AWSTemplateFormatVersion: '2010-09-09' Metadata: License: Apache-2.0 Description: 'AWS CloudFormation creating an instance: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.' Parameters: EnvironmentName: Description: An environment name that is prefixed to resource names Type: String KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instance Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. InstanceType: Description: WebServer EC2 instance type Type: String Default: t3.small AllowedValues: [t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge, m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge, m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge, c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, g3.8xlarge, r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r3.12xlarge, i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge, d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge] ConstraintDescription: must be a valid EC2 instance type. LatestAmiId: Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' VPC1CIDR: Description: The IP address range of the DC vpc Type: String MinLength: 9 MaxLength: 18 Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. VPC2CIDR: Description: The IP address range of the Cloud vpc Type: String MinLength: 9 MaxLength: 18 Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. SubnetId: Description: Id of the subnet in which OpenSwan instance will be deployed Type: String VPCID: Description: ID of the vpc Type: String Resources: SSMRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM GlueInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref SSMRole EC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: !Ref 'InstanceType' SecurityGroupIds: [!Ref 'InstanceSecurityGroup'] IamInstanceProfile: Ref: GlueInstanceProfile KeyName: !Ref 'KeyName' ImageId: !Ref 'LatestAmiId' SubnetId: !Ref 'SubnetId' SourceDestCheck: false Tags: - Key: Name Value: !Sub ${EnvironmentName}-private-instance InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable traffic from DC-VPC and Cloud-VPC VpcId: !Ref 'VPCID' SecurityGroupIngress: - IpProtocol: -1 CidrIp: !Ref 'VPC1CIDR' - IpProtocol: -1 CidrIp: !Ref 'VPC2CIDR' Tags: - Key: Name Value: !Sub ${EnvironmentName}-private-sg Outputs: InstanceId: Description: InstanceId of the newly created EC2 instance Value: !Ref 'EC2Instance' AZ: Description: Availability Zone of the newly created EC2 instance Value: !GetAtt [EC2Instance, AvailabilityZone]