Metadata: Description: Provides a Confluence Application complete with EC2, ALB, and RDS AWS::CloudFormation::Interface: ParameterGroups: - Label: default: EC2 Instance Configuration Parameters: - InstanceType - KeyName - VPC - InstanceSubnet - Label: default: Operational Configuration Parameters: - ConfluenceFoundationStack - ConfluenceRDSStack Parameters: InstanceType: Type: String Description: The Instance type to use Default: 't2.micro' VPC: Type: 'AWS::EC2::VPC::Id' KeyName: Type: 'AWS::EC2::KeyPair::KeyName' Description: The SSH Keypair for the Confluence Instances InstanceSubnet: Type: 'AWS::EC2::Subnet::Id' Description: The private subnet for the application ConfluenceFoundationStack: Type: String Description: Name of the confluence foundation stack. Default: confluence ConfluenceRDSStack: Type: String Description: Name of the confluence RDS stack. Default: confluence-rds

ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: dev ContactNetidTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. Default: mhirst AccountNumberTag: Type: String Description: Identifies the financial system account number. TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource. Mappings: RegionMap: us-east-1: "AMIID": "ami-c481fad3" us-west-1: "AMIID": "ami-de347abe" us-west-2: "AMIID": "ami-b04e92d0" eu-west-1: "AMIID": "ami-d41d58a7" Resources: InstanceSG: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: 'Allow traffic to Bootstrap Instance' VpcId: !Ref VPC SecurityGroupIngress: - CidrIp: "0.0.0.0/0" IpProtocol: "tcp" FromPort: "22" ToPort: "22" EFSIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: Fn::ImportValue: !Sub "${ConfluenceFoundationStack}-efs-sg" IpProtocol: tcp FromPort: '2049' ToPort: '2049' SourceSecurityGroupId: !Ref InstanceSG DBIngress: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: Fn::ImportValue: !Sub "${ConfluenceRDSStack}-dbsecuritygroup" IpProtocol: tcp FromPort: '3306' ToPort: '3306' SourceSecurityGroupId: !Ref InstanceSG EC2Role: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: s3-access PolicyDocument: Statement: - Effect: Allow Action: - 's3:*' Resource: !Sub - "arn:aws:s3:::${S3Bucket}*" - S3Bucket: Fn::ImportValue: !Sub "${ConfluenceFoundationStack}-confluencebucket" - PolicyName: logs-access PolicyDocument: Statement: - Effect: Allow Action: - 'logs:CreateLogStream' - 'logs:PutLogEvents' Resource: '*' EC2InstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref EC2Role ConfluenceInstance: Type: "AWS::EC2::Instance" Properties: Tags: - Key: Name Value: ConfluenceBootstrap - Key: service Value: !Ref ServiceTag - Key: environment Value: !Ref EnvironmentTag - Key: contactnetid Value: !Ref ContactNetidTag - Key: accountnumber Value: !Ref AccountNumberTag - Key: ticketnumber Value: !Ref TicketNumberTag InstanceType: !Ref InstanceType IamInstanceProfile: !Ref EC2InstanceProfile KeyName : !Ref KeyName ImageId : !FindInMap [ RegionMap, !Ref "AWS::Region" , AMIID ] SecurityGroupIds: - !Ref InstanceSG SubnetId: !Ref InstanceSubnet UserData : Fn::Base64: !Sub - | #!/bin/bash -e yum update -y yum install mysql -y mkdir -p /efs/confluence echo "${efsid}.efs.${AWS::Region}.amazonaws.com:/ /efs/confluence nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab mount -a -t nfs4 - efsid: Fn::ImportValue: !Sub "${ConfluenceFoundationStack}-fs-id" Outputs: ConfluenceInstance: Description: Private IP Address Value: !GetAtt ConfluenceInstance.PrivateIp