/
nested.yaml
192 lines (182 loc) · 5.74 KB
/
nested.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
AWSTemplateFormatVersion: "2010-09-09"
Metadata:
Author: Dmitriy Kagarlickij
cfn-lint:
config:
ignore_checks:
- W1020 # Vars could be added to /etc/awslogs/awslogs.conf and/or /etc/cron.d/radiusd-status
Parameters:
AMI:
Type: "AWS::EC2::Image::Id"
InstanceType:
Type: String
KeyName:
Type: "AWS::EC2::KeyPair::KeyName"
IamInstanceProfile:
Type: String
SecurityGroup:
Type: "AWS::EC2::SecurityGroup::Id"
AvailabilityZone:
Type: AWS::EC2::AvailabilityZone::Name
SubnetId:
Type: "AWS::EC2::Subnet::Id"
InstanceName:
Type: String
Resources:
ElasticIP:
Type: "AWS::EC2::EIP"
Properties:
Domain: vpc
NetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
GroupSet:
- !Ref SecurityGroup
SubnetId: !Ref SubnetId
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref InstanceName, "NetworkInterface"] ]
LaunchTemplate:
Type: "AWS::EC2::LaunchTemplate"
Metadata:
AWS::CloudFormation::Init:
configSets:
FreeRADIUS:
- 00-CloudWatchLogsAgentInstall
- 01-AssociateEIP
- 02-InstallFreeRADIUS
- 03-InstallRadiusCheck
00-CloudWatchLogsAgentInstall:
packages:
yum:
awslogs: []
files:
/etc/awslogs/awslogs.conf:
mode: "000644"
owner: "root"
group: "root"
content: !Sub |
[general]
state_file = /var/lib/awslogs/agent-state
[/var/log/cfn-init.log]
datetime_format = %Y-%m-%d %H:%M:%S,%fff
file = /var/log/cfn-init.log
buffer_duration = 5000
log_stream_name = {instance_id}
initial_position = start_of_file
log_group_name = /var/log/cfn-init.log
/etc/awslogs/awscli.conf:
mode: "000400"
owner: "root"
group: "root"
content: !Sub |
[plugins]
cwlogs = cwlogs
[default]
region = ${AWS::Region}
services:
sysvinit:
awslogsd:
enabled: "true"
ensureRunning: "true"
01-AssociateEIP:
commands:
0-AssociateEIP:
command:
!Join
- ''
- - |
- "aws ec2 associate-address"
- " --instance-id $(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)"
- " --allocation-id "
- !GetAtt "ElasticIP.AllocationId"
- " --region "
- !Ref "AWS::Region"
- |+
02-InstallFreeRADIUS:
packages:
yum:
freeradius: []
services:
sysvinit:
radiusd:
enabled: "true"
ensureRunning: "true"
03-InstallRadiusCheck:
files:
/opt/radiusd-status.sh:
mode: "000755"
owner: "root"
group: "root"
content: !Sub |
#!/bin/bash
if [ $(systemctl show -p ActiveState radiusd | cut -d'=' -f2) == 'active' ]; then {
aws cloudwatch put-metric-data --metric-name radiusd-status --namespace radiusd --unit Count --value 1 --dimensions InstanceName=${InstanceName} --region ${AWS::Region}
} else {
aws cloudwatch put-metric-data --metric-name radiusd-status --namespace radiusd --unit Count --value 0 --dimensions InstanceName=${InstanceName} --region ${AWS::Region}
}
fi
/etc/cron.d/radiusd-status:
mode: "000644"
owner: "root"
group: "root"
content: !Sub |
* * * * * ec2-user /opt/radiusd-status.sh 2>&1
Properties:
LaunchTemplateName: !Join [ "-", [ !Ref InstanceName, "LaunchTemplate"] ]
LaunchTemplateData:
TagSpecifications:
- ResourceType: "instance"
Tags:
- Key: Name
Value: !Ref InstanceName
KeyName: !Ref KeyName
ImageId: !Ref AMI
InstanceType: !Ref InstanceType
IamInstanceProfile:
Name: !Ref IamInstanceProfile
NetworkInterfaces:
- NetworkInterfaceId: !Ref NetworkInterface
DeviceIndex: 0
UserData:
Fn::Base64:
!Join
- ''
- - |
#!/bin/bash
- |
- "/opt/aws/bin/cfn-init --verbose"
- " --stack "
- !Ref "AWS::StackName"
- " --resource LaunchTemplate "
- " --configsets FreeRADIUS"
- " --region "
- !Ref "AWS::Region"
- |+
- |
- "/opt/aws/bin/cfn-signal --exit-code $?"
- " --stack "
- !Ref "AWS::StackName"
- " --resource ASG"
- " --region "
- !Ref "AWS::Region"
- |+
ASG:
Type: "AWS::AutoScaling::AutoScalingGroup"
Properties:
AutoScalingGroupName: !Join [ "-", [ !Ref InstanceName, "ASG"] ]
DesiredCapacity: "1"
HealthCheckType: "EC2"
LaunchTemplate:
LaunchTemplateId: !Ref LaunchTemplate
Version: !GetAtt LaunchTemplate.LatestVersionNumber
MaxSize: "1"
MinSize: "1"
AvailabilityZones:
- !Ref AvailabilityZone
CreationPolicy:
ResourceSignal:
Timeout: PT15M
Outputs:
ElasticIPAddress:
Value: !Ref ElasticIP