Last active
May 22, 2020 21:02
-
-
Save anneakin/99959a4e8ddb7b41541e871c90e1e7e7 to your computer and use it in GitHub Desktop.
AWS CloudFormation simple sandbox template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: Template to demonstrate simple sandbox environment resources | |
Parameters: | |
Username: | |
Type: String | |
Description: User's identifier used to label resources created in template. | |
UserKey: | |
Type: AWS::EC2::KeyPair::KeyName | |
Description: Existing EC2 key-pair to SSH into the instance. | |
Subnet: | |
Type: AWS::EC2::Subnet::Id | |
Description: Subnet for EC2 instance | |
Resources: | |
UserS3Bucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Join [ '-', [ !Ref Username, 's3-bucket' ] ] | |
EC2IamRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Join [ '-', [ !Ref Username, 'ec2-iam-role' ] ] | |
AssumeRolePolicyDocument: { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
}, | |
"Effect": "Allow" | |
} | |
] | |
} | |
EC2IamPolicy: | |
Type: AWS::IAM::Policy | |
Properties: | |
PolicyName: !Join [ '-', [ !Ref Username, 'ec2-iam-policy' ] ] | |
Roles: | |
- | |
!Ref EC2IamRole | |
PolicyDocument: { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} | |
EC2IamInstanceProfile: | |
Type: AWS::IAM::InstanceProfile | |
Properties: | |
InstanceProfileName: !Join [ '-', [ !Ref Username, 'ec2-iam-profile' ] ] | |
Roles: | |
- | |
!Ref EC2IamRole | |
UserEc2Instance: | |
Type: AWS::EC2::Instance | |
Properties: | |
InstanceType: t2.micro | |
IamInstanceProfile: !Ref EC2IamInstanceProfile | |
ImageId: ami-0a887e401f7654935 | |
KeyName: !Ref UserKey | |
SubnetId: !Ref Subnet | |
Tags: | |
- | |
Key: Name | |
Value: !Join [ '-', [ !Ref Username, 'ec2-instance' ] ] | |
UserData: | |
Fn::Base64: !Sub | | |
#!/bin/bash | |
yum update -y | |
amazon-linux-extras install epel -y | |
yum install s3fs-fuse -y | |
chmod 777 /etc/fuse.conf | |
echo "user_allow_other" >> /etc/fuse.conf | |
mkdir /home/ec2-user/s3-mount | |
chmod 777 /home/ec2-user/s3-mount | |
chown -R $USER /home/ec2-user/s3-mount | |
cd / | |
s3fs ${UserS3Bucket} /home/ec2-user/s3-mount -o allow_other -o iam_role=${EC2IamRole} -o nonempty | |
chown -R ec2-user:ec2-user /tmp | |
chown -R ec2-user:ec2-user /home/ec2-user/s3-mount | |
Outputs: | |
EC2PrivateIp: | |
Description: Private IP address of EC2 instance created in stack. | |
Value: !GetAtt UserEc2Instance.PrivateIp | |
EC2PublicIp: | |
Description: Public IP address of EC2 instance created in stack. | |
Value: !GetAtt UserEc2Instance.PublicIp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Outputs: | |
EC2PrivateIp: | |
Description: Private IP address of EC2 instance created in stack. | |
Value: !GetAtt UserEc2Instance.PrivateIp | |
EC2PublicIp: | |
Description: Public IP address of EC2 instance created in stack. | |
Value: !GetAtt UserEc2Instance.PublicIp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Parameters: | |
Username: | |
Type: String | |
Description: User's identifier used to label resources created in template. | |
UserKey: | |
Type: AWS::EC2::KeyPair::KeyName | |
Description: Existing EC2 key-pair to SSH into the instance. | |
Subnet: | |
Type: AWS::EC2::Subnet::Id | |
Description: Subnet for EC2 instance |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Resources: | |
UserS3Bucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Join [ '-', [ !Ref Username, 's3-bucket' ] ] | |
EC2IamRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Join [ '-', [ !Ref Username, 'ec2-iam-role' ] ] | |
AssumeRolePolicyDocument: { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
}, | |
"Effect": "Allow" | |
} | |
] | |
} | |
EC2IamPolicy: | |
Type: AWS::IAM::Policy | |
Properties: | |
PolicyName: !Join [ '-', [ !Ref Username, 'ec2-iam-policy' ] ] | |
Roles: | |
- | |
!Ref EC2IamRole | |
PolicyDocument: { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} | |
EC2IamInstanceProfile: | |
Type: AWS::IAM::InstanceProfile | |
Properties: | |
InstanceProfileName: !Join [ '-', [ !Ref Username, 'ec2-iam-profile' ] ] | |
Roles: | |
- | |
!Ref EC2IamRole | |
UserEc2Instance: | |
Type: AWS::EC2::Instance | |
Properties: | |
InstanceType: t2.micro | |
IamInstanceProfile: !Ref EC2IamInstanceProfile | |
ImageId: ami-0a887e401f7654935 | |
KeyName: !Ref UserKey | |
SubnetId: !Ref Subnet | |
Tags: | |
- | |
Key: Name | |
Value: !Join [ '-', [ !Ref Username, 'ec2-instance' ] ] | |
UserData: | |
Fn::Base64: !Sub | | |
#!/bin/bash | |
yum update -y | |
amazon-linux-extras install epel -y | |
yum install s3fs-fuse -y | |
chmod 777 /etc/fuse.conf | |
echo "user_allow_other" >> /etc/fuse.conf | |
mkdir /home/ec2-user/s3-mount | |
chmod 777 /home/ec2-user/s3-mount | |
chown -R $USER /home/ec2-user/s3-mount | |
cd / | |
s3fs ${UserS3Bucket} /home/ec2-user/s3-mount -o allow_other -o iam_role=${EC2IamRole} -o nonempty | |
chown -R ec2-user:ec2-user /tmp | |
chown -R ec2-user:ec2-user /home/ec2-user/s3-mount |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: Template to demonstrate simple sandbox environment resources |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment