diff --git a/05-ec2/ec2-5-1-2.yaml b/05-ec2/ec2-5-1-2.yaml new file mode 100644 index 00000000..40384be3 --- /dev/null +++ b/05-ec2/ec2-5-1-2.yaml @@ -0,0 +1,43 @@ +"AWSTemplateFormatVersion": "2010-09-09" + +Parameters: + WindowsAmi: + Type: String + LinuxAmi: + Type: String + instancetype: + Type: String + +Resources: + MyLaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Properties: + LaunchTemplateData: + KeyName: fidelis + InstanceType: !Ref instancetype + TagSpecifications: + - ResourceType: instance + Tags: + - Key: user + Value: fidelis.ogunsanmi.labs + - Key: "stelligent-u-lesson" + Value: "5" + + + MyWindowsInstance: + Type: AWS::EC2::Instance + Properties: + ImageId: !Ref WindowsAmi + AvailabilityZone: us-west-1a + LaunchTemplate: + LaunchTemplateId: !Ref MyLaunchTemplate + Version: "1" + + MyLinuxInstance: + Type: AWS::EC2::Instance + Properties: + ImageId: !Ref LinuxAmi + AvailabilityZone: us-west-1a + LaunchTemplate: + LaunchTemplateId: !Ref MyLaunchTemplate + Version: "1" \ No newline at end of file diff --git a/05-ec2/ec2-5-2-1.yaml b/05-ec2/ec2-5-2-1.yaml new file mode 100644 index 00000000..eba4ffe3 --- /dev/null +++ b/05-ec2/ec2-5-2-1.yaml @@ -0,0 +1,59 @@ +"AWSTemplateFormatVersion": "2010-09-09" + +Parameters: + WindowsAmi: + Type: String + LinuxAmi: + Type: String + instancetype: + Type: String + +Resources: + + MySecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: "Allen F Lab 5 SG" + GroupName: sglab521 + SecurityGroupIngress: + - IpProtocol: icmp + FromPort: 8 + ToPort: 0 + CidrIp: 0.0.0.0/0 + + MyLaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Properties: + LaunchTemplateData: + InstanceType: !Ref instancetype + SecurityGroupIds: + - !GetAtt MySecurityGroup.GroupId + TagSpecifications: + - ResourceType: instance + Tags: + - Key: user + Value: fidelis.ogunsanmi.labs + - Key: "stelligent-u-lesson" + Value: "5" + + MyLinuxInstance: + Type: AWS::EC2::Instance + Properties: + ImageId: !Ref LinuxAmi + AvailabilityZone: us-west-1a + LaunchTemplate: + LaunchTemplateId: !Ref MyLaunchTemplate + Version: "1" + + MyEIP: + Type: AWS::EC2::EIP + Properties: + Domain: vpc + InstanceId: !Ref MyLinuxInstance52 + +Outputs: + EIP: + Description: "Public IP for Instance" + Value: !Ref MyEIP + Export: + Name: !Join ['', [!Ref "AWS::StackName", "-EIP" ]] \ No newline at end of file diff --git a/05-ec2/ec2-5-2-2.yaml b/05-ec2/ec2-5-2-2.yaml new file mode 100644 index 00000000..9160d1ce --- /dev/null +++ b/05-ec2/ec2-5-2-2.yaml @@ -0,0 +1,63 @@ +"AWSTemplateFormatVersion": "2010-09-09" + +Parameters: + WindowsAmi: + Type: String + LinuxAmi: + Type: String + instancetype: + Type: String + +Resources: + + MySecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: "Allen F Lab 5 SG" + GroupName: sglab521 + SecurityGroupIngress: + - IpProtocol: icmp + FromPort: 8 + ToPort: 0 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + + MyLaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Properties: + LaunchTemplateData: + InstanceType: !Ref instancetype + SecurityGroupIds: + - !GetAtt MySecurityGroup.GroupId + TagSpecifications: + - ResourceType: instance + Tags: + - Key: user + Value: fidelis.ogunsanmi.labs + - Key: "stelligent-u-lesson" + Value: "5" + + MyLinuxInstance: + Type: AWS::EC2::Instance + Properties: + ImageId: !Ref LinuxAmi + AvailabilityZone: us-west-1a + LaunchTemplate: + LaunchTemplateId: !Ref MyLaunchTemplate + Version: "1" + + MyEIP: + Type: AWS::EC2::EIP + Properties: + Domain: vpc + InstanceId: !Ref MyLinuxInstance52 + +Outputs: + EIP: + Description: "Public IP for Instance" + Value: !Ref MyEIP + Export: + Name: !Join ['', [!Ref "AWS::StackName", "-EIP" ]] \ No newline at end of file diff --git a/05-ec2/ec2-5-3-2.yaml b/05-ec2/ec2-5-3-2.yaml new file mode 100644 index 00000000..889ef965 --- /dev/null +++ b/05-ec2/ec2-5-3-2.yaml @@ -0,0 +1,77 @@ +"AWSTemplateFormatVersion": "2010-09-09" + +Parameters: + WindowsAmi: + Type: String + LinuxAmi: + Type: String + instancetype: + Type: String + +Resources: + + MySecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: "Allen F Lab 5 SG" + GroupName: sglab521 + SecurityGroupIngress: + - IpProtocol: icmp + FromPort: 8 + ToPort: 0 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + + MyLaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Properties: + LaunchTemplateData: + InstanceType: !Ref instancetype + SecurityGroupIds: + - !GetAtt MySecurityGroup.GroupId + TagSpecifications: + - ResourceType: instance + Tags: + - Key: user + Value: fidelis.ogunsanmi.labs + - Key: "stelligent-u-lesson" + Value: "5" + UserData: + Fn::Base64: + !Sub | + #!/bin/bash + apt-get update -y + apt-get install -y python-pip + apt-get install -y wget + wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -O /tmp/amazon-cloudwatch-agent.deb + dpkg -i /tmp/amazon-cloudwatch-agent.deb + easy_install --script-dir /opt/aws/bin https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz + /opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} --configsets default + /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} + + + + MyLinuxInstance: + Type: AWS::EC2::Instance + Properties: + ImageId: !Ref LinuxAmi + AvailabilityZone: us-west-1a + LaunchTemplate: + LaunchTemplateId: !Ref MyLaunchTemplate + Version: "1" + + MyEIP: + Type: AWS::EC2::EIP + Properties: + Domain: vpc + InstanceId: !Ref MyLinuxInstance52 + +Outputs: + EIP: + Description: "Public IP for Instance" + Value: !Ref MyEIP + Export: + Name: !Join ['', [!Ref "AWS::StackName", "-EIP" ]] \ No newline at end of file diff --git a/05-ec2/ec2-5-3-3.yaml b/05-ec2/ec2-5-3-3.yaml new file mode 100644 index 00000000..6a0e2af0 --- /dev/null +++ b/05-ec2/ec2-5-3-3.yaml @@ -0,0 +1,146 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'Template to install CloudWatchAgent on amazon linux. It was validated on amazon linux 2' +Parameters: + + instancetype: + Type: String + + LinuxAmi: + Type: String + + IAMRole: + Description: EC2 attached IAM role + Type: String + Default: CloudWatchAgentAdminRole + + SSHLocation: + Description: The IP address range that can be used to SSH to the EC2 instances + Type: String + MinLength: '9' + MaxLength: '18' + Default: 0.0.0.0/0 + AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) + ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. + +Resources: + EC2Instance: + Type: AWS::EC2::Instance + Metadata: + AWS::CloudFormation::Init: + configSets: + default: + - 01_setupCfnHup + - 02_config-amazon-cloudwatch-agent + - 03_restart_amazon-cloudwatch-agent + UpdateEnvironment: + - 02_config-amazon-cloudwatch-agent + - 03_restart_amazon-cloudwatch-agent + # Definition of json configuration of AmazonCloudWatchAgent, you can change the configuration below. + 02_config-amazon-cloudwatch-agent: + files: + '/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json': + content: !Sub | + { + "metrics": { + "append_dimensions": { + "AutoScalingGroupName": "${!aws:AutoScalingGroupName}", + "ImageId": "${!aws:ImageId}", + "InstanceId": "${!aws:InstanceId}", + "InstanceType": "${!aws:InstanceType}" + }, + "metrics_collected": { + "mem": { + "measurement": [ + "mem_used_percent" + ] + }, + "swap": { + "measurement": [ + "swap_used_percent" + ] + } + } + } + } + # Invoke amazon-cloudwatch-agent-ctl to restart the AmazonCloudWatchAgent. + 03_restart_amazon-cloudwatch-agent: + commands: + 01_stop_service: + command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a stop + 02_start_service: + command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s + # Cfn-hup setting, it is to monitor the change of metadata. + # When there is change in the contents of json file in the metadata section, cfn-hup will call cfn-init to restart the AmazonCloudWatchAgent. + 01_setupCfnHup: + files: + '/etc/cfn/cfn-hup.conf': + content: !Sub | + [main] + stack=${AWS::StackId} + region=${AWS::Region} + interval=1 + mode: '000400' + owner: root + group: root + '/etc/cfn/hooks.d/amazon-cloudwatch-agent-auto-reloader.conf': + content: !Sub | + [cfn-auto-reloader-hook] + triggers=post.update + path=Resources.EC2Instance.Metadata.AWS::CloudFormation::Init.02_config-amazon-cloudwatch-agent + action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} --configsets UpdateEnvironment + runas=root + mode: '000400' + owner: root + group: root + "/lib/systemd/system/cfn-hup.service": + content: !Sub | + [Unit] + Description=cfn-hup daemon + [Service] + Type=simple + ExecStart=/opt/aws/bin/cfn-hup + Restart=always + [Install] + WantedBy=multi-user.target + commands: + 01enable_cfn_hup: + command: !Sub | + systemctl enable cfn-hup.service + 02start_cfn_hup: + command: !Sub | + systemctl start cfn-hup.service + + Properties: + InstanceType: !Ref instancetype + IamInstanceProfile: !Ref IAMRole + KeyName: fidelis + ImageId: !Ref LinuxAmi + SecurityGroupIds: + - !GetAtt MySecurityGroup.GroupId + UserData: + Fn::Base64: + !Sub | + #!/bin/bash + apt-get update -y + apt-get install -y python-pip + apt-get install -y wget + wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb -O /tmp/amazon-cloudwatch-agent.deb + dpkg -i /tmp/amazon-cloudwatch-agent.deb + easy_install --script-dir /opt/aws/bin https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz + /opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} --configsets default + /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} + + CreationPolicy: + ResourceSignal: + Count: 1 + Timeout: "PT15M" + + MySecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: Enable SSH access via port 22 + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref SSHLocation \ No newline at end of file diff --git a/05-ec2/exec.sh b/05-ec2/exec.sh new file mode 100755 index 00000000..af46e8a5 --- /dev/null +++ b/05-ec2/exec.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +PROFILE="labmfa" +STACK_NAME="fidelisEc2" +TEMPLATE="ec2-5-1-2.yaml" +PARAMETER="file://params.json" +KEY_NAME="fidelis" +REGION="us-east-1" + +# deploy stack +aws cloudformation deploy --template-file $TEMPLATE \ + --stack-name $STACK_NAME --profile $PROFILE \ + --parameter-overrides $PARAMETER \ + --region $REGION \ No newline at end of file diff --git a/05-ec2/params.json b/05-ec2/params.json new file mode 100644 index 00000000..921ccaee --- /dev/null +++ b/05-ec2/params.json @@ -0,0 +1,7 @@ +{ + "Parameters": { + "LinuxAmi": "ami-052efd3df9dad4825", + "WindowsAmi": "ami-03e42a81d67097502", + "instancetype": "t3.micro" + } +} \ No newline at end of file