forked from UiPath/aws-quickstart-automation-suite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathalb.template.yaml
95 lines (92 loc) · 2.71 KB
/
alb.template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
AWSTemplateFormatVersion: 2010-09-09
Description: >-
This template creates an Application Load Balancer (qs-1r2g4122s)
Parameters:
VPCID:
Type: 'AWS::EC2::VPC::Id'
VPCCIDR:
Description: CIDR block for the VPC
Type: String
SubnetIDs:
Description: Comma separated Subnet IDs where Gateway VMs need to be launched
Type: List<AWS::EC2::Subnet::Id>
SSLCertificateArn:
Description: Arn of SSL certificate to use for the HTTPS listener
Type: String
UseInternalLoadBalancer:
Description: Deploy Internal Load Balancer
Type: String
Default: "false"
AllowedValues:
- 'true'
- 'false'
Conditions:
UsingInternalLoadBalancer: !Equals [!Ref UseInternalLoadBalancer, 'true']
Resources:
ELBSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Security Group allowing access to High-Availability Add-On application
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !Ref VPCCIDR
Description: Access to target instance on port 443
ExternalLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Type: application
Scheme: !If [UsingInternalLoadBalancer , "internal", "internet-facing"]
SecurityGroups:
- !Ref ELBSecurityGroup
Subnets: !Ref SubnetIDs
HttpsTargetGroup:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
Port: 443
Protocol: HTTPS
VpcId: !Ref VPCID
TargetGroupAttributes:
- Key: stickiness.enabled
Value: 'true'
- Key: stickiness.type
Value: lb_cookie
TargetType: instance
HealthCheckPath: /
HealthCheckPort: '443'
HealthCheckProtocol: HTTPS
Matcher:
HttpCode: "200-499"
HttpsListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
LoadBalancerArn: !Ref ExternalLoadBalancer
Port: 443
Protocol: HTTPS
DefaultActions:
- Type: forward
TargetGroupArn: !Ref HttpsTargetGroup
SslPolicy: ELBSecurityPolicy-2016-08
Certificates:
- CertificateArn: !Ref SSLCertificateArn
Outputs:
TcpTargetGroup:
Value: !Ref HttpsTargetGroup
Description: Deployment target group ARN
ExternalLoadBalancerDns:
Value: !GetAtt
- ExternalLoadBalancer
- DNSName
Description: DNS name of the External load balancer
CanonicalHostedZoneID:
Value: !GetAtt
- ExternalLoadBalancer
- CanonicalHostedZoneID
Description: Hosted Zone id of the External load balancer