Last active
March 13, 2023 17:08
-
-
Save paprika101/b45abf94d9cea8a4fff77866449d2379 to your computer and use it in GitHub Desktop.
Cloudformation YAML for EC2 instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: "2010-09-09" | |
Parameters: | |
AZName: | |
Description: The EC2 Availability Zone (AZ) for your EC2 instance | |
Type: String | |
Default: "us-east-1a" | |
KeyName: | |
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance | |
Type: AWS::EC2::KeyPair::KeyName | |
Default: "abcd" | |
EC2InstanceType: | |
Description: EC2 instance type for your EC2 instance | |
Type: String | |
Default: "t2.micro" | |
ImageId: | |
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>' | |
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' | |
SubnetId: | |
Description: Subnet ID for your EC2 instance | |
Type: String | |
bucketname: | |
Description: S3 path for your Python script | |
Type: String | |
Default: "test-bucket-123" | |
scriptname: | |
Description: Python script name, stored in your S3 bucket | |
Type: String | |
Default: "do_something.py" | |
vpcID: | |
Description: VPC ID, where your EC2 instance should reside | |
Type: String | |
SecurityGroupName: | |
Description: Security Group name for your EC2 instance's security group | |
Type: String | |
Default: "testec2-securitygroup" | |
IpAddress: | |
Description: The IP address range, which you're sure is safe for use | |
Type: String | |
Resources: | |
SecurityGroup: | |
Type: "AWS::EC2::SecurityGroup" | |
Properties: | |
Tags: | |
- Key: "Name" | |
Value: !Ref SecurityGroupName | |
GroupDescription: Security Group for your EC2 instance. | |
VpcId: !Ref vpcID | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
CidrIp: !Ref IpAddress | |
FromPort: "443" | |
ToPort: "443" | |
- IpProtocol: tcp | |
CidrIp: !Ref IpAddress | |
FromPort: "5432" | |
ToPort: "5432" | |
- IpProtocol: tcp | |
CidrIp: !Ref IpAddress | |
FromPort: "22" | |
ToPort: "22" | |
EC2InstanceRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: myEC2Role | |
Description: Instance role to attach to your EC2 instance | |
Tags: | |
- Key: "Name" | |
Value: myEC2Role | |
AssumeRolePolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- ec2.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
Path: "/" | |
EC2InstanceRolePolicy: | |
DependsOn: EC2InstanceRole | |
Type: AWS::IAM::ManagedPolicy | |
Properties: | |
ManagedPolicyName: ec2role_policy | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- Effect: Allow | |
Action: | |
- "s3:GetObject*" | |
- "s3:ListBucket" | |
- "s3:GetBucketLocation" | |
Resource: | |
- !Sub 'arn:aws:s3:::${bucketname}/' | |
- !Sub 'arn:aws:s3:::${bucketname}/*' | |
- Effect: Allow | |
Action: | |
- "ec2:*" | |
Resource: "*" | |
Roles: | |
- !Ref EC2InstanceRole | |
EC2InstanceProfile: | |
DependsOn: EC2InstanceRole | |
Type: AWS::IAM::InstanceProfile | |
Properties: | |
InstanceProfileName: ec2instanceprofile | |
Path: "/" | |
Roles: | |
- !Ref EC2InstanceRole | |
EC2Instance: | |
DependsOn: | |
- SecurityGroup | |
- EC2InstanceRole | |
Type: AWS::EC2::Instance | |
Properties: | |
Tags: | |
- Key: "Name" | |
Value: myEC2instance | |
- Key: "Purpose" | |
Value: "To serve some X purpose" | |
InstanceType: | |
Ref: EC2InstanceType | |
IamInstanceProfile: !Ref EC2InstanceProfile | |
AvailabilityZone: | |
Ref: AZName | |
SubnetId: | |
Ref: SubnetId | |
SecurityGroupIds: | |
- !Ref SecurityGroup | |
KeyName: | |
Ref: KeyName | |
ImageId: | |
Ref: ImageId | |
BlockDeviceMappings: | |
- DeviceName: "/dev/xvda" | |
Ebs: | |
VolumeSize: "10" | |
VolumeType: "gp2" | |
Encrypted: "true" | |
DeleteOnTermination: "true" | |
UserData: | |
Fn::Base64: !Sub | | |
#!/bin/bash -xe | |
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" | |
python3 get-pip.py | |
pip3 -v | |
pip3 install awscli --upgrade | |
pip3 install boto3 regex | |
#copies a python3 script from an S3 bucket | |
aws s3 cp s3://${bucketname}/${scriptname} /tmp/${scriptname} | |
#runs a python script you need to before you log in | |
python3 /tmp/${scriptname} | |
Outputs: | |
InstanceId: | |
Description: > | |
InstanceId of the newly created EC2 instance | |
Value: | |
Ref: EC2Instance | |
Export: | |
Name: | |
Fn::Sub: "EC2InstanceID" | |
PrivateIP: | |
Description: > | |
Private IP address of the newly created EC2 instance | |
Value: | |
Fn::GetAtt: | |
- EC2Instance | |
- PrivateIp | |
Export: | |
Name: | |
Fn::Sub: "EC2PrivateIP" | |
SecurityGroupID: | |
Description: Security Group ID, can be referenced by other stacks | |
Value: | |
Ref: SecurityGroup | |
Export: | |
Name: | |
Fn::Sub: "EC2SecurityGroupId" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment