Home

Awesome

KONG :heavy_plus_sign: AWS CloudFormation

Website | Documentation | Forum | Blog

This CloudFormation template helps you model and set up Kong's resources in AWS easily.

Note: For Kong's 0.10.x and older versions template please check out the 4.0.0 or older tags.

Summary

You have option to chose between two templates:

1) Kong with Cassandra DB (you need to bring yours own Cassandra cluster)

Provisions Kong resources with user provided Cassandra seed nodes in a new VPC or existing VPC.

RegionHVM AMIsPV AMIs
us-east-1Kong Stack launchKong Stack launch
us-west-1Kong Stack launchKong Stack launch
us-west-2Kong Stack launchKong Stack launch
eu-west-1Kong Stack launchKong Stack launch
ap-northeast-1Kong Stack launchKong Stack launch
ap-southeast-1Kong Stack launchKong Stack launch
ap-southeast-2Kong Stack launchKong Stack launch
sa-east-1Kong Stack launchKong Stack launch

2) Kong with Postgres DB

Provisions Kong resources - including the necessary Postgres database - in a new VPC or existing VPC.

RegionHVM AMIsPV AMIs
us-east-1Kong Stack launchKong Stack launch
us-west-1Kong Stack launchKong Stack launch
us-west-2Kong Stack launchKong Stack launch
eu-west-1Kong Stack launchKong Stack launch
ap-northeast-1Kong Stack launchKong Stack launch
ap-southeast-1Kong Stack launchKong Stack launch
ap-southeast-2Kong Stack launchKong Stack launch
sa-east-1Kong Stack launchKong Stack launch

3) Kong in DB-less mode

Provisions Kong resources in a new VPC or existing VPC.

<B>User would need to provide a S3 bucket location where kong.yml is stored with declarative configuration to bootstrap all the Kong instances.</B>

RegionHVM AMIsPV AMIs
us-east-1Kong Stack launchKong Stack launch
us-west-1Kong Stack launchKong Stack launch
us-west-2Kong Stack launchKong Stack launch
eu-west-1Kong Stack launchKong Stack launch
ap-northeast-1Kong Stack launchKong Stack launch
ap-southeast-1Kong Stack launchKong Stack launch
ap-southeast-2Kong Stack launchKong Stack launch
sa-east-1Kong Stack launchKong Stack launch

Parameters

<B>Recommended usage: use this cloud formation as basis for your own, adjust the variables and template to better suite your needs.</B>

Cassandra

ParameterDefaultDescription
SSHLocation0.0.0.0/0The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances
KongProxyAccess0.0.0.0/0The IP address range that can be used to access the Kong admin server
KongAdminAccess0.0.0.0/0The IP address range that can be used to access the Kong proxy server
KongKeyName-Existing EC2 KeyPair to enable SSH access to the Kong instances
KongFleetMaxSize2Max Number of Kong instances (Min: 1)
KongFleetDesiredSize2Desired Number of Kong instances (Min: 1)
KongInstanceTypec3.2xlargeEC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform
KongVersion-Kong version to be deployed. Leave it blank to install latest version.
KongBootstrapMigration trueSelect false to not run the Kong bootstrap migrations while Kong starts
KongConfigs``Comma separated Kong configurations in KONG_<SUPPORTED_CONFIG>=Val format
CassandraKeyName-Existing EC2 KeyPair to enable SSH access to the instances for Cassandra
CassandraFleetSize1Number of nodes in cluster. (Min: 1)
CassandraInstanceTypec3.2xlargeEC2 instance type for Cassandra
CassandraClusterName-Cassandra cluster name
CassandraClusterVersion2.2.4Cassandra cluster version
CassandraVersionCommunityCassandra version
CassandraOpsCenterAccess0.0.0.0/0The IP address range that can access OpsCenter for Cassandra cluster management
CassandraSeedNodes-Comma separated Cassandra seed nodes DNS/IP address ex. example.com[, 123.123.123.123]
CassandraPort9042Cassandra nodes query port ex. 9042
VpcId-Optional- VPC Id of existing VPC. Leave blank to have a new VPC created
SubnetId1-Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run
SubnetId2-Conditional- required if VpcId provided. Existing VPC Subnet Id 2 where ECS instances will run
Subnet1AZ-Conditional- required if VpcId provided or if *-1a AZ not supported by AWS account. Existing VPC Subnet 1 AvailabilityZone
Subnet2AZ-Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone

Postgres

ParameterDefaultDescription
SSHLocation0.0.0.0/0The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances
KongProxyAccess0.0.0.0/0The IP address range that can be used to access the Kong admin server
KongAdminAccess0.0.0.0/0The IP address range that can be used to access the Kong proxy server
KongKeyName-Existing EC2 KeyPair to enable SSH access to the Kong instances
KongFleetMaxSize2Max Number of Kong instances (Min: 1)
KongFleetDesiredSize2Desired Number of Kong instances (Min: 1)
KongInstanceTypec3.2xlargeEC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform
KongVersion-Kong version to be deployed. Leave it blank to install latest version.
KongBootstrapMigration trueSelect false to not run the Kong bootstrap migrations when Kong starts
KongConfigs``Comma separated Kong configurations in KONG_<SUPPORTED_CONFIG>=Val format
DBNameKongDatabase name
DBHost-The database host dns/ip address, leave blank to start a new RDS instance
DBPort5432The database port, leave blank to start a new RDS instance
DBUsernamekongThe database admin account username
DBPasswordchangeitThe database admin account password
DBClassdb.m1.largeDatabase instance class
DBPublicAccessfalseDatabase public access
DBVersion9.4.7Postgres version
DBAllocatedStorage5The size of the database (Gb)
DBSnapshotIdentifier-The RDS snapshot name to restore to the new DB instance.
VpcId-Optional- VPC Id of existing VPC. Leave blank to have a new VPC created
SubnetId1-Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run
SubnetId2-Conditional- required if VpcId provided. Existing VPC Subnet Id 2 where ECS instances will run
Subnet1AZ-Conditional- required if VpcId provided or if *-1a AZ not supported by account. Existing VPC Subnet 1 AvailabilityZone
Subnet2AZ-Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone

DB-less mode

ParameterDefaultDescription
SSHLocation0.0.0.0/0The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances
KongProxyAccess0.0.0.0/0The IP address range that can be used to access the Kong admin server
KongAdminAccess0.0.0.0/0The IP address range that can be used to access the Kong proxy server
KongKeyName-Existing EC2 KeyPair to enable SSH access to the Kong instances
KongFleetMaxSize2Max Number of Kong instances (Min: 1)
KongFleetDesiredSize2Desired Number of Kong instances (Min: 1)
KongInstanceTypec3.2xlargeEC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform
KongVersion-Kong version to be deployed. Leave it blank to install latest version.
KongConfigBucketName ``S3 bucket where kong declarative config file kong.yml is stored
KongConfigs``Comma separated Kong configurations in KONG_<SUPPORTED_CONFIG>=Val format
VpcId-Optional- VPC Id of existing VPC. Leave blank to have a new VPC created
SubnetId1-Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run
SubnetId2-Conditional- required if VpcId provided. Existing VPC Subnet Id 2 where ECS instances will run
Subnet1AZ-Conditional- required if VpcId provided or if *-1a AZ not supported by account. Existing VPC Subnet 1 AvailabilityZone
Subnet2AZ-Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone

Instructions:

  1. Initial Setup:

    Create the required key pairs, one to access Kong instances and one for Cassandra if template povisioning a new Cassandra cluster. If you providing your own DB instances, make sure its accessible by Kong instances. If you want to create instances in existing VPC, VPC need to have two public subnet and all required ports open to allow access to Kong Load balancer.

    Continue to next step if you want to use an existing key pair

  2. Choose a Region & VM Type:

    Choose the region closest to your API servers, and pick the virtualization type you'd like from the list of available templates above.

    You should land on AWS Cloud Formation "Select Template" page

  3. Parameters:

    Fill in all the parameters details. If you chose to launch Kong with Cassandra/Postgres you would be asked to fill in extra parameters to create a Cassandra cluster or Postgres RDS instance. check the description of each field and provide appropriate values.

    Note: consult the parameters table for detailed description of parameters

  4. Option page:

    Add Tags and other fields according to your requirements.

    Note: The template is configured to add a "Name" tag to each relevant resource

  5. Grab a Coffee!:

    It will take several minutes (~20 minutes) to create the stack. Once the stack has a status of CREATE_COMPLETE, click on "Output" tab to get the proxy and Admin URL, it may take 60 seconds more for links to become active.

    Note: To monitor the progress go to AWS CloudFormation console, select the stack in the list. In the stack details pane, click the "Events" tab to see the progress.

  6. Use Kong:

    Quickly learn how to use Kong with the 5-minute Quickstart.

SSL Support

You can install SSL Certificate on the Kong Load Balancer.

SSL Certificate for Kong Load Balancer
  1. Obtain the Kong Load Balancer id from the "Resources tab".
  2. Find the matching Kong Load Balancer instance.
  3. Edit Listeners from the bottom pane, click Add.
  4. In the Load Balancer Protocol column, select HTTPS (Secure HTTP). This updates the Load Balancer Port, Instance Protocol, and Instance Port columns. In the Instance Protocol column, select HTTP and update the Instance port to 8000.
  5. By default, Elastic Load Balancing selects the current predefined security policy, ELBSecurityPolicy-2015-05, for your HTTPS/SSL listener. This is the recommended setting.
  6. In the SSL Certificate column, click Change, and then you either upload a new certificate or choose an existing Certificate.
  7. Click Save to add the listeners you just configured.
  8. Click on Security tab.
  9. Click on Security Group id.
  10. In the bottom pane, select the Inbound tab.
  11. Click Edit.
  12. Add Load Balancer Port for the HTTPS to the list and save.

Important Note

  1. The security configuration on the templates opens up all externally accessible ports to incoming traffic from any IP address if default is chosen (0.0.0.0/0)
  2. The risk of data leakage is high. If you desire a more secure configuration, please update access fields with appropiate IP address range
  3. The template installs many resources on AWS. You will be billed just for the AWS resources used
  4. Some of the instance types may not be supported in all the AWS Regions or Availablity Zones, so choose next best available option

Enterprise Support

Support, Demo, Training, API Certifications and Consulting available at http://getkong.org/enterprise.