Skip to content

Commit

Permalink
Update docs with tests for using existing resources
Browse files Browse the repository at this point in the history
  • Loading branch information
AnchorArray committed May 8, 2024
1 parent 844c817 commit a39c12c
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 25 deletions.
Original file line number Diff line number Diff line change
@@ -1,22 +1,11 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: Deployment of Containerized Applications on EC2 Instances

Parameters:
VpcCidr:
Type: String
Default: 10.199.0.0/16
Description: The CIDR block for the VPC.

AMIId:
Type: String
Default: ami-0ddda618e961f2270
Description: The ID of the AMI to be used for the EC2 instances.

Resources:
StackVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
CidrBlock: 10.199.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true

Expand All @@ -33,7 +22,7 @@ Resources:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref StackVPC
CidrBlock: 10.199.5.0/24
CidrBlock: 10.199.0.0/28
MapPublicIpOnLaunch: false
AvailabilityZone: !Select
- 0
Expand All @@ -43,7 +32,7 @@ Resources:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref StackVPC
CidrBlock: 10.199.1.0/24
CidrBlock: 10.199.0.16/28
MapPublicIpOnLaunch: true
AvailabilityZone: !Select
- 0
Expand All @@ -53,7 +42,7 @@ Resources:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref StackVPC
CidrBlock: 10.199.3.0/24
CidrBlock: 10.199.0.32/28
MapPublicIpOnLaunch: true
AvailabilityZone: !Select
- 1
Expand Down Expand Up @@ -114,19 +103,17 @@ Resources:

EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
GroupName: !Sub "${AWS::StackName}-EC2-SG"
Properties:
GroupDescription: Allow traffic from ALB
VpcId: !Ref StackVPC
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !Ref VpcCidr
CidrIp: 10.199.0.0/16

SSMInstanceRole:
Type: AWS::IAM::Role
RoleName: !Sub "${AWS::StackName}-SSM-ROLE"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Expand All @@ -140,15 +127,14 @@ Resources:

InstanceProfile:
Type: AWS::IAM::InstanceProfile
InstanceProfileName: !Sub "${AWS::StackName}-EC2-PROFILE"
Properties:
Roles:
- !Ref SSMInstanceRole

EC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AMIId
ImageId: ami-0ddda618e961f2270
InstanceType: t3.medium
SubnetId: !Ref PrivateSubnet
SecurityGroupIds:
Expand Down Expand Up @@ -180,3 +166,9 @@ Outputs:
Value: !Ref PublicSubnet2
Export:
Name: !Sub "${AWS::StackName}-PublicSubnetId2"

InstanceProfileArn:
Description: "The ARN of the instance profile role"
Value: !GetAtt InstanceProfile.Arn
Export:
Name: !Sub "${AWS::StackName}-InstanceProfile"
15 changes: 10 additions & 5 deletions docs/cloudformation/template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ Parameters:
Default: ""
Description: Optional. Existing VPC ID to use instead of creating a new VPC. Leave empty to create a new VPC.

ExistingInstanceProfileArn:
Type: String
Default: ""
Description: Optional. Existing IAM instance profile ARN to use instead of creating a new instance profile. Leave empty to create a new instance profile.

VpcCidr:
Type: String
Default: 10.0.0.0/16
Expand Down Expand Up @@ -89,9 +94,10 @@ Parameters:

Conditions:
CreateVpc: !Equals [!Ref ExistingVpcId, ""]
CreateInstanceProfile: !Equals [!Ref ExistingInstanceProfileArn, ""]

Resources:
##### Networking

StackVPC:
Type: AWS::EC2::VPC
Condition: CreateVpc
Expand Down Expand Up @@ -206,7 +212,6 @@ Resources:
SubnetId: !Ref PrivateSubnet
RouteTableId: !Ref PrivateRouteTable

##### Security
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
Expand Down Expand Up @@ -239,6 +244,7 @@ Resources:

SSMInstanceRole:
Type: AWS::IAM::Role
Condition: CreateInstanceProfile
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Expand All @@ -250,7 +256,6 @@ Resources:
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"

##### Load Balancing
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Expand Down Expand Up @@ -279,9 +284,9 @@ Resources:
Port: 80
Protocol: HTTP

##### Compute
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Condition: CreateInstanceProfile
Properties:
Roles:
- !Ref SSMInstanceRole
Expand All @@ -296,7 +301,7 @@ Resources:
SecurityGroupIds:
- !Ref EC2SecurityGroup
IamInstanceProfile:
Arn: !GetAtt InstanceProfile.Arn
Arn: !If [CreateInstanceProfile, !GetAtt InstanceProfile.Arn, !Ref ExistingInstanceProfileArn]
UserData: !Base64
'Fn::Sub': |
#!/bin/bash
Expand Down

0 comments on commit a39c12c

Please sign in to comment.