Created
January 7, 2023 18:16
-
-
Save kcotten/20aa4af36f6bdd539905d682ade95369 to your computer and use it in GitHub Desktop.
Example script provisioning a simple ec2 HTTP server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
# Create a VPC | |
AWS_VPC=$(aws ec2 create-vpc \ | |
--cidr-block 10.0.0.0/16 \ | |
--query 'Vpc.{VpcId:VpcId}' \ | |
--output text) | |
# Add a name tag to the VPC | |
aws ec2 create-tags \ | |
--resources $AWS_VPC \ | |
--tags Key=Name,Value=DevOpsVPC | |
# Enable DNS hostnames | |
aws ec2 modify-vpc-attribute \ | |
--vpc-id $AWS_VPC \ | |
--enable-dns-hostnames "{\"Value\":true}" | |
# Enable DNS support | |
aws ec2 modify-vpc-attribute \ | |
--vpc-id $AWS_VPC \ | |
--enable-dns-support "{\"Value\":true}" | |
# Create a public subnet | |
AWS_PUBLIC_SUBNET=$(aws ec2 create-subnet \ | |
--vpc-id $AWS_VPC \ | |
--cidr-block 10.0.1.0/24 \ | |
--availability-zone us-east-1a \ | |
--query 'Subnet.{SubnetId:SubnetId}' \ | |
--output text) | |
# Add a name tag to the public subnet | |
aws ec2 create-tags \ | |
--resources $AWS_PUBLIC_SUBNET \ | |
--tags Key=Name,Value=DevOpsPublicSubnet | |
# create a private subnet | |
AWS_PRIVATE_SUBNET=$(aws ec2 create-subnet \ | |
--vpc-id $AWS_VPC \ | |
--cidr-block 10.0.2.0/24 \ | |
--availability-zone us-east-1a \ | |
--query 'Subnet.{SubnetId:SubnetId}' \ | |
--output text) | |
# Add a name tag to the private subnet | |
aws ec2 create-tags \ | |
--resources $AWS_PRIVATE_SUBNET \ | |
--tags Key=Name,Value=DevOpsPrivateSubnet | |
# Enable auto-assign public IP on the public subnet | |
aws ec2 modify-subnet-attribute \ | |
--subnet-id $AWS_PUBLIC_SUBNET \ | |
--map-public-ip-on-launch | |
AWS_INTERNET_GATEWAY=$(aws ec2 create-internet-gateway \ | |
--query 'InternetGateway.{InternetGatewayId:InternetGatewayId}' \ | |
--output text) | |
# Add a name tag to the Internet Gateway | |
aws ec2 create-tags \ | |
--resources $AWS_INTERNET_GATEWAY \ | |
--tags Key=Name,Value=DevOpsInternetGateway | |
# Get Elastic IP | |
AWS_ELASTIC_IP=$(aws ec2 allocate-address \ | |
--domain vpc \ | |
--query 'AllocationId' \ | |
--output text) | |
# Create a NAT gateway | |
AWS_NAT_GATEWAY=$(aws ec2 create-nat-gateway \ | |
--subnet-id $AWS_PUBLIC_SUBNET \ | |
--allocation-id $AWS_EIP_ALLOCATION \ | |
--query 'NatGateway.{NatGatewayId:NatGatewayId}' \ | |
--output text) | |
# Add a name tag to the NAT gateway | |
aws ec2 create-tags \ | |
--resources $AWS_NAT_GATEWAY \ | |
--tags Key=Name,Value=DevOpsNATGateway | |
# Attach the Internet gateway to your VPC | |
aws ec2 attach-internet-gateway \ | |
--vpc-id $AWS_VPC \ | |
--internet-gateway-id $AWS_INTERNET_GATEWAY \ | |
--query 'InternetGateway.{InternetGatewayId:InternetGatewayId}' \ | |
--output text | |
# Create a custom route table | |
AWS_ROUTE_TABLE=$(aws ec2 create-route-table \ | |
--vpc-id $AWS_VPC \ | |
--query 'RouteTable.{RouteTableId:RouteTableId}' \ | |
--output text) | |
# Add a name tag to the route table | |
aws ec2 create-tags \ | |
--resources $AWS_ROUTE_TABLE \ | |
--tags Key=Name,Value=DevOpsRouteTable | |
# Create a custom route table association | |
aws ec2 associate-route-table \ | |
--route-table-id $AWS_ROUTE_TABLE \ | |
--subnet-id $AWS_PUBLIC_SUBNET \ | |
--output text | |
# Associate the subnet with route table, making it a public subnet | |
aws ec2 create-route \ | |
--route-table-id $AWS_ROUTE_TABLE \ | |
--destination-cidr-block 0.0.0.0/0 \ | |
--gateway-id $AWS_INTERNET_GATEWAY \ | |
--output text | |
# Associate the NAT gateway with the route table, making it a private subnet | |
aws ec2 create-route \ | |
--route-table-id $AWS_ROUTE_TABLE \ | |
--destination-cidr-block 10.2.0.0/24 \ | |
--nat-gateway-id $AWS_NAT_GATEWAY \ | |
--output text | |
# Create a security group | |
AWS_SECURITY_GROUP=$(aws ec2 create-security-group \ | |
--group-name DevOpsSG \ | |
--description "DevOps Security Group" \ | |
--vpc-id $AWS_VPC \ | |
--query 'GroupId' \ | |
--output text) | |
# Add a name tag to the security group | |
aws ec2 create-tags \ | |
--resources $AWS_SECURITY_GROUP \ | |
--tags Key=Name,Value=DevOpsSG | |
# Add a rule to the security group | |
# Add SSH rule | |
aws ec2 authorize-security-group-ingress \ | |
--group-id $AWS_SECURITY_GROUP \ | |
--protocol tcp \ | |
--port 22 \ | |
--cidr 0.0.0.0/0 \ | |
--output text | |
# Add HTTP rule | |
aws ec2 authorize-security-group-ingress \ | |
--group-id $AWS_SECURITY_GROUP \ | |
--protocol tcp \ | |
--port 80 \ | |
--cidr 0.0.0.0/0 \ | |
--output text | |
# Get the latest AMI ID | |
AWS_AMI=$(aws ec2 describe-images \ | |
--owners 'amazon' \ | |
--filters 'Name=name,Values=amzn2-ami-hvm-2.0.20221004.0-x86_64-gp2' \ | |
'Name=state,Values=available' \ | |
--query 'sort_by(Images, &CreationDate)[-1].[ImageId]' \ | |
--output 'text') | |
# Create a bash run script | |
cat <<EOF > run.sh | |
#!/bin/bash | |
echo "Hello, aws-cli!" > index.html | |
nohup python -m SimpleHTTPServer 80 & | |
EOF | |
# Create an EC2 instance | |
AWS_EC2_INSTANCE=$(aws ec2 run-instances \ | |
--image-id $AWS_AMI \ | |
--instance-type t2.micro \ | |
--key-name DevOpsKeyPair \ | |
--monitoring "Enabled=false" \ | |
--security-group-ids $AWS_SECURITY_GROUP \ | |
--subnet-id $AWS_PUBLIC_SUBNET \ | |
--user-data file://run.sh \ | |
--private-ip-address 10.0.1.10 \ | |
--query 'Instances[0].InstanceId' \ | |
--output text) | |
# Add a name tag to the EC2 instance | |
aws ec2 create-tags \ | |
--resources $AWS_EC2_INSTANCE \ | |
--tags "Key=Name,Value=DevOpsInstance" | |
# Get the public ip address of your instance | |
AWS_PUBLIC_IP=$(aws ec2 describe-instances \ | |
--instance-ids $AWS_EC2_INSTANCE \ | |
--query 'Reservations[*].Instances[*].[PublicIpAddress]' \ | |
--output text) | |
echo $AWS_EC2_INSTANCE_PUBLIC_IP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment