etcd-cluster.yaml

SenzaComponents:
- Configuration:
    Type: Senza::StupsAutoConfiguration
- AppServer:
    IamRoles:
    - Ref: EtcdRole
    InstanceType: t2.small
    SecurityGroups:
    - Fn::GetAtt:
      - EtcdSecurityGroup
      - GroupId
    TaupageConfig:
      ports:
        2379: 2379
        2380: 2380
      runtime: Docker
      source: '{{Arguments.DockerImage}}'
      environment:
        HOSTED_ZONE: '{{Arguments.HostedZone}}'
      mounts:
        /home/etcd:
          partition: none
          filesystem: tmpfs
          erase_on_boot: false
          options: size=1024m
      scalyr_region: '{{Arguments.ScalyrRegion}}'
      scalyr_account_key: '{{Arguments.ScalyrAccountKey}}'
    Type: Senza::TaupageAutoScalingGroup
    AutoScaling:
      Minimum: 5
      Maximum: 5
      MetricType: CPU
SenzaInfo:
  Parameters:
  - HostedZone:
      Description: AWS Hosted Zone to work with
  - DockerImage:
      Description: Docker image of etcd-cluster.
  - ScalyrAccountKey:
      Description: Key for writing logs to scalyr
      Default: ''
  - ScalyrRegion:
      Description: Scalyr region
      Default: 'eu'
  StackName: etcd-cluster
Resources:
  EtcdSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Etcd Appliance Security Group
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 2379
        ToPort: 2380
        CidrIp: 0.0.0.0/0
  EtcdIngressMembers:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
      GroupId:
        Fn::GetAtt:
          - EtcdSecurityGroup
          - GroupId
      IpProtocol: tcp
      FromPort: 0
      ToPort: 65535
      SourceSecurityGroupId:
        Fn::GetAtt:
          - EtcdSecurityGroup
          - GroupId
  EtcdRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: Allow
          Principal:
            Service: ec2.amazonaws.com
          Action: sts:AssumeRole
      Path: /
      Policies:
      - PolicyName: AmazonEC2ReadOnlyAccess
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: Allow
            Action: ec2:Describe*
            Resource: "*"
          - Effect: Allow
            Action: autoscaling:Describe*
            Resource: "*"
      - PolicyName: AmazonRoute53Access
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: Allow
            Action:
            - route53:ListHostedZonesByName
            - route53:ChangeResourceRecordSets
            - route53:GetHostedZone
            - route53:ListResourceRecordSets
            - route53:GetChange
            Resource: [ "*" ]