cf_ecs_ec2_basic.yaml
---

EC2 Basic CloudFormation Deployment

This CloudFormation template will deploy a single EC2 instance with its own security group.

AWSTemplateFormatVersion: "2010-09-09"

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

HostName to be used in tagging the EC2 instance.

HostName: Type: String Description: "Enter the name of the host or service, ie 'Civil Engineering Structures App', or 'UITS Cloud Services Testing', etc."

SSH Key Pair to be used on the application EC2 instances for emergency administrative access.

KeyName: Description: Amazon EC2 Key Pair Type: AWS::EC2::KeyPair::KeyName

VPCID is the ID of the VPC where this template will be deployed.

VPCID: Description: Target VPC Type: AWS::EC2::VPC::Id InstanceSubnet: Description: Private Subnet Type: AWS::EC2::Subnet::Id AssignPublicIP: Description: Only assign a Public IP for instanes in Public Subnets Type: String Default: False AllowedValues: - True - False

Default EC2 Instance Type for Application instances.

InstanceType: Description: "EC2 Instance Type" Type: String Default: "t3.micro" AllowedValues: - "t3.micro" - "t3.medium" - "m5.large" AmazonLinuxAmi: Type : AWS::SSM::Parameter::Value<String> Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Description: Amazon Linux Latest AMI ID AllowedValues: - /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

Tags

The following tags are applied to all resources created by this template.

ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: dev ContactNetidTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. AccountNumberTag: Type: String Description: Identifies the financial system account number. TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource.

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Instance Settings Parameters: - HostName - InstanceType - KeyName - VPCID - InstanceSubnet - AssignPublicIP - Label: default: Tags Parameters: - ServiceTag - EnvironmentTag - ContactNetidTag - AccountNumberTag - TicketNumberTag ParameterLabels: ServiceTag: default: "Service Name:" EnvironmentTag: default: 'Environment Type:' ContactNetidTag: default: 'Contact NetID:' AccountNumberTag: default: 'Financial Account Number:' TicketNumberTag: default: 'Ticket Number:' Conditions: AssignPublicIPCondition: !Equals [!Ref AssignPublicIP, "True"]

Resources

This is the EC2 instance deployed by the template.

Resources:

EC2 Instance

Deploys the EC2 instance with some tags.

Ec2Instance: Type: "AWS::EC2::Instance" Properties: ImageId: !Ref AmazonLinuxAmi KeyName: !Ref KeyName InstanceType: !Ref InstanceType IamInstanceProfile: !Ref EnvInstanceProfile NetworkInterfaces: - DeviceIndex: "0" GroupSet: - !Ref InstanceSecurityGroup SubnetId: !Ref InstanceSubnet AssociatePublicIpAddress: !If [AssignPublicIPCondition, true, !Ref "AWS::NoValue"] Tags: - Key: "Name" Value: !Ref "HostName" - Key: service Value: !Ref ServiceTag - Key: environment Value: !Ref EnvironmentTag - Key: contactnetid Value: !Ref ContactNetidTag - Key: accountnumber Value: !Ref AccountNumberTag - Key: ticketnumber Value: !Ref TicketNumberTag UserData: Fn::Base64: !Sub | #!/bin/bash -e

Basic Updates

sudo yum update -y sudo yum install -y git vim telnet

Make sure the AWS cli is up to date

sudo pip install awscli --upgrade

Instance Security Group

Security group for the EC2 instance, that allows you to SSH into the instance

InstanceSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: "Allow ssh to client host" VpcId: !Ref "VPCID" SecurityGroupIngress: - IpProtocol: "tcp" FromPort: 22 ToPort: 22 CidrIp: "0.0.0.0/0" Tags: - Key: "Name" Value: !Sub "${HostName} Security Group" - Key: service Value: !Ref ServiceTag - Key: environment Value: !Ref EnvironmentTag - Key: contactnetid Value: !Ref ContactNetidTag - Key: accountnumber Value: !Ref AccountNumberTag - Key: ticketnumber Value: !Ref TicketNumberTag

Instance Role

This is the IAM role that will be applied to the EC2 Instance. Any AWS specific permissions that the node might need should be defined here.

EnvInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com - ssm.amazonaws.com Action: - sts:AssumeRole Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM

Instance Profile

This is just a little construct to connect a set of roles together into a profile. The profile is referenced by the EC2 Instance.

EnvInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref EnvInstanceRole

Outputs

Output values that can be viewed from the AWS CloudFormation console.

Outputs: InstancePublicIP: Condition: AssignPublicIPCondition Description: "The Public IP address of the instance" Value: !GetAtt Ec2Instance.PublicIp InstancePrivateIP: Description: "The Private IP address of the instance" Value: !GetAtt Ec2Instance.PrivateIp InstanceID: Description: "The Instance ID" Value: !Ref "Ec2Instance"