{"id":26688155,"url":"https://github.com/juliusmarkwei/vpc-config2","last_synced_at":"2026-02-02T11:07:18.448Z","repository":{"id":284153424,"uuid":"953996158","full_name":"juliusmarkwei/vpc-config2","owner":"juliusmarkwei","description":null,"archived":false,"fork":false,"pushed_at":"2025-03-24T14:02:56.000Z","size":6,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-19T07:20:40.173Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/juliusmarkwei.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-03-24T12:05:24.000Z","updated_at":"2025-03-24T13:13:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"0cf85d8a-8710-45b3-96d8-cc591aad65ee","html_url":"https://github.com/juliusmarkwei/vpc-config2","commit_stats":null,"previous_names":["juliusmarkwei/vpc-config2"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/juliusmarkwei/vpc-config2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/juliusmarkwei","download_url":"https://codeload.github.com/juliusmarkwei/vpc-config2/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config2/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261060122,"owners_count":23103979,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-26T13:17:54.519Z","updated_at":"2026-02-02T11:07:18.442Z","avatar_url":"https://github.com/juliusmarkwei.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# **CloudFormation Template: Highly Available VPC with ALB, NAT Gateway, and RDS PostgreSQL Database**\n\n## **Overview**\n\nThis AWS CloudFormation template provisions a highly available infrastructure for a web application, including:\n\n- A **VPC** with public and private subnets across multiple availability zones (AZs).\n- An **Application Load Balancer (ALB)** for handling HTTP traffic.\n- **Elastic Load Balancer Security Group** to allow internet traffic.\n- **ECS Security Group** to allow traffic between ECS services and the ALB.\n- **NAT Gateway** to enable private subnets to access the internet.\n- **RDS PostgreSQL Database** with Multi-AZ failover enabled for high availability.\n- **Security Groups** for controlling access between ECS services, the ALB, and the RDS PostgreSQL instance.\n- **AWS Secrets Manager** to securely store and manage the PostgreSQL database credentials.\n\nThe PostgreSQL database is configured to use Multi-AZ for high availability, ensuring automatic failover in case of instance failure. The database password is generated and stored securely in **Secrets Manager**.\n\n## **Architecture**\n\n- **VPC**: The template creates a custom VPC with a CIDR block of `10.0.0.0/16` and splits it into public and private subnets.\n- **Subnets**: Three public subnets and three private subnets are created, each located in a different Availability Zone (AZ) to provide high availability.\n- **NAT Gateway**: The NAT gateway is provisioned to allow resources in private subnets to access the internet.\n- **Security Groups**:\n - **ECSSecurityGroup**: Allows ECS services to communicate with the ALB.\n - **ALBSecurityGroup**: Allows HTTP traffic (port 80) from the internet to the load balancer.\n - **RDSSecurityGroup**: Allows access to the PostgreSQL RDS instance from ECS services.\n- **RDS PostgreSQL**: The PostgreSQL instance is deployed in a Multi-AZ configuration with automatic failover for high availability.\n- **AWS Secrets Manager**: Automatically generates a password for the PostgreSQL instance and securely stores it.\n\n## **Parameters**\n\n- `DBUsername`: The username for the PostgreSQL database. This is a string parameter provided at the time of stack creation.\n\n## **Resources Created**\n\n- **VPC**: A custom VPC with CIDR block `10.0.0.0/16` and DNS support.\n- **Subnets**: Three public and three private subnets, each in a different AZ.\n- **Internet Gateway**: To provide public internet access.\n- **NAT Gateway**: For internet access from private subnets.\n- **Route Tables**: Public and private route tables to direct traffic accordingly.\n- **Security Groups**:\n - **ECS Security Group**: Allows communication between ECS and ALB.\n - **ALB Security Group**: Allows internet access to the ALB.\n - **RDS Security Group**: Allows communication from ECS services to the PostgreSQL database.\n- **RDS PostgreSQL Database**: A PostgreSQL database with Multi-AZ failover and storage for the \"photoalbum\" database.\n- **Secrets Manager**: Automatically generates and stores the database password.\n\n## **How to Use This Template**\n\n### **Prerequisites**\n\n- An AWS account with sufficient permissions to create resources such as VPCs, security groups, and RDS instances.\n- AWS CLI or AWS Management Console access to deploy the CloudFormation stack.\n\n### **Deploying the Stack**\n\n1. **Save the CloudFormation Template**:\n\n - Save the CloudFormation template as a `.yaml` file (e.g., `JuliusPhotoAlbumVPC.yaml`).\n\n2. **Deploy via AWS Management Console**:\n\n - Go to the [AWS CloudFormation Console](https://console.aws.amazon.com/cloudformation).\n - Click **Create Stack**.\n - Upload the saved `.yaml` file or copy-paste its contents into the template editor.\n - Provide a **stack name** (e.g., `JuliusPhotoAlbumVPC`).\n - Enter the **DBUsername** for the PostgreSQL database.\n - Click **Next** and configure stack options.\n - Review and click **Create**.\n\n3. **Deploy via AWS CLI**:\n\n - Use the AWS CLI to create the stack.\n\n ```bash\n aws cloudformation create-stack \\\n --stack-name JuliusPhotoAlbumVPC \\\n --template-body file://JuliusPhotoAlbumVPC.yaml \\\n --parameters ParameterKey=DBUsername,ParameterValue=\u003cyour-db-username\u003e \\\n --capabilities CAPABILITY_NAMED_IAM\n ```\n\n### **Accessing the Resources**\n\n- **RDS PostgreSQL Database**:\n\n - The database is deployed in a private subnet and is **not publicly accessible**. You can access it via an application hosted in ECS or through an EC2 instance in the private subnet.\n - The **DBUsername** and **DBPassword** can be retrieved from AWS Secrets Manager (`/julius-photoalbum/db/password`).\n\n- **ECS Service**:\n\n - ECS services can connect to the database using the security groups that allow access to the RDS instance.\n\n- **ALB (Application Load Balancer)**:\n - The ALB will be accessible over HTTP on port 80, routing traffic to the ECS service.\n\n## **Outputs**\n\nOnce the stack is successfully created, the following outputs will be available:\n\n- **Public Subnets**: The resource IDs of the three public subnets.\n- **Private Subnets**: The resource IDs of the three private subnets.\n- **Security Groups**: The resource IDs of the ECS, ALB, and RDS security groups.\n- **RDS PostgreSQL Database**: The identifier of the created PostgreSQL RDS instance.\n- **Secrets Manager**: The ARN of the Secrets Manager secret that stores the database password.\n\n## **Template Overview**\n\n### **Key Resources**\n\n- **VPC**:\n\n - A custom VPC (`JuliusPhotoAlbumVPC2`) with a CIDR block of `10.0.0.0/16`.\n - Multiple subnets across three availability zones for high availability.\n - Route tables for routing traffic to the internet (for public subnets) and using the NAT Gateway (for private subnets).\n\n- **Security Groups**:\n\n - **ECS Security Group**: Allows traffic from the ALB to ECS (port 3000).\n - **ALB Security Group**: Allows inbound HTTP (port 80) from the internet.\n - **RDS Security Group**: Allows inbound traffic from ECS to PostgreSQL on port 5432.\n\n- **NAT Gateway**: Provides internet access to the private subnets.\n- **RDS PostgreSQL Database**: A multi-AZ, fault-tolerant PostgreSQL database with automatic failover.\n- **Secrets Manager**: Stores and generates a secure password for the PostgreSQL instance.\n\n## **Conclusion**\n\nThis CloudFormation template automates the deployment of a scalable, highly available infrastructure using AWS best practices. It integrates services like ECS, ALB, RDS, and Secrets Manager to provide a secure, fault-tolerant environment for running a web application with PostgreSQL as the database backend.\n\nFor any troubleshooting or modifications, refer to the AWS CloudFormation console, review the logs, and adjust parameters as necessary.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjuliusmarkwei%2Fvpc-config2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjuliusmarkwei%2Fvpc-config2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjuliusmarkwei%2Fvpc-config2/lists"}