From a452615a012a004c6f1437ee2d3fa62909297ee9 Mon Sep 17 00:00:00 2001
From: John McGrath <john@fryolator.com>
Date: Thu, 23 Aug 2018 10:00:10 -0700
Subject: [PATCH] Add ElastiCache wrapper templates

---
 templates/elasticache.cfn.yml               |   2 +
 vpc-bastion-fargate-rds-elasticache.cfn.yml | 806 ++++++++++++++++++++
 vpc-elasticache.cfn.yml                     | 181 +++++
 3 files changed, 989 insertions(+)
 create mode 100644 vpc-bastion-fargate-rds-elasticache.cfn.yml
 create mode 100644 vpc-elasticache.cfn.yml

diff --git a/templates/elasticache.cfn.yml b/templates/elasticache.cfn.yml
index d20e935a..0c917b66 100644
--- a/templates/elasticache.cfn.yml
+++ b/templates/elasticache.cfn.yml
@@ -28,6 +28,7 @@ Parameters:
   ClusterName:
     Description: Custom name of the cluster. Auto generated if you don't supply your own.
     Type: String
+    AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
     
   CacheNodeType:
     Description: Cache node instance class, e.g. cache.t2.micro(free tier). See https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheNodes.SelectSize.html
@@ -107,6 +108,7 @@ Resources:
       AutoMinorVersionUpgrade: !Ref AutoMinorVersionUpgrade
       Engine: !Ref CacheEngine
       CacheNodeType: !Ref CacheNodeType
+      ClusterName : !Ref ClusterName
       NumCacheNodes: !If [ IsRedis, 1, !Ref CacheNodeCount]
       CacheSubnetGroupName: !Ref SubnetGroup
       VpcSecurityGroupIds:
diff --git a/vpc-bastion-fargate-rds-elasticache.cfn.yml b/vpc-bastion-fargate-rds-elasticache.cfn.yml
new file mode 100644
index 00000000..8ad0ae6d
--- /dev/null
+++ b/vpc-bastion-fargate-rds-elasticache.cfn.yml
@@ -0,0 +1,806 @@
+---
+AWSTemplateFormatVersion: 2010-09-09
+
+
+Description: VPC + Bastion + Fargate + Database + ElastiCache
+
+
+Parameters:
+
+  TemplateBucket:
+    Type: String
+    Default: awslabs-startup-kit-templates-deploy-v3
+    Description: The template bucket for the CloudFormation templates
+
+  # vpc.cfn.yml parameters
+  AvailabilityZone1:
+    Description: The first availability zone in the region
+    Type: AWS::EC2::AvailabilityZone::Name
+    ConstraintDescription: Must be a valid availability zone
+
+  AvailabilityZone2:
+    Description: The second availability zone in the region
+    Type: AWS::EC2::AvailabilityZone::Name
+    ConstraintDescription: Must be a valid availability zone
+
+  SSHFrom:
+    Description: Limit SSH access to bastion hosts to a CIDR IP block
+    Type: String
+    MinLength: 9
+    MaxLength: 18
+    Default: 0.0.0.0/0
+
+  ELBIngressPort:
+    Description: The ELB ingress port used by security groups
+    Type: Number
+    MinValue: 0
+    MaxValue: 65535
+    ConstraintDescription: TCP ports must be between 0 - 65535
+    Default: 80
+
+  AppIngressPort:
+    Description: The application ingress port used by security groups
+    Type: Number
+    MinValue: 0
+    MaxValue: 65535
+    ConstraintDescription: TCP ports must be between 0 - 65535
+    Default: 80
+
+  # bastion.cfn.yml parameters
+  KeyName:
+    Description: EC2 key pair name for bastion host SSH access
+    Type: AWS::EC2::KeyPair::KeyName
+    AllowedPattern : ".+"
+
+  LogRetentionInDays:
+    Description: Number of days you would like your CloudWatch Logs to be retained
+    Type: Number
+    Default: 90
+
+  # For more information on the google-authenticator PAM module, see: https://github.com/google/google-authenticator-libpam
+  MFA:
+    Description: Set to true to install MFA using the google-authenticator PAM module on your bastion host
+    Type: String
+    ConstraintDescription: Value must be true or false
+    Default: false
+    AllowedValues:
+      - true
+      - false
+
+  # fargate.cfn.yml parameters
+  HostedZoneName:
+    Type: String
+    Description: The optional Amazon Route 53 Hosted Zone Name for the optional load balancer alias record - do not include a period at the end
+    Default: ""
+    AllowedPattern: "(^$|^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$)" # Allow for a blank or a domain name
+    ConstraintDescription: Please enter a valid Route 53 Hosted Zone Name
+
+  LoadBalancerDomainName:
+    Type: String
+    Description: Optional domain name to create an Amazon Route 53 alias record for the load balancer
+    Default: ""
+    AllowedPattern: "(^$|^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$)" # Allow for a blank or a domain name
+    ConstraintDescription: Please enter a valid domain name
+
+  LoadBalancerAlarmEvaluationPeriods:
+    Description: The number of periods over which data is compared to the threshold
+    Type: Number
+    Default: 2
+    MinValue: 2
+    ConstraintDescription: Must be at least one
+
+  LoadBalancerAlarmEvaluationPeriodSeconds:
+    Description: The time over which the specified statistic is applied. Specify time in seconds, in multiples of 60
+    Type: Number
+    Default: 300
+    MinValue: 60
+    ConstraintDescription: Must be at least 60 seconds
+
+  LoadBalancerLatencySeconds:
+    Description: LoadBalancer latency threshold, in seconds
+    Type: Number
+    Default: 2
+    MinValue: 1
+    ConstraintDescription: Must be atleast one
+
+  EnableLBAlarm:
+    Description: Set to true to enable load balancer latency alarm
+    Type: String
+    ConstraintDescription: Value must be true or false
+    Default: false
+    AllowedValues:
+      - true
+      - false
+
+  AppProtocol:
+    Type: String
+    Description: The application server protocol
+    Default: HTTP
+    AllowedValues:
+      - HTTP
+      - HTTPS
+    ConstraintDescription: Specify either HTTTP or HTTPS
+
+  SSLCertificateArn:
+    Type: String
+    Description: The optional SSL/TLS certificate ARN
+    MinLength: 0
+    MaxLength: 2048
+    Default: ""
+
+  HealthCheckPath:
+    Type: String
+    Description: The path for the Application Load Balancer health check
+    Default: /
+    MinLength: 1
+    MaxLength: 255
+    ConstraintDescription: Value must be between 1 and 255 characters
+
+  GitHubSourceRepo:
+    Type: String
+    Description: GitHub source repository - must contain a Dockerfile in the base
+
+  GitHubBranch:
+    Type: String
+    Default: master
+    Description: GitHub repository branch to trigger builds
+
+  GitHubToken:
+    Type: String
+    NoEcho: true
+    Description: "GitHub API token - see: https://github.com/blog/1509-personal-api-tokens"
+
+  GitHubUser:
+    Type: String
+    Description: GitHub username
+
+  CodeBuildDockerImage:
+    Type: String
+    Default: aws/codebuild/docker:17.09.0
+
+  SeedDockerImage:
+    Type: String
+    Default: registry.hub.docker.com/library/nginx:1.13
+    Description: The initial image, before the GitHub repo above is deployed. Existing application images in ECR should override this parameter
+
+  DefaultContainerCpu:
+    Type: Number
+    Description: "Amount of CPU for the container - options available: https://aws.amazon.com/fargate/pricing/"
+    Default: 256
+    MinValue: 256
+    MaxValue: 4096
+    ConstraintDescription: "Value must be between 256 and 4096 - see: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size"
+
+  DefaultContainerMemory:
+    Type: Number
+    Description: "Amount of memory for the container - options available: https://aws.amazon.com/fargate/pricing/"
+    Default: 512
+    MinValue: 512
+    MaxValue: 30720
+    ConstraintDescription: "Value must be between 512 and 30720 - see: https://aws.amazon.com/fargate/pricing/"
+
+  # Scaling params
+  DefaultServiceScaleEvaluationPeriods:
+    Description: The number of periods over which data is compared to the specified threshold
+    Type: Number
+    Default: 2
+    MinValue: 2
+
+  DefaultServiceCpuScaleOutThreshold:
+    Type: Number
+    Description: Average CPU % value to trigger auto scaling out
+    Default: 50
+    MinValue: 0
+    MaxValue: 100
+    ConstraintDescription: Value must be between 0 and 100
+
+  DefaultServiceCpuScaleInThreshold:
+    Type: Number
+    Description: Average CPU % value to trigger auto scaling down
+    Default: 25
+    MinValue: 0
+    MaxValue: 100
+    ConstraintDescription: Value must be between 0 and 100
+
+  DefaultTaskMinContainerCount:
+    Type: Number
+    Description: Minimum number of containers to run for the service
+    Default: 1
+    MinValue: 1
+    ConstraintDescription: Value must be at least one
+
+  DefaultTaskMaxContainerCount:
+    Type: Number
+    Description: Maximum number of containers to run for the service when auto scaling out
+    Default: 2
+    MinValue: 1
+    ConstraintDescription: Value must be at least one
+
+  ContainerLogRetentionInDays:
+    Type: Number
+    Default: 7
+    Description: Number of days to retain container logs
+
+  MaxTaggedContainerImagesToRetain:
+    Type: Number
+    Description: The number of tagged container images to retain before expiring
+    MinValue: 1
+    MaxValue: 100
+    ConstraintDescription: Value must be between 1 and 100
+    Default: 20
+
+  DaysToRetainUntaggedContainerImages:
+    Type: Number
+    Description: The number days to retain untagged container images before expiring
+    MinValue: 1
+    MaxValue: 100
+    ConstraintDescription: Value must be between 1 and 100
+    Default: 7
+
+  EnvironmentName:
+    Type: String
+    Description: Environment name - dev or prod
+    Default: dev
+    AllowedValues:
+      - dev
+      - prod
+    ConstraintDescription: Specify either dev or prod
+
+  # aurora.cfn.yml and/or db.cfn.yml parameters
+  DatabaseUser:
+    Default: startupadmin
+    Type: String
+    Description: Database admin account name
+    MinLength: 5
+    MaxLength: 16
+    AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
+    ConstraintDescription: Name must begin with a letter and contain only alphanumeric characters
+
+  DatabasePassword:
+    NoEcho: true
+    Type: String
+    Description: Database admin account password
+    MinLength: 6
+    MaxLength: 41
+    AllowedPattern: "[a-zA-Z0-9]*"
+    ConstraintDescription: Password must contain only alphanumeric characters
+
+  DatabaseName:
+    Default: StartupDB
+    Type: String
+    Description: Database name
+    MinLength: 1
+    MaxLength: 30
+    AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
+    ConstraintDescription: Name must begin with a letter and contain only alphanumeric characters
+
+  DatabaseEngine:
+    Default: aurora
+    Type: String
+    Description: Database engines - Aurora MySQL, Aurora PostgreSQL, PostgreSQL, MariaDB and MySQL
+    ConstraintDescription: Choose an engine from the drop down
+    AllowedValues:
+      - aurora
+      - aurora-postgresql
+      - postgres
+      - mariadb
+      - mysql
+
+  EncryptionAtRest:
+    Default: false
+    Type: String
+    Description: The optional flag for encryption at rest (db.t2.small and above)
+    ConstraintDescription: Only true or false are allowed
+    AllowedValues:
+      - true
+      - false
+
+  DatabaseSize:
+    Default: 5
+    Type: String
+    Description: Database storage size in gigabytes (GB) - Not applicable for Aurora
+    MinLength: 1
+    AllowedPattern: "[5-9]|[1-9][0-9]+"
+    ConstraintDescription: Enter a size of at least 5 GB
+
+  DatabaseInstanceClass:
+    Default: db.t2.small
+    Type: String
+    Description: "Database instance class, e.g. db.t2.micro (free tier) - Engine support: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html"
+    ConstraintDescription: DB instance class not supported
+    AllowedValues:
+      - db.t2.micro
+      - db.t2.small
+      - db.t2.medium
+      - db.t2.large
+      - db.t2.xlarge
+      - db.t2.2xlarge
+      - db.m4.large
+      - db.m4.xlarge
+      - db.m4.2xlarge
+      - db.m4.4xlarge
+      - db.m4.10xlarge
+      - db.m4.16xlarge
+      - db.r4.large
+      - db.r4.xlarge
+      - db.r4.2xlarge
+      - db.r4.4xlarge
+      - db.r4.8xlarge
+      - db.r4.16xlarge
+
+  DatabaseEnableAlarms:
+    Default: false
+    Type: String
+    Description: Set to true to enable (additional charges - https://aws.amazon.com/cloudwatch/pricing/ - aurora, postgres, mariadb, mysql)
+    ConstraintDescription: Only true or false are allowed
+    AllowedValues:
+      - true
+      - false
+
+  DatabaseEnhancedMonitoring:
+    Default: false
+    Type: String
+    Description: The optional flag for enhanced monitoring (additional charges apply - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.htm - aurora, postgres, mariadb, mysql)
+    ConstraintDescription: Only true or false are allowed
+    AllowedValues:
+      - true
+      - false
+
+  DatabaseAlarmMaxCpuPercent:
+    Description: Database CPU % max for alarm (aurora, postgres, mariadb, mysql)
+    Type: Number
+    Default: 80
+    MinValue: 1
+    MaxValue: 99
+    ConstraintDescription: Must be a percentage between 1-99%
+
+  DatabaseAlarmReadLatencyMaxSeconds:
+    Description: Read latency max in seconds for alarm (aurora, postgres, mariadb, mysql)
+    Type: Number
+    Default: 1
+    MinValue: 1
+    ConstraintDescription: Must at least one
+
+  DatabaseAlarmWriteLatencyMaxSeconds:
+    Description: Write latency max in seconds for alarm (aurora, postgres, mariadb, mysql)
+    Type: Number
+    Default: 1
+    MinValue: 1
+    ConstraintDescription: Must at least one
+
+  DatabaseAlarmEvaluationPeriods:
+    Description: The number of periods over which data is compared to the specified threshold (aurora, postgres, mariadb, mysql)
+    Type: Number
+    Default: 2
+    MinValue: 2
+    ConstraintDescription: Must be at least one
+
+  DatabaseAlarmEvaluationPeriodSeconds:
+    Description: The time over which the specified statistic is applied. Specify time in seconds, in multiples of 60. Enhanced monitoring must be enabled if less than 500 second (aurora, postgres, mariadb, mysql)
+    Type: Number
+    Default: 300
+    MinValue: 60
+    ConstraintDescription: Must be at least 60 seconds
+
+  # Default is 500 MB
+  DatabaseAlarmMinFreeSpaceInBytes:
+    Default: 524288000
+    Type: Number
+    Description: Number of min free space bytes for alarm (postgres, mariadb, mysql)
+    MinValue: 1
+    ConstraintDescription: A value of one byte or more
+
+  # Default is 200 MB
+  DatabaseAlarmSwapUsageInBytes:
+    Default: 209715200
+    Type: Number
+    Description: Number of swap usage bytes for alarm (postgres, mariadb, mysql)
+    MinValue: 1
+    ConstraintDescription: A value of one byte or more
+
+  # elasticache.cfn.yml parameters
+  ClusterName:
+    Description: Custom name of the ElastiCache cluster. Auto generated if you don't supply your own.
+    Type: String
+    AllowedPattern: "^[a-zA-Z][-a-zA-Z0-9]*$"
+
+  CacheNodeType:
+    Description: Cache node instance class, e.g. cache.t2.micro(free tier). See https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheNodes.SelectSize.html
+    Type: String
+    Default: cache.t2.micro
+    ConstraintDescription: Node instance class not supported
+    AllowedValues:
+      - cache.t2.micro
+      - cache.t2.small
+      - cache.t2.medium
+      - cache.m4.large
+      - cache.m4.xlarge
+      - cache.m4.2xlarge
+      - cache.m4.4xlarge
+      - cache.m4.10xlarge
+      - cache.r4.large
+      - cache.r4.xlarge
+      - cache.r4.2xlarge
+      - cache.r4.4xlarge
+      - cache.r4.8xlarge
+      - cache.r4.16xlarge
+
+  CacheEngine:
+    Description: The underlying cache engine, either Redis or Memcached
+    Type: String
+    Default: redis
+    ConstraintDescription: Node instance class not supported
+    AllowedValues:
+      - redis
+      - memcached
+
+  CacheNodeCount:
+    Description: Number of nodes in the cluster. Only used with memcached engine, for redis this value will be set to 1.
+    Type: Number
+    MinValue: 1
+    MaxValue: 15
+    ConstraintDescription: Node count must be between 1 and 15
+    Default: 1
+    
+  AutoMinorVersionUpgrade:
+    Description: Whether or not minor version upgrades to the cache engine should be applied automatically during the maintenance window.
+    Type: String
+    Default: true
+    AllowedValues:
+      - true
+      - false
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: Environment
+        Parameters:
+          - EnvironmentName
+      - Label:
+          default: Region Availability Zones
+        Parameters:
+          - AvailabilityZone1
+          - AvailabilityZone2
+      - Label:
+          default: Bastion
+        Parameters:
+          - KeyName
+          - LogRetentionInDays
+          - MFA
+          - SSHFrom
+      - Label:
+          default: Database
+        Parameters:
+          - DatabaseEngine
+          - DatabaseInstanceClass
+          - DatabaseUser
+          - DatabasePassword
+          - DatabaseName
+          - DatabaseSize
+          - EncryptionAtRest
+          - DatabaseEnableAlarms
+          - DatabaseEnhancedMonitoring
+          - DatabaseAlarmMaxCpuPercent
+          - DatabaseAlarmReadLatencyMaxSeconds
+          - DatabaseAlarmWriteLatencyMaxSeconds
+          - DatabaseAlarmEvaluationPeriods
+          - DatabaseAlarmEvaluationPeriodSeconds
+          - DatabaseAlarmMinFreeSpaceInBytes
+          - DatabaseAlarmSwapUsageInBytes
+      - Label:
+          default: ElastiCache
+        Parameters:
+          - CacheEngine
+          - ClusterName
+          - CacheNodeType
+          - CacheNodeCount
+          - AutoMinorVersionUpgrade
+      - Label:
+          default: Application Global
+        Parameters:
+          - AppIngressPort
+          - AppProtocol
+      - Label:
+          default: Initial Service
+        Parameters:
+          - HealthCheckPath
+          - DefaultContainerCpu
+          - DefaultContainerMemory
+          - DefaultServiceScaleEvaluationPeriods
+          - DefaultServiceCpuScaleOutThreshold
+          - DefaultServiceCpuScaleInThreshold
+          - DefaultTaskMinContainerCount
+          - DefaultTaskMaxContainerCount
+          - ContainerLogRetentionInDays
+      - Label:
+          default: Load Balancer
+        Parameters:
+          - ELBIngressPort
+          - HostedZoneName
+          - LoadBalancerDomainName
+          - SSLCertificateArn
+          - EnableLBAlarm
+          - LoadBalancerLatencySeconds
+          - LoadBalancerAlarmEvaluationPeriodSeconds
+          - LoadBalancerAlarmEvaluationPeriods
+      - Label:
+          default: Initial Service CI/CD
+        Parameters:
+          - CodeBuildDockerImage
+          - SeedDockerImage
+          - GitHubUser
+          - GitHubToken
+          - GitHubSourceRepo
+          - GitHubBranch
+      - Label:
+          default: Elastic Container Registry
+        Parameters:
+          - MaxTaggedContainerImagesToRetain
+          - DaysToRetainUntaggedContainerImages
+    ParameterLabels:
+      AvailabilityZone1:
+        default: Availability Zone 1
+      AvailabilityZone2:
+        default: Availability Zone 2
+      ELBIngressPort:
+        default: Port
+      AppIngressPort:
+        default: Port
+      AppProtocol:
+        default: Protocol
+      KeyName:
+        default: EC2 Key Pair
+      LogRetentionInDays:
+        default: Log Retention
+      MFA:
+        default: Multi-Factor
+      SSHFrom:
+        default: SSH Whitelist
+      TemplateBucket:
+        default: CloudFormation Bucket
+      EnvironmentName:
+        default: Environment
+      MaxTaggedContainerImagesToRetain:
+        default: Tagged Images Max
+      DaysToRetainUntaggedContainerImages:
+        default: Untagged Images
+      GitHubSourceRepo:
+        default: GitHub Repo
+      GitHubBranch:
+        default: GitHub Branch
+      GitHubUser:
+        default: GitHub User
+      GitHubToken:
+        default: GitHub Token
+      HealthCheckPath:
+        default: Health Check Path
+      DefaultContainerCpu:
+        default: CPU
+      DefaultContainerMemory:
+        default: Memory
+      DefaultServiceScaleEvaluationPeriods:
+        default: Scale Periods
+      DefaultServiceCpuScaleOutThreshold:
+        default: Scale Out CPU
+      DefaultServiceCpuScaleInThreshold:
+        default: Scale In CPU
+      DefaultTaskMinContainerCount:
+        default: Min Containers
+      DefaultTaskMaxContainerCount:
+        default: Max Containers
+      ContainerLogRetentionInDays:
+        default: Log Retention
+      HostedZoneName:
+        default: Hosted Zone
+      LoadBalancerDomainName:
+        default: Domain
+      SSLCertificateArn:
+        default: SSL Certificate
+      SeedDockerImage:
+        default: Initial Image
+      CodeBuildDockerImage:
+        default: CodeBuild Image
+      DatabaseUser:
+        default: User
+      DatabasePassword:
+        default: Password
+      DatabaseName:
+        default: Name
+      DatabaseSize:
+        default: Size
+      DatabaseEngine:
+        default: Engine
+      EncryptionAtRest:
+        default: Encryption at Rest
+      DatabaseInstanceClass:
+        default: Instance Type
+      DatabaseAlarmMaxCpuPercent:
+        default: Alarm Max CPU%
+      DatabaseAlarmReadLatencyMaxSeconds:
+        default: Alarm Max Read Latency
+      DatabaseAlarmWriteLatencyMaxSeconds:
+        default: Alarm Max Write Latency
+      DatabaseAlarmEvaluationPeriods:
+        default: Alarm Period(s)
+      DatabaseAlarmEvaluationPeriodSeconds:
+        default: Alarm Period Seconds
+      DatabaseEnhancedMonitoring:
+        default: Enhanced Monitoring
+      DatabaseAlarmMinFreeSpaceInBytes:
+        default: Min Free Space
+      DatabaseAlarmSwapUsageInBytes:
+        default: Max Swap Use
+      DatabaseEnableAlarms:
+        default: Enable Alarms
+      EnableLBAlarm:
+        default: Enable LB Alarm
+      LoadBalancerAlarmEvaluationPeriods:
+        default: LB Alarm Periods
+      LoadBalancerAlarmEvaluationPeriodSeconds:
+        default: LB Alarm Seconds
+      LoadBalancerLatencySeconds:
+        default: LB Latency Threshold
+
+Conditions:
+
+   IsProd: !Equals [ !Ref EnvironmentName, prod ]
+
+   IsAurora: !Or [ !Equals [ !Ref DatabaseEngine, aurora ], !Equals [ !Ref DatabaseEngine, aurora-postgresql ] ]
+
+   IsNotAurora: !Not [ Condition: IsAurora ]
+
+Resources:
+
+  VpcStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/vpc.cfn.yml
+      Parameters:
+        AvailabilityZone1: !Ref AvailabilityZone1
+        AvailabilityZone2: !Ref AvailabilityZone2
+        SSHFrom: !Ref SSHFrom
+        ELBIngressPort: !Ref ELBIngressPort
+        AppIngressPort: !Ref AppIngressPort
+        SingleNatGateway: !If [ IsProd, false, true ]
+
+  BastionStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/bastion.cfn.yml
+      Parameters:
+        NetworkStackName: !GetAtt VpcStack.Outputs.Name
+        KeyName: !Ref KeyName
+        LogRetentionInDays: !Ref LogRetentionInDays
+        MFA: !Ref MFA
+    DependsOn: VpcStack
+
+  AuroraStack:
+    Type: AWS::CloudFormation::Stack
+    Condition: IsAurora
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/aurora.cfn.yml
+      Parameters:
+        NetworkStackName: !GetAtt VpcStack.Outputs.Name
+        EnvironmentName: !Ref EnvironmentName
+        DatabaseEngine: !Ref DatabaseEngine
+        DatabaseInstanceClass: !Ref DatabaseInstanceClass
+        DatabaseUser: !Ref DatabaseUser
+        DatabasePassword: !Ref DatabasePassword
+        DatabaseName: !Ref DatabaseName
+        EncryptionAtRest: !Ref EncryptionAtRest
+        EnableAlarms: !Ref DatabaseEnableAlarms
+        EnhancedMonitoring: !Ref DatabaseEnhancedMonitoring
+        DatabaseAlarmMaxCpuPercent: !Ref DatabaseAlarmMaxCpuPercent
+        DatabaseAlarmReadLatencyMaxSeconds: !Ref DatabaseAlarmReadLatencyMaxSeconds
+        DatabaseAlarmWriteLatencyMaxSeconds: !Ref DatabaseAlarmWriteLatencyMaxSeconds
+        DatabaseAlarmEvaluationPeriods: !Ref DatabaseAlarmEvaluationPeriods
+        DatabaseAlarmEvaluationPeriodSeconds: !Ref DatabaseAlarmEvaluationPeriodSeconds
+    DependsOn: VpcStack
+
+  RdsStack:
+    Type: AWS::CloudFormation::Stack
+    Condition: IsNotAurora
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/db.cfn.yml
+      Parameters:
+        NetworkStackName: !GetAtt VpcStack.Outputs.Name
+        EnvironmentName: !Ref EnvironmentName
+        DatabaseEngine: !Ref DatabaseEngine
+        DatabaseInstanceClass: !Ref DatabaseInstanceClass
+        DatabaseUser: !Ref DatabaseUser
+        DatabasePassword: !Ref DatabasePassword
+        DatabaseName: !Ref DatabaseName
+        EncryptionAtRest: !Ref EncryptionAtRest
+        DatabaseSize: !Ref DatabaseSize
+        EnableAlarms: !Ref DatabaseEnableAlarms
+        EnhancedMonitoring: !Ref DatabaseEnhancedMonitoring
+        DatabaseAlarmMaxCpuPercent: !Ref DatabaseAlarmMaxCpuPercent
+        DatabaseAlarmReadLatencyMaxSeconds: !Ref DatabaseAlarmReadLatencyMaxSeconds
+        DatabaseAlarmWriteLatencyMaxSeconds: !Ref DatabaseAlarmWriteLatencyMaxSeconds
+        DatabaseAlarmEvaluationPeriods: !Ref DatabaseAlarmEvaluationPeriods
+        DatabaseAlarmEvaluationPeriodSeconds: !Ref DatabaseAlarmEvaluationPeriodSeconds
+        DatabaseAlarmMinFreeSpaceInBytes: !Ref DatabaseAlarmMinFreeSpaceInBytes
+        DatabaseAlarmSwapUsageInBytes: !Ref DatabaseAlarmSwapUsageInBytes
+    DependsOn: VpcStack
+
+  FargateStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/fargate.cfn.yml
+      Parameters:
+        NetworkStackName: !GetAtt VpcStack.Outputs.Name
+        DatabaseStackName:  !If [ IsAurora, !GetAtt AuroraStack.Outputs.Name, !GetAtt RdsStack.Outputs.Name ]
+        HostedZoneName: !Ref HostedZoneName
+        LoadBalancerDomainName: !Ref LoadBalancerDomainName
+        AppProtocol: !Ref AppProtocol
+        SSLCertificateArn: !Ref SSLCertificateArn
+        HealthCheckPath: !Ref HealthCheckPath
+        GitHubSourceRepo: !Ref GitHubSourceRepo
+        GitHubBranch: !Ref GitHubBranch
+        GitHubToken: !Ref GitHubToken
+        GitHubUser: !Ref GitHubUser
+        CodeBuildDockerImage: !Ref CodeBuildDockerImage
+        SeedDockerImage: !Ref SeedDockerImage
+        DefaultContainerCpu: !Ref DefaultContainerCpu
+        DefaultContainerMemory: !Ref DefaultContainerMemory
+        DefaultServiceScaleEvaluationPeriods: !Ref DefaultServiceScaleEvaluationPeriods
+        DefaultServiceCpuScaleOutThreshold: !Ref DefaultServiceCpuScaleOutThreshold
+        DefaultServiceCpuScaleInThreshold: !Ref DefaultServiceCpuScaleInThreshold
+        DefaultTaskMinContainerCount: !Ref DefaultTaskMinContainerCount
+        DefaultTaskMaxContainerCount: !Ref DefaultTaskMaxContainerCount
+        ContainerLogRetentionInDays: !Ref ContainerLogRetentionInDays
+        MaxTaggedContainerImagesToRetain: !Ref MaxTaggedContainerImagesToRetain
+        DaysToRetainUntaggedContainerImages: !Ref DaysToRetainUntaggedContainerImages
+        EnvironmentName: !Ref EnvironmentName
+        EnableLBAlarm: !Ref EnableLBAlarm
+        LoadBalancerLatencySeconds: !Ref LoadBalancerLatencySeconds
+        LoadBalancerAlarmEvaluationPeriodSeconds: !Ref LoadBalancerAlarmEvaluationPeriodSeconds
+        LoadBalancerAlarmEvaluationPeriods: !Ref LoadBalancerAlarmEvaluationPeriods
+
+  ElastiCacheStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/elasticache.cfn.yml
+      Parameters:
+        NetworkStackName: !GetAtt VpcStack.Outputs.Name
+        ClusterName: !Ref ClusterName
+        CacheNodeType: !Ref CacheNodeType
+        CacheEngine:  !Ref CacheEngine
+        CacheNodeCount:  !Ref CacheNodeCount
+        AutoMinorVersionUpgrade:  !Ref AutoMinorVersionUpgrade
+    DependsOn: VpcStack
+
+Outputs:
+
+  VpcStackName:
+    Value: !GetAtt VpcStack.Outputs.Name
+    Export:
+      Name: !Sub ${AWS::StackName}-VpcStackName
+
+  BastionStackName:
+    Value: !GetAtt BastionStack.Outputs.Name
+    Export:
+      Name: !Sub ${AWS::StackName}-BastionStackName
+
+  FargateStackName:
+    Value: !GetAtt FargateStack.Outputs.Name
+    Export:
+      Name: !Sub ${AWS::StackName}-FargateStackName
+
+  AuroraStackName:
+    Value: !GetAtt AuroraStack.Outputs.Name
+    Condition: IsAurora
+    Export:
+      Name: !Sub ${AWS::StackName}-DatabaseStackName
+
+  RdsStackName:
+    Value: !GetAtt RdsStack.Outputs.Name
+    Condition: IsNotAurora
+    Export:
+      Name: !Sub ${AWS::StackName}-DatabaseStackName
+
+  ElastiCacheStackName:
+    Value: !GetAtt ElastiCacheStack.Outputs.ElastiCacheStackName
+    Export:
+      Name: !Sub ${AWS::StackName}-ElastiCacheStackName
diff --git a/vpc-elasticache.cfn.yml b/vpc-elasticache.cfn.yml
new file mode 100644
index 00000000..9772d06a
--- /dev/null
+++ b/vpc-elasticache.cfn.yml
@@ -0,0 +1,181 @@
+---
+AWSTemplateFormatVersion: 2010-09-09
+
+
+Description: VPC + Elasticache
+
+
+Parameters:
+
+  TemplateBucket:
+    Type: String
+    Default: awslabs-startup-kit-templates-deploy-v3
+    Description: The template bucket for the CloudFormation templates
+
+  # vpc.cfn.yml parameters
+  AvailabilityZone1:
+    Description: The first availability zone in the region
+    Type: AWS::EC2::AvailabilityZone::Name
+    ConstraintDescription: Must be a valid availability zone
+
+  AvailabilityZone2:
+    Description: The second availability zone in the region
+    Type: AWS::EC2::AvailabilityZone::Name
+    ConstraintDescription: Must be a valid availability zone
+
+  SSHFrom:
+    Description: Limit SSH access to bastion hosts to a CIDR IP block
+    Type: String
+    MinLength: 9
+    MaxLength: 18
+    Default: 0.0.0.0/0
+
+  ELBIngressPort:
+    Description: The ELB ingress port used by security groups
+    Type: Number
+    MinValue: 0
+    MaxValue: 65535
+    ConstraintDescription: TCP ports must be between 0 - 65535
+    Default: 80
+
+  AppIngressPort:
+    Description: The application ingress port used by security groups
+    Type: Number
+    MinValue: 0
+    MaxValue: 65535
+    ConstraintDescription: TCP ports must be between 0 - 65535
+    Default: 80
+
+  # elasticache.cfn.yml parameters
+  ClusterName:
+    Description: Custom name of the cluster. Auto generated if you don't supply your own.
+    Type: String
+
+  CacheNodeType:
+    Description: Cache node instance class, e.g. cache.t2.micro(free tier). See https://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheNodes.SelectSize.html
+    Type: String
+    Default: cache.t2.micro
+    ConstraintDescription: Node instance class not supported
+    AllowedValues:
+      - cache.t2.micro
+      - cache.t2.small
+      - cache.t2.medium
+      - cache.m4.large
+      - cache.m4.xlarge
+      - cache.m4.2xlarge
+      - cache.m4.4xlarge
+      - cache.m4.10xlarge
+      - cache.r4.large
+      - cache.r4.xlarge
+      - cache.r4.2xlarge
+      - cache.r4.4xlarge
+      - cache.r4.8xlarge
+      - cache.r4.16xlarge
+
+  CacheEngine:
+    Description: The underlying cache engine, either Redis or Memcached
+    Type: String
+    Default: redis
+    ConstraintDescription: Node instance class not supported
+    AllowedValues:
+      - redis
+      - memcached
+
+  CacheNodeCount:
+    Description: Number of nodes in the cluster. Only used with memcached engine, for redis this value will be set to 1.
+    Type: Number
+    MinValue: 1
+    MaxValue: 15
+    ConstraintDescription: Node count must be between 1 and 15
+    Default: 1
+
+  AutoMinorVersionUpgrade:
+    Description: Whether or not minor version upgrades to the cache engine should be applied automatically during the maintenance window.
+    Type: String
+    Default: true
+    AllowedValues:
+      - true
+      - false
+
+  EnvironmentName:
+    Type: String
+    Description: Environment name - dev or prod
+    Default: dev
+    AllowedValues:
+      - dev
+      - prod
+    ConstraintDescription: Specify either dev or prod
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: Environment
+        Parameters:
+          - EnvironmentName
+      - Label:
+          default: Region Availability Zones
+        Parameters:
+          - AvailabilityZone1
+          - AvailabilityZone2
+      - Label:
+          default: Ingress Ports
+        Parameters:
+          - ELBIngressPort
+          - AppIngressPort
+    ParameterLabels:
+      AvailabilityZone1:
+        default: Availability Zone 1
+      AvailabilityZone2:
+        default: Availability Zone 2
+      ELBIngressPort:
+        default: Load Balancer Port
+      AppIngressPort:
+        default: Application Port
+      SSHFrom:
+        default: Bastion SSH Whitelist
+      TemplateBucket:
+        default: CloudFormation Bucket
+      EnvironmentName:
+        default: Environment
+      SSHFrom:
+        default: SSH Whitelist
+
+Conditions:
+
+   IsProd: !Equals [ !Ref EnvironmentName, prod ]
+
+Resources:
+
+  VpcStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/vpc.cfn.yml
+      Parameters:
+        AvailabilityZone1: !Ref AvailabilityZone1
+        AvailabilityZone2: !Ref AvailabilityZone2
+        SSHFrom: !Ref SSHFrom
+        ELBIngressPort: !Ref ELBIngressPort
+        AppIngressPort: !Ref AppIngressPort
+        SingleNatGateway: !If [ IsProd, false, true ]
+
+  ElastiCacheStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: !Sub https://s3.amazonaws.com/${TemplateBucket}/templates/elasticache.cfn.yml
+      Parameters:
+        NetworkStackName: !GetAtt VpcStack.Outputs.Name
+        ClusterName: !Ref ClusterName
+    DependsOn: VpcStack
+
+Outputs:
+
+  VpcStackName:
+    Value: !GetAtt VpcStack.Outputs.Name
+    Export:
+      Name: !Sub ${AWS::StackName}-VpcStackName
+
+  ElastiCacheStackName:
+    Value: !GetAtt ElastiCacheStack.Outputs.ElastiCacheStackName
+    Export:
+      Name: !Sub ${AWS::StackName}-ElastiCacheStackName