CF Templates
Hydrolix uses AWS Cloudformation to manage and deploy the data platform with your AWS account. The below are provided as examples to provide an insight into the Cloudformation that will be executed in your account. They should not be used in an installation.
-
The Bootstrap Template is generic across customers.
-
The Stage 1 Template upgrades the CloudFormation stack originally created by the bootstrap to include persistent state and control plane elements.
-
The Hydrolix Template is the basis of the creation of the cluster stacks and define compute resources.
Deployment
To deploy Hydrolix take a look at Getting Started with Hydrolix
Bootstrap Template
Click arrow to expand
{
"Conditions": {
"IgnoreBoundaryPolicyArn": {
"Fn::Equals": [
{
"Ref": "BoundaryPolicyArn"
},
""
]
}
},
"Parameters": {
"BoundaryPolicyArn": {
"Default": "",
"Type": "String"
},
"ClientID": {
"Type": "String"
},
"DeployAccount": {
"Type": "String"
},
"Stage": {
"Type": "String"
},
"VPCCIDR": {
"Type": "String"
}
},
"Resources": {
"BootstrapSelfDeploy": {
"Properties": {
"Code": {
"S3Bucket": {
"Fn::Sub": "hdx-${Stage}-art-${AWS::Region}"
},
"S3Key": "self-deploy/self-deploy-v3.0.9.zip"
},
"Description": "SelfDeploy",
"Environment": {
"Variables": {
"CLIENT_ID": {
"Ref": "ClientID"
},
"DEPLOY_ACCOUNT": {
"Ref": "DeployAccount"
},
"STAGE": {
"Ref": "Stage"
},
"VPC_CIDR": {
"Ref": "VPCCIDR"
}
}
},
"FunctionName": {
"Fn::Sub": "${ClientID}-bootstrap-self-deploy"
},
"Handler": "hdxinf.handler.lambda_handler",
"MemorySize": 256,
"Role": {
"Fn::GetAtt": [
"SelfDeployRole",
"Arn"
]
},
"Runtime": "python3.8",
"Timeout": 600
},
"Type": "AWS::Lambda::Function"
},
"ClientBucket": {
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"BucketName": {
"Ref": "ClientID"
}
},
"Type": "AWS::S3::Bucket"
},
"HdxManageRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::Sub": "arn:aws:iam::${DeployAccount}:root"
}
}
}
],
"Version": "2012-10-17"
},
"Description": "Hydrolix manged service role",
"PermissionsBoundary": {
"Fn::If": [
"IgnoreBoundaryPolicyArn",
{
"Ref": "AWS::NoValue"
},
{
"Ref": "BoundaryPolicyArn"
}
]
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": [
{
"Fn::Sub": "arn:aws:s3:::${ClientID}/secrets/client_cookie/*"
},
{
"Fn::Sub": "arn:aws:s3:::${ClientID}/support/*"
}
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "hdx-manage"
}
],
"RoleName": {
"Fn::Sub": "${ClientID}-hdx-manage"
}
},
"Type": "AWS::IAM::Role"
},
"SelfDeployRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
}
}
],
"Version": "2012-10-17"
},
"Description": "Hydrolix self-deploy role",
"PermissionsBoundary": {
"Fn::If": [
"IgnoreBoundaryPolicyArn",
{
"Ref": "AWS::NoValue"
},
{
"Ref": "BoundaryPolicyArn"
}
]
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"autoscaling:*",
"acm:*",
"cloudformation:*",
"cloudwatch:*",
"dynamodb:*",
"ec2:*",
"elasticloadbalancing:*",
"iam:*",
"kinesis:*",
"lambda:*",
"logs:*",
"rds:*",
"s3:*",
"secretsmanager:*",
"sqs:*",
"sts:AssumeRole",
"kms:CancelKeyDeletion",
"kms:Create*",
"kms:CreateKey",
"kms:Decrypt",
"kms:Delete*",
"kms:Describe*",
"kms:DescribeKey",
"kms:Disable*",
"kms:Enable*",
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:Get*",
"kms:List*",
"kms:Put*",
"kms:ReEncrypt*",
"kms:Revoke*",
"kms:ScheduleKeyDeletion",
"kms:TagResource",
"kms:UntagResource",
"kms:Update*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "self-deploy-lambda"
}
],
"RoleName": {
"Fn::Sub": "${ClientID}-self-deploy"
}
},
"Type": "AWS::IAM::Role"
},
"TempoBucket": {
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
},
"BucketName": {
"Fn::Sub": "${ClientID}-tempo"
}
},
"Type": "AWS::S3::Bucket"
}
}
}
Stage 1 Template
Click arrow to expand
{
"Outputs": {
"UsingHdxreader": {
"Value": "False"
}
},
"Resources": {
"AlterDeadLetterQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"AlterListingDeadLetterQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter-listing-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"AlterListingQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter-listing",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"AlterListingDeadLetterQueue",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"AlterPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-alter-peer-profile",
"Roles": [
"hdx-abcdef-alter-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": [
"AlterPeerRole"
]
},
"AlterPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-alter-peer-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "AlterPeerRole",
"RoleName": "hdx-abcdef-alter-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"AlterPeerSecurityGroup": {
"Properties": {
"GroupDescription": "AlterPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"AlterQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"AlterDeadLetterQueue",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"BastionAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-bastion-s3access-profile",
"Roles": [
"hdx-abcdef-bastion-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "BastionRole"
},
"BastionAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-bastion-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "BastionLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-bastion-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "bastion",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05f66ce2a06137139",
"subnet-0fdc7578370f1e62f"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"BastionLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.micro",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "BastionAccessProfile"
},
"SecurityGroups": [
{
"Ref": "BastionSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"BastionRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-import-buckets-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-public/*",
"arn:aws:s3:::hdx-public"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "BastionRole",
"RoleName": "hdx-abcdef-bastion-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-bastion-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"BastionSecurityGroup": {
"Properties": {
"GroupDescription": "BastionSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 22221,
"FromPort": 22221,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 22221,
"FromPort": 22221,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-bastion"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"BatchPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-batch-peer-profile",
"Roles": [
"hdx-abcdef-batch-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "BatchPeerRole"
},
"BatchPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-batch-peer-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-batch-peer-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-batch-peer-bucket",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-import-buckets-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-public/*",
"arn:aws:s3:::hdx-public"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "BatchPeerRole",
"RoleName": "hdx-abcdef-batch-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"BatchPeerSecurityGroup": {
"Properties": {
"GroupDescription": "BatchPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"CheckpointTable": {
"Properties": {
"TableName": "hdx-abcdef-checkpoint",
"AttributeDefinitions": [
{
"AttributeName": "StreamShard",
"AttributeType": "S"
}
],
"KeySchema": [
{
"AttributeName": "StreamShard",
"KeyType": "HASH"
}
],
"BillingMode": "PAY_PER_REQUEST",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-checkpoint"
}
]
},
"Type": "AWS::DynamoDB::Table"
},
"GrafanaAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-grafana",
"Roles": [
"hdx-abcdef-grafana-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "GrafanaRole"
},
"GrafanaAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-grafana-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "GrafanaLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-grafana-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "grafana",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"GrafanaLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.small",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "GrafanaAccessProfile"
},
"SecurityGroups": [
{
"Ref": "GrafanaSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"GrafanaRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-tempo-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456-tempo/*",
"arn:aws:s3:::hdxcli-123456-tempo"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "GrafanaRole",
"RoleName": "hdx-abcdef-grafana-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-grafana-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"GrafanaSecurityGroup": {
"Properties": {
"GroupDescription": "GrafanaSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3000,
"FromPort": 3000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3100,
"FromPort": 3100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 55681,
"FromPort": 55681,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-grafana"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ImportQueue": {
"Properties": {
"QueueName": "hdx-abcdef-import",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"ImportQueueDeadLetter",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"ImportQueueDeadLetter": {
"Properties": {
"QueueName": "hdx-abcdef-import-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"IngestStream": {
"Properties": {
"Name": "hdx-abcdef-ingest",
"ShardCount": 2,
"StreamEncryption": {
"EncryptionType": "KMS",
"KeyId": "alias/aws/kinesis"
}
},
"Type": "AWS::Kinesis::Stream"
},
"IntakeMiscAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-intake-misc",
"Roles": [
"hdx-abcdef-intake-misc-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "IntakeMiscRole"
},
"IntakeMiscAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-intake-misc-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "IntakeMiscLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-intake-misc",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "intake-misc",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"IntakeMiscLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.small",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "IntakeMiscAccessProfile"
},
"SecurityGroups": [
{
"Ref": "IntakeMiscSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"IntakeMiscRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-intake-misc-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-import-buckets-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-public/*",
"arn:aws:s3:::hdx-public"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "IntakeMiscRole",
"RoleName": "hdx-abcdef-intake-misc-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-intake-misc-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"IntakeMiscSecurityGroup": {
"Properties": {
"GroupDescription": "IntakeMiscSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8080,
"FromPort": 8080,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-intake-misc"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"KafkaPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-kafka-peer-profile",
"Roles": [
"hdx-abcdef-kafka-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "KafkaPeerRole"
},
"KafkaPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "KafkaPeerRole",
"RoleName": "hdx-abcdef-kafka-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-kafka-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"KafkaPeerSecurityGroup": {
"Properties": {
"GroupDescription": "KafkaPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3000,
"FromPort": 3000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-kafka-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ListingQueue": {
"Properties": {
"QueueName": "hdx-abcdef-listing",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"ListingQueueDeadLetter",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"ListingQueueDeadLetter": {
"Properties": {
"QueueName": "hdx-abcdef-listing-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"MergePeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-merge-peer-profile",
"Roles": [
"hdx-abcdef-merge-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": [
"MergePeerRole"
]
},
"MergePeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-merge-peer-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-merge-peer-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-merge-peer-bucket",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "MergePeerRole",
"RoleName": "hdx-abcdef-merge-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"MergePeerSecurityGroup": {
"Properties": {
"GroupDescription": "MergePeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"PoolAlterPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-alter-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-alter-peer0",
"Version": {
"Fn::GetAtt": [
"PoolAlterPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "alter-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "alter-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolAlterPeer0LaunchTemplate"
},
"PoolAlterPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"AlterPeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "r5.large",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "AlterPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "alter-peer0"
},
{
"Key": "HdxService",
"Value": "alter-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-alter-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolBatchPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-batch-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-batch-peer0",
"Version": {
"Fn::GetAtt": [
"PoolBatchPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "batch-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "batch-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolBatchPeer0LaunchTemplate"
},
"PoolBatchPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"BatchPeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "r5n.2xlarge",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "BatchPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "batch-peer0"
},
{
"Key": "HdxService",
"Value": "batch-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-batch-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolMergePeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-merge-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-merge-peer0",
"Version": {
"Fn::GetAtt": [
"PoolMergePeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "merge-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "merge-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolMergePeer0LaunchTemplate"
},
"PoolMergePeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"MergePeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "r5.large",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "MergePeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "merge-peer0"
},
{
"Key": "HdxService",
"Value": "merge-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-merge-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolQueryPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-query-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-query-peer0",
"Version": {
"Fn::GetAtt": [
"PoolQueryPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "query-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05c21a532498614af",
"subnet-02986964251c51af4"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolQueryPeer0LaunchTemplate"
},
"PoolQueryPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdb",
"Ebs": {
"VolumeSize": 24,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"QueryPeerS3AccessProfile",
"Arn"
]
}
},
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "c5n.9xlarge",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "QueryPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "query-peer0"
},
{
"Key": "HdxService",
"Value": "peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-query-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolStreamPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-stream-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-stream-peer0",
"Version": {
"Fn::GetAtt": [
"PoolStreamPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "stream-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "stream-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolStreamPeer0LaunchTemplate"
},
"PoolStreamPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"StreamPeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "m5.large",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "StreamPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "stream-peer0"
},
{
"Key": "HdxService",
"Value": "stream-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-stream-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PrometheusAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-prometheus-profile",
"Roles": [
"hdx-abcdef-prometheus-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "PrometheusRole"
},
"PrometheusAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-prometheus-asg",
"AvailabilityZones": [
"us-east-2a"
],
"LaunchConfigurationName": {
"Ref": "PrometheusLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-prometheus-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "prometheus",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"PrometheusLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t2.medium",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 50,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "PrometheusAccessProfile"
},
"SecurityGroups": [
{
"Ref": "PrometheusSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"PrometheusRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-prometheus-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeVolumes",
"ec2:AttachVolume",
"ec2:DetachVolume"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "PrometheusRole",
"RoleName": "hdx-abcdef-prometheus-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-prometheus-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"PrometheusSecurityGroup": {
"Properties": {
"GroupDescription": "PrometheusSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9090,
"FromPort": 9090,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-prometheus"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"QueryHeadASLaunchGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-queryhead-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "QueryHeadLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"TargetGroupARNs": [
"arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-native-public/8232f0411b60d6b2",
"arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-native-private/a6badd46545d0f40"
],
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-head-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "head",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05c21a532498614af",
"subnet-02986964251c51af4"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"QueryHeadLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "c5n.xlarge",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "QueryHeadS3AccessProfile"
},
"SecurityGroups": [
{
"Ref": "QueryHeadSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"QueryHeadRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "QueryHeadRole",
"RoleName": "hdx-abcdef-query-head-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-head-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"QueryHeadS3AccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-queryhead-s3access-profile",
"Roles": [
"hdx-abcdef-query-head-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": [
"QueryHeadRole"
]
},
"QueryHeadSecurityGroup": {
"Properties": {
"GroupDescription": "QueryHeadSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8088,
"FromPort": 8088,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8888,
"FromPort": 8888,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "1.2.3.4/32"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-head"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"QueryPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "QueryPeerRole",
"RoleName": "hdx-abcdef-query-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"QueryPeerS3AccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-profile",
"Roles": [
"hdx-abcdef-query-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "QueryPeerRole"
},
"QueryPeerSecurityGroup": {
"Properties": {
"GroupDescription": "QueryPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8088,
"FromPort": 8088,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8888,
"FromPort": 8888,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ReaperQueue": {
"Properties": {
"QueueName": "hdx-abcdef-reaper",
"VisibilityTimeout": "30"
},
"Type": "AWS::SQS::Queue"
},
"StreamHeadAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-stream-head-profile",
"Roles": [
"hdx-abcdef-stream-head-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "StreamHeadRole"
},
"StreamHeadAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-stream-head-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "StreamHeadLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-head-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "stream-head",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05c21a532498614af",
"subnet-02986964251c51af4"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"StreamHeadLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "m5.large",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "StreamHeadAccessProfile"
},
"SecurityGroups": [
{
"Ref": "StreamHeadSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"StreamHeadRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-stream-head-kinesis",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "StreamHeadRole",
"RoleName": "hdx-abcdef-stream-head-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-head-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"StreamHeadSecurityGroup": {
"Properties": {
"GroupDescription": "StreamHeadSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8089,
"FromPort": 8089,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-head"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"StreamPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-stream-peer-profile",
"Roles": [
"hdx-abcdef-stream-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "StreamPeerRole"
},
"StreamPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-stream-peer-kinesis",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-stream-head-kinesis",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "StreamPeerRole",
"RoleName": "hdx-abcdef-stream-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"StreamPeerSecurityGroup": {
"Properties": {
"GroupDescription": "StreamPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3000,
"FromPort": 3000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"SupersetAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-superset",
"Roles": [
"hdx-abcdef-superset-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "SupersetRole"
},
"SupersetAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-superset-asg",
"AvailabilityZones": [
"us-east-2a"
],
"LaunchConfigurationName": {
"Ref": "SupersetLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"TargetGroupARNs": [
"arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-superset-public/2e7eaadce0fba544",
"arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-superset-private/3fdea02248fbdba1"
],
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-superset-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "superset",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"SupersetLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.medium",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "SupersetAccessProfile"
},
"SecurityGroups": [
{
"Ref": "SupersetSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"SupersetRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-superset-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeVolumes",
"ec2:AttachVolume",
"ec2:DetachVolume"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "SupersetRole",
"RoleName": "hdx-abcdef-superset-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-superset-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"SupersetSecurityGroup": {
"Properties": {
"GroupDescription": "SupersetSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 81,
"FromPort": 81,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 81,
"FromPort": 81,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 81,
"FromPort": 81,
"CidrIp": "1.2.3.4/32"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-superset"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"TurbineQueryBucketPolicy": {
"Properties": {
"Bucket": "hdxcli-123456",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Principal": {
"AWS": [
{
"Fn::GetAtt": [
"QueryHeadRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"QueryPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"ZookeeperRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"StreamHeadRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"StreamPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"BatchPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"AlterPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"MergePeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"IntakeMiscRole",
"Arn"
]
},
"arn:aws:iam::123456789101:root"
]
},
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
"Type": "AWS::S3::BucketPolicy"
},
"WebAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-web-api-profile",
"Roles": [
"hdx-abcdef-web-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "WebRole"
},
"WebAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-web-api-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "WebLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"TargetGroupARNs": [
"arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-web-public/a5d9f6e63453ad6a",
"arn:aws:elasticloadbalancing:us-east-2:123456789101:targetgroup/hdxcli-123456-web-private/9239a7105f6ed25d"
],
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-web-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "web",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
],
"HealthCheckGracePeriod": 300
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT300S",
"WaitOnResourceSignals": true,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"WebLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.small",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "WebAccessProfile"
},
"SecurityGroups": [
{
"Ref": "WebSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"WebRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-control-plane",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction",
"lambda:InvokeAsync"
],
"Resource": [
{
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:hdxcli-123456-self-deploy"
}
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "WebRole",
"RoleName": "hdx-abcdef-web-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-web-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"WebSecurityGroup": {
"Properties": {
"GroupDescription": "WebSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9113,
"FromPort": 9113,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "1.2.3.4/32"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-web"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ZookeeperAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-zookeeper-s3access-profile",
"Roles": [
"hdx-abcdef-zookeeper-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "ZookeeperRole"
},
"ZookeeperAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-zookeeper-asg",
"AvailabilityZones": [
"us-east-2a"
],
"LaunchConfigurationName": {
"Ref": "ZookeeperLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "30",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-zookeeper-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "zookeeper",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": [
"ZookeeperENI1",
"ZookeeperENI2",
"ZookeeperENI3"
]
},
"ZookeeperENI1": {
"Properties": {
"Description": "Zookeeper Network Interface 1",
"GroupSet": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"SubnetId": "subnet-048459a83da4dc4ca",
"Tags": [
{
"Key": "Name",
"Value": "zookeeper-1"
}
]
},
"Type": "AWS::EC2::NetworkInterface",
"DependsOn": "ZookeeperSecurityGroup"
},
"ZookeeperENI2": {
"Properties": {
"Description": "Zookeeper Network Interface 2",
"GroupSet": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"SubnetId": "subnet-048459a83da4dc4ca",
"Tags": [
{
"Key": "Name",
"Value": "zookeeper-2"
}
]
},
"Type": "AWS::EC2::NetworkInterface",
"DependsOn": "ZookeeperSecurityGroup"
},
"ZookeeperENI3": {
"Properties": {
"Description": "Zookeeper Network Interface 3",
"GroupSet": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"SubnetId": "subnet-048459a83da4dc4ca",
"Tags": [
{
"Key": "Name",
"Value": "zookeeper-3"
}
]
},
"Type": "AWS::EC2::NetworkInterface",
"DependsOn": "ZookeeperSecurityGroup"
},
"ZookeeperLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "t2.micro",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "ZookeeperAccessProfile"
},
"SecurityGroups": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"ZookeeperRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-zookeeper-eni",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:AttachNetworkInterface"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "ZookeeperRole",
"RoleName": "hdx-abcdef-zookeeper-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-zookeeper-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"ZookeeperSecurityGroup": {
"Properties": {
"GroupDescription": "ZookeeperSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 2181,
"FromPort": 2181,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 2888,
"FromPort": 2888,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3888,
"FromPort": 3888,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-zookeeper"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
}
}
}
Stage 1 Template
Click arrow to expand
{
"Outputs": {
"UsingHdxreader": {
"Value": "False"
}
},
"Resources": {
"AlterDeadLetterQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"AlterListingDeadLetterQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter-listing-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"AlterListingQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter-listing",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"AlterListingDeadLetterQueue",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"AlterPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-alter-peer-profile",
"Roles": [
"hdx-abcdef-alter-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": [
"AlterPeerRole"
]
},
"AlterPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-alter-peer-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "AlterPeerRole",
"RoleName": "hdx-abcdef-alter-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"AlterPeerSecurityGroup": {
"Properties": {
"GroupDescription": "AlterPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"AlterQueue": {
"Properties": {
"QueueName": "hdx-abcdef-alter",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"AlterDeadLetterQueue",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"BastionAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-bastion-s3access-profile",
"Roles": [
"hdx-abcdef-bastion-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "BastionRole"
},
"BastionAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-bastion-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "BastionLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-bastion-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "bastion",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05f66ce2a06137139",
"subnet-0fdc7578370f1e62f"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"BastionLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.micro",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "BastionAccessProfile"
},
"SecurityGroups": [
{
"Ref": "BastionSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"BastionRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-import-buckets-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::qe-datasets/*",
"arn:aws:s3:::qe-datasets",
"arn:aws:s3:::hdx-public/*",
"arn:aws:s3:::hdx-public"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "BastionRole",
"RoleName": "hdx-abcdef-bastion-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-bastion-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"BastionSecurityGroup": {
"Properties": {
"GroupDescription": "BastionSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 22221,
"FromPort": 22221,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 22221,
"FromPort": 22221,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-bastion"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"BatchPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-batch-peer-profile",
"Roles": [
"hdx-abcdef-batch-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "BatchPeerRole"
},
"BatchPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-batch-peer-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-batch-peer-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-batch-peer-bucket",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-import-buckets-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::qe-datasets/*",
"arn:aws:s3:::qe-datasets",
"arn:aws:s3:::hdx-public/*",
"arn:aws:s3:::hdx-public"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "BatchPeerRole",
"RoleName": "hdx-abcdef-batch-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"BatchPeerSecurityGroup": {
"Properties": {
"GroupDescription": "BatchPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"CheckpointTable": {
"Properties": {
"TableName": "hdx-abcdef-checkpoint",
"AttributeDefinitions": [
{
"AttributeName": "StreamShard",
"AttributeType": "S"
}
],
"KeySchema": [
{
"AttributeName": "StreamShard",
"KeyType": "HASH"
}
],
"BillingMode": "PAY_PER_REQUEST",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-checkpoint"
}
]
},
"Type": "AWS::DynamoDB::Table"
},
"GrafanaAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-grafana",
"Roles": [
"hdx-abcdef-grafana-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "GrafanaRole"
},
"GrafanaAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-grafana-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "GrafanaLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-grafana-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "grafana",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"GrafanaLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.small",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "GrafanaAccessProfile"
},
"SecurityGroups": [
{
"Ref": "GrafanaSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"GrafanaRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-tempo-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456-tempo/*",
"arn:aws:s3:::hdxcli-123456-tempo"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "GrafanaRole",
"RoleName": "hdx-abcdef-grafana-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-grafana-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"GrafanaSecurityGroup": {
"Properties": {
"GroupDescription": "GrafanaSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3000,
"FromPort": 3000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3100,
"FromPort": 3100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 55681,
"FromPort": 55681,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-grafana"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ImportQueue": {
"Properties": {
"QueueName": "hdx-abcdef-import",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"ImportQueueDeadLetter",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"ImportQueueDeadLetter": {
"Properties": {
"QueueName": "hdx-abcdef-import-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"IngestStream": {
"Properties": {
"Name": "hdx-abcdef-ingest",
"ShardCount": 2,
"StreamEncryption": {
"EncryptionType": "KMS",
"KeyId": "alias/aws/kinesis"
}
},
"Type": "AWS::Kinesis::Stream"
},
"IntakeMiscAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-intake-misc",
"Roles": [
"hdx-abcdef-intake-misc-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "IntakeMiscRole"
},
"IntakeMiscAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-intake-misc-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "IntakeMiscLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-intake-misc",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "intake-misc",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"IntakeMiscLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.small",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "IntakeMiscAccessProfile"
},
"SecurityGroups": [
{
"Ref": "IntakeMiscSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"IntakeMiscRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-intake-misc-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-import-buckets-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::qe-datasets/*",
"arn:aws:s3:::qe-datasets",
"arn:aws:s3:::hdx-public/*",
"arn:aws:s3:::hdx-public"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "IntakeMiscRole",
"RoleName": "hdx-abcdef-intake-misc-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-intake-misc-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"IntakeMiscSecurityGroup": {
"Properties": {
"GroupDescription": "IntakeMiscSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8080,
"FromPort": 8080,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-intake-misc"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"KafkaPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-kafka-peer-profile",
"Roles": [
"hdx-abcdef-kafka-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "KafkaPeerRole"
},
"KafkaPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "KafkaPeerRole",
"RoleName": "hdx-abcdef-kafka-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-kafka-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"KafkaPeerSecurityGroup": {
"Properties": {
"GroupDescription": "KafkaPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3000,
"FromPort": 3000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-kafka-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ListingQueue": {
"Properties": {
"QueueName": "hdx-abcdef-listing",
"VisibilityTimeout": "43200",
"RedrivePolicy": {
"deadLetterTargetArn": {
"Fn::GetAtt": [
"ListingQueueDeadLetter",
"Arn"
]
},
"maxReceiveCount": "1"
}
},
"Type": "AWS::SQS::Queue"
},
"ListingQueueDeadLetter": {
"Properties": {
"QueueName": "hdx-abcdef-listing-dead-letter"
},
"Type": "AWS::SQS::Queue"
},
"MergePeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-merge-peer-profile",
"Roles": [
"hdx-abcdef-merge-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": [
"MergePeerRole"
]
},
"MergePeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-merge-peer-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-merge-peer-sqs",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-merge-peer-bucket",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "MergePeerRole",
"RoleName": "hdx-abcdef-merge-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"MergePeerSecurityGroup": {
"Properties": {
"GroupDescription": "MergePeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"PoolAlterPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-alter-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-alter-peer0",
"Version": {
"Fn::GetAtt": [
"PoolAlterPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "alter-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "alter-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolAlterPeer0LaunchTemplate"
},
"PoolAlterPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"AlterPeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "r5.large",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "AlterPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "alter-peer0"
},
{
"Key": "HdxService",
"Value": "alter-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-alter-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-alter-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolBatchPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-batch-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-batch-peer0",
"Version": {
"Fn::GetAtt": [
"PoolBatchPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "batch-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "batch-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolBatchPeer0LaunchTemplate"
},
"PoolBatchPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"BatchPeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "r5n.2xlarge",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "BatchPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "batch-peer0"
},
{
"Key": "HdxService",
"Value": "batch-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-batch-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-batch-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolMergePeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-merge-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-merge-peer0",
"Version": {
"Fn::GetAtt": [
"PoolMergePeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "merge-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "merge-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolMergePeer0LaunchTemplate"
},
"PoolMergePeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"MergePeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "r5.large",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "MergePeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "merge-peer0"
},
{
"Key": "HdxService",
"Value": "merge-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-merge-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-merge-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolQueryPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-query-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-query-peer0",
"Version": {
"Fn::GetAtt": [
"PoolQueryPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "query-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05c21a532498614af",
"subnet-02986964251c51af4"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolQueryPeer0LaunchTemplate"
},
"PoolQueryPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdb",
"Ebs": {
"VolumeSize": 24,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"QueryPeerS3AccessProfile",
"Arn"
]
}
},
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "c5n.9xlarge",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "QueryPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "query-peer0"
},
{
"Key": "HdxService",
"Value": "peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-query-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PoolStreamPeer0ASG": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-stream-peer0-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateName": "hdx-abcdef-stream-peer0",
"Version": {
"Fn::GetAtt": [
"PoolStreamPeer0LaunchTemplate",
"LatestVersionNumber"
]
}
},
"Overrides": []
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 100,
"SpotAllocationStrategy": "capacity-optimized"
}
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer0-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "stream-peer",
"PropagateAtLaunch": true
},
{
"Key": "HdxPool",
"Value": "stream-peer0",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": "PoolStreamPeer0LaunchTemplate"
},
"PoolStreamPeer0LaunchTemplate": {
"Properties": {
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Arn": {
"Fn::GetAtt": [
"StreamPeerAccessProfile",
"Arn"
]
}
},
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "m5.large",
"Monitoring": {
"Enabled": true
},
"SecurityGroupIds": [
{
"Ref": "StreamPeerSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"TagSpecifications": [
{
"ResourceType": "volume",
"Tags": [
{
"Key": "HdxPool",
"Value": "stream-peer0"
},
{
"Key": "HdxService",
"Value": "stream-peer"
},
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer0-asg"
}
]
}
]
},
"LaunchTemplateName": "hdx-abcdef-stream-peer0"
},
"Type": "AWS::EC2::LaunchTemplate"
},
"PrometheusAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-prometheus-profile",
"Roles": [
"hdx-abcdef-prometheus-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "PrometheusRole"
},
"PrometheusAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-prometheus-asg",
"AvailabilityZones": [
"us-east-2a"
],
"LaunchConfigurationName": {
"Ref": "PrometheusLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-prometheus-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "prometheus",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"PrometheusLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t2.medium",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 50,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "PrometheusAccessProfile"
},
"SecurityGroups": [
{
"Ref": "PrometheusSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"PrometheusRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-prometheus-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeVolumes",
"ec2:AttachVolume",
"ec2:DetachVolume"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "PrometheusRole",
"RoleName": "hdx-abcdef-prometheus-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-prometheus-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"PrometheusSecurityGroup": {
"Properties": {
"GroupDescription": "PrometheusSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9090,
"FromPort": 9090,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-prometheus"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"QueryHeadASLaunchGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-queryhead-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "QueryHeadLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"TargetGroupARNs": [
"arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-native-public/8232f0411b60d6b2",
"arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-native-private/a6badd46545d0f40"
],
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-head-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "head",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05c21a532498614af",
"subnet-02986964251c51af4"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"QueryHeadLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "c5n.xlarge",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "QueryHeadS3AccessProfile"
},
"SecurityGroups": [
{
"Ref": "QueryHeadSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"QueryHeadRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "QueryHeadRole",
"RoleName": "hdx-abcdef-query-head-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-head-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"QueryHeadS3AccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-queryhead-s3access-profile",
"Roles": [
"hdx-abcdef-query-head-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": [
"QueryHeadRole"
]
},
"QueryHeadSecurityGroup": {
"Properties": {
"GroupDescription": "QueryHeadSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8088,
"FromPort": 8088,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8888,
"FromPort": 8888,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "1.2.3.4/32"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-head"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"QueryPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "QueryPeerRole",
"RoleName": "hdx-abcdef-query-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"QueryPeerS3AccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-profile",
"Roles": [
"hdx-abcdef-query-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "QueryPeerRole"
},
"QueryPeerSecurityGroup": {
"Properties": {
"GroupDescription": "QueryPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9000,
"FromPort": 9000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8088,
"FromPort": 8088,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8888,
"FromPort": 8888,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-query-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ReaperQueue": {
"Properties": {
"QueueName": "hdx-abcdef-reaper",
"VisibilityTimeout": "30"
},
"Type": "AWS::SQS::Queue"
},
"StreamHeadAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-stream-head-profile",
"Roles": [
"hdx-abcdef-stream-head-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "StreamHeadRole"
},
"StreamHeadAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-stream-head-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "StreamHeadLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-head-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "stream-head",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-05c21a532498614af",
"subnet-02986964251c51af4"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"StreamHeadLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "m5.large",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "StreamHeadAccessProfile"
},
"SecurityGroups": [
{
"Ref": "StreamHeadSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"StreamHeadRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-stream-head-kinesis",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "StreamHeadRole",
"RoleName": "hdx-abcdef-stream-head-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-head-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"StreamHeadSecurityGroup": {
"Properties": {
"GroupDescription": "StreamHeadSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 8089,
"FromPort": 8089,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-head"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"StreamPeerAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-stream-peer-profile",
"Roles": [
"hdx-abcdef-stream-peer-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "StreamPeerRole"
},
"StreamPeerRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-stream-peer-kinesis",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-stream-head-kinesis",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "StreamPeerRole",
"RoleName": "hdx-abcdef-stream-peer-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"StreamPeerSecurityGroup": {
"Properties": {
"GroupDescription": "StreamPeerSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3000,
"FromPort": 3000,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-stream-peer"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"SupersetAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-superset",
"Roles": [
"hdx-abcdef-superset-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "SupersetRole"
},
"SupersetAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-superset-asg",
"AvailabilityZones": [
"us-east-2a"
],
"LaunchConfigurationName": {
"Ref": "SupersetLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"TargetGroupARNs": [
"arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-superset-public/2e7eaadce0fba544",
"arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-superset-private/3fdea02248fbdba1"
],
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-superset-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "superset",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"SupersetLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.medium",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "SupersetAccessProfile"
},
"SecurityGroups": [
{
"Ref": "SupersetSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"SupersetRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-superset-base",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeVolumes",
"ec2:AttachVolume",
"ec2:DetachVolume"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "SupersetRole",
"RoleName": "hdx-abcdef-superset-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-superset-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"SupersetSecurityGroup": {
"Properties": {
"GroupDescription": "SupersetSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 81,
"FromPort": 81,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 81,
"FromPort": 81,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 81,
"FromPort": 81,
"CidrIp": "1.2.3.4/32"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-superset"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"TurbineQueryBucketPolicy": {
"Properties": {
"Bucket": "hdxcli-123456",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Principal": {
"AWS": [
{
"Fn::GetAtt": [
"QueryHeadRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"QueryPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"ZookeeperRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"StreamHeadRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"StreamPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"BatchPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"AlterPeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"MergePeerRole",
"Arn"
]
},
{
"Fn::GetAtt": [
"IntakeMiscRole",
"Arn"
]
},
"arn:aws:iam::322224041326:root"
]
},
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
"Type": "AWS::S3::BucketPolicy"
},
"WebAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-web-api-profile",
"Roles": [
"hdx-abcdef-web-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "WebRole"
},
"WebAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-web-api-asg",
"AvailabilityZones": [
"us-east-2a",
"us-east-2b"
],
"LaunchConfigurationName": {
"Ref": "WebLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"TargetGroupARNs": [
"arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-web-public/a5d9f6e63453ad6a",
"arn:aws:elasticloadbalancing:us-east-2:184958025203:targetgroup/hdxcli-123456-web-private/9239a7105f6ed25d"
],
"Cooldown": "10",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-web-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "web",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca",
"subnet-06fcdac6d3a7e3796"
],
"HealthCheckGracePeriod": 300
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT300S",
"WaitOnResourceSignals": true,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
}
},
"WebLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-09cd8e2e9bc325415",
"InstanceType": "t3.small",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "WebAccessProfile"
},
"SecurityGroups": [
{
"Ref": "WebSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"WebRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-control-plane",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction",
"lambda:InvokeAsync"
],
"Resource": [
{
"Fn::Sub": "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:hdxcli-123456-self-deploy"
}
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
],
"Description": "WebRole",
"RoleName": "hdx-abcdef-web-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-web-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"WebSecurityGroup": {
"Properties": {
"GroupDescription": "WebSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 27182,
"FromPort": 27182,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9113,
"FromPort": 9113,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "1.2.3.4/32"
},
{
"IpProtocol": "tcp",
"ToPort": 80,
"FromPort": 80,
"CidrIp": "1.2.3.4/32"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-web"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
},
"ZookeeperAccessProfile": {
"Properties": {
"InstanceProfileName": "hdx-abcdef-zookeeper-s3access-profile",
"Roles": [
"hdx-abcdef-zookeeper-role"
]
},
"Type": "AWS::IAM::InstanceProfile",
"DependsOn": "ZookeeperRole"
},
"ZookeeperAutoscaleGroup": {
"Properties": {
"AutoScalingGroupName": "hdx-abcdef-zookeeper-asg",
"AvailabilityZones": [
"us-east-2a"
],
"LaunchConfigurationName": {
"Ref": "ZookeeperLaunchConfig"
},
"MinSize": "0",
"DesiredCapacity": "0",
"MaxSize": "1",
"Cooldown": "30",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-zookeeper-asg",
"PropagateAtLaunch": true
},
{
"Key": "HdxService",
"Value": "zookeeper",
"PropagateAtLaunch": true
}
],
"VPCZoneIdentifier": [
"subnet-048459a83da4dc4ca"
]
},
"Type": "AWS::AutoScaling::AutoScalingGroup",
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MaxBatchSize": "1",
"MinInstancesInService": "0",
"PauseTime": "PT60S",
"WaitOnResourceSignals": false,
"SuspendProcesses": [
"HealthCheck",
"ReplaceUnhealthy",
"AZRebalance",
"AlarmNotification",
"ScheduledActions"
]
}
},
"DependsOn": [
"ZookeeperENI1",
"ZookeeperENI2",
"ZookeeperENI3"
]
},
"ZookeeperENI1": {
"Properties": {
"Description": "Zookeeper Network Interface 1",
"GroupSet": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"SubnetId": "subnet-048459a83da4dc4ca",
"Tags": [
{
"Key": "Name",
"Value": "zookeeper-1"
}
]
},
"Type": "AWS::EC2::NetworkInterface",
"DependsOn": "ZookeeperSecurityGroup"
},
"ZookeeperENI2": {
"Properties": {
"Description": "Zookeeper Network Interface 2",
"GroupSet": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"SubnetId": "subnet-048459a83da4dc4ca",
"Tags": [
{
"Key": "Name",
"Value": "zookeeper-2"
}
]
},
"Type": "AWS::EC2::NetworkInterface",
"DependsOn": "ZookeeperSecurityGroup"
},
"ZookeeperENI3": {
"Properties": {
"Description": "Zookeeper Network Interface 3",
"GroupSet": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"SubnetId": "subnet-048459a83da4dc4ca",
"Tags": [
{
"Key": "Name",
"Value": "zookeeper-3"
}
]
},
"Type": "AWS::EC2::NetworkInterface",
"DependsOn": "ZookeeperSecurityGroup"
},
"ZookeeperLaunchConfig": {
"Properties": {
"AssociatePublicIpAddress": false,
"ImageId": "ami-01969d6c0078a0391",
"InstanceType": "t2.micro",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": 10,
"VolumeType": "gp3",
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Ref": "ZookeeperAccessProfile"
},
"SecurityGroups": [
{
"Ref": "ZookeeperSecurityGroup"
}
],
"UserData": "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
"InstanceMonitoring": true
},
"Type": "AWS::AutoScaling::LaunchConfiguration"
},
"ZookeeperRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "hdx-abcdef-zookeeper-eni",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:AttachNetworkInterface"
],
"Resource": "*"
}
]
}
},
{
"PolicyName": "hdx-abcdef-cluster-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::hdxcli-123456/*",
"arn:aws:s3:::hdxcli-123456"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-art-bucket-access",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::hdx-dev-art/*",
"arn:aws:s3:::hdx-dev-art"
]
}
]
}
},
{
"PolicyName": "hdx-abcdef-kms-policy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "*"
}
]
}
}
],
"ManagedPolicyArns": [],
"Description": "ZookeeperRole",
"RoleName": "hdx-abcdef-zookeeper-role",
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-zookeeper-role"
}
]
},
"Type": "AWS::IAM::Role"
},
"ZookeeperSecurityGroup": {
"Properties": {
"GroupDescription": "ZookeeperSecurityGroup",
"VpcId": "vpc-123456abcdefg",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"ToPort": 22,
"FromPort": 22,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 9100,
"FromPort": 9100,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 2181,
"FromPort": 2181,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 2888,
"FromPort": 2888,
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"ToPort": 3888,
"FromPort": 3888,
"CidrIp": "10.0.0.0/16"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"Tags": [
{
"Key": "Name",
"Value": "hdx-abcdef-zookeeper"
}
]
},
"Type": "AWS::EC2::SecurityGroup"
}
}
}
Updated 3 months ago