Reference (2017-03-03)
Template structure
Below is a tree view of all possible components within an ALM Template. The following structure is not a working demo template, but rather to explain all possible key names that may contain in the template body.
version
The version of ALM Template release. This value is always 2017-03-03.
label
The label of the ALM Template. You can use this section to mark the labels for each of your ALM Template versions. This is useful when you update your template. This value can be empty, and you can write up to 64 characters in length.
description
The description of the ALM Template. You can use this section to describe the purpose of the ALM Template. For example: production app stack. This value can be empty, and you can write up to 255 characters in length.
vendor
The cloud platform vendor of which the template will be deployed to. You need to specify the vendor in every ALM Template you write, and can only specify one vendor at a time.
Valid values:
cred: ALM credential name created under AWS vendor region: vendor region for your deployment
configurations
The configurations of the stack which ALM Template is about to deploy. In the configurations section, you specify one or multiple configuration layers of your application's provision and container runtime settings. Inside each layer, there are four sections you need to specify:
role
The "role" of which the stack layer defines to.
You deploy multiple layers within one ALM Template, for example two web layers, one bastion layer and one database layer. The current available role names:
web
bastion
flag
The unique identifier of each layer.
You must specify the flag name for each configuration layer. The value must between 4 to 18 characters in length and contains only alphanumeric characters.
provision
The infrastructure provisioning configurations.
vpc_id
Reserved key name, not supported yet.
Currently, a new VPC will be created with every ALM Template execution and the default VPC has a fixed CIDR range of 10.0.0.0/16 and you cannot customize it at the moment, so when you specifying your subnets please make sure the CIDR setting for your subnets are sitting within the VPC CIDR range.
For GCP, all deployments use the region's default public network. For GCP's predefined network ranges, you can refer to this page.
availability_zone
Valid values:
Below are the valid availability zones for each regions on AWS.
instance_type
The type of instances (VMs). If value is not provided in the template, the default values will be used for each cloud platform.
Valid values:
Default: t2.micro
Below are the valid instance types for AWS.
image
Default values will be applied for each cloud platform (see below for default values). However, you can also specify this value for launching with a customized machine image.
Note: If you specify this value and also specify the container section in the ALM Template to take the advantage of application lifecycle management, you need to make sure the base machine image operating system supports ALM-agent installation. For supported operating systems by ALM-agent, please refer to this guide.
Valid values:
Below is also the default value for AWS.
instance_count
If you don't specify this declarative, the default value of 1 will be applied.
Valid values:
volume_type
Valid values:
If you don't specify this declarative, the default value of gp2 will be applied.
volume_size
Valid values:
keypair
The ssh key pair used to access instances.
subnet
A subnet section contains 3 key names.
cidr
(string)The IPv4 CIDR block that you want the subnet to cover (for example, "10.0.0.0/24").
Required: No
If you don't specify this declarative, the default CIDR block settings will be applied. See below for default values on each cloud platform.
public
(boolean)Defines whether this subnet is public or private. This value is either true or false.
If you don't specify this declarative, the default value of true will be applied.
Required: No
auto_assign_public_ip
(boolean)Defines whether automatically assigns a public IP when instance launched into the subnet. This value is either true or false.
Required: No
If you don't specify this declarative, the default value of true will be applied.
If you set
public
as false, then this declarative will be ignored.
Valid values:
Example below is also the default settings when deploying to AWS.
network_acl
The network action control list for a virtual private cloud. This section supports AWS only.
A network_acl section contains a list of network_acl entry items. Each item contains the following declaratives:
rule_number
(int)Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.
Required: Yes
For more on valid values, please refer to this guide on aws documentation site.
protocol
(string)The IP protocol that the rule applies to. You must specify -1 or a protocol number. You can specify -1 for all protocols.
Required: Yes
For more on protocol numbers, please refer to this guide.
rule_action
(string)Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".
Required: Yes
acl_egress
(boolean)Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).
Required: No
If you don't specify this declarative, the default value of false will be applied.
cidr_block
(string)The IPv4 CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).
Required: Yes
For more information about network acl please refer to AWS Documentation
Valid values:
Example below is also the default settings when deploying to AWS.
security_group
A security group section contains two entry items, ingress
and egress
.
ingress (array)
egress (array)
Each ingress or egress contains the following 4 declarative:
cidr_ip
(string)An IPv4 CIDR range.
Required: Yes
(For more information on cidr calculations, there are tools like this to helping you get started.)
from_port
(int)Start of port range for the TCP and UDP protocols, or an ICMP type number. If you specify icmp for the IpProtocol property, you can specify -1 as a wildcard (i.e., any ICMP type number).
Required: Yes
ip_protocol
(string)IP protocol name or number.
Required: Yes
to_port
(int)End of port range for the TCP and UDP protocols, or an ICMP code. If you specify icmp for the IpProtocol property, you can specify -1 as a wildcard (i.e., any ICMP code).
Required: Yes
Valid values:
Example below is also the default settings when deploying to AWS.
auto_scaling
If you are deploying an application type of load balancer (you define in load_balancer
declarative), you can omit the required parameters below and use the ATL function #share
to share the same auto scaling group which you defined in another layer. Click here for more on ATL functions.
ATL is only supported by AWS at the moment.
The auto_scaling
section contains the following declarative:
min
(int)The minimum size of the whole (total) autoscaling group.
Required: No
If you don't specify this declarative, the default value of 1 will be applied.
max
(int)The maximum size of the whole (total) autoscaling group.
Required: No
If you don't specify this declarative, the default value of 1 will be applied.
spot_to_ondemand_ratio
(int) The percentage of min/max values to deploy as spot/preemptible/low-priority instances. For example, if you have 10 asmin
and 100 asmax
, aspot_to_ondemand_ratio
value of 60 (or 60 percent) will have the following results: Spot min: 6 (60% of 10) Spot max: 60 (60% of 100) On-demand min: 4 On-demand max: 40 For calculations that results to fractions, like 50% of 3, the results will be rounded off to the nearest integer such as1.5 = 2
,3.9 = 4
,2.3 = 2
, etc. For example, if you have amin
value of 3 and 50 asspot_to_ondemand_ratio
, you will have a minimum of 2 spot instances (50% of 3 is 1.5, rounded off to 2) and a single on-demand instance.spot_min
(int) [DEPRECATED]The minimum size of the spot instances in the autoscaling group. This key will still work with AWS- and GCP-based stacks. For other cloud vendors, please use
spot_to_ondemand_ratio
key.Required: No
spot_max
(int) [DEPRECATED]The maximum size of the spot instances in the autoscaling group. This key will still work with AWS- and GCP-based stacks. For other cloud vendors, please use
spot_to_ondemand_ratio
key.Required: No
availability_zones
(string)The list of availability zones for the Auto Scaling group.
Required: Yes
cooldown
(string)The number of seconds after a scaling activity is completed before any further scaling activities can start.
Required: No
If you don't specify this declarative, the default value of 360 will be applied.
healthcheck_grace_period
(string)The length of time in seconds after a new instance comes into service that Auto Scaling starts checking its health.
Required: No
If you don't specify this declarative, the default value of 360 will be applied.
Valid values:
load_balancer
The load balancer section contains the following declarative:
lb_type
(string)Either classic, application or networking.
In usual case, ALM creates the classic (standard) load balancer.
On AWS specifically, you can also create the application load balancer and a networking load balancer. For more on these two AWS load balancer types, please refer to this guide.
Required: No
If you don't specify this declarative, the default value of classic will be applied.
scheme
(string)Either internet-facing or internal.
Specify internal to create an internal load balancer with a DNS name that resolves to private IP addresses or internet-facing to create a load balancer with a publicly resolvable DNS name, which resolves to public IP addresses.
Required: No
If you don't specify this declarative, the default value of internet-facing will be applied.
security_groups
(string)Specifies a list of security groups assigned to this load balancer.
Required: No
Note: This value is in string type and can only be the reference to
security_group
section you defined in same or other layers. For example if you have two layers of configurations named "Layer1" and "Layer2", you can reference the security group defined in Layer2 to Layer1 by writing:subnets
(string)Specifies a list of subnets assigned to this load balancer defined in
lb_type
parameter above.Required: No
Note: Only specify this value if you are deploying an ALB type of load-balancer.
Note: This value is in string type and can only be the reference to
subnet
section you defined in same or other layers. For example if you have two layers of configurations named "Layer1" and "Layer2", you can reference the subnets to use both of them by:listeners
(array)One or more listeners for this load balancer. Each listener must be registered for a specific port, and you cannot have more than one listener for a given port.
Required: Yes. You must specify at least one entry item for this section.
A listeners section contains a list of entry items with each item contains the following declarative:
load_balancer_port
(string)Specifies the external load balancer port number.
Required: Yes
protocol
(string)Specifies the load balancer transport protocol to use for routing: HTTP, HTTPS, TCP or SSL.
Required: Yes
instance_port
(string)Specifies the TCP port on which the instance server listens.
Required: Yes
instance_protocol
(string)Specifies the protocol to use for routing traffic to back-end instances: HTTP, HTTPS, TCP or SSL. You can't modify this property during the life of the load balancer.
Required: No
Note:
If the front-end protocol is HTTP or HTTPS, instance protocol must be on the same protocol layer (HTTP or HTTPS). Likewise, if the front-end protocol is TCP or SSL, instance protocol must be TCP or SSL.
If there is another Listener with the same instance port whose instance protocol is secure, (using HTTPS or SSL), the instance protocol of the Listener must be secure (using HTTPS or SSL). If there is another Listener with the same instance port whose instance protocol is HTTP or TCP, the instance protocol of the Listener must be either HTTP or TCP.
cert_domain
(string)(AWS Only)
Specifies the domain name to be used for issuing SSL certificate via AWS ACM service.
Required: No
When you provide the domain name here, a verification email will be sent to the domain owner (sent by AWS), and you have to click link found in email to approve the issuance of the SSL certificate before the stack provision can be finished.
Once the provision deployment is successfully done, the SSL certificate will be attached to your load-balancer automatically.
health_check
(object)(AWS Only)
Application health check for the instances.
Required: No
A health check section contains the following declarative:
healthy_threshold
(string)Specifies the number of consecutive health probe successes required before moving the instance to the Healthy state.
Required: Yes
interval
(string)Specifies the approximate interval, in seconds, between health checks of an individual instance. Valid values are 5 to 300.
Required: Yes
target
(string)Specifies the instance's protocol and port to check. The protocol can be TCP, HTTP, HTTPS, or SSL. The range of valid ports is 1 through 65535.
Required: Yes
timeout
(string)Specifies the amount of time, in seconds, during which no response means a failed health probe. This value must be less than the value for interval.
Required: No
unhealthy_threshold
(string)Specifies the number of consecutive health probe failures required before moving the instance to the Unhealthy state.
Required: No
Valid values:
rds
The rds section contains the following declarative:
db_instance_type
(string)If you don't specify this declarative, the default values will be applied for each cloud platform.
Required: Yes
engine
(string)If you don't specify this declarative, the default values will be applied for each cloud platform.
Required: Yes
version
(string)If you don't specify this declarative, the default values will be applied for each cloud platform.
Required: Yes
storage
(int)Constraints: 5-3072 (managemet disk).
Required: Yes
multi_az
(boolean)Create replica in an availability zone different from the DB instance. Defines whether this nulti_az is AZ or No AZ. This value is either true or false.
Required: Yes
replica
(int)Constraints: 1-5 (replica counts).
Required: No
Valid values:
Default: db.t2.micro
Below are the valid db instance types for AWS.
Below are the valid engine and version for AWS.
container
The software runtime configurations (defined as docker images) and code deployment requirement for each instance node.
container_image
Example:
container_registry_username
The docker image registry's username if this is a private image repository.
container_registry_password
container_code_dir
Example:
container_git_repo
Example:
container_git_reference
Example:
container_git_private_key
container_ports
Example:
container_users
This parameter is not yet supported.
container_env_vars
An example container
configuration:
Last updated