AWSTemplateFormatVersion: '2010-09-09'

Parameters: #Cloudformation template name that contains Security Groups SecurityGroupCloudFormationName: Description: CloudFormation Security Group Name Type: String Default: "PeopleSoftSG"

HostName: Type: String Description: Enter the name of the host or service, ie 'ps-deployer', etc. Default: "ps-deployer"

KeyName: Description: Amazon EC2 Key Pair Type: AWS::EC2::KeyPair::KeyName Default: "peoplesoft-keypair"

AvailabilityZone: Description: Availabilty Zone of Selected Subnet Type: AWS::EC2::AvailabilityZone::Name Default: "us-west-2a"

HostedZoneName: Description: Availabilty Zone of Selected Subnet Type: String Default: "ps-nonprod-aws.arizona.edu"

ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. Default: "Uaccess Learning" EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: "dev" ContactNetIdTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. Default: "kellehs" AccountNumberTag: Type: String Description: Identifies the financial system account number. Default: "Human Resources Systems" SubAccountTag: Description: Identifies the financial system subaccount number Type: String Default: "Uaccess Learning" TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource. Default: "CLOUD-15" CreatedByTag: Type: String Description: Created by Tag Default: "kellehs"

Ec2Instance: Type: AWS::EC2::Instance Properties: ImageId: ami-7172b611 KeyName: !Ref KeyName InstanceType: t2.small AvailabilityZone: !Ref AvailabilityZone IamInstanceProfile: !Ref InstanceProfile NetworkInterfaces: - AssociatePublicIpAddress: "false" DeviceIndex: "0" SubnetId: Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-PrivSubNet1" GroupSet: - Fn::ImportValue: !Sub "${SecurityGroupCloudFormationName}-SshSg" UserData: Fn::Base64: !Sub | #!/bin/bash sudo yum update -y sudo yum install -y git vim telnet sudo pip install awscli --upgrade git clone https://bitbucket.org/ua-ecs/service-catalog.git /home/ec2-user/git/service-catalog chown -R ec2-user /home/ec2-user/git/service-catalog/ wget -qP /usr/local/bin https://stedolan.github.io/jq/download/linux64/jq chmod +x /usr/local/bin/jq Tags: - Key: Name Value: !Ref HostName - Key: service Value: !Ref ServiceTag - Key: environment Value: !Ref EnvironmentTag - Key: contactnetid Value: !Ref ContactNetIdTag - Key: accountnumber Value: !Ref AccountNumberTag - Key: subaccount Value: !Ref SubAccountTag - Key: ticketnumber Value: !Ref TicketNumberTag - Key: createdby Value: !Ref CreatedByTag

InstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: "/" Policies: - PolicyName: deployment-access PolicyDocument: Version: '2012-10-17' Statement: - Sid: StmtAllowPassRole Effect: Allow Action: - iam:PassRole Resource:

- !ImportValue fdn-iam-cloudformation-deployer-role-arn - Sid: DeployerAction Effect: Allow Action: - cloudformation:* - elasticloadbalancing:* - S3:* - ecs:* - ec2:* - ssm:* - rds:* - logs:* - iam:ListAccountAliases Resource: - "*"

InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref InstanceRole #DNS Record for EC2 Instance DeployerDnsRecord: Type: AWS::Route53::RecordSet Properties: HostedZoneName: !Sub "${HostedZoneName}." Name: !Sub "${HostName}.${HostedZoneName}." Type: A TTL: '900' ResourceRecords: - !GetAtt Ec2Instance.PrivateIp

Outputs: InstancePrivateIP: Description: The Private IP address of the instance Value: !GetAtt Ec2Instance.PrivateIp InstanceID: Description: The Instance ID Value: !Ref Ec2Instance