Created
October 20, 2023 19:26
-
-
Save tohutohu/412f0cf45de6090d08ab5afeebad3400 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: >- | |
| AWS CloudFormation for Carefully start ISUCON from the beginning | |
| Parameters: | |
| GitHubID: | |
| Type: String | |
| Description: Your GitHub ID (use for getting public key) | |
| Resources: | |
| GetAvailabilityZoneFunctionExecutionRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - lambda.amazonaws.com | |
| Action: | |
| - sts:AssumeRole | |
| Path: "/" | |
| Policies: | |
| - PolicyName: GetAvailabilityZoneFunctionPolicy | |
| PolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - ec2:DescribeAvailabilityZones | |
| Resource: "*" | |
| GetAvailabilityZoneFunction: | |
| Type: AWS::Lambda::Function | |
| Properties: | |
| Code: | |
| ZipFile: | | |
| import cfnresponse | |
| import boto3 | |
| def handler(event, context): | |
| if event['RequestType'] == "Create": | |
| ec2 = boto3.client('ec2') | |
| response = ec2.describe_availability_zones( | |
| ZoneIds = ['apne1-az4'] | |
| ) | |
| ZoneName = response['AvailabilityZones'][0]['ZoneName'] | |
| cfnresponse.send(event, context, cfnresponse.SUCCESS, {"ZoneName" : ZoneName}) | |
| elif event['RequestType'] == "Update": | |
| cfnresponse.send(event, context, cfnresponse.SUCCESS, {}) | |
| elif event['RequestType'] == "Delete": | |
| cfnresponse.send(event, context, cfnresponse.SUCCESS, {}) | |
| Handler: index.handler | |
| Runtime: python3.8 | |
| Timeout: 30 | |
| Role: !GetAtt GetAvailabilityZoneFunctionExecutionRole.Arn | |
| GetAvailabilityZone: | |
| Type: Custom::PythonLambdaExecution | |
| Properties: | |
| ServiceToken: !GetAtt GetAvailabilityZoneFunction.Arn | |
| VPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: "192.168.0.0/16" | |
| EnableDnsSupport: "true" | |
| EnableDnsHostnames: "true" | |
| InstanceTenancy: default | |
| InternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| InternetGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| InternetGatewayId: !Ref InternetGateway | |
| VpcId: !Ref VPC | |
| Subnet: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| AvailabilityZone: !GetAtt GetAvailabilityZone.ZoneName | |
| CidrBlock: "192.168.0.0/24" | |
| VpcId: !Ref VPC | |
| MapPublicIpOnLaunch: False | |
| RouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref VPC | |
| Route: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref RouteTable | |
| DestinationCidrBlock: "0.0.0.0/0" | |
| GatewayId: !Ref InternetGateway | |
| SubnetRouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| SubnetId: !Ref Subnet | |
| RouteTableId: !Ref RouteTable | |
| SecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| VpcId: !Ref VPC | |
| GroupDescription: Security Group for Carefully start ISUCON from the beginning | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| FromPort: "22" | |
| ToPort: "22" | |
| CidrIp: "0.0.0.0/0" | |
| - IpProtocol: tcp | |
| FromPort: "443" | |
| ToPort: "443" | |
| CidrIp: "0.0.0.0/0" | |
| - IpProtocol: -1 | |
| CidrIp: "192.168.0.0/24" | |
| InstanceRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - ec2.amazonaws.com | |
| Action: | |
| - sts:AssumeRole | |
| Path: "/" | |
| Policies: | |
| - PolicyName: IsuconEC2InstancePolicy | |
| PolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - ec2:DescribeInstances | |
| - ec2:DescribeVolumes | |
| - ec2:DescribeNetworkInterfaces | |
| - ec2:DescribeSecurityGroups | |
| - ec2:DescribeAvailabilityZones | |
| Resource: "*" | |
| InstanceProfile: | |
| Type: AWS::IAM::InstanceProfile | |
| Properties: | |
| Path: "/" | |
| Roles: | |
| - !Ref InstanceRole | |
| QualifyInstance1: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: ami-0796be4f4814fc3d5 | |
| InstanceType: c5.large | |
| SecurityGroupIds: | |
| - !Ref SecurityGroup | |
| SubnetId: !Ref Subnet | |
| PrivateIpAddress: "192.168.0.11" | |
| IamInstanceProfile: | |
| !Ref InstanceProfile | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/sda1 | |
| Ebs: | |
| VolumeSize: 20 | |
| VolumeType: gp3 | |
| Tags: | |
| - Key: Name | |
| Value: isucon11-qualify-1 | |
| UserData: | |
| Fn::Base64: | |
| !Sub | | |
| #cloud-config | |
| runcmd: | |
| - 'curl --retry 5 --retry-connrefused --max-time 10 --connect-timeout 5 "https://github.com/${GitHubID}.keys" | sudo -u isucon sh -c "umask 077; cat > /home/isucon/.ssh/authorized_keys"' | |
| QualifyInstanceIP1: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| InstanceId: !Ref QualifyInstance1 | |
| QualifyInstance2: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: ami-0796be4f4814fc3d5 | |
| InstanceType: c5.large | |
| SecurityGroupIds: | |
| - !Ref SecurityGroup | |
| SubnetId: !Ref Subnet | |
| PrivateIpAddress: "192.168.0.12" | |
| IamInstanceProfile: | |
| !Ref InstanceProfile | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/sda1 | |
| Ebs: | |
| VolumeSize: 20 | |
| VolumeType: gp3 | |
| Tags: | |
| - Key: Name | |
| Value: isucon11-qualify-2 | |
| UserData: | |
| Fn::Base64: | |
| !Sub | | |
| #cloud-config | |
| runcmd: | |
| - 'curl --retry 5 --retry-connrefused --max-time 10 --connect-timeout 5 "https://github.com/${GitHubID}.keys" | sudo -u isucon sh -c "umask 077; cat > /home/isucon/.ssh/authorized_keys"' | |
| QualifyInstanceIP2: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| InstanceId: !Ref QualifyInstance2 | |
| QualifyInstance3: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: ami-0796be4f4814fc3d5 | |
| InstanceType: c5.large | |
| SecurityGroupIds: | |
| - !Ref SecurityGroup | |
| SubnetId: !Ref Subnet | |
| PrivateIpAddress: "192.168.0.13" | |
| IamInstanceProfile: | |
| !Ref InstanceProfile | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/sda1 | |
| Ebs: | |
| VolumeSize: 20 | |
| VolumeType: gp3 | |
| Tags: | |
| - Key: Name | |
| Value: isucon11-qualify-3 | |
| UserData: | |
| Fn::Base64: | |
| !Sub | | |
| #cloud-config | |
| runcmd: | |
| - 'curl --retry 5 --retry-connrefused --max-time 10 --connect-timeout 5 "https://github.com/${GitHubID}.keys" | sudo -u isucon sh -c "umask 077; cat > /home/isucon/.ssh/authorized_keys"' | |
| QualifyInstanceIP3: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| InstanceId: !Ref QualifyInstance3 | |
| BenchmarkerInstance: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| ImageId: ami-0796be4f4814fc3d5 | |
| InstanceType: c4.xlarge | |
| SecurityGroupIds: | |
| - !Ref SecurityGroup | |
| SubnetId: !Ref Subnet | |
| PrivateIpAddress: "192.168.0.10" | |
| IamInstanceProfile: | |
| !Ref InstanceProfile | |
| BlockDeviceMappings: | |
| - DeviceName: /dev/sda1 | |
| Ebs: | |
| VolumeSize: 20 | |
| VolumeType: gp3 | |
| Tags: | |
| - Key: Name | |
| Value: isucon11-benchmarker | |
| UserData: | |
| Fn::Base64: | |
| !Sub | | |
| #cloud-config | |
| runcmd: | |
| - 'curl --retry 5 --retry-connrefused --max-time 10 --connect-timeout 5 "https://github.com/${GitHubID}.keys" | sudo -u isucon sh -c "umask 077; cat > /home/isucon/.ssh/authorized_keys"' | |
| BenchmarkerInstanceIP: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| InstanceId: !Ref BenchmarkerInstance |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment