{"id":19046388,"url":"https://github.com/wallix/awless-templates","last_synced_at":"2025-04-24T00:21:37.080Z","repository":{"id":57609069,"uuid":"78446958","full_name":"wallix/awless-templates","owner":"wallix","description":"Repository of examples for awless templates (see https://github.com/wallix/awless)","archived":false,"fork":false,"pushed_at":"2018-05-15T14:49:09.000Z","size":1756,"stargazers_count":61,"open_issues_count":0,"forks_count":13,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-18T08:39:44.580Z","etag":null,"topics":["awless","aws","cli","cloud","cloud-management","devops","devops-tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wallix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-09T16:29:36.000Z","updated_at":"2022-08-03T12:06:03.000Z","dependencies_parsed_at":"2022-08-27T21:50:59.930Z","dependency_job_id":null,"html_url":"https://github.com/wallix/awless-templates","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallix%2Fawless-templates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallix%2Fawless-templates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallix%2Fawless-templates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wallix%2Fawless-templates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wallix","download_url":"https://codeload.github.com/wallix/awless-templates/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250536230,"owners_count":21446697,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awless","aws","cli","cloud","cloud-management","devops","devops-tools"],"created_at":"2024-11-08T22:54:37.676Z","updated_at":"2025-04-24T00:21:37.032Z","avatar_url":"https://github.com/wallix.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://api.travis-ci.org/wallix/awless-templates.svg?branch=master)](https://travis-ci.org/wallix/awless-templates)\n\n[Twitter](http://twitter.com/awlessCLI) | [Wiki](https://github.com/wallix/awless/wiki) | [Changelog](https://github.com/wallix/awless/blob/master/CHANGELOG.md#readme)\n\n# awless templates\n\nRepository to collect official, verified and runnable templates for the [awless CLI](https://github.com/wallix/awless)\n\n**You need at least awless version v0.1.3 to run those examples**\n\nHere are some non exhaustive [Examples](https://github.com/wallix/awless/wiki/Examples) of what you can do with templates. You can also read more about [awless templates](https://github.com/wallix/awless/wiki/Templates)\n\n## Continuous Integration\n\nOn each change all templates are verified \u0026 compiled against the latest version of `awless`.\n\nYou can run the verification locally with:\n\n    go get github.com/wallix/awless  # if needed\n    go test -v\n\n# Examples\n\n\n* [ECS Autoscaling Cluster](#ecs-autoscaling-cluster)\n* [Awless readonly group](#awless-readonly-group)\n* [Pre-defined policies for awless users](#pre-defined-policies-for-awless-users)\n* [Awless readwrite group](#awless-readwrite-group)\n* [Create a postgres instance](#create-a-postgres-instance)\n* [Group of instances scaling with CPU consumption](#group-of-instances-scaling-with-cpu-consumption)\n* [Highly-available wordpress infrastructure](#highly-available-wordpress-infrastructure)\n* [Install awless scheduler](#install-awless-scheduler)\n* [Create an instance accessible with ssh with a new keypair](#create-an-instance-accessible-with-ssh-with-a-new-keypair)\n* [Create an instance with preinstalled awless with completion](#create-an-instance-with-preinstalled-awless-with-completion)\n* [Create an instance with preconfigured awless and awless-scheduler](#create-an-instance-with-preconfigured-awless-and-awless-scheduler)\n* [Create an instance with tags and public IP](#create-an-instance-with-tags-and-public-ip)\n* [Create a classic Kafka infra](#create-a-classic-kafka-infra)\n* [Create VPC with a Linux host bastion](#create-vpc-with-a-linux-host-bastion)\n* [Create a dbsubnetgroups](#create-a-dbsubnetgroups)\n* [Attach usual readonly AWS policies (set of permissions) on group](#attach-usual-readonly-aws-policies-(set-of-permissions)-on-group)\n* [Create a public network enabling routing from the Internet](#create-a-public-network-enabling-routing-from-the-internet)\n* [Create a AWS role with usual readonly policies that applies on a resource](#create-a-aws-role-with-usual-readonly-policies-that-applies-on-a-resource)\n* [Create a AWS role with usual readonly policies that applies on a user](#create-a-aws-role-with-usual-readonly-policies-that-applies-on-a-user)\n* [Create a static website on S3](#create-a-static-website-on-s3)\n* [Simple wordpress deployment](#simple-wordpress-deployment)\n* [Upload Image from local file](#upload-image-from-local-file)\n* [Create a user with its SDK/Shell access key and console password](#create-a-user-with-its-sdk/shell-access-key-and-console-password)\n* [Create a VPC with its internet routing gateway](#create-a-vpc-with-its-internet-routing-gateway)\n* [Create a VPC with 3 internal subnets](#create-a-vpc-with-3-internal-subnets)\n* [Highly-available wordpress behind a loadbalancer, with a RDS database](#highly-available-wordpress-behind-a-loadbalancer,-with-a-rds-database)\n\n\n### ECS Autoscaling Cluster\n\n\n**-\u003e Minimal awless version required: v0.1.3**\n\n\n\n*Note that the AMI in this template is working only in eu-west-1 region*\n\n\n\n**tags**: \nautoscaling, container, infra\n\n\n(run it locally with: `awless run repo:ECS_autoscaling_cluster -v`)\n\n\n\n**STEPS**\n\n First, create the ECS cluster with `awless create containercluster name={cluster.name}`.\n Then, create a policy to allow to connect to ECS\n\n```sh\npolicy = create policy name=AWSEC2ContainerServiceforEC2Role effect=Allow resource=\"*\" description=\"Access for ECS containers\" action=[ecs:DeregisterContainerInstance,ecs:DiscoverPollEndpoint,ecs:Poll,ecs:RegisterContainerInstance,ecs:StartTelemetrySession,ecs:Submit*,ecr:GetAuthorizationToken,ecr:BatchCheckLayerAvailability,ecr:GetDownloadUrlForLayer,ecr:BatchGetImage,logs:CreateLogStream,logs:PutLogEvent]\n\n```\n Set role name variable\n\n```sh\nroleName = AWSEC2ContainerServiceRole\n\n```\n Create a AWS role that applies on a resource\n\n```sh\ncreate role name=$roleName principal-service=\"ec2.amazonaws.com\" sleep-after=15\n\n```\n Attach the policy to the role\n\n```sh\nattach policy arn=$policy role=$roleName\n\n```\n Create the ECS instances launch configuration.\n The instances must be launched with a userdata file containing:\n ```sh\n !/bin/bash\n echo ECS_CLUSTER=ecs-cluster-name \u003e\u003e /etc/ecs/ecs.config\n ```\n\n```sh\nlaunchconfig = create launchconfiguration image=ami-95f8d2f3 keypair={instance.keypair} name=ECSClusterLaunchconfig type={instance.type} userdata={instance.userdata} role=$roleName\n\n```\n Create the scalinggroup\n\n```sh\ncreate scalinggroup desired-capacity={scalinggroup.desired-capacity} launchconfiguration=$launchconfig max-size={scalinggroup.desired-capacity} min-size={scalinggroup.desired-capacity} name=ecsClusterScalingGroup subnets={instance.subnets}\n```\n\n\n\n### Awless readonly group\n\n\n\n\n\n\n\n(run it locally with: `awless run repo:awless_readonly_group -v`)\n\n\n\n**STEPS**\n\n Here we define a group that allow users in that group\n to use the `awless` CLI in a readonly mode (i.e. sync, listing).\n\n Create group name variable:\n\n```sh\ngroupName = AwlessReadOnlyPermissionsGroup\n\n```\n Create the group:\n\n```sh\ncreate group name=$groupName\n\n```\n Attach corresponding readonly AWS policies (set of permissions) on group related to the `awless` services:\n\n```sh\nattach policy arn=arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/IAMReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess group=$groupName\n```\n\n\n\n### Pre-defined policies for awless users\n\n\n**-\u003e Minimal awless version required: v0.1.3**\n\n\n\n*Useful pre-defined readonly \u0026 readwrite policies for awless users*\n\n\n\n\n(run it locally with: `awless run repo:awless_readonly_policies -v`)\n\n\n\n**STEPS**\n\n Infra resources\n\n```sh\ncreate policy name=AwlessInfraReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to infra resources\" action=[ec2:Describe*,autoscaling:Describe*,elasticloadbalancing:Describe*]\n\n```\n Access resources\n\n```sh\ncreate policy name=AwlessAccessReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to access resources\" action=[iam:GenerateCredentialReport,iam:GenerateServiceLastAccessedDetails,iam:Get*,iam:List*,sts:Get*]\n\n```\n Storage resources\n\n```sh\ncreate policy name=AwlessStorageReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to storage resources\" action=[s3:Get*,s3:List*]\n\n```\n Messaging resources\n\n```sh\ncreate policy name=AwlessMessagingReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to notification and queueing for messaging resources\" action=[sns:GetTopicAttributes,sns:List*,sqs:GetQueueAttributes,sqs:ListQueues]\n\n```\n Lambda resources\n\n```sh\ncreate policy name=AwlessLambdaReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to lambda resources\" action=[cloudwatch:Describe*,cloudwatch:Get*,cloudwatch:List*,cognito-identity:ListIdentityPools,cognito-sync:GetCognitoEvents,dynamodb:BatchGetItem,dynamodb:DescribeStream,dynamodb:DescribeTable,dynamodb:GetItem,dynamodb:ListStreams,dynamodb:ListTables,dynamodb:Query,dynamodb:Scan,events:List*,events:Describe*,iam:ListRoles,kinesis:DescribeStream,kinesis:ListStreams,lambda:List*,lambda:Get*,logs:DescribeMetricFilters,logs:GetLogEvents,logs:DescribeLogGroups,logs:DescribeLogStreams,s3:Get*,s3:List*,sns:ListTopics,sns:ListSubscriptions,sns:ListSubscriptionsByTopic,sqs:ListQueues,tag:GetResources,kms:ListAliases,ec2:DescribeVpcs,ec2:DescribeSubnets,ec2:DescribeSecurityGroups,iot:GetTopicRules,iot:ListTopicRules,iot:ListPolicies,iot:ListThings,iot:DescribeEndpoint]\n\n```\n DNS resources\n\n```sh\ncreate policy name=AwlessDNSReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to DNS resources\" action=[route53:Get*,route53:List*,route53:TestDNSAnswer,route53domains:Get*,route53domains:List*]\n\n```\n Monitoring resources\n\n```sh\ncreate policy name=AwlessMonitoringReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to monitoring resources\" action=[autoscaling:Describe*,cloudwatch:Describe*,cloudwatch:Get*,cloudwatch:List*,logs:Get*,logs:Describe*,logs:TestMetricFilter,sns:Get*,sns:List*]\n\n```\n CDN resources\n\n```sh\ncreate policy name=AwlessCDNReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to CDN resources\" action=[acm:ListCertificates,cloudfront:Get*,cloudfront:List*,iam:ListServerCertificates,route53:List*,waf:ListWebACLs,waf:GetWebACL]\n\n```\n Cloud formation resources\n\n```sh\ncreate policy name=AwlessCloudFormationReadonlyPolicy effect=Allow resource=\"*\" description=\"Readonly access to CloudFormation resources\" action=[cloudformation:DescribeStacks,cloudformation:DescribeStackEvents,cloudformation:DescribeStackResource,cloudformation:DescribeStackResources,cloudformation:GetTemplate,cloudformation:List*]\n```\n\n\n\n### Awless readwrite group\n\n\n\n\n\n\n\n(run it locally with: `awless run repo:awless_readwrite_group -v`)\n\n\n\n**STEPS**\n\n Here we define a group that allow users in that group to use the `awless` CLI in write mode.\n\n Create group name variable:\n\n```sh\ngroupName = AwlessReadWritePermissionsGroup\n\n```\n Create the group:\n\n```sh\ncreate group name=$groupName\n\n```\n Attach corresponding AWS policies (set of permissions) on group related to the `awless` services:\n\n```sh\nattach policy arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonS3FullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonSNSFullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonSQSFullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonVPCFullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AutoScalingFullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonRDSFullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AmazonRoute53FullAccess group=$groupName\nattach policy arn=arn:aws:iam::aws:policy/AWSLambdaFullAccess group=$groupName\n\n```\n Note that we keep the IAM access readonly\n\n```sh\nattach policy arn=arn:aws:iam::aws:policy/IAMReadOnlyAccess group=$groupName\n```\n\n\n\n### Create a postgres instance\n\n\n**-\u003e Minimal awless version required: v0.1.7**\n\n\n\n*Create a private basic postgres instance with firewall. As an example, instance has only basic required properties filled in*\n\n\n\n\n(run it locally with: `awless run repo:db_postgres -v`)\n\n\n\n**STEPS**\n\n Create a new VPC open to Internet to host the subnets\n\n```sh\nvpc = create vpc cidr=10.0.0.0/16 name=postgres-vpc\ngateway = create internetgateway\nattach internetgateway id=$gateway vpc=$vpc\n\n```\n Create a route table for this network\n\n```sh\nrtable = create routetable vpc=$vpc\n\n```\n Enable routing from the Internet\n\n```sh\ncreate route cidr=0.0.0.0/0 gateway=$gateway table=$rtable\n\n```\n One public subnet to later deploy or host public applications or a bastion to access your private DBs\n\n```sh\npubsubnet = create subnet cidr=10.0.128.0/20 vpc=$vpc name=public-subnet\nupdate subnet id=$pubsubnet public=true\n\n```\n Make the public subnet open to the Internet (through vpc that has an internetgateway)\n\n```sh\nattach routetable id=$rtable subnet=$pubsubnet\n\n```\n Two private subnet to constitute the dbsubnetgroup hosting the DB\n\n```sh\nprivsubnet1 = create subnet cidr=10.0.0.0/19 vpc=$vpc name=postgres-priv-subnet1 availabilityzone={availabilityzone.1}\nprivsubnet2 = create subnet cidr=10.0.32.0/19 vpc=$vpc name=postgres-priv-subnet2 availabilityzone={availabilityzone.2}\nsubnetgroup = create dbsubnetgroup subnets=[$privsubnet1, $privsubnet2] name=PostgresDBSubnetGroup description=\"DB subnet group hosting postgres instances\"\n\n```\n Firewall for the postgres instance\n\n```sh\npostgres_sg = create securitygroup name=postgres description='Postgres firewall access' vpc=$vpc\nupdate securitygroup id=$postgres_sg inbound=authorize protocol=tcp portrange=5432 cidr=10.0.0.0/16\n\n```\n Create the database and connect to it through: `psql --host=? --port=5432 --username=? --password --dbname=?`\n\n```sh\ncreate database engine=postgres id={database.identifier} subnetgroup=$subnetgroup  password={password.minimum8chars} dbname={database.name} size=5 type=db.t2.small username={database.username} vpcsecuritygroups=$postgres_sg\n\n```\n Create a small jump instance in your public subnet to run command on your postgres DB\n and give SSH access to this instance with a SSH security group\n Run the CLI with: awless .... office.ip=$(awless whoami --ip-only)\n\n```sh\nsshsecgroup = create securitygroup vpc=$vpc description=\"SSH access from office IP only\" name=ssh-from-office\nupdate securitygroup id=$sshsecgroup inbound=authorize protocol=tcp cidr={office.ip}/32 portrange=22\ncreate instance distro=debian keypair={my.keypair} name=jump subnet=$pubsubnet securitygroup=$sshsecgroup type=t2.micro\n\n```\n Then to administrate your DB you can do:\n $ HOST=$(awless show production --values-for PublicDNS --local)\n $ awless ssh jump\n $ sudo apt-get update; sudo apt-get install -y postgresql-client-9.4\n $ psql --host={VALUE FROM HOST ABOVE} --port=5432 --username=... --password --dbname=...\n\n\n\n### Group of instances scaling with CPU consumption\n\n\n\n\n*Create an autoscaling group of instances and watch their CPU to dynamically allocate/delete instances when needed.*\n\n\n\n**tags**: \ninfra, autoscaling\n\n\n(run it locally with: `awless run repo:dynamic_autoscaling_watching_CPU -v`)\n\n\n\n**STEPS**\n\n Create the instances launch configuration\n\n```sh\nlaunchconfig = create launchconfiguration image={instance.image} keypair={instance.keypair} name=scalingLaunchConf type={instance.type}\n\n```\n Create the scalinggroup\n\n```sh\ncreate scalinggroup desired-capacity=2 launchconfiguration=$launchconfig max-size={instance.max-number} min-size={instance.min-number} name=instancesScalingGroup subnets={instance.subnets}\n\n```\n Create a scaling policy to add instances (scale-in) and a scaling policy to remove instances (scale-out)\n\n```sh\nadjustmentType = ChangeInCapacity\nscalein = create scalingpolicy adjustment-scaling=1 adjustment-type=$adjustmentType name=policy-scaling-in scalinggroup=instancesScalingGroup\nscaleout = create scalingpolicy adjustment-scaling=-1 adjustment-type=$adjustmentType name=policy-step-scaling-2 scalinggroup=instancesScalingGroup\n\n```\n metrics statistic functions\n\n```sh\nstatFunction = Average\nalarmThreshold = 75\nmonitoredMetric = CPUUtilization\n\n```\n Add a monitoring alarm to enable scalein when CPU load is above 75% during 2 * 5 min\n\n```sh\ncreate alarm namespace=AWS/EC2 dimensions=AutoScalingGroupName:instancesScalingGroup evaluation-periods=2 metric=$monitoredMetric name=scaleinAlarm operator=GreaterThanOrEqualToThreshold period=300 statistic-function=$statFunction threshold=$alarmThreshold\nattach alarm name=scaleinAlarm action-arn=$scalein\n\n```\n Add a monitoring alarm to enable scaleout when CPU load is below 75% during 2 * 5 min\n\n```sh\ncreate alarm namespace=AWS/EC2 dimensions=AutoScalingGroupName:instancesScalingGroup evaluation-periods=2 metric=$monitoredMetric name=scaleoutAlarm operator=LessThanOrEqualToThreshold period=300 statistic-function=$statFunction threshold=$alarmThreshold\nattach alarm name=scaleoutAlarm action-arn=$scaleout\n```\n\n\n\n### Highly-available wordpress infrastructure\n\n\n**-\u003e Minimal awless version required: v0.1.7**\n\n\n\n\n\n**tags**: \ninfra\n\n\n(run it locally with: `awless run repo:highly_available_wordpress_infra -v`)\n\n\n\n**STEPS**\n\n 1. Basic networking\n VPC and its Internet gateway\n\n```sh\nvpc = create vpc cidr=10.0.0.0/16 name=wordpress-ha-vpc\nigw = create internetgateway\nattach internetgateway id=$igw vpc=$vpc\npubSub1 = create subnet cidr=10.0.100.0/24 vpc=$vpc name=wordpress-ha-public-subnet-1 availabilityzone={availabilityzone.1}\nupdate subnet id=$pubSub1 public=true\npubSub2 = create subnet cidr=10.0.101.0/24 vpc=$vpc name=wordpress-ha-public-subnet-2 availabilityzone={availabilityzone.2}\nupdate subnet id=$pubSub2 public=true\nrt = create routetable vpc=$vpc\ncreate route table=$rt cidr=0.0.0.0/0 gateway=$igw\nattach routetable id=$rt subnet=$pubSub1\nattach routetable id=$rt subnet=$pubSub2\n\n```\n 2 private subnets in different AZs\n\n```sh\nprivSub1 = create subnet cidr=10.0.10.0/24 vpc=$vpc name=wordpress-ha-private-subnet-1 availabilityzone={availabilityzone.1}\nprivSub2 = create subnet cidr=10.0.11.0/24 vpc=$vpc name=wordpress-ha-private-subnet-2 availabilityzone={availabilityzone.2}\n\n```\n NAT Gateway in public subnet with a fixed IP\n\n```sh\nip = create elasticip\nnatgw = create natgateway elasticip-id=$ip subnet=$pubSub1\ncheck natgateway id=$natgw state=available timeout=180\n\n```\n Routing between private subnets and NAT gateway\n\n```sh\nnatgw_rtable = create routetable vpc=$vpc\nattach routetable id=$natgw_rtable subnet=$privSub1\nattach routetable id=$natgw_rtable subnet=$privSub2\ncreate route cidr=0.0.0.0/0 gateway=$natgw table=$natgw_rtable\n\n```\n 2. Provision loadbalancer\n Create the load balancer security group\n\n```sh\nlbsecgroup = create securitygroup vpc=$vpc description=\"authorize HTTP from the internet\" name=wordpress-ha-lb-securitygroup\nupdate securitygroup id=$lbsecgroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=80\n\n```\n Provision the load balancer listening in the public subnets, with its target group and HTTP listener\n\n```sh\ntg = create targetgroup name=wordpress-ha-workers port=80 protocol=HTTP vpc=$vpc\nupdate targetgroup id=$tg stickiness=true\nlb = create loadbalancer name=wordpress-ha-loadbalancer subnets=[$pubSub1,$pubSub2] securitygroups=$lbsecgroup\ncreate listener actiontype=forward loadbalancer=$lb port=80 protocol=HTTP targetgroup=$tg\n\n```\n 3. Provision instances\n Create keypair and instance\n\n```sh\nkeypair = create keypair name={keypair.name}\ninstSecGroup = create securitygroup vpc=$vpc description=\"HTTP + SSH within VPC\" name=wordpress-ha-private-secgroup\nupdate securitygroup id=$instSecGroup inbound=authorize cidr=10.0.0.0/16 portrange=22\nupdate securitygroup id=$instSecGroup inbound=authorize cidr=10.0.0.0/16 portrange=80\nlaunchconf = create launchconfiguration distro=amazonlinux keypair=$keypair name=wordpress-ha-launch-configuration type={instance.type} userdata=https://raw.githubusercontent.com/zn3zman/AWS-WordPress-Creation/master/WP-Setup.sh securitygroups=$instSecGroup\ncreate scalinggroup desired-capacity=2 launchconfiguration=$launchconf max-size=2 min-size=2 name=wordpress-scalinggroup subnets=[$privSub1, $privSub2] targetgroups=$tg\n```\n\n\n\n### Install awless scheduler\n\n\n**-\u003e Minimal awless version required: v0.1.7**\n\n\n\n\n\n\n(run it locally with: `awless run repo:install_awless_scheduler -v`)\n\n\n*Full CLI example:*\n```sh\nawless run repo:install_awless_scheduler\n```\n\n\n**STEPS**\n\n Launch new instance running remote user data script installing awless\n\n```sh\ncreate instance name={instance.name} distro=canonical:ubuntu type=t2.nano keypair={ssh.keypair} userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/ubuntu/install_awless_scheduler.sh role={role.name}\n```\n\n\n\n### Create an instance accessible with ssh with a new keypair\n\n\n\n\n\n\n**tags**: \ninfra, ssh\n\n\n(run it locally with: `awless run repo:instance_ssh -v`)\n\n\n\n**STEPS**\n\n Create a new security group for this instance\n\n```sh\nsecuritygroup = create securitygroup vpc={instance.vpc} description={securitygroup.description} name=ssh-from-internet\n\n```\n Authorize access on port 22 to instances in this security group\n\n```sh\nupdate securitygroup id=$securitygroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=22\n\n```\n Create a new keypair\n\n```sh\nkeypair = create keypair name={keypair.name}\n\n```\n Create an instance in this security group accessible with the new keypair\n\n```sh\ncreate instance subnet={instance.subnet} image={instance.image} type={instance.type} keypair=$keypair name={instance.name} count=1 securitygroup=$securitygroup\n```\n\n\n\n### Create an instance with preinstalled awless with completion\n\n\n\n\n\n\n**tags**: \ninfra, awless\n\n\n(run it locally with: `awless run repo:instance_with_awless -v`)\n\n\n\n**STEPS**\n\n role name variable\n\n```sh\nroleName = {awless.role-name}\n\n```\n Create a AWS role that applies on a resource\n\n```sh\ncreate role name=$roleName principal-service=\"ec2.amazonaws.com\" sleep-after=10\n\n```\n Attach typical necessary awless readonly permissions to the role\n\n```sh\nattach policy role=$roleName service=ec2 access=readonly\nattach policy role=$roleName service=s3 access=readonly\nattach policy role=$roleName service=sns access=readonly\nattach policy role=$roleName service=sqs access=readonly\nattach policy role=$roleName service=vpc access=readonly\nattach policy role=$roleName service=autoscaling access=readonly\nattach policy role=$roleName service=iam access=readonly\nattach policy role=$roleName service=rds access=readonly\nattach policy role=$roleName service=route53 access=readonly\nattach policy role=$roleName service=lambda access=readonly\n\n```\n Launch new instance running remote user data script installing awless\n\n```sh\ncreate instance name=awless-commander type=t2.nano keypair={ssh.keypair} userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/install_awless.yml role=$roleName\n```\n\n\n\n### Create an instance with preconfigured awless and awless-scheduler\n\n\n\n\n\n\n**tags**: \ninfra, awless, awless-scheduler\n\n\n(run it locally with: `awless run repo:instance_with_awless_scheduler -v`)\n\n\n\n**STEPS**\n\n Awless scheduler role variable\n\n```sh\nroleName = {awless-scheduler.role-name}\n\n```\n First we define a role that an EC2 instance can assume to use awless/awless-scheduler (write mode)\n\n```sh\ncreate role name=$roleName principal-service=\"ec2.amazonaws.com\" sleep-after=10\n\n```\n Attach typical necessary awless permissions to the role\n\n```sh\nattach policy role=$roleName service=ec2 access=full\nattach policy role=$roleName service=s3 access=full\nattach policy role=$roleName service=sns access=full\nattach policy role=$roleName service=sqs access=full\nattach policy role=$roleName service=vpc access=full\nattach policy role=$roleName service=autoscaling access=full\nattach policy role=$roleName service=rds access=full\nattach policy role=$roleName service=route53 access=full\nattach policy role=$roleName service=lambda access=full\n\n```\n We keep IAM on read only mode\n\n```sh\nattach policy role=$roleName service=iam access=readonly\n\n```\n Launch new instance running remote user data script installing awless\n\n```sh\ncreate instance name=AwlessWithScheduler type=t2.nano keypair={ssh.keypair} userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/install_awless_suite.yml role=$roleName\n```\n\n\n\n### Create an instance with tags and public IP\n\n\n\n\n*Create an instance with mulitple tags and attach to it an elastic IP*\n\n\n\n\n(run it locally with: `awless run repo:instance_with_tags_and_publicip -v`)\n\n\n\n**STEPS**\n\n\n```sh\ninst = create instance subnet={instance.subnet} image={instance.image} type={instance.type} keypair={instance.keypair} name={instance.name} securitygroup={instance.securitygroup}\n\n```\n Putting a tag on the instance\n\n```sh\ncreate tag resource=$inst key={instance.tagkey} value={instance.tagvalue}\n\n```\n Creating a elastic IP\n\n```sh\npubip = create elasticip domain=vpc\n\n```\n Attaching the IP onto the instance\n\n```sh\nattach elasticip id=$pubip instance=$inst\n```\n\n\n\n### Create a classic Kafka infra\n\n\n**-\u003e Minimal awless version required: v0.1.7**\n\n\n\n*Create a classic Kafka infra: brokers, 1 zookeeper instance*\n\n\n\n\n(run it locally with: `awless run repo:kafka_infra -v`)\n\n\n*Full CLI example:*\n```sh\nawless run repo:kafka_infra remote-access.cidr=$(awless whoami --ip-only)/32 broker.instance.type=t2.medium zookeeper.instance.type=t2.medium\n```\n\n\n**STEPS**\n\n Create the VPC and its internet gateway\n\n```sh\nvpc = create vpc cidr=10.0.0.0/16 name=kafka-vpc\nigw = create internetgateway\nattach internetgateway id=$igw vpc=$vpc\n\n```\n Create a public subnet\n\n```sh\nsubnet_cidr = 10.0.0.0/24\nsubnet = create subnet cidr=$subnet_cidr vpc=$vpc name=kafka-subnet\nupdate subnet id=$subnet public=true\nroutetable = create routetable vpc=$vpc\nattach routetable subnet=$subnet id=$routetable\ncreate route cidr=0.0.0.0/0 gateway=$igw table=$routetable\n\n```\n Create securitygroup for SSH: opening port 22 for all IPs\n\n```sh\nsshsecgroup = create securitygroup vpc=$vpc description=SSHSecurityGroup name=SSHSecurityGroup\nupdate securitygroup id=$sshsecgroup inbound=authorize protocol=tcp cidr={remote-access.cidr} portrange=22\n\n```\n Create securitygroup for Kafka instances (brokers \u0026 zookeeper)\n\n```sh\nkafkasecgroup = create securitygroup vpc=$vpc description=KafkaSecurityGroup name=KafkaSecurityGroup\nupdate securitygroup id=$kafkasecgroup inbound=authorize protocol=tcp cidr=$subnet_cidr portrange=0-65535\n\n```\n Create a role with policy for ec2 resources so that an instance can list other instances using a local `awless`\n\n```sh\ncreate role name=EC2ReadonlyRole principal-service=\"ec2.amazonaws.com\" sleep-after=20\nattach policy role=EC2ReadonlyRole service=ec2 access=readonly\n\n```\n Create Zookeeper instance with security groups attached\n\n```sh\nzookeeper = create instance name=zookeeper distro=redhat type={zookeeper.instance.type} keypair={keypair.name} subnet=$subnet securitygroup=[$sshsecgroup,$kafkasecgroup] userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/redhat/zookeeper.sh\n\n```\n Wait the Zookeeper instance is up and running\n\n```sh\ncheck instance id=$zookeeper state=running timeout=180\n\n```\n Create Kafka broker instances with role created above and security groups attached\n\n```sh\nbroker_1 = create instance name=broker_1 distro=redhat type={broker.instance.type} keypair={keypair.name} subnet=$subnet role=EC2ReadonlyRole securitygroup=[$sshsecgroup,$kafkasecgroup] userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/redhat/kafka.sh\nbroker_2 = create instance name=broker_2 distro=redhat type={broker.instance.type} keypair={keypair.name} subnet=$subnet role=EC2ReadonlyRole securitygroup=[$sshsecgroup,$kafkasecgroup] userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/redhat/kafka.sh\nbroker_3 = create instance name=broker_3 distro=redhat type={broker.instance.type} keypair={keypair.name} subnet=$subnet role=EC2ReadonlyRole securitygroup=[$sshsecgroup,$kafkasecgroup] userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/redhat/kafka.sh\n```\n\n\n\n### Create VPC with a Linux host bastion\n\n\n**-\u003e Minimal awless version required: v0.1.3**\n\n\n\n*This template build this typical Linux bastion [architecture](http://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html) except it only deploys one host bastion on one public subnet*\n\n\n\n**tags**: \ninfra\n\n\n(run it locally with: `awless run repo:linux_bastion -v`)\n\n\n\n**STEPS**\n\n Create a new VPC and make it public with an internet gateway\n\n```sh\nvpc = create vpc cidr=10.0.0.0/16 name=BastionVpc\ngateway = create internetgateway\nattach internetgateway id=$gateway vpc=$vpc\n\n```\n Create 2 private subnets each on a different availability zone\n That is where you will deploy resources only accessible through the bastion\n\n```sh\ncreate subnet cidr=10.0.0.0/19 name=PrivSubnet1 vpc=$vpc availabilityzone={availabilityzone.1}\ncreate subnet cidr=10.0.32.0/19 name=PrivSubnet2 vpc=$vpc availabilityzone={availabilityzone.2}\n\n```\n Create the the public subnet hosting the bastion\n\n```sh\npubSubnet = create subnet cidr=10.0.128.0/20 name=PubSubnet1 vpc=$vpc availabilityzone={availabilityzone.1}\nupdate subnet id=$pubSubnet public=true\n\n```\n Create a route table (with routing only allowed within VPC by default)\n\n```sh\nrtable = create routetable vpc=$vpc\n\n```\n Make the public subnet use the route table\n\n```sh\nattach routetable id=$rtable subnet=$pubSubnet\ncreate route cidr=0.0.0.0/0 gateway=$gateway table=$rtable\n\n```\n Create the firewall with the remote access CIDR applied on each bastion host\n\n```sh\nbastionSecGroup = create securitygroup vpc=$vpc description=BastionSecGroup name=bastion-secgroup\nupdate securitygroup id=$bastionSecGroup inbound=authorize protocol=tcp cidr={remoteaccess-cidr} portrange=22\nupdate securitygroup id=$bastionSecGroup inbound=authorize protocol=icmp cidr={remoteaccess-cidr} portrange=any\n\n```\n Allow only a set of permitted actions for the 2 host bastions\n\n```sh\ncreate role name=BastionHostRole principal-service=ec2.amazonaws.com sleep-after=30\nbastionEc2Policy = create policy name=BastionEc2Permissions action=[ec2:DescribeAddresses,ec2:AssociateAddress] resource=\"*\" effect=Allow\nattach policy role=BastionHostRole arn=$bastionEc2Policy\n\n```\n Create one elastic IPs for that will be dynamically aasigned to the host bastion by the bootstrap script\n\n```sh\ncreate elasticip domain=vpc\n\n```\n Create the autoscaling group\n\n```sh\nlaunchConfig = create launchconfiguration image={instance.image} keypair={keypair.name} securitygroups=$bastionSecGroup name=BastionHostsLaunchConfig type=t2.micro role=BastionHostRole userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/prepare_bastion.yml\ncreate scalinggroup desired-capacity=1 launchconfiguration=$launchConfig max-size=1 min-size=1 name=autoscaling-instances-group subnets=$pubSubnet\n```\n\n\n\n### Create a dbsubnetgroups\n\n\n\n\n*Create 2 subnets on different availability zones to later on constitute the dbsubnet group*\n\n\n\n\n(run it locally with: `awless run repo:new_dbsubnetgroup -v`)\n\n\n*Full CLI example:*\n```sh\nrun repo:new_dbsubnetgroup.draft first.subnet.cidr=10.0.0.0/25 first.subnet.availabilityzone=us-west-1a second.subnet.cidr=10.0.0.128/25 second.subnet.availabilityzone=us-west-1c vpc.cidr=10.0.0.0/24 vpc.name=myvpc\n```\n\n\n**STEPS**\n\n Create a new VPC open to Internet to host the subnets\n\n```sh\nvpc = create vpc cidr={vpc.cidr} name={vpc.name}\ngateway = create internetgateway\nattach internetgateway id=$gateway vpc=$vpc\nfirstsubnet = create subnet cidr={first.subnet.cidr} vpc=$vpc name={first.subnet.name} availabilityzone={first.subnet.availabilityzone}\nupdate subnet id=$firstsubnet public=true\nsecondsubnet = create subnet cidr={second.subnet.cidr} vpc=$vpc name={second.subnet.name} availabilityzone={second.subnet.availabilityzone}\nupdate subnet id=$secondsubnet public=true\n\n```\n Create a route table for this network\n\n```sh\nrtable = create routetable vpc=$vpc\n\n```\n Make the subnets open to the Internet (through vpc that has an internetgateway)\n\n```sh\nattach routetable id=$rtable subnet=$firstsubnet\nattach routetable id=$rtable subnet=$secondsubnet\ncreate dbsubnetgroup name={dbsubnetgroup.name} description={dbsubnetgroup.description} subnets=[$firstsubnet, $secondsubnet]\n```\n\n\n\n### Attach usual readonly AWS policies (set of permissions) on group\n\n\n\n\n*When you want your users to have a set of permissions, instead of attaching permissions directly on users it is a good practice and simpler to define a group having those permissions and then adding/removing as needed users from those groups.*\n\n\n\n**tags**: \naccess, policy, role\n\n\n(run it locally with: `awless run repo:policies_on_group -v`)\n\n\n\n**STEPS**\n\n\n```sh\nattach policy service=ec2 access=readonly group={group-name}\nattach policy service=s3 access=readonly group={group-name}\nattach policy service=sns access=readonly group={group-name}\nattach policy service=sqs access=readonly group={group-name}\nattach policy service=vpc access=readonly group={group-name}\nattach policy service=autoscaling access=readonly group={group-name}\nattach policy service=iam access=readonly group={group-name}\nattach policy service=rds access=readonly group={group-name}\nattach policy service=route53 access=readonly group={group-name}\n```\n\n\n\n### Create a public network enabling routing from the Internet\n\n\n\n\n\n\n**tags**: \ninfra\n\n\n(run it locally with: `awless run repo:public_subnet -v`)\n\n\n\n**STEPS**\n\n Create the subnet\n\n```sh\nsubnet = create subnet cidr={subnet.cidr} vpc={subnet.vpc} name={subnet.name}\n\n```\n Allow instances in this network to have public IP addresses\n\n```sh\nupdate subnet id=$subnet public=true\n\n```\n Create a route table for this network\n\n```sh\nrtable = create routetable vpc={subnet.vpc}\nattach routetable id=$rtable subnet=$subnet\n\n```\n Enable routing from the Internet to this subnet\n\n```sh\ncreate route cidr=0.0.0.0/0 gateway={vpc.internetgateway} table=$rtable\n```\n\n\n\n### Create a AWS role with usual readonly policies that applies on a resource\n\n\n\n\n*Create a AWS role that applies on a resource (retrieve the account id with `awless whoami`)*\n\n\n\n**tags**: \naccess, policy, role\n\n\n(run it locally with: `awless run repo:role_for_resource -v`)\n\n\n\n**STEPS**\n\n\n```sh\nroleName = {role-name}\ncreate role name=$roleName principal-service={aws-service}\n\n```\n Attach policy (set of permissions) to the created role\n\n```sh\nattach policy role=$roleName service=ec2 access=readonly\nattach policy role=$roleName service=s3 access=readonly\nattach policy role=$roleName service=sns access=readonly\nattach policy role=$roleName service=sqs access=readonly\nattach policy role=$roleName service=vpc access=readonly\nattach policy role=$roleName service=autoscaling access=readonly\nattach policy role=$roleName service=iam access=readonly\nattach policy role=$roleName service=rds access=readonly\nattach policy role=$roleName service=route53 access=readonly\n```\n\n\n\n### Create a AWS role with usual readonly policies that applies on a user\n\n\n\n\n*Create a AWS role that applies on a user (retrieve the id with `awless whoami`)*\n\n\n\n**tags**: \naccess, policy, user\n\n\n(run it locally with: `awless run repo:role_for_user -v`)\n\n\n\n**STEPS**\n\n\n```sh\nnewRole = create role name={role-name} principal-account={aws-account-id}\n\n```\n Attach policy (set of permissions) to the created role\n\n```sh\nattach policy role={role-name} service=ec2 access=readonly\nattach policy role={role-name} service=s3 access=readonly\nattach policy role={role-name} service=sns access=readonly\nattach policy role={role-name} service=sqs access=readonly\nattach policy role={role-name} service=vpc access=readonly\nattach policy role={role-name} service=autoscaling access=readonly\nattach policy role={role-name} service=iam access=readonly\nattach policy role={role-name} service=rds access=readonly\nattach policy role={role-name} service=route53 access=readonly\n\n```\n Create a policy to allow user with this policy to assume only this role\n You can then attach this policy to a user via `awless attach policy arn=... user=jsmith`\n\n```sh\ncreate policy name={assume-policy-name} effect=Allow action=sts:AssumeRole resource=$newRole\n```\n\n\n\n### Create a static website on S3\n\n\n\n\n\n\n**tags**: \ns3\n\n\n(run it locally with: `awless run repo:s3website -v`)\n\n\n\n**STEPS**\n\n Create the bucket where files will be stored\n\n```sh\ncreate bucket name={domain.name} acl=public-read\n\n```\n Publish this s3bucket as a website\n\n```sh\nupdate bucket name={domain.name} public-website=true redirect-hostname={domain.name}\n\n```\n Add files to the bucket with\n awless create s3object bucket={domain.name} file={input-file-path} acl=public-read\n\n\n\n### Simple wordpress deployment\n\n\n\n\n\n\n**tags**: \ninfra\n\n\n(run it locally with: `awless run repo:simple_wordpress_infra -v`)\n\n\n\n**STEPS**\n\n VPC and its Internet gateway\n\n```sh\nvpc = create vpc cidr=10.0.0.0/16 name=wordpress-vpc\nigw = create internetgateway\nattach internetgateway id=$igw vpc=$vpc\n\n```\n Subnet and its route table\n\n```sh\nsubnet = create subnet cidr=10.0.0.0/24 vpc=$vpc name=wordpress-subnet\nupdate subnet id=$subnet public=true\nroutetable = create routetable vpc=$vpc\nattach routetable subnet=$subnet id=$routetable\ncreate route cidr=0.0.0.0/0 gateway=$igw table=$routetable\n\n```\n Create a security group and authorize accesses from the Internet for port 22 and 80\n\n```sh\nsecgroup = create securitygroup vpc=$vpc description=\"authorize ssh and http from internet\" name=wordpress-secgroup\nupdate securitygroup id=$secgroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=22\nupdate securitygroup id=$secgroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=80\n\n```\n Create keypair and instance\n\n```sh\nkeypair = create keypair name={keypair.name}\ncreate instance name=wordpress-instance subnet=$subnet keypair=$keypair securitygroup=$secgroup userdata=https://raw.githubusercontent.com/zn3zman/AWS-WordPress-Creation/master/WP-Setup.sh\n```\n\n\n\n### Upload Image from local file\n\n\n\n\n*This template uploads on s3 a local VM file (VHD, OVA, VMDK). Then it creates an AMI from the S3 object.*\n\n\n\n**tags**: \ninfra, s3\n\n\n(run it locally with: `awless run repo:upload_image -v`)\n\n\n\n**STEPS**\n\n Upload the image on s3\n\n```sh\nbucket = {image.bucket}\nimageObject = create s3object bucket=$bucket file={image.filepath}\n\n```\n Create the AMI from the object on S3\n\n```sh\nimport image description={image.description} bucket=$bucket s3object=$imageObject\n```\n\n\n\n### Create a user with its SDK/Shell access key and console password\n\n\n\n\n\n\n**tags**: \naccess, user\n\n\n(run it locally with: `awless run repo:user -v`)\n\n\n\n**STEPS**\n\n\n```sh\nusername = {user.name}\n\n```\n Create user\n\n```sh\ncreate user name=$username\n\n```\n Create AWS Console password\n\n```sh\ncreate loginprofile username=$username password={user.console-password}\n\n```\n Create SDK/shell access key\n\n```sh\ncreate accesskey user=$username\n```\n\n\n\n### Create a VPC with its internet routing gateway\n\n\n\n\n\n\n**tags**: \ninfra, VPC\n\n\n(run it locally with: `awless run repo:vpc -v`)\n\n\n\n**STEPS**\n\n\n```sh\nvpc = create vpc cidr={vpc.cidr} name={vpc.name}\ngateway = create internetgateway\nattach internetgateway id=$gateway vpc=$vpc\n```\n\n\n\n### Create a VPC with 3 internal subnets\n\n\n\n\n\n\n\n(run it locally with: `awless run repo:vpc_with_subnets -v`)\n\n\n\n**STEPS**\n\n Create a new VPC with private subnets (no internet gateway)\n\n```sh\nvpc = create vpc cidr=10.0.0.0/16 name=vpc_10.0.0.0_16\ncreate subnet cidr=10.0.0.0/24 vpc=$vpc name=sub_10.0.0.0_24 availabilityzone={subnet1.zone}\ncreate subnet cidr=10.0.1.0/24 vpc=$vpc name=sub_10.0.1.0_24 availabilityzone={subnet2.zone}\n```\n\n\n\n### Highly-available wordpress behind a loadbalancer, with a RDS database\n\n\n**-\u003e Minimal awless version required: v0.1.1**\n\n\n\n\n\n**tags**: \ninfra, rds, autoscaling\n\n\n(run it locally with: `awless run repo:wordpress_ha -v`)\n\n\n\n**STEPS**\n\n\n```sh\ndbname={dbname}\ndbhost={dbhost}\ndbuser={dbuser}\ndbpassword={dbpassword}\n\n```\n Create the load balancer with its security group, target group and listener\n\n```sh\nlbsecgroup = create securitygroup vpc={wordpress.vpc} description=\"authorize HTTP from the Internet\" name=wordpress-lb-securitygroup\nupdate securitygroup id=$lbsecgroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=80\ntg = create targetgroup name=wordpress-workers port=80 protocol=HTTP vpc={wordpress.vpc}\nlb = create loadbalancer name=wordpress-loadbalancer subnets={wordpress.subnets} securitygroups=$lbsecgroup\ncreate listener actiontype=forward loadbalancer=$lb port=80 protocol=HTTP targetgroup=$tg\n\n```\n Create the launch configuration for the instances and start it in a scaling group, to ensure having always 2 instances running\n\n```sh\nlaunchconf = create launchconfiguration image={instance.image} keypair={wordpress.keypair} name=wordpress-launch-configuration type=t2.micro userdata=https://raw.githubusercontent.com/wallix/awless-templates/master/userdata/wordpress.sh securitygroups={instances.securitygroup}\ncreate scalinggroup desired-capacity=2 launchconfiguration=$launchconf max-size=2 min-size=2 name=wordpress-scalinggroup subnets={wordpress.subnets} targetgroups=$tg\n```\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwallix%2Fawless-templates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwallix%2Fawless-templates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwallix%2Fawless-templates/lists"}