-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathhighly_available_wordpress_infra.aws
62 lines (45 loc) · 2.96 KB
/
highly_available_wordpress_infra.aws
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Title: Highly-available wordpress infrastructure
# Tags: infra
# MinimalVersion: v0.1.7
# 1. Basic networking
# VPC and its Internet gateway
vpc = create vpc cidr=10.0.0.0/16 name=wordpress-ha-vpc
igw = create internetgateway
attach internetgateway id=$igw vpc=$vpc
pubSub1 = create subnet cidr=10.0.100.0/24 vpc=$vpc name=wordpress-ha-public-subnet-1 availabilityzone={availabilityzone.1}
update subnet id=$pubSub1 public=true
pubSub2 = create subnet cidr=10.0.101.0/24 vpc=$vpc name=wordpress-ha-public-subnet-2 availabilityzone={availabilityzone.2}
update subnet id=$pubSub2 public=true
rt = create routetable vpc=$vpc
create route table=$rt cidr=0.0.0.0/0 gateway=$igw
attach routetable id=$rt subnet=$pubSub1
attach routetable id=$rt subnet=$pubSub2
# 2 private subnets in different AZs
privSub1 = create subnet cidr=10.0.10.0/24 vpc=$vpc name=wordpress-ha-private-subnet-1 availabilityzone={availabilityzone.1}
privSub2 = create subnet cidr=10.0.11.0/24 vpc=$vpc name=wordpress-ha-private-subnet-2 availabilityzone={availabilityzone.2}
# NAT Gateway in public subnet with a fixed IP
ip = create elasticip
natgw = create natgateway elasticip-id=$ip subnet=$pubSub1
check natgateway id=$natgw state=available timeout=180
# Routing between private subnets and NAT gateway
natgw_rtable = create routetable vpc=$vpc
attach routetable id=$natgw_rtable subnet=$privSub1
attach routetable id=$natgw_rtable subnet=$privSub2
create route cidr=0.0.0.0/0 gateway=$natgw table=$natgw_rtable
# 2. Provision loadbalancer
# Create the load balancer security group
lbsecgroup = create securitygroup vpc=$vpc description="authorize HTTP from the internet" name=wordpress-ha-lb-securitygroup
update securitygroup id=$lbsecgroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=80
# Provision the load balancer listening in the public subnets, with its target group and HTTP listener
tg = create targetgroup name=wordpress-ha-workers port=80 protocol=HTTP vpc=$vpc
update targetgroup id=$tg stickiness=true
lb = create loadbalancer name=wordpress-ha-loadbalancer subnets=[$pubSub1,$pubSub2] securitygroups=$lbsecgroup
create listener actiontype=forward loadbalancer=$lb port=80 protocol=HTTP targetgroup=$tg
# 3. Provision instances
# Create keypair and instance
keypair = create keypair name={keypair.name}
instSecGroup = create securitygroup vpc=$vpc description="HTTP + SSH within VPC" name=wordpress-ha-private-secgroup
update securitygroup id=$instSecGroup inbound=authorize cidr=10.0.0.0/16 portrange=22
update securitygroup id=$instSecGroup inbound=authorize cidr=10.0.0.0/16 portrange=80
launchconf = create launchconfiguration distro=amazonlinux keypair=$keypair name=wordpress-ha-launch-configuration type={instance.type} userdata=https://raw.githubusercontent.com/zn3zman/AWS-WordPress-Creation/master/WP-Setup.sh securitygroups=$instSecGroup
create scalinggroup desired-capacity=2 launchconfiguration=$launchconf max-size=2 min-size=2 name=wordpress-scalinggroup subnets=[$privSub1, $privSub2] targetgroups=$tg