You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
179 lines
5.3 KiB
179 lines
5.3 KiB
AWSTemplateFormatVersion: 2010-09-09
|
|
Description: >-
|
|
CloudFormation template to deploy Infisical on a EC2 instance with a
|
|
DocumentDB instance
|
|
Parameters:
|
|
KeyPairName:
|
|
Description: The name of the EC2 Key Pair to enable SSH access to the instance
|
|
Type: "AWS::EC2::KeyPair::KeyName"
|
|
VpcId:
|
|
Description: The ID of the VPC in which to launch the instance
|
|
Type: "AWS::EC2::VPC::Id"
|
|
DocumentDBUsername:
|
|
Description: The username for the DocumentDB instance
|
|
Type: String
|
|
MinLength: 5
|
|
DocumentDBPassword:
|
|
Description: The password for the DocumentDB instance (minimum 8 characters)
|
|
Type: String
|
|
MinLength: 8
|
|
NoEcho: true
|
|
Resources:
|
|
DocumentDBCluster:
|
|
Type: "AWS::DocDB::DBCluster"
|
|
Properties:
|
|
EngineVersion: 5.0.0
|
|
StorageEncrypted: true
|
|
MasterUsername: !Ref DocumentDBUsername
|
|
MasterUserPassword: !Ref DocumentDBPassword
|
|
VpcSecurityGroupIds:
|
|
- !Ref DocumentDBClusterSecurityGroup
|
|
DBClusterParameterGroupName: !Ref DBClusterParameterGroup
|
|
Metadata:
|
|
"AWS::CloudFormation::Designer":
|
|
id: 73b974cf-eed3-4f7d-8657-6a6746bac169
|
|
DependsOn:
|
|
- DBClusterParameterGroup
|
|
DBClusterParameterGroup:
|
|
Type: "AWS::DocDB::DBClusterParameterGroup"
|
|
Properties:
|
|
Description: "description"
|
|
Family: "docdb5.0"
|
|
Parameters:
|
|
tls: "disabled"
|
|
ttl_monitor: "disabled"
|
|
Tags:
|
|
- Key: "String"
|
|
Value: "String"
|
|
DocumentDBInstance:
|
|
Type: "AWS::DocDB::DBInstance"
|
|
Properties:
|
|
DBInstanceClass: db.t4g.medium
|
|
DBClusterIdentifier: !Ref DocumentDBCluster
|
|
Metadata:
|
|
"AWS::CloudFormation::Designer":
|
|
id: f04cee38-175e-4432-9ad7-62ca28bbf935
|
|
DocumentDBClusterSecurityGroup:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Allow inbound traffic for DocumentDB cluster
|
|
VpcId: !Ref VpcId
|
|
SecurityGroupIngress:
|
|
- IpProtocol: tcp
|
|
FromPort: 27017
|
|
ToPort: 27017
|
|
SourceSecurityGroupId: !Ref InstanceSecurityGroup
|
|
EC2Instance:
|
|
Type: "AWS::EC2::Instance"
|
|
Properties:
|
|
ImageId: ami-0557a15b87f6559cf
|
|
InstanceType: t2.medium
|
|
KeyName: !Ref KeyPairName
|
|
UserData:
|
|
Fn::Base64: !Sub |
|
|
#!/bin/bash
|
|
cd /home/ubuntu
|
|
curl -fsSL https://get.docker.com -o get-docker.sh
|
|
sh get-docker.sh
|
|
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
sudo chmod +x /usr/local/bin/docker-compose
|
|
git clone https://github.com/Infisical/infisical.git
|
|
cd infisical
|
|
|
|
DOCUMENT_DB_CONNECTION_URL="mongodb://${DocumentDBUsername}:${DocumentDBPassword}@${DocumentDBCluster.Endpoint}:${DocumentDBCluster.Port}/infisical?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false"
|
|
|
|
ENCRYPTION_KEY=$(openssl rand -hex 16)
|
|
JWT_SIGNUP_SECRET=$(openssl rand -hex 16)
|
|
JWT_REFRESH_SECRET=$(openssl rand -hex 16)
|
|
JWT_AUTH_SECRET=$(openssl rand -hex 16)
|
|
JWT_SERVICE_SECRET=$(openssl rand -hex 16)
|
|
|
|
touch .env
|
|
|
|
echo "ENCRYPTION_KEY=${!ENCRYPTION_KEY}" >> .env
|
|
echo "JWT_SIGNUP_SECRET=${!JWT_SIGNUP_SECRET}" >> .env
|
|
echo "JWT_REFRESH_SECRET=${!JWT_REFRESH_SECRET}" >> .env
|
|
echo "JWT_AUTH_SECRET=${!JWT_AUTH_SECRET}" >> .env
|
|
echo "JWT_SERVICE_SECRET=${!JWT_SERVICE_SECRET}" >> .env
|
|
echo "MONGO_URL=${!DOCUMENT_DB_CONNECTION_URL}" >> .env
|
|
echo "HTTPS_ENABLED=false" >> .env
|
|
echo "REDIS_URL=redis://redis:6379" >> .env
|
|
|
|
docker-compose up -d
|
|
|
|
SecurityGroupIds:
|
|
- !Ref InstanceSecurityGroup
|
|
Tags:
|
|
- Key: Name
|
|
Value: infisical
|
|
Metadata:
|
|
"AWS::CloudFormation::Designer":
|
|
id: 2c0a771c-5002-4785-9848-0377e33cd0e9
|
|
DependsOn:
|
|
- DocumentDBInstance
|
|
|
|
InstanceSecurityGroup:
|
|
Type: "AWS::EC2::SecurityGroup"
|
|
Properties:
|
|
GroupDescription: Allow SSH and HTTP traffic
|
|
SecurityGroupIngress:
|
|
- IpProtocol: tcp
|
|
FromPort: 22
|
|
ToPort: 22
|
|
CidrIp: 0.0.0.0/0
|
|
- IpProtocol: tcp
|
|
FromPort: 80
|
|
ToPort: 80
|
|
CidrIp: 0.0.0.0/0
|
|
VpcId: !Ref VpcId
|
|
Metadata:
|
|
"AWS::CloudFormation::Designer":
|
|
id: 1fd6856a-11e5-4369-84fa-d18d4011b3de
|
|
|
|
Outputs:
|
|
InstanceIP:
|
|
Value: !GetAtt EC2Instance.PublicIp
|
|
Metadata:
|
|
"AWS::CloudFormation::Designer":
|
|
1fd6856a-11e5-4369-84fa-d18d4011b3de:
|
|
size:
|
|
width: 60
|
|
height: 60
|
|
position:
|
|
x: 60
|
|
"y": 90
|
|
z: 1
|
|
embeds: []
|
|
2c0a771c-5002-4785-9848-0377e33cd0e9:
|
|
size:
|
|
width: 60
|
|
height: 60
|
|
position:
|
|
x: 180
|
|
"y": 90
|
|
z: 1
|
|
embeds: []
|
|
isassociatedwith:
|
|
- 1fd6856a-11e5-4369-84fa-d18d4011b3de
|
|
dependson:
|
|
- 2cabaada-fbdb-4945-bf95-a0406704dd5a
|
|
- f04cee38-175e-4432-9ad7-62ca28bbf935
|
|
73b974cf-eed3-4f7d-8657-6a6746bac169:
|
|
size:
|
|
width: 60
|
|
height: 60
|
|
position:
|
|
x: 390
|
|
"y": 210
|
|
z: 1
|
|
embeds: []
|
|
f04cee38-175e-4432-9ad7-62ca28bbf935:
|
|
size:
|
|
width: 60
|
|
height: 60
|
|
position:
|
|
x: 270
|
|
"y": 90
|
|
z: 1
|
|
embeds: []
|