Skip to content

Launch EC2 instance with CloudFormation #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
khashf wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Launch EC2 instance with CloudFormation #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
12438fe
Change instance's volume size to a variable
khashf Apr 4, 2018
58f334c
Update: Make instance's volume type a variable loaded from file
khashf Apr 4, 2018
6e8ea8e
Update: DeleteOnTermination becomes a variable loaded from file
khashf Apr 4, 2018
ab1c7c6
Improve comment around $EC2PROFILE loading
khashf Apr 4, 2018
776f899
Definitely do *not* want to lose the databases
MikeTheCanuck Apr 8, 2018
75b42aa
Add CloudFormation template
khashf Apr 12, 2018
1da6dc8
Roll back 2 intentionally file changes
khashf Apr 12, 2018
83920cd
Update policy that limit access only to a certain s3 bucket
khashf Apr 13, 2018
a3b76e2
Update: Persist Block Device after instance Termination
khashf Apr 13, 2018
d80952c
Separate IAM Role away from EC2 instance launching
khashf Apr 20, 2018
caf9dc8
Rename directory
khashf Apr 20, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion bin/create-ec2-machine-database.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,4 +58,4 @@ aws ec2 describe-instances \
--instance-ids $INSTANCE_ID \
--query 'Reservations[0].Instances[0].PublicIpAddress'

rm -f $INSTANCE_ID_FILE
rm -f $INSTANCE_ID_FILE
2 changes: 1 addition & 1 deletion bin/ec2-profile-database-development.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ KEYNAME='hackoregon-2018-database-dev-env'
REGION='us-west-2'
SECURITYGROUPIDS='sg-28154957'
SUBNETID='subnet-8794fddf'
VOLUMESIZE='8'
VOLUMESIZE='8'
107 changes: 107 additions & 0 deletions cloudformation/ec2-db.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
# Itention:
# Create a ec2 instance that has read permission to the existing s3 instance(s)

# USAGE:
# Run:
# aws cloudformation create-stack --stack-name <stack name here> --template-body file:///absolute/path/to/this-file.yaml --capabilities CAPABILITY_NAMED_IAM

# PREREQUISITES:
# - The IAM role for this instance must already exist

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation to create a ec2 instance that has read permission to the existing s3 instance(s)'

Parameters:

InstanceType:
Description: Instance type used to build the machine(s)
Type: String
Default: t2.micro

ImageId:
Description: AMI ID used to build the machine(s)
Type: String
Default: ami-7f43f307

AvailabilityZone:
Description: Avalaibility Zone to deploy within (different than region)
Type: String
Default: us-west-2a

SubnetId:
Description: Subnet's ID to be located at
Type: String
Default: subnet-8794fddf

SecurityGroupId:
Description: The Security Groups to use for the EC2 hosts
Type: String
Default: sg-28154957

Resources:

DBInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro # !Ref InstanceType
ImageId: ami-7f43f307 # !Ref ImageId
SecurityGroupIds:
-
sg-28154957 # !Ref SecurityGroupId
AvailabilityZone: us-west-2a # !Ref AvailabilityZone
SubnetId: subnet-8794fddf # !Ref SubnetId
IamInstanceProfile:
!Ref InstanceProfile
BlockDeviceMappings:
-
DeviceName: /dev/sdb # !Ref DeviceName
Ebs:
VolumeType: gp2 # !Ref VolumeType
VolumeSize: 8 # !Ref VolumeSize
DeleteOnTermination: False # True # !Ref DeleteOnTermination
KeyName: hackoregon-2018-database-dev-env # !Ref KeyName
Tags:
-
Key: Name
Value: DB # !Ref InstanceName

# Role:
# Type: AWS::IAM::Role
# Properties:
# RoleName: db-role
# AssumeRolePolicyDocument:
# Version: '2012-10-17'
# Statement:
# - Effect: Allow
# Principal:
# Service:
# - ec2.amazonaws.com
# Action:
# - sts:AssumeRole
# Path: "/"
# #Policies:
# # - !Ref RolePolicies

# RolePolicies:
# Type: AWS::IAM::Policy
# Properties:
# PolicyName: ec2-read-s3-policy
# PolicyDocument:
# Version: '2012-10-17'
# Statement:
# - Effect: Allow
# Action:
# - "s3:GetObject"
# - "s3:ListBucket"
# Resource: "arn:aws:s3:::hacko-data-archive/*"
# Roles:
# - !Ref Role

InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
# - !Ref Role
- db-role
44 changes: 44 additions & 0 deletions cloudformation/ec2-iam-role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# Itention:
# Create an IAM role for EC2 instance

# USAGE:
# Run:
# aws cloudformation create-stack --stack-name <stack name here> --template-body file:///absolute/path/to/this-file.yaml --capabilities CAPABILITY_NAMED_IAM

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation Template to create EC2 instances'

Resources:

Role:
Type: AWS::IAM::Role
Properties:
RoleName: db-role
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
#Policies:
# - !Ref RolePolicies

RolePolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: ec2-read-s3-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "s3:GetObject"
- "s3:ListBucket"
Resource: "arn:aws:s3:::hacko-data-archive/*"
Roles:
- !Ref Role