Created
October 15, 2017 17:24
-
-
Save eMahtab/c3e054db0a7132fc7412da79090da78c to your computer and use it in GitHub Desktop.
Securely Copying-war-from-s3-with-user-keys using CloudFormation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "AWS CloudFormation Sample Template VPC_with_PublicIPs_And_DNS: Sample template that creates a VPC with DNS and public IPs enabled. Note that you are billed for the AWS resources that you use when you create a stack from this template.", | |
| "Parameters": { | |
| "KeyPair": { | |
| "Description": "Name of the keypair to use for SSH access", | |
| "Type": "String" | |
| }, | |
| "BucketName" : { | |
| "Description" : "Name of bucket containing application war", | |
| "Type" : "String", | |
| "Default" : "war.bucket" | |
| } | |
| }, | |
| "Resources" : { | |
| "VPC" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "EnableDnsSupport" : "true", | |
| "EnableDnsHostnames" : "true", | |
| "CidrBlock" : "10.0.0.0/16" | |
| } | |
| }, | |
| "PublicSubnet" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : "10.0.0.0/24" | |
| } | |
| }, | |
| "InternetGateway" : { | |
| "Type" : "AWS::EC2::InternetGateway" | |
| }, | |
| "VPCGatewayAttachment" : { | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "InternetGatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicRouteTable" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" } | |
| } | |
| }, | |
| "PublicRoute" : { | |
| "Type" : "AWS::EC2::Route", | |
| "DependsOn" : "VPCGatewayAttachment", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "GatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicSubnetRouteTableAssociation" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PublicSubnet" }, | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" } | |
| } | |
| }, | |
| "PublicSubnetNetworkAclAssociation" : { | |
| "Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PublicSubnet" }, | |
| "NetworkAclId" : { "Fn::GetAtt" : ["VPC", "DefaultNetworkAcl"] } | |
| } | |
| }, | |
| "WebServerSecurityGroup" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable HTTP ingress", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "SecurityGroupIngress" : [ | |
| {"IpProtocol" : "tcp","FromPort" : "80","ToPort" : "80","CidrIp" : "0.0.0.0/0"}, | |
| {"IpProtocol" : "tcp","FromPort" : "8080","ToPort" : "8080","CidrIp" : "0.0.0.0/0"}, | |
| {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}] | |
| } | |
| }, | |
| "CfnUser" : { | |
| "Type" : "AWS::IAM::User", | |
| "Properties" : { | |
| "Path": "/", | |
| "Policies": [{ | |
| "PolicyName": "root", | |
| "PolicyDocument": { "Statement":[{ | |
| "Effect" : "Allow", | |
| "Action" : [ | |
| "s3:GetObject" | |
| ], | |
| "Resource" :{"Fn::Join": ["",["arn:aws:s3:::",{"Ref":"BucketName"},"/*"]]} | |
| }]} | |
| }] | |
| } | |
| }, | |
| "CfnKeys" : { | |
| "Type" : "AWS::IAM::AccessKey", | |
| "Properties" : { | |
| "UserName" : {"Ref": "CfnUser"} | |
| } | |
| }, | |
| "WebServerInstance": { | |
| "Type": "AWS::EC2::Instance", | |
| "Metadata" : { | |
| "AWS::CloudFormation::Init" : { | |
| "config" : { | |
| "files" : { | |
| "/usr/share/tomcat7/webapps/sample.war" : { | |
| "source" : { | |
| "Fn::Join" : ["", ["https://s3.amazonaws.com/",{ "Ref" : "BucketName" },"/","sample.war"]] | |
| }, | |
| "owner" : "root", | |
| "mode" : "000777", | |
| "authentication": "S3AccessCreds" | |
| } | |
| } | |
| } | |
| }, | |
| "AWS::CloudFormation::Authentication" : { | |
| "S3AccessCreds" : { | |
| "type" : "S3", | |
| "accessKeyId" : { "Ref" : "CfnKeys" }, | |
| "secretKey" : {"Fn::GetAtt": ["CfnKeys", "SecretAccessKey"]}, | |
| "buckets" : [ { "Ref" : "BucketName" } ] | |
| } | |
| } | |
| }, | |
| "Properties": { | |
| "InstanceType": "t2.micro", | |
| "ImageId": "ami-8c1be5f6", | |
| "NetworkInterfaces" : [{ | |
| "GroupSet" : [{"Ref": "WebServerSecurityGroup"}], | |
| "AssociatePublicIpAddress" : "true", | |
| "DeviceIndex" : "0", | |
| "DeleteOnTermination" : "true", | |
| "SubnetId" : {"Ref": "PublicSubnet"} | |
| }], | |
| "KeyName": { | |
| "Ref": "KeyPair" | |
| }, | |
| "UserData": { | |
| "Fn::Base64": { | |
| "Fn::Join": [ | |
| "", | |
| [ | |
| "#!/bin/bash -xe\n", | |
| "sudo yum update -y\n", | |
| "sudo yum install -y tomcat7-webapps tomcat7-docs-webapp tomcat7-admin-webapps\n", | |
| "sudo service tomcat7 start\n", | |
| "yum update -y aws-cfn-bootstrap\n", | |
| "# Installing application\n", | |
| "/opt/aws/bin/cfn-init -s ",{ "Ref" : "AWS::StackName" }, | |
| " -r WebServerInstance ", | |
| " --region ", { "Ref" : "AWS::Region" } | |
| ] | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "URL" : { | |
| "Description" : "URL of the sample website", | |
| "Value" : { "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "WebServerInstance", "PublicDnsName" ]},":8080"]]} | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment