---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Template to install CloudWatchAgent on amazon linux. It was validated on amazon linux 2'
Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: m4.2xlarge
    ConstraintDescription: must be a valid EC2 instance type.
  InstanceAMI:
    Description: Managed AMI ID for EC2 Instance
    Type : String
    Default: ami-7707a10f
  IAMRole:
    Description: EC2 attached IAM role
    Type: String
    Default: CloudWatchAgentAdminRole
    ConstraintDescription: must be an existing IAM role which will be attached to EC2 instance.
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Resources:
  EC2Instance:
    Type: AWS::EC2::Instance
    Metadata:
      AWS::CloudFormation::Init:
        configSets:
          default:
            - 01_setupCfnHup
            - 02_config-amazon-cloudwatch-agent
            - 03_restart_amazon-cloudwatch-agent
          UpdateEnvironment:
            - 02_config-amazon-cloudwatch-agent
            - 03_restart_amazon-cloudwatch-agent
        # Definition of json configuration of AmazonCloudWatchAgent, you can change the configuration below.
        02_config-amazon-cloudwatch-agent:
          files:
            '/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json':
              content: !Sub |
                {
                  "metrics": {
                    "append_dimensions": {
                      "AutoScalingGroupName": "${!aws:AutoScalingGroupName}",
                      "ImageId": "${!aws:ImageId}",
                      "InstanceId": "${!aws:InstanceId}",
                      "InstanceType": "${!aws:InstanceType}"
                    },
                    "metrics_collected": {
                      "mem": {
                        "measurement": [
                          "mem_used_percent"
                        ]
                      },
                      "swap": {
                        "measurement": [
                          "swap_used_percent"
                        ]
                      }
                    }
                  }
                }
        # Invoke amazon-cloudwatch-agent-ctl to restart the AmazonCloudWatchAgent.
        03_restart_amazon-cloudwatch-agent:
          commands:
            01_stop_service:
              command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a stop
            02_start_service:
              command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
        # Cfn-hup setting, it is to monitor the change of metadata.
        # When there is change in the contents of json file in the metadata section, cfn-hup will call cfn-init to restart the AmazonCloudWatchAgent.
        01_setupCfnHup:
          files:
             '/etc/cfn/cfn-hup.conf':
               content: !Sub |
                 [main]
                 stack=${AWS::StackId}
                 region=${AWS::Region}
                 interval=1
               mode: '000400'
               owner: root
               group: root
             '/etc/cfn/hooks.d/amazon-cloudwatch-agent-auto-reloader.conf':
               content: !Sub |
                 [cfn-auto-reloader-hook]
                 triggers=post.update
                 path=Resources.EC2Instance.Metadata.AWS::CloudFormation::Init.02_config-amazon-cloudwatch-agent
                 action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} --configsets UpdateEnvironment
                 runas=root
               mode: '000400'
               owner: root
               group: root
             "/lib/systemd/system/cfn-hup.service":
                content: !Sub |
                  [Unit]
                  Description=cfn-hup daemon
                  [Service]
                  Type=simple
                  ExecStart=/opt/aws/bin/cfn-hup
                  Restart=always
                  [Install]
                  WantedBy=multi-user.target
          commands:
            01enable_cfn_hup:
              command: !Sub |
                systemctl enable cfn-hup.service
            02start_cfn_hup:
              command: !Sub |
                systemctl start cfn-hup.service

    Properties:
      InstanceType:
        Ref: InstanceType
      IamInstanceProfile:
        Ref: IAMRole
      KeyName:
        Ref: KeyName
      ImageId:
        Ref: InstanceAMI
      SecurityGroups:
        - Ref: InstanceSecurityGroup
      UserData:
        # This script below is to install AmazonCloudWatchAgent, restart AmazonCloudWatchAgent and tell the result to cloudformation.
        Fn::Base64: !Sub |
           #!/bin/bash
           rpm -Uvh https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm
           /opt/aws/bin/cfn-init -v --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region} --configsets default
           /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackId} --resource EC2Instance --region ${AWS::Region}

    CreationPolicy:
      ResourceSignal:
        Count: 1
        Timeout: "PT15M"
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp:
          Ref: SSHLocation