{"id":29122220,"url":"https://github.com/juliusmarkwei/vpc-config3","last_synced_at":"2026-02-19T14:31:43.786Z","repository":{"id":284570451,"uuid":"955367795","full_name":"juliusmarkwei/vpc-config3","owner":"juliusmarkwei","description":null,"archived":false,"fork":false,"pushed_at":"2025-03-26T14:32:50.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-20T16:44:39.999Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/juliusmarkwei.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-26T14:28:28.000Z","updated_at":"2025-03-26T14:32:53.000Z","dependencies_parsed_at":"2025-03-26T15:52:34.977Z","dependency_job_id":null,"html_url":"https://github.com/juliusmarkwei/vpc-config3","commit_stats":null,"previous_names":["juliusmarkwei/vpc-config3"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/juliusmarkwei/vpc-config3","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config3","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config3/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config3/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config3/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/juliusmarkwei","download_url":"https://codeload.github.com/juliusmarkwei/vpc-config3/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/juliusmarkwei%2Fvpc-config3/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29618261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T13:04:20.082Z","status":"ssl_error","status_checked_at":"2026-02-19T13:03:33.775Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-29T17:09:45.055Z","updated_at":"2026-02-19T14:31:43.771Z","avatar_url":"https://github.com/juliusmarkwei.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# **CloudFormation Template: Highly Available VPC with ALB, NAT Gateway, and RDS PostgreSQL Database**\n\n## **Overview**\n\nThis AWS CloudFormation template provisions a highly available infrastructure for a web application, including:\n\n-   A **VPC** with public and private subnets across multiple availability zones (AZs).\n-   An **Application Load Balancer (ALB)** for handling HTTP traffic.\n-   **Elastic Load Balancer Security Group** to allow internet traffic.\n-   **ECS Security Group** to allow traffic between ECS services and the ALB.\n-   **NAT Gateway** to enable private subnets to access the internet.\n-   **RDS PostgreSQL Database** with Multi-AZ failover enabled for high availability.\n-   **Security Groups** for controlling access between ECS services, the ALB, and the RDS PostgreSQL instance.\n-   **AWS Systems Manager Parameter Store** to store database configuration parameters such as username, password, and port.\n\nThe PostgreSQL database is configured to use Multi-AZ for high availability, ensuring automatic failover in case of instance failure. The database credentials are securely stored in **AWS Systems Manager Parameter Store**.\n\n## **Architecture**\n\n-   **VPC**: The template creates a custom VPC with a CIDR block of `10.0.0.0/16` and splits it into public and private subnets.\n-   **Subnets**: Three public subnets and three private subnets are created, each located in a different Availability Zone (AZ) to provide high availability.\n-   **NAT Gateway**: The NAT gateway is provisioned to allow resources in private subnets to access the internet.\n-   **Security Groups**:\n    -   **ECSSecurityGroup**: Allows ECS services to communicate with the ALB.\n    -   **ALBSecurityGroup**: Allows HTTP traffic (port 80) from the internet to the load balancer.\n    -   **RDSSecurityGroup**: Allows access to the PostgreSQL RDS instance from ECS services.\n-   **RDS PostgreSQL**: The PostgreSQL instance is deployed in a Multi-AZ configuration with automatic failover for high availability.\n-   **AWS Systems Manager Parameter Store**: Stores the database username, password, and port as parameters.\n\n## **Parameters**\n\n-   `DBUsername`: The username for the PostgreSQL database. This is a string parameter provided at the time of stack creation.\n-   `DBPassword`: The password for the PostgreSQL database. This is a secure string parameter provided at the time of stack creation.\n-   `DBName`: The name of the PostgreSQL database.\n-   `DBPort`: The port for the PostgreSQL database (default: 5432).\n\n## **Resources Created**\n\n-   **VPC**: A custom VPC with CIDR block `10.0.0.0/16` and DNS support.\n-   **Subnets**: Three public and three private subnets, each in a different AZ.\n-   **Internet Gateway**: To provide public internet access.\n-   **NAT Gateway**: For internet access from private subnets.\n-   **Route Tables**: Public and private route tables to direct traffic accordingly.\n-   **Security Groups**:\n    -   **ECS Security Group**: Allows communication between ECS and ALB.\n    -   **ALB Security Group**: Allows internet access to the ALB.\n    -   **RDS Security Group**: Allows communication from ECS services to the PostgreSQL database.\n-   **RDS PostgreSQL Database**: A PostgreSQL database with Multi-AZ failover and storage for the \"photoalbum\" database.\n-   **AWS Systems Manager Parameter Store**: Stores the database username, password, and port.\n\n## **How to Use This Template**\n\n### **Prerequisites**\n\n-   An AWS account with sufficient permissions to create resources such as VPCs, security groups, and RDS instances.\n-   AWS CLI or AWS Management Console access to deploy the CloudFormation stack.\n\n### **Deploying the Stack**\n\n1. **Save the CloudFormation Template**:\n\n    - Save the CloudFormation template as a `.yaml` file (e.g., `JuliusPhotoAlbumVPC.yaml`).\n\n2. **Deploy via AWS Management Console**:\n\n    - Go to the [AWS CloudFormation Console](https://console.aws.amazon.com/cloudformation).\n    - Click **Create Stack**.\n    - Upload the saved `.yaml` file or copy-paste its contents into the template editor.\n    - Provide a **stack name** (e.g., `JuliusPhotoAlbumVPC`).\n    - Enter the **DBUsername**, **DBPassword**, and **DBName** for the PostgreSQL database.\n    - Click **Next** and configure stack options.\n    - Review and click **Create**.\n\n3. **Deploy via AWS CLI**:\n\n    - Use the AWS CLI to create the stack.\n\n    ```bash\n    aws cloudformation create-stack \\\n      --stack-name JuliusPhotoAlbumVPC \\\n      --template-body file://JuliusPhotoAlbumVPC.yaml \\\n      --parameters ParameterKey=DBUsername,ParameterValue=\u003cyour-db-username\u003e \\\n                   ParameterKey=DBPassword,ParameterValue=\u003cyour-db-password\u003e \\\n                   ParameterKey=DBName,ParameterValue=\u003cyour-db-name\u003e \\\n      --capabilities CAPABILITY_NAMED_IAM\n    ```\n\n### **Accessing the Resources**\n\n-   **RDS PostgreSQL Database**:\n\n    -   The database is deployed in a private subnet and is **not publicly accessible**. You can access it via an application hosted in ECS or through an EC2 instance in the private subnet.\n    -   The **DBUsername**, **DBPassword**, and **DBPort** are stored in AWS Systems Manager Parameter Store.\n\n-   **ECS Service**:\n\n    -   ECS services can connect to the database using the security groups that allow access to the RDS instance.\n\n-   **ALB (Application Load Balancer)**:\n    -   The ALB will be accessible over HTTP on port 80, routing traffic to the ECS service.\n\n## **Outputs**\n\nOnce the stack is successfully created, the following outputs will be available:\n\n-   **Public Subnets**: The resource IDs of the three public subnets.\n-   **Private Subnets**: The resource IDs of the three private subnets.\n-   **Security Groups**: The resource IDs of the ECS, ALB, and RDS security groups.\n-   **RDS PostgreSQL Database**: The identifier of the created PostgreSQL RDS instance.\n-   **SSM Parameters**: The names of the SSM parameters storing the database credentials.\n\n## **Template Overview**\n\n### **Key Resources**\n\n-   **VPC**:\n\n    -   A custom VPC (`JuliusPhotoAlbumVPC2`) with a CIDR block of `10.0.0.0/16`.\n    -   Multiple subnets across three availability zones for high availability.\n    -   Route tables for routing traffic to the internet (for public subnets) and using the NAT Gateway (for private subnets).\n\n-   **Security Groups**:\n\n    -   **ECS Security Group**: Allows traffic from the ALB to ECS (port 3000).\n    -   **ALB Security Group**: Allows inbound HTTP (port 80) from the internet.\n    -   **RDS Security Group**: Allows inbound traffic from ECS to PostgreSQL on port 5432.\n\n-   **NAT Gateway**: Provides internet access to the private subnets.\n-   **RDS PostgreSQL Database**: A multi-AZ, fault-tolerant PostgreSQL database with automatic failover.\n-   **AWS Systems Manager Parameter Store**: Stores the database username, password, and port.\n\n## **Conclusion**\n\nThis CloudFormation template automates the deployment of a scalable, highly available infrastructure using AWS best practices. It integrates services like ECS, ALB, RDS, and Systems Manager Parameter Store to provide a secure, fault-tolerant environment for running a web application with PostgreSQL as the database backend.\n\nFor any troubleshooting or modifications, refer to the AWS CloudFormation console, review the logs, and adjust parameters as necessary.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjuliusmarkwei%2Fvpc-config3","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjuliusmarkwei%2Fvpc-config3","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjuliusmarkwei%2Fvpc-config3/lists"}