The ALIYUN::VPC::SnatEntry resource is used to add an SNAT entry to an SNAT table.
Syntax
{
"Type": "ALIYUN::VPC::SnatEntry",
"Properties": {
"SnatTableId": String,
"SnatEntryName": String,
"SourceVSwitchIds": List,
"SourceCIDR": String,
"SnatIp": String,
"EipAffinity": Integer
}
}Properties
Property name | Type | Required | Updatable | Description | Constraints |
SnatTableId | String | Yes | No | The ID of the SNAT table. | None |
SnatEntryName | String | No | Yes | The name of the SNAT rule. | The length is 2 to 128 characters. It must start with an English letter or a Chinese character, but cannot start with |
SourceVSwitchIds | List | No | Yes | The ID of the vSwitch that requires public network access. | None |
SourceCIDR | String | No | No | The CIDR block of the vSwitch or ECS instance. | Do not specify SourceCIDR and SourceVSwitchIds at the same time. |
SnatIp | String | Yes | Yes | The public IP address. | Separate multiple IP addresses with commas (,). |
EipAffinity | Integer | No | No | Enable EIP affinity. | Values:
Note If you enable EIP affinity and SNAT binds multiple EIPs, the same client uses the same EIP to access the public network. Otherwise, the client randomly selects an EIP from the bound EIPs to access the public network. |
Return values
Fn::GetAtt
SnatEntryId: The ID of the SNAT entry.
Examples
Scenario 1: Add SNAT entries to the SNAT list.
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
SourceVSwitchId:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Label:
en: VSwitch ID
SnatIp:
Type: String
Description: The public IP address. Separate multiple EIPs with commas.
Default: 47.**
SnatTableId:
Type: String
Description: The ID of the SNAT table.
Default: stb-***
Resources:
SnatEntry:
Type: ALIYUN::VPC::SnatEntry
Properties:
SourceVSwitchIds:
- Ref: SourceVSwitchId
SnatIp:
Ref: SnatIp
SnatTableId:
Ref: SnatTableId
Outputs:
SnatEntryIds:
Description: The IDS of the SNAT entry.
Value:
Fn::GetAtt:
- SnatEntry
- SnatEntryIds{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"SourceVSwitchId": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Label": {
"en": "VSwitch ID"
}
},
"SnatIp": {
"Type": "String",
"Description": "The public IP address. Separate multiple EIPs with commas.",
"Default": "47.**"
},
"SnatTableId": {
"Type": "String",
"Description": "The ID of the SNAT table.",
"Default": "stb-***"
}
},
"Resources": {
"SnatEntry": {
"Type": "ALIYUN::VPC::SnatEntry",
"Properties": {
"SourceVSwitchIds": [
{
"Ref": "SourceVSwitchId"
}
],
"SnatIp": {
"Ref": "SnatIp"
},
"SnatTableId": {
"Ref": "SnatTableId"
}
}
}
},
"Outputs": {
"SnatEntryIds": {
"Description": "The IDS of the SNAT entry.",
"Value": {
"Fn::GetAtt": [
"SnatEntry",
"SnatEntryIds"
]
}
}
}
}Scenario 2: Create a NAT Gateway and add SNAT entries.
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
Label:
en: Availability Zone
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName: vpc
VSwitch:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId
VSwitchName: app-vsw
NatGateway:
Type: 'ALIYUN::VPC::NatGateway'
Properties:
NatGatewayName: ngw
VSwitchId:
Ref: VSwitch
NatType: Enhanced
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId
Eip:
Type: 'ALIYUN::VPC::EIP'
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: 'ALIYUN::VPC::EIPAssociation'
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
SNat:
Type: 'ALIYUN::VPC::SnatEntry'
DependsOn: EipAssociation
Properties:
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatEntryName: snat
SourceVSwitchIds:
- Ref: VSwitch
SnatIp:
Fn::GetAtt:
- Eip
- EipAddress
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"ZoneId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"Label": {
"en": "Availability Zone"
}
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": "vpc"
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId"
},
"VSwitchName": "app-vsw"
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": "ngw",
"VSwitchId": {
"Ref": "VSwitch"
},
"NatType": "Enhanced",
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId"
}
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
},
"SNat": {
"Type": "ALIYUN::VPC::SnatEntry",
"DependsOn": "EipAssociation",
"Properties": {
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SnatEntryName": "snat",
"SourceVSwitchIds": [
{
"Ref": "VSwitch"
}
],
"SnatIp": {
"Fn::GetAtt": [
"Eip",
"EipAddress"
]
}
}
}
}
}Scenario 3: Build a highly available WordPress service.
ROSTemplateFormatVersion: '2015-09-01'
Description:
en: Construct a high-availability WordPress service leveraging Elastic Compute Service
(ECS) instances deployed across dual availability zones, with Auto Scaling provided
by Elastic Scaling Service (ESS). Combine this setup with Classic Load Balancer
(CLB) for load distribution, Highly Available Relational Database Service (RDS)
for robust data management, NAT Gateway and Elastic IP (EIP) to facilitate public
access and efficient traffic distribution. Further, implement health checks and
automated fault recovery mechanisms to ensure service resilience.
Parameters:
LoadBalancerSpec:
Type: String
Label:
en: LoadBalancer Specifications
AssociationProperty: ALIYUN::SLB::Instance::InstanceType
Default: slb.s1.small
ZoneId1:
Type: String
Label:
en: VSwitch Availability Zone1
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
ZoneId2:
Type: String
Label:
en: VSwitch Availability Zone2
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId1
InstanceType1:
Type: String
Label:
en: Instance Type
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId1}
InstanceType2:
Type: String
Label:
en: Instance Type
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId2}
RdsInstanceClass:
Type: String
Label:
en: RDS Instance Class
AssociationProperty: ALIYUN::RDS::Instance::InstanceType
AssociationPropertyMetadata:
ZoneId: ${ZoneId1}
EngineVersion: "8.0"
Engine: MySQL
Category: HighAvailability
DBInstanceStorageType: cloud_essd
CommodityCode: bards
RdsDBPassword:
Type: String
Label:
en: RDS Database Account Password
Description:
en: 'The password must be 8 to 32 characters in length and must contain at least
three of the following types: uppercase letters, lowercase letter, digits,
and special characters. Special characters include !@#$%^&*()_+-='
AssociationProperty: ALIYUN::RDS::Instance::AccountPassword
AllowedPattern:
^(?=.*[a-zA-Z])(?=.*[a-z0-9])(?=.*[a-z!@#$%^&*()_+=-])(?=.*[A-Z0-9])(?=.*[A-Z!@#$%^&*()_+=-])(?=.*[0-9!@#$%^&*()_+=-])[a-zA-Z0-9!@#$%^&*()_+=-]{8,32}$
NoEcho: true
CommonName:
Type: String
Default: ha
Resources:
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
VpcName:
Fn::Sub: ${CommonName}-vpc
CidrBlock: 192.168.0.0/16
VSwitch1:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId1
VpcId:
Ref: Vpc
VSwitchName:
Fn::Sub: ${CommonName}-vsw-001
CidrBlock: 192.168.1.0/24
VSwitch2:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId2
VpcId:
Ref: Vpc
VSwitchName:
Fn::Sub: ${CommonName}-vsw-002
CidrBlock: 192.168.2.0/24
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-sg
SecurityGroupIngress:
- PortRange: 80/80
Priority: 1
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
NicType: internet
SecurityGroupEgress:
- PortRange: '-1/-1'
Priority: 1
IpProtocol: all
DestCidrIp: 0.0.0.0/0
NicType: internet
- PortRange: '-1/-1'
Priority: 1
IpProtocol: all
DestCidrIp: 0.0.0.0/0
NicType: intranet
ClbLoadBalancer:
Type: ALIYUN::SLB::LoadBalancer
Properties:
LoadBalancerName:
Fn::Sub: ${CommonName}-clb
PayType: PayOnDemand
AddressType: internet
LoadBalancerSpec:
Ref: LoadBalancerSpec
ClbListener:
Type: ALIYUN::SLB::Listener
Properties:
ListenerPort: 80
Bandwidth: 10
HealthCheck:
HttpCode: http_2xx,http_3xx,http_4xx,http_5xx
HealthCheckType: http
UnhealthyThreshold: 3
Timeout: 5
HealthyThreshold: 3
Port: 80
URI: /
Interval: 5
LoadBalancerId:
Ref: ClbLoadBalancer
BackendServerPort: 80
Protocol: http
RdsInstance:
Type: ALIYUN::RDS::DBInstance
Properties:
ZoneId:
Ref: ZoneId1
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
DBInstanceDescription:
Fn::Sub: ${CommonName}-rds-instance
Engine: MySQL
DBInstanceStorage: 100
EngineVersion: '8.0'
Category: HighAvailability
DBInstanceStorageType: cloud_essd
DBInstanceClass:
Ref: RdsInstanceClass
SecurityIPList:
Fn::Sub: ${VSwitch1.CidrBlock},${VSwitch2.CidrBlock}
PayType: Postpaid
RdsDatabase:
Type: ALIYUN::RDS::Database
Properties:
CharacterSetName: utf8mb4
DBInstanceId:
Ref: RdsInstance
DBDescription: wordpress
DBName: wordpress
RdsAccount:
Type: ALIYUN::RDS::Account
Properties:
AccountName: wp_admin
AccountType: Normal
AccountDescription: wordpress admin
AccountPassword:
Ref: RdsDBPassword
DBInstanceId:
Ref: RdsInstance
RdsAccountPrivilege:
Type: ALIYUN::RDS::AccountPrivilege
Properties:
AccountPrivilege: ReadWrite
DBInstanceId:
Ref: RdsInstance
DBName:
Ref: RdsDatabase
AccountName:
Ref: RdsAccount
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
NatGatewayName:
Fn::Sub: ${CommonName}-nat
InternetChargeType: PayByLcu
EipBindMode: NAT
NatEip:
Type: ALIYUN::VPC::EIP
Properties:
Name:
Fn::Sub: ${CommonName}-nat-eip
DeletionProtection: false
Isp: BGP
Bandwidth: 100
InternetChargeType: PayByTraffic
NatEipAssociation:
Type: ALIYUN::VPC::EIPAssociation
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: NatEip
SnatEntry:
Type: ALIYUN::VPC::SnatEntry
Properties:
SnatEntryName: public-network-access-in-vpc
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatIp:
Fn::GetAtt:
- NatEipAssociation
- EipAddress
SourceCIDR: 0.0.0.0/0
EssScalingGroup:
Type: ALIYUN::ESS::ScalingGroup
Properties:
VSwitchIds:
- Ref: VSwitch1
- Ref: VSwitch2
ScalingGroupName:
Fn::Sub: ${CommonName}-asg
RemovalPolicys:
- NewestInstance
MinSize: 2
MaxSize: 10
DefaultCooldown: 300
MultiAZPolicy: COMPOSABLE
AzBalance: true
LoadBalancerIds:
- Ref: ClbLoadBalancer
DependsOn: SecurityGroup
EssScalingConfiguration:
Type: ALIYUN::ESS::ScalingConfiguration
Properties:
SecurityGroupId:
Ref: SecurityGroup
ImageId: centos_7_9_x64_20G_alibase_20220727.vhd
ScalingConfigurationName:
Fn::Sub: ${CommonName}-asc
ScalingGroupId:
Ref: EssScalingGroup
InstanceTypes:
- Ref: InstanceType1
- Ref: InstanceType2
SystemDiskCategory: cloud_essd
SystemDiskSize: 200
InstanceName:
Fn::Sub: ${CommonName}-wordpress
UserData:
Fn::Sub: |-
#!/bin/bash
script=/root/setup-wordpress.sh
cat<<\EOF>$script
#!/bin/bash
if [ ! -f .ros.provision ]; then
echo "Name: ha-service" > .ros.provision
fi
name=$(grep "^Name:" .ros.provision | awk -F':' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
if [[ "$name" != "ha-service" ]]; then
echo "ha-service installed, skip"
exit 0
fi
if ! grep -q "^Step1: Install Environment$" .ros.provision; then
echo "#########################"
echo "# Install Environment"
echo "#########################"
yum -y install httpd httpd-manual mod_ssl mod_perl mod_auth_mysql sysbench
systemctl start httpd
systemctl enable httpd
systemctl status httpd
yum install -y yum-utils epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php82
yum -y install php php-opcache php-mysqlnd php-pdo php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
systemctl restart httpd
echo "Step1: Install Environment" >> .ros.provision
else
echo "#########################"
echo "# Environment has been installed"
echo "#########################"
fi
if ! grep -q "^Step2: Install and Config WordPress$" .ros.provision; then
echo "################################"
echo "# Install and Config WordPress"
echo "################################"
wget https://ros-template-resources.oss-cn-beijing.aliyuncs.com/WordPress/wordpress-6.3.1-zh_CN.tar.gz
tar -xvf wordpress-6.3.1-zh_CN.tar.gz -C /var/www/html
mv /var/www/html/wordpress/* /var/www/html
chown -R apache:apache /var/www/html/wordpress
chmod -R 755 /var/www/html/wordpress
mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
sed -i 's/localhost/${RdsInstance.InnerConnectionString}/' /var/www/html/wp-config.php
sed -i 's/username_here/${RdsAccount}/' /var/www/html/wp-config.php
sed -i 's/password_here/${RdsDBPassword}/' /var/www/html/wp-config.php
sed -i 's/database_name_here/${RdsDatabase}/' /var/www/html/wp-config.php
systemctl restart httpd
echo "Step2: Install and Config WordPress" >> .ros.provision
else
echo "#########################"
echo "# WordPress has been installed and configed"
echo "#########################"
fi
EOF
EssScalingGroupEnable:
Type: ALIYUN::ESS::ScalingGroupEnable
Properties:
ScalingGroupId:
Ref: EssScalingGroup
ScalingConfigurationId:
Ref: EssScalingConfiguration
ESSLifecycleOOSRunCommandRole:
Type: ALIYUN::RAM::Role
Properties:
RoleName: ESSLifecycleOOSRunCommandRole
IgnoreExisting: true
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- oos.aliyuncs.com
Version: '1'
Policies:
- PolicyName: ESSLifecycleOOSRunCommandRolePolicy
PolicyDocument:
Statement:
- Action:
- ecs:DescribeInvocationResults
- ecs:DescribeInvocations
- ecs:RunCommand
Resource:
- '*'
Effect: Allow
- Action:
- ess:CompleteLifecycleAction
Resource:
- '*'
Effect: Allow
Version: '1'
ESSLifecycleHook:
Type: ALIYUN::ESS::LifecycleHook
Properties:
LifecycleHookName:
Fn::Sub: ${CommonName}-ash-scaleout
ScalingGroupId:
Ref: EssScalingGroup
LifecycleTransition: SCALE_OUT
NotificationArn:
Fn::Sub: acs:ess:${ALIYUN::Region}:${ALIYUN::TenantId}:oos/ACS-ESS-LifeCycleRunCommand
NotificationMetadata:
Fn::Sub: |-
{
"commandContent": "bash -x /root/setup-wordpress.sh",
"commandType": "RunShellScript",
"timeout": 1200,
"OOSAssumeRole": "${ESSLifecycleOOSRunCommandRole.RoleName}",
"regionId": "${!regionId}",
"instanceIds": "${!instanceIds}",
"lifecycleHookId": "${!lifecycleHookId}",
"rateControl": "{\"Mode\":\"Concurrency\",\"MaxErrors\":0,\"Concurrency\":10}",
"lifecycleActionToken": "${!lifecycleActionToken}"
}
DependsOn: SnatEntry
EssScalingRule:
Type: ALIYUN::ESS::ScalingRule
Properties:
ScalingRuleName:
Fn::Sub: ${CommonName}-asr-scaleout
ScalingGroupId:
Ref: EssScalingGroup
ScalingRuleType: TargetTrackingScalingRule
AdjustmentType: QuantityChangeInCapacity
AdjustmentValue: 1
MetricName: CpuUtilization
TargetValue: 80
ScaleOutEvaluationCount: 3
ScaleInEvaluationCount: 3
EstimatedInstanceWarmup: 0
Outputs:
Endpoint:
Description:
en: Public IP Addresses
Value:
Fn::Sub:
- http://${ServerAddress}
- ServerAddress:
Fn::GetAtt:
- ClbLoadBalancer
- IpAddress
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- LoadBalancerSpec
Label:
default:
en: CLB Configuration
- Parameters:
- ZoneId1
- ZoneId2
Label:
default:
en: Availability Zone
- Parameters:
- InstanceType1
- InstanceType2
Label:
default:
en: Instance Configuration
- Parameters:
- RdsInstanceClass
- RdsDBPassword
Label:
default:
en: RDS Configuration
TemplateTags:
- 'acs:technical-solution:high-availability-architecture:high-availability service'
Hidden:
- CommonName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"en": "Construct a high-availability WordPress service leveraging Elastic Compute Service (ECS) instances deployed across dual availability zones, with Auto Scaling provided by Elastic Scaling Service (ESS). Combine this setup with Classic Load Balancer (CLB) for load distribution, Highly Available Relational Database Service (RDS) for robust data management, NAT Gateway and Elastic IP (EIP) to facilitate public access and efficient traffic distribution. Further, implement health checks and automated fault recovery mechanisms to ensure service resilience."
},
"Parameters": {
"LoadBalancerSpec": {
"Type": "String",
"Label": {
"en": "LoadBalancer Specifications"
},
"AssociationProperty": "ALIYUN::SLB::Instance::InstanceType",
"Default": "slb.s1.small"
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"Label": {
"en": "VSwitch Availability Zone1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "VSwitch Availability Zone2"
}
},
"InstanceType1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId1}"
},
"Label": {
"en": "Instance Type"
}
},
"InstanceType2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId2}"
},
"Label": {
"en": "Instance Type"
}
},
"RdsInstanceClass": {
"Type": "String",
"AssociationProperty": "ALIYUN::RDS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"ZoneId": "${ZoneId1}",
"EngineVersion": "8.0",
"Engine": "MySQL",
"Category": "HighAvailability",
"DBInstanceStorageType": "cloud_essd",
"CommodityCode": "bards"
},
"Label": {
"en": "RDS Instance Class"
}
},
"RdsDBPassword": {
"Type": "String",
"AssociationProperty": "ALIYUN::RDS::Instance::AccountPassword",
"AllowedPattern": "^(?=.*[a-zA-Z])(?=.*[a-z0-9])(?=.*[a-z!@#$%^&*()_+=-])(?=.*[A-Z0-9])(?=.*[A-Z!@#$%^&*()_+=-])(?=.*[0-9!@#$%^&*()_+=-])[a-zA-Z0-9!@#$%^&*()_+=-]{8,32}$",
"Description": {
"en": "The password must be 8 to 32 characters in length and must contain at least three of the following types: uppercase letters, lowercase letter, digits, and special characters. Special characters include !@#$%^&*()_+-="
},
"Label": {
"en": "RDS Database Account Password"
},
"NoEcho": true
},
"CommonName": {
"Type": "String",
"Default": "ha"
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"CidrBlock": "192.168.1.0/24",
"VpcId": {
"Ref": "Vpc"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw-001"
},
"ZoneId": {
"Ref": "ZoneId1"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"CidrBlock": "192.168.2.0/24",
"VpcId": {
"Ref": "Vpc"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw-002"
},
"ZoneId": {
"Ref": "ZoneId2"
}
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"SecurityGroupEgress": [
{
"DestCidrIp": "0.0.0.0/0",
"IpProtocol": "all",
"NicType": "internet",
"PortRange": "-1/-1",
"Priority": 1
},
{
"DestCidrIp": "0.0.0.0/0",
"IpProtocol": "all",
"NicType": "intranet",
"PortRange": "-1/-1",
"Priority": 1
}
],
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"NicType": "internet",
"PortRange": "80/80",
"Priority": 1,
"SourceCidrIp": "0.0.0.0/0"
}
],
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-sg"
},
"VpcId": {
"Ref": "Vpc"
}
}
},
"ClbLoadBalancer": {
"Type": "ALIYUN::SLB::LoadBalancer",
"Properties": {
"AddressType": "internet",
"LoadBalancerName": {
"Fn::Sub": "${CommonName}-clb"
},
"LoadBalancerSpec": {
"Ref": "LoadBalancerSpec"
},
"PayType": "PayOnDemand"
}
},
"ClbListener": {
"Type": "ALIYUN::SLB::Listener",
"Properties": {
"BackendServerPort": 80,
"Bandwidth": 10,
"HealthCheck": {
"HealthCheckType": "http",
"HealthyThreshold": 3,
"HttpCode": "http_2xx,http_3xx,http_4xx,http_5xx",
"Interval": 5,
"Port": 80,
"Timeout": 5,
"URI": "/",
"UnhealthyThreshold": 3
},
"ListenerPort": 80,
"LoadBalancerId": {
"Ref": "ClbLoadBalancer"
},
"Protocol": "http"
}
},
"RdsInstance": {
"Type": "ALIYUN::RDS::DBInstance",
"Properties": {
"Category": "HighAvailability",
"DBInstanceClass": {
"Ref": "RdsInstanceClass"
},
"DBInstanceDescription": {
"Fn::Sub": "${CommonName}-rds-instance"
},
"DBInstanceStorage": 100,
"DBInstanceStorageType": "cloud_essd",
"Engine": "MySQL",
"EngineVersion": "8.0",
"PayType": "Postpaid",
"SecurityIPList": {
"Fn::Sub": "${VSwitch1.CidrBlock},${VSwitch2.CidrBlock}"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
}
}
},
"RdsDatabase": {
"Type": "ALIYUN::RDS::Database",
"Properties": {
"CharacterSetName": "utf8mb4",
"DBDescription": "wordpress",
"DBInstanceId": {
"Ref": "RdsInstance"
},
"DBName": "wordpress"
}
},
"RdsAccount": {
"Type": "ALIYUN::RDS::Account",
"Properties": {
"AccountDescription": "wordpress admin",
"AccountName": "wp_admin",
"AccountPassword": {
"Ref": "RdsDBPassword"
},
"AccountType": "Normal",
"DBInstanceId": {
"Ref": "RdsInstance"
}
}
},
"RdsAccountPrivilege": {
"Type": "ALIYUN::RDS::AccountPrivilege",
"Properties": {
"AccountName": {
"Ref": "RdsAccount"
},
"AccountPrivilege": "ReadWrite",
"DBInstanceId": {
"Ref": "RdsInstance"
},
"DBName": {
"Ref": "RdsDatabase"
}
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"EipBindMode": "NAT",
"InternetChargeType": "PayByLcu",
"NatGatewayName": {
"Fn::Sub": "${CommonName}-nat"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"VpcId": {
"Ref": "Vpc"
}
}
},
"NatEip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"Bandwidth": 100,
"DeletionProtection": false,
"InternetChargeType": "PayByTraffic",
"Isp": "BGP",
"Name": {
"Fn::Sub": "${CommonName}-nat-eip"
}
}
},
"NatEipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"AllocationId": {
"Ref": "NatEip"
},
"InstanceId": {
"Ref": "NatGateway"
}
}
},
"SnatEntry": {
"Type": "ALIYUN::VPC::SnatEntry",
"Properties": {
"SnatEntryName": "public-network-access-in-vpc",
"SnatIp": {
"Fn::GetAtt": [
"NatEipAssociation",
"EipAddress"
]
},
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SourceCIDR": "0.0.0.0/0"
}
},
"EssScalingGroup": {
"Type": "ALIYUN::ESS::ScalingGroup",
"DependsOn": "SecurityGroup",
"Properties": {
"AzBalance": true,
"DefaultCooldown": 300,
"LoadBalancerIds": [
{
"Ref": "ClbLoadBalancer"
}
],
"MaxSize": 10,
"MinSize": 2,
"MultiAZPolicy": "COMPOSABLE",
"RemovalPolicys": [
"NewestInstance"
],
"ScalingGroupName": {
"Fn::Sub": "${CommonName}-asg"
},
"VSwitchIds": [
{
"Ref": "VSwitch1"
},
{
"Ref": "VSwitch2"
}
]
}
},
"EssScalingConfiguration": {
"Type": "ALIYUN::ESS::ScalingConfiguration",
"Properties": {
"ImageId": "centos_7_9_x64_20G_alibase_20220727.vhd",
"InstanceName": {
"Fn::Sub": "${CommonName}-wordpress"
},
"InstanceTypes": [
{
"Ref": "InstanceType1"
},
{
"Ref": "InstanceType2"
}
],
"ScalingConfigurationName": {
"Fn::Sub": "${CommonName}-asc"
},
"ScalingGroupId": {
"Ref": "EssScalingGroup"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"SystemDiskCategory": "cloud_essd",
"SystemDiskSize": 200,
"UserData": {
"Fn::Sub": "#!/bin/bash\nscript=/root/setup-wordpress.sh\ncat<<\\EOF>$script\n#!/bin/bash\nif [ ! -f .ros.provision ]; then\n echo \"Name: ha-service\" > .ros.provision\nfi\n\nname=$(grep \"^Name:\" .ros.provision | awk -F':' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')\nif [[ \"$name\" != \"ha-service\" ]]; then\n echo \"ha-service installed, skip\"\n exit 0\nfi\n\nif ! grep -q \"^Step1: Install Environment$\" .ros.provision; then\n echo \"#########################\"\n echo \"# Install Environment\"\n echo \"#########################\"\n yum -y install httpd httpd-manual mod_ssl mod_perl mod_auth_mysql sysbench\n systemctl start httpd\n systemctl enable httpd\n systemctl status httpd\n\n yum install -y yum-utils epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm \n yum-config-manager --enable remi-php82\n yum -y install php php-opcache php-mysqlnd php-pdo php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap\n echo \"<?php phpinfo(); ?>\" > /var/www/html/phpinfo.php\n systemctl restart httpd\n echo \"Step1: Install Environment\" >> .ros.provision\nelse\n echo \"#########################\"\n echo \"# Environment has been installed\"\n echo \"#########################\"\nfi\n\nif ! grep -q \"^Step2: Install and Config WordPress$\" .ros.provision; then\n echo \"################################\"\n echo \"# Install and Config WordPress\"\n echo \"################################\"\n wget https://ros-template-resources.oss-cn-beijing.aliyuncs.com/WordPress/wordpress-6.3.1-zh_CN.tar.gz\n tar -xvf wordpress-6.3.1-zh_CN.tar.gz -C /var/www/html\n mv /var/www/html/wordpress/* /var/www/html\n chown -R apache:apache /var/www/html/wordpress\n chmod -R 755 /var/www/html/wordpress\n mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.php\n sed -i 's/localhost/${RdsInstance.InnerConnectionString}/' /var/www/html/wp-config.php\n sed -i 's/username_here/${RdsAccount}/' /var/www/html/wp-config.php\n sed -i 's/password_here/${RdsDBPassword}/' /var/www/html/wp-config.php\n sed -i 's/database_name_here/${RdsDatabase}/' /var/www/html/wp-config.php\n systemctl restart httpd\n echo \"Step2: Install and Config WordPress\" >> .ros.provision\nelse\n echo \"#########################\"\n echo \"# WordPress has been installed and configed\"\n echo \"#########################\"\nfi\nEOF"
}
}
},
"EssScalingGroupEnable": {
"Type": "ALIYUN::ESS::ScalingGroupEnable",
"Properties": {
"ScalingConfigurationId": {
"Ref": "EssScalingConfiguration"
},
"ScalingGroupId": {
"Ref": "EssScalingGroup"
}
}
},
"ESSLifecycleOOSRunCommandRole": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"oos.aliyuncs.com"
]
}
}
],
"Version": "1"
},
"IgnoreExisting": true,
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:RunCommand"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ess:CompleteLifecycleAction"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": "ESSLifecycleOOSRunCommandRolePolicy"
}
],
"RoleName": "ESSLifecycleOOSRunCommandRole"
}
},
"ESSLifecycleHook": {
"Type": "ALIYUN::ESS::LifecycleHook",
"DependsOn": "SnatEntry",
"Properties": {
"LifecycleHookName": {
"Fn::Sub": "${CommonName}-ash-scaleout"
},
"LifecycleTransition": "SCALE_OUT",
"NotificationArn": {
"Fn::Sub": "acs:ess:${ALIYUN::Region}:${ALIYUN::TenantId}:oos/ACS-ESS-LifeCycleRunCommand"
},
"NotificationMetadata": {
"Fn::Sub": "{\n \"commandContent\": \"bash -x /root/setup-wordpress.sh\",\n \"commandType\": \"RunShellScript\",\n \"timeout\": 1200,\n \"OOSAssumeRole\": \"${ESSLifecycleOOSRunCommandRole.RoleName}\",\n \"regionId\": \"${!regionId}\",\n \"instanceIds\": \"${!instanceIds}\",\n \"lifecycleHookId\": \"${!lifecycleHookId}\",\n \"rateControl\": \"{\\\"Mode\\\":\\\"Concurrency\\\",\\\"MaxErrors\\\":0,\\\"Concurrency\\\":10}\",\n \"lifecycleActionToken\": \"${!lifecycleActionToken}\"\n}"
},
"ScalingGroupId": {
"Ref": "EssScalingGroup"
}
}
},
"EssScalingRule": {
"Type": "ALIYUN::ESS::ScalingRule",
"Properties": {
"AdjustmentType": "QuantityChangeInCapacity",
"AdjustmentValue": 1,
"EstimatedInstanceWarmup": 0,
"MetricName": "CpuUtilization",
"ScaleInEvaluationCount": 3,
"ScaleOutEvaluationCount": 3,
"ScalingGroupId": {
"Ref": "EssScalingGroup"
},
"ScalingRuleName": {
"Fn::Sub": "${CommonName}-asr-scaleout"
},
"ScalingRuleType": "TargetTrackingScalingRule",
"TargetValue": 80
}
}
},
"Outputs": {
"Endpoint": {
"Description": {
"en": "Public IP Addresses"
},
"Value": {
"Fn::Sub": [
"http://${ServerAddress}",
{
"ServerAddress": {
"Fn::GetAtt": [
"ClbLoadBalancer",
"IpAddress"
]
}
}
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Label": {
"default": {
"en": "CLB Configuration"
}
},
"Parameters": [
"LoadBalancerSpec"
]
},
{
"Label": {
"default": {
"en": "Availability Zone"
}
},
"Parameters": [
"ZoneId1",
"ZoneId2"
]
},
{
"Label": {
"default": {
"en": "Instance Configuration"
}
},
"Parameters": [
"InstanceType1",
"InstanceType2"
]
},
{
"Label": {
"default": {
"en": "RDS Configuration"
}
},
"Parameters": [
"RdsInstanceClass",
"RdsDBPassword"
]
}
],
"TemplateTags": [
"acs:technical-solution:high-availability-architecture:high-availability service"
],
"Hidden": [
"CommonName"
]
}
}
}For more examples, see public templates that include this resource.