CloudFormationでEC2を立てる
Security Groupは今の所SSHのみ
AWSTemplateFormatVersion: "2010-09-09"
Description:
EC2 Instance Create
Metadata:
"AWS::CloudFormation::Interface":
ParameterGroups:
- Label:
default: "Project Name Prefix"
Parameters:
- PJPrefix
- Label:
default: "EC2Instance Configuration"
Parameters:
- KeyPairName
- EC2InstanceName
- EC2InstanceAMI
- EC2InstanceInstanceType
- EC2InstanceVolumeType
- EC2InstanceVolumeSize
- EC2InstanceSubnet
- SSHAccessSourceIP
ParameterLabels:
KeyPairName:
default: "KeyPiarName"
EC2InstanceName:
default: "EC2 Name"
EC2InstanceAMI:
default: "EC2 AMI"
EC2InstanceInstanceType:
default: "EC2 InstanceType"
EC2InstanceVolumeType:
default: "EC2 VolumeType"
EC2InstanceVolumeSize:
default: "EC2 VolumeSize"
EC2InstanceSubnet:
default: "EC2 Subnet"
SSHAccessSourceIP:
default: "SSH AccessSourceIP"
# ------------------------------------------------------------#
# Input Parameters
# ------------------------------------------------------------#
Parameters:
PJPrefix:
Type: String
#EC2Instance
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
Default: ""
EC2InstanceName:
Type: String
Default: "ec2-01"
EC2InstanceAMI:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
EC2InstanceInstanceType:
Type: String
Default: "t2.micro"
EC2InstanceVolumeType:
Type: String
Default: "gp2"
EC2InstanceVolumeSize:
Type: String
Default: "30"
EC2InstanceSubnet:
Type: String
Default: "public-subnet-a"
AllowedValues: [ public-subnet-a, public-subnet-c ]
SSHAccessSourceIP:
Type: String
Resources:
# ------------------------------------------------------------#
# IAM Role for EC2
# ------------------------------------------------------------#
EC2IAMRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub "${PJPrefix}-${EC2InstanceName}-role"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
- "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess"
EC2InstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: "/"
Roles:
- Ref: EC2IAMRole
InstanceProfileName: !Sub "${PJPrefix}-${EC2InstanceName}-profile"
# ------------------------------------------------------------#
# EC2Instance
# ------------------------------------------------------------#
EC2Instance:
Type: "AWS::EC2::Instance"
Properties:
Tags:
- Key: Name
Value: !Sub "${PJPrefix}-${EC2InstanceName}"
ImageId: !Ref EC2InstanceAMI
InstanceType: !Ref EC2InstanceInstanceType
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref EC2InstanceProfile
DisableApiTermination: false
EbsOptimized: false
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
DeleteOnTermination: true
VolumeType: !Ref EC2InstanceVolumeType
VolumeSize: !Ref EC2InstanceVolumeSize
SecurityGroupIds:
- !Ref ManagedSecurityGroup
SubnetId: {"Fn::ImportValue": !Sub "${PJPrefix}-${EC2InstanceSubnet}"}
UserData: !Base64 |
#! /bin/bash
yum update -y
# ------------------------------------------------------------#
# SecurityGroup for Managed
# ------------------------------------------------------------#
ManagedSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
VpcId: {"Fn::ImportValue": !Sub "${PJPrefix}-vpc"}
GroupName: !Sub "${PJPrefix}-managed-sg"
GroupDescription: "-"
Tags:
- Key: "Name"
Value: !Sub "${PJPrefix}-managed-sg"
# Rule
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref SSHAccessSourceIP
# ------------------------------------------------------------#
# ElasticIP
# ------------------------------------------------------------#
ElasticIP:
Type: "AWS::EC2::EIP"
Properties:
Domain: vpc
ElasticIPAssociate:
Type: AWS::EC2::EIPAssociation
Properties:
AllocationId: !GetAtt ElasticIP.AllocationId
InstanceId: !Ref EC2Instance
# ------------------------------------------------------------#
# Output Parameters
# ------------------------------------------------------------#
Outputs:
#EC2Instance
EC2InstanceID:
Value: !Ref EC2Instance
Export:
Name: !Sub "${PJPrefix}-${EC2InstanceName}-id"
EC2InstancePrivateIp:
Value: !GetAtt EC2Instance.PrivateIp
Export:
Name: !Sub "${PJPrefix}-${EC2InstanceName}-private-ip"
EC2InstanceEIP:
Value: !GetAtt EC2Instance.PublicIp
Export:
Name: !Sub "${PJPrefix}-${EC2InstanceName}-eip"
EC2InstanceRoleName:
Value: !Sub "${PJPrefix}-${EC2InstanceName}-role"
Export:
Name: !Sub "${PJPrefix}-${EC2InstanceName}-role-name"
うおおおおおおおおおおお
まじか…. CloudFormationでEC2までくると、ど素人は脱出した感がある。
