AWSTemplateFormatVersion: 2010-09-09 Description: Infrastructure to run the amazon-kinesis-replay Java application Parameters: SshKeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the EC2 instance for replaying events ConstraintDescription: MuSt be the name of an existing EC2 KeyPair Type: AWS::EC2::KeyPair::KeyName ClientIpAddressRange: AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x Description: IP address range that is able to connect to the EC2 instance over SSH MaxLength: 18 MinLength: 9 Type: String Default: 0.0.0.0/0 AmazonLinux2Ami: Type: "AWS::SSM::Parameter::Value" Default: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" InstanceType: Type: String Default: c5.large Outputs: KinesisReplayInstance: Description: SSH connection to the instance that ingests trip events into the Kinesis stream Value: !Sub ssh -C ec2-user@${KinesisReplayInstance.PublicDnsName} ProducerCommand: Description: Command to populate Kinesis stream with taxi trip events Value: !Sub java -jar amazon-kinesis-replay-1.0-SNAPSHOT.jar -streamRegion ${AWS::Region} -speedup 1440 -streamName ... Resources: KinesisReplayBuildStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://s3.amazonaws.com/aws-bigdata-blog/artifacts/kinesis-analytics-taxi-consumer/cfn-templates/kinesis-replay-build-pipeline.yml Parameters: ExternalArtifactBucket: !Ref ArtifactBucket ArtifactBucket: Type: AWS::S3::Bucket Properties: VersioningConfiguration: Status: Enabled KinesisReplayInstance: Type: AWS::EC2::Instance Properties: ImageId: !Ref AmazonLinux2Ami Monitoring: true InstanceType: !Ref InstanceType IamInstanceProfile: !Ref KinesisReplayInstanceProfile KeyName: !Ref SshKeyName NetworkInterfaces: - AssociatePublicIpAddress: true DeleteOnTermination: true DeviceIndex: 0 GroupSet: - !GetAtt KinesisReplayInstanceSecurityGroup.GroupId Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: !Sub ${AWS::StackName}-producer-instance UserData: Fn::Base64: !Sub | #!/bin/bash -x yum update -y yum install -y tmux java-11-amazon-corretto-headless # copy the replay Java app from s3 su ec2-user -l -c "${KinesisReplayBuildStack.Outputs.KinesisReplayCopyCommand}" KinesisReplayInstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: !Sub allow ssh access from ${ClientIpAddressRange} SecurityGroupIngress: - CidrIp: !Ref ClientIpAddressRange IpProtocol: tcp FromPort: 22 ToPort: 22 KinesisReplayInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Roles: - Ref: KinesisReplayRole KinesisReplayRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: root PolicyDocument: | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:DescribeStream", "kinesis:ListShards", "kinesis:GetShardIterator", "kinesis:GetRecords", "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": "*" } ] } Mappings: AWSRegionArch2AMI: eu-west-1: HVM64: ami-07683a44e80cd32c5