paprika101/ec2_instance.yaml

## ec2_instance.yaml
---
AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  AZName:
    Description: The EC2 Availability Zone (AZ) for your EC2 instance
    Type: String
    Default: "us-east-1a"

  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    Default: "abcd"

  EC2InstanceType:
    Description: EC2 instance type for your EC2 instance
    Type: String
    Default: "t2.micro"

  ImageId:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

  SubnetId:
    Description: Subnet ID for your EC2 instance
    Type: String

  bucketname:
    Description: S3 path for your Python script
    Type: String
    Default: "test-bucket-123"

  scriptname:
    Description: Python script name, stored in your S3 bucket
    Type: String
    Default: "do_something.py"

  vpcID:
    Description: VPC ID, where your EC2 instance should reside
    Type: String

  SecurityGroupName:
    Description: Security Group name for your EC2 instance's security group
    Type: String
    Default: "testec2-securitygroup"

  IpAddress:
    Description: The IP address range, which you're sure is safe for use
    Type: String

Resources:
  SecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      Tags:
        - Key: "Name"
          Value: !Ref SecurityGroupName
      GroupDescription: Security Group for your EC2 instance.
      VpcId: !Ref vpcID
      SecurityGroupIngress:
        - IpProtocol: tcp
          CidrIp: !Ref IpAddress
          FromPort: "443"
          ToPort: "443"
        - IpProtocol: tcp
          CidrIp: !Ref IpAddress
          FromPort: "5432"
          ToPort: "5432"
        - IpProtocol: tcp
          CidrIp: !Ref IpAddress
          FromPort: "22"
          ToPort: "22"

  EC2InstanceRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: myEC2Role
      Description: Instance role to attach to your EC2 instance
      Tags:
        - Key: "Name"
          Value: myEC2Role
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"

  EC2InstanceRolePolicy:
    DependsOn: EC2InstanceRole
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: ec2role_policy
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Action:
              - "s3:GetObject*"
              - "s3:ListBucket"
              - "s3:GetBucketLocation"
            Resource:
              - !Sub 'arn:aws:s3:::${bucketname}/'
              - !Sub 'arn:aws:s3:::${bucketname}/*'
          - Effect: Allow
            Action:
              - "ec2:*"
            Resource: "*"
      Roles:
        - !Ref EC2InstanceRole

  EC2InstanceProfile:
    DependsOn: EC2InstanceRole
    Type: AWS::IAM::InstanceProfile
    Properties:
      InstanceProfileName: ec2instanceprofile
      Path: "/"
      Roles:
        - !Ref EC2InstanceRole

  EC2Instance:
    DependsOn:
      - SecurityGroup
      - EC2InstanceRole
    Type: AWS::EC2::Instance
    Properties:
      Tags:
        - Key: "Name"
          Value: myEC2instance
        - Key: "Purpose"
          Value: "To serve some X purpose"
      InstanceType:
        Ref: EC2InstanceType
      IamInstanceProfile: !Ref EC2InstanceProfile
      AvailabilityZone:
        Ref: AZName
      SubnetId:
        Ref: SubnetId
      SecurityGroupIds:
        - !Ref SecurityGroup
      KeyName:
        Ref: KeyName
      ImageId:
        Ref: ImageId
      BlockDeviceMappings:
        - DeviceName: "/dev/xvda"
          Ebs:
            VolumeSize: "10"
            VolumeType: "gp2"
            Encrypted: "true"
            DeleteOnTermination: "true"
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash -xe
          curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
          python3 get-pip.py
          pip3 -v
          pip3 install awscli --upgrade
          pip3 install boto3 regex
          #copies a python3 script from an S3 bucket
          aws s3 cp s3://${bucketname}/${scriptname} /tmp/${scriptname}
          #runs a python script you need to before you log in
          python3 /tmp/${scriptname}
Outputs:
  InstanceId:
    Description: >
      InstanceId of the newly created EC2 instance
    Value:
      Ref: EC2Instance
    Export:
      Name:
        Fn::Sub: "EC2InstanceID"

  PrivateIP:
    Description: >
      Private IP address of the newly created EC2 instance
    Value:
      Fn::GetAtt:
        - EC2Instance
        - PrivateIp
    Export:
      Name:
        Fn::Sub: "EC2PrivateIP"

  SecurityGroupID:
    Description: Security Group ID, can be referenced by other stacks
    Value:
      Ref: SecurityGroup
    Export:
      Name:
        Fn::Sub: "EC2SecurityGroupId"
	---
	AWSTemplateFormatVersion: "2010-09-09"

	Parameters:
	AZName:
	Description: The EC2 Availability Zone (AZ) for your EC2 instance
	Type: String
	Default: "us-east-1a"

	KeyName:
	Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
	Type: AWS::EC2::KeyPair::KeyName
	Default: "abcd"

	EC2InstanceType:
	Description: EC2 instance type for your EC2 instance
	Type: String
	Default: "t2.micro"

	ImageId:
	Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
	Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

	SubnetId:
	Description: Subnet ID for your EC2 instance
	Type: String

	bucketname:
	Description: S3 path for your Python script
	Type: String
	Default: "test-bucket-123"

	scriptname:
	Description: Python script name, stored in your S3 bucket
	Type: String
	Default: "do_something.py"

	vpcID:
	Description: VPC ID, where your EC2 instance should reside
	Type: String

	SecurityGroupName:
	Description: Security Group name for your EC2 instance's security group
	Type: String
	Default: "testec2-securitygroup"

	IpAddress:
	Description: The IP address range, which you're sure is safe for use
	Type: String

	Resources:
	SecurityGroup:
	Type: "AWS::EC2::SecurityGroup"
	Properties:
	Tags:
	- Key: "Name"
	Value: !Ref SecurityGroupName
	GroupDescription: Security Group for your EC2 instance.
	VpcId: !Ref vpcID
	SecurityGroupIngress:
	- IpProtocol: tcp
	CidrIp: !Ref IpAddress
	FromPort: "443"
	ToPort: "443"
	- IpProtocol: tcp
	CidrIp: !Ref IpAddress
	FromPort: "5432"
	ToPort: "5432"
	- IpProtocol: tcp
	CidrIp: !Ref IpAddress
	FromPort: "22"
	ToPort: "22"

	EC2InstanceRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: myEC2Role
	Description: Instance role to attach to your EC2 instance
	Tags:
	- Key: "Name"
	Value: myEC2Role
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- ec2.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: "/"

	EC2InstanceRolePolicy:
	DependsOn: EC2InstanceRole
	Type: AWS::IAM::ManagedPolicy
	Properties:
	ManagedPolicyName: ec2role_policy
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- "s3:GetObject*"
	- "s3:ListBucket"
	- "s3:GetBucketLocation"
	Resource:
	- !Sub 'arn:aws:s3:::${bucketname}/'
	- !Sub 'arn:aws:s3:::${bucketname}/*'
	- Effect: Allow
	Action:
	- "ec2:*"
	Resource: "*"
	Roles:
	- !Ref EC2InstanceRole

	EC2InstanceProfile:
	DependsOn: EC2InstanceRole
	Type: AWS::IAM::InstanceProfile
	Properties:
	InstanceProfileName: ec2instanceprofile
	Path: "/"
	Roles:
	- !Ref EC2InstanceRole

	EC2Instance:
	DependsOn:
	- SecurityGroup
	- EC2InstanceRole
	Type: AWS::EC2::Instance
	Properties:
	Tags:
	- Key: "Name"
	Value: myEC2instance
	- Key: "Purpose"
	Value: "To serve some X purpose"
	InstanceType:
	Ref: EC2InstanceType
	IamInstanceProfile: !Ref EC2InstanceProfile
	AvailabilityZone:
	Ref: AZName
	SubnetId:
	Ref: SubnetId
	SecurityGroupIds:
	- !Ref SecurityGroup
	KeyName:
	Ref: KeyName
	ImageId:
	Ref: ImageId
	BlockDeviceMappings:
	- DeviceName: "/dev/xvda"
	Ebs:
	VolumeSize: "10"
	VolumeType: "gp2"
	Encrypted: "true"
	DeleteOnTermination: "true"
	UserData:
	Fn::Base64: !Sub \|
	#!/bin/bash -xe
	curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
	python3 get-pip.py
	pip3 -v
	pip3 install awscli --upgrade
	pip3 install boto3 regex
	#copies a python3 script from an S3 bucket
	aws s3 cp s3://${bucketname}/${scriptname} /tmp/${scriptname}
	#runs a python script you need to before you log in
	python3 /tmp/${scriptname}
	Outputs:
	InstanceId:
	Description: >
	InstanceId of the newly created EC2 instance
	Value:
	Ref: EC2Instance
	Export:
	Name:
	Fn::Sub: "EC2InstanceID"

	PrivateIP:
	Description: >
	Private IP address of the newly created EC2 instance
	Value:
	Fn::GetAtt:
	- EC2Instance
	- PrivateIp
	Export:
	Name:
	Fn::Sub: "EC2PrivateIP"

	SecurityGroupID:
	Description: Security Group ID, can be referenced by other stacks
	Value:
	Ref: SecurityGroup
	Export:
	Name:
	Fn::Sub: "EC2SecurityGroupId"