Scribd
Upload
26 views5 pages

Cloudformation

The document outlines a solution for deploying a multi-tier architecture using AWS services including EC2, RDS, VPC, and Route 53, with automation through AWS CloudFormation. It details the steps for launching instances in public and private subnets, configuring security groups, and setting up a hosted zone for DNS management. The CloudFormation template provided specifies resources for the web, application, and database tiers, ensuring secure communication and resource management.

Uploaded by

Sundareasan Srinivasan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
26 views5 pages

Cloudformation

The document outlines a solution for deploying a multi-tier architecture using AWS services including EC2, RDS, VPC, and Route 53, with automation through AWS CloudFormation. It details the steps for launching instances in public and private subnets, configuring security groups, and setting up a hosted zone for DNS management. The CloudFormation template provided specifies resources for the web, application, and database tiers, ensuring secure communication and resource management.

Uploaded by

Sundareasan Srinivasan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

Solution: The solution to your problem can be achieved using AWS services like EC2,

RDS, VPC, and Route 53. Also, AWS CloudFormation can be used to automate the
provisioning and management of resources.

Steps to Follow:
Web Tier Launch an EC2 instance in a public subnet. Configure the security group to
allow HTTP (port 80) and SSH (port 22) from the internet.
Application Tier Launch an EC2 instance in a private subnet. Configure the security
group to allow only SSH (port 22) from the public subnet of the Web Tier.
DB Tier Launch an RDS MYSQL instance in a private subnet. Configure the security
group to allow connections on port 3306 only from the private subnet of the
Application Tier.

Route 53 Create a hosted zone in Route 53. Create a record set to direct traffic to
the EC2 instance of the Web Tier.
AWS CloudFormation To allow the development team to test their code without
involving the system admins, you can use AWS CloudFormation. This service allows
you to model and provision AWS and third-party application resources. You can
create a CloudFormation template that describes all the AWS resources that you want
(like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation
takes care of provisioning and configuring those resources for you.

AWSTemplateFormatVersion: '2010-09-09'
Description: Template to create Web, Application, and DB Tiers with Route 53 setup

Parameters:
InstanceType:
Type: String
Default: t2.micro
AllowedValues:
- t2.micro
- t3.micro
- t3a.micro
Description: EC2 instance type for Web and Application tiers

Resources:

# VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: "true"
EnableDnsHostnames: "true"

# Public Subnet for Web Tier


PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: us-east-1a
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: WebTierPublicSubnet

# Private Subnet for Application Tier


PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: us-east-1a
Tags:
- Key: Name
Value: ApplicationTierPrivateSubnet

# Private Subnet for DB Tier


DBSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.3.0/24
AvailabilityZone: us-east-1a
Tags:
- Key: Name
Value: DBTierPrivateSubnet

# Internet Gateway for Public Subnet


InternetGateway:
Type: AWS::EC2::InternetGateway
Properties: {}

AttachInternetGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway

# Security Group for Web Tier (Public EC2 instance)


WebTierSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP and SSH from the internet
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
CidrIp: 0.0.0.0/0

# Security Group for Application Tier (Private EC2 instance)


ApplicationTierSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow SSH from Web Tier to Application Tier
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
SourceSecurityGroupId: !Ref WebTierSecurityGroup
# Security Group for DB Tier (Private RDS)
DBTierSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow MySQL connections from Application Tier
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "3306"
ToPort: "3306"
SourceSecurityGroupId: !Ref ApplicationTierSecurityGroup

# EC2 Instance for Web Tier


WebTierInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref InstanceType
ImageId: ami-0c55b159cbfafe1f0 # Replace with an appropriate AMI ID
SubnetId: !Ref PublicSubnet
SecurityGroupIds:
- !Ref WebTierSecurityGroup
KeyName: your-key-pair-name # Provide your SSH key pair name here

# EC2 Instance for Application Tier


ApplicationTierInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref InstanceType
ImageId: ami-0c55b159cbfafe1f0 # Replace with an appropriate AMI ID
SubnetId: !Ref PrivateSubnet
SecurityGroupIds:
- !Ref ApplicationTierSecurityGroup
KeyName: your-key-pair-name # Provide your SSH key pair name here

# RDS MySQL Instance for DB Tier


DBInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: db.t3.micro # Modify as needed
Engine: MySQL
EngineVersion: 8.0
MasterUsername: admin
MasterUserPassword: adminpassword
DBName: mydatabase
AllocatedStorage: "20"
VPCSecurityGroups:
- !Ref DBTierSecurityGroup
DBSubnetGroupName: !Ref DBSubnetGroup
MultiAZ: "false"
PubliclyAccessible: "false"
DeletionPolicy: Retain # Ensure the RDS instance is retained upon stack
deletion

# RDS Subnet Group


DBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnet group for DB tier
SubnetIds:
- !Ref DBSubnet

# Route 53 Hosted Zone


HostedZone:
Type: AWS::Route53::HostedZone
Properties:
Name: "sundareasaiyer.xyz"
HostedZoneConfig:
Comment: "Hosted zone for sundareasaiyer.xyz"

# Record Set to point to Web Tier EC2 instance


RecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref HostedZone
Name: "sundareasaiyer.xyz"
Type: A
TTL: 60
ResourceRecords:
- !GetAtt WebTierInstance.PublicIp

Outputs:
WebTierInstancePublicIP:
Description: Public IP of the Web Tier EC2 instance
Value: !GetAtt WebTierInstance.PublicIp

ApplicationTierInstancePrivateIP:
Description: Private IP of the Application Tier EC2 instance
Value: !GetAtt ApplicationTierInstance.PrivateIp

DBInstanceEndpoint:
Description: Endpoint of the RDS MySQL instance
Value: !GetAtt DBInstance.Endpoint.Address

Explanation of the template:


VPC & Subnets:
A VPC is created with three subnets: a public subnet for the Web Tier, a private
subnet for the Application Tier, and a private subnet for the DB Tier.

Internet Gateway:
The Internet Gateway allows outbound traffic from the public subnet to the internet
(for SSH and HTTP).

Security Groups:
The Web Tier security group allows HTTP and SSH from anywhere.
The Application Tier security group allows SSH only from the Web Tier.
The DB Tier security group allows MySQL (port 3306) access only from the
Application Tier.

EC2 Instances:
Two EC2 instances are created: one for the Web Tier (in the public subnet) and one
for the Application Tier (in the private subnet).

RDS MySQL Instance:


A MySQL RDS instance is created in the private subnet for the DB tier, accessible
only from the Application Tier. DeletionPolicy: Retain has been added to the RDS
MySQL DB instance resource (DBInstance). This ensures that when the CloudFormation
stack is deleted, the RDS instance is retained and not deleted. It will continue to
exist independently of the CloudFormation stack.
Route 53:
A hosted zone is created, and a DNS record (www.example.com) is created that points
to the Web Tier's public IP.
This way, the development team can focus on testing the code rather than
provisioning, configuring, and updating the resources needed to test the code

You might also like