Skip to content

Instantly share code, notes, and snippets.

@miyamoto-daisuke
Created July 26, 2013 08:48
Show Gist options
  • Save miyamoto-daisuke/6087331 to your computer and use it in GitHub Desktop.
Save miyamoto-daisuke/6087331 to your computer and use it in GitHub Desktop.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "simple template",
"Parameters": {
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the web server",
"Type": "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedPattern": "[-_ a-zA-Z0-9]*",
"ConstraintDescription": "can contain only alphanumeric characters, spaces, dashes and underscores."
}
},
"Mappings": {
"AWSAmazonLinuxAMI": {
"us-east-1": { "AMI": "ami-3275ee5b" },
"us-west-2": { "AMI": "ami-ecbe2adc" },
"us-west-1": { "AMI": "ami-66d1fc23" },
"eu-west-1": { "AMI": "ami-44939930" },
"ap-southeast-1": { "AMI": "ami-aa9ed2f8" },
"ap-southeast-2": { "AMI": "ami-363eaf0c" },
"ap-northeast-1": { "AMI": "ami-173fbf16" },
"sa-east-1": { "AMI": "ami-dd6bb0c0" }
},
"StackConfig": {
"WebServer": { "InstanceType" : "t1.micro" }
}
},
"Resources": {
"PowerUserRole" : {
"Type" : "AWS::IAM::Role",
"Properties" : {
"AssumeRolePolicyDocument" : {
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": [ "ec2.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path" : "/",
"Policies" :[ {
"PolicyName" : "PowerUserPolicy",
"PolicyDocument" : {
"Statement": [ {
"Sid": "PowerUserStmt",
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
} ]
}
}]
}
},
"PowerUserProfile" : {
"Type" : "AWS::IAM::InstanceProfile",
"Properties" : {
"Roles" : [ { "Ref" : "PowerUserRole" } ]
}
},
"WebSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP/HTTPS access via port 80/443",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" },
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" }
]
}
},
"SSHSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" }
]
}
},
"WebServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType": { "Fn::FindInMap" : [ "StackConfig", "WebServer", "InstanceType" ]},
"KeyName": { "Ref": "KeyName" },
"ImageId": { "Fn::FindInMap": [ "AWSAmazonLinuxAMI", { "Ref" : "AWS::Region" }, "AMI" ]},
"IamInstanceProfile": { "Ref" : "PowerUserProfile" },
"SecurityGroupIds" : [
{ "Ref" : "WebSecurityGroup" },
{ "Ref" : "SSHSecurityGroup" }
],
"Tags": [
{ "Key": "Name", "Value": "Web" }
],
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#! /bin/bash -v\n",
"yum update -y\n",
"# Helper function\n",
"function error_exit\n",
"{\n",
" /opt/aws/bin/cfn-signal -e 1 -r \"$1\" '", { "Ref" : "WebServerWaitHandle" }, "'\n",
" exit 1\n",
"}\n",
"# Install packages\n",
"/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackId" }, " -r WebServer ",
" --region ", { "Ref" : "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n",
"# All is well so signal success\n",
"/opt/aws/bin/cfn-signal -e $? -r \"WebServer setup complete\" '", { "Ref" : "WebServerWaitHandle" }, "'\n"
]]}}
},
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"packages" : {
"yum" : {
"httpd" : [],
"tomcat7" : [],
"mysql55" : [],
"php" : [],
"php-pear" : [],
"jq" : [],
"python-magic" : []
}
},
"sources" : {
"/opt" : "http://jaist.dl.sourceforge.net/project/s3tools/s3cmd/1.5.0-alpha3/s3cmd-1.5.0-alpha3.tar.gz"
},
"files" : {
"/var/www/html/info.php" : {
"content" : "<?php phpinfo(); ?>",
"mode" : "000644",
"owner" : "apache",
"group" : "apache"
},
"/var/lib/tomcat7/webapps/ROOT/index.html" : {
"content" : "<html><head><title>Hello</title></head><body>Hello, cfn-init!</body></html>",
"mode" : "000644",
"owner" : "tomcat",
"group" : "tomcat"
},
"/etc/httpd/conf.d/tomcat.conf" : {
"content" : { "Fn::Join" : ["\n", [
"<VirtualHost *:80>",
" <Proxy *>",
" Order deny,allow",
" Allow from all",
" </Proxy>",
"",
" ProxyPass /tomcat ajp://localhost:8009/ keepalive=Off",
" ProxyPassReverse /tomcat ajp://localhost:8009/",
" ProxyPreserveHost on",
"</VirtualHost>"
]]},
"mode" : "000644",
"owner" : "root",
"group" : "root"
}
},
"commands" : {
"Mail_mimeDecode" : {
"command" : "pear install Mail_mimeDecode",
"test" : "test ! -e /usr/share/pear/Mail/mimeDecode.php"
}
},
"services" : {
"sysvinit" : {
"httpd" : { "enabled" : "true", "ensureRunning" : "true" },
"tomcat7" : { "enabled" : "true", "ensureRunning" : "true" }
}
}
}
}
}
},
"WebServerWaitHandle" : {
"Type" : "AWS::CloudFormation::WaitConditionHandle"
},
"WebServerWaitCondition" : {
"Type" : "AWS::CloudFormation::WaitCondition",
"DependsOn" : "WebServer",
"Properties" : {
"Handle" : {"Ref" : "WebServerWaitHandle"},
"Timeout" : "900"
}
}
},
"Outputs": {
"SSHToWebServer": {
"Value": { "Fn::Join":["", [
"ssh -i /path/to/", { "Ref": "KeyName" }, ".pem ec2-user@", { "Fn::GetAtt" : [ "WebServer", "PublicDnsName" ] }
]] },
"Description": "SSH command to connect to the web server"
},
"WebServerURL": {
"Value": { "Fn::Join":["", [
"http://", { "Fn::GetAtt" : [ "WebServer", "PublicDnsName" ] }
]] },
"Description": "URL of the web server"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment