├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── InstanceRefreshHandler ├── lambda_function.py └── requirements.txt ├── LICENSE ├── README.md ├── THIRD-PARTY-LICENSES.txt ├── images ├── architecture-diagram.png ├── asg-instance-refresh-activity-history.png ├── ec2-instance-refresh.png ├── edit-auto-scaling-group.png ├── image-builder-console.png └── sam-cfn-console.png ├── sample-event.json └── template.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | # SAM Cache 2 | .aws-sam 3 | samconfig.toml 4 | 5 | # Packaged Template 6 | packaged.yaml 7 | 8 | # System Files 9 | .DS_Store -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *master* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | 61 | We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. 62 | -------------------------------------------------------------------------------- /InstanceRefreshHandler/lambda_function.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: MIT-0 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy of this 5 | # software and associated documentation files (the "Software"), to deal in the Software 6 | # without restriction, including without limitation the rights to use, copy, modify, 7 | # merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 8 | # permit persons to whom the Software is furnished to do so. 9 | # 10 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 11 | # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 12 | # PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 13 | # HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 14 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 15 | # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 16 | 17 | import boto3 18 | from botocore.exceptions import ClientError 19 | import json 20 | import logging 21 | import os 22 | 23 | logger = logging.getLogger() 24 | logger.setLevel(logging.INFO) 25 | 26 | # define boto3 clients 27 | asg_client = boto3.client('autoscaling') 28 | 29 | 30 | def get_ami_id_from_ib_notification(ib_notification): 31 | # Parse Image Builder notification and look up AMI for Lambda region 32 | for resource in ib_notification['outputResources']['amis']: 33 | if resource['region'] == os.environ['AWS_REGION']: 34 | return(resource['image']) 35 | else: 36 | return(None) 37 | 38 | 39 | def set_asg_launch_template_version_latest(asg_name, lt_id): 40 | try: 41 | response = asg_client.update_auto_scaling_group( 42 | AutoScalingGroupName=asg_name, 43 | LaunchTemplate={ 44 | 'LaunchTemplateId': lt_id, 45 | 'Version': '$Latest' 46 | } 47 | ) 48 | logging.info("Set launch template: {} version for asg: {} to $Latest".format( 49 | lt_id, asg_name)) 50 | return response 51 | except ClientError as e: 52 | logging.error('Error setting launch template version to $Latest') 53 | raise e 54 | 55 | 56 | def trigger_auto_scaling_instance_refresh(asg_name, strategy="Rolling", 57 | min_healthy_percentage=90, instance_warmup=300): 58 | 59 | try: 60 | response = asg_client.start_instance_refresh( 61 | AutoScalingGroupName=asg_name, 62 | Strategy=strategy, 63 | Preferences={ 64 | 'MinHealthyPercentage': min_healthy_percentage, 65 | 'InstanceWarmup': instance_warmup 66 | }) 67 | logging.info("Triggered Instance Refresh {} for Auto Scaling " 68 | "group {}".format(response['InstanceRefreshId'], asg_name)) 69 | 70 | except ClientError as e: 71 | logging.error("Unable to trigger Instance Refresh for " 72 | "Auto Scaling group {}".format(asg_name)) 73 | raise e 74 | 75 | 76 | def lambda_handler(event, context): 77 | 78 | # Load SNS message body 79 | ib_notification = json.loads(event['Records'][0]['Sns']['Message']) 80 | logging.info(json.dumps(ib_notification, sort_keys=True, indent=4)) 81 | asg_name = os.environ['AutoScalingGroupName'] 82 | lt_id = os.environ['LaunchTemplateId'] 83 | 84 | # Finish if Image build wasn't successful 85 | if ib_notification['state']['status'] != "AVAILABLE": 86 | logging.warning("No action taken. EC2 Image build failed.") 87 | return("No action taken. EC2 Image build failed.") 88 | 89 | # Get the AMI ID for current region from Image Builder notification 90 | ami_id = get_ami_id_from_ib_notification(ib_notification) 91 | if ami_id is None: 92 | logging.warning("There's no image created for region {}".format( 93 | os.environ['AWS_REGION'])) 94 | return("No AMI id created for region {}".format( 95 | os.environ['AWS_REGION'])) 96 | 97 | # Change LT version to $Latest if not yet $Latest 98 | set_asg_launch_template_version_latest(asg_name, lt_id) 99 | 100 | # Trigger Auto Scaling group Instance Refresh 101 | trigger_auto_scaling_instance_refresh(asg_name) 102 | 103 | return("Success") 104 | -------------------------------------------------------------------------------- /InstanceRefreshHandler/requirements.txt: -------------------------------------------------------------------------------- 1 | boto3>=1.14.4 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Sample EC2 Auto Scaling groups Instance Refresh solution 2 | 3 | ## Introduction 4 | Instance Refresh is an EC2 Auto Scaling feature that enables automatic deployments of instances in Auto Scaling groups in order to release new application versions or make infrastructure updates. You can trigger an Instance Refresh using the EC2 Auto Scaling Management Console, or use the new `StartInstanceRefresh` API via the AWS CLI or any AWS SDK. All you need to do is specify the percentage of healthy instances to keep in the group while ASG terminates and launches instances, and the warm-up time which is the time period that ASG waits between groups of instances that it will refresh via Instance Refresh. If your ASG is using Health Checks, then ASG will also wait for the instances in the group to be healthy before it continues to the next group of instances. 5 | 6 | You can use this functionality in a wide variety of solutions and workflows. This repository contains a sample solution that uses EC2 Image Builder to build a golden AMI, update the launch template and notify an SNS topic. Amazon SNS triggers an AWS Lambda function that updates the EC2 Auto Scaling group to use `LaunchTemplateVersion = $Latest` and start an Instance Refresh. Your instance fleet will be refreshed and new instances will use the new AMI. 7 | 8 | ![Architecture](/images/architecture-diagram.png) 9 | 10 | ## Deploying the solution 11 | 12 | This solution deploys the following components: 13 | * An Amazon VPC with three public subnets 14 | * A sample EC2 Image Builder pipeline that builds an AMI from the latest Amazon Linux 2 image, updating the system, installing Docker CE and rebooting 15 | * An Amazon SNS Topic that receives notifications from the EC2 Image Builder pipeline 16 | * A sample EC2 Auto Scaling group with two instances using the latest Amazon Linux 2 AMI 17 | * An AWS Lambda function subscribed to the SNS topic that creates a new Launch Template version with the new created AMI and triggers an Instance Refresh of the above Auto Scaling group. 18 | * An IAM role to grant the AWS Lambda function permissions to invoke the Auto Scaling and EC2 APIs 19 | * An IAM role for EC2 Image Builder instances 20 | 21 | ### Requirements 22 | 23 | **Note:** For easiest deployment you can create a [Cloud9 environment](https://docs.aws.amazon.com/cloud9/latest/user-guide/create-environment.html), it already has the below requirements installed. 24 | 25 | * [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) 26 | * [Python 3 installed](https://www.python.org/downloads/) 27 | * [Docker installed](https://www.docker.com/community-edition) 28 | * [SAM CLI installed](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) 29 | 30 | ### Deployment Steps 31 | 32 | Once you've installed the requirements listed above, open a terminal session as you'll need to run through a few commands to deploy the solution. 33 | 34 | First, we need an `S3 bucket` where we can upload the Lambda function packaged as ZIP before we deploy anything - If you don't have a S3 bucket to store code artifacts then, this is a good time to create one: 35 | 36 | ```bash 37 | aws s3 mb s3://BUCKET_NAME 38 | ``` 39 | Next, clone the ec2-auto scaling-instance-refresh-sample repository to your local workstation or to your Cloud9 environment. 40 | 41 | ``` 42 | git clone https://github.com/aws-samples/ec2-auto-scaling-instance-refresh-sample.git 43 | ``` 44 | 45 | Next, change directories to the root directory for this example solution. 46 | 47 | ``` 48 | cd ec2-auto-scaling-instance-refresh-sample 49 | ``` 50 | 51 | Next, run the following command to build the Lambda function: 52 | 53 | ```bash 54 | sam build --use-container 55 | ``` 56 | 57 | Next, run the following command to package the Lambda function to S3: 58 | 59 | ```bash 60 | sam package \ 61 | --output-template-file packaged.yaml \ 62 | --s3-bucket REPLACE_THIS_WITH_YOUR_S3_BUCKET_NAME 63 | ``` 64 | 65 | Next, the following command will create a Cloudformation Stack and deploy your SAM resources. 66 | 67 | ```bash 68 | sam deploy \ 69 | --template-file packaged.yaml \ 70 | --stack-name ec2-auto-scaling-instance-refresh-sample \ 71 | --capabilities CAPABILITY_IAM 72 | ``` 73 | 74 | By default we use t3.micro instances for both the EC2 Image Builder instance and the sample Auto Scaling group instance type. If you want to use a different instance type, you can include parameter overrides on the `sam deploy` command. 75 | 76 | ```bash 77 | sam deploy \ 78 | --template-file packaged.yaml \ 79 | --stack-name ec2-auto-scaling-instance-refresh-sample \ 80 | --capabilities CAPABILITY_IAM \ 81 | --parameter-overrides \ 82 | BuildInstanceType=REPLACE_THIS_WITH_THE_INSTANCE_TYPE_YOU_WANT \ 83 | SampleAutoScalingGroupInstanceType=REPLACE_THIS_WITH_THE_INSTANCE_TYPE_YOU_WANT 84 | ``` 85 | 86 | You will find all the resources created on the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation/home?#/stacks/). 87 | 88 | ![CloudFormation console](/images/sam-cfn-console.png) 89 | 90 | ## Testing the solution 91 | 92 | Trigger the EC2 Image Builder Pipeline. 93 | 1. [Go to the EC2 Image Builder console](https://console.aws.amazon.com/imagebuilder/home?#viewPipeline) 94 | 2. Click on the `SampleAmazon2WithDockerPipeline` pipeline 95 | 3. Click on the `Actions` button on the top-right side of the console, and select `Run pipeline` 96 | 4. Wait until the pipeline finishes (it will take ~20 minutes to complete). You can refresh the `Output image` section clicking the circle arrow button on the right side of the console. 97 | ![Image Builder console](/images/image-builder-console.png) 98 | 5. (Optional) If you want to get notified when Image Builder finishes, you can [subscribe your e-mail to the SNS topic](https://docs.aws.amazon.com/sns/latest/dg/sns-getting-started.html#step-send-message) 99 | 6. Click on the image version that's been created to see the AMI id that's been created. 100 | 101 | Once the new image is built, you can check your Auto Scaling group and watch the instance refresh action. 102 | 1. Go to the [EC2 Auto Scaling console](https://console.aws.amazon.com/ec2autoscaling/home#/details) 103 | 2. Select the Auto Scaling group named `ec2-image-builder-instance-refresh-sample-SampleAuto ScalingGroup-*`. Then go to the `Instance Refresh` tab and you will see the instance refresh in progress. 104 | 3. You can also see the instance refresh events on the Activity tab. 105 | ![Auto Scaling activity](/images/asg-instance-refresh-activity-history.png) 106 | 4. You can also check on the EC2 Instances console and see how instances are shut down and new instances are launched. 107 | ![Instance Refresh](/images/ec2-instance-refresh.png) 108 | 5. Once it finishes, check the Auto Scaling group instances AMI on the EC2 Instances console (filter by Tag Name value `EC2 Image Builder Sample`). Select an instance and on the `Launch Configuration` tab you will find the AMI id. 109 | 110 | Feel free to also inspect the AWS Lambda function and the logs on the [CloudWatch logs console](https://console.aws.amazon.com/cloudwatch/home?#logsV2:log-groups). 111 | 112 | ## Clean up 113 | Once you're done, you can delete the solution going to the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation/home#/stacks) and deleting the `ec2-image-builder-instance-refresh-sample`. Don't forget to delete the following artifacts too: 114 | * Delete the AMI id that's been created by Image Builder. 115 | * Delete the [CloudWatch log group](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) for the Lambda function. You'll identify it with the name `/aws/lambda/ec2-auto-scaling-instance-r-InstanceRefreshHandler*`. You can find the AMI id above on the logs. 116 | * Consider deleting the Amazon S3 bucket used to store the packaged Lambda artifact if you created it in purpose to deploy this solution 117 | 118 | ## Cost of the solution 119 | 120 | The cost of the solution is covered completely by the free tier if your account is less than 12 months old (and you don't already exceed free tier limits like the 750 t3.micro hours monthly). Otherwise, the cost of testing the solution is less than $0.25 if running for an hour. Costs break-down below: 121 | * By default, this solution uses t3.micro instances, which cost $0.0104 / hour each in us-east-1. You can find all regions pricing [here](https://aws.amazon.com/ec2/pricing/on-demand/). t3.micro is eligible for [AWS Free tier](https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc) 122 | * There is no extra charge for EC2 Image Builder, you only pay for the underlying EC2 resources. By default, this solution uses t3.micro instances to build AMIs. 123 | * There are no charges for SNS Lambda notifications. If you subscribe your e-mail to the SNS topic, the first 1,000 notifications are free. More details [here](https://aws.amazon.com/sns/pricing/) 124 | * AWS Lambda first 1 Million requests per month are covered by the [AWS Free tier](https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc). 125 | * Cloudwatch Logs usage is covered by the free tier if you use less than 5GB of data. More info [here](https://aws.amazon.com/cloudwatch/pricing/). 126 | 127 | ## Security 128 | 129 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 130 | 131 | ## License 132 | 133 | This library is licensed under the MIT-0 License. See the LICENSE file. 134 | 135 | -------------------------------------------------------------------------------- /THIRD-PARTY-LICENSES.txt: -------------------------------------------------------------------------------- 1 | ** boto3 1.12.49; version 1.12.49 -- https://github.com/boto/boto3 2 | ** botocore 1.15.49; version 1.15.49 -- https://github.com/boto/botocore 3 | 4 | Apache License 5 | 6 | Version 2.0, January 2004 7 | 8 | http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND 9 | DISTRIBUTION 10 | 11 | 1. Definitions. 12 | 13 | "License" shall mean the terms and conditions for use, reproduction, and 14 | distribution as defined by Sections 1 through 9 of this document. 15 | 16 | "Licensor" shall mean the copyright owner or entity authorized by the 17 | copyright owner that is granting the License. 18 | 19 | "Legal Entity" shall mean the union of the acting entity and all other 20 | entities that control, are controlled by, or are under common control 21 | with that entity. For the purposes of this definition, "control" means 22 | (i) the power, direct or indirect, to cause the direction or management 23 | of such entity, whether by contract or otherwise, or (ii) ownership of 24 | fifty percent (50%) or more of the outstanding shares, or (iii) 25 | beneficial ownership of such entity. 26 | 27 | "You" (or "Your") shall mean an individual or Legal Entity exercising 28 | permissions granted by this License. 29 | 30 | "Source" form shall mean the preferred form for making modifications, 31 | including but not limited to software source code, documentation source, 32 | and configuration files. 33 | 34 | "Object" form shall mean any form resulting from mechanical 35 | transformation or translation of a Source form, including but not limited 36 | to compiled object code, generated documentation, and conversions to 37 | other media types. 38 | 39 | "Work" shall mean the work of authorship, whether in Source or Object 40 | form, made available under the License, as indicated by a copyright 41 | notice that is included in or attached to the work (an example is 42 | provided in the Appendix below). 43 | 44 | "Derivative Works" shall mean any work, whether in Source or Object form, 45 | that is based on (or derived from) the Work and for which the editorial 46 | revisions, annotations, elaborations, or other modifications represent, 47 | as a whole, an original work of authorship. For the purposes of this 48 | License, Derivative Works shall not include works that remain separable 49 | from, or merely link (or bind by name) to the interfaces of, the Work and 50 | Derivative Works thereof. 51 | 52 | "Contribution" shall mean any work of authorship, including the original 53 | version of the Work and any modifications or additions to that Work or 54 | Derivative Works thereof, that is intentionally submitted to Licensor for 55 | inclusion in the Work by the copyright owner or by an individual or Legal 56 | Entity authorized to submit on behalf of the copyright owner. For the 57 | purposes of this definition, "submitted" means any form of electronic, 58 | verbal, or written communication sent to the Licensor or its 59 | representatives, including but not limited to communication on electronic 60 | mailing lists, source code control systems, and issue tracking systems 61 | that are managed by, or on behalf of, the Licensor for the purpose of 62 | discussing and improving the Work, but excluding communication that is 63 | conspicuously marked or otherwise designated in writing by the copyright 64 | owner as "Not a Contribution." 65 | 66 | "Contributor" shall mean Licensor and any individual or Legal Entity on 67 | behalf of whom a Contribution has been received by Licensor and 68 | subsequently incorporated within the Work. 69 | 70 | 2. Grant of Copyright License. Subject to the terms and conditions of this 71 | License, each Contributor hereby grants to You a perpetual, worldwide, 72 | non-exclusive, no-charge, royalty-free, irrevocable copyright license to 73 | reproduce, prepare Derivative Works of, publicly display, publicly perform, 74 | sublicense, and distribute the Work and such Derivative Works in Source or 75 | Object form. 76 | 77 | 3. Grant of Patent License. Subject to the terms and conditions of this 78 | License, each Contributor hereby grants to You a perpetual, worldwide, 79 | non-exclusive, no-charge, royalty-free, irrevocable (except as stated in 80 | this section) patent license to make, have made, use, offer to sell, sell, 81 | import, and otherwise transfer the Work, where such license applies only to 82 | those patent claims licensable by such Contributor that are necessarily 83 | infringed by their Contribution(s) alone or by combination of their 84 | Contribution(s) with the Work to which such Contribution(s) was submitted. 85 | If You institute patent litigation against any entity (including a 86 | cross-claim or counterclaim in a lawsuit) alleging that the Work or a 87 | Contribution incorporated within the Work constitutes direct or contributory 88 | patent infringement, then any patent licenses granted to You under this 89 | License for that Work shall terminate as of the date such litigation is 90 | filed. 91 | 92 | 4. Redistribution. You may reproduce and distribute copies of the Work or 93 | Derivative Works thereof in any medium, with or without modifications, and 94 | in Source or Object form, provided that You meet the following conditions: 95 | 96 | (a) You must give any other recipients of the Work or Derivative Works a 97 | copy of this License; and 98 | 99 | (b) You must cause any modified files to carry prominent notices stating 100 | that You changed the files; and 101 | 102 | (c) You must retain, in the Source form of any Derivative Works that You 103 | distribute, all copyright, patent, trademark, and attribution notices 104 | from the Source form of the Work, excluding those notices that do not 105 | pertain to any part of the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must include 109 | a readable copy of the attribution notices contained within such NOTICE 110 | file, excluding those notices that do not pertain to any part of the 111 | Derivative Works, in at least one of the following places: within a 112 | NOTICE text file distributed as part of the Derivative Works; within the 113 | Source form or documentation, if provided along with the Derivative 114 | Works; or, within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents of the 116 | NOTICE file are for informational purposes only and do not modify the 117 | License. You may add Your own attribution notices within Derivative Works 118 | that You distribute, alongside or as an addendum to the NOTICE text from 119 | the Work, provided that such additional attribution notices cannot be 120 | construed as modifying the License. 121 | 122 | You may add Your own copyright statement to Your modifications and may 123 | provide additional or different license terms and conditions for use, 124 | reproduction, or distribution of Your modifications, or for any such 125 | Derivative Works as a whole, provided Your use, reproduction, and 126 | distribution of the Work otherwise complies with the conditions stated in 127 | this License. 128 | 129 | 5. Submission of Contributions. Unless You explicitly state otherwise, any 130 | Contribution intentionally submitted for inclusion in the Work by You to the 131 | Licensor shall be under the terms and conditions of this License, without 132 | any additional terms or conditions. Notwithstanding the above, nothing 133 | herein shall supersede or modify the terms of any separate license agreement 134 | you may have executed with Licensor regarding such Contributions. 135 | 136 | 6. Trademarks. This License does not grant permission to use the trade 137 | names, trademarks, service marks, or product names of the Licensor, except 138 | as required for reasonable and customary use in describing the origin of the 139 | Work and reproducing the content of the NOTICE file. 140 | 141 | 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in 142 | writing, Licensor provides the Work (and each Contributor provides its 143 | Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 144 | KIND, either express or implied, including, without limitation, any 145 | warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or 146 | FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining 147 | the appropriateness of using or redistributing the Work and assume any risks 148 | associated with Your exercise of permissions under this License. 149 | 150 | 8. Limitation of Liability. In no event and under no legal theory, whether 151 | in tort (including negligence), contract, or otherwise, unless required by 152 | applicable law (such as deliberate and grossly negligent acts) or agreed to 153 | in writing, shall any Contributor be liable to You for damages, including 154 | any direct, indirect, special, incidental, or consequential damages of any 155 | character arising as a result of this License or out of the use or inability 156 | to use the Work (including but not limited to damages for loss of goodwill, 157 | work stoppage, computer failure or malfunction, or any and all other 158 | commercial damages or losses), even if such Contributor has been advised of 159 | the possibility of such damages. 160 | 161 | 9. Accepting Warranty or Additional Liability. While redistributing the Work 162 | or Derivative Works thereof, You may choose to offer, and charge a fee for, 163 | acceptance of support, warranty, indemnity, or other liability obligations 164 | and/or rights consistent with this License. However, in accepting such 165 | obligations, You may act only on Your own behalf and on Your sole 166 | responsibility, not on behalf of any other Contributor, and only if You 167 | agree to indemnify, defend, and hold each Contributor harmless for any 168 | liability incurred by, or claims asserted against, such Contributor by 169 | reason of your accepting any such warranty or additional liability. END OF 170 | TERMS AND CONDITIONS 171 | 172 | APPENDIX: How to apply the Apache License to your work. 173 | 174 | To apply the Apache License to your work, attach the following boilerplate 175 | notice, with the fields enclosed by brackets "[]" replaced with your own 176 | identifying information. (Don't include the brackets!) The text should be 177 | enclosed in the appropriate comment syntax for the file format. We also 178 | recommend that a file or class name and description of purpose be included on 179 | the same "printed page" as the copyright notice for easier identification 180 | within third-party archives. 181 | 182 | Copyright [yyyy] [name of copyright owner] 183 | 184 | Licensed under the Apache License, Version 2.0 (the "License"); 185 | 186 | you may not use this file except in compliance with the License. 187 | 188 | You may obtain a copy of the License at 189 | 190 | http://www.apache.org/licenses/LICENSE-2.0 191 | 192 | Unless required by applicable law or agreed to in writing, software 193 | 194 | distributed under the License is distributed on an "AS IS" BASIS, 195 | 196 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 197 | 198 | See the License for the specific language governing permissions and 199 | 200 | limitations under the License. 201 | 202 | * For boto3 1.12.49 see also this required NOTICE: 203 | boto3 204 | Copyright 2013-2017 Amazon.com, Inc. or its affiliates. All Rights 205 | Reserved. 206 | * For botocore 1.15.49 see also this required NOTICE: 207 | Botocore 208 | Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights 209 | Reserved. 210 | 211 | ---- 212 | 213 | Botocore includes a vendorized copy of the requests python library to ease 214 | installation. 215 | 216 | Requests License 217 | ================ 218 | 219 | Copyright 2013 Kenneth Reitz 220 | 221 | Licensed under the Apache License, Version 2.0 (the "License"); 222 | you may not use this file except in compliance with the License. 223 | You may obtain a copy of the License at 224 | 225 | http://www.apache.org/licenses/LICENSE-2.0 226 | 227 | Unless required by applicable law or agreed to in writing, software 228 | distributed under the License is distributed on an "AS IS" BASIS, 229 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 230 | See the License for the specific language governing permissions and 231 | limitations under the License. 232 | 233 | 234 | The requests library also includes some vendorized python libraries to ease 235 | installation. 236 | 237 | Urllib3 License 238 | =============== 239 | 240 | This is the MIT license: http://www.opensource.org/licenses/mit-license.php 241 | 242 | Copyright 2008-2011 Andrey Petrov and contributors (see CONTRIBUTORS.txt), 243 | Modifications copyright 2012 Kenneth Reitz. 244 | 245 | Permission is hereby granted, free of charge, to any person obtaining a 246 | copy of this 247 | software and associated documentation files (the "Software"), to deal in 248 | the Software 249 | without restriction, including without limitation the rights to use, copy, 250 | modify, merge, 251 | publish, distribute, sublicense, and/or sell copies of the Software, and to 252 | permit persons 253 | to whom the Software is furnished to do so, subject to the following 254 | conditions: 255 | 256 | The above copyright notice and this permission notice shall be included in 257 | all copies or 258 | substantial portions of the Software. 259 | 260 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 261 | IMPLIED, 262 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR 263 | A PARTICULAR 264 | PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 265 | HOLDERS BE LIABLE 266 | FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 267 | CONTRACT, TORT OR 268 | OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 269 | USE OR OTHER 270 | DEALINGS IN THE SOFTWARE. 271 | 272 | Chardet License 273 | =============== 274 | 275 | This library is free software; you can redistribute it and/or 276 | modify it under the terms of the GNU Lesser General Public 277 | License as published by the Free Software Foundation; either 278 | version 2.1 of the License, or (at your option) any later version. 279 | 280 | This library is distributed in the hope that it will be useful, 281 | but WITHOUT ANY WARRANTY; without even the implied warranty of 282 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 283 | Lesser General Public License for more details. 284 | 285 | You should have received a copy of the GNU Lesser General Public 286 | License along with this library; if not, write to the Free Software 287 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 288 | 02110-1301 USA 289 | 290 | Bundle of CA Root Certificates 291 | ============================== 292 | 293 | This library is free software; you can redistribute it and/or 294 | modify it under the terms of the GNU Lesser General Public 295 | License as published by the Free Software Foundation; either 296 | version 2.1 of the License, or (at your option) any later version. 297 | 298 | This library is distributed in the hope that it will be useful, 299 | but WITHOUT ANY WARRANTY; without even the implied warranty of 300 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 301 | Lesser General Public License for more details. 302 | 303 | You should have received a copy of the GNU Lesser General Public 304 | License along with this library; if not, write to the Free Software 305 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 306 | 02110-1301 -------------------------------------------------------------------------------- /images/architecture-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/ec2-auto-scaling-instance-refresh-sample/95fcf3dd19f837349098e1a710b1a6bdd9705ecc/images/architecture-diagram.png -------------------------------------------------------------------------------- /images/asg-instance-refresh-activity-history.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/ec2-auto-scaling-instance-refresh-sample/95fcf3dd19f837349098e1a710b1a6bdd9705ecc/images/asg-instance-refresh-activity-history.png -------------------------------------------------------------------------------- /images/ec2-instance-refresh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/ec2-auto-scaling-instance-refresh-sample/95fcf3dd19f837349098e1a710b1a6bdd9705ecc/images/ec2-instance-refresh.png -------------------------------------------------------------------------------- /images/edit-auto-scaling-group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/ec2-auto-scaling-instance-refresh-sample/95fcf3dd19f837349098e1a710b1a6bdd9705ecc/images/edit-auto-scaling-group.png -------------------------------------------------------------------------------- /images/image-builder-console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/ec2-auto-scaling-instance-refresh-sample/95fcf3dd19f837349098e1a710b1a6bdd9705ecc/images/image-builder-console.png -------------------------------------------------------------------------------- /images/sam-cfn-console.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/ec2-auto-scaling-instance-refresh-sample/95fcf3dd19f837349098e1a710b1a6bdd9705ecc/images/sam-cfn-console.png -------------------------------------------------------------------------------- /sample-event.json: -------------------------------------------------------------------------------- 1 | { 2 | "Records": [ 3 | { 4 | "EventSource": "aws:sns", 5 | "EventVersion": "1.0", 6 | "EventSubscriptionArn": "arn:aws:sns:us-east-1::ExampleTopic", 7 | "Sns": { 8 | "Type": "Notification", 9 | "MessageId": "95df01b4-ee98-5cb9-9903-4c221d41eb5e", 10 | "TopicArn": "arn:aws:sns:us-east-1:123456789012:ExampleTopic", 11 | "Subject": "example subject", 12 | "Message": "{\n \"versionlessArn\": \"arn:aws:imagebuilder:us-east-1:123456789101:image/test-recipe\",\n \"semver\": 1237940039285380274899124225,\n \"arn\": \"arn:aws:imagebuilder:us-east-1:123456789101:image/test-recipe/1.0.0/1\",\n \"name\": \"test-recipe\",\n \"version\": \"1.0.0\",\n \"buildVersion\": 1,\n \"state\": {\n \"status\": \"AVAILABLE\"\n },\n \"platform\": \"Linux\",\n \"imageRecipe\": {\n \"arn\": \"arn:aws:imagebuilder:us-east-1:123456789101:image-recipe/test-recipe/1.0.0\",\n \"name\": \"test-recipe\",\n \"version\": \"1.0.0\",\n \"components\": [\n {\n \"componentArn\": \"arn:aws:imagebuilder:us-east-1:627945338248:component/reboot-test-linux/1.0.0/1\"\n },\n {\n \"componentArn\": \"arn:aws:imagebuilder:us-east-1:627945338248:component/powershell-core-linux/6.2.4/1\"\n },\n {\n \"componentArn\": \"arn:aws:imagebuilder:us-east-1:627945338248:component/php-7-2-linux/1.0.0/1\"\n }\n ],\n \"platform\": \"Linux\",\n \"parentImage\": \"arn:aws:imagebuilder:us-east-1:627945338248:image/amazon-linux-2-x86/2020.5.27/1\",\n \"dateCreated\": \"Jun 3, 2020 3:04:11 PM\",\n \"tags\": {\n \"internalId\": \"7d1f2ac0-12f1-49f8-873f-0cb8b593de24\",\n \"resourceArn\": \"arn:aws:imagebuilder:us-east-1:123456789101:image-recipe/test-recipe/1.0.0\"\n },\n \"accountId\": \"123456789101\"\n },\n \"sourcePipelineArn\": \"arn:aws:imagebuilder:us-east-1:123456789101:image-pipeline/test-image-builder-pipeline\",\n \"infrastructureConfiguration\": {\n \"arn\": \"arn:aws:imagebuilder:us-east-1:123456789101:infrastructure-configuration/test-image-builder-pipeline-infrastructureconfiguration-d75395913b32\",\n \"name\": \"test-image-builder-pipeline-infrastructureConfiguration-d75395913b32\",\n \"instanceTypes\": [\n \"m4.large\"\n ],\n \"instanceProfileName\": \"EC2RoleForImageBuilderInstance\",\n \"securityGroupIds\": [\n \"sg-xxxxxxxxxx\"\n ],\n \"subnetId\": \"subnet-xxxxxxxxxxxxx\",\n \"tags\": {\n \"internalId\": \"5ebbdb9f-37f7-47e1-aeab-49d71aba1c12\",\n \"resourceArn\": \"arn:aws:imagebuilder:us-east-1:123456789101:infrastructure-configuration/test-image-builder-pipeline-infrastructureconfiguration-d75395913b32\"\n },\n \"logging\": {\n \"s3Logs\": {\n \"s3BucketName\": \"aws-logs-123456789101-us-east-1\",\n \"s3KeyPrefix\": \"image-builder\"\n }\n },\n \"terminateInstanceOnFailure\": true,\n \"snsTopicArn\": \"arn:aws:sns:us-east-1:123456789101:image-builder-topic\",\n \"dateCreated\": \"Jun 3, 2020 3:14:19 PM\",\n \"accountId\": \"123456789101\"\n },\n \"imageTestsConfigurationDocument\": {\n \"imageTestsEnabled\": true,\n \"timeoutMinutes\": 720\n },\n \"distributionConfiguration\": {\n \"arn\": \"arn:aws:imagebuilder:us-east-1:123456789101:distribution-configuration/test-image-builder-pipeline-distributionconfiguration-4265eb8ac0dc\",\n \"name\": \"test-image-builder-pipeline-distributionConfiguration-4265eb8ac0dc\",\n \"dateCreated\": \"Jun 3, 2020 3:14:19 PM\",\n \"distributions\": [\n {\n \"region\": \"us-east-1\",\n \"amiDistributionConfiguration\": {\n \"name\": \"test-builder-ami 2020-06-03T15-39-02.897Z\",\n \"amiTags\": {\n \"ami-alias\": \"test-alias\"\n }\n }\n }\n ],\n \"tags\": {\n \"internalId\": \"4c133101-9494-4fd1-a044-7250e2b32388\",\n \"resourceArn\": \"arn:aws:imagebuilder:us-east-1:123456789101:distribution-configuration/test-image-builder-pipeline-distributionconfiguration-4265eb8ac0dc\"\n },\n \"accountId\": \"123456789101\"\n },\n \"dateCreated\": \"Jun 3, 2020 3:39:02 PM\",\n \"outputResources\": {\n \"amis\": [\n {\n \"region\": \"us-east-1\",\n \"image\": \"place-here-your-test-ami-id\",\n \"name\": \"test-builder-ami 2020-06-03T15-39-02.897Z\"\n }\n ]\n },\n \"buildExecutionId\": \"ad08236c-691a-4aa5-a1f1-16938b51369c\",\n \"testExecutionId\": \"e8fa9637-0dc0-4876-897c-0e8d421789de\",\n \"distributionJobId\": \"bf9e9be2-0a71-4592-9f25-e86929349db6\",\n \"integrationJobId\": \"d84b1693-90cb-44c4-85c1-9674bcca2e36\",\n \"accountId\": \"123456789101\",\n \"enhancedImageMetadataEnabled\": false,\n \"tags\": {\n \"internalId\": \"bac4b6e8-757c-456e-a5ae-5e01d5d324e7\",\n \"resourceArn\": \"arn:aws:imagebuilder:us-east-1:123456789101:image/test-recipe/1.0.0/1\"\n }\n}", 13 | "Timestamp": "1970-01-01T00:00:00.000Z", 14 | "SignatureVersion": "1", 15 | "Signature": "EXAMPLE", 16 | "SigningCertUrl": "EXAMPLE", 17 | "UnsubscribeUrl": "EXAMPLE", 18 | "MessageAttributes": { 19 | "Test": { 20 | "Type": "String", 21 | "Value": "TestString" 22 | }, 23 | "TestBinary": { 24 | "Type": "Binary", 25 | "Value": "TestBinary" 26 | } 27 | } 28 | } 29 | } 30 | ] 31 | } -------------------------------------------------------------------------------- /template.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Transform: 'AWS::Serverless-2016-10-31' 3 | Description: > 4 | "Sample solution to create a new launch template version with a new AMI created by EC2 5 | Image Builder and trigger an Auto Scaling group instance refresh" 6 | 7 | Metadata: 8 | License: 9 | Description: > 10 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 11 | SPDX-License-Identifier: MIT-0 12 | 13 | Permission is hereby granted, free of charge, to any person obtaining a copy of this 14 | software and associated documentation files (the "Software"), to deal in the Software 15 | without restriction, including without limitation the rights to use, copy, modify, 16 | merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 17 | permit persons to whom the Software is furnished to do so. 18 | 19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 20 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 21 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 22 | HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 23 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 24 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 25 | 26 | Parameters: 27 | EnvironmentName: 28 | Type: String 29 | Default: "EC2 Image Builder Sample" 30 | AmazonLinux2LatestAmiId: 31 | Type: AWS::SSM::Parameter::Value 32 | Default: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" 33 | BuildInstanceType: 34 | Type: String 35 | Default: "t3.micro" 36 | Description: "Image Builder instance type" 37 | SampleAutoScalingGroupInstanceType: 38 | Type: String 39 | Default: "t3.micro" 40 | Description: Instance type for sample Auto Scaling group 41 | 42 | Resources: 43 | InstanceRefreshHandler: 44 | Type: 'AWS::Serverless::Function' 45 | Properties: 46 | Handler: lambda_function.lambda_handler 47 | Runtime: python3.8 48 | MemorySize: 128 49 | Timeout: 30 50 | Role: !GetAtt InstanceRefreshHandlerLambdaRole.Arn 51 | CodeUri: InstanceRefreshHandler/ 52 | Environment: 53 | Variables: 54 | AutoScalingGroupName: !Ref SampleAutoScalingGroup 55 | LaunchTemplateId: !Ref SampleLaunchTemplate 56 | 57 | InstanceRefreshHandlerLambdaRole: 58 | Type: 'AWS::IAM::Role' 59 | Properties: 60 | AssumeRolePolicyDocument: 61 | Version: '2012-10-17' 62 | Statement: 63 | - Effect: Allow 64 | Principal: 65 | Service: 66 | - lambda.amazonaws.com 67 | Action: 68 | - sts:AssumeRole 69 | Path: "/service-role/" 70 | Policies: 71 | - PolicyName: lambdaExecution-InstanceRefreshHandler 72 | PolicyDocument: 73 | Version: '2012-10-17' 74 | Statement: 75 | - Effect: Allow 76 | Action: 77 | - logs:CreateLogGroup 78 | Resource: '*' 79 | - Effect: Allow 80 | Action: 81 | - logs:CreateLogStream 82 | - logs:PutLogEvents 83 | Resource: '*' 84 | - Effect: Allow 85 | Action: 86 | #https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-launch-template-permissions.html 87 | - autoscaling:StartInstanceRefresh 88 | - autoscaling:Describe* 89 | - autoscaling:UpdateAutoScalingGroup 90 | - ec2:CreateLaunchTemplateVersion 91 | - ec2:DescribeLaunchTemplates 92 | - ec2:RunInstances 93 | Resource: '*' 94 | 95 | ImageBuilderSNSTopic: 96 | Type: "AWS::SNS::Topic" 97 | Properties: 98 | Subscription: 99 | - Endpoint: !GetAtt InstanceRefreshHandler.Arn 100 | Protocol: lambda 101 | 102 | SNSLambdaPermission: 103 | Type: AWS::Lambda::Permission 104 | Properties: 105 | FunctionName: !GetAtt InstanceRefreshHandler.Arn 106 | Action: lambda:InvokeFunction 107 | Principal: sns.amazonaws.com 108 | SourceArn: !Ref ImageBuilderSNSTopic 109 | 110 | EC2ImageBuilderRecipe: 111 | Type: AWS::ImageBuilder::ImageRecipe 112 | Properties: 113 | Name: SampleEC2ImageBuilderRecipe 114 | Description: This recipe updates the system and installs Docker CE 115 | ParentImage: !Ref AmazonLinux2LatestAmiId 116 | Components: 117 | - ComponentArn: !Sub "arn:aws:imagebuilder:${AWS::Region}:aws:component/update-linux/1.0.0/1" 118 | - ComponentArn: !Sub "arn:aws:imagebuilder:${AWS::Region}:aws:component/docker-ce-linux/1.0.0/1" 119 | - ComponentArn: !Sub "arn:aws:imagebuilder:${AWS::Region}:aws:component/reboot-linux/1.0.1/1" 120 | Version: "1.0.0" 121 | 122 | EC2ImageBuilderPipeline: 123 | Type: AWS::ImageBuilder::ImagePipeline 124 | Properties: 125 | Name: SampleAmazon2WithDockerPipeline 126 | ImageRecipeArn: !Ref EC2ImageBuilderRecipe 127 | InfrastructureConfigurationArn: !Ref EC2ImageBuilderInfrastructureConfiguration 128 | DistributionConfigurationArn: !Ref EC2ImageBuilderDistributionConfiguration 129 | 130 | EC2ImageBuilderInfrastructureConfiguration: 131 | Type: AWS::ImageBuilder::InfrastructureConfiguration 132 | Properties: 133 | Name: SampleInstanceConfigurationForEC2ImageBuilder 134 | InstanceTypes: 135 | - !Ref BuildInstanceType 136 | InstanceProfileName: !Ref EC2ImageBuilderIAMInstanceProfile 137 | SnsTopicArn: !Ref ImageBuilderSNSTopic 138 | SubnetId: !Ref PublicSubnet1 139 | SecurityGroupIds: 140 | - !GetAtt VPC.DefaultSecurityGroup 141 | TerminateInstanceOnFailure: true 142 | 143 | EC2ImageBuilderDistributionConfiguration: 144 | Type: AWS::ImageBuilder::DistributionConfiguration 145 | Properties: 146 | Name: SampleDistributionConfigurationForEC2ImageBuilder 147 | Distributions: 148 | - AmiDistributionConfiguration: 149 | Name: SampleAmazon2WithDockerAmi - {{ imagebuilder:buildDate }} 150 | LaunchPermissionConfiguration: 151 | UserIds: 152 | - !Sub ${AWS::AccountId} 153 | Region: !Sub ${AWS::Region} 154 | LaunchTemplateConfigurations: 155 | - LaunchTemplateId: !Ref SampleLaunchTemplate 156 | AccountId: !Sub ${AWS::AccountId} 157 | SetDefaultVersion: true 158 | 159 | EC2ImageBuilderIAMRole: 160 | Type: AWS::IAM::Role 161 | Properties: 162 | AssumeRolePolicyDocument: 163 | Version: "2012-10-17" 164 | Statement: 165 | - Effect: "Allow" 166 | Principal: 167 | Service: 168 | - ec2.amazonaws.com 169 | Action: 170 | - sts:AssumeRole 171 | ManagedPolicyArns: 172 | - arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder 173 | - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore 174 | 175 | EC2ImageBuilderIAMInstanceProfile: 176 | Type: AWS::IAM::InstanceProfile 177 | Properties: 178 | Roles: 179 | - !Ref EC2ImageBuilderIAMRole 180 | 181 | SampleAutoScalingGroup: 182 | Type: AWS::AutoScaling::AutoScalingGroup 183 | Properties: 184 | MinSize: "0" 185 | MaxSize: "4" 186 | DesiredCapacity: "2" 187 | VPCZoneIdentifier: 188 | - !Ref PublicSubnet1 189 | - !Ref PublicSubnet2 190 | - !Ref PublicSubnet3 191 | LaunchTemplate: 192 | LaunchTemplateId: !Ref SampleLaunchTemplate 193 | Version: !GetAtt SampleLaunchTemplate.LatestVersionNumber 194 | Tags: 195 | - Key: Name 196 | Value: !Ref EnvironmentName 197 | PropagateAtLaunch: true 198 | 199 | SampleLaunchTemplate: 200 | Type: AWS::EC2::LaunchTemplate 201 | Properties: 202 | LaunchTemplateData: 203 | ImageId: !Ref AmazonLinux2LatestAmiId 204 | InstanceType: !Ref SampleAutoScalingGroupInstanceType 205 | SecurityGroupIds: 206 | - !GetAtt VPC.DefaultSecurityGroup 207 | 208 | VPC: 209 | Type: AWS::EC2::VPC 210 | Properties: 211 | CidrBlock: "10.0.0.0/16" 212 | EnableDnsSupport: true 213 | EnableDnsHostnames: true 214 | Tags: 215 | - Key: Name 216 | Value: !Ref EnvironmentName 217 | 218 | InternetGateway: 219 | Type: AWS::EC2::InternetGateway 220 | Properties: 221 | Tags: 222 | - Key: Name 223 | Value: !Ref EnvironmentName 224 | 225 | InternetGatewayAttachment: 226 | Type: AWS::EC2::VPCGatewayAttachment 227 | Properties: 228 | InternetGatewayId: !Ref InternetGateway 229 | VpcId: !Ref VPC 230 | 231 | PublicSubnet1: 232 | Type: AWS::EC2::Subnet 233 | Properties: 234 | VpcId: !Ref VPC 235 | AvailabilityZone: !Select [ 0, !GetAZs '' ] 236 | CidrBlock: "10.0.0.0/24" 237 | MapPublicIpOnLaunch: true 238 | Tags: 239 | - Key: Name 240 | Value: !Sub ${EnvironmentName} Public Subnet (AZ1) 241 | 242 | PublicSubnet2: 243 | Type: AWS::EC2::Subnet 244 | Properties: 245 | VpcId: !Ref VPC 246 | AvailabilityZone: !Select [ 1, !GetAZs '' ] 247 | CidrBlock: "10.0.1.0/24" 248 | MapPublicIpOnLaunch: true 249 | Tags: 250 | - Key: Name 251 | Value: !Sub ${EnvironmentName} Public Subnet (AZ2) 252 | 253 | PublicSubnet3: 254 | Type: AWS::EC2::Subnet 255 | Properties: 256 | VpcId: !Ref VPC 257 | AvailabilityZone: !Select [ 2, !GetAZs '' ] 258 | CidrBlock: "10.0.2.0/24" 259 | MapPublicIpOnLaunch: true 260 | Tags: 261 | - Key: Name 262 | Value: !Sub ${EnvironmentName} Public Subnet (AZ3) 263 | 264 | PublicRouteTable: 265 | Type: AWS::EC2::RouteTable 266 | Properties: 267 | VpcId: !Ref VPC 268 | Tags: 269 | - Key: Name 270 | Value: !Sub ${EnvironmentName} Public Routes 271 | 272 | DefaultPublicRoute: 273 | Type: AWS::EC2::Route 274 | DependsOn: InternetGatewayAttachment 275 | Properties: 276 | RouteTableId: !Ref PublicRouteTable 277 | DestinationCidrBlock: 0.0.0.0/0 278 | GatewayId: !Ref InternetGateway 279 | 280 | PublicSubnet1RouteTableAssociation: 281 | Type: AWS::EC2::SubnetRouteTableAssociation 282 | Properties: 283 | RouteTableId: !Ref PublicRouteTable 284 | SubnetId: !Ref PublicSubnet1 285 | 286 | PublicSubnet2RouteTableAssociation: 287 | Type: AWS::EC2::SubnetRouteTableAssociation 288 | Properties: 289 | RouteTableId: !Ref PublicRouteTable 290 | SubnetId: !Ref PublicSubnet2 291 | 292 | PublicSubnet3RouteTableAssociation: 293 | Type: AWS::EC2::SubnetRouteTableAssociation 294 | Properties: 295 | RouteTableId: !Ref PublicRouteTable 296 | SubnetId: !Ref PublicSubnet3 297 | 298 | Outputs: 299 | EC2ImageBuilderPipeline: 300 | Description: Sample EC2 Image Builder Pipeline 301 | Value: !Ref EC2ImageBuilderPipeline 302 | SNSTopic: 303 | Description: Amazon SNS topic subscribed to the EC2 Image Builder pipeline to trigger Lambda 304 | Value: !Ref ImageBuilderSNSTopic 305 | LambdaFunction: 306 | Description: AWS Lambda function handling EC2 Image Builder Notifications and triggering Auto Scaling Instance Refresh 307 | Value: !Ref InstanceRefreshHandler 308 | SampleAutoScalingGroup: 309 | Description: Sample Auto Scaling group 310 | Value: !Ref SampleAutoScalingGroup 311 | LaunchTemplate: 312 | Description: Sample Launch Template for Auto Scaling group 313 | Value: !Ref SampleLaunchTemplate --------------------------------------------------------------------------------