--- AWSTemplateFormatVersion: 2010-09-09 Description: Reference Architecture to host WordPress on AWS - Creates bastion (desired:0; min:0; max:1) Auto Scaling group Metadata: Authors: Description: Darryl Osborne (darrylo@amazon.com) License: Description: 'Copyright 2018 Amazon.com, Inc. and its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0' AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AWS Parameters Parameters: - EC2KeyName - BastionInstanceType - BastionSecurityGroup - NumberOfSubnets - Subnet ParameterLabels: BastionSecurityGroup: default: Bastion Security Group BastionInstanceType: default: Instance Type EC2KeyName: default: Existing Key Pair NumberOfSubnets: default: Number of subnets Subnet: default: Subnets Parameters: BastionSecurityGroup: Description: Select the bastion security group. Type: AWS::EC2::SecurityGroup::Id BastionInstanceType: AllowedValues: - t3.medium - t3.micro - t3.nano - t3.small ConstraintDescription: Must be a valid Amazon EC2 instance type. Default: t3.nano Description: Bastion EC2 instance type. Type: String EC2KeyName: Description: Name of an EC2 KeyPair. Your bastion instances will launch with this KeyPair. Type: AWS::EC2::KeyPair::KeyName NumberOfSubnets: AllowedValues: - 2 - 3 - 4 - 5 - 6 Default: 3 Description: Number of subnets. This must match your selections in the list of subnets below. Type: String Subnet: Description: Select existing subnets. The number selected must match the number of subnets above. Subnets selected must be in separate AZs. Type: List Conditions: NumberOfSubnets1: !Equals [ 1, !Ref NumberOfSubnets ] NumberOfSubnets2: !Equals [ 2, !Ref NumberOfSubnets ] NumberOfSubnets3: !Equals [ 3, !Ref NumberOfSubnets ] NumberOfSubnets4: !Equals [ 4, !Ref NumberOfSubnets ] NumberOfSubnets5: !Equals [ 5, !Ref NumberOfSubnets ] NumberOfSubnets6: !Equals [ 6, !Ref NumberOfSubnets ] Subnet0: !Or - !Condition NumberOfSubnets1 - !Condition NumberOfSubnets2 - !Condition NumberOfSubnets3 - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet1: !Or - !Condition NumberOfSubnets2 - !Condition NumberOfSubnets3 - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet2: !Or - !Condition NumberOfSubnets3 - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet3: !Or - !Condition NumberOfSubnets4 - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet4: !Or - !Condition NumberOfSubnets5 - !Condition NumberOfSubnets6 Subnet5: !Condition NumberOfSubnets6 Mappings: RegionMap: ap-northeast-1: AMI: ami-0de5311b2a443fb89 ap-northeast-2: AMI: ami-09cf633fe86e51bf0 ap-south-1: AMI: ami-0e6329e222e662a52 ap-southeast-1: AMI: ami-094bbd9e922dc515d ap-southeast-2: AMI: ami-02a66f06b3557a897 ca-central-1: AMI: ami-088d4832275406edf eu-central-1: AMI: ami-070b208e993b59cea eu-west-1: AMI: ami-0ee415e1b8b71305f eu-west-2: AMI: ami-0648ea225c13e0729 sa-east-1: AMI: ami-0122c4b16734197ac us-east-1: AMI: ami-09d3b3274b6c5d4aa us-east-2: AMI: ami-089a545a9ed9893b6 us-west-1: AMI: ami-017c001a88dd93847 us-west-2: AMI: ami-0d593311db5abb72b Resources: BastionAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: Cooldown: 60 HealthCheckGracePeriod: 120 HealthCheckType: EC2 LaunchConfigurationName: !Ref BastionLaunchConfiguration MaxSize: 1 MinSize: 0 Tags: - Key: Name Value: !Join [ '', [ 'Bastion / ', !Ref 'AWS::StackName' ] ] PropagateAtLaunch: true VPCZoneIdentifier: !If [ NumberOfSubnets1, [ !Select [ 0, !Ref Subnet ] ], !If [ NumberOfSubnets2, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ] ], !If [ NumberOfSubnets3, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ] ], !If [ NumberOfSubnets4, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ], !Select [ 3, !Ref Subnet ] ], !If [ NumberOfSubnets5, [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ], !Select [ 3, !Ref Subnet ], !Select [ 4, !Ref Subnet ] ], [ !Select [ 0, !Ref Subnet ], !Select [ 1, !Ref Subnet ], !Select [ 2, !Ref Subnet ], !Select [ 3, !Ref Subnet ], !Select [ 4, !Ref Subnet ], !Select [ 5, !Ref Subnet ] ] ] ] ] ] ] BastionLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: IamInstanceProfile: !Ref BastionInstanceProfile ImageId: !FindInMap [ RegionMap, !Ref 'AWS::Region', AMI ] InstanceMonitoring: true InstanceType: !Ref BastionInstanceType KeyName: !Ref EC2KeyName SecurityGroups: - !Ref BastionSecurityGroup BastionInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: '/' Roles: - !Ref BastionInstanceRole BastionInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole Path: '/' Policies: - PolicyName: logs PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents - logs:DescribeLogStreams Resource: - arn:aws:logs:*:*:*