-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yml
110 lines (107 loc) · 4.52 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
AWSTemplateFormatVersion: 2010-09-09
Conditions:
UseSubnet: !Not [!Equals [!Ref "SubnetId", subnet-none]]
IsBurstableInstanceType:
!Equals [!Select [0, !Split [".", !Ref InstanceType]], t3]
Transform:
- AWS::CodeStar
Parameters:
ProjectId:
Type: String
Description: AWS CodeStar project ID used to name project resources and create roles.
InstanceType:
Type: String
Description: The type of Amazon EC2 Linux instances that will be launched for this project.
WebAppInstanceProfile:
Type: String
Description: The IAM role that will be created for the Amazon EC2 Linux instances.
ImageId:
Type: String
Description: The Amazon EC2 Linux instance Amazon Machine Image (AMI), which designates the configuration of the new instance.
KeyPairName:
Type: String
Description: The name of an existing Amazon EC2 key pair in the region where the project is created, which you can use to SSH into the new Amazon EC2 Linux instances.
VpcId:
Type: String
Description: The ID of the Amazon Virtual Private Cloud (VPC) to use for Amazon EC2 instances.
SubnetId:
Type: String
Description: The name of the VPC subnet to use for Amazon EC2 instances launched for this project.
Stage:
Type: String
Description: The name for a project pipeline stage, such as Staging or Prod, for which resources are provisioned and deployed.
Default: ""
Resources:
WebApp01LaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateData:
MetadataOptions:
HttpTokens: required
WebApp01:
Description: The installation and configuration commands this project will use to create instances that support this sample web application.
Properties:
CreditSpecification:
CPUCredits:
!If [IsBurstableInstanceType, unlimited, !Ref "AWS::NoValue"]
IamInstanceProfile: !Ref "WebAppInstanceProfile"
ImageId: !Ref "ImageId"
InstanceType: !Ref "InstanceType"
KeyName: !Ref "KeyPairName"
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref "WebAppSG"
SubnetId: !If
- UseSubnet
- !Ref "SubnetId"
- !Ref "AWS::NoValue"
Tags:
- Key: Environment
Value: !Sub "${ProjectId}-WebApp${Stage}"
- Key: Name
Value: !Sub "${ProjectId}-WebApp${Stage}"
LaunchTemplate:
LaunchTemplateId: !Ref "WebApp01LaunchTemplate"
Version: !GetAtt "WebApp01LaunchTemplate.LatestVersionNumber"
UserData:
Fn::Base64:
Fn::Sub: |
#!/bin/bash -ex
# Install Ruby
amazon-linux-extras install ruby2.6 -y
mkdir -p /home/ec2-user/.metadata
rm -f /home/ec2-user/.metadata/projectid
echo ${ProjectId} >> /home/ec2-user/.metadata/projectid
# Install the AWS CodeDeploy Agent
cd /home/ec2-user/
wget https://aws-codedeploy-${AWS::Region}.s3.amazonaws.com/releases/codedeploy-agent-1.4.0-2218.noarch.rpm
yum -y install codedeploy-agent-1.4.0-2218.noarch.rpm
# Install the Amazon CloudWatch Logs Agent
yum install -y awslogs-1.1.4
wget https://s3.amazonaws.com/aws-codedeploy-us-east-1/cloudwatch/codedeploy_logs.conf
mkdir -p /var/awslogs/etc/config
cp codedeploy_logs.conf /var/awslogs/etc/config/
sed -i 's/us-east-1/${AWS::Region}/g' /etc/awslogs/awscli.conf
# Start the service logs
sudo systemctl start awslogsd
token=$(curl --silent --show-error --retry 3 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
id=$(curl --silent --show-error --retry 3 -H "X-aws-ec2-metadata-token: $token" http://169.254.169.254/latest/meta-data/instance-id)
aws ec2 modify-instance-metadata-options --instance-id $id --http-tokens required --http-endpoint enabled --region ${AWS::Region}
Type: AWS::EC2::Instance
WebAppSG:
Description: The default Amazon EC2 security group that will be created for the Amazon EC2 Linux instances.
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22.
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
CidrIp: 0.0.0.0/0
VpcId: !Ref "VpcId"