Cloudformation templates from aws-must-templates
Last active
September 24, 2015 09:10
-
-
Save jarjuk/9fe4d74b42fd6f272aad to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "", | |
"Parameters": { | |
"DummyParameter": { | |
"Description": "Dummy paramter, not used", | |
"Type": "String", | |
"Default": "input paramter value" | |
} | |
}, | |
"Mappings": { | |
"AWSInstanceType2Arch": { | |
"t2.micro": { | |
"Arch": "64" | |
} | |
}, | |
"AWSRegionArch2AMI": { | |
"ap-northeast-1": { | |
"64": "ami-90815290" | |
}, | |
"ap-southeast-1": { | |
"64": "ami-0accf458" | |
}, | |
"ap-southeast-2": { | |
"64": "ami-1dc8b127" | |
}, | |
"cn-north-1": { | |
"64": "ami-eae27fd3" | |
}, | |
"eu-central-1": { | |
"64": "ami-3248712f" | |
}, | |
"eu-west-1": { | |
"64": "ami-d74437a0" | |
}, | |
"sa-east-1": { | |
"64": "ami-0f6ced12" | |
}, | |
"us-east-1": { | |
"64": "ami-83c525e8" | |
}, | |
"us-west-1": { | |
"64": "ami-61b25925" | |
}, | |
"us-gov-west-1": { | |
"64": "ami-51513172" | |
}, | |
"us-west-2": { | |
"64": "ami-57e8d767" | |
} | |
} | |
}, | |
"Resources": { | |
"MyBucket": { | |
"Type": "AWS::S3::Bucket", | |
"CreationPolicy": { | |
"ResourceSignal": { | |
"Timeout": "PT2M" | |
} | |
}, | |
"DeletionPolicy": "Delete", | |
"Properties": {} | |
} | |
}, | |
"Outputs": { | |
"Bucket": { | |
"Description": "Reference to S3 bucket", | |
"Value": { | |
"Ref": "MyBucket" | |
} | |
}, | |
"BucketName": { | |
"Description": "The DNS name of the specified bucket.", | |
"Value": { | |
"Fn::GetAtt": [ | |
"MyBucket", | |
"DomainName" | |
] | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Example configuration with S3 bucket and EC2 instance", | |
"Parameters": { | |
"InstanceType": { | |
"Description": "EC2 reousrce instance type", | |
"Type": "String", | |
"Default": "t2.micro" | |
}, | |
"KeyName": { | |
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance", | |
"Type": "AWS::EC2::KeyPair::KeyName", | |
"Default": "demo-key" | |
}, | |
"SSHLocation": { | |
"Description": "The IP address range that can be used to SSH to the EC2 instances", | |
"Type": "String", | |
"Default": "0.0.0.0/0" | |
} | |
}, | |
"Mappings": { | |
"AWSInstanceType2Arch": { | |
"t2.micro": { | |
"Arch": "64" | |
} | |
}, | |
"AWSRegionArch2AMI": { | |
"ap-northeast-1": { | |
"64": "ami-90815290" | |
}, | |
"ap-southeast-1": { | |
"64": "ami-0accf458" | |
}, | |
"ap-southeast-2": { | |
"64": "ami-1dc8b127" | |
}, | |
"cn-north-1": { | |
"64": "ami-eae27fd3" | |
}, | |
"eu-central-1": { | |
"64": "ami-3248712f" | |
}, | |
"eu-west-1": { | |
"64": "ami-d74437a0" | |
}, | |
"sa-east-1": { | |
"64": "ami-0f6ced12" | |
}, | |
"us-east-1": { | |
"64": "ami-83c525e8" | |
}, | |
"us-west-1": { | |
"64": "ami-61b25925" | |
}, | |
"us-gov-west-1": { | |
"64": "ami-51513172" | |
}, | |
"us-west-2": { | |
"64": "ami-57e8d767" | |
} | |
} | |
}, | |
"Resources": { | |
"MyBucket": { | |
"Type": "AWS::S3::Bucket", | |
"DeletionPolicy": "Delete", | |
"Properties": {} | |
}, | |
"MyDefaultSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Enable SSH access via port 22", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "MyDefaultSecurityGroup" | |
} | |
], | |
"SecurityGroupEgress": [], | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": { | |
"Ref": "SSHLocation" | |
} | |
} | |
] | |
} | |
}, | |
"S3AccessRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"Path": "/", | |
"AssumeRolePolicyDocument": { | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": [ | |
"ec2.amazonaws.com" | |
] | |
}, | |
"Action": [ | |
"sts:AssumeRole" | |
] | |
} | |
] | |
} | |
} | |
}, | |
"S3AllowReadPolicy": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "S3AllowReadPolicy", | |
"Roles": [ | |
{ | |
"Ref": "S3AccessRole" | |
} | |
], | |
"PolicyDocument": { | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:List*", | |
"s3:Get*" | |
], | |
"Resource": { | |
"Fn::Join": [ | |
"", | |
[ | |
"arn:aws:s3:::", | |
{ | |
"Ref": "MyBucket" | |
} | |
] | |
] | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:List*", | |
"s3:Get*" | |
], | |
"Resource": { | |
"Fn::Join": [ | |
"", | |
[ | |
"arn:aws:s3:::", | |
{ | |
"Ref": "MyBucket" | |
}, | |
"/*" | |
] | |
] | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:ListAllMyBuckets" | |
], | |
"Resource": { | |
"Fn::Join": [ | |
"", | |
[ | |
"arn:aws:s3:::*" | |
] | |
] | |
} | |
} | |
] | |
} | |
} | |
}, | |
"S3InstanceProfile": { | |
"Type": "AWS::IAM::InstanceProfile", | |
"Properties": { | |
"Path": "/", | |
"Roles": [ | |
{ | |
"Ref": "S3AccessRole" | |
} | |
] | |
} | |
}, | |
"myInstance": { | |
"Type": "AWS::EC2::Instance", | |
"CreationPolicy": { | |
"ResourceSignal": { | |
"Timeout": "PT8M" | |
} | |
}, | |
"Metadata": { | |
"AWS::CloudFormation::Init": { | |
"config": { | |
"packages": {}, | |
"groups": {}, | |
"users": {}, | |
"sources": {}, | |
"files": { | |
"/tmp/cfn-init.txt": { | |
"content": { | |
"Fn::Join": [ | |
"", | |
[ | |
"Installed in cfn-init", | |
"\n" | |
] | |
] | |
}, | |
"mode": "000444", | |
"owner": "root", | |
"group": "root" | |
} | |
}, | |
"commands": {}, | |
"services": {} | |
} | |
} | |
}, | |
"Properties": { | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"AWSRegionArch2AMI", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
{ | |
"Fn::FindInMap": [ | |
"AWSInstanceType2Arch", | |
{ | |
"Ref": "InstanceType" | |
}, | |
"Arch" | |
] | |
} | |
] | |
}, | |
"InstanceType": { | |
"Ref": "InstanceType" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "myInstance" | |
} | |
], | |
"SourceDestCheck": true, | |
"SecurityGroupIds": [ | |
{ | |
"Ref": "MyDefaultSecurityGroup" | |
} | |
], | |
"IamInstanceProfile": { | |
"Ref": "S3InstanceProfile" | |
}, | |
"KeyName": { | |
"Ref": "KeyName" | |
}, | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"\n", | |
[ | |
"#!/bin/bash\n", | |
"set -x\n", | |
"set -e\n", | |
"set -o pipefail\n", | |
"LOG=/tmp/install.log\n", | |
"echo $(date): User data script started > $LOG\n", | |
"echo $(date): User data script started\n", | |
"function finish() {\n", | |
" echo \"$(date): installation finished\" \n", | |
" echo \"$(date): installation finished\" >> $LOG \n", | |
" STACK='", | |
{ | |
"Ref": "AWS::StackName" | |
}, | |
"'\n", | |
" REGION='", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"'\n", | |
" RESOURCE='myInstance'\n", | |
" type cfn-signal && sudo cfn-signal --success true --reason \"UserData script success\" --stack $STACK --resource $RESOURCE --region $REGION \n", | |
"}\n", | |
"function error() {\n", | |
" local lineno=$1\n", | |
" local error=1\n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" \n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" >> $LOG \n", | |
" STACK='", | |
{ | |
"Ref": "AWS::StackName" | |
}, | |
"'\n", | |
" REGION='", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"'\n", | |
" RESOURCE='myInstance'\n", | |
" type cfn-signal && sudo cfn-signal --exit-code $error --reason \"installation finished in ERROR on line $lineno\" --stack $STACK --resource $RESOURCE --region $REGION \n", | |
" exit 1\n", | |
"}\n", | |
"trap finish EXIT\n", | |
"trap 'error ${LINENO}' ERR\n", | |
"echo \"$(date): ------------------------------------------------------------------\" \n", | |
"echo Install AWS client tools \n", | |
"TMP_ZIP=awscli-bundle.zip\n", | |
"curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o $TMP_ZIP\n", | |
"sudo apt-get install unzip\n", | |
"unzip $TMP_ZIP -d /tmp\n", | |
"cd /tmp\n", | |
"sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws \n", | |
"echo $(date): awscli installed successfully \n", | |
"echo \"$(date): ------------------------------------------------------------------\" \n", | |
"echo Install Cloudformation tools \n", | |
"sudo apt-get -y install python-setuptools \n", | |
"[ -d aws-cfn-bootstrap-latest ] || mkdir aws-cfn-bootstrap-latest \n", | |
"curl https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 \n", | |
"sudo easy_install aws-cfn-bootstrap-latest \n" | |
] | |
] | |
} | |
} | |
} | |
}, | |
"myInstance2": { | |
"Type": "AWS::EC2::Instance", | |
"CreationPolicy": { | |
"ResourceSignal": { | |
"Timeout": "PT6M" | |
} | |
}, | |
"Metadata": { | |
"AWS::CloudFormation::Init": { | |
"config": { | |
"packages": {}, | |
"groups": {}, | |
"users": {}, | |
"sources": {}, | |
"files": { | |
"/tmp/cfn-init.txt": { | |
"content": { | |
"Fn::Join": [ | |
"", | |
[ | |
"Installed in cfn-init", | |
"\n" | |
] | |
] | |
}, | |
"mode": "000444", | |
"owner": "root", | |
"group": "root" | |
} | |
}, | |
"commands": {}, | |
"services": {} | |
} | |
} | |
}, | |
"Properties": { | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"AWSRegionArch2AMI", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
{ | |
"Fn::FindInMap": [ | |
"AWSInstanceType2Arch", | |
{ | |
"Ref": "InstanceType" | |
}, | |
"Arch" | |
] | |
} | |
] | |
}, | |
"InstanceType": { | |
"Ref": "InstanceType" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "myInstance2" | |
} | |
], | |
"SourceDestCheck": true, | |
"SecurityGroupIds": [ | |
{ | |
"Ref": "MyDefaultSecurityGroup" | |
} | |
], | |
"KeyName": { | |
"Ref": "KeyName" | |
}, | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"\n", | |
[ | |
"#!/bin/bash\n", | |
"set -x\n", | |
"set -e\n", | |
"set -o pipefail\n", | |
"LOG=/tmp/install.log\n", | |
"echo $(date): User data script started > $LOG\n", | |
"echo $(date): User data script started\n", | |
"function finish() {\n", | |
" echo \"$(date): installation finished\" \n", | |
" echo \"$(date): installation finished\" >> $LOG \n", | |
" STACK='", | |
{ | |
"Ref": "AWS::StackName" | |
}, | |
"'\n", | |
" REGION='", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"'\n", | |
" RESOURCE='myInstance2'\n", | |
" type cfn-signal && sudo cfn-signal --success true --reason \"UserData script success\" --stack $STACK --resource $RESOURCE --region $REGION \n", | |
"}\n", | |
"function error() {\n", | |
" local lineno=$1\n", | |
" local error=1\n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" \n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" >> $LOG \n", | |
" STACK='", | |
{ | |
"Ref": "AWS::StackName" | |
}, | |
"'\n", | |
" REGION='", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"'\n", | |
" RESOURCE='myInstance2'\n", | |
" type cfn-signal && sudo cfn-signal --exit-code $error --reason \"installation finished in ERROR on line $lineno\" --stack $STACK --resource $RESOURCE --region $REGION \n", | |
" exit 1\n", | |
"}\n", | |
"trap finish EXIT\n", | |
"trap 'error ${LINENO}' ERR\n", | |
"echo \"$(date): ------------------------------------------------------------------\" \n", | |
"echo Install AWS client tools \n", | |
"TMP_ZIP=awscli-bundle.zip\n", | |
"curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o $TMP_ZIP\n", | |
"sudo apt-get install unzip\n", | |
"unzip $TMP_ZIP -d /tmp\n", | |
"cd /tmp\n", | |
"sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws \n", | |
"echo $(date): awscli installed successfully \n", | |
"echo \"$(date): ------------------------------------------------------------------\" \n", | |
"echo Install Cloudformation tools \n", | |
"sudo apt-get -y install python-setuptools \n", | |
"[ -d aws-cfn-bootstrap-latest ] || mkdir aws-cfn-bootstrap-latest \n", | |
"curl https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 \n", | |
"sudo easy_install aws-cfn-bootstrap-latest \n" | |
] | |
] | |
} | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"myInstance": { | |
"Description": "Ip of the newly created EC2 instance", | |
"Value": { | |
"Fn::GetAtt": [ | |
"myInstance", | |
"PublicIp" | |
] | |
} | |
}, | |
"myInstance2": { | |
"Description": "Ip of the newly created EC2 instance", | |
"Value": { | |
"Fn::GetAtt": [ | |
"myInstance2", | |
"PublicIp" | |
] | |
} | |
}, | |
"Bucket": { | |
"Description": "Reference to S3 bucket", | |
"Value": { | |
"Ref": "MyBucket" | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Example configuration for VPC", | |
"Parameters": { | |
"InstanceType": { | |
"Description": "EC2 reousrce instance type", | |
"Type": "String", | |
"Default": "t2.micro" | |
}, | |
"KeyName": { | |
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance", | |
"Type": "AWS::EC2::KeyPair::KeyName", | |
"Default": "demo-key" | |
}, | |
"SSHLocation": { | |
"Description": "The IP address range that can be used to SSH to the EC2 instances", | |
"Type": "String", | |
"Default": "0.0.0.0/0" | |
} | |
}, | |
"Mappings": { | |
"AWSInstanceType2Arch": { | |
"t2.micro": { | |
"Arch": "64" | |
} | |
}, | |
"AWSRegionArch2AMI": { | |
"ap-northeast-1": { | |
"64": "ami-90815290" | |
}, | |
"ap-southeast-1": { | |
"64": "ami-0accf458" | |
}, | |
"ap-southeast-2": { | |
"64": "ami-1dc8b127" | |
}, | |
"cn-north-1": { | |
"64": "ami-eae27fd3" | |
}, | |
"eu-central-1": { | |
"64": "ami-3248712f" | |
}, | |
"eu-west-1": { | |
"64": "ami-d74437a0" | |
}, | |
"sa-east-1": { | |
"64": "ami-0f6ced12" | |
}, | |
"us-east-1": { | |
"64": "ami-83c525e8" | |
}, | |
"us-west-1": { | |
"64": "ami-61b25925" | |
}, | |
"us-gov-west-1": { | |
"64": "ami-51513172" | |
}, | |
"us-west-2": { | |
"64": "ami-57e8d767" | |
} | |
}, | |
"MappingNatAim": { | |
"us-east-1": { | |
"AMI": "ami-184dc970" | |
}, | |
"us-west-1": { | |
"AMI": "ami-a98396ec" | |
}, | |
"us-west-2": { | |
"AMI": "ami-290f4119" | |
}, | |
"eu-west-1": { | |
"AMI": "ami-14913f63" | |
}, | |
"eu-central-1": { | |
"AMI": "ami-ae380eb3" | |
}, | |
"sa-east-1": { | |
"AMI": "ami-8122969c" | |
}, | |
"ap-southeast-1": { | |
"AMI": "ami-6aa38238" | |
}, | |
"ap-southeast-2": { | |
"AMI": "ami-893f53b3" | |
}, | |
"ap-northeast-1": { | |
"AMI": "ami-27d6e626" | |
} | |
} | |
}, | |
"Resources": { | |
"MyVPC": { | |
"Type": "AWS::EC2::VPC", | |
"Properties": { | |
"CidrBlock": "10.0.0.0/16", | |
"EnableDnsSupport": true, | |
"EnableDnsHostnames": true, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "MyVPC" | |
} | |
] | |
} | |
}, | |
"RouteTableNat": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "MyVPC" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "RouteTableNat" | |
} | |
] | |
} | |
}, | |
"PublicSubnet": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": "MyVPC", | |
"Properties": { | |
"CidrBlock": "10.0.0.0/24", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "PublicSubnet" | |
} | |
], | |
"MapPublicIpOnLaunch": true, | |
"VpcId": { | |
"Ref": "MyVPC" | |
} | |
} | |
}, | |
"PrivateSubnet": { | |
"Type": "AWS::EC2::Subnet", | |
"DependsOn": "MyVPC", | |
"Properties": { | |
"CidrBlock": "10.0.1.0/24", | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "PrivateSubnet" | |
} | |
], | |
"MapPublicIpOnLaunch": false, | |
"VpcId": { | |
"Ref": "MyVPC" | |
} | |
} | |
}, | |
"PrivateSubnetRouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "RouteTableNat" | |
}, | |
"SubnetId": { | |
"Ref": "PrivateSubnet" | |
} | |
} | |
}, | |
"MyInternetGw": { | |
"Type": "AWS::EC2::InternetGateway", | |
"Properties": { | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "MyInternetGw" | |
} | |
] | |
} | |
}, | |
"MyInternetGwAttachment": { | |
"Type": "AWS::EC2::VPCGatewayAttachment", | |
"Properties": { | |
"VpcId": { | |
"Ref": "MyVPC" | |
}, | |
"InternetGatewayId": { | |
"Ref": "MyInternetGw" | |
} | |
} | |
}, | |
"RouteTableMyInternetGw": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "MyVPC" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "RouteTableMyInternetGw" | |
}, | |
{ | |
"Key": "Application", | |
"Value": { | |
"Ref": "AWS::StackId" | |
} | |
} | |
] | |
} | |
}, | |
"Route": { | |
"Type": "AWS::EC2::Route", | |
"DependsOn": "MyInternetGwAttachment", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "RouteTableMyInternetGw" | |
}, | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"GatewayId": { | |
"Ref": "MyInternetGw" | |
} | |
} | |
}, | |
"RouteTableAssociationPublicSubnet": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"SubnetId": { | |
"Ref": "PublicSubnet" | |
}, | |
"RouteTableId": { | |
"Ref": "RouteTableMyInternetGw" | |
} | |
} | |
}, | |
"BackendSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Enable SSH access via port 22", | |
"VpcId": { | |
"Ref": "MyVPC" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "BackendSecurityGroup" | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
], | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": "10.0.0.0/24" | |
}, | |
{ | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"CidrIp": "10.0.0.0/16" | |
} | |
] | |
} | |
}, | |
"FrontEndSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Enable SSH access via port 22", | |
"VpcId": { | |
"Ref": "MyVPC" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "FrontEndSecurityGroup" | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": "10.0.1.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
], | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": { | |
"Ref": "SSHLocation" | |
} | |
}, | |
{ | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
} | |
] | |
} | |
}, | |
"NatSecurityGroup": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"GroupDescription": "Enable SSH access via port 22", | |
"VpcId": { | |
"Ref": "MyVPC" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "NatSecurityGroup" | |
} | |
], | |
"SecurityGroupEgress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": "10.0.1.0/24" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
], | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": { | |
"Ref": "SSHLocation" | |
} | |
}, | |
{ | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "10.0.1.0/24" | |
} | |
] | |
} | |
}, | |
"myNat": { | |
"Type": "AWS::EC2::Instance", | |
"Metadata": {}, | |
"Properties": { | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"MappingNatAim", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"AMI" | |
] | |
}, | |
"InstanceType": { | |
"Ref": "InstanceType" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "myNat" | |
} | |
], | |
"SourceDestCheck": false, | |
"SecurityGroupIds": [ | |
{ | |
"Ref": "NatSecurityGroup" | |
} | |
], | |
"SubnetId": { | |
"Ref": "PublicSubnet" | |
}, | |
"KeyName": { | |
"Ref": "KeyName" | |
}, | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"\n", | |
[ | |
"#!/bin/bash\n", | |
"set -x\n", | |
"set -e\n", | |
"set -o pipefail\n", | |
"LOG=/tmp/install.log\n", | |
"echo $(date): User data script started > $LOG\n", | |
"echo $(date): User data script started\n", | |
"function finish() {\n", | |
" echo \"$(date): installation finished\" \n", | |
" echo \"$(date): installation finished\" >> $LOG \n", | |
"}\n", | |
"function error() {\n", | |
" local lineno=$1\n", | |
" local error=1\n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" \n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" >> $LOG \n", | |
" exit 1\n", | |
"}\n", | |
"trap finish EXIT\n", | |
"trap 'error ${LINENO}' ERR\n" | |
] | |
] | |
} | |
} | |
} | |
}, | |
"myBack1": { | |
"Type": "AWS::EC2::Instance", | |
"Metadata": {}, | |
"Properties": { | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"AWSRegionArch2AMI", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
{ | |
"Fn::FindInMap": [ | |
"AWSInstanceType2Arch", | |
{ | |
"Ref": "InstanceType" | |
}, | |
"Arch" | |
] | |
} | |
] | |
}, | |
"InstanceType": { | |
"Ref": "InstanceType" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "myBack1" | |
} | |
], | |
"SourceDestCheck": true, | |
"SecurityGroupIds": [ | |
{ | |
"Ref": "BackendSecurityGroup" | |
} | |
], | |
"SubnetId": { | |
"Ref": "PrivateSubnet" | |
}, | |
"KeyName": { | |
"Ref": "KeyName" | |
}, | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"\n", | |
[ | |
"#!/bin/bash\n", | |
"set -x\n", | |
"set -e\n", | |
"set -o pipefail\n", | |
"LOG=/tmp/install.log\n", | |
"echo $(date): User data script started > $LOG\n", | |
"echo $(date): User data script started\n", | |
"function finish() {\n", | |
" echo \"$(date): installation finished\" \n", | |
" echo \"$(date): installation finished\" >> $LOG \n", | |
"}\n", | |
"function error() {\n", | |
" local lineno=$1\n", | |
" local error=1\n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" \n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" >> $LOG \n", | |
" exit 1\n", | |
"}\n", | |
"trap finish EXIT\n", | |
"trap 'error ${LINENO}' ERR\n" | |
] | |
] | |
} | |
} | |
} | |
}, | |
"myFront1": { | |
"Type": "AWS::EC2::Instance", | |
"CreationPolicy": { | |
"ResourceSignal": { | |
"Timeout": "PT8M" | |
} | |
}, | |
"DependsOn": [ | |
"myBack1", | |
"myNat" | |
], | |
"Metadata": { | |
"AWS::CloudFormation::Init": { | |
"config": { | |
"packages": {}, | |
"groups": {}, | |
"users": {}, | |
"sources": {}, | |
"files": { | |
"/tmp/cfn-init.txt": { | |
"content": { | |
"Fn::Join": [ | |
"", | |
[ | |
"Installed in cfn-init", | |
"\n" | |
] | |
] | |
}, | |
"mode": "000444", | |
"owner": "root", | |
"group": "root" | |
} | |
}, | |
"commands": {}, | |
"services": {} | |
} | |
} | |
}, | |
"Properties": { | |
"ImageId": { | |
"Fn::FindInMap": [ | |
"AWSRegionArch2AMI", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
{ | |
"Fn::FindInMap": [ | |
"AWSInstanceType2Arch", | |
{ | |
"Ref": "InstanceType" | |
}, | |
"Arch" | |
] | |
} | |
] | |
}, | |
"InstanceType": { | |
"Ref": "InstanceType" | |
}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "myFront1" | |
} | |
], | |
"SourceDestCheck": true, | |
"SecurityGroupIds": [ | |
{ | |
"Ref": "FrontEndSecurityGroup" | |
} | |
], | |
"SubnetId": { | |
"Ref": "PublicSubnet" | |
}, | |
"KeyName": { | |
"Ref": "KeyName" | |
}, | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"\n", | |
[ | |
"#!/bin/bash\n", | |
"set -x\n", | |
"set -e\n", | |
"set -o pipefail\n", | |
"LOG=/tmp/install.log\n", | |
"echo $(date): User data script started > $LOG\n", | |
"echo $(date): User data script started\n", | |
"function finish() {\n", | |
" echo \"$(date): installation finished\" \n", | |
" echo \"$(date): installation finished\" >> $LOG \n", | |
" STACK='", | |
{ | |
"Ref": "AWS::StackName" | |
}, | |
"'\n", | |
" REGION='", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"'\n", | |
" RESOURCE='myFront1'\n", | |
" type cfn-signal && sudo cfn-signal --success true --reason \"UserData script success\" --stack $STACK --resource $RESOURCE --region $REGION \n", | |
"}\n", | |
"function error() {\n", | |
" local lineno=$1\n", | |
" local error=1\n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" \n", | |
" echo \"$(date): installation finished in ERROR $error on line $lineno\" >> $LOG \n", | |
" STACK='", | |
{ | |
"Ref": "AWS::StackName" | |
}, | |
"'\n", | |
" REGION='", | |
{ | |
"Ref": "AWS::Region" | |
}, | |
"'\n", | |
" RESOURCE='myFront1'\n", | |
" type cfn-signal && sudo cfn-signal --exit-code $error --reason \"installation finished in ERROR on line $lineno\" --stack $STACK --resource $RESOURCE --region $REGION \n", | |
" exit 1\n", | |
"}\n", | |
"trap finish EXIT\n", | |
"trap 'error ${LINENO}' ERR\n", | |
"echo \"$(date): ------------------------------------------------------------------\" \n", | |
"echo Install Cloudformation tools \n", | |
"sudo apt-get -y install python-setuptools \n", | |
"[ -d aws-cfn-bootstrap-latest ] || mkdir aws-cfn-bootstrap-latest \n", | |
"curl https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1 \n", | |
"sudo easy_install aws-cfn-bootstrap-latest \n" | |
] | |
] | |
} | |
} | |
} | |
}, | |
"RouteToNat": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "RouteTableNat" | |
}, | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"InstanceId": { | |
"Ref": "myNat" | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"myFront1": { | |
"Description": "Ip of the newly created EC2 instance", | |
"Value": { | |
"Fn::GetAtt": [ | |
"myFront1", | |
"PublicIp" | |
] | |
} | |
}, | |
"myNat": { | |
"Description": "Ip of the newly created EC2 instance", | |
"Value": { | |
"Fn::GetAtt": [ | |
"myNat", | |
"PublicIp" | |
] | |
} | |
}, | |
"InstanceId1": { | |
"Description": "Id of the newly created EC2 instance", | |
"Value": { | |
"Ref": "myFront1" | |
} | |
}, | |
"InstanceId2": { | |
"Description": "Id of the newly created EC2 instance", | |
"Value": { | |
"Ref": "myBack1" | |
} | |
}, | |
"MyInternetGw": { | |
"Description": "Id of InternetGateway", | |
"Value": { | |
"Ref": "MyInternetGw" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment