https://github.com/juliusmarkwei/vpc-config2

https://github.com/juliusmarkwei/vpc-config2

Last synced: 4 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/juliusmarkwei/vpc-config2
• Owner: juliusmarkwei
• Created: 2025-03-24T12:05:24.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-03-24T14:02:56.000Z (about 1 year ago)
• Last Synced: 2025-04-19T07:20:40.173Z (about 1 year ago)
• Size: 5.86 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# **CloudFormation Template: Highly Available VPC with ALB, NAT Gateway, and RDS PostgreSQL Database**

## **Overview**

This AWS CloudFormation template provisions a highly available infrastructure for a web application, including:

-   A **VPC** with public and private subnets across multiple availability zones (AZs).

-   An **Application Load Balancer (ALB)** for handling HTTP traffic.

-   **Elastic Load Balancer Security Group** to allow internet traffic.

-   **ECS Security Group** to allow traffic between ECS services and the ALB.

-   **NAT Gateway** to enable private subnets to access the internet.

-   **RDS PostgreSQL Database** with Multi-AZ failover enabled for high availability.

-   **Security Groups** for controlling access between ECS services, the ALB, and the RDS PostgreSQL instance.

-   **AWS Secrets Manager** to securely store and manage the PostgreSQL database credentials.

The PostgreSQL database is configured to use Multi-AZ for high availability, ensuring automatic failover in case of instance failure. The database password is generated and stored securely in **Secrets Manager**.

## **Architecture**

-   **VPC**: The template creates a custom VPC with a CIDR block of `10.0.0.0/16` and splits it into public and private subnets.

-   **Subnets**: Three public subnets and three private subnets are created, each located in a different Availability Zone (AZ) to provide high availability.

-   **NAT Gateway**: The NAT gateway is provisioned to allow resources in private subnets to access the internet.

-   **Security Groups**:

    -   **ECSSecurityGroup**: Allows ECS services to communicate with the ALB.

    -   **ALBSecurityGroup**: Allows HTTP traffic (port 80) from the internet to the load balancer.

    -   **RDSSecurityGroup**: Allows access to the PostgreSQL RDS instance from ECS services.

-   **RDS PostgreSQL**: The PostgreSQL instance is deployed in a Multi-AZ configuration with automatic failover for high availability.

-   **AWS Secrets Manager**: Automatically generates a password for the PostgreSQL instance and securely stores it.

## **Parameters**

-   `DBUsername`: The username for the PostgreSQL database. This is a string parameter provided at the time of stack creation.

## **Resources Created**

-   **VPC**: A custom VPC with CIDR block `10.0.0.0/16` and DNS support.

-   **Subnets**: Three public and three private subnets, each in a different AZ.

-   **Internet Gateway**: To provide public internet access.

-   **NAT Gateway**: For internet access from private subnets.

-   **Route Tables**: Public and private route tables to direct traffic accordingly.

-   **Security Groups**:

    -   **ECS Security Group**: Allows communication between ECS and ALB.

    -   **ALB Security Group**: Allows internet access to the ALB.

    -   **RDS Security Group**: Allows communication from ECS services to the PostgreSQL database.

-   **RDS PostgreSQL Database**: A PostgreSQL database with Multi-AZ failover and storage for the "photoalbum" database.

-   **Secrets Manager**: Automatically generates and stores the database password.

## **How to Use This Template**

### **Prerequisites**

-   An AWS account with sufficient permissions to create resources such as VPCs, security groups, and RDS instances.

-   AWS CLI or AWS Management Console access to deploy the CloudFormation stack.

### **Deploying the Stack**

1. **Save the CloudFormation Template**:

    - Save the CloudFormation template as a `.yaml` file (e.g., `JuliusPhotoAlbumVPC.yaml`).

2. **Deploy via AWS Management Console**:

    - Go to the [AWS CloudFormation Console](https://console.aws.amazon.com/cloudformation).

    - Click **Create Stack**.

    - Upload the saved `.yaml` file or copy-paste its contents into the template editor.

    - Provide a **stack name** (e.g., `JuliusPhotoAlbumVPC`).

    - Enter the **DBUsername** for the PostgreSQL database.

    - Click **Next** and configure stack options.

    - Review and click **Create**.

3. **Deploy via AWS CLI**:

    - Use the AWS CLI to create the stack.

    ```bash

    aws cloudformation create-stack \

      --stack-name JuliusPhotoAlbumVPC \

      --template-body file://JuliusPhotoAlbumVPC.yaml \

      --parameters ParameterKey=DBUsername,ParameterValue= \

      --capabilities CAPABILITY_NAMED_IAM

    ```

### **Accessing the Resources**

-   **RDS PostgreSQL Database**:

    -   The database is deployed in a private subnet and is **not publicly accessible**. You can access it via an application hosted in ECS or through an EC2 instance in the private subnet.

    -   The **DBUsername** and **DBPassword** can be retrieved from AWS Secrets Manager (`/julius-photoalbum/db/password`).

-   **ECS Service**:

    -   ECS services can connect to the database using the security groups that allow access to the RDS instance.

-   **ALB (Application Load Balancer)**:

    -   The ALB will be accessible over HTTP on port 80, routing traffic to the ECS service.

## **Outputs**

Once the stack is successfully created, the following outputs will be available:

-   **Public Subnets**: The resource IDs of the three public subnets.

-   **Private Subnets**: The resource IDs of the three private subnets.

-   **Security Groups**: The resource IDs of the ECS, ALB, and RDS security groups.

-   **RDS PostgreSQL Database**: The identifier of the created PostgreSQL RDS instance.

-   **Secrets Manager**: The ARN of the Secrets Manager secret that stores the database password.

## **Template Overview**

### **Key Resources**

-   **VPC**:

    -   A custom VPC (`JuliusPhotoAlbumVPC2`) with a CIDR block of `10.0.0.0/16`.

    -   Multiple subnets across three availability zones for high availability.

    -   Route tables for routing traffic to the internet (for public subnets) and using the NAT Gateway (for private subnets).

-   **Security Groups**:

    -   **ECS Security Group**: Allows traffic from the ALB to ECS (port 3000).

    -   **ALB Security Group**: Allows inbound HTTP (port 80) from the internet.

    -   **RDS Security Group**: Allows inbound traffic from ECS to PostgreSQL on port 5432.

-   **NAT Gateway**: Provides internet access to the private subnets.

-   **RDS PostgreSQL Database**: A multi-AZ, fault-tolerant PostgreSQL database with automatic failover.

-   **Secrets Manager**: Stores and generates a secure password for the PostgreSQL instance.

## **Conclusion**

This CloudFormation template automates the deployment of a scalable, highly available infrastructure using AWS best practices. It integrates services like ECS, ALB, RDS, and Secrets Manager to provide a secure, fault-tolerant environment for running a web application with PostgreSQL as the database backend.

For any troubleshooting or modifications, refer to the AWS CloudFormation console, review the logs, and adjust parameters as necessary.