BrutalSimplicity · February 16, 2022 17:48
diff --git a/cloudformation.yml b/cloudformation.yml
 AWSTemplateFormatVersion: 2010-09-09
 Description: Neptune Bastion Host for Developers
 Parameters:
  pEnvironment:
    Type: String
  pPrefix:
    Type: String
  pVpc:
    Type: String
  pServiceName:
    Type: String
  pPrivateSubnet:
    Type: String
  pSecurityGroup:
    Type: String
  pKeyPairName:
    Type: String
  pInstanceType:
    Type: String
 Mappings:
  RegionMap:
    us-east-1:
      AMI: "ami-0b46d8cdf02223688"

 Resources:
  BastionHostSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Ref pServiceName
      GroupDescription: EC2 Bastion Host Security Group
      VpcId: !Ref pVpc
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 8182
          ToPort: 8182
          CidrIp: 0.0.0.0/0
        - IpProtocol: icmp
          FromPort: -1
          ToPort: -1
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 8182
          ToPort: 8182
          CidrIp: 0.0.0.0/0
  NeptuneBastionHostIngressRule:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref pSecurityGroup
      IpProtocol: tcp
      FromPort: 8182
      ToPort: 8182
      SourceSecurityGroupId: !GetAtt BastionHostSecurityGroup.GroupId
  BastionHost:
    Type: AWS::EC2::Instance
    Properties:
      KeyName: !Ref pKeyPairName
      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI]
      InstanceType: !Ref pInstanceType
      Monitoring: true
      SubnetId: !Ref pPrivateSubnet
      SecurityGroupIds:
        - !GetAtt BastionHostSecurityGroup.GroupId
      UserData:
        Fn::Base64: |
          #!bin/bash
          sed 's/#AllowTcpForwarding/AllowTcpForwarding/g' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp
          rm -f /etc/ssh/sshd_config
          mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config
      Tags:
        - Key: Name
          Value: !Ref pServiceName
  BastionHostElasticIp:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
      InstanceId: !Ref BastionHost

 Outputs:
  BastionHost:
    Value: !Ref BastionHost
  BastionIp:
    Value: !Ref BastionHostElasticIp
	AWSTemplateFormatVersion: 2010-09-09
	Description: Neptune Bastion Host for Developers
	Parameters:
	pEnvironment:
	Type: String
	pPrefix:
	Type: String
	pVpc:
	Type: String
	pServiceName:
	Type: String
	pPrivateSubnet:
	Type: String
	pSecurityGroup:
	Type: String
	pKeyPairName:
	Type: String
	pInstanceType:
	Type: String
	Mappings:
	RegionMap:
	us-east-1:
	AMI: "ami-0b46d8cdf02223688"

	Resources:
	BastionHostSecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupName: !Ref pServiceName
	GroupDescription: EC2 Bastion Host Security Group
	VpcId: !Ref pVpc
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: 22
	ToPort: 22
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: 8182
	ToPort: 8182
	CidrIp: 0.0.0.0/0
	- IpProtocol: icmp
	FromPort: -1
	ToPort: -1
	CidrIp: 0.0.0.0/0
	SecurityGroupEgress:
	- IpProtocol: tcp
	FromPort: 22
	ToPort: 22
	CidrIp: 0.0.0.0/0
	- IpProtocol: tcp
	FromPort: 8182
	ToPort: 8182
	CidrIp: 0.0.0.0/0
	NeptuneBastionHostIngressRule:
	Type: AWS::EC2::SecurityGroupIngress
	Properties:
	GroupId: !Ref pSecurityGroup
	IpProtocol: tcp
	FromPort: 8182
	ToPort: 8182
	SourceSecurityGroupId: !GetAtt BastionHostSecurityGroup.GroupId
	BastionHost:
	Type: AWS::EC2::Instance
	Properties:
	KeyName: !Ref pKeyPairName
	ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI]
	InstanceType: !Ref pInstanceType
	Monitoring: true
	SubnetId: !Ref pPrivateSubnet
	SecurityGroupIds:
	- !GetAtt BastionHostSecurityGroup.GroupId
	UserData:
	Fn::Base64: \|
	#!bin/bash
	sed 's/#AllowTcpForwarding/AllowTcpForwarding/g' /etc/ssh/sshd_config > /etc/ssh/sshd_config.tmp
	rm -f /etc/ssh/sshd_config
	mv /etc/ssh/sshd_config.tmp /etc/ssh/sshd_config
	Tags:
	- Key: Name
	Value: !Ref pServiceName
	BastionHostElasticIp:
	Type: AWS::EC2::EIP
	Properties:
	Domain: vpc
	InstanceId: !Ref BastionHost

	Outputs:
	BastionHost:
	Value: !Ref BastionHost
	BastionIp:
	Value: !Ref BastionHostElasticIp