-
Notifications
You must be signed in to change notification settings - Fork 0
/
cape-infra.yml
106 lines (96 loc) · 2.75 KB
/
cape-infra.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
AWSTemplateFormatVersion: "2010-09-09"
# TODO:
# - get cloudwatch wired up for logging deployment
Description: >
Top-level CloudFormation template for CAPE infrastructure baby-steps repo.
This template and other nested sub-stack templates are used to deploy an
example architecture to get some experience with these things under our
belts. In all templates, things we do not know yet that need to be filled in
eventually are noted with `[TBD]`. Items that are commented out are either
not known or not needed. These will be cleaned up as we go.
#Metadata:
# [TBD]
#Parameters:
# [TBD]
#Rules:
# [TBD]
#Mappings:
# [TBD]
#Conditions:
# [TBD]
#Transform:
# [TBD]
Resources:
CAPEBSProtectedStack:
Type: AWS::CloudFormation::Stack
Properties:
Capabilities:
# this stack creates a protected named user and this capability is
# required
- CAPABILITY_NAMED_IAM
#ChangeSetId: String
#CreationTime: String
Description: >
Nested stack for the protected side of CAPE. Creates resources
usable by GDPH and partners.
#DisableRollback: Boolean
EnableTerminationProtection: True
#LastUpdateTime: String
#NotificationARNs:
# - String
#Outputs:
# - Output
#Parameters:
# Key: [TBD]
#ParentId: String
#RoleARN: [TBD]
#RootId: String
#StackId: String
StackName: "capebs-protected-stack"
#StackPolicyBody: Json
#StackPolicyURL: String
#StackStatus: String
#StackStatusReason: String
#Tags:
# - [TBD]
#TemplateBody: Json
TemplateURL: substacks/protected/cape-infra-protected.yml
#TimeoutInMinutes: Integer
CAPEBSPrivateStack:
Type: AWS::CloudFormation::Stack
Properties:
Capabilities:
# this stack creates a protected named user and this capability is
# required
- CAPABILITY_NAMED_IAM
#ChangeSetId: String
#CreationTime: String
Description: >
Nested stack for the private side of CAPE. Creates resources
usable by GDPH and partners.
#DisableRollback: Boolean
EnableTerminationProtection: True
#LastUpdateTime: String
#NotificationARNs:
# - String
#Outputs:
# - Output
#Parameters:
# Key: [TBD]
#ParentId: String
#RoleARN: [TBD]
#RootId: String
#StackId: String
StackName: "capebs-private-stack"
#StackPolicyBody: Json
#StackPolicyURL: String
#StackStatus: String
#StackStatusReason: String
#Tags:
# - [TBD]
#TemplateBody: Json
TemplateURL: substacks/private/cape-infra-private.yml
#TimeoutInMinutes: Integer
#Outputs:
# [TBD]