{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Creates all of the shared resources for prod-226.", "Parameters": {"MySQLDatabaseMasterPassword": { "Description": "The master password for the MySQL databases.", "Type": "String", "NoEcho": true }}, "Resources": { "prod226DBTopic": { "Type": "AWS::SNS::Topic", "Properties": { "DisplayName": "prod-226-RDS-Alert", "TopicName": "prod-226-RDS-Alert", "Subscription": [{ "Endpoint": "synapse-ops@sagebase.org", "Protocol": "email" }] } }, "prod226DBSubnetGroup": { "Type": "AWS::RDS::DBSubnetGroup", "Properties": { "DBSubnetGroupDescription": "Repository database subnet group defines where RDS instances can be deployed.", "SubnetIds": {"Fn::Split": [ ",", {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-Red-Private-Subnets"} ]} } }, "prod226VpcDBSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "VPC Security Group for prod-226 that grants access to VPN traffic and Red public subnets.", "VpcId": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-VPCId"}, "SecurityGroupIngress": [ { "Description": "Allow all VPN traffic", "CidrIp": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-VpnCidr"}, "FromPort": "3306", "ToPort": "3306", "IpProtocol": "tcp" }, { "Description": "Allow Red subnet one access to MySQL", "CidrIp": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-Red-CIDR"}, "FromPort": "3306", "ToPort": "3306", "IpProtocol": "tcp" } ], "Tags": [ { "Key": "Application", "Value": {"Ref": "AWS::StackName"} }, { "Key": "Name", "Value": "prod226VpcDatabaseSecurityGroup" } ] } }, "prod226DBParameterGroup": { "Type": "AWS::RDS::DBParameterGroup", "Properties": { "Description": "Shared MySQL database parameters", "Family": "mysql5.6", "Parameters": { "slow_query_log": "1", "long_query_time": "1", "max_allowed_packet": "16777216", "log_bin_trust_function_creators": "1" } } }, "prod226RepositoryDB": { "Type": "AWS::RDS::DBInstance", "DependsOn": [ "prod226DBSubnetGroup", "prod226VpcDBSecurityGroup", "prod226DBParameterGroup" ], "Properties": { "AllocatedStorage": "50", "AllowMajorVersionUpgrade": false, "AutoMinorVersionUpgrade": true, "BackupRetentionPeriod": "7", "DBInstanceClass": "db.r3.large", "DBInstanceIdentifier": "prod-226-db", "DBName": "prod226", "DBParameterGroupName": {"Ref": "prod226DBParameterGroup"}, "DBSubnetGroupName": {"Ref": "prod226DBSubnetGroup"}, "Engine": "MySQL", "EngineVersion": "5.6.34", "LicenseModel": "general-public-license", "MasterUsername": "prod226user", "MasterUserPassword": {"Ref": "MySQLDatabaseMasterPassword"}, "MultiAZ": true, "PreferredBackupWindow": "3:00-6:00", "PreferredMaintenanceWindow": "Mon:07:15-Mon:07:45", "PubliclyAccessible": false, "StorageType": "standard", "VPCSecurityGroups": [{"Ref": "prod226VpcDBSecurityGroup"}] } }, "prod226RepositoryDBAlarmSwapUsage": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database swap usage is exceeded.", "AlarmName": "prod-226-db-Swap-Usage", "ComparisonOperator": "GreaterThanThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-db" }], "EvaluationPeriods": 2, "Period": 300, "MetricName": "SwapUsage", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 536870912 } }, "prod226RepositoryDBHighWriteLatency": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database write latency is exceeded.", "AlarmName": "prod-226-db-High-Write-Latency", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-db" }], "EvaluationPeriods": 1, "Period": 300, "MetricName": "WriteLatency", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 0.1 } }, "prod226RepositoryDBHighCPUUtilization": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database CPU utilization is exceeded.", "AlarmName": "prod-226-db-High-CPU-Utilization", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-db" }], "EvaluationPeriods": 1, "Period": 300, "MetricName": "CPUUtilization", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 90 } }, "prod226RepositoryDBLowFreeStorageSpace": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database free storage space is low.", "AlarmName": "prod-226-db-Low-Free-Storage-Space", "ComparisonOperator": "LessThanOrEqualToThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-db" }], "EvaluationPeriods": 1, "Period": 300, "MetricName": "FreeStorageSpace", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 5.36870912E9 } }, "prod226Table0RepositoryDB": { "Type": "AWS::RDS::DBInstance", "DependsOn": [ "prod226DBSubnetGroup", "prod226VpcDBSecurityGroup", "prod226DBParameterGroup" ], "Properties": { "AllocatedStorage": "500", "AllowMajorVersionUpgrade": false, "AutoMinorVersionUpgrade": true, "BackupRetentionPeriod": "7", "DBInstanceClass": "db.r3.large", "DBInstanceIdentifier": "prod-226-table-0", "DBName": "prod226", "DBParameterGroupName": {"Ref": "prod226DBParameterGroup"}, "DBSubnetGroupName": {"Ref": "prod226DBSubnetGroup"}, "Engine": "MySQL", "EngineVersion": "5.6.34", "LicenseModel": "general-public-license", "MasterUsername": "prod226user", "MasterUserPassword": {"Ref": "MySQLDatabaseMasterPassword"}, "MultiAZ": false, "PreferredBackupWindow": "3:00-6:00", "PreferredMaintenanceWindow": "Mon:07:15-Mon:07:45", "PubliclyAccessible": false, "StorageType": "standard", "VPCSecurityGroups": [{"Ref": "prod226VpcDBSecurityGroup"}] } }, "prod226Table0RepositoryDBAlarmSwapUsage": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226Table0RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database swap usage is exceeded.", "AlarmName": "prod-226-table-0-Swap-Usage", "ComparisonOperator": "GreaterThanThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-table-0" }], "EvaluationPeriods": 2, "Period": 300, "MetricName": "SwapUsage", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 536870912 } }, "prod226Table0RepositoryDBHighWriteLatency": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226Table0RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database write latency is exceeded.", "AlarmName": "prod-226-table-0-High-Write-Latency", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-table-0" }], "EvaluationPeriods": 1, "Period": 300, "MetricName": "WriteLatency", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 0.1 } }, "prod226Table0RepositoryDBHighCPUUtilization": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226Table0RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database CPU utilization is exceeded.", "AlarmName": "prod-226-table-0-High-CPU-Utilization", "ComparisonOperator": "GreaterThanOrEqualToThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-table-0" }], "EvaluationPeriods": 1, "Period": 300, "MetricName": "CPUUtilization", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 90 } }, "prod226Table0RepositoryDBLowFreeStorageSpace": { "Type": "AWS::CloudWatch::Alarm", "DependsOn": [ "prod226DBTopic", "prod226Table0RepositoryDB" ], "Properties": { "ActionsEnabled": true, "AlarmActions": [{"Ref": "prod226DBTopic"}], "AlarmDescription": "Alert when database free storage space is low.", "AlarmName": "prod-226-table-0-Low-Free-Storage-Space", "ComparisonOperator": "LessThanOrEqualToThreshold", "Dimensions": [{ "Name": "DBInstanceIdentifier", "Value": "prod-226-table-0" }], "EvaluationPeriods": 1, "Period": 300, "MetricName": "FreeStorageSpace", "Namespace": "AWS/RDS", "Statistic": "Average", "Threshold": 5.36870912E10 } }, "prod226Application": { "Type": "AWS::ElasticBeanstalk::Application", "Properties": { "ApplicationName": "Synapse-prod-226", "Description": "Group of all Synapse-prod-226 Bean Stalk Environment" } }, "prod226BeanstalkSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security Group for all Bean Stalk EC2 instances in prod226", "VpcId": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-VPCId"}, "SecurityGroupIngress": [ { "Description": "Allow SSH for VPN traffic", "CidrIp": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-VpnCidr"}, "FromPort": "22", "ToPort": "22", "IpProtocol": "tcp" }, { "Description": "Allow Red subnet HTTP access", "CidrIp": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-Red-CIDR"}, "FromPort": "80", "ToPort": "80", "IpProtocol": "tcp" } ], "SecurityGroupEgress": [{ "CidrIp": "0.0.0.0/0", "FromPort": "-1", "ToPort": "-1", "IpProtocol": "-1" }], "Tags": [ { "Key": "Application", "Value": {"Ref": "AWS::StackName"} }, { "Key": "Name", "Value": "prod226BeanstalkSecurityGroup" } ] } }, "prod226LoadBalancerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security Group for the Load Balancers of prod226", "VpcId": {"Fn::ImportValue": "us-east-1-synapse-prod-vpc-VPCId"}, "SecurityGroupIngress": [ { "Description": "Allow HTTP traffic", "CidrIp": "0.0.0.0/0", "FromPort": "80", "ToPort": "80", "IpProtocol": "tcp" }, { "Description": "Allow HTTPS traffic", "CidrIp": "0.0.0.0/0", "FromPort": "443", "ToPort": "443", "IpProtocol": "tcp" } ], "SecurityGroupEgress": [ { "Description": "Allow HTTP traffic", "CidrIp": "0.0.0.0/0", "FromPort": "80", "ToPort": "80", "IpProtocol": "tcp" }, { "Description": "Allow HTTPS traffic", "CidrIp": "0.0.0.0/0", "FromPort": "443", "ToPort": "443", "IpProtocol": "tcp" } ], "Tags": [ { "Key": "Application", "Value": {"Ref": "AWS::StackName"} }, { "Key": "Name", "Value": "prod226LoadBalancerSecurityGroup" } ] } } }, "Outputs": { "BeanstalkApplicationId": { "Description": "The elastic bean stalk application ID", "Value": {"Ref": "prod226Application"}, "Export": {"Name": {"Fn::Join": [ "-", [ {"Ref": "AWS::Region"}, {"Ref": "AWS::StackName"}, "Beanstalk-Application-Name" ] ]}} }, "BeanstalkSecurityGroupId": { "Description": "The ID of the Beanstalk security group", "Value": {"Ref": "prod226BeanstalkSecurityGroup"}, "Export": {"Name": {"Fn::Join": [ "-", [ {"Ref": "AWS::Region"}, {"Ref": "AWS::StackName"}, "Beanstalk-Security-Group-ID" ] ]}} }, "LoadBalancerSecurityGroup": { "Description": "The ID of the Load Balancer Security Group", "Value": {"Ref": "prod226LoadBalancerSecurityGroup"}, "Export": {"Name": {"Fn::Join": [ "-", [ {"Ref": "AWS::Region"}, {"Ref": "AWS::StackName"}, "Load-Balancer-Security-Group-ID" ] ]}} }, "prod226DBTopicId": { "Description": "The elastic bean stalk application ID", "Value": {"Ref": "prod226DBTopic"}, "Export": {"Name": {"Fn::Join": [ "-", [ {"Ref": "AWS::Region"}, {"Ref": "AWS::StackName"}, "DB-SNS-Topic-ID" ] ]}} }, "prod226RepositoryDBEndpoint": { "Description": "The elastic bean stalk application ID", "Value": {"Fn::GetAtt": [ "prod226RepositoryDB", "Endpoint.Address" ]}, "Export": {"Name": {"Fn::Join": [ "-", [ {"Ref": "AWS::Region"}, {"Ref": "AWS::StackName"}, "prod226RepositoryDB-Endpoint" ] ]}} }, "prod226Table0RepositoryDBEndpoint": { "Description": "The elastic bean stalk application ID", "Value": {"Fn::GetAtt": [ "prod226Table0RepositoryDB", "Endpoint.Address" ]}, "Export": {"Name": {"Fn::Join": [ "-", [ {"Ref": "AWS::Region"}, {"Ref": "AWS::StackName"}, "prod226Table0RepositoryDB-Endpoint" ] ]}} } } }