{"id":42456507,"url":"https://github.com/caktus/aws-web-stacks","last_synced_at":"2026-01-28T09:00:07.290Z","repository":{"id":49492338,"uuid":"74834710","full_name":"caktus/aws-web-stacks","owner":"caktus","description":"Easily create AWS managed resources in an isolated VPC for hosting web applications.","archived":false,"fork":false,"pushed_at":"2025-09-16T18:19:55.000Z","size":491,"stargazers_count":101,"open_issues_count":16,"forks_count":17,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-09-16T21:19:53.305Z","etag":null,"topics":["aws","cloudformation-templates","containers","troposphere"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/caktus.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":"CONTRIBUTING.rst","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-11-26T15:46:41.000Z","updated_at":"2025-05-28T19:27:13.000Z","dependencies_parsed_at":"2025-09-16T20:15:29.009Z","dependency_job_id":"d883864c-8a74-4e65-870c-c102acbced71","html_url":"https://github.com/caktus/aws-web-stacks","commit_stats":{"total_commits":369,"total_committers":9,"mean_commits":41.0,"dds":0.6016260162601625,"last_synced_commit":"b8c8fc0eb21188c3357ce9ce14bb8dd58405e6fc"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/caktus/aws-web-stacks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caktus%2Faws-web-stacks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caktus%2Faws-web-stacks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caktus%2Faws-web-stacks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caktus%2Faws-web-stacks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/caktus","download_url":"https://codeload.github.com/caktus/aws-web-stacks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/caktus%2Faws-web-stacks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28843105,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T07:39:25.367Z","status":"ssl_error","status_checked_at":"2026-01-28T07:39:24.487Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudformation-templates","containers","troposphere"],"created_at":"2026-01-28T09:00:06.554Z","updated_at":"2026-01-28T09:00:07.269Z","avatar_url":"https://github.com/caktus.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"AWS Web Stacks\n==============\n\n.. image:: https://circleci.com/gh/caktus/aws-web-stacks.svg?style=svg\n    :target: https://circleci.com/gh/caktus/aws-web-stacks\n\nAWS Web Stacks is a library of CloudFormation templates that dramatically simplify hosting web applications\non AWS. The library supports using Elastic Beanstalk, ECS, EKS, EC2 instances (via an AMI you specify),\nor `Dokku \u003chttp://dokku.viewdocs.io/dokku/\u003e`_ for the application server(s) and\nprovides auxilary managed services such as an RDS instance, ElastiCache instance, Elasticsearch instance\n(free) SSL certificate via AWS Certificate Manager, S3 bucket for static assets, ECS repository for hosting\nDocker images, etc. All resources (that support VPCs) are created in a self-contained VPC, which may use a\nNAT gateway (if you want to pay for that) or not, and resources that require API authentication (such as\nS3 or Elasticsearch) are granted permissions via the IAM instance role and profile assigned to the\napplication servers created in the stack.\n\nThe CloudFormation templates are written in `troposphere \u003chttps://github.com/cloudtools/troposphere\u003e`_,\nwhich allows for some validation at build time and simplifies the management of several related\ntemplates.\n\nIf a NAT gateway is not used, it's possible to create a fully-managed, self-contained hosting\nenvironment for your application entirely within the free tier on AWS (albeit not with all stacks,\nfor example, there is no free tier for EKS). To try it out, select one of the following:\n\n+---------------------+-------------------+---------------+---------------+---------------+-----------------+\n|                     | Elastic Beanstalk | ECS           | EKS           | EC2 Instances | Dokku           |\n+=====================+===================+===============+===============+===============+=================+\n| Without NAT Gateway | |EB-No-NAT|_      | |ECS-No-NAT|_ | |EKS-No-NAT|_ | |EC2-No-NAT|_ | |Dokku-No-NAT|_ |\n+---------------------+-------------------+---------------+---------------+---------------+-----------------+\n| With NAT Gateway    | |EB-NAT|_         | |ECS-NAT|_    | |EKS-NAT|_    | |EC2-NAT|_    | n/a             |\n+---------------------+-------------------+---------------+---------------+---------------+-----------------+\n\nIf you'd like to review the CloudFormation template first, or update an existing stack, you may also\nwish to use the YAML template directly:\n\n+---------------------+-------------------+--------------------+--------------------+--------------------+----------------------+\n|                     | Elastic Beanstalk | ECS                | EKS                | EC2 Instances      | Dokku                |\n+=====================+===================+====================+====================+====================+======================+\n| Without NAT Gateway | `eb-no-nat.yaml`_ | `ecs-no-nat.yaml`_ | `eks-no-nat.yaml`_ | `ec2-no-nat.yaml`_ | `dokku-no-nat.yaml`_ |\n+---------------------+-------------------+--------------------+--------------------+--------------------+----------------------+\n| With NAT Gateway    | `eb-nat.yaml`_    | `ecs-nat.yaml`_    | `eks-nat.yaml`_    | `ec2-nat.yaml`_    | n/a                  |\n+---------------------+-------------------+--------------------+--------------------+--------------------+----------------------+\n\n.. |EB-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _EB-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eb-app-no-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/eb-no-nat.yaml\n.. _eb-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/eb-no-nat.yaml\n\n.. |EB-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _EB-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eb-app-with-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/eb-nat.yaml\n.. _eb-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/eb-nat.yaml\n\n.. |ECS-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _ECS-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=ecs-app-no-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/ecs-no-nat.yaml\n.. _ecs-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/ecs-no-nat.yaml\n\n.. |ECS-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _ECS-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=ecs-app-with-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/ecs-nat.yaml\n.. _ecs-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/ecs-nat.yaml\n\n.. |EKS-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _EKS-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eks-no-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/eks-no-nat.yaml\n.. _eks-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/eks-no-nat.yaml\n\n.. |EKS-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _EKS-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=eks-with-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/eks-nat.yaml\n.. _eks-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/eks-nat.yaml\n\n.. |EC2-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _EC2-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=ec2-app-no-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/ec2-no-nat.yaml\n.. _ec2-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/ec2-no-nat.yaml\n\n.. |EC2-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _EC2-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=ec2-app-with-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/ec2-nat.yaml\n.. _ec2-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/ec2-nat.yaml\n\n.. |Dokku-No-NAT| image:: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png\n.. _Dokku-No-NAT: https://console.aws.amazon.com/cloudformation/home?#/stacks/new?stackName=dokku-no-nat\u0026templateURL=https://s3.amazonaws.com/aws-web-stacks/dokku-no-nat.yaml\n.. _dokku-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/dokku-no-nat.yaml\n\nDocumentation\n-------------\n\nIn addition to this README, there is additional documentation at\nhttp://aws-web-stacks.readthedocs.io/\n\n\nElastic Beanstalk, Elastic Container Service, EC2, Dokku, or EKS?\n-----------------------------------------------------------------\n\n**Elastic Beanstalk** is the recommended starting point. Elastic Beanstalk comes with a preconfigured\nautoscaling configuration, allows for automated, managed updates to the underlying servers, allows changing\nenvironment variables without recreating the underlying service, and comes with its own command line\ntool for managing deployments. The Elastic Beanstalk environment uses the\n`multicontainer docker environment \u003chttp://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html\u003e`_\nto maximize flexibility in terms of the application(s) and container(s) deployed to the stack.\n\n**Elastic Container Service (ECS)** or **Elastic Kubernetes Service (EKS)** might be useful if complex container\nservice definitions are required.\n\nIf you prefer to configure application servers manually using Ansible, Salt, Chef, Puppet, or another such tool,\nchoose the **EC2** option. Be aware that the instances created are managed by an autoscaling group, so you should\nsuspend the autoscaling processes on this autoscaling group (after the initial instances are created) if you\ndon't want it to bring up new (unprovisioned) instances or potentially even terminate one of your instances should\nit appear unhealthy, e.g.::\n\n    aws autoscaling suspend-processes --auto-scaling-group-name \u003cyour-ag-name\u003e\n\nFor very simple, Heroku-like deploys, choose the **Dokku** option. This will give you a single EC2 instance\nbased on Ubuntu 16.04 LTS with `Dokku \u003chttp://dokku.viewdocs.io/dokku/\u003e`_ pre-installed and global environment\nvariables configured that will allow your app to find the RDS, ElastiCache, and Elasticsearch nodes created\nwith this stack.\n\nNAT Gateways\n------------\n\n`NAT Gateways \u003chttp://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html\u003e`_\nhave the added benefit of preventing network connections to EC2 instances within the VPC, but\ncome at an added cost (and no free tier).\n\nIf a NAT Gateway stack is selected, you'll have the option of creating a bastion host or VPN server\nin the stack, using an AMI and instance type of your choice. The bastion type selected will determine which\nports are opened by default for this host. If ``SSH``, only SSH traffic will be allowed from the IP address\nor subnet configured by the ``AdministratorIPAddress`` parameter. If ``OpenVPN``, HTTPS and SSH traffic will\nbe allowed from the ``AdministratorIPAddress``, and OpenVPN UDP traffic from any address. Additional ports\nwill need to be opened manually via the AWS console or API.\n\nStack Creation Process\n----------------------\n\nCreating a stack takes approximately 30-35 minutes. The CloudFront distribution and RDS instance\ntypically take the longest to finish, and the EB environment or ECS service creation\nwill not begin until all of its dependencies, including the CloudFront distribution and RDS\ninstance, have been created.\n\nSSL Certificate\n---------------\n\nFor the Elastic Beanstalk, Elastic Container Service, and EC2 (non-GovCloud) options, an\nautomatically-generated SSL certificate is included. The certificate requires approval from the\ndomain owner before it can be issued, and *your stack creation will not finish until you approve\nthe request*. Be on the lookout for an email from Amazon to the domain owner (as seen in a ``whois``\nquery) and follow the link to approve the certificate. If you're using a ``.io`` domain, be aware that\n`prior steps \u003chttp://docs.aws.amazon.com/acm/latest/userguide/troubleshoot-iodomains.html\u003e`_\nmay be necessary to receive email for ``.io`` domains, because domain owner emails cannot\nbe discovered via ``whois``.\n\nManual ACM Certificates\n~~~~~~~~~~~~~~~~~~~~~~~\n\nYou also have the option to *not* create a certificate as part of the stack provisioning process. If\nyou do this, an HTTPS listener (and corresponding certificate) can be manually attached to the load\nbalancer after stack creation via the AWS Console or using ``awscli`` using the steps below.\n\nTo request a new certificate using DNS validation, run the following command with ``--domain-name``\nmatching your desired domain::\n\n  aws acm request-certificate --domain-name [DOMAIN NAME] --validation-method DNS\n\nYou can query the CNAME ``name`` and ``value`` variables using ``describe-certificate``::\n\n  aws acm list-certificates\n  aws acm describe-certificate --certificate-arn=YOUR-CertificateArn\n\nAdd the listed CNAME to your DNS provider to complete the verification process.\n\nOnce verified, add an HTTPS listener to the environment's ELB::\n\n  aws elb describe-load-balancers --query \"LoadBalancerDescriptions[*].LoadBalancerName\"\n  aws elb create-load-balancer-listeners --load-balancer-name [LB NAME]\n                                         --listeners \"SSLCertificateId=[CERTIFICATE-ARN],Protocol=HTTPS,LoadBalancerPort=443,InstanceProtocol=HTTP,InstancePort=80\"\n\n\nEncryption (using AWS Key Management Service)\n---------------------------------------------\n\nServer-side encryption support is available, via the ``UseAES256Encryption``\nparameter, on the following AWS resources:\n\n* EC2 EBS (for application EC2 instances and bastion host)\n* ElastiCache Redis (ReplicationGroup)\n* RDS\n* S3\n* EKS Envelope Encryption (via ``EnableEksEncryptionConfig``)\n\nBy default, when enabled, an `AWS managed CMK`_ (customer master key) will be\ncreated the first time you try to create an encrypted resource within that\nservice. AWS will manage the policies associated with AWS managed CMKs on your\nbehalf. You can track AWS managed keys in your account and all usage is logged\nin AWS CloudTrail, but you have no direct control over the keys themselves.\nThese keys will be shared across all resources utilizing default encryption\nwithin your AWS account.\n\nCustomer Managed CMK\n~~~~~~~~~~~~~~~~~~~~\n\nThe ``CustomerManagedCmkArn`` parameter allows your stack to be encrypted with a\n`Customer Managed CMK`_. You have full control over these CMKs, including\nestablishing and maintaining their key policies, IAM policies, and grants,\nenabling and disabling them, rotating their cryptographic material, adding tags,\ncreating aliases that refer to the CMK, and scheduling the CMKs for deletion.\n\nRequired CMK Key Policy for Use with Encrypted Volumes\n``````````````````````````````````````````````````````\n\n**Important:** If you specify a customer managed CMK, several steps are required\nto support Amazon EBS encryption within Amazon EC2 Auto Scaling.\n\n1. You (or your account administrator) must give the appropriate\n**service-linked role** access to the CMK, so that Amazon EC2 Auto Scaling can\nlaunch instances on your behalf. To do this, you must modify the CMK's key\npolicy. If omitted, auto scaling will fail to launch instances. See `Required\nCMK Key Policy for Use with Encrypted Volumes`_ for more information.\n\n2. You must encrypt the AMI specified in the ``AMI`` parameter with your\ncustomer managed CMK. Existing AMIs can easily be copied and encrypted with your\nkey from within the AWS Console. Follow the steps in `Copying an AMI`_ and use\nyour customer managed CMK ARN when prompted for a Master Key. Once copied, use\nthe new AMI for your stack ``AMI`` parameter.\n\n.. _AWS managed CMK: https://docs.aws.amazon.com/en_pv/kms/latest/developerguide/concepts.html#aws-managed-cmk\n.. _Customer Managed CMK: https://docs.aws.amazon.com/en_pv/kms/latest/developerguide/concepts.html#customer-cmk\n.. _Required CMK Key Policy for Use with Encrypted Volumes: https://docs.aws.amazon.com/en_pv/autoscaling/ec2/userguide/key-policy-requirements-EBS-encryption.html\n.. _Copying an AMI: https://docs.aws.amazon.com/en_pv/AWSEC2/latest/UserGuide/CopyingAMIs#ami-copy-steps\n\nResources Created\n-----------------\n\nThe following is a partial list of resources created by this stack, when Elastic Beanstalk is used:\n\n* **ApplicationRepository** (``AWS::ECR::Repository``): A Docker image repository that your EB\n  environment or ECS cluster will have access to pull images from.\n* **AssetsBucket** (``AWS::S3::Bucket``): An S3 bucket for storing application-related static\n  assets. Permissions are set up automatically so your application can put new assets via the S3\n  API.\n* **AssetsDistribution** (``AWS::CloudFront::Distribution``): A CloudFront distribution\n  corresponding to the above S3 bucket.\n* **Certificate** (``AWS::CertificateManager::Certificate``): An SSL certificate tied to the Domain\n  Name specified during setup. Note that the \"Approve\" link in the automated email sent to the\n  domain owner as part of certificate creation must be clicked before stack creation will finish.\n* **EBApplication** (``AWS::ElasticBeanstalk::Application``): The Elastic Beanstalk application.\n* **EBEnvironment** (``AWS::ElasticBeanstalk::Environment``): The Elastic Beanstalk environment,\n  which will be pre-configured with the environment variables specified below.\n* **Elasticsearch** (``AWS::Elasticsearch::Domain``): An Elasticsearch instance, which your\n  application may use for full-text search, logging, etc.\n* **PostgreSQL** (``AWS::RDS::DBInstance``): The RDS instance for your application.\n  Includes a security group to allow access only from your EB or ECS instances in this stack. Note:\n  this CloudFormation resource is named \"PostgreSQL\" for backwards-compatibility reasons, but the\n  RDS instance can be configured with any database engine supported by RDS.\n* **Redis** (``AWS::ElastiCache::CacheCluster``): The Redis ElasticCache instance for your\n  application. Includes a cache security group to allow access only from your EB or ECS instances in\n  this stack.\n* **Vpc** (``AWS::EC2::VPC``): The VPC that contains all relevant stack-related resources (such as\n  the EB or ECS EC2 instances, the RDS instance, and ElastiCache instance). The VPC is created with\n  two subnets in different availability zones so that, for MultiAZ RDS instances or EB/ECS clusters\n  with multiple EC2 instances, resources will be spread across multiple availability zones\n  automatically.\n\nGovCloud Support\n----------------\n\n`AWS GovCloud \u003chttps://aws.amazon.com/govcloud-us/\u003e`_ does not support Elastic Beanstalk, Elastic\nContainer Service, Certificate Manager, CloudFront, or Elasticsearch. You can still create a reduced\nstack in GovCloud by downloading one of the following templates and uploading it to CloudFormation\nvia the AWS Management Console:\n\n+---------------------+-------------------+\n| Without NAT Gateway | `gc-no-nat.yaml`_ |\n+---------------------+-------------------+\n| With NAT Gateway    | `gc-nat.yaml`_    |\n+---------------------+-------------------+\n\n.. _gc-no-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/gc-no-nat.yaml\n.. _gc-nat.yaml: https://s3.amazonaws.com/aws-web-stacks/gc-nat.yaml\n\nThis template will create:\n\n* a VPC and the associated subnets,\n* an RDS instance,\n* a Redis instance\n* an Elastic Load Balancer (ELB),\n* an Auto Scaling Group and associated Launch Configuration, and\n* the number of EC2 instances you specify during stack creation (using the specified AMI)\n\nThere is no way to manage environment variables when using straight EC2 instances like this,\nso you are responsible for selecting the appropriate AMI and configuring it to serve your\napplication on the specified port, with all of the necessary secrets and environment variables.\nNote that the Elastic Load Balancer will not direct traffic to your instances until the health\ncheck you specify during stack creation returns a successful response.\n\nEnvironment Variables within your server instances\n--------------------------------------------------\n\nOnce your environment is created you'll have an Elastic Beanstalk (EB) or Elastic Compute Service\n(ECS) environment with the environment variables you need to run a containerized web application.\nThese environment variables are:\n\n* ``AWS_REGION``: The AWS region in which your stack was created.\n* ``AWS_STORAGE_BUCKET_NAME``: The name of the S3 bucket in which your application should store\n  static assets\n* ``AWS_PRIVATE_STORAGE_BUCKET_NAME``: The name of the S3 bucket in which your application should\n  store private/uploaded files or media. Make sure you configure your storage backend to require\n  authentication to read objects and encrypt them at rest, if needed.\n* ``CDN_DOMAIN_NAME``: The domain name of the CloudFront distribution connected to the above S3\n  bucket; you should use this (or the S3 bucket URL directly) to refer to static assets in your HTML\n* ``ELASTICSEARCH_ENDPOINT``: The domain name of the Elasticsearch instance. If ``(none)`` is selected\n  for the ``ElasticsearchInstanceType`` during stack creation, the value of this variable will be\n  an empty string (``''``).\n* ``ELASTICSEARCH_PORT``: The recommended port for connecting to Elasticsearch (defaults to 443).\n* ``ELASTICSEARCH_USE_SSL``: Whether or not to use SSL (defaults to ``'on'``).\n* ``ELASTICSEARCH_VERIFY_CERTS``: Whether or not to verify Elasticsearch SSL certificates. This\n  should work fine with AWS Elasticsearch (the instance provides a valid certificate), so this\n  defaults to ``'on'`` as well.\n* ``DOMAIN_NAME``: The domain name you specified when creating the stack, which will\n  be associated with the automatically-generated SSL certificate and as an allowed origin in the\n  CORS configuration for the S3 buckets.\n* ``ALTERNATE_DOMAIN_NAMES``: A comma-separated list of alternate domain names provided to the\n  stack. These domains, if any, will also be included in the automatically-generated SSL certificate\n  and S3 CORS configuration.\n* ``SECRET_KEY``: The secret key you specified when creating this stack\n* ``DATABASE_URL``: The URL to the RDS instance created as part of this stack. If ``(none)`` is\n  selected for the ``DatabaseClass`` during stack creation, the value of this variable will be\n  an empty string (``''``).\n* ``DATABASE_REPLICA_URL``: The URL to the RDS database replica instance. This is an empty string\n  if there's no replica database.\n* ``CACHE_URL``: The URL to the Redis or Memcached instance created as part of this stack (may be\n  used as a cache or session storage, e.g.). If using Redis, note that it supports multiple\n  databases and no database ID is included as part of the URL, so you should append a forward slash\n  and the integer index of the database, if needed, e.g., ``/0``. If ``(none)`` is selected for the\n  ``CacheNodeType`` during stack creation, the value of this variable will be an empty string\n  (``''``).\n\nWhen running an EB stack, you can view and edit the keys and values for all environment variables\non the fly via the Elastic Beanstalk console or command line tools.\n\nElasticsearch Authentication\n----------------------------\n\nSince AWS Elasticsearch does not support VPCs, the Elasticsearch instance in this stack does not\naccept connections from all clients. The default policy associated with the instance requires\nHTTP(S) requests to be signed using the `AWS Signature Version 4\n\u003chttp://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html\u003e`_. The instance role associated\nwith the EC2 instances created in this stack (whether using Elastic Beanstalk, Elastic Container\nService, or EC2 directly) is authorized to make requests to the Elasticsearch instance. Those\ncredentials may be obtained from the `EC2 instance meta data\n\u003chttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials\u003e`_.\n\nIf you're using Python, credentials may be obtained automatically using Boto and requests signed\nusing the `aws-requests-auth \u003chttps://github.com/DavidMuller/aws-requests-auth#using-boto-to-automatically-gather-aws-credentials\u003e`_\npackage.\n\nDeployment to Elastic Beanstalk\n-------------------------------\n\nYou can deploy your application to an Elastic Beanstalk stack created with this template as follows.\n\nFirst, build and push your docker image to the ECR repository created by this stack (you can also\nsee these commands with the appropriate variables filled in by clicking the \"View Push Commands\"\nbutton on the Amazon ECS Repository detail page in the AWS console)::\n\n    $(aws ecr get-login --region \u003cregion\u003e)  # $(..) will execute the output of the inner command\n    docker build -t \u003cstack-name\u003e .\n    docker tag \u003cstack-name\u003e:latest \u003caccount-id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com/\u003cstack-name\u003e:latest\n    docker push \u003caccount-id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com/\u003cstack-name\u003e:latest\n\nOnce working, you might choose to execute these commands from the appropriate point in your CI/CD\npipeline.\n\nNext, create a ``Dockerrun.aws.json`` file in your project directory, pointing it to the image you\njust pushed::\n\n    {\n      \"AWSEBDockerrunVersion\": 2,\n      \"containerDefinitions\": [\n        {\n          \"name\": \"my-app\",\n          \"image\": \"\u003caccount-id\u003e.dkr.ecr.\u003cregion\u003e.amazonaws.com/\u003cstack-name\u003e:latest\",\n          \"essential\": true,\n          \"memory\": 512,\n          \"portMappings\": [\n            {\n              \"hostPort\": 80,\n              \"containerPort\": 8000\n            }\n          ],\n          \"logConfiguration\": {\n            \"logDriver\": \"awslogs\",\n            \"options\": {\n              \"awslogs-region\": \"\u003cregion\u003e\",\n              \"awslogs-group\": \"\u003clog group\u003e\",\n              \"awslogs-stream-prefix\": \"my-app\"\n            }\n          }\n        }\n      ]\n    }\n\nYou can add and link other container definitions, such as an Nginx proxy or background task\nworkers, if desired.\n\nA single CloudWatch Logs group will be created for you. You can find its name by navigating\nto the AWS CloudWatch Logs console (after stack creation has finished). If prefer to create\nyour own log group, you can do so with the ``aws`` command line tool::\n\n    pip install -U awscli\n    aws logs create-log-group --log-group-name \u003clog-group-name\u003e --region \u003cregion\u003e\n\nFinally, you'll need to install the AWS and EB command line tools, commit or stage for commit the\n``Dockerrun.aws.json`` file, and deploy the application::\n\n    pip install -U awscli awsebcli\n    git add Dockerrun.aws.json\n    eb init  # select the existing EB application and environment, when prompted\n    eb deploy --staged  # or just `eb deploy` if you've committed Dockerrun.aws.json\n\nOnce complete, the EB environment should be running a copy of your container. To troubleshoot any\nissues with the deployment, review events and logs via the Elastic Beanstack section of the AWS\nconsole.\n\nDokku\n-----\n\nWhen creating a Dokku stack, you may find it advantageous to upload your normal SSH public key to\nAWS, rather than using one that AWS generates. This way, you'll already be set up to deploy to your\nDokku instance without needing to keep track of an extra SSH private key.\n\nThe CloudFormation stack creation should not finish until Dokku is fully installed; `cfn-signal\n\u003chttp://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-signal.html\u003e`_ is used in the\ntemplate to signal CloudFormation once the installation is complete.\n\nDNS\n~~~\n\nAfter the stack is created, you'll want to inspect the Outputs for the PublicIP of the instance and\ncreate a DNS ``A`` record (possibly including a wildcard record, if you're using vhost-based apps)\nfor your chosen domain.\n\nFor help creating a DNS record, please refer to the `Dokku DNS documentation\n\u003chttp://dokku.viewdocs.io/dokku/configuration/dns/\u003e`_.\n\nEnvironment Variables\n~~~~~~~~~~~~~~~~~~~~~\n\nThe environment variables for the other resources created in this stack will be passed to Dokku\nas global environment variables.\n\nIf metadata associated with the Dokku EC2 instance changes, updates to environment variables, if\nany, will be passed to the live server via `cfn-hup\n\u003chttp://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-hup.html\u003e`_. Depending on the\nnature of the update this may or may not result the instance being stopped and restarted. Inspect\nthe stack update confirmation page carefully to avoid any unexpected instance recreations.\n\nDeployment\n~~~~~~~~~~\n\nYou can create a new app on the remote server like so, using the same SSH key that you specified\nduring the stack creation process (if you didn't use your shell's default SSH key, you'll need to\nadd ``-i /path/to/private_key`` to this command)::\n\n    ssh dokku@\u003cyour domain or IP\u003e apps:create python-sample\n\nand then deploy Heroku's Python sample to that app::\n\n    git clone https://github.com/heroku/python-sample.git\n    cd python-sample\n    git remote add dokku dokku@\u003cyour domain or IP\u003e:python-sample\n    git push dokku master\n\nYou should be able to watch the build complete in the output from the ``git push`` command. If the\ndeploy completes successfully, you should be able to see \"Hello world!\" at\nhttp://python-sample.your.domain/\n\nFor additional help deploying to your new instance, please refer to the `Dokku documentation\n\u003chttp://dokku.viewdocs.io/dokku/deployment/application-deployment/\u003e`_.\n\nLet's Encrypt\n~~~~~~~~~~~~~\n\nThe Dokku stack does not create a load balancer and hence does not include a free SSL certificate\nvia Amazon Certificate Manager, so let's create one with the Let's Encrypt plugin, and add a cron\njob to automatically renew the cert as needed::\n\n    ssh ubuntu@\u003cyour domain or IP\u003e sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git\n    ssh dokku@\u003cyour domain or IP\u003e config:set --no-restart python-sample DOKKU_LETSENCRYPT_EMAIL=your@email.tld\n    ssh dokku@\u003cyour domain or IP\u003e letsencrypt python-sample\n    ssh dokku@\u003cyour domain or IP\u003e letsencrypt:cron-job --add python-sample\n\nThe Python sample app should now be accessible over HTTPS at https://python-sample.your.domain/\n\nCreating or updating templates\n------------------------------\n\nTemplates built from the latest release of aws-web-stacks will be available in\nS3 (see links near the top of this file). They're built with generic defaults.\n\nTemplates are built by setting some environment variables with your preferences\nand then running ``python -c 'import stack'`` (see the Makefile).\nThe template file is output to standard output. It's easy to do this on one line::\n\n    USE_EC2=on python -c 'import stack' \u003emy_ec2_stack_template.yaml\n\nHere are the environment variables that control the template creation.\n\nUSE_EC2=on\n    Create EC2 instances directly.\nUSE_GOVCLOUD=on\n    Create EC2 instances directly, but disables AWS services that aren't available\n    in GovCloud like the AWS Certificate Manager and Elastic Search.\nUSE_EB=on\n    Create an Elastic Beanstalk application\nUSE_ECS=on\n    Create an Elastic Container Service.\nUSE_EKS=on\n    Create an AWS EKS (Kubernetes) cluster.\nUSE_DOKKU=on\n    Create an EC2 instance containing a Dokku server\n\nI believe those environment variables are mutually exclusive.  The remaining\nones can be used in combination with each other or one of the above.\n\nUSE_NAT_GATEWAY=on\n    Don't put the services inside your VPC onto the public internet, and\n    add a NAT gateway to the stack to the services can make connections out.\nDEFAULTS_FILE=\u003cpath to JSON file\u003e\n    Changes the default values for parameters. The JSON file should just be\n    a dictionary mapping parameter names to default values, e.g.::\n\n        {\n            \"AMI\": \"ami-078c57a94e9bdc6e0\",\n            \"AssetsUseCloudFront\": \"false\"\n        }\n\nOne more example, creating EC2 instances without a NAT gateway and overriding\nthe parameter defaults::\n\n    USE_EC2=on DEFAULTS_FILE=stack_defaults.json python -c 'import stack' \u003estack.yaml\n\nContributing\n------------\n\nPlease read `contributing guidelines here \u003chttps://github.com/caktus/aws-web-stacks/blob/develop/CONTRIBUTING.rst\u003e`_.\n\nGood luck and have fun!\n\nCopyright 2017, 2018 Jean-Phillipe Serafin, Tobias McNulty.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaktus%2Faws-web-stacks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaktus%2Faws-web-stacks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaktus%2Faws-web-stacks/lists"}