etcd-cluster-multiregion.yaml

SenzaComponents:
- Configuration:
    Type: Senza::StupsAutoConfiguration
    PublicOnly: true
- AppServer:
    AssociatePublicIpAddress: true
    IamRoles:
    - Ref: EtcdRole
    InstanceType: t2.small
    SecurityGroups:
    - Fn::GetAtt:
      - EtcdSecurityGroup
      - GroupId
    TaupageConfig:
      ports:
        2379: 2379
        2380: 2380
      runtime: Docker
      source: '{{Arguments.DockerImage}}'
      environment:
        HOSTED_ZONE: '{{Arguments.HostedZone}}'
        ACTIVE_REGIONS: '{{Arguments.ActiveRegions}}'
      mounts:
        /home/etcd:
          partition: none
          filesystem: tmpfs
          erase_on_boot: false
          options: size=1024m
      appdynamics_application: 'etcd-cluster-{{Arguments.version}}'
    Type: Senza::TaupageAutoScalingGroup
    AutoScaling:
      Minimum: "{{Arguments.InstanceCount}}"
      Maximum: "{{Arguments.InstanceCount}}"
SenzaInfo:
  Parameters:
  - HostedZone:
      Description: AWS Hosted Zone to work with
  - DockerImage:
      Description: Docker image of etcd-cluster.
  - ActiveRegions:
      Description: Multi-Region-Cluster? Active/Deployed regions.
      Default: eu-west-1,eu-central-1
  - InstanceCount:
      Description: Instance number in ASG
      Default: 5
  StackName: etcd-cluster
Resources:
  EtcdSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Etcd Appliance Security Group
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 172.16.0.0/12
      - IpProtocol: tcp
        FromPort: 2379
        ToPort: 2380
        CidrIp: 172.16.0.0/12
      - IpProtocol: tcp
        FromPort: 9100
        ToPort: 9100
        CidrIp: 172.16.0.0/12
  EtcdIngressMembers:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
      GroupId:
        Fn::GetAtt:
          - EtcdSecurityGroup
          - GroupId
      IpProtocol: tcp
      FromPort: 0
      ToPort: 65535
      SourceSecurityGroupId:
        Fn::GetAtt:
          - EtcdSecurityGroup
          - GroupId
  EtcdRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Principal:
            Service: ec2.amazonaws.com
          Action: sts:AssumeRole
      Path: /
      Policies:
      - PolicyName: AmazonEC2ReadOnlyAccess
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: Allow
            Action:
              - ec2:Describe*
              - ec2:AuthorizeSecurityGroupIngress
              - ec2:RevokeSecurityGroupIngress
            Resource: "*"
          - Effect: Allow
            Action: autoscaling:Describe*
            Resource: "*"
      - PolicyName: AmazonRoute53Access
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: Allow
            Action:
            - route53:ListHostedZonesByName
            - route53:ChangeResourceRecordSets
            - route53:GetHostedZone
            - route53:ListResourceRecordSets
            - route53:GetChange
            Resource: "*"