phonebook-app.yml

AWSTemplateFormatVersion: 2010-09-09
Description: |
  CloudFormation Template for Phonebook Application. This template creates Application 
  Load Balancer with Auto Scaling Group of Amazon Linux 2 ( ami-033b95fb8079dc481) EC2 Instances 
  which host Python Flask Web Application. EC2 instances are placed within 
  WebServerSecurityGroup which allows http (80) connections only from ALBSecurityGroup, 
  and allows tcp(3306) connections only within itself. RDS DB instance is placed within 
  WebServerSecurityGroup so that Database Server can communicate with Web Servers. 
  Application Load Balancer is placed within ALBSecurityGroup which allows http (80) 
  connections from anywhere. WebServerASG Auto Scaling Group is using the WebServerLT 
  Launch Template in order to spin up instances needed. WebServerLT Launch Template is 
  configured to prepare Python Flask environment on EC2, and to deploy Phonebook 
  Application on Flask Server after downloading the app code from Github repository.

Parameters:
  MyVPC:
    Description: VPC Id of your existing account.
    Type: AWS::EC2::VPC::Id

  KeyName:
    Description: Please enter your valid Key pair.
    Type: AWS::EC2::KeyPair::KeyName
  Subnets:
    Description: Choose your subnets.
    Type: List<AWS::EC2::Subnet::Id>

Resources:
  ALBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable HTTP for ALB
      VpcId: !Ref MyVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable HTTP for Flask server and SSH for getting into EC2.
      VpcId: !Ref MyVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          SourceSecurityGroupId: !GetAtt ALBSecurityGroup.GroupId

  WebServerLT:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateData:
        ImageId: ami-033b95fb8079dc481
        InstanceType: t2.micro
        KeyName: !Ref KeyName
        SecurityGroupIds:
          - !GetAtt WebServerSecurityGroup.GroupId
        TagSpecifications:
          - ResourceType: instance
            Tags:
              - Key: Name
                Value: !Sub Web Server of ${AWS::StackName} Stack
        UserData:
          Fn::Base64: !Sub
            - |
              #! /bin/bash
              yum update -y
              yum install python3 -y
              pip3 install flask
              pip3 install flask_mysql
              echo "${MyDBURI}" > /home/ec2-user/dbserver.endpoint
              # Add GitHub Token if your repository is private
              # TOKEN="****************************************"
              # FOLDER="https://$TOKEN@raw.githubusercontent.com/devenes/private-projects/main/Phonebook-Application/"
              FOLDER="https://raw.githubusercontent.com/devenes/cloudformation-loadbalancer-phonebook/main/"
              curl -s --create-dirs -o "/home/ec2-user/templates/index.html" -L "$FOLDER"templates/index.html
              curl -s --create-dirs -o "/home/ec2-user/templates/add-update.html" -L "$FOLDER"templates/add-update.html
              curl -s --create-dirs -o "/home/ec2-user/templates/delete.html" -L "$FOLDER"templates/delete.html
              curl -s --create-dirs -o "/home/ec2-user/phonebook-app.py" -L "$FOLDER"phonebook-app.py
              python3 /home/ec2-user/phonebook-app.py
              # Get Database Endpoint from CloudFormation as a variable:
            - MyDBURI: !GetAtt MyDatabaseServer.Endpoint.Address

  WebServerTG:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Port: 80
      Protocol: HTTP
      TargetType: instance
      UnhealthyThresholdCount: 3
      HealthyThresholdCount: 2
      VpcId: !Ref MyVPC

  ApplicationLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      IpAddressType: ipv4
      Scheme: internet-facing
      SecurityGroups:
        - !GetAtt ALBSecurityGroup.GroupId
      Subnets: !Ref Subnets
      Type: application

  ALBListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions: # Required
        - TargetGroupArn: !Ref WebServerTG
          Type: forward
      LoadBalancerArn: !Ref ApplicationLoadBalancer # Required
      Port: 80
      Protocol: HTTP

  WebServerASG:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AvailabilityZones: !GetAZs ""
      DesiredCapacity: 2
      HealthCheckGracePeriod: 300
      HealthCheckType: ELB
      LaunchTemplate:
        LaunchTemplateId: !Ref WebServerLT
        Version: !GetAtt WebServerLT.LatestVersionNumber
      MaxSize: 3 # Required
      MinSize: 1 # Required
      TargetGroupARNs:
        - !Ref WebServerTG

  MyDBSecurityGroup:
    Type: AWS::RDS::DBSecurityGroup
    Properties:
      GroupDescription: Front-end access to RDS
      DBSecurityGroupIngress:
        - CIDRIP: 0.0.0.0/0
        - EC2SecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId

  MyDatabaseServer:
    Type: AWS::RDS::DBInstance
    DeletionPolicy: Delete
    Properties:
      AllocatedStorage: 20
      AllowMajorVersionUpgrade: false
      AutoMinorVersionUpgrade: true
      BackupRetentionPeriod: 0
      DBInstanceIdentifier: enes-db-3
      DBName: enes_phonebook
      DBSecurityGroups:
        - !Ref MyDBSecurityGroup
      Engine: MySQL
      DBInstanceClass: db.t2.micro
      EngineVersion: 8.0.19
      MasterUsername: admin
      MasterUserPassword: Enes123456
      Port: 3306
      PubliclyAccessible: true

Outputs:
  WebsiteURL:
    Value: !Sub
      - http://${ALBAddress}
      - ALBAddress: !GetAtt ApplicationLoadBalancer.DNSName
    Description: Phonebook Application Load Balancer URL