{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Alert Logic Web Security Manager 4.2.2.0, Multi-AZ, autoscaling. This template deploys in a VPC, and creates two external ELBs, one for management (elbMaster), and one for protected web sites (elbWorker). A CIDR netblock must be specified for the master instances, as well as one CIDR netblock in each AZ for worker instances. Each AZ must have a NAT instance for communication with Alert Logic and S3, as well as the corresponding route tables pointing to each NAT instance. The workers will be auto-configured to protect the website specified in the elbBackend paramter--it is assumed that this is an ELB, but it could also be the IP or DNS name of an internally visible server.", "Parameters": { "vpc": { "Type": "String", "Description": "Existing VPC ID", "AllowedPattern": "vpc-[a-f0-9]{8}", "ConstraintDescription": "Please enter an existing vpc ID (vpc-abcd0123)" }, "vpcCIDR": { "Type": "String", "Default": "10.0.0.0/16", "Description": "Netblock in use within the VPC", "AllowedPattern": "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/[0-9]{1,}", "ConstraintDescription": "Please enter a netblock in CIDR notation (192.168.0.1/24)" }, "elbBackend": { "Type": "String", "Description": "DNS name of backend ELB" }, "subnetPublic1": { "Type": "String", "Description": "Public subnet for WSM ELB in first availability zone", "AllowedPattern": "subnet-[a-f0-9]{8}", "ConstraintDescription": "Please enter an existing subnet ID (subnet-abcd0123)" }, "subnetPublic2": { "Type": "String", "Description": "Public subnet for WSM ELB in second availability zone", "AllowedPattern": "subnet-[a-f0-9]{8}", "ConstraintDescription": "Please enter an existing subnet ID (subnet-abcd0123)" }, "routeTableNAT1": { "Type": "String", "Description": "Existing NAT route table for first availability zone", "AllowedPattern": "rtb-[a-f0-9]{8}", "ConstraintDescription": "Please enter an existing route table ID (rtb-abcd0123)" }, "routeTableNAT2": { "Type": "String", "Description": "Existing NAT route table for second availability zone", "AllowedPattern": "rtb-[a-f0-9]{8}", "ConstraintDescription": "Please enter an existing route table ID (rtb-abcd0123)" }, "wsmMasterInstanceType": { "Type": "String", "Default": "m1.medium", "Description": "AWS instance type for WSM master appliance", "AllowedValues": ["m1.medium", "m1.large"] }, "wsmWorkerInstanceType": { "Type": "String", "Default": "c1.medium", "Description": "AWS instance type for WSM worker appliances", "AllowedValues": ["m1.small", "c1.medium", "c1.xlarge"] }, "wsmLicense": { "Type": "String", "NoEcho": "true", "Description": "Your WSM license key", "AllowedPattern": "[a-f0-9]{50}", "ConstraintDescription": "Please enter your Alert Logic Registration Key" }, "wsmUser": { "Type": "String", "Default": "exampleAdmin", "Description": "Emergency access: username for WSM appliance mangement interface" }, "wsmPassword": { "Type": "String", "NoEcho": "true", "MinLength": "8", "Description": "Emergency access: password for WSM appliance mangement interface (8 characters minimum)" }, "subnetMasterCIDR": { "Type": "String", "Default": "10.0.141.0/24", "Description": "Netblock for WSM master appliance subnet", "AllowedPattern": "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/[0-9]{1,}", "ConstraintDescription": "Please enter a netblock in CIDR notation (192.168.0.1/24)" }, "subnetWorker1CIDR": { "Type": "String", "Default": "10.0.142.0/24", "Description": "Netblock for WSM worker appliance subnet (first availability zone)", "AllowedPattern": "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/[0-9]{1,}", "ConstraintDescription": "Please enter a netblock in CIDR notation (192.168.0.1/24)" }, "subnetWorker2CIDR": { "Type": "String", "Default": "10.0.143.0/24", "Description": "Netblock for WSM worker appliance subnet (second availability zone)", "AllowedPattern": "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/[0-9]{1,}", "ConstraintDescription": "Please enter a netblock in CIDR notation (192.168.0.1/24)" }, "asScaleUpCPUth": { "Type": "String", "Default": "80", "Description": "Auto Scaling Scale UP CPU utilization threshold in percent", "AllowedPattern": "([78][0-9]|90)", "ConstraintDescription": "Please enter a number between 70 and 90 inclusive" }, "asScaleDownCPUth": { "Type": "String", "Default": "50", "Description": "Auto Scaling Scale DOWN CPU utilization threshold in percent", "AllowedPattern": "([345][0-9]|60)", "ConstraintDescription": "Please enter a number between 30 and 60 inclusive" }, "asScaleUpTimeInterval": { "Type": "String", "Default": "120", "Description": "Time interval in seconds for when additional WSM workers should be added to the Worker pool if CPU has been above threshold" }, "asScaleDownTimeInterval": { "Type": "String", "Default": "600", "Description": "Time interval in seconds for when the Worker pool should be scaled down if CPU has been below threshold" }, "sgMasterCIDR": { "Type": "String", "Default": "", "Description": "Public CIDR netblock allowed to access master management interface from the Internet" } }, "Mappings": { "mapRegionWsmAmi": { "us-east-1": { "64": "ami-af567ec6" }, "us-west-1": { "64": "ami-4e90a00b" }, "us-west-2": { "64": "ami-4afa9e7a" }, "eu-west-1": { "64": "ami-daf911ad" }, "sa-east-1": { "64": "ami-e957f6f4" }, "ap-southeast-1": { "64": "ami-cc12459e" }, "ap-northeast-1": { "64": "ami-8194f680" }, "ap-southeast-2": { "64": "ami-016df23b" } } }, "Conditions": { "hasSgMasterCIDR" : { "Fn::Not": [ { "Fn::Equals" : [ { "Ref": "sgMasterCIDR" }, "" ] } ] } }, "Resources": { "subnetMaster": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Fn::Select": ["0", { "Fn::GetAZs": "" } ] }, "CidrBlock": { "Ref": "subnetMasterCIDR" }, "VpcId": { "Ref": "vpc" } }, "Metadata": { "Description": "Master subnet for master WSM node" } }, "subnetWorker1": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Fn::Select": ["0", { "Fn::GetAZs": "" } ] }, "CidrBlock": { "Ref": "subnetWorker1CIDR" }, "VpcId": { "Ref": "vpc" } }, "Metadata": { "Description": "Worker subnet 1 (first availability zone) for worker WSM nodes" } }, "subnetWorker2": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Fn::Select": ["1", { "Fn::GetAZs": "" } ] }, "CidrBlock": { "Ref": "subnetWorker2CIDR" }, "VpcId": { "Ref": "vpc" } }, "Metadata": { "Description": "Worker subnet 2 (second availability zone) for worker WSM nodes" } }, "routeTableDefault": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "vpc" } }, "Metadata": { "Description": "Default route table for internal routing" } }, "subnetRouteAssocNATMaster": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "routeTableNAT1" }, "SubnetId": { "Ref": "subnetMaster" } } }, "subnetRouteAssocNATWorker1": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "routeTableNAT1" }, "SubnetId": { "Ref": "subnetWorker1" } } }, "subnetRouteAssocNATWorker2": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "routeTableNAT2" }, "SubnetId": { "Ref": "subnetWorker2" } } }, "sgELBMaster": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security group for WSM master ELB", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "4849", "ToPort": "4849", "CidrIp": "204.110.218.4/30" }, { "IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "CidrIp": "204.110.218.4/30" }, { "IpProtocol": "tcp", "FromPort": "4849", "ToPort": "4849", "CidrIp": "204.110.219.104/30" }, { "IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "CidrIp": "204.110.219.104/30" } ], "SecurityGroupEgress": [ { "IpProtocol": "tcp", "FromPort": "4848", "ToPort": "4849", "CidrIp": { "Ref": "subnetMasterCIDR" } }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "subnetMasterCIDR" } } ], "VpcId": { "Ref": "vpc" } } }, "sgELBMasterAdminAux4849": { "Type": "AWS::EC2::SecurityGroupIngress", "Condition" : "hasSgMasterCIDR", "Properties": { "IpProtocol": "tcp", "FromPort": "4849", "ToPort": "4849", "CidrIp": { "Ref": "sgMasterCIDR" }, "GroupId": { "Ref": "sgELBMaster" } } }, "sgELBMasterAdminAux2222": { "Type": "AWS::EC2::SecurityGroupIngress", "Condition" : "hasSgMasterCIDR", "Properties": { "IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "CidrIp": { "Ref": "sgMasterCIDR" }, "GroupId": { "Ref": "sgELBMaster" } } }, "sgMaster": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security group for WSM master", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "vpcCIDR" } }, { "IpProtocol": "tcp", "FromPort": "4848", "ToPort": "4849", "CidrIp": { "Ref": "vpcCIDR" } }, { "IpProtocol": "tcp", "FromPort": "5556", "ToPort": "5556", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "tcp", "FromPort": "5556", "ToPort": "5556", "CidrIp": { "Ref": "subnetWorker2CIDR" } }, { "IpProtocol": "tcp", "FromPort": "2625", "ToPort": "2625", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "tcp", "FromPort": "2625", "ToPort": "2625", "CidrIp": { "Ref": "subnetWorker2CIDR" } }, { "IpProtocol": "udp", "FromPort": "123", "ToPort": "123", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "udp", "FromPort": "123", "ToPort": "123", "CidrIp": { "Ref": "subnetWorker2CIDR" } }, { "IpProtocol": "udp", "FromPort": "514", "ToPort": "514", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "udp", "FromPort": "514", "ToPort": "514", "CidrIp": { "Ref": "subnetWorker2CIDR" } } ], "SecurityGroupEgress": [ { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "subnetWorker2CIDR" } } ], "VpcId": { "Ref": "vpc" } }, "Metadata": { "Todo": "Update SG to allow management access from AL and Customer range by parameter" } }, "sgELBWorker": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security group for WSM worker ELB", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" } ], "SecurityGroupEgress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": { "Ref": "subnetWorker2CIDR" } }, { "IpProtocol": "tcp", "FromPort": "4848", "ToPort": "4848", "CidrIp": { "Ref": "subnetWorker1CIDR" } }, { "IpProtocol": "tcp", "FromPort": "4848", "ToPort": "4848", "CidrIp": { "Ref": "subnetWorker2CIDR" } } ], "VpcId": { "Ref": "vpc" } } }, "sgWorker": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security group for WSM workers", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "subnetMasterCIDR" } }, { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": { "Ref": "vpcCIDR" } }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": { "Ref": "vpcCIDR" } }, { "IpProtocol": "tcp", "FromPort": "4848", "ToPort": "4849", "CidrIp": { "Ref": "vpcCIDR" } } ], "SecurityGroupEgress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "udp", "FromPort": "123", "ToPort": "123", "CidrIp": { "Ref": "subnetMasterCIDR" } }, { "IpProtocol": "udp", "FromPort": "514", "ToPort": "514", "CidrIp": { "Ref": "subnetMasterCIDR" } }, { "IpProtocol": "tcp", "FromPort": "5556", "ToPort": "5556", "CidrIp": { "Ref": "subnetMasterCIDR" } }, { "IpProtocol": "tcp", "FromPort": "2625", "ToPort": "2625", "CidrIp": { "Ref": "subnetMasterCIDR" } } ], "VpcId": { "Ref": "vpc" } } }, "elbMaster": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "HealthCheck": { "HealthyThreshold": "2", "Interval": "30", "Target": "HTTP:4848/healthcheck.html", "Timeout": "5", "UnhealthyThreshold": "5" }, "Listeners": [ { "InstancePort": "4849", "LoadBalancerPort": "4849", "Protocol": "TCP", "InstanceProtocol": "TCP", "PolicyNames": [] }, { "InstancePort": "22", "LoadBalancerPort": "2222", "Protocol": "TCP", "InstanceProtocol": "TCP", "PolicyNames": [] } ], "Subnets": [ { "Ref": "subnetPublic1" } ], "SecurityGroups": [ { "Ref": "sgELBMaster" } ] } }, "elbWorker": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "HealthCheck": { "HealthyThreshold": "2", "Interval": "30", "Target": "HTTP:4848/healthcheck.html", "Timeout": "5", "UnhealthyThreshold": "5" }, "Listeners": [ { "InstancePort": "80", "LoadBalancerPort": "80", "Protocol": "HTTP", "PolicyNames": [] } ], "Subnets": [ { "Ref": "subnetPublic1" }, { "Ref": "subnetPublic2" } ], "SecurityGroups": [ { "Ref": "sgELBWorker" } ] } }, "volumeLog": { "Type": "AWS::EC2::Volume", "Properties": { "Size": "32", "AvailabilityZone": { "Fn::GetAtt": ["subnetMaster", "AvailabilityZone"] }, "Tags": [ { "Key": "Name", "Value": "WSM Master Log Volume" } ] } }, "lcMaster": { "DependsOn": "iamInstanceProfileMaster", "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "IamInstanceProfile": { "Ref": "iamInstanceProfileMaster" }, "ImageId": { "Fn::FindInMap" : [ "mapRegionWsmAmi", { "Ref" : "AWS::Region" }, "64"] }, "InstanceType": { "Ref": "wsmMasterInstanceType" }, "SecurityGroups": [ { "Ref": "sgMaster" } ], "UserData": { "Fn::Base64": { "Fn::Join": ["", ["{\"alertlogic\": {\"wsm\": {\"role\" : \"master\", \"license\" : \"", { "Ref": "wsmLicense" }, "\", \"user\" : \"", { "Ref": "wsmUser" }, "\", \"password\" : \"", { "Ref": "wsmPassword" }, "\", \"S3BucketName\" : \"", { "Ref": "s3Bucket" }, "\", \"EbsLogVolume\" : \"", { "Ref": "volumeLog" }, "\", \"MasterElbDnsName\" : \"", { "Fn::GetAtt": ["elbMaster" , "DNSName"] }, "\", \"WorkerElbDnsName\" : \"", { "Fn::GetAtt": ["elbWorker" , "DNSName"] }, "\", \"BackendElbDnsName\" : \"", { "Ref": "elbBackend" }, "\"}}}" ] ] } } } }, "lcWorker": { "DependsOn": "iamInstanceProfileMaster", "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "IamInstanceProfile": { "Ref": "iamInstanceProfileMaster" }, "ImageId": { "Fn::FindInMap" : [ "mapRegionWsmAmi", { "Ref" : "AWS::Region" }, "64"] }, "InstanceType": { "Ref": "wsmWorkerInstanceType" }, "SecurityGroups": [ { "Ref": "sgWorker" } ], "UserData": { "Fn::Base64": { "Fn::Join": ["", ["{\"alertlogic\": {\"wsm\": {\"role\" : \"worker\", \"license\" : \"", { "Ref": "wsmLicense" }, "\", \"S3BucketName\" : \"", { "Ref": "s3Bucket" }, "\", \"WorkerElbName\" : \"", { "Ref": "elbWorker" }, "\", \"BackendElbDnsName\" : \"", { "Ref": "elbBackend" }, "\"}}}" ] ] } } } }, "asgMaster": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AvailabilityZones": [ { "Fn::GetAtt": ["subnetMaster", "AvailabilityZone"] } ], "VPCZoneIdentifier": [ { "Ref": "subnetMaster" } ], "HealthCheckType": "ELB", "HealthCheckGracePeriod": 600, "Cooldown": "300", "DesiredCapacity": "1", "MaxSize": "1", "MinSize": "1", "LaunchConfigurationName": { "Ref": "lcMaster" }, "LoadBalancerNames": [ { "Ref": "elbMaster" } ] } }, "asgWorker": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AvailabilityZones": [ { "Fn::GetAtt": ["subnetWorker1", "AvailabilityZone"] }, { "Fn::GetAtt": ["subnetWorker2", "AvailabilityZone"] } ], "VPCZoneIdentifier": [ { "Ref": "subnetWorker1" }, { "Ref": "subnetWorker2" } ], "HealthCheckType": "ELB", "HealthCheckGracePeriod": 600, "Cooldown": "300", "DesiredCapacity": "2", "MaxSize": "6", "MinSize": "2", "LaunchConfigurationName": { "Ref": "lcWorker" }, "LoadBalancerNames": [ { "Ref": "elbWorker" } ] } }, "s3Bucket": { "Type": "AWS::S3::Bucket" }, "iamRoleMaster": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com"] }, "Action": ["sts:AssumeRole"] } ] }, "Path": "/", "Policies": [ { "PolicyName": "wsmMasterS3", "PolicyDocument": { "Statement": [ { "Sid": "EBSAccess", "Action": ["ec2:AttachVolume", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DetachVolume"], "Effect": "Allow", "Resource": ["*"] }, { "Sid": "ListAccess", "Action": ["s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads"], "Effect": "Allow", "Resource": { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": "s3Bucket" } ] ] } }, { "Sid": "ObjectAccess", "Action": ["s3:GetObject", "s3:PutObject"], "Effect": "Allow", "Resource": { "Fn::Join": ["", ["arn:aws:s3:::", { "Ref": "s3Bucket" }, "/*" ] ] } }, { "Sid": "PublishMetrics", "Action": ["cloudwatch:PutMetricData"], "Effect": "Allow", "Resource": "*" } ] } } ] } }, "iamInstanceProfileMaster": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "iamRoleMaster" } ] } }, "policyScaleUpWorkers": { "Type": "AWS::AutoScaling::ScalingPolicy", "Properties": { "AdjustmentType": "ChangeInCapacity", "AutoScalingGroupName": { "Ref": "asgWorker" }, "Cooldown": "1", "ScalingAdjustment": "2" } }, "policyScaleDownWorkers": { "Type": "AWS::AutoScaling::ScalingPolicy", "Properties": { "AdjustmentType": "ChangeInCapacity", "AutoScalingGroupName": { "Ref": "asgWorker" }, "Cooldown": "1", "ScalingAdjustment": "-2" } }, "alarmCPUHighWorkers": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "EvaluationPeriods": "2", "Statistic": "Average", "Threshold": { "Ref": "asScaleUpCPUth" }, "AlarmDescription": "Alarm if CPU too high or metric disappears indicating instance is down", "Period": { "Ref": "asScaleUpTimeInterval" }, "AlarmActions": [ { "Ref": "policyScaleUpWorkers" } ], "Namespace": "AWS/EC2", "Dimensions": [ { "Name": "AutoScalingGroupName", "Value": { "Ref": "asgWorker" } } ], "ComparisonOperator": "GreaterThanThreshold", "MetricName": "CPUUtilization" } }, "alarmCPULowWorkers": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "EvaluationPeriods": "2", "Statistic": "Average", "Threshold": { "Ref": "asScaleDownCPUth" }, "AlarmDescription": "Alarm if CPU too low", "Period": { "Ref": "asScaleDownTimeInterval" }, "AlarmActions": [ { "Ref": "policyScaleDownWorkers" } ], "Namespace": "AWS/EC2", "Dimensions": [ { "Name": "AutoScalingGroupName", "Value": { "Ref": "asgWorker" } } ], "ComparisonOperator": "LessThanThreshold", "MetricName": "CPUUtilization" } }, "alarmMemHighWorkers": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "EvaluationPeriods": "2", "Statistic": "Average", "Threshold": "85", "AlarmDescription": "Alarm if memory too high or metric disappears indicating instance is down", "Period": "60", "AlarmActions": [ { "Ref": "policyScaleUpWorkers" } ], "Namespace": "AlertLogic/System", "Dimensions": [ { "Name": "WorkerElbName", "Value": { "Ref": "elbWorker" } } ], "ComparisonOperator": "GreaterThanThreshold", "MetricName": "MemUtilization" } }, "alarmMemLowWorkers": { "Type": "AWS::CloudWatch::Alarm", "Properties": { "EvaluationPeriods": "10", "Statistic": "Average", "Threshold": "70", "AlarmDescription": "Alarm if memory too low", "Period": "60", "AlarmActions": [ { "Ref": "policyScaleDownWorkers" } ], "Namespace": "AlertLogic/System", "Dimensions": [ { "Name": "WorkerElbName", "Value": { "Ref": "elbWorker" } } ], "ComparisonOperator": "LessThanThreshold", "MetricName": "MemUtilization" } } }, "Outputs": { "wsmManagement": { "Value": { "Fn::Join": ["", ["https://", { "Fn::GetAtt": ["elbMaster" , "DNSName"] }, ":4849/" ] ] }, "Description": "Manage your wsm appliance" }, "website": { "Value": { "Fn::Join": ["", ["http://", { "Fn::GetAtt": ["elbWorker" , "DNSName"] } ] ] }, "Description": "Website" }, "elbMaster": { "Value": { "Fn::GetAtt": ["elbMaster" , "DNSName"] }, "Description": "DNS Name of master WSM ELB" }, "elbWorker": { "Value": { "Fn::GetAtt": ["elbWorker" , "DNSName"] }, "Description": "DNS Name of worker WSM ELB" } } }