{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template is used to deploy a VM instance on a MEC VPC.", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Network Configuration" }, "Parameters": [ "VPCID", "MgmtSubnetID", "S1USubnetID", "SGISubnetID", "SecurityGroup" ] }, { "Label": { "default": "VM Configuration" }, "Parameters": [ "EC2InstanceName", "EC2InstanceCount", "KeyPairName", "AMIID", "InstanceType", "EnableTCPForwarding", "UENETCIDR", "S3BucketName" ] } ], "ParameterLabels": { "VPCID": { "default": "VPC ID" }, "MgmtSubnetID": { "default": "Management Subnet ID" }, "S1USubnetID": { "default": "S1U Subnet ID" }, "SGISubnetID": { "default": "SGI Subnet ID" }, "RemoteAccessCIDR": { "default": "Allowed Instance External Access CIDR" }, "AMIID": { "default": "AMI Operating System ID" }, "InstanceType": { "default": "Instance Type" }, "EC2InstanceName": { "default": "Instance Name" }, "EC2InstanceCount": { "default": "Instance Count" }, "EnableTCPForwarding": { "default": "Enable TCP Forwarding" }, "KeyPairName": { "default": "Key Pair Name" }, "SecurityGroup": { "default": "Security Group Name" }, "UENETCIDR": { "default": "UE NET CIDR for the instance" }, "S3BucketName": { "default": "S3 Bucket Name" } } } }, "Parameters": { "AMIID": { "Description": "The Linux distribution for the AMI to be used for the EC2 instances", "Type": "AWS::EC2::Image::Id" }, "InstanceType": { "AllowedValues": [ "c5n.xlarge", "c5n.2xlarge", "c5n.4xlarge", "c5n.9xlarge", "c5n.18xlarge" ], "Default": "c5n.2xlarge", "Description": "Amazon EC2 instance type", "Type": "String" }, "EC2InstanceName": { "Default": "VPC-MEC-Instance", "Description": "EC2 Instance Name", "Type": "String" }, "EC2InstanceCount": { "Default": 5, "MinValue": 1, "MaxValue": 15, "Description": "EC2 Instance Count", "Type": "Number" }, "KeyPairName": { "Description": "Enter a public/private key pair. If you do not have one in this region, please create it before continuing", "Type": "AWS::EC2::KeyPair::KeyName" }, "VPCID": { "Description": "ID of the VPC", "Type": "AWS::EC2::VPC::Id" }, "MgmtSubnetID": { "Description": "ID of the Mgmt subnet that you want to provision the EC2 instance into", "Type": "AWS::EC2::Subnet::Id" }, "S1USubnetID": { "Description": "ID of the S1U subnet that you want to provision the EC2 instance into", "Type": "AWS::EC2::Subnet::Id" }, "SGISubnetID": { "Description": "ID of the SGI subnet that you want to provision the EC2 instance into", "Type": "AWS::EC2::Subnet::Id" }, "SecurityGroup": { "Description": "ID of the Security Group that you want to provision the EC2 instance into", "Type": "AWS::EC2::SecurityGroup::Id" }, "S3BucketName": { "Description": "S3 Bucket Name", "MinLength" : "1", "Type": "String" }, "UENETCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/12)$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Description": "Allowed CIDR block for UE NET", "Type": "String", "Default": "172.16.0.0/12" } }, "Rules": { "SubnetsInVPC": { "Assertions": [ { "Assert": { "Fn::EachMemberIn": [ { "Fn::ValueOfAll": [ "AWS::EC2::Subnet::Id", "VpcId" ] }, { "Fn::RefAll": "AWS::EC2::VPC::Id" } ] }, "AssertDescription": "All subnets must exist in the VPC" } ] } }, "Resources": { "MultipleInstances": { "Type": "Custom::MultipleInstances", "Properties": { "ServiceToken": { "Fn::GetAtt" : ["MultipleInstancesFunction", "Arn"] }, "ImageID": {"Ref": "AMIID"}, "VPCType": "mec", "InstanceName": {"Ref": "EC2InstanceName"}, "InstanceCount": {"Ref": "EC2InstanceCount"}, "SecurityGroup": {"Ref": "SecurityGroup"}, "KeyPair": {"Ref": "KeyPairName"}, "InstanceType": {"Ref": "InstanceType"}, "SubnetIds": [{"Ref": "MgmtSubnetID"}, {"Ref": "S1USubnetID"}, {"Ref": "SGISubnetID"}], "DestinationCIDR": {"Ref": "UENETCIDR"} } }, "MultipleInstancesFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": {"Ref": "S3BucketName"}, "S3Key": "lambda_function.zip" }, "Handler": "lambda_function.lambda_handler", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Runtime": "python3.8", "Timeout": "300" } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonEC2FullAccess" ] } } }, "Outputs": { "SecurityGroupID": { "Description": "Security Group ID", "Value": { "Ref": "SecurityGroup" }, "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-SecurityGroupID" } } } } }