RLOpenCatalyst · RLIndia · Oct 31, 2025 · Oct 30, 2025 · Oct 31, 2025 · Oct 31, 2025
diff --git a/cft-templates/awsSagemakerDomainAI.yaml b/cft-templates/awsSagemakerDomainAI.yaml
@@ -0,0 +1,67 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: >
+  CloudFormation template to create a SageMaker Domain
+  with an IAM execution role. Applies project_name tag.
+
+Parameters:
+  Namespace:
+    Type: String
+    Description: An environment name that will be prefixed to resource names
+  VpcId:
+    Type: AWS::EC2::VPC::Id
+    Description: VPC where SageMaker domain will be created.
+  SubnetId:
+    Type: AWS::EC2::Subnet::Id
+    Description: Subnet for the SageMaker domain.
+  ProjectId:
+    Description: Project Id that will be added as tag to the resources.
+    Type: String
+
+
+Resources:
+  SageMakerExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: !Sub "${Namespace}-SageMakerExecutionRole"
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: sagemaker.amazonaws.com
+            Action: sts:AssumeRole
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonSageMakerFullAccess
+        - arn:aws:iam::aws:policy/AmazonS3FullAccess
+      Tags:
+        - Key: project_name
+          Value: !Ref ProjectId
+        - Key: cost_resource
+          Value: !Ref "AWS::StackName"
+
+
+  SageMakerDomain:
+    Type: AWS::SageMaker::Domain
+    Properties:
+      AuthMode: IAM
+      DomainName: !Sub "${Namespace}-sagemaker-domain"
+      DefaultUserSettings:
+        ExecutionRole: !GetAtt SageMakerExecutionRole.Arn
+      SubnetIds:
+        - !Ref SubnetId      
+      VpcId: !Ref VpcId
+      Tags:
+        - Key: project_name
+          Value: !Ref ProjectId
+        - Key: cost_resource
+          Value: !Ref "AWS::StackName"
+
+
+Outputs:
+  SageMakerDomainId:
+    Description: ID of the created SageMaker Domain
+    Value: !Ref SageMakerDomain
+
+  SageMakerExecutionRoleArn:
+    Description: IAM role created for SageMaker
+    Value: !GetAtt SageMakerExecutionRole.Arn
diff --git a/cft-templates/bedrock.yaml b/cft-templates/bedrock.yaml
@@ -0,0 +1,101 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: >
+  CloudFormation template to create a Bedrock Execution Role
+  with a dummy parameter and a no-op resource for stack completion.
+
+Parameters:
+  EnvironmentName:
+    Type: String
+    Default: dev
+    Description: Environment name (e.g., dev, qa, prod)
+
+Resources:
+  # Dummy Resource (no functional purpose, just to ensure a complete stack)
+  DummyResource:
+    Type: AWS::CloudFormation::WaitConditionHandle
+
+  # Bedrock Execution Role
+  BedrockExecutionRole:
+    Type: AWS::IAM::Role
+    Properties:
+      RoleName: !Sub "${AWS::StackName}-bedrock-execution-role"
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: bedrock.amazonaws.com
+            Action: sts:AssumeRole
+          - Effect: Allow
+            Principal:
+              AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
+            Action:
+              - sts:AssumeRole
+              - sts:TagSession
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/AmazonBedrockFullAccess
+        - arn:aws:iam::aws:policy/AmazonS3FullAccess
+      Policies:
+        - PolicyName: BedrockExecutionRolePolicy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - "bedrock:*"
+                Resource: "*"
+              - Effect: Allow
+                Action:
+                  - "s3:GetObject"
+                  - "s3:PutObject"
+                  - "s3:DeleteObject"
+                  - "s3:ListBucket"
+                Resource: "*"
+              - Effect: Allow
+                Action:
+                  - "s3vectors:*"
+                Resource: "*"
+              - Effect: Allow
+                Action:
+                  - "logs:CreateLogGroup"
+                  - "logs:CreateLogStream"
+                  - "logs:PutLogEvents"
+                Resource: "*"
+              - Effect: Allow
+                Action:
+                  - "iam:CreateRole"
+                  - "iam:AttachRolePolicy"
+                  - "iam:PutRolePolicy"
+                  - "lambda:ListFunctions"
+                  - "lambda:GetFunction"
+                  - "lambda:InvokeFunction"
+                  - "iam:CreateRole"
+                  - "iam:GetRole"
+                  - "iam:PassRole"
+                  - "iam:ListAttachedRolePolicies"
+                Resource: "*"
+              - Effect: Allow
+                Action:
+                  - "aoss:CreateCollection"
+                  - "aoss:ListCollections"
+                  - "aoss:BatchGetCollection"
+                  - "aoss:DeleteCollection"
+                  - "aoss:CreateAccessPolicy"
+                  - "aoss:GetAccessPolicy"
+                  - "aoss:ListAccessPolicies"
+                  - "aoss:UpdateAccessPolicy"
+                  - "aoss:DeleteAccessPolicy"
+                  - "aoss:CreateSecurityPolicy"
+                  - "aoss:GetSecurityPolicy"
+                  - "aoss:ListSecurityPolicies"
+                  - "aoss:UpdateSecurityPolicy"
+                  - "aoss:DeleteSecurityPolicy"
+                Resource: "*"
+
+Outputs:
+  BedrockExecutionRoleArn:
+    Description: ARN of the created Bedrock Execution Role
+    Value: !GetAtt BedrockExecutionRole.Arn
+    Export:
+      Name: !Sub "${AWS::StackName}-BedrockExecutionRoleArn"
+
diff --git a/cft-templates/ec2-nginxWebServer.yml b/cft-templates/ec2-nginxWebServer.yml
@@ -0,0 +1,141 @@
+Metadata: 
+  License: Apache-2.0
+AWSTemplateFormatVersion: '2010-09-09'
+Description: 'AWS CloudFormation Template to create an EC2 instance
+  **WARNING** This template creates an Amazon EC2 instance and an Elastic IP Address.
+  You will be billed for the AWS resources used if you create a stack from this template.'
+
+Parameters:
+  Namespace:
+    Type: String
+    Description: An environment name that will be prefixed to resource names
+  S3Mounts:
+    Type: String
+    Description: A JSON array of objects with name, bucket, and prefix properties used to mount data
+  IamPolicyDocument:
+    Type: String
+    Description: The IAM policy to be associated with the launched workstation
+  EnvironmentInstanceFiles:
+    Type: String
+    Description: >-
+      An S3 URI (starting with "s3://") that specifies the location of files to be copied to
+      the environment instance, including any bootstrap scripts
+  InstanceType:
+    Description: Choose the instance type e.g t3.small (2vCPU , 2GiB RAM) t3.medium (2vCPU , 4GiB RAM), t3.large (2vCPU, 8GiB RAM).
+    Type: String
+    Default: t3.small
+    AllowedValues: [t3.small, t3.medium, t3.large]
+    ConstraintDescription: must be a valid EC2 instance type.
+  EBSVolumeSize:
+    Description: The initial size of the volume (in GBs)  EBS will use for storage.
+    Type: Number
+    Default: 8  
+  KeyPair:
+    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance. If no key pairs exist, please create one from the button next to the dropdown. Please contact your Administrator if you are unable to create one.
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: must be the name of an existing EC2 KeyPair.
+  AllowedSSHLocation:
+    Description: The IP address range that can be used to SSH to the EC2 instances
+    Type: String
+    MinLength: '9'
+    MaxLength: '18'
+    Default: 0.0.0.0/0
+    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
+    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
+  LatestAmiId:
+    Type:  'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
+    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
+  AvailabilityZone:
+    Description: Select the availability zone in which to create the instance. If you plan to attach a secondary volume to the instance, create this instance in the same AvailabilityZone as the volume you created.
+    Type: AWS::EC2::AvailabilityZone::Name  
+
+Conditions:
+  IamPolicyEmpty: !Equals [!Ref IamPolicyDocument, '{}']
+
+Resources:  
+  IAMRole:
+    Type: 'AWS::IAM::Role'
+    Properties:
+      RoleName: !Join ['-', [Ref: Namespace, 'ec2-role']]
+      Path: '/'
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: 'Allow'
+            Principal:
+              Service:
+                - 'ec2.amazonaws.com'
+            Action:
+              - 'sts:AssumeRole'
+      Policies:
+        - !If
+          - IamPolicyEmpty
+          - !Ref 'AWS::NoValue'
+          - PolicyName: !Join ['-', [Ref: Namespace, 's3-studydata-policy']]
+            PolicyDocument: !Ref IamPolicyDocument
+
+  InstanceProfile:
+    Type: 'AWS::IAM::InstanceProfile'
+    Properties:
+      InstanceProfileName: !Join ['-', [Ref: Namespace, 'ec2-profile']]
+      Path: '/'
+      Roles:
+        - Ref: IAMRole
+
+  EC2Instance:
+    Type: AWS::EC2::Instance
+    Properties:
+      UserData:
+        Fn::Base64: !Sub |
+          #!/usr/bin/env bash
+          exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
+          # Download and execute bootstrap script
+          aws s3 cp "${EnvironmentInstanceFiles}/get_bootstrap.sh" "/tmp"
+          chmod 500 "/tmp/get_bootstrap.sh"
+          /tmp/get_bootstrap.sh "${EnvironmentInstanceFiles}" '${S3Mounts}'
+
+          # Signal result to CloudFormation
+          /opt/aws/bin/cfn-signal -e $? --stack "${AWS::StackName}" --resource "EC2Instance" --region "${AWS::Region}"
+      InstanceType: !Ref 'InstanceType'
+      AvailabilityZone: !Ref AvailabilityZone
+      SecurityGroups: [!Ref 'InstanceSecurityGroup']
+      KeyName: !Ref 'KeyPair'
+      ImageId: !Ref 'LatestAmiId'
+      IamInstanceProfile: !Ref InstanceProfile
+      PropagateTagsToVolumeOnCreation: true
+      BlockDeviceMappings:
+        - DeviceName: /dev/xvda
+          Ebs:
+            VolumeSize: !Ref EBSVolumeSize
+            Encrypted: true
+      Tags:
+        - Key: Name
+          Value: !Join ['-', [Ref: Namespace, 'ec2-linux']]
+        - Key: Description
+          Value: EC2 workspace instance
+        - Key: cost_resource
+          Value: !Sub ${AWS::StackName}
+
+  InstanceSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Enable SSH access
+      SecurityGroupIngress:
+      - IpProtocol: tcp
+        FromPort: '22'
+        ToPort: '22'
+        CidrIp: !Ref 'AllowedSSHLocation'
+
+Outputs:
+  InstanceId:
+    Description: InstanceId of the newly created EC2 instance
+    Value: !Ref 'EC2Instance'
+  InstanceIPAddress:
+    Description: IP address of the newly created EC2 instance
+    Value: !GetAtt [EC2Instance, PublicIp]
+  InstanceDNSName:
+    Description: DNS name of the newly created EC2 instance
+    Value: !GetAtt [EC2Instance, PublicDnsName]
+  AvailabilityZone: 
+    Description: AvailabilityZone of newly created EC2 instance
+    Value: !Ref AvailabilityZone