-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws_single_instance_hosting.yaml
217 lines (201 loc) · 6.84 KB
/
aws_single_instance_hosting.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Callsign registration service for HAM radio Nets'
Parameters:
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t3.small
AllowedValues: [t2.nano, t2.micro, t2.small, t2.medium, t2.large,
t3.nano, t3.micro, t3.small, t3.medium, t3.large, t4g.small]
ConstraintDescription: must be a valid EC2 instance type.
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
QRZUsername:
Type: 'AWS::SSM::Parameter::Value<String>'
Default: /registrator/qrz_username
QRZPassword:
Type: 'AWS::SSM::Parameter::Value<String>'
Default: /registrator/qrz_password
AdminPassword:
Type: 'AWS::SSM::Parameter::Value<String>'
Default: /registrator/admin_password
DNSZoneName:
Type: 'AWS::SSM::Parameter::Value<String>'
Default: /registrator/DNS_Zone_Name
Resources:
S3IAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Principal:
Service: ec2.amazonaws.com
Effect: Allow
Sid: ''
Policies:
- PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Resource: !Sub 'arn:aws:s3:::registrator-app-files/registrator.zip'
Effect: Allow
PolicyName: AuthenticatedS3GetObjects
- PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 'ec2:CreateTags'
- 'ec2:DescribeInstances'
Resource: '*'
Effect: Allow
PolicyName: TagRootVolume
S3IAMInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref S3IAMRole
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: '10.10.0.0/16'
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: 'Registrator VPC'
- Key: Project
Value: 'CheckIn'
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: 'Registrator IG'
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: '10.10.1.0/24'
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: 'Registrator Public Subnet (AZ1)'
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: 'Registrator Public Routes'
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1
EC2Instance:
Type: AWS::EC2::Instance
DependsOn: InternetGatewayAttachment
Properties:
IamInstanceProfile: !Ref S3IAMInstanceProfile
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
# Get the latest CloudFormation package
yum update -y aws-cfn-bootstrap
# Tag root volume
AWS_AVAIL_ZONE=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)
AWS_REGION="`echo \"$AWS_AVAIL_ZONE\" | sed 's/[a-z]$//'`"
AWS_INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)
ROOT_VOLUME_IDS=$(aws ec2 describe-instances --region $AWS_REGION --instance-id $AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)
aws ec2 create-tags --resources $ROOT_VOLUME_IDS --region $AWS_REGION --tags Key=Project,Value=CheckIn Key=Name,Value=RegistratorVolume
# Install Python 3
yum install python3 -y
# Download and unpack files
mkdir -p /usr/src/registrator
aws s3 cp s3://registrator-app-files/registrator.zip /usr/src/registrator
cd /usr/src/registrator
unzip ./registrator.zip
rm -f ./registrator.zip
# Install dependencies
pip3 install --no-cache-dir -r requirements.txt
# port replacement
sed -i 's/debug=True/debug=False/g' ./app.py
sed -i 's/port=8080/port=80/g' ./app.py
sed -i 's/superpassword123/${AdminPassword}/g' ./app.py
export QRZ_USER=${QRZUsername}
export QRZ_PASSWORD=${QRZPassword}
# Send CFN signal
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource SampleWaitCondition --region ${AWS::Region}
python3 ./app.py
InstanceType: !Ref 'InstanceType'
NetworkInterfaces:
- DeviceIndex: "0"
AssociatePublicIpAddress: "true"
GroupSet:
- !Ref InstanceSecurityGroup
SubnetId: !Ref PublicSubnet1
KeyName: !Ref 'KeyName'
ImageId: !Ref 'LatestAmiId'
SampleWaitCondition:
CreationPolicy:
ResourceSignal:
Timeout: PT5M
Count: 1
Type: AWS::CloudFormation::WaitCondition
DNSRecord:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Ref 'DNSZoneName'
Comment: DNS name for registrator instance.
Name: !Join ['', ['r', ., !Ref 'DNSZoneName']]
Type: A
TTL: '120'
ResourceRecords:
- !GetAtt EC2Instance.PublicIp
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: Enable SSH and HTTP access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref 'SSHLocation'
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: '0.0.0.0/0'
Outputs:
InstanceIPAddress:
Description: IP address of the newly created EC2 instance
Value: !GetAtt EC2Instance.PublicIp