-
Notifications
You must be signed in to change notification settings - Fork 5
/
NLB_SimpleAD.template
108 lines (103 loc) · 3.37 KB
/
NLB_SimpleAD.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
AWSTemplateFormatVersion: '2010-09-09'
Description: |-
Sample LDAPS NLB Stack
**WARNING**
This template creates a NLB. You will be billed for the AWS resources used if you create a stack from this template.
**LICENSE**
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
Parameters:
LDAPSCertificateARN:
Description: ARN of SSL Certificate
AllowedPattern: "arn:aws:acm:.*"
Type: String
VPCId:
Description: Please provide a VPC to deploy the solution into.
Type: AWS::EC2::VPC::Id
SubnetId1:
Description: Please provide the first Simple AD private subnet id with outbound connectivity within the VPC you selected above.
Type: AWS::EC2::Subnet::Id
SubnetId2:
Description: Please provide the second Simple AD private subnet id with outbound connectivity within the VPC you selected above.
Type: AWS::EC2::Subnet::Id
SimpleADPriIP:
Description: IP Address of primary Simple AD instance
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})"
Type: String
SimpleADSecIP:
Description: IP Address of secondary Simple AD instance
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})"
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Network Configuration
Parameters:
- VPCId
- SubnetId1
- SubnetId2
- SimpleADPriIP
- SimpleADSecIP
- LDAPSCertificateARN
ParameterLabels:
VPCId:
default: Target VPC for solution
SubnetId1:
default: Simple AD Primary Subnet
SubnetId2:
default: Simple AD Secondary Subnet
SimpleADPriIP:
default: Primary Simple AD Server IP
SimpleADSecIP:
default: Secondary Simple AD Server IP
LDAPSCertificateARN:
default: ARN for SSL Certificate
Resources:
NetworkLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Join ["-" , [!Ref 'AWS::StackName', NLB]]
Scheme: internal
Subnets:
- !Ref SubnetId1
- !Ref SubnetId2
Type: network
NetworkLoadBalancerTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: !Join ["-" , [!Ref 'AWS::StackName', Target]]
Port: 389
Protocol: TCP
VpcId: !Ref VPCId
HealthCheckEnabled: True
HealthCheckIntervalSeconds: 10
HealthCheckPort: 389
HealthCheckProtocol: TCP
HealthCheckTimeoutSeconds: 10
HealthyThresholdCount: 3
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 60
Targets:
- Id: !Ref SimpleADPriIP
Port: 389
- Id: !Ref SimpleADSecIP
Port: 389
TargetType: ip
NetworkLoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref NetworkLoadBalancerTargetGroup
LoadBalancerArn: !Ref NetworkLoadBalancer
Port: '636'
Protocol: TLS
SslPolicy: ELBSecurityPolicy-TLS-1-2-2017-01
Certificates:
- CertificateArn: !Ref LDAPSCertificateARN
Outputs:
LDAPSURL:
Description: LDAPS Route53 Alias Target
Value: !GetAtt NetworkLoadBalancer.DNSName