Parameters:
EnvironmentName:
Description: An environment name that is prefixed to resource names
Type: String
Default: "wsi"
Resources:
S3LogBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "${EnvironmentName}-alb-logs"
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
Tags:
- Key: Name
Value: !Sub "${EnvironmentName}-alb-logs"
S3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref S3LogBucket
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "s3:PutObject"
Effect: Allow
Principal:
AWS: arn:aws:iam::600734575887:root
Resource: !Sub arn:aws:s3:::${S3LogBucket}/AWSLogs/${AWS::AccountId}/*
ALBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub "${EnvironmentName}-alb-sg"
VpcId: !Ref MainVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
FromPort: 0
ToPort: 0
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: !Sub "${EnvironmentName}-alb-sg"
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Sub "${EnvironmentName}-alb"
Scheme: internet-facing
Type: application
SecurityGroups:
- !Ref ALBSecurityGroup
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
- !Ref PublicSubnet3
LoadBalancerAttributes:
- Key: access_logs.s3.enabled
Value: "true"
- Key: access_logs.s3.bucket
Value: !Ref S3LogBucket
- Key: access_logs.s3.prefix
Value: !Sub "${EnvironmentName}-alb"
Tags:
- Key: Name
Value: !Sub "${EnvironmentName}-alb"
ALBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Sub "${EnvironmentName}-tg"
Port: 80
Protocol: HTTP
VpcId: !Ref MainVPC
TargetType: instance
HealthCheckPath: /health
HealthCheckProtocol: HTTP
HealthCheckIntervalSeconds: 30
HealthyThresholdCount: 2
UnhealthyThresholdCount: 2
HealthCheckTimeoutSeconds: 5
Tags:
- Key: Name
Value: !Sub "${EnvironmentName}-tg"
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 80
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ALBTargetGroup
ALBTargetGroupAttachment:
Type: AWS::ElasticLoadBalancingV2::TargetGroupAttachment
Properties:
TargetGroupArn: !Ref ALBTargetGroup
TargetId: !Ref EC2Instance
Port: 80
Outputs:
ALBSecurityGroupId:
Description: ALB Security Group ID
Value: !Ref ALBSecurityGroup
ALBId:
Description: Application Load Balancer ID
Value: !Ref ApplicationLoadBalancer