--- AWSTemplateFormatVersion: '2010-09-09' Description: This template creates EC2 instances on AWS. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Environment Configuration Parameters: - EnvironmentSize - Subnet - SecurityGroups - Label: default: Amazon EC2 Configuration Parameters: - KeyPairName - StackPrefix - IamInstanceProfile - Label: default: Workload Configuration Parameters: - ProxyServer - PuppetServerFQDN - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix ParameterLabels: EnvironmentSize: default: Environment Size Subnet: default: Private Subnet ID(s) SecurityGroups: default: Security Group ID(s) KeyPairName: default: Key Pair Name StackPrefix: default: Stack Name Prefix ProxyServer: default: Proxy Server URL IamInstanceProfile: default: IAM Instance Profile PuppetServerFQDN: default: Puppet Server FQDN QSS3BucketName: default: Quick Start S3 bucket QSS3KeyPrefix: default: Quick Start S3 key prefix Parameters: EnvironmentSize: Type: String Default: Small AllowedValues: - Small - Medium - Large Description: Select Environment Size (S,M,L) Subnet: Type: AWS::EC2::Subnet::Id Description: The list of SubnetIds in your Virtual Private Cloud (VPC) ConstraintDescription: must be a list of at least two existing subnets associated with at least two different availability zones. They should be residing in the selected Virtual Private Cloud. SecurityGroups: Type: List Description: The list of SecurityGroupIds in your Virtual Private Cloud (VPC) ConstraintDescription: must be the SecurityGroup Ids of an existing Virtual Private Cloud. KeyPairName: Description: The EC2 Key Pair to allow SSH access to the instances Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. StackPrefix: Type: String MinLength: "1" MaxLength: "20" AllowedPattern: "[a-zA-Z0-9]*" Description: The prefix to all the associated resources in the stack Default: Simphony ProxyServer: Type: String Default: "http://192.168.50.197:3128" PuppetServerFQDN: Type: String Default: "puppet.skillnetaws.com" IamInstanceProfile: Type: String Default: simphony_instance_profile Description: must be the IAM Instance Profile of an existing Virtual Private Cloud. QSS3BucketName: AllowedPattern: "^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$" ConstraintDescription: "Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)." Default: aws-quickstart Description: "S3 bucket name for the Quick Start assets. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)." Type: String QSS3BucketRegion: Default: 'us-east-1' Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. Type: String QSS3KeyPrefix: AllowedPattern: "^[0-9a-zA-Z-/]*$" ConstraintDescription: "Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)." Default: quickstart-skillnet-simphony/ Description: "S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/)." Type: String Mappings: RegionMap: us-east-1: "OEL7AMI" : "ami-0f5e4de17ec9ea1b8" ap-northeast-1: "OEL7AMI" : "ami-070d8d39442436586" ap-northeast-2: "OEL7AMI" : "ami-088fd31b9429bab5f" ap-south-1: "OEL7AMI" : "ami-08e4e9f5c64c4befc" ap-southeast-1: "OEL7AMI" : "ami-0284c1360e759acdf" ap-southeast-2: "OEL7AMI" : "ami-07824d3d329f9a9f8" ca-central-1: "OEL7AMI" : "ami-03bb0516cb27a3103" eu-central-1: "OEL7AMI" : "ami-03776a387eb0f2cb4" eu-north-1: "OEL7AMI" : "ami-05e73148d1af4b031" eu-west-1: "OEL7AMI" : "ami-0d2e527a99778d31c" eu-west-2: "OEL7AMI" : "ami-05e974c6d389dc49e" eu-west-3: "OEL7AMI" : "ami-00305c4621f7761e5" sa-east-1: "OEL7AMI" : "ami-09a4c73fc7f5e5a38" us-east-2: "OEL7AMI" : "ami-029d1f47786637314" us-west-1: "OEL7AMI" : "ami-0139118fa80b5b4bb" us-west-2: "OEL7AMI" : "ami-001ed3bebf18ea5d6" InstanceSize: Small: "EC2" : "c5.large" "EbsVolumeSize" : "100" Medium: "EC2" : "c5.xlarge" "EbsVolumeSize" : "200" Large: "EC2" : "c5.2xlarge" "EbsVolumeSize" : "250" Resources: PuppetServer: Type: AWS::EC2::Instance Properties: KeyName: !Ref KeyPairName InstanceType: !FindInMap [InstanceSize, !Ref EnvironmentSize, EC2] ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", OEL7AMI] IamInstanceProfile: !Ref IamInstanceProfile SubnetId: !Ref Subnet SecurityGroupIds: !Ref SecurityGroups BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeSize: !FindInMap [InstanceSize, !Ref EnvironmentSize, EbsVolumeSize] VolumeType: "gp2" Tags: - Key: Name Value: !Join [ " - ", [ !Ref StackPrefix, "Puppet Server" ] ] - Key: LCM_TAG Value: SIM UserData: "Fn::Base64": !Sub | #!/bin/bash #sudo su root echo "proxy=${ProxyServer}" >> /etc/yum.conf yum -y install ca-certificates echo "$(curl http://169.254.169.254/latest/meta-data/local-ipv4) ${PuppetServerFQDN} puppet" >> /etc/hosts #Install ntp server yum -y install ntp ntpdate systemctl start ntpd systemctl enable ntpd #Install puppet agent rpm -Uvh -httpproxy "${ProxyServer}" https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm yum -y install puppetserver mkdir /JAVA mkdir -p /ORACLEDB/12.1.0.2/ chmod -R 777 /etc/puppetlabs /usr/local/bin/aws s3 cp "s3://${QSS3BucketName}/${QSS3KeyPrefix}scripts/fileserver.conf" /etc/puppetlabs/puppet/ /usr/local/bin/aws s3 cp "s3://${QSS3BucketName}/${QSS3KeyPrefix}scripts/hiera.yaml" /etc/puppetlabs/puppet/ /usr/local/bin/aws s3 cp "s3://${QSS3BucketName}/${QSS3KeyPrefix}scripts/puppet.conf" /etc/puppetlabs/puppet/ Outputs: PupperServerIP: Description: Puppet Server Private IP address Value: !GetAtt PuppetServer.PrivateIp Export: Name: !Sub "${AWS::StackName}-PrivateIp"