Skip to content

Instantly share code, notes, and snippets.

@Luzifer

Luzifer/usproxy_wor53.json

Created May 13, 2012 14:45
Show Gist options
  • Save Luzifer/2688759 to your computer and use it in GitHub Desktop.
Save Luzifer/2688759 to your computer and use it in GitHub Desktop.
Download ZIP
AWS Cloudformation template to create a running OpenVPN server in AWS US
Raw
usproxy_wor53.json
{
"Description" : "Template to create a US proxy server",
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type" : "String"
},
"VPNServerPort" : {
"Description" : "TCP/IP port of the OpenVPN server",
"Type" : "String",
"Default" : "1194"
},
"InstanceType" : {
"Description" : "EC2 instance type",
"Type" : "String",
"Default" : "t1.micro",
"AllowedValues" : [
"t1.micro",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge",
"c1.medium",
"c1.xlarge",
"cc1.4xlarge",
"cc2.8xlarge",
"cg1.4xlarge"
],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"ConfigBucket" : {
"Description" : "Name of the Bucket containing the files for /etc/openvpn",
"Type" : "String"
}
},
"Mappings" : {
"AWSRegionArch2AMI" : {
"us-east-1" : { "AMI" : "ami-3a2e8d53" },
"us-west-1" : { "AMI" : "ami-4bebb10e" },
"us-west-2" : { "AMI" : "ami-5220ac62" },
"eu-west-1" : { "AMI" : "ami-39f9fc4d" },
"sa-east-1" : { "AMI" : "ami-c407d9d9" },
"ap-southeast-1" : { "AMI" : "ami-80e2a4d2" },
"ap-northeast-1" : { "AMI" : "ami-f052e1f1" }
}
},
"Resources" : {
"MyEIP" : {
"Type" : "AWS::EC2::EIP"
},
"ServerUser" : {
"Type" : "AWS::IAM::User",
"Properties" : {
"Path": "/",
"Policies": [{
"PolicyName": "root",
"PolicyDocument": { "Statement":[{
"Effect":"Allow",
"Action": [
"cloudformation:DescribeStackResource",
"s3:Put"
],
"Resource":"*"
}]}
}]
}
},
"HostKeys" : {
"Type" : "AWS::IAM::AccessKey",
"Properties" : {
"UserName" : {"Ref": "ServerUser"}
}
},
"EIPAssoc" : {
"Type" : "AWS::EC2::EIPAssociation",
"Properties" : {
"InstanceId" : { "Ref" : "Ec2Instance" },
"EIP" : { "Ref" : "MyEIP" }
}
},
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access and OpenVPN access on the configured port",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" },
{ "IpProtocol" : "udp", "FromPort" : { "Ref" : "VPNServerPort" }, "ToPort" : { "Ref" : "VPNServerPort" }, "CidrIp" : "0.0.0.0/0" }
]
}
},
"WaitHandle" : {
"Type" : "AWS::CloudFormation::WaitConditionHandle"
},
"WaitCondition" : {
"Type" : "AWS::CloudFormation::WaitCondition",
"DependsOn" : "Ec2Instance",
"Properties" : {
"Handle" : { "Ref" : "WaitHandle" },
"Timeout" : "1200"
}
},
"BucketPolicy" : {
"Type" : "AWS::S3::BucketPolicy",
"Properties" : {
"PolicyDocument" : {
"Id" : "MyPolicy",
"Statement" : [
{
"Sid" : "ReadAccess",
"Action" : [ "s3:*" ],
"Effect" : "Allow",
"Resource" : [
{ "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ConfigBucket" }, "/*"]] },
{ "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ConfigBucket" }, ""]] }
],
"Principal" : { "AWS" : {"Fn::GetAtt" : ["ServerUser", "Arn"]} }
}
]
},
"Bucket" : { "Ref" : "ConfigBucket" }
}
},
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"packages" : {
"apt" : {
"s3cmd" : [],
"openvpn" : []
}
},
"files" : {
"/home/ubuntu/.s3cfg" : {
"content" : { "Fn::Join" : ["", [
"[default]\n",
"access_key = ", { "Ref" : "HostKeys" }, "\n",
"secret_key = ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]}, "\n",
"use_https = True\n"
]]},
"mode" : "000644",
"owner" : "ubuntu",
"group" : "ubuntu"
},
"/home/ubuntu/resync.sh" : {
"content" : { "Fn::Join" : ["", [
"#!/bin/bash\n",
"s3cmd sync /etc/openvpn/ s3://", { "Ref" : "ConfigBucket" }, "/\n"
]] },
"mode" : "000700",
"owner" : "ubuntu",
"group" : "ubuntu"
}
}
}
}
},
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, "AMI" ] },
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"KeyName" : { "Ref" : "KeyName" },
"InstanceType" : { "Ref" : "InstanceType" },
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash\n",
"function error_exit\n",
"{\n",
" cfn-signal -e 1 -r \"$1\" '", { "Ref" : "WaitHandle" }, "'\n",
" exit 1\n",
"}\n",
"apt-get -y install python-setuptools\n",
"easy_install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"cfn-init --region ", { "Ref" : "AWS::Region" },
" -s ", { "Ref" : "AWS::StackName" }, " -r Ec2Instance ",
" --access-key ", { "Ref" : "HostKeys" },
" --secret-key ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]}, " || error_exit 'Failed to run cfn-init'\n",
"# Sync OpenVPN config and restart daemon\n",
"s3cmd -c /home/ubuntu/.s3cfg sync s3://", { "Ref" : "ConfigBucket" }, "/ /etc/openvpn/\n",
"/etc/init.d/openvpn restart\n",
"# Finally send success signal\n",
"cfn-signal -e 0 -r 'Startup script finished' '", { "Ref" : "WaitHandle" }, "'\n"
]] } }
}
}
},
"Outputs" : {
"IPAddress" : {
"Value" : { "Ref" : "MyEIP" },
"Description" : "Public IP address of instance"
},
"InstanceId" : {
"Value" : { "Ref" : "Ec2Instance" },
"Description" : "Instance Id of newly created instance"
}
}
}
@alexmfring
Copy link

Awesome !
you should add:
"# Enable ipv4 forward\n"
"sed -i 's,net.ipv4.ip_forward = 0,net.ipv4.ip_forward = 1,g' /etc/sysctl.conf\n",

      "sysctl -p\n",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment