Skip to content

Commit

Permalink
updated es access policy and instance type fot bastion and app
Browse files Browse the repository at this point in the history
  • Loading branch information
@atangirala
atangirala committed May 8, 2019
1 parent d8263bd commit 1fc34cc
Show file tree
Hide file tree
Showing 11 changed files with 1,936 additions and 226 deletions.
268 changes: 156 additions & 112 deletions templates/quickstart-ct-clickstream-analytics-master.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,8 +138,6 @@ Metadata:
default: Node type
AvailabilityZones:
default: Availability zones
ApplicationName:
default: Application name
EncryptData:
default: Encrypt data at rest
MasterUser:
Expand Down Expand Up @@ -357,120 +355,163 @@ Parameters:
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- g2.2xlarge
- g2.8xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- d2.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- hi1.4xlarge
- hs1.8xlarge
- cr1.8xlarge
- cc2.8xlarge
- cg1.4xlarge
ConstraintDescription: Must be a valid EC2 instance type.
AppInstanceType:
Description: App server EC2 instance type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- a1.2xlarge
- a1.4xlarge
- a1.large
- a1.medium
- a1.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- g2.2xlarge
- g2.8xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- d2.xlarge
- c4.large
- c4.xlarge
- c5.18xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.large
- c5.xlarge
- c5d.18xlarge
- c5d.2xlarge
- c5d.4xlarge
- c5d.9xlarge
- c5d.large
- c5d.xlarge
- c5n.18xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.large
- c5n.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- hi1.4xlarge
- hs1.8xlarge
- cr1.8xlarge
- cc2.8xlarge
- cg1.4xlarge
- d2.xlarge
- g3.16xlarge
- g3.4xlarge
- g3.8xlarge
- g3s.xlarge
- h1.16xlarge
- h1.2xlarge
- h1.4xlarge
- h1.8xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- i2.xlarge
- i3.16xlarge
- i3.2xlarge
- i3.4xlarge
- i3.8xlarge
- i3.large
- i3.xlarge
- m4.10xlarge
- m4.16xlarge
- m4.2xlarge
- m4.4xlarge
- m4.large
- m4.xlarge
- m5.12xlarge
- m5.24xlarge
- m5.2xlarge
- m5.4xlarge
- m5.large
- m5.metal
- m5.xlarge
- m5a.12xlarge
- m5a.24xlarge
- m5a.2xlarge
- m5a.4xlarge
- m5a.large
- m5a.xlarge
- m5ad.12xlarge
- m5ad.24xlarge
- m5ad.2xlarge
- m5ad.4xlarge
- m5ad.large
- m5ad.xlarge
- m5d.12xlarge
- m5d.24xlarge
- m5d.2xlarge
- m5d.4xlarge
- m5d.large
- m5d.metal
- m5d.xlarge
- p2.16xlarge
- p2.8xlarge
- p2.xlarge
- p3.16xlarge
- p3.2xlarge
- p3.8xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- r3.large
- r3.xlarge
- r4.16xlarge
- r4.2xlarge
- r4.4xlarge
- r4.8xlarge
- r4.large
- r4.xlarge
- r5.12xlarge
- r5.24xlarge
- r5.2xlarge
- r5.4xlarge
- r5.large
- r5.xlarge
- r5a.12xlarge
- r5a.24xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.large
- r5a.xlarge
- r5ad.12xlarge
- r5ad.24xlarge
- r5ad.2xlarge
- r5ad.4xlarge
- r5ad.large
- r5ad.xlarge
- r5d.12xlarge
- r5d.24xlarge
- r5d.2xlarge
- r5d.4xlarge
- r5d.large
- r5d.xlarge
- t2.2xlarge
- t2.large
- t2.medium
- t2.micro
- t2.nano
- t2.small
- t2.xlarge
- t3.2xlarge
- t3.large
- t3.medium
- t3.micro
- t3.nano
- t3.small
- t3.xlarge
- x1.16xlarge
- x1.32xlarge
ConstraintDescription: Must be a valid EC2 instance type.
KeyPairName:
Description: Public/private key pairs allow you to securely connect to your bastion instance after it launches. If you do not have one in this region, please create it before continuing
Expand Down Expand Up @@ -1304,23 +1345,26 @@ Resources:
SnapshotOptions:
AutomatedSnapshotStartHour: !Ref AutomatedSnapshotStartHour
AccessPolicies:
Version: '2012-10-17'
Statement:
- Action:
- es:ESHttpGet
- es:ESHttpPut
- es:ESHttpPost
- es:ESHttpHead
-
Principal:
AWS: "*"
Action:
- "es:ESHttpGet"
- "es:ESHttpPut"
- "es:ESHttpPost"
- "es:ESHttpHead"
Effect: "Allow"
Condition:
IpAddress:
aws:SourceIp:
- !Ref 'RemoteAccessCIDR'
Effect: Allow
Resource: '*'
Version: '2012-10-17'
IpAddress:
aws:SourceIp:
- Ref: RemoteAccessCIDR
Resource: "arn:aws:es:*"
AdvancedOptions:
rest.action.multi.allow_explicit_index: 'true'
indices.fielddata.cache.size: 100
indices.query.bool.max_clause_count: 1024
indices.fielddata.cache.size: '100'
indices.query.bool.max_clause_count: '1024'
ElasticSearchDeliveryRole:
Type: AWS::IAM::Role
Properties:
Expand Down Expand Up @@ -1896,8 +1940,8 @@ Resources:
- !GetAtt VPCStack.Outputs.PrivateSubnet1AID
- !GetAtt VPCStack.Outputs.PrivateSubnet2AID
LaunchConfigurationName: !Ref 'LaunchConfigisDemos'
MinSize: 2
MaxSize: 4
MinSize: '2'
MaxSize: '4'
TargetGroupARNs:
- !Ref TargetGroupPublic
NotificationConfiguration:
Expand Down Expand Up @@ -2081,15 +2125,15 @@ Resources:
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref 'AppServerGroup'
Cooldown: 60
Cooldown: '60'
ScalingAdjustment: 1
AppServerScaleDownPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Condition: isDemon
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref 'AppServerGroup'
Cooldown: 60
Cooldown: '60'
ScalingAdjustment: -1
CPUAlarmHigh:
Type: AWS::CloudWatch::Alarm
Expand Down Expand Up @@ -2131,15 +2175,15 @@ Resources:
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref 'AppServerGroupisDemos'
Cooldown: 60
Cooldown: '60'
ScalingAdjustment: 1
AppServerScaleDownPolicyisDemos:
Type: AWS::AutoScaling::ScalingPolicy
Condition: isDemos
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName: !Ref 'AppServerGroupisDemos'
Cooldown: 60
Cooldown: '60'
ScalingAdjustment: -1
CPUAlarmHighisDemos:
Type: AWS::CloudWatch::Alarm
Expand Down Expand Up @@ -2195,7 +2239,7 @@ Resources:
Scheme: internet-facing
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: 30
Value: '30'
Subnets:
- !GetAtt VPCStack.Outputs.PublicSubnet1ID
- !GetAtt VPCStack.Outputs.PublicSubnet2ID
Expand Down
Loading

0 comments on commit 1fc34cc

Please sign in to comment.