--- AWSTemplateFormatVersion: 2010-09-09 Description: Running Amazon EC2 Workloads at Scale - workshop template Mappings: CidrMappings: public-subnet-1: CIDR: 10.0.1.0/24 public-subnet-2: CIDR: 10.0.2.0/24 vpc: CIDR: 10.0.0.0/16 Metadata: Author: Description: Chad Schmutzer License: Description: 'Copyright 2017 Amazon.com, Inc. and its affiliates. All Rights Reserved. Licensed under the Amazon Software License (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/asl/ or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.' Outputs: awsRegionId: Description: The AWS Region ID your template was launched in Value: Ref: AWS::Region cloud9Environment: Description: Cloud9 environment Value: Fn::GetAtt: - cloud9Environment - Name codeDeployBucket: Description: CodeDeploy S3 bucket Value: Ref: codeDeployBucket codeDeployServiceRole: Description: The CodeDeploy service role ARN Value: Fn::GetAtt: - codeDeployServiceRole - Arn dbSecurityGroup: Description: The RDS database security group Value: Ref: dbSecurityGroup dbSubnetGroup: Description: The RDS database subnet group Value: Ref: dbSubnetGroup eventRule: Description: Events rule Value: Ref: eventRule fileSystem: Description: Elastic file system Value: Ref: fileSystem instanceProfile: Description: Instance profile ARN Value: Fn::GetAtt: - instanceProfile - Arn instanceSecurityGroup: Description: Instance security group Value: Ref: instanceSecurityGroup lambdaFunction: Description: Lambda function Value: Ref: lambdaFunction loadBalancerSecurityGroup: Description: Load Balancer security group Value: Ref: loadBalancerSecurityGroup publicSubnet1: Description: Public subnet 1 Value: Ref: publicSubnet1 publicSubnet2: Description: Public subnet 2 Value: Ref: publicSubnet2 snsTopic: Description: SNS topic ARN Value: Ref: snsTopic vpc: Description: The VPC Value: Ref: vpc Parameters: sourceCidr: Default: 0.0.0.0/0 Description: Optional - CIDR/IP range for instance ssh/http access and load balancer http access Type: String Resources: attachGateway: DependsOn: - vpc - internetGateway Properties: InternetGatewayId: Ref: internetGateway VpcId: Ref: vpc Type: AWS::EC2::VPCGatewayAttachment autoScalingServiceLinkedRole: Properties: AWSServiceName: autoscaling.amazonaws.com Description: Default Service-Linked Role enables access to AWS Services and Resources used or managed by Auto Scaling Type: AWS::IAM::ServiceLinkedRole cloud9Environment: DependsOn: - publicSubnet1 Properties: Description: Running Amazon EC2 Workloads at Scale - Cloud9 environment InstanceType: t2.micro SubnetId: Ref: publicSubnet1 Type: AWS::Cloud9::EnvironmentEC2 codeDeployBucket: Type: AWS::S3::Bucket codeDeployServiceRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - codedeploy.amazonaws.com Version: 2012-10-17 ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole Path: / Type: AWS::IAM::Role dbSecurityGroup: DependsOn: - vpc Properties: GroupDescription: Allow mysql (3306) SecurityGroupIngress: - CidrIp: Fn::FindInMap: - CidrMappings - vpc - CIDR FromPort: 3306 IpProtocol: tcp ToPort: 3306 VpcId: Ref: vpc Type: AWS::EC2::SecurityGroup dbSubnetGroup: Properties: DBSubnetGroupDescription: Running Amazon EC2 Workloads at Scale - RDS database subnet group SubnetIds: - Ref: publicSubnet1 - Ref: publicSubnet2 Tags: - Key: Name Value: Running Amazon EC2 Workloads at Scale - RDS database subnet group Type: AWS::RDS::DBSubnetGroup ec2FleetServiceLinkedRole: Properties: AWSServiceName: ec2fleet.amazonaws.com Description: Default EC2 Fleet Service Linked Role Type: AWS::IAM::ServiceLinkedRole eventRule: DependsOn: - snsTopic Properties: Description: Events rule for EC2 Spot Instance Interruption Notices EventPattern: detail-type: - EC2 Spot Instance Interruption Warning source: - aws.ec2 State: ENABLED Targets: - Arn: Ref: snsTopic Id: Fn::GetAtt: - snsTopic - TopicName - Arn: Fn::GetAtt: - lambdaFunction - Arn Id: Ref: lambdaFunction Type: AWS::Events::Rule fileSystem: Properties: FileSystemTags: - Key: Name Value: Running Amazon EC2 Workloads at Scale - file system Type: AWS::EFS::FileSystem fileSystemSecurityGroup: DependsOn: - vpc Properties: GroupDescription: Allow nfs (2049) SecurityGroupIngress: - CidrIp: Fn::FindInMap: - CidrMappings - vpc - CIDR FromPort: 2049 IpProtocol: tcp ToPort: 2049 VpcId: Ref: vpc Type: AWS::EC2::SecurityGroup instanceProfile: DependsOn: - instanceRole Properties: Path: / Roles: - Ref: instanceRole Type: AWS::IAM::InstanceProfile instanceRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - ec2.amazonaws.com Version: 2012-10-17 ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM Path: / Policies: - PolicyDocument: Statement: - Action: - s3:List* - s3:Get* Effect: Allow Resource: - Fn::Join: - '' - - 'arn:aws:s3:::' - Ref: codeDeployBucket - /* - arn:aws:s3:::aws-codedeploy-us-east-2/* - arn:aws:s3:::aws-codedeploy-us-east-1/* - arn:aws:s3:::aws-codedeploy-us-west-1/* - arn:aws:s3:::aws-codedeploy-us-west-2/* - arn:aws:s3:::aws-codedeploy-ca-central-1/* - arn:aws:s3:::aws-codedeploy-eu-west-1/* - arn:aws:s3:::aws-codedeploy-eu-west-2/* - arn:aws:s3:::aws-codedeploy-eu-west-3/* - arn:aws:s3:::aws-codedeploy-eu-central-1/* - arn:aws:s3:::aws-codedeploy-ap-northeast-1/* - arn:aws:s3:::aws-codedeploy-ap-northeast-2/* - arn:aws:s3:::aws-codedeploy-ap-southeast-1/* - arn:aws:s3:::aws-codedeploy-ap-southeast-2/* - arn:aws:s3:::aws-codedeploy-ap-south-1/* - arn:aws:s3:::aws-codedeploy-sa-east-1/* Version: '2012-10-17' PolicyName: Fn::Join: - '-' - - Ref: AWS::StackName - codeDeployPolicy Type: AWS::IAM::Role instanceSecurityGroup: DependsOn: - vpc Properties: GroupDescription: Allow ssh (22) and http (80) SecurityGroupIngress: - CidrIp: Ref: sourceCidr FromPort: 80 IpProtocol: tcp ToPort: 80 - CidrIp: Ref: sourceCidr FromPort: 22 IpProtocol: tcp ToPort: 22 VpcId: Ref: vpc Type: AWS::EC2::SecurityGroup instanceSecurityGroupIngress: DependsOn: - instanceSecurityGroup - loadBalancerSecurityGroup Properties: FromPort: 80 GroupId: Ref: instanceSecurityGroup IpProtocol: tcp SourceSecurityGroupId: Ref: loadBalancerSecurityGroup ToPort: 80 Type: AWS::EC2::SecurityGroupIngress internetGateway: DependsOn: - vpc Type: AWS::EC2::InternetGateway lambdaFunction: DependsOn: - lambdaFunctionRole Properties: Code: ZipFile: "def handler(event, context):\n return\n" Handler: index.handler Role: Fn::GetAtt: - lambdaFunctionRole - Arn Runtime: python3.6 Type: AWS::Lambda::Function lambdaFunctionPermission: Properties: Action: lambda:InvokeFunction FunctionName: Fn::GetAtt: - lambdaFunction - Arn Principal: events.amazonaws.com SourceArn: Fn::GetAtt: - eventRule - Arn Type: AWS::Lambda::Permission lambdaFunctionRole: Properties: AssumeRolePolicyDocument: Statement: - Action: - sts:AssumeRole Effect: Allow Principal: Service: - lambda.amazonaws.com Version: 2012-10-17 ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Path: / Policies: - PolicyDocument: Statement: - Action: elasticloadbalancing:DeregisterTargets Effect: Allow Resource: '*' - Action: ec2:DescribeTags Effect: Allow Resource: '*' Version: '2012-10-17' PolicyName: Fn::Join: - '-' - - Ref: AWS::StackName - lambdaFunctionRole Type: AWS::IAM::Role loadBalancerSecurityGroup: DependsOn: - vpc Properties: GroupDescription: Allow http (80) SecurityGroupIngress: - CidrIp: Ref: sourceCidr FromPort: 80 IpProtocol: tcp ToPort: 80 VpcId: Ref: vpc Type: AWS::EC2::SecurityGroup mountTargetPublicSubnet1: DependsOn: - fileSystem Properties: FileSystemId: Ref: fileSystem SecurityGroups: - Ref: fileSystemSecurityGroup SubnetId: Ref: publicSubnet1 Type: AWS::EFS::MountTarget mountTargetPublicSubnet2: DependsOn: - fileSystem Properties: FileSystemId: Ref: fileSystem SecurityGroups: - Ref: fileSystemSecurityGroup SubnetId: Ref: publicSubnet2 Type: AWS::EFS::MountTarget publicRoute: DependsOn: - publicRouteTable - internetGateway - attachGateway Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: internetGateway RouteTableId: Ref: publicRouteTable Type: AWS::EC2::Route publicRouteTable: DependsOn: - vpc - attachGateway Properties: Tags: - Key: Name Value: Running Amazon EC2 Workloads at Scale - public route table VpcId: Ref: vpc Type: AWS::EC2::RouteTable publicSubnet1: DependsOn: attachGateway Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: Ref: AWS::Region CidrBlock: Fn::FindInMap: - CidrMappings - public-subnet-1 - CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: Running Amazon EC2 Workloads at Scale - public subnet 1 VpcId: Ref: vpc Type: AWS::EC2::Subnet publicSubnet1RouteTableAssociation: DependsOn: - publicRouteTable - publicSubnet1 - attachGateway Properties: RouteTableId: Ref: publicRouteTable SubnetId: Ref: publicSubnet1 Type: AWS::EC2::SubnetRouteTableAssociation publicSubnet2: DependsOn: attachGateway Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: Ref: AWS::Region CidrBlock: Fn::FindInMap: - CidrMappings - public-subnet-2 - CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: Running Amazon EC2 Workloads at Scale - public subnet 2 VpcId: Ref: vpc Type: AWS::EC2::Subnet publicSubnet2RouteTableAssociation: DependsOn: - publicRouteTable - publicSubnet2 - attachGateway Properties: RouteTableId: Ref: publicRouteTable SubnetId: Ref: publicSubnet2 Type: AWS::EC2::SubnetRouteTableAssociation snsTopic: Properties: DisplayName: SNS Topic for EC2 Spot Instance Interruption Notices Type: AWS::SNS::Topic snsTopicPolicy: DependsOn: - snsTopic Properties: PolicyDocument: Id: Fn::GetAtt: - snsTopic - TopicName Statement: - Action: sns:Publish Effect: Allow Principal: Service: - events.amazonaws.com Resource: Ref: snsTopic Version: '2012-10-17' Topics: - Ref: snsTopic Type: AWS::SNS::TopicPolicy vpc: Properties: CidrBlock: Fn::FindInMap: - CidrMappings - vpc - CIDR EnableDnsHostnames: true EnableDnsSupport: true Tags: - Key: Name Value: Running Amazon EC2 Workloads at Scale - workshop template Type: AWS::EC2::VPC ...