-
Notifications
You must be signed in to change notification settings - Fork 0
/
splunk_cf.yaml
156 lines (150 loc) · 4.97 KB
/
splunk_cf.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
AWSTemplateFormatVersion: '2010-09-09'
Metadata:
License: Apache-2.0
Description: 'AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample:
Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based
on the region in which the stack is run. This example creates an EC2 security group
for the instance to give you SSH access. **WARNING** This template creates an Amazon
EC2 instance. You will be billed for the AWS resources used if you create a stack
from this template.'
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Description: EC2 instance type
Type: String
Default: m5.large
AllowedValues: [t3.medium, t3.large, m5.large, m5.xlarge]
ConstraintDescription: must be a valid EC2 instance type.
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
VPCID:
Description: The VPC the directory will be created in
Type: AWS::EC2::VPC::Id
PublicSubnet0:
Description: Subnet to be used for the EC2 Instance
Type: AWS::EC2::Subnet::Id
SSHLocation:
Description: The IP address range that can be used to SSH and access over HTTP to the Splunk EC2 instances
Type: String
MinLength: 9
MaxLength: 18
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
VpcCidrRange:
Description: The IP address range of your VPC to allow to connect to Splunk HTTP Event Collector
Type: String
MinLength: 9
MaxLength: 18
Default: 172.20.0.0/16
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
RootVolumeSize:
Description: The size of the Root Volume Size
Type: String
Default: 100
S3BucketName:
Description: "S3 bucket name where the Splunk install file is located"
Type: String
S3Prefix:
Description: "S3 prefix including the Splunk RPM file"
Type: String
S3DownloadLocation:
Description: "Local Download location of S3 files"
Type: String
Default: '/tmp'
Resources:
InstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
Path: /
Policies:
- PolicyName: cfS3AllowSplunkFile
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:GetObject
Resource:
- !Sub 'arn:aws:s3:::${S3BucketName}/${S3Prefix}'
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref InstanceRole
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable SSH access via port 22 and allow ALB to connect to port 80 on the instance
SecurityGroupEgress:
- Description: Allow all outbound traffic
IpProtocol: -1
CidrIp: 0.0.0.0/0
SecurityGroupIngress:
- Description: Allow 22 and 8000
IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref SSHLocation
- IpProtocol: tcp
FromPort: 8000
ToPort: 8000
CidrIp: !Ref SSHLocation
- IpProtocol: tcp
FromPort: 8088
ToPort: 8088
CidrIp: !Ref VpcCidrRange
VpcId: !Ref VPCID
EC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref InstanceType
SecurityGroupIds: [!Ref InstanceSecurityGroup]
IamInstanceProfile: !Ref InstanceProfile
KeyName: !Ref KeyName
ImageId: !Ref LatestAmiId
SubnetId: !Ref PublicSubnet0
BlockDeviceMappings:
-
DeviceName: "/dev/xvda"
Ebs:
VolumeSize: !Ref RootVolumeSize
VolumeType: gp2
Tags:
-
Key: Name
Value: 'Splunk Demo Instance'
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -xe
s3files="s3://${S3BucketName}/${S3Prefix}"
n=$(echo $s3files | tr -cd / | wc -c | awk '{$1=$1;print}')
splunkfile=$(echo $s3files | cut -d'/' -f$((n+1)))
cd ${S3DownloadLocation}
aws s3 cp $s3files .
chmod 644 $splunkfile
rpm -i $splunkfile
Outputs:
SplunkPrivateDns:
Description: INTERNAL DNS of the Splunk Instance
Value: !GetAtt EC2Instance.PrivateDnsName
SplunkPublicDns:
Description: EXTERNAL DNS of the Splunk Instance
Value: !GetAtt EC2Instance.PublicDnsName