AWSTemplateFormatVersion: "2010-09-09" Description: Nakama load balancing stack Parameters: environment: Type: String Description: Name of the environment Default: production release: Type: String Description: Name of the release name of the stack version to use. Default: production AllowedValues: ['develop', 'production'] ConstraintDescription: "Must be a possible release version." PublicSubnets: Description: The public subnets for the ALB to run in. Type: String PortalCertificate: Description: Arn of AWS Certificate Type: String VpcId: Description: ID of the VPC Type: AWS::EC2::VPC::Id Resources: #-- Network Load Balancer --# PublicNLB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Type: network LoadBalancerAttributes: - Key: deletion_protection.enabled Value: false Scheme: internet-facing Subnets: !Split [",", !Ref PublicSubnets] Tags: - Key: Name Value: !Sub "Nakama-${environment}-NLB" - Key: environment Value: !Ref environment # Target group for HTTP api HttpApiTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Port: 7350 Protocol: TCP TargetGroupAttributes: - Key: deregistration_delay.timeout_seconds Value: '20' VpcId: !Ref 'VpcId' Tags: - Key: Name Value: !Sub 'nakama-http-${release}' # Listener for HTTP HttpApiNlbListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref HttpApiTargetGroup LoadBalancerArn: !Ref PublicNLB Port: 7350 Protocol: TCP # Target group for gRPC API GRpcApiTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Port: 7349 Protocol: TCP_UDP TargetGroupAttributes: - Key: deregistration_delay.timeout_seconds Value: '20' VpcId: !Ref 'VpcId' Tags: - Key: Name Value: !Sub 'nakama-GRpc-${release}' # Listener for gRPC API GRpcNlbListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref GRpcApiTargetGroup LoadBalancerArn: !Ref PublicNLB Port: 7349 Protocol: TCP_UDP # Target group for gRPC embeded console GRpcEApiTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Port: 7348 Protocol: TCP_UDP TargetGroupAttributes: - Key: deregistration_delay.timeout_seconds Value: '20' VpcId: !Ref 'VpcId' Tags: - Key: Name Value: !Sub 'nakama-GRpc-${release}' # Listener for gRPC embeded console GRpcENlbListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: !Ref GRpcEApiTargetGroup LoadBalancerArn: !Ref PublicNLB Port: 7348 Protocol: TCP_UDP #-- Application Load Balancer --# PublicALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Type: application LoadBalancerAttributes: - Key: deletion_protection.enabled Value: false - Key: idle_timeout.timeout_seconds Value: 60 Scheme: internet-facing SecurityGroups: - !Ref AlbSecurityGroup Subnets: !Split [",", !Ref PublicSubnets] Tags: - Key: Name Value: !Sub "Nakama-${environment}-ALB" - Key: environment Value: !Ref environment AlbSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: ECS Allowed Ports VpcId: !Ref VpcId SecurityGroupIngress: - IpProtocol: icmp FromPort: "-1" ToPort: "-1" CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: "443" ToPort: "443" CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: "80" ToPort: "80" CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: icmp FromPort: "-1" ToPort: "-1" CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: "0" ToPort: "65535" CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: "0" ToPort: "65535" CidrIp: 0.0.0.0/0 # Target group for admin portal port AdminPortalTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 30 HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 15 HealthyThresholdCount: 2 UnhealthyThresholdCount: 2 Matcher: HttpCode: '200' HealthCheckPath: '/' Port: 7351 Protocol: HTTP TargetGroupAttributes: - Key: deregistration_delay.timeout_seconds Value: '20' VpcId: !Ref 'VpcId' Tags: - Key: Name Value: !Sub 'nakama-${release}' # HTTPS for Admin Portal AdminPortalAlbListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: Certificates: - CertificateArn: !Ref PortalCertificate DefaultActions: - Type: forward TargetGroupArn: !Ref AdminPortalTargetGroup LoadBalancerArn: !Ref PublicALB Port: 443 Protocol: HTTPS # Redirect HTTP -> HTTPS AdminPortalRedirectAlbListener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: redirect RedirectConfig: Protocol: HTTPS Port: 443 Host: '#{host}' Path: '/#{path}' Query: '#{query}' StatusCode: HTTP_301 LoadBalancerArn: !Ref PublicALB Port: 80 Protocol: HTTP Outputs: AdminPortalTargetGroup: Description: "" Value: !Ref AdminPortalTargetGroup HttpApiTargetGroup: Description: "" Value: !Ref HttpApiTargetGroup GRpcApiTargetGroup: Description: "" Value: !Ref GRpcApiTargetGroup GRpcEApiTargetGroup: Description: "" Value: !Ref GRpcEApiTargetGroup PublicNlbDnsName: Description: "" Value: !GetAtt PublicNLB.DNSName PublicAlbDnsName: Description: "" Value: !GetAtt PublicALB.DNSName