{"id":156,"date":"2018-10-29T13:57:45","date_gmt":"2018-10-29T10:57:45","guid":{"rendered":"https:\/\/artem.services\/?p=156"},"modified":"2019-03-12T18:04:55","modified_gmt":"2019-03-12T15:04:55","slug":"cloudformation-vpc-sg-ec2-instance-s3-bucket-iam","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=156","title":{"rendered":"CloudFormation — VPC, SG, Gateway, EC2 Instance, S3 Bucket, IAM"},"content":{"rendered":"

\"\"<\/p>\n

\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 CloudFormation<\/strong>, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 VPC<\/strong>, Gateway<\/strong>, Security Group<\/strong>, EC2 Instance<\/strong>, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e IAM<\/strong> \u0440\u043e\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u043c S3 Bucket<\/strong>, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438 \u043d\u0435\u043c \u043b\u0435\u0436\u0438\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 EC2 Instance<\/strong>. \u041f\u0440\u0438\u043c\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f UserData<\/strong> \u0432 EC2 Instance<\/strong><\/p>\n

<\/p>\n

\r\nAWSTemplateFormatVersion: "2010-09-09"\r\nDescription: 'Auto create VPC with instance'\r\n\r\n########################################### BLOCK WITH ENVIRONMENTS ###########################################\r\nParameters:\r\n\r\n  ProjectName:\r\n    Type: String\r\n    Default: Test-VPC\r\n    Description: Name of project.\r\n\r\n  VpcBlock:\r\n    Type: String\r\n    Default: 192.168.0.0\/16\r\n    Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range.\r\n\r\n  SubNetwork01:\r\n    Type: String\r\n    Default: 192.168.1.0\/24\r\n    Description: CIDR block for subnetwork 01 (part from pool VPC Block).\r\n\r\n  SSHKeyName:\r\n    Type: String\r\n    Default: artem-aws-key\r\n    Description: Name of SSH key.\r\n\r\n  Image:\r\n    Type: String\r\n    Default: ami-0ff8a91507f77f867\r\n    Description: Image for instance (Default - Amazon Linux, if you changes it, you must check Instance UserData)\r\n\r\n  Region:\r\n    Type: String\r\n    Default: us-east-1b\r\n    Description: Region (Default - U.S. Virginia)\r\n\r\n  Bucket:\r\n    Type: String\r\n    Default: private-s3-bucket\r\n    Description: Name of Bucket\r\n\r\n  AIMRoleName:\r\n    Type: String\r\n    Default: artem-s3\r\n    Description: Name of AIM role\r\n    ConstraintDescription: (read permission from S3 Bucket)\r\n\r\n############################################# BLOCK WITH NETWORK  #############################################\r\n\r\nResources:\r\n  VPC:\r\n    Type: AWS::EC2::VPC\r\n    Properties:\r\n      CidrBlock: !Ref VpcBlock\r\n      EnableDnsSupport: true\r\n      EnableDnsHostnames: true\r\n\r\n  InternetGateway:\r\n    Type: AWS::EC2::InternetGateway\r\n\r\n  VPCGatewayAttachment:\r\n    Type: "AWS::EC2::VPCGatewayAttachment"\r\n    Properties:\r\n      InternetGatewayId: !Ref InternetGateway\r\n      VpcId: !Ref VPC\r\n\r\n  RouteTable:\r\n    Type: AWS::EC2::RouteTable\r\n    Properties:\r\n      VpcId: !Ref VPC\r\n      Tags:\r\n      - Key: Name\r\n        Value: Public Subnets\r\n      - Key: Network\r\n        Value: Public\r\n\r\n  Route:\r\n    DependsOn: VPCGatewayAttachment\r\n    Type: AWS::EC2::Route\r\n    Properties:\r\n      RouteTableId: !Ref RouteTable\r\n      DestinationCidrBlock: 0.0.0.0\/0\r\n      GatewayId: !Ref InternetGateway\r\n\r\n### IF YOU NEED MORE, THAT ONE SUBNET, DUPLICATE BLOCK BELOW WITH OTHER NAME AND ADD CIDR BLOCK FOR IT\r\n\r\n  SubNet01:\r\n    Type: AWS::EC2::Subnet\r\n    Properties:\r\n      CidrBlock: !Ref SubNetwork01\r\n      VpcId: !Ref VPC\r\n      AvailabilityZone: !Ref Region\r\n\r\n  Subnet01RouteTableAssociation:\r\n    Type: AWS::EC2::SubnetRouteTableAssociation\r\n    Properties:\r\n      SubnetId: !Ref SubNet01\r\n      RouteTableId: !Ref RouteTable\r\n\r\n########################################## BLOCK WITH SECURITY GROUP  #########################################\r\n\r\n  InstanceSecurityGroup:\r\n    Type: AWS::EC2::SecurityGroup\r\n    Properties:\r\n      GroupName: !Ref ProjectName\r\n      GroupDescription: !Ref ProjectName\r\n      VpcId: !Ref VPC\r\n      SecurityGroupIngress:\r\n        - IpProtocol: tcp\r\n          FromPort: 22\r\n          ToPort: 22\r\n          CidrIp: 0.0.0.0\/0\r\n          Description: SSH\r\n        - IpProtocol: tcp\r\n          FromPort: 80\r\n          ToPort: 80\r\n          CidrIp: 0.0.0.0\/0\r\n          Description: HTTP\r\n\r\n  InstanceProfile:\r\n    Type: AWS::IAM::InstanceProfile\r\n    Properties:\r\n      Path: \/\r\n      Roles: \r\n      - !Ref AIMRoleName\r\n\r\n########################################## BLOCK WITH EC2 INSTANCES  ##########################################\r\n\r\n  Ec2Instance:\r\n    Type: AWS::EC2::Instance\r\n    Metadata:\r\n      AWS::CloudFormation::Authentication:\r\n        rolebased:\r\n          type: "S3"\r\n          buckets:\r\n          - !Ref AIMRoleName\r\n          roleName:\r\n          - !Ref AIMRoleName\r\n    Properties:\r\n      IamInstanceProfile: !Ref InstanceProfile\r\n      ImageId: !Ref Image\r\n      InstanceType: t2.micro\r\n      KeyName: !Ref SSHKeyName\r\n      BlockDeviceMappings:\r\n        -\r\n          DeviceName: \/dev\/sdm\r\n          Ebs:\r\n            VolumeType: io1\r\n            Iops: 200\r\n            DeleteOnTermination: true\r\n            VolumeSize: 20\r\n      NetworkInterfaces:\r\n        -\r\n          AssociatePublicIpAddress: true\r\n          DeleteOnTermination: true\r\n          DeviceIndex: 0\r\n          SubnetId: !Ref SubNet01\r\n          GroupSet:\r\n          - !Ref InstanceSecurityGroup\r\n      UserData:\r\n        Fn::Base64: !Sub |\r\n          #!\/bin\/bash -x\r\n          \/opt\/aws\/bin\/cfn-init -v --stack ${AWS::StackName} --resource Ec2Instance --region ${AWS::Region}\r\n          \/opt\/aws\/bin\/cfn-signal -e $? --stack ${AWS::StackName} --resource Ec2Instance --region ${AWS::Region}\r\n          aws s3 cp s3:\/\/private-s3-bucket\/my_script.sh \/tmp\/my_script.sh\r\n          chmod +x \/tmp\/my_script.sh\r\n          \/tmp\/my_script.sh\r\n\r\n###############################################################################################################\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 CloudFormation, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 VPC, Gateway, Security Group, EC2 Instance, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442 \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e IAM \u0440\u043e\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0432 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u043e\u043c S3 Bucket, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438 \u043d\u0435\u043c \u043b\u0435\u0436\u0438\u0442 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 EC2 Instance. \u041f\u0440\u0438\u043c\u0435\u0440 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f UserData \u0432 EC2 Instance<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[24],"tags":[34,25,29,33,31,35,32,30],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/156"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=156"}],"version-history":[{"count":11,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/156\/revisions"}],"predecessor-version":[{"id":888,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/156\/revisions\/888"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}