Skip to content

Instantly share code, notes, and snippets.

@gusdelact

gusdelact/arquitectura1-cloudformation.yaml

Last active October 29, 2025 00:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gusdelact/17e6812b29509da555abcf0e6f59aa01 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gusdelact/17e6812b29509da555abcf0e6f59aa01 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
arquitectura1-cloudformation.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: >
Arquitectura Modelo 1 extendida:
Frontend (Nginx) + Backend (Flask) + PostgreSQL en EC2
con Launch Templates, Auto Scaling, NLB y roles IAM.
Incluye acceso SSH, Security Groups para NLBs (puerto 80 TCP)
y apertura de puerto 80 en el Backend.
Parameters:
VpcId:
Type: AWS::EC2::VPC::Id
Description: ID de la VPC existente donde se desplegar?n los recursos.
SubnetIds:
Type: List<AWS::EC2::Subnet::Id>
Description: Lista de Subnets para los Auto Scaling Groups (m?nimo 2 AZs).
FrontendAmiId:
Type: AWS::EC2::Image::Id
Description: ID de la AMI del Frontend (Nginx + guess.html).
BackendAmiId:
Type: AWS::EC2::Image::Id
Description: ID de la AMI del Backend (Flask).
DatabaseAmiId:
Type: AWS::EC2::Image::Id
Description: ID de la AMI del servidor PostgreSQL.
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Nombre del par de llaves SSH existente para acceder a las instancias EC2.
BackendParameterStore:
Type: String
Description: Nombre del parámetro en AWS Systems Manager Parameter Store que contiene el URL del backend.
Resources:
########################################
# IAM Role para instancias EC2
########################################
Arquitectura1Role:
Type: AWS::IAM::Role
Properties:
RoleName: arquitecturaABCRol
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName: arquitectura1Policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ssmmessages:*
- ssm:UpdateInstanceInformation
- ec2messages:*
Resource: '*'
- Effect: Allow
Action:
- ssm:GetParameter
- ssm:GetParameters
- ssm:GetParametersByPath
Resource: '*'
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: '*'
Arquitectura1InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref Arquitectura1Role
Path: /
########################################
# Security Groups
########################################
# NLB Security Groups
FrontendNlbSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SG para NLB Frontend (permite HTTP)
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
BackendNlbSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SG para NLB Backend (permite HTTP)
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
# Capa de Frontend
FrontendSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SG para Frontend (Nginx)
VpcId: !Ref VpcId
SecurityGroupIngress:
# HTTP
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref FrontendNlbSG
# SSH
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
# Capa de Backend
BackendSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SG para Backend (Flask)
VpcId: !Ref VpcId
SecurityGroupIngress:
# HTTP desde Frontend
- IpProtocol: tcp
FromPort: 5000
ToPort: 5000
CidrIp: 0.0.0.0/0
# HTTP gen?rico (puerto 80)
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref BackendNlbSG
# SSH
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
# Base de datos PostgreSQL
DatabaseSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SG para PostgreSQL
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
SourceSecurityGroupId: !Ref BackendSG
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
########################################
# Launch Templates
########################################
FrontendLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: arquitectura1frontendABC
LaunchTemplateData:
ImageId: !Ref FrontendAmiId
InstanceType: t2.micro
KeyName: !Ref KeyName
IamInstanceProfile:
Arn: !GetAtt Arquitectura1InstanceProfile.Arn
SecurityGroupIds:
- !Ref FrontendSG
UserData:
Fn::Base64: !Sub |
#!/bin/bash
dnf install -y aws-cli jq
REGION=$(TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" \
-H "X-aws-ec2-metadata-token-ttl-seconds: 60") && \
curl -s -H "X-aws-ec2-metadata-token: $TOKEN" \
http://169.254.169.254/latest/meta-data/placement/region)
echo "La región es: $REGION"
export PARAM_NAME=${BackendParameterStore}
echo "Parametro es: $PARAM_NAME"
BACKEND_URL=$(aws ssm get-parameter --name $PARAM_NAME --query "Parameter.Value" --output text --region $REGION)
echo "Backend URL obtenido: $BACKEND_URL"
sed -i "s|API_GATEWAY_URL|$BACKEND_URL|g" /usr/share/nginx/html/guess.html
systemctl enable nginx
systemctl restart nginx
BackendLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: arquitectura1backendABC
LaunchTemplateData:
ImageId: !Ref BackendAmiId
InstanceType: t2.micro
KeyName: !Ref KeyName
IamInstanceProfile:
Arn: !GetAtt Arquitectura1InstanceProfile.Arn
SecurityGroupIds:
- !Ref BackendSG
UserData:
Fn::Base64: |
#!/bin/bash
systemctl enable flaskapp
systemctl restart flaskapp
DatabaseLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: arquitectura1dbABC
LaunchTemplateData:
ImageId: !Ref DatabaseAmiId
InstanceType: t2.micro
KeyName: !Ref KeyName
IamInstanceProfile:
Arn: !GetAtt Arquitectura1InstanceProfile.Arn
SecurityGroupIds:
- !Ref DatabaseSG
########################################
# Network Load Balancers (con SGs)
########################################
FrontendNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: arquitectura1frontnlbABC
Type: network
Scheme: internet-facing
Subnets: !Ref SubnetIds
SecurityGroups:
- !Ref FrontendNlbSG
BackendNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: arquitectura1backnlbABC
Type: network
Scheme: internet-facing
Subnets: !Ref SubnetIds
SecurityGroups:
- !Ref BackendNlbSG
########################################
# Target Groups
########################################
FrontendTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: arquitectura1fronttgABC
Port: 80
Protocol: TCP
VpcId: !Ref VpcId
TargetType: instance
HealthCheckProtocol: TCP
BackendTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: arquitectura1backtgABC
Port: 5000
Protocol: TCP
VpcId: !Ref VpcId
TargetType: instance
HealthCheckProtocol: TCP
########################################
# NLB Listeners
########################################
FrontendListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref FrontendTargetGroup
LoadBalancerArn: !Ref FrontendNLB
Port: 80
Protocol: TCP
BackendListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref BackendTargetGroup
LoadBalancerArn: !Ref BackendNLB
Port: 80
Protocol: TCP
########################################
# Auto Scaling Groups
########################################
FrontendASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: arquitectura1frontasgABC
LaunchTemplate:
LaunchTemplateId: !Ref FrontendLaunchTemplate
Version: !GetAtt FrontendLaunchTemplate.LatestVersionNumber
MinSize: 1
MaxSize: 3
DesiredCapacity: 1
VPCZoneIdentifier: !Ref SubnetIds
TargetGroupARNs:
- !Ref FrontendTargetGroup
BackendASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: arquitectura1backasgABC
LaunchTemplate:
LaunchTemplateId: !Ref BackendLaunchTemplate
Version: !GetAtt BackendLaunchTemplate.LatestVersionNumber
MinSize: 1
MaxSize: 3
DesiredCapacity: 1
VPCZoneIdentifier: !Ref SubnetIds
TargetGroupARNs:
- !Ref BackendTargetGroup
########################################
# Instancia fija para PostgreSQL
########################################
DatabaseInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref DatabaseAmiId
InstanceType: t2.micro
KeyName: !Ref KeyName
SubnetId: !Select [0, !Ref SubnetIds]
SecurityGroupIds:
- !Ref DatabaseSG
IamInstanceProfile: !Ref Arquitectura1InstanceProfile
Tags:
- Key: Name
Value: arquitectura1-postgresql
Outputs:
FrontendNlbDnsName:
Description: DNS p?blico del NLB Frontend
Value: !GetAtt FrontendNLB.DNSName
BackendNlbDnsName:
Description: DNS interno del NLB Backend
Value: !GetAtt BackendNLB.DNSName
DatabaseInstanceId:
Description: ID de la instancia PostgreSQL
Value: !Ref DatabaseInstance
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment