ALIYUN::VPC::SnatEntry リソースは、SNAT テーブルに SNAT エントリを追加するために使用されます。
構文
{
"Type": "ALIYUN::VPC::SnatEntry",
"Properties": {
"SnatTableId": String,
"SnatEntryName": String,
"SourceVSwitchIds": List,
"SourceCIDR": String,
"SnatIp": String,
"EipAffinity": Integer
}
}プロパティ
プロパティ名 | タイプ | 必須 | 更新可能 | 説明 | 制約 |
SnatTableId | String | はい | いいえ | SNAT テーブルの ID。 | なし |
SnatEntryName | String | いいえ | はい | SNAT ルールの名前。 | 長さは 2~128 文字です。アルファベットまたは漢字で始める必要がありますが、 |
SourceVSwitchIds | List | いいえ | はい | パブリックネットワークへのアクセスが必要な vSwitch の ID。 | なし |
SourceCIDR | String | いいえ | いいえ | vSwitch または ECS インスタンスの CIDR ブロック。 | SourceCIDR と SourceVSwitchIds を同時に指定しないでください。 |
SnatIp | String | はい | はい | パブリック IP アドレス。 | 複数の IP アドレスはコンマ (,) で区切ります。 |
EipAffinity | Integer | いいえ | いいえ | EIP アフィニティを有効にします。 | 値:
説明 EIP アフィニティを有効にし、SNAT が複数の EIP にバインドされている場合、同じクライアントは同じ EIP を使用してパブリックネットワークにアクセスします。それ以外の場合、クライアントはバインドされた EIP からランダムに EIP を選択してパブリックネットワークにアクセスします。 |
戻り値
Fn::GetAtt
SnatEntryId:SNAT エントリの ID。
例
シナリオ 1:SNAT リストへの SNAT エントリの追加
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
SourceVSwitchId:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Label:
en: VSwitch ID
SnatIp:
Type: String
Description: パブリック IP アドレス。複数の EIP はコンマで区切ります。
Default: 47.**
SnatTableId:
Type: String
Description: SNAT テーブルの ID。
Default: stb-***
Resources:
SnatEntry:
Type: ALIYUN::VPC::SnatEntry
Properties:
SourceVSwitchIds:
- Ref: SourceVSwitchId
SnatIp:
Ref: SnatIp
SnatTableId:
Ref: SnatTableId
Outputs:
SnatEntryIds:
Description: SNAT エントリの ID。
Value:
Fn::GetAtt:
- SnatEntry
- SnatEntryIds{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"SourceVSwitchId": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Label": {
"en": "VSwitch ID"
}
},
"SnatIp": {
"Type": "String",
"Description": "パブリック IP アドレス。複数の EIP はコンマで区切ります。",
"Default": "47.**"
},
"SnatTableId": {
"Type": "String",
"Description": "SNAT テーブルの ID。",
"Default": "stb-***"
}
},
"Resources": {
"SnatEntry": {
"Type": "ALIYUN::VPC::SnatEntry",
"Properties": {
"SourceVSwitchIds": [
{
"Ref": "SourceVSwitchId"
}
],
"SnatIp": {
"Ref": "SnatIp"
},
"SnatTableId": {
"Ref": "SnatTableId"
}
}
}
},
"Outputs": {
"SnatEntryIds": {
"Description": "SNAT エントリの ID。",
"Value": {
"Fn::GetAtt": [
"SnatEntry",
"SnatEntryIds"
]
}
}
}
}シナリオ 2:NAT Gateway の作成と SNAT エントリの追加
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
Label:
en: アベイラビリティゾーン
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName: vpc
VSwitch:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId
VSwitchName: app-vsw
NatGateway:
Type: 'ALIYUN::VPC::NatGateway'
Properties:
NatGatewayName: ngw
VSwitchId:
Ref: VSwitch
NatType: Enhanced
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId
Eip:
Type: 'ALIYUN::VPC::EIP'
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: 'ALIYUN::VPC::EIPAssociation'
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
SNat:
Type: 'ALIYUN::VPC::SnatEntry'
DependsOn: EipAssociation
Properties:
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatEntryName: snat
SourceVSwitchIds:
- Ref: VSwitch
SnatIp:
Fn::GetAtt:
- Eip
- EipAddress
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"ZoneId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"Label": {
"en": "アベイラビリティゾーン"
}
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": "vpc"
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId"
},
"VSwitchName": "app-vsw"
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": "ngw",
"VSwitchId": {
"Ref": "VSwitch"
},
"NatType": "Enhanced",
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId"
}
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
},
"SNat": {
"Type": "ALIYUN::VPC::SnatEntry",
"DependsOn": "EipAssociation",
"Properties": {
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SnatEntryName": "snat",
"SourceVSwitchIds": [
{
"Ref": "VSwitch"
}
],
"SnatIp": {
"Fn::GetAtt": [
"Eip",
"EipAddress"
]
}
}
}
}
}シナリオ 3:高可用性 WordPress サービスの構築
ROSTemplateFormatVersion: '2015-09-01'
Description:
en: デュアルアベイラビリティゾーンにデプロイされた Elastic Compute Service (ECS) インスタンスと、Elastic Scaling Service (ESS) が提供する Auto Scaling を活用して、高可用性の WordPress サービスを構築します。この設定を Classic Load Balancer (CLB) による負荷分散、高可用性 Relational Database Service (RDS) による堅牢なデータ管理、NAT Gateway と Elastic IP (EIP) によるパブリックアクセスと効率的なトラフィック分散と組み合わせます。さらに、ヘルスチェックと自動障害回復メカニズムを実装して、サービスの回復力を確保します。
Parameters:
LoadBalancerSpec:
Type: String
Label:
en: LoadBalancer の仕様
AssociationProperty: ALIYUN::SLB::Instance::InstanceType
Default: slb.s1.small
ZoneId1:
Type: String
Label:
en: VSwitch アベイラビリティゾーン 1
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
ZoneId2:
Type: String
Label:
en: VSwitch アベイラビリティゾーン 2
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId1
InstanceType1:
Type: String
Label:
en: インスタンスタイプ
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId1}
InstanceType2:
Type: String
Label:
en: インスタンスタイプ
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId2}
RdsInstanceClass:
Type: String
Label:
en: RDS インスタンスクラス
AssociationProperty: ALIYUN::RDS::Instance::InstanceType
AssociationPropertyMetadata:
ZoneId: ${ZoneId1}
EngineVersion: "8.0"
Engine: MySQL
Category: HighAvailability
DBInstanceStorageType: cloud_essd
CommodityCode: bards
RdsDBPassword:
Type: String
Label:
en: RDS データベースアカウントのパスワード
Description:
en: 'パスワードは 8~32 文字で、大文字、小文字、数字、特殊文字の 4 種類のうち、3 種類以上を含める必要があります。特殊文字には、!@#$%^&*()_+-= が含まれます。'
AssociationProperty: ALIYUN::RDS::Instance::AccountPassword
AllowedPattern:
^(?=.*[a-zA-Z])(?=.*[a-z0-9])(?=.*[a-z!@#$%^&*()_+=-])(?=.*[A-Z0-9])(?=.*[A-Z!@#$%^&*()_+=-])(?=.*[0-9!@#$%^&*()_+=-])[a-zA-Z0-9!@#$%^&*()_+=-]{8,32}$
NoEcho: true
CommonName:
Type: String
Default: ha
Resources:
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
VpcName:
Fn::Sub: ${CommonName}-vpc
CidrBlock: 192.168.0.0/16
VSwitch1:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId1
VpcId:
Ref: Vpc
VSwitchName:
Fn::Sub: ${CommonName}-vsw-001
CidrBlock: 192.168.1.0/24
VSwitch2:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId2
VpcId:
Ref: Vpc
VSwitchName:
Fn::Sub: ${CommonName}-vsw-002
CidrBlock: 192.168.2.0/24
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-sg
SecurityGroupIngress:
- PortRange: 80/80
Priority: 1
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
NicType: internet
SecurityGroupEgress:
- PortRange: '-1/-1'
Priority: 1
IpProtocol: all
DestCidrIp: 0.0.0.0/0
NicType: internet
- PortRange: '-1/-1'
Priority: 1
IpProtocol: all
DestCidrIp: 0.0.0.0/0
NicType: intranet
ClbLoadBalancer:
Type: ALIYUN::SLB::LoadBalancer
Properties:
LoadBalancerName:
Fn::Sub: ${CommonName}-clb
PayType: PayOnDemand
AddressType: internet
LoadBalancerSpec:
Ref: LoadBalancerSpec
ClbListener:
Type: ALIYUN::SLB::Listener
Properties:
ListenerPort: 80
Bandwidth: 10
HealthCheck:
HttpCode: http_2xx,http_3xx,http_4xx,http_5xx
HealthCheckType: http
UnhealthyThreshold: 3
Timeout: 5
HealthyThreshold: 3
Port: 80
URI: /
Interval: 5
LoadBalancerId:
Ref: ClbLoadBalancer
BackendServerPort: 80
Protocol: http
RdsInstance:
Type: ALIYUN::RDS::DBInstance
Properties:
ZoneId:
Ref: ZoneId1
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
DBInstanceDescription:
Fn::Sub: ${CommonName}-rds-instance
Engine: MySQL
DBInstanceStorage: 100
EngineVersion: '8.0'
Category: HighAvailability
DBInstanceStorageType: cloud_essd
DBInstanceClass:
Ref: RdsInstanceClass
SecurityIPList:
Fn::Sub: ${VSwitch1.CidrBlock},${VSwitch2.CidrBlock}
PayType: Postpaid
RdsDatabase:
Type: ALIYUN::RDS::Database
Properties:
CharacterSetName: utf8mb4
DBInstanceId:
Ref: RdsInstance
DBDescription: wordpress
DBName: wordpress
RdsAccount:
Type: ALIYUN::RDS::Account
Properties:
AccountName: wp_admin
AccountType: Normal
AccountDescription: wordpress admin
AccountPassword:
Ref: RdsDBPassword
DBInstanceId:
Ref: RdsInstance
RdsAccountPrivilege:
Type: ALIYUN::RDS::AccountPrivilege
Properties:
AccountPrivilege: ReadWrite
DBInstanceId:
Ref: RdsInstance
DBName:
Ref: RdsDatabase
AccountName:
Ref: RdsAccount
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
VpcId:
Ref: Vpc
VSwitchId:
Ref: VSwitch1
NatGatewayName:
Fn::Sub: ${CommonName}-nat
InternetChargeType: PayByLcu
EipBindMode: NAT
NatEip:
Type: ALIYUN::VPC::EIP
Properties:
Name:
Fn::Sub: ${CommonName}-nat-eip
DeletionProtection: false
Isp: BGP
Bandwidth: 100
InternetChargeType: PayByTraffic
NatEipAssociation:
Type: ALIYUN::VPC::EIPAssociation
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: NatEip
SnatEntry:
Type: ALIYUN::VPC::SnatEntry
Properties:
SnatEntryName: public-network-access-in-vpc
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatIp:
Fn::GetAtt:
- NatEipAssociation
- EipAddress
SourceCIDR: 0.0.0.0/0
EssScalingGroup:
Type: ALIYUN::ESS::ScalingGroup
Properties:
VSwitchIds:
- Ref: VSwitch1
- Ref: VSwitch2
ScalingGroupName:
Fn::Sub: ${CommonName}-asg
RemovalPolicys:
- NewestInstance
MinSize: 2
MaxSize: 10
DefaultCooldown: 300
MultiAZPolicy: COMPOSABLE
AzBalance: true
LoadBalancerIds:
- Ref: ClbLoadBalancer
DependsOn: SecurityGroup
EssScalingConfiguration:
Type: ALIYUN::ESS::ScalingConfiguration
Properties:
SecurityGroupId:
Ref: SecurityGroup
ImageId: centos_7_9_x64_20G_alibase_20220727.vhd
ScalingConfigurationName:
Fn::Sub: ${CommonName}-asc
ScalingGroupId:
Ref: EssScalingGroup
InstanceTypes:
- Ref: InstanceType1
- Ref: InstanceType2
SystemDiskCategory: cloud_essd
SystemDiskSize: 200
InstanceName:
Fn::Sub: ${CommonName}-wordpress
UserData:
Fn::Sub: |-
#!/bin/bash
script=/root/setup-wordpress.sh
cat<<\EOF>$script
#!/bin/bash
if [ ! -f .ros.provision ]; then
echo "Name: ha-service" > .ros.provision
fi
name=$(grep "^Name:" .ros.provision | awk -F':' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
if [[ "$name" != "ha-service" ]]; then
echo "ha-service installed, skip"
exit 0
fi
if ! grep -q "^Step1: Install Environment$" .ros.provision; then
echo "#########################"
echo "# Install Environment"
echo "#########################"
yum -y install httpd httpd-manual mod_ssl mod_perl mod_auth_mysql sysbench
systemctl start httpd
systemctl enable httpd
systemctl status httpd
yum install -y yum-utils epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php82
yum -y install php php-opcache php-mysqlnd php-pdo php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
systemctl restart httpd
echo "Step1: Install Environment" >> .ros.provision
else
echo "#########################"
echo "# Environment has been installed"
echo "#########################"
fi
if ! grep -q "^Step2: Install and Config WordPress$" .ros.provision; then
echo "################################"
echo "# Install and Config WordPress"
echo "################################"
wget https://ros-template-resources.oss-cn-beijing.aliyuncs.com/WordPress/wordpress-6.3.1-zh_CN.tar.gz
tar -xvf wordpress-6.3.1-zh_CN.tar.gz -C /var/www/html
mv /var/www/html/wordpress/* /var/www/html
chown -R apache:apache /var/www/html/wordpress
chmod -R 755 /var/www/html/wordpress
mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
sed -i 's/localhost/${RdsInstance.InnerConnectionString}/' /var/www/html/wp-config.php
sed -i 's/username_here/${RdsAccount}/' /var/www/html/wp-config.php
sed -i 's/password_here/${RdsDBPassword}/' /var/www/html/wp-config.php
sed -i 's/database_name_here/${RdsDatabase}/' /var/www/html/wp-config.php
systemctl restart httpd
echo "Step2: Install and Config WordPress" >> .ros.provision
else
echo "#########################"
echo "# WordPress has been installed and configed"
echo "#########################"
fi
EOF
EssScalingGroupEnable:
Type: ALIYUN::ESS::ScalingGroupEnable
Properties:
ScalingGroupId:
Ref: EssScalingGroup
ScalingConfigurationId:
Ref: EssScalingConfiguration
ESSLifecycleOOSRunCommandRole:
Type: ALIYUN::RAM::Role
Properties:
RoleName: ESSLifecycleOOSRunCommandRole
IgnoreExisting: true
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- oos.aliyuncs.com
Version: '1'
Policies:
- PolicyName: ESSLifecycleOOSRunCommandRolePolicy
PolicyDocument:
Statement:
- Action:
- ecs:DescribeInvocationResults
- ecs:DescribeInvocations
- ecs:RunCommand
Resource:
- '*'
Effect: Allow
- Action:
- ess:CompleteLifecycleAction
Resource:
- '*'
Effect: Allow
Version: '1'
ESSLifecycleHook:
Type: ALIYUN::ESS::LifecycleHook
Properties:
LifecycleHookName:
Fn::Sub: ${CommonName}-ash-scaleout
ScalingGroupId:
Ref: EssScalingGroup
LifecycleTransition: SCALE_OUT
NotificationArn:
Fn::Sub: acs:ess:${ALIYUN::Region}:${ALIYUN::TenantId}:oos/ACS-ESS-LifeCycleRunCommand
NotificationMetadata:
Fn::Sub: |-
{
"commandContent": "bash -x /root/setup-wordpress.sh",
"commandType": "RunShellScript",
"timeout": 1200,
"OOSAssumeRole": "${ESSLifecycleOOSRunCommandRole.RoleName}",
"regionId": "${!regionId}",
"instanceIds": "${!instanceIds}",
"lifecycleHookId": "${!lifecycleHookId}",
"rateControl": "{\"Mode\":\"Concurrency\",\"MaxErrors\":0,\"Concurrency\":10}",
"lifecycleActionToken": "${!lifecycleActionToken}"
}
DependsOn: SnatEntry
EssScalingRule:
Type: ALIYUN::ESS::ScalingRule
Properties:
ScalingRuleName:
Fn::Sub: ${CommonName}-asr-scaleout
ScalingGroupId:
Ref: EssScalingGroup
ScalingRuleType: TargetTrackingScalingRule
AdjustmentType: QuantityChangeInCapacity
AdjustmentValue: 1
MetricName: CpuUtilization
TargetValue: 80
ScaleOutEvaluationCount: 3
ScaleInEvaluationCount: 3
EstimatedInstanceWarmup: 0
Outputs:
Endpoint:
Description:
en: パブリック IP アドレス
Value:
Fn::Sub:
- http://${ServerAddress}
- ServerAddress:
Fn::GetAtt:
- ClbLoadBalancer
- IpAddress
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- LoadBalancerSpec
Label:
default:
en: CLB 設定
- Parameters:
- ZoneId1
- ZoneId2
Label:
default:
en: アベイラビリティゾーン
- Parameters:
- InstanceType1
- InstanceType2
Label:
default:
en: インスタンス設定
- Parameters:
- RdsInstanceClass
- RdsDBPassword
Label:
default:
en: RDS 設定
TemplateTags:
- 'acs:technical-solution:high-availability-architecture:high-availability service'
Hidden:
- CommonName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"en": "デュアルアベイラビリティゾーンにデプロイされた Elastic Compute Service (ECS) インスタンスと、Elastic Scaling Service (ESS) が提供する Auto Scaling を活用して、高可用性の WordPress サービスを構築します。この設定を Classic Load Balancer (CLB) による負荷分散、高可用性 Relational Database Service (RDS) による堅牢なデータ管理、NAT Gateway と Elastic IP (EIP) によるパブリックアクセスと効率的なトラフィック分散と組み合わせます。さらに、ヘルスチェックと自動障害回復メカニズムを実装して、サービスの回復力を確保します。"
},
"Parameters": {
"LoadBalancerSpec": {
"Type": "String",
"Label": {
"en": "LoadBalancer の仕様"
},
"AssociationProperty": "ALIYUN::SLB::Instance::InstanceType",
"Default": "slb.s1.small"
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"Label": {
"en": "VSwitch アベイラビリティゾーン 1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "VSwitch アベイラビリティゾーン 2"
}
},
"InstanceType1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId1}"
},
"Label": {
"en": "インスタンスタイプ"
}
},
"InstanceType2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId2}"
},
"Label": {
"en": "インスタンスタイプ"
}
},
"RdsInstanceClass": {
"Type": "String",
"AssociationProperty": "ALIYUN::RDS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"ZoneId": "${ZoneId1}",
"EngineVersion": "8.0",
"Engine": "MySQL",
"Category": "HighAvailability",
"DBInstanceStorageType": "cloud_essd",
"CommodityCode": "bards"
},
"Label": {
"en": "RDS インスタンスクラス"
}
},
"RdsDBPassword": {
"Type": "String",
"AssociationProperty": "ALIYUN::RDS::Instance::AccountPassword",
"AllowedPattern": "^(?=.*[a-zA-Z])(?=.*[a-z0-9])(?=.*[a-z!@#$%^&*()_+=-])(?=.*[A-Z0-9])(?=.*[A-Z!@#$%^&*()_+=-])(?=.*[0-9!@#$%^&*()_+=-])[a-zA-Z0-9!@#$%^&*()_+=-]{8,32}$",
"Description": {
"en": "パスワードは 8~32 文字で、大文字、小文字、数字、特殊文字の 4 種類のうち、3 種類以上を含める必要があります。特殊文字には、!@#$%^&*()_+-= が含まれます。"
},
"Label": {
"en": "RDS データベースアカウントのパスワード"
},
"NoEcho": true
},
"CommonName": {
"Type": "String",
"Default": "ha"
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"CidrBlock": "192.168.1.0/24",
"VpcId": {
"Ref": "Vpc"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw-001"
},
"ZoneId": {
"Ref": "ZoneId1"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"CidrBlock": "192.168.2.0/24",
"VpcId": {
"Ref": "Vpc"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw-002"
},
"ZoneId": {
"Ref": "ZoneId2"
}
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"SecurityGroupEgress": [
{
"DestCidrIp": "0.0.0.0/0",
"IpProtocol": "all",
"NicType": "internet",
"PortRange": "-1/-1",
"Priority": 1
},
{
"DestCidrIp": "0.0.0.0/0",
"IpProtocol": "all",
"NicType": "intranet",
"PortRange": "-1/-1",
"Priority": 1
}
],
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"NicType": "internet",
"PortRange": "80/80",
"Priority": 1,
"SourceCidrIp": "0.0.0.0/0"
}
],
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-sg"
},
"VpcId": {
"Ref": "Vpc"
}
}
},
"ClbLoadBalancer": {
"Type": "ALIYUN::SLB::LoadBalancer",
"Properties": {
"AddressType": "internet",
"LoadBalancerName": {
"Fn::Sub": "${CommonName}-clb"
},
"LoadBalancerSpec": {
"Ref": "LoadBalancerSpec"
},
"PayType": "PayOnDemand"
}
},
"ClbListener": {
"Type": "ALIYUN::SLB::Listener",
"Properties": {
"BackendServerPort": 80,
"Bandwidth": 10,
"HealthCheck": {
"HealthCheckType": "http",
"HealthyThreshold": 3,
"HttpCode": "http_2xx,http_3xx,http_4xx,http_5xx",
"Interval": 5,
"Port": 80,
"Timeout": 5,
"URI": "/",
"UnhealthyThreshold": 3
},
"ListenerPort": 80,
"LoadBalancerId": {
"Ref": "ClbLoadBalancer"
},
"Protocol": "http"
}
},
"RdsInstance": {
"Type": "ALIYUN::RDS::DBInstance",
"Properties": {
"Category": "HighAvailability",
"DBInstanceClass": {
"Ref": "RdsInstanceClass"
},
"DBInstanceDescription": {
"Fn::Sub": "${CommonName}-rds-instance"
},
"DBInstanceStorage": 100,
"DBInstanceStorageType": "cloud_essd",
"Engine": "MySQL",
"EngineVersion": "8.0",
"PayType": "Postpaid",
"SecurityIPList": {
"Fn::Sub": "${VSwitch1.CidrBlock},${VSwitch2.CidrBlock}"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
}
}
},
"RdsDatabase": {
"Type": "ALIYUN::RDS::Database",
"Properties": {
"CharacterSetName": "utf8mb4",
"DBDescription": "wordpress",
"DBInstanceId": {
"Ref": "RdsInstance"
},
"DBName": "wordpress"
}
},
"RdsAccount": {
"Type": "ALIYUN::RDS::Account",
"Properties": {
"AccountDescription": "wordpress admin",
"AccountName": "wp_admin",
"AccountPassword": {
"Ref": "RdsDBPassword"
},
"AccountType": "Normal",
"DBInstanceId": {
"Ref": "RdsInstance"
}
}
},
"RdsAccountPrivilege": {
"Type": "ALIYUN::RDS::AccountPrivilege",
"Properties": {
"AccountName": {
"Ref": "RdsAccount"
},
"AccountPrivilege": "ReadWrite",
"DBInstanceId": {
"Ref": "RdsInstance"
},
"DBName": {
"Ref": "RdsDatabase"
}
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"EipBindMode": "NAT",
"InternetChargeType": "PayByLcu",
"NatGatewayName": {
"Fn::Sub": "${CommonName}-nat"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"VpcId": {
"Ref": "Vpc"
}
}
},
"NatEip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"Bandwidth": 100,
"DeletionProtection": false,
"InternetChargeType": "PayByTraffic",
"Isp": "BGP",
"Name": {
"Fn::Sub": "${CommonName}-nat-eip"
}
}
},
"NatEipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"AllocationId": {
"Ref": "NatEip"
},
"InstanceId": {
"Ref": "NatGateway"
}
}
},
"SnatEntry": {
"Type": "ALIYUN::VPC::SnatEntry",
"Properties": {
"SnatEntryName": "public-network-access-in-vpc",
"SnatIp": {
"Fn::GetAtt": [
"NatEipAssociation",
"EipAddress"
]
},
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SourceCIDR": "0.0.0.0/0"
}
},
"EssScalingGroup": {
"Type": "ALIYUN::ESS::ScalingGroup",
"DependsOn": "SecurityGroup",
"Properties": {
"AzBalance": true,
"DefaultCooldown": 300,
"LoadBalancerIds": [
{
"Ref": "ClbLoadBalancer"
}
],
"MaxSize": 10,
"MinSize": 2,
"MultiAZPolicy": "COMPOSABLE",
"RemovalPolicys": [
"NewestInstance"
],
"ScalingGroupName": {
"Fn::Sub": "${CommonName}-asg"
},
"VSwitchIds": [
{
"Ref": "VSwitch1"
},
{
"Ref": "VSwitch2"
}
]
}
},
"EssScalingConfiguration": {
"Type": "ALIYUN::ESS::ScalingConfiguration",
"Properties": {
"ImageId": "centos_7_9_x64_20G_alibase_20220727.vhd",
"InstanceName": {
"Fn::Sub": "${CommonName}-wordpress"
},
"InstanceTypes": [
{
"Ref": "InstanceType1"
},
{
"Ref": "InstanceType2"
}
],
"ScalingConfigurationName": {
"Fn::Sub": "${CommonName}-asc"
},
"ScalingGroupId": {
"Ref": "EssScalingGroup"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"SystemDiskCategory": "cloud_essd",
"SystemDiskSize": 200,
"UserData": {
"Fn::Sub": "#!/bin/bash\nscript=/root/setup-wordpress.sh\ncat<<\\EOF>$script\n#!/bin/bash\nif [ ! -f .ros.provision ]; then\n echo \"Name: ha-service\" > .ros.provision\nfi\n\nname=$(grep \"^Name:\" .ros.provision | awk -F':' '{print $2}' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')\nif [[ \"$name\" != \"ha-service\" ]]; then\n echo \"ha-service installed, skip\"\n exit 0\nfi\n\nif ! grep -q \"^Step1: Install Environment$\" .ros.provision; then\n echo \"#########################\"\n echo \"# Install Environment\"\n echo \"#########################\"\n yum -y install httpd httpd-manual mod_ssl mod_perl mod_auth_mysql sysbench\n systemctl start httpd\n systemctl enable httpd\n systemctl status httpd\n\n yum install -y yum-utils epel-release http://rpms.remirepo.net/enterprise/remi-release-7.rpm \n yum-config-manager --enable remi-php82\n yum -y install php php-opcache php-mysqlnd php-pdo php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap\n echo \"<?php phpinfo(); ?>\" > /var/www/html/phpinfo.php\n systemctl restart httpd\n echo \"Step1: Install Environment\" >> .ros.provision\nelse\n echo \"#########################\"\n echo \"# Environment has been installed\"\n echo \"#########################\"\nfi\n\nif ! grep -q \"^Step2: Install and Config WordPress$\" .ros.provision; then\n echo \"################################\"\n echo \"# Install and Config WordPress\"\n echo \"################################\"\n wget https://ros-template-resources.oss-cn-beijing.aliyuncs.com/WordPress/wordpress-6.3.1-zh_CN.tar.gz\n tar -xvf wordpress-6.3.1-zh_CN.tar.gz -C /var/www/html\n mv /var/www/html/wordpress/* /var/www/html\n chown -R apache:apache /var/www/html/wordpress\n chmod -R 755 /var/www/html/wordpress\n mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.php\n sed -i 's/localhost/${RdsInstance.InnerConnectionString}/' /var/www/html/wp-config.php\n sed -i 's/username_here/${RdsAccount}/' /var/www/html/wp-config.php\n sed -i 's/password_here/${RdsDBPassword}/' /var/www/html/wp-config.php\n sed -i 's/database_name_here/${RdsDatabase}/' /var/www/html/wp-config.php\n systemctl restart httpd\n echo \"Step2: Install and Config WordPress\" >> .ros.provision\nelse\n echo \"#########################\"\n echo \"# WordPress has been installed and configed\"\n echo \"#########################\"\nfi\nEOF"
}
}
},
"EssScalingGroupEnable": {
"Type": "ALIYUN::ESS::ScalingGroupEnable",
"Properties": {
"ScalingConfigurationId": {
"Ref": "EssScalingConfiguration"
},
"ScalingGroupId": {
"Ref": "EssScalingGroup"
}
}
},
"ESSLifecycleOOSRunCommandRole": {
"Type": "ALIYUN::RAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": [
"oos.aliyuncs.com"
]
}
}
],
"Version": "1"
},
"IgnoreExisting": true,
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:RunCommand"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ess:CompleteLifecycleAction"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "1"
},
"PolicyName": "ESSLifecycleOOSRunCommandRolePolicy"
}
],
"RoleName": "ESSLifecycleOOSRunCommandRole"
}
},
"ESSLifecycleHook": {
"Type": "ALIYUN::ESS::LifecycleHook",
"DependsOn": "SnatEntry",
"Properties": {
"LifecycleHookName": {
"Fn::Sub": "${CommonName}-ash-scaleout"
},
"LifecycleTransition": "SCALE_OUT",
"NotificationArn": {
"Fn::Sub": "acs:ess:${ALIYUN::Region}:${ALIYUN::TenantId}:oos/ACS-ESS-LifeCycleRunCommand"
},
"NotificationMetadata": {
"Fn::Sub": "{\n \"commandContent\": \"bash -x /root/setup-wordpress.sh\",\n \"commandType\": \"RunShellScript\",\n \"timeout\": 1200,\n \"OOSAssumeRole\": \"${ESSLifecycleOOSRunCommandRole.RoleName}\",\n \"regionId\": \"${!regionId}\",\n \"instanceIds\": \"${!instanceIds}\",\n \"lifecycleHookId\": \"${!lifecycleHookId}\",\n \"rateControl\": \"{\\\"Mode\\\":\\\"Concurrency\\\",\\\"MaxErrors\\\":0,\\\"Concurrency\\\":10}\",\n \"lifecycleActionToken\": \"${!lifecycleActionToken}\"\n}"
},
"ScalingGroupId": {
"Ref": "EssScalingGroup"
}
}
},
"EssScalingRule": {
"Type": "ALIYUN::ESS::ScalingRule",
"Properties": {
"AdjustmentType": "QuantityChangeInCapacity",
"AdjustmentValue": 1,
"EstimatedInstanceWarmup": 0,
"MetricName": "CpuUtilization",
"ScaleInEvaluationCount": 3,
"ScaleOutEvaluationCount": 3,
"ScalingGroupId": {
"Ref": "EssScalingGroup"
},
"ScalingRuleName": {
"Fn::Sub": "${CommonName}-asr-scaleout"
},
"ScalingRuleType": "TargetTrackingScalingRule",
"TargetValue": 80
}
}
},
"Outputs": {
"Endpoint": {
"Description": {
"en": "パブリック IP アドレス"
},
"Value": {
"Fn::Sub": [
"http://${ServerAddress}",
{
"ServerAddress": {
"Fn::GetAtt": [
"ClbLoadBalancer",
"IpAddress"
]
}
}
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Label": {
"default": {
"en": "CLB 設定"
}
},
"Parameters": [
"LoadBalancerSpec"
]
},
{
"Label": {
"default": {
"en": "アベイラビリティゾーン"
}
},
"Parameters": [
"ZoneId1",
"ZoneId2"
]
},
{
"Label": {
"default": {
"en": "インスタンス設定"
}
},
"Parameters": [
"InstanceType1",
"InstanceType2"
]
},
{
"Label": {
"default": {
"en": "RDS 設定"
}
},
"Parameters": [
"RdsInstanceClass",
"RdsDBPassword"
]
}
],
"TemplateTags": [
"acs:technical-solution:high-availability-architecture:high-availability service"
],
"Hidden": [
"CommonName"
]
}
}
}その他の例については、「このリソースを含むパブリックテンプレート」をご参照ください。