├── .github
    └── PULL_REQUEST_TEMPLATE.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── LICENSE
├── NOTICE
├── README.md
├── aurora.yaml
├── create.sh
├── master.yaml
├── network.yaml
├── pgpool.yaml
├── secgroups.yaml
└── update.sh


/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | *Issue #, if available:*
2 | 
3 | *Description of changes:*
4 | 
5 | 
6 | By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
7 | 


--------------------------------------------------------------------------------
/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | ## Code of Conduct
2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
4 | opensource-codeofconduct@amazon.com with any additional questions or comments.
5 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.md:
--------------------------------------------------------------------------------
 1 | # Contributing Guidelines
 2 | 
 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 
 4 | documentation, we greatly value feedback and contributions from our community.
 5 | 
 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 
 7 | information to effectively respond to your bug report or contribution.
 8 | 
 9 | 
10 | ## Reporting Bugs/Feature Requests
11 | 
12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features.
13 | 
14 | When filing an issue, please check [existing open](https://github.com/aws-samples/amazon-aurora-pgpool-example/issues), or [recently closed](https://github.com/aws-samples/amazon-aurora-pgpool-example/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already 
15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
16 | 
17 | * A reproducible test case or series of steps
18 | * The version of our code being used
19 | * Any modifications you've made relevant to the bug
20 | * Anything unusual about your environment or deployment
21 | 
22 | 
23 | ## Contributing via Pull Requests
24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
25 | 
26 | 1. You are working against the latest source on the *master* branch.
27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
29 | 
30 | To send us a pull request, please:
31 | 
32 | 1. Fork the repository.
33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
34 | 3. Ensure local tests pass.
35 | 4. Commit to your fork using clear commit messages.
36 | 5. Send us a pull request, answering any default questions in the pull request interface.
37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
38 | 
39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 
40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
41 | 
42 | 
43 | ## Finding contributions to work on
44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-samples/amazon-aurora-pgpool-example/labels/help%20wanted) issues is a great place to start. 
45 | 
46 | 
47 | ## Code of Conduct
48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 
49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 
50 | opensource-codeofconduct@amazon.com with any additional questions or comments.
51 | 
52 | 
53 | ## Security issue notifications
54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
55 | 
56 | 
57 | ## Licensing
58 | 
59 | See the [LICENSE](https://github.com/aws-samples/amazon-aurora-pgpool-example/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
60 | 
61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
62 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this
 4 | software and associated documentation files (the "Software"), to deal in the Software
 5 | without restriction, including without limitation the rights to use, copy, modify,
 6 | merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
 7 | permit persons to whom the Software is furnished to do so.
 8 | 
 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
10 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
11 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
12 | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
13 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
14 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
15 | 


--------------------------------------------------------------------------------
/NOTICE:
--------------------------------------------------------------------------------
1 | Code for "A single endpoint for reads and writes with PostgreSQL-compatible Amazon Aurora RDS"
2 | Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 
3 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ## Amazon Aurora Pgpool example
 2 | 
 3 | A set of CloudFormation templates that demonstrates using pgool middleware to provide a single endpoint for both the primary and read replica instances of an Amazon Aurora PostgreSQL-compatible cluster.
 4 | 
 5 | These CloudFormation (CFN) templates deploy an Aurora RDS PostgreSQL-compatible
 6 | cluster with pgpool middleware. pgpool offers a single endpoint that directs traffic
 7 | to the RDS cluster endpoint for writes and the RDS reader endpoint for reads.
 8 | 
 9 | The templates also set up a VPC with public and private subnets, security groups that 
10 | limit communication, and an ELB to expose the pgpool instance externally.
11 | 
12 | ## License Summary
13 | 
14 | This sample code is made available under a modified MIT license. See the LICENSE file.
15 | 
16 | ## Setup
17 | 
18 | We assume that you have the AWS CLI installed and configured.  Create an S3 bucket
19 | to contain the CFN templates.  We'll refer to this as `templatebucket`.
20 | 
21 | In the scripts `create.sh` and `update.sh`, review and update the parameters.  You must
22 | put in your own SSH key name in the `keyname` parameter, and we strongly encourage you to
23 | change the `AllowedCidrIngress` from the default of `0.0.0.0/0`.
24 | 
25 | ## Create the CFN stack
26 | 
27 | Run:
28 | 
29 |     ./create.sh templatebucket pgpool pgpoolstack us-west-2
30 | 
31 | Use your AWS region of choice if you don't want to run in `us-west-2`.
32 | 
33 | ## Updating the stack
34 | 
35 | You can run the following to update the stack if you change the configuration:
36 | 
37 |     ./update.sh templatebucket pgpool pgpoolstack us-west-2
38 | 
39 | ## Using the stack
40 | 
41 | Look for the stack output parameter `Endpoint`.  You can use `Endpoint:5432` as your
42 | PostgreSQL-compatible connection host.
43 | 


--------------------------------------------------------------------------------
/aurora.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | #
  3 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
  4 | # software and associated documentation files (the "Software"), to deal in the Software
  5 | # without restriction, including without limitation the rights to use, copy, modify,
  6 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
  7 | # permit persons to whom the Software is furnished to do so.
  8 | #
  9 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 10 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 11 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 12 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 13 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 14 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 15 | 
 16 | 
 17 | Parameters:
 18 |   DatabaseName:
 19 |     Type: String
 20 |     Default: pgpoolexample
 21 |     MinLength: 1
 22 |     MaxLength: 64
 23 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 24 |   DatabaseUser:
 25 |     Type: String
 26 |     MinLength: 1
 27 |     MaxLength: 16
 28 |     Default: pgpool
 29 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 30 |   DatabasePassword:
 31 |     Type: String
 32 |     MinLength: 8
 33 |     MaxLength: 41
 34 |     Default: pgp0o1Cred
 35 |     NoEcho: true
 36 |     AllowedPattern: "[a-zA-Z0-9]*" 
 37 |   DbInstanceSize:
 38 |     Type: String
 39 |     Description: Database instance size
 40 |     AllowedValues:
 41 |       - db.r4.large 	
 42 |       - db.r4.xlarge 	
 43 |       - db.r4.2xlarge 	
 44 |       - db.r4.4xlarge 	
 45 |       - db.r4.8xlarge 	
 46 |       - db.r4.16xlarge
 47 |     Default: "db.r4.large"
 48 |   ProjectTag:
 49 |     Type: String
 50 |     Description: Tag to apply to created resources for visibility
 51 |     Default: PgPoolDemo
 52 |   SubnetPrivateA: 
 53 |     Description: "First private subnet"
 54 |     Type: "AWS::EC2::Subnet::Id"
 55 |   SubnetPrivateB: 
 56 |     Description: "Second private subnet"
 57 |     Type: "AWS::EC2::Subnet::Id"
 58 |   DBFirewall:
 59 |     Type: String
 60 | Resources:
 61 |   DBAuroraCluster:
 62 |     Type: "AWS::RDS::DBCluster"
 63 |     DependsOn: DBClusterParams
 64 |     Properties:
 65 |       DatabaseName: !Ref DatabaseName
 66 |       Engine: aurora-postgresql
 67 |       EngineVersion: 11.9
 68 |       MasterUsername: !Ref DatabaseUser
 69 |       MasterUserPassword: !Ref DatabasePassword
 70 |       DBSubnetGroupName: !Ref DBSubnets
 71 |       DBClusterParameterGroupName: !Ref DBClusterParams
 72 |       VpcSecurityGroupIds: 
 73 |         - !Ref DBFirewall
 74 |       Tags:
 75 |         - Key: Project
 76 |           Value: !Ref ProjectTag
 77 |   DBAuroraOne:
 78 |     Type : "AWS::RDS::DBInstance"
 79 |     DependsOn: DBParamGroup
 80 |     Properties:
 81 |       DBClusterIdentifier: !Ref DBAuroraCluster
 82 |       Engine: aurora-postgresql
 83 |       EngineVersion: 11.9
 84 |       DBInstanceClass: !Ref DbInstanceSize
 85 |       DBSubnetGroupName: !Ref DBSubnets
 86 |       DBParameterGroupName: !Ref DBParamGroup
 87 |       Tags:
 88 |         - Key: Project
 89 |           Value: !Ref ProjectTag
 90 |   DBAuroraTwo:
 91 |     Type : "AWS::RDS::DBInstance"
 92 |     DependsOn: DBParamGroup
 93 |     Properties:
 94 |       DBClusterIdentifier: !Ref DBAuroraCluster
 95 |       Engine: aurora-postgresql
 96 |       EngineVersion: 11.9
 97 |       DBInstanceClass: !Ref DbInstanceSize
 98 |       DBSubnetGroupName: !Ref DBSubnets
 99 |       DBParameterGroupName: !Ref DBParamGroup
100 |       Tags:
101 |         - Key: Project
102 |           Value: !Ref ProjectTag
103 |   DBAuroraThree:
104 |     Type : "AWS::RDS::DBInstance"
105 |     DependsOn: DBParamGroup
106 |     Properties:
107 |       DBClusterIdentifier: !Ref DBAuroraCluster
108 |       Engine: aurora-postgresql
109 |       EngineVersion: 11.9
110 |       DBInstanceClass: !Ref DbInstanceSize
111 |       DBSubnetGroupName: !Ref DBSubnets
112 |       DBParameterGroupName: !Ref DBParamGroup
113 |       Tags:
114 |         - Key: Project
115 |           Value: !Ref ProjectTag
116 |   DBSubnets:
117 |     Type: "AWS::RDS::DBSubnetGroup"
118 |     Properties: 
119 |       DBSubnetGroupDescription: "Subnets for RDS cluster"
120 |       SubnetIds:
121 |         - !Ref SubnetPrivateA
122 |         - !Ref SubnetPrivateB
123 |       Tags:
124 |         - Key: Project
125 |           Value: !Ref ProjectTag
126 |   DBParamGroup:
127 |     Type: "AWS::RDS::DBParameterGroup"
128 |     Properties: 
129 |       Description: Parameter group for RDS cluster
130 |       Family: aurora-postgresql11
131 |       Tags:
132 |         - Key: Project
133 |           Value: !Ref ProjectTag
134 |   DBClusterParams:
135 |     Type: "AWS::RDS::DBClusterParameterGroup"
136 |     Properties: 
137 |       Description: Parameter group for RDS cluster
138 |       Family: aurora-postgresql11
139 |       Parameters:
140 |         timezone: "UTC"
141 |       Tags:
142 |         - Key: Project
143 |           Value: !Ref ProjectTag
144 |   
145 | Outputs:
146 |   DBClusterEndpoint:
147 |     Description: Aurora cluster endpoint
148 |     Value: !GetAtt DBAuroraCluster.Endpoint.Address
149 |   DBReadEndpoint:
150 |     Description: Aurora cluster read endpoint
151 |     Value: !GetAtt DBAuroraCluster.ReadEndpoint.Address
152 | 


--------------------------------------------------------------------------------
/create.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 4 | #
 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
 6 | # software and associated documentation files (the "Software"), to deal in the Software
 7 | # without restriction, including without limitation the rights to use, copy, modify,
 8 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
 9 | # permit persons to whom the Software is furnished to do so.
10 | #
11 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
12 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
13 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
14 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
15 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
16 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17 | 
18 | templatebucket=$1
19 | templateprefix=$2
20 | stackname=$3
21 | region=$4
22 | SCRIPTDIR=`dirname $0`
23 | if [ "$templatebucket" == "" ]
24 | then
25 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
26 |     exit 1
27 | fi
28 | if [ "$templateprefix" == "" ]
29 | then
30 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
31 |     exit 1
32 | fi
33 | if [ "$stackname" == "" ]
34 | then
35 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
36 |     exit 1
37 | fi
38 | if [ "$region" == "" ]
39 | then
40 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
41 |     exit 1
42 | fi
43 | 
44 | # Check if we need to append region to S3 URL
45 | TEMPLATE_URL=https://s3.amazonaws.com/$templatebucket/$templateprefix/master.yaml
46 | if [ "$region" != "us-east-1" ]
47 | then
48 |     TEMPLATE_URL=https://s3-$region.amazonaws.com/$templatebucket/$templateprefix/master.yaml
49 | fi
50 | 
51 | aws s3 cp master.yaml s3://$templatebucket/$templateprefix/master.yaml
52 | aws s3 cp network.yaml s3://$templatebucket/$templateprefix/network.yaml
53 | aws s3 cp secgroups.yaml s3://$templatebucket/$templateprefix/secgroups.yaml
54 | aws s3 cp aurora.yaml s3://$templatebucket/$templateprefix/aurora.yaml
55 | aws s3 cp pgpool.yaml s3://$templatebucket/$templateprefix/pgpool.yaml
56 | 
57 | aws cloudformation create-stack --stack-name $stackname \
58 |     --template-url $TEMPLATE_URL \
59 |     --parameters \
60 |     ParameterKey=TemplateBucketName,ParameterValue=$templatebucket \
61 |     ParameterKey=TemplateBucketPrefix,ParameterValue=$templateprefix \
62 |     ParameterKey=ProjectTag,ParameterValue=pgpoolblog \
63 |     ParameterKey=vpccidr,ParameterValue="10.20.0.0/16" \
64 |     ParameterKey=AllowedCidrIngress,ParameterValue="205.0.0.0/8" \
65 |     ParameterKey=AppPrivateCIDRA,ParameterValue="10.20.3.0/24" \
66 |     ParameterKey=AppPrivateCIDRB,ParameterValue="10.20.4.0/24" \
67 |     ParameterKey=AppPrivateCIDRC,ParameterValue="10.20.5.0/24" \
68 |     ParameterKey=AppPrivateCIDRD,ParameterValue="10.20.6.0/24" \
69 |     ParameterKey=AppPublicCIDRA,ParameterValue="10.20.1.0/24" \
70 |     ParameterKey=AppPublicCIDRB,ParameterValue="10.20.2.0/24" \
71 |     ParameterKey=DatabaseName,ParameterValue="pgpooldb" \
72 |     ParameterKey=DatabaseUser,ParameterValue="pgpooluser" \
73 |     ParameterKey=DatabasePassword,ParameterValue="pgp0o1Cred" \
74 |     ParameterKey=DbInstanceSize,ParameterValue="db.r4.large" \
75 |     ParameterKey=keyname,ParameterValue="rdaws-sandbox" \
76 |     --tags Key=Project,Value=pgpoolblog \
77 |     --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM
78 | 


--------------------------------------------------------------------------------
/master.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | #
  3 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
  4 | # software and associated documentation files (the "Software"), to deal in the Software
  5 | # without restriction, including without limitation the rights to use, copy, modify,
  6 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
  7 | # permit persons to whom the Software is furnished to do so.
  8 | #
  9 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 10 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 11 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 12 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 13 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 14 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 15 | 
 16 | ---
 17 | AWSTemplateFormatVersion: "2010-09-09"
 18 | 
 19 | Description: >
 20 |   This template builds an Aurora RDS cluster with a pgpool middleware
 21 |   providing a single endpoint for the cluster and reader endpoints.
 22 | 
 23 | Metadata:
 24 |   AWS::CloudFormation::Interface:
 25 |     ParameterGroups:
 26 |       -
 27 |         Label:
 28 |           default: "RDS Configuration"
 29 |         Parameters:
 30 |           - DatabaseName 
 31 |           - DatabaseUser
 32 |           - DatabasePassword
 33 |           - DbInstanceSize
 34 |       -
 35 |         Label:
 36 |           default: "VPC and network Configuration"
 37 |         Parameters:
 38 |           - vpccidr
 39 |           - AllowedCidrIngress
 40 |           - AppPrivateCIDRA
 41 |           - AppPrivateCIDRB
 42 |           - AppPrivateCIDRC
 43 |           - AppPrivateCIDRD
 44 |           - AppPublicCIDRA
 45 |           - AppPublicCIDRB
 46 |       -
 47 |         Label:
 48 |           default: "Other Configuration"
 49 |         Parameters:
 50 |           - ProjectTag
 51 |           - TemplateBucketName
 52 |           - TemplateBucketPrefix
 53 |           - keyname
 54 | 
 55 | Mappings:
 56 |   RegionMap:
 57 |     us-east-1:
 58 |       "REGIONURLSUFFIX" : ""
 59 |     us-west-2:
 60 |       "REGIONURLSUFFIX" : "-us-west-2"
 61 | 
 62 | Parameters:
 63 |   AllowedCidrIngress:
 64 |     Type: String
 65 |     MinLength: 9
 66 |     MaxLength: 18
 67 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 68 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/YY
 69 |     Default: 0.0.0.0/0
 70 |   TemplateBucketName:
 71 |     Type: String
 72 |     Description: >
 73 |       Name for the S3 bucket that contains the nested templates.
 74 |   TemplateBucketPrefix:
 75 |     Type: String
 76 |     Description: >
 77 |       Prefix for the path to the nested templates in the S3 bucket.
 78 |   ProjectTag:
 79 |     Type: String
 80 |     Description: Tag to apply to created resources for visibility
 81 |     Default: pgpoolblog
 82 |   vpccidr:
 83 |     Type: String
 84 |     MinLength: 9
 85 |     MaxLength: 18
 86 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 87 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/16
 88 |     Default: 10.20.0.0/16
 89 |     Description: CIDR block for the VPC 
 90 |   AppPublicCIDRA:
 91 |     Type: String
 92 |     MinLength: 9
 93 |     MaxLength: 18
 94 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 95 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 96 |     Default: 10.20.1.0/24
 97 |     Description: CIDR block for the first public subnet in the VPC.
 98 |   AppPublicCIDRB:
 99 |     Type: String
100 |     MinLength: 9
101 |     MaxLength: 18
102 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
103 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
104 |     Default: 10.20.2.0/24
105 |     Description: CIDR block for the second public subnet in the VPC.
106 |   AppPrivateCIDRA:
107 |     Type: String
108 |     MinLength: 9
109 |     MaxLength: 18
110 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
111 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
112 |     Default: 10.20.3.0/24
113 |     Description: CIDR block for the first private subnet in the VPC.
114 |   AppPrivateCIDRB:
115 |     Type: String
116 |     MinLength: 9
117 |     MaxLength: 18
118 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
119 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
120 |     Default: 10.20.4.0/24
121 |     Description: CIDR block for the second private subnet in the VPC.
122 |   AppPrivateCIDRC:
123 |     Type: String
124 |     MinLength: 9
125 |     MaxLength: 18
126 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
127 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
128 |     Default: 10.20.5.0/24
129 |     Description: CIDR block for the third private subnet in the VPC.
130 |   AppPrivateCIDRD:
131 |     Type: String
132 |     MinLength: 9
133 |     MaxLength: 18
134 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
135 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
136 |     Default: 10.20.6.0/24
137 |     Description: CIDR block for the fourth private subnet in the VPC.
138 |   DatabaseName:
139 |     Type: String
140 |     Default: pgpoolexample
141 |     MinLength: 1
142 |     MaxLength: 64
143 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
144 |   DatabaseUser:
145 |     Type: String
146 |     MinLength: 1
147 |     MaxLength: 16
148 |     Default: pgpool
149 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
150 |   DatabasePassword:
151 |     Type: String
152 |     MinLength: 8
153 |     MaxLength: 41
154 |     Default: pgp0o1Cred
155 |     NoEcho: true
156 |     AllowedPattern: "[a-zA-Z0-9]*" 
157 |   DbInstanceSize:
158 |     Type: String
159 |     Description: Database instance size
160 |     AllowedValues:
161 |       - db.r4.large 	
162 |       - db.r4.xlarge 	
163 |       - db.r4.2xlarge 	
164 |       - db.r4.4xlarge 	
165 |       - db.r4.8xlarge 	
166 |       - db.r4.16xlarge
167 |     Default: "db.r4.large"
168 |   keyname:
169 |     Type: AWS::EC2::KeyPair::KeyName
170 | 
171 | Resources:
172 |   NetworkStack:
173 |     Type: AWS::CloudFormation::Stack
174 |     Properties:
175 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/network.yaml"]]
176 |       Parameters:
177 |         vpccidr: !Ref vpccidr
178 |         AppPrivateCIDRA: !Ref AppPrivateCIDRA
179 |         AppPrivateCIDRB: !Ref AppPrivateCIDRB
180 |         AppPrivateCIDRC: !Ref AppPrivateCIDRC
181 |         AppPrivateCIDRD: !Ref AppPrivateCIDRD
182 |         AppPublicCIDRA: !Ref AppPublicCIDRA
183 |         AppPublicCIDRB: !Ref AppPublicCIDRB
184 |   SgStack:
185 |     Type: AWS::CloudFormation::Stack
186 |     Properties:
187 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/secgroups.yaml"]]
188 |       Parameters:
189 |         VPC: !GetAtt NetworkStack.Outputs.VpcId
190 |         ProjectTag: !Ref ProjectTag
191 |         AllowedCidrIngress: !Ref AllowedCidrIngress
192 |         AppPublicCIDRA: !Ref AppPublicCIDRA
193 |         AppPublicCIDRB: !Ref AppPublicCIDRB
194 |   RdsStack:
195 |     Type: AWS::CloudFormation::Stack
196 |     Properties:
197 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/aurora.yaml"]]
198 |       Parameters:
199 |         ProjectTag: !Ref ProjectTag
200 |         DatabaseName: !Ref DatabaseName
201 |         DatabaseUser: !Ref DatabaseUser
202 |         DatabasePassword: !Ref DatabasePassword
203 |         DbInstanceSize: !Ref DbInstanceSize
204 |         SubnetPrivateA: !GetAtt NetworkStack.Outputs.SubnetIdPrivateA
205 |         SubnetPrivateB: !GetAtt NetworkStack.Outputs.SubnetIdPrivateB
206 |         DBFirewall: !GetAtt SgStack.Outputs.DBFirewallId
207 |   PgpoolStack:
208 |     Type: AWS::CloudFormation::Stack
209 |     Properties:
210 |       TemplateURL: !Join ["", ["https://s3", !FindInMap [RegionMap, !Ref "AWS::Region", REGIONURLSUFFIX], ".amazonaws.com/", !Ref TemplateBucketName, "/", !Ref TemplateBucketPrefix, "/pgpool.yaml"]]
211 |       Parameters:
212 |         ProjectTag: !Ref ProjectTag
213 |         DatabaseName: !Ref DatabaseName
214 |         DatabaseUser: !Ref DatabaseUser
215 |         DatabasePassword: !Ref DatabasePassword
216 |         SubnetPrivateA: !GetAtt NetworkStack.Outputs.SubnetIdPrivateC
217 |         SubnetPrivateB: !GetAtt NetworkStack.Outputs.SubnetIdPrivateD
218 |         SubnetPublicA: !GetAtt NetworkStack.Outputs.SubnetIdPublicA
219 |         SubnetPublicB: !GetAtt NetworkStack.Outputs.SubnetIdPublicB
220 |         MinSize: 1
221 |         MaxSize: 1
222 |         DesiredCapacity: 1
223 |         InstanceSize: t2.large
224 |         VPC: !GetAtt NetworkStack.Outputs.VpcId
225 |         keyname: !Ref keyname
226 |         ClusterEndpoint: !GetAtt RdsStack.Outputs.DBClusterEndpoint
227 |         ReaderEndpoint: !GetAtt RdsStack.Outputs.DBReadEndpoint
228 |         PgpoolFirewall: !GetAtt SgStack.Outputs.PgpoolFirewallId
229 |         SshFirewall: !GetAtt SgStack.Outputs.SshFirewallId
230 | Outputs:
231 |   ProjectTagOut:
232 |     Description: "Tag applied to resources"
233 |     Value: !Ref ProjectTag
234 |   VpcId:
235 |     Description: VPC ID
236 |     Value: !GetAtt NetworkStack.Outputs.VpcId
237 |   SubnetIdPublicA:
238 |     Description: Subnet ID for first public subnet
239 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPublicA
240 |   SubnetIdPublicB:
241 |     Description: Subnet ID for second public subnet
242 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPublicB
243 |   SubnetIdPrivateA:
244 |     Description: Subnet ID for first private subnet
245 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateA
246 |   SubnetIdPrivateB:
247 |     Description: Subnet ID for second private subnet
248 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateB
249 |   SubnetIdPrivateC:
250 |     Description: Subnet ID for third private subnet
251 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateC
252 |   SubnetIdPrivateD:
253 |     Description: Subnet ID for fourth private subnet
254 |     Value: !GetAtt NetworkStack.Outputs.SubnetIdPrivateD
255 |   PgpoolFirewallId:
256 |     Description: ID of pgpool security group
257 |     Value: !GetAtt SgStack.Outputs.PgpoolFirewallId
258 |   DBFirewallId:
259 |     Description: ID of database security group
260 |     Value: !GetAtt SgStack.Outputs.DBFirewallId
261 |   SshFirewallId:
262 |     Description: ID of ssh security group
263 |     Value: !GetAtt SgStack.Outputs.SshFirewallId
264 |   Endpoint:
265 |     Description: Database URL 
266 |     Value: !GetAtt PgpoolStack.Outputs.Endpoint
267 |   JumpAddress:
268 |     Description: IP address of Jump server
269 |     Value: !GetAtt PgpoolStack.Outputs.JumpAddress
270 |   DBClusterEndpoint:
271 |     Description: Aurora cluster endpoint
272 |     Value: !GetAtt RdsStack.Outputs.DBClusterEndpoint
273 |   DBReadEndpoint:
274 |     Description: Aurora cluster read endpoint
275 |     Value: !GetAtt RdsStack.Outputs.DBReadEndpoint
276 | 


--------------------------------------------------------------------------------
/network.yaml:
--------------------------------------------------------------------------------
  1 | AWSTemplateFormatVersion: "2010-09-09"
  2 | 
  3 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  4 | #
  5 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
  6 | # software and associated documentation files (the "Software"), to deal in the Software
  7 | # without restriction, including without limitation the rights to use, copy, modify,
  8 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
  9 | # permit persons to whom the Software is furnished to do so.
 10 | #
 11 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 12 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 13 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 14 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 15 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 16 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 17 | 
 18 | Description: >
 19 |   This template builds a VPC with two public and four private subnets.
 20 | 
 21 | Parameters:
 22 |   vpccidr:
 23 |     Type: String
 24 |     MinLength: 9
 25 |     MaxLength: 18
 26 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 27 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/16
 28 |     Default: 10.20.0.0/16
 29 |   AppPublicCIDRA:
 30 |     Type: String
 31 |     MinLength: 9
 32 |     MaxLength: 18
 33 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 34 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 35 |     Default: 10.20.1.0/24
 36 |   AppPublicCIDRB:
 37 |     Type: String
 38 |     MinLength: 9
 39 |     MaxLength: 18
 40 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 41 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 42 |     Default: 10.20.2.0/24
 43 |   AppPrivateCIDRA:
 44 |     Type: String
 45 |     MinLength: 9
 46 |     MaxLength: 18
 47 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 48 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 49 |     Default: 10.20.3.0/24
 50 |   AppPrivateCIDRB:
 51 |     Type: String
 52 |     MinLength: 9
 53 |     MaxLength: 18
 54 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 55 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 56 |     Default: 10.20.4.0/24
 57 |   AppPrivateCIDRC:
 58 |     Type: String
 59 |     MinLength: 9
 60 |     MaxLength: 18
 61 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 62 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 63 |     Default: 10.20.5.0/24
 64 |   AppPrivateCIDRD:
 65 |     Type: String
 66 |     MinLength: 9
 67 |     MaxLength: 18
 68 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 69 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/22
 70 |     Default: 10.20.6.0/24
 71 | 
 72 | Resources:
 73 |   VPC:
 74 |     Type: "AWS::EC2::VPC"
 75 |     Properties:
 76 |       CidrBlock: !Ref vpccidr
 77 |       EnableDnsHostnames: 'true'
 78 |       EnableDnsSupport: 'true'
 79 |   IGW:
 80 |     Type: "AWS::EC2::InternetGateway"
 81 |   GatewayAttach:
 82 |     Type: "AWS::EC2::VPCGatewayAttachment"
 83 |     Properties:
 84 |       InternetGatewayId: !Ref IGW
 85 |       VpcId: !Ref VPC
 86 |   SubnetPublicA: 
 87 |     Type: "AWS::EC2::Subnet"
 88 |     Properties:
 89 |       AvailabilityZone: !Select [0, !GetAZs ]
 90 |       CidrBlock: !Ref AppPublicCIDRA
 91 |       MapPublicIpOnLaunch: true
 92 |       VpcId: !Ref VPC
 93 |   SubnetPrivateA: 
 94 |     Type: "AWS::EC2::Subnet"
 95 |     Properties:
 96 |       AvailabilityZone: !Select [0, !GetAZs ]
 97 |       CidrBlock: !Ref AppPrivateCIDRA
 98 |       MapPublicIpOnLaunch: false
 99 |       VpcId: !Ref VPC
100 |   SubnetPrivateC: 
101 |     Type: "AWS::EC2::Subnet"
102 |     Properties:
103 |       AvailabilityZone: !Select [0, !GetAZs ]
104 |       CidrBlock: !Ref AppPrivateCIDRC
105 |       MapPublicIpOnLaunch: false
106 |       VpcId: !Ref VPC
107 |   SubnetPublicB: 
108 |     Type: "AWS::EC2::Subnet"
109 |     Properties:
110 |       AvailabilityZone: !Select [1, !GetAZs ]
111 |       CidrBlock: !Ref AppPublicCIDRB
112 |       MapPublicIpOnLaunch: true
113 |       VpcId: !Ref VPC
114 |   SubnetPrivateB: 
115 |     Type: "AWS::EC2::Subnet"
116 |     Properties:
117 |       AvailabilityZone: !Select [1, !GetAZs ]
118 |       CidrBlock: !Ref AppPrivateCIDRB
119 |       MapPublicIpOnLaunch: false
120 |       VpcId: !Ref VPC
121 |   SubnetPrivateD: 
122 |     Type: "AWS::EC2::Subnet"
123 |     Properties:
124 |       AvailabilityZone: !Select [1, !GetAZs ]
125 |       CidrBlock: !Ref AppPrivateCIDRD
126 |       MapPublicIpOnLaunch: false
127 |       VpcId: !Ref VPC
128 |   SubnetRouteTableAssociatePublicA: # Associates the subnet with a route table - passed via import
129 |     DependsOn: SubnetPublicA
130 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
131 |     Properties:
132 |       RouteTableId: !Ref RouteTablePublic
133 |       SubnetId: !Ref SubnetPublicA
134 |   SubnetRouteTableAssociatePublicB: # Associates the subnet with a route table - passed via import
135 |     DependsOn: SubnetPublicB
136 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
137 |     Properties:
138 |       RouteTableId: !Ref RouteTablePublic
139 |       SubnetId: !Ref SubnetPublicB # Associates the subnet with a route table - passed via import
140 |   SubnetRouteTableAssociatePrivateA: # Associates the subnet with a route table - passed via parameter
141 |     DependsOn: SubnetPrivateA
142 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
143 |     Properties:
144 |       RouteTableId: !Ref RouteTablePrivateA
145 |       SubnetId: !Ref SubnetPrivateA # Associates the subnet with a route table - passed via parameter
146 |   SubnetRouteTableAssociatePrivateB: # Associates the subnet with a route table - passed via parameter
147 |     DependsOn: SubnetPrivateB
148 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
149 |     Properties:
150 |       RouteTableId: !Ref RouteTablePrivateB
151 |       SubnetId: !Ref SubnetPrivateB # Associates the subnet with a route table - passed via parameter
152 |   SubnetRouteTableAssociatePrivateC: # Associates the subnet with a route table - passed via parameter
153 |     DependsOn: SubnetPrivateC
154 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
155 |     Properties:
156 |       RouteTableId: !Ref RouteTablePrivateC
157 |       SubnetId: !Ref SubnetPrivateC # Associates the subnet with a route table - passed via parameter
158 |   SubnetRouteTableAssociatePrivateD: # Associates the subnet with a route table - passed via parameter
159 |     DependsOn: SubnetPrivateD
160 |     Type: "AWS::EC2::SubnetRouteTableAssociation"
161 |     Properties:
162 |       RouteTableId: !Ref RouteTablePrivateD
163 |       SubnetId: !Ref SubnetPrivateD # Associates the subnet with a route table - passed via parameter
164 |   RouteDefaultPublic:
165 |     Type: "AWS::EC2::Route"
166 |     DependsOn: GatewayAttach
167 |     Properties:
168 |       DestinationCidrBlock: 0.0.0.0/0
169 |       GatewayId: !Ref IGW
170 |       RouteTableId: !Ref RouteTablePublic
171 |   RouteTablePublic:
172 |     Type: "AWS::EC2::RouteTable"
173 |     Properties:
174 |       VpcId: !Ref VPC
175 |   RouteDefaultPrivateA:
176 |     Type: "AWS::EC2::Route"
177 |     Properties:
178 |       DestinationCidrBlock: 0.0.0.0/0
179 |       NatGatewayId: !Ref NatGatewayA
180 |       RouteTableId: !Ref RouteTablePrivateA
181 |   RouteDefaultPrivateB:
182 |     Type: "AWS::EC2::Route"
183 |     Properties:
184 |       DestinationCidrBlock: 0.0.0.0/0
185 |       NatGatewayId: !Ref NatGatewayB
186 |       RouteTableId: !Ref RouteTablePrivateB
187 |   RouteDefaultPrivateC:
188 |     Type: "AWS::EC2::Route"
189 |     Properties:
190 |       DestinationCidrBlock: 0.0.0.0/0
191 |       NatGatewayId: !Ref NatGatewayC
192 |       RouteTableId: !Ref RouteTablePrivateC
193 |   RouteDefaultPrivateD:
194 |     Type: "AWS::EC2::Route"
195 |     Properties:
196 |       DestinationCidrBlock: 0.0.0.0/0
197 |       NatGatewayId: !Ref NatGatewayD
198 |       RouteTableId: !Ref RouteTablePrivateD
199 |   RouteTablePrivateA:
200 |     Type: "AWS::EC2::RouteTable"
201 |     Properties:
202 |       VpcId: !Ref VPC
203 |   RouteTablePrivateB:
204 |     Type: "AWS::EC2::RouteTable"
205 |     Properties:
206 |       VpcId: !Ref VPC
207 |   RouteTablePrivateC:
208 |     Type: "AWS::EC2::RouteTable"
209 |     Properties:
210 |       VpcId: !Ref VPC
211 |   RouteTablePrivateD:
212 |     Type: "AWS::EC2::RouteTable"
213 |     Properties:
214 |       VpcId: !Ref VPC
215 |   EIPNatGWA:
216 |     DependsOn: GatewayAttach
217 |     Type: "AWS::EC2::EIP"
218 |     Properties:
219 |       Domain: vpc
220 |   EIPNatGWB:
221 |     DependsOn: GatewayAttach
222 |     Type: "AWS::EC2::EIP"
223 |     Properties:
224 |       Domain: vpc
225 |   EIPNatGWC:
226 |     DependsOn: GatewayAttach
227 |     Type: "AWS::EC2::EIP"
228 |     Properties:
229 |       Domain: vpc
230 |   EIPNatGWD:
231 |     DependsOn: GatewayAttach
232 |     Type: "AWS::EC2::EIP"
233 |     Properties:
234 |       Domain: vpc
235 |   NatGatewayA:
236 |     Type: "AWS::EC2::NatGateway"
237 |     Properties:
238 |       AllocationId: !GetAtt EIPNatGWA.AllocationId
239 |       SubnetId: !Ref SubnetPublicA
240 |   NatGatewayB:
241 |     Type: "AWS::EC2::NatGateway"
242 |     Properties:
243 |       AllocationId: !GetAtt EIPNatGWB.AllocationId
244 |       SubnetId: !Ref SubnetPublicB
245 |   NatGatewayC:
246 |     Type: "AWS::EC2::NatGateway"
247 |     Properties:
248 |       AllocationId: !GetAtt EIPNatGWC.AllocationId
249 |       SubnetId: !Ref SubnetPublicA
250 |   NatGatewayD:
251 |     Type: "AWS::EC2::NatGateway"
252 |     Properties:
253 |       AllocationId: !GetAtt EIPNatGWD.AllocationId
254 |       SubnetId: !Ref SubnetPublicB
255 | Outputs:
256 |   VpcId:
257 |     Description: VPC ID
258 |     Value: !Ref VPC
259 |   SubnetIdPublicA:
260 |     Description: Subnet ID for first public subnet
261 |     Value: !Ref SubnetPublicA
262 |   SubnetIdPublicB:
263 |     Description: Subnet ID for second public subnet
264 |     Value: !Ref SubnetPublicB
265 |   SubnetIdPrivateA:
266 |     Description: Subnet ID for first private subnet
267 |     Value: !Ref SubnetPrivateA
268 |   SubnetIdPrivateB:
269 |     Description: Subnet ID for second private subnet
270 |     Value: !Ref SubnetPrivateB
271 |   SubnetIdPrivateC:
272 |     Description: Subnet ID for third private subnet
273 |     Value: !Ref SubnetPrivateC
274 |   SubnetIdPrivateD:
275 |     Description: Subnet ID for fourth private subnet
276 |     Value: !Ref SubnetPrivateD
277 | 


--------------------------------------------------------------------------------
/pgpool.yaml:
--------------------------------------------------------------------------------
  1 | AWSTemplateFormatVersion: "2010-09-09"
  2 | 
  3 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  4 | #
  5 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
  6 | # software and associated documentation files (the "Software"), to deal in the Software
  7 | # without restriction, including without limitation the rights to use, copy, modify,
  8 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
  9 | # permit persons to whom the Software is furnished to do so.
 10 | #
 11 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 12 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 13 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 14 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 15 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 16 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 17 | 
 18 | Description: >
 19 |   This template builds a pgpool middleware layer for an RDS cluster.
 20 | 
 21 | Parameters:
 22 |   MinSize:
 23 |     Type: String
 24 |     Description: Minimum number of pgpool servers
 25 |     Default: "1"
 26 |   MaxSize:
 27 |     Type: String
 28 |     Description: Maximum number of pgpool servers 
 29 |     Default: "2"
 30 |   DesiredCapacity:
 31 |     Type: String
 32 |     Description: Nominal Size of pgpool Env
 33 |     Default: "1"
 34 |   InstanceSize:
 35 |     Type: String
 36 |     Description: Instance size
 37 |     Default: "t2.large"
 38 |   VPC:
 39 |     Type: "AWS::EC2::VPC::Id"
 40 |     Description: "VPC ID for creating the application"
 41 |   SubnetPublicA: 
 42 |     Description: "First public subnet"
 43 |     Type: "AWS::EC2::Subnet::Id"
 44 |   SubnetPublicB: 
 45 |     Description: "Second public subnet"
 46 |     Type: "AWS::EC2::Subnet::Id"
 47 |   SubnetPrivateA: 
 48 |     Description: "First private subnet"
 49 |     Type: "AWS::EC2::Subnet::Id"
 50 |   SubnetPrivateB: 
 51 |     Description: "Second private subnet"
 52 |     Type: "AWS::EC2::Subnet::Id"
 53 |   keyname:
 54 |     Type: AWS::EC2::KeyPair::KeyName
 55 |   AmiId:
 56 |     Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
 57 |     Description: Latest AMI ID
 58 |     Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
 59 |     AllowedValues:
 60 |       - /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
 61 |   DatabaseName:
 62 |     Type: String
 63 |     Default: pgpoolexample
 64 |     MinLength: 1
 65 |     MaxLength: 64
 66 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 67 |   DatabaseUser:
 68 |     Type: String
 69 |     MinLength: 1
 70 |     MaxLength: 16
 71 |     Default: pgpool
 72 |     AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 
 73 |   DatabasePassword:
 74 |     Type: String
 75 |     MinLength: 8
 76 |     MaxLength: 41
 77 |     Default: pgp0o1Cred
 78 |     NoEcho: true
 79 |     AllowedPattern: "[a-zA-Z0-9]*" 
 80 |   ClusterEndpoint:
 81 |     Type: String
 82 |   ReaderEndpoint:
 83 |     Type: String
 84 |   PgpoolFirewall:
 85 |     Type: String
 86 |   SshFirewall:
 87 |     Type: String
 88 |   ProjectTag:
 89 |     Type: String
 90 | 
 91 | Resources:
 92 |   AutoScalingGroup:
 93 |     CreationPolicy:
 94 |       ResourceSignal:
 95 |         Count: !Ref DesiredCapacity
 96 |         Timeout: "PT5M"
 97 |     UpdatePolicy:
 98 |       AutoScalingReplacingUpdate:
 99 |         WillReplace: true
100 |     Type: "AWS::AutoScaling::AutoScalingGroup"
101 |     Properties:
102 |       Cooldown: "300"
103 |       DesiredCapacity: !Ref DesiredCapacity
104 |       HealthCheckGracePeriod: "300"
105 |       HealthCheckType: ELB
106 |       LaunchConfigurationName: !Ref LaunchConfiguration
107 |       TargetGroupARNs:
108 |         - !Ref ELBTargetGroup
109 |       MaxSize: !Ref MaxSize
110 |       MinSize: !Ref MinSize
111 |       VPCZoneIdentifier:
112 |         - !Ref SubnetPrivateA
113 |         - !Ref SubnetPrivateB
114 |       Tags:
115 |         - Key: Project
116 |           Value: !Ref ProjectTag
117 |           PropagateAtLaunch: 'true'
118 |   LaunchConfiguration:
119 |     Type: "AWS::AutoScaling::LaunchConfiguration"
120 |     Properties:
121 |       ImageId: !Ref AmiId
122 |       InstanceType: !Ref InstanceSize
123 |       KeyName: !Ref keyname
124 |       SecurityGroups:
125 |         - !Ref PgpoolFirewall
126 |         - !Ref SshFirewall
127 |       UserData:
128 |         "Fn::Base64":
129 |           !Sub |
130 |             #!/bin/bash
131 |             yum update -y aws-cfn-bootstrap # good practice - always do this.
132 |             /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfiguration --configsets pgpool --region ${AWS::Region}
133 |             yum -y update
134 |             curl 127.0.0.1/index.html | grep pgpool
135 |             /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
136 |     Metadata:
137 |       AWS::CloudFormation::Init:
138 |         configSets:
139 |           pgpool:
140 |             - "configure_cfn"
141 |             - "install_www"
142 |             - "config_pgpool"
143 |             - "start_pgpool"
144 |         configure_cfn:
145 |           files:
146 |             /etc/cfn/hooks.d/cfn-auto-reloader.conf:
147 |               content: !Sub |
148 |                 [cfn-auto-reloader-hook]
149 |                 triggers=post.update
150 |                 path=Resources.LaunchConfiguration.Metadata.AWS::CloudFormation::Init
151 |                 action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfiguration --configsets pgpool --region ${AWS::Region}
152 |               mode: "000400"
153 |               owner: root
154 |               group: root
155 |             /etc/cfn/cfn-hup.conf:
156 |               content: !Sub |
157 |                 [main]
158 |                 stack=${AWS::StackId}
159 |                 region=${AWS::Region}
160 |                 verbose=true
161 |                 interval=5
162 |               mode: "000400"
163 |               owner: root
164 |               group: root
165 |           services:
166 |             sysvinit:
167 |               cfn-hup:
168 |                 enabled: "true"
169 |                 ensureRunning: "true"
170 |                 files:
171 |                   - "/etc/cfn/cfn-hup.conf"
172 |                   - "/etc/cfn/hooks.d/cfn-auto-reloader.conf"
173 |         install_www:
174 |           packages:
175 |             yum:
176 |               httpd: []
177 |           files:
178 |             /var/www/html/index.html:
179 |               content: "Hello from pgpool"
180 |           services:
181 |             sysvinit:
182 |               httpd:
183 |                 enabled: "true"
184 |                 ensureRunning: "true"
185 |         config_pgpool:
186 |           commands:
187 |             a_packages:
188 |               cwd: "/tmp"
189 |               command:  'yum groupinstall -y "Development Tools" && amazon-linux-extras enable postgresql11 && yum clean metadata && yum install -y postgresql postgresql-devel'
190 |             b_download_zip:
191 |               cwd: "/tmp"
192 |               command:  "wget www.pgpool.net/mediawiki/download.php?f=pgpool-II-4.2.1.tar.gz -O /tmp/pgpool-II-4.2.1.tar.gz"
193 |             c_unpack_zip:
194 |               cwd: "/opt"
195 |               command:  "tar zxf /tmp/pgpool-II-4.2.1.tar.gz"
196 |             d_configure:
197 |               cwd: "/opt/pgpool-II-4.2.1"
198 |               command: "./configure"
199 |             e_make:
200 |               cwd: "/opt/pgpool-II-4.2.1"
201 |               command: "make"
202 |             f_install:
203 |               cwd: "/opt/pgpool-II-4.2.1"
204 |               command: "make install"
205 |             g_mkdirs:
206 |               cwd: "/"
207 |               command: "mkdir -p /var/run/pgpool && mkdir -p /var/log/pgpool && chmod -R 777 /var/run/pgpool && chmod -R 777 /var/log/pgpool"
208 |             h_passwd:
209 |               command: !Sub "/usr/local/bin/pg_md5 -m -u ${DatabaseUser} ${DatabasePassword}"
210 |             i_syslog:
211 |               command: 'echo "local0.*    /var/log/pgpool.log" >> /etc/rsyslog.conf'
212 |             j_syslogd:
213 |               command: 'service rsyslog restart'
214 |           files:
215 |             /usr/local/etc/pool_hba.conf:
216 |               content: !Sub |
217 |                 local   all         all                               trust
218 |                 host    all         all         127.0.0.1/32          trust
219 |                 host    all         all         ::1/128               trust
220 |                 host    all         all         0.0.0.0/0               md5
221 |               mode: "000444"
222 |               owner: root
223 |               group: root
224 |             /usr/local/etc/pgpool.conf:
225 |               content: !Sub |
226 |                 backend_clustering_mode = 'streaming_replication'
227 |                 listen_addresses = '*'
228 |                 port = 5432
229 |                 socket_dir = '/tmp'
230 |                 reserved_connections = 0
231 |                 pcp_listen_addresses = '*'
232 |                 pcp_port = 9898
233 |                 pcp_socket_dir = '/tmp'
234 |                 listen_backlog_multiplier = 2
235 |                 serialize_accept = off
236 |                 backend_hostname0 = '${ClusterEndpoint}'
237 |                 backend_port0 = 3306
238 |                 backend_weight0 = 1
239 |                 backend_data_directory0 = '/data'
240 |                 backend_flag0 = 'ALWAYS_PRIMARY'
241 |                 backend_application_name0 = 'server0'
242 |                 backend_hostname1 = '${ReaderEndpoint}'
243 |                 backend_port1 = 3306
244 |                 backend_weight1 = 2
245 |                 backend_data_directory1 = '/data1'
246 |                 backend_flag1 = 'DISALLOW_TO_FAILOVER'
247 |                 backend_application_name1 = 'server1'
248 |                 enable_pool_hba = on
249 |                 pool_passwd = 'pool_passwd'
250 |                 authentication_timeout = 1min
251 |                 allow_clear_text_frontend_auth = off
252 |                 ssl = on
253 |                 ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'
254 |                 ssl_prefer_server_ciphers = off
255 |                 ssl_ecdh_curve = 'prime256v1'
256 |                 ssl_dh_params_file = ''
257 |                 num_init_children = 32
258 |                 max_pool = 4
259 |                 child_life_time = 5min
260 |                 child_max_connections = 0
261 |                 connection_life_time = 0
262 |                 client_idle_limit = 0
263 |                 log_destination = 'syslog,stderr'
264 |                 log_line_prefix = '%t: pid %p: '   # printf-style string to output at beginning of each log line.
265 |                 log_connections = off
266 |                 log_disconnections = off
267 |                 log_hostname = on
268 |                 log_statement = on
269 |                 log_per_node_statement = on
270 |                 log_client_messages = off
271 |                 log_standby_delay = 'if_over_threshold'
272 |                 syslog_facility = 'LOCAL0'
273 |                 syslog_ident = 'pgpool'
274 |                 pid_file_name = '/var/run/pgpool/pgpool.pid'
275 |                 logdir = '/var/log/pgpool'
276 |                 connection_cache = on
277 |                 reset_query_list = 'ABORT; DISCARD ALL'
278 |                 replicate_select = off
279 |                 insert_lock = on
280 |                 lobj_lock_table = ''
281 |                 replication_stop_on_mismatch = off
282 |                 failover_if_affected_tuples_mismatch = off
283 |                 load_balance_mode = on
284 |                 ignore_leading_white_space = on
285 |                 read_only_function_list = ''
286 |                 write_function_list = ''
287 |                 primary_routing_query_pattern_list = ''
288 |                 database_redirect_preference_list = ''
289 |                 app_name_redirect_preference_list = ''
290 |                 allow_sql_comments = off
291 |                 disable_load_balance_on_write = 'transaction'
292 |                 dml_adaptive_object_relationship_list= ''
293 |                 statement_level_load_balance = off
294 |                 sr_check_period = 0
295 |                 sr_check_user = 'nobody'
296 |                 sr_check_password = ''
297 |                 sr_check_database = 'postgres'
298 |                 delay_threshold = 0
299 |                 follow_primary_command = ''
300 |                 health_check_period = 0
301 |                 health_check_timeout = 20
302 |                 health_check_user = '${DatabaseUser}'
303 |                 health_check_password = '${DatabasePassword}'
304 |                 health_check_database = '${DatabaseName}'
305 |                 health_check_max_retries = 0
306 |                 health_check_retry_delay = 1
307 |                 connect_timeout = 10000
308 |                 failover_command = ''
309 |                 failback_command = ''
310 |                 failover_on_backend_error = off
311 |                 detach_false_primary = off
312 |                 search_primary_node_timeout = 5min
313 |                 recovery_user = 'nobody'
314 |                 recovery_password = ''
315 |                 recovery_1st_stage_command = ''
316 |                 recovery_2nd_stage_command = ''
317 |                 recovery_timeout = 90
318 |                 client_idle_limit_in_recovery = 0
319 |                 auto_failback = off
320 |                 auto_failback_interval = 1min
321 |                 use_watchdog = off
322 |                 trusted_servers = ''
323 |                 ping_path = '/bin'
324 |                 hostname0 = ''
325 |                 wd_port0 = 9000
326 |                 pgpool_port0 = 9999
327 |                 wd_priority = 1
328 |                 wd_authkey = ''
329 |                 wd_ipc_socket_dir = '/tmp'
330 |                 delegate_IP = ''
331 |                 if_cmd_path = '/sbin'
332 |                 if_up_cmd = '/usr/bin/sudo /sbin/ip addr add $_IP_$/24 dev eth0 label eth0:0'
333 |                 if_down_cmd = '/usr/bin/sudo /sbin/ip addr del $_IP_$/24 dev eth0'
334 |                 arping_path = '/usr/sbin'
335 |                 arping_cmd = '/usr/bin/sudo /usr/sbin/arping -U $_IP_$ -w 1 -I eth0'
336 |                 clear_memqcache_on_escalation = on
337 |                 wd_escalation_command = ''
338 |                 wd_de_escalation_command = ''
339 |                 failover_when_quorum_exists = on
340 |                 failover_require_consensus = on
341 |                 allow_multiple_failover_requests_from_node = off
342 |                 enable_consensus_with_half_votes = off
343 |                 wd_monitoring_interfaces_list = ''
344 |                 wd_lifecheck_method = 'heartbeat'
345 |                 wd_interval = 10
346 |                 heartbeat_hostname0 = ''
347 |                 heartbeat_port0 = 9694
348 |                 heartbeat_device0 = ''
349 |                 wd_heartbeat_keepalive = 2
350 |                 wd_heartbeat_deadtime = 30
351 |                 wd_life_point = 3
352 |                 wd_lifecheck_query = 'SELECT 1'
353 |                 wd_lifecheck_dbname = 'template1'
354 |                 wd_lifecheck_user = 'nobody'
355 |                 wd_lifecheck_password = ''
356 |                 relcache_expire = 0
357 |                 relcache_size = 256
358 |                 check_temp_table = catalog
359 |                 check_unlogged_table = on
360 |                 enable_shared_relcache = on
361 |                 relcache_query_target = primary
362 |                 memory_cache_enabled = off
363 |                 memqcache_method = 'shmem'
364 |                 memqcache_memcached_host = 'localhost'
365 |                 memqcache_memcached_port = 11211
366 |                 memqcache_total_size = 64MB
367 |                 memqcache_max_num_cache = 1000000
368 |                 memqcache_expire = 0
369 |                 memqcache_auto_cache_invalidation = on
370 |                 memqcache_maxcache = 400kB
371 |                 memqcache_cache_block_size = 1MB
372 |                 memqcache_oiddir = '/var/log/pgpool/oiddir'
373 |                 cache_safe_memqcache_table_list = ''
374 |                 cache_unsafe_memqcache_table_list = ''
375 |         start_pgpool:
376 |           files:
377 |             /etc/init.d/pgpool:
378 |               content: !Sub |
379 |                 #!/bin/sh
380 |                 #
381 |                 # pgpool - the postgres replication daemon.
382 |                 #
383 |                 # chkconfig: 2345 64 36
384 | 
385 |                 # description: start and stop the pgpool daemon
386 | 
387 |                 ### BEGIN INIT INFO
388 |                 # Provides: pgpool
389 |                 # Required-Start: $local_fs $network $remote_fs
390 |                 # Should-Start: ypbind nscd ldap ntpd xntpd
391 |                 # Required-Stop: $local_fs $network $remote_fs
392 |                 # Default-Start:  2 3 4 5
393 |                 # Default-Stop: 0 1 6
394 |                 # Short-Description: start and stop pgpool
395 |                 # Description: pgpool is pure awesomeness.
396 |                 ### END INIT INFO
397 | 
398 |                 # Source function library.
399 |                 . /etc/rc.d/init.d/functions
400 | 
401 |                 # command that needs to run:
402 |                 # sudo -u postgres pgpool -f /usr/local/etc/pgpool.conf -F /usr/local/etc/pcp.conf 
403 | 
404 |                 exec="/usr/local/bin/pgpool"
405 |                 prog="pgpool"
406 | 
407 |                 user="ec2-user"
408 | 
409 |                 pgpool_config="/usr/local/etc/pgpool.conf"
410 |                 pcp_config="/usr/local/etc/pool_passwd"
411 | 
412 |                 [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
413 | 
414 |                 lockfile=/var/lock/subsys/$prog
415 | 
416 |                 start() {
417 |                     [ -x $exec ] || exit 5
418 |                     [ -f $pgpool_config ] || exit 6
419 |                     [ -f $pcp_config ] || exit 6
420 |                     echo -n $"Starting $prog: "
421 |                     # if not running, start it up here, usually something like "daemon $exec"
422 | 
423 |                     pgpool_command
424 |                     retval=$?
425 |                     echo
426 |                     [ $retval -eq 0 ] && touch $lockfile
427 |                     return $retval
428 |                 }
429 | 
430 |                 stop() {
431 |                     echo -n $"Stopping $prog: "
432 |                     # stop it here, often "killproc $prog"
433 | 
434 |                     echo pgpool_command stop
435 | 
436 |                     pgpool_command stop
437 |                     retval=$?
438 |                     echo
439 |                     [ $retval -eq 0 ] && rm -f $lockfile
440 |                     return $retval
441 |                 }
442 | 
443 |                 restart() {
444 |                     stop
445 |                     start
446 |                 }
447 | 
448 |                 reload() {
449 |                     pgpool_command reload
450 |                 }
451 | 
452 |                 force_reload() {
453 |                     restart
454 |                 }
455 | 
456 |                 rh_status() {
457 |                     # run checks to determine if the service is running or use generic status
458 |                     status $prog
459 |                 }
460 | 
461 |                 rh_status_q() {
462 |                     rh_status >/dev/null 2>&1
463 |                 }
464 | 
465 |                 pgpool_command() {
466 |                     sudo -u $user $exec -f "$pgpool_config" -F "$pcp_config" $1
467 |                 }
468 | 
469 | 
470 |                 case "$1" in
471 |                     start)
472 |                         rh_status_q && exit 0
473 |                         $1
474 |                         ;;
475 |                     stop)
476 |                         rh_status_q || exit 0
477 |                         $1
478 |                         ;;
479 |                     restart)
480 |                         $1
481 |                         ;;
482 |                     reload)
483 |                         rh_status_q || exit 7
484 |                         $1
485 |                         ;;
486 |                     force-reload)
487 |                         force_reload
488 |                         ;;
489 |                     status)
490 |                         rh_status
491 |                         ;;
492 |                     condrestart|try-restart)
493 |                         rh_status_q || exit 0
494 |                         restart
495 |                         ;;
496 |                     *)
497 |                         echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
498 |                         exit 2
499 |                 esac
500 |                 exit $?
501 |               mode: "000755"
502 |           services:
503 |             sysvinit:
504 |               pgpool:
505 |                 enabled: "true"
506 |                 ensureRunning: "true"
507 |                 files:
508 |                   - "/etc/init.d/pgpool"
509 | 
510 |   JumpServer:
511 |     Type: "AWS::EC2::Instance"
512 |     Properties:
513 |       ImageId: !Ref AmiId
514 |       InstanceType: !Ref InstanceSize
515 |       KeyName: !Ref keyname
516 |       SubnetId: 
517 |         Ref: SubnetPublicA
518 |       SecurityGroupIds: 
519 |         - !Ref SshFirewall
520 |       Tags:
521 |         - Key: Project
522 |           Value: !Ref ProjectTag
523 |   NetELB:
524 |     Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
525 |     Properties:
526 |       Subnets:
527 |         - !Ref SubnetPublicA
528 |         - !Ref SubnetPublicB
529 |       Type: network
530 |       Tags:
531 |         - Key: Project
532 |           Value: !Ref ProjectTag
533 |   ELBListener:
534 |     Type: "AWS::ElasticLoadBalancingV2::Listener"
535 |     Properties: 
536 |       DefaultActions:
537 |         - TargetGroupArn: !Ref ELBTargetGroup
538 |           Type: "forward"
539 |       LoadBalancerArn: !Ref NetELB
540 |       Port: 5432
541 |       Protocol: TCP
542 |   ELBTargetGroup:
543 |     Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
544 |     Properties:
545 |       HealthCheckPort: 80
546 |       HealthCheckProtocol: HTTP
547 |       Port: 5432
548 |       Protocol: TCP
549 |       VpcId: !Ref VPC
550 | Outputs:
551 |   Endpoint:
552 |     Description: Database URL 
553 |     Value: !GetAtt NetELB.DNSName
554 |   JumpAddress:
555 |     Description: IP address of Jump server
556 |     Value: !GetAtt JumpServer.PublicIp
557 | 


--------------------------------------------------------------------------------
/secgroups.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
  2 | #
  3 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
  4 | # software and associated documentation files (the "Software"), to deal in the Software
  5 | # without restriction, including without limitation the rights to use, copy, modify,
  6 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
  7 | # permit persons to whom the Software is furnished to do so.
  8 | #
  9 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 10 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
 11 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 12 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 13 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 14 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 15 | 
 16 | 
 17 | Parameters:
 18 |   VPC:
 19 |     Type: "AWS::EC2::VPC::Id"
 20 |     Description: "VPC ID for creating the application"
 21 |   ProjectTag:
 22 |     Type: String
 23 |     Description: Tag to apply to created resources for visibility
 24 |     Default: PgPoolDemo
 25 |   AllowedCidrIngress:
 26 |     Type: String
 27 |     MinLength: 9
 28 |     MaxLength: 18
 29 |     AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
 30 |     ConstraintDescription: Must be a valid CIDR range in the form x.x.x.x/YY
 31 |     Default: 0.0.0.0/0
 32 |   AppPublicCIDRA:
 33 |     Type: String
 34 |   AppPublicCIDRB:
 35 |     Type: String
 36 | Resources:
 37 |   DBFirewall:
 38 |     Type: "AWS::EC2::SecurityGroup"
 39 |     Properties:
 40 |       GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " RDS"]]
 41 |       VpcId: !Ref VPC
 42 |       SecurityGroupIngress:
 43 |         -
 44 |           SourceSecurityGroupId: 
 45 |             Fn::GetAtt:
 46 |             - PgpoolFirewall
 47 |             - GroupId
 48 |           IpProtocol: tcp
 49 |           ToPort: "3306"
 50 |           FromPort: "3306"
 51 |         -
 52 |           SourceSecurityGroupId: 
 53 |             Fn::GetAtt:
 54 |             - PgpoolFirewall
 55 |             - GroupId
 56 |           IpProtocol: tcp
 57 |           ToPort: "5432"
 58 |           FromPort: "5432"
 59 |       SecurityGroupEgress:
 60 |         -
 61 |           CidrIp: 0.0.0.0/0
 62 |           ToPort: "-1"
 63 |           IpProtocol: "-1"
 64 |       Tags:
 65 |         - Key: Project
 66 |           Value: !Ref ProjectTag
 67 |   PgpoolFirewall:
 68 |     Type: "AWS::EC2::SecurityGroup"
 69 |     Properties:
 70 |       GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " Pgpool"]]
 71 |       VpcId: !Ref VPC
 72 |       SecurityGroupIngress:
 73 |         -
 74 |           CidrIp: !Ref AllowedCidrIngress
 75 |           IpProtocol: tcp
 76 |           ToPort: "5432"
 77 |           FromPort: "5432"
 78 |         -
 79 |           CidrIp: !Ref AppPublicCIDRA
 80 |           IpProtocol: tcp
 81 |           ToPort: "5432"
 82 |           FromPort: "5432"
 83 |         -
 84 |           CidrIp: !Ref AppPublicCIDRB
 85 |           IpProtocol: tcp
 86 |           ToPort: "5432"
 87 |           FromPort: "5432"
 88 |         -
 89 |           CidrIp: !Ref AppPublicCIDRA
 90 |           IpProtocol: tcp
 91 |           ToPort: "80"
 92 |           FromPort: "80"
 93 |         -
 94 |           CidrIp: !Ref AppPublicCIDRB
 95 |           IpProtocol: tcp
 96 |           ToPort: "80"
 97 |           FromPort: "80"
 98 |       SecurityGroupEgress:
 99 |         -
100 |           CidrIp: 0.0.0.0/0
101 |           ToPort: "-1"
102 |           IpProtocol: "-1"
103 |   SshFirewall:
104 |     Type: "AWS::EC2::SecurityGroup"
105 |     Properties:
106 |       GroupDescription: !Join ["", ["Stack ", !Ref "AWS::StackId", " SSH"]]
107 |       VpcId: !Ref VPC
108 |       SecurityGroupIngress:
109 |         -
110 |           CidrIp: !Ref AllowedCidrIngress
111 |           IpProtocol: tcp
112 |           ToPort: "22"
113 |           FromPort: "22"
114 |         -
115 |           CidrIp: !Ref AppPublicCIDRA
116 |           IpProtocol: tcp
117 |           ToPort: "22"
118 |           FromPort: "22"
119 |         -
120 |           CidrIp: !Ref AppPublicCIDRB
121 |           IpProtocol: tcp
122 |           ToPort: "22"
123 |           FromPort: "22"
124 |       SecurityGroupEgress:
125 |         -
126 |           CidrIp: 0.0.0.0/0
127 |           ToPort: "-1"
128 |           IpProtocol: "-1"
129 | Outputs:
130 |   PgpoolFirewallId:
131 |     Description: ID of pgpool security group
132 |     Value: !Ref PgpoolFirewall
133 |   SshFirewallId:
134 |     Description: ID of SSH security group
135 |     Value: !Ref SshFirewall
136 |   DBFirewallId:
137 |     Description: ID of database security group
138 |     Value: !Ref DBFirewall
139 | 
140 | 


--------------------------------------------------------------------------------
/update.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 4 | #
 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this
 6 | # software and associated documentation files (the "Software"), to deal in the Software
 7 | # without restriction, including without limitation the rights to use, copy, modify,
 8 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
 9 | # permit persons to whom the Software is furnished to do so.
10 | #
11 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
12 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
13 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
14 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
15 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
16 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
17 | 
18 | templatebucket=$1
19 | templateprefix=$2
20 | stackname=$3
21 | region=$4
22 | SCRIPTDIR=`dirname $0`
23 | if [ "$templatebucket" == "" ]
24 | then
25 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
26 |     exit 1
27 | fi
28 | if [ "$templateprefix" == "" ]
29 | then
30 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
31 |     exit 1
32 | fi
33 | if [ "$stackname" == "" ]
34 | then
35 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
36 |     exit 1
37 | fi
38 | if [ "$region" == "" ]
39 | then
40 |     echo "Usage: $0 <template bucket> <template prefix> <stack name> <region>"
41 |     exit 1
42 | fi
43 | 
44 | # Check if we need to append region to S3 URL
45 | TEMPLATE_URL=https://s3.amazonaws.com/$templatebucket/$templateprefix/master.yaml
46 | if [ "$region" != "us-east-1" ]
47 | then
48 |     TEMPLATE_URL=https://s3-$region.amazonaws.com/$templatebucket/$templateprefix/master.yaml
49 | fi
50 | 
51 | aws s3 cp master.yaml s3://$templatebucket/$templateprefix/master.yaml
52 | aws s3 cp network.yaml s3://$templatebucket/$templateprefix/network.yaml
53 | aws s3 cp secgroups.yaml s3://$templatebucket/$templateprefix/secgroups.yaml
54 | aws s3 cp aurora.yaml s3://$templatebucket/$templateprefix/aurora.yaml
55 | aws s3 cp pgpool.yaml s3://$templatebucket/$templateprefix/pgpool.yaml
56 | 
57 | aws cloudformation update-stack --stack-name $stackname \
58 |     --template-url $TEMPLATE_URL \
59 |     --parameters \
60 |     ParameterKey=TemplateBucketName,ParameterValue=$templatebucket \
61 |     ParameterKey=TemplateBucketPrefix,ParameterValue=$templateprefix \
62 |     ParameterKey=ProjectTag,ParameterValue=pgpoolblog \
63 |     ParameterKey=vpccidr,ParameterValue="10.20.0.0/16" \
64 |     ParameterKey=AllowedCidrIngress,ParameterValue="205.0.0.0/8" \
65 |     ParameterKey=AppPrivateCIDRA,ParameterValue="10.20.3.0/24" \
66 |     ParameterKey=AppPrivateCIDRB,ParameterValue="10.20.4.0/24" \
67 |     ParameterKey=AppPrivateCIDRC,ParameterValue="10.20.5.0/24" \
68 |     ParameterKey=AppPrivateCIDRD,ParameterValue="10.20.6.0/24" \
69 |     ParameterKey=AppPublicCIDRA,ParameterValue="10.20.1.0/24" \
70 |     ParameterKey=AppPublicCIDRB,ParameterValue="10.20.2.0/24" \
71 |     ParameterKey=DatabaseName,ParameterValue="pgpooldb" \
72 |     ParameterKey=DatabaseUser,ParameterValue="pgpooluser" \
73 |     ParameterKey=DatabasePassword,ParameterValue="pgp0o1Cred" \
74 |     ParameterKey=DbInstanceSize,ParameterValue="db.r4.large" \
75 |     ParameterKey=keyname,ParameterValue="rdaws-sandbox" \
76 |     --tags Key=Project,Value=pgpoolblog \
77 |     --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
78 |     --no-use-previous-template
79 | 


--------------------------------------------------------------------------------