Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Linux Bastion with GUI - CloudFormation template
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS CloudFormation template to create a linux bastion host with a GUI that can
be accessed via x2go.
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
Type: String
VPC:
Description: Name of an existing VPC
Type: AWS::EC2::VPC::Id
Subnet:
Description: Name of an existing subnet in which the instance should be launched
Type: AWS::EC2::Subnet::Id
SourceIpCIDR:
Description: Source IP CIDR block
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: Must use a valid IP CIDR range using slash notation (e.g., x.x.x.x/y)
EnableIPv6:
Description: Enable IPv6
Type: String
Default: true
Conditions:
isIPv6enabled: !Equals [ !Ref EnableIPv6, EnableIPv6 ]
Mappings:
LinuxRegionMap:
us-east-2:
UbuntuAMI: ami-0d5bf08bc8017c83b
Resources:
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Description: SG to permit TCP Port 22 (ssh, x2go)
Properties:
Tags:
- Key: Name
Value: !Join [ '-', [ !Ref 'AWS::StackName', 'permit-tcp22' ] ]
GroupName: !Join [ '-', [ !Ref 'AWS::StackName', 'permit-tcp22' ] ]
GroupDescription: Permit port 22 for ssh and x2go
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
CidrIp: !Ref SourceIpCIDR
FromPort: 22
ToPort: 22
EC2Instance:
Type: 'AWS::EC2::Instance'
Properties:
Tags:
- Key: Name
Value: !Join [ '-', [ !Ref 'AWS::StackName', 'bastion' ] ]
KeyName: !Ref KeyName
InstanceType: t3.medium
ImageId: !FindInMap [ LinuxRegionMap, !Ref 'AWS::Region', UbuntuAMI ]
NetworkInterfaces:
- Ipv6AddressCount: !If [isIPv6enabled, 1, 0 ]
AssociatePublicIpAddress: true
DeviceIndex: "0"
GroupSet:
- !Ref SecurityGroup
SubnetId: !Ref Subnet
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
apt-get -y update
apt-get -y xorg lxde-core lxterminal autocutsel chromium-browser
add-apt-repository -y ppa:x2go/stable
apt-get -y update
apt-get -y x2goserver x2goserver-xsession x2golxdebindings
Outputs:
PublicDNS:
Description: Public DNS for EC2 instance
Value: !GetAtt EC2Instance.PublicDnsName
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment