{ "Resources": { "AWSAutoScalingAutoScalingGroupmasterustest1amastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AutoScalingGroupName": "master-us-test-1a.masters.nthsqsresources.longclustername.example.com", "LaunchTemplate": { "LaunchTemplateId": { "Ref": "AWSEC2LaunchTemplatemasterustest1amastersnthsqsresourceslongclusternameexamplecom" }, "Version": { "Fn::GetAtt": [ "AWSEC2LaunchTemplatemasterustest1amastersnthsqsresourceslongclusternameexamplecom", "LatestVersionNumber" ] } }, "MaxSize": "1", "MinSize": "1", "VPCZoneIdentifier": [ { "Ref": "AWSEC2Subnetustest1anthsqsresourceslongclusternameexamplecom" } ], "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com", "PropagateAtLaunch": true }, { "Key": "Name", "Value": "master-us-test-1a.masters.nthsqsresources.longclustername.example.com", "PropagateAtLaunch": true }, { "Key": "aws-node-termination-handler/managed", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", "Value": "master", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/role/master", "Value": "1", "PropagateAtLaunch": true }, { "Key": "kops.k8s.io/instancegroup", "Value": "master-us-test-1a", "PropagateAtLaunch": true }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned", "PropagateAtLaunch": true } ], "MetricsCollection": [ { "Granularity": "1Minute", "Metrics": [ "GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances" ] } ] } }, "AWSAutoScalingAutoScalingGroupnodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AutoScalingGroupName": "nodes.nthsqsresources.longclustername.example.com", "LaunchTemplate": { "LaunchTemplateId": { "Ref": "AWSEC2LaunchTemplatenodesnthsqsresourceslongclusternameexamplecom" }, "Version": { "Fn::GetAtt": [ "AWSEC2LaunchTemplatenodesnthsqsresourceslongclusternameexamplecom", "LatestVersionNumber" ] } }, "MaxSize": "2", "MinSize": "2", "VPCZoneIdentifier": [ { "Ref": "AWSEC2Subnetustest1anthsqsresourceslongclusternameexamplecom" } ], "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com", "PropagateAtLaunch": true }, { "Key": "Name", "Value": "nodes.nthsqsresources.longclustername.example.com", "PropagateAtLaunch": true }, { "Key": "aws-node-termination-handler/managed", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", "Value": "node", "PropagateAtLaunch": true }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "", "PropagateAtLaunch": true }, { "Key": "k8s.io/role/node", "Value": "1", "PropagateAtLaunch": true }, { "Key": "kops.k8s.io/instancegroup", "Value": "nodes", "PropagateAtLaunch": true }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned", "PropagateAtLaunch": true } ], "MetricsCollection": [ { "Granularity": "1Minute", "Metrics": [ "GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances" ] } ] } }, "AWSAutoScalingLifecycleHookmasterustest1aNTHLifecycleHook": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { "LifecycleHookName": "master-us-test-1a-NTHLifecycleHook", "AutoScalingGroupName": { "Ref": "AWSAutoScalingAutoScalingGroupmasterustest1amastersnthsqsresourceslongclusternameexamplecom" }, "DefaultResult": "CONTINUE", "HeartbeatTimeout": 300, "LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING" } }, "AWSAutoScalingLifecycleHooknodesNTHLifecycleHook": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { "LifecycleHookName": "nodes-NTHLifecycleHook", "AutoScalingGroupName": { "Ref": "AWSAutoScalingAutoScalingGroupnodesnthsqsresourceslongclusternameexamplecom" }, "DefaultResult": "CONTINUE", "HeartbeatTimeout": 300, "LifecycleTransition": "autoscaling:EC2_INSTANCE_TERMINATING" } }, "AWSEC2DHCPOptionsnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::DHCPOptions", "Properties": { "DomainName": "us-test-1.compute.internal", "DomainNameServers": [ "AmazonProvidedDNS" ], "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEC2InternetGatewaynthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEC2LaunchTemplatemasterustest1amastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::LaunchTemplate", "Properties": { "LaunchTemplateName": "master-us-test-1a.masters.nthsqsresources.longclustername.example.com", "LaunchTemplateData": { "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeType": "gp3", "VolumeSize": 64, "Iops": 3000, "Throughput": 125, "DeleteOnTermination": true, "Encrypted": true } }, { "DeviceName": "/dev/sdc", "VirtualName": "ephemeral0" } ], "IamInstanceProfile": { "Name": { "Ref": "AWSIAMInstanceProfilemastersnthsqsresourceslongclusternameexamplecom" } }, "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.nthsqsresources.longclustername.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, "HttpTokens": "optional" }, "Monitoring": { "Enabled": false }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, "DeleteOnTermination": true, "DeviceIndex": 0, "Ipv6AddressCount": 0, "Groups": [ { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" } ] } ], "TagSpecifications": [ { "ResourceType": "instance", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "master-us-test-1a.masters.nthsqsresources.longclustername.example.com" }, { "Key": "aws-node-termination-handler/managed", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", "Value": "master" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "" }, { "Key": "k8s.io/role/master", "Value": "1" }, { "Key": "kops.k8s.io/instancegroup", "Value": "master-us-test-1a" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] }, { "ResourceType": "volume", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "master-us-test-1a.masters.nthsqsresources.longclustername.example.com" }, { "Key": "aws-node-termination-handler/managed", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", "Value": "master" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers", "Value": "" }, { "Key": "k8s.io/role/master", "Value": "1" }, { "Key": "kops.k8s.io/instancegroup", "Value": "master-us-test-1a" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } ], "UserData": "extracted" } } }, "AWSEC2LaunchTemplatenodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::LaunchTemplate", "Properties": { "LaunchTemplateName": "nodes.nthsqsresources.longclustername.example.com", "LaunchTemplateData": { "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeType": "gp3", "VolumeSize": 128, "Iops": 3000, "Throughput": 125, "DeleteOnTermination": true, "Encrypted": true } } ], "IamInstanceProfile": { "Name": { "Ref": "AWSIAMInstanceProfilenodesnthsqsresourceslongclusternameexamplecom" } }, "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.nthsqsresources.longclustername.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, "HttpTokens": "optional" }, "Monitoring": { "Enabled": false }, "NetworkInterfaces": [ { "AssociatePublicIpAddress": true, "DeleteOnTermination": true, "DeviceIndex": 0, "Ipv6AddressCount": 0, "Groups": [ { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" } ] } ], "TagSpecifications": [ { "ResourceType": "instance", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nodes.nthsqsresources.longclustername.example.com" }, { "Key": "aws-node-termination-handler/managed", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", "Value": "node" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "" }, { "Key": "k8s.io/role/node", "Value": "1" }, { "Key": "kops.k8s.io/instancegroup", "Value": "nodes" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] }, { "ResourceType": "volume", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nodes.nthsqsresources.longclustername.example.com" }, { "Key": "aws-node-termination-handler/managed", "Value": "" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role", "Value": "node" }, { "Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node", "Value": "" }, { "Key": "k8s.io/role/node", "Value": "1" }, { "Key": "kops.k8s.io/instancegroup", "Value": "nodes" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } ], "UserData": "extracted" } } }, "AWSEC2Route0": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "AWSEC2RouteTablenthsqsresourceslongclusternameexamplecom" }, "DestinationIpv6CidrBlock": "::/0", "GatewayId": { "Ref": "AWSEC2InternetGatewaynthsqsresourceslongclusternameexamplecom" } } }, "AWSEC2Route00000": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "AWSEC2RouteTablenthsqsresourceslongclusternameexamplecom" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "AWSEC2InternetGatewaynthsqsresourceslongclusternameexamplecom" } } }, "AWSEC2RouteTablenthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" }, { "Key": "kubernetes.io/kops/role", "Value": "public" } ] } }, "AWSEC2SecurityGroupEgressfrommastersnthsqsresourceslongclusternameexamplecomegressall0to00": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1", "CidrIpv6": "::/0" } }, "AWSEC2SecurityGroupEgressfrommastersnthsqsresourceslongclusternameexamplecomegressall0to000000": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupEgressfromnodesnthsqsresourceslongclusternameexamplecomegressall0to00": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1", "CidrIpv6": "::/0" } }, "AWSEC2SecurityGroupEgressfromnodesnthsqsresourceslongclusternameexamplecomegressall0to000000": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "FromPort": 22, "ToPort": 22, "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 22, "ToPort": 22, "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "FromPort": 443, "ToPort": 443, "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngressfrommastersnthsqsresourceslongclusternameexamplecomingressall0to0mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1" } }, "AWSEC2SecurityGroupIngressfrommastersnthsqsresourceslongclusternameexamplecomingressall0to0nodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1" } }, "AWSEC2SecurityGroupIngressfromnodesnthsqsresourceslongclusternameexamplecomingressall0to0nodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1" } }, "AWSEC2SecurityGroupIngressfromnodesnthsqsresourceslongclusternameexamplecomingresstcp1to2379mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 1, "ToPort": 2379, "IpProtocol": "tcp" } }, "AWSEC2SecurityGroupIngressfromnodesnthsqsresourceslongclusternameexamplecomingresstcp2382to4000mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } }, "AWSEC2SecurityGroupIngressfromnodesnthsqsresourceslongclusternameexamplecomingresstcp4003to65535mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 4003, "ToPort": 65535, "IpProtocol": "tcp" } }, "AWSEC2SecurityGroupIngressfromnodesnthsqsresourceslongclusternameexamplecomingressudp1to65535mastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom" }, "FromPort": 1, "ToPort": 65535, "IpProtocol": "udp" } }, "AWSEC2SecurityGroupmastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupName": "masters.nthsqsresources.longclustername.example.com", "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "GroupDescription": "Security group for masters", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "masters.nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEC2SecurityGroupnodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupName": "nodes.nthsqsresources.longclustername.example.com", "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "GroupDescription": "Security group for nodes", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nodes.nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEC2SubnetRouteTableAssociationustest1anthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "AWSEC2Subnetustest1anthsqsresourceslongclusternameexamplecom" }, "RouteTableId": { "Ref": "AWSEC2RouteTablenthsqsresourceslongclusternameexamplecom" } } }, "AWSEC2Subnetustest1anthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "CidrBlock": "172.20.32.0/19", "AvailabilityZone": "us-test-1a", "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "us-test-1a.nthsqsresources.longclustername.example.com" }, { "Key": "SubnetType", "Value": "Public" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" }, { "Key": "kubernetes.io/role/elb", "Value": "1" }, { "Key": "kubernetes.io/role/internal-elb", "Value": "1" } ] } }, "AWSEC2VPCCidrBlockAmazonIPv6": { "Type": "AWS::EC2::VPCCidrBlock", "Properties": { "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "AmazonProvidedIpv6CidrBlock": true } }, "AWSEC2VPCDHCPOptionsAssociationnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::VPCDHCPOptionsAssociation", "Properties": { "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "DhcpOptionsId": { "Ref": "AWSEC2DHCPOptionsnthsqsresourceslongclusternameexamplecom" } } }, "AWSEC2VPCGatewayAttachmentnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "AWSEC2VPCnthsqsresourceslongclusternameexamplecom" }, "InternetGatewayId": { "Ref": "AWSEC2InternetGatewaynthsqsresourceslongclusternameexamplecom" } } }, "AWSEC2VPCnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "172.20.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEC2Volumeustest1aetcdeventsnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::Volume", "Properties": { "AvailabilityZone": "us-test-1a", "Size": 20, "VolumeType": "gp3", "Iops": 3000, "Throughput": 125, "Encrypted": false, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "us-test-1a.etcd-events.nthsqsresources.longclustername.example.com" }, { "Key": "k8s.io/etcd/events", "Value": "us-test-1a/us-test-1a" }, { "Key": "k8s.io/role/master", "Value": "1" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEC2Volumeustest1aetcdmainnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::EC2::Volume", "Properties": { "AvailabilityZone": "us-test-1a", "Size": 20, "VolumeType": "gp3", "Iops": 3000, "Throughput": 125, "Encrypted": false, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "us-test-1a.etcd-main.nthsqsresources.longclustername.example.com" }, { "Key": "k8s.io/etcd/main", "Value": "us-test-1a/us-test-1a" }, { "Key": "k8s.io/role/master", "Value": "1" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSEventsRulenthsqsresourceslongclusternameefkbaohASGLifecycle": { "Type": "AWS::Events::Rule", "Properties": { "Name": "nthsqsresources.longclustername.e-fkbaoh-ASGLifecycle", "EventPattern": { "detail-type": [ "EC2 Instance-terminate Lifecycle Action" ], "source": [ "aws.autoscaling" ] }, "Targets": [ { "Id": "1", "Arn": { "Ref": "AWSSQSQueuenthsqsresourceslongclusternameexamplecomnth" } } ] } }, "AWSEventsRulenthsqsresourceslongclusternameefkbaohInstanceStateChange": { "Type": "AWS::Events::Rule", "Properties": { "Name": "nthsqsresources.longclustername.e-fkbaoh-InstanceStateChange", "EventPattern": { "detail-type": [ "EC2 Instance State-change Notification" ], "source": [ "aws.ec2" ] }, "Targets": [ { "Id": "1", "Arn": { "Ref": "AWSSQSQueuenthsqsresourceslongclusternameexamplecomnth" } } ] } }, "AWSEventsRulenthsqsresourceslongclusternameefkbaohRebalanceRecommendation": { "Type": "AWS::Events::Rule", "Properties": { "Name": "nthsqsresources.longclustername.e-fkbaoh-RebalanceRecommendation", "EventPattern": { "detail-type": [ "EC2 Instance Rebalance Recommendation" ], "source": [ "aws.ec2" ] }, "Targets": [ { "Id": "1", "Arn": { "Ref": "AWSSQSQueuenthsqsresourceslongclusternameexamplecomnth" } } ] } }, "AWSEventsRulenthsqsresourceslongclusternameefkbaohSpotInterruption": { "Type": "AWS::Events::Rule", "Properties": { "Name": "nthsqsresources.longclustername.e-fkbaoh-SpotInterruption", "EventPattern": { "detail-type": [ "EC2 Spot Instance Interruption Warning" ], "source": [ "aws.ec2" ] }, "Targets": [ { "Id": "1", "Arn": { "Ref": "AWSSQSQueuenthsqsresourceslongclusternameexamplecomnth" } } ] } }, "AWSIAMInstanceProfilemastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "InstanceProfileName": "masters.nthsqsresources.longclustername.example.com", "Roles": [ { "Ref": "AWSIAMRolemastersnthsqsresourceslongclusternameexamplecom" } ] } }, "AWSIAMInstanceProfilenodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "InstanceProfileName": "nodes.nthsqsresources.longclustername.example.com", "Roles": [ { "Ref": "AWSIAMRolenodesnthsqsresourceslongclusternameexamplecom" } ] } }, "AWSIAMPolicymastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "masters.nthsqsresources.longclustername.example.com", "Roles": [ { "Ref": "AWSIAMRolemastersnthsqsresourceslongclusternameexamplecom" } ], "PolicyDocument": { "Statement": [ { "Action": "ec2:AttachVolume", "Condition": { "StringEquals": { "aws:ResourceTag/KubernetesCluster": "nthsqsresources.longclustername.example.com", "aws:ResourceTag/k8s.io/role/master": "1" } }, "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "s3:Get*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/*" }, { "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/backups/etcd/main/*" }, { "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/backups/etcd/events/*" }, { "Action": [ "s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "s3:ListBucket", "s3:ListBucketVersions" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::placeholder-read-bucket" ] }, { "Action": [ "s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "s3:ListBucket", "s3:ListBucketVersions" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::placeholder-write-bucket" ] }, { "Action": [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets", "route53:GetHostedZone" ], "Effect": "Allow", "Resource": [ "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" ] }, { "Action": [ "route53:GetChange" ], "Effect": "Allow", "Resource": [ "arn:aws:route53:::change/*" ] }, { "Action": [ "route53:ListHostedZones", "route53:ListTagsForResource" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "ec2:CreateTags", "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateVolume", "CreateSnapshot" ] } }, "Effect": "Allow", "Resource": [ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action": "ec2:CreateTags", "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateVolume", "CreateSnapshot" ] } }, "Effect": "Allow", "Resource": [ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action": "ec2:DeleteTags", "Condition": { "StringEquals": { "aws:ResourceTag/KubernetesCluster": "nthsqsresources.longclustername.example.com" } }, "Effect": "Allow", "Resource": [ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:DescribeKey", "kms:GenerateRandom", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "autoscaling:CompleteLifecycleAction", "autoscaling:SetDesiredCapacity", "autoscaling:TerminateInstanceInAutoScalingGroup", "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteRoute", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DetachVolume", "ec2:ModifyInstanceAttribute", "ec2:ModifyVolume", "ec2:RevokeSecurityGroupIngress", "elasticloadbalancing:AddTags", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:AttachLoadBalancerToSubnets", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DetachLoadBalancerFromSubnets", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" ], "Condition": { "StringEquals": { "aws:ResourceTag/KubernetesCluster": "nthsqsresources.longclustername.example.com" } }, "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:CreateSecurityGroup", "ec2:CreateVolume", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateLoadBalancerPolicy", "elasticloadbalancing:CreateTargetGroup" ], "Condition": { "StringEquals": { "aws:RequestTag/KubernetesCluster": "nthsqsresources.longclustername.example.com" } }, "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" } } }, "AWSIAMPolicynodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "nodes.nthsqsresources.longclustername.example.com", "Roles": [ { "Ref": "AWSIAMRolenodesnthsqsresourceslongclusternameexamplecom" } ], "PolicyDocument": { "Statement": [ { "Action": [ "s3:Get*" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/addons/*", "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/cluster-completed.spec", "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/igconfig/node/*", "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.longclustername.example.com/secrets/dockerconfig" ] }, { "Action": [ "s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "s3:ListBucket", "s3:ListBucketVersions" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::placeholder-read-bucket" ] }, { "Action": [ "autoscaling:DescribeAutoScalingInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" } } }, "AWSIAMRolemastersnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": "masters.nthsqsresources.longclustername.example.com", "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" } } ], "Version": "2012-10-17" }, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "masters.nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSIAMRolenodesnthsqsresourceslongclusternameexamplecom": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": "nodes.nthsqsresources.longclustername.example.com", "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" } } ], "Version": "2012-10-17" }, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nodes.nthsqsresources.longclustername.example.com" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } }, "AWSSQSQueuePolicynthsqsresourceslongclusternameexamplecomnthPolicy": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "Queues": [ { "Ref": "AWSSQSQueuenthsqsresourceslongclusternameexamplecomnth" } ], "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Effect": "Allow", "Principal": { "Service": [ "events.amazonaws.com", "sqs.amazonaws.com" ] }, "Resource": "arn:aws:sqs:us-test-1:123456789012:nthsqsresources-longclustername-example-com-nth" } ], "Version": "2012-10-17" } } }, "AWSSQSQueuenthsqsresourceslongclusternameexamplecomnth": { "Type": "AWS::SQS::Queue", "Properties": { "QueueName": "nthsqsresources-longclustername-example-com-nth", "MessageRetentionPeriod": 300, "Tags": [ { "Key": "KubernetesCluster", "Value": "nthsqsresources.longclustername.example.com" }, { "Key": "Name", "Value": "nthsqsresources-longclustername-example-com-nth" }, { "Key": "kubernetes.io/cluster/nthsqsresources.longclustername.example.com", "Value": "owned" } ] } } } }