Create Details
    1. EC2 Instances
    2. AutoScaling
    3. Launch Configuration
    4. Elastic Load Balancer
    5. IAM Role
    6. IAM Instance Profile
    7. Security Group
    8. Scale Up Policy
    9. Scale Down Policy
    10. Cloud Watch Alarm
    11. Network ACL Entry
    12. Route 53 Record Set (Optional)
    13. S3 Bucket (Optional)
    14. S3 Bucket Policy (Optional)
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/autoscaling-bakedami-rdsbackend.yml
    Launch
    View in Designer
    View in Designer

    Labs

    Back to Top

    Chef Compliance Lab

    Creates a Chef Complianc Web server in a Public Subnet with Internet Gatewayy attached on an existing VPC. It then attaches an EIP and finally adds the instance to an existing instance-to-instance security group.

    Prerequisites
    1. VPC
    • Public Subnet, IGW, Private Subnet/s.
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
  • Available EIP
    • Supported Regions
    1. us-west-2
    2. us-east-1
    Create Details
    1. EC2 Instance
    2. EIP
    3. IAM Role
    4. IAM Instance Profile
    5. Security Group
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/chef-compliance.yml
    Launch
    View in Designer
    View in Designer

    Bitbucket Lab

    Creates a Bitbucket Server in a private or public subnet in an existing VPC.

    Prerequisites
    1. VPC
    • Public or Private Subnet
    • Internal Instance Access Security Group
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
  • Internet Access from the EC2 Instance or Yum access solution
  • EC2 Key Pair
  • Available EIP if Selected Public Facing
  • IAM Role Creation Permissions
    • Supported Regions
    1. cn-north-1
    2. us-east-1
    3. us-west-1
    4. us-west-2
    5. eu-west-1
    6. eu-central-1
    7. ap-northeast-1
    8. ap-northeast-2
    9. ap-southeast-1
    10. ap-southeast-2
    11. sa-east-1
    Create Details
    1. EC2 Instance (Amazon Linux)
    2. EIP (Optional)
    3. IAM Role
    4. IAM Instance Profile
    5. Security Group
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/bitbucket.yml
    Launch
    View in Designer
    View in Designer

    Test Instances

    Creates three test instances in an existing VPC. Each instance is a different operating system. They are; Red Hat Enterprise Linux 7, Ubuntu 14 and Windows 2012 R2.

    Create Details
    1. 3 EC2 Instances
    2. IAM Role
    3. IAM Instance Profile
    Public S3 URL
      https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/rhel-ubuntu-win2012.yml
    Launch
    View in Designer
    View in Designer

    Wordpress on Nginx

    Create S3 Backup Bucket

    Prerequisites
    1. VPC
    2. Public Subnet
    3. Internal Access Security Group
    4. RDS Security Group
    5. EFS Security Group
    Create Details
    1. Single Amazon Linux EC2 Instance
    2. Create Web Access Security Group
    3. Create IAM Instance Profile Role
    4. Create CloudWatch Logs Group
    5. No External IP
    Deploy Details
    1. Installs Nginx
    2. Installs PHP-FPM 7.0
    3. Installs MySQL 5.6 Client
    4. Installs Latest Wordpress
    5. Installs Creates Nginx Config for Wordpress
    6. Assumes RDS Backend
    7. Assumes EFS Shared Content Mount
    Launch
    View in Designer
    View in Designer

    Mediawiki on Nginx

    Create S3 Backup Bucket

    Prerequisites
    1. VPC
    2. Public Subnet
    3. Internal Access Security Group
    4. RDS Security Group
    5. EFS Security Group
    Create Details
    1. Single Amazon Linux EC2 Instance
    2. Create Web Access Security Group
    3. Create IAM Instance Profile Role
    4. Create CloudWatch Logs Group
    5. No External IP
    Deploy Details
    1. Installs Nginx
    2. Installs PHP-FPM 7.0
    3. Installs MySQL 5.6 Client
    4. Installs Specfic Release of Mediawiki (Default REL1_28)
    5. Installs Creates Nginx Config for Mediawiki
    6. Assumes RDS Backend
    7. Assumes EFS Shared Content Mount
    Launch
    View in Designer
    View in Designer

    Back to Top

    Metadata

    45
    Stars
    64
    Forks
    Watchers

    Owner

    verified publisher icon bonusbits

    Metadata

    AWS - CloudFormation Templates

    Back