-
Notifications
You must be signed in to change notification settings - Fork 0
/
sample_web_application.yml
185 lines (172 loc) · 5.06 KB
/
sample_web_application.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation Template: Web application using EC2, S3, Lambda, DynamoDB, CodeBuild, and SecretsManager with IAM roles.'
Resources:
WebServerInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0abcdef1234567890 # Specify your AMI ID
InstanceType: t2.micro
KeyName: MyKeyName # Specify your key pair
SecurityGroups:
- Ref: InstanceSecurityGroup
IamInstanceProfile:
Ref: EC2InstanceProfile
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
EC2InstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
- PolicyName: AccessS3DynamoDB
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 's3:GetObject'
- 's3:PutObject'
Resource: !Sub 'arn:aws:s3:::${ApplicationBucket}/*'
- Effect: Allow
Action:
- 'dynamodb:*'
Resource: !GetAtt ApplicationTable.Arn
EC2InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- Ref: EC2InstanceRole
ApplicationBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-application-bucket
ApplicationLambda:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: |
import json
def handler(event, context):
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda')
}
Handler: index.handler
Runtime: python3.8
Role: !GetAtt LambdaExecutionRole.Arn
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
- PolicyName: LambdaDynamoDBAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'dynamodb:GetItem'
- 'dynamodb:PutItem'
Resource: !GetAtt ApplicationTable.Arn
- Effect: Allow
Action: 'logs:*'
Resource: 'arn:aws:logs:*:*:*'
ApplicationTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: ApplicationData
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
BillingMode: PAY_PER_REQUEST
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: WebAppBuildProject
Source:
Type: GITHUB
Location: https://github.com/user/repo.git
Environment:
Type: LINUX_CONTAINER
Image: aws/codebuild/standard:4.0
ComputeType: BUILD_GENERAL1_SMALL
Artifacts:
Type: NO_ARTIFACTS
ServiceRole: !Ref CodeBuildRole
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- codebuild.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
- PolicyName: CodeBuildS3SecretsAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 's3:GetObject'
- 's3:PutObject'
Resource: !Sub 'arn:aws:s3:::${ApplicationBucket}/*'
- Effect: Allow
Action:
- 'secretsmanager:GetSecretValue'
Resource: !Ref AppSecret
AppSecret:
Type: AWS::SecretsManager::Secret
Properties:
Name: AppSecret
Description: Stores sensitive application credentials
SecretString: '{"username":"admin","password":"password"}'
Outputs:
WebServerIP:
Description: "Public IP of the web server"
Value: !GetAtt WebServerInstance.PublicIp
BucketName:
Description: "S3 Bucket for application storage"
Value: !Ref ApplicationBucket
LambdaFunctionName:
Description: "Lambda function name"
Value: !Ref ApplicationLambda
DynamoDBTableName:
Description: "DynamoDB table name"
Value: !Ref ApplicationTable
CodeBuildProjectName:
Description: "CodeBuild project name"
Value: !Ref CodeBuildProject
SecretId:
Description: "Secret ID for the application"
Value: !Ref AppSecret