Skip to content

Instantly share code, notes, and snippets.

@neftaly

neftaly/gist:e3fda0d6147cf96ec082

Created November 23, 2014 03:07
Show Gist options
  • Save neftaly/e3fda0d6147cf96ec082 to your computer and use it in GitHub Desktop.
Save neftaly/e3fda0d6147cf96ec082 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.yml
---
AWSTemplateFormatVersion: "2010-09-09"
Description: "AWS CloudFormation Sample Template CloudWatch_Logs: Provisions a minimal web application, and demonstrates how to stream the provisioning logs (cloud-init.log, cfn-init.log, cfn-hup.log, and cfn-wire.log) to CloudWatch Logs. This eliminates the need to SSH into an EC2 instance for debugging provisioning issues. Simply view the logs in the AWS CloudWatch console. **WARNING** You will be billed for the AWS resources if you create a stack from this template."
Parameters:
InstanceType:
Description: "WebServer EC2 instance type"
Type: "String"
Default: "m1.small"
AllowedValues:
- "t1.micro"
- "t2.micro"
- "t2.small"
- "t2.medium"
- "m1.small"
- "m1.medium"
- "m1.large"
- "m1.xlarge"
- "m2.xlarge"
- "m2.2xlarge"
- "m2.4xlarge"
- "m3.medium"
- "m3.large"
- "m3.xlarge"
- "m3.2xlarge"
- "c1.medium"
- "c1.xlarge"
- "c3.large"
- "c3.xlarge"
- "c3.2xlarge"
- "c3.4xlarge"
- "c3.8xlarge"
- "g2.2xlarge"
- "r3.large"
- "r3.xlarge"
- "r3.2xlarge"
- "r3.4xlarge"
- "r3.8xlarge"
- "i2.xlarge"
- "i2.2xlarge"
- "i2.4xlarge"
- "i2.8xlarge"
- "hi1.4xlarge"
- "hs1.8xlarge"
- "cr1.8xlarge"
- "cc2.8xlarge"
- "cg1.4xlarge"
ConstraintDescription: "must be a valid EC2 instance type."
KeyName:
Description: "Name of an existing EC2 KeyPair to enable SSH access to the instances"
Type: "AWS::EC2::KeyPair::KeyName"
ConstraintDescription: "must be the name of an existing EC2 KeyPair."
SSHLocation:
Description: "The IP address range that can be used to SSH to the EC2 instances"
Type: "String"
MinLength: "9"
MaxLength: "18"
Default: "0.0.0.0/0"
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: "must be a valid IP CIDR range of the form x.x.x.x/x."
Mappings:
AWSInstanceType2Arch:
t1.micro:
Arch: "PV64"
t2.micro:
Arch: "HVM64"
t2.small:
Arch: "HVM64"
t2.medium:
Arch: "HVM64"
m1.small:
Arch: "PV64"
m1.medium:
Arch: "PV64"
m1.large:
Arch: "PV64"
m1.xlarge:
Arch: "PV64"
m2.xlarge:
Arch: "PV64"
m2.2xlarge:
Arch: "PV64"
m2.4xlarge:
Arch: "PV64"
m3.medium:
Arch: "HVM64"
m3.large:
Arch: "HVM64"
m3.xlarge:
Arch: "HVM64"
m3.2xlarge:
Arch: "HVM64"
c1.medium:
Arch: "PV64"
c1.xlarge:
Arch: "PV64"
c3.large:
Arch: "HVM64"
c3.xlarge:
Arch: "HVM64"
c3.2xlarge:
Arch: "HVM64"
c3.4xlarge:
Arch: "HVM64"
c3.8xlarge:
Arch: "HVM64"
g2.2xlarge:
Arch: "HVMG2"
r3.large:
Arch: "HVM64"
r3.xlarge:
Arch: "HVM64"
r3.2xlarge:
Arch: "HVM64"
r3.4xlarge:
Arch: "HVM64"
r3.8xlarge:
Arch: "HVM64"
i2.xlarge:
Arch: "HVM64"
i2.2xlarge:
Arch: "HVM64"
i2.4xlarge:
Arch: "HVM64"
i2.8xlarge:
Arch: "HVM64"
hi1.4xlarge:
Arch: "HVM64"
hs1.8xlarge:
Arch: "HVM64"
cr1.8xlarge:
Arch: "HVM64"
cc2.8xlarge:
Arch: "HVM64"
AWSRegionArch2AMI:
us-east-1:
PV64: "ami-50842d38"
HVM64: "ami-08842d60"
HVMG2: "ami-3a329952"
us-west-2:
PV64: "ami-af86c69f"
HVM64: "ami-8786c6b7"
HVMG2: "ami-47296a77"
us-west-1:
PV64: "ami-c7a8a182"
HVM64: "ami-cfa8a18a"
HVMG2: "ami-331b1376"
eu-west-1:
PV64: "ami-aa8f28dd"
HVM64: "ami-748e2903"
HVMG2: "ami-00913777"
ap-southeast-1:
PV64: "ami-20e1c572"
HVM64: "ami-d6e1c584"
HVMG2: "ami-fabe9aa8"
ap-northeast-1:
PV64: "ami-21072820"
HVM64: "ami-35072834"
HVMG2: "ami-5dd1ff5c"
ap-southeast-2:
PV64: "ami-8b4724b1"
HVM64: "ami-fd4724c7"
HVMG2: "ami-e98ae9d3"
sa-east-1:
PV64: "ami-9d6cc680"
HVM64: "ami-956cc688"
HVMG2: "NOT_SUPPORTED"
cn-north-1:
PV64: "ami-a857c591"
HVM64: "ami-ac57c595"
HVMG2: "NOT_SUPPORTED"
eu-central-1:
PV64: "ami-a03503bd"
HVM64: "ami-b43503a9"
HVMG2: "ami-b03503ad"
Region2Principal:
us-east-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
us-west-2:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
us-west-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
eu-west-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
ap-southeast-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
ap-northeast-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
ap-southeast-2:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
sa-east-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
cn-north-1:
EC2Principal: "ec2.amazonaws.com.cn"
OpsWorksPrincipal: "opsworks.amazonaws.com.cn"
eu-central-1:
EC2Principal: "ec2.amazonaws.com"
OpsWorksPrincipal: "opsworks.amazonaws.com"
Region2ARNPrefix:
us-east-1:
ARNPrefix: "arn:aws:"
us-west-1:
ARNPrefix: "arn:aws:"
us-west-2:
ARNPrefix: "arn:aws:"
eu-west-1:
ARNPrefix: "arn:aws:"
ap-northeast-1:
ARNPrefix: "arn:aws:"
ap-southeast-1:
ARNPrefix: "arn:aws:"
ap-southeast-2:
ARNPrefix: "arn:aws:"
sa-east-1:
ARNPrefix: "arn:aws:"
cn-north-1:
ARNPrefix: "arn:aws-cn:"
eu-central-1:
ARNPrefix: "arn:aws:"
Resources:
LogRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
-
Fn::FindInMap:
- "Region2Principal"
-
Ref: "AWS::Region"
- "EC2Principal"
Action:
- "sts:AssumeRole"
Path: "/"
Policies:
-
PolicyName: "LogRolePolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "logs:*"
Resource:
-
Fn::Join:
- ""
-
-
Fn::FindInMap:
- "Region2ARNPrefix"
-
Ref: "AWS::Region"
- "ARNPrefix"
- "logs:*:*:*"
LogRoleInstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: "/"
Roles:
-
Ref: "LogRole"
CloudFormationLogs:
Type: "AWS::Logs::LogGroup"
Properties:
RetentionInDays: 7
WebServerInstance:
Type: "AWS::EC2::Instance"
Metadata:
AWS::CloudFormation::Init:
configSets:
install_all:
- "install_cfn"
- "install_app"
- "install_logs"
install_cfn:
files:
/etc/cfn/cfn-hup.conf:
content:
Fn::Join:
- ""
-
- "[main]\n"
- "stack="
-
Ref: "AWS::StackId"
- "\n"
- "region="
-
Ref: "AWS::Region"
- "\n"
mode: "000400"
owner: "root"
group: "root"
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content:
Fn::Join:
- ""
-
- "[cfn-auto-reloader-hook]\n"
- "triggers=post.update\n"
- "path=Resources.WebServerInstance.Metadata.AWS::CloudFormation::Init\n"
- "action=/opt/aws/bin/cfn-init -v "
- " --stack "
-
Ref: "AWS::StackName"
- " --resource WebServerInstance "
- " --configsets install_all "
- " --region "
-
Ref: "AWS::Region"
- "\n"
- "runas=root\n"
services:
sysvinit:
cfn-hup:
enabled: "true"
ensureRunning: "true"
files:
- "/etc/cfn/cfn-hup.conf"
- "/etc/cfn/hooks.d/cfn-auto-reloader.conf"
install_app:
packages:
yum:
httpd: []
files:
/var/www/html/index.html:
content:
Fn::Join:
- "\n"
-
- "<img src=\"https://s3.amazonaws.com/cloudformation-examples/cloudformation_graphic.png\" alt=\"AWS CloudFormation Logo\"/>"
- "<h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1>"
mode: "000644"
owner: "root"
group: "root"
services:
sysvinit:
httpd:
enabled: "true"
ensureRunning: "true"
install_logs:
packages:
yum:
awslogs: []
files:
/etc/awslogs/awslogs.conf:
content:
Fn::Join:
- ""
-
- "[general]\n"
- "state_file= /var/awslogs/state/agent-state\n"
- "[/var/log/cloud-init.log]\n"
- "file = /var/log/cloud-init.log\n"
- "log_group_name = "
-
Ref: "CloudFormationLogs"
- "\n"
- "log_stream_name = {instance_id}/cloud-init.log\n"
- "datetime_format = \n"
- "[/var/log/cloud-init-output.log]\n"
- "file = /var/log/cloud-init-output.log\n"
- "log_group_name = "
-
Ref: "CloudFormationLogs"
- "\n"
- "log_stream_name = {instance_id}/cloud-init-output.log\n"
- "datetime_format = \n"
- "[/var/log/cfn-init.log]\n"
- "file = /var/log/cfn-init.log\n"
- "log_group_name = "
-
Ref: "CloudFormationLogs"
- "\n"
- "log_stream_name = {instance_id}/cfn-init.log\n"
- "datetime_format = \n"
- "[/var/log/cfn-hup.log]\n"
- "file = /var/log/cfn-hup.log\n"
- "log_group_name = "
-
Ref: "CloudFormationLogs"
- "\n"
- "log_stream_name = {instance_id}/cfn-hup.log\n"
- "datetime_format = \n"
- "[/var/log/cfn-wire.log]\n"
- "file = /var/log/cfn-wire.log\n"
- "log_group_name = "
-
Ref: "CloudFormationLogs"
- "\n"
- "log_stream_name = {instance_id}/cfn-wire.log\n"
- "datetime_format = \n"
- "[/var/log/httpd]\n"
- "file = /var/log/httpd/*\n"
- "log_group_name = "
-
Ref: "CloudFormationLogs"
- "\n"
- "log_stream_name = {instance_id}/httpd\n"
- "datetime_format = %d/%b/%Y:%H:%M:%S\n"
mode: "000444"
owner: "root"
group: "root"
commands:
01_create_state_directory:
command: "mkdir -p /var/awslogs/state"
services:
sysvinit:
awslogs:
enabled: "true"
ensureRunning: "true"
files:
- "/etc/awslogs/awslogs.conf"
Properties:
SecurityGroups:
-
Ref: "InstanceSecurityGroup"
KeyName:
Ref: "KeyName"
InstanceType:
Ref: "InstanceType"
IamInstanceProfile:
Ref: "LogRoleInstanceProfile"
ImageId:
Fn::FindInMap:
- "AWSRegionArch2AMI"
-
Ref: "AWS::Region"
-
Fn::FindInMap:
- "AWSInstanceType2Arch"
-
Ref: "InstanceType"
- "Arch"
UserData:
Fn::Base64:
Fn::Join:
- ""
-
- "#!/bin/bash -xe\n"
- "yum update -y aws-cfn-bootstrap\n"
- "/opt/aws/bin/cfn-init -v "
- " --stack "
-
Ref: "AWS::StackName"
- " --resource WebServerInstance "
- " --configsets install_all "
- " --region "
-
Ref: "AWS::Region"
- "\n"
- "/opt/aws/bin/cfn-signal -e $? "
- " --stack "
-
Ref: "AWS::StackName"
- " --resource WebServerInstance "
- " --region "
-
Ref: "AWS::Region"
- "\n"
CreationPolicy:
ResourceSignal:
Timeout: "PT15M"
InstanceSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: "Enable SSH access and HTTP access on the inbound port"
SecurityGroupIngress:
-
IpProtocol: "tcp"
FromPort: "22"
ToPort: "22"
CidrIp:
Ref: "SSHLocation"
-
IpProtocol: "tcp"
FromPort: "80"
ToPort: "80"
CidrIp: "0.0.0.0/0"
Outputs:
URL:
Description: "URL of the sample website"
Value:
Fn::Join:
- ""
-
- "http://"
-
Fn::GetAtt:
- "WebServerInstance"
- "PublicDnsName"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment