Awesome
KONG :heavy_plus_sign: AWS CloudFormation
Website | Documentation | Forum | Blog
This CloudFormation template helps you model and set up Kong's resources in AWS easily.
Note: For Kong's 0.10.x and older versions template please check out the 4.0.0 or older tags.
Summary
You have option to chose between two templates:
1) Kong with Cassandra DB (you need to bring yours own Cassandra cluster)
Provisions Kong resources with user provided Cassandra seed nodes in a new VPC or existing VPC.
Region | HVM AMIs | PV AMIs |
---|---|---|
us-east-1 | ||
us-west-1 | ||
us-west-2 | ||
eu-west-1 | ||
ap-northeast-1 | ||
ap-southeast-1 | ||
ap-southeast-2 | ||
sa-east-1 |
2) Kong with Postgres DB
Provisions Kong resources - including the necessary Postgres database - in a new VPC or existing VPC.
Region | HVM AMIs | PV AMIs |
---|---|---|
us-east-1 | ||
us-west-1 | ||
us-west-2 | ||
eu-west-1 | ||
ap-northeast-1 | ||
ap-southeast-1 | ||
ap-southeast-2 | ||
sa-east-1 |
3) Kong in DB-less mode
Provisions Kong resources in a new VPC or existing VPC.
<B>User would need to provide a S3 bucket location where kong.yml
is stored
with declarative configuration to bootstrap all the Kong instances.</B>
Region | HVM AMIs | PV AMIs |
---|---|---|
us-east-1 | ||
us-west-1 | ||
us-west-2 | ||
eu-west-1 | ||
ap-northeast-1 | ||
ap-southeast-1 | ||
ap-southeast-2 | ||
sa-east-1 |
Parameters
<B>Recommended usage: use this cloud formation as basis for your own, adjust the variables and template to better suite your needs.</B>
Cassandra
Parameter | Default | Description |
---|---|---|
SSHLocation | 0.0.0.0/0 | The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances |
KongProxyAccess | 0.0.0.0/0 | The IP address range that can be used to access the Kong admin server |
KongAdminAccess | 0.0.0.0/0 | The IP address range that can be used to access the Kong proxy server |
KongKeyName | - | Existing EC2 KeyPair to enable SSH access to the Kong instances |
KongFleetMaxSize | 2 | Max Number of Kong instances (Min: 1 ) |
KongFleetDesiredSize | 2 | Desired Number of Kong instances (Min: 1 ) |
KongInstanceType | c3.2xlarge | EC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform |
KongVersion | - | Kong version to be deployed. Leave it blank to install latest version. |
KongBootstrapMigration | true | Select false to not run the Kong bootstrap migrations while Kong starts |
KongConfigs | `` | Comma separated Kong configurations in KONG_<SUPPORTED_CONFIG>=Val format |
CassandraKeyName | - | Existing EC2 KeyPair to enable SSH access to the instances for Cassandra |
CassandraFleetSize | 1 | Number of nodes in cluster. (Min: 1 ) |
CassandraInstanceType | c3.2xlarge | EC2 instance type for Cassandra |
CassandraClusterName | - | Cassandra cluster name |
CassandraClusterVersion | 2.2.4 | Cassandra cluster version |
CassandraVersion | Community | Cassandra version |
CassandraOpsCenterAccess | 0.0.0.0/0 | The IP address range that can access OpsCenter for Cassandra cluster management |
CassandraSeedNodes | - | Comma separated Cassandra seed nodes DNS/IP address ex. example.com[, 123.123.123.123] |
CassandraPort | 9042 | Cassandra nodes query port ex. 9042 |
VpcId | - | Optional- VPC Id of existing VPC. Leave blank to have a new VPC created |
SubnetId1 | - | Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run |
SubnetId2 | - | Conditional- required if VpcId provided. Existing VPC Subnet Id 2 where ECS instances will run |
Subnet1AZ | - | Conditional- required if VpcId provided or if *-1a AZ not supported by AWS account. Existing VPC Subnet 1 AvailabilityZone |
Subnet2AZ | - | Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone |
Postgres
Parameter | Default | Description |
---|---|---|
SSHLocation | 0.0.0.0/0 | The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances |
KongProxyAccess | 0.0.0.0/0 | The IP address range that can be used to access the Kong admin server |
KongAdminAccess | 0.0.0.0/0 | The IP address range that can be used to access the Kong proxy server |
KongKeyName | - | Existing EC2 KeyPair to enable SSH access to the Kong instances |
KongFleetMaxSize | 2 | Max Number of Kong instances (Min: 1 ) |
KongFleetDesiredSize | 2 | Desired Number of Kong instances (Min: 1 ) |
KongInstanceType | c3.2xlarge | EC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform |
KongVersion | - | Kong version to be deployed. Leave it blank to install latest version. |
KongBootstrapMigration | true | Select false to not run the Kong bootstrap migrations when Kong starts |
KongConfigs | `` | Comma separated Kong configurations in KONG_<SUPPORTED_CONFIG>=Val format |
DBName | Kong | Database name |
DBHost | - | The database host dns/ip address, leave blank to start a new RDS instance |
DBPort | 5432 | The database port, leave blank to start a new RDS instance |
DBUsername | kong | The database admin account username |
DBPassword | changeit | The database admin account password |
DBClass | db.m1.large | Database instance class |
DBPublicAccess | false | Database public access |
DBVersion | 9.4.7 | Postgres version |
DBAllocatedStorage | 5 | The size of the database (Gb) |
DBSnapshotIdentifier | - | The RDS snapshot name to restore to the new DB instance. |
VpcId | - | Optional- VPC Id of existing VPC. Leave blank to have a new VPC created |
SubnetId1 | - | Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run |
SubnetId2 | - | Conditional- required if VpcId provided. Existing VPC Subnet Id 2 where ECS instances will run |
Subnet1AZ | - | Conditional- required if VpcId provided or if *-1a AZ not supported by account. Existing VPC Subnet 1 AvailabilityZone |
Subnet2AZ | - | Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone |
DB-less mode
Parameter | Default | Description |
---|---|---|
SSHLocation | 0.0.0.0/0 | The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances |
KongProxyAccess | 0.0.0.0/0 | The IP address range that can be used to access the Kong admin server |
KongAdminAccess | 0.0.0.0/0 | The IP address range that can be used to access the Kong proxy server |
KongKeyName | - | Existing EC2 KeyPair to enable SSH access to the Kong instances |
KongFleetMaxSize | 2 | Max Number of Kong instances (Min: 1 ) |
KongFleetDesiredSize | 2 | Desired Number of Kong instances (Min: 1 ) |
KongInstanceType | c3.2xlarge | EC2 instance type for Kong. Note: T2 instance is not supported on the EC2-Classic platform |
KongVersion | - | Kong version to be deployed. Leave it blank to install latest version. |
KongConfigBucketName | `` | S3 bucket where kong declarative config file kong.yml is stored |
KongConfigs | `` | Comma separated Kong configurations in KONG_<SUPPORTED_CONFIG>=Val format |
VpcId | - | Optional- VPC Id of existing VPC. Leave blank to have a new VPC created |
SubnetId1 | - | Conditional- required if VpcId provided. Existing VPC Subnet Id 1 where ECS instances will run |
SubnetId2 | - | Conditional- required if VpcId provided. Existing VPC Subnet Id 2 where ECS instances will run |
Subnet1AZ | - | Conditional- required if VpcId provided or if *-1a AZ not supported by account. Existing VPC Subnet 1 AvailabilityZone |
Subnet2AZ | - | Conditional- required if either VpcId or Subnet1AZ provided or *-1b AZ not supported by account. Existing VPC Subnet 2 AvailabilityZone |
Instructions:
-
Initial Setup:
Create the required key pairs, one to access Kong instances and one for Cassandra if template povisioning a new Cassandra cluster. If you providing your own DB instances, make sure its accessible by Kong instances. If you want to create instances in existing VPC, VPC need to have two public subnet and all required ports open to allow access to Kong Load balancer.
Continue to next step if you want to use an existing key pair
-
Choose a Region & VM Type:
Choose the region closest to your API servers, and pick the virtualization type you'd like from the list of available templates above.
You should land on AWS Cloud Formation "Select Template" page
-
Parameters:
Fill in all the parameters details. If you chose to launch Kong with Cassandra/Postgres you would be asked to fill in extra parameters to create a Cassandra cluster or Postgres RDS instance. check the description of each field and provide appropriate values.
Note: consult the parameters table for detailed description of parameters
-
Option page:
Add Tags and other fields according to your requirements.
Note: The template is configured to add a "Name" tag to each relevant resource
-
Grab a Coffee!:
It will take several minutes (~20 minutes) to create the stack. Once the stack has a status of
CREATE_COMPLETE
, click on "Output" tab to get the proxy and Admin URL, it may take 60 seconds more for links to become active.Note: To monitor the progress go to AWS CloudFormation console, select the stack in the list. In the stack details pane, click the "Events" tab to see the progress.
-
Use Kong:
Quickly learn how to use Kong with the 5-minute Quickstart.
SSL Support
You can install SSL Certificate on the Kong Load Balancer.
SSL Certificate for Kong Load Balancer
- Obtain the Kong Load Balancer
id
from the "Resources tab". - Find the matching Kong Load Balancer instance.
- Edit Listeners from the bottom pane, click Add.
- In the Load Balancer Protocol column, select HTTPS (Secure HTTP). This updates the Load Balancer Port, Instance Protocol, and Instance Port columns. In the Instance Protocol column, select HTTP and update the Instance port to 8000.
- By default, Elastic Load Balancing selects the current predefined security policy, ELBSecurityPolicy-2015-05, for your HTTPS/SSL listener. This is the recommended setting.
- In the SSL Certificate column, click Change, and then you either upload a new certificate or choose an existing Certificate.
- Click Save to add the listeners you just configured.
- Click on Security tab.
- Click on Security Group id.
- In the bottom pane, select the Inbound tab.
- Click Edit.
- Add Load Balancer Port for the HTTPS to the list and save.
Important Note
- The security configuration on the templates opens up all externally accessible ports to incoming traffic from any IP address if default is chosen (
0.0.0.0/0
) - The risk of data leakage is high. If you desire a more secure configuration, please update access fields with appropiate IP address range
- The template installs many resources on AWS. You will be billed just for the AWS resources used
- Some of the instance types may not be supported in all the AWS Regions or Availablity Zones, so choose next best available option
Enterprise Support
Support, Demo, Training, API Certifications and Consulting available at http://getkong.org/enterprise.