{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "AWS Cloudformation script to deploy Netsil AOC", "Parameters": { "InstanceType": { "Description": "Netsil AOC EC2 instance type", "Type": "String", "Default": "m4.2xlarge", "AllowedValues": [ "t2.xlarge", "t2.2xlarge", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "c4.2xlarge", "c4.4xlarge", "r4.xlarge", "r4.2xlarge" ], "ConstraintDescription": "Must be a valid EC2 instance type." }, "VolumeSize": { "Description": "Storage size of your instance. Must be at least 120 GB.", "Type": "Number", "MinValue": "120", "Default": "500", "ConstraintDescription": "Size must be greater than or equal to 120 GB." }, "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription": "Must be the name of an existing EC2 KeyPair." }, "AssignPublicIP": { "Description": "You may want to choose if you intend to access Netsil AOC behind a load balancer.", "AllowedValues": ["true", "false"], "Default": "true", "Type": "String" }, "VPC": { "Description": "You must launch Netsil AOC in the same VPC as that of the applications you wish to monitor, or setup VPC peering when using a separate VPC.", "Type": "AWS::EC2::VPC::Id", "ConstraintDescription": "Must be the name of an existing VPC." }, "Subnet": { "Description": "Ensure that your subnet is within your chosen VPC.", "Type": "AWS::EC2::Subnet::Id", "ConstraintDescription": "Must be the name of an existing subnet that is within the VPC you selected." }, "AdminLocation": { "Description": "Specify a public IP address range to allow SSH and HTTP(S) access to the EC2 instance.", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x." }, "SGsourceVpcCidr": { "Description": "Specify a private IP address range to restrict inbound traffic to the AOC from your application instances.", "Default": "0.0.0.0/0", "Type": "String", "MinLength": "9", "MaxLength": "18", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x." } }, "Mappings": { "AWSInstanceType2Arch": { "t2.xlarge": { "Arch": "HVM64" }, "t2.2xlarge": { "Arch": "HVM64" }, "m4.xlarge": { "Arch": "HVM64" }, "m4.2xlarge": { "Arch": "HVM64" }, "m4.4xlarge": { "Arch": "HVM64" }, "c4.2xlarge": { "Arch": "HVM64" }, "c4.4xlarge": { "Arch": "HVM64" }, "r4.xlarge": { "Arch": "HVM64" }, "r4.2xlarge": { "Arch": "HVM64" } }, "AWSRegionArch2AMI": { "us-east-1": { "HVM64": "ami-48a78833" }, "us-east-2": { "HVM64": "ami-53cfef36" }, "us-west-1": { "HVM64": "ami-5f002b3f" }, "us-west-2": { "HVM64": "ami-0eaf4976" }, "eu-west-1": { "HVM64": "ami-3e09ff47" }, "eu-central-1": { "HVM64": "ami-836ec0ec" }, "ap-southeast-1": { "HVM64": "ami-09cb536a" }, "ap-northeast-1": { "HVM64": "ami-f554bf93" }, "ap-south-1": { "HVM64": "ami-702b511f" }, "sa-east-1": { "HVM64": "ami-fb9aec97" } } }, "Resources": { "NetsilAOC": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId": { "Fn::FindInMap": [ "AWSRegionArch2AMI", { "Ref": "AWS::Region" }, { "Fn::FindInMap": [ "AWSInstanceType2Arch", { "Ref": "InstanceType" }, "Arch" ] } ] }, "InstanceType": { "Ref": "InstanceType" }, "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "NetsilAOCPrivateSecurityGroup" }, { "Ref": "NetsilAOCPublicSecurityGroup" } ], "AssociatePublicIpAddress": { "Ref": "AssignPublicIP" }, "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "Subnet" } } ], "KeyName": { "Ref": "KeyName" }, "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeType": "gp2", "VolumeSize": { "Ref": "VolumeSize" } } } ] }, "DependsOn": [ "NetsilAOCPublicSecurityGroup", "NetsilAOCPrivateSecurityGroup" ] }, "NetsilAOCPrivateSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Private VPC between Netsil and Collectors.", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "2001", "ToPort": "2001", "CidrIp": { "Ref": "SGsourceVpcCidr" } }, { "IpProtocol": "tcp", "FromPort": "2003", "ToPort": "2003", "CidrIp": { "Ref": "SGsourceVpcCidr" } }, { "IpProtocol": "udp", "FromPort": "2003", "ToPort": "2003", "CidrIp": { "Ref": "SGsourceVpcCidr" } }, { "IpProtocol": "tcp", "FromPort": "3003", "ToPort": "3003", "CidrIp": { "Ref": "SGsourceVpcCidr" } } ], "VpcId": {"Ref": "VPC"} } }, "NetsilAOCPublicSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Ports for public access of Netsil AOC UI", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": { "Ref": "AdminLocation" } }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": { "Ref": "AdminLocation" } }, { "IpProtocol": "tcp", "FromPort": "2000", "ToPort": "2000", "CidrIp": { "Ref": "AdminLocation" } }, { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "AdminLocation" } } ], "VpcId": {"Ref": "VPC"} } } }, "Metadata" : { "AWS::CloudFormation::Interface" : { "ParameterGroups" : [ { "Label" : { "default":"Amazon EC2 Configuration" }, "Parameters" : [ "InstanceType", "VolumeSize", "KeyName" ] }, { "Label" : { "default" : "Network Configuration" }, "Parameters" : [ "VPC", "Subnet", "AssignPublicIP" ] }, { "Label" : { "default" : "Security Group Configuration" }, "Parameters" : [ "AdminLocation", "SGsourceVpcCidr" ] } ], "ParameterLabels" : { "VPC" : { "default" : "VPC to Deploy To" }, "Subnet" : { "default" : "Subnet to Deploy To" }, "AdminLocation": { "default": "Public CIDR Range" }, "SGsourceVpcCidr": { "default": "Private CIDR Range" }, "AssignPublicIP": { "default": "Assign a Public IP Address"} } } }, "Outputs": { "WebsiteURL": { "Value": { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "NetsilAOC", "PublicDnsName" ] } ] ] }, "Description": "Address of the Netsil AOC Web UI. Please wait around ten minutes after stack creation for this link to be available." } } }