1145 lines
36 KiB
YAML
1145 lines
36 KiB
YAML
Parameters:
|
|
DBInstanceType:
|
|
Type: String
|
|
Default: m5.large
|
|
Description: RDS PostgreSQL instance type (without the leading db.)
|
|
DBVersion:
|
|
Type: String
|
|
Default: "17.1"
|
|
Description: RDS PostgreSQL version
|
|
DBStorage:
|
|
Type: Number
|
|
Default: 10
|
|
Description: RDS PostgreSQL storage size in GB
|
|
MinValue: 10
|
|
RedisInstanceType:
|
|
Type: String
|
|
Default: cache.t4g.medium
|
|
Description: ElastiCache Redis instance type (with the leading cache.)
|
|
RedisVersion:
|
|
Type: String
|
|
Default: "7.1"
|
|
Description: ElastiCache Redis version
|
|
AuthentikImage:
|
|
Type: String
|
|
Default: ghcr.io/goauthentik/server
|
|
Description: authentik Docker image
|
|
AuthentikVersion:
|
|
Type: String
|
|
Default: 2024.12.3
|
|
Description: authentik Docker image tag
|
|
AuthentikServerCPU:
|
|
Type: Number
|
|
Default: 512
|
|
Description: authentik server CPU units (1024 = 1 vCPU)
|
|
AuthentikServerMemory:
|
|
Type: Number
|
|
Default: 1024
|
|
Description: authentik server memory in MiB
|
|
AuthentikServerDesiredCount:
|
|
Type: Number
|
|
Default: 2
|
|
Description: Desired number of authentik server tasks
|
|
MinValue: 1
|
|
AuthentikWorkerCPU:
|
|
Type: Number
|
|
Default: 512
|
|
Description: authentik worker CPU units (1024 = 1 vCPU)
|
|
AuthentikWorkerMemory:
|
|
Type: Number
|
|
Default: 1024
|
|
Description: authentik worker memory in MiB
|
|
AuthentikWorkerDesiredCount:
|
|
Type: Number
|
|
Default: 2
|
|
Description: Desired number of authentik worker tasks
|
|
MinValue: 1
|
|
CertificateARN:
|
|
Type: String
|
|
Description: ACM certificate ARN for HTTPS access
|
|
Resources:
|
|
AuthentikVpcA1ABE6C2:
|
|
Type: AWS::EC2::VPC
|
|
Properties:
|
|
CidrBlock: 10.0.0.0/16
|
|
EnableDnsHostnames: true
|
|
EnableDnsSupport: true
|
|
InstanceTenancy: default
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/Resource
|
|
AuthentikVpcPublicSubnet1Subnet0C75862A:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 0
|
|
- Fn::GetAZs: ""
|
|
CidrBlock: 10.0.0.0/18
|
|
MapPublicIpOnLaunch: true
|
|
Tags:
|
|
- Key: aws-cdk:subnet-name
|
|
Value: Public
|
|
- Key: aws-cdk:subnet-type
|
|
Value: Public
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PublicSubnet1
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet1/Subnet
|
|
AuthentikVpcPublicSubnet1RouteTable142C1454:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PublicSubnet1
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet1/RouteTable
|
|
AuthentikVpcPublicSubnet1RouteTableAssociation33E57E0C:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPublicSubnet1RouteTable142C1454
|
|
SubnetId:
|
|
Ref: AuthentikVpcPublicSubnet1Subnet0C75862A
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet1/RouteTableAssociation
|
|
AuthentikVpcPublicSubnet1DefaultRoute90C4189A:
|
|
Type: AWS::EC2::Route
|
|
Properties:
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
GatewayId:
|
|
Ref: AuthentikVpcIGW53CE5190
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPublicSubnet1RouteTable142C1454
|
|
DependsOn:
|
|
- AuthentikVpcVPCGW65A49376
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet1/DefaultRoute
|
|
AuthentikVpcPublicSubnet1EIP2A4626A0:
|
|
Type: AWS::EC2::EIP
|
|
Properties:
|
|
Domain: vpc
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PublicSubnet1
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet1/EIP
|
|
AuthentikVpcPublicSubnet1NATGatewayEBF2B25B:
|
|
Type: AWS::EC2::NatGateway
|
|
Properties:
|
|
AllocationId:
|
|
Fn::GetAtt:
|
|
- AuthentikVpcPublicSubnet1EIP2A4626A0
|
|
- AllocationId
|
|
SubnetId:
|
|
Ref: AuthentikVpcPublicSubnet1Subnet0C75862A
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PublicSubnet1
|
|
DependsOn:
|
|
- AuthentikVpcPublicSubnet1DefaultRoute90C4189A
|
|
- AuthentikVpcPublicSubnet1RouteTableAssociation33E57E0C
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet1/NATGateway
|
|
AuthentikVpcPublicSubnet2Subnet4DFAFA5B:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 1
|
|
- Fn::GetAZs: ""
|
|
CidrBlock: 10.0.64.0/18
|
|
MapPublicIpOnLaunch: true
|
|
Tags:
|
|
- Key: aws-cdk:subnet-name
|
|
Value: Public
|
|
- Key: aws-cdk:subnet-type
|
|
Value: Public
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PublicSubnet2
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet2/Subnet
|
|
AuthentikVpcPublicSubnet2RouteTableF486229B:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PublicSubnet2
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet2/RouteTable
|
|
AuthentikVpcPublicSubnet2RouteTableAssociationDA2BDD26:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPublicSubnet2RouteTableF486229B
|
|
SubnetId:
|
|
Ref: AuthentikVpcPublicSubnet2Subnet4DFAFA5B
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet2/RouteTableAssociation
|
|
AuthentikVpcPublicSubnet2DefaultRoute2E9B0EBA:
|
|
Type: AWS::EC2::Route
|
|
Properties:
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
GatewayId:
|
|
Ref: AuthentikVpcIGW53CE5190
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPublicSubnet2RouteTableF486229B
|
|
DependsOn:
|
|
- AuthentikVpcVPCGW65A49376
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PublicSubnet2/DefaultRoute
|
|
AuthentikVpcPrivateSubnet1Subnet6748EEA3:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 0
|
|
- Fn::GetAZs: ""
|
|
CidrBlock: 10.0.128.0/18
|
|
MapPublicIpOnLaunch: false
|
|
Tags:
|
|
- Key: aws-cdk:subnet-name
|
|
Value: Private
|
|
- Key: aws-cdk:subnet-type
|
|
Value: Private
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PrivateSubnet1
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet1/Subnet
|
|
AuthentikVpcPrivateSubnet1RouteTable865DCC15:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PrivateSubnet1
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet1/RouteTable
|
|
AuthentikVpcPrivateSubnet1RouteTableAssociationBBA42BB3:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPrivateSubnet1RouteTable865DCC15
|
|
SubnetId:
|
|
Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet1/RouteTableAssociation
|
|
AuthentikVpcPrivateSubnet1DefaultRouteE7E61D7D:
|
|
Type: AWS::EC2::Route
|
|
Properties:
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
NatGatewayId:
|
|
Ref: AuthentikVpcPublicSubnet1NATGatewayEBF2B25B
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPrivateSubnet1RouteTable865DCC15
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet1/DefaultRoute
|
|
AuthentikVpcPrivateSubnet2Subnet6B8E7123:
|
|
Type: AWS::EC2::Subnet
|
|
Properties:
|
|
AvailabilityZone:
|
|
Fn::Select:
|
|
- 1
|
|
- Fn::GetAZs: ""
|
|
CidrBlock: 10.0.192.0/18
|
|
MapPublicIpOnLaunch: false
|
|
Tags:
|
|
- Key: aws-cdk:subnet-name
|
|
Value: Private
|
|
- Key: aws-cdk:subnet-type
|
|
Value: Private
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PrivateSubnet2
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet2/Subnet
|
|
AuthentikVpcPrivateSubnet2RouteTable472C2F26:
|
|
Type: AWS::EC2::RouteTable
|
|
Properties:
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc/PrivateSubnet2
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet2/RouteTable
|
|
AuthentikVpcPrivateSubnet2RouteTableAssociation0276EED3:
|
|
Type: AWS::EC2::SubnetRouteTableAssociation
|
|
Properties:
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPrivateSubnet2RouteTable472C2F26
|
|
SubnetId:
|
|
Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet2/RouteTableAssociation
|
|
AuthentikVpcPrivateSubnet2DefaultRouteB93D7A74:
|
|
Type: AWS::EC2::Route
|
|
Properties:
|
|
DestinationCidrBlock: 0.0.0.0/0
|
|
NatGatewayId:
|
|
Ref: AuthentikVpcPublicSubnet1NATGatewayEBF2B25B
|
|
RouteTableId:
|
|
Ref: AuthentikVpcPrivateSubnet2RouteTable472C2F26
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/PrivateSubnet2/DefaultRoute
|
|
AuthentikVpcIGW53CE5190:
|
|
Type: AWS::EC2::InternetGateway
|
|
Properties:
|
|
Tags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikVpc
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/IGW
|
|
AuthentikVpcVPCGW65A49376:
|
|
Type: AWS::EC2::VPCGatewayAttachment
|
|
Properties:
|
|
InternetGatewayId:
|
|
Ref: AuthentikVpcIGW53CE5190
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikVpc/VPCGW
|
|
DatabaseSG2A23C222:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Security Group for authentik RDS PostgreSQL
|
|
SecurityGroupEgress:
|
|
- CidrIp: 0.0.0.0/0
|
|
Description: Allow all outbound traffic by default
|
|
IpProtocol: "-1"
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/DatabaseSG/Resource
|
|
DatabaseSGfromAuthentikStackAuthentikSG23C19B28543226D9B076:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Allow authentik to connect to RDS PostgreSQL
|
|
FromPort: 5432
|
|
GroupId:
|
|
Fn::GetAtt:
|
|
- DatabaseSG2A23C222
|
|
- GroupId
|
|
IpProtocol: tcp
|
|
SourceSecurityGroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
ToPort: 5432
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/DatabaseSG/from AuthentikStackAuthentikSG23C19B28:5432
|
|
RedisSGEA80AC17:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Security Group for authentik ElastiCache Redis
|
|
SecurityGroupEgress:
|
|
- CidrIp: 0.0.0.0/0
|
|
Description: Allow all outbound traffic by default
|
|
IpProtocol: "-1"
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/RedisSG/Resource
|
|
RedisSGfromAuthentikStackAuthentikSG23C19B2863790C4BCCDE:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Allow authentik to connect to ElastiCache Redis
|
|
FromPort: 6379
|
|
GroupId:
|
|
Fn::GetAtt:
|
|
- RedisSGEA80AC17
|
|
- GroupId
|
|
IpProtocol: tcp
|
|
SourceSecurityGroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
ToPort: 6379
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/RedisSG/from AuthentikStackAuthentikSG23C19B28:6379
|
|
AuthentikSG3040E46F:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Security Group for authentik services
|
|
SecurityGroupEgress:
|
|
- CidrIp: 0.0.0.0/0
|
|
Description: Allow all outbound traffic by default
|
|
IpProtocol: "-1"
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikSG/Resource
|
|
AuthentikSGfromAuthentikStackAuthentikALBSecurityGroup46E4D829900045771B43:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: Load balancer to target
|
|
FromPort: 9000
|
|
GroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
IpProtocol: tcp
|
|
SourceSecurityGroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikALBSecurityGroup2B18FEEF
|
|
- GroupId
|
|
ToPort: 9000
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikSG/from AuthentikStackAuthentikALBSecurityGroup46E4D829:9000
|
|
DBPassword67313E91:
|
|
Type: AWS::SecretsManager::Secret
|
|
Properties:
|
|
GenerateSecretString:
|
|
ExcludeCharacters: '"@/\'
|
|
GenerateStringKey: password
|
|
PasswordLength: 64
|
|
SecretStringTemplate: '{"username": "authentik"}'
|
|
UpdateReplacePolicy: Delete
|
|
DeletionPolicy: Delete
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/DBPassword/Resource
|
|
DBPasswordAttachmentAC350077:
|
|
Type: AWS::SecretsManager::SecretTargetAttachment
|
|
Properties:
|
|
SecretId:
|
|
Ref: DBPassword67313E91
|
|
TargetId:
|
|
Ref: AuthentikDB6710DB92
|
|
TargetType: AWS::RDS::DBInstance
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/DBPassword/Attachment/Resource
|
|
AuthentikSecretKeyAC972960:
|
|
Type: AWS::SecretsManager::Secret
|
|
Properties:
|
|
GenerateSecretString:
|
|
ExcludeCharacters: '"@/\'
|
|
PasswordLength: 64
|
|
UpdateReplacePolicy: Delete
|
|
DeletionPolicy: Delete
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikSecretKey/Resource
|
|
AuthentikDBSubnetGroup03A9E1C9:
|
|
Type: AWS::RDS::DBSubnetGroup
|
|
Properties:
|
|
DBSubnetGroupDescription: Subnet group for AuthentikDB database
|
|
SubnetIds:
|
|
- Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3
|
|
- Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikDB/SubnetGroup/Default
|
|
AuthentikDB6710DB92:
|
|
Type: AWS::RDS::DBInstance
|
|
Properties:
|
|
AllocatedStorage:
|
|
Ref: DBStorage
|
|
CopyTagsToSnapshot: true
|
|
DBInstanceClass:
|
|
Fn::Join:
|
|
- ""
|
|
- - db.
|
|
- Ref: DBInstanceType
|
|
DBName: authentik
|
|
DBSubnetGroupName:
|
|
Ref: AuthentikDBSubnetGroup03A9E1C9
|
|
Engine: postgres
|
|
EngineVersion:
|
|
Ref: DBVersion
|
|
MasterUserPassword:
|
|
Fn::Join:
|
|
- ""
|
|
- - "{{resolve:secretsmanager:"
|
|
- Ref: DBPassword67313E91
|
|
- :SecretString:password::}}
|
|
MasterUsername:
|
|
Fn::Join:
|
|
- ""
|
|
- - "{{resolve:secretsmanager:"
|
|
- Ref: DBPassword67313E91
|
|
- :SecretString:username::}}
|
|
MultiAZ: true
|
|
PubliclyAccessible: false
|
|
StorageType: gp2
|
|
VPCSecurityGroups:
|
|
- Fn::GetAtt:
|
|
- DatabaseSG2A23C222
|
|
- GroupId
|
|
UpdateReplacePolicy: Snapshot
|
|
DeletionPolicy: Snapshot
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikDB/Resource
|
|
AuthentikRedisSubnetGroup:
|
|
Type: AWS::ElastiCache::SubnetGroup
|
|
Properties:
|
|
Description: Subnet group for authentik ElastiCache Redis
|
|
SubnetIds:
|
|
- Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3
|
|
- Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikRedisSubnetGroup
|
|
AuthentikRedis:
|
|
Type: AWS::ElastiCache::ReplicationGroup
|
|
Properties:
|
|
AutomaticFailoverEnabled: true
|
|
CacheNodeType:
|
|
Ref: RedisInstanceType
|
|
CacheSubnetGroupName:
|
|
Ref: AuthentikRedisSubnetGroup
|
|
Engine: redis
|
|
EngineVersion:
|
|
Ref: RedisVersion
|
|
NumCacheClusters: 2
|
|
ReplicationGroupDescription: Redis cluster for authentik
|
|
SecurityGroupIds:
|
|
- Fn::GetAtt:
|
|
- RedisSGEA80AC17
|
|
- GroupId
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikRedis
|
|
AuthentikMediaEFSSecurityGroup1840BA29:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Security group for authentik media EFS
|
|
SecurityGroupEgress:
|
|
- CidrIp: 0.0.0.0/0
|
|
Description: Allow all outbound traffic by default
|
|
IpProtocol: "-1"
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikMediaEFSSecurityGroup/Resource
|
|
AuthentikMediaEFSSecurityGroupfromAuthentikStackAuthentikSG23C19B28204954496494:
|
|
Type: AWS::EC2::SecurityGroupIngress
|
|
Properties:
|
|
Description: from AuthentikStackAuthentikSG23C19B28:2049
|
|
FromPort: 2049
|
|
GroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikMediaEFSSecurityGroup1840BA29
|
|
- GroupId
|
|
IpProtocol: tcp
|
|
SourceSecurityGroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
ToPort: 2049
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikMediaEFSSecurityGroup/from AuthentikStackAuthentikSG23C19B28:2049
|
|
AuthentikMediaEFS4AB06689:
|
|
Type: AWS::EFS::FileSystem
|
|
Properties:
|
|
Encrypted: true
|
|
FileSystemTags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikMediaEFS
|
|
PerformanceMode: generalPurpose
|
|
ThroughputMode: bursting
|
|
UpdateReplacePolicy: Retain
|
|
DeletionPolicy: Retain
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikMediaEFS/Resource
|
|
AuthentikMediaEFSEfsMountTarget1D3A264C1:
|
|
Type: AWS::EFS::MountTarget
|
|
Properties:
|
|
FileSystemId:
|
|
Ref: AuthentikMediaEFS4AB06689
|
|
SecurityGroups:
|
|
- Fn::GetAtt:
|
|
- AuthentikMediaEFSSecurityGroup1840BA29
|
|
- GroupId
|
|
SubnetId:
|
|
Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikMediaEFS/EfsMountTarget1
|
|
AuthentikMediaEFSEfsMountTarget224E8D525:
|
|
Type: AWS::EFS::MountTarget
|
|
Properties:
|
|
FileSystemId:
|
|
Ref: AuthentikMediaEFS4AB06689
|
|
SecurityGroups:
|
|
- Fn::GetAtt:
|
|
- AuthentikMediaEFSSecurityGroup1840BA29
|
|
- GroupId
|
|
SubnetId:
|
|
Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikMediaEFS/EfsMountTarget2
|
|
AuthentikMediaEFSAuthentikMediaAccessPointA60D3CC7:
|
|
Type: AWS::EFS::AccessPoint
|
|
Properties:
|
|
AccessPointTags:
|
|
- Key: Name
|
|
Value: AuthentikStack/AuthentikMediaEFS/AuthentikMediaAccessPoint
|
|
FileSystemId:
|
|
Ref: AuthentikMediaEFS4AB06689
|
|
PosixUser:
|
|
Gid: "1000"
|
|
Uid: "1000"
|
|
RootDirectory:
|
|
CreationInfo:
|
|
OwnerGid: "1000"
|
|
OwnerUid: "1000"
|
|
Permissions: "755"
|
|
Path: /media
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikMediaEFS/AuthentikMediaAccessPoint/Resource
|
|
AuthentikCluster54E596EF:
|
|
Type: AWS::ECS::Cluster
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikCluster/Resource
|
|
AuthentikServerTaskTaskRole5BB06A73:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Action: sts:AssumeRole
|
|
Effect: Allow
|
|
Principal:
|
|
Service: ecs-tasks.amazonaws.com
|
|
Version: "2012-10-17"
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerTask/TaskRole/Resource
|
|
AuthentikServerTaskTaskRoleDefaultPolicy4C2F360F:
|
|
Type: AWS::IAM::Policy
|
|
Properties:
|
|
PolicyDocument:
|
|
Statement:
|
|
- Action:
|
|
- ssmmessages:CreateControlChannel
|
|
- ssmmessages:CreateDataChannel
|
|
- ssmmessages:OpenControlChannel
|
|
- ssmmessages:OpenDataChannel
|
|
Effect: Allow
|
|
Resource: "*"
|
|
- Action: logs:DescribeLogGroups
|
|
Effect: Allow
|
|
Resource: "*"
|
|
- Action:
|
|
- logs:CreateLogStream
|
|
- logs:DescribeLogStreams
|
|
- logs:PutLogEvents
|
|
Effect: Allow
|
|
Resource: "*"
|
|
Version: "2012-10-17"
|
|
PolicyName: AuthentikServerTaskTaskRoleDefaultPolicy4C2F360F
|
|
Roles:
|
|
- Ref: AuthentikServerTaskTaskRole5BB06A73
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerTask/TaskRole/DefaultPolicy/Resource
|
|
AuthentikServerTaskD2D47AE0:
|
|
Type: AWS::ECS::TaskDefinition
|
|
Properties:
|
|
ContainerDefinitions:
|
|
- Command:
|
|
- server
|
|
Environment:
|
|
- Name: AUTHENTIK_POSTGRESQL__HOST
|
|
Value:
|
|
Fn::GetAtt:
|
|
- AuthentikDB6710DB92
|
|
- Endpoint.Address
|
|
- Name: AUTHENTIK_POSTGRESQL__USER
|
|
Value: authentik
|
|
- Name: AUTHENTIK_REDIS__HOST
|
|
Value:
|
|
Fn::GetAtt:
|
|
- AuthentikRedis
|
|
- PrimaryEndPoint.Address
|
|
Essential: true
|
|
HealthCheck:
|
|
Command:
|
|
- CMD
|
|
- ak
|
|
- healthcheck
|
|
Interval: 30
|
|
Retries: 3
|
|
StartPeriod: 60
|
|
Timeout: 30
|
|
Image:
|
|
Fn::Join:
|
|
- ""
|
|
- - Ref: AuthentikImage
|
|
- ":"
|
|
- Ref: AuthentikVersion
|
|
LogConfiguration:
|
|
LogDriver: awslogs
|
|
Options:
|
|
awslogs-group:
|
|
Ref: AuthentikServerTaskAuthentikServerContainerLogGroup7E3C6881
|
|
awslogs-stream-prefix: authentik-server
|
|
awslogs-region:
|
|
Ref: AWS::Region
|
|
MountPoints:
|
|
- ContainerPath: /media
|
|
ReadOnly: false
|
|
SourceVolume: media
|
|
Name: AuthentikServerContainer
|
|
PortMappings:
|
|
- ContainerPort: 9000
|
|
Protocol: tcp
|
|
RestartPolicy:
|
|
Enabled: true
|
|
Secrets:
|
|
- Name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
ValueFrom:
|
|
Fn::Join:
|
|
- ""
|
|
- - Ref: DBPassword67313E91
|
|
- ":password::"
|
|
- Name: AUTHENTIK_SECRET_KEY
|
|
ValueFrom:
|
|
Ref: AuthentikSecretKeyAC972960
|
|
Cpu:
|
|
Ref: AuthentikServerCPU
|
|
ExecutionRoleArn:
|
|
Fn::GetAtt:
|
|
- AuthentikServerTaskExecutionRole053E3BF5
|
|
- Arn
|
|
Family: AuthentikStackAuthentikServerTask23085F62
|
|
Memory:
|
|
Ref: AuthentikServerMemory
|
|
NetworkMode: awsvpc
|
|
RequiresCompatibilities:
|
|
- FARGATE
|
|
TaskRoleArn:
|
|
Fn::GetAtt:
|
|
- AuthentikServerTaskTaskRole5BB06A73
|
|
- Arn
|
|
Volumes:
|
|
- EFSVolumeConfiguration:
|
|
AuthorizationConfig:
|
|
AccessPointId:
|
|
Ref: AuthentikMediaEFSAuthentikMediaAccessPointA60D3CC7
|
|
IAM: ENABLED
|
|
FilesystemId:
|
|
Ref: AuthentikMediaEFS4AB06689
|
|
TransitEncryption: ENABLED
|
|
Name: media
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerTask/Resource
|
|
AuthentikServerTaskAuthentikServerContainerLogGroup7E3C6881:
|
|
Type: AWS::Logs::LogGroup
|
|
UpdateReplacePolicy: Retain
|
|
DeletionPolicy: Retain
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerTask/AuthentikServerContainer/LogGroup/Resource
|
|
AuthentikServerTaskExecutionRole053E3BF5:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Action: sts:AssumeRole
|
|
Effect: Allow
|
|
Principal:
|
|
Service: ecs-tasks.amazonaws.com
|
|
Version: "2012-10-17"
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerTask/ExecutionRole/Resource
|
|
AuthentikServerTaskExecutionRoleDefaultPolicy5AE74030:
|
|
Type: AWS::IAM::Policy
|
|
Properties:
|
|
PolicyDocument:
|
|
Statement:
|
|
- Action:
|
|
- logs:CreateLogStream
|
|
- logs:PutLogEvents
|
|
Effect: Allow
|
|
Resource:
|
|
Fn::GetAtt:
|
|
- AuthentikServerTaskAuthentikServerContainerLogGroup7E3C6881
|
|
- Arn
|
|
- Action:
|
|
- secretsmanager:GetSecretValue
|
|
- secretsmanager:DescribeSecret
|
|
Effect: Allow
|
|
Resource:
|
|
Ref: DBPassword67313E91
|
|
- Action:
|
|
- secretsmanager:GetSecretValue
|
|
- secretsmanager:DescribeSecret
|
|
Effect: Allow
|
|
Resource:
|
|
Ref: AuthentikSecretKeyAC972960
|
|
Version: "2012-10-17"
|
|
PolicyName: AuthentikServerTaskExecutionRoleDefaultPolicy5AE74030
|
|
Roles:
|
|
- Ref: AuthentikServerTaskExecutionRole053E3BF5
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerTask/ExecutionRole/DefaultPolicy/Resource
|
|
AuthentikServerService9C845914:
|
|
Type: AWS::ECS::Service
|
|
Properties:
|
|
Cluster:
|
|
Ref: AuthentikCluster54E596EF
|
|
DeploymentConfiguration:
|
|
Alarms:
|
|
AlarmNames: []
|
|
Enable: false
|
|
Rollback: false
|
|
MaximumPercent: 200
|
|
MinimumHealthyPercent: 50
|
|
DesiredCount:
|
|
Ref: AuthentikServerDesiredCount
|
|
EnableECSManagedTags: false
|
|
EnableExecuteCommand: true
|
|
HealthCheckGracePeriodSeconds: 60
|
|
LaunchType: FARGATE
|
|
LoadBalancers:
|
|
- ContainerName: AuthentikServerContainer
|
|
ContainerPort: 9000
|
|
TargetGroupArn:
|
|
Ref: AuthentikALBAuthentikHttpsListenerAuthentikServerTargetGroup345C3479
|
|
NetworkConfiguration:
|
|
AwsvpcConfiguration:
|
|
AssignPublicIp: DISABLED
|
|
SecurityGroups:
|
|
- Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
Subnets:
|
|
- Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3
|
|
- Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123
|
|
TaskDefinition:
|
|
Ref: AuthentikServerTaskD2D47AE0
|
|
DependsOn:
|
|
- AuthentikALBAuthentikHttpsListenerAuthentikServerTargetGroup345C3479
|
|
- AuthentikALBAuthentikHttpsListener34A9BF12
|
|
- AuthentikServerTaskTaskRoleDefaultPolicy4C2F360F
|
|
- AuthentikServerTaskTaskRole5BB06A73
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikServerService/Service
|
|
AuthentikWorkerTaskTaskRole87C41589:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Action: sts:AssumeRole
|
|
Effect: Allow
|
|
Principal:
|
|
Service: ecs-tasks.amazonaws.com
|
|
Version: "2012-10-17"
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerTask/TaskRole/Resource
|
|
AuthentikWorkerTaskTaskRoleDefaultPolicy4E74B62D:
|
|
Type: AWS::IAM::Policy
|
|
Properties:
|
|
PolicyDocument:
|
|
Statement:
|
|
- Action:
|
|
- ssmmessages:CreateControlChannel
|
|
- ssmmessages:CreateDataChannel
|
|
- ssmmessages:OpenControlChannel
|
|
- ssmmessages:OpenDataChannel
|
|
Effect: Allow
|
|
Resource: "*"
|
|
- Action: logs:DescribeLogGroups
|
|
Effect: Allow
|
|
Resource: "*"
|
|
- Action:
|
|
- logs:CreateLogStream
|
|
- logs:DescribeLogStreams
|
|
- logs:PutLogEvents
|
|
Effect: Allow
|
|
Resource: "*"
|
|
Version: "2012-10-17"
|
|
PolicyName: AuthentikWorkerTaskTaskRoleDefaultPolicy4E74B62D
|
|
Roles:
|
|
- Ref: AuthentikWorkerTaskTaskRole87C41589
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerTask/TaskRole/DefaultPolicy/Resource
|
|
AuthentikWorkerTaskF8F277C5:
|
|
Type: AWS::ECS::TaskDefinition
|
|
Properties:
|
|
ContainerDefinitions:
|
|
- Command:
|
|
- worker
|
|
Environment:
|
|
- Name: AUTHENTIK_POSTGRESQL__HOST
|
|
Value:
|
|
Fn::GetAtt:
|
|
- AuthentikDB6710DB92
|
|
- Endpoint.Address
|
|
- Name: AUTHENTIK_POSTGRESQL__USER
|
|
Value: authentik
|
|
- Name: AUTHENTIK_REDIS__HOST
|
|
Value:
|
|
Fn::GetAtt:
|
|
- AuthentikRedis
|
|
- PrimaryEndPoint.Address
|
|
Essential: true
|
|
HealthCheck:
|
|
Command:
|
|
- CMD
|
|
- ak
|
|
- healthcheck
|
|
Interval: 30
|
|
Retries: 3
|
|
StartPeriod: 60
|
|
Timeout: 30
|
|
Image:
|
|
Fn::Join:
|
|
- ""
|
|
- - Ref: AuthentikImage
|
|
- ":"
|
|
- Ref: AuthentikVersion
|
|
LogConfiguration:
|
|
LogDriver: awslogs
|
|
Options:
|
|
awslogs-group:
|
|
Ref: AuthentikWorkerTaskAuthentikWorkerContainerLogGroupC05B4DFC
|
|
awslogs-stream-prefix: authentik-worker
|
|
awslogs-region:
|
|
Ref: AWS::Region
|
|
MountPoints:
|
|
- ContainerPath: /media
|
|
ReadOnly: false
|
|
SourceVolume: media
|
|
Name: AuthentikWorkerContainer
|
|
RestartPolicy:
|
|
Enabled: true
|
|
Secrets:
|
|
- Name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
ValueFrom:
|
|
Fn::Join:
|
|
- ""
|
|
- - Ref: DBPassword67313E91
|
|
- ":password::"
|
|
- Name: AUTHENTIK_SECRET_KEY
|
|
ValueFrom:
|
|
Ref: AuthentikSecretKeyAC972960
|
|
Cpu:
|
|
Ref: AuthentikWorkerCPU
|
|
ExecutionRoleArn:
|
|
Fn::GetAtt:
|
|
- AuthentikWorkerTaskExecutionRole2E56865A
|
|
- Arn
|
|
Family: AuthentikStackAuthentikWorkerTask6C7D4E77
|
|
Memory:
|
|
Ref: AuthentikWorkerMemory
|
|
NetworkMode: awsvpc
|
|
RequiresCompatibilities:
|
|
- FARGATE
|
|
TaskRoleArn:
|
|
Fn::GetAtt:
|
|
- AuthentikWorkerTaskTaskRole87C41589
|
|
- Arn
|
|
Volumes:
|
|
- EFSVolumeConfiguration:
|
|
AuthorizationConfig:
|
|
AccessPointId:
|
|
Ref: AuthentikMediaEFSAuthentikMediaAccessPointA60D3CC7
|
|
IAM: ENABLED
|
|
FilesystemId:
|
|
Ref: AuthentikMediaEFS4AB06689
|
|
TransitEncryption: ENABLED
|
|
Name: media
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerTask/Resource
|
|
AuthentikWorkerTaskAuthentikWorkerContainerLogGroupC05B4DFC:
|
|
Type: AWS::Logs::LogGroup
|
|
UpdateReplacePolicy: Retain
|
|
DeletionPolicy: Retain
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerTask/AuthentikWorkerContainer/LogGroup/Resource
|
|
AuthentikWorkerTaskExecutionRole2E56865A:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Statement:
|
|
- Action: sts:AssumeRole
|
|
Effect: Allow
|
|
Principal:
|
|
Service: ecs-tasks.amazonaws.com
|
|
Version: "2012-10-17"
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerTask/ExecutionRole/Resource
|
|
AuthentikWorkerTaskExecutionRoleDefaultPolicyB028D6C8:
|
|
Type: AWS::IAM::Policy
|
|
Properties:
|
|
PolicyDocument:
|
|
Statement:
|
|
- Action:
|
|
- logs:CreateLogStream
|
|
- logs:PutLogEvents
|
|
Effect: Allow
|
|
Resource:
|
|
Fn::GetAtt:
|
|
- AuthentikWorkerTaskAuthentikWorkerContainerLogGroupC05B4DFC
|
|
- Arn
|
|
- Action:
|
|
- secretsmanager:GetSecretValue
|
|
- secretsmanager:DescribeSecret
|
|
Effect: Allow
|
|
Resource:
|
|
Ref: DBPassword67313E91
|
|
- Action:
|
|
- secretsmanager:GetSecretValue
|
|
- secretsmanager:DescribeSecret
|
|
Effect: Allow
|
|
Resource:
|
|
Ref: AuthentikSecretKeyAC972960
|
|
Version: "2012-10-17"
|
|
PolicyName: AuthentikWorkerTaskExecutionRoleDefaultPolicyB028D6C8
|
|
Roles:
|
|
- Ref: AuthentikWorkerTaskExecutionRole2E56865A
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerTask/ExecutionRole/DefaultPolicy/Resource
|
|
AuthentikWorkerService629E37E2:
|
|
Type: AWS::ECS::Service
|
|
Properties:
|
|
Cluster:
|
|
Ref: AuthentikCluster54E596EF
|
|
DeploymentConfiguration:
|
|
Alarms:
|
|
AlarmNames: []
|
|
Enable: false
|
|
Rollback: false
|
|
MaximumPercent: 200
|
|
MinimumHealthyPercent: 50
|
|
DesiredCount:
|
|
Ref: AuthentikWorkerDesiredCount
|
|
EnableECSManagedTags: false
|
|
EnableExecuteCommand: true
|
|
LaunchType: FARGATE
|
|
NetworkConfiguration:
|
|
AwsvpcConfiguration:
|
|
AssignPublicIp: DISABLED
|
|
SecurityGroups:
|
|
- Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
Subnets:
|
|
- Ref: AuthentikVpcPrivateSubnet1Subnet6748EEA3
|
|
- Ref: AuthentikVpcPrivateSubnet2Subnet6B8E7123
|
|
TaskDefinition:
|
|
Ref: AuthentikWorkerTaskF8F277C5
|
|
DependsOn:
|
|
- AuthentikWorkerTaskTaskRoleDefaultPolicy4E74B62D
|
|
- AuthentikWorkerTaskTaskRole87C41589
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikWorkerService/Service
|
|
AuthentikALB992EAB01:
|
|
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
|
|
Properties:
|
|
LoadBalancerAttributes:
|
|
- Key: deletion_protection.enabled
|
|
Value: "false"
|
|
Scheme: internet-facing
|
|
SecurityGroups:
|
|
- Fn::GetAtt:
|
|
- AuthentikALBSecurityGroup2B18FEEF
|
|
- GroupId
|
|
Subnets:
|
|
- Ref: AuthentikVpcPublicSubnet1Subnet0C75862A
|
|
- Ref: AuthentikVpcPublicSubnet2Subnet4DFAFA5B
|
|
Type: application
|
|
DependsOn:
|
|
- AuthentikVpcPublicSubnet1DefaultRoute90C4189A
|
|
- AuthentikVpcPublicSubnet1RouteTableAssociation33E57E0C
|
|
- AuthentikVpcPublicSubnet2DefaultRoute2E9B0EBA
|
|
- AuthentikVpcPublicSubnet2RouteTableAssociationDA2BDD26
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikALB/Resource
|
|
AuthentikALBSecurityGroup2B18FEEF:
|
|
Type: AWS::EC2::SecurityGroup
|
|
Properties:
|
|
GroupDescription: Automatically created Security Group for ELB AuthentikStackAuthentikALB07C6B2CD
|
|
SecurityGroupIngress:
|
|
- CidrIp: 0.0.0.0/0
|
|
Description: Allow from anyone on port 80
|
|
FromPort: 80
|
|
IpProtocol: tcp
|
|
ToPort: 80
|
|
- CidrIp: 0.0.0.0/0
|
|
Description: Allow from anyone on port 443
|
|
FromPort: 443
|
|
IpProtocol: tcp
|
|
ToPort: 443
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikALB/SecurityGroup/Resource
|
|
AuthentikALBSecurityGrouptoAuthentikStackAuthentikSG23C19B2890000F200B23:
|
|
Type: AWS::EC2::SecurityGroupEgress
|
|
Properties:
|
|
Description: Load balancer to target
|
|
DestinationSecurityGroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikSG3040E46F
|
|
- GroupId
|
|
FromPort: 9000
|
|
GroupId:
|
|
Fn::GetAtt:
|
|
- AuthentikALBSecurityGroup2B18FEEF
|
|
- GroupId
|
|
IpProtocol: tcp
|
|
ToPort: 9000
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikALB/SecurityGroup/to AuthentikStackAuthentikSG23C19B28:9000
|
|
AuthentikALBAuthentikHttpListener6825393B:
|
|
Type: AWS::ElasticLoadBalancingV2::Listener
|
|
Properties:
|
|
DefaultActions:
|
|
- RedirectConfig:
|
|
Protocol: HTTPS
|
|
StatusCode: HTTP_301
|
|
Type: redirect
|
|
LoadBalancerArn:
|
|
Ref: AuthentikALB992EAB01
|
|
Port: 80
|
|
Protocol: HTTP
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikALB/AuthentikHttpListener/Resource
|
|
AuthentikALBAuthentikHttpsListener34A9BF12:
|
|
Type: AWS::ElasticLoadBalancingV2::Listener
|
|
Properties:
|
|
Certificates:
|
|
- CertificateArn:
|
|
Ref: CertificateARN
|
|
DefaultActions:
|
|
- TargetGroupArn:
|
|
Ref: AuthentikALBAuthentikHttpsListenerAuthentikServerTargetGroup345C3479
|
|
Type: forward
|
|
LoadBalancerArn:
|
|
Ref: AuthentikALB992EAB01
|
|
Port: 443
|
|
Protocol: HTTPS
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikALB/AuthentikHttpsListener/Resource
|
|
AuthentikALBAuthentikHttpsListenerAuthentikServerTargetGroup345C3479:
|
|
Type: AWS::ElasticLoadBalancingV2::TargetGroup
|
|
Properties:
|
|
HealthCheckPath: /-/health/live/
|
|
Matcher:
|
|
HttpCode: "200"
|
|
Port: 9000
|
|
Protocol: HTTP
|
|
TargetGroupAttributes:
|
|
- Key: stickiness.enabled
|
|
Value: "false"
|
|
TargetType: ip
|
|
VpcId:
|
|
Ref: AuthentikVpcA1ABE6C2
|
|
Metadata:
|
|
aws:cdk:path: AuthentikStack/AuthentikALB/AuthentikHttpsListener/AuthentikServerTargetGroup/Resource
|
|
Outputs:
|
|
LoadBalancerDNS:
|
|
Value:
|
|
Fn::GetAtt:
|
|
- AuthentikALB992EAB01
|
|
- DNSName
|
|
|