AWSTemplateFormatVersion: '2010-09-09' Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instance Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. InstanceType: Description: Developer EC2 instance type Type: String Default: t3.medium AllowedValues: [t3.medium, t3.large, m5.large] ConstraintDescription: must be a valid EC2 instance type. SSHLocation: Description: The IP address range that can be used to SSH to the EC2 instances Type: String MinLength: 9 MaxLength: 18 Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. LatestAmiId: Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' VpcCIDR: Description: Please enter the IP range (CIDR notation) for this VPC Type: String Default: 10.192.0.0/16 PublicSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone Type: String Default: 10.192.10.0/24 EnvironmentName: Description: An environment name that will be prefixed to resource names Type: String Default: AmplifyAuthDemo Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Ref EnvironmentName InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Ref EnvironmentName InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref PublicSubnet1CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${EnvironmentName} Public Subnet (AZ1) PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${EnvironmentName} Public Routes DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet1 EC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: !Ref 'InstanceType' KeyName: !Ref 'KeyName' ImageId: !Ref 'LatestAmiId' NetworkInterfaces: - AssociatePublicIpAddress: 'true' DeviceIndex: '0' GroupSet: - !Ref 'InstanceSecurityGroup' SubnetId: !Ref 'PublicSubnet1' BlockDeviceMappings: - DeviceName: '/dev/xvda' Ebs: VolumeType: 'gp2' VolumeSize: 20 Tags: - Key: 'Name' Value: 'reinvent builders session' UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y yum install -y python3 python3-dev cat > /tmp/subscript.sh << EOF # START echo "Setting up NodeJS Environment" curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash echo 'export NVM_DIR="/home/ec2-user/.nvm"' >> /home/ec2-usr/.bashrc echo '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm' >> /home/ec2-user/.bashrc # Dot source the files to ensure that variables are available within the current shell . /home/ec2-user/.nvm/nvm.sh . /home/ec2-user/.bashrc # Install NVM, Node.JS nvm install node npm install -g @aws-amplify/cli npm install -g create-react-app EOF chown ec2-user:ec2-user /tmp/subscript.sh && chmod a+x /tmp/subscript.sh sleep 1; su - ec2-user -c "/tmp/subscript.sh" # Update the file watcher counts to support visual studio code. echo "fs.inotify.max_user_watches=524288" >> /etc/sysctl.conf sysctl -p /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} \ --resource EC2Instance --region ${AWS::Region} CreationPolicy: ResourceSignal: Count: 1 Timeout: "PT15M" InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable SSH access via port 22 VpcId: !Ref 'VPC' SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref 'SSHLocation' AmplifyUser: Type: AWS::IAM::User Properties: Path: "/" Groups: - !Ref AmplifyUserAuthDemoGroup AmplifyUserAuthDemoGroup: Type: AWS::IAM::Group Properties: Path: "/" AmplifyUserPolicy: Type: AWS::IAM::Policy Properties: PolicyName: AmplifyUserPolicy Groups: - !Ref AmplifyUserAuthDemoGroup PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - appsync:* - amplify:* - apigateway:POST - apigateway:DELETE - apigateway:PATCH - apigateway:PUT - cloudformation:CreateStack - cloudformation:CreateStackSet - cloudformation:DeleteStack - cloudformation:DeleteStackSet - cloudformation:DescribeStackEvents - cloudformation:DescribeStackResource - cloudformation:DescribeStackResources - cloudformation:DescribeStackSet - cloudformation:DescribeStackSetOperation - cloudformation:DescribeStacks - cloudformation:UpdateStack - cloudformation:UpdateStackSet - cloudfront:CreateCloudFrontOriginAccessIdentity - cloudfront:CreateDistribution - cloudfront:DeleteCloudFrontOriginAccessIdentity - cloudfront:DeleteDistribution - cloudfront:GetCloudFrontOriginAccessIdentity - cloudfront:GetCloudFrontOriginAccessIdentityConfig - cloudfront:GetDistribution - cloudfront:GetDistributionConfig - cloudfront:TagResource - cloudfront:UntagResource - cloudfront:UpdateCloudFrontOriginAccessIdentity - cloudfront:UpdateDistribution - cognito-identity:CreateIdentityPool - cognito-identity:DeleteIdentityPool - cognito-identity:DescribeIdentity - cognito-identity:DescribeIdentityPool - cognito-identity:SetIdentityPoolRoles - cognito-identity:UpdateIdentityPool - cognito-idp:CreateUserPool - cognito-idp:CreateUserPoolClient - cognito-idp:DeleteUserPool - cognito-idp:DeleteUserPoolClient - cognito-idp:DescribeUserPool - cognito-idp:UpdateUserPool - cognito-idp:UpdateUserPoolClient - dynamodb:CreateTable - dynamodb:DeleteItem - dynamodb:DeleteTable - dynamodb:DescribeTable - dynamodb:PutItem - dynamodb:UpdateItem - dynamodb:UpdateTable - iam:CreateRole - iam:DeleteRole - iam:DeleteRolePolicy - iam:GetRole - iam:GetUser - iam:PassRole - iam:PutRolePolicy - iam:UpdateRole - lambda:AddPermission - lambda:CreateFunction - lambda:DeleteFunction - lambda:GetFunction - lambda:GetFunctionConfiguration - lambda:InvokeAsync - lambda:InvokeFunction - lambda:RemovePermission - lambda:UpdateFunctionCode - lambda:UpdateFunctionConfiguration - s3:* Resource: '*' AmplifyUserAccessKey: Type: AWS::IAM::AccessKey Properties: UserName: !Ref AmplifyUser Outputs: InstanceId: Description: InstanceId of the newly created EC2 instance Value: !Ref 'EC2Instance' PublicIP: Description: Public IP address of the newly created EC2 instance Value: !GetAtt [EC2Instance, PublicIp] AmplifyUserAccessId: Description: Access Key Id Value: !Ref AmplifyUserAccessKey AmplifyUserSecretKey: Description: Secret Access Key Value: !GetAtt AmplifyUserAccessKey.SecretAccessKey