--- AWSTemplateFormatVersion: '2010-09-09' Description: PeopleSoft Environment - Will include the OpsWorks Stack, Layers, Instnaces, Apps, ELBs, ELB Attachements, Route 53 Entries, and RDS Entries Parameters: SecurityGroupCloudFormationName: Description: CloudFormation Security Group Name Type: String Default: "PeopleSoftSG" PillarLowerCase: Description: Lower Case Environment Pillar Identifier (el, hr, or sa) Type: String Default: "el" EnvironmentLowerCase: Description: Loser Case Environment Identifier (dev, tst, stg, prd, etc.) Type: String Default: "dev" PillarUpperCase: Description: Upper Case Environment Pillar Identifier (EL, HR, or SA) Type: String Default: "EL" EnvironmentUpperCase: Description: Upper Case Environment Identifier (DEV, TST, STG, PRD, etc.) Type: String Default: "DEV" RunPostRefresh: Description: Y or N value, will indicate the Post Refresh script will need to be run Type: String Default: "N" #Need to pull this value in from an output from PeopleSoftSG CF Template HostedZoneName: Description: Hosted Zone Name Type: String Default: "ps-nonprod-aws.arizona.edu" AuthTokenDomain: Description: Auth Token Domain Type: String Default: "uaccess.arizona.edu" FQDNPrefix: Description: Full Qualified Domain Prefix (i.e. learning or el-sup) Type: String Default: "learning" BitbucketSSHKeyStackCookbook: Description: Bitbucket SSH Key for the Stack Cookbook Type: CommaDelimitedList NoEcho: 'true' WebELBListenerPolicyNames: Description: Web ELB Listener Policy Names Type: String Default: "ELBSecurityPolicy-2016-08" WebELBListenerSSLCertID: Description: Web ELB Listener SSL Certificate ID Type: String Default: "arn:aws:iam::415418166582:server-certificate/ps-nonprod-aws.arizona.edu_2016" AppDockerAccessKey: Description: AWS Access Key to retrieve docker image Type: String NoEcho: 'true' AppDockerSecretKey: Description: AWS Secret Access Key to retrieve docker image Type: String NoEcho: 'true' WebDockerImage: Description: Web Instance Docker Image and Tag Type: String Default: "998687558142.dkr.ecr.us-west-2.amazonaws.com/eas-peoplesoft-web-dpk:CentOS6-PT85510" WebProfileName: Description: Web Instance Web Profile Name Type: String Default: "DEV" PsReportsDirecory: Description: Web Instance PS Reports Directory Type: String Default: "/u01/app/psreports" AppDockerImage: Description: App Instance Docker Image and Tag Type: String Default: "998687558142.dkr.ecr.us-west-2.amazonaws.com/eas-peoplesoft-app-batch-dpk:CentOS6-PT85510" AppOrBatch: Description: App or Batch or Both Type: String Default: "BOTH" AppTemplate: Description: App Server Template (small, medium, large, developer) Type: String Default: "small" AppOprId: Description: App OPRID used to start app/batch services Type: String Default: "UAZPRCS" PSAppOpridPw: Description: App OPRID Password used to start app/batch services Type: String NoEcho: 'true' AppBitBucketBranch: Description: App BitBucket Branch (devlopement, test, stage, or production) Type: String Default: "development" AppSesServer: Description: App SES Server Host Name Type: String Default: "sesdev.aws-pilots.arizona.edu" AppSesDefns: Description: App SES Definitions to include, a comma delimited list Type: String Default: "LS_LM_ACT_CI,LS_LM_LEARNING,LS_LM_OBJV,LS_LM_PRG,PTPORTALREGISTRY" WebInstType: Description: Web Instance AWS Server Type Type: String Default: "t2.medium" AppInstType: Description: App Instance AWS Server Type Type: String Default: "t2.medium" DBSnapshotID: Description: DB Snapshot from Which to Restore From Type: String Default: "peoplesoft-eldev-final-snapshot" DBMultiAz: Description: DB Multi Availibility Zone Deployment (boolean) Type: String Default: "false" DBInstanceClass: Description: DB Instance Class Type: String Default: "db.t2.medium" DBStorageType: Description: DB Storage Type (gp2-SSD, io1-Provisioned IOPS) Type: String Default: "gp2" TagService: Description: Refers to the application (Uaccess Learning, Uaccess Employee, Uaccess Student) Type: String Default: "Uaccess Learning" TagContactNetid: Description: NetID of person most familiar with resource Type: String Default: "kellehs" TagAccountNumber: Description: Identifies the financial system account number Type: String Default: "Human Resources Systems" TagSubAccount: Description: Identifies the financial system subaccount number Type: String Default: "Uaccess Learning" TagTicketNumber: Description: Jira Ticket Number Type: String Default: "CLOUD-15" #Next is the Conditions section, these will be used to build additional infrastructure for production Conditions: ThisIsProd: !Equals [!Ref "EnvironmentUpperCase", "PRD"] #Resources for this CloudFormation Stack Resources: EnvStack: Type: AWS::OpsWorks::Stack Properties: Name: !Join ["",["PeopleSoft ",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] ConfigurationManager: Name: "Chef" Version: "12" CustomCookbooksSource: Type: "git" Url: "git@bitbucket.org:ua-ecs/ecs-opsworks-cookbooks.git" Revision: "CLOUD-15" SshKey: Fn::Join: - "\n" - !Ref "BitbucketSSHKeyStackCookbook" ServiceRoleArn: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-OpsWorksIAMRoleARN" DefaultInstanceProfileArn: !GetAtt "EnvInstanceProfile.Arn" DefaultOs: "Amazon Linux 2017.03" DefaultSshKeyName: "peoplesoft-keypair" DefaultRootDeviceType: "ebs" DefaultSubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" HostnameTheme: Layer_Dependent UseCustomCookbooks: "true" VpcId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-VPCID"

CustomJson: opsworks_tags: instances: service: !Ref "TagService" #Let the Name default to the OpsWorks instance name, it has a better description #Name: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase","-instance"]] environment: !Ref "EnvironmentLowerCase" contactnetid: !Ref "TagContactNetid" accountnumber: !Ref "TagAccountNumber" subaccount: !Ref "TagSubAccount" ticketnumber: !Ref "TagTicketNumber" privateroute53record: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}.${HostedZoneName}"

EnvInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: !Sub "${PillarLowerCase}-${EnvironmentLowerCase}-zabbix" PolicyDocument: Version: '2012-10-17' Statement: - Sid: StmtSsmParameterAccess Effect: Allow Action: - "ssm:GetParameters" Resource: - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/Zabbix*" - Sid: StmtKmsAccess Effect: Allow Action: - "kms:Decrypt" Resource: - !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:key/alias/aws/ssm"

EnvInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref EnvInstanceRole

EnvWebLayer: Type: AWS::OpsWorks::Layer Properties: Name: "web" Shortname: "web" Type: "custom" AutoAssignElasticIps: "false" AutoAssignPublicIps: "false" CustomRecipes: Setup: - "ecs-utilities::efs_mount" - "ecs-docker::docker_install" - "ecs-utilities::zabbix_agent" Deploy: - "ecs-utilities::cloudwatch_logs" - "ecs-docker::docker_pull_deploy" CustomSecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSSG" EnableAutoHealing: "false" VolumeConfigurations: - MountPoint: "/vol/docker" NumberOfDisks: "1" Size: "60" VolumeType: "gp2" StackId: !Ref "EnvStack" EnvAppLayer: Type: AWS::OpsWorks::Layer Properties: Name: "app" Shortname: "app" Type: "custom" AutoAssignElasticIps: "false" AutoAssignPublicIps: "false" CustomRecipes: Setup: - "ecs-utilities::efs_mount" - "ecs-docker::docker_install" - "ecs-utilities::zabbix_agent" Deploy: - "ecs-utilities::cloudwatch_logs" - "ecs-docker::docker_pull_deploy" CustomSecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" EnableAutoHealing: "false" VolumeConfigurations: - MountPoint: "/vol/docker" NumberOfDisks: "1" Size: "60" VolumeType: "gp2" StackId: !Ref "EnvStack" #Create a Batch layer if this is production. We need to have the batch servers run on separate servers #because we only need the web and app services to expand and contract. EnvBatchLayer: Type: AWS::OpsWorks::Layer #Here is the Condition, which if met will create the batch layer. Condition: "ThisIsProd" Properties: Name: "batch" Shortname: "batch" Type: "custom" AutoAssignElasticIps: "false" AutoAssignPublicIps: "false" CustomRecipes: Setup: - "ecs-utilities::efs_mount" - "ecs-docker::docker_install" - "ecs-utilities::zabbix_agent" Deploy: - "ecs-utilities::cloudwatch_logs" - "ecs-docker::docker_pull_deploy" CustomSecurityGroupIds: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" EnableAutoHealing: "false" VolumeConfigurations: - MountPoint: "/vol/docker" NumberOfDisks: "1" Size: "60" VolumeType: "gp2" StackId: !Ref "EnvStack" EnvWebLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: #Moved the web ELB to internet-facing per Lauren 02/13/2017 Scheme: "internet-facing" ConnectionSettings: IdleTimeout: "3600" LBCookieStickinessPolicy: - PolicyName: "LBStickySessionPolicyName" CookieExpirationPeriod: "1800" HealthCheck: HealthyThreshold: "2" Interval: "20" Target: "TCP:80" Timeout: "10" UnhealthyThreshold: "2" Listeners: - LoadBalancerPort: "443" Protocol: "HTTPS" InstancePort: "80" InstanceProtocol: "HTTP" PolicyNames: - !Ref "WebELBListenerPolicyNames" - "LBStickySessionPolicyName" SSLCertificateId: !Ref "WebELBListenerSSLCertID" LoadBalancerName: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase","-web-elb"]] SecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-WebElbSg" Subnets: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PubSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PubSubNet2" Tags: - Key: service Value: !Ref "TagService" - Key: Name Value: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase","-web-elb"]] - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: ticketnumber Value: !Ref "TagTicketNumber" EnvWebLayerLoadBalancerAttachment: Type: AWS::OpsWorks::ElasticLoadBalancerAttachment Properties: ElasticLoadBalancerName: !Ref "EnvWebLoadBalancer" LayerId: !Ref "EnvWebLayer" EnvAppLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: Scheme: "internal" ConnectionSettings: IdleTimeout: "3600" HealthCheck: HealthyThreshold: "2" Interval: "10" Target: "TCP:9000" Timeout: "5" UnhealthyThreshold: "2" Listeners: - LoadBalancerPort: "9000" Protocol: "TCP" InstancePort: "9000" InstanceProtocol: "TCP" - LoadBalancerPort: "9001" Protocol: "TCP" InstancePort: "9001" InstanceProtocol: "TCP" - LoadBalancerPort: "9002" Protocol: "TCP" InstancePort: "9002" InstanceProtocol: "TCP" - LoadBalancerPort: "9003" Protocol: "TCP" InstancePort: "9003" InstanceProtocol: "TCP" - LoadBalancerPort: "9004" Protocol: "TCP" InstancePort: "9004" InstanceProtocol: "TCP" - LoadBalancerPort: "9005" Protocol: "TCP" InstancePort: "9005" InstanceProtocol: "TCP" - LoadBalancerPort: "9006" Protocol: "TCP" InstancePort: "9006" InstanceProtocol: "TCP" - LoadBalancerPort: "9007" Protocol: "TCP" InstancePort: "9007" InstanceProtocol: "TCP" - LoadBalancerPort: "9008" Protocol: "TCP" InstancePort: "9008" InstanceProtocol: "TCP" - LoadBalancerPort: "9009" Protocol: "TCP" InstancePort: "9009" InstanceProtocol: "TCP" - LoadBalancerPort: "9010" Protocol: "TCP" InstancePort: "9010" InstanceProtocol: "TCP" - LoadBalancerPort: "9011" Protocol: "TCP" InstancePort: "9011" InstanceProtocol: "TCP" - LoadBalancerPort: "9012" Protocol: "TCP" InstancePort: "9012" InstanceProtocol: "TCP" - LoadBalancerPort: "9013" Protocol: "TCP" InstancePort: "9013" InstanceProtocol: "TCP" - LoadBalancerPort: "9014" Protocol: "TCP" InstancePort: "9014" InstanceProtocol: "TCP" - LoadBalancerPort: "9015" Protocol: "TCP" InstancePort: "9015" InstanceProtocol: "TCP" - LoadBalancerPort: "9016" Protocol: "TCP" InstancePort: "9016" InstanceProtocol: "TCP" - LoadBalancerPort: "9017" Protocol: "TCP" InstancePort: "9017" InstanceProtocol: "TCP" - LoadBalancerPort: "9018" Protocol: "TCP" InstancePort: "9018" InstanceProtocol: "TCP" - LoadBalancerPort: "9019" Protocol: "TCP" InstancePort: "9019" InstanceProtocol: "TCP" - LoadBalancerPort: "9020" Protocol: "TCP" InstancePort: "9020" InstanceProtocol: "TCP" - LoadBalancerPort: "9021" Protocol: "TCP" InstancePort: "9021" InstanceProtocol: "TCP" - LoadBalancerPort: "9022" Protocol: "TCP" InstancePort: "9022" InstanceProtocol: "TCP" - LoadBalancerPort: "9023" Protocol: "TCP" InstancePort: "9023" InstanceProtocol: "TCP" - LoadBalancerPort: "9024" Protocol: "TCP" InstancePort: "9024" InstanceProtocol: "TCP" - LoadBalancerPort: "9025" Protocol: "TCP" InstancePort: "9025" InstanceProtocol: "TCP" LoadBalancerName: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase","-app-elb"]] SecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-AppElbSg" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ControlmSg" Subnets: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" Tags: - Key: service Value: !Ref "TagService" - Key: Name Value: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase","-app-elb"]] - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: ticketnumber Value: !Ref "TagTicketNumber" EnvAppLayerLoadBalancerAttachment: Type: AWS::OpsWorks::ElasticLoadBalancerAttachment Properties: ElasticLoadBalancerName: !Ref "EnvAppLoadBalancer" LayerId: !Ref "EnvAppLayer" EnvDnsRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Join ["",[!Ref "HostedZoneName","."]] Name: !Join ["",[!Ref "PillarLowerCase",'-',!Ref "EnvironmentLowerCase",".",!Ref "HostedZoneName","."]] Type: "CNAME" TTL: "900" ResourceRecords: - Fn::GetAtt: - EnvWebLoadBalancer - DNSName AppELBDnsRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Join ["",[!Ref "HostedZoneName","."]] Name: !Join ["",[!Ref "PillarLowerCase",'-',!Ref "EnvironmentLowerCase","-app.",!Ref "HostedZoneName","."]] Type: CNAME TTL: '900' ResourceRecords: - Fn::GetAtt: - EnvAppLoadBalancer - DNSName OpsWorksAppWeb: Type: AWS::OpsWorks::App Properties: AppSource: Type: "other" Name: "peoplesoft-web" Shortname: "peoplesoft-web" StackId: !Ref "EnvStack" Type: "other" Environment: - Key: "layer" Value: "web" - Key: "docker_container" Value: !Ref "WebDockerImage" - Key: "docker_ports" Value: "80:80" - Key: "docker_registry_type" Value: "aws_ecr" - Key: "docker_iam_api_access_key" Secure: "true" Value: !Ref "AppDockerAccessKey" - Key: "docker_iam_api_private_key" Secure: "true" Value: !Ref "AppDockerSecretKey" - Key: "docker_deploy_order" Value: "2" - Key: "docker_volumes" Value: "/efs/shared:/u01/shared"

- Key: "cw_log_template" Value: "awslogs_psweb.conf.erb" - Key: "cw_log_domains" Value: !Join ["",["uaz",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase"]] - Key: "cw_log_group_name" Value: !Join ["",["PeopleSoft-",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "docker_privileged" Value: "privileged" - Key: "efs_mounts" Value: !Join - "" - - "shared:" - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Key: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" - Key: "PSWEB_DOMAIN" Value: !Join ["",["uaz",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase"]] - Key: "PSWEB_APP_ELB" Value: !GetAtt EnvAppLoadBalancer.DNSName - Key: "PSWEB_AUTH_TOKEN_DOMAIN" Value: !Ref "AuthTokenDomain" - Key: "PSWEB_PROFILE_NAME" Value: !Ref "WebProfileName" - Key: "PSWEB_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Key: "PSWEB_PSREPORTS_DIR" Value: !Ref "PsReportsDirecory" - Key: "PSWEB_PILLAR" Value: !Ref "PillarLowerCase" - Key: "PSWEB_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" OpsWorksAppApp: Type: AWS::OpsWorks::App Properties: AppSource: Type: "other" Name: "peoplesoft-app" Shortname: "peoplesoft-app" StackId: !Ref "EnvStack" Type: "other" Environment: - Key: "layer" Value: "app" - Key: "docker_container" Value: !Ref "AppDockerImage" - Key: "docker_ports" Value: "9000-9100:9000-9100" - Key: "docker_registry_type" Value: "aws_ecr" - Key: "docker_iam_api_access_key" Secure: "true" Value: !Ref "AppDockerAccessKey" - Key: "docker_iam_api_private_key" Secure: "true" Value: !Ref "AppDockerSecretKey" - Key: "docker_deploy_order" Value: "2"

- Key: "cw_log_template" Value: "awslogs_psapp.conf.erb" - Key: "cw_log_domains" Value: !Join ["",["UAZ",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "cw_log_group_name" Value: !Join ["",["PeopleSoft-",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "docker_privileged" Value: "privileged" - Key: "PSAPP_APP_OR_BATCH" Value: !Ref "AppOrBatch" - Key: "PSAPP_DOMAIN" Value: !Join ["",["UAZ",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Key: "PSAPP_DATABASE" Value: !Join ["",['AWS', !Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "PSAPP_OPRID" Value: !Ref "AppOprId" - Key: "PSAPP_OPRID_PW" Secure: true Value: !Ref "PSAppOpridPw" - Key: "PSAPP_DB_CNCT_ID" Value: "people" - Key: "PSAPP_DB_CNCT_PW" Secure: true Value: "peop1e" - Key: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Key: "PSAPP_ENV" Value: !Ref "EnvironmentLowerCase" - Key: "PSAPP_APP_HOME_REP" Value: !Join ["",["peoplesoft-app-home-",!Ref "PillarLowerCase"]] - Key: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Key: "PSAPP_PIA_DOMAIN" Value: !Join ["",["uaz",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase"]] - Key: "PSAPP_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Key: "PSAPP_APP_ELB" Value: !GetAtt EnvAppLoadBalancer.DNSName - Key: "PSAPP_RUN_POST_REFRESH" Value: !Ref "RunPostRefresh" - Key: "PSSES_SERVER" Value: !Ref "AppSesServer" - Key: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Key: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" #Only create the Batch App if this is production, all non-production environments will have Batch run on the #App Server OpsWorksAppBatch: Type: AWS::OpsWorks::App Condition: "ThisIsProd" Properties: AppSource: Type: "other" Name: "peoplesoft-batch" Shortname: "peoplesoft-batch" StackId: !Ref "EnvStack" Type: "other" Environment: - Key: "layer" Value: "batch" - Key: "docker_container" Value: !Ref "AppDockerImage" - Key: "docker_ports" Value: "9000-9100:9000-9100" - Key: "docker_registry_type" Value: "aws_ecr" - Key: "docker_iam_api_access_key" Secure: "true" Value: !Ref "AppDockerAccessKey" - Key: "docker_iam_api_private_key" Secure: "true" Value: !Ref "AppDockerSecretKey" - Key: "docker_deploy_order" Value: "2"

- Key: "cw_log_template" Value: "awslogs_psapp.conf.erb" - Key: "cw_log_domains" Value: !Join ["",["UAZ",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "cw_log_group_name" Value: !Join ["",["PeopleSoft-",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "docker_privileged" Value: "privileged" - Key: "PSAPP_APP_OR_BATCH" #Hardcode BATCH because it will always be BATCH Value: "BATCH" - Key: "PSAPP_DOMAIN" Value: !Join ["",["UAZ",!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "PSAPP_TEMPLATE" Value: !Ref "AppTemplate" - Key: "PSAPP_DATABASE" Value: !Join ["",['AWS', !Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] - Key: "PSAPP_OPRID" Value: !Ref "AppOprId" - Key: "PSAPP_OPRID_PW" Secure: true Value: !Ref "PSAppOpridPw" - Key: "PSAPP_DB_CNCT_ID" Value: "people" - Key: "PSAPP_DB_CNCT_PW" Secure: true Value: "peop1e" - Key: "PSAPP_PILLAR" Value: !Ref "PillarLowerCase" - Key: "PSAPP_APP_HOME_REP" Value: !Join ["",["peoplesoft-app-home-",!Ref "PillarLowerCase"]] - Key: "PSAPP_BITBUCKET_BRANCH" Value: !Ref "AppBitBucketBranch" - Key: "PSAPP_PIA_DOMAIN" Value: !Join ["",["uaz",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase"]] - Key: "PSAPP_FQDN" Value: !Sub "${FQDNPrefix}.${AuthTokenDomain}" - Key: "PSAPP_APP_ELB" Value: !GetAtt EnvAppLoadBalancer.DNSName - Key: "PSSES_SERVER" Value: !Ref "AppSesServer" - Key: "PSSES_DEFNS_TO_INCLUDE" Value: !Ref "AppSesDefns" - Key: "PS_EL_EFS_FS_ID" Value: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-ELMEFSID" WebInstanceZoneA: Type: AWS::OpsWorks::Instance Properties: InstallUpdatesOnBoot: "true" StackId: !Ref "EnvStack" Hostname: "web1" LayerIds: - !Ref "EnvWebLayer" InstanceType: !Ref "WebInstType" SshKeyName: "peoplesoft-keypair" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" Web1DnsRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Join ["",[!Ref "HostedZoneName","."]] Name: !Join ["",[!Ref "PillarLowerCase",'-',!Ref "EnvironmentLowerCase","-web1",".",!Ref "HostedZoneName","."]] Type: "CNAME" TTL: "900" ResourceRecords: - Fn::GetAtt: - EnvWebLoadBalancer - DNSName #Only create this instance if this is production WebInstanceZoneB: Type: AWS::OpsWorks::Instance Condition: "ThisIsProd" Properties: InstallUpdatesOnBoot: "true" StackId: !Ref "EnvStack" Hostname: "web2" LayerIds: - !Ref "EnvWebLayer" InstanceType: !Ref "WebInstType" SshKeyName: "peoplesoft-keypair" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" AppInstanceZoneA: Type: AWS::OpsWorks::Instance Properties: InstallUpdatesOnBoot: "true" StackId: !Ref "EnvStack" Hostname: "app1" LayerIds: - !Ref "EnvAppLayer" InstanceType: !Ref "AppInstType" SshKeyName: "peoplesoft-keypair" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" DependsOn: DBInstance #Only create this instance if this is production AppInstanceZoneB: Type: AWS::OpsWorks::Instance Condition: "ThisIsProd" Properties: InstallUpdatesOnBoot: "true" StackId: !Ref "EnvStack" Hostname: "app2" LayerIds: - !Ref "EnvAppLayer" InstanceType: !Ref "AppInstType" SshKeyName: "peoplesoft-keypair" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" DependsOn: DBInstance #These are Batch instances and will only be created in a production environment BatchInstanceZoneA: Type: AWS::OpsWorks::Instance Condition: "ThisIsProd" Properties: InstallUpdatesOnBoot: "true" Hostname: "PSUNX" StackId: !Ref "EnvStack" LayerIds: - !Ref "EnvBatchLayer" InstanceType: !Ref "AppInstType" SshKeyName: "peoplesoft-keypair" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" DependsOn: DBInstance BatchInstanceZoneB: Type: AWS::OpsWorks::Instance Condition: "ThisIsProd" Properties: InstallUpdatesOnBoot: "true" Hostname: "PSUNX1" StackId: !Ref "EnvStack" LayerIds: - !Ref "EnvBatchLayer" InstanceType: !Ref "AppInstType" SshKeyName: "peoplesoft-keypair" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet2" DependsOn: DBInstance DBInstance: Type: AWS::RDS::DBInstance Properties: DBInstanceIdentifier: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase"]] DBName: !Join ["",[!Ref "PillarUpperCase",!Ref "EnvironmentUpperCase"]] DBSnapshotIdentifier: !Ref "DBSnapshotID" MultiAZ: !Ref "DBMultiAz" Engine: "oracle-ee" LicenseModel: "bring-your-own-license" DBInstanceClass: !Ref "DBInstanceClass" DBParameterGroupName: "peoplesoft-oracle-ee-12-1" OptionGroupName: "oem-agent-ee-12-1" StorageType: !Ref "DBStorageType" DBSubnetGroupName: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-RDSSubnetGroup" VPCSecurityGroups: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-DbSg" Tags: - Key: service Value: !Ref "TagService" - Key: Name Value: !Join ["",["peoplesoft-",!Ref "PillarLowerCase",!Ref "EnvironmentLowerCase","-db"]] - Key: environment Value: !Ref "EnvironmentLowerCase" - Key: contactnetid Value: !Ref "TagContactNetid" - Key: accountnumber Value: !Ref "TagAccountNumber" - Key: ticketnumber Value: !Ref "TagTicketNumber" #This will create a final snapshot when the database is removed DeletionPolicy: "Snapshot"