CloudFormation DNS Resolver Module

AWS DNS Resolver Instance deployment from CloudFromation Template

Manage Resources

• AWS::EC2::SecurityGroup, LaunchTemplate
• AWS::AutoScaling::AutoScalingGroup, ScalingPolicy
• AWS::CloudWatch::Alarm
• AWS::IAM::Role, InstanceProfile
• AWS::ElasticLoadBalancingV2::LoadBalancer, Listener, TargetGroup
• AWS::S3::Bucket, BucketPolicy

Install

Install Node.js and npm first!

npm i @104corp/cfn-dns-resolver-module

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-dns-resolver-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VPCId: 'vpc-26289d41'
        VPCSubnetIds: 'subnet-0a287552, subnet-12560638'
        DNSResovlersSecurityGroupIngressCidr: '172.31.0.0/16'
      TemplateURL: './node_modules/@104corp/cfn-dns-resolver-module/module.yml'

• Resize Auto Scaling DesiredCapacity

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-dns-resolver-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VPCId: 'vpc-26289d41'
        VPCSubnetIds: 'subnet-0a287552, subnet-12560638'
        DNSResovlersSecurityGroupIngressCidr: '172.31.0.0/16'
        DNSResovlersAMI: 'ami-023d30a246588ad11'
        AutoScalingInstanceMinSize: "1"
        AutoScalingDesiredCapacity: "1"
      TemplateURL: './node_modules/@104corp/cfn-dns-resolver-module/module.yml'

IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "devops-infra-cfn-resolver-module",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DeleteTags",
                "s3:*",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "cloudformation:*",
                "ec2:StopInstances",
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:*SecurityGroup*"
            ],
            "Resource": "*"
        }
    ]
}

Package

$ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml

Deploy

$ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>

templates/main

Description

AWS custom DNS Resolver when use Hybrid Cloud.

Parameters

The list of parameters for this template:

EnvType

Type: String Default: Dev Description: Environment Type for this Stack.

StackOwner

Type: String Default: StackOwnerDefault Description: Owner

VPCId

Type: AWS::EC2::VPC::Id
Description: (Require) VPC Id for instances.

VPCSubnetIds

Type: ListAWS::EC2::Subnet::Id
Description: (Require) VPC Subnet Id for DNS Resolver

DNSResovlersAMI

Type: AWS::EC2::Image::Id
Description: (Require) Custom EC2 AMI for DNS Resolver Servers.

DNSResovlersSecurityGroupIngressCidr

Type: String Default: 0.0.0.0/0 Description: (Require) VPC CIDR for ingress security group.

AutoScalingOutPolicyHighCPU

Type: String Default: 80 Description: (Optional) How many percent cpu usage need to scaling up instance, default is 80 percent.

AutoScalingInPolicyLowCPU

Type: String Default: 30 Description: (Optional) How many percent cpu usage need to scaling down instance, default is 30 percent.

AutoScalingLaunchTemplateDefaultVersion

Type: String Default: 1 Description: (Optional) Launch template default version for Autoscaling Group, default is 1.

AutoScalingInstanceMinSize

Type: String Default: 2 Description: (Optional) minimum instance capacity, default is 2.

AutoScalingInstanceMaxSize

Type: String Default: 4 Description: (Optional) maximum instance capacity, default is 4.

AutoScalingDesiredCapacity

Type: String Default: 2 Description: (Optional) maximum instance capacity, default is 2.

DNSResovlersInstanceType

Type: String Default: t3.nano Description: (Optional) EC2 instances type for DNS Resolver Servers. default t3.nano

NlbAccessLogExpirationDays

Type: String Default: 30 Description: (Optional) NLB access log Lifecycle expiration days. default 30

Resources

The list of resources this template creates:

DNSResolverInstanceSG

Type: AWS::EC2::SecurityGroup

DnsResolverLaunchTemplate

Type: AWS::EC2::LaunchTemplate

DnsResolverASGroup

Type: AWS::AutoScaling::AutoScalingGroup

DnsResolverScaleOutPolicy

Type: AWS::AutoScaling::ScalingPolicy

DnsResolverScaleInPolicy

Type: AWS::AutoScaling::ScalingPolicy

DnsResolverCPUAlarmHigh

Type: AWS::CloudWatch::Alarm

DnsResolverCPUAlarmLow

Type: AWS::CloudWatch::Alarm

DnsResolverRole

Type: AWS::IAM::Role

DnsResolverInstanceProfile

Type: AWS::IAM::InstanceProfile

DNSResolverNlb

Type: AWS::ElasticLoadBalancingV2::LoadBalancer

DNSResolverNlbListener

Type: AWS::ElasticLoadBalancingV2::Listener

DNSResolverNlbTargetGroup

Type: AWS::ElasticLoadBalancingV2::TargetGroup

ResolverNlbLogS3Bucket

Type: AWS::S3::Bucket

S3BucketPolicy

Type: AWS::S3::BucketPolicy

Outputs

The list of outputs this template exposes:

Maintenance

Maintainers:

• 104corp