-
|
LogHub version 1 and already launched. |
Beta Was this translation helpful? Give feedback.
Answered by
YikaiHu
Aug 18, 2023
Replies: 1 comment
-
|
Currently customer can use this template to update existed Proxy Stack: {
"Description": "(SO8025-proxy) - Centralized Logging with OpenSearch nginx-for-opensearch-stack Template. Template version develop-t4g-large",
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "EC2 Information"
},
"Parameters": [
"vpcId",
"publicSubnetIds",
"privateSubnetIds",
"keyName",
"nginxSecurityGroupId",
"proxyInstanceType",
"proxyInstanceNumber"
]
},
{
"Label": {
"default": "OpenSearch Information"
},
"Parameters": [
"endpoint",
"engineType",
"cognitoEndpoint"
]
},
{
"Label": {
"default": "ELB Information"
},
"Parameters": [
"elbSecurityGroupId",
"elbDomain",
"elbDomainCertificateArn",
"elbAccessLogBucketName"
]
}
],
"ParameterLabels": {
"vpcId": {
"default": "VPCId"
},
"publicSubnetIds": {
"default": "PublicSubnetIds"
},
"privateSubnetIds": {
"default": "PrivtaeSubnetIds"
},
"nginxSecurityGroupId": {
"default": "NginxSecurityGroupId"
},
"elbSecurityGroupId": {
"default": "ELBSecurityGroupId"
},
"keyName": {
"default": "KeyName"
},
"endpoint": {
"default": "Endpoint"
},
"cognitoEndpoint": {
"default": "CognitoEndpoint"
},
"elbDomainCertificateArn": {
"default": "ELBDomainCertificateArn"
},
"elbDomain": {
"default": "ELBDomain"
},
"elbAccessLogBucketName": {
"default": "ELBAccessLogBucketName"
},
"engineType": {
"default": "EngineType"
},
"proxyInstanceType": {
"default": "ProxyInstanceType"
},
"proxyInstanceNumber": {
"default": "ProxyInstanceNumber"
}
}
},
"cdk_nag": {
"rules_to_suppress": [
{
"reason": "will replace 0.0.0.0/0 or ::/0 for inbound access in future",
"id": "AwsSolutions-EC23"
}
]
}
},
"Parameters": {
"vpcId": {
"Type": "AWS::EC2::VPC::Id",
"Default": "",
"Description": "The VPC to deploy the Nginx proxy resource. e.g. vpc-bef13dc7"
},
"publicSubnetIds": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Default": "",
"Description": "The public subnets where ELB are deployed. Please select at least two public subnets. e.g. subnet-12345abc, subnet-54321cba"
},
"privateSubnetIds": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Default": "",
"Description": "The private subnets where Nginx instances are deployed. Please select at least two private subnets. e.g. subnet-12345abc, subnet-54321cba"
},
"nginxSecurityGroupId": {
"Type": "AWS::EC2::SecurityGroup::Id",
"Default": "",
"Description": "The Security group associated with the Nginx instances. The scurity group must allow access from ELB security group"
},
"elbSecurityGroupId": {
"Type": "AWS::EC2::SecurityGroup::Id",
"Default": "",
"Description": "The Security group being associated with the ELB. e.g. sg-123456"
},
"keyName": {
"Type": "AWS::EC2::KeyPair::KeyName",
"Default": "",
"Description": "The PEM key name of the Nginx instances"
},
"endpoint": {
"Type": "String",
"Default": "",
"Description": "The OpenSearch endpoint. e.g. vpc-your_opensearch_domain_name-xcvgw6uu2o6zafsiefxubwuohe.us-east-1.es.amazonaws.com"
},
"cognitoEndpoint": {
"Type": "String",
"Default": "",
"Description": "The Cognito User Pool endpoint URL of the OpenSearch domain. e.g. mydomain.auth.us-east-1.amazoncognito.com"
},
"elbDomainCertificateArn": {
"Type": "String",
"Default": "",
"Description": "The SSL certificate ARN which associated with the ELBDomain. The certificate must be created from Amazon Certificate Manager (ACM)"
},
"elbDomain": {
"Type": "String",
"Default": "",
"Description": "The custom domain name of the ELB. e.g. dashboard.example.com"
},
"elbAccessLogBucketName": {
"Type": "String",
"Default": "",
"Description": "The Access Log Bucket Name for Proxy ELB"
},
"engineType": {
"Type": "String",
"Default": "OpenSearch",
"AllowedValues": [
"OpenSearch",
"Elasticsearch"
],
"Description": "The engine type of the OpenSearch. Select OpenSearch or Elasticsearch"
},
"proxyInstanceType": {
"Type": "String",
"Default": "t3.large",
"AllowedValues": [
"t3.nano",
"t3.micro",
"t3.small",
"t3.large"
],
"Description": "OpenSearch proxy instance type. e.g. t3.micro"
},
"proxyInstanceNumber": {
"Type": "Number",
"Default": 2,
"Description": "OpenSearch proxy instance number. e.g. 1 to 4"
},
"SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": {
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
"Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
},
"SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmarm64gp2C96584B6F00A464EAD1953AFF4B05118Parameter": {
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
"Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2"
}
},
"Resources": {
"NginxEC2SecurityGroupfromNginxForOpenSearchLoadBalancerSecurityGroupE634260B443F3EE2921": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp",
"Description": "Load balancer to target",
"FromPort": 443,
"GroupId": {
"Ref": "nginxSecurityGroupId"
},
"SourceSecurityGroupId": {
"Ref": "elbSecurityGroupId"
},
"ToPort": 443
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/NginxEC2SecurityGroup/from NginxForOpenSearchLoadBalancerSecurityGroupE634260B:443"
}
},
"LoadBalancerSecurityGroupfrom000004430F986CB3": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"Description": "Allow from anyone on port 443",
"FromPort": 443,
"GroupId": {
"Ref": "elbSecurityGroupId"
},
"ToPort": 443
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/LoadBalancerSecurityGroup/from 0.0.0.0_0:443"
}
},
"ec2Role38AB65C0": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/AmazonSSMManagedInstanceCore"
]
]
}
]
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/ec2Role/Resource",
"cdk_nag": {
"rules_to_suppress": [
{
"reason": "For PVRE compliance",
"id": "AwsSolutions-IAM4"
}
]
}
}
},
"ec2RoleDefaultPolicyC400AE24": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "cloudformation:SignalResource",
"Effect": "Allow",
"Resource": {
"Ref": "AWS::StackId"
}
},
{
"Action": [
"cloudformation:DescribeStackResource",
"cloudformation:SignalResource"
],
"Effect": "Allow",
"Resource": {
"Ref": "AWS::StackId"
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "ec2RoleDefaultPolicyC400AE24",
"Roles": [
{
"Ref": "ec2Role38AB65C0"
}
]
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/ec2Role/DefaultPolicy/Resource"
}
},
"NginxProxyEC2LaunchTemplateProfileAF1AB61A": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [
{
"Ref": "ec2Role38AB65C0"
}
]
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/NginxProxyEC2LaunchTemplate/Profile"
}
},
"NginxProxyEC2LaunchTemplate7EF99E7D": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"Encrypted": true,
"VolumeSize": 8,
"VolumeType": "gp2"
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"NginxProxyEC2LaunchTemplateProfileAF1AB61A",
"Arn"
]
}
},
"ImageId": {
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmarm64gp2C96584B6F00A464EAD1953AFF4B05118Parameter"
},
"InstanceType": "t4g.large",
"KeyName": {
"Ref": "keyName"
},
"NetworkInterfaces": [
{
"DeviceIndex": 0,
"AssociatePublicIpAddress": "false",
"Groups": [
{
"Ref": "nginxSecurityGroupId"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "Name",
"Value": "NginxForOpenSearch/NginxProxyEC2LaunchTemplate"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "Name",
"Value": "NginxForOpenSearch/NginxProxyEC2LaunchTemplate"
}
]
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n# fingerprint: 60502c8cbfeb8b39\n(\n set +e\n /opt/aws/bin/cfn-init -v --region ",
{
"Ref": "AWS::Region"
},
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource NginxProxyEC2ASG05E5AAD2 -c default\n /opt/aws/bin/cfn-signal -e $? --region ",
{
"Ref": "AWS::Region"
},
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource NginxProxyEC2ASG05E5AAD2\n cat /var/log/cfn-init.log >&2\n)\namazon-linux-extras install nginx1\nopenssl genrsa -out /etc/nginx/cert.key 2048\nopenssl req -config /etc/nginx/openssl.cnf -new -key /etc/nginx/cert.key -out /etc/nginx/cert.csr\nopenssl x509 -req -days 2048 -in /etc/nginx/cert.csr -signkey /etc/nginx/cert.key -out /etc/nginx/cert.crt\nmac_address=`curl -H \"X-aws-ec2-metadata-token: $TOKEN\" -v http://169.254.169.254/latest/meta-data/mac`\ncider_block=`curl -H \"X-aws-ec2-metadata-token: $TOKEN\" -v http://169.254.169.254/latest/meta-data/network/interfaces/macs/$mac_address/vpc-ipv4-cidr-block`\ncider_ip=`echo ${cider_block%/*}`\nfront_three=`echo ${cider_ip%.*}`\nlast_value=`echo ${cider_ip##*.}`\nvalue_add_two=`expr $last_value + 2`\ndns_address=$front_three.$value_add_two\nsed -i 's/$DNS_ADDRESS/'$dns_address'/' /etc/nginx/conf.d/default.conf\nsed -i 's/$ES_endpoint/",
{
"Ref": "endpoint"
},
"/' /etc/nginx/conf.d/default.conf\nsed -i 's/$cognito_host/",
{
"Fn::If": [
"cognitoNotEnabled",
{
"Ref": "endpoint"
},
{
"Ref": "cognitoEndpoint"
}
]
},
"/' /etc/nginx/conf.d/default.conf\nsed -i 's/$SERVER_NAME/",
{
"Fn::If": [
"customEndpointProvided",
{
"Fn::GetAtt": [
"LoadBalancerBDB7C56B",
"DNSName"
]
},
{
"Ref": "elbDomain"
}
]
},
"/' /etc/nginx/conf.d/default.conf\nsed -i 's/$ENGINE_URL/",
{
"Fn::If": [
"openSearchEngineUsed",
"_dashboards",
"_plugin\\/kibana"
]
},
"/' /etc/nginx/conf.d/default.conf\nsed -i 's#/bin.*#service nginx reload >/dev/null 2>&1#' /etc/logrotate.d/nginx\nchmod a+x /etc/init.d/nginx\nchkconfig --add /etc/init.d/nginx\nchkconfig nginx on\n/etc/init.d/nginx start"
]
]
}
}
},
"TagSpecifications": [
{
"ResourceType": "launch-template",
"Tags": [
{
"Key": "Name",
"Value": "NginxForOpenSearch/NginxProxyEC2LaunchTemplate"
}
]
}
]
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/NginxProxyEC2LaunchTemplate/Resource"
}
},
"NginxProxyEC2ASG05E5AAD2": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"MaxSize": "4",
"MinSize": "0",
"DesiredCapacity": {
"Ref": "proxyInstanceNumber"
},
"HealthCheckGracePeriod": 0,
"HealthCheckType": "ELB",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "NginxProxyEC2LaunchTemplate7EF99E7D"
},
"Version": {
"Fn::GetAtt": [
"NginxProxyEC2LaunchTemplate7EF99E7D",
"LatestVersionNumber"
]
}
},
"TargetGroupARNs": [
{
"Ref": "LoadBalancerListenerApplicationFleetGroup1419F3BD"
}
],
"VPCZoneIdentifier": {
"Ref": "privateSubnetIds"
}
},
"CreationPolicy": {
"ResourceSignal": {
"Count": 0
}
},
"UpdatePolicy": {
"AutoScalingScheduledAction": {
"IgnoreUnmodifiedGroupSizeProperties": true
}
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/NginxProxyEC2/ASG",
"cdk_nag": {
"rules_to_suppress": [
{
"reason": "will enable ASG notifications configured for all scaling events.",
"id": "AwsSolutions-AS3"
}
]
},
"AWS::CloudFormation::Init": {
"configSets": {
"default": [
"config"
]
},
"config": {
"files": {
"/etc/nginx/conf.d/default.conf": {
"content": "server {\n listen 443;\n server_name $SERVER_NAME;\n resolver $DNS_ADDRESS [::1]:5353 valid=30s;\n rewrite ^/$ https://$SERVER_NAME/$ENGINE_URL redirect;\n ssl_certificate /etc/nginx/cert.crt;\n ssl_certificate_key /etc/nginx/cert.key;\n ssl on;\n ssl_session_cache builtin:1000 shared:SSL:10m;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;\n ssl_prefer_server_ciphers on;\n set $es_endpoint $ES_endpoint;\n set $cognito_endpoint $cognito_host;\n location ^~ /$ENGINE_URL {\n # Forward requests to Kibana\n proxy_pass https://$es_endpoint;\n # Handle redirects to Amazon Cognito\n proxy_redirect https://$cognito_endpoint https://$SERVER_NAME; \n # Update cookie domain and path\n proxy_cookie_domain $es_endpoint $SERVER_NAME;\n # Response buffer settings\n proxy_buffer_size 128k;\n proxy_buffers 4 256k;\n proxy_busy_buffers_size 256k;\n # Ignore client disconnection\n proxy_ignore_client_abort on;\n }\n location ~ \\/(log|sign|error|fav|forgot|change|confirm|mfa) {\n # Forward requests to Cognito\n proxy_pass https://$cognito_endpoint; \n # Handle redirects to Kibana\n proxy_redirect https://$es_endpoint https://$SERVER_NAME;\n # Handle redirects to Amazon Cognito\n proxy_redirect https://$cognito_endpoint https://$SERVER_NAME; \n # Update cookie domain\n proxy_cookie_domain $cognito_endpoint $SERVER_NAME;\n # Ignore client disconnection\n proxy_ignore_client_abort on;\n internal;\n }\n}\n",
"encoding": "plain",
"mode": "000644",
"owner": "root",
"group": "root"
},
"/etc/nginx/openssl.cnf": {
"content": "[ req ]\nprompt = no\ndistinguished_name = req_distinguished_name\n[ req_distinguished_name ]\nC = GB\nST = Test State\nL = Test Locality\nO = Org Name\nOU = Org Unit Name\nCN = Common Name\nemailAddress = test",
"encoding": "plain",
"mode": "000644",
"owner": "root",
"group": "root"
},
"/etc/init.d/nginx": {
"content": "#!/bin/sh\n#\n# nginx - this script starts and stops the nginx daemon\n#\n# chkconfig: - 85 15\n# description: NGINX is an HTTP(S) server, HTTP(S) reverse \\\n# proxy and IMAP/POP3 proxy server\n# processname: nginx\n# config: /etc/nginx/nginx.conf\n# config: /etc/sysconfig/nginx\n# pidfile: /var/run/nginx.pid\n# Source function library.\n. /etc/rc.d/init.d/functions\n# Source networking configuration.\n. /etc/sysconfig/network\n# Check that networking is up.\n[ \"$NETWORKING\" = \"no\" ] && exit 0\nnginx=\"/sbin/nginx\"\nprog=$(basename $nginx)\nNGINX_CONF_FILE=\"/etc/nginx/conf.d/default.conf\"\n[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx\nlockfile=/var/lock/subsys/nginx\nmake_dirs() {\n # make required directories\n user=`$nginx -V 2>&1 | grep \"configure arguments:\" | sed 's/[^*]*--user=\\([^ ]*\\).*/\\1/g' -`\n if [ -z \"`grep $user /etc/passwd`\" ]; then\n useradd -M -s /bin/nologin $user\n fi\n options=`$nginx -V 2>&1 | grep 'configure arguments:'`\n for opt in $options; do\n if [ `echo $opt | grep '.*-temp-path'` ]; then\n value=`echo $opt | cut -d \"=\" -f 2`\n if [ ! -d \"$value\" ]; then\n # echo \"creating\" $value\n mkdir -p $value && chown -R $user $value\n fi\n fi\n done\n}\nstart() {\n [ -x $nginx ] || exit 5\n [ -f $NGINX_CONF_FILE ] || exit 6\n make_dirs\n echo -n $\"Starting $prog: \"\n daemon $nginx -c $NGINX_CONF_FILE\n retval=$?\n echo\n [ $retval -eq 0 ] && touch $lockfile\n return $retval\n}\nstop() {\n echo -n $\"Stopping $prog: \"\n killproc $prog -QUIT\n retval=$?\n echo\n [ $retval -eq 0 ] && rm -f $lockfile\n return $retval\n}\nrestart() {\n configtest || return $?\n stop\n sleep 1\n start\n}\nreload() {\n configtest || return $?\n echo -n $\"Reloading $prog: \"\n killproc $nginx -HUP\n RETVAL=$?\n echo\n}\nforce_reload() {\n restart\n}\nconfigtest() {\n $nginx -t -c $NGINX_CONF_FILE\n}\nrh_status() {\n status $prog\n}\nrh_status_q() {\n rh_status >/dev/null 2>&1\n}\ncase \"$1\" in\n start)\n rh_status_q && exit 0\n $1\n ;;\n stop)\n rh_status_q || exit 0\n $1\n ;;\n restart|configtest)\n $1\n ;;\n reload)\n rh_status_q || exit 7\n $1\n ;;\n force-reload)\n force_reload\n ;;\n status)\n rh_status\n ;;\n condrestart|try-restart)\n rh_status_q || exit 0\n ;;\n *)\n echo $\"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}\"\n exit 2\nesac",
"encoding": "plain",
"mode": "000644",
"owner": "root",
"group": "root"
}
}
}
}
}
},
"LoadBalancerBDB7C56B": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"LoadBalancerAttributes": [
{
"Key": "deletion_protection.enabled",
"Value": "false"
},
{
"Key": "access_logs.s3.enabled",
"Value": "true"
},
{
"Key": "access_logs.s3.bucket",
"Value": {
"Ref": "elbAccessLogBucketName"
}
},
{
"Key": "access_logs.s3.prefix",
"Value": "ELBLogs/opensearchproxy"
}
],
"Scheme": "internet-facing",
"SecurityGroups": [
{
"Ref": "elbSecurityGroupId"
}
],
"Subnets": {
"Ref": "publicSubnetIds"
},
"Type": "application"
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/Load Balancer/Resource",
"cdk_nag": {
"rules_to_suppress": [
{
"reason": "config log enabled for ELB",
"id": "AwsSolutions-ELB2"
}
]
}
}
},
"LoadBalancerListenerF6F26679": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [
{
"TargetGroupArn": {
"Ref": "LoadBalancerListenerApplicationFleetGroup1419F3BD"
},
"Type": "forward"
}
],
"LoadBalancerArn": {
"Ref": "LoadBalancerBDB7C56B"
},
"Certificates": [
{
"CertificateArn": {
"Ref": "elbDomainCertificateArn"
}
}
],
"Port": 443,
"Protocol": "HTTPS",
"SslPolicy": "ELBSecurityPolicy-TLS-1-2-2017-01"
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/Load Balancer/Listener/Resource"
}
},
"LoadBalancerListenerApplicationFleetGroup1419F3BD": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"HealthCheckEnabled": true,
"HealthCheckPath": "/",
"HealthCheckPort": "443",
"HealthCheckProtocol": "HTTPS",
"Matcher": {
"HttpCode": "302"
},
"Port": 443,
"Protocol": "HTTPS",
"TargetGroupAttributes": [
{
"Key": "stickiness.enabled",
"Value": "false"
}
],
"TargetType": "instance",
"VpcId": {
"Ref": "vpcId"
}
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/Load Balancer/Listener/ApplicationFleetGroup/Resource"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:H4sIAAAAAAAA/11RS2/CMAz+Lbun2eCwcWUcJiQkqpY7MqnpDGlSJQ4IVf3vSwJD3U729/ArmcvFh3x7gasvVHMuNB3kUDOos1gdTQkOOmR0okJvg1MoonE/oJrLIeo1quCIb1/Ohn5tWofeiw0Eo7532PUaGFObv8woCDo5VFZnMcfSalK3PPKZrY1nMApLZ4+kYxkEtl6BJtPKYRlBfQd5eqr4z40CNXgmpS00B9CxW5Qucfdl38cxwGTNJmqfWYtnpmWneOojz2gent98ou/AtcjPXSZwHBOxsqahZExgG7gPnM9/POwojG1QnvzrZbaQs/f4JydPVLhgmDqU1T3+AJrrAdevAQAA"
},
"Metadata": {
"aws:cdk:path": "NginxForOpenSearch/CDKMetadata/Default"
},
"Condition": "CDKMetadataAvailable"
}
},
"Conditions": {
"customEndpointProvided": {
"Fn::Equals": [
"",
{
"Ref": "elbDomain"
}
]
},
"cognitoNotEnabled": {
"Fn::Equals": [
"",
{
"Ref": "cognitoEndpoint"
}
]
},
"openSearchEngineUsed": {
"Fn::Equals": [
"OpenSearch",
{
"Ref": "engineType"
}
]
},
"CDKMetadataAvailable": {
"Fn::Or": [
{
"Fn::Or": [
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"af-south-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-east-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-northeast-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-northeast-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-south-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-southeast-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-southeast-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ca-central-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"cn-north-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"cn-northwest-1"
]
}
]
},
{
"Fn::Or": [
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-central-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-north-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-south-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-west-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-west-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-west-3"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"me-south-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"sa-east-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-east-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-east-2"
]
}
]
},
{
"Fn::Or": [
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-west-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-west-2"
]
}
]
}
]
}
},
"Outputs": {
"ALBCNAME": {
"Description": "CNAME for ALB",
"Value": {
"Fn::GetAtt": [
"LoadBalancerBDB7C56B",
"DNSName"
]
}
}
},
"Rules": {}
}
|
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
YikaiHu
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently customer can use this template to update existed Proxy Stack:
{ "Description": "(SO8025-proxy) - Centralized Logging with OpenSearch nginx-for-opensearch-stack Template. Template version develop-t4g-large", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "EC2 Information" }, "Parameters": [ "vpcId", "publicSubnetIds", "privateSubnetIds", "keyName", "nginxSecurityGroupId", "proxyInstanceType", "proxyInstanceNumber" ] }, { "Label": { "default":