forked from ddepaoli3/simple-ec2-cloudformation-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ec2.yml
173 lines (171 loc) · 4 KB
/
ec2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Single machine in autoscaling 1:1 for simple test and simple purpose
Parameters:
VpcId:
Type: String
SubnetId:
Type: String
InstanceName:
Type: String
SshCidrAllow:
Type: String
Description: IP Address to allow ssh
MinLength: '9'
MaxLength: '18'
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
InstanceType:
Description: EC2 instance type
Type: String
Default: t2.medium
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
ConstraintDescription: must be a valid EC2 instance type.
KeyName:
Description: The EC2 Key Pair to allow SSH access to the instances
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Mappings:
AMI2RegionMap:
eu-west-1:
'64': ami-1c4a046f
eu-central-1:
'64': ami-b03ffedf
Resources:
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- Ref: InstanceIAMRole
InstanceIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: s3
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:*
Resource:
- Fn::Join:
- ''
- - 'arn:aws:s3:::'
- "*"
- PolicyName: logs
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
Resource:
- arn:aws:logs:*:*:*
AutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
Tags:
- Key: Name
Value:
!Ref InstanceName
PropagateAtLaunch: 'true'
LaunchConfigurationName:
Ref: LaunchConfiguration
MinSize: 1
MaxSize: 1
VPCZoneIdentifier:
- !Ref SubnetId
LaunchConfiguration:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
IamInstanceProfile: !Ref InstanceProfile
KeyName:
Ref: KeyName
ImageId:
Fn::FindInMap:
- AMI2RegionMap
- Ref: AWS::Region
- '64'
SecurityGroups:
- Ref: InstanceSecurityGroup
- Ref: SSHSecurityGroup
InstanceType:
Ref: InstanceType
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -x
apt-get update
apt-get install --yes awscli
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId:
!Ref VpcId
GroupDescription: Enable HTTP and HTTPS
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '443'
ToPort: '443'
CidrIp: 0.0.0.0/0
SSHSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId:
!Ref VpcId
GroupDescription: Enable SSH access and HTTP from the load balancer only
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SshCidrAllow
Outputs:
InstanceSecurityGroup:
Description: Security group ec2
Value:
Fn::GetAtt:
- InstanceSecurityGroup
- GroupId