├── .gitignore ├── LICENSE ├── README.md ├── issue_template.md ├── network └── network.yaml ├── pull_request_template.md ├── sampleCFN └── sample.yaml ├── wso2am └── apim │ ├── cf-dev.yaml │ ├── cf-staging.yaml │ └── cf.yaml ├── wso2ei └── ei_integrator │ ├── cf-dev.yaml │ ├── cf-staging.yaml │ └── cf.yaml └── wso2is └── is ├── cf-dev.yaml ├── cf-staging.yaml └── cf.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.nar 17 | *.ear 18 | *.zip 19 | *.tar.gz 20 | *.rar 21 | 22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 23 | hs_err_pid* 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AWS Resources for CICD Pipeline 2 | > **Warning** 3 | > 4 | > The CICD pipeline is deprecated. 5 | > 6 | 7 | This repository contains CloudFormation templates for CICD pipeline to deploy WSO2 products in Amazon Web Services(AWS). 8 | 9 | - _cf-dev.yaml_ - CloudFormation template for Development environment 10 | 11 | - _cf-staging.yaml_ - CloudFormation template for Staging environment 12 | 13 | - _cf.yaml_ - CloudFormation template for Production environment 14 | 15 | - _network.yaml_ - ClouFormation template contains network resources shared in development and staging environments. 16 | 17 | The CloudFormation templates use the following AMI's to provision the deployment. 18 | 19 | Monitoring AMI - Contains the configurations and services necessary for Grafana dashboards. 20 | 21 | Logging AMI - Contains the configurations and services necessary to get the product logs on kibana dashboard. 22 | 23 | Product AMI - Contains the product pack, databse scripts. This is taken as a parameter in the CloudFormation stack. 24 | 25 | A sample CloudFormation template is provided under sampleCFN folder. This CloudFormation template can be used to deploy the product in any environment. This sample.yaml template is configured with Logging. 26 | 27 | **Note:** Change the userdata section of the auto scaling groups according to the deployed product. -------------------------------------------------------------------------------- /issue_template.md: -------------------------------------------------------------------------------- 1 | **Description:** 2 | 3 | 4 | **Suggested Labels:** 5 | 6 | 7 | **Suggested Assignees:** 8 | 9 | 10 | **Affected Product Version:** 11 | 12 | **OS, DB, other environment details and versions:** 13 | 14 | **Steps to reproduce:** 15 | 16 | 17 | **Related Issues:** 18 | -------------------------------------------------------------------------------- /network/network.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: Network Resources for WSO2 Product Deployment 17 | Metadata: 18 | 'AWS::CloudFormation::Interface': 19 | ParameterGroups: 20 | - Label: 21 | default: WSO2 Transit Gateway 22 | Parameters: 23 | - TransitGatewayId 24 | ParameterLabels: 25 | TransitGatewayId: 26 | default: Transit Gateway Id 27 | Resources: 28 | # networking configurations 29 | WSO2VPC: 30 | Type: 'AWS::EC2::VPC' 31 | Properties: 32 | CidrBlock: 10.1.0.0/16 33 | EnableDnsSupport: true 34 | EnableDnsHostnames: true 35 | WSO2PublicSubnet1: 36 | Type: 'AWS::EC2::Subnet' 37 | Properties: 38 | VpcId: !Ref WSO2VPC 39 | CidrBlock: 10.1.254.0/24 40 | AvailabilityZone: !Select 41 | - '0' 42 | - !GetAZs '' 43 | WSO2PublicSubnet2: 44 | Type: 'AWS::EC2::Subnet' 45 | Properties: 46 | VpcId: !Ref WSO2VPC 47 | CidrBlock: 10.1.252.0/24 48 | AvailabilityZone: !Select 49 | - '1' 50 | - !GetAZs '' 51 | WSO2PublicInternetGateway: 52 | Type: 'AWS::EC2::InternetGateway' 53 | WSO2PublicRouteTable: 54 | Type: 'AWS::EC2::RouteTable' 55 | Properties: 56 | VpcId: !Ref WSO2VPC 57 | WSO2PublicSubnet1RouteTableAssociation: 58 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 59 | Properties: 60 | RouteTableId: !Ref WSO2PublicRouteTable 61 | SubnetId: !Ref WSO2PublicSubnet1 62 | WSO2PublicSubnet2RouteTableAssociation: 63 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 64 | Properties: 65 | RouteTableId: !Ref WSO2PublicRouteTable 66 | SubnetId: !Ref WSO2PublicSubnet2 67 | WSO2PublicRoute: 68 | Type: 'AWS::EC2::Route' 69 | Properties: 70 | RouteTableId: !Ref WSO2PublicRouteTable 71 | GatewayId: !Ref WSO2PublicInternetGateway 72 | DestinationCidrBlock: 0.0.0.0/0 73 | DependsOn: WSO2VPCInternetGatewayAttachment 74 | WSO2VPCInternetGatewayAttachment: 75 | Type: 'AWS::EC2::VPCGatewayAttachment' 76 | Properties: 77 | InternetGatewayId: !Ref WSO2PublicInternetGateway 78 | VpcId: !Ref WSO2VPC 79 | WSO2PrivateSubnet1: 80 | Type: 'AWS::EC2::Subnet' 81 | Properties: 82 | VpcId: !Ref WSO2VPC 83 | CidrBlock: 10.1.1.0/24 84 | AvailabilityZone: !Select 85 | - '0' 86 | - !GetAZs '' 87 | WSO2PrivateSubnet2: 88 | Type: 'AWS::EC2::Subnet' 89 | Properties: 90 | VpcId: !Ref WSO2VPC 91 | CidrBlock: 10.1.2.0/24 92 | AvailabilityZone: !Select 93 | - '1' 94 | - !GetAZs '' 95 | WSO2PrivateSubnetRouteTable: 96 | Type: 'AWS::EC2::RouteTable' 97 | Properties: 98 | VpcId: !Ref WSO2VPC 99 | WSO2PrivateRoute: 100 | Type: 'AWS::EC2::Route' 101 | Properties: 102 | DestinationCidrBlock: 0.0.0.0/0 103 | NatGatewayId: !Ref WSO2NATGateway 104 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 105 | WSO2PrivateSubnet1RouteTableAssociation: 106 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 107 | Properties: 108 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 109 | SubnetId: !Ref WSO2PrivateSubnet1 110 | WSO2PrivateSubnet2RouteTableAssociation: 111 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 112 | Properties: 113 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 114 | SubnetId: !Ref WSO2PrivateSubnet2 115 | WSO2NATGateway: 116 | Type: 'AWS::EC2::NatGateway' 117 | Properties: 118 | AllocationId: !GetAtt 119 | - WSO2EIP 120 | - AllocationId 121 | SubnetId: !Ref WSO2PublicSubnet1 122 | WSO2EIP: 123 | Type: 'AWS::EC2::EIP' 124 | Properties: 125 | Domain: vpc 126 | WSO2TransitGatewayAttachment: 127 | Type: "AWS::EC2::TransitGatewayAttachment" 128 | Properties: 129 | SubnetIds: 130 | - !Ref WSO2PrivateSubnet1 131 | - !Ref WSO2PrivateSubnet2 132 | Tags: 133 | - Key: Name 134 | Value: WSO2 Transit Gateway 135 | TransitGatewayId: !Ref TransitGatewayId 136 | VpcId: !Ref WSO2VPC 137 | WSO2TransitGatewayRoute: 138 | Type: 'AWS::EC2::Route' 139 | Properties: 140 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 141 | TransitGatewayId: !Ref TransitGatewayId 142 | DestinationCidrBlock: 10.0.0.0/16 143 | DependsOn: WSO2TransitGatewayAttachment 144 | WSO2DBSecurityGroup: 145 | Type: 'AWS::EC2::SecurityGroup' 146 | Properties: 147 | VpcId: !Ref WSO2VPC 148 | GroupDescription: DB Security Group 149 | SecurityGroupIngress: 150 | - IpProtocol: tcp 151 | FromPort: '3306' 152 | ToPort: '3306' 153 | CidrIp: 0.0.0.0/0 154 | WSO2EFSSecurityGroup: 155 | Type: 'AWS::EC2::SecurityGroup' 156 | Properties: 157 | VpcId: !Ref WSO2VPC 158 | GroupDescription: WSO2 EFS Security Group 159 | SecurityGroupIngress: 160 | - IpProtocol: tcp 161 | FromPort: '2049' 162 | ToPort: '2049' 163 | CidrIp: 0.0.0.0/0 164 | WSO2BastionSecurityGroup: 165 | Type: 'AWS::EC2::SecurityGroup' 166 | Properties: 167 | VpcId: !Ref WSO2VPC 168 | GroupDescription: WSO2 Bastion Instance Security Group 169 | SecurityGroupIngress: 170 | - IpProtocol: tcp 171 | FromPort: 22 172 | ToPort: 22 173 | CidrIp: 0.0.0.0/0 174 | WSO2LoggingSecurityGroup: 175 | Type: 'AWS::EC2::SecurityGroup' 176 | Properties: 177 | VpcId: !Ref WSO2VPC 178 | GroupDescription: WSO2 Logging Instance Security Group 179 | GroupName: WSO2LoggingSecurityGroup 180 | SecurityGroupIngress: 181 | - IpProtocol: tcp 182 | FromPort: 5601 183 | ToPort: 5601 184 | CidrIp: 0.0.0.0/0 185 | - IpProtocol: tcp 186 | FromPort: 22 187 | ToPort: 22 188 | SourceSecurityGroupId: !Ref WSO2BastionSecurityGroup 189 | - IpProtocol: tcp 190 | FromPort: 5044 191 | ToPort: 5044 192 | CidrIp: 0.0.0.0/0 193 | WSO2ProductSecurityGroup: 194 | Type: 'AWS::EC2::SecurityGroup' 195 | Properties: 196 | VpcId: !Ref WSO2VPC 197 | GroupDescription: WSO2 Product Instance Security Group 198 | GroupName: WSO2SecurityGroup 199 | SecurityGroupIngress: 200 | - IpProtocol: tcp 201 | FromPort: 22 202 | ToPort: 22 203 | CidrIp: 0.0.0.0/0 204 | - IpProtocol: tcp 205 | FromPort: 443 206 | ToPort: 443 207 | CidrIp: 0.0.0.0/0 208 | - IpProtocol: tcp 209 | FromPort: 9200 210 | ToPort: 9200 211 | CidrIp: 0.0.0.0/0 212 | - IpProtocol: tcp 213 | FromPort: '8280' 214 | ToPort: '8280' 215 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 216 | - IpProtocol: tcp 217 | FromPort: '9763' 218 | ToPort: '9763' 219 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 220 | - IpProtocol: tcp 221 | FromPort: '9443' 222 | ToPort: '9443' 223 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 224 | - IpProtocol: tcp 225 | FromPort: '8243' 226 | ToPort: '8243' 227 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 228 | - IpProtocol: tcp 229 | FromPort: '5672' 230 | ToPort: '5672' 231 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 232 | - IpProtocol: tcp 233 | FromPort: '4000' 234 | ToPort: '4000' 235 | CidrIp: 0.0.0.0/0 236 | - IpProtocol: tcp 237 | FromPort: '8140' 238 | ToPort: '8140' 239 | CidrIp: 0.0.0.0/0 240 | - IpProtocol: tcp 241 | FromPort: '5701' 242 | ToPort: '5701' 243 | CidrIp: 0.0.0.0/0 244 | WSO2LoadBalancerSecurityGroup: 245 | Type: 'AWS::EC2::SecurityGroup' 246 | Properties: 247 | VpcId: !Ref WSO2VPC 248 | GroupDescription: WSO2 ALB Security Group 249 | SecurityGroupIngress: 250 | - IpProtocol: tcp 251 | FromPort: '9763' 252 | ToPort: '9763' 253 | CidrIp: 0.0.0.0/0 254 | - IpProtocol: tcp 255 | FromPort: '443' 256 | ToPort: '443' 257 | CidrIp: 0.0.0.0/0 258 | - IpProtocol: tcp 259 | FromPort: '9443' 260 | ToPort: '9443' 261 | CidrIp: 0.0.0.0/0 262 | - IpProtocol: tcp 263 | FromPort: '8243' 264 | ToPort: '8243' 265 | CidrIp: 0.0.0.0/0 266 | - IpProtocol: tcp 267 | FromPort: '8280' 268 | ToPort: '8280' 269 | CidrIp: 0.0.0.0/0 270 | - IpProtocol: tcp 271 | FromPort: '4000' 272 | ToPort: '4000' 273 | CidrIp: 0.0.0.0/0 274 | - IpProtocol: tcp 275 | FromPort: '5701' 276 | ToPort: '5701' 277 | CidrIp: 0.0.0.0/0 278 | SecurityGroupEgress: 279 | - IpProtocol: tcp 280 | FromPort: '9763' 281 | ToPort: '9763' 282 | CidrIp: 0.0.0.0/0 283 | - IpProtocol: tcp 284 | FromPort: '9443' 285 | ToPort: '9443' 286 | CidrIp: 0.0.0.0/0 287 | - IpProtocol: tcp 288 | FromPort: '443' 289 | ToPort: '443' 290 | CidrIp: 0.0.0.0/0 291 | - IpProtocol: tcp 292 | FromPort: '8243' 293 | ToPort: '8243' 294 | CidrIp: 0.0.0.0/0 295 | - IpProtocol: tcp 296 | FromPort: '8280' 297 | ToPort: '8280' 298 | CidrIp: 0.0.0.0/0 299 | - IpProtocol: tcp 300 | FromPort: '4000' 301 | ToPort: '4000' 302 | CidrIp: 0.0.0.0/0 303 | - IpProtocol: tcp 304 | FromPort: '5701' 305 | ToPort: '5701' 306 | CidrIp: 0.0.0.0/0 307 | Parameters: 308 | TransitGatewayId: 309 | Type: String 310 | Outputs: 311 | WSO2VPCID: 312 | Value: !Ref WSO2VPC 313 | Export: 314 | Name: !Sub "${AWS::StackName}-WSO2VPC" 315 | Description: VPC ID 316 | WSO2PublicSubnet1: 317 | Value: !Ref WSO2PublicSubnet1 318 | Export: 319 | Name: !Sub "${AWS::StackName}-WSO2PublicSubnet1" 320 | Description: Public Subnet 1 ID 321 | WSO2PublicSubnet2: 322 | Value: !Ref WSO2PublicSubnet2 323 | Export: 324 | Name: !Sub "${AWS::StackName}-WSO2PublicSubnet2" 325 | Description: Public Subnet 2 ID 326 | WSO2PrivateSubnet1: 327 | Value: !Ref WSO2PrivateSubnet1 328 | Export: 329 | Name: !Sub "${AWS::StackName}-WSO2PrivateSubnet1" 330 | Description: Private Subnet 1 ID 331 | WSO2PrivateSubnet2: 332 | Value: !Ref WSO2PrivateSubnet2 333 | Export: 334 | Name: !Sub "${AWS::StackName}-WSO2PrivateSubnet2" 335 | Description: Private Subnet 1 ID 336 | WSO2DBSecurityGroup: 337 | Value: !Ref WSO2DBSecurityGroup 338 | Export: 339 | Name: !Sub "${AWS::StackName}-WSO2DBSecurityGroup" 340 | Description: Database Instance Security Group 341 | WSO2ProductSecurityGroup: 342 | Value: !Ref WSO2ProductSecurityGroup 343 | Export: 344 | Name: !Sub "${AWS::StackName}-WSO2ProductSecurityGroup" 345 | Description: Product Instance Security Group 346 | WSO2LoggingSecurityGroup: 347 | Value: !Ref WSO2LoggingSecurityGroup 348 | Export: 349 | Name: !Sub "${AWS::StackName}-WSO2LoggingSecurityGroup" 350 | Description: Logging Instance Security Group 351 | WSO2BastionSecurityGroup: 352 | Value: !Ref WSO2BastionSecurityGroup 353 | Export: 354 | Name: !Sub "${AWS::StackName}-WSO2BastionSecurityGroup" 355 | Description: Bastion Instance Security Group 356 | WSO2EFSSecurityGroup: 357 | Value: !Ref WSO2EFSSecurityGroup 358 | Export: 359 | Name: !Sub "${AWS::StackName}-WSO2EFSSecurityGroup" 360 | Description: Elastic File System Security Group 361 | WSO2LoadBalancerSecurityGroup: 362 | Value: !Ref WSO2LoadBalancerSecurityGroup 363 | Export: 364 | Name: !Sub "${AWS::StackName}-WSO2LoadBalancerSecurityGroup" 365 | Description: Loadbalancer Security Group 366 | -------------------------------------------------------------------------------- /pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Purpose 2 | > Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc. 3 | 4 | ## Goals 5 | > Describe the solutions that this feature/fix will introduce to resolve the problems described above 6 | 7 | ## Approach 8 | > Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here. 9 | 10 | ## User stories 11 | > Summary of user stories addressed by this change> 12 | 13 | ## Release note 14 | > Brief description of the new feature or bug fix as it will appear in the release notes 15 | 16 | ## Documentation 17 | > Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact 18 | 19 | ## Training 20 | > Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable 21 | 22 | ## Certification 23 | > Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why. 24 | 25 | ## Marketing 26 | > Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable 27 | 28 | ## Automation tests 29 | - Unit tests 30 | > Code coverage information 31 | - Integration tests 32 | > Details about the test cases and coverage 33 | 34 | ## Security checks 35 | - Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no 36 | - Ran FindSecurityBugs plugin and verified report? yes/no 37 | - Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no 38 | 39 | ## Samples 40 | > Provide high-level details about the samples related to this feature 41 | 42 | ## Related PRs 43 | > List any other related PRs 44 | 45 | ## Migrations (if applicable) 46 | > Describe migration steps and platforms on which migration has been tested 47 | 48 | ## Test environment 49 | > List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested 50 | 51 | ## Learning 52 | > Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem. -------------------------------------------------------------------------------- /sampleCFN/sample.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 Enterprise Integrator Clustered deployment 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - AWSAccessKeyId 25 | - AWSAccessKeySecret 26 | - KeyPairName 27 | - WSO2InstanceType 28 | - Label: 29 | default: Network Configuration 30 | Parameters: 31 | - CertificateName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | AWSAccessKeyId: 44 | default: AWS Access Key ID 45 | AWSAccessKeySecret: 46 | default: AWS Access Secret Key 47 | CertificateName: 48 | default: SSL Certificate Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | # networking configurations 67 | WSO2VPC: 68 | Type: 'AWS::EC2::VPC' 69 | Properties: 70 | CidrBlock: 10.0.0.0/16 71 | EnableDnsSupport: true 72 | EnableDnsHostnames: true 73 | WSO2PublicSubnet1: 74 | Type: 'AWS::EC2::Subnet' 75 | Properties: 76 | VpcId: !Ref WSO2VPC 77 | CidrBlock: 10.0.254.0/24 78 | AvailabilityZone: !Select 79 | - '0' 80 | - !GetAZs '' 81 | WSO2PublicSubnet2: 82 | Type: 'AWS::EC2::Subnet' 83 | Properties: 84 | VpcId: !Ref WSO2VPC 85 | CidrBlock: 10.0.252.0/24 86 | AvailabilityZone: !Select 87 | - '1' 88 | - !GetAZs '' 89 | WSO2PublicInternetGateway: 90 | Type: 'AWS::EC2::InternetGateway' 91 | WSO2PublicRouteTable: 92 | Type: 'AWS::EC2::RouteTable' 93 | Properties: 94 | VpcId: !Ref WSO2VPC 95 | WSO2PublicSubnet1RouteTableAssociation: 96 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 97 | Properties: 98 | RouteTableId: !Ref WSO2PublicRouteTable 99 | SubnetId: !Ref WSO2PublicSubnet1 100 | WSO2PublicSubnet2RouteTableAssociation: 101 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 102 | Properties: 103 | RouteTableId: !Ref WSO2PublicRouteTable 104 | SubnetId: !Ref WSO2PublicSubnet2 105 | WSO2PublicRoute: 106 | Type: 'AWS::EC2::Route' 107 | Properties: 108 | RouteTableId: !Ref WSO2PublicRouteTable 109 | GatewayId: !Ref WSO2PublicInternetGateway 110 | DestinationCidrBlock: 0.0.0.0/0 111 | DependsOn: WSO2VPCInternetGatewayAttachment 112 | WSO2VPCInternetGatewayAttachment: 113 | Type: 'AWS::EC2::VPCGatewayAttachment' 114 | Properties: 115 | InternetGatewayId: !Ref WSO2PublicInternetGateway 116 | VpcId: !Ref WSO2VPC 117 | WSO2PrivateSubnet1: 118 | Type: 'AWS::EC2::Subnet' 119 | Properties: 120 | VpcId: !Ref WSO2VPC 121 | CidrBlock: 10.0.1.0/24 122 | AvailabilityZone: !Select 123 | - '0' 124 | - !GetAZs '' 125 | WSO2PrivateSubnet2: 126 | Type: 'AWS::EC2::Subnet' 127 | Properties: 128 | VpcId: !Ref WSO2VPC 129 | CidrBlock: 10.0.2.0/24 130 | AvailabilityZone: !Select 131 | - '1' 132 | - !GetAZs '' 133 | WSO2PrivateSubnetRouteTable: 134 | Type: 'AWS::EC2::RouteTable' 135 | Properties: 136 | VpcId: !Ref WSO2VPC 137 | WSO2PrivateRoute: 138 | Type: 'AWS::EC2::Route' 139 | Properties: 140 | DestinationCidrBlock: 0.0.0.0/0 141 | NatGatewayId: !Ref WSO2NATGateway 142 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 143 | WSO2PrivateSubnet1RouteTableAssociation: 144 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 145 | Properties: 146 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 147 | SubnetId: !Ref WSO2PrivateSubnet1 148 | WSO2PrivateSubnet2RouteTableAssociation: 149 | Type: 'AWS::EC2::SubnetRouteTableAssociation' 150 | Properties: 151 | RouteTableId: !Ref WSO2PrivateSubnetRouteTable 152 | SubnetId: !Ref WSO2PrivateSubnet2 153 | WSO2NATGateway: 154 | Type: 'AWS::EC2::NatGateway' 155 | Properties: 156 | AllocationId: !GetAtt 157 | - WSO2EIP 158 | - AllocationId 159 | SubnetId: !Ref WSO2PublicSubnet1 160 | WSO2EIP: 161 | Type: 'AWS::EC2::EIP' 162 | Properties: 163 | Domain: vpc 164 | # database configurations 165 | WSO2DBInstanceSecurityGroup: 166 | Type: 'AWS::EC2::SecurityGroup' 167 | Properties: 168 | VpcId: !Ref WSO2VPC 169 | GroupDescription: DB Security Group 170 | SecurityGroupIngress: 171 | - IpProtocol: tcp 172 | FromPort: '3306' 173 | ToPort: '3306' 174 | CidrIp: 0.0.0.0/0 175 | WSO2DBInstance: 176 | Type: 'AWS::RDS::DBInstance' 177 | DeletionPolicy: Delete 178 | Properties: 179 | VPCSecurityGroups: 180 | - !Ref WSO2DBInstanceSecurityGroup 181 | DBInstanceClass: db.t2.medium 182 | AllocatedStorage: 5 183 | BackupRetentionPeriod: '0' 184 | DBInstanceIdentifier: !Join 185 | - '' 186 | - - 'WSO2DB' 187 | - !Ref Environment 188 | - 'Instance' 189 | DBName: WSO2_DB 190 | Engine: !Ref DBType 191 | MasterUsername: !Ref DBUsername 192 | MasterUserPassword: !Ref DBPassword 193 | MultiAZ: 'false' 194 | StorageType: gp2 195 | DBSubnetGroupName: !Ref WSO2DBSubnetGroup 196 | WSO2DBSubnetGroup: 197 | Type: 'AWS::RDS::DBSubnetGroup' 198 | Properties: 199 | DBSubnetGroupDescription: DB Subnet Group 200 | SubnetIds: 201 | - !Ref WSO2PrivateSubnet1 202 | - !Ref WSO2PrivateSubnet2 203 | # Product configurations 204 | BastionSecurityGroup: 205 | Type: 'AWS::EC2::SecurityGroup' 206 | Properties: 207 | VpcId: !Ref WSO2VPC 208 | GroupDescription: WSO2 Bastion node Security Group 209 | SecurityGroupIngress: 210 | - IpProtocol: tcp 211 | FromPort: 22 212 | ToPort: 22 213 | CidrIp: 0.0.0.0/0 214 | WSO2LoggingSecurityGroup: 215 | Type: 'AWS::EC2::SecurityGroup' 216 | Properties: 217 | VpcId: !Ref WSO2VPC 218 | GroupDescription: WSO2 Logging Security Group 219 | GroupName: WSO2LoggingSecurityGroup 220 | SecurityGroupIngress: 221 | - IpProtocol: tcp 222 | FromPort: 5601 223 | ToPort: 5601 224 | CidrIp: 0.0.0.0/0 225 | - IpProtocol: tcp 226 | FromPort: 22 227 | ToPort: 22 228 | SourceSecurityGroupId: !Ref BastionSecurityGroup 229 | - IpProtocol: tcp 230 | FromPort: 5044 231 | ToPort: 5044 232 | CidrIp: 0.0.0.0/0 233 | WSO2SecurityGroup: 234 | Type: 'AWS::EC2::SecurityGroup' 235 | Properties: 236 | VpcId: !Ref WSO2VPC 237 | GroupDescription: WSO2 Enterprise Integrator Security Group 238 | GroupName: WSO2SecurityGroup 239 | SecurityGroupIngress: 240 | - IpProtocol: tcp 241 | FromPort: 22 242 | ToPort: 22 243 | CidrIp: 0.0.0.0/0 244 | - IpProtocol: tcp 245 | FromPort: 443 246 | ToPort: 443 247 | CidrIp: 0.0.0.0/0 248 | - IpProtocol: tcp 249 | FromPort: 9200 250 | ToPort: 9200 251 | CidrIp: 0.0.0.0/0 252 | - IpProtocol: tcp 253 | FromPort: '8280' 254 | ToPort: '8280' 255 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 256 | - IpProtocol: tcp 257 | FromPort: '9763' 258 | ToPort: '9763' 259 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 260 | - IpProtocol: tcp 261 | FromPort: '9443' 262 | ToPort: '9443' 263 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 264 | - IpProtocol: tcp 265 | FromPort: '8243' 266 | ToPort: '8243' 267 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 268 | - IpProtocol: tcp 269 | FromPort: '5672' 270 | ToPort: '5672' 271 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 272 | - IpProtocol: tcp 273 | FromPort: '5701' 274 | ToPort: '5701' 275 | CidrIp: 0.0.0.0/0 276 | - IpProtocol: tcp 277 | FromPort: '4100' 278 | ToPort: '4100' 279 | CidrIp: 0.0.0.0/0 280 | - IpProtocol: tcp 281 | FromPort: '8080' 282 | ToPort: '8080' 283 | CidrIp: 0.0.0.0/0 284 | - IpProtocol: tcp 285 | FromPort: '8140' 286 | ToPort: '8140' 287 | SourceSecurityGroupId: !Ref WSO2LoadBalancerSecurityGroup 288 | WSO2BastionInstance: 289 | Type: 'AWS::EC2::Instance' 290 | CreationPolicy: 291 | ResourceSignal: 292 | Count: 1 293 | Timeout: PT10M 294 | Properties: 295 | DisableApiTermination: 'false' 296 | InstanceInitiatedShutdownBehavior: stop 297 | ImageId: !Ref AMIid 298 | InstanceType: t2.micro 299 | KeyName: !Ref KeyPairName 300 | Monitoring: 'false' 301 | Tags: 302 | - Key: Name 303 | Value: !Join 304 | - '' 305 | - - 'WSO2Bastion' 306 | - !Ref Environment 307 | - 'Instance' 308 | NetworkInterfaces: 309 | - DeleteOnTermination: 'true' 310 | AssociatePublicIpAddress : 'true' 311 | Description: Primary network interface 312 | DeviceIndex: 0 313 | SubnetId: !Ref WSO2PublicSubnet1 314 | GroupSet: 315 | - !Ref BastionSecurityGroup 316 | UserData: !Base64 317 | 'Fn::Sub': | 318 | Content-Type: multipart/mixed; boundary="//" 319 | MIME-Version: 1.0 320 | 321 | --// 322 | Content-Type: text/cloud-config; charset="us-ascii" 323 | MIME-Version: 1.0 324 | Content-Transfer-Encoding: 7bit 325 | Content-Disposition: attachment; filename="cloud-config.txt" 326 | 327 | #cloud-config 328 | cloud_final_modules: 329 | - [scripts-user, always] 330 | 331 | --// 332 | Content-Type: text/x-shellscript; charset="us-ascii" 333 | MIME-Version: 1.0 334 | Content-Transfer-Encoding: 7bit 335 | Content-Disposition: attachment; filename="userdata.txt" 336 | 337 | #!/bin/bash 338 | export PATH=~/.local/bin:$PATH 339 | apt-get update 340 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 341 | export DB_HOSTNAME=${WSO2DBInstance.Endpoint.Address} 342 | export DB_PORT=${WSO2DBInstance.Endpoint.Port} 343 | export DB_USERNAME=${DBUsername} 344 | export DB_PASSWORD=${DBPassword} 345 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 346 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 347 | sed -i "s/CF_DB_HOST/${WSO2DBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 348 | sed -i "s/CF_DB_PORT/${WSO2DBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 349 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 350 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 351 | cat /dev/null > ~/.bash_history && history -c 352 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2BastionInstance --region ${AWS::Region} 353 | WSO2Node1LaunchConfiguration: 354 | Type: 'AWS::AutoScaling::LaunchConfiguration' 355 | Properties: 356 | ImageId: !Ref AMIid 357 | InstanceType: !Ref WSO2InstanceType 358 | InstanceMonitoring: 'false' 359 | BlockDeviceMappings: 360 | - DeviceName: /dev/sda1 361 | Ebs: 362 | VolumeSize: '20' 363 | VolumeType: gp2 364 | DeleteOnTermination: 'true' 365 | KeyName: !Ref KeyPairName 366 | SecurityGroups: 367 | - !Ref WSO2SecurityGroup 368 | UserData: !Base64 369 | 'Fn::Sub': | 370 | Content-Type: multipart/mixed; boundary="//" 371 | MIME-Version: 1.0 372 | 373 | --// 374 | Content-Type: text/cloud-config; charset="us-ascii" 375 | MIME-Version: 1.0 376 | Content-Transfer-Encoding: 7bit 377 | Content-Disposition: attachment; filename="cloud-config.txt" 378 | 379 | #cloud-config 380 | cloud_final_modules: 381 | - [scripts-user, always] 382 | 383 | --// 384 | Content-Type: text/x-shellscript; charset="us-ascii" 385 | MIME-Version: 1.0 386 | Content-Transfer-Encoding: 7bit 387 | Content-Disposition: attachment; filename="userdata.txt" 388 | 389 | #!/bin/bash 390 | export PATH=~/.local/bin:$PATH 391 | apt-get update 392 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 393 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 394 | sed -i "s/ACCESS_KEY/${AWSAccessKeyId}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 395 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 396 | sed -i "s/ALB_DNS_NAME/${WSO2LoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 397 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 398 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 399 | sed -i "s/RDS_DNS_NAME/${WSO2DBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 400 | sed -i "s^SECRET_KEY^${AWSAccessKeySecret}^g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 401 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 402 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 403 | export SECURITYGROUP=$(ec2metadata | grep -m 1 'security-groups:' | awk '{print $2}') 404 | export LogserverIP=${WSO2LoggingInstance.PrivateIp} 405 | echo "$LogserverIP logserver" >> /etc/hosts 406 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 407 | sed -i "s/WSO2SecurityGroup/$SECURITYGROUP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 408 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 409 | sleep 30 410 | end=$((SECONDS+1200)) 411 | while [ $SECONDS -lt $end ] ; do 412 | sleep 10 413 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 414 | if [ $? -eq "0" ] ; then 415 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2Node1AutoScalingGroup --region ${AWS::Region} 416 | break 417 | fi 418 | done 419 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 420 | cat /dev/null > ~/.bash_history && history -c 421 | DependsOn: 422 | - WSO2SecurityGroup 423 | - WSO2LoadBalancer 424 | - WSO2VPCInternetGatewayAttachment 425 | - WSO2DBInstance 426 | - WSO2BastionInstance 427 | - WSO2LoggingInstance 428 | WSO2Node1AutoScalingGroup: 429 | Type: 'AWS::AutoScaling::AutoScalingGroup' 430 | Properties: 431 | LaunchConfigurationName: !Ref WSO2Node1LaunchConfiguration 432 | DesiredCapacity: 1 433 | MinSize: 1 434 | MaxSize: 2 435 | TargetGroupARNs: 436 | - !Ref WSO2ALBTargetGroup 437 | - !Ref WSO28243ALBTargetGroup 438 | - !Ref WSO2ServicesALBTargetGroup 439 | VPCZoneIdentifier: 440 | - !Ref WSO2PrivateSubnet1 441 | Tags: 442 | - Key: Name 443 | Value: !Join 444 | - '' 445 | - - 'WSO2' 446 | - !Ref Environment 447 | - 'Instance01' 448 | PropagateAtLaunch: 'true' 449 | - Key: cluster 450 | Value: !Join 451 | - '' 452 | - - !Ref Product 453 | PropagateAtLaunch: 'true' 454 | CreationPolicy: 455 | ResourceSignal: 456 | Count: 1 457 | Timeout: PT30M 458 | UpdatePolicy: 459 | AutoScalingRollingUpdate: 460 | MaxBatchSize: '2' 461 | MinInstancesInService: '1' 462 | PauseTime: PT10M 463 | SuspendProcesses: 464 | - AlarmNotification 465 | WaitOnResourceSignals: true 466 | DependsOn: 467 | - WSO2LoadBalancer 468 | WSO2Node2LaunchConfiguration: 469 | Type: 'AWS::AutoScaling::LaunchConfiguration' 470 | Properties: 471 | ImageId: !Ref AMIid 472 | InstanceType: !Ref WSO2InstanceType 473 | InstanceMonitoring: 'false' 474 | BlockDeviceMappings: 475 | - DeviceName: /dev/sda1 476 | Ebs: 477 | VolumeSize: '20' 478 | VolumeType: gp2 479 | DeleteOnTermination: 'true' 480 | KeyName: !Ref KeyPairName 481 | SecurityGroups: 482 | - !Ref WSO2SecurityGroup 483 | UserData: !Base64 484 | 'Fn::Sub': | 485 | Content-Type: multipart/mixed; boundary="//" 486 | MIME-Version: 1.0 487 | 488 | --// 489 | Content-Type: text/cloud-config; charset="us-ascii" 490 | MIME-Version: 1.0 491 | Content-Transfer-Encoding: 7bit 492 | Content-Disposition: attachment; filename="cloud-config.txt" 493 | 494 | #cloud-config 495 | cloud_final_modules: 496 | - [scripts-user, always] 497 | 498 | --// 499 | Content-Type: text/x-shellscript; charset="us-ascii" 500 | MIME-Version: 1.0 501 | Content-Transfer-Encoding: 7bit 502 | Content-Disposition: attachment; filename="userdata.txt" 503 | 504 | #!/bin/bash 505 | export PATH=~/.local/bin:$PATH 506 | apt-get update 507 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 508 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 509 | sed -i "s/ACCESS_KEY/${AWSAccessKeyId}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 510 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 511 | sed -i "s/ALB_DNS_NAME/${WSO2LoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 512 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 513 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 514 | sed -i "s/RDS_DNS_NAME/${WSO2DBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 515 | sed -i "s^SECRET_KEY^${AWSAccessKeySecret}^g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 516 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 517 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 518 | export SECURITYGROUP=$(ec2metadata | grep -m 1 'security-groups:' | awk '{print $2}') 519 | export LogserverIP=${WSO2LoggingInstance.PrivateIp} 520 | echo "$LogserverIP logserver" >> /etc/hosts 521 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 522 | sed -i "s/WSO2SecurityGroup/$SECURITYGROUP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 523 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 524 | sleep 30 525 | end=$((SECONDS+1200)) 526 | while [ $SECONDS -lt $end ] ; do 527 | sleep 10 528 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 529 | if [ $? -eq "0" ] ; then 530 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2Node2AutoScalingGroup --region ${AWS::Region} 531 | break 532 | fi 533 | done 534 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 535 | cat /dev/null > ~/.bash_history && history -c 536 | DependsOn: 537 | - WSO2SecurityGroup 538 | - WSO2LoadBalancer 539 | - WSO2VPCInternetGatewayAttachment 540 | - WSO2DBInstance 541 | - WSO2BastionInstance 542 | - WSO2LoggingInstance 543 | WSO2Node2AutoScalingGroup: 544 | Type: 'AWS::AutoScaling::AutoScalingGroup' 545 | Properties: 546 | LaunchConfigurationName: !Ref WSO2Node2LaunchConfiguration 547 | DesiredCapacity: 1 548 | MinSize: 1 549 | MaxSize: 2 550 | TargetGroupARNs: 551 | - !Ref WSO2ALBTargetGroup 552 | - !Ref WSO28243ALBTargetGroup 553 | - !Ref WSO2ServicesALBTargetGroup 554 | VPCZoneIdentifier: 555 | - !Ref WSO2PrivateSubnet2 556 | Tags: 557 | - Key: Name 558 | Value: !Join 559 | - '' 560 | - - 'WSO2' 561 | - !Ref Environment 562 | - 'Instance2' 563 | PropagateAtLaunch: 'true' 564 | - Key: cluster 565 | Value: !Join 566 | - '' 567 | - - !Ref Product 568 | PropagateAtLaunch: 'true' 569 | CreationPolicy: 570 | ResourceSignal: 571 | Count: 1 572 | Timeout: PT30M 573 | UpdatePolicy: 574 | AutoScalingRollingUpdate: 575 | MaxBatchSize: '2' 576 | MinInstancesInService: '1' 577 | PauseTime: PT20M 578 | SuspendProcesses: 579 | - AlarmNotification 580 | WaitOnResourceSignals: true 581 | DependsOn: 582 | - WSO2LoadBalancer 583 | WSO2LoadBalancerSecurityGroup: 584 | Type: 'AWS::EC2::SecurityGroup' 585 | Properties: 586 | VpcId: !Ref WSO2VPC 587 | GroupDescription: WSO2 ALB Security Group 588 | SecurityGroupIngress: 589 | - IpProtocol: tcp 590 | FromPort: '9763' 591 | ToPort: '9763' 592 | CidrIp: 0.0.0.0/0 593 | - IpProtocol: tcp 594 | FromPort: '443' 595 | ToPort: '443' 596 | CidrIp: 0.0.0.0/0 597 | - IpProtocol: tcp 598 | FromPort: '9443' 599 | ToPort: '9443' 600 | CidrIp: 0.0.0.0/0 601 | - IpProtocol: tcp 602 | FromPort: '8243' 603 | ToPort: '8243' 604 | CidrIp: 0.0.0.0/0 605 | - IpProtocol: tcp 606 | FromPort: '8280' 607 | ToPort: '8280' 608 | CidrIp: 0.0.0.0/0 609 | - IpProtocol: tcp 610 | FromPort: '4100' 611 | ToPort: '4100' 612 | CidrIp: 0.0.0.0/0 613 | - IpProtocol: tcp 614 | FromPort: '8080' 615 | ToPort: '8080' 616 | CidrIp: 0.0.0.0/0 617 | - IpProtocol: tcp 618 | FromPort: '5701' 619 | ToPort: '5701' 620 | CidrIp: 0.0.0.0/0 621 | SecurityGroupEgress: 622 | - IpProtocol: tcp 623 | FromPort: '9763' 624 | ToPort: '9763' 625 | CidrIp: 0.0.0.0/0 626 | - IpProtocol: tcp 627 | FromPort: '9443' 628 | ToPort: '9443' 629 | CidrIp: 0.0.0.0/0 630 | - IpProtocol: tcp 631 | FromPort: '443' 632 | ToPort: '443' 633 | CidrIp: 0.0.0.0/0 634 | - IpProtocol: tcp 635 | FromPort: '8243' 636 | ToPort: '8243' 637 | CidrIp: 0.0.0.0/0 638 | - IpProtocol: tcp 639 | FromPort: '8280' 640 | ToPort: '8280' 641 | CidrIp: 0.0.0.0/0 642 | - IpProtocol: tcp 643 | FromPort: '4100' 644 | ToPort: '4100' 645 | CidrIp: 0.0.0.0/0 646 | - IpProtocol: tcp 647 | FromPort: '8080' 648 | ToPort: '8080' 649 | CidrIp: 0.0.0.0/0 650 | - IpProtocol: tcp 651 | FromPort: '5701' 652 | ToPort: '5701' 653 | CidrIp: 0.0.0.0/0 654 | WSO2LoadBalancer: 655 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 656 | Properties: 657 | Name: !Join 658 | - '' 659 | - - 'WSO2LoadBalancer' 660 | - !Ref Environment 661 | Scheme: internet-facing 662 | Subnets: 663 | - !Ref WSO2PublicSubnet1 664 | - !Ref WSO2PublicSubnet2 665 | SecurityGroups: 666 | - !Ref WSO2LoadBalancerSecurityGroup 667 | WSO2ALBTargetGroup: 668 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 669 | Properties: 670 | HealthCheckIntervalSeconds: 10 671 | HealthCheckProtocol: HTTPS 672 | HealthCheckTimeoutSeconds: 5 673 | HealthyThresholdCount: 4 674 | HealthCheckPath: /carbon/admin/login.jsp 675 | HealthCheckPort: 9443 676 | Matcher: 677 | HttpCode: 200 678 | Name: !Join 679 | - '-' 680 | - - 'carbon' 681 | - !Ref Environment 682 | - '9443' 683 | Port: 9443 684 | Protocol: HTTPS 685 | TargetGroupAttributes: 686 | - Key: deregistration_delay.timeout_seconds 687 | Value: '20' 688 | - Key: stickiness.enabled 689 | Value: 'true' 690 | UnhealthyThresholdCount: 3 691 | VpcId: 692 | Ref: WSO2VPC 693 | Tags: 694 | - Key: Name 695 | Value: !Join 696 | - '' 697 | - - !Ref Product 698 | WSO28243ALBTargetGroup: 699 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 700 | Properties: 701 | HealthCheckIntervalSeconds: 10 702 | HealthCheckProtocol: HTTPS 703 | HealthCheckTimeoutSeconds: 5 704 | HealthyThresholdCount: 4 705 | HealthCheckPath: /services/Version 706 | HealthCheckPort: 8243 707 | Matcher: 708 | HttpCode: 200 709 | Name: !Join 710 | - '-' 711 | - - 'carbon' 712 | - !Ref Environment 713 | - '8243' 714 | Port: 8243 715 | Protocol: HTTPS 716 | TargetGroupAttributes: 717 | - Key: deregistration_delay.timeout_seconds 718 | Value: '20' 719 | - Key: stickiness.enabled 720 | Value: 'true' 721 | UnhealthyThresholdCount: 3 722 | VpcId: 723 | Ref: WSO2VPC 724 | Tags: 725 | - Key: Name 726 | Value: !Join 727 | - '' 728 | - - !Ref Product 729 | WSO2ServicesALBTargetGroup: 730 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 731 | Properties: 732 | HealthCheckIntervalSeconds: 10 733 | HealthCheckProtocol: HTTP 734 | HealthCheckTimeoutSeconds: 5 735 | HealthyThresholdCount: 4 736 | HealthCheckPath: / 737 | HealthCheckPort: 8280 738 | Matcher: 739 | HttpCode: 200 740 | Name: !Join 741 | - '-' 742 | - - 'carbon' 743 | - !Ref Environment 744 | - '8280' 745 | Port: 8280 746 | Protocol: HTTP 747 | TargetGroupAttributes: 748 | - Key: deregistration_delay.timeout_seconds 749 | Value: '20' 750 | - Key: stickiness.enabled 751 | Value: 'true' 752 | UnhealthyThresholdCount: 3 753 | VpcId: 754 | Ref: WSO2VPC 755 | Tags: 756 | - Key: Name 757 | Value: !Join 758 | - '' 759 | - - !Ref Product 760 | WSO2ServicesALBListener: 761 | Type: AWS::ElasticLoadBalancingV2::Listener 762 | Properties: 763 | DefaultActions: 764 | - Type: forward 765 | TargetGroupArn: !Ref WSO2ServicesALBTargetGroup 766 | LoadBalancerArn: !Ref WSO2LoadBalancer 767 | Port: 8280 768 | Protocol: HTTP 769 | WSO2ALBListener: 770 | Type: AWS::ElasticLoadBalancingV2::Listener 771 | Properties: 772 | DefaultActions: 773 | - Type: forward 774 | TargetGroupArn: !Ref WSO2ALBTargetGroup 775 | Certificates: 776 | - CertificateArn: !Join 777 | - '' 778 | - - 'arn:aws:iam::' 779 | - !Ref 'AWS::AccountId' 780 | - ':server-certificate' 781 | - / 782 | - !Ref CertificateName 783 | LoadBalancerArn: !Ref WSO2LoadBalancer 784 | Port: 443 785 | Protocol: HTTPS 786 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 787 | DependsOn: 788 | - WSO2LoadBalancerSecurityGroup 789 | WSO28243ALBListener: 790 | Type: AWS::ElasticLoadBalancingV2::Listener 791 | Properties: 792 | DefaultActions: 793 | - Type: forward 794 | TargetGroupArn: !Ref WSO28243ALBTargetGroup 795 | Certificates: 796 | - CertificateArn: !Join 797 | - '' 798 | - - 'arn:aws:iam::' 799 | - !Ref 'AWS::AccountId' 800 | - ':server-certificate' 801 | - / 802 | - !Ref CertificateName 803 | LoadBalancerArn: !Ref WSO2LoadBalancer 804 | Port: 8243 805 | Protocol: HTTPS 806 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 807 | DependsOn: 808 | - WSO2LoadBalancerSecurityGroup 809 | WSO2LoggingInstance: 810 | Type: 'AWS::EC2::Instance' 811 | Properties: 812 | DisableApiTermination: 'false' 813 | InstanceInitiatedShutdownBehavior: stop 814 | ImageId: !FindInMap 815 | - WSO2LoggingMasterAMIRegionMap 816 | - !Ref 'AWS::Region' 817 | - Ubuntu1804 818 | InstanceType: t2.large 819 | BlockDeviceMappings: 820 | - DeviceName: /dev/sda1 821 | Ebs: 822 | VolumeSize: '50' 823 | VolumeType: gp2 824 | DeleteOnTermination: 'true' 825 | KeyName: !Ref KeyPairName 826 | Monitoring: 'false' 827 | Tags: 828 | - Key: Name 829 | Value: !Join 830 | - '' 831 | - - 'WSO2Logging' 832 | - !Ref Environment 833 | - 'Instance' 834 | NetworkInterfaces: 835 | - DeleteOnTermination: 'true' 836 | AssociatePublicIpAddress: 'true' 837 | Description: Primary network interface 838 | DeviceIndex: 0 839 | SubnetId: !Ref WSO2PublicSubnet1 840 | GroupSet: 841 | - !Ref WSO2LoggingSecurityGroup 842 | UserData: !Base64 843 | 'Fn::Sub': | 844 | #cloud-config 845 | #!/bin/bash 846 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 847 | export PATH=~/.local/bin:$PATH 848 | export REGION=${AWS::Region} 849 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 850 | cat /dev/null > ~/.bash_history && history -c 851 | DependsOn: 852 | - WSO2SecurityGroup 853 | - WSO2LoadBalancer 854 | - WSO2VPCInternetGatewayAttachment 855 | - WSO2DBInstance 856 | Outputs: 857 | ConsoleUrl: 858 | Value: !Join 859 | - '' 860 | - - 'https://' 861 | - !GetAtt 862 | - WSO2LoadBalancer 863 | - DNSName 864 | - '/carbon' 865 | Description: Management Console URL 866 | HttpURL: 867 | Value: !Join 868 | - '' 869 | - - 'http://' 870 | - !GetAtt 871 | - WSO2LoadBalancer 872 | - DNSName 873 | - ':8280' 874 | Description: HTTP Gateway endpoint 875 | HttpsURL: 876 | Value: !Join 877 | - '' 878 | - - 'https://' 879 | - !GetAtt 880 | - WSO2LoadBalancer 881 | - DNSName 882 | - ':8243' 883 | Description: HTTPS Gateway endpoint 884 | LogDashboardURL: 885 | Value: !Join 886 | - '' 887 | - - 'http://' 888 | - !GetAtt 889 | - WSO2LoggingInstance 890 | - PublicDnsName 891 | - ':5601' 892 | Description: Log Dashboard URL (Kibana Dashboard) 893 | Parameters: 894 | AWSAccessKeyId: 895 | Type: String 896 | AWSAccessKeySecret: 897 | Type: String 898 | KeyPairName: 899 | Description: The private key used to log in to instances through SSH 900 | Type: 'AWS::EC2::KeyPair::KeyName' 901 | CertificateName: 902 | Description: A valid SSL certificate used for HTTPS 903 | Type: String 904 | MinLength: 1 905 | WSO2InstanceType: 906 | Type: String 907 | Default: t2.medium 908 | AllowedValues: 909 | - t2.medium 910 | - t2.large 911 | - t2.xlarge 912 | - t2.2xlarge 913 | - m3.medium 914 | - m3.large 915 | - m3.xlarge 916 | - m3.2xlarge 917 | - m4.large 918 | - m4.xlarge 919 | ConstraintDescription: Must be a valid EC2 instance type 920 | DBUsername: 921 | Type: String 922 | DBPassword: 923 | Type: String 924 | NoEcho: true 925 | DBType: 926 | Type: String 927 | Default: MySQL 928 | AllowedValues: 929 | - MySQL 930 | - PostgreSQL 931 | - Oracle 932 | - SQL Server 933 | AMIid: 934 | Type: String 935 | Product: 936 | Type: String 937 | Version: 938 | Type: String 939 | Environment: 940 | Type: String 941 | Mappings: 942 | WSO2LoggingMasterAMIRegionMap: 943 | us-east-1: 944 | Ubuntu1804: ami-089c43fe12d048b25 945 | us-east-2: 946 | Ubuntu1804: ami-0b382084a3cc80fb7 947 | us-west-1: 948 | Ubuntu1804: ami-0b6d9c2c447ab4299 949 | us-west-2: 950 | Ubuntu1804: ami-0897dc385cc87c84a 951 | ap-south-1: 952 | Ubuntu1804: ami-092e3cdeac40647ef 953 | ap-northeast-1: 954 | Ubuntu1804: ami-0e188a8f0a17f5359 955 | ap-northeast-2: 956 | Ubuntu1804: ami-017825b1c521d02c5 957 | ap-southeast-1: 958 | Ubuntu1804: ami-0a15b160762a9664b 959 | ap-southeast-2: 960 | Ubuntu1804: ami-0b7e0a634a1356911 961 | ca-central-1: 962 | Ubuntu1804: ami-0ef8ecec9501bf050 963 | eu-central-1: 964 | Ubuntu1804: ami-0521c2773875c9f2e 965 | eu-west-1: 966 | Ubuntu1804: ami-0d63a1ebc624058cd 967 | eu-west-2: 968 | Ubuntu1804: ami-0e8752d4902c13a57 969 | eu-west-3: 970 | Ubuntu1804: ami-0b48a1bd6d96eba46 971 | eu-north-1: 972 | Ubuntu1804: ami-05805bdf26a4afe6c 973 | sa-east-1: 974 | Ubuntu1804: ami-0393cec4dc744d66d 975 | -------------------------------------------------------------------------------- /wso2am/apim/cf-dev.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 API Manager Clustered deployment in Development with High Availability 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - IAMRole 25 | - KeyPairName 26 | - WSO2InstanceType 27 | - Label: 28 | default: Network Configuration 29 | Parameters: 30 | - CertificateName 31 | - NetworkStackName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | IAMRole: 44 | default: AWS IAM Role 45 | CertificateName: 46 | default: SSL Certificate Name 47 | NetworkStackName: 48 | default: Network Stack Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | WSO2APIMDBInstance: 67 | Type: 'AWS::RDS::DBInstance' 68 | DeletionPolicy: Delete 69 | Properties: 70 | VPCSecurityGroups: 71 | - Fn::ImportValue: 72 | !Sub "${NetworkStackName}-WSO2DBSecurityGroup" 73 | DBInstanceClass: db.t2.medium 74 | AllocatedStorage: 5 75 | BackupRetentionPeriod: '0' 76 | DBInstanceIdentifier: !Join 77 | - '' 78 | - - 'WSO2APIMDB' 79 | - !Ref Environment 80 | - 'Instance' 81 | DBName: WSO2_DB 82 | Engine: !Ref DBType 83 | MasterUsername: !Ref DBUsername 84 | MasterUserPassword: !Ref DBPassword 85 | MultiAZ: 'false' 86 | StorageType: gp2 87 | DBSubnetGroupName: !Ref WSO2APIMDBSubnetGroup 88 | WSO2APIMDBSubnetGroup: 89 | Type: 'AWS::RDS::DBSubnetGroup' 90 | Properties: 91 | DBSubnetGroupDescription: DB Subnet Group 92 | SubnetIds: 93 | - Fn::ImportValue: 94 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 95 | - Fn::ImportValue: 96 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 97 | # File system configurations 98 | WSO2APIMEFSFileSystem: 99 | Type: 'AWS::EFS::FileSystem' 100 | Properties: 101 | PerformanceMode: generalPurpose 102 | WSO2APIMPrivateSubnet1EFSMountTarget: 103 | Type: 'AWS::EFS::MountTarget' 104 | Properties: 105 | SubnetId: 106 | Fn::ImportValue: 107 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet1" 108 | FileSystemId: !Ref WSO2APIMEFSFileSystem 109 | SecurityGroups: 110 | - Fn::ImportValue: 111 | !Sub "${NetworkStackName}-WSO2EFSSecurityGroup" 112 | WSO2APIMPrivateSubnet2EFSMountTarget: 113 | Type: 'AWS::EFS::MountTarget' 114 | Properties: 115 | SubnetId: 116 | Fn::ImportValue: 117 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet2" 118 | FileSystemId: !Ref WSO2APIMEFSFileSystem 119 | SecurityGroups: 120 | - Fn::ImportValue: 121 | Fn::Sub: "${NetworkStackName}-WSO2EFSSecurityGroup" 122 | # Product configurations 123 | WSO2APIMBastionInstance: 124 | Type: 'AWS::EC2::Instance' 125 | CreationPolicy: 126 | ResourceSignal: 127 | Count: 1 128 | Timeout: PT10M 129 | Properties: 130 | DisableApiTermination: 'false' 131 | InstanceInitiatedShutdownBehavior: stop 132 | ImageId: !Ref AMIid 133 | InstanceType: t2.micro 134 | KeyName: !Ref KeyPairName 135 | Monitoring: 'false' 136 | Tags: 137 | - Key: Name 138 | Value: !Join 139 | - '' 140 | - - 'WSO2APIMBastion' 141 | - !Ref Environment 142 | - 'Instance' 143 | NetworkInterfaces: 144 | - DeleteOnTermination: 'true' 145 | AssociatePublicIpAddress : 'true' 146 | Description: Primary network interface 147 | DeviceIndex: 0 148 | SubnetId: 149 | Fn::ImportValue: 150 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 151 | GroupSet: 152 | - Fn::ImportValue: 153 | !Sub "${NetworkStackName}-WSO2BastionSecurityGroup" 154 | UserData: !Base64 155 | 'Fn::Sub': | 156 | Content-Type: multipart/mixed; boundary="//" 157 | MIME-Version: 1.0 158 | 159 | --// 160 | Content-Type: text/cloud-config; charset="us-ascii" 161 | MIME-Version: 1.0 162 | Content-Transfer-Encoding: 7bit 163 | Content-Disposition: attachment; filename="cloud-config.txt" 164 | 165 | #cloud-config 166 | cloud_final_modules: 167 | - [scripts-user, always] 168 | 169 | --// 170 | Content-Type: text/x-shellscript; charset="us-ascii" 171 | MIME-Version: 1.0 172 | Content-Transfer-Encoding: 7bit 173 | Content-Disposition: attachment; filename="userdata.txt" 174 | 175 | #!/bin/bash 176 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 177 | export PATH=~/.local/bin:$PATH 178 | apt-get update 179 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 180 | export DB_HOSTNAME=${WSO2APIMDBInstance.Endpoint.Address} 181 | export DB_PORT=${WSO2APIMDBInstance.Endpoint.Port} 182 | export DB_USERNAME=${DBUsername} 183 | export DB_PASSWORD=${DBPassword} 184 | rm -rf /home/wso2user/endpointCars 185 | rm -rf /home/wso2user/${Product}-${Version}.zip 186 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 187 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 188 | sed -i "s/CF_DB_HOST/${WSO2APIMDBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 189 | sed -i "s/CF_DB_PORT/${WSO2APIMDBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 190 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 191 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 192 | cat /dev/null > ~/.bash_history && history -c 193 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2APIMBastionInstance --region ${AWS::Region} 194 | WSO2APIMNode1LaunchConfiguration: 195 | Type: 'AWS::AutoScaling::LaunchConfiguration' 196 | Properties: 197 | ImageId: !Ref AMIid 198 | InstanceType: !Ref WSO2InstanceType 199 | InstanceMonitoring: 'false' 200 | BlockDeviceMappings: 201 | - DeviceName: /dev/sda1 202 | Ebs: 203 | VolumeSize: '20' 204 | VolumeType: gp2 205 | DeleteOnTermination: 'true' 206 | KeyName: !Ref KeyPairName 207 | SecurityGroups: 208 | - Fn::ImportValue: 209 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 210 | UserData: !Base64 211 | 'Fn::Sub': | 212 | Content-Type: multipart/mixed; boundary="//" 213 | MIME-Version: 1.0 214 | 215 | --// 216 | Content-Type: text/cloud-config; charset="us-ascii" 217 | MIME-Version: 1.0 218 | Content-Transfer-Encoding: 7bit 219 | Content-Disposition: attachment; filename="cloud-config.txt" 220 | 221 | #cloud-config 222 | cloud_final_modules: 223 | - [scripts-user, always] 224 | 225 | --// 226 | Content-Type: text/x-shellscript; charset="us-ascii" 227 | MIME-Version: 1.0 228 | Content-Transfer-Encoding: 7bit 229 | Content-Disposition: attachment; filename="userdata.txt" 230 | 231 | #!/bin/bash 232 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 233 | export PATH=~/.local/bin:$PATH 234 | apt-get update >> /home/wso2user/install.log 235 | apt install -y nfs-common >> /home/wso2user/install.log 236 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 237 | wget --no-check-certificate --no-proxy 'http://wso2-cloudformation-templates.s3.amazonaws.com/private_ip_extractor.py' -P /usr/local/bin/ 238 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 239 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 240 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 241 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/deployment/server/jaggeryapps/store/site/conf/site.json 242 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/api-manager.xml 243 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 244 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 245 | sed -i "s/RDS_DNS_NAME/${WSO2APIMDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 246 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 247 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 248 | export LogserverIP=${WSO2APIMLoggingInstance.PrivateIp} 249 | echo "$LogserverIP logserver" >> /etc/hosts 250 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 251 | sed -i "s/WSO2SecurityGroup/$SECURITYGROUP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 252 | mkdir -p /mnt/efs 253 | mount -t nfs4 -o nfsvers=4.1 ${WSO2APIMEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 254 | sleep 100 255 | if [ ! -d "/mnt/efs/server" ]; then 256 | mkdir -p /mnt/efs/server 257 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs 258 | fi 259 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 260 | ln -s /mnt/efs/server /home/wso2user/${Product}-${Version}/repository/deployment/server 261 | if [ ! -d "/mnt/efs/tenants" ]; then 262 | mkdir -p /mnt/efs/tenants 263 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 264 | fi 265 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 266 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 267 | echo "${WSO2APIMEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 268 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 269 | sleep 30 270 | end=$((SECONDS+1200)) 271 | while [ $SECONDS -lt $end ] ; do 272 | sleep 10 273 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 274 | if [ $? -eq "0" ] ; then 275 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2APIMNode1AutoScalingGroup --region ${AWS::Region} 276 | break 277 | fi 278 | done 279 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 280 | cat /dev/null > ~/.bash_history && history -c 281 | DependsOn: 282 | - WSO2APIMLoadBalancer 283 | - WSO2APIMDBInstance 284 | - WSO2APIMBastionInstance 285 | - WSO2APIMLoggingInstance 286 | WSO2APIMNode1AutoScalingGroup: 287 | Type: 'AWS::AutoScaling::AutoScalingGroup' 288 | Properties: 289 | LaunchConfigurationName: !Ref WSO2APIMNode1LaunchConfiguration 290 | DesiredCapacity: 1 291 | MinSize: 1 292 | MaxSize: 2 293 | TargetGroupARNs: 294 | - !Ref WSO2APIMALB9443TargetGroup 295 | - !Ref WSO2APIMALB8243TargetGroup 296 | VPCZoneIdentifier: 297 | - Fn::ImportValue: 298 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 299 | Tags: 300 | - Key: Name 301 | Value: !Join 302 | - '' 303 | - - 'WSO2APIM' 304 | - !Ref Environment 305 | - 'Instance01' 306 | PropagateAtLaunch: 'true' 307 | - Key: cluster 308 | Value: apim 309 | PropagateAtLaunch: 'true' 310 | CreationPolicy: 311 | ResourceSignal: 312 | Count: 1 313 | Timeout: PT30M 314 | UpdatePolicy: 315 | AutoScalingRollingUpdate: 316 | MaxBatchSize: '2' 317 | MinInstancesInService: '1' 318 | PauseTime: PT30M 319 | SuspendProcesses: 320 | - AlarmNotification 321 | WaitOnResourceSignals: true 322 | DependsOn: 323 | - WSO2APIMLoadBalancer 324 | WSO2APIMNode2LaunchConfiguration: 325 | Type: 'AWS::AutoScaling::LaunchConfiguration' 326 | Properties: 327 | ImageId: !Ref AMIid 328 | InstanceType: !Ref WSO2InstanceType 329 | InstanceMonitoring: 'false' 330 | BlockDeviceMappings: 331 | - DeviceName: /dev/sda1 332 | Ebs: 333 | VolumeSize: '20' 334 | VolumeType: gp2 335 | DeleteOnTermination: 'true' 336 | KeyName: !Ref KeyPairName 337 | SecurityGroups: 338 | - Fn::ImportValue: 339 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 340 | UserData: !Base64 341 | 'Fn::Sub': | 342 | Content-Type: multipart/mixed; boundary="//" 343 | MIME-Version: 1.0 344 | 345 | --// 346 | Content-Type: text/cloud-config; charset="us-ascii" 347 | MIME-Version: 1.0 348 | Content-Transfer-Encoding: 7bit 349 | Content-Disposition: attachment; filename="cloud-config.txt" 350 | 351 | #cloud-config 352 | cloud_final_modules: 353 | - [scripts-user, always] 354 | 355 | --// 356 | Content-Type: text/x-shellscript; charset="us-ascii" 357 | MIME-Version: 1.0 358 | Content-Transfer-Encoding: 7bit 359 | Content-Disposition: attachment; filename="userdata.txt" 360 | 361 | #!/bin/bash 362 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 363 | export PATH=~/.local/bin:$PATH 364 | apt-get update >> /home/wso2user/install.log 365 | apt install -y nfs-common >> /home/wso2user/install.log 366 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 367 | wget --no-check-certificate --no-proxy 'http://wso2-cloudformation-templates.s3.amazonaws.com/private_ip_extractor.py' -P /usr/local/bin/ 368 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 369 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 370 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 371 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/deployment/server/jaggeryapps/store/site/conf/site.json 372 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/api-manager.xml 373 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 374 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 375 | sed -i "s/RDS_DNS_NAME/${WSO2APIMDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 376 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 377 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 378 | export LogserverIP=${WSO2APIMLoggingInstance.PrivateIp} 379 | echo "$LogserverIP logserver" >> /etc/hosts 380 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 381 | sed -i "s/WSO2SecurityGroup/$SECURITYGROUP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 382 | mkdir -p /mnt/efs 383 | mount -t nfs4 -o nfsvers=4.1 ${WSO2APIMEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 384 | sleep 450 385 | if [ ! -d "/mnt/efs/server" ]; then 386 | mkdir -p /mnt/efs/server 387 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs 388 | fi 389 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 390 | ln -s /mnt/efs/server /home/wso2user/${Product}-${Version}/repository/deployment/server 391 | if [ ! -d "/mnt/efs/tenants" ]; then 392 | mkdir -p /mnt/efs/tenants 393 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 394 | fi 395 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 396 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 397 | echo "${WSO2APIMEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 398 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 399 | sleep 30 400 | end=$((SECONDS+1200)) 401 | while [ $SECONDS -lt $end ] ; do 402 | sleep 10 403 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 404 | if [ $? -eq "0" ] ; then 405 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2APIMNode2AutoScalingGroup --region ${AWS::Region} 406 | break 407 | fi 408 | done 409 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 410 | cat /dev/null > ~/.bash_history && history -c 411 | DependsOn: 412 | - WSO2APIMLoadBalancer 413 | - WSO2APIMDBInstance 414 | - WSO2APIMBastionInstance 415 | - WSO2APIMLoggingInstance 416 | WSO2APIMNode2AutoScalingGroup: 417 | Type: 'AWS::AutoScaling::AutoScalingGroup' 418 | Properties: 419 | LaunchConfigurationName: !Ref WSO2APIMNode2LaunchConfiguration 420 | DesiredCapacity: 1 421 | MinSize: 1 422 | MaxSize: 2 423 | TargetGroupARNs: 424 | - !Ref WSO2APIMALB9443TargetGroup 425 | - !Ref WSO2APIMALB8243TargetGroup 426 | VPCZoneIdentifier: 427 | - Fn::ImportValue: 428 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 429 | Tags: 430 | - Key: Name 431 | Value: !Join 432 | - '' 433 | - - 'WSO2APIM' 434 | - !Ref Environment 435 | - 'Instance02' 436 | PropagateAtLaunch: 'true' 437 | - Key: cluster 438 | Value: apim 439 | PropagateAtLaunch: 'true' 440 | CreationPolicy: 441 | ResourceSignal: 442 | Count: 1 443 | Timeout: PT30M 444 | UpdatePolicy: 445 | AutoScalingRollingUpdate: 446 | MaxBatchSize: '2' 447 | MinInstancesInService: '1' 448 | PauseTime: PT30M 449 | SuspendProcesses: 450 | - AlarmNotification 451 | WaitOnResourceSignals: true 452 | DependsOn: 453 | - WSO2APIMLoadBalancer 454 | WSO2APIMLoadBalancer: 455 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 456 | Properties: 457 | Name: !Join 458 | - '' 459 | - - 'WSO2APIMLoadBalancer' 460 | - !Ref Environment 461 | Scheme: internet-facing 462 | Subnets: 463 | - Fn::ImportValue: 464 | !Sub "${NetworkStackName}-WSO2PublicSubnet1" 465 | - Fn::ImportValue: 466 | !Sub "${NetworkStackName}-WSO2PublicSubnet2" 467 | SecurityGroups: 468 | - Fn::ImportValue: 469 | !Sub "${NetworkStackName}-WSO2LoadBalancerSecurityGroup" 470 | WSO2APIMALB9443TargetGroup: 471 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 472 | Properties: 473 | HealthCheckIntervalSeconds: 10 474 | HealthCheckProtocol: HTTPS 475 | HealthCheckTimeoutSeconds: 5 476 | HealthyThresholdCount: 4 477 | HealthCheckPath: /carbon/admin/login.jsp 478 | HealthCheckPort: 9443 479 | Matcher: 480 | HttpCode: 200 481 | Name: !Join 482 | - '-' 483 | - - 'apim' 484 | - 'carbon' 485 | - !Ref Environment 486 | - '9443' 487 | Port: 9443 488 | Protocol: HTTPS 489 | TargetGroupAttributes: 490 | - Key: deregistration_delay.timeout_seconds 491 | Value: '20' 492 | - Key: stickiness.enabled 493 | Value: 'true' 494 | UnhealthyThresholdCount: 3 495 | VpcId: 496 | Fn::ImportValue: 497 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 498 | Tags: 499 | - Key: Name 500 | Value: !Join 501 | - '' 502 | - - !Ref Product 503 | WSO2APIMALB8243TargetGroup: 504 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 505 | Properties: 506 | HealthCheckIntervalSeconds: 10 507 | HealthCheckProtocol: HTTPS 508 | HealthCheckTimeoutSeconds: 5 509 | HealthyThresholdCount: 4 510 | HealthCheckPath: /services/Version 511 | HealthCheckPort: 8243 512 | Matcher: 513 | HttpCode: 200 514 | Name: !Join 515 | - '-' 516 | - - 'apim' 517 | - 'carbon' 518 | - !Ref Environment 519 | - '8243' 520 | Port: 8243 521 | Protocol: HTTPS 522 | TargetGroupAttributes: 523 | - Key: deregistration_delay.timeout_seconds 524 | Value: '20' 525 | - Key: stickiness.enabled 526 | Value: 'true' 527 | UnhealthyThresholdCount: 3 528 | VpcId: 529 | Fn::ImportValue: 530 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 531 | Tags: 532 | - Key: Name 533 | Value: !Join 534 | - '' 535 | - - !Ref Product 536 | WSO2APIMALB443Listener: 537 | Type: AWS::ElasticLoadBalancingV2::Listener 538 | Properties: 539 | DefaultActions: 540 | - Type: forward 541 | TargetGroupArn: !Ref WSO2APIMALB9443TargetGroup 542 | Certificates: 543 | - CertificateArn: !Join 544 | - '' 545 | - - 'arn:aws:iam::' 546 | - !Ref 'AWS::AccountId' 547 | - ':server-certificate' 548 | - / 549 | - !Ref CertificateName 550 | LoadBalancerArn: !Ref WSO2APIMLoadBalancer 551 | Port: 443 552 | Protocol: HTTPS 553 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 554 | WSO2APIMALB8243Listener: 555 | Type: AWS::ElasticLoadBalancingV2::Listener 556 | Properties: 557 | DefaultActions: 558 | - Type: forward 559 | TargetGroupArn: !Ref WSO2APIMALB8243TargetGroup 560 | Certificates: 561 | - CertificateArn: !Join 562 | - '' 563 | - - 'arn:aws:iam::' 564 | - !Ref 'AWS::AccountId' 565 | - ':server-certificate' 566 | - / 567 | - !Ref CertificateName 568 | LoadBalancerArn: !Ref WSO2APIMLoadBalancer 569 | Port: 8243 570 | Protocol: HTTPS 571 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 572 | WSO2APIMALB9443Listener: 573 | Type: AWS::ElasticLoadBalancingV2::Listener 574 | Properties: 575 | DefaultActions: 576 | - Type: forward 577 | TargetGroupArn: !Ref WSO2APIMALB9443TargetGroup 578 | Certificates: 579 | - CertificateArn: !Join 580 | - '' 581 | - - 'arn:aws:iam::' 582 | - !Ref 'AWS::AccountId' 583 | - ':server-certificate' 584 | - / 585 | - !Ref CertificateName 586 | LoadBalancerArn: !Ref WSO2APIMLoadBalancer 587 | Port: 9443 588 | Protocol: HTTPS 589 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 590 | WSO2APIMLoggingInstance: 591 | Type: 'AWS::EC2::Instance' 592 | Properties: 593 | DisableApiTermination: 'false' 594 | InstanceInitiatedShutdownBehavior: stop 595 | ImageId: !FindInMap 596 | - WSO2LoggingMasterAMIRegionMap 597 | - !Ref 'AWS::Region' 598 | - Ubuntu1804 599 | InstanceType: t2.large 600 | BlockDeviceMappings: 601 | - DeviceName: /dev/sda1 602 | Ebs: 603 | VolumeSize: '50' 604 | VolumeType: gp2 605 | DeleteOnTermination: 'true' 606 | KeyName: !Ref KeyPairName 607 | Monitoring: 'false' 608 | Tags: 609 | - Key: Name 610 | Value: !Join 611 | - '' 612 | - - 'WSO2APIMLogging' 613 | - !Ref Environment 614 | - 'Instance' 615 | NetworkInterfaces: 616 | - DeleteOnTermination: 'true' 617 | AssociatePublicIpAddress: 'true' 618 | Description: Primary network interface 619 | DeviceIndex: 0 620 | SubnetId: 621 | Fn::ImportValue: 622 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 623 | GroupSet: 624 | - Fn::ImportValue: 625 | !Sub "${NetworkStackName}-WSO2LoggingSecurityGroup" 626 | UserData: !Base64 627 | 'Fn::Sub': | 628 | #cloud-config 629 | #!/bin/bash 630 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 631 | export PATH=~/.local/bin:$PATH 632 | export REGION=${AWS::Region} 633 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 634 | cat /dev/null > ~/.bash_history && history -c 635 | DependsOn: 636 | - WSO2APIMLoadBalancer 637 | - WSO2APIMDBInstance 638 | Outputs: 639 | ConsoleURL: 640 | Value: !Join 641 | - '' 642 | - - 'https://' 643 | - !GetAtt 644 | - WSO2APIMLoadBalancer 645 | - DNSName 646 | - '/carbon' 647 | Description: WSO2 API Manager Management Console URL 648 | PublisherURL: 649 | Value: !Join 650 | - '' 651 | - - 'https://' 652 | - !GetAtt 653 | - WSO2APIMLoadBalancer 654 | - DNSName 655 | - '/publisher' 656 | Description: WSO2 APIM Publisher URL for API development and management 657 | StoreURL: 658 | Value: !Join 659 | - '' 660 | - - 'https://' 661 | - !GetAtt 662 | - WSO2APIMLoadBalancer 663 | - DNSName 664 | - '/store' 665 | Description: WS02 APIM Store Web application URL (Developer Store) 666 | AdminURL: 667 | Value: !Join 668 | - '' 669 | - - 'https://' 670 | - !GetAtt 671 | - WSO2APIMLoadBalancer 672 | - DNSName 673 | - '/admin' 674 | Description: WSO2 APIM Admin service URL 675 | HttpsURL: 676 | Value: !Join 677 | - '' 678 | - - 'https://' 679 | - !GetAtt 680 | - WSO2APIMLoadBalancer 681 | - DNSName 682 | - ':8243' 683 | Description: WSO2 APIM HTTPS Gateway endpoint 684 | HttpURL: 685 | Value: !Join 686 | - '' 687 | - - 'http://' 688 | - !GetAtt 689 | - WSO2APIMLoadBalancer 690 | - DNSName 691 | - ':8280' 692 | Description: APIM HTTP Gateway endpoint 693 | LogDashboardURL: 694 | Value: !Join 695 | - '' 696 | - - 'http://' 697 | - !GetAtt 698 | - WSO2APIMLoggingInstance 699 | - PublicDnsName 700 | - ':5601' 701 | Description: Log Dashboard URL (Kibana Dashboard) 702 | MountTargetIP: 703 | Value: !GetAtt WSO2APIMPrivateSubnet1EFSMountTarget.IpAddress 704 | Parameters: 705 | IAMRole: 706 | Type: String 707 | KeyPairName: 708 | Description: The private key used to log in to instances through SSH 709 | Type: 'AWS::EC2::KeyPair::KeyName' 710 | CertificateName: 711 | Description: A valid SSL certificate used for HTTPS 712 | Type: String 713 | MinLength: 1 714 | NetworkStackName: 715 | Description: Name of the stack with network resources exported 716 | Type: String 717 | WSO2InstanceType: 718 | Type: String 719 | Default: t2.medium 720 | AllowedValues: 721 | - t2.medium 722 | - t2.large 723 | - t2.xlarge 724 | - t2.2xlarge 725 | - m3.medium 726 | - m3.large 727 | - m3.xlarge 728 | - m3.2xlarge 729 | - m4.large 730 | - m4.xlarge 731 | ConstraintDescription: Must be a valid EC2 instance type 732 | DBUsername: 733 | Type: String 734 | DBPassword: 735 | Type: String 736 | NoEcho: true 737 | DBType: 738 | Type: String 739 | Default: MySQL 740 | AllowedValues: 741 | - MySQL 742 | - PostgreSQL 743 | - Oracle 744 | - SQL Server 745 | AMIid: 746 | Type: String 747 | Product: 748 | Type: String 749 | Version: 750 | Type: String 751 | Environment: 752 | Type: String 753 | Mappings: 754 | WSO2LoggingMasterAMIRegionMap: 755 | us-east-1: 756 | Ubuntu1804: ami-089c43fe12d048b25 757 | us-east-2: 758 | Ubuntu1804: ami-0b382084a3cc80fb7 759 | us-west-1: 760 | Ubuntu1804: ami-0b6d9c2c447ab4299 761 | us-west-2: 762 | Ubuntu1804: ami-0897dc385cc87c84a 763 | ap-south-1: 764 | Ubuntu1804: ami-092e3cdeac40647ef 765 | ap-northeast-1: 766 | Ubuntu1804: ami-0e188a8f0a17f5359 767 | ap-northeast-2: 768 | Ubuntu1804: ami-017825b1c521d02c5 769 | ap-southeast-1: 770 | Ubuntu1804: ami-0a15b160762a9664b 771 | ap-southeast-2: 772 | Ubuntu1804: ami-0b7e0a634a1356911 773 | ca-central-1: 774 | Ubuntu1804: ami-0ef8ecec9501bf050 775 | eu-central-1: 776 | Ubuntu1804: ami-0521c2773875c9f2e 777 | eu-west-1: 778 | Ubuntu1804: ami-0d63a1ebc624058cd 779 | eu-west-2: 780 | Ubuntu1804: ami-0e8752d4902c13a57 781 | eu-west-3: 782 | Ubuntu1804: ami-0b48a1bd6d96eba46 783 | eu-north-1: 784 | Ubuntu1804: ami-05805bdf26a4afe6c 785 | sa-east-1: 786 | Ubuntu1804: ami-0393cec4dc744d66d 787 | -------------------------------------------------------------------------------- /wso2am/apim/cf-staging.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 API Manager Clustered deployment in Staging with High Availability 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - IAMRole 25 | - KeyPairName 26 | - WSO2InstanceType 27 | - Label: 28 | default: Network Configuration 29 | Parameters: 30 | - CertificateName 31 | - NetworkStackName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | IAMRole: 44 | default: AWS IAM Role 45 | CertificateName: 46 | default: SSL Certificate Name 47 | NetworkStackName: 48 | default: Network Stack Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | WSO2APIMDBInstance: 67 | Type: 'AWS::RDS::DBInstance' 68 | DeletionPolicy: Delete 69 | Properties: 70 | VPCSecurityGroups: 71 | - Fn::ImportValue: 72 | !Sub "${NetworkStackName}-WSO2DBSecurityGroup" 73 | DBInstanceClass: db.t2.medium 74 | AllocatedStorage: 5 75 | BackupRetentionPeriod: '0' 76 | DBInstanceIdentifier: !Join 77 | - '' 78 | - - 'WSO2APIMDB' 79 | - !Ref Environment 80 | - 'Instance' 81 | DBName: WSO2_DB 82 | Engine: !Ref DBType 83 | MasterUsername: !Ref DBUsername 84 | MasterUserPassword: !Ref DBPassword 85 | MultiAZ: 'false' 86 | StorageType: gp2 87 | DBSubnetGroupName: !Ref WSO2APIMDBSubnetGroup 88 | WSO2APIMDBSubnetGroup: 89 | Type: 'AWS::RDS::DBSubnetGroup' 90 | Properties: 91 | DBSubnetGroupDescription: DB Subnet Group 92 | SubnetIds: 93 | - Fn::ImportValue: 94 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 95 | - Fn::ImportValue: 96 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 97 | # File system configurations 98 | WSO2APIMEFSFileSystem: 99 | Type: 'AWS::EFS::FileSystem' 100 | Properties: 101 | PerformanceMode: generalPurpose 102 | WSO2APIMPrivateSubnet1EFSMountTarget: 103 | Type: 'AWS::EFS::MountTarget' 104 | Properties: 105 | SubnetId: 106 | Fn::ImportValue: 107 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet1" 108 | FileSystemId: !Ref WSO2APIMEFSFileSystem 109 | SecurityGroups: 110 | - Fn::ImportValue: 111 | !Sub "${NetworkStackName}-WSO2EFSSecurityGroup" 112 | WSO2APIMPrivateSubnet2EFSMountTarget: 113 | Type: 'AWS::EFS::MountTarget' 114 | Properties: 115 | SubnetId: 116 | Fn::ImportValue: 117 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet2" 118 | FileSystemId: !Ref WSO2APIMEFSFileSystem 119 | SecurityGroups: 120 | - Fn::ImportValue: 121 | Fn::Sub: "${NetworkStackName}-WSO2EFSSecurityGroup" 122 | # Product configurations 123 | WSO2APIMBastionInstance: 124 | Type: 'AWS::EC2::Instance' 125 | CreationPolicy: 126 | ResourceSignal: 127 | Count: 1 128 | Timeout: PT10M 129 | Properties: 130 | DisableApiTermination: 'false' 131 | InstanceInitiatedShutdownBehavior: stop 132 | ImageId: !Ref AMIid 133 | InstanceType: t2.micro 134 | KeyName: !Ref KeyPairName 135 | Monitoring: 'false' 136 | Tags: 137 | - Key: Name 138 | Value: !Join 139 | - '' 140 | - - 'WSO2APIMBastion' 141 | - !Ref Environment 142 | - 'Instance' 143 | NetworkInterfaces: 144 | - DeleteOnTermination: 'true' 145 | AssociatePublicIpAddress : 'true' 146 | Description: Primary network interface 147 | DeviceIndex: 0 148 | SubnetId: 149 | Fn::ImportValue: 150 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 151 | GroupSet: 152 | - Fn::ImportValue: 153 | !Sub "${NetworkStackName}-WSO2BastionSecurityGroup" 154 | UserData: !Base64 155 | 'Fn::Sub': | 156 | Content-Type: multipart/mixed; boundary="//" 157 | MIME-Version: 1.0 158 | 159 | --// 160 | Content-Type: text/cloud-config; charset="us-ascii" 161 | MIME-Version: 1.0 162 | Content-Transfer-Encoding: 7bit 163 | Content-Disposition: attachment; filename="cloud-config.txt" 164 | 165 | #cloud-config 166 | cloud_final_modules: 167 | - [scripts-user, always] 168 | 169 | --// 170 | Content-Type: text/x-shellscript; charset="us-ascii" 171 | MIME-Version: 1.0 172 | Content-Transfer-Encoding: 7bit 173 | Content-Disposition: attachment; filename="userdata.txt" 174 | 175 | #!/bin/bash 176 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 177 | export PATH=~/.local/bin:$PATH 178 | apt-get update 179 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 180 | export DB_HOSTNAME=${WSO2APIMDBInstance.Endpoint.Address} 181 | export DB_PORT=${WSO2APIMDBInstance.Endpoint.Port} 182 | export DB_USERNAME=${DBUsername} 183 | export DB_PASSWORD=${DBPassword} 184 | rm -rf /home/wso2user/endpointCars 185 | rm -rf /home/wso2user/${Product}-${Version}.zip 186 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 187 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 188 | sed -i "s/CF_DB_HOST/${WSO2APIMDBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 189 | sed -i "s/CF_DB_PORT/${WSO2APIMDBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 190 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 191 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 192 | cat /dev/null > ~/.bash_history && history -c 193 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2APIMBastionInstance --region ${AWS::Region} 194 | WSO2APIMNode1LaunchConfiguration: 195 | Type: 'AWS::AutoScaling::LaunchConfiguration' 196 | Properties: 197 | ImageId: !Ref AMIid 198 | InstanceType: !Ref WSO2InstanceType 199 | InstanceMonitoring: 'false' 200 | BlockDeviceMappings: 201 | - DeviceName: /dev/sda1 202 | Ebs: 203 | VolumeSize: '20' 204 | VolumeType: gp2 205 | DeleteOnTermination: 'true' 206 | KeyName: !Ref KeyPairName 207 | SecurityGroups: 208 | - Fn::ImportValue: 209 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 210 | UserData: !Base64 211 | 'Fn::Sub': | 212 | Content-Type: multipart/mixed; boundary="//" 213 | MIME-Version: 1.0 214 | 215 | --// 216 | Content-Type: text/cloud-config; charset="us-ascii" 217 | MIME-Version: 1.0 218 | Content-Transfer-Encoding: 7bit 219 | Content-Disposition: attachment; filename="cloud-config.txt" 220 | 221 | #cloud-config 222 | cloud_final_modules: 223 | - [scripts-user, always] 224 | 225 | --// 226 | Content-Type: text/x-shellscript; charset="us-ascii" 227 | MIME-Version: 1.0 228 | Content-Transfer-Encoding: 7bit 229 | Content-Disposition: attachment; filename="userdata.txt" 230 | 231 | #!/bin/bash 232 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 233 | export PATH=~/.local/bin:$PATH 234 | apt-get update >> /home/wso2user/install.log 235 | apt install -y nfs-common >> /home/wso2user/install.log 236 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 237 | wget --no-check-certificate --no-proxy 'http://wso2-cloudformation-templates.s3.amazonaws.com/private_ip_extractor.py' -P /usr/local/bin/ 238 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 239 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 240 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 241 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/deployment/server/jaggeryapps/store/site/conf/site.json 242 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/api-manager.xml 243 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 244 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 245 | sed -i "s/RDS_DNS_NAME/${WSO2APIMDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 246 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 247 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 248 | export LogserverIP=${WSO2APIMLoggingInstance.PrivateIp} 249 | echo "$LogserverIP logserver" >> /etc/hosts 250 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 251 | sed -i "s/WSO2SecurityGroup/$SECURITYGROUP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 252 | mkdir -p /mnt/efs 253 | mount -t nfs4 -o nfsvers=4.1 ${WSO2APIMEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 254 | sleep 100 255 | if [ ! -d "/mnt/efs/server" ]; then 256 | mkdir -p /mnt/efs/server 257 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs 258 | fi 259 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 260 | ln -s /mnt/efs/server /home/wso2user/${Product}-${Version}/repository/deployment/server 261 | if [ ! -d "/mnt/efs/tenants" ]; then 262 | mkdir -p /mnt/efs/tenants 263 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 264 | fi 265 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 266 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 267 | echo "${WSO2APIMEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 268 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 269 | sleep 30 270 | end=$((SECONDS+1200)) 271 | while [ $SECONDS -lt $end ] ; do 272 | sleep 10 273 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 274 | if [ $? -eq "0" ] ; then 275 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2APIMNode1AutoScalingGroup --region ${AWS::Region} 276 | break 277 | fi 278 | done 279 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 280 | cat /dev/null > ~/.bash_history && history -c 281 | DependsOn: 282 | - WSO2APIMLoadBalancer 283 | - WSO2APIMDBInstance 284 | - WSO2APIMBastionInstance 285 | - WSO2APIMLoggingInstance 286 | WSO2APIMNode1AutoScalingGroup: 287 | Type: 'AWS::AutoScaling::AutoScalingGroup' 288 | Properties: 289 | LaunchConfigurationName: !Ref WSO2APIMNode1LaunchConfiguration 290 | DesiredCapacity: 1 291 | MinSize: 1 292 | MaxSize: 2 293 | TargetGroupARNs: 294 | - !Ref WSO2APIMALB9443TargetGroup 295 | - !Ref WSO2APIMALB8243TargetGroup 296 | VPCZoneIdentifier: 297 | - Fn::ImportValue: 298 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 299 | Tags: 300 | - Key: Name 301 | Value: !Join 302 | - '' 303 | - - 'WSO2APIM' 304 | - !Ref Environment 305 | - 'Instance01' 306 | PropagateAtLaunch: 'true' 307 | - Key: cluster 308 | Value: apim 309 | PropagateAtLaunch: 'true' 310 | CreationPolicy: 311 | ResourceSignal: 312 | Count: 1 313 | Timeout: PT30M 314 | UpdatePolicy: 315 | AutoScalingRollingUpdate: 316 | MaxBatchSize: '2' 317 | MinInstancesInService: '1' 318 | PauseTime: PT30M 319 | SuspendProcesses: 320 | - AlarmNotification 321 | WaitOnResourceSignals: true 322 | DependsOn: 323 | - WSO2APIMLoadBalancer 324 | WSO2APIMNode2LaunchConfiguration: 325 | Type: 'AWS::AutoScaling::LaunchConfiguration' 326 | Properties: 327 | ImageId: !Ref AMIid 328 | InstanceType: !Ref WSO2InstanceType 329 | InstanceMonitoring: 'false' 330 | BlockDeviceMappings: 331 | - DeviceName: /dev/sda1 332 | Ebs: 333 | VolumeSize: '20' 334 | VolumeType: gp2 335 | DeleteOnTermination: 'true' 336 | KeyName: !Ref KeyPairName 337 | SecurityGroups: 338 | - Fn::ImportValue: 339 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 340 | UserData: !Base64 341 | 'Fn::Sub': | 342 | Content-Type: multipart/mixed; boundary="//" 343 | MIME-Version: 1.0 344 | 345 | --// 346 | Content-Type: text/cloud-config; charset="us-ascii" 347 | MIME-Version: 1.0 348 | Content-Transfer-Encoding: 7bit 349 | Content-Disposition: attachment; filename="cloud-config.txt" 350 | 351 | #cloud-config 352 | cloud_final_modules: 353 | - [scripts-user, always] 354 | 355 | --// 356 | Content-Type: text/x-shellscript; charset="us-ascii" 357 | MIME-Version: 1.0 358 | Content-Transfer-Encoding: 7bit 359 | Content-Disposition: attachment; filename="userdata.txt" 360 | 361 | #!/bin/bash 362 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 363 | export PATH=~/.local/bin:$PATH 364 | apt-get update >> /home/wso2user/install.log 365 | apt install -y nfs-common >> /home/wso2user/install.log 366 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 367 | wget --no-check-certificate --no-proxy 'http://wso2-cloudformation-templates.s3.amazonaws.com/private_ip_extractor.py' -P /usr/local/bin/ 368 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 369 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 370 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 371 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/deployment/server/jaggeryapps/store/site/conf/site.json 372 | sed -i "s/ALB_DNS_NAME/${WSO2APIMLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/api-manager.xml 373 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 374 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 375 | sed -i "s/RDS_DNS_NAME/${WSO2APIMDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 376 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 377 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 378 | export LogserverIP=${WSO2APIMLoggingInstance.PrivateIp} 379 | echo "$LogserverIP logserver" >> /etc/hosts 380 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 381 | sed -i "s/WSO2SecurityGroup/$SECURITYGROUP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 382 | mkdir -p /mnt/efs 383 | mount -t nfs4 -o nfsvers=4.1 ${WSO2APIMEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 384 | sleep 450 385 | if [ ! -d "/mnt/efs/server" ]; then 386 | mkdir -p /mnt/efs/server 387 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs 388 | fi 389 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 390 | ln -s /mnt/efs/server /home/wso2user/${Product}-${Version}/repository/deployment/server 391 | if [ ! -d "/mnt/efs/tenants" ]; then 392 | mkdir -p /mnt/efs/tenants 393 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 394 | fi 395 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 396 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 397 | echo "${WSO2APIMEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 398 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 399 | sleep 30 400 | end=$((SECONDS+1200)) 401 | while [ $SECONDS -lt $end ] ; do 402 | sleep 10 403 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 404 | if [ $? -eq "0" ] ; then 405 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2APIMNode2AutoScalingGroup --region ${AWS::Region} 406 | break 407 | fi 408 | done 409 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 410 | cat /dev/null > ~/.bash_history && history -c 411 | DependsOn: 412 | - WSO2APIMLoadBalancer 413 | - WSO2APIMDBInstance 414 | - WSO2APIMBastionInstance 415 | - WSO2APIMLoggingInstance 416 | WSO2APIMNode2AutoScalingGroup: 417 | Type: 'AWS::AutoScaling::AutoScalingGroup' 418 | Properties: 419 | LaunchConfigurationName: !Ref WSO2APIMNode2LaunchConfiguration 420 | DesiredCapacity: 1 421 | MinSize: 1 422 | MaxSize: 2 423 | TargetGroupARNs: 424 | - !Ref WSO2APIMALB9443TargetGroup 425 | - !Ref WSO2APIMALB8243TargetGroup 426 | VPCZoneIdentifier: 427 | - Fn::ImportValue: 428 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 429 | Tags: 430 | - Key: Name 431 | Value: !Join 432 | - '' 433 | - - 'WSO2APIM' 434 | - !Ref Environment 435 | - 'Instance02' 436 | PropagateAtLaunch: 'true' 437 | - Key: cluster 438 | Value: apim 439 | PropagateAtLaunch: 'true' 440 | CreationPolicy: 441 | ResourceSignal: 442 | Count: 1 443 | Timeout: PT30M 444 | UpdatePolicy: 445 | AutoScalingRollingUpdate: 446 | MaxBatchSize: '2' 447 | MinInstancesInService: '1' 448 | PauseTime: PT30M 449 | SuspendProcesses: 450 | - AlarmNotification 451 | WaitOnResourceSignals: true 452 | DependsOn: 453 | - WSO2APIMLoadBalancer 454 | WSO2APIMLoadBalancer: 455 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 456 | Properties: 457 | Name: !Join 458 | - '' 459 | - - 'WSO2APIMLoadBalancer' 460 | - !Ref Environment 461 | Scheme: internet-facing 462 | Subnets: 463 | - Fn::ImportValue: 464 | !Sub "${NetworkStackName}-WSO2PublicSubnet1" 465 | - Fn::ImportValue: 466 | !Sub "${NetworkStackName}-WSO2PublicSubnet2" 467 | SecurityGroups: 468 | - Fn::ImportValue: 469 | !Sub "${NetworkStackName}-WSO2LoadBalancerSecurityGroup" 470 | WSO2APIMALB9443TargetGroup: 471 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 472 | Properties: 473 | HealthCheckIntervalSeconds: 10 474 | HealthCheckProtocol: HTTPS 475 | HealthCheckTimeoutSeconds: 5 476 | HealthyThresholdCount: 4 477 | HealthCheckPath: /carbon/admin/login.jsp 478 | HealthCheckPort: 9443 479 | Matcher: 480 | HttpCode: 200 481 | Name: !Join 482 | - '-' 483 | - - 'apim' 484 | - 'carbon' 485 | - !Ref Environment 486 | - '9443' 487 | Port: 9443 488 | Protocol: HTTPS 489 | TargetGroupAttributes: 490 | - Key: deregistration_delay.timeout_seconds 491 | Value: '20' 492 | - Key: stickiness.enabled 493 | Value: 'true' 494 | UnhealthyThresholdCount: 3 495 | VpcId: 496 | Fn::ImportValue: 497 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 498 | Tags: 499 | - Key: Name 500 | Value: !Join 501 | - '' 502 | - - !Ref Product 503 | WSO2APIMALB8243TargetGroup: 504 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 505 | Properties: 506 | HealthCheckIntervalSeconds: 10 507 | HealthCheckProtocol: HTTPS 508 | HealthCheckTimeoutSeconds: 5 509 | HealthyThresholdCount: 4 510 | HealthCheckPath: /services/Version 511 | HealthCheckPort: 8243 512 | Matcher: 513 | HttpCode: 200 514 | Name: !Join 515 | - '-' 516 | - - 'apim' 517 | - 'carbon' 518 | - !Ref Environment 519 | - '8243' 520 | Port: 8243 521 | Protocol: HTTPS 522 | TargetGroupAttributes: 523 | - Key: deregistration_delay.timeout_seconds 524 | Value: '20' 525 | - Key: stickiness.enabled 526 | Value: 'true' 527 | UnhealthyThresholdCount: 3 528 | VpcId: 529 | Fn::ImportValue: 530 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 531 | Tags: 532 | - Key: Name 533 | Value: !Join 534 | - '' 535 | - - !Ref Product 536 | WSO2APIMALB443Listener: 537 | Type: AWS::ElasticLoadBalancingV2::Listener 538 | Properties: 539 | DefaultActions: 540 | - Type: forward 541 | TargetGroupArn: !Ref WSO2APIMALB9443TargetGroup 542 | Certificates: 543 | - CertificateArn: !Join 544 | - '' 545 | - - 'arn:aws:iam::' 546 | - !Ref 'AWS::AccountId' 547 | - ':server-certificate' 548 | - / 549 | - !Ref CertificateName 550 | LoadBalancerArn: !Ref WSO2APIMLoadBalancer 551 | Port: 443 552 | Protocol: HTTPS 553 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 554 | WSO2APIMALB8243Listener: 555 | Type: AWS::ElasticLoadBalancingV2::Listener 556 | Properties: 557 | DefaultActions: 558 | - Type: forward 559 | TargetGroupArn: !Ref WSO2APIMALB8243TargetGroup 560 | Certificates: 561 | - CertificateArn: !Join 562 | - '' 563 | - - 'arn:aws:iam::' 564 | - !Ref 'AWS::AccountId' 565 | - ':server-certificate' 566 | - / 567 | - !Ref CertificateName 568 | LoadBalancerArn: !Ref WSO2APIMLoadBalancer 569 | Port: 8243 570 | Protocol: HTTPS 571 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 572 | WSO2APIMALB9443Listener: 573 | Type: AWS::ElasticLoadBalancingV2::Listener 574 | Properties: 575 | DefaultActions: 576 | - Type: forward 577 | TargetGroupArn: !Ref WSO2APIMALB9443TargetGroup 578 | Certificates: 579 | - CertificateArn: !Join 580 | - '' 581 | - - 'arn:aws:iam::' 582 | - !Ref 'AWS::AccountId' 583 | - ':server-certificate' 584 | - / 585 | - !Ref CertificateName 586 | LoadBalancerArn: !Ref WSO2APIMLoadBalancer 587 | Port: 9443 588 | Protocol: HTTPS 589 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 590 | WSO2APIMLoggingInstance: 591 | Type: 'AWS::EC2::Instance' 592 | Properties: 593 | DisableApiTermination: 'false' 594 | InstanceInitiatedShutdownBehavior: stop 595 | ImageId: !FindInMap 596 | - WSO2LoggingMasterAMIRegionMap 597 | - !Ref 'AWS::Region' 598 | - Ubuntu1804 599 | InstanceType: t2.large 600 | BlockDeviceMappings: 601 | - DeviceName: /dev/sda1 602 | Ebs: 603 | VolumeSize: '50' 604 | VolumeType: gp2 605 | DeleteOnTermination: 'true' 606 | KeyName: !Ref KeyPairName 607 | Monitoring: 'false' 608 | Tags: 609 | - Key: Name 610 | Value: !Join 611 | - '' 612 | - - 'WSO2APIMLogging' 613 | - !Ref Environment 614 | - 'Instance' 615 | NetworkInterfaces: 616 | - DeleteOnTermination: 'true' 617 | AssociatePublicIpAddress: 'true' 618 | Description: Primary network interface 619 | DeviceIndex: 0 620 | SubnetId: 621 | Fn::ImportValue: 622 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 623 | GroupSet: 624 | - Fn::ImportValue: 625 | !Sub "${NetworkStackName}-WSO2LoggingSecurityGroup" 626 | UserData: !Base64 627 | 'Fn::Sub': | 628 | #cloud-config 629 | #!/bin/bash 630 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 631 | export PATH=~/.local/bin:$PATH 632 | export REGION=${AWS::Region} 633 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 634 | cat /dev/null > ~/.bash_history && history -c 635 | DependsOn: 636 | - WSO2APIMLoadBalancer 637 | - WSO2APIMDBInstance 638 | Outputs: 639 | ConsoleURL: 640 | Value: !Join 641 | - '' 642 | - - 'https://' 643 | - !GetAtt 644 | - WSO2APIMLoadBalancer 645 | - DNSName 646 | - '/carbon' 647 | Description: WSO2 API Manager Management Console URL 648 | PublisherURL: 649 | Value: !Join 650 | - '' 651 | - - 'https://' 652 | - !GetAtt 653 | - WSO2APIMLoadBalancer 654 | - DNSName 655 | - '/publisher' 656 | Description: WSO2 APIM Publisher URL for API development and management 657 | StoreURL: 658 | Value: !Join 659 | - '' 660 | - - 'https://' 661 | - !GetAtt 662 | - WSO2APIMLoadBalancer 663 | - DNSName 664 | - '/store' 665 | Description: WS02 APIM Store Web application URL (Developer Store) 666 | AdminURL: 667 | Value: !Join 668 | - '' 669 | - - 'https://' 670 | - !GetAtt 671 | - WSO2APIMLoadBalancer 672 | - DNSName 673 | - '/admin' 674 | Description: WSO2 APIM Admin service URL 675 | HttpsURL: 676 | Value: !Join 677 | - '' 678 | - - 'https://' 679 | - !GetAtt 680 | - WSO2APIMLoadBalancer 681 | - DNSName 682 | - ':8243' 683 | Description: WSO2 APIM HTTPS Gateway endpoint 684 | HttpURL: 685 | Value: !Join 686 | - '' 687 | - - 'http://' 688 | - !GetAtt 689 | - WSO2APIMLoadBalancer 690 | - DNSName 691 | - ':8280' 692 | Description: APIM HTTP Gateway endpoint 693 | LogDashboardURL: 694 | Value: !Join 695 | - '' 696 | - - 'http://' 697 | - !GetAtt 698 | - WSO2APIMLoggingInstance 699 | - PublicDnsName 700 | - ':5601' 701 | Description: Log Dashboard URL (Kibana Dashboard) 702 | MountTargetIP: 703 | Value: !GetAtt WSO2APIMPrivateSubnet1EFSMountTarget.IpAddress 704 | Parameters: 705 | IAMRole: 706 | Type: String 707 | KeyPairName: 708 | Description: The private key used to log in to instances through SSH 709 | Type: 'AWS::EC2::KeyPair::KeyName' 710 | CertificateName: 711 | Description: A valid SSL certificate used for HTTPS 712 | Type: String 713 | MinLength: 1 714 | NetworkStackName: 715 | Description: Name of the stack with network resources exported 716 | Type: String 717 | WSO2InstanceType: 718 | Type: String 719 | Default: t2.medium 720 | AllowedValues: 721 | - t2.medium 722 | - t2.large 723 | - t2.xlarge 724 | - t2.2xlarge 725 | - m3.medium 726 | - m3.large 727 | - m3.xlarge 728 | - m3.2xlarge 729 | - m4.large 730 | - m4.xlarge 731 | ConstraintDescription: Must be a valid EC2 instance type 732 | DBUsername: 733 | Type: String 734 | DBPassword: 735 | Type: String 736 | NoEcho: true 737 | DBType: 738 | Type: String 739 | Default: MySQL 740 | AllowedValues: 741 | - MySQL 742 | - PostgreSQL 743 | - Oracle 744 | - SQL Server 745 | AMIid: 746 | Type: String 747 | Product: 748 | Type: String 749 | Version: 750 | Type: String 751 | Environment: 752 | Type: String 753 | Mappings: 754 | WSO2LoggingMasterAMIRegionMap: 755 | us-east-1: 756 | Ubuntu1804: ami-089c43fe12d048b25 757 | us-east-2: 758 | Ubuntu1804: ami-0b382084a3cc80fb7 759 | us-west-1: 760 | Ubuntu1804: ami-0b6d9c2c447ab4299 761 | us-west-2: 762 | Ubuntu1804: ami-0897dc385cc87c84a 763 | ap-south-1: 764 | Ubuntu1804: ami-092e3cdeac40647ef 765 | ap-northeast-1: 766 | Ubuntu1804: ami-0e188a8f0a17f5359 767 | ap-northeast-2: 768 | Ubuntu1804: ami-017825b1c521d02c5 769 | ap-southeast-1: 770 | Ubuntu1804: ami-0a15b160762a9664b 771 | ap-southeast-2: 772 | Ubuntu1804: ami-0b7e0a634a1356911 773 | ca-central-1: 774 | Ubuntu1804: ami-0ef8ecec9501bf050 775 | eu-central-1: 776 | Ubuntu1804: ami-0521c2773875c9f2e 777 | eu-west-1: 778 | Ubuntu1804: ami-0d63a1ebc624058cd 779 | eu-west-2: 780 | Ubuntu1804: ami-0e8752d4902c13a57 781 | eu-west-3: 782 | Ubuntu1804: ami-0b48a1bd6d96eba46 783 | eu-north-1: 784 | Ubuntu1804: ami-05805bdf26a4afe6c 785 | sa-east-1: 786 | Ubuntu1804: ami-0393cec4dc744d66d 787 | -------------------------------------------------------------------------------- /wso2ei/ei_integrator/cf-dev.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 Enterprise Integrator Clustered deployment in Dev with High Availability 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - IAMRole 25 | - KeyPairName 26 | - WSO2InstanceType 27 | - Label: 28 | default: Network Configuration 29 | Parameters: 30 | - CertificateName 31 | - NetworkStackName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | IAMRole: 44 | default: AWS IAM Role 45 | CertificateName: 46 | default: SSL Certificate Name 47 | NetworkStackName: 48 | default: Network Stack Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | WSO2EIEFSFileSystem: 67 | Type: 'AWS::EFS::FileSystem' 68 | Properties: 69 | PerformanceMode: generalPurpose 70 | WSO2EIPrivateSubnet1EFSMountTarget: 71 | Type: 'AWS::EFS::MountTarget' 72 | Properties: 73 | SubnetId: 74 | Fn::ImportValue: 75 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet1" 76 | FileSystemId: !Ref WSO2EIEFSFileSystem 77 | SecurityGroups: 78 | - Fn::ImportValue: 79 | Fn::Sub: "${NetworkStackName}-WSO2EFSSecurityGroup" 80 | WSO2EIPrivateSubnet2EFSMountTarget: 81 | Type: 'AWS::EFS::MountTarget' 82 | Properties: 83 | SubnetId: 84 | Fn::ImportValue: 85 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet2" 86 | FileSystemId: !Ref WSO2EIEFSFileSystem 87 | SecurityGroups: 88 | - Fn::ImportValue: 89 | Fn::Sub: "${NetworkStackName}-WSO2EFSSecurityGroup" 90 | WSO2EIDBInstance: 91 | Type: 'AWS::RDS::DBInstance' 92 | DeletionPolicy: Delete 93 | Properties: 94 | VPCSecurityGroups: 95 | - Fn::ImportValue: 96 | !Sub "${NetworkStackName}-WSO2DBSecurityGroup" 97 | DBInstanceClass: db.t2.medium 98 | AllocatedStorage: 5 99 | BackupRetentionPeriod: '0' 100 | DBInstanceIdentifier: !Join 101 | - '' 102 | - - 'WSO2EIDB' 103 | - !Ref Environment 104 | - 'Instance' 105 | DBName: WSO2_EI_DB 106 | Engine: !Ref DBType 107 | MasterUsername: !Ref DBUsername 108 | MasterUserPassword: !Ref DBPassword 109 | MultiAZ: 'false' 110 | StorageType: gp2 111 | DBSubnetGroupName: !Ref WSO2EIDBSubnetGroup 112 | WSO2EIDBSubnetGroup: 113 | Type: 'AWS::RDS::DBSubnetGroup' 114 | Properties: 115 | DBSubnetGroupDescription: DB Subnet Group 116 | SubnetIds: 117 | - Fn::ImportValue: 118 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 119 | - Fn::ImportValue: 120 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 121 | # Product configurations 122 | WSO2EIBastionInstance: 123 | Type: 'AWS::EC2::Instance' 124 | CreationPolicy: 125 | ResourceSignal: 126 | Count: 1 127 | Timeout: PT10M 128 | Properties: 129 | DisableApiTermination: 'false' 130 | InstanceInitiatedShutdownBehavior: stop 131 | ImageId: !Ref AMIid 132 | InstanceType: t2.micro 133 | KeyName: !Ref KeyPairName 134 | Monitoring: 'false' 135 | Tags: 136 | - Key: Name 137 | Value: !Join 138 | - '' 139 | - - 'WSO2EIBastion' 140 | - !Ref Environment 141 | - 'Instance' 142 | NetworkInterfaces: 143 | - DeleteOnTermination: 'true' 144 | AssociatePublicIpAddress : 'true' 145 | Description: Primary network interface 146 | DeviceIndex: 0 147 | SubnetId: 148 | Fn::ImportValue: 149 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 150 | GroupSet: 151 | - Fn::ImportValue: 152 | !Sub "${NetworkStackName}-WSO2BastionSecurityGroup" 153 | UserData: !Base64 154 | 'Fn::Sub': | 155 | Content-Type: multipart/mixed; boundary="//" 156 | MIME-Version: 1.0 157 | 158 | --// 159 | Content-Type: text/cloud-config; charset="us-ascii" 160 | MIME-Version: 1.0 161 | Content-Transfer-Encoding: 7bit 162 | Content-Disposition: attachment; filename="cloud-config.txt" 163 | 164 | #cloud-config 165 | cloud_final_modules: 166 | - [scripts-user, always] 167 | 168 | --// 169 | Content-Type: text/x-shellscript; charset="us-ascii" 170 | MIME-Version: 1.0 171 | Content-Transfer-Encoding: 7bit 172 | Content-Disposition: attachment; filename="userdata.txt" 173 | 174 | #!/bin/bash 175 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 176 | export PATH=~/.local/bin:$PATH 177 | apt-get update 178 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 179 | export DB_HOSTNAME=${WSO2EIDBInstance.Endpoint.Address} 180 | export DB_PORT=${WSO2EIDBInstance.Endpoint.Port} 181 | export DB_USERNAME=${DBUsername} 182 | export DB_PASSWORD=${DBPassword} 183 | rm -rf /home/wso2user/endpointCars 184 | rm -rf /home/wso2user/${Product}-${Version}.zip 185 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 186 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 187 | sed -i "s/CF_DB_HOST/${WSO2EIDBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 188 | sed -i "s/CF_DB_PORT/${WSO2EIDBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 189 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 190 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 191 | cat /dev/null > ~/.bash_history && history -c 192 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2EIBastionInstance --region ${AWS::Region} 193 | WSO2EINode1LaunchConfiguration: 194 | Type: 'AWS::AutoScaling::LaunchConfiguration' 195 | Properties: 196 | ImageId: !Ref AMIid 197 | InstanceType: !Ref WSO2InstanceType 198 | IamInstanceProfile: !Ref IAMRole 199 | InstanceMonitoring: 'false' 200 | BlockDeviceMappings: 201 | - DeviceName: /dev/sda1 202 | Ebs: 203 | VolumeSize: '20' 204 | VolumeType: gp2 205 | DeleteOnTermination: 'true' 206 | KeyName: !Ref KeyPairName 207 | SecurityGroups: 208 | - Fn::ImportValue: 209 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 210 | UserData: !Base64 211 | 'Fn::Sub': | 212 | Content-Type: multipart/mixed; boundary="//" 213 | MIME-Version: 1.0 214 | 215 | --// 216 | Content-Type: text/cloud-config; charset="us-ascii" 217 | MIME-Version: 1.0 218 | Content-Transfer-Encoding: 7bit 219 | Content-Disposition: attachment; filename="cloud-config.txt" 220 | 221 | #cloud-config 222 | cloud_final_modules: 223 | - [scripts-user, always] 224 | 225 | --// 226 | Content-Type: text/x-shellscript; charset="us-ascii" 227 | MIME-Version: 1.0 228 | Content-Transfer-Encoding: 7bit 229 | Content-Disposition: attachment; filename="userdata.txt" 230 | 231 | #!/bin/bash 232 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 233 | export PATH=~/.local/bin:$PATH 234 | apt-get update >> /home/wso2user/install.log 235 | apt install -y nfs-common >> /home/wso2user/install.log 236 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 237 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 238 | sed -i "s/IAM_ROLE/${IAMRole}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 239 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 240 | sed -i "s/ALB_DNS_NAME/${WSO2EILoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/conf/carbon.xml 241 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 242 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 243 | sed -i "s/RDS_DNS_NAME/${WSO2EIDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 244 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 245 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 246 | export LogserverIP=${WSO2EILoggingInstance.PrivateIp} 247 | echo "$LogserverIP logserver" >> /etc/hosts 248 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 249 | mkdir -p /mnt/efs 250 | mount -t nfs4 -o nfsvers=4.1 ${WSO2EIEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 251 | sleep 180 252 | if [ ! -d "/mnt/efs/deployment/server" ]; then 253 | mkdir -p /mnt/efs/deployment/server 254 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs/deployment 255 | fi 256 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 257 | ln -s /mnt/efs/deployment/server /home/wso2user/${Product}-${Version}/repository/deployment/server 258 | if [ ! -d "/mnt/efs/tenants" ]; then 259 | mkdir -p /mnt/efs/tenants 260 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 261 | fi 262 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 263 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 264 | echo "${WSO2EIEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 265 | /home/wso2user/${Product}-${Version}/bin/integrator.sh start 266 | sleep 30 267 | end=$((SECONDS+1200)) 268 | while [ $SECONDS -lt $end ] ; do 269 | sleep 10 270 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 271 | if [ $? -eq "0" ] ; then 272 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2EINode1AutoScalingGroup --region ${AWS::Region} 273 | break 274 | fi 275 | done 276 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 277 | cat /dev/null > ~/.bash_history && history -c 278 | DependsOn: 279 | - WSO2EILoadBalancer 280 | - WSO2EIDBInstance 281 | - WSO2EIBastionInstance 282 | - WSO2EILoggingInstance 283 | WSO2EINode1AutoScalingGroup: 284 | Type: 'AWS::AutoScaling::AutoScalingGroup' 285 | Properties: 286 | LaunchConfigurationName: !Ref WSO2EINode1LaunchConfiguration 287 | DesiredCapacity: 1 288 | MinSize: 1 289 | MaxSize: 2 290 | TargetGroupARNs: 291 | - !Ref WSO2EIALB9443TargetGroup 292 | - !Ref WSO2EIALB8243TargetGroup 293 | - !Ref WSO2EIALB8280TargetGroup 294 | VPCZoneIdentifier: 295 | - Fn::ImportValue: 296 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 297 | Tags: 298 | - Key: Name 299 | Value: !Join 300 | - '' 301 | - - 'WSO2EI' 302 | - !Ref Environment 303 | - 'Instance01' 304 | PropagateAtLaunch: 'true' 305 | - Key: cluster 306 | Value: ei 307 | PropagateAtLaunch: 'true' 308 | CreationPolicy: 309 | ResourceSignal: 310 | Count: 1 311 | Timeout: PT30M 312 | UpdatePolicy: 313 | AutoScalingRollingUpdate: 314 | MaxBatchSize: '2' 315 | MinInstancesInService: '1' 316 | PauseTime: PT20M 317 | SuspendProcesses: 318 | - AlarmNotification 319 | WaitOnResourceSignals: true 320 | DependsOn: 321 | - WSO2EILoadBalancer 322 | WSO2EINode2LaunchConfiguration: 323 | Type: 'AWS::AutoScaling::LaunchConfiguration' 324 | Properties: 325 | ImageId: !Ref AMIid 326 | InstanceType: !Ref WSO2InstanceType 327 | IamInstanceProfile: !Ref IAMRole 328 | InstanceMonitoring: 'false' 329 | BlockDeviceMappings: 330 | - DeviceName: /dev/sda1 331 | Ebs: 332 | VolumeSize: '20' 333 | VolumeType: gp2 334 | DeleteOnTermination: 'true' 335 | KeyName: !Ref KeyPairName 336 | SecurityGroups: 337 | - Fn::ImportValue: 338 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 339 | UserData: !Base64 340 | 'Fn::Sub': | 341 | Content-Type: multipart/mixed; boundary="//" 342 | MIME-Version: 1.0 343 | 344 | --// 345 | Content-Type: text/cloud-config; charset="us-ascii" 346 | MIME-Version: 1.0 347 | Content-Transfer-Encoding: 7bit 348 | Content-Disposition: attachment; filename="cloud-config.txt" 349 | 350 | #cloud-config 351 | cloud_final_modules: 352 | - [scripts-user, always] 353 | 354 | --// 355 | Content-Type: text/x-shellscript; charset="us-ascii" 356 | MIME-Version: 1.0 357 | Content-Transfer-Encoding: 7bit 358 | Content-Disposition: attachment; filename="userdata.txt" 359 | 360 | #!/bin/bash 361 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 362 | export PATH=~/.local/bin:$PATH 363 | apt-get update >> /home/wso2user/install.log 364 | apt install -y nfs-common >> /home/wso2user/install.log 365 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 366 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 367 | sed -i "s/IAM_ROLE/${IAMRole}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 368 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 369 | sed -i "s/ALB_DNS_NAME/${WSO2EILoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/conf/carbon.xml 370 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 371 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 372 | sed -i "s/RDS_DNS_NAME/${WSO2EIDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 373 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 374 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 375 | export LogserverIP=${WSO2EILoggingInstance.PrivateIp} 376 | echo "$LogserverIP logserver" >> /etc/hosts 377 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 378 | mkdir -p /mnt/efs 379 | mount -t nfs4 -o nfsvers=4.1 ${WSO2EIEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 380 | sleep 300 381 | if [ ! -d "/mnt/efs/deployment/server" ]; then 382 | mkdir -p /mnt/efs/deployment/server 383 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs/deployment 384 | fi 385 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 386 | ln -s /mnt/efs/deployment/server /home/wso2user/${Product}-${Version}/repository/deployment/server 387 | if [ ! -d "/mnt/efs/tenants" ]; then 388 | mkdir -p /mnt/efs/tenants 389 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 390 | fi 391 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 392 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 393 | echo "${WSO2EIEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 394 | /home/wso2user/${Product}-${Version}/bin/integrator.sh start 395 | sleep 30 396 | end=$((SECONDS+1200)) 397 | while [ $SECONDS -lt $end ] ; do 398 | sleep 10 399 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 400 | if [ $? -eq "0" ] ; then 401 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2EINode2AutoScalingGroup --region ${AWS::Region} 402 | break 403 | fi 404 | done 405 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 406 | cat /dev/null > ~/.bash_history && history -c 407 | DependsOn: 408 | - WSO2EILoadBalancer 409 | - WSO2EIDBInstance 410 | - WSO2EIBastionInstance 411 | - WSO2EILoggingInstance 412 | WSO2EINode2AutoScalingGroup: 413 | Type: 'AWS::AutoScaling::AutoScalingGroup' 414 | Properties: 415 | LaunchConfigurationName: !Ref WSO2EINode2LaunchConfiguration 416 | DesiredCapacity: 1 417 | MinSize: 1 418 | MaxSize: 2 419 | TargetGroupARNs: 420 | - !Ref WSO2EIALB9443TargetGroup 421 | - !Ref WSO2EIALB8243TargetGroup 422 | - !Ref WSO2EIALB8280TargetGroup 423 | VPCZoneIdentifier: 424 | - Fn::ImportValue: 425 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 426 | Tags: 427 | - Key: Name 428 | Value: !Join 429 | - '' 430 | - - 'WSO2EI' 431 | - !Ref Environment 432 | - 'Instance02' 433 | PropagateAtLaunch: 'true' 434 | - Key: cluster 435 | Value: ei 436 | PropagateAtLaunch: 'true' 437 | CreationPolicy: 438 | ResourceSignal: 439 | Count: 1 440 | Timeout: PT30M 441 | UpdatePolicy: 442 | AutoScalingRollingUpdate: 443 | MaxBatchSize: '2' 444 | MinInstancesInService: '1' 445 | PauseTime: PT20M 446 | SuspendProcesses: 447 | - AlarmNotification 448 | WaitOnResourceSignals: true 449 | DependsOn: 450 | - WSO2EILoadBalancer 451 | WSO2EILoadBalancer: 452 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 453 | Properties: 454 | Name: !Join 455 | - '' 456 | - - 'WSO2EILoadBalancer' 457 | - !Ref Environment 458 | Scheme: internet-facing 459 | Subnets: 460 | - Fn::ImportValue: 461 | !Sub "${NetworkStackName}-WSO2PublicSubnet1" 462 | - Fn::ImportValue: 463 | !Sub "${NetworkStackName}-WSO2PublicSubnet2" 464 | SecurityGroups: 465 | - Fn::ImportValue: 466 | !Sub "${NetworkStackName}-WSO2LoadBalancerSecurityGroup" 467 | WSO2EIALB9443TargetGroup: 468 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 469 | Properties: 470 | HealthCheckIntervalSeconds: 10 471 | HealthCheckProtocol: HTTPS 472 | HealthCheckTimeoutSeconds: 5 473 | HealthyThresholdCount: 4 474 | HealthCheckPath: /carbon/admin/login.jsp 475 | HealthCheckPort: 9443 476 | Matcher: 477 | HttpCode: 200 478 | Name: !Join 479 | - '-' 480 | - - 'ei' 481 | - 'carbon' 482 | - !Ref Environment 483 | - '9443' 484 | Port: 9443 485 | Protocol: HTTPS 486 | TargetGroupAttributes: 487 | - Key: deregistration_delay.timeout_seconds 488 | Value: '20' 489 | - Key: stickiness.enabled 490 | Value: 'true' 491 | UnhealthyThresholdCount: 3 492 | VpcId: 493 | Fn::ImportValue: 494 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 495 | Tags: 496 | - Key: Name 497 | Value: !Join 498 | - '' 499 | - - !Ref Product 500 | WSO2EIALB8243TargetGroup: 501 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 502 | Properties: 503 | HealthCheckIntervalSeconds: 10 504 | HealthCheckProtocol: HTTPS 505 | HealthCheckTimeoutSeconds: 5 506 | HealthyThresholdCount: 4 507 | HealthCheckPath: /services/Version 508 | HealthCheckPort: 8243 509 | Matcher: 510 | HttpCode: 200 511 | Name: !Join 512 | - '-' 513 | - - 'ei' 514 | - 'carbon' 515 | - !Ref Environment 516 | - '8243' 517 | Port: 8243 518 | Protocol: HTTPS 519 | TargetGroupAttributes: 520 | - Key: deregistration_delay.timeout_seconds 521 | Value: '20' 522 | - Key: stickiness.enabled 523 | Value: 'true' 524 | UnhealthyThresholdCount: 3 525 | VpcId: 526 | Fn::ImportValue: 527 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 528 | Tags: 529 | - Key: Name 530 | Value: !Join 531 | - '' 532 | - - !Ref Product 533 | WSO2EIALB8280TargetGroup: 534 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 535 | Properties: 536 | HealthCheckIntervalSeconds: 10 537 | HealthCheckProtocol: HTTP 538 | HealthCheckTimeoutSeconds: 5 539 | HealthyThresholdCount: 4 540 | HealthCheckPath: / 541 | HealthCheckPort: 8280 542 | Matcher: 543 | HttpCode: 200 544 | Name: !Join 545 | - '-' 546 | - - 'ei' 547 | - 'carbon' 548 | - !Ref Environment 549 | - '8280' 550 | Port: 8280 551 | Protocol: HTTP 552 | TargetGroupAttributes: 553 | - Key: deregistration_delay.timeout_seconds 554 | Value: '20' 555 | - Key: stickiness.enabled 556 | Value: 'true' 557 | UnhealthyThresholdCount: 3 558 | VpcId: 559 | Fn::ImportValue: 560 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 561 | Tags: 562 | - Key: Name 563 | Value: !Join 564 | - '' 565 | - - !Ref Product 566 | WSO2EIALB8280Listener: 567 | Type: AWS::ElasticLoadBalancingV2::Listener 568 | Properties: 569 | DefaultActions: 570 | - Type: forward 571 | TargetGroupArn: !Ref WSO2EIALB8280TargetGroup 572 | LoadBalancerArn: !Ref WSO2EILoadBalancer 573 | Port: 8280 574 | Protocol: HTTP 575 | WSO2EIALB443Listener: 576 | Type: AWS::ElasticLoadBalancingV2::Listener 577 | Properties: 578 | DefaultActions: 579 | - Type: forward 580 | TargetGroupArn: !Ref WSO2EIALB9443TargetGroup 581 | Certificates: 582 | - CertificateArn: !Join 583 | - '' 584 | - - 'arn:aws:iam::' 585 | - !Ref 'AWS::AccountId' 586 | - ':server-certificate' 587 | - / 588 | - !Ref CertificateName 589 | LoadBalancerArn: !Ref WSO2EILoadBalancer 590 | Port: 443 591 | Protocol: HTTPS 592 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 593 | WSO2EIALB8243Listener: 594 | Type: AWS::ElasticLoadBalancingV2::Listener 595 | Properties: 596 | DefaultActions: 597 | - Type: forward 598 | TargetGroupArn: !Ref WSO2EIALB8243TargetGroup 599 | Certificates: 600 | - CertificateArn: !Join 601 | - '' 602 | - - 'arn:aws:iam::' 603 | - !Ref 'AWS::AccountId' 604 | - ':server-certificate' 605 | - / 606 | - !Ref CertificateName 607 | LoadBalancerArn: !Ref WSO2EILoadBalancer 608 | Port: 8243 609 | Protocol: HTTPS 610 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 611 | WSO2EILoggingInstance: 612 | Type: 'AWS::EC2::Instance' 613 | Properties: 614 | DisableApiTermination: 'false' 615 | InstanceInitiatedShutdownBehavior: stop 616 | ImageId: !FindInMap 617 | - WSO2LoggingMasterAMIRegionMap 618 | - !Ref 'AWS::Region' 619 | - Ubuntu1804 620 | InstanceType: t2.large 621 | BlockDeviceMappings: 622 | - DeviceName: /dev/sda1 623 | Ebs: 624 | VolumeSize: '50' 625 | VolumeType: gp2 626 | DeleteOnTermination: 'true' 627 | KeyName: !Ref KeyPairName 628 | Monitoring: 'false' 629 | Tags: 630 | - Key: Name 631 | Value: !Join 632 | - '' 633 | - - 'WSO2EILogging' 634 | - !Ref Environment 635 | - 'Instance' 636 | NetworkInterfaces: 637 | - DeleteOnTermination: 'true' 638 | AssociatePublicIpAddress: 'true' 639 | Description: Primary network interface 640 | DeviceIndex: 0 641 | SubnetId: 642 | Fn::ImportValue: 643 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 644 | GroupSet: 645 | - Fn::ImportValue: 646 | !Sub "${NetworkStackName}-WSO2LoggingSecurityGroup" 647 | UserData: !Base64 648 | 'Fn::Sub': | 649 | #cloud-config 650 | #!/bin/bash 651 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 652 | export PATH=~/.local/bin:$PATH 653 | export REGION=${AWS::Region} 654 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 655 | cat /dev/null > ~/.bash_history && history -c 656 | DependsOn: 657 | - WSO2EILoadBalancer 658 | - WSO2EIDBInstance 659 | Outputs: 660 | ConsoleURL: 661 | Value: !Join 662 | - '' 663 | - - 'https://' 664 | - !GetAtt 665 | - WSO2EILoadBalancer 666 | - DNSName 667 | - '/carbon' 668 | Description: WSO2 Enterprise Integrator Management Console URL 669 | HttpURL: 670 | Value: !Join 671 | - '' 672 | - - 'http://' 673 | - !GetAtt 674 | - WSO2EILoadBalancer 675 | - DNSName 676 | - ':8280' 677 | Description: WSO2 Enterprise Integrator HTTP Gateway endpoint 678 | HttpsURL: 679 | Value: !Join 680 | - '' 681 | - - 'https://' 682 | - !GetAtt 683 | - WSO2EILoadBalancer 684 | - DNSName 685 | - ':8243' 686 | Description: WSO2 Enterprise Integrator HTTPS Gateway endpoint 687 | LogDashboardURL: 688 | Value: !Join 689 | - '' 690 | - - 'http://' 691 | - !GetAtt 692 | - WSO2EILoggingInstance 693 | - PublicDnsName 694 | - ':5601' 695 | Description: Log Dashboard URL (Kibana Dashboard) 696 | MountTargetIP: 697 | Value: !GetAtt WSO2EIPrivateSubnet1EFSMountTarget.IpAddress 698 | Parameters: 699 | IAMRole: 700 | Type: String 701 | KeyPairName: 702 | Description: The private key used to log in to instances through SSH 703 | Type: 'AWS::EC2::KeyPair::KeyName' 704 | CertificateName: 705 | Description: A valid SSL certificate used for HTTPS 706 | Type: String 707 | MinLength: 1 708 | NetworkStackName: 709 | Description: Name of the stack with network resources exported 710 | Type: String 711 | WSO2InstanceType: 712 | Type: String 713 | Default: t2.medium 714 | AllowedValues: 715 | - t2.medium 716 | - t2.large 717 | - t2.xlarge 718 | - t2.2xlarge 719 | - m3.medium 720 | - m3.large 721 | - m3.xlarge 722 | - m3.2xlarge 723 | - m4.large 724 | - m4.xlarge 725 | ConstraintDescription: Must be a valid EC2 instance type 726 | DBUsername: 727 | Type: String 728 | DBPassword: 729 | Type: String 730 | NoEcho: true 731 | DBType: 732 | Type: String 733 | Default: MySQL 734 | AllowedValues: 735 | - MySQL 736 | - PostgreSQL 737 | - Oracle 738 | - SQL Server 739 | AMIid: 740 | Type: String 741 | Product: 742 | Type: String 743 | Version: 744 | Type: String 745 | Environment: 746 | Type: String 747 | Mappings: 748 | WSO2LoggingMasterAMIRegionMap: 749 | us-east-1: 750 | Ubuntu1804: ami-089c43fe12d048b25 751 | us-east-2: 752 | Ubuntu1804: ami-0b382084a3cc80fb7 753 | us-west-1: 754 | Ubuntu1804: ami-0b6d9c2c447ab4299 755 | us-west-2: 756 | Ubuntu1804: ami-0897dc385cc87c84a 757 | ap-south-1: 758 | Ubuntu1804: ami-092e3cdeac40647ef 759 | ap-northeast-1: 760 | Ubuntu1804: ami-0e188a8f0a17f5359 761 | ap-northeast-2: 762 | Ubuntu1804: ami-017825b1c521d02c5 763 | ap-southeast-1: 764 | Ubuntu1804: ami-0a15b160762a9664b 765 | ap-southeast-2: 766 | Ubuntu1804: ami-0b7e0a634a1356911 767 | ca-central-1: 768 | Ubuntu1804: ami-0ef8ecec9501bf050 769 | eu-central-1: 770 | Ubuntu1804: ami-0521c2773875c9f2e 771 | eu-west-1: 772 | Ubuntu1804: ami-0d63a1ebc624058cd 773 | eu-west-2: 774 | Ubuntu1804: ami-0e8752d4902c13a57 775 | eu-west-3: 776 | Ubuntu1804: ami-0b48a1bd6d96eba46 777 | eu-north-1: 778 | Ubuntu1804: ami-05805bdf26a4afe6c 779 | sa-east-1: 780 | Ubuntu1804: ami-0393cec4dc744d66d 781 | -------------------------------------------------------------------------------- /wso2ei/ei_integrator/cf-staging.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 Enterprise Integrator Clustered deployment in Staging with High Availability 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - IAMRole 25 | - KeyPairName 26 | - WSO2InstanceType 27 | - Label: 28 | default: Network Configuration 29 | Parameters: 30 | - CertificateName 31 | - NetworkStackName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | IAMRole: 44 | default: AWS IAM Role 45 | CertificateName: 46 | default: SSL Certificate Name 47 | NetworkStackName: 48 | default: Network Stack Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | WSO2EIEFSFileSystem: 67 | Type: 'AWS::EFS::FileSystem' 68 | Properties: 69 | PerformanceMode: generalPurpose 70 | WSO2EIPrivateSubnet1EFSMountTarget: 71 | Type: 'AWS::EFS::MountTarget' 72 | Properties: 73 | SubnetId: 74 | Fn::ImportValue: 75 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet1" 76 | FileSystemId: !Ref WSO2EIEFSFileSystem 77 | SecurityGroups: 78 | - Fn::ImportValue: 79 | Fn::Sub: "${NetworkStackName}-WSO2EFSSecurityGroup" 80 | WSO2EIPrivateSubnet2EFSMountTarget: 81 | Type: 'AWS::EFS::MountTarget' 82 | Properties: 83 | SubnetId: 84 | Fn::ImportValue: 85 | Fn::Sub: "${NetworkStackName}-WSO2PrivateSubnet2" 86 | FileSystemId: !Ref WSO2EIEFSFileSystem 87 | SecurityGroups: 88 | - Fn::ImportValue: 89 | Fn::Sub: "${NetworkStackName}-WSO2EFSSecurityGroup" 90 | WSO2EIDBInstance: 91 | Type: 'AWS::RDS::DBInstance' 92 | DeletionPolicy: Delete 93 | Properties: 94 | VPCSecurityGroups: 95 | - Fn::ImportValue: 96 | !Sub "${NetworkStackName}-WSO2DBSecurityGroup" 97 | DBInstanceClass: db.t2.medium 98 | AllocatedStorage: 5 99 | BackupRetentionPeriod: '0' 100 | DBInstanceIdentifier: !Join 101 | - '' 102 | - - 'WSO2EIDB' 103 | - !Ref Environment 104 | - 'Instance' 105 | DBName: WSO2_EI_DB 106 | Engine: !Ref DBType 107 | MasterUsername: !Ref DBUsername 108 | MasterUserPassword: !Ref DBPassword 109 | MultiAZ: 'false' 110 | StorageType: gp2 111 | DBSubnetGroupName: !Ref WSO2EIDBSubnetGroup 112 | WSO2EIDBSubnetGroup: 113 | Type: 'AWS::RDS::DBSubnetGroup' 114 | Properties: 115 | DBSubnetGroupDescription: DB Subnet Group 116 | SubnetIds: 117 | - Fn::ImportValue: 118 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 119 | - Fn::ImportValue: 120 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 121 | # Product configurations 122 | WSO2EIBastionInstance: 123 | Type: 'AWS::EC2::Instance' 124 | CreationPolicy: 125 | ResourceSignal: 126 | Count: 1 127 | Timeout: PT10M 128 | Properties: 129 | DisableApiTermination: 'false' 130 | InstanceInitiatedShutdownBehavior: stop 131 | ImageId: !Ref AMIid 132 | InstanceType: t2.micro 133 | KeyName: !Ref KeyPairName 134 | Monitoring: 'false' 135 | Tags: 136 | - Key: Name 137 | Value: !Join 138 | - '' 139 | - - 'WSO2EIBastion' 140 | - !Ref Environment 141 | - 'Instance' 142 | NetworkInterfaces: 143 | - DeleteOnTermination: 'true' 144 | AssociatePublicIpAddress : 'true' 145 | Description: Primary network interface 146 | DeviceIndex: 0 147 | SubnetId: 148 | Fn::ImportValue: 149 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 150 | GroupSet: 151 | - Fn::ImportValue: 152 | !Sub "${NetworkStackName}-WSO2BastionSecurityGroup" 153 | UserData: !Base64 154 | 'Fn::Sub': | 155 | Content-Type: multipart/mixed; boundary="//" 156 | MIME-Version: 1.0 157 | 158 | --// 159 | Content-Type: text/cloud-config; charset="us-ascii" 160 | MIME-Version: 1.0 161 | Content-Transfer-Encoding: 7bit 162 | Content-Disposition: attachment; filename="cloud-config.txt" 163 | 164 | #cloud-config 165 | cloud_final_modules: 166 | - [scripts-user, always] 167 | 168 | --// 169 | Content-Type: text/x-shellscript; charset="us-ascii" 170 | MIME-Version: 1.0 171 | Content-Transfer-Encoding: 7bit 172 | Content-Disposition: attachment; filename="userdata.txt" 173 | 174 | #!/bin/bash 175 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 176 | export PATH=~/.local/bin:$PATH 177 | apt-get update 178 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 179 | export DB_HOSTNAME=${WSO2EIDBInstance.Endpoint.Address} 180 | export DB_PORT=${WSO2EIDBInstance.Endpoint.Port} 181 | export DB_USERNAME=${DBUsername} 182 | export DB_PASSWORD=${DBPassword} 183 | rm -rf /home/wso2user/endpointCars 184 | rm -rf /home/wso2user/${Product}-${Version}.zip 185 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 186 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 187 | sed -i "s/CF_DB_HOST/${WSO2EIDBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 188 | sed -i "s/CF_DB_PORT/${WSO2EIDBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 189 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 190 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 191 | cat /dev/null > ~/.bash_history && history -c 192 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2EIBastionInstance --region ${AWS::Region} 193 | WSO2EINode1LaunchConfiguration: 194 | Type: 'AWS::AutoScaling::LaunchConfiguration' 195 | Properties: 196 | ImageId: !Ref AMIid 197 | InstanceType: !Ref WSO2InstanceType 198 | IamInstanceProfile: !Ref IAMRole 199 | InstanceMonitoring: 'false' 200 | BlockDeviceMappings: 201 | - DeviceName: /dev/sda1 202 | Ebs: 203 | VolumeSize: '20' 204 | VolumeType: gp2 205 | DeleteOnTermination: 'true' 206 | KeyName: !Ref KeyPairName 207 | SecurityGroups: 208 | - Fn::ImportValue: 209 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 210 | UserData: !Base64 211 | 'Fn::Sub': | 212 | Content-Type: multipart/mixed; boundary="//" 213 | MIME-Version: 1.0 214 | 215 | --// 216 | Content-Type: text/cloud-config; charset="us-ascii" 217 | MIME-Version: 1.0 218 | Content-Transfer-Encoding: 7bit 219 | Content-Disposition: attachment; filename="cloud-config.txt" 220 | 221 | #cloud-config 222 | cloud_final_modules: 223 | - [scripts-user, always] 224 | 225 | --// 226 | Content-Type: text/x-shellscript; charset="us-ascii" 227 | MIME-Version: 1.0 228 | Content-Transfer-Encoding: 7bit 229 | Content-Disposition: attachment; filename="userdata.txt" 230 | 231 | #!/bin/bash 232 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 233 | export PATH=~/.local/bin:$PATH 234 | apt-get update >> /home/wso2user/install.log 235 | apt install -y nfs-common >> /home/wso2user/install.log 236 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 237 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 238 | sed -i "s/IAM_ROLE/${IAMRole}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 239 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 240 | sed -i "s/ALB_DNS_NAME/${WSO2EILoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/conf/carbon.xml 241 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 242 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 243 | sed -i "s/RDS_DNS_NAME/${WSO2EIDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 244 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 245 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 246 | export LogserverIP=${WSO2EILoggingInstance.PrivateIp} 247 | echo "$LogserverIP logserver" >> /etc/hosts 248 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 249 | mkdir -p /mnt/efs 250 | mount -t nfs4 -o nfsvers=4.1 ${WSO2EIEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 251 | sleep 180 252 | if [ ! -d "/mnt/efs/deployment/server" ]; then 253 | mkdir -p /mnt/efs/deployment/server 254 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs/deployment 255 | fi 256 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 257 | ln -s /mnt/efs/deployment/server /home/wso2user/${Product}-${Version}/repository/deployment/server 258 | if [ ! -d "/mnt/efs/tenants" ]; then 259 | mkdir -p /mnt/efs/tenants 260 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 261 | fi 262 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 263 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 264 | echo "${WSO2EIEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 265 | /home/wso2user/${Product}-${Version}/bin/integrator.sh start 266 | sleep 30 267 | end=$((SECONDS+1200)) 268 | while [ $SECONDS -lt $end ] ; do 269 | sleep 10 270 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 271 | if [ $? -eq "0" ] ; then 272 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2EINode1AutoScalingGroup --region ${AWS::Region} 273 | break 274 | fi 275 | done 276 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 277 | cat /dev/null > ~/.bash_history && history -c 278 | DependsOn: 279 | - WSO2EILoadBalancer 280 | - WSO2EIDBInstance 281 | - WSO2EIBastionInstance 282 | - WSO2EILoggingInstance 283 | WSO2EINode1AutoScalingGroup: 284 | Type: 'AWS::AutoScaling::AutoScalingGroup' 285 | Properties: 286 | LaunchConfigurationName: !Ref WSO2EINode1LaunchConfiguration 287 | DesiredCapacity: 1 288 | MinSize: 1 289 | MaxSize: 2 290 | TargetGroupARNs: 291 | - !Ref WSO2EIALB9443TargetGroup 292 | - !Ref WSO2EIALB8243TargetGroup 293 | - !Ref WSO2EIALB8280TargetGroup 294 | VPCZoneIdentifier: 295 | - Fn::ImportValue: 296 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 297 | Tags: 298 | - Key: Name 299 | Value: !Join 300 | - '' 301 | - - 'WSO2EI' 302 | - !Ref Environment 303 | - 'Instance01' 304 | PropagateAtLaunch: 'true' 305 | - Key: cluster 306 | Value: ei 307 | PropagateAtLaunch: 'true' 308 | CreationPolicy: 309 | ResourceSignal: 310 | Count: 1 311 | Timeout: PT30M 312 | UpdatePolicy: 313 | AutoScalingRollingUpdate: 314 | MaxBatchSize: '2' 315 | MinInstancesInService: '1' 316 | PauseTime: PT20M 317 | SuspendProcesses: 318 | - AlarmNotification 319 | WaitOnResourceSignals: true 320 | DependsOn: 321 | - WSO2EILoadBalancer 322 | WSO2EINode2LaunchConfiguration: 323 | Type: 'AWS::AutoScaling::LaunchConfiguration' 324 | Properties: 325 | ImageId: !Ref AMIid 326 | InstanceType: !Ref WSO2InstanceType 327 | IamInstanceProfile: !Ref IAMRole 328 | InstanceMonitoring: 'false' 329 | BlockDeviceMappings: 330 | - DeviceName: /dev/sda1 331 | Ebs: 332 | VolumeSize: '20' 333 | VolumeType: gp2 334 | DeleteOnTermination: 'true' 335 | KeyName: !Ref KeyPairName 336 | SecurityGroups: 337 | - Fn::ImportValue: 338 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 339 | UserData: !Base64 340 | 'Fn::Sub': | 341 | Content-Type: multipart/mixed; boundary="//" 342 | MIME-Version: 1.0 343 | 344 | --// 345 | Content-Type: text/cloud-config; charset="us-ascii" 346 | MIME-Version: 1.0 347 | Content-Transfer-Encoding: 7bit 348 | Content-Disposition: attachment; filename="cloud-config.txt" 349 | 350 | #cloud-config 351 | cloud_final_modules: 352 | - [scripts-user, always] 353 | 354 | --// 355 | Content-Type: text/x-shellscript; charset="us-ascii" 356 | MIME-Version: 1.0 357 | Content-Transfer-Encoding: 7bit 358 | Content-Disposition: attachment; filename="userdata.txt" 359 | 360 | #!/bin/bash 361 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 362 | export PATH=~/.local/bin:$PATH 363 | apt-get update >> /home/wso2user/install.log 364 | apt install -y nfs-common >> /home/wso2user/install.log 365 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 366 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 367 | sed -i "s/IAM_ROLE/${IAMRole}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 368 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 369 | sed -i "s/ALB_DNS_NAME/${WSO2EILoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/conf/carbon.xml 370 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 371 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 372 | sed -i "s/RDS_DNS_NAME/${WSO2EIDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/conf/datasources/master-datasources.xml 373 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 374 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 375 | export LogserverIP=${WSO2EILoggingInstance.PrivateIp} 376 | echo "$LogserverIP logserver" >> /etc/hosts 377 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/conf/axis2/axis2.xml 378 | mkdir -p /mnt/efs 379 | mount -t nfs4 -o nfsvers=4.1 ${WSO2EIEFSFileSystem}.efs.${AWS::Region}.amazonaws.com:/ /mnt/efs 380 | sleep 300 381 | if [ ! -d "/mnt/efs/deployment/server" ]; then 382 | mkdir -p /mnt/efs/deployment/server 383 | cp -r /home/wso2user/${Product}-${Version}/repository/deployment/server /mnt/efs/deployment 384 | fi 385 | rm -rf /home/wso2user/${Product}-${Version}/repository/deployment/server 386 | ln -s /mnt/efs/deployment/server /home/wso2user/${Product}-${Version}/repository/deployment/server 387 | if [ ! -d "/mnt/efs/tenants" ]; then 388 | mkdir -p /mnt/efs/tenants 389 | cp -r /home/wso2user/${Product}-${Version}/repository/tenants /mnt/efs 390 | fi 391 | rm -rf /home/wso2user/${Product}-${Version}/repository/tenants 392 | ln -s /mnt/efs/tenants /home/wso2user/${Product}-${Version}/repository/tenants 393 | echo "${WSO2EIEFSFileSystem}:/ /mnt/efs efs defaults,_netdev 0 0" >> /etc/fstab 394 | /home/wso2user/${Product}-${Version}/bin/integrator.sh start 395 | sleep 30 396 | end=$((SECONDS+1200)) 397 | while [ $SECONDS -lt $end ] ; do 398 | sleep 10 399 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 400 | if [ $? -eq "0" ] ; then 401 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2EINode2AutoScalingGroup --region ${AWS::Region} 402 | break 403 | fi 404 | done 405 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 406 | cat /dev/null > ~/.bash_history && history -c 407 | DependsOn: 408 | - WSO2EILoadBalancer 409 | - WSO2EIDBInstance 410 | - WSO2EIBastionInstance 411 | - WSO2EILoggingInstance 412 | WSO2EINode2AutoScalingGroup: 413 | Type: 'AWS::AutoScaling::AutoScalingGroup' 414 | Properties: 415 | LaunchConfigurationName: !Ref WSO2EINode2LaunchConfiguration 416 | DesiredCapacity: 1 417 | MinSize: 1 418 | MaxSize: 2 419 | TargetGroupARNs: 420 | - !Ref WSO2EIALB9443TargetGroup 421 | - !Ref WSO2EIALB8243TargetGroup 422 | - !Ref WSO2EIALB8280TargetGroup 423 | VPCZoneIdentifier: 424 | - Fn::ImportValue: 425 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 426 | Tags: 427 | - Key: Name 428 | Value: !Join 429 | - '' 430 | - - 'WSO2EI' 431 | - !Ref Environment 432 | - 'Instance02' 433 | PropagateAtLaunch: 'true' 434 | - Key: cluster 435 | Value: ei 436 | PropagateAtLaunch: 'true' 437 | CreationPolicy: 438 | ResourceSignal: 439 | Count: 1 440 | Timeout: PT30M 441 | UpdatePolicy: 442 | AutoScalingRollingUpdate: 443 | MaxBatchSize: '2' 444 | MinInstancesInService: '1' 445 | PauseTime: PT20M 446 | SuspendProcesses: 447 | - AlarmNotification 448 | WaitOnResourceSignals: true 449 | DependsOn: 450 | - WSO2EILoadBalancer 451 | WSO2EILoadBalancer: 452 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 453 | Properties: 454 | Name: !Join 455 | - '' 456 | - - 'WSO2EILoadBalancer' 457 | - !Ref Environment 458 | Scheme: internet-facing 459 | Subnets: 460 | - Fn::ImportValue: 461 | !Sub "${NetworkStackName}-WSO2PublicSubnet1" 462 | - Fn::ImportValue: 463 | !Sub "${NetworkStackName}-WSO2PublicSubnet2" 464 | SecurityGroups: 465 | - Fn::ImportValue: 466 | !Sub "${NetworkStackName}-WSO2LoadBalancerSecurityGroup" 467 | WSO2EIALB9443TargetGroup: 468 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 469 | Properties: 470 | HealthCheckIntervalSeconds: 10 471 | HealthCheckProtocol: HTTPS 472 | HealthCheckTimeoutSeconds: 5 473 | HealthyThresholdCount: 4 474 | HealthCheckPath: /carbon/admin/login.jsp 475 | HealthCheckPort: 9443 476 | Matcher: 477 | HttpCode: 200 478 | Name: !Join 479 | - '-' 480 | - - 'ei' 481 | - 'carbon' 482 | - !Ref Environment 483 | - '9443' 484 | Port: 9443 485 | Protocol: HTTPS 486 | TargetGroupAttributes: 487 | - Key: deregistration_delay.timeout_seconds 488 | Value: '20' 489 | - Key: stickiness.enabled 490 | Value: 'true' 491 | UnhealthyThresholdCount: 3 492 | VpcId: 493 | Fn::ImportValue: 494 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 495 | Tags: 496 | - Key: Name 497 | Value: !Join 498 | - '' 499 | - - !Ref Product 500 | WSO2EIALB8243TargetGroup: 501 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 502 | Properties: 503 | HealthCheckIntervalSeconds: 10 504 | HealthCheckProtocol: HTTPS 505 | HealthCheckTimeoutSeconds: 5 506 | HealthyThresholdCount: 4 507 | HealthCheckPath: /services/Version 508 | HealthCheckPort: 8243 509 | Matcher: 510 | HttpCode: 200 511 | Name: !Join 512 | - '-' 513 | - - 'ei' 514 | - 'carbon' 515 | - !Ref Environment 516 | - '8243' 517 | Port: 8243 518 | Protocol: HTTPS 519 | TargetGroupAttributes: 520 | - Key: deregistration_delay.timeout_seconds 521 | Value: '20' 522 | - Key: stickiness.enabled 523 | Value: 'true' 524 | UnhealthyThresholdCount: 3 525 | VpcId: 526 | Fn::ImportValue: 527 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 528 | Tags: 529 | - Key: Name 530 | Value: !Join 531 | - '' 532 | - - !Ref Product 533 | WSO2EIALB8280TargetGroup: 534 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 535 | Properties: 536 | HealthCheckIntervalSeconds: 10 537 | HealthCheckProtocol: HTTP 538 | HealthCheckTimeoutSeconds: 5 539 | HealthyThresholdCount: 4 540 | HealthCheckPath: / 541 | HealthCheckPort: 8280 542 | Matcher: 543 | HttpCode: 200 544 | Name: !Join 545 | - '-' 546 | - - 'ei' 547 | - 'carbon' 548 | - !Ref Environment 549 | - '8280' 550 | Port: 8280 551 | Protocol: HTTP 552 | TargetGroupAttributes: 553 | - Key: deregistration_delay.timeout_seconds 554 | Value: '20' 555 | - Key: stickiness.enabled 556 | Value: 'true' 557 | UnhealthyThresholdCount: 3 558 | VpcId: 559 | Fn::ImportValue: 560 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 561 | Tags: 562 | - Key: Name 563 | Value: !Join 564 | - '' 565 | - - !Ref Product 566 | WSO2EIALB8280Listener: 567 | Type: AWS::ElasticLoadBalancingV2::Listener 568 | Properties: 569 | DefaultActions: 570 | - Type: forward 571 | TargetGroupArn: !Ref WSO2EIALB8280TargetGroup 572 | LoadBalancerArn: !Ref WSO2EILoadBalancer 573 | Port: 8280 574 | Protocol: HTTP 575 | WSO2EIALB443Listener: 576 | Type: AWS::ElasticLoadBalancingV2::Listener 577 | Properties: 578 | DefaultActions: 579 | - Type: forward 580 | TargetGroupArn: !Ref WSO2EIALB9443TargetGroup 581 | Certificates: 582 | - CertificateArn: !Join 583 | - '' 584 | - - 'arn:aws:iam::' 585 | - !Ref 'AWS::AccountId' 586 | - ':server-certificate' 587 | - / 588 | - !Ref CertificateName 589 | LoadBalancerArn: !Ref WSO2EILoadBalancer 590 | Port: 443 591 | Protocol: HTTPS 592 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 593 | WSO2EIALB8243Listener: 594 | Type: AWS::ElasticLoadBalancingV2::Listener 595 | Properties: 596 | DefaultActions: 597 | - Type: forward 598 | TargetGroupArn: !Ref WSO2EIALB8243TargetGroup 599 | Certificates: 600 | - CertificateArn: !Join 601 | - '' 602 | - - 'arn:aws:iam::' 603 | - !Ref 'AWS::AccountId' 604 | - ':server-certificate' 605 | - / 606 | - !Ref CertificateName 607 | LoadBalancerArn: !Ref WSO2EILoadBalancer 608 | Port: 8243 609 | Protocol: HTTPS 610 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 611 | WSO2EILoggingInstance: 612 | Type: 'AWS::EC2::Instance' 613 | Properties: 614 | DisableApiTermination: 'false' 615 | InstanceInitiatedShutdownBehavior: stop 616 | ImageId: !FindInMap 617 | - WSO2LoggingMasterAMIRegionMap 618 | - !Ref 'AWS::Region' 619 | - Ubuntu1804 620 | InstanceType: t2.large 621 | BlockDeviceMappings: 622 | - DeviceName: /dev/sda1 623 | Ebs: 624 | VolumeSize: '50' 625 | VolumeType: gp2 626 | DeleteOnTermination: 'true' 627 | KeyName: !Ref KeyPairName 628 | Monitoring: 'false' 629 | Tags: 630 | - Key: Name 631 | Value: !Join 632 | - '' 633 | - - 'WSO2EILogging' 634 | - !Ref Environment 635 | - 'Instance' 636 | NetworkInterfaces: 637 | - DeleteOnTermination: 'true' 638 | AssociatePublicIpAddress: 'true' 639 | Description: Primary network interface 640 | DeviceIndex: 0 641 | SubnetId: 642 | Fn::ImportValue: 643 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 644 | GroupSet: 645 | - Fn::ImportValue: 646 | !Sub "${NetworkStackName}-WSO2LoggingSecurityGroup" 647 | UserData: !Base64 648 | 'Fn::Sub': | 649 | #cloud-config 650 | #!/bin/bash 651 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 652 | export PATH=~/.local/bin:$PATH 653 | export REGION=${AWS::Region} 654 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 655 | cat /dev/null > ~/.bash_history && history -c 656 | DependsOn: 657 | - WSO2EILoadBalancer 658 | - WSO2EIDBInstance 659 | Outputs: 660 | ConsoleURL: 661 | Value: !Join 662 | - '' 663 | - - 'https://' 664 | - !GetAtt 665 | - WSO2EILoadBalancer 666 | - DNSName 667 | - '/carbon' 668 | Description: WSO2 Enterprise Integrator Management Console URL 669 | HttpURL: 670 | Value: !Join 671 | - '' 672 | - - 'http://' 673 | - !GetAtt 674 | - WSO2EILoadBalancer 675 | - DNSName 676 | - ':8280' 677 | Description: WSO2 Enterprise Integrator HTTP Gateway endpoint 678 | HttpsURL: 679 | Value: !Join 680 | - '' 681 | - - 'https://' 682 | - !GetAtt 683 | - WSO2EILoadBalancer 684 | - DNSName 685 | - ':8243' 686 | Description: WSO2 Enterprise Integrator HTTPS Gateway endpoint 687 | LogDashboardURL: 688 | Value: !Join 689 | - '' 690 | - - 'http://' 691 | - !GetAtt 692 | - WSO2EILoggingInstance 693 | - PublicDnsName 694 | - ':5601' 695 | MountTargetIP: 696 | Value: !GetAtt WSO2EIPrivateSubnet1EFSMountTarget.IpAddress 697 | Description: Log Dashboard URL (Kibana Dashboard) 698 | Parameters: 699 | IAMRole: 700 | Type: String 701 | KeyPairName: 702 | Description: The private key used to log in to instances through SSH 703 | Type: 'AWS::EC2::KeyPair::KeyName' 704 | CertificateName: 705 | Description: A valid SSL certificate used for HTTPS 706 | Type: String 707 | MinLength: 1 708 | NetworkStackName: 709 | Description: Name of the stack with network resources exported 710 | Type: String 711 | WSO2InstanceType: 712 | Type: String 713 | Default: t2.medium 714 | AllowedValues: 715 | - t2.medium 716 | - t2.large 717 | - t2.xlarge 718 | - t2.2xlarge 719 | - m3.medium 720 | - m3.large 721 | - m3.xlarge 722 | - m3.2xlarge 723 | - m4.large 724 | - m4.xlarge 725 | ConstraintDescription: Must be a valid EC2 instance type 726 | DBUsername: 727 | Type: String 728 | DBPassword: 729 | Type: String 730 | NoEcho: true 731 | DBType: 732 | Type: String 733 | Default: MySQL 734 | AllowedValues: 735 | - MySQL 736 | - PostgreSQL 737 | - Oracle 738 | - SQL Server 739 | AMIid: 740 | Type: String 741 | Product: 742 | Type: String 743 | Version: 744 | Type: String 745 | Environment: 746 | Type: String 747 | Mappings: 748 | WSO2LoggingMasterAMIRegionMap: 749 | us-east-1: 750 | Ubuntu1804: ami-089c43fe12d048b25 751 | us-east-2: 752 | Ubuntu1804: ami-0b382084a3cc80fb7 753 | us-west-1: 754 | Ubuntu1804: ami-0b6d9c2c447ab4299 755 | us-west-2: 756 | Ubuntu1804: ami-0897dc385cc87c84a 757 | ap-south-1: 758 | Ubuntu1804: ami-092e3cdeac40647ef 759 | ap-northeast-1: 760 | Ubuntu1804: ami-0e188a8f0a17f5359 761 | ap-northeast-2: 762 | Ubuntu1804: ami-017825b1c521d02c5 763 | ap-southeast-1: 764 | Ubuntu1804: ami-0a15b160762a9664b 765 | ap-southeast-2: 766 | Ubuntu1804: ami-0b7e0a634a1356911 767 | ca-central-1: 768 | Ubuntu1804: ami-0ef8ecec9501bf050 769 | eu-central-1: 770 | Ubuntu1804: ami-0521c2773875c9f2e 771 | eu-west-1: 772 | Ubuntu1804: ami-0d63a1ebc624058cd 773 | eu-west-2: 774 | Ubuntu1804: ami-0e8752d4902c13a57 775 | eu-west-3: 776 | Ubuntu1804: ami-0b48a1bd6d96eba46 777 | eu-north-1: 778 | Ubuntu1804: ami-05805bdf26a4afe6c 779 | sa-east-1: 780 | Ubuntu1804: ami-0393cec4dc744d66d 781 | -------------------------------------------------------------------------------- /wso2is/is/cf-dev.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 Identity Server Clustered deployment in Dev with High Availability 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - IAMRole 25 | - KeyPairName 26 | - WSO2InstanceType 27 | - Label: 28 | default: Network Configuration 29 | Parameters: 30 | - CertificateName 31 | - NetworkStackName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | IAMRole: 44 | default: AWS IAM Role 45 | CertificateName: 46 | default: SSL Certificate Name 47 | NetworkStackName: 48 | default: Network Stack Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | WSO2ISDBInstance: 67 | Type: 'AWS::RDS::DBInstance' 68 | DeletionPolicy: Delete 69 | Properties: 70 | VPCSecurityGroups: 71 | - Fn::ImportValue: 72 | !Sub "${NetworkStackName}-WSO2DBSecurityGroup" 73 | DBInstanceClass: db.t2.medium 74 | AllocatedStorage: 5 75 | BackupRetentionPeriod: '0' 76 | DBInstanceIdentifier: !Join 77 | - '' 78 | - - 'WSO2ISDB' 79 | - !Ref Environment 80 | - 'Instance' 81 | DBName: WSO2_IS_DB 82 | Engine: !Ref DBType 83 | MasterUsername: !Ref DBUsername 84 | MasterUserPassword: !Ref DBPassword 85 | MultiAZ: 'false' 86 | StorageType: gp2 87 | DBSubnetGroupName: !Ref WSO2ISDBSubnetGroup 88 | WSO2ISDBSubnetGroup: 89 | Type: 'AWS::RDS::DBSubnetGroup' 90 | Properties: 91 | DBSubnetGroupDescription: DB Subnet Group 92 | SubnetIds: 93 | - Fn::ImportValue: 94 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 95 | - Fn::ImportValue: 96 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 97 | # Product configurations 98 | WSO2ISBastionInstance: 99 | Type: 'AWS::EC2::Instance' 100 | CreationPolicy: 101 | ResourceSignal: 102 | Count: 1 103 | Timeout: PT10M 104 | Properties: 105 | DisableApiTermination: 'false' 106 | InstanceInitiatedShutdownBehavior: stop 107 | ImageId: !Ref AMIid 108 | InstanceType: t2.micro 109 | KeyName: !Ref KeyPairName 110 | Monitoring: 'false' 111 | Tags: 112 | - Key: Name 113 | Value: !Join 114 | - '' 115 | - - 'WSO2ISBastion' 116 | - !Ref Environment 117 | - 'Instance' 118 | NetworkInterfaces: 119 | - DeleteOnTermination: 'true' 120 | AssociatePublicIpAddress : 'true' 121 | Description: Primary network interface 122 | DeviceIndex: 0 123 | SubnetId: 124 | Fn::ImportValue: 125 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 126 | GroupSet: 127 | - Fn::ImportValue: 128 | !Sub "${NetworkStackName}-WSO2BastionSecurityGroup" 129 | UserData: !Base64 130 | 'Fn::Sub': | 131 | Content-Type: multipart/mixed; boundary="//" 132 | MIME-Version: 1.0 133 | 134 | --// 135 | Content-Type: text/cloud-config; charset="us-ascii" 136 | MIME-Version: 1.0 137 | Content-Transfer-Encoding: 7bit 138 | Content-Disposition: attachment; filename="cloud-config.txt" 139 | 140 | #cloud-config 141 | cloud_final_modules: 142 | - [scripts-user, always] 143 | 144 | --// 145 | Content-Type: text/x-shellscript; charset="us-ascii" 146 | MIME-Version: 1.0 147 | Content-Transfer-Encoding: 7bit 148 | Content-Disposition: attachment; filename="userdata.txt" 149 | 150 | #!/bin/bash 151 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 152 | export PATH=~/.local/bin:$PATH 153 | apt-get update 154 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 155 | export DB_HOSTNAME=${WSO2ISDBInstance.Endpoint.Address} 156 | export DB_PORT=${WSO2ISDBInstance.Endpoint.Port} 157 | export DB_USERNAME=${DBUsername} 158 | export DB_PASSWORD=${DBPassword} 159 | rm -rf /home/wso2user/endpointCars 160 | rm -rf /home/wso2user/${Product}-${Version}.zip 161 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 162 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 163 | sed -i "s/CF_DB_HOST/${WSO2ISDBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 164 | sed -i "s/CF_DB_PORT/${WSO2ISDBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 165 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 166 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 167 | cat /dev/null > ~/.bash_history && history -c 168 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2ISBastionInstance --region ${AWS::Region} 169 | WSO2ISNodeLaunchConfiguration: 170 | Type: 'AWS::AutoScaling::LaunchConfiguration' 171 | Properties: 172 | ImageId: !Ref AMIid 173 | InstanceType: !Ref WSO2InstanceType 174 | IamInstanceProfile: !Ref IAMRole 175 | InstanceMonitoring: 'false' 176 | BlockDeviceMappings: 177 | - DeviceName: /dev/sda1 178 | Ebs: 179 | VolumeSize: '20' 180 | VolumeType: gp2 181 | DeleteOnTermination: 'true' 182 | KeyName: !Ref KeyPairName 183 | SecurityGroups: 184 | - Fn::ImportValue: 185 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 186 | UserData: !Base64 187 | 'Fn::Sub': | 188 | Content-Type: multipart/mixed; boundary="//" 189 | MIME-Version: 1.0 190 | 191 | --// 192 | Content-Type: text/cloud-config; charset="us-ascii" 193 | MIME-Version: 1.0 194 | Content-Transfer-Encoding: 7bit 195 | Content-Disposition: attachment; filename="cloud-config.txt" 196 | 197 | #cloud-config 198 | cloud_final_modules: 199 | - [scripts-user, always] 200 | 201 | --// 202 | Content-Type: text/x-shellscript; charset="us-ascii" 203 | MIME-Version: 1.0 204 | Content-Transfer-Encoding: 7bit 205 | Content-Disposition: attachment; filename="userdata.txt" 206 | 207 | #!/bin/bash 208 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 209 | export PATH=~/.local/bin:$PATH 210 | apt-get update >> /home/wso2user/install.log 211 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 212 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 213 | sed -i "s/IAM_ROLE/${IAMRole}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 214 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 215 | sed -i "s/ALB_DNS_NAME/${WSO2ISLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 216 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 217 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 218 | sed -i "s/RDS_DNS_NAME/${WSO2ISDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 219 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 220 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 221 | export LogserverIP=${WSO2ISLoggingInstance.PrivateIp} 222 | echo "$LogserverIP logserver" >> /etc/hosts 223 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 224 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 225 | sleep 30 226 | end=$((SECONDS+1200)) 227 | while [ $SECONDS -lt $end ] ; do 228 | sleep 10 229 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 230 | if [ $? -eq "0" ] ; then 231 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2ISNodeAutoScalingGroup --region ${AWS::Region} 232 | break 233 | fi 234 | done 235 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 236 | cat /dev/null > ~/.bash_history && history -c 237 | DependsOn: 238 | - WSO2ISLoadBalancer 239 | - WSO2ISDBInstance 240 | - WSO2ISBastionInstance 241 | - WSO2ISLoggingInstance 242 | WSO2ISNodeAutoScalingGroup: 243 | Type: 'AWS::AutoScaling::AutoScalingGroup' 244 | Properties: 245 | LaunchConfigurationName: !Ref WSO2ISNodeLaunchConfiguration 246 | DesiredCapacity: 2 247 | MinSize: 2 248 | MaxSize: 2 249 | TargetGroupARNs: 250 | - !Ref WSO2ISALB9443TargetGroup 251 | - !Ref WSO2ISALB8243TargetGroup 252 | - !Ref WSO2ISALB8280TargetGroup 253 | VPCZoneIdentifier: 254 | - Fn::ImportValue: 255 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 256 | Tags: 257 | - Key: Name 258 | Value: !Join 259 | - '' 260 | - - 'WSO2IS' 261 | - !Ref Environment 262 | - 'Instance' 263 | PropagateAtLaunch: 'true' 264 | - Key: cluster 265 | Value: is 266 | PropagateAtLaunch: 'true' 267 | CreationPolicy: 268 | ResourceSignal: 269 | Count: 2 270 | Timeout: PT30M 271 | UpdatePolicy: 272 | AutoScalingRollingUpdate: 273 | MaxBatchSize: '2' 274 | MinInstancesInService: '1' 275 | PauseTime: PT20M 276 | SuspendProcesses: 277 | - AlarmNotification 278 | WaitOnResourceSignals: true 279 | DependsOn: 280 | - WSO2ISLoadBalancer 281 | WSO2ISLoadBalancer: 282 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 283 | Properties: 284 | Name: !Join 285 | - '' 286 | - - 'WSO2ISLoadBalancer' 287 | - !Ref Environment 288 | Scheme: internet-facing 289 | Subnets: 290 | - Fn::ImportValue: 291 | !Sub "${NetworkStackName}-WSO2PublicSubnet1" 292 | - Fn::ImportValue: 293 | !Sub "${NetworkStackName}-WSO2PublicSubnet2" 294 | SecurityGroups: 295 | - Fn::ImportValue: 296 | !Sub "${NetworkStackName}-WSO2LoadBalancerSecurityGroup" 297 | WSO2ISALB9443TargetGroup: 298 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 299 | Properties: 300 | HealthCheckIntervalSeconds: 10 301 | HealthCheckProtocol: HTTPS 302 | HealthCheckTimeoutSeconds: 5 303 | HealthyThresholdCount: 4 304 | HealthCheckPath: /carbon/admin/login.jsp 305 | HealthCheckPort: 9443 306 | Matcher: 307 | HttpCode: 200 308 | Name: !Join 309 | - '-' 310 | - - 'is' 311 | - 'carbon' 312 | - !Ref Environment 313 | - '9443' 314 | Port: 9443 315 | Protocol: HTTPS 316 | TargetGroupAttributes: 317 | - Key: deregistration_delay.timeout_seconds 318 | Value: '20' 319 | - Key: stickiness.enabled 320 | Value: 'true' 321 | UnhealthyThresholdCount: 3 322 | VpcId: 323 | Fn::ImportValue: 324 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 325 | Tags: 326 | - Key: Name 327 | Value: !Join 328 | - '' 329 | - - !Ref Product 330 | WSO2ISALB8280TargetGroup: 331 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 332 | Properties: 333 | HealthCheckIntervalSeconds: 10 334 | HealthCheckProtocol: HTTP 335 | HealthCheckTimeoutSeconds: 5 336 | HealthyThresholdCount: 4 337 | HealthCheckPath: / 338 | HealthCheckPort: 8280 339 | Matcher: 340 | HttpCode: 200 341 | Name: !Join 342 | - '-' 343 | - - 'is' 344 | - 'carbon' 345 | - !Ref Environment 346 | - '8280' 347 | Port: 8280 348 | Protocol: HTTP 349 | TargetGroupAttributes: 350 | - Key: deregistration_delay.timeout_seconds 351 | Value: '20' 352 | - Key: stickiness.enabled 353 | Value: 'true' 354 | UnhealthyThresholdCount: 3 355 | VpcId: 356 | Fn::ImportValue: 357 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 358 | Tags: 359 | - Key: Name 360 | Value: !Join 361 | - '' 362 | - - !Ref Product 363 | WSO2ISALB8243TargetGroup: 364 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 365 | Properties: 366 | HealthCheckIntervalSeconds: 10 367 | HealthCheckProtocol: HTTPS 368 | HealthCheckTimeoutSeconds: 5 369 | HealthyThresholdCount: 4 370 | HealthCheckPath: /services/Version 371 | HealthCheckPort: 8243 372 | Matcher: 373 | HttpCode: 200 374 | Name: !Join 375 | - '-' 376 | - - 'is' 377 | - 'carbon' 378 | - !Ref Environment 379 | - '8243' 380 | Port: 8243 381 | Protocol: HTTPS 382 | TargetGroupAttributes: 383 | - Key: deregistration_delay.timeout_seconds 384 | Value: '20' 385 | - Key: stickiness.enabled 386 | Value: 'true' 387 | UnhealthyThresholdCount: 3 388 | VpcId: 389 | Fn::ImportValue: 390 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 391 | Tags: 392 | - Key: Name 393 | Value: !Join 394 | - '' 395 | - - !Ref Product 396 | WSO2ISALB9443Listener: 397 | Type: AWS::ElasticLoadBalancingV2::Listener 398 | Properties: 399 | DefaultActions: 400 | - Type: forward 401 | TargetGroupArn: !Ref WSO2ISALB9443TargetGroup 402 | Certificates: 403 | - CertificateArn: !Join 404 | - '' 405 | - - 'arn:aws:iam::' 406 | - !Ref 'AWS::AccountId' 407 | - ':server-certificate' 408 | - / 409 | - !Ref CertificateName 410 | LoadBalancerArn: !Ref WSO2ISLoadBalancer 411 | Port: 443 412 | Protocol: HTTPS 413 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 414 | WSO2ISALB8280Listener: 415 | Type: AWS::ElasticLoadBalancingV2::Listener 416 | Properties: 417 | DefaultActions: 418 | - Type: forward 419 | TargetGroupArn: !Ref WSO2ISALB8280TargetGroup 420 | LoadBalancerArn: !Ref WSO2ISLoadBalancer 421 | Port: 8280 422 | Protocol: HTTP 423 | WSO28243ALBListener: 424 | Type: AWS::ElasticLoadBalancingV2::Listener 425 | Properties: 426 | DefaultActions: 427 | - Type: forward 428 | TargetGroupArn: !Ref WSO2ISALB8243TargetGroup 429 | Certificates: 430 | - CertificateArn: !Join 431 | - '' 432 | - - 'arn:aws:iam::' 433 | - !Ref 'AWS::AccountId' 434 | - ':server-certificate' 435 | - / 436 | - !Ref CertificateName 437 | LoadBalancerArn: !Ref WSO2ISLoadBalancer 438 | Port: 8243 439 | Protocol: HTTPS 440 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 441 | WSO2ISLoggingInstance: 442 | Type: 'AWS::EC2::Instance' 443 | Properties: 444 | DisableApiTermination: 'false' 445 | InstanceInitiatedShutdownBehavior: stop 446 | ImageId: !FindInMap 447 | - WSO2LoggingMasterAMIRegionMap 448 | - !Ref 'AWS::Region' 449 | - Ubuntu1804 450 | InstanceType: t2.large 451 | BlockDeviceMappings: 452 | - DeviceName: /dev/sda1 453 | Ebs: 454 | VolumeSize: '50' 455 | VolumeType: gp2 456 | DeleteOnTermination: 'true' 457 | KeyName: !Ref KeyPairName 458 | Monitoring: 'false' 459 | Tags: 460 | - Key: Name 461 | Value: !Join 462 | - '' 463 | - - 'WSO2ISLogging' 464 | - !Ref Environment 465 | - 'Instance' 466 | NetworkInterfaces: 467 | - DeleteOnTermination: 'true' 468 | AssociatePublicIpAddress: 'true' 469 | Description: Primary network interface 470 | DeviceIndex: 0 471 | SubnetId: 472 | Fn::ImportValue: 473 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 474 | GroupSet: 475 | - Fn::ImportValue: 476 | !Sub "${NetworkStackName}-WSO2LoggingSecurityGroup" 477 | UserData: !Base64 478 | 'Fn::Sub': | 479 | #cloud-config 480 | #!/bin/bash 481 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 482 | export PATH=~/.local/bin:$PATH 483 | export REGION=${AWS::Region} 484 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 485 | cat /dev/null > ~/.bash_history && history -c 486 | DependsOn: 487 | - WSO2ISLoadBalancer 488 | - WSO2ISDBInstance 489 | Outputs: 490 | ConsoleURL: 491 | Value: !Join 492 | - '' 493 | - - 'https://' 494 | - !GetAtt 495 | - WSO2ISLoadBalancer 496 | - DNSName 497 | - '/carbon' 498 | Description: WSO2 Identity Server Management Console URL 499 | HttpURL: 500 | Value: !Join 501 | - '' 502 | - - 'http://' 503 | - !GetAtt 504 | - WSO2ISLoadBalancer 505 | - DNSName 506 | - ':8280' 507 | Description: WSO2 Identity Server HTTP Gateway endpoint 508 | HttpsURL: 509 | Value: !Join 510 | - '' 511 | - - 'https://' 512 | - !GetAtt 513 | - WSO2ISLoadBalancer 514 | - DNSName 515 | - ':8243' 516 | Description: WSO2 Identity Server HTTPS Gateway endpoint 517 | LogDashboardURL: 518 | Value: !Join 519 | - '' 520 | - - 'http://' 521 | - !GetAtt 522 | - WSO2ISLoggingInstance 523 | - PublicDnsName 524 | - ':5601' 525 | Description: Log Dashboard URL (Kibana Dashboard) 526 | Parameters: 527 | IAMRole: 528 | Type: String 529 | KeyPairName: 530 | Description: The private key used to log in to instances through SSH 531 | Type: 'AWS::EC2::KeyPair::KeyName' 532 | CertificateName: 533 | Description: A valid SSL certificate used for HTTPS 534 | Type: String 535 | MinLength: 1 536 | NetworkStackName: 537 | Description: Name of the stack with network resources exported 538 | Type: String 539 | WSO2InstanceType: 540 | Type: String 541 | Default: t2.medium 542 | AllowedValues: 543 | - t2.medium 544 | - t2.large 545 | - t2.xlarge 546 | - t2.2xlarge 547 | - m3.medium 548 | - m3.large 549 | - m3.xlarge 550 | - m3.2xlarge 551 | - m4.large 552 | - m4.xlarge 553 | ConstraintDescription: Must be a valid EC2 instance type 554 | DBUsername: 555 | Type: String 556 | DBPassword: 557 | Type: String 558 | NoEcho: true 559 | DBType: 560 | Type: String 561 | Default: MySQL 562 | AllowedValues: 563 | - MySQL 564 | - PostgreSQL 565 | - Oracle 566 | - SQL Server 567 | AMIid: 568 | Type: String 569 | Product: 570 | Type: String 571 | Version: 572 | Type: String 573 | Environment: 574 | Type: String 575 | Mappings: 576 | WSO2LoggingMasterAMIRegionMap: 577 | us-east-1: 578 | Ubuntu1804: ami-089c43fe12d048b25 579 | us-east-2: 580 | Ubuntu1804: ami-0b382084a3cc80fb7 581 | us-west-1: 582 | Ubuntu1804: ami-0b6d9c2c447ab4299 583 | us-west-2: 584 | Ubuntu1804: ami-0897dc385cc87c84a 585 | ap-south-1: 586 | Ubuntu1804: ami-092e3cdeac40647ef 587 | ap-northeast-1: 588 | Ubuntu1804: ami-0e188a8f0a17f5359 589 | ap-northeast-2: 590 | Ubuntu1804: ami-017825b1c521d02c5 591 | ap-southeast-1: 592 | Ubuntu1804: ami-0a15b160762a9664b 593 | ap-southeast-2: 594 | Ubuntu1804: ami-0b7e0a634a1356911 595 | ca-central-1: 596 | Ubuntu1804: ami-0ef8ecec9501bf050 597 | eu-central-1: 598 | Ubuntu1804: ami-0521c2773875c9f2e 599 | eu-west-1: 600 | Ubuntu1804: ami-0d63a1ebc624058cd 601 | eu-west-2: 602 | Ubuntu1804: ami-0e8752d4902c13a57 603 | eu-west-3: 604 | Ubuntu1804: ami-0b48a1bd6d96eba46 605 | eu-north-1: 606 | Ubuntu1804: ami-05805bdf26a4afe6c 607 | sa-east-1: 608 | Ubuntu1804: ami-0393cec4dc744d66d 609 | -------------------------------------------------------------------------------- /wso2is/is/cf-staging.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | AWSTemplateFormatVersion: 2010-09-09 16 | Description: >- 17 | WSO2 Identity Server Clustered deployment in Staging with High Availability 18 | Metadata: 19 | 'AWS::CloudFormation::Interface': 20 | ParameterGroups: 21 | - Label: 22 | default: Cluster Configuration 23 | Parameters: 24 | - IAMRole 25 | - KeyPairName 26 | - WSO2InstanceType 27 | - Label: 28 | default: Network Configuration 29 | Parameters: 30 | - CertificateName 31 | - NetworkStackName 32 | - Label: 33 | default: Database Configuration 34 | Parameters: 35 | - DBUsername 36 | - DBPassword 37 | - DBType 38 | - Label: 39 | default: Environment Configurations 40 | Parameters: 41 | - Environment 42 | ParameterLabels: 43 | IAMRole: 44 | default: AWS IAM Role 45 | CertificateName: 46 | default: SSL Certificate Name 47 | NetworkStackName: 48 | default: Network Stack Name 49 | KeyPairName: 50 | default: Key Pair Name 51 | DBUsername: 52 | default: Username 53 | DBPassword: 54 | default: Password 55 | WSO2InstanceType: 56 | default: Instance Type 57 | AMIid: 58 | default: AMI ID 59 | Product: 60 | default: Product 61 | Version: 62 | default: Version 63 | Environment: 64 | default: Environment 65 | Resources: 66 | WSO2ISDBInstance: 67 | Type: 'AWS::RDS::DBInstance' 68 | DeletionPolicy: Delete 69 | Properties: 70 | VPCSecurityGroups: 71 | - Fn::ImportValue: 72 | !Sub "${NetworkStackName}-WSO2DBSecurityGroup" 73 | DBInstanceClass: db.t2.medium 74 | AllocatedStorage: 5 75 | BackupRetentionPeriod: '0' 76 | DBInstanceIdentifier: !Join 77 | - '' 78 | - - 'WSO2ISDB' 79 | - !Ref Environment 80 | - 'Instance' 81 | DBName: WSO2_IS_DB 82 | Engine: !Ref DBType 83 | MasterUsername: !Ref DBUsername 84 | MasterUserPassword: !Ref DBPassword 85 | MultiAZ: 'false' 86 | StorageType: gp2 87 | DBSubnetGroupName: !Ref WSO2ISDBSubnetGroup 88 | WSO2ISDBSubnetGroup: 89 | Type: 'AWS::RDS::DBSubnetGroup' 90 | Properties: 91 | DBSubnetGroupDescription: DB Subnet Group 92 | SubnetIds: 93 | - Fn::ImportValue: 94 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 95 | - Fn::ImportValue: 96 | !Sub "${NetworkStackName}-WSO2PrivateSubnet2" 97 | # Product configurations 98 | WSO2ISBastionInstance: 99 | Type: 'AWS::EC2::Instance' 100 | CreationPolicy: 101 | ResourceSignal: 102 | Count: 1 103 | Timeout: PT10M 104 | Properties: 105 | DisableApiTermination: 'false' 106 | InstanceInitiatedShutdownBehavior: stop 107 | ImageId: !Ref AMIid 108 | InstanceType: t2.micro 109 | KeyName: !Ref KeyPairName 110 | Monitoring: 'false' 111 | Tags: 112 | - Key: Name 113 | Value: !Join 114 | - '' 115 | - - 'WSO2ISBastion' 116 | - !Ref Environment 117 | - 'Instance' 118 | NetworkInterfaces: 119 | - DeleteOnTermination: 'true' 120 | AssociatePublicIpAddress : 'true' 121 | Description: Primary network interface 122 | DeviceIndex: 0 123 | SubnetId: 124 | Fn::ImportValue: 125 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 126 | GroupSet: 127 | - Fn::ImportValue: 128 | !Sub "${NetworkStackName}-WSO2BastionSecurityGroup" 129 | UserData: !Base64 130 | 'Fn::Sub': | 131 | Content-Type: multipart/mixed; boundary="//" 132 | MIME-Version: 1.0 133 | 134 | --// 135 | Content-Type: text/cloud-config; charset="us-ascii" 136 | MIME-Version: 1.0 137 | Content-Transfer-Encoding: 7bit 138 | Content-Disposition: attachment; filename="cloud-config.txt" 139 | 140 | #cloud-config 141 | cloud_final_modules: 142 | - [scripts-user, always] 143 | 144 | --// 145 | Content-Type: text/x-shellscript; charset="us-ascii" 146 | MIME-Version: 1.0 147 | Content-Transfer-Encoding: 7bit 148 | Content-Disposition: attachment; filename="userdata.txt" 149 | 150 | #!/bin/bash 151 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 152 | export PATH=~/.local/bin:$PATH 153 | apt-get update 154 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 155 | export DB_HOSTNAME=${WSO2ISDBInstance.Endpoint.Address} 156 | export DB_PORT=${WSO2ISDBInstance.Endpoint.Port} 157 | export DB_USERNAME=${DBUsername} 158 | export DB_PASSWORD=${DBPassword} 159 | rm -rf /home/wso2user/endpointCars 160 | rm -rf /home/wso2user/${Product}-${Version}.zip 161 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 162 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 163 | sed -i "s/CF_DB_HOST/${WSO2ISDBInstance.Endpoint.Address}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 164 | sed -i "s/CF_DB_PORT/${WSO2ISDBInstance.Endpoint.Port}/g" /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 165 | bash /usr/local/bin/bashScripts/MySQL/provision_db_scripts.sh 2>&1 | tee /home/wso2user/db_log.txt 166 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 167 | cat /dev/null > ~/.bash_history && history -c 168 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2ISBastionInstance --region ${AWS::Region} 169 | WSO2ISNodeLaunchConfiguration: 170 | Type: 'AWS::AutoScaling::LaunchConfiguration' 171 | Properties: 172 | ImageId: !Ref AMIid 173 | InstanceType: !Ref WSO2InstanceType 174 | IamInstanceProfile: !Ref IAMRole 175 | InstanceMonitoring: 'false' 176 | BlockDeviceMappings: 177 | - DeviceName: /dev/sda1 178 | Ebs: 179 | VolumeSize: '20' 180 | VolumeType: gp2 181 | DeleteOnTermination: 'true' 182 | KeyName: !Ref KeyPairName 183 | SecurityGroups: 184 | - Fn::ImportValue: 185 | !Sub "${NetworkStackName}-WSO2ProductSecurityGroup" 186 | UserData: !Base64 187 | 'Fn::Sub': | 188 | Content-Type: multipart/mixed; boundary="//" 189 | MIME-Version: 1.0 190 | 191 | --// 192 | Content-Type: text/cloud-config; charset="us-ascii" 193 | MIME-Version: 1.0 194 | Content-Transfer-Encoding: 7bit 195 | Content-Disposition: attachment; filename="cloud-config.txt" 196 | 197 | #cloud-config 198 | cloud_final_modules: 199 | - [scripts-user, always] 200 | 201 | --// 202 | Content-Type: text/x-shellscript; charset="us-ascii" 203 | MIME-Version: 1.0 204 | Content-Transfer-Encoding: 7bit 205 | Content-Disposition: attachment; filename="userdata.txt" 206 | 207 | #!/bin/bash 208 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 209 | export PATH=~/.local/bin:$PATH 210 | apt-get update >> /home/wso2user/install.log 211 | pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz 212 | unzip /home/wso2user/${Product}-${Version}.zip -d /home/wso2user/ 213 | sed -i "s/IAM_ROLE/${IAMRole}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 214 | sed -i "s/REGION_NAME/${AWS::Region}/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 215 | sed -i "s/ALB_DNS_NAME/${WSO2ISLoadBalancer.DNSName}/g" /home/wso2user/${Product}-${Version}/repository/conf/carbon.xml 216 | sed -i "s/CF_DB_USERNAME/${DBUsername}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 217 | sed -i "s/CF_DB_PASSWORD/${DBPassword}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 218 | sed -i "s/RDS_DNS_NAME/${WSO2ISDBInstance.Endpoint.Address}/g" /home/wso2user/${Product}-${Version}/repository/conf/datasources/master-datasources.xml 219 | tar -xvf /opt/OpenJDK8U-jdk_8u222_linux_x64.tar.gz -C /opt/ 220 | export PRIVATE_IP=$(ifconfig | grep -m 1 'inet ' | awk '{print $2}') 221 | export LogserverIP=${WSO2ISLoggingInstance.PrivateIp} 222 | echo "$LogserverIP logserver" >> /etc/hosts 223 | sed -i "s/LOCAL-MEMBER-HOST/$PRIVATE_IP/g" /home/wso2user/${Product}-${Version}/repository/conf/axis2/axis2.xml 224 | /home/wso2user/${Product}-${Version}/bin/wso2server.sh start 225 | sleep 30 226 | end=$((SECONDS+1200)) 227 | while [ $SECONDS -lt $end ] ; do 228 | sleep 10 229 | wget --delete-after --server-response --no-check-certificate "https://localhost:9443/carbon/admin/login.jsp" 230 | if [ $? -eq "0" ] ; then 231 | /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WSO2ISNodeAutoScalingGroup --region ${AWS::Region} 232 | break 233 | fi 234 | done 235 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 236 | cat /dev/null > ~/.bash_history && history -c 237 | DependsOn: 238 | - WSO2ISLoadBalancer 239 | - WSO2ISDBInstance 240 | - WSO2ISBastionInstance 241 | - WSO2ISLoggingInstance 242 | WSO2ISNodeAutoScalingGroup: 243 | Type: 'AWS::AutoScaling::AutoScalingGroup' 244 | Properties: 245 | LaunchConfigurationName: !Ref WSO2ISNodeLaunchConfiguration 246 | DesiredCapacity: 2 247 | MinSize: 2 248 | MaxSize: 2 249 | TargetGroupARNs: 250 | - !Ref WSO2ISALB9443TargetGroup 251 | - !Ref WSO2ISALB8243TargetGroup 252 | - !Ref WSO2ISALB8280TargetGroup 253 | VPCZoneIdentifier: 254 | - Fn::ImportValue: 255 | !Sub "${NetworkStackName}-WSO2PrivateSubnet1" 256 | Tags: 257 | - Key: Name 258 | Value: !Join 259 | - '' 260 | - - 'WSO2IS' 261 | - !Ref Environment 262 | - 'Instance' 263 | PropagateAtLaunch: 'true' 264 | - Key: cluster 265 | Value: is 266 | PropagateAtLaunch: 'true' 267 | CreationPolicy: 268 | ResourceSignal: 269 | Count: 2 270 | Timeout: PT30M 271 | UpdatePolicy: 272 | AutoScalingRollingUpdate: 273 | MaxBatchSize: '2' 274 | MinInstancesInService: '1' 275 | PauseTime: PT20M 276 | SuspendProcesses: 277 | - AlarmNotification 278 | WaitOnResourceSignals: true 279 | DependsOn: 280 | - WSO2ISLoadBalancer 281 | WSO2ISLoadBalancer: 282 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 283 | Properties: 284 | Name: !Join 285 | - '' 286 | - - 'WSO2ISLoadBalancer' 287 | - !Ref Environment 288 | Scheme: internet-facing 289 | Subnets: 290 | - Fn::ImportValue: 291 | !Sub "${NetworkStackName}-WSO2PublicSubnet1" 292 | - Fn::ImportValue: 293 | !Sub "${NetworkStackName}-WSO2PublicSubnet2" 294 | SecurityGroups: 295 | - Fn::ImportValue: 296 | !Sub "${NetworkStackName}-WSO2LoadBalancerSecurityGroup" 297 | WSO2ISALB9443TargetGroup: 298 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 299 | Properties: 300 | HealthCheckIntervalSeconds: 10 301 | HealthCheckProtocol: HTTPS 302 | HealthCheckTimeoutSeconds: 5 303 | HealthyThresholdCount: 4 304 | HealthCheckPath: /carbon/admin/login.jsp 305 | HealthCheckPort: 9443 306 | Matcher: 307 | HttpCode: 200 308 | Name: !Join 309 | - '-' 310 | - - 'is' 311 | - 'carbon' 312 | - !Ref Environment 313 | - '9443' 314 | Port: 9443 315 | Protocol: HTTPS 316 | TargetGroupAttributes: 317 | - Key: deregistration_delay.timeout_seconds 318 | Value: '20' 319 | - Key: stickiness.enabled 320 | Value: 'true' 321 | UnhealthyThresholdCount: 3 322 | VpcId: 323 | Fn::ImportValue: 324 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 325 | Tags: 326 | - Key: Name 327 | Value: !Join 328 | - '' 329 | - - !Ref Product 330 | WSO2ISALB8280TargetGroup: 331 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 332 | Properties: 333 | HealthCheckIntervalSeconds: 10 334 | HealthCheckProtocol: HTTP 335 | HealthCheckTimeoutSeconds: 5 336 | HealthyThresholdCount: 4 337 | HealthCheckPath: / 338 | HealthCheckPort: 8280 339 | Matcher: 340 | HttpCode: 200 341 | Name: !Join 342 | - '-' 343 | - - 'is' 344 | - 'carbon' 345 | - !Ref Environment 346 | - '8280' 347 | Port: 8280 348 | Protocol: HTTP 349 | TargetGroupAttributes: 350 | - Key: deregistration_delay.timeout_seconds 351 | Value: '20' 352 | - Key: stickiness.enabled 353 | Value: 'true' 354 | UnhealthyThresholdCount: 3 355 | VpcId: 356 | Fn::ImportValue: 357 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 358 | Tags: 359 | - Key: Name 360 | Value: !Join 361 | - '' 362 | - - !Ref Product 363 | WSO2ISALB8243TargetGroup: 364 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 365 | Properties: 366 | HealthCheckIntervalSeconds: 10 367 | HealthCheckProtocol: HTTPS 368 | HealthCheckTimeoutSeconds: 5 369 | HealthyThresholdCount: 4 370 | HealthCheckPath: /services/Version 371 | HealthCheckPort: 8243 372 | Matcher: 373 | HttpCode: 200 374 | Name: !Join 375 | - '-' 376 | - - 'is' 377 | - 'carbon' 378 | - !Ref Environment 379 | - '8243' 380 | Port: 8243 381 | Protocol: HTTPS 382 | TargetGroupAttributes: 383 | - Key: deregistration_delay.timeout_seconds 384 | Value: '20' 385 | - Key: stickiness.enabled 386 | Value: 'true' 387 | UnhealthyThresholdCount: 3 388 | VpcId: 389 | Fn::ImportValue: 390 | Fn::Sub: "${NetworkStackName}-WSO2VPC" 391 | Tags: 392 | - Key: Name 393 | Value: !Join 394 | - '' 395 | - - !Ref Product 396 | WSO2ISALB9443Listener: 397 | Type: AWS::ElasticLoadBalancingV2::Listener 398 | Properties: 399 | DefaultActions: 400 | - Type: forward 401 | TargetGroupArn: !Ref WSO2ISALB9443TargetGroup 402 | Certificates: 403 | - CertificateArn: !Join 404 | - '' 405 | - - 'arn:aws:iam::' 406 | - !Ref 'AWS::AccountId' 407 | - ':server-certificate' 408 | - / 409 | - !Ref CertificateName 410 | LoadBalancerArn: !Ref WSO2ISLoadBalancer 411 | Port: 443 412 | Protocol: HTTPS 413 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 414 | WSO2ISALB8280Listener: 415 | Type: AWS::ElasticLoadBalancingV2::Listener 416 | Properties: 417 | DefaultActions: 418 | - Type: forward 419 | TargetGroupArn: !Ref WSO2ISALB8280TargetGroup 420 | LoadBalancerArn: !Ref WSO2ISLoadBalancer 421 | Port: 8280 422 | Protocol: HTTP 423 | WSO28243ALBListener: 424 | Type: AWS::ElasticLoadBalancingV2::Listener 425 | Properties: 426 | DefaultActions: 427 | - Type: forward 428 | TargetGroupArn: !Ref WSO2ISALB8243TargetGroup 429 | Certificates: 430 | - CertificateArn: !Join 431 | - '' 432 | - - 'arn:aws:iam::' 433 | - !Ref 'AWS::AccountId' 434 | - ':server-certificate' 435 | - / 436 | - !Ref CertificateName 437 | LoadBalancerArn: !Ref WSO2ISLoadBalancer 438 | Port: 8243 439 | Protocol: HTTPS 440 | SslPolicy: ELBSecurityPolicy-TLS-1-1-2017-01 441 | WSO2ISLoggingInstance: 442 | Type: 'AWS::EC2::Instance' 443 | Properties: 444 | DisableApiTermination: 'false' 445 | InstanceInitiatedShutdownBehavior: stop 446 | ImageId: !FindInMap 447 | - WSO2LoggingMasterAMIRegionMap 448 | - !Ref 'AWS::Region' 449 | - Ubuntu1804 450 | InstanceType: t2.large 451 | BlockDeviceMappings: 452 | - DeviceName: /dev/sda1 453 | Ebs: 454 | VolumeSize: '50' 455 | VolumeType: gp2 456 | DeleteOnTermination: 'true' 457 | KeyName: !Ref KeyPairName 458 | Monitoring: 'false' 459 | Tags: 460 | - Key: Name 461 | Value: !Join 462 | - '' 463 | - - 'WSO2ISLogging' 464 | - !Ref Environment 465 | - 'Instance' 466 | NetworkInterfaces: 467 | - DeleteOnTermination: 'true' 468 | AssociatePublicIpAddress: 'true' 469 | Description: Primary network interface 470 | DeviceIndex: 0 471 | SubnetId: 472 | Fn::ImportValue: 473 | Fn::Sub: "${NetworkStackName}-WSO2PublicSubnet1" 474 | GroupSet: 475 | - Fn::ImportValue: 476 | !Sub "${NetworkStackName}-WSO2LoggingSecurityGroup" 477 | UserData: !Base64 478 | 'Fn::Sub': | 479 | #cloud-config 480 | #!/bin/bash 481 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 482 | export PATH=~/.local/bin:$PATH 483 | export REGION=${AWS::Region} 484 | echo 'export HISTTIMEFORMAT="%F %T "' >> /etc/profile.d/history.sh 485 | cat /dev/null > ~/.bash_history && history -c 486 | DependsOn: 487 | - WSO2ISLoadBalancer 488 | - WSO2ISDBInstance 489 | Outputs: 490 | ConsoleURL: 491 | Value: !Join 492 | - '' 493 | - - 'https://' 494 | - !GetAtt 495 | - WSO2ISLoadBalancer 496 | - DNSName 497 | - '/carbon' 498 | Description: WSO2 Identity Server Management Console URL 499 | HttpURL: 500 | Value: !Join 501 | - '' 502 | - - 'http://' 503 | - !GetAtt 504 | - WSO2ISLoadBalancer 505 | - DNSName 506 | - ':8280' 507 | Description: WSO2 Identity Server HTTP Gateway endpoint 508 | HttpsURL: 509 | Value: !Join 510 | - '' 511 | - - 'https://' 512 | - !GetAtt 513 | - WSO2ISLoadBalancer 514 | - DNSName 515 | - ':8243' 516 | Description: WSO2 Identity Server HTTPS Gateway endpoint 517 | LogDashboardURL: 518 | Value: !Join 519 | - '' 520 | - - 'http://' 521 | - !GetAtt 522 | - WSO2ISLoggingInstance 523 | - PublicDnsName 524 | - ':5601' 525 | Description: Log Dashboard URL (Kibana Dashboard) 526 | Parameters: 527 | IAMRole: 528 | Type: String 529 | KeyPairName: 530 | Description: The private key used to log in to instances through SSH 531 | Type: 'AWS::EC2::KeyPair::KeyName' 532 | CertificateName: 533 | Description: A valid SSL certificate used for HTTPS 534 | Type: String 535 | MinLength: 1 536 | NetworkStackName: 537 | Description: Name of the stack with network resources exported 538 | Type: String 539 | WSO2InstanceType: 540 | Type: String 541 | Default: t2.medium 542 | AllowedValues: 543 | - t2.medium 544 | - t2.large 545 | - t2.xlarge 546 | - t2.2xlarge 547 | - m3.medium 548 | - m3.large 549 | - m3.xlarge 550 | - m3.2xlarge 551 | - m4.large 552 | - m4.xlarge 553 | ConstraintDescription: Must be a valid EC2 instance type 554 | DBUsername: 555 | Type: String 556 | DBPassword: 557 | Type: String 558 | NoEcho: true 559 | DBType: 560 | Type: String 561 | Default: MySQL 562 | AllowedValues: 563 | - MySQL 564 | - PostgreSQL 565 | - Oracle 566 | - SQL Server 567 | AMIid: 568 | Type: String 569 | Product: 570 | Type: String 571 | Version: 572 | Type: String 573 | Environment: 574 | Type: String 575 | Mappings: 576 | WSO2LoggingMasterAMIRegionMap: 577 | us-east-1: 578 | Ubuntu1804: ami-089c43fe12d048b25 579 | us-east-2: 580 | Ubuntu1804: ami-0b382084a3cc80fb7 581 | us-west-1: 582 | Ubuntu1804: ami-0b6d9c2c447ab4299 583 | us-west-2: 584 | Ubuntu1804: ami-0897dc385cc87c84a 585 | ap-south-1: 586 | Ubuntu1804: ami-092e3cdeac40647ef 587 | ap-northeast-1: 588 | Ubuntu1804: ami-0e188a8f0a17f5359 589 | ap-northeast-2: 590 | Ubuntu1804: ami-017825b1c521d02c5 591 | ap-southeast-1: 592 | Ubuntu1804: ami-0a15b160762a9664b 593 | ap-southeast-2: 594 | Ubuntu1804: ami-0b7e0a634a1356911 595 | ca-central-1: 596 | Ubuntu1804: ami-0ef8ecec9501bf050 597 | eu-central-1: 598 | Ubuntu1804: ami-0521c2773875c9f2e 599 | eu-west-1: 600 | Ubuntu1804: ami-0d63a1ebc624058cd 601 | eu-west-2: 602 | Ubuntu1804: ami-0e8752d4902c13a57 603 | eu-west-3: 604 | Ubuntu1804: ami-0b48a1bd6d96eba46 605 | eu-north-1: 606 | Ubuntu1804: ami-05805bdf26a4afe6c 607 | sa-east-1: 608 | Ubuntu1804: ami-0393cec4dc744d66d 609 | --------------------------------------------------------------------------------