AWSTemplateFormatVersion: 2010-09-09 Description: "CI Stack for Linux Utils (qs-1r0b9gef4)" Metadata: LICENSE: 'Apache License, Version 2.0' AUTHOR: 'Tony Vattathil' EMAIL: 'tonynv@amazon.com' Parameters: TestAMIOS: AllowedValues: - Amazon-Linux2-HVM - Amazon-Linux-HVM - CentOS-7-HVM - Ubuntu-Server-18.04-LTS-HVM - Ubuntu-Server-20.04-LTS-HVM - SUSE-SLES-15-HVM Default: Amazon-Linux2-HVM Description: The Linux distribution for the AMI to be used for the bastion instances. Type: String AccessCIDR: AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Description: The IP address range that can be used to access to the EC2 instance MaxLength: '18' MinLength: '9' Type: String KeyPairName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: AWS::EC2::KeyPair::KeyName Default: id_rsa_aws ConstraintDescription: Must be the name of an existing EC2 KeyPair. SubnetId: Description: The Public subnet where the ec2 instance will be launched Type: AWS::EC2::Subnet::Id VPCID: Description: VPC 1D Type: AWS::EC2::VPC::Id BucketName: AllowedPattern: '^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$' ConstraintDescription: >- Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: 'replace-with-your-staging-bucket' Description: >- S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String KeyPrefix: AllowedPattern: '^[0-9a-zA-Z-/]*$' ConstraintDescription: >- Can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-linux-utilities/ Description: >- S3 key prefix where assets are located should end withforward slash (/). Type: String BucketRegion: Description: The AWS Region where the is hosted. When using your own bucket, you must specify this value. Type: String GitRepo: Default: https://github.com/aws-quickstart/quickstart-linux-utilities.git Type: String GitBranch: Default: develop Type: String Mappings: AWSAMIRegionMap: ap-northeast-1: AMZNLINUX2: ami-0af1df87db7b650f4 AMZNLINUXHVM: ami-02ddf94e5edc8e904 CENTOS7HVM: ami-045f38c93733dd48d US1804HVM: ami-01f90b0460589991e US2004HVM: ami-09fdc0371d433b7b7 SLES15HVM: ami-056ac8ad44e6a7e1f ap-northeast-2: AMZNLINUX2: ami-0a93a08544874b3b7 AMZNLINUXHVM: ami-0ecd78c22823e02ef CENTOS7HVM: ami-06cf2a72dadf92410 US1804HVM: ami-096e3ded41e3bda6a US2004HVM: ami-030f198fbbaa819a4 SLES15HVM: ami-0f81fff879bafe6b8 ap-south-1: AMZNLINUX2: ami-0d9462a653c34dab7 AMZNLINUXHVM: ami-05695932c5299858a CENTOS7HVM: ami-02e60be79e78fef21 US1804HVM: ami-0d11056c10bfdde69 US2004HVM: ami-080277375e5bfd8b7 SLES15HVM: ami-01be89269d32f2a16 ap-southeast-1: AMZNLINUX2: ami-0f02b24005e4aec36 AMZNLINUXHVM: ami-043afc2b8b6cfba5c CENTOS7HVM: ami-0b4dd9d65556cac22 US1804HVM: ami-07ce5f60a39f1790e US2004HVM: ami-035c90f6aef51614f SLES15HVM: ami-070356c21596ddc67 ap-southeast-2: AMZNLINUX2: ami-0f767afb799f45102 AMZNLINUXHVM: ami-01393ce9a3ca55d67 CENTOS7HVM: ami-08bd00d7713a39e7d US1804HVM: ami-04c7af7de7ad468f0 US2004HVM: ami-0e7f40bffc03ebc9d SLES15HVM: ami-0c4245381c67efb39 ca-central-1: AMZNLINUX2: ami-00db12b46ef5ebc36 AMZNLINUXHVM: ami-0fa94ecf2fef3420b CENTOS7HVM: ami-033e6106180a626d0 US1804HVM: ami-064efdb82ae15e93f US2004HVM: ami-0add13b29341a8abf SLES15HVM: ami-0c97d9b588207dad6 eu-central-1: AMZNLINUX2: ami-0df0e7600ad0913a9 AMZNLINUXHVM: ami-0ba441bdd9e494102 CENTOS7HVM: ami-04cf43aca3e6f3de3 US1804HVM: ami-0718a1ae90971ce4d US2004HVM: ami-044086cd09ec0576e SLES15HVM: ami-05dfd265ea534a3e9 eu-north-1: AMZNLINUX2: ami-074a0e4318181e9d9 AMZNLINUXHVM: ami-01a7a49829bda9d79 CENTOS7HVM: ami-5ee66f20 US1804HVM: ami-0e850e0e9c20d9deb US2004HVM: ami-0fc6c6c6492cbe870 SLES15HVM: ami-0741fa1a008af40ad eu-west-1: AMZNLINUX2: ami-099a8245f5daa82bf AMZNLINUXHVM: ami-0e61341fa75fcaa18 CENTOS7HVM: ami-0ff760d16d9497662 US1804HVM: ami-07042e91d04b1c30d US2004HVM: ami-049f322a544cfcf88 SLES15HVM: ami-0a58a1b152ba55f1d eu-west-2: AMZNLINUX2: ami-0389b2a3c4948b1a0 AMZNLINUXHVM: ami-050b8344d77081f4b CENTOS7HVM: ami-0eab3a90fc693af19 US1804HVM: ami-04cc79dd5df3bffca US2004HVM: ami-0e6273fe5a9a1ad93 SLES15HVM: ami-01497522185aaa4ee eu-west-3: AMZNLINUX2: ami-0fd9bce3a3384b635 AMZNLINUXHVM: ami-053418e626d0549fc CENTOS7HVM: ami-0e1ab783dc9489f34 US1804HVM: ami-0c367ebddcf279dc6 US2004HVM: ami-01f781b290c039ffc SLES15HVM: ami-0f238bd4c6fdbefb0 sa-east-1: AMZNLINUX2: ami-080a223be3de0c3b8 AMZNLINUXHVM: ami-05b7dbc290217250d CENTOS7HVM: ami-0b8d86d4bf91850af US1804HVM: ami-0cb1ddea3786f6c0d US2004HVM: ami-099781ab2bc69fa76 SLES15HVM: ami-0772af912976aa692 us-east-1: AMZNLINUX2: ami-0a887e401f7654935 AMZNLINUXHVM: ami-0e2ff28bfb72a4e45 CENTOS7HVM: ami-02eac2c0129f6376b US1804HVM: ami-046842448f9e74e7d US2004HVM: ami-04e7b4117bb0488e4 SLES15HVM: ami-0b1764f3d7d2e2316 us-east-2: AMZNLINUX2: ami-0e38b48473ea57778 AMZNLINUXHVM: ami-0998bf58313ab53da CENTOS7HVM: ami-0f2b4fc905b0bd1f1 US1804HVM: ami-0367b500fdcac0edc US2004HVM: ami-0502e4e82cdfcf74c SLES15HVM: ami-05ea824317ffc0c20 us-west-1: AMZNLINUX2: ami-01c94064639c71719 AMZNLINUXHVM: ami-021bb9f371690f97a CENTOS7HVM: ami-074e2d6769f445be5 US1804HVM: ami-0d58800f291760030 US2004HVM: ami-01456a894f71116f2 SLES15HVM: ami-00e34a7624e5a7107 us-west-2: AMZNLINUX2: ami-0e8c04af2729ff1bb AMZNLINUXHVM: ami-079f731edfe27c29c CENTOS7HVM: ami-01ed306a12b7d1c96 US1804HVM: ami-0edf3b95e26a682df US2004HVM: ami-0e8271975f6af5c8d SLES15HVM: ami-0f1e3b3fb0fec0361 LinuxAMINameMap: Amazon-Linux2-HVM: Code: AMZNLINUX2 Amazon-Linux-HVM: Code: AMZNLINUXHVM CentOS-7-HVM: Code: CENTOS7HVM Ubuntu-Server-20.04-LTS-HVM: Code: US2004HVM Ubuntu-Server-18.04-LTS-HVM: Code: US1804HVM SUSE-SLES-15-HVM: Code: SLES15HVM Conditions: UsingDefaultBucket: !Equals [!Ref BucketName, 'aws-quickstart'] Resources: RootRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: 'sts:AssumeRole' Principal: Service: - !Sub 'ec2.${AWS::URLSuffix}' Effect: Allow Sid: '' Policies: - PolicyDocument: Version: 2012-10-17 Statement: - Action: - 's3:GetObject' Resource: !Sub - arn:${AWS::Partition}:s3:::${S3Bucket}/${KeyPrefix}* - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'BucketName' Effect: Allow PolicyName: AuthenticatedS3GetObjects RootInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref RootRole InstanceSecurityGroup: Properties: GroupDescription: 'ssh access to instance' SecurityGroupIngress: - CidrIp: !Ref AccessCIDR FromPort: 22 IpProtocol: tcp ToPort: 22 VpcId: !Ref VPCID Type: 'AWS::EC2::SecurityGroup' LinuxInstance: Type: 'AWS::EC2::Instance' Properties: IamInstanceProfile: !Ref RootInstanceProfile ImageId: !FindInMap - AWSAMIRegionMap - !Ref 'AWS::Region' - !FindInMap - LinuxAMINameMap - !Ref TestAMIOS - Code InstanceType: t3.micro KeyName: !Ref KeyPairName SecurityGroupIds: - !Ref InstanceSecurityGroup SubnetId: !Ref SubnetId UserData: Fn::Base64: !Sub | #!/bin/bash -ex yum install git -y || apt-get install -y git #cfn signaling functions function cfn_fail { cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource LinuxInstance exit 1 } function cfn_success { cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource LinuxInstance exit 0 } until git clone -b ${GitBranch} ${GitRepo} ; do echo "Retrying"; done cd /quickstart-linux-utilities; source quickstart-cfn-tools.source; qs_update-os || qs_err; qs_aws-cfn-bootstrap || qs_err " cfn bootstrap failed "; echo "[INFO] Executing config-sets"; cfn-init -v --stack ${AWS::StackName} --resource LinuxInstance --configsets ec2_bootstrap --region ${AWS::Region} || cfn_fail; qs_status; [ $(qs_status) == 0 ] && cfn_success || cfn_fail "signaled" Metadata: AWS::CloudFormation::Authentication: S3AccessCreds: type: S3 buckets: - !If [UsingDefaultBucket, !Sub '${BucketName}-${AWS::Region}', !Ref BucketName] roleName: Ref: RootRole AWS::CloudFormation::Init: configSets: ec2_bootstrap: - helloworld_cfg helloworld_cfg: commands: 010_hello: command: /tmp/bootstrap.sh 'hello world' files: /tmp/bootstrap.sh: source: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${KeyPrefix}scripts/print_stdout.sh - S3Bucket: !If - UsingDefaultBucket - !Sub 'aws-quickstart-${AWS::Region}' - !Ref 'BucketName' S3Region: !If - UsingDefaultBucket - !Ref 'AWS::Region' - !Ref 'BucketRegion' KeyPrefix: !Ref KeyPrefix mode: '000755' owner: root group: root authentication: S3AccessCreds CreationPolicy: ResourceSignal: Count: 1 Timeout: PT20M