AWSTemplateFormatVersion: 2010-09-09 Description: "AWS Batch Hands-on - base infrastructure" Mappings: SubnetConfig: VPC: CIDR: 10.0.100.0/24 Public: CIDR: 10.0.100.0/24 RegionMap: us-east-1: "ubuntuimgid": "ami-d15a75c7" us-east-2: "ubuntuimgid": "ami-8b92b4ee" us-west-1: "ubuntuimgid": "ami-73f7da13" us-west-2: "ubuntuimgid": "ami-835b4efa" ca-central-1: "ubuntuimgid": "ami-b3d965d7" eu-west-1: "ubuntuimgid": "ami-6d48500b" eu-central-1: "ubuntuimgid": "ami-1c45e273" eu-west-2: "ubuntuimgid": "ami-cc7066a8" ap-southeast-1: "ubuntuimgid": "ami-2378f540" ap-southeast-2: "ubuntuimgid": "ami-e94e5e8a" ap-northeast-2: "ubuntuimgid": "ami-94d20dfa" ap-northeast-1: "ubuntuimgid": "ami-785c491f" ap-south-1: "ubuntuimgid": "ami-49e59a26" sa-east-1: "ubuntuimgid": "ami-34afc458" Parameters: KeyPairName: Type: String Description: enter your keypair name BucketName: Type: String Description: enter unique bucket name ECRName: Type: String Default: openfoam-batch Description: enter docker image repo name InstanceTypeParameter: Type: String Default: t2.micro AllowedValues: - t2.micro - t2.medium - m4.large Description: Enter t2.micro, t2.medium, or m4.large. Default is t2.micro. Resources: VPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: Fn::FindInMap: - SubnetConfig - VPC - CIDR Tags: - Key: Name Value: "AWS Batch Base" - Key: Application Value: !Ref AWS::StackName InternetGateway: Type: AWS::EC2::InternetGateway DependsOn: VPC Properties: Tags: - Key: Application Value: !Ref AWS::StackName AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC MapPublicIpOnLaunch: true AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" CidrBlock: Fn::FindInMap: - SubnetConfig - Public - CIDR Tags: - Key: Name Value: "Public Subnet" - Key: Application Value: !Ref AWS::StackName PublicRouteTable: Type: AWS::EC2::RouteTable DependsOn: - VPC - AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Public - Key: Application Value: !Ref AWS::StackName PublicRoute: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation DependsOn: AttachGateway Properties: SubnetId: !Ref PublicSubnet RouteTableId: !Ref PublicRouteTable SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: SecurityGroup for AWS Batch instances (allow ssh from anywhere) VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 0.0.0.0/0 Tags: - Key: Name Value: BatchInstanceSecGrp - Key: Application Value: !Ref AWS::StackName S3Bucket: Type: AWS::S3::Bucket Properties: BucketName: !Ref BucketName ECR: Type: "AWS::ECR::Repository" Properties: RepositoryName: !Ref ECRName AWSBatchServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: batch.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole Path: /service-role/ AmazonEC2SpotFleetRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: spotfleet.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole Path: /service-role/ BatchInstanceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: ec2.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role Path: /service-role/ BatchJobRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: batch-s3-access PolicyDocument: Statement: - Effect: Allow Action: - s3:PutObject Resource: - Fn::Join: ['', ['arn:aws:s3:::', {Ref: S3Bucket}, '/*' ]] Path: / BatchInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref BatchInstanceRole BastionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: ec2.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/AdministratorAccess Path: / BastionInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref BastionRole BastionEC2: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ubuntuimgid] InstanceType: !Ref InstanceTypeParameter IamInstanceProfile: !Ref BastionInstanceProfile KeyName: !Ref KeyPairName SecurityGroupIds: - Ref: "SecurityGroup" SubnetId: !Ref PublicSubnet BlockDeviceMappings: - DeviceName: "/dev/sda1" Ebs: VolumeType: "gp2" VolumeSize: "50" DeleteOnTermination: "true" Tags: - Key: Name Value: Ubuntu Bastion UserData: Fn::Base64: !Sub | #!/bin/bash -xe cd /home/ubuntu git clone https://github.com/porcaro33/openfoam-docker.git cd openfoam-docker ./bastion_setup.sh Outputs: VPC: Description: A VPC for AWS Batch Value: !Ref VPC PublicSubnet: Description: Public subnet for AWS Batch Value: !Ref PublicSubnet AWSBatchServiceRole: Description: A service role for AWS Batch to access other resources Value: !GetAtt AWSBatchServiceRole.Arn AmazonEC2SpotFleetRole: Description: A service role for EC2 SpotFleet to access ec2 resources Value: !GetAtt AmazonEC2SpotFleetRole.Arn JobRoleArn: Description: A role for EC2 SpotFleet to access ec2 resources Value: !GetAtt BatchJobRole.Arn ComputeInstanceRole: Description: A instance role for Batch ECS Cluster and s3 access Value: !GetAtt BatchInstanceProfile.Arn SecurityGroup: Description: A security group for Batch instances Value: !Ref SecurityGroup S3Bucket: Description: A S3 bucket for job results Value: !Ref S3Bucket ECR: Description: ECR for openfoam-docker Value: !Ref ECR BastionEC2: Description: Bastion EC2 (Amazon Linux) Value: !GetAtt BastionEC2.PublicIp