├── 1-1 CF Essentials ├── readme └── EC2withSG.json ├── 1-3 intro to yaml ├── readme ├── yamlintro.yaml └── EC2withSG.yaml ├── 8-6-Override └── readme ├── 3-2 Stack Details ├── readme └── EC2withSG.json ├── 4-4 Nested Stacks ├── readme ├── s3bucket.json └── crossstacknetwork.json ├── 6-7-ParameterStore └── readme ├── 8-2-IntroToStackSets ├── readme ├── AWSCloudFormationStackSetExecutionRole.yml └── AWSCloudFormationStackSetAdministrationRole (1).yml ├── Labs ├── TemplateAnatomy │ ├── readme │ ├── templateAnatomy.yaml │ ├── templateAnatomy.json │ └── Template_Anatomy2.yaml ├── TemplatesAndStacks │ ├── index.html │ ├── Lab1_VPC.json │ ├── Lab1_S3Retain.json │ └── Lab1Dynamo.json ├── Condition Functions │ ├── hints.json │ ├── Lab1_VPC.json │ └── vpctenancy.json ├── NestedStacks │ ├── root.json │ ├── multinest.json │ ├── noretain.json │ ├── s3static.json │ └── index.html ├── CF with AWS Config │ └── awsconfigrule.json └── CrossStack │ ├── crossstack.json │ └── crossstackapp.json ├── 2-9 CF and VPCs └── Template Checklist.docx ├── 6-8-DynamicReferences ├── index.html └── S3Retain.yaml ├── 9-1-Pipeline └── test-stack-configuration.json ├── 2-1 Template Format ├── 2-1 resource.yaml ├── 2-1 resource.json └── s3resourceExample.json ├── 4-2 DeeperUpdate └── stackpolicy.json ├── 6-4 Update Policy ├── updatepolicysnippets.json └── rollingupdate.json ├── 7-5-SAM ├── template.yaml ├── output.yaml └── lambda_function.py ├── 6-9 SecretsManager ├── secretsSnippet.json └── secrets.yaml ├── 2-10-CFBestPract └── 2-10-tempbestpractice.yaml ├── 6-2 Wait Condition └── waitcondition.yaml ├── 1-4 CF and IAM ├── exampleCFPolicies.json └── EC2withSG.json ├── 8-3-CreateStackSets └── S3retain.json ├── 8-4-UpdateStackSets └── S3noretain.json ├── 3-6 vpc endpoint └── vpcendpointS3.yaml ├── 3-3 Protecting Stacks ├── stackpolicyexamples.json ├── iam4CF.json └── EC2withSG.yaml ├── 2-5 Condition ├── resourceCondition.yaml ├── prodCondition.yaml ├── conditionSnippets.json ├── prodCondition.json └── resourceCondition.json ├── 3-4 Rollback Triggers └── dynamoDBSecondary.json ├── 7-4-pwdChecker ├── IAMOriginal.yaml └── IAMpwdCheck.yaml ├── 4-4 CrossStack ├── crossstacknetwork.json └── crossstackapp.json ├── 7-3-ExampleAMISelect └── amilookup.js ├── 7-1-CustomResources ├── IAMpwdCheck.yaml └── AMILook.json ├── 9-2-PipelineP2 └── basicpipeline.yml ├── 3-1-StacksIntro ├── EC2withSG.yaml └── EC2withSG.json └── 3-5 AWS Config └── EC2withSG.json /1-1 CF Essentials/readme: -------------------------------------------------------------------------------- 1 | test 2 | -------------------------------------------------------------------------------- /1-3 intro to yaml/readme: -------------------------------------------------------------------------------- 1 | tttt 2 | -------------------------------------------------------------------------------- /8-6-Override/readme: -------------------------------------------------------------------------------- 1 | gssdsgf 2 | -------------------------------------------------------------------------------- /3-2 Stack Details/readme: -------------------------------------------------------------------------------- 1 | trttg 2 | -------------------------------------------------------------------------------- /4-4 Nested Stacks/readme: -------------------------------------------------------------------------------- 1 | dfdfdfdff 2 | -------------------------------------------------------------------------------- /6-7-ParameterStore/readme: -------------------------------------------------------------------------------- 1 | sgddfgfgd 2 | -------------------------------------------------------------------------------- /8-2-IntroToStackSets/readme: -------------------------------------------------------------------------------- 1 | fgssgfdsfgd 2 | -------------------------------------------------------------------------------- /Labs/TemplateAnatomy/readme: -------------------------------------------------------------------------------- 1 | fssddfs 2 | -------------------------------------------------------------------------------- /2-9 CF and VPCs/Template Checklist.docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/natonic/CloudFormation-Deep-Dive/HEAD/2-9 CF and VPCs/Template Checklist.docx -------------------------------------------------------------------------------- /6-8-DynamicReferences/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | ELB Heartbeat 4 | 5 | 6 |

Congratulations! You've successfully configured your website.

7 | 8 | -------------------------------------------------------------------------------- /Labs/TemplatesAndStacks/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | ELB Heartbeat 4 | 5 | 6 |

Congratulations! You've successfully configured your website.

7 | 8 | -------------------------------------------------------------------------------- /9-1-Pipeline/test-stack-configuration.json: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "DBName" : "TestWordPressDB", 4 | "DBPassword" : "pipelinedemo19", 5 | "DBRootPassword" : "pipelinedemo19", 6 | "DBUser" : "TestDBuser", 7 | "KeyName" : "blue" 8 | } 9 | } -------------------------------------------------------------------------------- /Labs/Condition Functions/hints.json: -------------------------------------------------------------------------------- 1 | "Conditions" : { 2 | "VPCTenancy" : {"Fn::Equals" : [{"Ref" : "Tenancy"}, "dedicated"]} 3 | }, 4 | 5 | 6 | 7 | "InstanceTenancy" : { 8 | "Fn::If" : [ 9 | "VPCTenancy", 10 | "dedicated", 11 | "default" 12 | ]}, 13 | 14 | -------------------------------------------------------------------------------- /2-1 Template Format/2-1 resource.yaml: -------------------------------------------------------------------------------- 1 | InstanceSecurityGroup: 2 | Type: 'AWS::EC2::SecurityGroup' 3 | Properties: 4 | GroupDescription: Enable SSH access via port 22 5 | SecurityGroupIngress: 6 | - IpProtocol: tcp 7 | FromPort: '22' 8 | ToPort: '22' 9 | CidrIp: !Ref SSHLocation -------------------------------------------------------------------------------- /4-2 DeeperUpdate/stackpolicy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement" : [ 3 | { 4 | "Effect" : "Allow", 5 | "Action" : "Update:*", 6 | "Principal": "*", 7 | "Resource" : "*" 8 | }, 9 | { 10 | "Effect" : "Deny", 11 | "Action" : "Update:*", 12 | "Principal": "*", 13 | "Resource" : "LogicalResourceId/WebServerInstance" 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /Labs/NestedStacks/root.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Resources" : { 4 | "myStack" : { 5 | "Type" : "AWS::CloudFormation::Stack", 6 | "Properties" : { 7 | "TemplateURL" : "https://s3.amazonaws.com//noretain.json", 8 | "TimeoutInMinutes" : "60" 9 | } 10 | } 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /Labs/TemplateAnatomy/templateAnatomy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: "version date" 3 | 4 | Description: 5 | String 6 | 7 | Metadata: 8 | template metadata 9 | 10 | Parameters: 11 | set of parameters 12 | 13 | Mappings: 14 | set of mappings 15 | 16 | Conditions: 17 | set of conditions 18 | 19 | Transform: 20 | set of transforms 21 | 22 | Resources: 23 | set of resources 24 | 25 | Outputs: 26 | set of outputs 27 | -------------------------------------------------------------------------------- /Labs/Condition Functions/Lab1_VPC.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Resources" : { 4 | "myVPC" : { 5 | "Type" : "AWS::EC2::VPC", 6 | "Properties" : { 7 | "CidrBlock" : "10.0.0.0/16", 8 | "EnableDnsSupport" : "false", 9 | "EnableDnsHostnames" : "false", 10 | "InstanceTenancy" : "dedicated", 11 | "Tags" : [ {"Key" : "foo", "Value" : "bar"} ] 12 | } 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /Labs/TemplatesAndStacks/Lab1_VPC.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Resources" : { 4 | "myVPC" : { 5 | "Type" : "AWS::EC2::VPC", 6 | "Properties" : { 7 | "CidrBlock" : "10.0.0.0/16", 8 | "EnableDnsSupport" : "false", 9 | "EnableDnsHostnames" : "false", 10 | "InstanceTenancy" : "dedicated", 11 | "Tags" : [ {"Key" : "foo", "Value" : "bar"} ] 12 | } 13 | } 14 | } 15 | } -------------------------------------------------------------------------------- /2-1 Template Format/2-1 resource.json: -------------------------------------------------------------------------------- 1 | "Resources": { 2 | "S3Bucket": { 3 | "Type": "AWS::S3::Bucket", 4 | "Properties": { 5 | "AccessControl": "PublicRead", 6 | "WebsiteConfiguration": { 7 | "IndexDocument": "index.html", 8 | "ErrorDocument": "error.html" 9 | } 10 | }, 11 | "DeletionPolicy": "Retain" 12 | } 13 | } -------------------------------------------------------------------------------- /1-3 intro to yaml/yamlintro.yaml: -------------------------------------------------------------------------------- 1 | # key/value pair examples 2 | name : Mustang 3 | maker : Ford 4 | year : 2012 5 | milage : 40,000 6 | issues: 7 | - hood dent 8 | - fender rust 9 | - brakes worn 10 | - front tires tread wear 11 | #objects 12 | specs: 13 | hp : 480 14 | weight : 4 tons 15 | type : 4 door 16 | roof : hard top 17 | 18 | #lists containing dictionaries 19 | cars: 20 | - Mustang: 21 | year : 2012 22 | make : 4 door 23 | model : GT 24 | - Corvette: 25 | year : 1972 26 | make : 2 door 27 | model : Stringray 28 | -------------------------------------------------------------------------------- /Labs/TemplateAnatomy/templateAnatomy.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "version date", 3 | 4 | "Description" : "JSON string", 5 | 6 | "Metadata" : { 7 | template metadata 8 | }, 9 | 10 | "Parameters" : { 11 | set of parameters 12 | }, 13 | 14 | "Mappings" : { 15 | set of mappings 16 | }, 17 | 18 | "Conditions" : { 19 | set of conditions 20 | }, 21 | 22 | "Transform" : { 23 | set of transforms 24 | }, 25 | 26 | "Resources" : { 27 | set of resources 28 | }, 29 | 30 | "Outputs" : { 31 | set of outputs 32 | } 33 | } -------------------------------------------------------------------------------- /2-1 Template Format/s3resourceExample.json: -------------------------------------------------------------------------------- 1 | { 2 | "Resources" : { 3 | "S3Bucket" : { 4 | "Type" : "AWS::S3::Bucket", 5 | "Properties" : { 6 | "AccessControl" : "PublicRead", 7 | "WebsiteConfiguration" : { 8 | "IndexDocument" : "index.html", 9 | "ErrorDocument" : "error.html" 10 | } 11 | }, 12 | "DeletionPolicy" : "Retain" 13 | } 14 | }, 15 | 16 | "Outputs" : { 17 | "WebsiteURL" : { 18 | "Value" : { "Fn::GetAtt" : [ "S3Bucket", "WebsiteURL" ] }, 19 | "Description" : "URL for website hosted on S3" 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /6-4 Update Policy/updatepolicysnippets.json: -------------------------------------------------------------------------------- 1 | "UpdatePolicy" : { 2 | "AutoScalingRollingUpdate" : { 3 | "MaxBatchSize" : Integer, 4 | "MinInstancesInService" : Integer, 5 | "MinSuccessfulInstancesPercent" : Integer, 6 | "PauseTime" : String, 7 | "SuspendProcesses" : [ List of processes ], 8 | "WaitOnResourceSignals" : Boolean 9 | } 10 | } 11 | 12 | 13 | 14 | "UpdatePolicy" : { 15 | "AutoScalingReplacingUpdate" : { 16 | "WillReplace" : Boolean 17 | } 18 | } 19 | 20 | 21 | 22 | "UpdatePolicy" : { 23 | "AutoScalingScheduledAction" : { 24 | "IgnoreUnmodifiedGroupSizeProperties" : Boolean 25 | } 26 | } -------------------------------------------------------------------------------- /Labs/NestedStacks/multinest.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Resources" : { 4 | "myStack" : { 5 | "Type" : "AWS::CloudFormation::Stack", 6 | "Properties" : { 7 | "TemplateURL" : "https://s3.amazonaws.com//s3static.json", 8 | "TimeoutInMinutes" : "60" 9 | } 10 | }, 11 | "myStack2" : { 12 | "Type" : "AWS::CloudFormation::Stack", 13 | "Properties" : { 14 | "TemplateURL" : "https://s3.amazonaws.com//noretain.json", 15 | "TimeoutInMinutes" : "60" 16 | } 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /7-5-SAM/template.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Transform: 'AWS::Serverless-2016-10-31' 3 | Description: 'Performs a periodic check of the given site, erroring out on test failure.' 4 | Resources: 5 | lambdacanary: 6 | Type: 'AWS::Serverless::Function' 7 | Properties: 8 | Handler: lambda_function.lambda_handler 9 | Runtime: python3.7 10 | CodeUri: . 11 | Description: >- 12 | Performs a periodic check of the given site, erroring out on test 13 | failure. 14 | MemorySize: 128 15 | Timeout: 10 16 | Policies: [] 17 | Environment: 18 | Variables: 19 | site: 'https://www.hotmail.com/' 20 | expected: Connect 21 | -------------------------------------------------------------------------------- /7-5-SAM/output.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: Performs a periodic check of the given site, erroring out on test failure. 3 | Resources: 4 | lambdacanary: 5 | Properties: 6 | CodeUri: s3://abucket4elb/bed69a985be5925f0213463f1ea91988 7 | Description: Performs a periodic check of the given site, erroring out on test 8 | failure. 9 | Environment: 10 | Variables: 11 | expected: About Amazon 12 | site: https://www.amazon.com/ 13 | Handler: lambda_function.lambda_handler 14 | MemorySize: 128 15 | Policies: [] 16 | Runtime: python3.7 17 | Timeout: 10 18 | Type: AWS::Serverless::Function 19 | Transform: AWS::Serverless-2016-10-31 20 | -------------------------------------------------------------------------------- /6-9 SecretsManager/secretsSnippet.json: -------------------------------------------------------------------------------- 1 | { 2 | "MyRDSInstance": { 3 | "Type": "AWS::RDS::DBInstance", 4 | "Properties": { 5 | "DBName": "MyRDSInstance", 6 | "AllocatedStorage": "20", 7 | "DBInstanceClass": "db.t2.micro", 8 | "Engine": "mysql", 9 | "MasterUsername": "{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}", 10 | "MasterUserPassword": "{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}" 11 | } 12 | } 13 | } 14 | 15 | 16 | MyRDSInstance: 17 | Type: 'AWS::RDS::DBInstance' 18 | Properties: 19 | DBName: MyRDSInstance 20 | AllocatedStorage: '20' 21 | DBInstanceClass: db.t2.micro 22 | Engine: mysql 23 | MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}' 24 | MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}' 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /2-10-CFBestPract/2-10-tempbestpractice.yaml: -------------------------------------------------------------------------------- 1 | Parameters: 2 | DBPort: 3 | Default: 3306 4 | Description: TCP/IP port for the database 5 | Type: Number 6 | MinValue: 1150 7 | MaxValue: 65535 8 | DBPwd: 9 | NoEcho: true 10 | Description: The database admin account password 11 | Type: String 12 | MinLength: 1 13 | MaxLength: 41 14 | AllowedPattern: ^[a-zA-Z0-9]*$ 15 | 16 | 17 | 18 | "Parameters" : { 19 | "InstanceTypeParameter" : { 20 | "Type" : "String", 21 | "Default" : "t2.micro", 22 | "AllowedValues" : ["t2.micro", "m1.small", "m1.large"], 23 | "Description" : "Enter t2.micro, m1.small, or m1.large. Default is t2.micro." 24 | } 25 | } 26 | 27 | 28 | Parameters: 29 | InstanceTypeParameter: 30 | Type: String 31 | Default: t2.micro 32 | AllowedValues: 33 | - t2.micro 34 | - m1.small 35 | - m1.large 36 | Description: Enter t2.micro, m1.small, or m1.large. Default is t2.micro. -------------------------------------------------------------------------------- /8-2-IntroToStackSets/AWSCloudFormationStackSetExecutionRole.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: Configure the AWSCloudFormationStackSetExecutionRole to enable use of your account as a target account in AWS CloudFormation StackSets. 3 | 4 | Parameters: 5 | AdministratorAccountId: 6 | Type: String 7 | Description: AWS Account Id of the administrator account (the account in which StackSets will be created). 8 | MaxLength: 12 9 | MinLength: 12 10 | 11 | Resources: 12 | ExecutionRole: 13 | Type: AWS::IAM::Role 14 | Properties: 15 | RoleName: AWSCloudFormationStackSetExecutionRole 16 | AssumeRolePolicyDocument: 17 | Version: 2012-10-17 18 | Statement: 19 | - Effect: Allow 20 | Principal: 21 | AWS: 22 | - !Ref AdministratorAccountId 23 | Action: 24 | - sts:AssumeRole 25 | Path: / 26 | ManagedPolicyArns: 27 | - arn:aws:iam::aws:policy/AdministratorAccess 28 | -------------------------------------------------------------------------------- /Labs/Condition Functions/vpctenancy.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Parameters": { 5 | "Tenancy": { 6 | "Description": "Set up VPC Tenancy", 7 | "Type": "String", 8 | "Default": "default", 9 | "AllowedValues" : [ "default", "dedicated"] 10 | } 11 | }, 12 | 13 | "Conditions" : { 14 | "VPCTenancy" : {"Fn::Equals" : [{"Ref" : "Tenancy"}, "dedicated"]} 15 | }, 16 | 17 | "Resources" : { 18 | "myVPC" : { 19 | "Type" : "AWS::EC2::VPC", 20 | "Properties" : { 21 | "CidrBlock" : "10.0.0.0/16", 22 | "EnableDnsSupport" : "false", 23 | "InstanceTenancy" : { 24 | "Fn::If" : [ 25 | "VPCTenancy", 26 | "dedicated", 27 | "default" 28 | ]}, 29 | "EnableDnsHostnames" : "false", 30 | "Tags" : [ {"Key" : "foo", "Value" : "bar"} ] 31 | } 32 | } 33 | 34 | } 35 | } -------------------------------------------------------------------------------- /8-2-IntroToStackSets/AWSCloudFormationStackSetAdministrationRole (1).yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: Configure the AWSCloudFormationStackSetAdministrationRole to enable use of AWS CloudFormation StackSets. 3 | 4 | Resources: 5 | AdministrationRole: 6 | Type: AWS::IAM::Role 7 | Properties: 8 | RoleName: AWSCloudFormationStackSetAdministrationRole 9 | AssumeRolePolicyDocument: 10 | Version: 2012-10-17 11 | Statement: 12 | - Effect: Allow 13 | Principal: 14 | Service: cloudformation.amazonaws.com 15 | Action: 16 | - sts:AssumeRole 17 | Path: / 18 | Policies: 19 | - PolicyName: AssumeRole-AWSCloudFormationStackSetExecutionRole 20 | PolicyDocument: 21 | Version: 2012-10-17 22 | Statement: 23 | - Effect: Allow 24 | Action: 25 | - sts:AssumeRole 26 | Resource: 27 | - "arn:aws:iam::*:role/AWSCloudFormationStackSetExecutionRole" 28 | -------------------------------------------------------------------------------- /6-2 Wait Condition/waitcondition.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Mappings: 3 | RegionMap: 4 | us-east-1: 5 | AMI: ami-0ff8a91507f77f867 6 | us-west-1: 7 | AMI: ami-0bdb828fd58c52235 8 | eu-west-1: 9 | AMI: ami-047bb4163c506cd98 10 | ap-northeast-1: 11 | AMI: ami-06cd52961ce9f0d85 12 | ap-southeast-1: 13 | AMI: ami-08569b978cc4dfa10 14 | Resources: 15 | Ec2Instance: 16 | Type: AWS::EC2::Instance 17 | Properties: 18 | UserData: 19 | Fn::Base64: !Ref myWaitHandle 20 | ImageId: 21 | Fn::FindInMap: 22 | - RegionMap 23 | - Ref: AWS::Region 24 | - AMI 25 | myWaitHandle: 26 | Type: AWS::CloudFormation::WaitConditionHandle 27 | Properties: {} 28 | myWaitCondition: 29 | Type: AWS::CloudFormation::WaitCondition 30 | DependsOn: Ec2Instance 31 | Properties: 32 | Handle: !Ref myWaitHandle 33 | Timeout: '4500' 34 | Outputs: 35 | ApplicationData: 36 | Value: !GetAtt myWaitCondition.Data 37 | Description: The data passed back as part of signalling the WaitCondition. -------------------------------------------------------------------------------- /6-8-DynamicReferences/S3Retain.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: 4 | Sample template showing how to create a publicly accessible S3 bucket 5 | configured for website access with a deletion policy of retail on delete. 6 | **WARNING** This template creates an S3 bucket that will NOT be deleted when 7 | the stack is deleted. You will be billed for the AWS resources used if you 8 | create a stack from this template. 9 | Resources: 10 | S3Bucket: 11 | Type: 'AWS::S3::Bucket' 12 | Properties: 13 | AccessControl: PublicRead 14 | WebsiteConfiguration: 15 | IndexDocument: index.html 16 | ErrorDocument: error.html 17 | DeletionPolicy: Retain 18 | Outputs: 19 | WebsiteURL: 20 | Value: !GetAtt 21 | - S3Bucket 22 | - WebsiteURL 23 | Description: URL for website hosted on S3 24 | S3BucketSecureURL: 25 | Value: !Join 26 | - '' 27 | - - 'https://' 28 | - !GetAtt 29 | - S3Bucket 30 | - DomainName 31 | Description: Name of S3 bucket to hold website content -------------------------------------------------------------------------------- /7-5-SAM/lambda_function.py: -------------------------------------------------------------------------------- 1 | import os 2 | from datetime import datetime 3 | from urllib.request import Request, urlopen 4 | 5 | SITE = os.environ['site'] # URL of the site to check, stored in the site environment variable 6 | EXPECTED = os.environ['expected'] # String expected to be on the page, stored in the expected environment variable 7 | 8 | 9 | def validate(res): 10 | '''Return False to trigger the canary 11 | 12 | Currently this simply checks whether the EXPECTED string is present. 13 | However, you could modify this to perform any number of arbitrary 14 | checks on the contents of SITE. 15 | ''' 16 | return EXPECTED in res 17 | 18 | 19 | def lambda_handler(event, context): 20 | print('Checking {} at {}...'.format(SITE, event['time'])) 21 | try: 22 | req = Request(SITE, headers={'User-Agent': 'AWS Lambda'}) 23 | if not validate(str(urlopen(req).read())): 24 | raise Exception('Validation failed') 25 | except: 26 | print('Check failed!') 27 | raise 28 | else: 29 | print('Check passed!') 30 | return event['time'] 31 | finally: 32 | print('Check complete at {}'.format(str(datetime.now()))) 33 | -------------------------------------------------------------------------------- /1-4 CF and IAM/exampleCFPolicies.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version":"2012-10-17", 3 | "Statement":[{ 4 | "Effect":"Allow", 5 | "Action":[ 6 | "cloudformation:DescribeStacks", 7 | "cloudformation:DescribeStackEvents", 8 | "cloudformation:DescribeStackResource", 9 | "cloudformation:DescribeStackResources" 10 | ], 11 | "Resource":"*" 12 | }] 13 | } 14 | 15 | 16 | 17 | { 18 | "Version":"2012-10-17", 19 | "Statement":[{ 20 | "Effect":"Allow", 21 | "Action":[ 22 | "sqs:*", 23 | "cloudformation:CreateStack", 24 | "cloudformation:DescribeStacks", 25 | "cloudformation:DescribeStackEvents", 26 | "cloudformation:DescribeStackResources", 27 | "cloudformation:GetTemplate", 28 | "cloudformation:ValidateTemplate" 29 | ], 30 | "Resource":"*" 31 | }] 32 | } 33 | 34 | 35 | 36 | { 37 | "Version":"2012-10-17", 38 | "Statement":[{ 39 | "Effect":"Deny", 40 | "Action":[ 41 | "cloudformation:DeleteStack", 42 | "cloudformation:UpdateStack" 43 | ], 44 | "Resource":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/*" 45 | }] 46 | } -------------------------------------------------------------------------------- /8-3-CreateStackSets/S3retain.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: Sample template showing how to create a publicly accessible S3 bucket configured for website access with a deletion policy of retain on delete. **WARNING** This template creates an S3 bucket that will NOT be deleted when the stack is deleted. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Resources" : { 7 | "S3Bucket" : { 8 | "Type" : "AWS::S3::Bucket", 9 | "Properties" : { 10 | "AccessControl" : "PublicRead", 11 | "WebsiteConfiguration" : { 12 | "IndexDocument" : "index.html", 13 | "ErrorDocument" : "error.html" 14 | } 15 | }, 16 | "DeletionPolicy" : "Retain" 17 | } 18 | }, 19 | 20 | "Outputs" : { 21 | "WebsiteURL" : { 22 | "Value" : { "Fn::GetAtt" : [ "S3Bucket", "WebsiteURL" ] }, 23 | "Description" : "URL for website hosted on S3" 24 | }, 25 | "S3BucketSecureURL" : { 26 | "Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "S3Bucket", "DomainName" ] } ] ] }, 27 | "Description" : "Name of S3 bucket to hold website content" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /4-4 Nested Stacks/s3bucket.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: Sample template showing how to create a publicly accessible S3 bucket configured for website access with a deletion policy of retain on delete. **WARNING** This template creates an S3 bucket that will NOT be deleted when the stack is deleted. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Resources" : { 7 | "S3Bucket" : { 8 | "Type" : "AWS::S3::Bucket", 9 | "Properties" : { 10 | "AccessControl" : "PublicRead", 11 | "WebsiteConfiguration" : { 12 | "IndexDocument" : "index.html", 13 | "ErrorDocument" : "error.html" 14 | } 15 | }, 16 | "DeletionPolicy" : "Retain" 17 | } 18 | }, 19 | 20 | "Outputs" : { 21 | "WebsiteURL" : { 22 | "Value" : { "Fn::GetAtt" : [ "S3Bucket", "WebsiteURL" ] }, 23 | "Description" : "URL for website hosted on S3" 24 | }, 25 | "S3BucketSecureURL" : { 26 | "Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "S3Bucket", "DomainName" ] } ] ] }, 27 | "Description" : "Name of S3 bucket to hold website content" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Labs/TemplatesAndStacks/Lab1_S3Retain.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: Sample template showing how to create a publicly accessible S3 bucket configured for website access with a deletion policy of retail on delete. **WARNING** This template creates an S3 bucket that will NOT be deleted when the stack is deleted. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Resources" : { 7 | "S3Bucket" : { 8 | "Type" : "AWS::S3::Bucket", 9 | "Properties" : { 10 | "AccessControl" : "PublicRead", 11 | "WebsiteConfiguration" : { 12 | "IndexDocument" : "index.html", 13 | "ErrorDocument" : "error.html" 14 | } 15 | }, 16 | "DeletionPolicy" : "Retain" 17 | } 18 | }, 19 | 20 | "Outputs" : { 21 | "WebsiteURL" : { 22 | "Value" : { "Fn::GetAtt" : [ "S3Bucket", "WebsiteURL" ] }, 23 | "Description" : "URL for website hosted on S3" 24 | }, 25 | "S3BucketSecureURL" : { 26 | "Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "S3Bucket", "DomainName" ] } ] ] }, 27 | "Description" : "Name of S3 bucket to hold website content" 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /8-4-UpdateStackSets/S3noretain.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: Sample template showing how to create a publicly accessible S3 bucket configured for website access with a deletion policy of retain on delete. **WARNING** This template creates an S3 bucket that will NOT be deleted when the stack is deleted. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Resources" : { 7 | "S3Bucket" : { 8 | "Type" : "AWS::S3::Bucket", 9 | "Properties" : { 10 | "AccessControl" : "PublicRead", 11 | "WebsiteConfiguration" : { 12 | "IndexDocument" : "index.html", 13 | "ErrorDocument" : "error.html" 14 | } 15 | } 16 | } 17 | }, 18 | 19 | "Outputs" : { 20 | "WebsiteURL" : { 21 | "Value" : { "Fn::GetAtt" : [ "S3Bucket", "WebsiteURL" ] }, 22 | "Description" : "URL for website hosted on S3" 23 | }, 24 | "S3BucketSecureURL" : { 25 | "Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "S3Bucket", "DomainName" ] } ] ] }, 26 | "Description" : "Name of S3 bucket to hold website content" 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /3-6 vpc endpoint/vpcendpointS3.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: 'Add VPC Endpoint to S3 from private subnets' 3 | Parameters: 4 | VpcId: 5 | Description: The VPC ID of the VPC that this endpoint will be attached to 6 | Type: AWS::EC2::VPC::Id 7 | AllowedPattern: "[a-z0-9-]*" 8 | RouteTableId: 9 | Description: The Routing Table ID of the Routing Table that this endpoint will be added to 10 | Type: String 11 | AllowedPattern: "[a-z0-9-]*" 12 | Resources: 13 | S3Endpoint: 14 | Type: "AWS::EC2::VPCEndpoint" 15 | Properties: 16 | PolicyDocument: 17 | Version: 2012-10-17 18 | Statement: 19 | - Effect: Allow 20 | Principal: '*' 21 | Action: 22 | - 's3:GetObject' 23 | - 's3:PutObject' 24 | - 's3:DeleteObject' 25 | Resource: 26 | - 'arn:aws:s3:::vpc-endpoint-demo/*' 27 | RouteTableIds: 28 | - !Ref RouteTableId 29 | ServiceName: !Join 30 | - '' 31 | - - com.amazonaws. 32 | - !Ref 'AWS::Region' 33 | - .s3 34 | VpcId: !Ref VpcId 35 | Outputs: 36 | StackName: 37 | Description: 'Stack name' 38 | Value: !Sub '${AWS::StackName}' 39 | Endpoint: 40 | Description: 'The VPC endpoint to S3.' 41 | Value: !Ref S3Endpoint -------------------------------------------------------------------------------- /3-3 Protecting Stacks/stackpolicyexamples.json: -------------------------------------------------------------------------------- 1 | { 2 | "Statement" : [ 3 | { 4 | "Effect" : "Deny_or_Allow", 5 | "Action" : "update_actions", 6 | "Principal" : "*", 7 | "Resource" : "LogicalResourceId/resource_logical_ID", 8 | "Condition" : { 9 | "StringEquals_or_StringLike" : { 10 | "ResourceType" : [resource_type, ...] 11 | } 12 | } 13 | }   14 | ] 15 | } 16 | 17 | 18 | { 19 | "Statement" : [ 20 | { 21 | "Effect" : "Allow", 22 | "Action" : "Update:*", 23 | "Principal": "*", 24 | "Resource" : "*" 25 | }, 26 | { 27 | "Effect" : "Deny", 28 | "Action" : "Update:*", 29 | "Principal": "*", 30 | "Resource" : "LogicalResourceId/ProductionDatabase" 31 | } 32 | ] 33 | } 34 | 35 | 36 | 37 | { 38 | "Statement" : [ 39 | { 40 | "Effect" : "Deny", 41 | "Action" : "Update:*", 42 | "Principal": "*", 43 | "Resource" : "*" 44 | }   45 | ] 46 | } 47 | 48 | 49 | 50 | { 51 | "Statement" : [ 52 | { 53 | "Effect" : "Deny", 54 | "Action" : "Update:*", 55 | "Principal": "*", 56 | "Resource" : "LogicalResourceId/MyDatabase" 57 | }, 58 | { 59 | "Effect" : "Allow", 60 | "Action" : "Update:*", 61 | "Principal": "*", 62 | "Resource" : "*" 63 | } 64 | ] 65 | } 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /6-9 SecretsManager/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | Description: "Create secrets securely using in CloudFormation" 3 | Resources: 4 | 5 | # Secret with the username admin and a randomly generated password. 6 | MyRDSInstanceRotationSecret: 7 | Type: AWS::SecretsManager::Secret 8 | Properties: 9 | Description: 'Secret for my RDS instance' 10 | GenerateSecretString: 11 | SecretStringTemplate: '{"username": "admin"}' 12 | GenerateStringKey: 'password' 13 | PasswordLength: 16 14 | ExcludeCharacters: '"@/\' 15 | 16 | 17 | 18 | # MySQL database of size t2.micro. 19 | # Username and password for the superuser will be dynamically 20 | # referenced. 21 | MyDBInstance2: 22 | Type: AWS::RDS::DBInstance 23 | Properties: 24 | AllocatedStorage: 20 25 | DBInstanceClass: db.t2.micro 26 | Engine: mysql 27 | MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref MyRDSInstanceRotationSecret, ':SecretString:username}}' ]] 28 | MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref MyRDSInstanceRotationSecret, ':SecretString:password}}' ]] 29 | BackupRetentionPeriod: 0 30 | DBInstanceIdentifier: 'rotation-instance' 31 | 32 | 33 | 34 | # Update the referenced secret with properties of the RDS database. 35 | # This is required to enable rotation. 36 | SecretRDSInstanceAttachment: 37 | Type: AWS::SecretsManager::SecretTargetAttachment 38 | Properties: 39 | SecretId: !Ref MyRDSInstanceRotationSecret 40 | TargetId: !Ref MyDBInstance2 41 | TargetType: AWS::RDS::DBInstance 42 | 43 | -------------------------------------------------------------------------------- /2-5 Condition/resourceCondition.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | Parameters: 3 | DBUser: 4 | NoEcho: true 5 | Description: The database admin account username 6 | Type: String 7 | MinLength: 1 8 | MaxLength: 16 9 | AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*" 10 | ConstraintDescription: must begin with a letter and contain only alphanumeric characters. 11 | DBPassword: 12 | NoEcho: true 13 | Description: The database admin account password 14 | Type: String 15 | MinLength: 1 16 | MaxLength: 41 17 | AllowedPattern: "[a-zA-Z0-9]*" 18 | ConstraintDescription: must contain only alphanumeric characters. 19 | DBSnapshotName: 20 | Description: The name of a DB snapshot (optional) 21 | Default: "" 22 | Type: String 23 | Conditions: 24 | UseDBSnapshot: !Not [!Equals [!Ref DBSnapshotName, ""]] 25 | Resources: 26 | MyDB: 27 | Type: "AWS::RDS::DBInstance" 28 | Properties: 29 | AllocatedStorage: 5 30 | DBInstanceClass: db.m1.small 31 | Engine: MySQL 32 | EngineVersion: 5.5 33 | MasterUsername: !Ref DBUser 34 | MasterUserPassword: !Ref DBPassword 35 | DBParameterGroupName: !Ref MyRDSParamGroup 36 | DBSnapshotIdentifier: !If [UseDBSnapshot, !Ref DBSnapshotName, !Ref "AWS::NoValue"] 37 | MyRDSParamGroup: 38 | Type: "AWS::RDS::DBParameterGroup" 39 | Properties: 40 | Family: MySQL5.5 41 | Description: CloudFormation Sample Database Parameter Group 42 | Parameters: 43 | autocommit: 1 44 | general_log: 1 45 | old_passwords: 0 46 | -------------------------------------------------------------------------------- /2-5 Condition/prodCondition.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | 3 | Mappings: 4 | RegionMap: 5 | us-east-1: 6 | AMI: "ami-0ff8a91507f77f867" 7 | us-west-1: 8 | AMI: "ami-0bdb828fd58c52235" 9 | us-west-2: 10 | AMI: "ami-a0cfeed8" 11 | eu-west-1: 12 | AMI: "ami-047bb4163c506cd98" 13 | sa-east-1: 14 | AMI: "ami-07b14488da8ea02a0" 15 | ap-southeast-1: 16 | AMI: "ami-08569b978cc4dfa10" 17 | ap-southeast-2: 18 | AMI: "ami-09b42976632b27e9b" 19 | ap-northeast-1: 20 | AMI: "ami-06cd52961ce9f0d85" 21 | 22 | Parameters: 23 | EnvType: 24 | Description: Environment type. 25 | Default: test 26 | Type: String 27 | AllowedValues: [prod, dev, test] 28 | ConstraintDescription: must specify prod, dev, or test. 29 | 30 | Conditions: 31 | CreateProdResources: !Equals [!Ref EnvType, prod] 32 | CreateDevResources: !Equals [!Ref EnvType, "dev"] 33 | 34 | Resources: 35 | EC2Instance: 36 | Type: "AWS::EC2::Instance" 37 | Properties: 38 | ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI] 39 | InstanceType: !If [CreateProdResources, c1.xlarge, !If [CreateDevResources, m1.large, m1.small]] 40 | MountPoint: 41 | Type: "AWS::EC2::VolumeAttachment" 42 | Condition: CreateProdResources 43 | Properties: 44 | InstanceId: !Ref EC2Instance 45 | VolumeId: !Ref NewVolume 46 | Device: /dev/sdh 47 | NewVolume: 48 | Type: "AWS::EC2::Volume" 49 | Condition: CreateProdResources 50 | Properties: 51 | Size: 100 52 | AvailabilityZone: !GetAtt EC2Instance.AvailabilityZone 53 | -------------------------------------------------------------------------------- /2-5 Condition/conditionSnippets.json: -------------------------------------------------------------------------------- 1 | 2 | Comment: Associating a Condition 3 | "NewVolume" : { 4 | "Type" : "AWS::EC2::Volume", 5 | "Condition" : "CreateProdResources", 6 | "Properties" : { 7 | "Size" : "100", 8 | "AvailabilityZone" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ]} 9 | } 10 | 11 | 12 | "NewVolume" : { 13 | "Type" : "AWS::EC2::Volume", 14 | "Properties" : { 15 | "Size" : { 16 | "Fn::If" : [ 17 | "CreateLargeSize", 18 | "100", 19 | "10" 20 | ]}, 21 | "AvailabilityZone" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ]} 22 | }, 23 | "DeletionPolicy" : "Snapshot" 24 | } 25 | 26 | 27 | "MyAndCondition": { 28 | "Fn::And": [ 29 | {"Fn::Equals": ["sg-mysggroup", {"Ref": "ASecurityGroup"}]}, 30 | {"Condition": "SomeOtherCondition"} 31 | ] 32 | } 33 | 34 | 35 | 36 | "Fn::And": [{condition}, {...}] 37 | 38 | "MyAndCondition": { 39 | "Fn::And": [ 40 | {"Fn::Equals": ["sg-mysggroup", {"Ref": "ASecurityGroup"}]}, 41 | {"Condition": "SomeOtherCondition"} 42 | ] 43 | } 44 | 45 | 46 | 47 | "Fn::Equals" : ["value_1", "value_2"] 48 | 49 | "UseProdCondition" : { 50 | "Fn::Equals": [ 51 | {"Ref": "EnvironmentType"}, 52 | "prod" 53 | ] 54 | } 55 | 56 | 57 | "Fn::If": [condition_name, value_if_true, value_if_false] 58 | 59 | "SecurityGroups" : [{ 60 | "Fn::If" : [ 61 | "CreateNewSecurityGroup", 62 | {"Ref" : "NewSecurityGroup"}, 63 | {"Ref" : "ExistingSecurityGroup"} 64 | ] 65 | }] 66 | 67 | 68 | "MyNotCondition" : { 69 | "Fn::Not" : [{ 70 | "Fn::Equals" : [ 71 | {"Ref" : "EnvironmentType"}, 72 | "prod" 73 | ] 74 | }] 75 | } 76 | 77 | "MyOrCondition" : { 78 | "Fn::Or" : [ 79 | {"Fn::Equals" : ["sg-mysggroup", {"Ref" : "ASecurityGroup"}]}, 80 | {"Condition" : "SomeOtherCondition"} 81 | ] 82 | } -------------------------------------------------------------------------------- /3-3 Protecting Stacks/iam4CF.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "Stmt1449904348000", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "cloudformation:CreateStack", 9 | "cloudformation:CreateChangeSet", 10 | "cloudformation:ListStacks", 11 | "cloudformation:UpdateStack", 12 | "cloudformation:DescribeChangeSet", 13 | "cloudformation:ExecuteChangeSet" 14 | ], 15 | "Resource": [ 16 | "*" 17 | ] 18 | } 19 | ] 20 | } 21 | 22 | 23 | { 24 | "Version": "2012-10-17", 25 | "Statement": [ 26 | { 27 | "Sid": "Stmt1449904348000", 28 | "Effect": "Allow", 29 | "Action": [ 30 | "cloudformation:CreateStack", 31 | "cloudformation:CreateChangeSet", 32 | "cloudformation:ListStacks", 33 | "cloudformation:UpdateStack", 34 | "cloudformation:DescribeStacks", 35 | "cloudformation:DescribeStackResource", 36 | "cloudformation:DescribeStackEvents", 37 | "cloudformation:ValidateTemplate", 38 | "cloudformation:DescribeChangeSet", 39 | "cloudformation:ExecuteChangeSet" 40 | ], 41 | "Resource": [ 42 | "*" 43 | ] 44 | } 45 | ] 46 | } 47 | 48 | 49 | 50 | { 51 | "Type" : "AWS::IAM::Policy", 52 | "Properties" : { 53 | "PolicyName" : "CFNUsers", 54 | "PolicyDocument" : { 55 | "Version" : "2012-10-17", 56 | "Statement": [ { 57 | "Effect" : "Allow", 58 | "Action" : [ 59 | "cloudformation:Describe*", 60 | "cloudformation:List*", 61 | "cloudformation:Get*" 62 | ], 63 | "Resource" : "*" 64 | } ] 65 | }, 66 | "Groups" : [ { "Ref" : "CFNUserGroup" } ] 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /2-5 Condition/prodCondition.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Mappings" : { 5 | "RegionMap" : { 6 | "us-east-1" : { "AMI" : "ami-0ff8a91507f77f867"}, 7 | "us-west-1" : { "AMI" : "ami-0bdb828fd58c52235"}, 8 | "us-west-2" : { "AMI" : "ami-a0cfeed8"}, 9 | "eu-west-1" : { "AMI" : "ami-047bb4163c506cd98"}, 10 | "sa-east-1" : { "AMI" : "ami-07b14488da8ea02a0"}, 11 | "ap-southeast-1" : { "AMI" : "ami-08569b978cc4dfa10"}, 12 | "ap-southeast-2" : { "AMI" : "ami-09b42976632b27e9b"}, 13 | "ap-northeast-1" : { "AMI" : "ami-06cd52961ce9f0d85"} 14 | } 15 | }, 16 | 17 | "Parameters" : { 18 | "EnvType" : { 19 | "Description" : "Environment type.", 20 | "Default" : "test", 21 | "Type" : "String", 22 | "AllowedValues" : ["prod", "dev", "test"], 23 | "ConstraintDescription" : "must specify prod, dev, or test." 24 | } 25 | }, 26 | 27 | "Conditions" : { 28 | "CreateProdResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]}, 29 | "CreateDevResources" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "dev"]} 30 | }, 31 | 32 | "Resources" : { 33 | "EC2Instance" : { 34 | "Type" : "AWS::EC2::Instance", 35 | "Properties" : { 36 | "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, 37 | "InstanceType" : { "Fn::If" : [ 38 | "CreateProdResources", 39 | "c1.xlarge", 40 | {"Fn::If" : [ 41 | "CreateDevResources", 42 | "m1.large", 43 | "m1.small" 44 | ]} 45 | ]} 46 | } 47 | }, 48 | 49 | "MountPoint" : { 50 | "Type" : "AWS::EC2::VolumeAttachment", 51 | "Condition" : "CreateProdResources", 52 | "Properties" : { 53 | "InstanceId" : { "Ref" : "EC2Instance" }, 54 | "VolumeId" : { "Ref" : "NewVolume" }, 55 | "Device" : "/dev/sdh" 56 | } 57 | }, 58 | 59 | "NewVolume" : { 60 | "Type" : "AWS::EC2::Volume", 61 | "Condition" : "CreateProdResources", 62 | "Properties" : { 63 | "Size" : "100", 64 | "AvailabilityZone" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ]} 65 | } 66 | } 67 | } 68 | } -------------------------------------------------------------------------------- /Labs/CF with AWS Config/awsconfigrule.json: -------------------------------------------------------------------------------- 1 | { 2 | "Resources": { 3 | "AWSConfigRule": { 4 | "Type": "AWS::Config::ConfigRule", 5 | "Properties": { 6 | "ConfigRuleName": { 7 | "Ref": "ConfigRuleName" 8 | }, 9 | "Description": "Checks whether your EC2 instances are of the specified instance types.", 10 | "InputParameters": { 11 | "instanceType": { 12 | "Fn::If": [ 13 | "instanceType", 14 | { 15 | "Ref": "instanceType" 16 | }, 17 | { 18 | "Ref": "AWS::NoValue" 19 | } 20 | ] 21 | } 22 | }, 23 | "Scope": { 24 | "ComplianceResourceTypes": [ 25 | "AWS::EC2::Instance" 26 | ] 27 | }, 28 | "Source": { 29 | "Owner": "AWS", 30 | "SourceIdentifier": "DESIRED_INSTANCE_TYPE" 31 | } 32 | } 33 | } 34 | }, 35 | "Parameters": { 36 | "ConfigRuleName": { 37 | "Type": "String", 38 | "Default": "desired-instance-type", 39 | "Description": "The name that you assign to the AWS Config rule.", 40 | "MinLength": "1", 41 | "ConstraintDescription": "This parameter is required." 42 | }, 43 | "instanceType": { 44 | "Type": "String", 45 | "Description": "Comma separated list of EC2 instance types (for example, \u0027t2.small, m4.large\u0027).", 46 | "MinLength": "1", 47 | "ConstraintDescription": "This parameter is required." 48 | } 49 | }, 50 | "Metadata": { 51 | "AWS::CloudFormation::Interface": { 52 | "ParameterGroups": [ 53 | { 54 | "Label": { 55 | "default": "Required" 56 | }, 57 | "Parameters": [ 58 | "instanceType" 59 | ] 60 | }, 61 | { 62 | "Label": { 63 | "default": "Optional" 64 | }, 65 | "Parameters": [] 66 | } 67 | ] 68 | } 69 | }, 70 | "Conditions": { 71 | "instanceType": { 72 | "Fn::Not": [ 73 | { 74 | "Fn::Equals": [ 75 | "", 76 | { 77 | "Ref": "instanceType" 78 | } 79 | ] 80 | } 81 | ] 82 | } 83 | } 84 | } -------------------------------------------------------------------------------- /2-5 Condition/resourceCondition.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Parameters": { 5 | "DBUser": { 6 | "NoEcho": "true", 7 | "Description" : "The database admin account username", 8 | "Type": "String", 9 | "MinLength": "1", 10 | "MaxLength": "16", 11 | "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", 12 | "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." 13 | }, 14 | "DBPassword": { 15 | "NoEcho": "true", 16 | "Description" : "The database admin account password", 17 | "Type": "String", 18 | "MinLength": "1", 19 | "MaxLength": "41", 20 | "AllowedPattern" : "[a-zA-Z0-9]*", 21 | "ConstraintDescription" : "must contain only alphanumeric characters." 22 | }, 23 | "DBSnapshotName": { 24 | "Description": "The name of a DB snapshot (optional)", 25 | "Default": "", 26 | "Type": "String" 27 | } 28 | }, 29 | 30 | "Conditions": { 31 | "UseDBSnapshot": {"Fn::Not": [{"Fn::Equals" : [{"Ref" : "DBSnapshotName"}, ""]}]} 32 | }, 33 | 34 | "Resources" : { 35 | "MyDB" : { 36 | "Type" : "AWS::RDS::DBInstance", 37 | "Properties" : { 38 | "AllocatedStorage" : "5", 39 | "DBInstanceClass" : "db.m1.small", 40 | "Engine" : "MySQL", 41 | "EngineVersion" : "5.5", 42 | "MasterUsername" : { "Ref" : "DBUser" }, 43 | "MasterUserPassword" : { "Ref" : "DBPassword" }, 44 | "DBParameterGroupName" : { "Ref" : "MyRDSParamGroup" }, 45 | "DBSnapshotIdentifier" : { 46 | "Fn::If" : [ 47 | "UseDBSnapshot", 48 | {"Ref" : "DBSnapshotName"}, 49 | {"Ref" : "AWS::NoValue"} 50 | ] 51 | } 52 | } 53 | }, 54 | 55 | "MyRDSParamGroup" : { 56 | "Type": "AWS::RDS::DBParameterGroup", 57 | "Properties" : { 58 | "Family" : "MySQL5.5", 59 | "Description" : "CloudFormation Sample Database Parameter Group", 60 | "Parameters" : { 61 | "autocommit" : "1" , 62 | "general_log" : "1", 63 | "old_passwords" : "0" 64 | } 65 | } 66 | } 67 | } 68 | } -------------------------------------------------------------------------------- /Labs/NestedStacks/noretain.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Resources": { 4 | "S3Bucket": { 5 | "Type": "AWS::S3::Bucket", 6 | "Properties": { 7 | "AccessControl": "PublicRead", 8 | "WebsiteConfiguration": { 9 | "IndexDocument": "index.html", 10 | "ErrorDocument": "error.html" 11 | } 12 | } 13 | }, 14 | "BucketPolicy": { 15 | "Type": "AWS::S3::BucketPolicy", 16 | "Properties": { 17 | "PolicyDocument": { 18 | "Id": "MyPolicy", 19 | "Version": "2012-10-17", 20 | "Statement": [ 21 | { 22 | "Sid": "PublicReadForGetBucketObjects", 23 | "Effect": "Allow", 24 | "Principal": "*", 25 | "Action": "s3:GetObject", 26 | "Resource": { 27 | "Fn::Join": [ 28 | "", 29 | [ 30 | "arn:aws:s3:::", 31 | { 32 | "Ref": "S3Bucket" 33 | }, 34 | "/*" 35 | ] 36 | ] 37 | } 38 | } 39 | ] 40 | }, 41 | "Bucket": { 42 | "Ref": "S3Bucket" 43 | } 44 | } 45 | } 46 | }, 47 | "Outputs": { 48 | "WebsiteURL": { 49 | "Value": { 50 | "Fn::GetAtt": [ 51 | "S3Bucket", 52 | "WebsiteURL" 53 | ] 54 | }, 55 | "Description": "URL for website hosted on S3" 56 | }, 57 | "S3BucketSecureURL": { 58 | "Value": { 59 | "Fn::Join": [ 60 | "", 61 | [ 62 | "https://", 63 | { 64 | "Fn::GetAtt": [ 65 | "S3Bucket", 66 | "DomainName" 67 | ] 68 | } 69 | ] 70 | ] 71 | }, 72 | "Description": "Name of S3 bucket to hold website content" 73 | } 74 | } 75 | } -------------------------------------------------------------------------------- /Labs/NestedStacks/s3static.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Resources": { 4 | "S3Bucket": { 5 | "Type": "AWS::S3::Bucket", 6 | "Properties": { 7 | "AccessControl": "PublicRead", 8 | "WebsiteConfiguration": { 9 | "IndexDocument": "index.html", 10 | "ErrorDocument": "error.html" 11 | } 12 | }, 13 | "DeletionPolicy": "Retain" 14 | }, 15 | "BucketPolicy": { 16 | "Type": "AWS::S3::BucketPolicy", 17 | "Properties": { 18 | "PolicyDocument": { 19 | "Id": "MyPolicy", 20 | "Version": "2012-10-17", 21 | "Statement": [ 22 | { 23 | "Sid": "PublicReadForGetBucketObjects", 24 | "Effect": "Allow", 25 | "Principal": "*", 26 | "Action": "s3:GetObject", 27 | "Resource": { 28 | "Fn::Join": [ 29 | "", 30 | [ 31 | "arn:aws:s3:::", 32 | { 33 | "Ref": "S3Bucket" 34 | }, 35 | "/*" 36 | ] 37 | ] 38 | } 39 | } 40 | ] 41 | }, 42 | "Bucket": { 43 | "Ref": "S3Bucket" 44 | } 45 | } 46 | } 47 | }, 48 | "Outputs": { 49 | "WebsiteURL": { 50 | "Value": { 51 | "Fn::GetAtt": [ 52 | "S3Bucket", 53 | "WebsiteURL" 54 | ] 55 | }, 56 | "Description": "URL for website hosted on S3" 57 | }, 58 | "S3BucketSecureURL": { 59 | "Value": { 60 | "Fn::Join": [ 61 | "", 62 | [ 63 | "https://", 64 | { 65 | "Fn::GetAtt": [ 66 | "S3Bucket", 67 | "DomainName" 68 | ] 69 | } 70 | ] 71 | ] 72 | }, 73 | "Description": "Name of S3 bucket to hold website content" 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /3-4 Rollback Triggers/dynamoDBSecondary.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | 4 | "Description": "AWS CloudFormation Sample Template DynamoDB_Secondary_Indexes: Create a DynamoDB table with local and global secondary indexes. **WARNING** This template creates an Amazon DynamoDB table. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters": { 7 | "ReadCapacityUnits": { 8 | "Description": "Provisioned read throughput", 9 | "Type": "Number", 10 | "Default": "5", 11 | "MinValue": "5", 12 | "MaxValue": "10000", 13 | "ConstraintDescription": "must be between 5 and 10000" 14 | }, 15 | 16 | "WriteCapacityUnits": { 17 | "Description": "Provisioned write throughput", 18 | "Type": "Number", 19 | "Default": "10", 20 | "MinValue": "5", 21 | "MaxValue": "10000", 22 | "ConstraintDescription": "must be between 5 and 10000" 23 | } 24 | }, 25 | 26 | "Resources": { 27 | "TableOfBooks": { 28 | "Type": "AWS::DynamoDB::Table", 29 | "Properties": { 30 | "AttributeDefinitions": [ 31 | { "AttributeName": "Title", "AttributeType": "S" }, 32 | { "AttributeName": "Category", "AttributeType": "S" }, 33 | { "AttributeName": "Language", "AttributeType": "S" } 34 | ], 35 | "KeySchema": [ 36 | { "AttributeName": "Category", "KeyType": "HASH" }, 37 | { "AttributeName": "Title", "KeyType": "RANGE" } 38 | ], 39 | "ProvisionedThroughput": { 40 | "ReadCapacityUnits": { "Ref": "ReadCapacityUnits" }, 41 | "WriteCapacityUnits": { "Ref": "WriteCapacityUnits" } 42 | }, 43 | "LocalSecondaryIndexes": [ { 44 | "IndexName": "LanguageIndex", 45 | "KeySchema": [ 46 | { "AttributeName": "Category", "KeyType": "HASH" }, 47 | { "AttributeName": "Language", "KeyType": "RANGE" } 48 | ], 49 | "Projection": { 50 | "ProjectionType": "KEYS_ONLY" 51 | } 52 | } ], 53 | "GlobalSecondaryIndexes": [ { 54 | "IndexName": "TitleIndex", 55 | "KeySchema": [ 56 | { "AttributeName": "Title", "KeyType": "HASH" } 57 | ], 58 | "Projection": { 59 | "ProjectionType": "KEYS_ONLY" 60 | }, 61 | "ProvisionedThroughput": { 62 | "ReadCapacityUnits": { "Ref": "ReadCapacityUnits" }, 63 | "WriteCapacityUnits": { "Ref": "WriteCapacityUnits" } 64 | } 65 | } ] 66 | } 67 | } 68 | }, 69 | 70 | "Outputs" : { 71 | "TableName" : { 72 | "Value" : {"Ref" : "TableOfBooks"}, 73 | "Description" : "Name of the newly created DynamoDB table" 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /Labs/TemplatesAndStacks/Lab1Dynamo.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | 4 | "Description": "AWS CloudFormation Sample Template DynamoDB_Secondary_Indexes: Create a DynamoDB table with local and global secondary indexes. **WARNING** This template creates an Amazon DynamoDB table. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters": { 7 | "ReadCapacityUnits": { 8 | "Description": "Provisioned read throughput", 9 | "Type": "Number", 10 | "Default": "5", 11 | "MinValue": "5", 12 | "MaxValue": "10000", 13 | "ConstraintDescription": "must be between 5 and 10000" 14 | }, 15 | 16 | "WriteCapacityUnits": { 17 | "Description": "Provisioned write throughput", 18 | "Type": "Number", 19 | "Default": "10", 20 | "MinValue": "10", 21 | "MaxValue": "10000", 22 | "ConstraintDescription": "must be between 10 and 10000" 23 | } 24 | }, 25 | 26 | "Resources": { 27 | "TableOfBooks": { 28 | "Type": "AWS::DynamoDB::Table", 29 | "Properties": { 30 | "AttributeDefinitions": [ 31 | { "AttributeName": "Title", "AttributeType": "S" }, 32 | { "AttributeName": "Category", "AttributeType": "S" }, 33 | { "AttributeName": "Language", "AttributeType": "S" } 34 | ], 35 | "KeySchema": [ 36 | { "AttributeName": "Category", "KeyType": "HASH" }, 37 | { "AttributeName": "Title", "KeyType": "RANGE" } 38 | ], 39 | "ProvisionedThroughput": { 40 | "ReadCapacityUnits": { "Ref": "ReadCapacityUnits" }, 41 | "WriteCapacityUnits": { "Ref": "WriteCapacityUnits" } 42 | }, 43 | "LocalSecondaryIndexes": [ { 44 | "IndexName": "LanguageIndex", 45 | "KeySchema": [ 46 | { "AttributeName": "Category", "KeyType": "HASH" }, 47 | { "AttributeName": "Language", "KeyType": "RANGE" } 48 | ], 49 | "Projection": { 50 | "ProjectionType": "KEYS_ONLY" 51 | } 52 | } ], 53 | "GlobalSecondaryIndexes": [ { 54 | "IndexName": "TitleIndex", 55 | "KeySchema": [ 56 | { "AttributeName": "Title", "KeyType": "HASH" } 57 | ], 58 | "Projection": { 59 | "ProjectionType": "KEYS_ONLY" 60 | }, 61 | "ProvisionedThroughput": { 62 | "ReadCapacityUnits": { "Ref": "ReadCapacityUnits" }, 63 | "WriteCapacityUnits": { "Ref": "WriteCapacityUnits" } 64 | } 65 | } ] 66 | } 67 | } 68 | }, 69 | 70 | "Outputs" : { 71 | "TableName" : { 72 | "Value" : {"Ref" : "TableOfBooks"}, 73 | "Description" : "Name of the newly created DynamoDB table" 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /7-4-pwdChecker/IAMOriginal.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample 4 | template showing how to create IAM users, groups and policies. It creates a 5 | single user that is a member of a users group and an admin group. The groups 6 | each have different IAM policies associated with them. Note: This example also 7 | creates an AWSAccessKeyId/AWSSecretKey pair associated with the new user. The 8 | example is somewhat contrived since it creates all of the users and groups, 9 | typically you would be creating policies, users and/or groups that contain 10 | referemces to existing users or groups in your environment. Note that you will 11 | need to specify the CAPABILITY_IAM flag when you create the stack to allow 12 | this template to execute. You can do this through the AWS management console 13 | by clicking on the check box acknowledging that you understand this template 14 | creates IAM resources or by specifying the CAPABILITY_IAM flag to the 15 | cfn-create-stack command line tool or CreateStack API call. 16 | Parameters: 17 | Password: 18 | NoEcho: 'true' 19 | Type: String 20 | Description: New account password 21 | MinLength: '1' 22 | MaxLength: '41' 23 | ConstraintDescription: the password must be between 1 and 41 characters 24 | Resources: 25 | CFNUser: 26 | Type: 'AWS::IAM::User' 27 | Properties: 28 | LoginProfile: 29 | Password: !Ref Password 30 | CFNUserGroup: 31 | Type: 'AWS::IAM::Group' 32 | CFNAdminGroup: 33 | Type: 'AWS::IAM::Group' 34 | Users: 35 | Type: 'AWS::IAM::UserToGroupAddition' 36 | Properties: 37 | GroupName: !Ref CFNUserGroup 38 | Users: 39 | - !Ref CFNUser 40 | Admins: 41 | Type: 'AWS::IAM::UserToGroupAddition' 42 | Properties: 43 | GroupName: !Ref CFNAdminGroup 44 | Users: 45 | - !Ref CFNUser 46 | CFNUserPolicies: 47 | Type: 'AWS::IAM::Policy' 48 | Properties: 49 | PolicyName: CFNUsers 50 | PolicyDocument: 51 | Statement: 52 | - Effect: Allow 53 | Action: 54 | - 'cloudformation:Describe*' 55 | - 'cloudformation:List*' 56 | - 'cloudformation:Get*' 57 | Resource: '*' 58 | Groups: 59 | - !Ref CFNUserGroup 60 | CFNAdminPolicies: 61 | Type: 'AWS::IAM::Policy' 62 | Properties: 63 | PolicyName: CFNAdmins 64 | PolicyDocument: 65 | Statement: 66 | - Effect: Allow 67 | Action: 'cloudformation:*' 68 | Resource: '*' 69 | Groups: 70 | - !Ref CFNAdminGroup 71 | CFNKeys: 72 | Type: 'AWS::IAM::AccessKey' 73 | Properties: 74 | UserName: !Ref CFNUser 75 | Outputs: 76 | AccessKey: 77 | Value: !Ref CFNKeys 78 | Description: AWSAccessKeyId of new user 79 | SecretKey: 80 | Value: !GetAtt 81 | - CFNKeys 82 | - SecretAccessKey 83 | Description: AWSSecretKey of new user 84 | -------------------------------------------------------------------------------- /4-4 CrossStack/crossstacknetwork.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Description" : "AWS CloudFormation Sample Template VPC_with_PublicIPs_And_DNS: Sample template that creates a VPC with DNS and public IPs enabled. Note that you are billed for the AWS resources that you use when you create a stack from this template.", 4 | "Resources" : { 5 | "VPC" : { 6 | "Type" : "AWS::EC2::VPC", 7 | "Properties" : { 8 | "EnableDnsSupport" : "true", 9 | "EnableDnsHostnames" : "true", 10 | "CidrBlock" : "10.0.0.0/16" 11 | } 12 | }, 13 | "PublicSubnet" : { 14 | "Type" : "AWS::EC2::Subnet", 15 | "Properties" : { 16 | "VpcId" : { "Ref" : "VPC" }, 17 | "CidrBlock" : "10.0.0.0/24" 18 | } 19 | }, 20 | "InternetGateway" : { 21 | "Type" : "AWS::EC2::InternetGateway" 22 | }, 23 | "VPCGatewayAttachment" : { 24 | "Type" : "AWS::EC2::VPCGatewayAttachment", 25 | "Properties" : { 26 | "VpcId" : { "Ref" : "VPC" }, 27 | "InternetGatewayId" : { "Ref" : "InternetGateway" } 28 | } 29 | }, 30 | "PublicRouteTable" : { 31 | "Type" : "AWS::EC2::RouteTable", 32 | "Properties" : { 33 | "VpcId" : { "Ref" : "VPC" } 34 | } 35 | }, 36 | "PublicRoute" : { 37 | "Type" : "AWS::EC2::Route", 38 | "DependsOn" : "VPCGatewayAttachment", 39 | "Properties" : { 40 | "RouteTableId" : { "Ref" : "PublicRouteTable" }, 41 | "DestinationCidrBlock" : "0.0.0.0/0", 42 | "GatewayId" : { "Ref" : "InternetGateway" } 43 | } 44 | }, 45 | "PublicSubnetRouteTableAssociation" : { 46 | "Type" : "AWS::EC2::SubnetRouteTableAssociation", 47 | "Properties" : { 48 | "SubnetId" : { "Ref" : "PublicSubnet" }, 49 | "RouteTableId" : { "Ref" : "PublicRouteTable" } 50 | } 51 | }, 52 | "PublicSubnetNetworkAclAssociation" : { 53 | "Type" : "AWS::EC2::SubnetNetworkAclAssociation", 54 | "Properties" : { 55 | "SubnetId" : { "Ref" : "PublicSubnet" }, 56 | "NetworkAclId" : { "Fn::GetAtt" : ["VPC", "DefaultNetworkAcl"] } 57 | } 58 | }, 59 | "WebServerSecurityGroup" : { 60 | "Type" : "AWS::EC2::SecurityGroup", 61 | "Properties" : { 62 | "GroupDescription" : "Enable HTTP ingress", 63 | "VpcId" : { "Ref" : "VPC" }, 64 | "SecurityGroupIngress" : [ { 65 | "IpProtocol" : "tcp", 66 | "FromPort" : "80", 67 | "ToPort" : "80", 68 | "CidrIp" : "0.0.0.0/0" 69 | } ] 70 | } 71 | } 72 | }, 73 | "Outputs" : { 74 | "VPCId" : { 75 | "Description" : "VPC ID", 76 | "Value" : { "Ref" : "VPC" }, 77 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-VPCID" }} 78 | }, 79 | "PublicSubnet" : { 80 | "Description" : "The subnet ID to use for public web servers", 81 | "Value" : { "Ref" : "PublicSubnet" }, 82 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }} 83 | }, 84 | "WebServerSecurityGroup" : { 85 | "Description" : "The security group ID to use for public web servers", 86 | "Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] }, 87 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }} 88 | } 89 | } 90 | } -------------------------------------------------------------------------------- /4-4 Nested Stacks/crossstacknetwork.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Description" : "AWS CloudFormation Sample Template VPC_with_PublicIPs_And_DNS: Sample template that creates a VPC with DNS and public IPs enabled. Note that you are billed for the AWS resources that you use when you create a stack from this template.", 4 | "Resources" : { 5 | "VPC" : { 6 | "Type" : "AWS::EC2::VPC", 7 | "Properties" : { 8 | "EnableDnsSupport" : "true", 9 | "EnableDnsHostnames" : "true", 10 | "CidrBlock" : "10.0.0.0/16" 11 | } 12 | }, 13 | "PublicSubnet" : { 14 | "Type" : "AWS::EC2::Subnet", 15 | "Properties" : { 16 | "VpcId" : { "Ref" : "VPC" }, 17 | "CidrBlock" : "10.0.0.0/24" 18 | } 19 | }, 20 | "InternetGateway" : { 21 | "Type" : "AWS::EC2::InternetGateway" 22 | }, 23 | "VPCGatewayAttachment" : { 24 | "Type" : "AWS::EC2::VPCGatewayAttachment", 25 | "Properties" : { 26 | "VpcId" : { "Ref" : "VPC" }, 27 | "InternetGatewayId" : { "Ref" : "InternetGateway" } 28 | } 29 | }, 30 | "PublicRouteTable" : { 31 | "Type" : "AWS::EC2::RouteTable", 32 | "Properties" : { 33 | "VpcId" : { "Ref" : "VPC" } 34 | } 35 | }, 36 | "PublicRoute" : { 37 | "Type" : "AWS::EC2::Route", 38 | "DependsOn" : "VPCGatewayAttachment", 39 | "Properties" : { 40 | "RouteTableId" : { "Ref" : "PublicRouteTable" }, 41 | "DestinationCidrBlock" : "0.0.0.0/0", 42 | "GatewayId" : { "Ref" : "InternetGateway" } 43 | } 44 | }, 45 | "PublicSubnetRouteTableAssociation" : { 46 | "Type" : "AWS::EC2::SubnetRouteTableAssociation", 47 | "Properties" : { 48 | "SubnetId" : { "Ref" : "PublicSubnet" }, 49 | "RouteTableId" : { "Ref" : "PublicRouteTable" } 50 | } 51 | }, 52 | "PublicSubnetNetworkAclAssociation" : { 53 | "Type" : "AWS::EC2::SubnetNetworkAclAssociation", 54 | "Properties" : { 55 | "SubnetId" : { "Ref" : "PublicSubnet" }, 56 | "NetworkAclId" : { "Fn::GetAtt" : ["VPC", "DefaultNetworkAcl"] } 57 | } 58 | }, 59 | "WebServerSecurityGroup" : { 60 | "Type" : "AWS::EC2::SecurityGroup", 61 | "Properties" : { 62 | "GroupDescription" : "Enable HTTP ingress", 63 | "VpcId" : { "Ref" : "VPC" }, 64 | "SecurityGroupIngress" : [ { 65 | "IpProtocol" : "tcp", 66 | "FromPort" : "80", 67 | "ToPort" : "80", 68 | "CidrIp" : "0.0.0.0/0" 69 | } ] 70 | } 71 | } 72 | }, 73 | "Outputs" : { 74 | "VPCId" : { 75 | "Description" : "VPC ID", 76 | "Value" : { "Ref" : "VPC" }, 77 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-VPCID" }} 78 | }, 79 | "PublicSubnet" : { 80 | "Description" : "The subnet ID to use for public web servers", 81 | "Value" : { "Ref" : "PublicSubnet" }, 82 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }} 83 | }, 84 | "WebServerSecurityGroup" : { 85 | "Description" : "The security group ID to use for public web servers", 86 | "Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] }, 87 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }} 88 | } 89 | } 90 | } -------------------------------------------------------------------------------- /Labs/NestedStacks/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Elastic Beanstalk 5 | 74 | 75 | 76 |
77 |

Congratulations

78 |

Your first AWS Elastic Beanstalk Node.js application is now running on your own dedicated environment in the AWS Cloud

79 |
80 |
81 |

What's Next?

82 | 91 |
92 | 93 | 94 | -------------------------------------------------------------------------------- /Labs/CrossStack/crossstack.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | "Description" : "AWS CloudFormation Sample Template VPC_with_PublicIPs_And_DNS: Sample template that creates a VPC with DNS and public IPs enabled. Note that you are billed for the AWS resources that you use when you create a stack from this template.", 4 | "Resources" : { 5 | "VPC" : { 6 | "Type" : "AWS::EC2::VPC", 7 | "Properties" : { 8 | "EnableDnsSupport" : "true", 9 | "EnableDnsHostnames" : "true", 10 | "CidrBlock" : "10.0.0.0/16" 11 | } 12 | }, 13 | "PublicSubnet" : { 14 | "Type" : "AWS::EC2::Subnet", 15 | "Properties" : { 16 | "VpcId" : { "Ref" : "VPC" }, 17 | "CidrBlock" : "10.0.0.0/24" 18 | } 19 | }, 20 | "InternetGateway" : { 21 | "Type" : "AWS::EC2::InternetGateway" 22 | }, 23 | "VPCGatewayAttachment" : { 24 | "Type" : "AWS::EC2::VPCGatewayAttachment", 25 | "Properties" : { 26 | "VpcId" : { "Ref" : "VPC" }, 27 | "InternetGatewayId" : { "Ref" : "InternetGateway" } 28 | } 29 | }, 30 | "PublicRouteTable" : { 31 | "Type" : "AWS::EC2::RouteTable", 32 | "Properties" : { 33 | "VpcId" : { "Ref" : "VPC" } 34 | } 35 | }, 36 | "PublicRoute" : { 37 | "Type" : "AWS::EC2::Route", 38 | "DependsOn" : "VPCGatewayAttachment", 39 | "Properties" : { 40 | "RouteTableId" : { "Ref" : "PublicRouteTable" }, 41 | "DestinationCidrBlock" : "0.0.0.0/0", 42 | "GatewayId" : { "Ref" : "InternetGateway" } 43 | } 44 | }, 45 | "PublicSubnetRouteTableAssociation" : { 46 | "Type" : "AWS::EC2::SubnetRouteTableAssociation", 47 | "Properties" : { 48 | "SubnetId" : { "Ref" : "PublicSubnet" }, 49 | "RouteTableId" : { "Ref" : "PublicRouteTable" } 50 | } 51 | }, 52 | "PublicSubnetNetworkAclAssociation" : { 53 | "Type" : "AWS::EC2::SubnetNetworkAclAssociation", 54 | "Properties" : { 55 | "SubnetId" : { "Ref" : "PublicSubnet" }, 56 | "NetworkAclId" : { "Fn::GetAtt" : ["VPC", "DefaultNetworkAcl"] } 57 | } 58 | }, 59 | "WebServerSecurityGroup" : { 60 | "Type" : "AWS::EC2::SecurityGroup", 61 | "Properties" : { 62 | "GroupDescription" : "Enable HTTP ingress", 63 | "VpcId" : { "Ref" : "VPC" }, 64 | "SecurityGroupIngress" : [ { 65 | "IpProtocol" : "tcp", 66 | "FromPort" : "80", 67 | "ToPort" : "80", 68 | "CidrIp" : "0.0.0.0/0"}, 69 | { 70 | "CidrIp": "0.0.0.0/0", 71 | "FromPort": 443, 72 | "IpProtocol": "tcp", 73 | "ToPort": 443 74 | }, 75 | { 76 | "FromPort": 443, 77 | "IpProtocol": "tcp", 78 | "ToPort": 443 79 | } 80 | ] 81 | } 82 | } 83 | }, 84 | "Outputs" : { 85 | "VPCId" : { 86 | "Description" : "VPC ID", 87 | "Value" : { "Ref" : "VPC" }, 88 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-VPCID" }} 89 | }, 90 | "PublicSubnet" : { 91 | "Description" : "The subnet ID to use for public web servers", 92 | "Value" : { "Ref" : "PublicSubnet" }, 93 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SubnetID" }} 94 | }, 95 | "WebServerSecurityGroup" : { 96 | "Description" : "The security group ID to use for public web servers", 97 | "Value" : { "Fn::GetAtt" : ["WebServerSecurityGroup", "GroupId"] }, 98 | "Export" : { "Name" : {"Fn::Sub": "${AWS::StackName}-SecurityGroupID" }} 99 | } 100 | } 101 | } 102 | -------------------------------------------------------------------------------- /7-3-ExampleAMISelect/amilookup.js: -------------------------------------------------------------------------------- 1 | /** 2 | * A sample Lambda function that looks up the latest AMI ID for a given region and architecture. 3 | **/ 4 | 5 | // Map instance architectures to an AMI name pattern 6 | var archToAMINamePattern = { 7 | "PV64": "amzn-ami-pv*x86_64-ebs", 8 | "HVM64": "amzn-ami-hvm*x86_64-gp2", 9 | "HVMG2": "amzn-ami-graphics-hvm*x86_64-ebs*" 10 | }; 11 | var aws = require("aws-sdk"); 12 | 13 | exports.handler = function(event, context) { 14 | 15 | console.log("REQUEST RECEIVED:\n" + JSON.stringify(event)); 16 | 17 | // For Delete requests, immediately send a SUCCESS response. 18 | if (event.RequestType == "Delete") { 19 | sendResponse(event, context, "SUCCESS"); 20 | return; 21 | } 22 | 23 | var responseStatus = "FAILED"; 24 | var responseData = {}; 25 | 26 | var ec2 = new aws.EC2({region: event.ResourceProperties.Region}); 27 | var describeImagesParams = { 28 | Filters: [{ Name: "name", Values: [archToAMINamePattern[event.ResourceProperties.Architecture]]}], 29 | Owners: [event.ResourceProperties.Architecture == "HVMG2" ? "679593333241" : "amazon"] 30 | }; 31 | 32 | // Get AMI IDs with the specified name pattern and owner 33 | ec2.describeImages(describeImagesParams, function(err, describeImagesResult) { 34 | if (err) { 35 | responseData = {Error: "DescribeImages call failed"}; 36 | console.log(responseData.Error + ":\n", err); 37 | } 38 | else { 39 | var images = describeImagesResult.Images; 40 | // Sort images by name in decscending order. The names contain the AMI version, formatted as YYYY.MM.Ver. 41 | images.sort(function(x, y) { return y.Name.localeCompare(x.Name); }); 42 | for (var j = 0; j < images.length; j++) { 43 | if (isBeta(images[j].Name)) continue; 44 | responseStatus = "SUCCESS"; 45 | responseData["Id"] = images[j].ImageId; 46 | break; 47 | } 48 | } 49 | sendResponse(event, context, responseStatus, responseData); 50 | }); 51 | }; 52 | 53 | // Check if the image is a beta or rc image. The Lambda function won't return any of those images. 54 | function isBeta(imageName) { 55 | return imageName.toLowerCase().indexOf("beta") > -1 || imageName.toLowerCase().indexOf(".rc") > -1; 56 | } 57 | 58 | 59 | // Send response to the pre-signed S3 URL 60 | function sendResponse(event, context, responseStatus, responseData) { 61 | 62 | var responseBody = JSON.stringify({ 63 | Status: responseStatus, 64 | Reason: "See the details in CloudWatch Log Stream: " + context.logStreamName, 65 | PhysicalResourceId: context.logStreamName, 66 | StackId: event.StackId, 67 | RequestId: event.RequestId, 68 | LogicalResourceId: event.LogicalResourceId, 69 | Data: responseData 70 | }); 71 | 72 | console.log("RESPONSE BODY:\n", responseBody); 73 | 74 | var https = require("https"); 75 | var url = require("url"); 76 | 77 | var parsedUrl = url.parse(event.ResponseURL); 78 | var options = { 79 | hostname: parsedUrl.hostname, 80 | port: 443, 81 | path: parsedUrl.path, 82 | method: "PUT", 83 | headers: { 84 | "content-type": "", 85 | "content-length": responseBody.length 86 | } 87 | }; 88 | 89 | console.log("SENDING RESPONSE...\n"); 90 | 91 | var request = https.request(options, function(response) { 92 | console.log("STATUS: " + response.statusCode); 93 | console.log("HEADERS: " + JSON.stringify(response.headers)); 94 | // Tell AWS Lambda that the function execution is done 95 | context.done(); 96 | }); 97 | 98 | request.on("error", function(error) { 99 | console.log("sendResponse Error:" + error); 100 | // Tell AWS Lambda that the function execution is done 101 | context.done(); 102 | }); 103 | 104 | // write data to request body 105 | request.write(responseBody); 106 | request.end(); 107 | } -------------------------------------------------------------------------------- /6-4 Update Policy/rollingupdate.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Rolling Update", 4 | "Parameters": { 5 | "VPCParameter": { 6 | "Description": "VPC to launch instances into", 7 | "Type": "AWS::EC2::VPC::Id" 8 | }, 9 | "SubnetsParameter": { 10 | "Description": "Subnets to launch instances into", 11 | "Type": "List" 12 | }, 13 | "VersionParameter": { 14 | "Description": "Software version to deploy", 15 | "Type": "String" 16 | } 17 | }, 18 | "Mappings": { 19 | "RegionMap": { 20 | "eu-west-1": {"AMI": "ami-bff32ccc"}, 21 | "ap-southeast-1": {"AMI": "ami-c9b572aa"}, 22 | "ap-southeast-2": {"AMI": "ami-48d38c2b"}, 23 | "eu-central-1": {"AMI": "ami-bc5b48d0"}, 24 | "ap-northeast-2": {"AMI": "ami-249b554a"}, 25 | "ap-northeast-1": {"AMI": "ami-383c1956"}, 26 | "us-east-1": {"AMI": "ami-60b6c60a"}, 27 | "sa-east-1": {"AMI": "ami-6817af04"}, 28 | "us-west-1": {"AMI": "ami-d5ea86b5"}, 29 | "us-west-2": {"AMI": "ami-f0091d91"} 30 | } 31 | }, 32 | "Resources": { 33 | "ELBSecurityGroup": { 34 | "Type": "AWS::EC2::SecurityGroup", 35 | "Properties": { 36 | "GroupDescription": "elb-sg", 37 | "SecurityGroupEgress": [{ 38 | "IpProtocol": "-1", 39 | "CidrIp": "0.0.0.0/0" 40 | }], 41 | "SecurityGroupIngress": [{ 42 | "CidrIp": "0.0.0.0/0", 43 | "FromPort": 80, 44 | "IpProtocol": "tcp", 45 | "ToPort": 80 46 | }], 47 | "VpcId": {"Ref": "VPCParameter"} 48 | } 49 | }, 50 | "ELB": { 51 | "Type": "AWS::ElasticLoadBalancing::LoadBalancer", 52 | "Properties": { 53 | "ConnectionDrainingPolicy": { 54 | "Enabled": true, 55 | "Timeout": 30 56 | }, 57 | "CrossZone": true, 58 | "HealthCheck": { 59 | "HealthyThreshold": "2", 60 | "Interval": "10", 61 | "Target": "HTTP:80/", 62 | "Timeout": "5", 63 | "UnhealthyThreshold": "2" 64 | }, 65 | "LoadBalancerName": "elb", 66 | "Listeners": [{ 67 | "InstancePort": "80", 68 | "InstanceProtocol": "HTTP", 69 | "LoadBalancerPort": "80", 70 | "Protocol": "HTTP" 71 | }], 72 | "Scheme": "internet-facing", 73 | "SecurityGroups": [{"Ref": "ELBSecurityGroup"}], 74 | "Subnets": {"Ref": "SubnetsParameter"} 75 | } 76 | }, 77 | "EC2SecurityGroup": { 78 | "Type": "AWS::EC2::SecurityGroup", 79 | "Properties": { 80 | "GroupDescription": "ec2-sg", 81 | "SecurityGroupEgress": [{ 82 | "IpProtocol": "-1", 83 | "CidrIp": "0.0.0.0/0" 84 | }], 85 | "SecurityGroupIngress": [{ 86 | "CidrIp": "0.0.0.0/0", 87 | "FromPort": 22, 88 | "IpProtocol": "tcp", 89 | "ToPort": 22 90 | }, { 91 | "FromPort": 80, 92 | "IpProtocol": "tcp", 93 | "SourceSecurityGroupId": {"Ref": "ELBSecurityGroup"}, 94 | "ToPort": 80 95 | }], 96 | "VpcId": {"Ref": "VPCParameter"} 97 | } 98 | }, 99 | "LaunchConfiguration": { 100 | "Type": "AWS::AutoScaling::LaunchConfiguration", 101 | "Properties": { 102 | "AssociatePublicIpAddress": true, 103 | "ImageId": {"Fn::FindInMap": ["RegionMap", {"Ref": "AWS::Region"}, "AMI"]}, 104 | "InstanceType": "t2.micro", 105 | "SecurityGroups": [{"Ref": "EC2SecurityGroup"}], 106 | "UserData": {"Fn::Base64": {"Fn::Join": ["", [ 107 | "#!/bin/bash -ex", "\n", 108 | "yum -y install httpd", "\n", 109 | "chkconfig httpd on", "\n", 110 | "echo \"Version ", {"Ref": "VersionParameter"}, "\" >> /var/www/html/index.html", "\n", 111 | "service httpd start", "\n", 112 | "/opt/aws/bin/cfn-signal -e 0 --region ", {"Ref": "AWS::Region"}, " --stack ", {"Ref": "AWS::StackName"}, " --resource AutoScalingGroup", "\n" 113 | ]]}} 114 | } 115 | }, 116 | "AutoScalingGroup": { 117 | "Type": "AWS::AutoScaling::AutoScalingGroup", 118 | "Properties": { 119 | "MinSize": "1", 120 | "MaxSize": "2", 121 | "DesiredCapacity": "1", 122 | "LaunchConfigurationName": {"Ref": "LaunchConfiguration"}, 123 | "VPCZoneIdentifier": {"Ref": "SubnetsParameter"}, 124 | "LoadBalancerNames": [{"Ref": "ELB"}], 125 | "HealthCheckGracePeriod": 60, 126 | "HealthCheckType": "ELB" 127 | }, 128 | "CreationPolicy": { 129 | "ResourceSignal": { 130 | "Count": 1, 131 | "Timeout": "PT10M" 132 | } 133 | }, 134 | "UpdatePolicy": { 135 | "AutoScalingRollingUpdate": { 136 | "MaxBatchSize": "2", 137 | "MinInstancesInService": "1", 138 | "PauseTime": "PT10M", 139 | "SuspendProcesses": ["AlarmNotification"], 140 | "WaitOnResourceSignals": true 141 | } 142 | } 143 | } 144 | }, 145 | "Outputs": { 146 | "ELB": { 147 | "Value": {"Fn::Join": ["", ["http://", {"Fn::GetAtt": ["ELB", "DNSName"]}]]}, 148 | "Description": "Load Balancer URL" 149 | } 150 | } 151 | } -------------------------------------------------------------------------------- /4-4 CrossStack/crossstackapp.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Cross-Stack Reference Sample Template: Demonstrates how to reference resources from a different stack. This template provisions an EC2 instance in an EC2 Security Group provisioned in a different stack. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters": { 7 | "NetworkStackName": { 8 | "Description": "Name of an active CloudFormation stack that contains the networking resources, such as the subnet and security group, that will be used in this stack.", 9 | "Type": "String", 10 | "MinLength" : 1, 11 | "MaxLength" : 255, 12 | "AllowedPattern" : "^[a-zA-Z][-a-zA-Z0-9]*$", 13 | "Default" : "SampleNetworkCrossStack" 14 | } 15 | }, 16 | 17 | "Mappings" : { 18 | "AWSRegionArch2AMI" : { 19 | "us-east-1" : {"PV64" : "ami-8ff710e2", "HVM64" : "ami-f5f41398", "HVMG2" : "ami-4afd1d27"}, 20 | "us-west-2" : {"PV64" : "ami-eff1028f", "HVM64" : "ami-d0f506b0", "HVMG2" : "ami-ee897b8e"}, 21 | "us-west-1" : {"PV64" : "ami-ac85fbcc", "HVM64" : "ami-6e84fa0e", "HVMG2" : "ami-69106909"}, 22 | "eu-west-1" : {"PV64" : "ami-23ab2250", "HVM64" : "ami-b0ac25c3", "HVMG2" : "ami-936de5e0"}, 23 | "eu-central-1" : {"PV64" : "ami-27c12348", "HVM64" : "ami-d3c022bc", "HVMG2" : "ami-8e7092e1"}, 24 | "ap-northeast-1" : {"PV64" : "ami-26160d48", "HVM64" : "ami-29160d47", "HVMG2" : "ami-91809aff"}, 25 | "ap-northeast-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-cf32faa1", "HVMG2" : "NOT_SUPPORTED"}, 26 | "ap-southeast-1" : {"PV64" : "ami-f3dd0a90", "HVM64" : "ami-1ddc0b7e", "HVMG2" : "ami-3c30e75f"}, 27 | "ap-southeast-2" : {"PV64" : "ami-8f94b9ec", "HVM64" : "ami-0c95b86f", "HVMG2" : "ami-543d1137"}, 28 | "sa-east-1" : {"PV64" : "ami-e188018d", "HVM64" : "ami-fb890097", "HVMG2" : "NOT_SUPPORTED"}, 29 | "cn-north-1" : {"PV64" : "ami-77a46e1a", "HVM64" : "ami-05a66c68", "HVMG2" : "NOT_SUPPORTED"} 30 | } 31 | }, 32 | 33 | "Resources" : { 34 | "WebServerInstance": { 35 | "Type": "AWS::EC2::Instance", 36 | "Metadata" : { 37 | "AWS::CloudFormation::Init" : { 38 | "configSets" : { 39 | "All" : [ "ConfigureSampleApp" ] 40 | }, 41 | 42 | "ConfigureSampleApp" : { 43 | "packages" : { 44 | "yum" : { 45 | "httpd" : [] 46 | } 47 | }, 48 | 49 | "files" : { 50 | "/var/www/html/index.html" : { 51 | "content" : { "Fn::Join" : ["\n", [ 52 | "\"AWS", 53 | "

Congratulations, you have successfully launched the AWS CloudFormation sample.

" 54 | ]]}, 55 | "mode" : "000644", 56 | "owner" : "root", 57 | "group" : "root" 58 | } 59 | }, 60 | 61 | "services" : { 62 | "sysvinit" : { 63 | "httpd" : { "enabled" : "true", "ensureRunning" : "true" } 64 | } 65 | } 66 | } 67 | } 68 | }, 69 | "Properties": { 70 | "InstanceType" : "t2.micro", 71 | "ImageId": { "Fn::FindInMap": [ "AWSRegionArch2AMI", { "Ref": "AWS::Region" } , "HVM64" ] }, 72 | "NetworkInterfaces" : [{ 73 | "GroupSet" : [{ "Fn::ImportValue" : {"Fn::Sub": "${NetworkStackName}-SecurityGroupID" } }], 74 | "AssociatePublicIpAddress" : "true", 75 | "DeviceIndex" : "0", 76 | "DeleteOnTermination" : "true", 77 | "SubnetId" : { "Fn::ImportValue" : {"Fn::Sub": "${NetworkStackName}-SubnetID" } } 78 | }], 79 | "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ 80 | "#!/bin/bash -xe\n", 81 | "yum update -y aws-cfn-bootstrap\n", 82 | 83 | "# Install the files and packages from the metadata\n", 84 | "/opt/aws/bin/cfn-init -v ", 85 | " --stack ", { "Ref" : "AWS::StackName" }, 86 | " --resource WebServerInstance ", 87 | " --configsets All ", 88 | " --region ", { "Ref" : "AWS::Region" }, "\n", 89 | 90 | "# Signal the status from cfn-init\n", 91 | "/opt/aws/bin/cfn-signal -e $? ", 92 | " --stack ", { "Ref" : "AWS::StackName" }, 93 | " --resource WebServerInstance ", 94 | " --region ", { "Ref" : "AWS::Region" }, "\n" 95 | ]]}} 96 | }, 97 | "CreationPolicy" : { 98 | "ResourceSignal" : { 99 | "Timeout" : "PT5M" 100 | } 101 | } 102 | } 103 | }, 104 | 105 | "Outputs" : { 106 | "URL" : { 107 | "Description" : "URL of the sample website", 108 | "Value" : { "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "WebServerInstance", "PublicDnsName" ]}]]} 109 | } 110 | } 111 | } -------------------------------------------------------------------------------- /Labs/CrossStack/crossstackapp.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Cross-Stack Reference Sample Template: Demonstrates how to reference resources from a different stack. This template provisions an EC2 instance in an EC2 Security Group provisioned in a different stack. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters": { 7 | "NetworkStackName": { 8 | "Description": "Name of an active CloudFormation stack that contains the networking resources, such as the subnet and security group, that will be used in this stack.", 9 | "Type": "String", 10 | "MinLength" : 1, 11 | "MaxLength" : 255, 12 | "AllowedPattern" : "^[a-zA-Z][-a-zA-Z0-9]*$", 13 | "Default" : "SampleNetworkCrossStack" 14 | } 15 | }, 16 | 17 | "Mappings" : { 18 | "AWSRegionArch2AMI" : { 19 | "us-east-1" : {"PV64" : "ami-05a91a726af26a821", "HVM64" : "ami-0beafb294c86717a8", "HVMG2" : "ami-02354e95b39ca8dec"}, 20 | "us-west-2" : {"PV64" : "ami-eff1028f", "HVM64" : "ami-d0f506b0", "HVMG2" : "ami-ee897b8e"}, 21 | "us-west-1" : {"PV64" : "ami-ac85fbcc", "HVM64" : "ami-6e84fa0e", "HVMG2" : "ami-69106909"}, 22 | "eu-west-1" : {"PV64" : "ami-23ab2250", "HVM64" : "ami-b0ac25c3", "HVMG2" : "ami-936de5e0"}, 23 | "eu-central-1" : {"PV64" : "ami-27c12348", "HVM64" : "ami-d3c022bc", "HVMG2" : "ami-8e7092e1"}, 24 | "ap-northeast-1" : {"PV64" : "ami-26160d48", "HVM64" : "ami-29160d47", "HVMG2" : "ami-91809aff"}, 25 | "ap-northeast-2" : {"PV64" : "NOT_SUPPORTED", "HVM64" : "ami-cf32faa1", "HVMG2" : "NOT_SUPPORTED"}, 26 | "ap-southeast-1" : {"PV64" : "ami-f3dd0a90", "HVM64" : "ami-1ddc0b7e", "HVMG2" : "ami-3c30e75f"}, 27 | "ap-southeast-2" : {"PV64" : "ami-8f94b9ec", "HVM64" : "ami-0c95b86f", "HVMG2" : "ami-543d1137"}, 28 | "sa-east-1" : {"PV64" : "ami-e188018d", "HVM64" : "ami-fb890097", "HVMG2" : "NOT_SUPPORTED"}, 29 | "cn-north-1" : {"PV64" : "ami-77a46e1a", "HVM64" : "ami-05a66c68", "HVMG2" : "NOT_SUPPORTED"} 30 | } 31 | }, 32 | 33 | "Resources" : { 34 | "WebServerInstance": { 35 | "Type": "AWS::EC2::Instance", 36 | "Metadata" : { 37 | "AWS::CloudFormation::Init" : { 38 | "configSets" : { 39 | "All" : [ "ConfigureSampleApp" ] 40 | }, 41 | 42 | "ConfigureSampleApp" : { 43 | "packages" : { 44 | "yum" : { 45 | "httpd" : [] 46 | } 47 | }, 48 | 49 | "files" : { 50 | "/var/www/html/index.html" : { 51 | "content" : { "Fn::Join" : ["\n", [ 52 | "\"AWS", 53 | "

Congratulations, you have successfully launched the AWS CloudFormation sample.

" 54 | ]]}, 55 | "mode" : "000644", 56 | "owner" : "root", 57 | "group" : "root" 58 | } 59 | }, 60 | 61 | "services" : { 62 | "sysvinit" : { 63 | "httpd" : { "enabled" : "true", "ensureRunning" : "true" } 64 | } 65 | } 66 | } 67 | } 68 | }, 69 | "Properties": { 70 | "InstanceType" : "t2.micro", 71 | "ImageId": { "Fn::FindInMap": [ "AWSRegionArch2AMI", { "Ref": "AWS::Region" } , "HVM64" ] }, 72 | "NetworkInterfaces" : [{ 73 | "GroupSet" : [{ "Fn::ImportValue" : {"Fn::Sub": "${NetworkStackName}-SecurityGroupID" } }], 74 | "AssociatePublicIpAddress" : "true", 75 | "DeviceIndex" : "0", 76 | "DeleteOnTermination" : "true", 77 | "SubnetId" : { "Fn::ImportValue" : {"Fn::Sub": "${NetworkStackName}-SubnetID" } } 78 | }], 79 | "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ 80 | "#!/bin/bash -xe\n", 81 | "yum update -y aws-cfn-bootstrap\n", 82 | 83 | "# Install the files and packages from the metadata\n", 84 | "/opt/aws/bin/cfn-init -v ", 85 | " --stack ", { "Ref" : "AWS::StackName" }, 86 | " --resource WebServerInstance ", 87 | " --configsets All ", 88 | " --region ", { "Ref" : "AWS::Region" }, "\n", 89 | 90 | "# Signal the status from cfn-init\n", 91 | "/opt/aws/bin/cfn-signal -e $? ", 92 | " --stack ", { "Ref" : "AWS::StackName" }, 93 | " --resource WebServerInstance ", 94 | " --region ", { "Ref" : "AWS::Region" }, "\n" 95 | ]]}} 96 | }, 97 | "CreationPolicy" : { 98 | "ResourceSignal" : { 99 | "Timeout" : "PT5M" 100 | } 101 | } 102 | } 103 | }, 104 | 105 | "Outputs" : { 106 | "URL" : { 107 | "Description" : "URL of the sample website", 108 | "Value" : { "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "WebServerInstance", "PublicDnsName" ]}]]} 109 | } 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /7-4-pwdChecker/IAMpwdCheck.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample 4 | template showing how to create IAM users, groups and policies. It creates a 5 | single user that is a member of a users group and an admin group. The groups 6 | each have different IAM policies associated with them. Note: This example also 7 | creates an AWSAccessKeyId/AWSSecretKey pair associated with the new user. The 8 | example is somewhat contrived since it creates all of the users and groups, 9 | typically you would be creating policies, users and/or groups that contain 10 | referemces to existing users or groups in your environment. Note that you will 11 | need to specify the CAPABILITY_IAM flag when you create the stack to allow 12 | this template to execute. You can do this through the AWS management console 13 | by clicking on the check box acknowledging that you understand this template 14 | creates IAM resources or by specifying the CAPABILITY_IAM flag to the 15 | cfn-create-stack command line tool or CreateStack API call. 16 | Parameters: 17 | Password: 18 | NoEcho: 'true' 19 | Description: Enter Password 20 | Type: String 21 | MinLength: '6' 22 | MaxLength: '10' 23 | AllowedPattern: '[a-zA-Z0-9]*' 24 | ConstraintDescription: alphanumeric characters. 25 | ConfirmPassword: 26 | NoEcho: 'true' 27 | Description: Confirm Password 28 | Type: String 29 | MinLength: '6' 30 | MaxLength: '10' 31 | AllowedPattern: '[a-zA-Z0-9]*' 32 | ConstraintDescription: alphanumeric characters. 33 | Metadata: 34 | 'AWS::CloudFormation::Interface': 35 | ParameterGroups: 36 | - Label: 37 | default: Confirm the password 38 | Parameters: 39 | - Password 40 | - ConfirmPassword 41 | Resources: 42 | LambdaExecutionRole: 43 | Type: 'AWS::IAM::Role' 44 | Properties: 45 | AssumeRolePolicyDocument: 46 | Version: 2012-10-17 47 | Statement: 48 | - Effect: Allow 49 | Principal: 50 | Service: 51 | - lambda.amazonaws.com 52 | Action: 53 | - 'sts:AssumeRole' 54 | Policies: 55 | - PolicyName: lambdalogtocloudwatch 56 | PolicyDocument: 57 | Version: 2012-10-17 58 | Statement: 59 | - Effect: Allow 60 | Action: 61 | - 'logs:CreateLogGroup' 62 | - 'logs:CreateLogStream' 63 | - 'logs:PutLogEvents' 64 | Resource: 'arn:aws:logs:*:*:*' 65 | CheckPasswordsFunction: 66 | Type: 'AWS::Lambda::Function' 67 | Properties: 68 | Code: 69 | ZipFile: !Join 70 | - |+ 71 | 72 | - - var response = require('cfn-response'); 73 | - 'exports.handler = function(event, context) {' 74 | - ' if (event.RequestType == ''Delete'') {' 75 | - ' response.send(event, context, response.SUCCESS);' 76 | - ' return;' 77 | - ' }' 78 | - ' var password = event.ResourceProperties.Password;' 79 | - ' var confpassword = event.ResourceProperties.ConfirmPassword;' 80 | - ' var responseData = {};' 81 | - ' if (password == confpassword) {' 82 | - ' responseData = {''passwordcheck'': ''Password Valid!''};' 83 | - ' response.send(event, context, response.SUCCESS, responseData);' 84 | - ' } else {' 85 | - ' responseData = {Error: ''Passwords do not match''};' 86 | - ' console.log(responseData.Error);' 87 | - ' response.send(event, context, response.FAILED, responseData);' 88 | - ' }' 89 | - '};' 90 | Handler: index.handler 91 | Runtime: nodejs8.10 92 | Timeout: '30' 93 | Role: !GetAtt 94 | - LambdaExecutionRole 95 | - Arn 96 | TestPasswords: 97 | Type: 'Custom::LambdaCallout' 98 | Properties: 99 | ServiceToken: !GetAtt 100 | - CheckPasswordsFunction 101 | - Arn 102 | Password: !Ref Password 103 | ConfirmPassword: !Ref ConfirmPassword 104 | CFNUser: 105 | Type: 'AWS::IAM::User' 106 | Properties: 107 | LoginProfile: 108 | Password: !Ref Password 109 | CFNUserGroup: 110 | Type: 'AWS::IAM::Group' 111 | CFNAdminGroup: 112 | Type: 'AWS::IAM::Group' 113 | Users: 114 | Type: 'AWS::IAM::UserToGroupAddition' 115 | Properties: 116 | GroupName: !Ref CFNUserGroup 117 | Users: 118 | - !Ref CFNUser 119 | Admins: 120 | Type: 'AWS::IAM::UserToGroupAddition' 121 | Properties: 122 | GroupName: !Ref CFNAdminGroup 123 | Users: 124 | - !Ref CFNUser 125 | CFNUserPolicies: 126 | Type: 'AWS::IAM::Policy' 127 | Properties: 128 | PolicyName: CFNUsers 129 | PolicyDocument: 130 | Statement: 131 | - Effect: Allow 132 | Action: 133 | - 'cloudformation:Describe*' 134 | - 'cloudformation:List*' 135 | - 'cloudformation:Get*' 136 | Resource: '*' 137 | Groups: 138 | - !Ref CFNUserGroup 139 | CFNAdminPolicies: 140 | Type: 'AWS::IAM::Policy' 141 | Properties: 142 | PolicyName: CFNAdmins 143 | PolicyDocument: 144 | Statement: 145 | - Effect: Allow 146 | Action: 'cloudformation:*' 147 | Resource: '*' 148 | Groups: 149 | - !Ref CFNAdminGroup 150 | CFNKeys: 151 | Type: 'AWS::IAM::AccessKey' 152 | Properties: 153 | UserName: !Ref CFNUser 154 | Outputs: 155 | AccessKey: 156 | Value: !Ref CFNKeys 157 | Description: AWSAccessKeyId of new user 158 | SecretKey: 159 | Value: !GetAtt 160 | - CFNKeys 161 | - SecretAccessKey 162 | Description: AWSSecretKey of new user 163 | -------------------------------------------------------------------------------- /7-1-CustomResources/IAMpwdCheck.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample 4 | template showing how to create IAM users, groups and policies. It creates a 5 | single user that is a member of a users group and an admin group. The groups 6 | each have different IAM policies associated with them. Note: This example also 7 | creates an AWSAccessKeyId/AWSSecretKey pair associated with the new user. The 8 | example is somewhat contrived since it creates all of the users and groups, 9 | typically you would be creating policies, users and/or groups that contain 10 | referemces to existing users or groups in your environment. Note that you will 11 | need to specify the CAPABILITY_IAM flag when you create the stack to allow 12 | this template to execute. You can do this through the AWS management console 13 | by clicking on the check box acknowledging that you understand this template 14 | creates IAM resources or by specifying the CAPABILITY_IAM flag to the 15 | cfn-create-stack command line tool or CreateStack API call. 16 | Parameters: 17 | Password: 18 | NoEcho: 'true' 19 | Description: Enter Password 20 | Type: String 21 | MinLength: '6' 22 | MaxLength: '10' 23 | AllowedPattern: '[a-zA-Z0-9]*' 24 | ConstraintDescription: alphanumeric characters. 25 | ConfirmPassword: 26 | NoEcho: 'true' 27 | Description: Confirm Password 28 | Type: String 29 | MinLength: '6' 30 | MaxLength: '10' 31 | AllowedPattern: '[a-zA-Z0-9]*' 32 | ConstraintDescription: alphanumeric characters. 33 | Metadata: 34 | 'AWS::CloudFormation::Interface': 35 | ParameterGroups: 36 | - Label: 37 | default: Confirm the password 38 | Parameters: 39 | - Password 40 | - ConfirmPassword 41 | Resources: 42 | LambdaExecutionRole: 43 | Type: 'AWS::IAM::Role' 44 | Properties: 45 | AssumeRolePolicyDocument: 46 | Version: 2012-10-17 47 | Statement: 48 | - Effect: Allow 49 | Principal: 50 | Service: 51 | - lambda.amazonaws.com 52 | Action: 53 | - 'sts:AssumeRole' 54 | Policies: 55 | - PolicyName: lambdalogtocloudwatch 56 | PolicyDocument: 57 | Version: 2012-10-17 58 | Statement: 59 | - Effect: Allow 60 | Action: 61 | - 'logs:CreateLogGroup' 62 | - 'logs:CreateLogStream' 63 | - 'logs:PutLogEvents' 64 | Resource: 'arn:aws:logs:*:*:*' 65 | CheckPasswordsFunction: 66 | Type: 'AWS::Lambda::Function' 67 | Properties: 68 | Code: 69 | ZipFile: !Join 70 | - |+ 71 | 72 | - - var response = require('cfn-response'); 73 | - 'exports.handler = function(event, context) {' 74 | - ' if (event.RequestType == ''Delete'') {' 75 | - ' response.send(event, context, response.SUCCESS);' 76 | - ' return;' 77 | - ' }' 78 | - ' var password = event.ResourceProperties.Password;' 79 | - ' var confpassword = event.ResourceProperties.ConfirmPassword;' 80 | - ' var responseData = {};' 81 | - ' if (password == confpassword) {' 82 | - ' responseData = {''passwordcheck'': ''Password Valid!''};' 83 | - ' response.send(event, context, response.SUCCESS, responseData);' 84 | - ' } else {' 85 | - ' responseData = {Error: ''Passwords do not match''};' 86 | - ' console.log(responseData.Error);' 87 | - ' response.send(event, context, response.FAILED, responseData);' 88 | - ' }' 89 | - '};' 90 | Handler: index.handler 91 | Runtime: nodejs8.10 92 | Timeout: '30' 93 | Role: !GetAtt 94 | - LambdaExecutionRole 95 | - Arn 96 | TestPasswords: 97 | Type: 'Custom::LambdaCallout' 98 | Properties: 99 | ServiceToken: !GetAtt 100 | - CheckPasswordsFunction 101 | - Arn 102 | Password: !Ref Password 103 | ConfirmPassword: !Ref ConfirmPassword 104 | CFNUser: 105 | Type: 'AWS::IAM::User' 106 | Properties: 107 | LoginProfile: 108 | Password: !Ref Password 109 | CFNUserGroup: 110 | Type: 'AWS::IAM::Group' 111 | CFNAdminGroup: 112 | Type: 'AWS::IAM::Group' 113 | Users: 114 | Type: 'AWS::IAM::UserToGroupAddition' 115 | Properties: 116 | GroupName: !Ref CFNUserGroup 117 | Users: 118 | - !Ref CFNUser 119 | Admins: 120 | Type: 'AWS::IAM::UserToGroupAddition' 121 | Properties: 122 | GroupName: !Ref CFNAdminGroup 123 | Users: 124 | - !Ref CFNUser 125 | CFNUserPolicies: 126 | Type: 'AWS::IAM::Policy' 127 | Properties: 128 | PolicyName: CFNUsers 129 | PolicyDocument: 130 | Statement: 131 | - Effect: Allow 132 | Action: 133 | - 'cloudformation:Describe*' 134 | - 'cloudformation:List*' 135 | - 'cloudformation:Get*' 136 | Resource: '*' 137 | Groups: 138 | - !Ref CFNUserGroup 139 | CFNAdminPolicies: 140 | Type: 'AWS::IAM::Policy' 141 | Properties: 142 | PolicyName: CFNAdmins 143 | PolicyDocument: 144 | Statement: 145 | - Effect: Allow 146 | Action: 'cloudformation:*' 147 | Resource: '*' 148 | Groups: 149 | - !Ref CFNAdminGroup 150 | CFNKeys: 151 | Type: 'AWS::IAM::AccessKey' 152 | Properties: 153 | UserName: !Ref CFNUser 154 | Outputs: 155 | AccessKey: 156 | Value: !Ref CFNKeys 157 | Description: AWSAccessKeyId of new user 158 | SecretKey: 159 | Value: !GetAtt 160 | - CFNKeys 161 | - SecretAccessKey 162 | Description: AWSSecretKey of new user 163 | -------------------------------------------------------------------------------- /7-1-CustomResources/AMILook.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation AMI Look Up Sample Template: Demonstrates how to dynamically specify an AMI ID. This template provisions an EC2 instance with an AMI ID that is based on the instance's type and region. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters": { 7 | "InstanceType" : { 8 | "Description" : "EC2 instance type", 9 | "Type" : "String", 10 | "Default" : "m1.small", 11 | "AllowedValues" : [ "t1.micro", "t2.micro", "t2.small", "t2.medium", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"], 12 | "ConstraintDescription" : "Must be a valid EC2 instance type." 13 | }, 14 | "ModuleName" : { 15 | "Description" : "The name of the JavaScript file", 16 | "Type" : "String", 17 | "Default" : "amilookup" 18 | }, 19 | "S3Bucket" : { 20 | "Description" : "The name of the bucket that contains your packaged source", 21 | "Type" : "String" 22 | }, 23 | "S3Key" : { 24 | "Description" : "The name of the ZIP package", 25 | "Type" : "String", 26 | "Default" : "amilookup.zip" 27 | } 28 | }, 29 | 30 | "Mappings" : { 31 | "AWSInstanceType2Arch" : { 32 | "t1.micro" : { "Arch" : "PV64" }, 33 | "t2.micro" : { "Arch" : "HVM64" }, 34 | "t2.small" : { "Arch" : "HVM64" }, 35 | "t2.medium" : { "Arch" : "HVM64" }, 36 | "m1.small" : { "Arch" : "PV64" }, 37 | "m1.medium" : { "Arch" : "PV64" }, 38 | "m1.large" : { "Arch" : "PV64" }, 39 | "m1.xlarge" : { "Arch" : "PV64" }, 40 | "m2.xlarge" : { "Arch" : "PV64" }, 41 | "m2.2xlarge" : { "Arch" : "PV64" }, 42 | "m2.4xlarge" : { "Arch" : "PV64" }, 43 | "m3.medium" : { "Arch" : "HVM64" }, 44 | "m3.large" : { "Arch" : "HVM64" }, 45 | "m3.xlarge" : { "Arch" : "HVM64" }, 46 | "m3.2xlarge" : { "Arch" : "HVM64" }, 47 | "c1.medium" : { "Arch" : "PV64" }, 48 | "c1.xlarge" : { "Arch" : "PV64" }, 49 | "c3.large" : { "Arch" : "HVM64" }, 50 | "c3.xlarge" : { "Arch" : "HVM64" }, 51 | "c3.2xlarge" : { "Arch" : "HVM64" }, 52 | "c3.4xlarge" : { "Arch" : "HVM64" }, 53 | "c3.8xlarge" : { "Arch" : "HVM64" }, 54 | "c4.large" : { "Arch" : "HVM64" }, 55 | "c4.xlarge" : { "Arch" : "HVM64" }, 56 | "c4.2xlarge" : { "Arch" : "HVM64" }, 57 | "c4.4xlarge" : { "Arch" : "HVM64" }, 58 | "c4.8xlarge" : { "Arch" : "HVM64" }, 59 | "g2.2xlarge" : { "Arch" : "HVMG2" }, 60 | "r3.large" : { "Arch" : "HVM64" }, 61 | "r3.xlarge" : { "Arch" : "HVM64" }, 62 | "r3.2xlarge" : { "Arch" : "HVM64" }, 63 | "r3.4xlarge" : { "Arch" : "HVM64" }, 64 | "r3.8xlarge" : { "Arch" : "HVM64" }, 65 | "i2.xlarge" : { "Arch" : "HVM64" }, 66 | "i2.2xlarge" : { "Arch" : "HVM64" }, 67 | "i2.4xlarge" : { "Arch" : "HVM64" }, 68 | "i2.8xlarge" : { "Arch" : "HVM64" }, 69 | "d2.xlarge" : { "Arch" : "HVM64" }, 70 | "d2.2xlarge" : { "Arch" : "HVM64" }, 71 | "d2.4xlarge" : { "Arch" : "HVM64" }, 72 | "d2.8xlarge" : { "Arch" : "HVM64" }, 73 | "hi1.4xlarge" : { "Arch" : "HVM64" }, 74 | "hs1.8xlarge" : { "Arch" : "HVM64" }, 75 | "cr1.8xlarge" : { "Arch" : "HVM64" }, 76 | "cc2.8xlarge" : { "Arch" : "HVM64" } 77 | } 78 | }, 79 | 80 | "Resources" : { 81 | "SampleInstance": { 82 | "Type": "AWS::EC2::Instance", 83 | "Properties": { 84 | "InstanceType" : { "Ref" : "InstanceType" }, 85 | "ImageId": { "Fn::GetAtt": [ "AMIInfo", "Id" ] }, 86 | "NetworkInterfaces": [ { 87 | "AssociatePublicIpAddress": "true", 88 | "DeviceIndex": "0", 89 | "SubnetId" : {"Fn::ImportValue" : "Unique-SubnetId"} 90 | } ] 91 | } 92 | }, 93 | 94 | "AMIInfo": { 95 | "Type": "Custom::AMIInfo", 96 | "Properties": { 97 | "ServiceToken": { "Fn::GetAtt" : ["AMIInfoFunction", "Arn"] }, 98 | "Region": { "Ref": "AWS::Region" }, 99 | "Architecture": { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } 100 | } 101 | }, 102 | 103 | "AMIInfoFunction": { 104 | "Type": "AWS::Lambda::Function", 105 | "Properties": { 106 | "Code": { 107 | "S3Bucket": { "Ref": "S3Bucket" }, 108 | "S3Key": { "Ref": "S3Key" } 109 | }, 110 | "Handler": { "Fn::Join" : [ "", [{ "Ref": "ModuleName" },".handler"] ] }, 111 | "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, 112 | "Runtime": "nodejs8.10", 113 | "Timeout": "30" 114 | } 115 | }, 116 | 117 | "LambdaExecutionRole": { 118 | "Type": "AWS::IAM::Role", 119 | "Properties": { 120 | "AssumeRolePolicyDocument": { 121 | "Version": "2012-10-17", 122 | "Statement": [{ 123 | "Effect": "Allow", 124 | "Principal": {"Service": ["lambda.amazonaws.com"]}, 125 | "Action": ["sts:AssumeRole"] 126 | }] 127 | }, 128 | "Path": "/", 129 | "Policies": [{ 130 | "PolicyName": "root", 131 | "PolicyDocument": { 132 | "Version": "2012-10-17", 133 | "Statement": [{ 134 | "Effect": "Allow", 135 | "Action": ["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"], 136 | "Resource": "arn:aws:logs:*:*:*" 137 | }, 138 | { 139 | "Effect": "Allow", 140 | "Action": ["ec2:DescribeImages"], 141 | "Resource": "*" 142 | }] 143 | } 144 | }] 145 | } 146 | } 147 | }, 148 | 149 | "Outputs" : { 150 | "AMIID" : { 151 | "Description": "The Amazon EC2 instance AMI ID.", 152 | "Value" : { "Fn::GetAtt": [ "AMIInfo", "Id" ] } 153 | } 154 | } 155 | } -------------------------------------------------------------------------------- /9-2-PipelineP2/basicpipeline.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | 3 | Description: > 4 | AWS CloudFormation Sample Template Continuous Delievery: This template 5 | builds an AWS CodePipeline pipeline that implements a continuous delivery release 6 | process for AWS CloudFormation stacks. Submit a CloudFormation source artifact 7 | to an Amazon S3 location before building the pipeline. The pipeline uses the 8 | artifact to automatically create stacks and change sets. 9 | **WARNING** This template creates an Amazon EC2 instance. You will be billed 10 | for the AWS resources used when you create a stack using this template. 11 | 12 | Parameters: 13 | PipelineName: 14 | Description: A name for pipeline 15 | Type: String 16 | S3Bucket: 17 | Description: The name of the S3 bucket that contains the source artifact, which must be in the same region as this stack 18 | Type: String 19 | SourceS3Key: 20 | Default: wordpress-single-instance.zip 21 | Description: The file name of the source artifact, such as myfolder/myartifact.zip 22 | Type: String 23 | TemplateFileName: 24 | Default: wordpress-single-instance.yaml 25 | Description: The file name of the WordPress template 26 | Type: String 27 | TestStackName: 28 | Default: Test-MyWordPressSite 29 | Description: A name for the test WordPress stack 30 | Type: String 31 | TestStackConfig: 32 | Default: test-stack-configuration.json 33 | Description: The configuration file name for the test WordPress stack 34 | Type: String 35 | ProdStackName: 36 | Default: Prod-MyWordPressSite 37 | Description: A name for the production WordPress stack 38 | Type: String 39 | ProdStackConfig: 40 | Default: prod-stack-configuration.json 41 | Description: The configuration file name for the production WordPress stack 42 | Type: String 43 | ChangeSetName: 44 | Default: UpdatePreview-MyWordPressSite 45 | Description: A name for the production WordPress stack change set 46 | Type: String 47 | Email: 48 | Description: The email address where CodePipeline sends pipeline notifications 49 | Type: String 50 | 51 | Metadata: 52 | AWS::CloudFormation::Interface: 53 | ParameterGroups: 54 | - Label: 55 | default: "CodePipeline Settings" 56 | Parameters: 57 | - PipelineName 58 | - S3Bucket 59 | - SourceS3Key 60 | - Email 61 | - Label: 62 | default: "Test Stack Settings" 63 | Parameters: 64 | - TestStackName 65 | - TemplateFileName 66 | - TestStackConfig 67 | - Label: 68 | default: "Production Stack Settings" 69 | Parameters: 70 | - ChangeSetName 71 | - ProdStackName 72 | - ProdStackConfig 73 | 74 | Resources: 75 | ArtifactStoreBucket: 76 | Type: AWS::S3::Bucket 77 | Properties: 78 | VersioningConfiguration: 79 | Status: Enabled 80 | 81 | CodePipelineSNSTopic: 82 | Type: AWS::SNS::Topic 83 | Properties: 84 | Subscription: 85 | - Endpoint: !Ref Email 86 | Protocol: email 87 | 88 | Pipeline: 89 | Type: AWS::CodePipeline::Pipeline 90 | Properties: 91 | ArtifactStore: 92 | Location: !Ref 'ArtifactStoreBucket' 93 | Type: S3 94 | DisableInboundStageTransitions: [] 95 | Name: !Ref 'PipelineName' 96 | RoleArn: !GetAtt [PipelineRole, Arn] 97 | Stages: 98 | - Name: S3Source 99 | Actions: 100 | - Name: TemplateSource 101 | ActionTypeId: 102 | Category: Source 103 | Owner: AWS 104 | Provider: S3 105 | Version: '1' 106 | Configuration: 107 | S3Bucket: !Ref 'S3Bucket' 108 | S3ObjectKey: !Ref 'SourceS3Key' 109 | OutputArtifacts: 110 | - Name: TemplateSource 111 | RunOrder: '1' 112 | - Name: TestStage 113 | Actions: 114 | - Name: CreateStack 115 | ActionTypeId: 116 | Category: Deploy 117 | Owner: AWS 118 | Provider: CloudFormation 119 | Version: '1' 120 | InputArtifacts: 121 | - Name: TemplateSource 122 | Configuration: 123 | ActionMode: REPLACE_ON_FAILURE 124 | RoleArn: !GetAtt [CFNRole, Arn] 125 | StackName: !Ref TestStackName 126 | TemplateConfiguration: !Sub "TemplateSource::${TestStackConfig}" 127 | TemplatePath: !Sub "TemplateSource::${TemplateFileName}" 128 | RunOrder: '1' 129 | - Name: ApproveTestStack 130 | ActionTypeId: 131 | Category: Approval 132 | Owner: AWS 133 | Provider: Manual 134 | Version: '1' 135 | Configuration: 136 | NotificationArn: !Ref CodePipelineSNSTopic 137 | CustomData: !Sub 'Do you want to create a change set against the production stack and delete the ${TestStackName} stack?' 138 | RunOrder: '2' 139 | - Name: DeleteTestStack 140 | ActionTypeId: 141 | Category: Deploy 142 | Owner: AWS 143 | Provider: CloudFormation 144 | Version: '1' 145 | Configuration: 146 | ActionMode: DELETE_ONLY 147 | RoleArn: !GetAtt [CFNRole, Arn] 148 | StackName: !Ref TestStackName 149 | RunOrder: '3' 150 | - Name: ProdStage 151 | Actions: 152 | - Name: CreateChangeSet 153 | ActionTypeId: 154 | Category: Deploy 155 | Owner: AWS 156 | Provider: CloudFormation 157 | Version: '1' 158 | InputArtifacts: 159 | - Name: TemplateSource 160 | Configuration: 161 | ActionMode: CHANGE_SET_REPLACE 162 | RoleArn: !GetAtt [CFNRole, Arn] 163 | StackName: !Ref ProdStackName 164 | ChangeSetName: !Ref ChangeSetName 165 | TemplateConfiguration: !Sub "TemplateSource::${ProdStackConfig}" 166 | TemplatePath: !Sub "TemplateSource::${TemplateFileName}" 167 | RunOrder: '1' 168 | - Name: ApproveChangeSet 169 | ActionTypeId: 170 | Category: Approval 171 | Owner: AWS 172 | Provider: Manual 173 | Version: '1' 174 | Configuration: 175 | NotificationArn: !Ref CodePipelineSNSTopic 176 | CustomData: !Sub 'A new change set was created for the ${ProdStackName} stack. Do you want to implement the changes?' 177 | RunOrder: '2' 178 | - Name: ExecuteChangeSet 179 | ActionTypeId: 180 | Category: Deploy 181 | Owner: AWS 182 | Provider: CloudFormation 183 | Version: '1' 184 | Configuration: 185 | ActionMode: CHANGE_SET_EXECUTE 186 | ChangeSetName: !Ref ChangeSetName 187 | RoleArn: !GetAtt [CFNRole, Arn] 188 | StackName: !Ref ProdStackName 189 | RunOrder: '3' 190 | CFNRole: 191 | Type: AWS::IAM::Role 192 | Properties: 193 | AssumeRolePolicyDocument: 194 | Statement: 195 | - Action: ['sts:AssumeRole'] 196 | Effect: Allow 197 | Principal: 198 | Service: [cloudformation.amazonaws.com] 199 | Version: '2012-10-17' 200 | Path: / 201 | Policies: 202 | - PolicyName: CloudFormationRole 203 | PolicyDocument: 204 | Version: '2012-10-17' 205 | Statement: 206 | - Action: 207 | - 'ec2:*' 208 | Effect: Allow 209 | Resource: '*' 210 | 211 | PipelineRole: 212 | Type: AWS::IAM::Role 213 | Properties: 214 | AssumeRolePolicyDocument: 215 | Statement: 216 | - Action: ['sts:AssumeRole'] 217 | Effect: Allow 218 | Principal: 219 | Service: [codepipeline.amazonaws.com] 220 | Version: '2012-10-17' 221 | Path: / 222 | Policies: 223 | - PolicyName: CodePipelineAccess 224 | PolicyDocument: 225 | Version: '2012-10-17' 226 | Statement: 227 | - Action: 228 | - 's3:*' 229 | - 'cloudformation:CreateStack' 230 | - 'cloudformation:DescribeStacks' 231 | - 'cloudformation:DeleteStack' 232 | - 'cloudformation:UpdateStack' 233 | - 'cloudformation:CreateChangeSet' 234 | - 'cloudformation:ExecuteChangeSet' 235 | - 'cloudformation:DeleteChangeSet' 236 | - 'cloudformation:DescribeChangeSet' 237 | - 'cloudformation:SetStackPolicy' 238 | - 'iam:PassRole' 239 | - 'sns:Publish' 240 | Effect: Allow 241 | Resource: '*' -------------------------------------------------------------------------------- /Labs/TemplateAnatomy/Template_Anatomy2.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | This template creates an EC2 instance based on the region and selection of an 4 | AMI ID. It also will create a Security Group. 5 | Parameters: 6 | MySubnet: 7 | Description: My subnet from my VPC 8 | Type: String 9 | Default: subnet-YYYYYYYY 10 | MySG: 11 | Description: My Security Group from my VPC 12 | Type: String 13 | Default: SG-YYYYYYYY 14 | KeyName: 15 | Description: Name of an existing EC2 KeyPair to enable SSH access to the instance 16 | Type: 'AWS::EC2::KeyPair::KeyName' 17 | ConstraintDescription: must be the name of an existing EC2 KeyPair. 18 | InstanceType: 19 | Description: WebServer EC2 instance type 20 | Type: String 21 | Default: t2.small 22 | AllowedValues: 23 | - t1.micro 24 | - t2.nano 25 | - t2.micro 26 | - t2.small 27 | - t2.medium 28 | - t2.large 29 | - t3.micro 30 | - m1.small 31 | - m1.medium 32 | - m1.large 33 | - m1.xlarge 34 | - m2.xlarge 35 | - m2.2xlarge 36 | - m2.4xlarge 37 | - m3.medium 38 | - m3.large 39 | - m3.xlarge 40 | - m3.2xlarge 41 | - m4.large 42 | - m4.xlarge 43 | - m4.2xlarge 44 | - m4.4xlarge 45 | - m4.10xlarge 46 | - c1.medium 47 | - c1.xlarge 48 | - c3.large 49 | - c3.xlarge 50 | - c3.2xlarge 51 | - c3.4xlarge 52 | - c3.8xlarge 53 | - c4.large 54 | - c4.xlarge 55 | - c4.2xlarge 56 | - c4.4xlarge 57 | - c4.8xlarge 58 | - g2.2xlarge 59 | - g2.8xlarge 60 | - r3.large 61 | - r3.xlarge 62 | - r3.2xlarge 63 | - r3.4xlarge 64 | - r3.8xlarge 65 | - i2.xlarge 66 | - i2.2xlarge 67 | - i2.4xlarge 68 | - i2.8xlarge 69 | - d2.xlarge 70 | - d2.2xlarge 71 | - d2.4xlarge 72 | - d2.8xlarge 73 | - hi1.4xlarge 74 | - hs1.8xlarge 75 | - cr1.8xlarge 76 | - cc2.8xlarge 77 | - cg1.4xlarge 78 | ConstraintDescription: must be a valid EC2 instance type. 79 | SSHLocation: 80 | Description: The IP address range that can be used to SSH to the EC2 instances 81 | Type: String 82 | MinLength: '9' 83 | MaxLength: '18' 84 | Default: 0.0.0.0/0 85 | AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' 86 | ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. 87 | Mappings: 88 | AWSInstanceType2Arch: 89 | t1.micro: 90 | Arch: HVM64 91 | t2.nano: 92 | Arch: HVM64 93 | t2.micro: 94 | Arch: HVM64 95 | t2.small: 96 | Arch: HVM64 97 | t2.medium: 98 | Arch: HVM64 99 | t2.large: 100 | Arch: HVM64 101 | t3.micro: 102 | Arch: HVM64 103 | m1.small: 104 | Arch: HVM64 105 | m1.medium: 106 | Arch: HVM64 107 | m1.large: 108 | Arch: HVM64 109 | m1.xlarge: 110 | Arch: HVM64 111 | m2.xlarge: 112 | Arch: HVM64 113 | m2.2xlarge: 114 | Arch: HVM64 115 | m2.4xlarge: 116 | Arch: HVM64 117 | m3.medium: 118 | Arch: HVM64 119 | m3.large: 120 | Arch: HVM64 121 | m3.xlarge: 122 | Arch: HVM64 123 | m3.2xlarge: 124 | Arch: HVM64 125 | m4.large: 126 | Arch: HVM64 127 | m4.xlarge: 128 | Arch: HVM64 129 | m4.2xlarge: 130 | Arch: HVM64 131 | m4.4xlarge: 132 | Arch: HVM64 133 | m4.10xlarge: 134 | Arch: HVM64 135 | c1.medium: 136 | Arch: HVM64 137 | c1.xlarge: 138 | Arch: HVM64 139 | c3.large: 140 | Arch: HVM64 141 | c3.xlarge: 142 | Arch: HVM64 143 | c3.2xlarge: 144 | Arch: HVM64 145 | c3.4xlarge: 146 | Arch: HVM64 147 | c3.8xlarge: 148 | Arch: HVM64 149 | c4.large: 150 | Arch: HVM64 151 | c4.xlarge: 152 | Arch: HVM64 153 | c4.2xlarge: 154 | Arch: HVM64 155 | c4.4xlarge: 156 | Arch: HVM64 157 | c4.8xlarge: 158 | Arch: HVM64 159 | g2.2xlarge: 160 | Arch: HVMG2 161 | g2.8xlarge: 162 | Arch: HVMG2 163 | r3.large: 164 | Arch: HVM64 165 | r3.xlarge: 166 | Arch: HVM64 167 | r3.2xlarge: 168 | Arch: HVM64 169 | r3.4xlarge: 170 | Arch: HVM64 171 | r3.8xlarge: 172 | Arch: HVM64 173 | i2.xlarge: 174 | Arch: HVM64 175 | i2.2xlarge: 176 | Arch: HVM64 177 | i2.4xlarge: 178 | Arch: HVM64 179 | i2.8xlarge: 180 | Arch: HVM64 181 | d2.xlarge: 182 | Arch: HVM64 183 | d2.2xlarge: 184 | Arch: HVM64 185 | d2.4xlarge: 186 | Arch: HVM64 187 | d2.8xlarge: 188 | Arch: HVM64 189 | hi1.4xlarge: 190 | Arch: HVM64 191 | hs1.8xlarge: 192 | Arch: HVM64 193 | cr1.8xlarge: 194 | Arch: HVM64 195 | cc2.8xlarge: 196 | Arch: HVM64 197 | AWSInstanceType2NATArch: 198 | t1.micro: 199 | Arch: NATHVM64 200 | t2.nano: 201 | Arch: NATHVM64 202 | t2.micro: 203 | Arch: NATHVM64 204 | t2.small: 205 | Arch: NATHVM64 206 | t2.medium: 207 | Arch: NATHVM64 208 | t2.large: 209 | Arch: NATHVM64 210 | t3.micro: 211 | Arch: NATHVM64 212 | m1.small: 213 | Arch: NATHVM64 214 | m1.medium: 215 | Arch: NATHVM64 216 | m1.large: 217 | Arch: NATHVM64 218 | m1.xlarge: 219 | Arch: NATHVM64 220 | m2.xlarge: 221 | Arch: NATHVM64 222 | m2.2xlarge: 223 | Arch: NATHVM64 224 | m2.4xlarge: 225 | Arch: NATHVM64 226 | m3.medium: 227 | Arch: NATHVM64 228 | m3.large: 229 | Arch: NATHVM64 230 | m3.xlarge: 231 | Arch: NATHVM64 232 | m3.2xlarge: 233 | Arch: NATHVM64 234 | m4.large: 235 | Arch: NATHVM64 236 | m4.xlarge: 237 | Arch: NATHVM64 238 | m4.2xlarge: 239 | Arch: NATHVM64 240 | m4.4xlarge: 241 | Arch: NATHVM64 242 | m4.10xlarge: 243 | Arch: NATHVM64 244 | c1.medium: 245 | Arch: NATHVM64 246 | c1.xlarge: 247 | Arch: NATHVM64 248 | c3.large: 249 | Arch: NATHVM64 250 | c3.xlarge: 251 | Arch: NATHVM64 252 | c3.2xlarge: 253 | Arch: NATHVM64 254 | c3.4xlarge: 255 | Arch: NATHVM64 256 | c3.8xlarge: 257 | Arch: NATHVM64 258 | c4.large: 259 | Arch: NATHVM64 260 | c4.xlarge: 261 | Arch: NATHVM64 262 | c4.2xlarge: 263 | Arch: NATHVM64 264 | c4.4xlarge: 265 | Arch: NATHVM64 266 | c4.8xlarge: 267 | Arch: NATHVM64 268 | g2.2xlarge: 269 | Arch: NATHVMG2 270 | g2.8xlarge: 271 | Arch: NATHVMG2 272 | r3.large: 273 | Arch: NATHVM64 274 | r3.xlarge: 275 | Arch: NATHVM64 276 | r3.2xlarge: 277 | Arch: NATHVM64 278 | r3.4xlarge: 279 | Arch: NATHVM64 280 | r3.8xlarge: 281 | Arch: NATHVM64 282 | i2.xlarge: 283 | Arch: NATHVM64 284 | i2.2xlarge: 285 | Arch: NATHVM64 286 | i2.4xlarge: 287 | Arch: NATHVM64 288 | i2.8xlarge: 289 | Arch: NATHVM64 290 | d2.xlarge: 291 | Arch: NATHVM64 292 | d2.2xlarge: 293 | Arch: NATHVM64 294 | d2.4xlarge: 295 | Arch: NATHVM64 296 | d2.8xlarge: 297 | Arch: NATHVM64 298 | hi1.4xlarge: 299 | Arch: NATHVM64 300 | hs1.8xlarge: 301 | Arch: NATHVM64 302 | cr1.8xlarge: 303 | Arch: NATHVM64 304 | cc2.8xlarge: 305 | Arch: NATHVM64 306 | AWSRegionArch2AMI: 307 | us-east-1: 308 | HVM64: ami-0beafb294c86717a8 309 | HVMG2: ami-02354e95b39ca8dec 310 | us-west-2: 311 | HVM64: ami-041fcb43d4730cf32 312 | HVMG2: ami-0873b46c45c11058d 313 | us-west-1: 314 | HVM64: ami-0a1ef8665fe122a96 315 | HVMG2: ami-05655c267c89566dd 316 | eu-west-1: 317 | HVM64: ami-06cd7f9c4486344a5 318 | HVMG2: ami-07d9160fa81ccffb5 319 | eu-west-2: 320 | HVM64: ami-01ac84be28584498d 321 | HVMG2: ami-0a13d44dccf1f5cf6 322 | eu-west-3: 323 | HVM64: ami-0a682c61cac068f2f 324 | HVMG2: ami-093fa4c538885becf 325 | eu-central-1: 326 | HVM64: ami-05d403b512bf100eb 327 | HVMG2: ami-0c115dbd34c69a004 328 | eu-north-1: 329 | HVM64: ami-0dd62557e4298551a 330 | HVMG2: ami-039609244d2810a6b 331 | ap-northeast-1: 332 | HVM64: ami-0d1e3062992b86514 333 | HVMG2: ami-0cc75a8978fbbc969 334 | ap-northeast-2: 335 | HVM64: ami-07a28b8671656c8c1 336 | HVMG2: ami-0bd7691bf6470fe9c 337 | ap-northeast-3: 338 | HVM64: ami-0e740663443574970 339 | HVMG2: ami-043bb1ed348aaf857 340 | ap-southeast-1: 341 | HVM64: ami-00c3854c1706a382f 342 | HVMG2: ami-0cd31be676780afa7 343 | ap-southeast-2: 344 | HVM64: ami-09ba19d0563c3d553 345 | HVMG2: ami-0ded330691a314693 346 | ap-south-1: 347 | HVM64: ami-0571d68822206714c 348 | HVMG2: ami-0ebc1ac48dfd14136 349 | us-east-2: 350 | HVM64: ami-0f4665edc97a93bea 351 | HVMG2: ami-07c8bc5c1ce9598c3 352 | ca-central-1: 353 | HVM64: ami-0a7c38a2574890e5c 354 | HVMG2: ami-013d1df4bcea6ba95 355 | sa-east-1: 356 | HVM64: ami-0cd294bc0ed0be0e4 357 | HVMG2: ami-018ccfb6b4745882a 358 | cn-north-1: 359 | HVM64: ami-053617c9d818c1189 360 | HVMG2: NOT_SUPPORTED 361 | cn-northwest-1: 362 | HVM64: ami-0f7937761741dc640 363 | HVMG2: NOT_SUPPORTED 364 | Resources: 365 | EC2Instance: 366 | Type: 'AWS::EC2::Instance' 367 | Properties: 368 | InstanceType: !Ref InstanceType 369 | SubnetId: !Ref MySubnet 370 | SecurityGroupIds: 371 | - !Ref MySG 372 | KeyName: !Ref KeyName 373 | ImageId: !FindInMap 374 | - AWSRegionArch2AMI 375 | - !Ref 'AWS::Region' 376 | - !FindInMap 377 | - AWSInstanceType2Arch 378 | - !Ref InstanceType 379 | - Arch 380 | Outputs: 381 | InstanceId: 382 | Description: InstanceId of the newly created EC2 instance 383 | Value: !Ref EC2Instance 384 | AZ: 385 | Description: Availability Zone of the newly created EC2 instance 386 | Value: !GetAtt 387 | - EC2Instance 388 | - AvailabilityZone 389 | PublicDNS: 390 | Description: Public DNSName of the newly created EC2 instance 391 | Value: !GetAtt 392 | - EC2Instance 393 | - PublicDnsName 394 | PublicIP: 395 | Description: Public IP address of the newly created EC2 instance 396 | Value: !GetAtt 397 | - EC2Instance 398 | - PublicIp 399 | 400 | -------------------------------------------------------------------------------- /1-3 intro to yaml/EC2withSG.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create 4 | an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based 5 | on the region in which the stack is run. This example creates an EC2 security 6 | group for the instance to give you SSH access. **WARNING** This template 7 | creates an Amazon EC2 instance. You will be billed for the AWS resources used 8 | if you create a stack from this template. 9 | Parameters: 10 | KeyName: 11 | Description: Name of an existing EC2 KeyPair to enable SSH access to the instance 12 | Type: 'AWS::EC2::KeyPair::KeyName' 13 | ConstraintDescription: must be the name of an existing EC2 KeyPair. 14 | InstanceType: 15 | Description: WebServer EC2 instance type 16 | Type: String 17 | Default: t2.small 18 | AllowedValues: 19 | - t1.micro 20 | - t2.nano 21 | - t2.micro 22 | - t2.small 23 | - t2.medium 24 | - t2.large 25 | - m1.small 26 | - m1.medium 27 | - m1.large 28 | - m1.xlarge 29 | - m2.xlarge 30 | - m2.2xlarge 31 | - m2.4xlarge 32 | - m3.medium 33 | - m3.large 34 | - m3.xlarge 35 | - m3.2xlarge 36 | - m4.large 37 | - m4.xlarge 38 | - m4.2xlarge 39 | - m4.4xlarge 40 | - m4.10xlarge 41 | - c1.medium 42 | - c1.xlarge 43 | - c3.large 44 | - c3.xlarge 45 | - c3.2xlarge 46 | - c3.4xlarge 47 | - c3.8xlarge 48 | - c4.large 49 | - c4.xlarge 50 | - c4.2xlarge 51 | - c4.4xlarge 52 | - c4.8xlarge 53 | - g2.2xlarge 54 | - g2.8xlarge 55 | - r3.large 56 | - r3.xlarge 57 | - r3.2xlarge 58 | - r3.4xlarge 59 | - r3.8xlarge 60 | - i2.xlarge 61 | - i2.2xlarge 62 | - i2.4xlarge 63 | - i2.8xlarge 64 | - d2.xlarge 65 | - d2.2xlarge 66 | - d2.4xlarge 67 | - d2.8xlarge 68 | - hi1.4xlarge 69 | - hs1.8xlarge 70 | - cr1.8xlarge 71 | - cc2.8xlarge 72 | - cg1.4xlarge 73 | ConstraintDescription: must be a valid EC2 instance type. 74 | SSHLocation: 75 | Description: The IP address range that can be used to SSH to the EC2 instances 76 | Type: String 77 | MinLength: '9' 78 | MaxLength: '18' 79 | Default: 0.0.0.0/0 80 | AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' 81 | ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. 82 | Mappings: 83 | AWSInstanceType2Arch: 84 | t1.micro: 85 | Arch: HVM64 86 | t2.nano: 87 | Arch: HVM64 88 | t2.micro: 89 | Arch: HVM64 90 | t2.small: 91 | Arch: HVM64 92 | t2.medium: 93 | Arch: HVM64 94 | t2.large: 95 | Arch: HVM64 96 | m1.small: 97 | Arch: HVM64 98 | m1.medium: 99 | Arch: HVM64 100 | m1.large: 101 | Arch: HVM64 102 | m1.xlarge: 103 | Arch: HVM64 104 | m2.xlarge: 105 | Arch: HVM64 106 | m2.2xlarge: 107 | Arch: HVM64 108 | m2.4xlarge: 109 | Arch: HVM64 110 | m3.medium: 111 | Arch: HVM64 112 | m3.large: 113 | Arch: HVM64 114 | m3.xlarge: 115 | Arch: HVM64 116 | m3.2xlarge: 117 | Arch: HVM64 118 | m4.large: 119 | Arch: HVM64 120 | m4.xlarge: 121 | Arch: HVM64 122 | m4.2xlarge: 123 | Arch: HVM64 124 | m4.4xlarge: 125 | Arch: HVM64 126 | m4.10xlarge: 127 | Arch: HVM64 128 | c1.medium: 129 | Arch: HVM64 130 | c1.xlarge: 131 | Arch: HVM64 132 | c3.large: 133 | Arch: HVM64 134 | c3.xlarge: 135 | Arch: HVM64 136 | c3.2xlarge: 137 | Arch: HVM64 138 | c3.4xlarge: 139 | Arch: HVM64 140 | c3.8xlarge: 141 | Arch: HVM64 142 | c4.large: 143 | Arch: HVM64 144 | c4.xlarge: 145 | Arch: HVM64 146 | c4.2xlarge: 147 | Arch: HVM64 148 | c4.4xlarge: 149 | Arch: HVM64 150 | c4.8xlarge: 151 | Arch: HVM64 152 | g2.2xlarge: 153 | Arch: HVMG2 154 | g2.8xlarge: 155 | Arch: HVMG2 156 | r3.large: 157 | Arch: HVM64 158 | r3.xlarge: 159 | Arch: HVM64 160 | r3.2xlarge: 161 | Arch: HVM64 162 | r3.4xlarge: 163 | Arch: HVM64 164 | r3.8xlarge: 165 | Arch: HVM64 166 | i2.xlarge: 167 | Arch: HVM64 168 | i2.2xlarge: 169 | Arch: HVM64 170 | i2.4xlarge: 171 | Arch: HVM64 172 | i2.8xlarge: 173 | Arch: HVM64 174 | d2.xlarge: 175 | Arch: HVM64 176 | d2.2xlarge: 177 | Arch: HVM64 178 | d2.4xlarge: 179 | Arch: HVM64 180 | d2.8xlarge: 181 | Arch: HVM64 182 | hi1.4xlarge: 183 | Arch: HVM64 184 | hs1.8xlarge: 185 | Arch: HVM64 186 | cr1.8xlarge: 187 | Arch: HVM64 188 | cc2.8xlarge: 189 | Arch: HVM64 190 | AWSInstanceType2NATArch: 191 | t1.micro: 192 | Arch: NATHVM64 193 | t2.nano: 194 | Arch: NATHVM64 195 | t2.micro: 196 | Arch: NATHVM64 197 | t2.small: 198 | Arch: NATHVM64 199 | t2.medium: 200 | Arch: NATHVM64 201 | t2.large: 202 | Arch: NATHVM64 203 | m1.small: 204 | Arch: NATHVM64 205 | m1.medium: 206 | Arch: NATHVM64 207 | m1.large: 208 | Arch: NATHVM64 209 | m1.xlarge: 210 | Arch: NATHVM64 211 | m2.xlarge: 212 | Arch: NATHVM64 213 | m2.2xlarge: 214 | Arch: NATHVM64 215 | m2.4xlarge: 216 | Arch: NATHVM64 217 | m3.medium: 218 | Arch: NATHVM64 219 | m3.large: 220 | Arch: NATHVM64 221 | m3.xlarge: 222 | Arch: NATHVM64 223 | m3.2xlarge: 224 | Arch: NATHVM64 225 | m4.large: 226 | Arch: NATHVM64 227 | m4.xlarge: 228 | Arch: NATHVM64 229 | m4.2xlarge: 230 | Arch: NATHVM64 231 | m4.4xlarge: 232 | Arch: NATHVM64 233 | m4.10xlarge: 234 | Arch: NATHVM64 235 | c1.medium: 236 | Arch: NATHVM64 237 | c1.xlarge: 238 | Arch: NATHVM64 239 | c3.large: 240 | Arch: NATHVM64 241 | c3.xlarge: 242 | Arch: NATHVM64 243 | c3.2xlarge: 244 | Arch: NATHVM64 245 | c3.4xlarge: 246 | Arch: NATHVM64 247 | c3.8xlarge: 248 | Arch: NATHVM64 249 | c4.large: 250 | Arch: NATHVM64 251 | c4.xlarge: 252 | Arch: NATHVM64 253 | c4.2xlarge: 254 | Arch: NATHVM64 255 | c4.4xlarge: 256 | Arch: NATHVM64 257 | c4.8xlarge: 258 | Arch: NATHVM64 259 | g2.2xlarge: 260 | Arch: NATHVMG2 261 | g2.8xlarge: 262 | Arch: NATHVMG2 263 | r3.large: 264 | Arch: NATHVM64 265 | r3.xlarge: 266 | Arch: NATHVM64 267 | r3.2xlarge: 268 | Arch: NATHVM64 269 | r3.4xlarge: 270 | Arch: NATHVM64 271 | r3.8xlarge: 272 | Arch: NATHVM64 273 | i2.xlarge: 274 | Arch: NATHVM64 275 | i2.2xlarge: 276 | Arch: NATHVM64 277 | i2.4xlarge: 278 | Arch: NATHVM64 279 | i2.8xlarge: 280 | Arch: NATHVM64 281 | d2.xlarge: 282 | Arch: NATHVM64 283 | d2.2xlarge: 284 | Arch: NATHVM64 285 | d2.4xlarge: 286 | Arch: NATHVM64 287 | d2.8xlarge: 288 | Arch: NATHVM64 289 | hi1.4xlarge: 290 | Arch: NATHVM64 291 | hs1.8xlarge: 292 | Arch: NATHVM64 293 | cr1.8xlarge: 294 | Arch: NATHVM64 295 | cc2.8xlarge: 296 | Arch: NATHVM64 297 | AWSRegionArch2AMI: 298 | us-east-1: 299 | HVM64: ami-0080e4c5bc078760e 300 | HVMG2: ami-0aeb704d503081ea6 301 | us-west-2: 302 | HVM64: ami-01e24be29428c15b2 303 | HVMG2: ami-0fe84a5b4563d8f27 304 | us-west-1: 305 | HVM64: ami-0ec6517f6edbf8044 306 | HVMG2: ami-0a7fc72dc0e51aa77 307 | eu-west-1: 308 | HVM64: ami-08935252a36e25f85 309 | HVMG2: ami-0d5299b1c6112c3c7 310 | eu-west-2: 311 | HVM64: ami-01419b804382064e4 312 | HVMG2: NOT_SUPPORTED 313 | eu-west-3: 314 | HVM64: ami-0dd7e7ed60da8fb83 315 | HVMG2: NOT_SUPPORTED 316 | eu-central-1: 317 | HVM64: ami-0cfbf4f6db41068ac 318 | HVMG2: ami-0aa1822e3eb913a11 319 | eu-north-1: 320 | HVM64: ami-86fe70f8 321 | HVMG2: ami-32d55b4c 322 | ap-northeast-1: 323 | HVM64: ami-00a5245b4816c38e6 324 | HVMG2: ami-09d0e0e099ecabba2 325 | ap-northeast-2: 326 | HVM64: ami-00dc207f8ba6dc919 327 | HVMG2: NOT_SUPPORTED 328 | ap-northeast-3: 329 | HVM64: ami-0b65f69a5c11f3522 330 | HVMG2: NOT_SUPPORTED 331 | ap-southeast-1: 332 | HVM64: ami-05b3bcf7f311194b3 333 | HVMG2: ami-0e46ce0d6a87dc979 334 | ap-southeast-2: 335 | HVM64: ami-02fd0b06f06d93dfc 336 | HVMG2: ami-0c0ab057a101d8ff2 337 | ap-south-1: 338 | HVM64: ami-0ad42f4f66f6c1cc9 339 | HVMG2: ami-0244c1d42815af84a 340 | us-east-2: 341 | HVM64: ami-0cd3dfa4e37921605 342 | HVMG2: NOT_SUPPORTED 343 | ca-central-1: 344 | HVM64: ami-07423fb63ea0a0930 345 | HVMG2: NOT_SUPPORTED 346 | sa-east-1: 347 | HVM64: ami-05145e0b28ad8e0b2 348 | HVMG2: NOT_SUPPORTED 349 | cn-north-1: 350 | HVM64: ami-053617c9d818c1189 351 | HVMG2: NOT_SUPPORTED 352 | cn-northwest-1: 353 | HVM64: ami-0f7937761741dc640 354 | HVMG2: NOT_SUPPORTED 355 | Resources: 356 | EC2Instance: 357 | Type: 'AWS::EC2::Instance' 358 | Properties: 359 | InstanceType: !Ref InstanceType 360 | SecurityGroups: 361 | - !Ref InstanceSecurityGroup 362 | KeyName: !Ref KeyName 363 | ImageId: !FindInMap 364 | - AWSRegionArch2AMI 365 | - !Ref 'AWS::Region' 366 | - !FindInMap 367 | - AWSInstanceType2Arch 368 | - !Ref InstanceType 369 | - Arch 370 | InstanceSecurityGroup: 371 | Type: 'AWS::EC2::SecurityGroup' 372 | Properties: 373 | GroupDescription: Enable SSH access via port 22 374 | SecurityGroupIngress: 375 | - IpProtocol: tcp 376 | FromPort: '22' 377 | ToPort: '22' 378 | CidrIp: !Ref SSHLocation 379 | Outputs: 380 | InstanceId: 381 | Description: InstanceId of the newly created EC2 instance 382 | Value: !Ref EC2Instance 383 | AZ: 384 | Description: Availability Zone of the newly created EC2 instance 385 | Value: !GetAtt 386 | - EC2Instance 387 | - AvailabilityZone 388 | PublicDNS: 389 | Description: Public DNSName of the newly created EC2 instance 390 | Value: !GetAtt 391 | - EC2Instance 392 | - PublicDnsName 393 | PublicIP: 394 | Description: Public IP address of the newly created EC2 instance 395 | Value: !GetAtt 396 | - EC2Instance 397 | - PublicIp 398 | -------------------------------------------------------------------------------- /3-1-StacksIntro/EC2withSG.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create 4 | an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based 5 | on the region in which the stack is run. This example creates an EC2 security 6 | group for the instance to give you SSH access. **WARNING** This template 7 | creates an Amazon EC2 instance. You will be billed for the AWS resources used 8 | if you create a stack from this template. 9 | Parameters: 10 | KeyName: 11 | Description: Name of an existing EC2 KeyPair to enable SSH access to the instance 12 | Type: 'AWS::EC2::KeyPair::KeyName' 13 | ConstraintDescription: must be the name of an existing EC2 KeyPair. 14 | InstanceType: 15 | Description: WebServer EC2 instance type 16 | Type: String 17 | Default: t2.small 18 | AllowedValues: 19 | - t1.micro 20 | - t2.nano 21 | - t2.micro 22 | - t2.small 23 | - t2.medium 24 | - t2.large 25 | - m1.small 26 | - m1.medium 27 | - m1.large 28 | - m1.xlarge 29 | - m2.xlarge 30 | - m2.2xlarge 31 | - m2.4xlarge 32 | - m3.medium 33 | - m3.large 34 | - m3.xlarge 35 | - m3.2xlarge 36 | - m4.large 37 | - m4.xlarge 38 | - m4.2xlarge 39 | - m4.4xlarge 40 | - m4.10xlarge 41 | - c1.medium 42 | - c1.xlarge 43 | - c3.large 44 | - c3.xlarge 45 | - c3.2xlarge 46 | - c3.4xlarge 47 | - c3.8xlarge 48 | - c4.large 49 | - c4.xlarge 50 | - c4.2xlarge 51 | - c4.4xlarge 52 | - c4.8xlarge 53 | - g2.2xlarge 54 | - g2.8xlarge 55 | - r3.large 56 | - r3.xlarge 57 | - r3.2xlarge 58 | - r3.4xlarge 59 | - r3.8xlarge 60 | - i2.xlarge 61 | - i2.2xlarge 62 | - i2.4xlarge 63 | - i2.8xlarge 64 | - d2.xlarge 65 | - d2.2xlarge 66 | - d2.4xlarge 67 | - d2.8xlarge 68 | - hi1.4xlarge 69 | - hs1.8xlarge 70 | - cr1.8xlarge 71 | - cc2.8xlarge 72 | - cg1.4xlarge 73 | ConstraintDescription: must be a valid EC2 instance type. 74 | SSHLocation: 75 | Description: The IP address range that can be used to SSH to the EC2 instances 76 | Type: String 77 | MinLength: '9' 78 | MaxLength: '18' 79 | Default: 0.0.0.0/0 80 | AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' 81 | ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. 82 | Mappings: 83 | AWSInstanceType2Arch: 84 | t1.micro: 85 | Arch: HVM64 86 | t2.nano: 87 | Arch: HVM64 88 | t2.micro: 89 | Arch: HVM64 90 | t2.small: 91 | Arch: HVM64 92 | t2.medium: 93 | Arch: HVM64 94 | t2.large: 95 | Arch: HVM64 96 | m1.small: 97 | Arch: HVM64 98 | m1.medium: 99 | Arch: HVM64 100 | m1.large: 101 | Arch: HVM64 102 | m1.xlarge: 103 | Arch: HVM64 104 | m2.xlarge: 105 | Arch: HVM64 106 | m2.2xlarge: 107 | Arch: HVM64 108 | m2.4xlarge: 109 | Arch: HVM64 110 | m3.medium: 111 | Arch: HVM64 112 | m3.large: 113 | Arch: HVM64 114 | m3.xlarge: 115 | Arch: HVM64 116 | m3.2xlarge: 117 | Arch: HVM64 118 | m4.large: 119 | Arch: HVM64 120 | m4.xlarge: 121 | Arch: HVM64 122 | m4.2xlarge: 123 | Arch: HVM64 124 | m4.4xlarge: 125 | Arch: HVM64 126 | m4.10xlarge: 127 | Arch: HVM64 128 | c1.medium: 129 | Arch: HVM64 130 | c1.xlarge: 131 | Arch: HVM64 132 | c3.large: 133 | Arch: HVM64 134 | c3.xlarge: 135 | Arch: HVM64 136 | c3.2xlarge: 137 | Arch: HVM64 138 | c3.4xlarge: 139 | Arch: HVM64 140 | c3.8xlarge: 141 | Arch: HVM64 142 | c4.large: 143 | Arch: HVM64 144 | c4.xlarge: 145 | Arch: HVM64 146 | c4.2xlarge: 147 | Arch: HVM64 148 | c4.4xlarge: 149 | Arch: HVM64 150 | c4.8xlarge: 151 | Arch: HVM64 152 | g2.2xlarge: 153 | Arch: HVMG2 154 | g2.8xlarge: 155 | Arch: HVMG2 156 | r3.large: 157 | Arch: HVM64 158 | r3.xlarge: 159 | Arch: HVM64 160 | r3.2xlarge: 161 | Arch: HVM64 162 | r3.4xlarge: 163 | Arch: HVM64 164 | r3.8xlarge: 165 | Arch: HVM64 166 | i2.xlarge: 167 | Arch: HVM64 168 | i2.2xlarge: 169 | Arch: HVM64 170 | i2.4xlarge: 171 | Arch: HVM64 172 | i2.8xlarge: 173 | Arch: HVM64 174 | d2.xlarge: 175 | Arch: HVM64 176 | d2.2xlarge: 177 | Arch: HVM64 178 | d2.4xlarge: 179 | Arch: HVM64 180 | d2.8xlarge: 181 | Arch: HVM64 182 | hi1.4xlarge: 183 | Arch: HVM64 184 | hs1.8xlarge: 185 | Arch: HVM64 186 | cr1.8xlarge: 187 | Arch: HVM64 188 | cc2.8xlarge: 189 | Arch: HVM64 190 | AWSInstanceType2NATArch: 191 | t1.micro: 192 | Arch: NATHVM64 193 | t2.nano: 194 | Arch: NATHVM64 195 | t2.micro: 196 | Arch: NATHVM64 197 | t2.small: 198 | Arch: NATHVM64 199 | t2.medium: 200 | Arch: NATHVM64 201 | t2.large: 202 | Arch: NATHVM64 203 | m1.small: 204 | Arch: NATHVM64 205 | m1.medium: 206 | Arch: NATHVM64 207 | m1.large: 208 | Arch: NATHVM64 209 | m1.xlarge: 210 | Arch: NATHVM64 211 | m2.xlarge: 212 | Arch: NATHVM64 213 | m2.2xlarge: 214 | Arch: NATHVM64 215 | m2.4xlarge: 216 | Arch: NATHVM64 217 | m3.medium: 218 | Arch: NATHVM64 219 | m3.large: 220 | Arch: NATHVM64 221 | m3.xlarge: 222 | Arch: NATHVM64 223 | m3.2xlarge: 224 | Arch: NATHVM64 225 | m4.large: 226 | Arch: NATHVM64 227 | m4.xlarge: 228 | Arch: NATHVM64 229 | m4.2xlarge: 230 | Arch: NATHVM64 231 | m4.4xlarge: 232 | Arch: NATHVM64 233 | m4.10xlarge: 234 | Arch: NATHVM64 235 | c1.medium: 236 | Arch: NATHVM64 237 | c1.xlarge: 238 | Arch: NATHVM64 239 | c3.large: 240 | Arch: NATHVM64 241 | c3.xlarge: 242 | Arch: NATHVM64 243 | c3.2xlarge: 244 | Arch: NATHVM64 245 | c3.4xlarge: 246 | Arch: NATHVM64 247 | c3.8xlarge: 248 | Arch: NATHVM64 249 | c4.large: 250 | Arch: NATHVM64 251 | c4.xlarge: 252 | Arch: NATHVM64 253 | c4.2xlarge: 254 | Arch: NATHVM64 255 | c4.4xlarge: 256 | Arch: NATHVM64 257 | c4.8xlarge: 258 | Arch: NATHVM64 259 | g2.2xlarge: 260 | Arch: NATHVMG2 261 | g2.8xlarge: 262 | Arch: NATHVMG2 263 | r3.large: 264 | Arch: NATHVM64 265 | r3.xlarge: 266 | Arch: NATHVM64 267 | r3.2xlarge: 268 | Arch: NATHVM64 269 | r3.4xlarge: 270 | Arch: NATHVM64 271 | r3.8xlarge: 272 | Arch: NATHVM64 273 | i2.xlarge: 274 | Arch: NATHVM64 275 | i2.2xlarge: 276 | Arch: NATHVM64 277 | i2.4xlarge: 278 | Arch: NATHVM64 279 | i2.8xlarge: 280 | Arch: NATHVM64 281 | d2.xlarge: 282 | Arch: NATHVM64 283 | d2.2xlarge: 284 | Arch: NATHVM64 285 | d2.4xlarge: 286 | Arch: NATHVM64 287 | d2.8xlarge: 288 | Arch: NATHVM64 289 | hi1.4xlarge: 290 | Arch: NATHVM64 291 | hs1.8xlarge: 292 | Arch: NATHVM64 293 | cr1.8xlarge: 294 | Arch: NATHVM64 295 | cc2.8xlarge: 296 | Arch: NATHVM64 297 | AWSRegionArch2AMI: 298 | us-east-1: 299 | HVM64: ami-0080e4c5bc078760e 300 | HVMG2: ami-0aeb704d503081ea6 301 | us-west-2: 302 | HVM64: ami-01e24be29428c15b2 303 | HVMG2: ami-0fe84a5b4563d8f27 304 | us-west-1: 305 | HVM64: ami-0ec6517f6edbf8044 306 | HVMG2: ami-0a7fc72dc0e51aa77 307 | eu-west-1: 308 | HVM64: ami-08935252a36e25f85 309 | HVMG2: ami-0d5299b1c6112c3c7 310 | eu-west-2: 311 | HVM64: ami-01419b804382064e4 312 | HVMG2: NOT_SUPPORTED 313 | eu-west-3: 314 | HVM64: ami-0dd7e7ed60da8fb83 315 | HVMG2: NOT_SUPPORTED 316 | eu-central-1: 317 | HVM64: ami-0cfbf4f6db41068ac 318 | HVMG2: ami-0aa1822e3eb913a11 319 | eu-north-1: 320 | HVM64: ami-86fe70f8 321 | HVMG2: ami-32d55b4c 322 | ap-northeast-1: 323 | HVM64: ami-00a5245b4816c38e6 324 | HVMG2: ami-09d0e0e099ecabba2 325 | ap-northeast-2: 326 | HVM64: ami-00dc207f8ba6dc919 327 | HVMG2: NOT_SUPPORTED 328 | ap-northeast-3: 329 | HVM64: ami-0b65f69a5c11f3522 330 | HVMG2: NOT_SUPPORTED 331 | ap-southeast-1: 332 | HVM64: ami-05b3bcf7f311194b3 333 | HVMG2: ami-0e46ce0d6a87dc979 334 | ap-southeast-2: 335 | HVM64: ami-02fd0b06f06d93dfc 336 | HVMG2: ami-0c0ab057a101d8ff2 337 | ap-south-1: 338 | HVM64: ami-0ad42f4f66f6c1cc9 339 | HVMG2: ami-0244c1d42815af84a 340 | us-east-2: 341 | HVM64: ami-0cd3dfa4e37921605 342 | HVMG2: NOT_SUPPORTED 343 | ca-central-1: 344 | HVM64: ami-07423fb63ea0a0930 345 | HVMG2: NOT_SUPPORTED 346 | sa-east-1: 347 | HVM64: ami-05145e0b28ad8e0b2 348 | HVMG2: NOT_SUPPORTED 349 | cn-north-1: 350 | HVM64: ami-053617c9d818c1189 351 | HVMG2: NOT_SUPPORTED 352 | cn-northwest-1: 353 | HVM64: ami-0f7937761741dc640 354 | HVMG2: NOT_SUPPORTED 355 | Resources: 356 | EC2Instance: 357 | Type: 'AWS::EC2::Instance' 358 | Properties: 359 | InstanceType: !Ref InstanceType 360 | SecurityGroups: 361 | - !Ref InstanceSecurityGroup 362 | KeyName: !Ref KeyName 363 | ImageId: !FindInMap 364 | - AWSRegionArch2AMI 365 | - !Ref 'AWS::Region' 366 | - !FindInMap 367 | - AWSInstanceType2Arch 368 | - !Ref InstanceType 369 | - Arch 370 | InstanceSecurityGroup: 371 | Type: 'AWS::EC2::SecurityGroup' 372 | Properties: 373 | GroupDescription: Enable SSH access via port 22 374 | SecurityGroupIngress: 375 | - IpProtocol: tcp 376 | FromPort: '22' 377 | ToPort: '22' 378 | CidrIp: !Ref SSHLocation 379 | Outputs: 380 | InstanceId: 381 | Description: InstanceId of the newly created EC2 instance 382 | Value: !Ref EC2Instance 383 | AZ: 384 | Description: Availability Zone of the newly created EC2 instance 385 | Value: !GetAtt 386 | - EC2Instance 387 | - AvailabilityZone 388 | PublicDNS: 389 | Description: Public DNSName of the newly created EC2 instance 390 | Value: !GetAtt 391 | - EC2Instance 392 | - PublicDnsName 393 | PublicIP: 394 | Description: Public IP address of the newly created EC2 instance 395 | Value: !GetAtt 396 | - EC2Instance 397 | - PublicIp 398 | -------------------------------------------------------------------------------- /3-3 Protecting Stacks/EC2withSG.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | Description: >- 3 | AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create 4 | an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based 5 | on the region in which the stack is run. This example creates an EC2 security 6 | group for the instance to give you SSH access. **WARNING** This template 7 | creates an Amazon EC2 instance. You will be billed for the AWS resources used 8 | if you create a stack from this template. 9 | Parameters: 10 | KeyName: 11 | Description: Name of an existing EC2 KeyPair to enable SSH access to the instance 12 | Type: 'AWS::EC2::KeyPair::KeyName' 13 | ConstraintDescription: must be the name of an existing EC2 KeyPair. 14 | InstanceType: 15 | Description: WebServer EC2 instance type 16 | Type: String 17 | Default: t2.small 18 | AllowedValues: 19 | - t1.micro 20 | - t2.nano 21 | - t2.micro 22 | - t2.small 23 | - t2.medium 24 | - t2.large 25 | - m1.small 26 | - m1.medium 27 | - m1.large 28 | - m1.xlarge 29 | - m2.xlarge 30 | - m2.2xlarge 31 | - m2.4xlarge 32 | - m3.medium 33 | - m3.large 34 | - m3.xlarge 35 | - m3.2xlarge 36 | - m4.large 37 | - m4.xlarge 38 | - m4.2xlarge 39 | - m4.4xlarge 40 | - m4.10xlarge 41 | - c1.medium 42 | - c1.xlarge 43 | - c3.large 44 | - c3.xlarge 45 | - c3.2xlarge 46 | - c3.4xlarge 47 | - c3.8xlarge 48 | - c4.large 49 | - c4.xlarge 50 | - c4.2xlarge 51 | - c4.4xlarge 52 | - c4.8xlarge 53 | - g2.2xlarge 54 | - g2.8xlarge 55 | - r3.large 56 | - r3.xlarge 57 | - r3.2xlarge 58 | - r3.4xlarge 59 | - r3.8xlarge 60 | - i2.xlarge 61 | - i2.2xlarge 62 | - i2.4xlarge 63 | - i2.8xlarge 64 | - d2.xlarge 65 | - d2.2xlarge 66 | - d2.4xlarge 67 | - d2.8xlarge 68 | - hi1.4xlarge 69 | - hs1.8xlarge 70 | - cr1.8xlarge 71 | - cc2.8xlarge 72 | - cg1.4xlarge 73 | ConstraintDescription: must be a valid EC2 instance type. 74 | SSHLocation: 75 | Description: The IP address range that can be used to SSH to the EC2 instances 76 | Type: String 77 | MinLength: '9' 78 | MaxLength: '18' 79 | Default: 0.0.0.0/0 80 | AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' 81 | ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. 82 | Mappings: 83 | AWSInstanceType2Arch: 84 | t1.micro: 85 | Arch: HVM64 86 | t2.nano: 87 | Arch: HVM64 88 | t2.micro: 89 | Arch: HVM64 90 | t2.small: 91 | Arch: HVM64 92 | t2.medium: 93 | Arch: HVM64 94 | t2.large: 95 | Arch: HVM64 96 | m1.small: 97 | Arch: HVM64 98 | m1.medium: 99 | Arch: HVM64 100 | m1.large: 101 | Arch: HVM64 102 | m1.xlarge: 103 | Arch: HVM64 104 | m2.xlarge: 105 | Arch: HVM64 106 | m2.2xlarge: 107 | Arch: HVM64 108 | m2.4xlarge: 109 | Arch: HVM64 110 | m3.medium: 111 | Arch: HVM64 112 | m3.large: 113 | Arch: HVM64 114 | m3.xlarge: 115 | Arch: HVM64 116 | m3.2xlarge: 117 | Arch: HVM64 118 | m4.large: 119 | Arch: HVM64 120 | m4.xlarge: 121 | Arch: HVM64 122 | m4.2xlarge: 123 | Arch: HVM64 124 | m4.4xlarge: 125 | Arch: HVM64 126 | m4.10xlarge: 127 | Arch: HVM64 128 | c1.medium: 129 | Arch: HVM64 130 | c1.xlarge: 131 | Arch: HVM64 132 | c3.large: 133 | Arch: HVM64 134 | c3.xlarge: 135 | Arch: HVM64 136 | c3.2xlarge: 137 | Arch: HVM64 138 | c3.4xlarge: 139 | Arch: HVM64 140 | c3.8xlarge: 141 | Arch: HVM64 142 | c4.large: 143 | Arch: HVM64 144 | c4.xlarge: 145 | Arch: HVM64 146 | c4.2xlarge: 147 | Arch: HVM64 148 | c4.4xlarge: 149 | Arch: HVM64 150 | c4.8xlarge: 151 | Arch: HVM64 152 | g2.2xlarge: 153 | Arch: HVMG2 154 | g2.8xlarge: 155 | Arch: HVMG2 156 | r3.large: 157 | Arch: HVM64 158 | r3.xlarge: 159 | Arch: HVM64 160 | r3.2xlarge: 161 | Arch: HVM64 162 | r3.4xlarge: 163 | Arch: HVM64 164 | r3.8xlarge: 165 | Arch: HVM64 166 | i2.xlarge: 167 | Arch: HVM64 168 | i2.2xlarge: 169 | Arch: HVM64 170 | i2.4xlarge: 171 | Arch: HVM64 172 | i2.8xlarge: 173 | Arch: HVM64 174 | d2.xlarge: 175 | Arch: HVM64 176 | d2.2xlarge: 177 | Arch: HVM64 178 | d2.4xlarge: 179 | Arch: HVM64 180 | d2.8xlarge: 181 | Arch: HVM64 182 | hi1.4xlarge: 183 | Arch: HVM64 184 | hs1.8xlarge: 185 | Arch: HVM64 186 | cr1.8xlarge: 187 | Arch: HVM64 188 | cc2.8xlarge: 189 | Arch: HVM64 190 | AWSInstanceType2NATArch: 191 | t1.micro: 192 | Arch: NATHVM64 193 | t2.nano: 194 | Arch: NATHVM64 195 | t2.micro: 196 | Arch: NATHVM64 197 | t2.small: 198 | Arch: NATHVM64 199 | t2.medium: 200 | Arch: NATHVM64 201 | t2.large: 202 | Arch: NATHVM64 203 | m1.small: 204 | Arch: NATHVM64 205 | m1.medium: 206 | Arch: NATHVM64 207 | m1.large: 208 | Arch: NATHVM64 209 | m1.xlarge: 210 | Arch: NATHVM64 211 | m2.xlarge: 212 | Arch: NATHVM64 213 | m2.2xlarge: 214 | Arch: NATHVM64 215 | m2.4xlarge: 216 | Arch: NATHVM64 217 | m3.medium: 218 | Arch: NATHVM64 219 | m3.large: 220 | Arch: NATHVM64 221 | m3.xlarge: 222 | Arch: NATHVM64 223 | m3.2xlarge: 224 | Arch: NATHVM64 225 | m4.large: 226 | Arch: NATHVM64 227 | m4.xlarge: 228 | Arch: NATHVM64 229 | m4.2xlarge: 230 | Arch: NATHVM64 231 | m4.4xlarge: 232 | Arch: NATHVM64 233 | m4.10xlarge: 234 | Arch: NATHVM64 235 | c1.medium: 236 | Arch: NATHVM64 237 | c1.xlarge: 238 | Arch: NATHVM64 239 | c3.large: 240 | Arch: NATHVM64 241 | c3.xlarge: 242 | Arch: NATHVM64 243 | c3.2xlarge: 244 | Arch: NATHVM64 245 | c3.4xlarge: 246 | Arch: NATHVM64 247 | c3.8xlarge: 248 | Arch: NATHVM64 249 | c4.large: 250 | Arch: NATHVM64 251 | c4.xlarge: 252 | Arch: NATHVM64 253 | c4.2xlarge: 254 | Arch: NATHVM64 255 | c4.4xlarge: 256 | Arch: NATHVM64 257 | c4.8xlarge: 258 | Arch: NATHVM64 259 | g2.2xlarge: 260 | Arch: NATHVMG2 261 | g2.8xlarge: 262 | Arch: NATHVMG2 263 | r3.large: 264 | Arch: NATHVM64 265 | r3.xlarge: 266 | Arch: NATHVM64 267 | r3.2xlarge: 268 | Arch: NATHVM64 269 | r3.4xlarge: 270 | Arch: NATHVM64 271 | r3.8xlarge: 272 | Arch: NATHVM64 273 | i2.xlarge: 274 | Arch: NATHVM64 275 | i2.2xlarge: 276 | Arch: NATHVM64 277 | i2.4xlarge: 278 | Arch: NATHVM64 279 | i2.8xlarge: 280 | Arch: NATHVM64 281 | d2.xlarge: 282 | Arch: NATHVM64 283 | d2.2xlarge: 284 | Arch: NATHVM64 285 | d2.4xlarge: 286 | Arch: NATHVM64 287 | d2.8xlarge: 288 | Arch: NATHVM64 289 | hi1.4xlarge: 290 | Arch: NATHVM64 291 | hs1.8xlarge: 292 | Arch: NATHVM64 293 | cr1.8xlarge: 294 | Arch: NATHVM64 295 | cc2.8xlarge: 296 | Arch: NATHVM64 297 | AWSRegionArch2AMI: 298 | us-east-1: 299 | HVM64: ami-0080e4c5bc078760e 300 | HVMG2: ami-0aeb704d503081ea6 301 | us-west-2: 302 | HVM64: ami-01e24be29428c15b2 303 | HVMG2: ami-0fe84a5b4563d8f27 304 | us-west-1: 305 | HVM64: ami-0ec6517f6edbf8044 306 | HVMG2: ami-0a7fc72dc0e51aa77 307 | eu-west-1: 308 | HVM64: ami-08935252a36e25f85 309 | HVMG2: ami-0d5299b1c6112c3c7 310 | eu-west-2: 311 | HVM64: ami-01419b804382064e4 312 | HVMG2: NOT_SUPPORTED 313 | eu-west-3: 314 | HVM64: ami-0dd7e7ed60da8fb83 315 | HVMG2: NOT_SUPPORTED 316 | eu-central-1: 317 | HVM64: ami-0cfbf4f6db41068ac 318 | HVMG2: ami-0aa1822e3eb913a11 319 | eu-north-1: 320 | HVM64: ami-86fe70f8 321 | HVMG2: ami-32d55b4c 322 | ap-northeast-1: 323 | HVM64: ami-00a5245b4816c38e6 324 | HVMG2: ami-09d0e0e099ecabba2 325 | ap-northeast-2: 326 | HVM64: ami-00dc207f8ba6dc919 327 | HVMG2: NOT_SUPPORTED 328 | ap-northeast-3: 329 | HVM64: ami-0b65f69a5c11f3522 330 | HVMG2: NOT_SUPPORTED 331 | ap-southeast-1: 332 | HVM64: ami-05b3bcf7f311194b3 333 | HVMG2: ami-0e46ce0d6a87dc979 334 | ap-southeast-2: 335 | HVM64: ami-02fd0b06f06d93dfc 336 | HVMG2: ami-0c0ab057a101d8ff2 337 | ap-south-1: 338 | HVM64: ami-0ad42f4f66f6c1cc9 339 | HVMG2: ami-0244c1d42815af84a 340 | us-east-2: 341 | HVM64: ami-0cd3dfa4e37921605 342 | HVMG2: NOT_SUPPORTED 343 | ca-central-1: 344 | HVM64: ami-07423fb63ea0a0930 345 | HVMG2: NOT_SUPPORTED 346 | sa-east-1: 347 | HVM64: ami-05145e0b28ad8e0b2 348 | HVMG2: NOT_SUPPORTED 349 | cn-north-1: 350 | HVM64: ami-053617c9d818c1189 351 | HVMG2: NOT_SUPPORTED 352 | cn-northwest-1: 353 | HVM64: ami-0f7937761741dc640 354 | HVMG2: NOT_SUPPORTED 355 | Resources: 356 | EC2Instance: 357 | Type: 'AWS::EC2::Instance' 358 | Properties: 359 | InstanceType: !Ref InstanceType 360 | SecurityGroups: 361 | - !Ref InstanceSecurityGroup 362 | KeyName: !Ref KeyName 363 | ImageId: !FindInMap 364 | - AWSRegionArch2AMI 365 | - !Ref 'AWS::Region' 366 | - !FindInMap 367 | - AWSInstanceType2Arch 368 | - !Ref InstanceType 369 | - Arch 370 | InstanceSecurityGroup: 371 | Type: 'AWS::EC2::SecurityGroup' 372 | Properties: 373 | GroupDescription: Enable SSH access via port 22 374 | SecurityGroupIngress: 375 | - IpProtocol: tcp 376 | FromPort: '22' 377 | ToPort: '22' 378 | CidrIp: !Ref SSHLocation 379 | Outputs: 380 | InstanceId: 381 | Description: InstanceId of the newly created EC2 instance 382 | Value: !Ref EC2Instance 383 | AZ: 384 | Description: Availability Zone of the newly created EC2 instance 385 | Value: !GetAtt 386 | - EC2Instance 387 | - AvailabilityZone 388 | PublicDNS: 389 | Description: Public DNSName of the newly created EC2 instance 390 | Value: !GetAtt 391 | - EC2Instance 392 | - PublicDnsName 393 | PublicIP: 394 | Description: Public IP address of the newly created EC2 instance 395 | Value: !GetAtt 396 | - EC2Instance 397 | - PublicIp 398 | -------------------------------------------------------------------------------- /1-1 CF Essentials/EC2withSG.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example creates an EC2 security group for the instance to give you SSH access. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters" : { 7 | "KeyName": { 8 | "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", 9 | "Type": "AWS::EC2::KeyPair::KeyName", 10 | "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." 11 | }, 12 | 13 | "InstanceType" : { 14 | "Description" : "WebServer EC2 instance type", 15 | "Type" : "String", 16 | "Default" : "t2.small", 17 | "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"] 18 | , 19 | "ConstraintDescription" : "must be a valid EC2 instance type." 20 | }, 21 | 22 | "SSHLocation" : { 23 | "Description" : "The IP address range that can be used to SSH to the EC2 instances", 24 | "Type": "String", 25 | "MinLength": "9", 26 | "MaxLength": "18", 27 | "Default": "0.0.0.0/0", 28 | "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", 29 | "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." 30 | } 31 | }, 32 | 33 | "Mappings" : { 34 | "AWSInstanceType2Arch" : { 35 | "t1.micro" : { "Arch" : "HVM64" }, 36 | "t2.nano" : { "Arch" : "HVM64" }, 37 | "t2.micro" : { "Arch" : "HVM64" }, 38 | "t2.small" : { "Arch" : "HVM64" }, 39 | "t2.medium" : { "Arch" : "HVM64" }, 40 | "t2.large" : { "Arch" : "HVM64" }, 41 | "m1.small" : { "Arch" : "HVM64" }, 42 | "m1.medium" : { "Arch" : "HVM64" }, 43 | "m1.large" : { "Arch" : "HVM64" }, 44 | "m1.xlarge" : { "Arch" : "HVM64" }, 45 | "m2.xlarge" : { "Arch" : "HVM64" }, 46 | "m2.2xlarge" : { "Arch" : "HVM64" }, 47 | "m2.4xlarge" : { "Arch" : "HVM64" }, 48 | "m3.medium" : { "Arch" : "HVM64" }, 49 | "m3.large" : { "Arch" : "HVM64" }, 50 | "m3.xlarge" : { "Arch" : "HVM64" }, 51 | "m3.2xlarge" : { "Arch" : "HVM64" }, 52 | "m4.large" : { "Arch" : "HVM64" }, 53 | "m4.xlarge" : { "Arch" : "HVM64" }, 54 | "m4.2xlarge" : { "Arch" : "HVM64" }, 55 | "m4.4xlarge" : { "Arch" : "HVM64" }, 56 | "m4.10xlarge" : { "Arch" : "HVM64" }, 57 | "c1.medium" : { "Arch" : "HVM64" }, 58 | "c1.xlarge" : { "Arch" : "HVM64" }, 59 | "c3.large" : { "Arch" : "HVM64" }, 60 | "c3.xlarge" : { "Arch" : "HVM64" }, 61 | "c3.2xlarge" : { "Arch" : "HVM64" }, 62 | "c3.4xlarge" : { "Arch" : "HVM64" }, 63 | "c3.8xlarge" : { "Arch" : "HVM64" }, 64 | "c4.large" : { "Arch" : "HVM64" }, 65 | "c4.xlarge" : { "Arch" : "HVM64" }, 66 | "c4.2xlarge" : { "Arch" : "HVM64" }, 67 | "c4.4xlarge" : { "Arch" : "HVM64" }, 68 | "c4.8xlarge" : { "Arch" : "HVM64" }, 69 | "g2.2xlarge" : { "Arch" : "HVMG2" }, 70 | "g2.8xlarge" : { "Arch" : "HVMG2" }, 71 | "r3.large" : { "Arch" : "HVM64" }, 72 | "r3.xlarge" : { "Arch" : "HVM64" }, 73 | "r3.2xlarge" : { "Arch" : "HVM64" }, 74 | "r3.4xlarge" : { "Arch" : "HVM64" }, 75 | "r3.8xlarge" : { "Arch" : "HVM64" }, 76 | "i2.xlarge" : { "Arch" : "HVM64" }, 77 | "i2.2xlarge" : { "Arch" : "HVM64" }, 78 | "i2.4xlarge" : { "Arch" : "HVM64" }, 79 | "i2.8xlarge" : { "Arch" : "HVM64" }, 80 | "d2.xlarge" : { "Arch" : "HVM64" }, 81 | "d2.2xlarge" : { "Arch" : "HVM64" }, 82 | "d2.4xlarge" : { "Arch" : "HVM64" }, 83 | "d2.8xlarge" : { "Arch" : "HVM64" }, 84 | "hi1.4xlarge" : { "Arch" : "HVM64" }, 85 | "hs1.8xlarge" : { "Arch" : "HVM64" }, 86 | "cr1.8xlarge" : { "Arch" : "HVM64" }, 87 | "cc2.8xlarge" : { "Arch" : "HVM64" } 88 | }, 89 | 90 | "AWSInstanceType2NATArch" : { 91 | "t1.micro" : { "Arch" : "NATHVM64" }, 92 | "t2.nano" : { "Arch" : "NATHVM64" }, 93 | "t2.micro" : { "Arch" : "NATHVM64" }, 94 | "t2.small" : { "Arch" : "NATHVM64" }, 95 | "t2.medium" : { "Arch" : "NATHVM64" }, 96 | "t2.large" : { "Arch" : "NATHVM64" }, 97 | "m1.small" : { "Arch" : "NATHVM64" }, 98 | "m1.medium" : { "Arch" : "NATHVM64" }, 99 | "m1.large" : { "Arch" : "NATHVM64" }, 100 | "m1.xlarge" : { "Arch" : "NATHVM64" }, 101 | "m2.xlarge" : { "Arch" : "NATHVM64" }, 102 | "m2.2xlarge" : { "Arch" : "NATHVM64" }, 103 | "m2.4xlarge" : { "Arch" : "NATHVM64" }, 104 | "m3.medium" : { "Arch" : "NATHVM64" }, 105 | "m3.large" : { "Arch" : "NATHVM64" }, 106 | "m3.xlarge" : { "Arch" : "NATHVM64" }, 107 | "m3.2xlarge" : { "Arch" : "NATHVM64" }, 108 | "m4.large" : { "Arch" : "NATHVM64" }, 109 | "m4.xlarge" : { "Arch" : "NATHVM64" }, 110 | "m4.2xlarge" : { "Arch" : "NATHVM64" }, 111 | "m4.4xlarge" : { "Arch" : "NATHVM64" }, 112 | "m4.10xlarge" : { "Arch" : "NATHVM64" }, 113 | "c1.medium" : { "Arch" : "NATHVM64" }, 114 | "c1.xlarge" : { "Arch" : "NATHVM64" }, 115 | "c3.large" : { "Arch" : "NATHVM64" }, 116 | "c3.xlarge" : { "Arch" : "NATHVM64" }, 117 | "c3.2xlarge" : { "Arch" : "NATHVM64" }, 118 | "c3.4xlarge" : { "Arch" : "NATHVM64" }, 119 | "c3.8xlarge" : { "Arch" : "NATHVM64" }, 120 | "c4.large" : { "Arch" : "NATHVM64" }, 121 | "c4.xlarge" : { "Arch" : "NATHVM64" }, 122 | "c4.2xlarge" : { "Arch" : "NATHVM64" }, 123 | "c4.4xlarge" : { "Arch" : "NATHVM64" }, 124 | "c4.8xlarge" : { "Arch" : "NATHVM64" }, 125 | "g2.2xlarge" : { "Arch" : "NATHVMG2" }, 126 | "g2.8xlarge" : { "Arch" : "NATHVMG2" }, 127 | "r3.large" : { "Arch" : "NATHVM64" }, 128 | "r3.xlarge" : { "Arch" : "NATHVM64" }, 129 | "r3.2xlarge" : { "Arch" : "NATHVM64" }, 130 | "r3.4xlarge" : { "Arch" : "NATHVM64" }, 131 | "r3.8xlarge" : { "Arch" : "NATHVM64" }, 132 | "i2.xlarge" : { "Arch" : "NATHVM64" }, 133 | "i2.2xlarge" : { "Arch" : "NATHVM64" }, 134 | "i2.4xlarge" : { "Arch" : "NATHVM64" }, 135 | "i2.8xlarge" : { "Arch" : "NATHVM64" }, 136 | "d2.xlarge" : { "Arch" : "NATHVM64" }, 137 | "d2.2xlarge" : { "Arch" : "NATHVM64" }, 138 | "d2.4xlarge" : { "Arch" : "NATHVM64" }, 139 | "d2.8xlarge" : { "Arch" : "NATHVM64" }, 140 | "hi1.4xlarge" : { "Arch" : "NATHVM64" }, 141 | "hs1.8xlarge" : { "Arch" : "NATHVM64" }, 142 | "cr1.8xlarge" : { "Arch" : "NATHVM64" }, 143 | "cc2.8xlarge" : { "Arch" : "NATHVM64" } 144 | } 145 | , 146 | "AWSRegionArch2AMI" : { 147 | "us-east-1" : {"HVM64" : "ami-0080e4c5bc078760e", "HVMG2" : "ami-0aeb704d503081ea6"}, 148 | "us-west-2" : {"HVM64" : "ami-01e24be29428c15b2", "HVMG2" : "ami-0fe84a5b4563d8f27"}, 149 | "us-west-1" : {"HVM64" : "ami-0ec6517f6edbf8044", "HVMG2" : "ami-0a7fc72dc0e51aa77"}, 150 | "eu-west-1" : {"HVM64" : "ami-08935252a36e25f85", "HVMG2" : "ami-0d5299b1c6112c3c7"}, 151 | "eu-west-2" : {"HVM64" : "ami-01419b804382064e4", "HVMG2" : "NOT_SUPPORTED"}, 152 | "eu-west-3" : {"HVM64" : "ami-0dd7e7ed60da8fb83", "HVMG2" : "NOT_SUPPORTED"}, 153 | "eu-central-1" : {"HVM64" : "ami-0cfbf4f6db41068ac", "HVMG2" : "ami-0aa1822e3eb913a11"}, 154 | "eu-north-1" : {"HVM64" : "ami-86fe70f8", "HVMG2" : "ami-32d55b4c"}, 155 | "ap-northeast-1" : {"HVM64" : "ami-00a5245b4816c38e6", "HVMG2" : "ami-09d0e0e099ecabba2"}, 156 | "ap-northeast-2" : {"HVM64" : "ami-00dc207f8ba6dc919", "HVMG2" : "NOT_SUPPORTED"}, 157 | "ap-northeast-3" : {"HVM64" : "ami-0b65f69a5c11f3522", "HVMG2" : "NOT_SUPPORTED"}, 158 | "ap-southeast-1" : {"HVM64" : "ami-05b3bcf7f311194b3", "HVMG2" : "ami-0e46ce0d6a87dc979"}, 159 | "ap-southeast-2" : {"HVM64" : "ami-02fd0b06f06d93dfc", "HVMG2" : "ami-0c0ab057a101d8ff2"}, 160 | "ap-south-1" : {"HVM64" : "ami-0ad42f4f66f6c1cc9", "HVMG2" : "ami-0244c1d42815af84a"}, 161 | "us-east-2" : {"HVM64" : "ami-0cd3dfa4e37921605", "HVMG2" : "NOT_SUPPORTED"}, 162 | "ca-central-1" : {"HVM64" : "ami-07423fb63ea0a0930", "HVMG2" : "NOT_SUPPORTED"}, 163 | "sa-east-1" : {"HVM64" : "ami-05145e0b28ad8e0b2", "HVMG2" : "NOT_SUPPORTED"}, 164 | "cn-north-1" : {"HVM64" : "ami-053617c9d818c1189", "HVMG2" : "NOT_SUPPORTED"}, 165 | "cn-northwest-1" : {"HVM64" : "ami-0f7937761741dc640", "HVMG2" : "NOT_SUPPORTED"} 166 | } 167 | 168 | }, 169 | 170 | "Resources" : { 171 | "EC2Instance" : { 172 | "Type" : "AWS::EC2::Instance", 173 | "Properties" : { 174 | "InstanceType" : { "Ref" : "InstanceType" }, 175 | "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], 176 | "KeyName" : { "Ref" : "KeyName" }, 177 | "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, 178 | { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } 179 | } 180 | }, 181 | 182 | "InstanceSecurityGroup" : { 183 | "Type" : "AWS::EC2::SecurityGroup", 184 | "Properties" : { 185 | "GroupDescription" : "Enable SSH access via port 22", 186 | "SecurityGroupIngress" : [ { 187 | "IpProtocol" : "tcp", 188 | "FromPort" : "22", 189 | "ToPort" : "22", 190 | "CidrIp" : { "Ref" : "SSHLocation"} 191 | } ] 192 | } 193 | } 194 | }, 195 | 196 | "Outputs" : { 197 | "InstanceId" : { 198 | "Description" : "InstanceId of the newly created EC2 instance", 199 | "Value" : { "Ref" : "EC2Instance" } 200 | }, 201 | "AZ" : { 202 | "Description" : "Availability Zone of the newly created EC2 instance", 203 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ] } 204 | }, 205 | "PublicDNS" : { 206 | "Description" : "Public DNSName of the newly created EC2 instance", 207 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicDnsName" ] } 208 | }, 209 | "PublicIP" : { 210 | "Description" : "Public IP address of the newly created EC2 instance", 211 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicIp" ] } 212 | } 213 | } 214 | } 215 | -------------------------------------------------------------------------------- /1-4 CF and IAM/EC2withSG.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example creates an EC2 security group for the instance to give you SSH access. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters" : { 7 | "KeyName": { 8 | "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", 9 | "Type": "AWS::EC2::KeyPair::KeyName", 10 | "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." 11 | }, 12 | 13 | "InstanceType" : { 14 | "Description" : "WebServer EC2 instance type", 15 | "Type" : "String", 16 | "Default" : "t2.small", 17 | "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"] 18 | , 19 | "ConstraintDescription" : "must be a valid EC2 instance type." 20 | }, 21 | 22 | "SSHLocation" : { 23 | "Description" : "The IP address range that can be used to SSH to the EC2 instances", 24 | "Type": "String", 25 | "MinLength": "9", 26 | "MaxLength": "18", 27 | "Default": "0.0.0.0/0", 28 | "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", 29 | "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." 30 | } 31 | }, 32 | 33 | "Mappings" : { 34 | "AWSInstanceType2Arch" : { 35 | "t1.micro" : { "Arch" : "HVM64" }, 36 | "t2.nano" : { "Arch" : "HVM64" }, 37 | "t2.micro" : { "Arch" : "HVM64" }, 38 | "t2.small" : { "Arch" : "HVM64" }, 39 | "t2.medium" : { "Arch" : "HVM64" }, 40 | "t2.large" : { "Arch" : "HVM64" }, 41 | "m1.small" : { "Arch" : "HVM64" }, 42 | "m1.medium" : { "Arch" : "HVM64" }, 43 | "m1.large" : { "Arch" : "HVM64" }, 44 | "m1.xlarge" : { "Arch" : "HVM64" }, 45 | "m2.xlarge" : { "Arch" : "HVM64" }, 46 | "m2.2xlarge" : { "Arch" : "HVM64" }, 47 | "m2.4xlarge" : { "Arch" : "HVM64" }, 48 | "m3.medium" : { "Arch" : "HVM64" }, 49 | "m3.large" : { "Arch" : "HVM64" }, 50 | "m3.xlarge" : { "Arch" : "HVM64" }, 51 | "m3.2xlarge" : { "Arch" : "HVM64" }, 52 | "m4.large" : { "Arch" : "HVM64" }, 53 | "m4.xlarge" : { "Arch" : "HVM64" }, 54 | "m4.2xlarge" : { "Arch" : "HVM64" }, 55 | "m4.4xlarge" : { "Arch" : "HVM64" }, 56 | "m4.10xlarge" : { "Arch" : "HVM64" }, 57 | "c1.medium" : { "Arch" : "HVM64" }, 58 | "c1.xlarge" : { "Arch" : "HVM64" }, 59 | "c3.large" : { "Arch" : "HVM64" }, 60 | "c3.xlarge" : { "Arch" : "HVM64" }, 61 | "c3.2xlarge" : { "Arch" : "HVM64" }, 62 | "c3.4xlarge" : { "Arch" : "HVM64" }, 63 | "c3.8xlarge" : { "Arch" : "HVM64" }, 64 | "c4.large" : { "Arch" : "HVM64" }, 65 | "c4.xlarge" : { "Arch" : "HVM64" }, 66 | "c4.2xlarge" : { "Arch" : "HVM64" }, 67 | "c4.4xlarge" : { "Arch" : "HVM64" }, 68 | "c4.8xlarge" : { "Arch" : "HVM64" }, 69 | "g2.2xlarge" : { "Arch" : "HVMG2" }, 70 | "g2.8xlarge" : { "Arch" : "HVMG2" }, 71 | "r3.large" : { "Arch" : "HVM64" }, 72 | "r3.xlarge" : { "Arch" : "HVM64" }, 73 | "r3.2xlarge" : { "Arch" : "HVM64" }, 74 | "r3.4xlarge" : { "Arch" : "HVM64" }, 75 | "r3.8xlarge" : { "Arch" : "HVM64" }, 76 | "i2.xlarge" : { "Arch" : "HVM64" }, 77 | "i2.2xlarge" : { "Arch" : "HVM64" }, 78 | "i2.4xlarge" : { "Arch" : "HVM64" }, 79 | "i2.8xlarge" : { "Arch" : "HVM64" }, 80 | "d2.xlarge" : { "Arch" : "HVM64" }, 81 | "d2.2xlarge" : { "Arch" : "HVM64" }, 82 | "d2.4xlarge" : { "Arch" : "HVM64" }, 83 | "d2.8xlarge" : { "Arch" : "HVM64" }, 84 | "hi1.4xlarge" : { "Arch" : "HVM64" }, 85 | "hs1.8xlarge" : { "Arch" : "HVM64" }, 86 | "cr1.8xlarge" : { "Arch" : "HVM64" }, 87 | "cc2.8xlarge" : { "Arch" : "HVM64" } 88 | }, 89 | 90 | "AWSInstanceType2NATArch" : { 91 | "t1.micro" : { "Arch" : "NATHVM64" }, 92 | "t2.nano" : { "Arch" : "NATHVM64" }, 93 | "t2.micro" : { "Arch" : "NATHVM64" }, 94 | "t2.small" : { "Arch" : "NATHVM64" }, 95 | "t2.medium" : { "Arch" : "NATHVM64" }, 96 | "t2.large" : { "Arch" : "NATHVM64" }, 97 | "m1.small" : { "Arch" : "NATHVM64" }, 98 | "m1.medium" : { "Arch" : "NATHVM64" }, 99 | "m1.large" : { "Arch" : "NATHVM64" }, 100 | "m1.xlarge" : { "Arch" : "NATHVM64" }, 101 | "m2.xlarge" : { "Arch" : "NATHVM64" }, 102 | "m2.2xlarge" : { "Arch" : "NATHVM64" }, 103 | "m2.4xlarge" : { "Arch" : "NATHVM64" }, 104 | "m3.medium" : { "Arch" : "NATHVM64" }, 105 | "m3.large" : { "Arch" : "NATHVM64" }, 106 | "m3.xlarge" : { "Arch" : "NATHVM64" }, 107 | "m3.2xlarge" : { "Arch" : "NATHVM64" }, 108 | "m4.large" : { "Arch" : "NATHVM64" }, 109 | "m4.xlarge" : { "Arch" : "NATHVM64" }, 110 | "m4.2xlarge" : { "Arch" : "NATHVM64" }, 111 | "m4.4xlarge" : { "Arch" : "NATHVM64" }, 112 | "m4.10xlarge" : { "Arch" : "NATHVM64" }, 113 | "c1.medium" : { "Arch" : "NATHVM64" }, 114 | "c1.xlarge" : { "Arch" : "NATHVM64" }, 115 | "c3.large" : { "Arch" : "NATHVM64" }, 116 | "c3.xlarge" : { "Arch" : "NATHVM64" }, 117 | "c3.2xlarge" : { "Arch" : "NATHVM64" }, 118 | "c3.4xlarge" : { "Arch" : "NATHVM64" }, 119 | "c3.8xlarge" : { "Arch" : "NATHVM64" }, 120 | "c4.large" : { "Arch" : "NATHVM64" }, 121 | "c4.xlarge" : { "Arch" : "NATHVM64" }, 122 | "c4.2xlarge" : { "Arch" : "NATHVM64" }, 123 | "c4.4xlarge" : { "Arch" : "NATHVM64" }, 124 | "c4.8xlarge" : { "Arch" : "NATHVM64" }, 125 | "g2.2xlarge" : { "Arch" : "NATHVMG2" }, 126 | "g2.8xlarge" : { "Arch" : "NATHVMG2" }, 127 | "r3.large" : { "Arch" : "NATHVM64" }, 128 | "r3.xlarge" : { "Arch" : "NATHVM64" }, 129 | "r3.2xlarge" : { "Arch" : "NATHVM64" }, 130 | "r3.4xlarge" : { "Arch" : "NATHVM64" }, 131 | "r3.8xlarge" : { "Arch" : "NATHVM64" }, 132 | "i2.xlarge" : { "Arch" : "NATHVM64" }, 133 | "i2.2xlarge" : { "Arch" : "NATHVM64" }, 134 | "i2.4xlarge" : { "Arch" : "NATHVM64" }, 135 | "i2.8xlarge" : { "Arch" : "NATHVM64" }, 136 | "d2.xlarge" : { "Arch" : "NATHVM64" }, 137 | "d2.2xlarge" : { "Arch" : "NATHVM64" }, 138 | "d2.4xlarge" : { "Arch" : "NATHVM64" }, 139 | "d2.8xlarge" : { "Arch" : "NATHVM64" }, 140 | "hi1.4xlarge" : { "Arch" : "NATHVM64" }, 141 | "hs1.8xlarge" : { "Arch" : "NATHVM64" }, 142 | "cr1.8xlarge" : { "Arch" : "NATHVM64" }, 143 | "cc2.8xlarge" : { "Arch" : "NATHVM64" } 144 | } 145 | , 146 | "AWSRegionArch2AMI" : { 147 | "us-east-1" : {"HVM64" : "ami-0080e4c5bc078760e", "HVMG2" : "ami-0aeb704d503081ea6"}, 148 | "us-west-2" : {"HVM64" : "ami-01e24be29428c15b2", "HVMG2" : "ami-0fe84a5b4563d8f27"}, 149 | "us-west-1" : {"HVM64" : "ami-0ec6517f6edbf8044", "HVMG2" : "ami-0a7fc72dc0e51aa77"}, 150 | "eu-west-1" : {"HVM64" : "ami-08935252a36e25f85", "HVMG2" : "ami-0d5299b1c6112c3c7"}, 151 | "eu-west-2" : {"HVM64" : "ami-01419b804382064e4", "HVMG2" : "NOT_SUPPORTED"}, 152 | "eu-west-3" : {"HVM64" : "ami-0dd7e7ed60da8fb83", "HVMG2" : "NOT_SUPPORTED"}, 153 | "eu-central-1" : {"HVM64" : "ami-0cfbf4f6db41068ac", "HVMG2" : "ami-0aa1822e3eb913a11"}, 154 | "eu-north-1" : {"HVM64" : "ami-86fe70f8", "HVMG2" : "ami-32d55b4c"}, 155 | "ap-northeast-1" : {"HVM64" : "ami-00a5245b4816c38e6", "HVMG2" : "ami-09d0e0e099ecabba2"}, 156 | "ap-northeast-2" : {"HVM64" : "ami-00dc207f8ba6dc919", "HVMG2" : "NOT_SUPPORTED"}, 157 | "ap-northeast-3" : {"HVM64" : "ami-0b65f69a5c11f3522", "HVMG2" : "NOT_SUPPORTED"}, 158 | "ap-southeast-1" : {"HVM64" : "ami-05b3bcf7f311194b3", "HVMG2" : "ami-0e46ce0d6a87dc979"}, 159 | "ap-southeast-2" : {"HVM64" : "ami-02fd0b06f06d93dfc", "HVMG2" : "ami-0c0ab057a101d8ff2"}, 160 | "ap-south-1" : {"HVM64" : "ami-0ad42f4f66f6c1cc9", "HVMG2" : "ami-0244c1d42815af84a"}, 161 | "us-east-2" : {"HVM64" : "ami-0cd3dfa4e37921605", "HVMG2" : "NOT_SUPPORTED"}, 162 | "ca-central-1" : {"HVM64" : "ami-07423fb63ea0a0930", "HVMG2" : "NOT_SUPPORTED"}, 163 | "sa-east-1" : {"HVM64" : "ami-05145e0b28ad8e0b2", "HVMG2" : "NOT_SUPPORTED"}, 164 | "cn-north-1" : {"HVM64" : "ami-053617c9d818c1189", "HVMG2" : "NOT_SUPPORTED"}, 165 | "cn-northwest-1" : {"HVM64" : "ami-0f7937761741dc640", "HVMG2" : "NOT_SUPPORTED"} 166 | } 167 | 168 | }, 169 | 170 | "Resources" : { 171 | "EC2Instance" : { 172 | "Type" : "AWS::EC2::Instance", 173 | "Properties" : { 174 | "InstanceType" : { "Ref" : "InstanceType" }, 175 | "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], 176 | "KeyName" : { "Ref" : "KeyName" }, 177 | "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, 178 | { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } 179 | } 180 | }, 181 | 182 | "InstanceSecurityGroup" : { 183 | "Type" : "AWS::EC2::SecurityGroup", 184 | "Properties" : { 185 | "GroupDescription" : "Enable SSH access via port 22", 186 | "SecurityGroupIngress" : [ { 187 | "IpProtocol" : "tcp", 188 | "FromPort" : "22", 189 | "ToPort" : "22", 190 | "CidrIp" : { "Ref" : "SSHLocation"} 191 | } ] 192 | } 193 | } 194 | }, 195 | 196 | "Outputs" : { 197 | "InstanceId" : { 198 | "Description" : "InstanceId of the newly created EC2 instance", 199 | "Value" : { "Ref" : "EC2Instance" } 200 | }, 201 | "AZ" : { 202 | "Description" : "Availability Zone of the newly created EC2 instance", 203 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ] } 204 | }, 205 | "PublicDNS" : { 206 | "Description" : "Public DNSName of the newly created EC2 instance", 207 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicDnsName" ] } 208 | }, 209 | "PublicIP" : { 210 | "Description" : "Public IP address of the newly created EC2 instance", 211 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicIp" ] } 212 | } 213 | } 214 | } 215 | -------------------------------------------------------------------------------- /3-1-StacksIntro/EC2withSG.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example creates an EC2 security group for the instance to give you SSH access. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters" : { 7 | "KeyName": { 8 | "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", 9 | "Type": "AWS::EC2::KeyPair::KeyName", 10 | "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." 11 | }, 12 | 13 | "InstanceType" : { 14 | "Description" : "WebServer EC2 instance type", 15 | "Type" : "String", 16 | "Default" : "t2.small", 17 | "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"] 18 | , 19 | "ConstraintDescription" : "must be a valid EC2 instance type." 20 | }, 21 | 22 | "SSHLocation" : { 23 | "Description" : "The IP address range that can be used to SSH to the EC2 instances", 24 | "Type": "String", 25 | "MinLength": "9", 26 | "MaxLength": "18", 27 | "Default": "0.0.0.0/0", 28 | "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", 29 | "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." 30 | } 31 | }, 32 | 33 | "Mappings" : { 34 | "AWSInstanceType2Arch" : { 35 | "t1.micro" : { "Arch" : "HVM64" }, 36 | "t2.nano" : { "Arch" : "HVM64" }, 37 | "t2.micro" : { "Arch" : "HVM64" }, 38 | "t2.small" : { "Arch" : "HVM64" }, 39 | "t2.medium" : { "Arch" : "HVM64" }, 40 | "t2.large" : { "Arch" : "HVM64" }, 41 | "m1.small" : { "Arch" : "HVM64" }, 42 | "m1.medium" : { "Arch" : "HVM64" }, 43 | "m1.large" : { "Arch" : "HVM64" }, 44 | "m1.xlarge" : { "Arch" : "HVM64" }, 45 | "m2.xlarge" : { "Arch" : "HVM64" }, 46 | "m2.2xlarge" : { "Arch" : "HVM64" }, 47 | "m2.4xlarge" : { "Arch" : "HVM64" }, 48 | "m3.medium" : { "Arch" : "HVM64" }, 49 | "m3.large" : { "Arch" : "HVM64" }, 50 | "m3.xlarge" : { "Arch" : "HVM64" }, 51 | "m3.2xlarge" : { "Arch" : "HVM64" }, 52 | "m4.large" : { "Arch" : "HVM64" }, 53 | "m4.xlarge" : { "Arch" : "HVM64" }, 54 | "m4.2xlarge" : { "Arch" : "HVM64" }, 55 | "m4.4xlarge" : { "Arch" : "HVM64" }, 56 | "m4.10xlarge" : { "Arch" : "HVM64" }, 57 | "c1.medium" : { "Arch" : "HVM64" }, 58 | "c1.xlarge" : { "Arch" : "HVM64" }, 59 | "c3.large" : { "Arch" : "HVM64" }, 60 | "c3.xlarge" : { "Arch" : "HVM64" }, 61 | "c3.2xlarge" : { "Arch" : "HVM64" }, 62 | "c3.4xlarge" : { "Arch" : "HVM64" }, 63 | "c3.8xlarge" : { "Arch" : "HVM64" }, 64 | "c4.large" : { "Arch" : "HVM64" }, 65 | "c4.xlarge" : { "Arch" : "HVM64" }, 66 | "c4.2xlarge" : { "Arch" : "HVM64" }, 67 | "c4.4xlarge" : { "Arch" : "HVM64" }, 68 | "c4.8xlarge" : { "Arch" : "HVM64" }, 69 | "g2.2xlarge" : { "Arch" : "HVMG2" }, 70 | "g2.8xlarge" : { "Arch" : "HVMG2" }, 71 | "r3.large" : { "Arch" : "HVM64" }, 72 | "r3.xlarge" : { "Arch" : "HVM64" }, 73 | "r3.2xlarge" : { "Arch" : "HVM64" }, 74 | "r3.4xlarge" : { "Arch" : "HVM64" }, 75 | "r3.8xlarge" : { "Arch" : "HVM64" }, 76 | "i2.xlarge" : { "Arch" : "HVM64" }, 77 | "i2.2xlarge" : { "Arch" : "HVM64" }, 78 | "i2.4xlarge" : { "Arch" : "HVM64" }, 79 | "i2.8xlarge" : { "Arch" : "HVM64" }, 80 | "d2.xlarge" : { "Arch" : "HVM64" }, 81 | "d2.2xlarge" : { "Arch" : "HVM64" }, 82 | "d2.4xlarge" : { "Arch" : "HVM64" }, 83 | "d2.8xlarge" : { "Arch" : "HVM64" }, 84 | "hi1.4xlarge" : { "Arch" : "HVM64" }, 85 | "hs1.8xlarge" : { "Arch" : "HVM64" }, 86 | "cr1.8xlarge" : { "Arch" : "HVM64" }, 87 | "cc2.8xlarge" : { "Arch" : "HVM64" } 88 | }, 89 | 90 | "AWSInstanceType2NATArch" : { 91 | "t1.micro" : { "Arch" : "NATHVM64" }, 92 | "t2.nano" : { "Arch" : "NATHVM64" }, 93 | "t2.micro" : { "Arch" : "NATHVM64" }, 94 | "t2.small" : { "Arch" : "NATHVM64" }, 95 | "t2.medium" : { "Arch" : "NATHVM64" }, 96 | "t2.large" : { "Arch" : "NATHVM64" }, 97 | "m1.small" : { "Arch" : "NATHVM64" }, 98 | "m1.medium" : { "Arch" : "NATHVM64" }, 99 | "m1.large" : { "Arch" : "NATHVM64" }, 100 | "m1.xlarge" : { "Arch" : "NATHVM64" }, 101 | "m2.xlarge" : { "Arch" : "NATHVM64" }, 102 | "m2.2xlarge" : { "Arch" : "NATHVM64" }, 103 | "m2.4xlarge" : { "Arch" : "NATHVM64" }, 104 | "m3.medium" : { "Arch" : "NATHVM64" }, 105 | "m3.large" : { "Arch" : "NATHVM64" }, 106 | "m3.xlarge" : { "Arch" : "NATHVM64" }, 107 | "m3.2xlarge" : { "Arch" : "NATHVM64" }, 108 | "m4.large" : { "Arch" : "NATHVM64" }, 109 | "m4.xlarge" : { "Arch" : "NATHVM64" }, 110 | "m4.2xlarge" : { "Arch" : "NATHVM64" }, 111 | "m4.4xlarge" : { "Arch" : "NATHVM64" }, 112 | "m4.10xlarge" : { "Arch" : "NATHVM64" }, 113 | "c1.medium" : { "Arch" : "NATHVM64" }, 114 | "c1.xlarge" : { "Arch" : "NATHVM64" }, 115 | "c3.large" : { "Arch" : "NATHVM64" }, 116 | "c3.xlarge" : { "Arch" : "NATHVM64" }, 117 | "c3.2xlarge" : { "Arch" : "NATHVM64" }, 118 | "c3.4xlarge" : { "Arch" : "NATHVM64" }, 119 | "c3.8xlarge" : { "Arch" : "NATHVM64" }, 120 | "c4.large" : { "Arch" : "NATHVM64" }, 121 | "c4.xlarge" : { "Arch" : "NATHVM64" }, 122 | "c4.2xlarge" : { "Arch" : "NATHVM64" }, 123 | "c4.4xlarge" : { "Arch" : "NATHVM64" }, 124 | "c4.8xlarge" : { "Arch" : "NATHVM64" }, 125 | "g2.2xlarge" : { "Arch" : "NATHVMG2" }, 126 | "g2.8xlarge" : { "Arch" : "NATHVMG2" }, 127 | "r3.large" : { "Arch" : "NATHVM64" }, 128 | "r3.xlarge" : { "Arch" : "NATHVM64" }, 129 | "r3.2xlarge" : { "Arch" : "NATHVM64" }, 130 | "r3.4xlarge" : { "Arch" : "NATHVM64" }, 131 | "r3.8xlarge" : { "Arch" : "NATHVM64" }, 132 | "i2.xlarge" : { "Arch" : "NATHVM64" }, 133 | "i2.2xlarge" : { "Arch" : "NATHVM64" }, 134 | "i2.4xlarge" : { "Arch" : "NATHVM64" }, 135 | "i2.8xlarge" : { "Arch" : "NATHVM64" }, 136 | "d2.xlarge" : { "Arch" : "NATHVM64" }, 137 | "d2.2xlarge" : { "Arch" : "NATHVM64" }, 138 | "d2.4xlarge" : { "Arch" : "NATHVM64" }, 139 | "d2.8xlarge" : { "Arch" : "NATHVM64" }, 140 | "hi1.4xlarge" : { "Arch" : "NATHVM64" }, 141 | "hs1.8xlarge" : { "Arch" : "NATHVM64" }, 142 | "cr1.8xlarge" : { "Arch" : "NATHVM64" }, 143 | "cc2.8xlarge" : { "Arch" : "NATHVM64" } 144 | } 145 | , 146 | "AWSRegionArch2AMI" : { 147 | "us-east-1" : {"HVM64" : "ami-0080e4c5bc078760e", "HVMG2" : "ami-0aeb704d503081ea6"}, 148 | "us-west-2" : {"HVM64" : "ami-01e24be29428c15b2", "HVMG2" : "ami-0fe84a5b4563d8f27"}, 149 | "us-west-1" : {"HVM64" : "ami-0ec6517f6edbf8044", "HVMG2" : "ami-0a7fc72dc0e51aa77"}, 150 | "eu-west-1" : {"HVM64" : "ami-08935252a36e25f85", "HVMG2" : "ami-0d5299b1c6112c3c7"}, 151 | "eu-west-2" : {"HVM64" : "ami-01419b804382064e4", "HVMG2" : "NOT_SUPPORTED"}, 152 | "eu-west-3" : {"HVM64" : "ami-0dd7e7ed60da8fb83", "HVMG2" : "NOT_SUPPORTED"}, 153 | "eu-central-1" : {"HVM64" : "ami-0cfbf4f6db41068ac", "HVMG2" : "ami-0aa1822e3eb913a11"}, 154 | "eu-north-1" : {"HVM64" : "ami-86fe70f8", "HVMG2" : "ami-32d55b4c"}, 155 | "ap-northeast-1" : {"HVM64" : "ami-00a5245b4816c38e6", "HVMG2" : "ami-09d0e0e099ecabba2"}, 156 | "ap-northeast-2" : {"HVM64" : "ami-00dc207f8ba6dc919", "HVMG2" : "NOT_SUPPORTED"}, 157 | "ap-northeast-3" : {"HVM64" : "ami-0b65f69a5c11f3522", "HVMG2" : "NOT_SUPPORTED"}, 158 | "ap-southeast-1" : {"HVM64" : "ami-05b3bcf7f311194b3", "HVMG2" : "ami-0e46ce0d6a87dc979"}, 159 | "ap-southeast-2" : {"HVM64" : "ami-02fd0b06f06d93dfc", "HVMG2" : "ami-0c0ab057a101d8ff2"}, 160 | "ap-south-1" : {"HVM64" : "ami-0ad42f4f66f6c1cc9", "HVMG2" : "ami-0244c1d42815af84a"}, 161 | "us-east-2" : {"HVM64" : "ami-0cd3dfa4e37921605", "HVMG2" : "NOT_SUPPORTED"}, 162 | "ca-central-1" : {"HVM64" : "ami-07423fb63ea0a0930", "HVMG2" : "NOT_SUPPORTED"}, 163 | "sa-east-1" : {"HVM64" : "ami-05145e0b28ad8e0b2", "HVMG2" : "NOT_SUPPORTED"}, 164 | "cn-north-1" : {"HVM64" : "ami-053617c9d818c1189", "HVMG2" : "NOT_SUPPORTED"}, 165 | "cn-northwest-1" : {"HVM64" : "ami-0f7937761741dc640", "HVMG2" : "NOT_SUPPORTED"} 166 | } 167 | 168 | }, 169 | 170 | "Resources" : { 171 | "EC2Instance" : { 172 | "Type" : "AWS::EC2::Instance", 173 | "Properties" : { 174 | "InstanceType" : { "Ref" : "InstanceType" }, 175 | "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], 176 | "KeyName" : { "Ref" : "KeyName" }, 177 | "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, 178 | { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } 179 | } 180 | }, 181 | 182 | "InstanceSecurityGroup" : { 183 | "Type" : "AWS::EC2::SecurityGroup", 184 | "Properties" : { 185 | "GroupDescription" : "Enable SSH access via port 22", 186 | "SecurityGroupIngress" : [ { 187 | "IpProtocol" : "tcp", 188 | "FromPort" : "22", 189 | "ToPort" : "22", 190 | "CidrIp" : { "Ref" : "SSHLocation"} 191 | } ] 192 | } 193 | } 194 | }, 195 | 196 | "Outputs" : { 197 | "InstanceId" : { 198 | "Description" : "InstanceId of the newly created EC2 instance", 199 | "Value" : { "Ref" : "EC2Instance" } 200 | }, 201 | "AZ" : { 202 | "Description" : "Availability Zone of the newly created EC2 instance", 203 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ] } 204 | }, 205 | "PublicDNS" : { 206 | "Description" : "Public DNSName of the newly created EC2 instance", 207 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicDnsName" ] } 208 | }, 209 | "PublicIP" : { 210 | "Description" : "Public IP address of the newly created EC2 instance", 211 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicIp" ] } 212 | } 213 | } 214 | } 215 | -------------------------------------------------------------------------------- /3-2 Stack Details/EC2withSG.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example creates an EC2 security group for the instance to give you SSH access. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters" : { 7 | "KeyName": { 8 | "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", 9 | "Type": "AWS::EC2::KeyPair::KeyName", 10 | "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." 11 | }, 12 | 13 | "InstanceType" : { 14 | "Description" : "WebServer EC2 instance type", 15 | "Type" : "String", 16 | "Default" : "t2.small", 17 | "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"] 18 | , 19 | "ConstraintDescription" : "must be a valid EC2 instance type." 20 | }, 21 | 22 | "SSHLocation" : { 23 | "Description" : "The IP address range that can be used to SSH to the EC2 instances", 24 | "Type": "String", 25 | "MinLength": "9", 26 | "MaxLength": "18", 27 | "Default": "0.0.0.0/0", 28 | "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", 29 | "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." 30 | } 31 | }, 32 | 33 | "Mappings" : { 34 | "AWSInstanceType2Arch" : { 35 | "t1.micro" : { "Arch" : "HVM64" }, 36 | "t2.nano" : { "Arch" : "HVM64" }, 37 | "t2.micro" : { "Arch" : "HVM64" }, 38 | "t2.small" : { "Arch" : "HVM64" }, 39 | "t2.medium" : { "Arch" : "HVM64" }, 40 | "t2.large" : { "Arch" : "HVM64" }, 41 | "m1.small" : { "Arch" : "HVM64" }, 42 | "m1.medium" : { "Arch" : "HVM64" }, 43 | "m1.large" : { "Arch" : "HVM64" }, 44 | "m1.xlarge" : { "Arch" : "HVM64" }, 45 | "m2.xlarge" : { "Arch" : "HVM64" }, 46 | "m2.2xlarge" : { "Arch" : "HVM64" }, 47 | "m2.4xlarge" : { "Arch" : "HVM64" }, 48 | "m3.medium" : { "Arch" : "HVM64" }, 49 | "m3.large" : { "Arch" : "HVM64" }, 50 | "m3.xlarge" : { "Arch" : "HVM64" }, 51 | "m3.2xlarge" : { "Arch" : "HVM64" }, 52 | "m4.large" : { "Arch" : "HVM64" }, 53 | "m4.xlarge" : { "Arch" : "HVM64" }, 54 | "m4.2xlarge" : { "Arch" : "HVM64" }, 55 | "m4.4xlarge" : { "Arch" : "HVM64" }, 56 | "m4.10xlarge" : { "Arch" : "HVM64" }, 57 | "c1.medium" : { "Arch" : "HVM64" }, 58 | "c1.xlarge" : { "Arch" : "HVM64" }, 59 | "c3.large" : { "Arch" : "HVM64" }, 60 | "c3.xlarge" : { "Arch" : "HVM64" }, 61 | "c3.2xlarge" : { "Arch" : "HVM64" }, 62 | "c3.4xlarge" : { "Arch" : "HVM64" }, 63 | "c3.8xlarge" : { "Arch" : "HVM64" }, 64 | "c4.large" : { "Arch" : "HVM64" }, 65 | "c4.xlarge" : { "Arch" : "HVM64" }, 66 | "c4.2xlarge" : { "Arch" : "HVM64" }, 67 | "c4.4xlarge" : { "Arch" : "HVM64" }, 68 | "c4.8xlarge" : { "Arch" : "HVM64" }, 69 | "g2.2xlarge" : { "Arch" : "HVMG2" }, 70 | "g2.8xlarge" : { "Arch" : "HVMG2" }, 71 | "r3.large" : { "Arch" : "HVM64" }, 72 | "r3.xlarge" : { "Arch" : "HVM64" }, 73 | "r3.2xlarge" : { "Arch" : "HVM64" }, 74 | "r3.4xlarge" : { "Arch" : "HVM64" }, 75 | "r3.8xlarge" : { "Arch" : "HVM64" }, 76 | "i2.xlarge" : { "Arch" : "HVM64" }, 77 | "i2.2xlarge" : { "Arch" : "HVM64" }, 78 | "i2.4xlarge" : { "Arch" : "HVM64" }, 79 | "i2.8xlarge" : { "Arch" : "HVM64" }, 80 | "d2.xlarge" : { "Arch" : "HVM64" }, 81 | "d2.2xlarge" : { "Arch" : "HVM64" }, 82 | "d2.4xlarge" : { "Arch" : "HVM64" }, 83 | "d2.8xlarge" : { "Arch" : "HVM64" }, 84 | "hi1.4xlarge" : { "Arch" : "HVM64" }, 85 | "hs1.8xlarge" : { "Arch" : "HVM64" }, 86 | "cr1.8xlarge" : { "Arch" : "HVM64" }, 87 | "cc2.8xlarge" : { "Arch" : "HVM64" } 88 | }, 89 | 90 | "AWSInstanceType2NATArch" : { 91 | "t1.micro" : { "Arch" : "NATHVM64" }, 92 | "t2.nano" : { "Arch" : "NATHVM64" }, 93 | "t2.micro" : { "Arch" : "NATHVM64" }, 94 | "t2.small" : { "Arch" : "NATHVM64" }, 95 | "t2.medium" : { "Arch" : "NATHVM64" }, 96 | "t2.large" : { "Arch" : "NATHVM64" }, 97 | "m1.small" : { "Arch" : "NATHVM64" }, 98 | "m1.medium" : { "Arch" : "NATHVM64" }, 99 | "m1.large" : { "Arch" : "NATHVM64" }, 100 | "m1.xlarge" : { "Arch" : "NATHVM64" }, 101 | "m2.xlarge" : { "Arch" : "NATHVM64" }, 102 | "m2.2xlarge" : { "Arch" : "NATHVM64" }, 103 | "m2.4xlarge" : { "Arch" : "NATHVM64" }, 104 | "m3.medium" : { "Arch" : "NATHVM64" }, 105 | "m3.large" : { "Arch" : "NATHVM64" }, 106 | "m3.xlarge" : { "Arch" : "NATHVM64" }, 107 | "m3.2xlarge" : { "Arch" : "NATHVM64" }, 108 | "m4.large" : { "Arch" : "NATHVM64" }, 109 | "m4.xlarge" : { "Arch" : "NATHVM64" }, 110 | "m4.2xlarge" : { "Arch" : "NATHVM64" }, 111 | "m4.4xlarge" : { "Arch" : "NATHVM64" }, 112 | "m4.10xlarge" : { "Arch" : "NATHVM64" }, 113 | "c1.medium" : { "Arch" : "NATHVM64" }, 114 | "c1.xlarge" : { "Arch" : "NATHVM64" }, 115 | "c3.large" : { "Arch" : "NATHVM64" }, 116 | "c3.xlarge" : { "Arch" : "NATHVM64" }, 117 | "c3.2xlarge" : { "Arch" : "NATHVM64" }, 118 | "c3.4xlarge" : { "Arch" : "NATHVM64" }, 119 | "c3.8xlarge" : { "Arch" : "NATHVM64" }, 120 | "c4.large" : { "Arch" : "NATHVM64" }, 121 | "c4.xlarge" : { "Arch" : "NATHVM64" }, 122 | "c4.2xlarge" : { "Arch" : "NATHVM64" }, 123 | "c4.4xlarge" : { "Arch" : "NATHVM64" }, 124 | "c4.8xlarge" : { "Arch" : "NATHVM64" }, 125 | "g2.2xlarge" : { "Arch" : "NATHVMG2" }, 126 | "g2.8xlarge" : { "Arch" : "NATHVMG2" }, 127 | "r3.large" : { "Arch" : "NATHVM64" }, 128 | "r3.xlarge" : { "Arch" : "NATHVM64" }, 129 | "r3.2xlarge" : { "Arch" : "NATHVM64" }, 130 | "r3.4xlarge" : { "Arch" : "NATHVM64" }, 131 | "r3.8xlarge" : { "Arch" : "NATHVM64" }, 132 | "i2.xlarge" : { "Arch" : "NATHVM64" }, 133 | "i2.2xlarge" : { "Arch" : "NATHVM64" }, 134 | "i2.4xlarge" : { "Arch" : "NATHVM64" }, 135 | "i2.8xlarge" : { "Arch" : "NATHVM64" }, 136 | "d2.xlarge" : { "Arch" : "NATHVM64" }, 137 | "d2.2xlarge" : { "Arch" : "NATHVM64" }, 138 | "d2.4xlarge" : { "Arch" : "NATHVM64" }, 139 | "d2.8xlarge" : { "Arch" : "NATHVM64" }, 140 | "hi1.4xlarge" : { "Arch" : "NATHVM64" }, 141 | "hs1.8xlarge" : { "Arch" : "NATHVM64" }, 142 | "cr1.8xlarge" : { "Arch" : "NATHVM64" }, 143 | "cc2.8xlarge" : { "Arch" : "NATHVM64" } 144 | } 145 | , 146 | "AWSRegionArch2AMI" : { 147 | "us-east-1" : {"HVM64" : "ami-0080e4c5bc078760e", "HVMG2" : "ami-0aeb704d503081ea6"}, 148 | "us-west-2" : {"HVM64" : "ami-01e24be29428c15b2", "HVMG2" : "ami-0fe84a5b4563d8f27"}, 149 | "us-west-1" : {"HVM64" : "ami-0ec6517f6edbf8044", "HVMG2" : "ami-0a7fc72dc0e51aa77"}, 150 | "eu-west-1" : {"HVM64" : "ami-08935252a36e25f85", "HVMG2" : "ami-0d5299b1c6112c3c7"}, 151 | "eu-west-2" : {"HVM64" : "ami-01419b804382064e4", "HVMG2" : "NOT_SUPPORTED"}, 152 | "eu-west-3" : {"HVM64" : "ami-0dd7e7ed60da8fb83", "HVMG2" : "NOT_SUPPORTED"}, 153 | "eu-central-1" : {"HVM64" : "ami-0cfbf4f6db41068ac", "HVMG2" : "ami-0aa1822e3eb913a11"}, 154 | "eu-north-1" : {"HVM64" : "ami-86fe70f8", "HVMG2" : "ami-32d55b4c"}, 155 | "ap-northeast-1" : {"HVM64" : "ami-00a5245b4816c38e6", "HVMG2" : "ami-09d0e0e099ecabba2"}, 156 | "ap-northeast-2" : {"HVM64" : "ami-00dc207f8ba6dc919", "HVMG2" : "NOT_SUPPORTED"}, 157 | "ap-northeast-3" : {"HVM64" : "ami-0b65f69a5c11f3522", "HVMG2" : "NOT_SUPPORTED"}, 158 | "ap-southeast-1" : {"HVM64" : "ami-05b3bcf7f311194b3", "HVMG2" : "ami-0e46ce0d6a87dc979"}, 159 | "ap-southeast-2" : {"HVM64" : "ami-02fd0b06f06d93dfc", "HVMG2" : "ami-0c0ab057a101d8ff2"}, 160 | "ap-south-1" : {"HVM64" : "ami-0ad42f4f66f6c1cc9", "HVMG2" : "ami-0244c1d42815af84a"}, 161 | "us-east-2" : {"HVM64" : "ami-0cd3dfa4e37921605", "HVMG2" : "NOT_SUPPORTED"}, 162 | "ca-central-1" : {"HVM64" : "ami-07423fb63ea0a0930", "HVMG2" : "NOT_SUPPORTED"}, 163 | "sa-east-1" : {"HVM64" : "ami-05145e0b28ad8e0b2", "HVMG2" : "NOT_SUPPORTED"}, 164 | "cn-north-1" : {"HVM64" : "ami-053617c9d818c1189", "HVMG2" : "NOT_SUPPORTED"}, 165 | "cn-northwest-1" : {"HVM64" : "ami-0f7937761741dc640", "HVMG2" : "NOT_SUPPORTED"} 166 | } 167 | 168 | }, 169 | 170 | "Resources" : { 171 | "EC2Instance" : { 172 | "Type" : "AWS::EC2::Instance", 173 | "Properties" : { 174 | "InstanceType" : { "Ref" : "InstanceType" }, 175 | "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], 176 | "KeyName" : { "Ref" : "KeyName" }, 177 | "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, 178 | { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } 179 | } 180 | }, 181 | 182 | "InstanceSecurityGroup" : { 183 | "Type" : "AWS::EC2::SecurityGroup", 184 | "Properties" : { 185 | "GroupDescription" : "Enable SSH access via port 22", 186 | "SecurityGroupIngress" : [ { 187 | "IpProtocol" : "tcp", 188 | "FromPort" : "22", 189 | "ToPort" : "22", 190 | "CidrIp" : { "Ref" : "SSHLocation"} 191 | } ] 192 | } 193 | } 194 | }, 195 | 196 | "Outputs" : { 197 | "InstanceId" : { 198 | "Description" : "InstanceId of the newly created EC2 instance", 199 | "Value" : { "Ref" : "EC2Instance" } 200 | }, 201 | "AZ" : { 202 | "Description" : "Availability Zone of the newly created EC2 instance", 203 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ] } 204 | }, 205 | "PublicDNS" : { 206 | "Description" : "Public DNSName of the newly created EC2 instance", 207 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicDnsName" ] } 208 | }, 209 | "PublicIP" : { 210 | "Description" : "Public IP address of the newly created EC2 instance", 211 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicIp" ] } 212 | } 213 | } 214 | } 215 | -------------------------------------------------------------------------------- /3-5 AWS Config/EC2withSG.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion" : "2010-09-09", 3 | 4 | "Description" : "AWS CloudFormation Sample Template EC2InstanceWithSecurityGroupSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example creates an EC2 security group for the instance to give you SSH access. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", 5 | 6 | "Parameters" : { 7 | "KeyName": { 8 | "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", 9 | "Type": "AWS::EC2::KeyPair::KeyName", 10 | "ConstraintDescription" : "must be the name of an existing EC2 KeyPair." 11 | }, 12 | 13 | "InstanceType" : { 14 | "Description" : "WebServer EC2 instance type", 15 | "Type" : "String", 16 | "Default" : "t2.small", 17 | "AllowedValues" : [ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"] 18 | , 19 | "ConstraintDescription" : "must be a valid EC2 instance type." 20 | }, 21 | 22 | "SSHLocation" : { 23 | "Description" : "The IP address range that can be used to SSH to the EC2 instances", 24 | "Type": "String", 25 | "MinLength": "9", 26 | "MaxLength": "18", 27 | "Default": "0.0.0.0/0", 28 | "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", 29 | "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." 30 | } 31 | }, 32 | 33 | "Mappings" : { 34 | "AWSInstanceType2Arch" : { 35 | "t1.micro" : { "Arch" : "HVM64" }, 36 | "t2.nano" : { "Arch" : "HVM64" }, 37 | "t2.micro" : { "Arch" : "HVM64" }, 38 | "t2.small" : { "Arch" : "HVM64" }, 39 | "t2.medium" : { "Arch" : "HVM64" }, 40 | "t2.large" : { "Arch" : "HVM64" }, 41 | "m1.small" : { "Arch" : "HVM64" }, 42 | "m1.medium" : { "Arch" : "HVM64" }, 43 | "m1.large" : { "Arch" : "HVM64" }, 44 | "m1.xlarge" : { "Arch" : "HVM64" }, 45 | "m2.xlarge" : { "Arch" : "HVM64" }, 46 | "m2.2xlarge" : { "Arch" : "HVM64" }, 47 | "m2.4xlarge" : { "Arch" : "HVM64" }, 48 | "m3.medium" : { "Arch" : "HVM64" }, 49 | "m3.large" : { "Arch" : "HVM64" }, 50 | "m3.xlarge" : { "Arch" : "HVM64" }, 51 | "m3.2xlarge" : { "Arch" : "HVM64" }, 52 | "m4.large" : { "Arch" : "HVM64" }, 53 | "m4.xlarge" : { "Arch" : "HVM64" }, 54 | "m4.2xlarge" : { "Arch" : "HVM64" }, 55 | "m4.4xlarge" : { "Arch" : "HVM64" }, 56 | "m4.10xlarge" : { "Arch" : "HVM64" }, 57 | "c1.medium" : { "Arch" : "HVM64" }, 58 | "c1.xlarge" : { "Arch" : "HVM64" }, 59 | "c3.large" : { "Arch" : "HVM64" }, 60 | "c3.xlarge" : { "Arch" : "HVM64" }, 61 | "c3.2xlarge" : { "Arch" : "HVM64" }, 62 | "c3.4xlarge" : { "Arch" : "HVM64" }, 63 | "c3.8xlarge" : { "Arch" : "HVM64" }, 64 | "c4.large" : { "Arch" : "HVM64" }, 65 | "c4.xlarge" : { "Arch" : "HVM64" }, 66 | "c4.2xlarge" : { "Arch" : "HVM64" }, 67 | "c4.4xlarge" : { "Arch" : "HVM64" }, 68 | "c4.8xlarge" : { "Arch" : "HVM64" }, 69 | "g2.2xlarge" : { "Arch" : "HVMG2" }, 70 | "g2.8xlarge" : { "Arch" : "HVMG2" }, 71 | "r3.large" : { "Arch" : "HVM64" }, 72 | "r3.xlarge" : { "Arch" : "HVM64" }, 73 | "r3.2xlarge" : { "Arch" : "HVM64" }, 74 | "r3.4xlarge" : { "Arch" : "HVM64" }, 75 | "r3.8xlarge" : { "Arch" : "HVM64" }, 76 | "i2.xlarge" : { "Arch" : "HVM64" }, 77 | "i2.2xlarge" : { "Arch" : "HVM64" }, 78 | "i2.4xlarge" : { "Arch" : "HVM64" }, 79 | "i2.8xlarge" : { "Arch" : "HVM64" }, 80 | "d2.xlarge" : { "Arch" : "HVM64" }, 81 | "d2.2xlarge" : { "Arch" : "HVM64" }, 82 | "d2.4xlarge" : { "Arch" : "HVM64" }, 83 | "d2.8xlarge" : { "Arch" : "HVM64" }, 84 | "hi1.4xlarge" : { "Arch" : "HVM64" }, 85 | "hs1.8xlarge" : { "Arch" : "HVM64" }, 86 | "cr1.8xlarge" : { "Arch" : "HVM64" }, 87 | "cc2.8xlarge" : { "Arch" : "HVM64" } 88 | }, 89 | 90 | "AWSInstanceType2NATArch" : { 91 | "t1.micro" : { "Arch" : "NATHVM64" }, 92 | "t2.nano" : { "Arch" : "NATHVM64" }, 93 | "t2.micro" : { "Arch" : "NATHVM64" }, 94 | "t2.small" : { "Arch" : "NATHVM64" }, 95 | "t2.medium" : { "Arch" : "NATHVM64" }, 96 | "t2.large" : { "Arch" : "NATHVM64" }, 97 | "m1.small" : { "Arch" : "NATHVM64" }, 98 | "m1.medium" : { "Arch" : "NATHVM64" }, 99 | "m1.large" : { "Arch" : "NATHVM64" }, 100 | "m1.xlarge" : { "Arch" : "NATHVM64" }, 101 | "m2.xlarge" : { "Arch" : "NATHVM64" }, 102 | "m2.2xlarge" : { "Arch" : "NATHVM64" }, 103 | "m2.4xlarge" : { "Arch" : "NATHVM64" }, 104 | "m3.medium" : { "Arch" : "NATHVM64" }, 105 | "m3.large" : { "Arch" : "NATHVM64" }, 106 | "m3.xlarge" : { "Arch" : "NATHVM64" }, 107 | "m3.2xlarge" : { "Arch" : "NATHVM64" }, 108 | "m4.large" : { "Arch" : "NATHVM64" }, 109 | "m4.xlarge" : { "Arch" : "NATHVM64" }, 110 | "m4.2xlarge" : { "Arch" : "NATHVM64" }, 111 | "m4.4xlarge" : { "Arch" : "NATHVM64" }, 112 | "m4.10xlarge" : { "Arch" : "NATHVM64" }, 113 | "c1.medium" : { "Arch" : "NATHVM64" }, 114 | "c1.xlarge" : { "Arch" : "NATHVM64" }, 115 | "c3.large" : { "Arch" : "NATHVM64" }, 116 | "c3.xlarge" : { "Arch" : "NATHVM64" }, 117 | "c3.2xlarge" : { "Arch" : "NATHVM64" }, 118 | "c3.4xlarge" : { "Arch" : "NATHVM64" }, 119 | "c3.8xlarge" : { "Arch" : "NATHVM64" }, 120 | "c4.large" : { "Arch" : "NATHVM64" }, 121 | "c4.xlarge" : { "Arch" : "NATHVM64" }, 122 | "c4.2xlarge" : { "Arch" : "NATHVM64" }, 123 | "c4.4xlarge" : { "Arch" : "NATHVM64" }, 124 | "c4.8xlarge" : { "Arch" : "NATHVM64" }, 125 | "g2.2xlarge" : { "Arch" : "NATHVMG2" }, 126 | "g2.8xlarge" : { "Arch" : "NATHVMG2" }, 127 | "r3.large" : { "Arch" : "NATHVM64" }, 128 | "r3.xlarge" : { "Arch" : "NATHVM64" }, 129 | "r3.2xlarge" : { "Arch" : "NATHVM64" }, 130 | "r3.4xlarge" : { "Arch" : "NATHVM64" }, 131 | "r3.8xlarge" : { "Arch" : "NATHVM64" }, 132 | "i2.xlarge" : { "Arch" : "NATHVM64" }, 133 | "i2.2xlarge" : { "Arch" : "NATHVM64" }, 134 | "i2.4xlarge" : { "Arch" : "NATHVM64" }, 135 | "i2.8xlarge" : { "Arch" : "NATHVM64" }, 136 | "d2.xlarge" : { "Arch" : "NATHVM64" }, 137 | "d2.2xlarge" : { "Arch" : "NATHVM64" }, 138 | "d2.4xlarge" : { "Arch" : "NATHVM64" }, 139 | "d2.8xlarge" : { "Arch" : "NATHVM64" }, 140 | "hi1.4xlarge" : { "Arch" : "NATHVM64" }, 141 | "hs1.8xlarge" : { "Arch" : "NATHVM64" }, 142 | "cr1.8xlarge" : { "Arch" : "NATHVM64" }, 143 | "cc2.8xlarge" : { "Arch" : "NATHVM64" } 144 | } 145 | , 146 | "AWSRegionArch2AMI" : { 147 | "us-east-1" : {"HVM64" : "ami-0080e4c5bc078760e", "HVMG2" : "ami-0aeb704d503081ea6"}, 148 | "us-west-2" : {"HVM64" : "ami-01e24be29428c15b2", "HVMG2" : "ami-0fe84a5b4563d8f27"}, 149 | "us-west-1" : {"HVM64" : "ami-0ec6517f6edbf8044", "HVMG2" : "ami-0a7fc72dc0e51aa77"}, 150 | "eu-west-1" : {"HVM64" : "ami-08935252a36e25f85", "HVMG2" : "ami-0d5299b1c6112c3c7"}, 151 | "eu-west-2" : {"HVM64" : "ami-01419b804382064e4", "HVMG2" : "NOT_SUPPORTED"}, 152 | "eu-west-3" : {"HVM64" : "ami-0dd7e7ed60da8fb83", "HVMG2" : "NOT_SUPPORTED"}, 153 | "eu-central-1" : {"HVM64" : "ami-0cfbf4f6db41068ac", "HVMG2" : "ami-0aa1822e3eb913a11"}, 154 | "eu-north-1" : {"HVM64" : "ami-86fe70f8", "HVMG2" : "ami-32d55b4c"}, 155 | "ap-northeast-1" : {"HVM64" : "ami-00a5245b4816c38e6", "HVMG2" : "ami-09d0e0e099ecabba2"}, 156 | "ap-northeast-2" : {"HVM64" : "ami-00dc207f8ba6dc919", "HVMG2" : "NOT_SUPPORTED"}, 157 | "ap-northeast-3" : {"HVM64" : "ami-0b65f69a5c11f3522", "HVMG2" : "NOT_SUPPORTED"}, 158 | "ap-southeast-1" : {"HVM64" : "ami-05b3bcf7f311194b3", "HVMG2" : "ami-0e46ce0d6a87dc979"}, 159 | "ap-southeast-2" : {"HVM64" : "ami-02fd0b06f06d93dfc", "HVMG2" : "ami-0c0ab057a101d8ff2"}, 160 | "ap-south-1" : {"HVM64" : "ami-0ad42f4f66f6c1cc9", "HVMG2" : "ami-0244c1d42815af84a"}, 161 | "us-east-2" : {"HVM64" : "ami-0cd3dfa4e37921605", "HVMG2" : "NOT_SUPPORTED"}, 162 | "ca-central-1" : {"HVM64" : "ami-07423fb63ea0a0930", "HVMG2" : "NOT_SUPPORTED"}, 163 | "sa-east-1" : {"HVM64" : "ami-05145e0b28ad8e0b2", "HVMG2" : "NOT_SUPPORTED"}, 164 | "cn-north-1" : {"HVM64" : "ami-053617c9d818c1189", "HVMG2" : "NOT_SUPPORTED"}, 165 | "cn-northwest-1" : {"HVM64" : "ami-0f7937761741dc640", "HVMG2" : "NOT_SUPPORTED"} 166 | } 167 | 168 | }, 169 | 170 | "Resources" : { 171 | "EC2Instance" : { 172 | "Type" : "AWS::EC2::Instance", 173 | "Properties" : { 174 | "InstanceType" : { "Ref" : "InstanceType" }, 175 | "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], 176 | "KeyName" : { "Ref" : "KeyName" }, 177 | "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, 178 | { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] } 179 | } 180 | }, 181 | 182 | "InstanceSecurityGroup" : { 183 | "Type" : "AWS::EC2::SecurityGroup", 184 | "Properties" : { 185 | "GroupDescription" : "Enable SSH access via port 22", 186 | "SecurityGroupIngress" : [ { 187 | "IpProtocol" : "tcp", 188 | "FromPort" : "22", 189 | "ToPort" : "22", 190 | "CidrIp" : { "Ref" : "SSHLocation"} 191 | } ] 192 | } 193 | } 194 | }, 195 | 196 | "Outputs" : { 197 | "InstanceId" : { 198 | "Description" : "InstanceId of the newly created EC2 instance", 199 | "Value" : { "Ref" : "EC2Instance" } 200 | }, 201 | "AZ" : { 202 | "Description" : "Availability Zone of the newly created EC2 instance", 203 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ] } 204 | }, 205 | "PublicDNS" : { 206 | "Description" : "Public DNSName of the newly created EC2 instance", 207 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicDnsName" ] } 208 | }, 209 | "PublicIP" : { 210 | "Description" : "Public IP address of the newly created EC2 instance", 211 | "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicIp" ] } 212 | } 213 | } 214 | } 215 | --------------------------------------------------------------------------------