resource :Alb, 'AWS::ElasticLoadBalancingV2::LoadBalancer', DependsOn: [:SgAlb, :SgWeb] do
subnets Fn::split(',', Fn::import_value(Fn::sub('${<%= vpc %>}-<%= subnetids %>'))) security_groups [ Fn::ref(:SgAlb), Fn::ref(:SgWeb), ] tag :Name, Fn::ref('AWS::StackName')
end
resource :AlbTg, 'AWS::ElasticLoadBalancingV2::TargetGroup', DependsOn: :Alb do
port 3000 # container port to connect protocol :HTTP health_check_path '/status' health_check_port 'traffic-port' health_check_protocol :HTTP health_check_interval_seconds 15 health_check_timeout_seconds 5 healthy_threshold_count 2 unhealthy_threshold_count 2 target_group_attributes [ { Key: 'deregistration_delay.timeout_seconds', Value: 10 } ] vpc_id Fn::import_value(Fn::sub('${<%= vpc %>}-<%= vpcid %>')) target_type :ip
end
## listen to HTTP on port 80 resource :Alb80, 'AWS::ElasticLoadBalancingV2::Listener', DependsOn: [:Alb, :AlbTg] do
load_balancer_arn Fn::ref(:Alb) port 80 protocol :HTTP default_actions [ {Type: :forward, TargetGroupArn: Fn::ref(:AlbTg)} ]
end
## listen to HTTPS on port 443 # resource :Alb443, 'AWS::ElasticLoadBalancingV2::Listener', DependsOn: [:Alb, :AlbTg] do # load_balancer_arn Fn::ref(:Alb) # port 443 # protocol :HTTPS # ## default cert for requests # certificates [ # { CertificateArn: Fn::sub('arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/FIXME') } # ] # ssl_policy 'ELBSecurityPolicy-TLS-1-2-2017-01' # default_actions [ {Type: :forward, TargetGroupArn: Fn::ref(:AlbTg)} ] # end
## add extra certs # resource :AlbCert, 'AWS::ElasticLoadBalancingV2::ListenerCertificate', DependsOn: :Alb443 do # listener_arn Fn::ref(:Alb443) # certificates [ # { CertificateArn: Fn::sub('arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/FIXME') } # ] # end
output :AlbArn, Fn::ref(:Alb), export: Fn::sub('${AWS::StackName}-AlbArn') output :AlbName, Fn::get_att(:Alb, :LoadBalancerName) output :AlbDnsName, Fn::get_att(:Alb, :DNSName) output :AlbHostedZone, Fn::get_att(:Alb, :CanonicalHostedZoneID)