axonops.yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: Deploys a three node Cassandra cluster using docker with AxonOps for Development and Test purposes

Mappings:
  RegionMap:
    ap-south-1:
      HVM64: ami-0ccc1fadfa5d2b52d
      HVMG2: NOT_SUPPORTED
    eu-north-1:
      HVM64: ami-088461ccf6c07193e
      HVMG2: NOT_SUPPORTED
    eu-west-3:
      HVM64: ami-03a54d7ed7036a5fc
      HVMG2: NOT_SUPPORTED
    eu-west-2:
      HVM64: ami-08b182d6ae75cd8c5
      HVMG2: NOT_SUPPORTED
    eu-west-1:
      HVM64: ami-083f40a97f7330290
      HVMG2: NOT_SUPPORTED
    ap-northeast-3:
      HVM64: ami-0626617cb078475b0
      HVMG2: NOT_SUPPORTED
    ap-northeast-2:
      HVM64: ami-0fec5ae5d7ce75220
      HVMG2: NOT_SUPPORTED
    ap-northeast-1:
      HVM64: ami-0da8ef8b6ebfc5993
      HVMG2: NOT_SUPPORTED
    ca-central-1:
      HVM64: ami-0f4317a17699e6eb4
      HVMG2: NOT_SUPPORTED
    sa-east-1:
      HVM64: ami-06b1c0722ddd62e51
      HVMG2: NOT_SUPPORTED
    ap-southeast-1:
      HVM64: ami-067372f57bb4b4816
      HVMG2: NOT_SUPPORTED
    ap-southeast-2:
      HVM64: ami-0110ac77229f56d8c
      HVMG2: NOT_SUPPORTED
    eu-central-1:
      HVM64: ami-0c0fd2722b61cb00f
      HVMG2: NOT_SUPPORTED
    us-east-1:
      HVM64: ami-0f3a106ae765ef6dc
      HVMG2: NOT_SUPPORTED
    us-east-2:
      HVM64: ami-03324d32d4b53e175
      HVMG2: NOT_SUPPORTED
    us-west-1:
      HVM64: ami-0a31b4bdde8e28b3d
      HVMG2: NOT_SUPPORTED
    us-west-2:
      HVM64: ami-032fb71cbb1e25222
      HVMG2: NOT_SUPPORTED

Parameters:
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: "VPCId of Virtual Private Cloud (VPC)."

  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: t3.medium
    AllowedValues:
      - t3.medium
      - t3.large
      - t3.xlarge
      - t3.2xlarge
      - m5.xlarge
      - m5.2xlarge
    ConstraintDescription: Must be a valid EC2 instance type

  AllowAccessFrom:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

  SSHKey:
    Type: AWS::EC2::KeyPair::KeyName
    Description: name of the key pair to ssh into the instance

Resources:
  AxonOpsInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      KeyName: !Ref SSHKey
      ImageId: !FindInMap
        - RegionMap
        - !Ref 'AWS::Region'
        - HVM64
      NetworkInterfaces:
        - AssociatePublicIpAddress: true
          DeviceIndex: 0
          DeleteOnTermination: true
          SubnetId: subnet-0efe415d4743aa498
          GroupSet: 
            - Ref: "InstanceSecurityGroup"
      UserData:
        Fn::Base64: 
          !Sub |
            #!/bin/bash
            apt-get update
            apt-get -y install docker.io docker-compose git nginx curl
            git clone https://github.com/axonops/axonops-cassandra-dev-cluster.git /opt/axonops
            cd /opt/axonops

            openssl req  -nodes -new -x509  \
              -keyout /opt/axonops/server.key \
              -out /opt/axonops/server.crt \
              -subj "/C=US/ST=State/L=City/O=company/OU=Com/CN=$(hostname)"
            
            cat > /etc/nginx/sites-enabled/default <<END
            server {
              listen $(curl -s http://169.254.169.254/latest/meta-data/local-ipv4):443 ssl;

              server_name $(hostname -f);

              root /usr/share/nginx;
              index index.html;

              ssl_certificate     /opt/axonops/server.crt;
              ssl_certificate_key /opt/axonops/server.key;
              ssl_protocols       TLSv1.1 TLSv1.2;

              location / {
                proxy_pass http://localhost:3000;
              }
            }
            END
            systemctl restart nginx
            docker-compose up -d

  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable SSH access and port 3000 access
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: !Ref AllowAccessFrom
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: !Ref AllowAccessFrom

Outputs:
  InstanceId:
    Description: The instance ID of the web server
    Value:
      Ref: AxonOpsInstance
  WebsiteURL:
    Value:
      !Sub 'https://${AxonOpsInstance.PublicDnsName}'
    Description: URL for newly created AxonOps stack
  PublicIP:
    Description: Public IP address of the web server
    Value:
      !GetAtt AxonOpsInstance.PublicIp