Created
October 4, 2024 06:57
-
-
Save didier-durand/989896eac5c56911e679e91f1a3f389a to your computer and use it in GitHub Desktop.
CloudFormation template for CardDemo running in AWS Mainframe Modernization
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: > | |
| stack template for AWS card demo application with Microfocus. | |
| This application is open sourced at https://github.com/aws-samples/aws-mainframe-modernization-carddemo | |
| **WARNING** This template creates various AWS resources. | |
| You will be billed for the AWS resources used if you create a stack from this template. | |
| Parameters: | |
| ImportJsonS3Location: | |
| Description: 's3 location of import definitions' | |
| Default: 's3://aws-m2-math-artefacts/mf/card-demo/mf-carddemo-datasets-import.json' | |
| Type: String | |
| Label: | |
| Description: 'name label' | |
| Default: 'aws-m2-math-mf-carddemo' | |
| Type: String | |
| DbName: | |
| Description: 'application database name' | |
| Default: 'MfCardDemoDb' | |
| Type: String | |
| EngineType: | |
| Description: 'm2 engine type' | |
| Default: 'microfocus' | |
| Type: String | |
| EngineVersion: | |
| Description: 'm2 engine version' | |
| Default: '8.0.1' | |
| Type: String | |
| InstanceType: | |
| Description: 'm2 instance type' | |
| Default: 'M2.m5.large' | |
| Type: String | |
| AppKey: | |
| Description: 's3 application key' | |
| Default: 'mf/card-demo' | |
| Type: String | |
| JclKey: | |
| Description: 's3 jcl key' | |
| Default: 'catalog/jcl' | |
| Type: String | |
| LoadlibKey: | |
| Description: 's3 loadlib key' | |
| Default: 'loadlib' | |
| Type: String | |
| RdefKey: | |
| Description: 's3 resource definitions key' | |
| Default: 'rdef' | |
| Type: String | |
| SitKey: | |
| Description: 's3 key for cics system init table' | |
| Default: 'CARDSIT' | |
| Type: String | |
| BucketName: | |
| Description: 'artefacts bucket name' | |
| Type: String | |
| Default: 'aws-m2-math-artefacts' | |
| VpcCidrBlock: | |
| Description: 'vpc cidr block' | |
| Type: String | |
| Default: '10.0.0.0/16' | |
| Tn3270Port: | |
| Description: 'm2 tn3270 port' | |
| Default: 7000 | |
| Type: Number | |
| PostgresPort: | |
| Description: 'm2 postgres port' | |
| Default: 5432 | |
| Type: Number | |
| RemoteAddressesCidrBlock: | |
| Description: 'cidr block for allowed remote addresse' | |
| Type: String | |
| Default: '0.0.0.0/10' | |
| Resources: | |
| M2Env: | |
| Type: AWS::M2::Environment | |
| DeletionPolicy: Delete | |
| Properties: | |
| Name: !GetAtt M2Name.Value | |
| Description: !Join | |
| - ' ' | |
| - - 'm2 environment:' | |
| - !GetAtt M2Name.Value | |
| PreferredMaintenanceWindow: 'sun:00:00-sun:01:00' | |
| EngineType: !Ref EngineType | |
| EngineVersion: !Ref EngineVersion | |
| InstanceType: !Ref InstanceType | |
| PubliclyAccessible: true | |
| SubnetIds: | |
| - !Ref M2Subnet1 | |
| - !Ref M2Subnet2 | |
| SecurityGroupIds: | |
| - !GetAtt M2VpcSecGroup.GroupId | |
| Tags: | |
| 'env-name': !GetAtt M2Name.Value | |
| M2App: | |
| Type: AWS::M2::Application | |
| DeletionPolicy: Delete | |
| DependsOn: M2DbCluster | |
| Properties: | |
| Name: !GetAtt M2Name.Value | |
| Description: !Join | |
| - ' ' | |
| - - 'm2 application:' | |
| - !GetAtt M2Name.Value | |
| EngineType: !Ref EngineType | |
| Definition: | |
| Content: !GetAtt M2AppDef.Value | |
| Tags: | |
| 'app-name': !GetAtt M2Name.Value | |
| M2AppDef: | |
| Type: AWS::SSM::Parameter | |
| DeletionPolicy: Delete | |
| Properties: | |
| Type: 'String' | |
| Value: !Sub | | |
| { | |
| "template-version": "2.0", | |
| "source-locations": [ | |
| { | |
| "source-id": "s3-source", | |
| "source-type": "s3", | |
| "properties": { | |
| "s3-bucket": "${BucketName}", | |
| "s3-key-prefix": "${AppKey}" | |
| } | |
| } | |
| ], | |
| "definition": { | |
| "listeners": [ | |
| { | |
| "port": ${Tn3270Port}, | |
| "type": "tn3270" | |
| } | |
| ], | |
| "dataset-location": { | |
| "db-locations": [ | |
| { | |
| "name": "${M2DbName.Value}", | |
| "secret-manager-arn": "${M2DbSecret}" | |
| } | |
| ] | |
| }, | |
| "batch-settings": { | |
| "initiators": [ | |
| { | |
| "classes": ["A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","P","Q","R","S","T","U","V","W","X","Y","Z","0","1","2","3","4","5","6","7","8","9"], | |
| "description": "batch initiators for all job classes" | |
| } | |
| ], | |
| "jcl-file-location": "${!s3-source}/${JclKey}" | |
| }, | |
| "cics-settings": { | |
| "binary-file-location": "${!s3-source}/${LoadlibKey}", | |
| "csd-file-location": "${!s3-source}/${RdefKey}", | |
| "system-initialization-table": "${SitKey}" | |
| }, | |
| "xa-resources": [ | |
| { | |
| "name": "XASQL", | |
| "secret-manager-arn": "${M2DbSecret}", | |
| "module": "${!s3-source}/xa/ESPGSQLXA64.so" | |
| } | |
| ] | |
| } | |
| } | |
| M2DbCluster: | |
| Type: AWS::RDS::DBCluster | |
| DeletionPolicy: Delete | |
| Properties: | |
| DatabaseName: !GetAtt M2DbName.Value | |
| Port: !Ref PostgresPort | |
| DBClusterParameterGroupName: !Ref M2DbClusterParameterGroup | |
| MasterUsername: !Sub "{{resolve:secretsmanager:${M2DbSecret}::username}}" | |
| MasterUserPassword: !Sub "{{resolve:secretsmanager:${M2DbSecret}::password}}" | |
| Engine: 'aurora-postgresql' | |
| EngineVersion: 11.16 | |
| EngineMode: 'serverless' | |
| ScalingConfiguration: | |
| AutoPause: true | |
| MinCapacity: 2 | |
| MaxCapacity: 8 | |
| SecondsUntilAutoPause: 900 | |
| VpcSecurityGroupIds: | |
| - !GetAtt M2VpcSecGroup.GroupId | |
| DBSubnetGroupName: !Ref M2DBSubnetGroup | |
| M2DBSubnetGroup: | |
| Type: AWS::RDS::DBSubnetGroup | |
| DeletionPolicy: Delete | |
| Properties: | |
| DBSubnetGroupDescription: 'subnet group for db cluster' | |
| SubnetIds: | |
| - !Ref M2Subnet1 | |
| - !Ref M2Subnet2 | |
| M2DbClusterParameterGroup: | |
| Type: AWS::RDS::DBClusterParameterGroup | |
| DeletionPolicy: Delete | |
| Properties: | |
| Description: 'parameter group for M2 db cluster' | |
| Family: 'aurora-postgresql11' | |
| Parameters: | |
| max_prepared_transactions: 100 | |
| M2DbSecret: | |
| Type: AWS::SecretsManager::Secret | |
| DeletionPolicy: Delete | |
| Properties: | |
| Description: 'database credentials for m2 app' | |
| KmsKeyId: !GetAtt M2KmsKey.Arn | |
| GenerateSecretString: | |
| SecretStringTemplate: '{"username": "dbadmin"}' | |
| GenerateStringKey: 'password' | |
| PasswordLength: 16 | |
| ExcludePunctuation: true | |
| M2DbSecretTargetAttachment: | |
| Type: AWS::SecretsManager::SecretTargetAttachment | |
| DeletionPolicy: Delete | |
| Properties: | |
| TargetType: 'AWS::RDS::DBCluster' | |
| SecretId: !Ref M2DbSecret | |
| TargetId: !Ref M2DbCluster | |
| M2DbSecretResourcePolicy: | |
| Type: AWS::SecretsManager::ResourcePolicy | |
| DeletionPolicy: Delete | |
| Properties: | |
| SecretId: !Ref M2DbSecret | |
| ResourcePolicy: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: 'Allow' | |
| Principal: | |
| Service: 'm2.amazonaws.com' | |
| Action: 'secretsmanager:*' | |
| Resource: '*' | |
| M2KmsKey: | |
| Type: AWS::KMS::Key | |
| DeletionPolicy: Delete | |
| Properties: | |
| Description: 'symmetric key for m2 secret' | |
| EnableKeyRotation: true | |
| KeyPolicy: | |
| Version: 2012-10-17 | |
| # Id: 'm2-kms-key' | |
| Statement: | |
| - Effect: 'Allow' | |
| Principal: | |
| AWS: !Sub arn:aws:iam::${AWS::AccountId}:root | |
| Action: 'kms:*' | |
| Resource: "*" | |
| - Effect: 'Allow' | |
| Principal: | |
| Service: 'm2.amazonaws.com' | |
| Action: 'kms:Decrypt' | |
| Resource: '*' | |
| M2VpcSecGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| DeletionPolicy: Delete | |
| Properties: | |
| VpcId: !Ref M2Vpc | |
| GroupDescription: 'security group for vpc' | |
| SecurityGroupEgress: | |
| - IpProtocol: -1 | |
| CidrIp: !Ref RemoteAddressesCidrBlock | |
| FromPort: 0 | |
| ToPort: 65535 | |
| Description: 'Allow outbound access' | |
| SecurityGroupIngress: | |
| - IpProtocol: -1 | |
| CidrIp: !GetAtt M2Vpc.CidrBlock | |
| FromPort: 0 | |
| ToPort: 65535 | |
| Description: 'Allow on-vpc inbound access' | |
| - IpProtocol: -1 | |
| CidrIp: !Ref RemoteAddressesCidrBlock | |
| FromPort: !Ref Tn3270Port | |
| ToPort: !Ref Tn3270Port | |
| Description: 'Allow inbound tn3270 access' | |
| M2Vpc: | |
| Type: AWS::EC2::VPC | |
| DeletionPolicy: Delete | |
| Properties: | |
| CidrBlock: !Ref VpcCidrBlock | |
| EnableDnsHostnames: 'true' | |
| EnableDnsSupport: 'true' | |
| M2Subnet1: | |
| Type: AWS::EC2::Subnet | |
| DeletionPolicy: Delete | |
| Properties: | |
| VpcId: !Ref M2Vpc | |
| AvailabilityZone: !Select | |
| - 0 | |
| - !GetAZs "" | |
| CidrBlock: !GetAtt M2Subnet1CidrBlock.Value | |
| MapPublicIpOnLaunch: true | |
| M2Subnet2: | |
| Type: AWS::EC2::Subnet | |
| DeletionPolicy: Delete | |
| Properties: | |
| VpcId: !Ref M2Vpc | |
| AvailabilityZone: !Select | |
| - 1 | |
| - !GetAZs "" | |
| CidrBlock: !GetAtt M2Subnet2CidrBlock.Value | |
| MapPublicIpOnLaunch: true | |
| M2Igw: | |
| Type: AWS::EC2::InternetGateway | |
| DeletionPolicy: Delete | |
| M2IgwAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| DeletionPolicy: Delete | |
| Properties: | |
| VpcId: !Ref M2Vpc | |
| InternetGatewayId: !Ref M2Igw | |
| M2RouteTable: | |
| Type: AWS::EC2::RouteTable | |
| DeletionPolicy: Delete | |
| DependsOn: | |
| - M2Igw | |
| - M2IgwAttachment | |
| Properties: | |
| VpcId: !Ref M2Vpc | |
| M2Route: | |
| Type: AWS::EC2::Route | |
| DeletionPolicy: Delete | |
| DependsOn: | |
| - M2IgwAttachment | |
| Properties: | |
| RouteTableId: !Ref M2RouteTable | |
| DestinationCidrBlock: !Ref RemoteAddressesCidrBlock | |
| GatewayId: !Ref M2Igw | |
| M2Subnet1RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| DeletionPolicy: Delete | |
| Properties: | |
| SubnetId: !Ref M2Subnet1 | |
| RouteTableId: !Ref M2RouteTable | |
| M2Subnet2RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| DeletionPolicy: Delete | |
| Properties: | |
| SubnetId: !Ref M2Subnet2 | |
| RouteTableId: !Ref M2RouteTable | |
| UniqueSuffix: | |
| Type: AWS::SSM::Parameter | |
| DeletionPolicy: Delete | |
| Properties: | |
| Type: 'String' | |
| Value: !Select [0, !Split ['-', !Select [2, !Split [/, !Ref AWS::StackId ]]]] | |
| M2Name: | |
| Type: AWS::SSM::Parameter | |
| DeletionPolicy: Delete | |
| Properties: | |
| Type: 'String' | |
| Value: !Join | |
| - '-' | |
| - - !Ref Label | |
| - !GetAtt UniqueSuffix.Value | |
| M2DbName: | |
| Type: AWS::SSM::Parameter | |
| DeletionPolicy: Delete | |
| Properties: | |
| Type: 'String' | |
| Value: !Join | |
| - '' | |
| - - !Ref DbName | |
| - !GetAtt UniqueSuffix.Value | |
| M2Subnet1CidrBlock: | |
| Type: AWS::SSM::Parameter | |
| DeletionPolicy: Delete | |
| Properties: | |
| Type: 'String' | |
| Value: !Select | |
| - 0 | |
| - Fn::Cidr: | |
| - !Ref VpcCidrBlock | |
| - 2 | |
| - 8 | |
| M2Subnet2CidrBlock: | |
| Type: AWS::SSM::Parameter | |
| DeletionPolicy: Delete | |
| Properties: | |
| Type: 'String' | |
| Value: !Select | |
| - 1 | |
| - Fn::Cidr: | |
| - !Ref VpcCidrBlock | |
| - 2 | |
| - 8 | |
| Outputs: | |
| M2BucketName: | |
| Description: 'm2 app bucket' | |
| Value: !Ref BucketName | |
| M2AppKey: | |
| Description: 's3 app key for m2 deployment' | |
| Value: !Ref AppKey | |
| M2ImportJson: | |
| Description: 's3 location of import json' | |
| Value: !Ref ImportJsonS3Location | |
| M2EnvironmentId: | |
| Description: 'm2 environment id' | |
| Value: !GetAtt M2Env.EnvironmentId | |
| M2ApplicationId: | |
| Description: 'm2 application id' | |
| Value: !GetAtt M2App.ApplicationId | |
| M2AppDef: | |
| Description: 'm2 app def' | |
| Value: !GetAtt M2AppDef.Value | |
| M2DbName: | |
| Description: 'm2 db name' | |
| Value: !GetAtt M2DbName.Value | |
| M2Subnet1Ips: | |
| Description: 'm2 subnet 1 ip addresses' | |
| Value: !GetAtt M2Subnet1CidrBlock.Value | |
| M2Subnet2Ips: | |
| Description: 'm2 subnet 2 ip addresses' | |
| Value: !GetAtt M2Subnet2CidrBlock.Value |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment