├── labs ├── security │ ├── data-protection │ │ ├── acm.yml │ │ ├── alb.yml │ │ ├── aws-encryption.py │ │ ├── cloudtrail.yml │ │ ├── codepipeline.yml │ │ ├── config-rules.yml │ │ ├── cloudwatch-event-rules.yml │ │ ├── sqs.yml │ │ ├── kms.yml │ │ └── dynamodb.yml │ ├── incident-response │ │ └── README.md │ ├── logging-monitoring │ │ └── README.md │ ├── infrastructure-security │ │ └── README.md │ └── identity-access-management │ │ └── README.md ├── ecs │ ├── README.md │ ├── example-parameters.json │ ├── ecs-repo.json │ ├── configure-ecs.sh │ └── config-template.xml ├── polly │ ├── docs │ │ ├── copy-text.png │ │ ├── polly-arch.png │ │ └── codepipeline-polly.png │ ├── README.md │ ├── test.sh │ ├── launch-stack.sh │ ├── wordpress-polly.yml │ └── pipeline.yml ├── opsworks │ ├── example-parameters.json │ └── README.md ├── budgets │ ├── docs │ │ ├── budget-email.png │ │ ├── budgets-arch.png │ │ └── budget-dashboard.png │ ├── README.md │ └── budget-notifications.yml ├── eb │ ├── example-parameters.json │ ├── README.md │ └── elasticbeanstalk-codepipeline.yml ├── codecommit │ ├── README.md │ └── example-parameters-cpl-cfn.json ├── containers │ └── docker │ │ └── build │ │ ├── README.md │ │ └── example-parameters.json ├── codepipeline │ ├── README.md │ ├── example-parameters-lambda.json │ ├── codepipeline-notifications.yml │ ├── codedeploy-deployment.json │ └── simple.yml ├── spa │ ├── README.md │ ├── example-parameters.json │ └── pipeline.yml ├── lambda │ ├── example-parameters.json │ └── lambda-codepipeline.json ├── codebuild │ ├── example-parameters.json │ └── codebuild.yml ├── _example │ └── example.yml ├── s3 │ ├── README.md │ └── pipeline.yml ├── chef │ ├── example_parameters │ │ ├── chef-compliance.json │ │ └── chef-complete-ecosystem.json │ ├── README.md │ └── chef-compliance.yml ├── test_instances │ ├── example_parameters │ │ └── rhel-ubuntu-win2012.json │ └── README.md ├── codedeploy │ ├── codedeploy-oneinstance.json │ ├── codedeploy-deployment.json │ └── codedeploy-master.json ├── wordpress │ ├── example_parameters │ │ └── wordpress-nginx.json │ └── README.md ├── bitbucket │ ├── bitbucket-parameters.json │ └── README.md ├── mediawiki │ ├── README.md │ └── example_parameters │ │ └── mediawiki-nginx.json └── codepipeline_approval_gate_tracking │ └── README.md ├── .gitmodules ├── test-platform └── README.md ├── .github ├── pull_request_template.md ├── issue_template.md └── labels.json ├── security ├── example_parameters │ └── iam-default-instance-profile.json ├── packer_group_policy.yml └── iam-default-instance-profile.json ├── simple └── simple-sqs.yml ├── storage ├── parameters_examples │ ├── s3-backup-bucket-delete-previous.json │ └── efs.json ├── README.md ├── s3-backup-bucket-delete-previous.yml └── efs.yml ├── infrastructure ├── iam │ ├── iam-elevated-services.json │ ├── README.md │ ├── StelligentServicesMFAPolicy.json │ ├── iam-available-services.json │ └── StelligentConfigureOwnMFAPolicy.json ├── example_parameters │ ├── nat-gateway.json │ ├── vpn-bgp.json │ ├── utm9.json │ ├── proxy-awsapi-devops-access.json │ ├── vpc.json │ └── bastion.json ├── nat-gateway.yml ├── nat-gateway.json └── vpn-static.yml ├── .gitignore ├── LICENSE.md ├── database ├── example_parameters │ ├── create-rds-from-snapshot.json │ └── mysql-rds.json └── README.md ├── autoscaling ├── README.md ├── archive │ └── bakedami-parameters.json └── example_parameters │ └── bakedami--elb-rdsbackend.json ├── orchestrators ├── README.md └── example_parameters │ └── infrastructure.json └── pipeline.yml /labs/security/data-protection/acm.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/data-protection/alb.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/incident-response/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/logging-monitoring/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/data-protection/aws-encryption.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/data-protection/cloudtrail.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/data-protection/codepipeline.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/data-protection/config-rules.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/infrastructure-security/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/identity-access-management/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /labs/security/data-protection/cloudwatch-event-rules.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "cfn_launcher"] 2 | path = cfn_launcher 3 | url = https://github.com/bonusbits/cfn_launcher.git 4 | -------------------------------------------------------------------------------- /labs/ecs/README.md: -------------------------------------------------------------------------------- 1 | # ECS Solutions Templates 2 | 3 | ## Purpose 4 | 5 | Collection of EC2 Container Service Solution Templates. 6 | -------------------------------------------------------------------------------- /labs/polly/docs/copy-text.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cloudformation_templates/HEAD/labs/polly/docs/copy-text.png -------------------------------------------------------------------------------- /labs/polly/docs/polly-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cloudformation_templates/HEAD/labs/polly/docs/polly-arch.png -------------------------------------------------------------------------------- /labs/opsworks/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "KeyName", 4 | "ParameterValue": "stelligent-dev" 5 | } 6 | ] -------------------------------------------------------------------------------- /test-platform/README.md: -------------------------------------------------------------------------------- 1 | # Stelligent CloudFormation Templates 2 | 3 | ## Purpose 4 | Empty Folder for creating test-platform resources -------------------------------------------------------------------------------- /labs/budgets/docs/budget-email.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cloudformation_templates/HEAD/labs/budgets/docs/budget-email.png -------------------------------------------------------------------------------- /labs/budgets/docs/budgets-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cloudformation_templates/HEAD/labs/budgets/docs/budgets-arch.png -------------------------------------------------------------------------------- /labs/eb/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "RepositoryName", 4 | "ParameterValue": "codecommit-demo" 5 | } 6 | ] -------------------------------------------------------------------------------- /labs/budgets/docs/budget-dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cloudformation_templates/HEAD/labs/budgets/docs/budget-dashboard.png -------------------------------------------------------------------------------- /labs/polly/docs/codepipeline-polly.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stelligent/cloudformation_templates/HEAD/labs/polly/docs/codepipeline-polly.png -------------------------------------------------------------------------------- /labs/opsworks/README.md: -------------------------------------------------------------------------------- 1 | # AWS OpsWorks Solutions Templates 2 | 3 | ## Purpose 4 | 5 | Collection of AWS OpsWorks Solution CloudFormation Templates. 6 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | # Change Details 2 | * ... 3 | 4 | # Links 5 | * [Related Issue](https://github.com/stelligent/cloudformation_templates/issues/00) -------------------------------------------------------------------------------- /labs/codecommit/README.md: -------------------------------------------------------------------------------- 1 | # AWS CodeCommit Solutions Templates 2 | 3 | ## Purpose 4 | 5 | Collection of AWS CodeCommit Solution CloudFormation Templates. 6 | -------------------------------------------------------------------------------- /labs/containers/docker/build/README.md: -------------------------------------------------------------------------------- 1 | # Docker Build Container Solutions Templates 2 | 3 | ## Purpose 4 | 5 | Collection of Docker Build Container Solutions 6 | -------------------------------------------------------------------------------- /labs/codepipeline/README.md: -------------------------------------------------------------------------------- 1 | # AWS CodePipeline Solutions Templates 2 | 3 | ## Purpose 4 | 5 | Collection of AWS CodePipeline Solution CloudFormation Templates. 6 | -------------------------------------------------------------------------------- /labs/codepipeline/example-parameters-lambda.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey":"EmailAddress", 4 | "ParameterValue":"youremailaddress@example.com" 5 | } 6 | ] -------------------------------------------------------------------------------- /labs/eb/README.md: -------------------------------------------------------------------------------- 1 | # AWS Elastic Beanstalk Solutions Templates 2 | 3 | ## Purpose 4 | 5 | Collection of AWS Elastic Beanstalk Solution CloudFormation Templates. 6 | -------------------------------------------------------------------------------- /labs/spa/README.md: -------------------------------------------------------------------------------- 1 | # Single-Page Application Pipeline 2 | 3 | ## Purpose 4 | 5 | CloudFormation template to deploy a single-page app to S3 bucket for website hosting 6 | 7 | -------------------------------------------------------------------------------- /labs/polly/README.md: -------------------------------------------------------------------------------- 1 | # Amazon Polly Automation 2 | 3 | See [Automating Amazon Polly for WordPress 4 | ](https://stelligent.com/2018/08/29/automating-amazon-polly-for-wordpress/) 5 | -------------------------------------------------------------------------------- /.github/issue_template.md: -------------------------------------------------------------------------------- 1 | ## Request 2 | - [ ] Bug 3 | - [ ] New Feature 4 | - [ ] Refactor 5 | - [ ] Question 6 | - [ ] Documentation 7 | - [ ] Tests 8 | - [ ] Other 9 | 10 | ## Details 11 | * ... -------------------------------------------------------------------------------- /labs/budgets/README.md: -------------------------------------------------------------------------------- 1 | # AWS Budget Notifications 2 | 3 | See [AWS Budget Notifications in CloudFormation 4 | ](https://stelligent.com/2018/08/22/aws-budget-notifications-in-cloudformation/) blog post. 5 | -------------------------------------------------------------------------------- /labs/lambda/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey":"S3BucketLambdaFunction", 4 | "ParameterValue":"stelligent-training-public" 5 | }, 6 | { 7 | "ParameterKey":"Version", 8 | "ParameterValue":"1" 9 | } 10 | ] -------------------------------------------------------------------------------- /labs/spa/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "SiteBucketName", 4 | "ParameterValue": "sample-s3-website" 5 | }, 6 | { 7 | "ParameterKey": "GitHubToken", 8 | "ParameterValue": "XXXXXXXXXXXXXXXXX" 9 | } 10 | ] 11 | -------------------------------------------------------------------------------- /labs/codecommit/example-parameters-cpl-cfn.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey":"EC2KeyPairName", 4 | "ParameterValue":"stelligent-dev" 5 | }, 6 | { 7 | "ParameterKey":"EmailAddress", 8 | "ParameterValue":"jsmith@example.com" 9 | }, 10 | { 11 | "ParameterKey":"RepoName", 12 | "ParameterValue":"my-cc-repo" 13 | } 14 | ] -------------------------------------------------------------------------------- /labs/codebuild/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey":"EmailAddress", 4 | "ParameterValue":"youremailaddress@example.com" 5 | }, 6 | { 7 | "ParameterKey":"RepositoryBranch", 8 | "ParameterValue":"master" 9 | }, 10 | { 11 | "ParameterKey":"EC2KeyPairName", 12 | "ParameterValue":"stelligent-key" 13 | } 14 | ] -------------------------------------------------------------------------------- /security/example_parameters/iam-default-instance-profile.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "IAM EC2 Instance Policy Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | } 14 | ] -------------------------------------------------------------------------------- /security/packer_group_policy.yml: -------------------------------------------------------------------------------- 1 | Resources: 2 | PackerGroup: 3 | Type: AWS::IAM::Group 4 | Properties: 5 | GroupName: Packer_Group 6 | PackerPolicy: 7 | Type: AWS::IAM::Policy 8 | Properties: 9 | PolicyName: PackerPolicy 10 | Groups: 11 | - !Ref PackerGroup 12 | PolicyDocument: 13 | Version: "2012-10-17" 14 | Statement: 15 | - 16 | Action: 17 | - ec2:* 18 | Effect: Allow 19 | Resource: "*" 20 | -------------------------------------------------------------------------------- /labs/security/data-protection/sqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: SQS Queue 4 | Parameters: 5 | QueueName: 6 | Type: String 7 | Description: Name of SQS Queue 8 | Default: "SampleQueue" 9 | Resources: 10 | MyQueue: 11 | Type: AWS::SQS::Queue 12 | Properties: 13 | QueueName: 14 | Fn::Join: 15 | - '' 16 | - - !Ref QueueName 17 | - Ref: AWS::StackName 18 | Outputs: 19 | QueueName: 20 | Value: 21 | Ref: MyQueue 22 | 23 | 24 | -------------------------------------------------------------------------------- /labs/containers/docker/build/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey":"AvailabilityZone1", 4 | "ParameterValue":"us-east-1c" 5 | }, 6 | { 7 | "ParameterKey":"AvailabilityZone2", 8 | "ParameterValue":"us-east-1d" 9 | }, 10 | { 11 | "ParameterKey":"InstanceType", 12 | "ParameterValue":"t2.small" 13 | }, 14 | { 15 | "ParameterKey":"KeyPair", 16 | "ParameterValue":"stelligent-dev" 17 | }, 18 | { 19 | "ParameterKey":"PublicAccessCIDR", 20 | "ParameterValue":"192.168.1.19/32" 21 | } 22 | ] -------------------------------------------------------------------------------- /simple/simple-sqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Stelligent CloudFormation Sample Template ** This template creates one 4 | or more Amazon resources. You will be billed for the AWS resources used if you create 5 | a stack from this template. 6 | Resources: 7 | MyQueue: 8 | Type: AWS::SQS::Queue 9 | Properties: 10 | QueueName: 11 | Fn::Join: 12 | - '' 13 | - - SampleQueue- 14 | - Ref: AWS::StackName 15 | Outputs: 16 | MyAWSAccountId: 17 | Value: 18 | Ref: AWS::AccountId 19 | -------------------------------------------------------------------------------- /labs/_example/example.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: This template creates one or more Amazon resources. 4 | You will be billed for AWS resources used if you create a stack 5 | Resources: 6 | MyQueue: 7 | Type: AWS::SQS::Queue 8 | Properties: 9 | QueueName: 10 | Fn::Join: 11 | - '' 12 | - - SampleQueue- 13 | - Ref: AWS::StackName 14 | Outputs: 15 | SourceQueueARN: 16 | Description: "ARN of source queue" 17 | Value: 18 | Fn::GetAtt: 19 | - "MyQueue" 20 | - "Arn" 21 | -------------------------------------------------------------------------------- /labs/ecs/example-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey":"RepositoryName", 4 | "ParameterValue":"ecs-demo" 5 | }, 6 | { 7 | "ParameterKey":"RepositoryBranch", 8 | "ParameterValue":"master" 9 | }, 10 | { 11 | "ParameterKey":"KeyName", 12 | "ParameterValue":"stelligent-dev" 13 | }, 14 | { 15 | "ParameterKey":"YourIP", 16 | "ParameterValue":"192.168.1.19/32" 17 | }, 18 | { 19 | "ParameterKey":"ECSCFNURL", 20 | "ParameterValue":"NOURL" 21 | }, 22 | { 23 | "ParameterKey":"AppName", 24 | "ParameterValue":"youruniquevalue" 25 | } 26 | ] -------------------------------------------------------------------------------- /storage/parameters_examples/s3-backup-bucket-delete-previous.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "EFS Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VpcE", 16 | "ParameterValue": "vpce-00000000" 17 | }, 18 | { 19 | "ParameterKey": "BucketName", 20 | "ParameterValue": "my-backup-bucket" 21 | }, 22 | { 23 | "ParameterKey": "PreviousLifeCycle", 24 | "ParameterValue": "30" 25 | } 26 | ] -------------------------------------------------------------------------------- /infrastructure/iam/iam-elevated-services.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "AvailableServicesStatement", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "devicefarm:*" 9 | ], 10 | "Resource": "*", 11 | "Condition": { 12 | "StringEquals": { 13 | "aws:RequestedRegion": [ 14 | "us-west-1", 15 | "us-west-2", 16 | "us-east-1", 17 | "us-east-2" 18 | ] 19 | } 20 | } 21 | } 22 | ] 23 | } -------------------------------------------------------------------------------- /infrastructure/iam/README.md: -------------------------------------------------------------------------------- 1 | # IAM CloudFormation Templates 2 | 3 | ## Purpose 4 | 5 | IAM Policies for restricting access to AWS resource unless MFA is present. Refer to [How do I use an MFA token to authenticate access to my AWS resources through the AWS CLI?](https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/) 6 | 7 | To generate temporary credentials see the [Generating Temporary Credentials](https://github.com/stelligent/cloudformation_templates/wiki/Generating-Temporary-Credentials) wiki page. 8 | 9 | To securely connect to a CodeCommit Repo using MFA, see [Connect Securely to AWS CodeCommit with MFA](https://github.com/stelligent/cloudformation_templates/wiki/Connect-Securely-to-AWS-CodeCommit-with-MFA) 10 | -------------------------------------------------------------------------------- /storage/parameters_examples/efs.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "EFS Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "Subnet1", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "Subnet2", 24 | "ParameterValue": "subnet-00000000" 25 | }, 26 | { 27 | "ParameterKey": "Subnet3", 28 | "ParameterValue": "subnet-00000000" 29 | }, 30 | { 31 | "ParameterKey": "PerformanceMode", 32 | "ParameterValue": "generalPurpose" 33 | } 34 | ] -------------------------------------------------------------------------------- /infrastructure/example_parameters/nat-gateway.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "NAT Gateway Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "PublicSubnet", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "PrivateRouteTable", 24 | "ParameterValue": "rtb-00000000" 25 | }, 26 | { 27 | "ParameterKey": "PublicNetworkAcl", 28 | "ParameterValue": "acl-00000000" 29 | }, 30 | { 31 | "ParameterKey": "AllowNatRuleNumber", 32 | "ParameterValue": "120" 33 | } 34 | ] -------------------------------------------------------------------------------- /labs/polly/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # aws s3 cp s3://delete-pmd-guardduty/text-for-polly/text-for-polly.txt text-for-polly.txt 4 | # testvar=$(cat /home/ec2-user/environment/cloudformation_templates/labs/polly/blog.txt) 5 | 6 | testvar=$(cat /home/ec2-user/environment/cloudformation_templates/labs/polly/blog.txt) 7 | 8 | # testvar="Here is my test of Polly" 9 | 10 | echo $testvar 11 | 12 | # aws polly synthesize-speech --output-format mp3 --voice-id Brian --text "$testvar" polly3.mp3 13 | aws polly start-speech-synthesis-task --output-format mp3 --output-s3-bucket-name delete-pmd-guardduty --text "$testvar" --voice-id Brian 14 | # aws s3 cp polly4.mp3 s3://delete-pmd-guardduty/polly4.mp3 15 | 16 | # aws polly start-speech-synthesis-task --output-format mp3 --voice-id Joanna --output-s3-bucket-name delete-pmd-guardduty --text ./labs/polly/blog.txt hello.mp3 -------------------------------------------------------------------------------- /labs/s3/README.md: -------------------------------------------------------------------------------- 1 | # Launch Stack 2 | 3 | [![Launch CFN stack](https://s3.amazonaws.com/www.devopsessentialsaws.com/img/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#cstack=sn%7Estelligent-cloudformation-templates"%7Cturl%7Ehttps://s3.amazonaws.com/stelligent-cloudformation-templates/labs/s3/pipeline.yml) 4 | 5 | # Configure Solution 6 | 7 | 1. Once the CloudFormation stack is successful, select the checkbox next to the stack and click the **Outputs** tab. 8 | 1. From **Outputs**, click on the **PipelineUrl** output. 9 | 1. Once the pipeline is complete, go to your CloudFormation Outputs and click on the **SiteUrl** Output 10 | 11 | # Resources 12 | 13 | 1. The CloudFormation template is available [here](https://s3.amazonaws.com/stelligent-cloudformation-templates/labs/s3/pipeline.yml). 14 | 15 | 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /labs/chef/example_parameters/chef-compliance.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "Autoscaling Baked AMI Webapp Stack Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "08/01/2016" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-b9f488dd" 17 | }, 18 | { 19 | "ParameterKey": "PublicSubnet", 20 | "ParameterValue": "subnet-24197570" 21 | }, 22 | { 23 | "ParameterKey": "InternalAccessSecurityGroup", 24 | "ParameterValue": "sg-69d8410f" 25 | }, 26 | { 27 | "ParameterKey": "RemoteSecurityGroup", 28 | "ParameterValue": "sg-50d8410d" 29 | }, 30 | { 31 | "ParameterKey": "Ec2KeyPair", 32 | "ParameterValue": "bonusbits-dev" 33 | } 34 | ] -------------------------------------------------------------------------------- /infrastructure/iam/StelligentServicesMFAPolicy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "AvailableServicesStatement", 6 | "Effect": "Allow", 7 | "Action": "*", 8 | "Resource": "*", 9 | "Condition": { 10 | "Bool": { 11 | "aws:MultiFactorAuthPresent": "true" 12 | }, 13 | "NumericLessThan": { 14 | "aws:MultiFactorAuthAge": "43200" 15 | }, 16 | "StringEquals": { 17 | "aws:RequestedRegion": [ 18 | "us-west-1", 19 | "us-west-2", 20 | "us-east-1", 21 | "us-east-2" 22 | ] 23 | } 24 | } 25 | } 26 | ] 27 | } -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | *# 3 | .#* 4 | \#*# 5 | .*.sw[a-z] 6 | *.un~ 7 | pkg/ 8 | 9 | # Berkshelf 10 | .vagrant 11 | /cookbooks 12 | Berksfile.lock 13 | 14 | # Bundler 15 | Gemfile.lock 16 | bin/* 17 | .bundle/* 18 | 19 | .kitchen.local.yml 20 | **/.kitchen 21 | 22 | # JetBrains template 23 | ## Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion 24 | *.iml 25 | .idea 26 | /out/ 27 | .idea_modules/ 28 | atlassian-ide-plugin.xml 29 | com_crashlytics_export_strings.xml 30 | crashlytics.properties 31 | crashlytics-build.properties 32 | 33 | # Linux template 34 | .directory 35 | .Trash-* 36 | 37 | # Mac OS 38 | .DS_Store 39 | ._.DS_Store 40 | .localized 41 | 42 | # Windows template 43 | # Windows image file caches 44 | Thumbs.db 45 | ehthumbs.db 46 | 47 | # Folder config file 48 | Desktop.ini 49 | 50 | # Recycle Bin used on file shares 51 | $RECYCLE.BIN/ 52 | 53 | # Windows Installer files 54 | *.cab 55 | *.msi 56 | *.msm 57 | *.msp 58 | 59 | # Windows shortcuts 60 | *.lnk 61 | /tmp/ 62 | -------------------------------------------------------------------------------- /.github/labels.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "Priority: Critical", 4 | "color": "e11d21" 5 | }, 6 | { 7 | "name": "Priority: High", 8 | "color": "eb6420" 9 | }, 10 | { 11 | "name": "Priority: Low", 12 | "color": "009800" 13 | }, 14 | { 15 | "name": "Priority: Medium", 16 | "color": "fbca04" 17 | }, 18 | { 19 | "name": "Status: Backlog", 20 | "color": "207de5" 21 | }, 22 | { 23 | "name": "Status: Done", 24 | "color": "009800" 25 | }, 26 | { 27 | "name": "Status: In Progress", 28 | "color": "c2e0c6" 29 | }, 30 | { 31 | "name": "Type: Bug", 32 | "color": "e11d21" 33 | }, 34 | { 35 | "name": "Type: Documentation", 36 | "color": "006b75" 37 | }, 38 | { 39 | "name": "Type: New Feature", 40 | "color": "207de5" 41 | }, 42 | { 43 | "name": "Type: Question", 44 | "color": "d4c5f9" 45 | }, 46 | { 47 | "name": "Type: Refactor", 48 | "color": "bfdadc" 49 | }, 50 | { 51 | "name": "Type: Tests", 52 | "color": "0c98bc" 53 | } 54 | ] -------------------------------------------------------------------------------- /labs/security/data-protection/kms.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: KMS Key 4 | Parameters: 5 | Key: 6 | Type: String 7 | Value: 8 | Type: String 9 | Resources: 10 | myKey: 11 | Type: AWS::KMS::Key 12 | Properties: 13 | EnableKeyRotation: true 14 | PendingWindowInDays: 7 15 | KeyPolicy: 16 | Version: 2012-10-17 17 | Id: !Ref 'AWS::StackName' 18 | Statement: 19 | - Sid: Enable IAM User Permissions 20 | Effect: Allow 21 | Principal: 22 | AWS: !Join 23 | - '' 24 | - - 'arn:aws:iam::' 25 | - !Ref 'AWS::AccountId' 26 | - ':root' 27 | Action: 'kms:*' 28 | Resource: '*' 29 | Tags: 30 | - Key: !Ref Key 31 | Value: !Ref Value 32 | myAlias: 33 | Type: AWS::KMS::Alias 34 | Properties: 35 | AliasName: !Sub alias/${AWS::StackName} 36 | TargetKeyId: 37 | Ref: myKey 38 | Outputs: 39 | KmsId: 40 | Description: "KMS ID" 41 | Value: 42 | Ref: "myKey" -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016-2020 Stelligent 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /labs/polly/launch-stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # sudo chmod +x *.sh 3 | # ./launch-stack.sh 4 | 5 | AWS_REGION=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/\(.*\)[a-z]/\1/') 6 | 7 | MYNAME=${1:-pmd} 8 | PROJECTNAME=${2:-polly} 9 | TMPDIR=${3:-tmp-gitrepo} 10 | S3BUCKET=${4:-$PROJECTNAME-$MYNAME} 11 | SAMSTACK=${5:-$PROJECTNAME-$MYNAME-$AWS_REGION} 12 | CFNSTACK=${6:-$PROJECTNAME-$MYNAME} 13 | PIPELINEYAML=${7:-pipeline.yml} 14 | OTHER=${8:-pmd-polly-1728} 15 | 16 | sudo rm -rf $TMPDIR 17 | mkdir $TMPDIR 18 | cd $TMPDIR 19 | git clone https://github.com/stelligent/cloudformation_templates.git 20 | 21 | aws s3api list-buckets --query 'Buckets[?starts_with(Name, `'$S3BUCKET'`) == `true`].[Name]' --output text | xargs -I {} aws s3 rb s3://{} --force 22 | 23 | aws s3 mb s3://$S3BUCKET-$(aws sts get-caller-identity --output text --query 'Account') 24 | 25 | aws cloudformation delete-stack --stack-name $CFNSTACK 26 | 27 | aws cloudformation wait stack-delete-complete --stack-name $CFNSTACK 28 | 29 | cd cloudformation_templates/labs/polly 30 | 31 | aws cloudformation create-stack --stack-name $CFNSTACK --capabilities CAPABILITY_NAMED_IAM --disable-rollback --template-body file://$PIPELINEYAML -------------------------------------------------------------------------------- /infrastructure/example_parameters/vpn-bgp.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "NAT Gateway Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-b9f488dd" 17 | }, 18 | { 19 | "ParameterKey": "PublicRouteTable", 20 | "ParameterValue": "rtb-d6cce3b2" 21 | }, 22 | { 23 | "ParameterKey": "PrivateRouteTable", 24 | "ParameterValue": "rtb-d5cce3b1" 25 | }, 26 | { 27 | "ParameterKey": "PublicNetworkAcl", 28 | "ParameterValue": "acl-3d207459" 29 | }, 30 | { 31 | "ParameterKey": "PrivateNetworkAcl", 32 | "ParameterValue": "acl-3c207458" 33 | }, 34 | { 35 | "ParameterKey": "RemoteVpnDeviceIp", 36 | "ParameterValue": "50.23.45.67" 37 | }, 38 | { 39 | "ParameterKey": "RemoteNetworkCidr", 40 | "ParameterValue": "192.168.100.0/24" 41 | }, 42 | { 43 | "ParameterKey": "RemoteBgpAsn", 44 | "ParameterValue": "65000" 45 | }, 46 | { 47 | "ParameterKey": "IncludePublicSubnets", 48 | "ParameterValue": "true" 49 | } 50 | ] -------------------------------------------------------------------------------- /labs/codepipeline/codepipeline-notifications.yml: -------------------------------------------------------------------------------- 1 | --- 2 | Description: Automate provisioning of CodePipeline notifications. 3 | AWSTemplateFormatVersion: '2010-09-09' 4 | Parameters: 5 | EmailAddress: 6 | Description: Email Address for sending SNS notifications 7 | Type: String 8 | Resources: 9 | EventRule: 10 | Type: "AWS::Events::Rule" 11 | Properties: 12 | Description: "EventRule" 13 | EventPattern: 14 | source: 15 | - aws.codepipeline 16 | detail-type: 17 | - CodePipeline Pipeline Execution State Change 18 | detail: 19 | state: 20 | - FAILED 21 | State: "ENABLED" 22 | Targets: 23 | - 24 | Arn: 25 | Ref: "MySNSTopic" 26 | Id: "PipelineNotificationTopic" 27 | InputTransformer: 28 | InputTemplate: '"The Pipeline has failed. Go to https://console.aws.amazon.com/codepipeline/home?region=us-east-1#/view/" ' 29 | InputPathsMap: 30 | pipeline: "$.detail.pipeline" 31 | MySNSTopic: 32 | Type: AWS::SNS::Topic 33 | Properties: 34 | Subscription: 35 | - Endpoint: 36 | Ref: EmailAddress 37 | Protocol: email -------------------------------------------------------------------------------- /labs/security/data-protection/dynamodb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: DDB 4 | Parameters: 5 | App: 6 | Type: String 7 | Default: 1234 8 | Stage: 9 | Type: String 10 | Default: 1234 11 | Stack: 12 | Type: String 13 | Default: 1234 14 | ReadCapacityUnits: 15 | Type: Number 16 | Default: 5 17 | WriteCapacityUnits: 18 | Type: Number 19 | Default: 5 20 | Resources: 21 | userTable: 22 | Type: AWS::DynamoDB::Table 23 | Properties: 24 | TableName: !Sub ${AWS::StackName} 25 | AttributeDefinitions: 26 | - AttributeName: userId 27 | AttributeType: S 28 | KeySchema: 29 | - AttributeName: userId 30 | KeyType: HASH 31 | ProvisionedThroughput: 32 | ReadCapacityUnits: !Ref ReadCapacityUnits 33 | WriteCapacityUnits: !Ref WriteCapacityUnits 34 | SSESpecification: 35 | SSEEnabled: true 36 | TimeToLiveSpecification: 37 | Enabled: true 38 | AttributeName: 'ttl' 39 | Tags: 40 | - Key: Stage 41 | Value: !Ref Stage 42 | - Key: Stack 43 | Value: !Ref Stack 44 | - Key: App 45 | Value: !Ref App 46 | 47 | -------------------------------------------------------------------------------- /labs/test_instances/example_parameters/rhel-ubuntu-win2012.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "First Last" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "RHEL Bastion Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "RHELSubnet", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "UbuntuSubnet", 24 | "ParameterValue": "subnet-00000000" 25 | }, 26 | { 27 | "ParameterKey": "WindowsSubnet", 28 | "ParameterValue": "subnet-00000000" 29 | }, 30 | { 31 | "ParameterKey": "InternalAccessSecurityGroup", 32 | "ParameterValue": "sg-00000000" 33 | }, 34 | { 35 | "ParameterKey": "RemoteSecurityGroup", 36 | "ParameterValue": "sg-00000000" 37 | }, 38 | { 39 | "ParameterKey": "InstanceTypeRHEL7", 40 | "ParameterValue": "t2.small" 41 | }, 42 | { 43 | "ParameterKey": "InstanceTypeUbuntu14", 44 | "ParameterValue": "t2.small" 45 | }, 46 | { 47 | "ParameterKey": "InstanceTypeWin2012", 48 | "ParameterValue": "t2.medium" 49 | } 50 | ] -------------------------------------------------------------------------------- /infrastructure/example_parameters/utm9.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "DeleteAfter", 8 | "ParameterValue": "Never" 9 | }, 10 | { 11 | "ParameterKey": "AMI", 12 | "ParameterValue": "autodetect" 13 | }, 14 | { 15 | "ParameterKey": "LicenseType", 16 | "ParameterValue": "BYOL" 17 | }, 18 | { 19 | "ParameterKey": "VpcId", 20 | "ParameterValue": "vpc-0000000" 21 | }, 22 | { 23 | "ParameterKey": "PrivateSubnetId", 24 | "ParameterValue": "sg-0000000" 25 | }, 26 | { 27 | "ParameterKey": "PublicSubnetId", 28 | "ParameterValue": "sg-0000000" 29 | }, 30 | { 31 | "ParameterKey": "PrivateNetworkCIDR", 32 | "ParameterValue": "0.0.0.0/0" 33 | }, 34 | { 35 | "ParameterKey": "PublicNetworkCIDR", 36 | "ParameterValue": "0.0.0.0/0" 37 | }, 38 | { 39 | "ParameterKey": "OptTrustedNetworkCIDR", 40 | "ParameterValue": "192.168.0.0/24" 41 | }, 42 | { 43 | "ParameterKey": "InstanceSize", 44 | "ParameterValue": "default" 45 | }, 46 | { 47 | "ParameterKey": "KeyName", 48 | "ParameterValue": "" 49 | }, 50 | { 51 | "ParameterKey": "OptExistingElasticIpId", 52 | "ParameterValue": "" 53 | } 54 | ] -------------------------------------------------------------------------------- /labs/codedeploy/codedeploy-oneinstance.json: -------------------------------------------------------------------------------- 1 | { 2 | "Description":"Launch nested CloudFormation stack to provision and run AWS CodeDeploy", 3 | "AWSTemplateFormatVersion":"2010-09-09", 4 | "Parameters":{ 5 | "EC2TagValue":{ 6 | "Description":"The tag value that identifies this as a target for deployments.", 7 | "Type":"String", 8 | "AllowedPattern":"[\\x20-\\x7E]*", 9 | "ConstraintDescription":"Can contain only ASCII characters." 10 | }, 11 | "EC2KeyPairName":{ 12 | "Description":"Name of an existing Amazon EC2 key pair to enable SSH or RDP access to the instances.", 13 | "Type":"AWS::EC2::KeyPair::KeyName", 14 | "MinLength":"1", 15 | "MaxLength":"255", 16 | "AllowedPattern":"[\\x20-\\x7E]*", 17 | "ConstraintDescription":"Can contain only ASCII characters." 18 | } 19 | }, 20 | "Resources":{ 21 | "CodeDeployEC2InstancesStack":{ 22 | "Type":"AWS::CloudFormation::Stack", 23 | "Properties":{ 24 | "TemplateURL":"http://s3.amazonaws.com/aws-codedeploy-us-east-1/templates/latest/CodeDeploy_SampleCF_Template.json", 25 | "TimeoutInMinutes":"60", 26 | "Parameters":{ 27 | "TagValue":{ 28 | "Ref":"EC2TagValue" 29 | }, 30 | "KeyPairName":{ 31 | "Ref":"EC2KeyPairName" 32 | } 33 | } 34 | } 35 | } 36 | } 37 | } -------------------------------------------------------------------------------- /infrastructure/example_parameters/proxy-awsapi-devops-access.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "DeleteAfter", 8 | "ParameterValue": "Never" 9 | }, 10 | { 11 | "ParameterKey": "VPC", 12 | "ParameterValue": "vpc-00000000" 13 | }, 14 | { 15 | "ParameterKey": "PublicSubnetIdList", 16 | "ParameterValue": "subnet-00000000,subnet-00000000,subnet-00000000" 17 | }, 18 | { 19 | "ParameterKey": "ProxySecurityGroupCidr", 20 | "ParameterValue": "10.10.0.0/16" 21 | }, 22 | { 23 | "ParameterKey": "InternalAccessSecurityGroup", 24 | "ParameterValue": "sg-0000000" 25 | }, 26 | { 27 | "ParameterKey": "ProxyFqdn", 28 | "ParameterValue": "proxy.mydomain.com" 29 | }, 30 | { 31 | "ParameterKey": "HostedZoneId", 32 | "ParameterValue": "ABCD1234567890" 33 | }, 34 | { 35 | "ParameterKey": "KeyPairName", 36 | "ParameterValue": "stack-uswest2-dev" 37 | }, 38 | { 39 | "ParameterKey": "InstanceType", 40 | "ParameterValue": "t2.nano" 41 | }, 42 | { 43 | "ParameterKey": "ChefClientVersion", 44 | "ParameterValue": "12.17.44" 45 | }, 46 | { 47 | "ParameterKey": "CookbookVersion", 48 | "ParameterValue": "1.0.2" 49 | }, 50 | { 51 | "ParameterKey": "GitLfsVersion", 52 | "ParameterValue": "1.5.4-1" 53 | }, 54 | { 55 | "ParameterKey": "SquidPort", 56 | "ParameterValue": "3128" 57 | } 58 | ] -------------------------------------------------------------------------------- /labs/polly/wordpress-polly.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Deployment Pipeline to create IAM Policy 4 | Parameters: 5 | GitHubUser: 6 | Type: String 7 | Description: GitHub User 8 | Default: "stelligent" 9 | Resources: 10 | WordpressPollyGroup: 11 | Type: AWS::IAM::Group 12 | Properties: 13 | GroupName: !Sub ${AWS::StackName}-polly-group 14 | Policies: 15 | - PolicyName: !Sub ${AWS::StackName}-polly-policy 16 | PolicyDocument: 17 | Statement: 18 | - Sid: Permissions1 19 | Effect: Allow 20 | Action: 21 | - s3:HeadBucket 22 | - polly:SynthesizeSpeech 23 | - polly:DescribeVoices 24 | Resource: "*" 25 | - Sid: Permissions2 26 | Effect: Allow 27 | Action: 28 | - s3:ListBucket 29 | - s3:GetBucketAcl 30 | - s3:GetBucketPolicy 31 | - s3:PutObject 32 | - s3:DeleteObject 33 | - s3:CreateBucket 34 | - s3:PutObjectAcl 35 | Resource: 36 | - arn:aws:s3:::audio_for_wordpress* 37 | - arn:aws:s3:::audio-for-wordpress* 38 | Outputs: 39 | WordpressPollyGroup: 40 | Value: !Ref WordpressPollyGroup 41 | Description: IAM Group you can use to assign to an IAM user https://console.aws.amazon.com/iam/home?region=us-east-1#/users$new?step=details -------------------------------------------------------------------------------- /infrastructure/example_parameters/vpc.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "VPC Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "RemoteCidrForSecurityGroup", 16 | "ParameterValue": "192.168.25.100/0" 17 | }, 18 | { 19 | "ParameterKey": "RemoteCidrForPublicAcl", 20 | "ParameterValue": "33.39.33.33/32" 21 | }, 22 | { 23 | "ParameterKey": "VPCSubnetCidrBlock", 24 | "ParameterValue": "10.20.0.0/16" 25 | }, 26 | { 27 | "ParameterKey": "PublicSubnetCidrBlock1", 28 | "ParameterValue": "10.20.1.0/24" 29 | }, 30 | { 31 | "ParameterKey": "PublicSubnetCidrBlock2", 32 | "ParameterValue": "10.20.2.0/24" 33 | }, 34 | { 35 | "ParameterKey": "PublicSubnetCidrBlock3", 36 | "ParameterValue": "10.20.3.0/24" 37 | }, 38 | { 39 | "ParameterKey": "PrivateSubnetCidrBlock1", 40 | "ParameterValue": "10.20.4.0/24" 41 | }, 42 | { 43 | "ParameterKey": "PrivateSubnetCidrBlock2", 44 | "ParameterValue": "10.20.5.0/24" 45 | }, 46 | { 47 | "ParameterKey": "PrivateSubnetCidrBlock3", 48 | "ParameterValue": "10.20.6.0/24" 49 | }, 50 | { 51 | "ParameterKey": "AvailabilityZone1", 52 | "ParameterValue": "a" 53 | }, 54 | { 55 | "ParameterKey": "AvailabilityZone2", 56 | "ParameterValue": "b" 57 | }, 58 | { 59 | "ParameterKey": "AvailabilityZone3", 60 | "ParameterValue": "c" 61 | } 62 | ] -------------------------------------------------------------------------------- /labs/test_instances/README.md: -------------------------------------------------------------------------------- 1 | # Lab Test Instances Lab CloudFormation Template 2 | 3 | ## Purpose 4 | Setup three default AMI test instances to use for testing in lab. The three instances are Red Hat Enterprise Linux (RHEL), Ubuntu server and Windows Server 2012 R2. 5 | 6 | ## Supported Regions 7 | * us-west-2 8 | * us-east-1 9 | 10 | ## Setup Instructions 11 | 12 | ### Infrastructure 13 | Either use an existing VPC Infrastructure or you can use the following templates to create a full lab in AWS. 14 | 15 | 1. [VPC](https://github.com/stelligent/cloudformation_templates/blob/master/infrastructure/vpc/vpc.yml) 16 | 1. Look at the VPC CloudFormation output for any needed values for the other template parameters. 17 | 2. [NAT Gateway](https://github.com/stelligent/cloudformation_templates/blob/master/infrastructure/nat/nat-gateway.yml) (Optional) 18 | 3. [VPN BGP Site-to-Site Connection](https://github.com/stelligent/cloudformation_templates/blob/master/infrastructure/vpn/vpn-bgp.yml) (Optional) 19 | 4. [Bastion Host](https://github.com/stelligent/cloudformation_templates/blob/master/infrastructure/bastion/bastion.yml) (Optional) 20 | 21 | ## Test Instances 22 | Select a test instance template: 23 | 1. [RHEL, Ubuntu and Windows 2012 R2](https://github.com/stelligent/cloudformation_templates/blob/master/labs/test_instances/rhel-ubuntu-win2012.yml) 24 |
**Details** 25 | 1. Create a Red Hat Enterprise Linux 7 EC2 Instance a Private Subnet. 26 | 2. Create a Ubuntu 14 EC2 Instance a Private Subnet. 27 | 3. Create a Windows 2012 EC2 Instance a Private Subnet. 28 | 29 | ### Notes 30 | Follow the setup instructions in the readme.md files associated to each template. 31 | -------------------------------------------------------------------------------- /labs/wordpress/example_parameters/wordpress-nginx.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "DeleteAfter", 8 | "ParameterValue": "00/00/201x" 9 | }, 10 | { 11 | "ParameterKey": "VPC", 12 | "ParameterValue": "vpc-00000000" 13 | }, 14 | { 15 | "ParameterKey": "SubnetId", 16 | "ParameterValue": "subnet-00000000" 17 | }, 18 | { 19 | "ParameterKey": "InternalAccessSecurityGroup", 20 | "ParameterValue": "sg-0000000" 21 | }, 22 | { 23 | "ParameterKey": "RemoteSecurityGroup", 24 | "ParameterValue": "sg-0000000" 25 | }, 26 | { 27 | "ParameterKey": "RdsSecurityGroup", 28 | "ParameterValue": "sg-0000000" 29 | }, 30 | { 31 | "ParameterKey": "EfsSecurityGroup", 32 | "ParameterValue": "sg-0000000" 33 | }, 34 | { 35 | "ParameterKey": "HostedZoneId", 36 | "ParameterValue": "Z1234567890" 37 | }, 38 | { 39 | "ParameterKey": "RecordName", 40 | "ParameterValue": "www.example.com" 41 | }, 42 | { 43 | "ParameterKey": "KeyPairName", 44 | "ParameterValue": "stack-uswest2-dev" 45 | }, 46 | { 47 | "ParameterKey": "InstanceType", 48 | "ParameterValue": "t2.micro" 49 | }, 50 | { 51 | "ParameterKey": "EfsMountPoint", 52 | "ParameterValue": "/path/to/mount1" 53 | }, 54 | { 55 | "ParameterKey": "EfsFileSystemId", 56 | "ParameterValue": "fs-00000000" 57 | }, 58 | { 59 | "ParameterKey": "DbHost", 60 | "ParameterValue": "db.domain.com" 61 | }, 62 | { 63 | "ParameterKey": "DbName", 64 | "ParameterValue": "mediawiki" 65 | }, 66 | { 67 | "ParameterKey": "DbUser", 68 | "ParameterValue": "mediawiki" 69 | }, 70 | { 71 | "ParameterKey": "DbPassword", 72 | "ParameterValue": "secret" 73 | } 74 | ] -------------------------------------------------------------------------------- /labs/bitbucket/bitbucket-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "Bitbucket Server Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "BitbucketVersion", 16 | "ParameterValue": "latest" 17 | }, 18 | { 19 | "ParameterKey": "CidrBlock", 20 | "ParameterValue": "0.0.0.0/0" 21 | }, 22 | { 23 | "ParameterKey": "EbsOptimized", 24 | "ParameterValue": "false" 25 | }, 26 | { 27 | "ParameterKey": "HomeIops", 28 | "ParameterValue": "5000" 29 | }, 30 | { 31 | "ParameterKey": "HomeSize", 32 | "ParameterValue": "100" 33 | }, 34 | { 35 | "ParameterKey": "HomeVolumeType", 36 | "ParameterValue": "General Purpose (SSD)" 37 | }, 38 | { 39 | "ParameterKey": "InstanceType", 40 | "ParameterValue": "t2.small" 41 | }, 42 | { 43 | "ParameterKey": "KeyName", 44 | "ParameterValue": "dev" 45 | }, 46 | { 47 | "ParameterKey": "RootIops", 48 | "ParameterValue": "2500" 49 | }, 50 | { 51 | "ParameterKey": "RootSize", 52 | "ParameterValue": "50" 53 | }, 54 | { 55 | "ParameterKey": "RootVolumeType", 56 | "ParameterValue": "General Purpose (SSD)" 57 | }, 58 | { 59 | "ParameterKey": "GenerateSSLCert", 60 | "ParameterValue": "false" 61 | }, 62 | { 63 | "ParameterKey": "Subnet", 64 | "ParameterValue": "subnet-00000000" 65 | }, 66 | { 67 | "ParameterKey": "VPC", 68 | "ParameterValue": "vpc-00000000" 69 | }, 70 | { 71 | "ParameterKey": "SetPublic", 72 | "ParameterValue": "false" 73 | }, 74 | { 75 | "ParameterKey": "InternalAccessSecurityGroup", 76 | "ParameterValue": "sg-00000000" 77 | } 78 | ] -------------------------------------------------------------------------------- /labs/ecs/ecs-repo.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion":"2010-09-09", 3 | "Description":"Stelligent CloudFormation Sample Template ** This template creates one or more Amazon resources. You will be billed for the AWS resources used if you create a stack from this template.", 4 | "Parameters":{ 5 | "IAMARN":{ 6 | "Type":"String", 7 | "Description":"Use the full ARN for the IAM user (e.g. arn:aws:iam::123456789012:user/patrick.henry)" 8 | } 9 | }, 10 | "Resources":{ 11 | "MyRepository":{ 12 | "Type":"AWS::ECR::Repository", 13 | "Properties":{ 14 | "RepositoryName":{ 15 | "Ref":"AWS::StackName" 16 | }, 17 | "RepositoryPolicyText":{ 18 | "Version":"2008-10-17", 19 | "Statement":[ 20 | { 21 | "Sid":"AllowPushPull", 22 | "Effect":"Allow", 23 | "Principal":{ 24 | "AWS":[ 25 | { 26 | "Ref":"IAMARN" 27 | } 28 | ] 29 | }, 30 | "Action":[ 31 | "ecr:GetDownloadUrlForLayer", 32 | "ecr:BatchGetImage", 33 | "ecr:BatchCheckLayerAvailability", 34 | "ecr:PutImage", 35 | "ecr:InitiateLayerUpload", 36 | "ecr:UploadLayerPart", 37 | "ecr:CompleteLayerUpload" 38 | ] 39 | } 40 | ] 41 | } 42 | } 43 | } 44 | }, 45 | "Outputs":{ 46 | "ECSRepository":{ 47 | "Value":{ 48 | "Ref":"MyRepository" 49 | } 50 | } 51 | } 52 | } -------------------------------------------------------------------------------- /infrastructure/example_parameters/bastion.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "RHEL Bastion Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "PublicSubnet", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "PublicNetworkAcl", 24 | "ParameterValue": "acl-00000000" 25 | }, 26 | { 27 | "ParameterKey": "InternalAccessSecurityGroup", 28 | "ParameterValue": "sg-00000000" 29 | }, 30 | { 31 | "ParameterKey": "OsType", 32 | "ParameterValue": "rhel" 33 | }, 34 | { 35 | "ParameterKey": "NetworkAccessIP", 36 | "ParameterValue": "50.23.45.67/32" 37 | }, 38 | { 39 | "ParameterKey": "AllowSshRdpToBastionRuleNumber", 40 | "ParameterValue": "200" 41 | }, 42 | { 43 | "ParameterKey": "AllowIcmpToBastionRuleNumber", 44 | "ParameterValue": "205" 45 | }, 46 | { 47 | "ParameterKey": "PackageList", 48 | "ParameterValue": "curl wget mlocate ca-certificates openssl vim git wireshark nmap mysql" 49 | }, 50 | { 51 | "ParameterKey": "InstallChefdk", 52 | "ParameterValue": "true" 53 | }, 54 | { 55 | "ParameterKey": "ChefdkVersion", 56 | "ParameterValue": "0.18.30-1" 57 | }, 58 | { 59 | "ParameterKey": "InstallChefClient", 60 | "ParameterValue": "false" 61 | }, 62 | { 63 | "ParameterKey": "ChefClientVersion", 64 | "ParameterValue": "12.14.89" 65 | }, 66 | { 67 | "ParameterKey": "Ec2KeyPair", 68 | "ParameterValue": "bonusbits-dev" 69 | }, 70 | { 71 | "ParameterKey": "InstanceType", 72 | "ParameterValue": "t2.small" 73 | } 74 | ] -------------------------------------------------------------------------------- /labs/ecs/configure-ecs.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | 4 | echo "In configure-ecs.sh" 5 | script_dir="$(dirname "$0")" 6 | bin_dir="$(dirname $0)/../bin" 7 | 8 | echo The value of arg 0 = $0 9 | echo The value of arg 1 = $1 10 | echo The value of arg 2 = $2 11 | echo The value of arg 3 = $3 12 | echo The value of arg 4 = $4 13 | echo The value of arg script_dir = $script_dir 14 | echo UPDATED 201606072316 15 | 16 | MY_STACK=$1 17 | MY_ACCTID=$2 18 | MY_ECR=$3 19 | MY_URL=$4 20 | 21 | echo The value of MY_STACK is $MY_STACK 22 | echo The value of MY_ACCTID is $MY_ACCTID 23 | echo The value of MY_ECR is $MY_ECR 24 | 25 | # Unique ID for Docker tag 26 | uuid=$(date +%s) 27 | awsacctid="$MY_ACCTID" 28 | ecr_repo="$MY_ECR" 29 | ecs_stack_name="$MY_STACK" 30 | 31 | ecs_template_url="https://s3.amazonaws.com/stelligent-training-public/public/codepipeline/ecs-pipeline.json" 32 | #ecs_template_url="$MY_URL" 33 | 34 | echo The value of arg uuid = $uuid 35 | eval $(aws --region us-east-1 ecr get-login) 36 | 37 | # Build, Tag and Deploy Docker 38 | docker build -t $ecr_repo:$uuid . 39 | docker tag $ecr_repo:$uuid $awsacctid.dkr.ecr.us-east-1.amazonaws.com/$ecr_repo:$uuid 40 | docker push $awsacctid.dkr.ecr.us-east-1.amazonaws.com/$ecr_repo:$uuid 41 | 42 | aws cloudformation update-stack --stack-name $ecs_stack_name --template-url $ecs_template_url --region us-east-1 --capabilities="CAPABILITY_IAM" --parameters ParameterKey=AppName,UsePreviousValue=true ParameterKey=ECSRepoName,UsePreviousValue=true ParameterKey=DesiredCapacity,UsePreviousValue=true ParameterKey=KeyName,UsePreviousValue=true ParameterKey=RepositoryBranch,UsePreviousValue=true ParameterKey=RepositoryName,UsePreviousValue=true ParameterKey=InstanceType,UsePreviousValue=true ParameterKey=MaxSize,UsePreviousValue=true ParameterKey=S3ArtifactBucket,UsePreviousValue=true ParameterKey=S3ArtifactObject,UsePreviousValue=true ParameterKey=SSHLocation,UsePreviousValue=true ParameterKey=YourIP,UsePreviousValue=true ParameterKey=ImageTag,ParameterValue=$uuid ParameterKey=ECSCFNURL,ParameterValue=$ecs_template_url 43 | 44 | sleep 10 45 | -------------------------------------------------------------------------------- /database/example_parameters/create-rds-from-snapshot.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "MySQL RDS Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "SnapshotArn", 16 | "ParameterValue": "arn:aws:rds:us-west-2:000000000000:snapshot:rds:mydbname-2016-11-24-17-03" 17 | }, 18 | { 19 | "ParameterKey": "VPC", 20 | "ParameterValue": "vpc-00000000" 21 | }, 22 | { 23 | "ParameterKey": "SubnetIdList", 24 | "ParameterValue": "subnet-00000000,subnet-00000000,subnet-00000000" 25 | }, 26 | { 27 | "ParameterKey": "BackupRetentionPeriod", 28 | "ParameterValue": "30" 29 | }, 30 | { 31 | "ParameterKey": "MultiAvailabilityZone", 32 | "ParameterValue": "true" 33 | }, 34 | { 35 | "ParameterKey": "TcpPort", 36 | "ParameterValue": "3306" 37 | }, 38 | { 39 | "ParameterKey": "ConfigureDns", 40 | "ParameterValue": "true" 41 | }, 42 | { 43 | "ParameterKey": "Cname", 44 | "ParameterValue": "justice.league.com" 45 | }, 46 | { 47 | "ParameterKey": "R53HostedZoneName", 48 | "ParameterValue": "league.com" 49 | }, 50 | { 51 | "ParameterKey": "AlertSnsTopicArn", 52 | "ParameterValue": "arn:aws:sns:us-west-2:000000000000:rds-alerts" 53 | }, 54 | { 55 | "ParameterKey": "PreferredBackupWindow", 56 | "ParameterValue": "17:00-19:00" 57 | }, 58 | { 59 | "ParameterKey": "PreferredMaintenanceWindow", 60 | "ParameterValue": "Sun:19:00-Sun:23:00" 61 | }, 62 | { 63 | "ParameterKey": "ConfigureProvisionedIops", 64 | "ParameterValue": "false" 65 | }, 66 | { 67 | "ParameterKey": "SnapshotOnDelete", 68 | "ParameterValue": "true" 69 | }, 70 | { 71 | "ParameterKey": "SetupAlarms", 72 | "ParameterValue": "true" 73 | }, 74 | { 75 | "ParameterKey": "ProvisionedIopsValue", 76 | "ParameterValue": "1000" 77 | }, 78 | { 79 | "ParameterKey": "InstanceType", 80 | "ParameterValue": "db.t2.small" 81 | } 82 | ] -------------------------------------------------------------------------------- /infrastructure/iam/iam-available-services.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Sid": "AvailableServicesStatement", 6 | "Effect": "Allow", 7 | "Action": [ 8 | "acm:*", 9 | "apigateway:*", 10 | "budgets:*", 11 | "cloud9:*", 12 | "cloudformation:*", 13 | "cloudfront:*", 14 | "cloudtrail:*", 15 | "cloudwatch:*", 16 | "codebuild:*", 17 | "codecommit:*", 18 | "codepipeline:*", 19 | "codestar:*", 20 | "cognito-identity:*", 21 | "config:*", 22 | "dynamodb:*", 23 | "ecr:*", 24 | "ec2:*", 25 | "elasticache:*", 26 | "elasticbeanstalk:*", 27 | "eks:*", 28 | "elasticloadbalancing:*", 29 | "es:*", 30 | "events:*", 31 | "guardduty:*", 32 | "kms:Decrypt", 33 | "kms:DescribeKey", 34 | "kms:Encrypt", 35 | "kms:GenerateDataKey", 36 | "kms:ReEncrypt*", 37 | "lambda:*", 38 | "logs:*", 39 | "macie:*", 40 | "opsworks:*", 41 | "quicksight:*", 42 | "rds:*", 43 | "route53:*", 44 | "secretsmanager:*", 45 | "servicecatalog:*", 46 | "sns:*", 47 | "s3:*", 48 | "ssm:*", 49 | "support:*", 50 | "tag:*", 51 | "workspaces:*" 52 | ], 53 | "Resource": "*", 54 | "Condition": { 55 | "StringEquals": { 56 | "aws:RequestedRegion": [ 57 | "us-west-1", 58 | "us-west-2", 59 | "us-east-1", 60 | "us-east-2" 61 | ] 62 | } 63 | } 64 | } 65 | ] 66 | } -------------------------------------------------------------------------------- /labs/ecs/config-template.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | false 6 | 7 | 8 | true 9 | APPNAME 10 | Build 11 | APPNAME-Jenkins 12 | 1 13 | REGION 14 | 15 | 16 | 17 | 0 18 | 19 | 20 | true 21 | false 22 | false 23 | false 24 | 25 | 26 | * * * * * 27 | false 28 | 29 | 30 | true 31 | 32 | 33 | bash ./configure-ecs.sh MY_STACK MY_ACCTID MY_ECR 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | xterm 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /autoscaling/README.md: -------------------------------------------------------------------------------- 1 | # [Baked AMI, ELB, RDS Backend](https://github.com/stelligent/cloudformation_templates/blob/master/autoscaling/bakedami-elb-rdsbackend.yml) 2 | 3 | ## Purpose 4 | 5 | Create an Autoscaling group in 3 private subnets from a baked AMI, an Elastic Load Balancer in 3 public subnets and S3 ELB Logging Bucket. 6 | Option to use SSL/TLS on ELB. Option to update Route 53 Hosted DNS alias to point to the ELB. 7 | 8 | ## Prerequisites 9 | * [VPC](https://github.com/stelligent/cloudformation_templates/blob/master/infrastructure/vpc.yml) 10 | * 3 Private Subnets 11 | * 3 Public Subnets 12 | * Internal AccessSecurity Group 13 | * RemoteSecurityGroup 14 | * [RDS](https://github.com/stelligent/cloudformation_templates/blob/master/database) 15 | * Instance 16 | * Security Group for RDS Access 17 | * SNS Topic 18 | 19 | ## Optional Prerequisites 20 | * SSL/TLS Certificate uploaded to AWS Account for ELB 21 | * Route53 Hosted Domain 22 | 23 | ## Summary 24 | 1. AWS Service APIs (i.e. CFN Init, ECS, SNS, SES) 25 | 2. AWS Linux Package Repos 26 | 3. *.rubygems.org 27 | 4. *.wordpress.org, *.wordpress.com (Wordpress Updates) 28 | 5. docs.google.com (Temp) for Sheets access (Wordpress Plugin) 29 | 30 | ## Launcher 31 | [![](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?&templateURL=https://s3.amazonaws.com/stelligent-public/cloudformation-templates/github/bakedami-elb-rdsbackend.yml)
32 | 33 | Click this button to open AWS CloudFormation web console to enter parameters and create the stack. 34 | 35 | 36 | ## CloudFormation Template Details 37 | The [CloudFormation Template](https://github.com/stelligent/cloudformation_templates/blob/master/autoscaling/bakedami-elb-rdsbackend.yml) does the following: 38 | 39 | 1. EC2 Instance Autoscaling LaunchConfiguration 40 | 1. Launches specified AMI ID 41 | 2. 3 Private Subnet 42 | 3. No External IP 43 | 2. Security Group 44 | 1. Allow 80 Inbound 45 | 2. Allow 443 Inbound 46 | 3. ELB 47 | 1. 3 Public Subnets 48 | 2. SSL/TLS Optional 49 | 3. S3 Logging Optional 50 | 4. Route 53 Update Optional 51 | 4. IAM Instance Profile Role 52 | 1. S3 * 53 | 2. ec2:Describe* 54 | 3. elasticloadbalancing:Describe* 55 | 4. autoscaling:Describe* 56 | 5. cloudwatch:* 57 | 6. logs:* 58 | 7. sns:* 59 | -------------------------------------------------------------------------------- /autoscaling/archive/bakedami-parameters.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "First Last" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "Autoscaling Baked AMI Webapp Stack Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "08/01/2016" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "PublicSubnet1", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "PublicSubnet2", 24 | "ParameterValue": "subnet-00000000" 25 | }, 26 | { 27 | "ParameterKey": "PublicSubnet3", 28 | "ParameterValue": "subnet-00000000" 29 | }, 30 | { 31 | "ParameterKey": "PrivateSubnet1", 32 | "ParameterValue": "subnet-00000000" 33 | }, 34 | { 35 | "ParameterKey": "PrivateSubnet2", 36 | "ParameterValue": "subnet-00000000" 37 | }, 38 | { 39 | "ParameterKey": "PrivateSubnet3", 40 | "ParameterValue": "subnet-00000000" 41 | }, 42 | { 43 | "ParameterKey": "PublicNetworkAcl", 44 | "ParameterValue": "acl-00000000" 45 | }, 46 | { 47 | "ParameterKey": "InstanceType", 48 | "ParameterValue": "m3.medium" 49 | }, 50 | { 51 | "ParameterKey": "AMI", 52 | "ParameterValue": "ami-00000000" 53 | }, 54 | { 55 | "ParameterKey": "Ec2KeyPair", 56 | "ParameterValue": "dev" 57 | }, 58 | { 59 | "ParameterKey": "MinAutoScaleCount", 60 | "ParameterValue": "3" 61 | }, 62 | { 63 | "ParameterKey": "MaxAutoScaleCount", 64 | "ParameterValue": "6" 65 | }, 66 | { 67 | "ParameterKey": "InternalAccessSecurityGroup", 68 | "ParameterValue": "sg-00000000" 69 | }, 70 | { 71 | "ParameterKey": "RemoteSecurityGroup", 72 | "ParameterValue": "sg-00000000" 73 | }, 74 | { 75 | "ParameterKey": "ConfigureDns", 76 | "ParameterValue": "true" 77 | }, 78 | { 79 | "ParameterKey": "Route53ElbAlias", 80 | "ParameterValue": "www.hecklejeckle.com" 81 | }, 82 | { 83 | "ParameterKey": "UseSsl", 84 | "ParameterValue": "false" 85 | }, 86 | { 87 | "ParameterKey": "ElbHttpListeningPort", 88 | "ParameterValue": "80" 89 | }, 90 | { 91 | "ParameterKey": "InstanceHttpListeningPort", 92 | "ParameterValue": "80" 93 | }, 94 | { 95 | "ParameterKey": "SetupElbLogging", 96 | "ParameterValue": "true" 97 | } 98 | ] -------------------------------------------------------------------------------- /database/example_parameters/mysql-rds.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Firstname Lastname" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "MySQL RDS Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "PrivateSubnet1", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "PrivateSubnet2", 24 | "ParameterValue": "subnet-00000000" 25 | }, 26 | { 27 | "ParameterKey": "PrivateSubnet3", 28 | "ParameterValue": "subnet-00000000" 29 | }, 30 | { 31 | "ParameterKey": "MasterUsername", 32 | "ParameterValue": "superman" 33 | }, 34 | { 35 | "ParameterKey": "MasterUserPassword", 36 | "ParameterValue": "Kryptonite" 37 | }, 38 | { 39 | "ParameterKey": "BackupRetentionPeriod", 40 | "ParameterValue": "30" 41 | }, 42 | { 43 | "ParameterKey": "MultiAvailabilityZone", 44 | "ParameterValue": "true" 45 | }, 46 | { 47 | "ParameterKey": "TcpPort", 48 | "ParameterValue": "3306" 49 | }, 50 | { 51 | "ParameterKey": "ConfigureDns", 52 | "ParameterValue": "true" 53 | }, 54 | { 55 | "ParameterKey": "Cname", 56 | "ParameterValue": "justice.league.com" 57 | }, 58 | { 59 | "ParameterKey": "R53HostedZoneName", 60 | "ParameterValue": "league.com" 61 | }, 62 | { 63 | "ParameterKey": "AlertSnsTopicArn", 64 | "ParameterValue": "arn:aws:sns:us-west-2:000000000000:rds-alerts" 65 | }, 66 | { 67 | "ParameterKey": "AllocatedStorage", 68 | "ParameterValue": "30" 69 | }, 70 | { 71 | "ParameterKey": "PreferredBackupWindow", 72 | "ParameterValue": "17:00-19:00" 73 | }, 74 | { 75 | "ParameterKey": "PreferredMaintenanceWindow", 76 | "ParameterValue": "Sun:19:00-Sun:23:00" 77 | }, 78 | { 79 | "ParameterKey": "ConfigureProvisionedIops", 80 | "ParameterValue": "false" 81 | }, 82 | { 83 | "ParameterKey": "SnapshotOnDelete", 84 | "ParameterValue": "true" 85 | }, 86 | { 87 | "ParameterKey": "SetupAlarms", 88 | "ParameterValue": "true" 89 | }, 90 | { 91 | "ParameterKey": "ProvisionedIopsValue", 92 | "ParameterValue": "1000" 93 | }, 94 | { 95 | "ParameterKey": "InstanceType", 96 | "ParameterValue": "db.t2.small" 97 | } 98 | ] -------------------------------------------------------------------------------- /labs/codedeploy/codedeploy-deployment.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion":"2010-09-09", 3 | "Description":"Provision CodeDeploy Application and Deployment", 4 | "Parameters":{ 5 | "Bucket":{ 6 | "Type":"String", 7 | "Description":"The unique bucket name where deployment distribution is located" 8 | }, 9 | "Key":{ 10 | "Type":"String", 11 | "Description":"The unique bucket name where deployment distribution is located" 12 | }, 13 | "TagKey":{ 14 | "Type":"String", 15 | "Default":"Name", 16 | "Description":"The tag name that is associated with EC2 instances on which CodeDeploy agent is installed" 17 | }, 18 | "TagValue":{ 19 | "Type":"String", 20 | "Description":"The value associated with TagKey" 21 | }, 22 | "RoleArn":{ 23 | "Type":"String", 24 | "Description":"ARN for IAM role created when EC2 instances that have installed CodeDeploy agent were provisioned. Output value of CFN stack." 25 | } 26 | }, 27 | "Resources":{ 28 | "MyApplication":{ 29 | "Type":"AWS::CodeDeploy::Application" 30 | }, 31 | "MyDeploymentGroup":{ 32 | "Type":"AWS::CodeDeploy::DeploymentGroup", 33 | "DependsOn":"MyApplication", 34 | "Properties":{ 35 | "ApplicationName":{ 36 | "Ref":"MyApplication" 37 | }, 38 | "Deployment":{ 39 | "Description":"First time", 40 | "IgnoreApplicationStopFailures":"true", 41 | "Revision":{ 42 | "RevisionType":"S3", 43 | "S3Location":{ 44 | "Bucket":{ 45 | "Ref":"Bucket" 46 | }, 47 | "BundleType":"Zip", 48 | "Key":{ 49 | "Ref":"Key" 50 | } 51 | } 52 | } 53 | }, 54 | "Ec2TagFilters":[ 55 | { 56 | "Key":{ 57 | "Ref":"TagKey" 58 | }, 59 | "Value":{ 60 | "Ref":"TagValue" 61 | }, 62 | "Type":"KEY_AND_VALUE" 63 | } 64 | ], 65 | "ServiceRoleArn":{ 66 | "Ref":"RoleArn" 67 | } 68 | } 69 | } 70 | }, 71 | "Outputs":{ 72 | "MyAWSAccountId":{ 73 | "Value":{ 74 | "Ref":"AWS::AccountId" 75 | } 76 | }, 77 | "MyApplication":{ 78 | "Value":{ 79 | "Ref":"MyApplication" 80 | } 81 | }, 82 | "MyDeploymentGroup":{ 83 | "Value":{ 84 | "Ref":"MyDeploymentGroup" 85 | } 86 | } 87 | } 88 | } -------------------------------------------------------------------------------- /labs/codepipeline/codedeploy-deployment.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion":"2010-09-09", 3 | "Description":"Provision CodeDeploy Application and Deployment", 4 | "Parameters":{ 5 | "Bucket":{ 6 | "Type":"String", 7 | "Description":"The unique bucket name where deployment distribution is located" 8 | }, 9 | "Key":{ 10 | "Type":"String", 11 | "Description":"The unique bucket name where deployment distribution is located" 12 | }, 13 | "TagKey":{ 14 | "Type":"String", 15 | "Default":"Name", 16 | "Description":"The tag name that is associated with EC2 instances on which CodeDeploy agent is installed" 17 | }, 18 | "TagValue":{ 19 | "Type":"String", 20 | "Description":"The value associated with TagKey" 21 | }, 22 | "RoleArn":{ 23 | "Type":"String", 24 | "Description":"ARN for IAM role created when EC2 instances that have installed CodeDeploy agent were provisioned. Output value of CFN stack." 25 | } 26 | }, 27 | "Resources":{ 28 | "MyApplication":{ 29 | "Type":"AWS::CodeDeploy::Application" 30 | }, 31 | "MyDeploymentGroup":{ 32 | "Type":"AWS::CodeDeploy::DeploymentGroup", 33 | "DependsOn":"MyApplication", 34 | "Properties":{ 35 | "ApplicationName":{ 36 | "Ref":"MyApplication" 37 | }, 38 | "Deployment":{ 39 | "Description":"First time", 40 | "IgnoreApplicationStopFailures":"true", 41 | "Revision":{ 42 | "RevisionType":"S3", 43 | "S3Location":{ 44 | "Bucket":{ 45 | "Ref":"Bucket" 46 | }, 47 | "BundleType":"Zip", 48 | "Key":{ 49 | "Ref":"Key" 50 | } 51 | } 52 | } 53 | }, 54 | "Ec2TagFilters":[ 55 | { 56 | "Key":{ 57 | "Ref":"TagKey" 58 | }, 59 | "Value":{ 60 | "Ref":"TagValue" 61 | }, 62 | "Type":"KEY_AND_VALUE" 63 | } 64 | ], 65 | "ServiceRoleArn":{ 66 | "Ref":"RoleArn" 67 | } 68 | } 69 | } 70 | }, 71 | "Outputs":{ 72 | "MyAWSAccountId":{ 73 | "Value":{ 74 | "Ref":"AWS::AccountId" 75 | } 76 | }, 77 | "MyApplication":{ 78 | "Value":{ 79 | "Ref":"MyApplication" 80 | } 81 | }, 82 | "MyDeploymentGroup":{ 83 | "Value":{ 84 | "Ref":"MyDeploymentGroup" 85 | } 86 | } 87 | } 88 | } -------------------------------------------------------------------------------- /security/iam-default-instance-profile.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Default EC2 Instance IAM Profile and Role by Levon Becker v20160406-1200", 4 | "Parameters": { 5 | "Owner": { 6 | "Description": "Enter Team or Individual Name Responsible for the Stack.", 7 | "Type": "String", 8 | "Default": "Levon Becker" 9 | }, 10 | "Project": { 11 | "Description": "Enter Project Name.", 12 | "Type": "String", 13 | "Default": "Continuous Security" 14 | }, 15 | "DeleteAfter": { 16 | "Description": "Enter Date It's Ok to Delete the Stack or 'Never' if meant to be persistent.", 17 | "Type": "String", 18 | "Default": "00/00/201x" 19 | }, 20 | }, 21 | "Resources": { 22 | "IamRole": { 23 | "Type" : "AWS::IAM::Role", 24 | "Properties": { 25 | "AssumeRolePolicyDocument": { 26 | "Statement": [{"Effect": "Allow", "Principal": {"Service": ["ec2.amazonaws.com"]}, "Action": ["sts:AssumeRole"]}] 27 | }, 28 | "Path": "/" 29 | } 30 | }, 31 | "IamPolicies": { 32 | "Type": "AWS::IAM::Policy", 33 | "Properties": { 34 | "PolicyName": {"Fn::Join": ["", [{"Ref": "AWS::StackName"}, "-s3-cloudwatch-ec2"]]}, 35 | "PolicyDocument": { 36 | "Statement": [{ 37 | "Effect": "Allow", 38 | "Action": [ 39 | "s3:*", 40 | "ec2:Describe*", 41 | "elasticloadbalancing:Describe*", 42 | "autoscaling:Describe*", 43 | "cloudwatch:*", 44 | "logs:*", 45 | "sns:*" 46 | ], 47 | "Resource": "*" 48 | }] 49 | }, 50 | "Roles": [{"Ref": "IamRole"}] 51 | } 52 | }, 53 | "IamInstanceProfile": { 54 | "Type": "AWS::IAM::InstanceProfile", 55 | "Properties": { 56 | "Path": "/", 57 | "Roles": [{"Ref": "IamRole"}] 58 | } 59 | } 60 | }, 61 | "Outputs": { 62 | "Owner": { 63 | "Description": "The dude or team to bug about cleaning up", 64 | "Value": {"Ref": "Owner"} 65 | }, 66 | "Project": { 67 | "Description": "The project name", 68 | "Value": {"Ref": "Project"} 69 | }, 70 | "IamRole": { 71 | "Description": "EC2 IAM Profile Role.", 72 | "Value": {"Ref": "IamRole"} 73 | }, 74 | "DeleteAfter": { 75 | "Description": "It is ok to delete the stack after this date", 76 | "Value": {"Ref": "DeleteAfter"} 77 | } 78 | } 79 | } -------------------------------------------------------------------------------- /labs/codedeploy/codedeploy-master.json: -------------------------------------------------------------------------------- 1 | { 2 | "Description":"Launch nested CloudFormation stack to provision and run AWS CodeDeploy", 3 | "AWSTemplateFormatVersion":"2010-09-09", 4 | "Parameters":{ 5 | "S3Bucket":{ 6 | "Type":"String", 7 | "Description":"The unique bucket name where deployment distribution is located" 8 | }, 9 | "S3Key":{ 10 | "Type":"String", 11 | "Description":"The unique bucket name where deployment distribution is located" 12 | }, 13 | "EC2TagValue":{ 14 | "Description":"The tag value that identifies this as a target for deployments.", 15 | "Type":"String", 16 | "AllowedPattern":"[\\x20-\\x7E]*", 17 | "ConstraintDescription":"Can contain only ASCII characters." 18 | }, 19 | "EC2KeyPairName":{ 20 | "Description":"Name of an existing Amazon EC2 key pair to enable SSH or RDP access to the instances.", 21 | "Type":"AWS::EC2::KeyPair::KeyName", 22 | "MinLength":"1", 23 | "MaxLength":"255", 24 | "AllowedPattern":"[\\x20-\\x7E]*", 25 | "ConstraintDescription":"Can contain only ASCII characters." 26 | } 27 | }, 28 | "Resources":{ 29 | "CodeDeployEC2InstancesStack":{ 30 | "Type":"AWS::CloudFormation::Stack", 31 | "Properties":{ 32 | "TemplateURL":"http://s3.amazonaws.com/aws-codedeploy-us-east-1/templates/latest/CodeDeploy_SampleCF_Template.json", 33 | "TimeoutInMinutes":"60", 34 | "Parameters":{ 35 | "TagValue":{ 36 | "Ref":"EC2TagValue" 37 | }, 38 | "KeyPairName":{ 39 | "Ref":"EC2KeyPairName" 40 | } 41 | } 42 | } 43 | }, 44 | "CodeDeploySimpleStack":{ 45 | "Type":"AWS::CloudFormation::Stack", 46 | "DependsOn":"CodeDeployEC2InstancesStack", 47 | "Properties":{ 48 | "TemplateURL":"https://s3.amazonaws.com/stelligent-training-public/public/codedeploy/codedeploy-deployment.json", 49 | "TimeoutInMinutes":"60", 50 | "Parameters":{ 51 | "TagValue":{ 52 | "Ref":"EC2TagValue" 53 | }, 54 | "RoleArn":{ 55 | "Fn::GetAtt":[ 56 | "CodeDeployEC2InstancesStack", 57 | "Outputs.CodeDeployTrustRoleARN" 58 | ] 59 | }, 60 | "Bucket":{ 61 | "Ref":"S3Bucket" 62 | }, 63 | "Key":{ 64 | "Ref":"S3Key" 65 | } 66 | } 67 | } 68 | } 69 | }, 70 | "Outputs":{ 71 | "MyAWSAccountId":{ 72 | "Value":{ 73 | "Ref":"AWS::AccountId" 74 | } 75 | } 76 | } 77 | } -------------------------------------------------------------------------------- /orchestrators/README.md: -------------------------------------------------------------------------------- 1 | # Orchestrator CloudFormation Templates 2 | 3 | ## Purpose 4 | 5 | Collection of Orchestration Templates that use various nested templates from this repository. 6 | 7 | ### Orchestrators 8 | One template to rule them all... These are master templates that call nested templates. 9 | These are good to build out a full environment without having to run each template individually. 10 | Coupled with a custom parameters JSON file can give you a one command solution to a complex setup and eliminate the need to duplicate code. 11 | 12 | For instance you could have a VPC, NAT, RDS and Autoscaling Webapp behind an ELB and Update DNS all in one 13 | command using various foundational templates that I've creates to be used together. 14 | 15 | 16 | 17 | 18 | 19 | 20 | 30 | 52 | 53 |

Infrastructure

21 |

Select the foundational pieces for building out an infrastructure from the ground up.

22 |
Create Details
23 |
    24 |
  1. VPC
    2. 25 |
  2. Nat Gateway (Optional)
    3. 26 |
  3. Bastion Host (Optinoal)
    4. 27 |
  4. VPN (Optional)
    5. 28 |
29 | 		31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 |
Launch
37 | 38 |
41 | 42 | 43 | 44 | 45 | 46 | 49 | 50 |
View in Designer
47 | View in Designer 48 |
51 |
-------------------------------------------------------------------------------- /autoscaling/example_parameters/bakedami--elb-rdsbackend.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "First Last" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "Autoscaling Baked AMI RDS Backed Webapp Stack Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "08/01/2016" 13 | }, 14 | { 15 | "ParameterKey": "VPC", 16 | "ParameterValue": "vpc-00000000" 17 | }, 18 | { 19 | "ParameterKey": "PublicSubnet1", 20 | "ParameterValue": "subnet-00000000" 21 | }, 22 | { 23 | "ParameterKey": "PublicSubnet2", 24 | "ParameterValue": "subnet-00000000" 25 | }, 26 | { 27 | "ParameterKey": "PublicSubnet3", 28 | "ParameterValue": "subnet-00000000" 29 | }, 30 | { 31 | "ParameterKey": "PrivateSubnet1", 32 | "ParameterValue": "subnet-00000000" 33 | }, 34 | { 35 | "ParameterKey": "PrivateSubnet2", 36 | "ParameterValue": "subnet-00000000" 37 | }, 38 | { 39 | "ParameterKey": "PrivateSubnet3", 40 | "ParameterValue": "subnet-00000000" 41 | }, 42 | { 43 | "ParameterKey": "PublicNetworkAcl", 44 | "ParameterValue": "acl-00000000" 45 | }, 46 | { 47 | "ParameterKey": "InstanceType", 48 | "ParameterValue": "t2.small" 49 | }, 50 | { 51 | "ParameterKey": "AMI", 52 | "ParameterValue": "ami-00000000" 53 | }, 54 | { 55 | "ParameterKey": "Ec2KeyPair", 56 | "ParameterValue": "dev" 57 | }, 58 | { 59 | "ParameterKey": "MinAutoScaleCount", 60 | "ParameterValue": "3" 61 | }, 62 | { 63 | "ParameterKey": "MaxAutoScaleCount", 64 | "ParameterValue": "6" 65 | }, 66 | { 67 | "ParameterKey": "InternalAccessSecurityGroup", 68 | "ParameterValue": "sg-00000000" 69 | }, 70 | { 71 | "ParameterKey": "RemoteSecurityGroup", 72 | "ParameterValue": "sg-00000000" 73 | }, 74 | { 75 | "ParameterKey": "RDSAccessSecurityGroup", 76 | "ParameterValue": "sg-00000000" 77 | }, 78 | { 79 | "ParameterKey": "ConfigureDns", 80 | "ParameterValue": "true" 81 | }, 82 | { 83 | "ParameterKey": "Route53ElbAlias", 84 | "ParameterValue": "www.hecklejeckle.com" 85 | }, 86 | { 87 | "ParameterKey": "UseSsl", 88 | "ParameterValue": "true" 89 | }, 90 | { 91 | "ParameterKey": "ElbSslCertArn", 92 | "ParameterValue": "arn:aws:iam::0000000000000:server-certificate/www.hecklejeckle.com" 93 | }, 94 | { 95 | "ParameterKey": "ElbHttpListeningPort", 96 | "ParameterValue": "443" 97 | }, 98 | { 99 | "ParameterKey": "InstanceHttpListeningPort", 100 | "ParameterValue": "8443" 101 | }, 102 | { 103 | "ParameterKey": "ListenOnBothPorts", 104 | "ParameterValue": "false" 105 | }, 106 | { 107 | "ParameterKey": "SetupElbLogging", 108 | "ParameterValue": "true" 109 | } 110 | ] -------------------------------------------------------------------------------- /labs/wordpress/README.md: -------------------------------------------------------------------------------- 1 | # Wordpress on Nginx 2 | 3 | ## Purpose 4 | 5 | Create an EC2 Instance on a Private Subnet, install Nginx, Php-Fpm and Wordpress on Nginx. 6 | Designed to use MySQL RDS backend, live behind a Load Balancer (Sophos, ELB, etc.), and 7 | configured for SSL termination is handled by the Load Balancer. 8 | 9 | From the web it's HTTPS (443) to LB. Then from the LB to the instance it is HTTP (80). 10 | 11 | # Prerequisites 12 | * Create RDS Instance 13 | * Create empty Wordpress Database and User 14 | 15 | # Summary 16 | 1. AWS Service APIs (i.e. CFN Init, ECS, SNS, SES) 17 | 2. AWS Linux Package Repos 18 | 3. *.rubygems.org 19 | 4. *.wordpress.org, *.wordpress.com (Wordpress Updates) 20 | 5. docs.google.com (Temp) for Sheets access (Wordpress Plugin) 21 | 22 | # Launcher 23 | [![Wordpress Lab](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?&templateURL=https://s3.amazonaws.com/stelligent-public/cloudformation-templates/github/wordpress-nginx.yml)
24 | Click this button to open AWS CloudFormation web console to enter parameters and create the stack. 25 | 26 | 27 | # CloudFormation Template Details 28 | The [CloudFormation Template](https://github.com/stelligent/cloudformation_templates/blob/master/labs/wordpress/wordpress-nginx.yml) does the following: 29 | 30 | 1. EC2 Instance 31 | 1. Amazon Linux 32 | 2. EBS volume 33 | 3. t2.micro (default) 34 | 4. Private Subnet 35 | 5. No External IP 36 | 2. Security Group 37 | 1. Allow 80 Inbound 38 | 2. Allow 443 Inbound 39 | 3. CloudWatch Logs Group 40 | 4. IAM Instance Profile Role 41 | 1. S3 RW Access 42 | 2. Cloudwatch Write Metrics 43 | 3. Cloudwatch Logs 44 | 4. Route 53 Upsert 45 | 5. UserData (Bootstrapping) 46 | 1. Yum Updates 47 | 2. Install minimum packages 48 | 1. cfn-init 49 | 2. aws-cfn-bootstrap 50 | 3. cloud-init 51 | 3. Call cfn-init 52 | 53 | # Cloud Init 54 | 1. Configure CFN INIT 55 | 2. Install_packages 56 | 1. Install Nginx 57 | 2. Install Php-Fpm 7.0 58 | 3. Install MySQL 5.6 Client 59 | 4. Download Latest Wordpress 60 | 5. Install Wordpress 61 | 3. Configure Wordpress 62 | 1. Create Nginx Virtual Host Config 63 | 2. Create Wordpress Config 64 | 4. Configure Php-Fpm 65 | 1. Replace apache user with nginx user 66 | 2. Set Ownership on Logs Directory 67 | 5. Start/Restart Services 68 | 1. php-fpm-7.0 69 | 2. nginx 70 | 3. Set both to start at boot 71 | 6. DNS Update Script 72 | 1. Create Update DNS Script 73 | 7. Update DNS 74 | 1. Run DNS Update Script 75 | 8. Warm EBS 76 | 1. Use dd to warm EBS Volume 77 | 78 | # Tips 79 | 1. I put this behind a Sophos United Threat Management (UTM) v9 Instance. I have a Template [HERE](https://github.com/stelligent/cloudformation_templates/blob/master/labs/sophos/sophos_utm9.yml) 80 | -------------------------------------------------------------------------------- /labs/mediawiki/README.md: -------------------------------------------------------------------------------- 1 | # Mediawiki on Nginx 2 | 3 | ## Purpose 4 | 5 | Create an EC2 Instance on a Private Subnet, install Nginx, Php-Fpm and Mediawiki on Nginx. 6 | Designed to use MySQL RDS backend, live behind a Load Balancer (Sophos, ELB, etc.), and 7 | configured for SSL termination is handled by the Load Balancer. 8 | 9 | From the web it's HTTPS (443) to LB. Then from the LB to the instance it is HTTP (80). 10 | 11 | # Prerequisites 12 | * Create RDS Instance 13 | * Create empty Mediawiki Database and User 14 | * Internet Access from EC2 Instance 15 | 16 | # Summary 17 | 1. AWS Service APIs (i.e. CFN Init, ECS, SNS, SES) 18 | 2. AWS Linux Package Repos 19 | 3. *.rubygems.org 20 | 4. *.wordpress.org, *.wordpress.com (Wordpress Updates) 21 | 5. docs.google.com (Temp) for Sheets access (Wordpress Plugin) 22 | 23 | # Launcher 24 | [![](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?#/stacks/new?&templateURL=https://s3.amazonaws.com/stelligent-public/cloudformation-templates/github/mediawiki-nginx.yml)
25 | Click this button to open AWS CloudFormation web console to enter parameters and create the stack. 26 | 27 | 28 | # CloudFormation Template Details 29 | The [CloudFormation Template](https://github.com/stelligent/cloudformation_templates/blob/master/labs/mediawiki/mediawiki-nginx.yml) does the following: 30 | 31 | 1. EC2 Instance 32 | 1. Amazon Linux 33 | 2. EBS volume 34 | 3. t2.micro (default) 35 | 4. Private Subnet 36 | 5. No External IP 37 | 2. Security Group 38 | 1. Allow 80 Inbound 39 | 2. Allow 443 Inbound 40 | 3. CloudWatch Logs Group 41 | 4. IAM Instance Profile Role 42 | 1. S3 RW Access 43 | 2. Cloudwatch Write Metrics 44 | 3. Cloudwatch Logs 45 | 4. Route 53 Upsert 46 | 5. UserData (Bootstrapping) 47 | 1. Yum Updates 48 | 2. Install minimum packages 49 | 1. cfn-init 50 | 2. aws-cfn-bootstrap 51 | 3. cloud-init 52 | 3. Call cfn-init 53 | 54 | # Cloud Init 55 | 1. Configure CFN INIT 56 | 2. Install_packages 57 | 1. Install Nginx 58 | 2. Install Php-Fpm 7.0 59 | 3. Install MySQL 5.6 Client 60 | 4. Download Latest Mediawiki 61 | 5. Download Plugins 62 | 3. Configure Mediawiki 63 | 1. Create Nginx Virtual Host Config 64 | 2. Create Mediawiki Config 65 | 4. Configure Php-Fpm 66 | 1. Replace apache user with nginx user 67 | 2. Set Ownership on Logs Directory 68 | 5. Start/Restart Services 69 | 1. php-fpm-7.0 70 | 2. nginx 71 | 3. Set both to start at boot 72 | 6. DNS Update Script 73 | 1. Create Update DNS Script 74 | 7. Update DNS 75 | 1. Run DNS Update Script 76 | 8. Warm EBS 77 | 1. Use dd to warm EBS Volume 78 | 79 | # Tips 80 | 1. I put this behind a Sophos United Threat Management (UTM) v9 Instance. I have a Template [HERE](https://github.com/stelligent/cloudformation_templates/blob/master/infrastructure/utm9.yml) 81 | -------------------------------------------------------------------------------- /storage/README.md: -------------------------------------------------------------------------------- 1 | # Storage CloudFormation Templates 2 | 3 | ## Purpose 4 | 5 | Collection of Storage Templates that can use various nested templates from this repository. 6 | 7 | ### Storage 8 | [Back to Top](#purpose) 9 | 10 | 11 | 12 | 13 | 14 | 15 | 28 | 40 | 41 |

EFS

16 |

Creates an Elastic File System with 3 Mounts

17 |
Prerequisites
18 |
    19 |
  1. VPC
    2. 20 |
  2. 3 Subnets
    3. 21 |
22 |
Create Details
23 |
    24 |
  1. EFS Filesystem
    2. 25 |
  2. 3 Mount Targets
    3. 26 |
27 | 		29 | 30 | 31 | 32 | 33 | 34 | 37 | 38 |
Launch
35 | 36 |
39 |
42 | 43 | 44 | 45 | 46 | 47 | 48 | 63 | 75 | 76 |

S3 Backup Bucket

49 |

Create S3 Backup Bucket

50 |
Prerequisites
51 |
    52 |
  1. VPC
    2. 53 |
  2. VPC Endpoint
    3. 54 |
55 |
Create Details
56 |
    57 |
  1. Single S3 Bucket
    2. 58 |
  2. Enabled Versioning
    3. 59 |
  3. Enforced Encryption
    4. 60 |
  4. Creates LifeCycle to Delete Previous Versions after X Days
    5. 61 |
62 | 		64 | 65 | 66 | 67 | 68 | 69 | 72 | 73 |
Launch
70 | 71 |
74 |
77 | -------------------------------------------------------------------------------- /infrastructure/iam/StelligentConfigureOwnMFAPolicy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "iam:List*", 8 | "iam:Get*" 9 | ], 10 | "Resource": "*" 11 | }, 12 | { 13 | "Effect": "Allow", 14 | "Action": [ 15 | "iam:ChangePassword", 16 | "iam:CreateAccessKey", 17 | "iam:CreateLoginProfile", 18 | "iam:DeleteAccessKey", 19 | "iam:DeleteLoginProfile", 20 | "iam:GetLoginProfile", 21 | "iam:ListAccessKeys", 22 | "iam:UpdateAccessKey", 23 | "iam:UpdateLoginProfile", 24 | "iam:ListSigningCertificates", 25 | "iam:DeleteSigningCertificate", 26 | "iam:UpdateSigningCertificate", 27 | "iam:UploadSigningCertificate", 28 | "iam:ListSSHPublicKeys", 29 | "iam:GetSSHPublicKey", 30 | "iam:DeleteSSHPublicKey", 31 | "iam:UpdateSSHPublicKey", 32 | "iam:UploadSSHPublicKey", 33 | "iam:CreateVirtualMFADevice", 34 | "iam:DeleteVirtualMFADevice", 35 | "iam:EnableMFADevice", 36 | "iam:ListMFADevices", 37 | "iam:ResyncMFADevice" 38 | ], 39 | "Resource": [ 40 | "arn:aws:iam::*:mfa/${aws:username}", 41 | "arn:aws:iam::*:user/${aws:username}" 42 | ] 43 | }, 44 | { 45 | "Effect": "Allow", 46 | "Action": [ 47 | "iam:DeactivateMFADevice" 48 | ], 49 | "Resource": [ 50 | "arn:aws:iam::*:mfa/${aws:username}", 51 | "arn:aws:iam::*:user/${aws:username}" 52 | ], 53 | "Condition": { 54 | "Bool": { 55 | "aws:MultiFactorAuthPresent": "true" 56 | } 57 | } 58 | }, 59 | { 60 | "Effect": "Deny", 61 | "NotAction": [ 62 | "iam:CreateVirtualMFADevice", 63 | "iam:DeleteVirtualMFADevice", 64 | "iam:ListVirtualMFADevices", 65 | "iam:EnableMFADevice", 66 | "iam:ResyncMFADevice", 67 | "iam:ListAccountAliases", 68 | "iam:ListUsers", 69 | "iam:ListSSHPublicKeys", 70 | "iam:ListAccessKeys", 71 | "iam:ListServiceSpecificCredentials", 72 | "iam:ListMFADevices", 73 | "iam:GetAccountSummary", 74 | "sts:GetSessionToken", 75 | "iam:ChangePassword" 76 | ], 77 | "Resource": "*", 78 | "Condition": { 79 | "BoolIfExists": { 80 | "aws:MultiFactorAuthPresent": "false" 81 | } 82 | } 83 | } 84 | ] 85 | } -------------------------------------------------------------------------------- /labs/mediawiki/example_parameters/mediawiki-nginx.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "DeleteAfter", 8 | "ParameterValue": "00/00/201x" 9 | }, 10 | { 11 | "ParameterKey": "VPC", 12 | "ParameterValue": "vpc-00000000" 13 | }, 14 | { 15 | "ParameterKey": "SubnetId", 16 | "ParameterValue": "subnet-00000000" 17 | }, 18 | { 19 | "ParameterKey": "InternalAccessSecurityGroup", 20 | "ParameterValue": "sg-0000000" 21 | }, 22 | { 23 | "ParameterKey": "RemoteSecurityGroup", 24 | "ParameterValue": "sg-0000000" 25 | }, 26 | { 27 | "ParameterKey": "RdsSecurityGroup", 28 | "ParameterValue": "sg-0000000" 29 | }, 30 | { 31 | "ParameterKey": "EfsSecurityGroup", 32 | "ParameterValue": "sg-0000000" 33 | }, 34 | { 35 | "ParameterKey": "HostedZoneId", 36 | "ParameterValue": "Z1234567890" 37 | }, 38 | { 39 | "ParameterKey": "RecordName", 40 | "ParameterValue": "www.example.com" 41 | }, 42 | { 43 | "ParameterKey": "KeyPairName", 44 | "ParameterValue": "stack-uswest2-dev" 45 | }, 46 | { 47 | "ParameterKey": "InstanceType", 48 | "ParameterValue": "t2.micro" 49 | }, 50 | { 51 | "ParameterKey": "EfsMountPoint", 52 | "ParameterValue": "/path/to/mount1" 53 | }, 54 | { 55 | "ParameterKey": "EfsFileSystemId", 56 | "ParameterValue": "fs-00000000" 57 | }, 58 | { 59 | "ParameterKey": "DbHost", 60 | "ParameterValue": "db.domain.com" 61 | }, 62 | { 63 | "ParameterKey": "DbName", 64 | "ParameterValue": "mediawiki" 65 | }, 66 | { 67 | "ParameterKey": "DbUser", 68 | "ParameterValue": "mediawiki" 69 | }, 70 | { 71 | "ParameterKey": "DbPassword", 72 | "ParameterValue": "secret" 73 | }, 74 | { 75 | "ParameterKey": "MediawikiMajorRelease", 76 | "ParameterValue": "1" 77 | }, 78 | { 79 | "ParameterKey": "MediawikiMinorRelease", 80 | "ParameterValue": "28" 81 | }, 82 | { 83 | "ParameterKey": "SiteTitle", 84 | "ParameterValue": "My Site" 85 | }, 86 | { 87 | "ParameterKey": "SiteURL", 88 | "ParameterValue": "https://www.example.com" 89 | }, 90 | { 91 | "ParameterKey": "VirtaulServerNames", 92 | "ParameterValue": "example.com www.example.com" 93 | }, 94 | { 95 | "ParameterKey": "LbLanIp", 96 | "ParameterValue": "10.0.0.1" 97 | }, 98 | { 99 | "ParameterKey": "ContactEmail", 100 | "ParameterValue": "first.last@domain.com" 101 | }, 102 | { 103 | "ParameterKey": "SecretKey", 104 | "ParameterValue": "0000000000" 105 | }, 106 | { 107 | "ParameterKey": "UpgradeKey", 108 | "ParameterValue": "0000000000" 109 | }, 110 | { 111 | "ParameterKey": "GoogleAnalyticsAccount", 112 | "ParameterValue": "UD-0000000" 113 | }, 114 | { 115 | "ParameterKey": "Environment", 116 | "ParameterValue": "dev" 117 | }, 118 | { 119 | "ParameterKey": "S3ContentPath", 120 | "ParameterValue": "bucket-name/web-content/mediawiki" 121 | } 122 | ] -------------------------------------------------------------------------------- /labs/codepipeline_approval_gate_tracking/README.md: -------------------------------------------------------------------------------- 1 | # CodePipeline Approval Gate Tracking 2 | 3 | ### Components 4 | - AWS resources deployed from the `cloudformation/approval_gate_tracking_lambda.yml` template. 5 | - AWS CloudWatch Event Rule that is configured to listen for the `PutApprovalResult` CloudTrail API call. This is the specific API call that is made whenever someone performs the action of approving or rejecting an approval gate. 6 | - AWS Lambda function that records the information about the approval gate action in the S3 bucket and sends out the SNS notification containing information about the event. This Lambda function gets triggered by the CloudWatch event rule whenever that `PutApprovalResult` API call is logged to CloudTrail. The Lambda function then consumes that CloudTrail information and performs the S3 recording and SNS notification tasks, as well as logs the data to the Lambda's CloudWatch log group. 7 | - AWS SNS Topic used for sending email notifications whenever someone approves or rejects a CodePipeline approval gate. These email notifications contain information about the approval gate action including: 8 | - Pipeline name 9 | - Approval gate status (Approved or Rejected) 10 | - IAM user who performed the action 11 | - Date and time of action (EST time) 12 | - AWS region in which this occurred 13 | - AWS account ID 14 | - AWS S3 Bucket that is used for recording dated entries every time someone approves or rejects an approval gate in any CodePipeline within the region. 15 | 16 | ### What Does This Provide? 17 | - A dynamic, automated, and scalable approach to tracking CodePipeline approval gate actions within an AWS account. This solution is built and automated to work every CodePipeline deployed within a region and does not require additional configuration after deployment. 18 | - Easily queryable and long term storage solution for the recording of CodePipeline approvals/rejections in the S3 bucket. Each recorded text file entry contains the unique CloudTrail log data captured by the approval gate API action performed and is organized by `PipelineApprovalGateActions/pipeline_name/year/month/day/approval_gate-status-time.txt`. An example of a recording looks like this: 19 | ``` 20 | PipelineApprovalGateActions/testing-pipeline/2019/05/23/dev-approval-APPROVED-11:50:45-AM.txt 21 | ``` 22 | - Teams can be notified via email whenever a CodePipeline approval gate is approved or rejected. Each email notification contains unique information about the approval gate action performed. An example of an email notification containing this information would look like this: 23 | ` 24 | Approval Gate qa-approval for Pipeline testing-pipeline was Approved by arn:aws:sts::123456789012:assumed-role/OrgIamRole/newuser on May 23, 2019 12:01:25 PM inside the us-east-1 region in AWS Account 123456789012. Approval Gate Response Summary: I approve 25 | ` 26 | 27 | ### Steps for Deployment 28 | 1. Launch the `cloudformation/approval_gate_tracking_lambda.yml` CloudFormation stack. 29 | 2. Pass in a name for your AWS account into the `AccountAlias` parameter. This is the name that will be used as a prefix for the resources created within the template. 30 | 3. Pass in the an email address that you would like to use to receive notifications about approval gate actions performed. If you would prefer to not receive notifications, you can leave this parameter blank. -------------------------------------------------------------------------------- /labs/bitbucket/README.md: -------------------------------------------------------------------------------- 1 | # Bitbucket Server Lab CloudFormation Template 2 | 3 | 4 | 5 | 6 | 7 | 8 | 50 | 72 | 73 |

Bitbucket Lab

9 |

Creates a Bitbucket Server in a private or public subnet in an existing VPC.

10 |
Prerequisites
11 |
    12 |
  1. VPC
    2. 13 |
      14 |
    • Public or Private Subnet
      • 15 |
    • Internal Instance Access Security Group
      • 16 |
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
      • 17 |
    18 |
  2. Internet Access from the EC2 Instance or Yum access solution
    3. 19 |
  3. EC2 Key Pair
    4. 20 |
  4. Available EIP if Selected Public Facing
    5. 21 |
  5. IAM Role Creation Permissions
    6. 22 |
23 |
Supported Regions
24 |
    25 |
  1. cn-north-1
    2. 26 |
  2. us-east-1
    3. 27 |
  3. us-west-1
    4. 28 |
  4. us-west-2
    5. 29 |
  5. eu-west-1
    6. 30 |
  6. eu-central-1
    7. 31 |
  7. ap-northeast-1
    8. 32 |
  8. ap-northeast-2
    9. 33 |
  9. ap-southeast-1
    10. 34 |
  10. ap-southeast-2
    11. 35 |
  11. sa-east-1
    12. 36 |
37 |
Create Details
38 |
    39 |
  1. EC2 Instance (Amazon Linux)
    2. 40 |
  2. EIP (Optional)
    3. 41 |
  3. IAM Role
    4. 42 |
  4. IAM Instance Profile
    5. 43 |
  5. Security Group
    6. 44 |
45 |
Notes
46 |
    47 |
  • It takes 5 to 10 minutes after instance is created to complete the Bitbucket setup
    • 48 |
49 | 		51 | 52 | 53 | 54 | 55 | 56 | 59 | 60 |
Launch
57 | 58 |
61 | 62 | 63 | 64 | 65 | 66 | 69 | 70 |
View in Designer
67 | View in Designer 68 |
71 |
74 | -------------------------------------------------------------------------------- /orchestrators/example_parameters/infrastructure.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "Infrastructure Stack Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPCSubnetCidrBlock", 16 | "ParameterValue": "10.20.0.0/16" 17 | }, 18 | { 19 | "ParameterKey": "AvailabilityZone1", 20 | "ParameterValue": "a" 21 | }, 22 | { 23 | "ParameterKey": "AvailabilityZone2", 24 | "ParameterValue": "b" 25 | }, 26 | { 27 | "ParameterKey": "AvailabilityZone3", 28 | "ParameterValue": "c" 29 | }, 30 | { 31 | "ParameterKey": "PublicSubnetCidrBlock1", 32 | "ParameterValue": "10.20.1.0/24" 33 | }, 34 | { 35 | "ParameterKey": "PublicSubnetCidrBlock2", 36 | "ParameterValue": "10.20.2.0/24" 37 | }, 38 | { 39 | "ParameterKey": "PublicSubnetCidrBlock3", 40 | "ParameterValue": "10.20.3.0/24" 41 | }, 42 | { 43 | "ParameterKey": "PrivateSubnetCidrBlock1", 44 | "ParameterValue": "10.20.4.0/24" 45 | }, 46 | { 47 | "ParameterKey": "PrivateSubnetCidrBlock2", 48 | "ParameterValue": "10.20.5.0/24" 49 | }, 50 | { 51 | "ParameterKey": "PrivateSubnetCidrBlock3", 52 | "ParameterValue": "10.20.6.0/24" 53 | }, 54 | { 55 | "ParameterKey": "RemoteAccessNetwork", 56 | "ParameterValue": "50.12.34.100/32" 57 | }, 58 | { 59 | "ParameterKey": "AllowHttpToPublicRuleNumber", 60 | "ParameterValue": "100" 61 | }, 62 | { 63 | "ParameterKey": "AllowHttpsToPublicRuleNumber", 64 | "ParameterValue": "105" 65 | }, 66 | { 67 | "ParameterKey": "AllowReturnTrafficToPublicRuleNumber", 68 | "ParameterValue": "110" 69 | }, 70 | { 71 | "ParameterKey": "AllowVpcSubnetsRuleNumber", 72 | "ParameterValue": "115" 73 | }, 74 | { 75 | "ParameterKey": "AllowAllOutboundPublicRuleNumber", 76 | "ParameterValue": "100" 77 | }, 78 | { 79 | "ParameterKey": "AllowAllInboundPrivateRuleNumber", 80 | "ParameterValue": "100" 81 | }, 82 | { 83 | "ParameterKey": "AllowAllOutboundPrivateRuleNumber", 84 | "ParameterValue": "100" 85 | }, 86 | { 87 | "ParameterKey": "SetupNatGateway", 88 | "ParameterValue": "true" 89 | }, 90 | { 91 | "ParameterKey": "SetupVpn", 92 | "ParameterValue": "false" 93 | }, 94 | { 95 | "ParameterKey": "SetupBastion", 96 | "ParameterValue": "true" 97 | }, 98 | { 99 | "ParameterKey": "BastionOsType", 100 | "ParameterValue": "rhel" 101 | }, 102 | { 103 | "ParameterKey": "AllowSshRdpToBastionRuleNumber", 104 | "ParameterValue": "200" 105 | }, 106 | { 107 | "ParameterKey": "AllowIcmpToBastionRuleNumber", 108 | "ParameterValue": "205" 109 | }, 110 | { 111 | "ParameterKey": "Ec2KeyPair", 112 | "ParameterValue": "mycool-key" 113 | }, 114 | { 115 | "ParameterKey": "BastionInstanceType", 116 | "ParameterValue": "t2.small" 117 | }, 118 | { 119 | "ParameterKey": "RemoteVpnDeviceIp", 120 | "ParameterValue": "0.0.0.0" 121 | }, 122 | { 123 | "ParameterKey": "RemoteBgpAsn", 124 | "ParameterValue": "65000" 125 | }, 126 | { 127 | "ParameterKey": "IncludePublicSubnets", 128 | "ParameterValue": "true" 129 | }, 130 | { 131 | "ParameterKey": "AllowOfficeNetworktoPublicRuleNumber", 132 | "ParameterValue": "125" 133 | }, 134 | { 135 | "ParameterKey": "AllowOfficeNetworktoPrivateRuleNumber", 136 | "ParameterValue": "125" 137 | } 138 | ] -------------------------------------------------------------------------------- /labs/chef/example_parameters/chef-complete-ecosystem.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "Owner", 4 | "ParameterValue": "Levon Becker" 5 | }, 6 | { 7 | "ParameterKey": "Project", 8 | "ParameterValue": "Infrastructure Stack Creation" 9 | }, 10 | { 11 | "ParameterKey": "DeleteAfter", 12 | "ParameterValue": "Never" 13 | }, 14 | { 15 | "ParameterKey": "VPCSubnetCidrBlock", 16 | "ParameterValue": "10.20.0.0/16" 17 | }, 18 | { 19 | "ParameterKey": "AvailabilityZone1", 20 | "ParameterValue": "a" 21 | }, 22 | { 23 | "ParameterKey": "AvailabilityZone2", 24 | "ParameterValue": "b" 25 | }, 26 | { 27 | "ParameterKey": "AvailabilityZone3", 28 | "ParameterValue": "c" 29 | }, 30 | { 31 | "ParameterKey": "PublicSubnetCidrBlock1", 32 | "ParameterValue": "10.20.1.0/24" 33 | }, 34 | { 35 | "ParameterKey": "PublicSubnetCidrBlock2", 36 | "ParameterValue": "10.20.2.0/24" 37 | }, 38 | { 39 | "ParameterKey": "PublicSubnetCidrBlock3", 40 | "ParameterValue": "10.20.3.0/24" 41 | }, 42 | { 43 | "ParameterKey": "PrivateSubnetCidrBlock1", 44 | "ParameterValue": "10.20.4.0/24" 45 | }, 46 | { 47 | "ParameterKey": "PrivateSubnetCidrBlock2", 48 | "ParameterValue": "10.20.5.0/24" 49 | }, 50 | { 51 | "ParameterKey": "PrivateSubnetCidrBlock3", 52 | "ParameterValue": "10.20.6.0/24" 53 | }, 54 | { 55 | "ParameterKey": "RemoteAccessNetwork", 56 | "ParameterValue": "50.12.34.100/32" 57 | }, 58 | { 59 | "ParameterKey": "AllowHttpToPublicRuleNumber", 60 | "ParameterValue": "100" 61 | }, 62 | { 63 | "ParameterKey": "AllowHttpsToPublicRuleNumber", 64 | "ParameterValue": "105" 65 | }, 66 | { 67 | "ParameterKey": "AllowReturnTrafficToPublicRuleNumber", 68 | "ParameterValue": "110" 69 | }, 70 | { 71 | "ParameterKey": "AllowVpcSubnetsRuleNumber", 72 | "ParameterValue": "115" 73 | }, 74 | { 75 | "ParameterKey": "AllowAllOutboundPublicRuleNumber", 76 | "ParameterValue": "100" 77 | }, 78 | { 79 | "ParameterKey": "AllowAllInboundPrivateRuleNumber", 80 | "ParameterValue": "100" 81 | }, 82 | { 83 | "ParameterKey": "AllowAllOutboundPrivateRuleNumber", 84 | "ParameterValue": "100" 85 | }, 86 | { 87 | "ParameterKey": "SetupNatGateway", 88 | "ParameterValue": "true" 89 | }, 90 | { 91 | "ParameterKey": "SetupVpn", 92 | "ParameterValue": "false" 93 | }, 94 | { 95 | "ParameterKey": "SetupBastion", 96 | "ParameterValue": "true" 97 | }, 98 | { 99 | "ParameterKey": "BastionOsType", 100 | "ParameterValue": "rhel" 101 | }, 102 | { 103 | "ParameterKey": "AllowSshRdpToBastionRuleNumber", 104 | "ParameterValue": "200" 105 | }, 106 | { 107 | "ParameterKey": "AllowIcmpToBastionRuleNumber", 108 | "ParameterValue": "205" 109 | }, 110 | { 111 | "ParameterKey": "Ec2KeyPair", 112 | "ParameterValue": "mycool-key" 113 | }, 114 | { 115 | "ParameterKey": "BastionInstanceType", 116 | "ParameterValue": "t2.small" 117 | }, 118 | { 119 | "ParameterKey": "RemoteVpnDeviceIp", 120 | "ParameterValue": "0.0.0.0" 121 | }, 122 | { 123 | "ParameterKey": "RemoteBgpAsn", 124 | "ParameterValue": "65000" 125 | }, 126 | { 127 | "ParameterKey": "IncludePublicSubnets", 128 | "ParameterValue": "true" 129 | }, 130 | { 131 | "ParameterKey": "AllowOfficeNetworktoPublicRuleNumber", 132 | "ParameterValue": "125" 133 | }, 134 | { 135 | "ParameterKey": "AllowOfficeNetworktoPrivateRuleNumber", 136 | "ParameterValue": "125" 137 | } 138 | ] -------------------------------------------------------------------------------- /labs/codepipeline/simple.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Simple CodePipeline example with GitHub and Approval 4 | Parameters: 5 | GitHubUser: 6 | Type: String 7 | Description: GitHub User 8 | Default: "stelligent" 9 | GitHubRepo: 10 | Type: String 11 | Description: GitHub Repo to pull from. Only the Name. not the URL 12 | Default: "cloudformation_templates" 13 | GitHubBranch: 14 | Type: String 15 | Description: GitHub Branch 16 | Default: "master" 17 | GitHubToken: 18 | NoEcho: true 19 | Type: String 20 | Description: Secret. It might look something like 9b189a1654643522561f7b3ebd44a1531a4287af OAuthToken with access to Repo. Go to https://github.com/settings/tokens 21 | Metadata: 22 | AWS::CloudFormation::Interface: 23 | ParameterGroups: 24 | - Label: 25 | default: "GitHub Configuration" 26 | Parameters: 27 | - GitHubToken 28 | - GitHubUser 29 | - GitHubRepo 30 | - GitHubBranch 31 | ParameterLabels: 32 | GitHubToken: 33 | default: GitHub OAuth2 Token 34 | GitHubUser: 35 | default: GitHub User/Org Name 36 | GitHubRepo: 37 | default: GitHub Repository Name 38 | GitHubBranch: 39 | default: GitHub Branch Name 40 | Resources: 41 | CodePipelineRole: 42 | Type: AWS::IAM::Role 43 | Properties: 44 | AssumeRolePolicyDocument: 45 | Statement: 46 | - Effect: Allow 47 | Principal: 48 | Service: 49 | - codepipeline.amazonaws.com 50 | Action: 51 | - sts:AssumeRole 52 | Path: "/" 53 | Policies: 54 | - PolicyName: codepipeline-service 55 | PolicyDocument: 56 | Statement: 57 | - Action: 58 | - s3:GetObject 59 | - s3:GetObjectVersion 60 | - s3:GetBucketVersioning 61 | Resource: "*" 62 | Effect: Allow 63 | - Action: 64 | - s3:PutObject 65 | Resource: 66 | - arn:aws:s3:::codepipeline* 67 | Effect: Allow 68 | - Action: 69 | - s3:GetObject 70 | - s3:GetObjectVersion 71 | - s3:GetBucketVersioning 72 | - s3:PutObject 73 | - iam:PassRole 74 | Resource: "*" 75 | Effect: Allow 76 | Version: '2012-10-17' 77 | PipelineBucket: 78 | Type: AWS::S3::Bucket 79 | DeletionPolicy: Delete 80 | Pipeline: 81 | Type: AWS::CodePipeline::Pipeline 82 | Properties: 83 | RoleArn: !GetAtt CodePipelineRole.Arn 84 | Stages: 85 | - Name: Source 86 | Actions: 87 | - InputArtifacts: [] 88 | Name: Source 89 | ActionTypeId: 90 | Category: Source 91 | Owner: ThirdParty 92 | Version: '1' 93 | Provider: GitHub 94 | OutputArtifacts: 95 | - Name: SourceArtifacts 96 | Configuration: 97 | Owner: !Ref GitHubUser 98 | Repo: !Ref GitHubRepo 99 | Branch: !Ref GitHubBranch 100 | OAuthToken: !Ref GitHubToken 101 | RunOrder: 1 102 | - Name: Build 103 | Actions: 104 | - Name: Deploy 105 | ActionTypeId: 106 | Category: Approval 107 | Owner: AWS 108 | Version: '1' 109 | Provider: Manual 110 | RunOrder: 2 111 | ArtifactStore: 112 | Type: S3 113 | Location: !Ref PipelineBucket 114 | Outputs: 115 | PipelineUrl: 116 | Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} 117 | Description: CodePipeline URL 118 | -------------------------------------------------------------------------------- /infrastructure/nat-gateway.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: NAT Gateway by Levon Becker v20160405-1100 4 | Parameters: 5 | Owner: 6 | Description: Enter Team or Individual Name Responsible for the Stack. 7 | Type: String 8 | Default: FirstName LastName 9 | Project: 10 | Description: Enter Project Name. 11 | Type: String 12 | Default: NAT Gateway Creation 13 | DeleteAfter: 14 | Description: Enter Date It's Ok to Delete the Stack or 'Never' if meant to be 15 | persistent. 16 | Type: String 17 | Default: 00/00/201x 18 | VPC: 19 | Description: Select VPC. 20 | Type: AWS::EC2::VPC::Id 21 | PublicSubnet: 22 | Description: Public Subnet to Attach NAT Gateway. 23 | Type: AWS::EC2::Subnet::Id 24 | PrivateRouteTable: 25 | Description: Enter Private Route Table ID. 26 | Type: String 27 | Default: rtb-0000000 28 | PublicNetworkAcl: 29 | Description: Enter Public Network ACL ID. 30 | Type: String 31 | Default: acl-0000000 32 | AllowNatRuleNumber: 33 | Description: Enter Public Network ACL Rule Number to Allow Return NAT Traffic. 34 | Type: Number 35 | Default: '120' 36 | Resources: 37 | NatGateway: 38 | Type: AWS::EC2::NatGateway 39 | DependsOn: NatEIP 40 | Properties: 41 | AllocationId: 42 | Fn::GetAtt: 43 | - NatEIP 44 | - AllocationId 45 | SubnetId: 46 | Ref: PublicSubnet 47 | NatEIP: 48 | Type: AWS::EC2::EIP 49 | Properties: 50 | Domain: vpc 51 | NatRoute: 52 | Type: AWS::EC2::Route 53 | DependsOn: NatGateway 54 | Properties: 55 | RouteTableId: 56 | Ref: PrivateRouteTable 57 | DestinationCidrBlock: 0.0.0.0/0 58 | NatGatewayId: 59 | Ref: NatGateway 60 | InboundPublicNetworkAclAllowNat: 61 | Type: AWS::EC2::NetworkAclEntry 62 | Properties: 63 | NetworkAclId: 64 | Ref: PublicNetworkAcl 65 | RuleNumber: 66 | Ref: AllowNatRuleNumber 67 | Protocol: '6' 68 | RuleAction: allow 69 | Egress: 'false' 70 | CidrBlock: 0.0.0.0/0 71 | PortRange: 72 | From: '1024' 73 | To: '65535' 74 | Outputs: 75 | Owner: 76 | Description: Team or Individual that Owns this Formation. 77 | Value: 78 | Ref: Owner 79 | Project: 80 | Description: The project name 81 | Value: 82 | Ref: Project 83 | VPC: 84 | Description: VPC Used 85 | Value: 86 | Ref: VPC 87 | NatEIP: 88 | Description: NAT Elastic IP Address 89 | Value: 90 | Ref: NatEIP 91 | PublicNetworkACLRuleNumbers: 92 | Description: Public Network ACL Rules Number Created. 93 | Value: 94 | Fn::Join: 95 | - '' 96 | - - Inbound ( 97 | - Ref: AllowNatRuleNumber 98 | - ")" 99 | DeleteAfter: 100 | Description: It is ok to delete the Formation after this date 101 | Value: 102 | Ref: DeleteAfter 103 | Metadata: 104 | AWS::CloudFormation::Interface: 105 | ParameterGroups: 106 | - Label: 107 | default: Ownership 108 | Parameters: 109 | - Owner 110 | - Project 111 | - DeleteAfter 112 | - Label: 113 | default: Network Configuration 114 | Parameters: 115 | - VPC 116 | - PublicSubnet 117 | - PrivateRouteTable 118 | - PublicNetworkAcl 119 | - AllowNatRuleNumber 120 | ParameterLabels: 121 | Owner: 122 | default: Team or Individual Owner 123 | DeleteAfter: 124 | default: Delete After Date 125 | PublicSubnet: 126 | default: Public Subnet 127 | PrivateRouteTable: 128 | default: Private Route Table 129 | PublicNetworkAcl: 130 | default: Public Network ACL 131 | AllowNatRuleNumber: 132 | default: Public Network ACL Rule Number 133 | -------------------------------------------------------------------------------- /database/README.md: -------------------------------------------------------------------------------- 1 | # Database CloudFormation Templates 2 | 3 | ## Purpose 4 | 5 | Collection of Database Templates that use various nested templates from this repository. 6 | 7 | ## Templates 8 | 9 | ### Database 10 | 11 | 12 | 13 | 14 | 15 | 16 | 35 | 47 | 48 |

MySQL RDS

17 |

Creates a MySQL RDS Database Instance.

18 |
Prerequisites
19 |
    20 |
  1. VPC
    2. 21 |
      22 |
    • Public Subnet, IGW, Private Subnet/s.
      • 23 |
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
      • 24 |
    25 |
26 |
Create Details
27 |
    28 |
  1. DB Instance
    2. 29 |
  2. DB Subnet Group
    3. 30 |
  3. Security Group
    4. 31 |
  4. Cloud Watch Alarms
    5. 32 |
  5. Route 53 Record Set (Optional)
    6. 33 |
34 | 		36 | 37 | 38 | 39 | 40 | 41 | 44 | 45 |
Launch
42 | 43 |
46 |
49 | 50 | 51 | 52 | 53 | 54 | 55 | 79 | 91 | 92 |

Create RDS From Snapshot

56 |

Creates an RDS Instance From Snapshot. Can be great for Blue/Green or pull Prd DB to Nonprod for testing.

57 |
Prerequisites
58 |
    59 |
  1. RDS Snapshot in Same Region
    2. 60 |
  2. 2+ Subnets if Enabling Multi AZ
    3. 61 |
62 |
Create Details
63 |
    64 |
  1. Create RDS Instance from Snapshot
    2. 65 |
  2. Create Subnet Group
    3. 66 |
  3. Create Access Security Group
    4. 67 |
  4. Optionally Configure DNS Record in Route53
    5. 68 |
69 |
Notes
70 |
    71 |
  1. Because it's a restore several options are not available. Such as:
    2. 72 |
      73 |
    1. Can't set Master User and Password
      2. 74 |
    2. Can't select what DB Engine
      3. 75 |
    3. Can't set allocated storage
      4. 76 |
    77 |
78 | 		80 | 81 | 82 | 83 | 84 | 85 | 88 | 89 |
Launch
86 | 87 |
90 |
-------------------------------------------------------------------------------- /storage/s3-backup-bucket-delete-previous.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: 2010-09-09 3 | Description: Create S3 Backup Bucket Template v20170114-1130 4 | Parameters: 5 | # Ownership 6 | Owner: 7 | Type: String 8 | Default: FirstName LastName 9 | Project: 10 | Type: String 11 | Default: S3 Backup Bucket Creation 12 | DeleteAfter: 13 | Type: String 14 | Default: 00/00/201x 15 | 16 | # Deployment 17 | VpcE: 18 | Type: String 19 | BucketName: 20 | Type: String 21 | PreviousLifeCycle: 22 | Type: Number 23 | Default: 30 24 | 25 | Resources: 26 | Bucket: 27 | Type: AWS::S3::Bucket 28 | Properties: 29 | BucketName: !Ref BucketName 30 | VersioningConfiguration: 31 | Status: Enabled 32 | LifecycleConfiguration: 33 | Rules: 34 | - Id: !Join [ "", [ "Delete Previous > ", !Ref PreviousLifeCycle, " Days" ] ] 35 | NoncurrentVersionExpirationInDays: !Ref PreviousLifeCycle 36 | Status: Enabled 37 | Tags: 38 | - Key: Owner 39 | Value: !Ref Owner 40 | - Key: Project 41 | Value: !Ref Project 42 | - Key: DeleteAfter 43 | Value: !Ref DeleteAfter 44 | 45 | BucketPolicy: 46 | Type: AWS::S3::BucketPolicy 47 | Properties: 48 | Bucket: !Ref Bucket 49 | PolicyDocument: 50 | Version: '2008-10-17' 51 | Statement: 52 | - 53 | Sid: "Deny Unencrypted Put Object" 54 | Effect: Deny 55 | Principal: "*" 56 | Action: 57 | - "s3:PutObject" 58 | Resource: !Join [ "", [ "arn:aws:s3:::", !Ref Bucket, "/*" ] ] 59 | Condition: 60 | StringNotEquals: 61 | s3:x-amz-server-side-encryption: 62 | - "AES256" 63 | - "aws:kms" 64 | - 65 | Sid: "Deny Unencrypted Object Uploads" 66 | Effect: Deny 67 | Principal: "*" 68 | Action: 69 | - "s3:PutObject" 70 | Resource: !Join [ "", [ "arn:aws:s3:::", !Ref Bucket, "/*" ] ] 71 | Condition: 72 | StringNotEquals: 73 | s3:x-amz-server-side-encryption: "true" 74 | - 75 | Sid: "Allow VPCe Read Bucket" 76 | Effect: Allow 77 | Principal: "*" 78 | Action: 79 | - "s3:ListBucket" 80 | - "s3:ListBucketVersions" 81 | Resource: !Join [ "", [ "arn:aws:s3:::", !Ref Bucket ] ] 82 | Condition: 83 | StringEquals: 84 | aws:sourceVpce: !Ref VpcE 85 | - 86 | Sid: "Allow VPCe Read-Write Content" 87 | Effect: Allow 88 | Principal: "*" 89 | Action: 90 | - "s3:GetObject" 91 | - "s3:GetObjectVersion" 92 | - "s3:DeleteObject" 93 | - "s3:DeleteObjectVersion" 94 | - "s3:PutObject" 95 | Resource: !Join [ "", [ "arn:aws:s3:::", !Ref Bucket, "/*" ] ] 96 | Condition: 97 | StringEquals: 98 | aws:sourceVpce: !Ref VpcE 99 | 100 | Outputs: 101 | VpcE: 102 | Description: VPC Endpoint 103 | Value: !Ref VpcE 104 | BucketName: 105 | Description: S3 Bucket Name 106 | Value: !Ref BucketName 107 | PreviousLifeCycle: 108 | Description: Previous Life Cycle 109 | Value: !Ref PreviousLifeCycle 110 | Metadata: 111 | AWS::CloudFormation::Interface: 112 | ParameterGroups: 113 | - 114 | Label: 115 | default: Ownership 116 | Parameters: 117 | - Owner 118 | - Project 119 | - DeleteAfter 120 | - 121 | Label: 122 | default: Deployment 123 | Parameters: 124 | - VpcE 125 | - BucketName 126 | - PreviousLifeCycle 127 | 128 | ParameterLabels: 129 | # Ownership 130 | Owner: 131 | default: Contact Owner 132 | Project: 133 | default: ASV 134 | DeleteAfter: 135 | default: CMDB Environment 136 | 137 | # Deployment 138 | VpcE: 139 | default: VPC Endpoint 140 | BucketName: 141 | default: Bucket Name 142 | PreviousLifeCycle: 143 | default: Previous LifeCycle (Days) 144 | -------------------------------------------------------------------------------- /infrastructure/nat-gateway.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "NAT Gateway by Levon Becker v20160405-1100", 4 | "Parameters": { 5 | "Owner": { 6 | "Description": "Enter Team or Individual Name Responsible for the Stack.", 7 | "Type": "String", 8 | "Default": "FirstName LastName" 9 | }, 10 | "Project": { 11 | "Description": "Enter Project Name.", 12 | "Type": "String", 13 | "Default": "NAT Gateway Creation" 14 | }, 15 | "DeleteAfter": { 16 | "Description": "Enter Date It's Ok to Delete the Stack or 'Never' if meant to be persistent.", 17 | "Type": "String", 18 | "Default": "00/00/201x" 19 | }, 20 | "VPC": { 21 | "Description": "Select VPC.", 22 | "Type": "AWS::EC2::VPC::Id" 23 | }, 24 | "PublicSubnet": { 25 | "Description": "Public Subnet to Attach NAT Gateway.", 26 | "Type": "AWS::EC2::Subnet::Id" 27 | }, 28 | "PrivateRouteTable": { 29 | "Description": "Enter Private Route Table ID.", 30 | "Type": "String", 31 | "Default": "rtb-0000000" 32 | }, 33 | "PublicNetworkAcl": { 34 | "Description": "Enter Public Network ACL ID.", 35 | "Type": "String", 36 | "Default": "acl-0000000" 37 | }, 38 | "AllowNatRuleNumber": { 39 | "Description": "Enter Public Network ACL Rule Number to Allow Return NAT Traffic.", 40 | "Type": "Number", 41 | "Default": "120" 42 | } 43 | }, 44 | "Resources": { 45 | "NatGateway": { 46 | "Type": "AWS::EC2::NatGateway", 47 | "DependsOn": "NatEIP", 48 | "Properties": { 49 | "AllocationId": {"Fn::GetAtt": ["NatEIP", "AllocationId"]}, 50 | "SubnetId": {"Ref": "PublicSubnet"} 51 | } 52 | }, 53 | "NatEIP": { 54 | "Type": "AWS::EC2::EIP", 55 | "Properties": { 56 | "Domain": "vpc" 57 | } 58 | }, 59 | "NatRoute": { 60 | "Type": "AWS::EC2::Route", 61 | "DependsOn": "NatGateway", 62 | "Properties": { 63 | "RouteTableId": {"Ref": "PrivateRouteTable"}, 64 | "DestinationCidrBlock": "0.0.0.0/0", 65 | "NatGatewayId": {"Ref": "NatGateway"} 66 | } 67 | }, 68 | "InboundPublicNetworkAclAllowNat": { 69 | "Type": "AWS::EC2::NetworkAclEntry", 70 | "Properties": { 71 | "NetworkAclId": {"Ref": "PublicNetworkAcl"}, 72 | "RuleNumber": {"Ref": "AllowNatRuleNumber"}, 73 | "Protocol": "6", 74 | "RuleAction": "allow", 75 | "Egress": "false", 76 | "CidrBlock": "0.0.0.0/0", 77 | "PortRange": { 78 | "From": "1024", 79 | "To": "65535" 80 | } 81 | } 82 | } 83 | }, 84 | "Outputs": { 85 | "Owner": { 86 | "Description": "Team or Individual that Owns this Formation.", 87 | "Value": {"Ref": "Owner"} 88 | }, 89 | "Project": { 90 | "Description": "The project name", 91 | "Value": {"Ref": "Project"} 92 | }, 93 | "VPC": { 94 | "Description": "VPC Used", 95 | "Value": {"Ref": "VPC"} 96 | }, 97 | "NatEIP": { 98 | "Description": "NAT Elastic IP Address", 99 | "Value": {"Ref": "NatEIP"} 100 | }, 101 | "PublicNetworkACLRuleNumbers": { 102 | "Description": "Public Network ACL Rules Number Created.", 103 | "Value": { 104 | "Fn::Join": [ 105 | "", [ 106 | "Inbound (", {"Ref": "AllowNatRuleNumber"}, ")" 107 | ] 108 | ] 109 | } 110 | }, 111 | "DeleteAfter": { 112 | "Description": "It is ok to delete the Formation after this date", 113 | "Value": {"Ref": "DeleteAfter"} 114 | } 115 | }, 116 | "Metadata" : { 117 | "AWS::CloudFormation::Interface" : { 118 | "ParameterGroups" : [ 119 | { 120 | "Label" : { "default" : "Ownership" }, 121 | "Parameters" : [ "Owner", "Project", "DeleteAfter" ] 122 | }, 123 | { 124 | "Label" : { "default" : "Network Configuration" }, 125 | "Parameters" : [ 126 | "VPC", 127 | "PublicSubnet", 128 | "PrivateRouteTable", 129 | "PublicNetworkAcl", 130 | "AllowNatRuleNumber" 131 | ] 132 | } 133 | ], 134 | "ParameterLabels" : { 135 | "Owner" : { "default" : "Team or Individual Owner" }, 136 | "DeleteAfter" : { "default" : "Delete After Date" }, 137 | "PublicSubnet" : { "default" : "Public Subnet" }, 138 | "PrivateRouteTable" : { "default" : "Private Route Table" }, 139 | "PublicNetworkAcl" : { "default" : "Public Network ACL" }, 140 | "AllowNatRuleNumber" : { "default" : "Public Network ACL Rule Number" } 141 | } 142 | } 143 | } 144 | } -------------------------------------------------------------------------------- /storage/efs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Create Elastic File System v20161029-1200 4 | Parameters: 5 | # Ownership 6 | Owner: 7 | Type: String 8 | Default: FirstName LastName 9 | Project: 10 | Type: String 11 | Default: EFS Mount 12 | DeleteAfter: 13 | Type: String 14 | Default: 00/00/201x 15 | # Network 16 | VPC: 17 | Type: AWS::EC2::VPC::Id 18 | Subnet1: 19 | Type: AWS::EC2::Subnet::Id 20 | Subnet2: 21 | Type: AWS::EC2::Subnet::Id 22 | Subnet3: 23 | Type: AWS::EC2::Subnet::Id 24 | # EFS 25 | PerformanceMode: 26 | Type: String 27 | Default: generalPurpose 28 | AllowedValues: 29 | - generalPurpose 30 | - maxIO 31 | Resources: 32 | FileSystem: 33 | Type: AWS::EFS::FileSystem 34 | Properties: 35 | FileSystemTags: 36 | - Key: Name 37 | Value: !Ref AWS::StackName 38 | - Key: Owner 39 | Value: !Ref Owner 40 | - Key: Project 41 | Value: !Ref Project 42 | - Key: DeleteAfter 43 | Value: !Ref DeleteAfter 44 | PerformanceMode: !Ref PerformanceMode 45 | MountTarget1: 46 | Type: AWS::EFS::MountTarget 47 | DependsOn: 48 | - FileSystem 49 | - EfsSecurityGroup 50 | Properties: 51 | FileSystemId: !Ref FileSystem 52 | SubnetId: !Ref Subnet1 53 | SecurityGroups: 54 | - !Ref EfsSecurityGroup 55 | MountTarget2: 56 | Type: AWS::EFS::MountTarget 57 | DependsOn: 58 | - FileSystem 59 | - EfsSecurityGroup 60 | Properties: 61 | FileSystemId: !Ref FileSystem 62 | SubnetId: !Ref Subnet2 63 | SecurityGroups: 64 | - !Ref EfsSecurityGroup 65 | MountTarget3: 66 | Type: AWS::EFS::MountTarget 67 | DependsOn: 68 | - FileSystem 69 | - EfsSecurityGroup 70 | Properties: 71 | FileSystemId: !Ref FileSystem 72 | SubnetId: !Ref Subnet3 73 | SecurityGroups: 74 | - !Ref EfsSecurityGroup 75 | EfsSecurityGroup: 76 | Type: AWS::EC2::SecurityGroup 77 | Properties: 78 | GroupDescription: Instance to EFS Mount Access 79 | VpcId: !Ref VPC 80 | Tags: 81 | - Key: Name 82 | Value: !Ref AWS::StackName 83 | - Key: Owner 84 | Value: !Ref Owner 85 | - Key: Project 86 | Value: !Ref Project 87 | - Key: DeleteAfter 88 | Value: !Ref DeleteAfter 89 | SecurityGroupIngress: 90 | Type: AWS::EC2::SecurityGroupIngress 91 | DependsOn: EfsSecurityGroup 92 | Properties: 93 | GroupId: !Ref EfsSecurityGroup 94 | IpProtocol: "-1" 95 | SourceSecurityGroupId: !Ref EfsSecurityGroup 96 | Outputs: 97 | Owner: 98 | Description: Team or Individual that Owns this Formation. 99 | Value: !Ref Owner 100 | Project: 101 | Description: The project name 102 | Value: !Ref Project 103 | VPC: 104 | Description: Created VPC 105 | Value: !Ref VPC 106 | Subnet1: 107 | Description: Subnet 1 108 | Value: !Ref Subnet1 109 | Subnet2: 110 | Description: Subnet 2 111 | Value: !Ref Subnet2 112 | Subnet3: 113 | Description: Subnet 3 114 | Value: !Ref Subnet3 115 | FileSystem: 116 | Description: FileSystem 117 | Value: !Ref FileSystem 118 | PerformanceMode: 119 | Description: PerformanceMode 120 | Value: !Ref PerformanceMode 121 | MountTarget1: 122 | Description: MountTarget 1 123 | Value: !Ref MountTarget1 124 | MountTarget2: 125 | Description: MountTarget 2 126 | Value: !Ref MountTarget1 127 | MountTarget3: 128 | Description: MountTarget 3 129 | Value: !Ref MountTarget1 130 | # MountTargetDns1: 131 | # Description: MountTarget 1 132 | # Value: !GetAtt MountTarget1.DNSName 133 | # MountTargetDns2: 134 | # Description: MountTarget 2 135 | # Value: !GetAtt MountTarget1.DNSName 136 | # MountTargetDns3: 137 | # Description: MountTarget 3 138 | # Value: !GetAtt MountTarget1.DNSName 139 | Metadata: 140 | AWS::CloudFormation::Interface: 141 | ParameterGroups: 142 | - Label: 143 | default: Ownership 144 | Parameters: 145 | - Owner 146 | - Project 147 | - DeleteAfter 148 | - Label: 149 | default: Network Configuration 150 | Parameters: 151 | - VPC 152 | - Subnet1 153 | - Subnet2 154 | - Subnet3 155 | - Label: 156 | default: EFS Configuration 157 | Parameters: 158 | - PerformanceMode 159 | ParameterLabels: 160 | Owner: 161 | default: Team or Individual Owner 162 | DeleteAfter: 163 | default: Delete After Date 164 | VPC: 165 | default: VPC ID 166 | Subnet1: 167 | default: Subnet 1 168 | Subnet2: 169 | default: Subnet 2 170 | Subnet3: 171 | default: Subnet 3 172 | PerformanceMode: 173 | default: EFS Performance Mode -------------------------------------------------------------------------------- /labs/chef/README.md: -------------------------------------------------------------------------------- 1 | # Chef Compliance Lab CloudFormation Template 2 | 3 | ## Purpose 4 | Chef Compliance Webapp Server Setup Template that uses a Chef Compliance AMI provided by Chef. 5 | 6 | ## Supported Regions 7 | * us-west-2 8 | * us-east-1 9 | 10 | ## Requirements 11 | 1. A VPC with a Public Subnet that has internet access 12 | 2. An Available EIP 13 | 3. AWS Permissions to create IAM roles 14 | 4. EC2 Key Pair Setup 15 | 16 | ## Chef Compliance Webapp 17 | 18 | 19 | 20 | 21 | 22 | 23 | 49 | 85 | 86 | 87 | 121 | 122 |

Chef Compliance Lab

24 |

Creates a Chef Complianc Web server in a Public Subnet with Internet Gatewayy attached on an existing VPC. 25 | It then attaches an EIP and finally adds the instance to an existing instance-to-instance security group.

26 |
Prerequisites
27 |
    28 |
  1. VPC
    2. 29 |
      30 |
    • Public Subnet, IGW, Private Subnet/s.
      • 31 |
    • Either use an existing VPC Infrastructure or you can use the following VPC Template to create a one.
      • 32 |
    33 |
  2. Available EIP
    3. 34 |
35 |
Supported Regions
36 |
    37 |
  1. us-west-2
    2. 38 |
  2. us-east-1
    3. 39 |
40 |
Create Details
41 |
    42 |
  1. EC2 Instance
    2. 43 |
  2. EIP
    3. 44 |
  3. IAM Role
    4. 45 |
  4. IAM Instance Profile
    5. 46 |
  5. Security Group
    6. 47 |
48 | 		50 | 51 | 52 | 53 | 54 | 55 | 61 | 62 |
Launch
56 | 57 |

us-west-2

58 | 59 |

us-east-1

60 |
63 | 64 | 65 | 66 | 67 | 68 | 71 | 72 |
View in Designer
69 | View in Designer 70 |
73 | 74 | 75 | 76 | 77 | 78 | 82 | 83 |
How To Video
79 | HowTo Video 80 |

COMING SOON

81 |
84 |
88 | 89 | 90 | 91 | 92 | 93 | 97 | 98 | 99 | 102 | 103 | 104 | 108 | 109 | 110 | 113 | 114 | 115 | 118 | 119 |
AWS CLI Example
94 |
Base Command
95 | aws cloudformation create-stack --profile {AWS Profile Name} --stack-name {Stack Name} --capabilities CAPABILITY_IAM --template-url "https://s3.amazonaws.com/bonusbits-public/cloudformation-templates/github/chef-compliance.yml" 96 |
100 |
Parameters
101 |
105 |
Option 1 - Custom Parameters JSON File (Example Here)
106 | --parameters file:///localpath/to/custom-parameters.json 107 |
111 |
Option 2 - Pass Parameters on CLI
112 |
116 | --parameters ... COMING SOON 117 |
120 |
123 | -------------------------------------------------------------------------------- /labs/budgets/budget-notifications.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | Description: "Automate AWS Budgets" 3 | Parameters: 4 | Currency: 5 | Description: The currency of your budget 6 | Type: String 7 | Default: USD 8 | StartTime: 9 | Description: First day of August in 2018 in numeric form 10 | Type: Number 11 | Default: 1533081600 12 | EndTime: 13 | Description: Last Data evalutated 14 | Type: Number 15 | Default: 3706473600 16 | BudgetLimit: 17 | Description: Maximum Budget in USD 18 | Type: Number 19 | Default: 500 20 | LinkedAccountBudgetLimit: 21 | Description: Maximum Budget in USD 22 | Type: Number 23 | Default: 2000 24 | SageMakerBudgetLimit: 25 | Description: Maximum Budget in USD 26 | Type: Number 27 | Default: 120 28 | Threshold01: 29 | Description: Threshold Percentage from 0 to 100 30 | Type: Number 31 | Default: 50 32 | Threshold02: 33 | Description: Threshold Percentage from 0 to 100 34 | Type: Number 35 | Default: 85 36 | EMail01: 37 | Description: The email address where notifications are sent 38 | Type: String 39 | PhoneNumber01: 40 | Description: Phone number preceded by country code and no spaces (for example, 12125551212) 41 | Type: Number 42 | LinkedAccountNumbers: 43 | Description: The AWS account ID is a 12-digit number, such as 123456789012. This parameter is a comma-delimited list of linked AWS account ids if running from a master account. 44 | Type: List 45 | Default: "123456789012, 123456789012" 46 | LinkedAccountsBoolean: 47 | Description: Environment type. 48 | Default: n 49 | Type: String 50 | AllowedValues: 51 | - y 52 | - n 53 | ConstraintDescription: must specify y or n. 54 | Conditions: 55 | FilterLinkedAccounts: !Equals [ !Ref LinkedAccountsBoolean, y ] 56 | 57 | Resources: 58 | NotifyPhonesSNS: 59 | Type: AWS::SNS::Topic 60 | Properties: 61 | TopicName: !Sub ${AWS::StackName}-phone-number 62 | Subscription: 63 | - Endpoint: !Sub ${PhoneNumber01} 64 | Protocol: sms 65 | MySnsTopicPolicy: 66 | Type: AWS::SNS::TopicPolicy 67 | Properties: 68 | PolicyDocument: 69 | Id: MyTopicPolicy 70 | Version: 2012-10-17 71 | Statement: 72 | - Sid: My-statement-id 73 | Effect: Allow 74 | Principal: 75 | Service: 76 | - budgets.amazonaws.com 77 | Action: sns:publish 78 | Resource: !Sub ${NotifyPhonesSNS} 79 | Topics: 80 | - !Ref NotifyPhonesSNS 81 | TotalMonthlyBudget: 82 | Type: "AWS::Budgets::Budget" 83 | Properties: 84 | Budget: 85 | BudgetLimit: 86 | Amount: !Sub ${BudgetLimit} 87 | Unit: !Sub ${Currency} 88 | TimeUnit: MONTHLY 89 | TimePeriod: 90 | Start: !Sub ${StartTime} 91 | End: !Sub ${EndTime} 92 | BudgetType: COST 93 | NotificationsWithSubscribers: 94 | - Notification: 95 | NotificationType: ACTUAL 96 | ComparisonOperator: GREATER_THAN 97 | Threshold: !Sub ${Threshold02} 98 | Subscribers: 99 | - SubscriptionType: EMAIL 100 | Address: !Sub ${EMail01} 101 | - SubscriptionType: SNS 102 | Address: !Sub ${NotifyPhonesSNS} 103 | - Notification: 104 | NotificationType: ACTUAL 105 | ComparisonOperator: GREATER_THAN 106 | Threshold: !Sub ${Threshold01} 107 | Subscribers: 108 | - SubscriptionType: EMAIL 109 | Address: !Sub ${EMail01} 110 | - SubscriptionType: SNS 111 | Address: !Sub ${NotifyPhonesSNS} 112 | SageMakerMonthlyBudget: 113 | Type: "AWS::Budgets::Budget" 114 | Properties: 115 | Budget: 116 | BudgetLimit: 117 | Amount: !Sub ${SageMakerBudgetLimit} 118 | Unit: !Sub ${Currency} 119 | TimeUnit: MONTHLY 120 | TimePeriod: 121 | Start: !Sub ${StartTime} 122 | End: !Sub ${EndTime} 123 | BudgetType: COST 124 | CostFilters: 125 | Service: 126 | - Amazon SageMaker 127 | NotificationsWithSubscribers: 128 | - Notification: 129 | NotificationType: ACTUAL 130 | ComparisonOperator: GREATER_THAN 131 | Threshold: !Sub ${Threshold02} 132 | Subscribers: 133 | - SubscriptionType: EMAIL 134 | Address: !Sub ${EMail01} 135 | - SubscriptionType: SNS 136 | Address: !Sub ${NotifyPhonesSNS} 137 | - Notification: 138 | NotificationType: ACTUAL 139 | ComparisonOperator: GREATER_THAN 140 | Threshold: !Sub ${Threshold01} 141 | Subscribers: 142 | - SubscriptionType: EMAIL 143 | Address: !Sub ${EMail01} 144 | - SubscriptionType: SNS 145 | Address: !Sub ${NotifyPhonesSNS} 146 | 147 | LinkedAccountsMonthlyBudget: 148 | Type: "AWS::Budgets::Budget" 149 | Condition: FilterLinkedAccounts 150 | Properties: 151 | Budget: 152 | BudgetLimit: 153 | Amount: !Sub ${LinkedAccountBudgetLimit} 154 | Unit: !Sub ${Currency} 155 | TimeUnit: MONTHLY 156 | TimePeriod: 157 | Start: !Sub ${StartTime} 158 | End: !Sub ${EndTime} 159 | BudgetType: COST 160 | CostFilters: 161 | LinkedAccount: !Ref LinkedAccountNumbers 162 | NotificationsWithSubscribers: 163 | - Notification: 164 | NotificationType: ACTUAL 165 | ComparisonOperator: GREATER_THAN 166 | Threshold: !Sub ${Threshold02} 167 | Subscribers: 168 | - SubscriptionType: EMAIL 169 | Address: !Sub ${EMail01} 170 | - SubscriptionType: SNS 171 | Address: !Sub ${NotifyPhonesSNS} 172 | - Notification: 173 | NotificationType: ACTUAL 174 | ComparisonOperator: GREATER_THAN 175 | Threshold: !Sub ${Threshold01} 176 | Subscribers: 177 | - SubscriptionType: EMAIL 178 | Address: !Sub ${EMail01} 179 | - SubscriptionType: SNS 180 | Address: !Sub ${NotifyPhonesSNS} 181 | 182 | Outputs: 183 | BudgetId: 184 | Value: !Ref TotalMonthlyBudget -------------------------------------------------------------------------------- /labs/spa/pipeline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Pipeline using CodePipeline and CodeBuild for continuous delivery of a single-page application to S3 4 | Parameters: 5 | SiteBucketName: 6 | Type: String 7 | Description: Name of bucket to create to host the website 8 | GitHubUser: 9 | Type: String 10 | Description: GitHub User 11 | Default: "stelligent" 12 | GitHubRepo: 13 | Type: String 14 | Description: GitHub Repo to pull from. Only the Name. not the URL 15 | Default: "sample-s3-delivery" 16 | GitHubBranch: 17 | Type: String 18 | Description: GitHub Branch 19 | Default: "master" 20 | GitHubToken: 21 | NoEcho: true 22 | Type: String 23 | Description: Secret. It might look something like 9b189a1654643522561f7b3ebd44a1531a4287af OAuthToken with access to Repo. Go to https://github.com/settings/tokens 24 | BuildType: 25 | Type: String 26 | Default: "linuxContainer" 27 | Description: The build container type to use for building the app 28 | BuildComputeType: 29 | Type: String 30 | Default: "BUILD_GENERAL1_SMALL" 31 | Description: The build compute type to use for building the app 32 | BuildImage: 33 | Type: String 34 | Default: "aws/codebuild/ubuntu-base:14.04" 35 | Description: The build image to use for building the app 36 | Metadata: 37 | AWS::CloudFormation::Interface: 38 | ParameterGroups: 39 | - Label: 40 | default: "Site Configuration" 41 | Parameters: 42 | - SiteBucketName 43 | - Label: 44 | default: "GitHub Configuration" 45 | Parameters: 46 | - GitHubToken 47 | - GitHubUser 48 | - GitHubRepo 49 | - GitHubBranch 50 | - Label: 51 | default: "Build Configuration" 52 | Parameters: 53 | - BuildType 54 | - BuildComputeType 55 | - BuildImage 56 | ParameterLabels: 57 | SiteBucketName: 58 | default: Name of S3 Bucket to create for website hosting 59 | GitHubToken: 60 | default: GitHub OAuth2 Token 61 | GitHubUser: 62 | default: GitHub User/Org Name 63 | GitHubRepo: 64 | default: GitHub Repository Name 65 | GitHubBranch: 66 | default: GitHub Branch Name 67 | BuildType: 68 | default: CodeBuild type 69 | BuildComputeType: 70 | default: CodeBuild instance type 71 | BuildImage: 72 | default: CodeBuild image 73 | Resources: 74 | CodeBuildRole: 75 | Type: AWS::IAM::Role 76 | Properties: 77 | AssumeRolePolicyDocument: 78 | Statement: 79 | - Effect: Allow 80 | Principal: 81 | Service: 82 | - codebuild.amazonaws.com 83 | Action: 84 | - sts:AssumeRole 85 | Path: "/" 86 | Policies: 87 | - PolicyName: codebuild-service 88 | PolicyDocument: 89 | Statement: 90 | - Effect: Allow 91 | Action: "*" 92 | Resource: "*" 93 | Version: '2012-10-17' 94 | CodePipelineRole: 95 | Type: AWS::IAM::Role 96 | Properties: 97 | AssumeRolePolicyDocument: 98 | Statement: 99 | - Effect: Allow 100 | Principal: 101 | Service: 102 | - codepipeline.amazonaws.com 103 | Action: 104 | - sts:AssumeRole 105 | Path: "/" 106 | Policies: 107 | - PolicyName: codepipeline-service 108 | PolicyDocument: 109 | Statement: 110 | - Action: 111 | - codebuild:* 112 | Resource: "*" 113 | Effect: Allow 114 | - Action: 115 | - s3:GetObject 116 | - s3:GetObjectVersion 117 | - s3:GetBucketVersioning 118 | Resource: "*" 119 | Effect: Allow 120 | - Action: 121 | - s3:PutObject 122 | Resource: 123 | - arn:aws:s3:::codepipeline* 124 | Effect: Allow 125 | - Action: 126 | - s3:* 127 | - cloudformation:* 128 | - ecs:* 129 | - iam:PassRole 130 | Resource: "*" 131 | Effect: Allow 132 | Version: '2012-10-17' 133 | SiteBucket: 134 | Type: AWS::S3::Bucket 135 | Properties: 136 | AccessControl: PublicRead 137 | BucketName: !Ref SiteBucketName 138 | WebsiteConfiguration: 139 | IndexDocument: index.html 140 | PipelineBucket: 141 | Type: AWS::S3::Bucket 142 | CodeBuildDeploySite: 143 | Type: AWS::CodeBuild::Project 144 | DependsOn: CodeBuildRole 145 | Properties: 146 | Name: !Sub ${AWS::StackName}-DeploySite 147 | Description: Deploy site to S3 148 | ServiceRole: !GetAtt CodeBuildRole.Arn 149 | Artifacts: 150 | Type: CODEPIPELINE 151 | Environment: 152 | Type: !Ref BuildType 153 | ComputeType: !Ref BuildComputeType 154 | Image: !Sub ${BuildImage} 155 | Source: 156 | Type: CODEPIPELINE 157 | BuildSpec: !Sub | 158 | version: 0.1 159 | phases: 160 | post_build: 161 | commands: 162 | - aws s3 cp --recursive --acl public-read ./ s3://${SiteBucketName}/ 163 | artifacts: 164 | type: zip 165 | files: 166 | - index.html 167 | TimeoutInMinutes: 10 168 | Pipeline: 169 | Type: AWS::CodePipeline::Pipeline 170 | Properties: 171 | RoleArn: !GetAtt CodePipelineRole.Arn 172 | Stages: 173 | - Name: Source 174 | Actions: 175 | - InputArtifacts: [] 176 | Name: Source 177 | ActionTypeId: 178 | Category: Source 179 | Owner: ThirdParty 180 | Version: '1' 181 | Provider: GitHub 182 | OutputArtifacts: 183 | - Name: SourceOutput 184 | Configuration: 185 | Owner: !Ref GitHubUser 186 | Repo: !Ref GitHubRepo 187 | Branch: !Ref GitHubBranch 188 | OAuthToken: !Ref GitHubToken 189 | RunOrder: 1 190 | - Name: Deploy 191 | Actions: 192 | - Name: Artifact 193 | ActionTypeId: 194 | Category: Build 195 | Owner: AWS 196 | Version: '1' 197 | Provider: CodeBuild 198 | InputArtifacts: 199 | - Name: SourceOutput 200 | OutputArtifacts: 201 | - Name: DeployOutput 202 | Configuration: 203 | ProjectName: !Ref CodeBuildDeploySite 204 | RunOrder: 1 205 | ArtifactStore: 206 | Type: S3 207 | Location: !Ref PipelineBucket 208 | Outputs: 209 | CodePipelineUrl: 210 | Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} 211 | Description: CodePipeline URL 212 | SiteUrl: 213 | Value: !GetAtt [SiteBucket, WebsiteURL] 214 | Description: S3 Website URL 215 | 216 | -------------------------------------------------------------------------------- /labs/s3/pipeline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Pipeline using CodePipeline and CodeBuild for continuous delivery of a single-page application to S3 4 | Parameters: 5 | SiteBucketName: 6 | Type: String 7 | Default: "stelligent-cloudformation-templates" 8 | Description: Name of bucket to create to host the website 9 | GitHubUser: 10 | Type: String 11 | Description: GitHub User 12 | Default: "stelligent" 13 | GitHubRepo: 14 | Type: String 15 | Description: GitHub Repo to pull from. Only the Name. not the URL 16 | Default: "cloudformation_templates" 17 | GitHubBranch: 18 | Type: String 19 | Description: GitHub Branch 20 | Default: "master" 21 | GitHubToken: 22 | NoEcho: true 23 | Type: String 24 | Description: Secret. It might look something like 9b189a1654643522561f7b3ebd44a1531a4287af OAuthToken with access to Repo. Go to https://github.com/settings/tokens 25 | BuildType: 26 | Type: String 27 | Default: "LINUX_CONTAINER" 28 | Description: The build container type to use for building the app 29 | BuildComputeType: 30 | Type: String 31 | Default: "BUILD_GENERAL1_SMALL" 32 | Description: The build compute type to use for building the app 33 | BuildImage: 34 | Type: String 35 | Default: "aws/codebuild/ubuntu-base:14.04" 36 | Description: The build image to use for building the app 37 | Metadata: 38 | AWS::CloudFormation::Interface: 39 | ParameterGroups: 40 | - Label: 41 | default: "Site Configuration" 42 | Parameters: 43 | - SiteBucketName 44 | - Label: 45 | default: "GitHub Configuration" 46 | Parameters: 47 | - GitHubToken 48 | - GitHubUser 49 | - GitHubRepo 50 | - GitHubBranch 51 | - Label: 52 | default: "Build Configuration" 53 | Parameters: 54 | - BuildType 55 | - BuildComputeType 56 | - BuildImage 57 | ParameterLabels: 58 | SiteBucketName: 59 | default: Name of S3 Bucket to create for website hosting 60 | GitHubToken: 61 | default: GitHub OAuth2 Token 62 | GitHubUser: 63 | default: GitHub User/Org Name 64 | GitHubRepo: 65 | default: GitHub Repository Name 66 | GitHubBranch: 67 | default: GitHub Branch Name 68 | BuildType: 69 | default: CodeBuild type 70 | BuildComputeType: 71 | default: CodeBuild instance type 72 | BuildImage: 73 | default: CodeBuild image 74 | Resources: 75 | CodeBuildRole: 76 | Type: AWS::IAM::Role 77 | Properties: 78 | AssumeRolePolicyDocument: 79 | Statement: 80 | - Effect: Allow 81 | Principal: 82 | Service: 83 | - codebuild.amazonaws.com 84 | Action: 85 | - sts:AssumeRole 86 | Path: "/" 87 | Policies: 88 | - PolicyName: codebuild-service 89 | PolicyDocument: 90 | Statement: 91 | - Effect: Allow 92 | Action: "*" 93 | Resource: "*" 94 | Version: '2012-10-17' 95 | CodePipelineRole: 96 | Type: AWS::IAM::Role 97 | Properties: 98 | AssumeRolePolicyDocument: 99 | Statement: 100 | - Effect: Allow 101 | Principal: 102 | Service: 103 | - codepipeline.amazonaws.com 104 | Action: 105 | - sts:AssumeRole 106 | Path: "/" 107 | Policies: 108 | - PolicyName: codepipeline-service 109 | PolicyDocument: 110 | Statement: 111 | - Action: 112 | - codebuild:* 113 | Resource: "*" 114 | Effect: Allow 115 | - Action: 116 | - s3:GetObject 117 | - s3:GetObjectVersion 118 | - s3:GetBucketVersioning 119 | Resource: "*" 120 | Effect: Allow 121 | - Action: 122 | - s3:PutObject 123 | Resource: 124 | - arn:aws:s3:::codepipeline* 125 | Effect: Allow 126 | - Action: 127 | - s3:* 128 | - cloudformation:* 129 | - ecs:* 130 | - iam:PassRole 131 | Resource: "*" 132 | Effect: Allow 133 | Version: '2012-10-17' 134 | SiteBucket: 135 | Type: AWS::S3::Bucket 136 | DeletionPolicy: Delete 137 | Properties: 138 | AccessControl: PublicRead 139 | BucketName: !Ref SiteBucketName 140 | WebsiteConfiguration: 141 | IndexDocument: index.html 142 | PipelineBucket: 143 | Type: AWS::S3::Bucket 144 | CodeBuildDeploySite: 145 | Type: AWS::CodeBuild::Project 146 | DependsOn: CodeBuildRole 147 | Properties: 148 | Name: !Sub ${AWS::StackName}-DeploySite 149 | Description: Deploy site to S3 150 | ServiceRole: !GetAtt CodeBuildRole.Arn 151 | Artifacts: 152 | Type: CODEPIPELINE 153 | Environment: 154 | Type: !Ref BuildType 155 | ComputeType: !Ref BuildComputeType 156 | Image: !Sub ${BuildImage} 157 | Source: 158 | Type: CODEPIPELINE 159 | BuildSpec: !Sub | 160 | version: 0.1 161 | phases: 162 | post_build: 163 | commands: 164 | - aws s3 cp --recursive --acl public-read ./ s3://${SiteBucketName}/ 165 | artifacts: 166 | type: zip 167 | files: 168 | - ./html/index.html 169 | TimeoutInMinutes: 10 170 | Pipeline: 171 | Type: AWS::CodePipeline::Pipeline 172 | Properties: 173 | RoleArn: !GetAtt CodePipelineRole.Arn 174 | Stages: 175 | - Name: Source 176 | Actions: 177 | - InputArtifacts: [] 178 | Name: Source 179 | ActionTypeId: 180 | Category: Source 181 | Owner: ThirdParty 182 | Version: '1' 183 | Provider: GitHub 184 | OutputArtifacts: 185 | - Name: SourceOutput 186 | Configuration: 187 | Owner: !Ref GitHubUser 188 | Repo: !Ref GitHubRepo 189 | Branch: !Ref GitHubBranch 190 | OAuthToken: !Ref GitHubToken 191 | RunOrder: 1 192 | - Name: Deploy 193 | Actions: 194 | - Name: Artifact 195 | ActionTypeId: 196 | Category: Build 197 | Owner: AWS 198 | Version: '1' 199 | Provider: CodeBuild 200 | InputArtifacts: 201 | - Name: SourceOutput 202 | OutputArtifacts: 203 | - Name: DeployOutput 204 | Configuration: 205 | ProjectName: !Ref CodeBuildDeploySite 206 | RunOrder: 1 207 | ArtifactStore: 208 | Type: S3 209 | Location: !Ref PipelineBucket 210 | Outputs: 211 | CodePipelineUrl: 212 | Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} 213 | Description: CodePipeline URL 214 | SiteUrl: 215 | Value: !GetAtt [SiteBucket, WebsiteURL] 216 | Description: S3 Website URL 217 | 218 | -------------------------------------------------------------------------------- /pipeline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Pipeline for copying all files from GitHub repo to S3 4 | Parameters: 5 | SiteBucketName: 6 | Type: String 7 | Description: Name of bucket to create to host the website 8 | Default: "cloudformation-templates-stelligent" 9 | GitHubUser: 10 | Type: String 11 | Description: GitHub User 12 | Default: "stelligent" 13 | GitHubRepo: 14 | Type: String 15 | Description: GitHub Repo to pull from. Only the Name. not the URL 16 | Default: "cloudformation_templates" 17 | GitHubBranch: 18 | Type: String 19 | Description: GitHub Branch 20 | Default: "master" 21 | GitHubToken: 22 | NoEcho: true 23 | Type: String 24 | Description: Secret. It might look something like 9b189a1654643522561f7b3ebd44a1531a4287af OAuthToken with access to Repo. Go to https://github.com/settings/tokens 25 | BuildType: 26 | Type: String 27 | Default: "LINUX_CONTAINER" 28 | Description: The build container type to use for building the app 29 | BuildComputeType: 30 | Type: String 31 | Default: "BUILD_GENERAL1_SMALL" 32 | Description: The build compute type to use for building the app 33 | BuildImage: 34 | Type: String 35 | Default: "aws/codebuild/ubuntu-base:14.04" 36 | Description: The build image to use for building the app 37 | Metadata: 38 | AWS::CloudFormation::Interface: 39 | ParameterGroups: 40 | - Label: 41 | default: "Site Configuration" 42 | Parameters: 43 | - SiteBucketName 44 | - Label: 45 | default: "GitHub Configuration" 46 | Parameters: 47 | - GitHubToken 48 | - GitHubUser 49 | - GitHubRepo 50 | - GitHubBranch 51 | - Label: 52 | default: "Build Configuration" 53 | Parameters: 54 | - BuildType 55 | - BuildComputeType 56 | - BuildImage 57 | ParameterLabels: 58 | SiteBucketName: 59 | default: Name of S3 Bucket to create for website hosting 60 | GitHubToken: 61 | default: GitHub OAuth2 Token 62 | GitHubUser: 63 | default: GitHub User/Org Name 64 | GitHubRepo: 65 | default: GitHub Repository Name 66 | GitHubBranch: 67 | default: GitHub Branch Name 68 | BuildType: 69 | default: CodeBuild type 70 | BuildComputeType: 71 | default: CodeBuild instance type 72 | BuildImage: 73 | default: CodeBuild image 74 | Resources: 75 | CodeBuildRole: 76 | Type: AWS::IAM::Role 77 | Properties: 78 | AssumeRolePolicyDocument: 79 | Statement: 80 | - Effect: Allow 81 | Principal: 82 | Service: 83 | - codebuild.amazonaws.com 84 | Action: 85 | - sts:AssumeRole 86 | Path: "/" 87 | Policies: 88 | - PolicyName: codebuild-service 89 | PolicyDocument: 90 | Statement: 91 | - Effect: Allow 92 | Action: "*" 93 | Resource: "*" 94 | Version: '2012-10-17' 95 | CodePipelineRole: 96 | Type: AWS::IAM::Role 97 | Properties: 98 | AssumeRolePolicyDocument: 99 | Statement: 100 | - Effect: Allow 101 | Principal: 102 | Service: 103 | - codepipeline.amazonaws.com 104 | Action: 105 | - sts:AssumeRole 106 | Path: "/" 107 | Policies: 108 | - PolicyName: codepipeline-service 109 | PolicyDocument: 110 | Statement: 111 | - Action: 112 | - codebuild:* 113 | Resource: "*" 114 | Effect: Allow 115 | - Action: 116 | - s3:GetObject 117 | - s3:GetObjectVersion 118 | - s3:GetBucketVersioning 119 | Resource: "*" 120 | Effect: Allow 121 | - Action: 122 | - s3:PutObject 123 | Resource: 124 | - arn:aws:s3:::codepipeline* 125 | Effect: Allow 126 | - Action: 127 | - s3:* 128 | - cloudformation:* 129 | - iam:PassRole 130 | Resource: "*" 131 | Effect: Allow 132 | Version: '2012-10-17' 133 | SiteBucket: 134 | Type: AWS::S3::Bucket 135 | DeletionPolicy: Delete 136 | Properties: 137 | AccessControl: PublicRead 138 | BucketName: !Ref SiteBucketName 139 | WebsiteConfiguration: 140 | IndexDocument: index.html 141 | PipelineBucket: 142 | Type: AWS::S3::Bucket 143 | DeletionPolicy: Delete 144 | CodeBuildDeploySite: 145 | Type: AWS::CodeBuild::Project 146 | DependsOn: CodeBuildRole 147 | Properties: 148 | Name: !Sub ${AWS::StackName}-DeploySite 149 | Description: Deploy site to S3 150 | ServiceRole: !GetAtt CodeBuildRole.Arn 151 | Artifacts: 152 | Type: CODEPIPELINE 153 | Environment: 154 | Type: !Ref BuildType 155 | ComputeType: !Ref BuildComputeType 156 | Image: !Sub ${BuildImage} 157 | Source: 158 | Type: CODEPIPELINE 159 | BuildSpec: !Sub | 160 | version: 0.2 161 | phases: 162 | post_build: 163 | commands: 164 | - aws s3 cp --recursive --acl public-read ./ s3://${SiteBucketName}/ 165 | artifacts: 166 | files: 167 | - '**/*' 168 | TimeoutInMinutes: 10 169 | Pipeline: 170 | Type: AWS::CodePipeline::Pipeline 171 | Properties: 172 | RoleArn: !GetAtt CodePipelineRole.Arn 173 | Stages: 174 | - Name: Source 175 | Actions: 176 | - InputArtifacts: [] 177 | Name: Source 178 | ActionTypeId: 179 | Category: Source 180 | Owner: ThirdParty 181 | Version: '1' 182 | Provider: GitHub 183 | OutputArtifacts: 184 | - Name: SourceOutput 185 | Configuration: 186 | Owner: !Ref GitHubUser 187 | Repo: !Ref GitHubRepo 188 | Branch: !Ref GitHubBranch 189 | OAuthToken: !Ref GitHubToken 190 | RunOrder: 1 191 | - Name: Deploy 192 | Actions: 193 | - Name: Artifact 194 | ActionTypeId: 195 | Category: Build 196 | Owner: AWS 197 | Version: '1' 198 | Provider: CodeBuild 199 | InputArtifacts: 200 | - Name: SourceOutput 201 | OutputArtifacts: 202 | - Name: DeployOutput 203 | Configuration: 204 | ProjectName: !Ref CodeBuildDeploySite 205 | RunOrder: 1 206 | ArtifactStore: 207 | Type: S3 208 | Location: !Ref PipelineBucket 209 | Outputs: 210 | PipelineUrl: 211 | Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} 212 | Description: CodePipeline URL 213 | S3PrefixURL: 214 | Value: !Sub https://s3.amazonaws.com/${SiteBucketName}/ 215 | Description: Prefix for S3 URL. The S3 keys are defined under https://github.com/stelligent/cloudformation_templates -------------------------------------------------------------------------------- /labs/polly/pipeline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Deployment Pipeline to run Amazon Polly Commands 4 | Parameters: 5 | GitHubUser: 6 | Type: String 7 | Description: GitHub User 8 | Default: "stelligent" 9 | GitHubRepo: 10 | Type: String 11 | Description: GitHub Repo to pull from. Only the Name. not the URL 12 | Default: "cloudformation_templates" 13 | GitHubBranch: 14 | Type: String 15 | Description: GitHub Branch 16 | Default: "master" 17 | GitHubToken: 18 | NoEcho: true 19 | Type: String 20 | Default: '{{resolve:secretsmanager:github/personal-access-token:SecretString}}' 21 | Description: Secret. It might look something like 9b189a1654643522561f7b3ebd44a1531a4287af OAuthToken with access to Repo. Go to https://github.com/settings/tokens 22 | BuildType: 23 | Type: String 24 | Default: "LINUX_CONTAINER" 25 | Description: The build container type to use for building the app 26 | BuildComputeType: 27 | Type: String 28 | Default: "BUILD_GENERAL1_SMALL" 29 | Description: The build compute type to use for building the app 30 | BuildImage: 31 | Type: String 32 | Default: "aws/codebuild/ubuntu-base:14.04" 33 | Description: The build image to use for building the app 34 | TextFileLocation: 35 | Type: String 36 | Description: Location of Text File 37 | Default: "./labs/polly/blog.txt" 38 | Metadata: 39 | AWS::CloudFormation::Interface: 40 | ParameterGroups: 41 | - Label: 42 | default: "GitHub Configuration" 43 | Parameters: 44 | - GitHubToken 45 | - GitHubUser 46 | - GitHubRepo 47 | - GitHubBranch 48 | - Label: 49 | default: "Build Configuration" 50 | Parameters: 51 | - BuildType 52 | - BuildComputeType 53 | - BuildImage 54 | ParameterLabels: 55 | GitHubToken: 56 | default: GitHub OAuth2 Token 57 | GitHubUser: 58 | default: GitHub User/Org Name 59 | GitHubRepo: 60 | default: GitHub Repository Name 61 | GitHubBranch: 62 | default: GitHub Branch Name 63 | BuildType: 64 | default: CodeBuild type 65 | BuildComputeType: 66 | default: CodeBuild instance type 67 | BuildImage: 68 | default: CodeBuild image 69 | Resources: 70 | CodeBuildRole: 71 | Type: AWS::IAM::Role 72 | Properties: 73 | AssumeRolePolicyDocument: 74 | Statement: 75 | - Effect: Allow 76 | Principal: 77 | Service: 78 | - codebuild.amazonaws.com 79 | Action: 80 | - sts:AssumeRole 81 | Path: "/" 82 | Policies: 83 | - PolicyName: codebuild-service 84 | PolicyDocument: 85 | Statement: 86 | - Effect: Allow 87 | Action: "*" 88 | Resource: "*" 89 | Version: '2012-10-17' 90 | CodePipelineRole: 91 | Type: AWS::IAM::Role 92 | Properties: 93 | AssumeRolePolicyDocument: 94 | Statement: 95 | - Effect: Allow 96 | Principal: 97 | Service: 98 | - codepipeline.amazonaws.com 99 | Action: 100 | - sts:AssumeRole 101 | Path: "/" 102 | Policies: 103 | - PolicyName: codepipeline-service 104 | PolicyDocument: 105 | Statement: 106 | - Action: 107 | - codebuild:* 108 | Resource: "*" 109 | Effect: Allow 110 | - Action: 111 | - s3:GetObject 112 | - s3:GetObjectVersion 113 | - s3:GetBucketVersioning 114 | Resource: "*" 115 | Effect: Allow 116 | - Action: 117 | - s3:PutObject 118 | Resource: 119 | - arn:aws:s3:::codepipeline* 120 | Effect: Allow 121 | - Action: 122 | - s3:* 123 | - cloudformation:* 124 | - iam:PassRole 125 | Resource: "*" 126 | Effect: Allow 127 | Version: '2012-10-17' 128 | PollyRecordingsBucket: 129 | Type: AWS::S3::Bucket 130 | DeletionPolicy: Delete 131 | Properties: 132 | AccessControl: PublicRead 133 | BucketName: !Sub ${AWS::StackName}-polly-files 134 | PipelineBucket: 135 | Type: AWS::S3::Bucket 136 | DeletionPolicy: Delete 137 | Properties: 138 | BucketName: !Sub ${AWS::StackName}-codepipeline-files 139 | RunPollyCommands: 140 | Type: AWS::CodeBuild::Project 141 | DependsOn: CodeBuildRole 142 | Properties: 143 | Name: !Sub ${AWS::StackName}-PollyCommands 144 | Description: Deploy site to S3 145 | ServiceRole: !GetAtt CodeBuildRole.Arn 146 | Artifacts: 147 | Type: CODEPIPELINE 148 | Environment: 149 | Type: !Ref BuildType 150 | ComputeType: !Ref BuildComputeType 151 | Image: !Sub ${BuildImage} 152 | Source: 153 | Type: CODEPIPELINE 154 | BuildSpec: !Sub | 155 | version: 0.2 156 | phases: 157 | post_build: 158 | commands: 159 | - aws --version 160 | - testvar=$(cat ${TextFileLocation}) 161 | - aws polly start-speech-synthesis-task --output-format mp3 --output-s3-bucket-name ${PollyRecordingsBucket} --text "$testvar" --voice-id Joanna 162 | - pollyObjectId=$(aws polly list-speech-synthesis-tasks --max-results 1 --query 'SynthesisTasks[].TaskId' --output text) 163 | - pollyObjectTaskId=$(echo $pollyObjectId.mp3) 164 | - echo $pollyObjectTaskId 165 | - sleep 40 166 | - aws s3api put-object-acl --bucket ${PollyRecordingsBucket} --key "$pollyObjectTaskId" --acl public-read 167 | - echo "https://s3.amazonaws.com/${PollyRecordingsBucket}/$pollyObjectTaskId" 168 | artifacts: 169 | files: 170 | - '**/*' 171 | TimeoutInMinutes: 10 172 | Pipeline: 173 | Type: AWS::CodePipeline::Pipeline 174 | Properties: 175 | RoleArn: !GetAtt CodePipelineRole.Arn 176 | Stages: 177 | - Name: Source 178 | Actions: 179 | - InputArtifacts: [] 180 | Name: Source 181 | ActionTypeId: 182 | Category: Source 183 | Owner: ThirdParty 184 | Version: '1' 185 | Provider: GitHub 186 | OutputArtifacts: 187 | - Name: SourceOutput 188 | Configuration: 189 | Owner: !Ref GitHubUser 190 | Repo: !Ref GitHubRepo 191 | Branch: !Ref GitHubBranch 192 | OAuthToken: !Ref GitHubToken 193 | RunOrder: 1 194 | - Name: Deploy 195 | Actions: 196 | - Name: Artifact 197 | ActionTypeId: 198 | Category: Build 199 | Owner: AWS 200 | Version: '1' 201 | Provider: CodeBuild 202 | InputArtifacts: 203 | - Name: SourceOutput 204 | OutputArtifacts: 205 | - Name: DeployOutput 206 | Configuration: 207 | ProjectName: !Ref RunPollyCommands 208 | RunOrder: 1 209 | ArtifactStore: 210 | Type: S3 211 | Location: !Ref PipelineBucket 212 | Outputs: 213 | PipelineUrl: 214 | Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} 215 | Description: CodePipeline URL 216 | PollyRecordingsBucket: 217 | Value: !Ref PollyRecordingsBucket 218 | Description: PollyRecordingsBucket -------------------------------------------------------------------------------- /labs/eb/elasticbeanstalk-codepipeline.yml: -------------------------------------------------------------------------------- 1 | --- 2 | Description: Deploy an Elastic Beanstalk app stored in CodeCommit via CodePipeline. 3 | **WARNING** This template creates one or more Amazon EC2 instances and a CodePipeline 4 | pipeline. You will be billed for the AWS resources used if you create a stack from 5 | this template. 6 | AWSTemplateFormatVersion: '2010-09-09' 7 | Parameters: 8 | RepositoryName: 9 | Description: The name of your CodeCommit repo. Go to https://console.aws.amazon.com/codecommit. 10 | Type: String 11 | AllowedPattern: "[\\x20-\\x7E]*" 12 | ConstraintDescription: Can contain only ASCII characters. 13 | RepositoryBranch: 14 | Description: The name of the branch for the CodeCommit repo 15 | Type: String 16 | Default: master 17 | AllowedPattern: "[\\x20-\\x7E]*" 18 | ConstraintDescription: Can contain only ASCII characters. 19 | Metadata: 20 | AWS::CloudFormation::Interface: 21 | ParameterGroups: 22 | - Label: 23 | default: CodeCommit Repository 24 | Parameters: 25 | - RepositoryName 26 | - RepositoryBranch 27 | ParameterLabels: 28 | RepositoryName: 29 | default: CodeCommit Repository Name 30 | RepositoryBranch: 31 | default: CodeCommit Repository Branch 32 | Resources: 33 | nodeApplication: 34 | Type: AWS::ElasticBeanstalk::Application 35 | Properties: 36 | Description: AWS Elastic Beanstalk Sample Application 37 | nodeApplicationVersion: 38 | Type: AWS::ElasticBeanstalk::ApplicationVersion 39 | Properties: 40 | ApplicationName: 41 | Ref: nodeApplication 42 | Description: AWS ElasticBeanstalk Sample Application Version 43 | SourceBundle: 44 | S3Bucket: 45 | Fn::Join: 46 | - "-" 47 | - - elasticbeanstalk-samples 48 | - Ref: AWS::Region 49 | S3Key: nodejs-sample.zip 50 | nodeConfigurationTemplate: 51 | Type: AWS::ElasticBeanstalk::ConfigurationTemplate 52 | Properties: 53 | ApplicationName: 54 | Ref: nodeApplication 55 | Description: AWS ElasticBeanstalk Sample Configuration Template 56 | OptionSettings: 57 | - Namespace: aws:autoscaling:asg 58 | OptionName: MinSize 59 | Value: '2' 60 | - Namespace: aws:autoscaling:asg 61 | OptionName: MaxSize 62 | Value: '6' 63 | - Namespace: aws:elasticbeanstalk:environment 64 | OptionName: EnvironmentType 65 | Value: LoadBalanced 66 | SolutionStackName: 64bit Amazon Linux 2015.09 v2.0.5 running Node.js 67 | nodeEnvironment: 68 | Type: AWS::ElasticBeanstalk::Environment 69 | DependsOn: 70 | - nodeApplication 71 | - nodeConfigurationTemplate 72 | - nodeApplicationVersion 73 | Properties: 74 | ApplicationName: 75 | Ref: nodeApplication 76 | Description: AWS ElasticBeanstalk Sample Node Environment 77 | TemplateName: 78 | Ref: nodeConfigurationTemplate 79 | VersionLabel: 80 | Ref: nodeApplicationVersion 81 | CodePipelineRole: 82 | Type: AWS::IAM::Role 83 | Properties: 84 | AssumeRolePolicyDocument: 85 | Statement: 86 | - Effect: Allow 87 | Principal: 88 | Service: 89 | - codepipeline.amazonaws.com 90 | Action: 91 | - sts:AssumeRole 92 | Path: "/" 93 | Policies: 94 | - PolicyName: codepipeline-service 95 | PolicyDocument: 96 | Statement: 97 | - Action: 98 | - codecommit:GetBranch 99 | - codecommit:GetCommit 100 | - codecommit:UploadArchive 101 | - codecommit:GetUploadArchiveStatus 102 | - codecommit:CancelUploadArchive 103 | Resource: "*" 104 | Effect: Allow 105 | - Action: 106 | - s3:GetObject 107 | - s3:GetObjectVersion 108 | - s3:GetBucketVersioning 109 | Resource: "*" 110 | Effect: Allow 111 | - Action: 112 | - s3:PutObject 113 | Resource: 114 | - arn:aws:s3:::codepipeline* 115 | - arn:aws:s3:::elasticbeanstalk* 116 | Effect: Allow 117 | - Action: 118 | - codedeploy:CreateDeployment 119 | - codedeploy:GetApplicationRevision 120 | - codedeploy:GetDeployment 121 | - codedeploy:GetDeploymentConfig 122 | - codedeploy:RegisterApplicationRevision 123 | Resource: "*" 124 | Effect: Allow 125 | - Action: 126 | - elasticbeanstalk:* 127 | - ec2:* 128 | - elasticloadbalancing:* 129 | - autoscaling:* 130 | - cloudwatch:* 131 | - s3:* 132 | - sns:* 133 | - cloudformation:* 134 | - rds:* 135 | - sqs:* 136 | - ecs:* 137 | - iam:PassRole 138 | Resource: "*" 139 | Effect: Allow 140 | - Action: 141 | - lambda:InvokeFunction 142 | - lambda:ListFunctions 143 | Resource: "*" 144 | Effect: Allow 145 | Version: '2012-10-17' 146 | ArtifactBucket: 147 | Type: AWS::S3::Bucket 148 | DeletionPolicy: Retain 149 | CodePipelineStack: 150 | Type: AWS::CodePipeline::Pipeline 151 | DependsOn: 152 | - nodeApplication 153 | - nodeEnvironment 154 | Properties: 155 | RoleArn: !GetAtt CodePipelineRole.Arn 156 | Stages: 157 | - Name: Source 158 | Actions: 159 | - InputArtifacts: [] 160 | Name: Source 161 | ActionTypeId: 162 | Category: Source 163 | Owner: AWS 164 | Version: '1' 165 | Provider: CodeCommit 166 | OutputArtifacts: 167 | - Name: MyApp 168 | Configuration: 169 | BranchName: 170 | Ref: RepositoryBranch 171 | RepositoryName: 172 | Ref: RepositoryName 173 | RunOrder: 1 174 | - Name: Beta 175 | Actions: 176 | - InputArtifacts: 177 | - Name: MyApp 178 | Name: EbApp 179 | ActionTypeId: 180 | Category: Deploy 181 | Owner: AWS 182 | Version: '1' 183 | Provider: ElasticBeanstalk 184 | OutputArtifacts: [] 185 | Configuration: 186 | ApplicationName: 187 | Ref: nodeApplication 188 | EnvironmentName: 189 | Ref: nodeEnvironment 190 | RunOrder: 1 191 | ArtifactStore: 192 | Type: S3 193 | Location: !Ref ArtifactBucket 194 | Outputs: 195 | AppURL: 196 | Value: 197 | Fn::Join: 198 | - '' 199 | - - http:// 200 | - Fn::GetAtt: 201 | - nodeEnvironment 202 | - EndpointURL 203 | - "/" 204 | Description: URL for the working Node application 205 | CodePipelineURL: 206 | Value: 207 | Fn::Join: 208 | - '' 209 | - - https://console.aws.amazon.com/codepipeline/home?region= 210 | - Ref: AWS::Region 211 | - "#/view/" 212 | - Ref: CodePipelineStack 213 | Description: Pipeline URL 214 | nodeApplication: 215 | Value: 216 | Ref: nodeApplication 217 | nodeApplicationVersion: 218 | Value: 219 | Ref: nodeApplicationVersion 220 | Description: The Elastic Beanstalk application 221 | nodeConfigurationTemplate: 222 | Value: 223 | Ref: nodeConfigurationTemplate 224 | Description: The Elastic Beanstalk configuration 225 | nodeEnvironment: 226 | Value: 227 | Ref: nodeEnvironment 228 | Description: The Elastic Beanstalk environment on which the application runs 229 | CodePipelineRole: 230 | Value: 231 | Ref: CodePipelineRole 232 | Description: The IAM role associated with CodePipeline pipeline 233 | -------------------------------------------------------------------------------- /labs/lambda/lambda-codepipeline.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion":"2010-09-09", 3 | "Description":"Stelligent CloudFormation Sample Template Static Web Server: Launches OpsWorks stack, layer, instances and associated resources to run a Node.js application provided by AWS. ** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.", 4 | "Parameters":{ 5 | "S3BucketLambdaFunction":{ 6 | "Type":"String", 7 | "Description":"S3 bucket to use for artifacts. Just bucket Name; not URL. IAM user should have access to the bucket.", 8 | "Default":"stelligent-training-public" 9 | }, 10 | "Version":{ 11 | "Type":"String", 12 | "Default":"1" 13 | } 14 | }, 15 | "Resources":{ 16 | "LambdaExecutionRole":{ 17 | "Type":"AWS::IAM::Role", 18 | "Properties":{ 19 | "AssumeRolePolicyDocument":{ 20 | "Version":"2012-10-17", 21 | "Statement":[ 22 | { 23 | "Sid":"", 24 | "Effect":"Allow", 25 | "Principal":{ 26 | "Service":"lambda.amazonaws.com" 27 | }, 28 | "Action":"sts:AssumeRole" 29 | } 30 | ] 31 | }, 32 | "Policies":[ 33 | { 34 | "PolicyName":"root", 35 | "PolicyDocument":{ 36 | "Version":"2012-10-17", 37 | "Statement":[ 38 | { 39 | "Effect":"Allow", 40 | "Action":[ 41 | "logs:*" 42 | ], 43 | "Resource":"arn:aws:logs:*:*:*" 44 | }, 45 | { 46 | "Effect":"Allow", 47 | "Action":[ 48 | "lambda:AddPermission" 49 | ], 50 | "Resource":[ 51 | "*" 52 | ] 53 | } 54 | ] 55 | } 56 | } 57 | ] 58 | } 59 | }, 60 | "LambdaCodePipelineExecutionPolicy":{ 61 | "DependsOn":[ 62 | "CodePipelineLambdaRole" 63 | ], 64 | "Type":"AWS::IAM::Policy", 65 | "Properties":{ 66 | "PolicyName":"LambdaRolePolicy", 67 | "Roles":[ 68 | { 69 | "Ref":"CodePipelineLambdaRole" 70 | } 71 | ], 72 | "PolicyDocument":{ 73 | "Version":"2012-10-17", 74 | "Statement":[ 75 | { 76 | "Effect":"Allow", 77 | "Action":[ 78 | "logs:*" 79 | ], 80 | "Resource":[ 81 | "arn:aws:logs:*:*:*" 82 | ] 83 | }, 84 | { 85 | "Effect":"Allow", 86 | "Action":[ 87 | "codepipeline:PutJobSuccessResult", 88 | "codepipeline:PutJobFailureResult" 89 | ], 90 | "Resource":[ 91 | "*" 92 | ] 93 | } 94 | ] 95 | } 96 | } 97 | }, 98 | "CodePipelineLambdaRole":{ 99 | "Type":"AWS::IAM::Role", 100 | "Properties":{ 101 | "AssumeRolePolicyDocument":{ 102 | "Version":"2012-10-17", 103 | "Statement":[ 104 | { 105 | "Effect":"Allow", 106 | "Principal":{ 107 | "Service":[ 108 | "lambda.amazonaws.com" 109 | ] 110 | }, 111 | "Action":[ 112 | "sts:AssumeRole" 113 | ] 114 | } 115 | ] 116 | }, 117 | "Path":"/" 118 | } 119 | }, 120 | "CodePipelineLambdaDummy":{ 121 | "Type":"AWS::Lambda::Function", 122 | "DependsOn":[ 123 | "CodePipelineLambdaRole", 124 | "LambdaCodePipelineExecutionPolicy" 125 | ], 126 | "Properties":{ 127 | "Code":{ 128 | "S3Bucket":{ 129 | "Ref":"S3BucketLambdaFunction" 130 | }, 131 | "S3Key":"Archive.zip" 132 | }, 133 | "Role":{ 134 | "Fn::GetAtt":[ 135 | "CodePipelineLambdaRole", 136 | "Arn" 137 | ] 138 | }, 139 | "Description":"Always return success", 140 | "Timeout":20, 141 | "Handler":"lambdadummy.handler", 142 | "Runtime":"nodejs", 143 | "MemorySize":128 144 | } 145 | }, 146 | "CodePipelineStack":{ 147 | "Type":"AWS::CodePipeline::Pipeline", 148 | "DependsOn":[ 149 | "CodePipelineLambdaDummy" 150 | ], 151 | "Properties":{ 152 | "RoleArn":{ 153 | "Fn::Join":[ 154 | "", 155 | [ 156 | "arn:aws:iam::", 157 | { 158 | "Ref":"AWS::AccountId" 159 | }, 160 | ":role/AWS-CodePipeline-Service" 161 | ] 162 | ] 163 | }, 164 | "Stages":[ 165 | { 166 | "Name":"Source", 167 | "Actions":[ 168 | { 169 | "InputArtifacts":[ 170 | 171 | ], 172 | "Name":"Source", 173 | "ActionTypeId":{ 174 | "Category":"Source", 175 | "Owner":"AWS", 176 | "Version":"1", 177 | "Provider":"S3" 178 | }, 179 | "OutputArtifacts":[ 180 | { 181 | "Name":"MyApp" 182 | } 183 | ], 184 | "Configuration":{ 185 | "S3Bucket":{ 186 | "Ref":"S3BucketLambdaFunction" 187 | }, 188 | "S3ObjectKey":"public/codepipeline/aws-codepipeline-s3-aws-codedeploy_linux.zip" 189 | }, 190 | "RunOrder":1 191 | } 192 | ] 193 | }, 194 | { 195 | "Name":"Commit", 196 | "Actions":[ 197 | { 198 | "InputArtifacts":[ 199 | 200 | ], 201 | "Name":"Build", 202 | "ActionTypeId":{ 203 | "Category":"Invoke", 204 | "Owner":"AWS", 205 | "Version":"1", 206 | "Provider":"Lambda" 207 | }, 208 | "OutputArtifacts":[ 209 | 210 | ], 211 | "Configuration":{ 212 | "FunctionName":{ 213 | "Ref":"CodePipelineLambdaDummy" 214 | }, 215 | "UserParameters":{ 216 | "Ref":"AWS::StackName" 217 | } 218 | }, 219 | "RunOrder":1 220 | } 221 | ] 222 | } 223 | ], 224 | "ArtifactStore":{ 225 | "Type":"S3", 226 | "Location":{ 227 | "Ref":"S3BucketLambdaFunction" 228 | } 229 | } 230 | } 231 | } 232 | }, 233 | "Outputs":{ 234 | "StackName":{ 235 | "Description":"StackName for this stack", 236 | "Value":{ 237 | "Ref":"AWS::StackName" 238 | } 239 | }, 240 | "CodePipelineURL":{ 241 | "Description":"URL for generated pipeline in CodePipeline console", 242 | "Value":{ 243 | "Fn::Join":[ 244 | "", 245 | [ 246 | "https://console.aws.amazon.com/codepipeline/home?region=", 247 | { 248 | "Ref":"AWS::Region" 249 | }, 250 | "#/view/", 251 | { 252 | "Ref":"CodePipelineStack" 253 | } 254 | ] 255 | ] 256 | } 257 | } 258 | } 259 | } 260 | -------------------------------------------------------------------------------- /labs/codebuild/codebuild.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | Description: Automate provisioning of CodeBuild with CodePipeline CodeCommit and CodeDeploy. **WARNING** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template. 3 | Parameters: 4 | EmailAddress: 5 | Type: String 6 | RepositoryBranch: 7 | Type: String 8 | Default: master 9 | TagKey: 10 | Type: String 11 | Default: Name 12 | TagValue: 13 | Type: String 14 | Default: CodeDeployEC2Tag 15 | EC2KeyPairName: 16 | Type: AWS::EC2::KeyPair::KeyName 17 | Metadata: 18 | AWS::CloudFormation::Interface: 19 | ParameterGroups: 20 | - Label: 21 | default: Params to Modify 22 | Parameters: 23 | - EmailAddress 24 | - EC2KeyPairName 25 | Resources: 26 | WebsiteBucket: 27 | Type: AWS::S3::Bucket 28 | Properties: 29 | AccessControl: PublicRead 30 | WebsiteConfiguration: 31 | IndexDocument: index.html 32 | WebsiteBucketPolicy: 33 | Type: AWS::S3::BucketPolicy 34 | Properties: 35 | Bucket: 36 | Ref: WebsiteBucket 37 | PolicyDocument: 38 | Version: "2012-10-17" 39 | Statement: 40 | Effect: Allow 41 | Principal: "*" 42 | Action: s3:GetObject 43 | Resource: 44 | Fn::Join: 45 | - "" 46 | - - "arn:aws:s3:::" 47 | - Ref: WebsiteBucket 48 | - "/*" 49 | ArtifactStoreBucket: 50 | Type: AWS::S3::Bucket 51 | Properties: 52 | VersioningConfiguration: 53 | Status: Enabled 54 | AccessControl: BucketOwnerFullControl 55 | MySNSTopic: 56 | Type: "AWS::SNS::Topic" 57 | Properties: 58 | DisplayName: String 59 | Subscription: 60 | - Endpoint: !Ref EmailAddress 61 | Protocol: "email" 62 | TopicName: 63 | Ref: AWS::StackName 64 | CodeCommitJavaRepo: 65 | Type: AWS::CodeCommit::Repository 66 | Properties: 67 | RepositoryName: 68 | Ref: AWS::StackName 69 | RepositoryDescription: CodeCommit Repository 70 | Triggers: 71 | - Name: MasterTrigger 72 | CustomData: Project ID 12345 73 | DestinationArn: 74 | Ref: MySNSTopic 75 | Branches: 76 | - Master 77 | Events: 78 | - all 79 | CodeDeployEC2InstancesStack: 80 | Type: "AWS::CloudFormation::Stack" 81 | Properties: 82 | Parameters: 83 | TagValue: !Ref TagValue 84 | KeyPairName: !Ref EC2KeyPairName 85 | TemplateURL: https://s3.amazonaws.com/stelligent-public/cloudformation-templates/github/labs/codebuild/CodeDeploy_SampleCF_Template.json 86 | TimeoutInMinutes: 60 87 | MyApplication: 88 | Type: "AWS::CodeDeploy::Application" 89 | DependsOn: CodeDeployEC2InstancesStack 90 | MyDeploymentGroup: 91 | Type: "AWS::CodeDeploy::DeploymentGroup" 92 | DependsOn: MyApplication 93 | Properties: 94 | ApplicationName: 95 | Ref: "MyApplication" 96 | DeploymentConfigName: CodeDeployDefault.AllAtOnce 97 | Ec2TagFilters: 98 | - Key: 99 | Ref: TagKey 100 | Value: 101 | Ref: TagValue 102 | Type: KEY_AND_VALUE 103 | ServiceRoleArn: !GetAtt [CodeDeployEC2InstancesStack, Outputs.CodeDeployTrustRoleARN] 104 | CodePipelineStack: 105 | Type: AWS::CodePipeline::Pipeline 106 | Properties: 107 | RoleArn: !GetAtt [CodePipelineRole, Arn] 108 | ArtifactStore: 109 | Location: 110 | Ref: 111 | ArtifactStoreBucket 112 | Type: S3 113 | Stages: 114 | - Name: Source 115 | Actions: 116 | - InputArtifacts: [] 117 | Name: Source 118 | ActionTypeId: 119 | Category: Source 120 | Owner: AWS 121 | Version: 1 122 | Provider: CodeCommit 123 | OutputArtifacts: 124 | - Name: MyApp 125 | Configuration: 126 | BranchName: !Ref RepositoryBranch 127 | RepositoryName: !Ref AWS::StackName 128 | RunOrder: 1 129 | - Name: Build 130 | Actions: 131 | - Name: Build 132 | ActionTypeId: 133 | Category: Build 134 | Owner: AWS 135 | Version: 1 136 | Provider: CodeBuild 137 | OutputArtifacts: 138 | - Name: MyAppBuild 139 | InputArtifacts: 140 | - Name: MyApp 141 | Configuration: 142 | ProjectName: !Ref CodeBuildJavaProject 143 | RunOrder: 1 144 | - Name: Deploy 145 | Actions: 146 | - Name: DeployApp 147 | ActionTypeId: 148 | Category: Deploy 149 | Owner: AWS 150 | Version: 1 151 | Provider: CodeDeploy 152 | InputArtifacts: 153 | - Name: MyAppBuild 154 | Configuration: 155 | ApplicationName: !Ref MyApplication 156 | DeploymentGroupName: !Ref MyDeploymentGroup 157 | RunOrder: 1 158 | CodePipelineRole: 159 | Type: AWS::IAM::Role 160 | Properties: 161 | AssumeRolePolicyDocument: 162 | Version: "2012-10-17" 163 | Statement: 164 | Effect: Allow 165 | Principal: 166 | Service: codepipeline.amazonaws.com 167 | Action: sts:AssumeRole 168 | Path: / 169 | ManagedPolicyArns: 170 | - arn:aws:iam::aws:policy/AdministratorAccess 171 | 172 | CodeBuildJavaProject: 173 | Type: AWS::CodeBuild::Project 174 | DependsOn: CodeBuildRole 175 | Properties: 176 | Artifacts: 177 | Type: no_artifacts 178 | Environment: 179 | ComputeType: BUILD_GENERAL1_SMALL 180 | Image: aws/codebuild/java:openjdk-8 181 | Type: LINUX_CONTAINER 182 | Name: !Sub ${AWS::StackName}CodeBuildJavaProject 183 | ServiceRole: !Ref CodeBuildRole 184 | Source: 185 | Type: CODECOMMIT 186 | Location: 187 | Fn::Join: 188 | - "" 189 | - - "https://git-codecommit." 190 | - Ref: AWS::Region 191 | - ".amazonaws.com/v1/repos/" 192 | - Ref: AWS::StackName 193 | 194 | CodeBuildRole: 195 | Type: AWS::IAM::Role 196 | Properties: 197 | AssumeRolePolicyDocument: 198 | Version: "2012-10-17" 199 | Statement: 200 | Effect: Allow 201 | Principal: 202 | Service: codebuild.amazonaws.com 203 | Action: sts:AssumeRole 204 | ManagedPolicyArns: 205 | - arn:aws:iam::aws:policy/AdministratorAccess 206 | 207 | Outputs: 208 | CodeBuildURL: 209 | Description: CodeBuild URL 210 | Value: 211 | Fn::Join: 212 | - "" 213 | - - "https://console.aws.amazon.com/codebuild/home?region=" 214 | - Ref: AWS::Region 215 | - "#/projects/" 216 | - Ref: CodeBuildJavaProject 217 | - "/view" 218 | CodeCommitURL: 219 | Description: CodeCommit URL 220 | Value: 221 | Fn::Join: 222 | - "" 223 | - - "https://console.aws.amazon.com/codepipeline/home?region=" 224 | - Ref: AWS::Region 225 | - "#/repository/" 226 | - Ref: AWS::StackName 227 | - "/browse/HEAD/--/" 228 | CodeDeployURL: 229 | Description: CodeDeploy URL 230 | Value: 231 | Fn::Join: 232 | - "" 233 | - - "https://console.aws.amazon.com/codedeploy/home?region=" 234 | - Ref: AWS::Region 235 | - "#/deployments/" 236 | CloneUrlSsh: 237 | Description: SSH command for connecting to the CodeCommit repo 238 | Value: 239 | Fn::Join: 240 | - "" 241 | - - "git clone " 242 | - !GetAtt [CodeCommitJavaRepo, CloneUrlSsh] 243 | - "" 244 | CodePipelineURL: 245 | Description: CodePipeline URL 246 | Value: 247 | Fn::Join: 248 | - "" 249 | - - "https://console.aws.amazon.com/codepipeline/home?region=" 250 | - Ref: AWS::Region 251 | - "#/view/" 252 | - Ref: CodePipelineStack -------------------------------------------------------------------------------- /labs/chef/chef-compliance.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: Lab Chef Compliance Webapp Server by Levon Becker v20160502-0830 4 | Parameters: 5 | Ec2KeyPair: 6 | Description: Select Keypair to Assign to Chef Compliance EC2 Instance. 7 | Type: AWS::EC2::KeyPair::KeyName 8 | Owner: 9 | Description: Enter Team or Individual Name Responsible for the Stack. 10 | Type: String 11 | Default: FirstName LastName 12 | Project: 13 | Description: Enter Project Name. 14 | Type: String 15 | Default: Chef Compliance Webapp Server 16 | DeleteAfter: 17 | Description: Enter Date It's Ok to Delete the Stack or 'Never' if meant to be 18 | persistent. 19 | Type: String 20 | Default: 00/00/201x 21 | VPC: 22 | Description: Select VPC. 23 | Type: AWS::EC2::VPC::Id 24 | PublicSubnet: 25 | Description: Public Subnet to Deploy Chef Compliance Instance. 26 | Type: AWS::EC2::Subnet::Id 27 | InternalAccessSecurityGroup: 28 | Description: Security Group That Allows Chef Compliance Host Access to Instances. 29 | Type: AWS::EC2::SecurityGroup::Id 30 | RemoteSecurityGroup: 31 | Description: Remote Network or IP that can Access the instances of VPN or Direct 32 | Connect. 33 | Type: AWS::EC2::SecurityGroup::Id 34 | Mappings: 35 | RegionMap: 36 | us-west-2: 37 | ChefComplianceVersion: 0.15.13-1 38 | AMIChefCompliance: ami-9ebb55fe 39 | InstanceTypeChefCompliance: t2.medium 40 | us-east-1: 41 | ChefComplianceVersion: 0.15.13-1 42 | AMIChefCompliance: ami-a83b3fc2 43 | InstanceTypeChefCompliance: t2.medium 44 | bootstrap: 45 | rhel: 46 | warmebs: 'echo ''ACTION: Performing EBS Warming'' && dd if=/dev/xvda of=/dev/xvda 47 | conv=notrunc bs=1M status=progress' 48 | installpackages: yum install -y curl wget mlocate ca-certificates openssl vim 49 | updatechefcompliance: 'echo ''ACTION: Upgrading Chef Marketplace to the Latest'' 50 | && chef-marketplace-ctl upgrade -y && chef-compliance-ctl restart' 51 | Resources: 52 | IamRole: 53 | Type: AWS::IAM::Role 54 | Properties: 55 | AssumeRolePolicyDocument: 56 | Statement: 57 | - Effect: Allow 58 | Principal: 59 | Service: 60 | - ec2.amazonaws.com 61 | Action: 62 | - sts:AssumeRole 63 | Path: "/" 64 | IamPolicies: 65 | Type: AWS::IAM::Policy 66 | Properties: 67 | PolicyName: 68 | Fn::Join: 69 | - '' 70 | - - Ref: AWS::StackName 71 | - "-instance-policy" 72 | PolicyDocument: 73 | Statement: 74 | - Effect: Allow 75 | Action: 76 | - s3:* 77 | - ec2:Describe* 78 | - elasticloadbalancing:Describe* 79 | - autoscaling:Describe* 80 | - cloudwatch:* 81 | - logs:* 82 | - sns:* 83 | Resource: "*" 84 | Roles: 85 | - Ref: IamRole 86 | IamInstanceProfile: 87 | Type: AWS::IAM::InstanceProfile 88 | Properties: 89 | Path: "/" 90 | Roles: 91 | - Ref: IamRole 92 | InternetToChefComplianceServerSecurityGroup: 93 | Type: AWS::EC2::SecurityGroup 94 | Properties: 95 | GroupDescription: Internet to Chef Compliance Server Access 96 | VpcId: 97 | Ref: VPC 98 | Tags: 99 | - Key: Name 100 | Value: 101 | Fn::Join: 102 | - '' 103 | - - Ref: AWS::StackName 104 | - "-internet-to-chefcompliance" 105 | - Key: Owner 106 | Value: 107 | Ref: Owner 108 | - Key: Project 109 | Value: 110 | Ref: Project 111 | SecurityGroupIngress: 112 | - IpProtocol: tcp 113 | FromPort: '80' 114 | ToPort: '80' 115 | CidrIp: 0.0.0.0/0 116 | - IpProtocol: tcp 117 | FromPort: '443' 118 | ToPort: '443' 119 | CidrIp: 0.0.0.0/0 120 | - IpProtocol: tcp 121 | FromPort: '8443' 122 | ToPort: '8443' 123 | CidrIp: 0.0.0.0/0 124 | SecurityGroupEgress: 125 | - IpProtocol: "-1" 126 | CidrIp: 0.0.0.0/0 127 | EIP: 128 | Type: AWS::EC2::EIP 129 | Properties: 130 | Domain: vpc 131 | EIPAssociation: 132 | Type: AWS::EC2::EIPAssociation 133 | DependsOn: 134 | - EC2Instance 135 | - EIP 136 | Properties: 137 | InstanceId: 138 | Ref: EC2Instance 139 | AllocationId: 140 | Fn::GetAtt: 141 | - EIP 142 | - AllocationId 143 | EC2Instance: 144 | DependsOn: 145 | - InternetToChefComplianceServerSecurityGroup 146 | - IamInstanceProfile 147 | Type: AWS::EC2::Instance 148 | Properties: 149 | InstanceType: 150 | Fn::FindInMap: 151 | - RegionMap 152 | - Ref: AWS::Region 153 | - InstanceTypeChefCompliance 154 | IamInstanceProfile: 155 | Ref: IamInstanceProfile 156 | ImageId: 157 | Fn::FindInMap: 158 | - RegionMap 159 | - Ref: AWS::Region 160 | - AMIChefCompliance 161 | SecurityGroupIds: 162 | - Ref: InternetToChefComplianceServerSecurityGroup 163 | - Ref: InternalAccessSecurityGroup 164 | - Ref: RemoteSecurityGroup 165 | SubnetId: 166 | Ref: PublicSubnet 167 | KeyName: 168 | Ref: Ec2KeyPair 169 | BlockDeviceMappings: 170 | - DeviceName: "/dev/sda1" 171 | Ebs: 172 | DeleteOnTermination: 'true' 173 | VolumeType: gp2 174 | UserData: 175 | Fn::Base64: 176 | Fn::Join: 177 | - '' 178 | - - | 179 | #!/bin/bash 180 | - Fn::FindInMap: 181 | - bootstrap 182 | - rhel 183 | - warmebs 184 | - |2+ 185 | 186 | - Fn::FindInMap: 187 | - bootstrap 188 | - rhel 189 | - installpackages 190 | - |2+ 191 | 192 | - Fn::FindInMap: 193 | - bootstrap 194 | - rhel 195 | - updatechefcompliance 196 | - |2+ 197 | 198 | - echo sleeping and then running Chef Compliance Update again because 199 | it can error if upgrading the Chef Client and simply needs to be ran 200 | again. 201 | - sleep 20s 202 | - |2+ 203 | 204 | - Fn::FindInMap: 205 | - bootstrap 206 | - rhel 207 | - updatechefcompliance 208 | - |2+ 209 | 210 | Tags: 211 | - Key: Name 212 | Value: 213 | Ref: AWS::StackName 214 | - Key: Owner 215 | Value: 216 | Ref: Owner 217 | - Key: Project 218 | Value: 219 | Ref: Project 220 | - Key: DeleteAfter 221 | Value: 222 | Ref: DeleteAfter 223 | - Key: ChefComplianceVersion 224 | Value: 225 | Fn::FindInMap: 226 | - RegionMap 227 | - Ref: AWS::Region 228 | - ChefComplianceVersion 229 | Outputs: 230 | Owner: 231 | Description: Team or Individual that Owns this Formation. 232 | Value: 233 | Ref: Owner 234 | Project: 235 | Description: The project name 236 | Value: 237 | Ref: Project 238 | DeleteAfter: 239 | Description: It is ok to delete the Formation after this date 240 | Value: 241 | Ref: DeleteAfter 242 | PublicDNS: 243 | Description: Chef Compliance Server Public DNS Name 244 | Value: 245 | Fn::GetAtt: 246 | - EC2Instance 247 | - PublicDnsName 248 | EIP: 249 | Description: External IP Address for Chef Compliance Webapp Server 250 | Value: 251 | Ref: EIP 252 | KeyPairLoaded: 253 | Description: Key Pair used. 254 | Value: 255 | Ref: Ec2KeyPair 256 | VPC: 257 | Description: VPC Used 258 | Value: 259 | Ref: VPC 260 | IAMRole: 261 | Description: IAM Instance Profile Role Created. 262 | Value: 263 | Ref: IamRole 264 | DeployedToSubnet: 265 | Description: Public Subnet the Bastion Host was Deployed on. 266 | Value: 267 | Ref: PublicSubnet 268 | InternetToChefComplianceServerSecurityGroup: 269 | Description: Internet to Chef Compliance Server Security Group 270 | Value: 271 | Ref: InternetToChefComplianceServerSecurityGroup 272 | Metadata: 273 | AWS::CloudFormation::Interface: 274 | ParameterGroups: 275 | - Label: 276 | default: Ownership 277 | Parameters: 278 | - Owner 279 | - Project 280 | - DeleteAfter 281 | - Label: 282 | default: Instance Settings 283 | Parameters: 284 | - VPC 285 | - Ec2KeyPair 286 | - PublicSubnet 287 | - InternalAccessSecurityGroup 288 | - RemoteSecurityGroup 289 | ParameterLabels: 290 | Owner: 291 | default: Team or Individual Owner 292 | DeleteAfter: 293 | default: Delete After Date 294 | PublicSubnet: 295 | default: Public Subnet 296 | InternalAccessSecurityGroup: 297 | default: Instance Access SG 298 | Ec2KeyPair: 299 | default: EC2 Access Keypair 300 | -------------------------------------------------------------------------------- /infrastructure/vpn-static.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: "(Not Fully Tested) Static Site-to-Site VPN Connection by Levon Becker 4 | v20160425-1500" 5 | Parameters: 6 | Owner: 7 | Description: Enter Team or Individual Name Responsible for the Stack. 8 | Type: String 9 | Default: FirstName LastName 10 | Project: 11 | Description: Enter Project Name. 12 | Type: String 13 | Default: VPN Connection Creation 14 | DeleteAfter: 15 | Description: Enter Date It's Ok to Delete the Stack or 'Never' if meant to be 16 | persistent. 17 | Type: String 18 | Default: 00/00/201x 19 | VPC: 20 | Description: Select VPC. 21 | Type: AWS::EC2::VPC::Id 22 | PublicRouteTable: 23 | Description: Enter Public Route Table ID. (Skip if Not Including Public) 24 | Type: String 25 | Default: rtb-0000000 26 | PrivateRouteTable: 27 | Description: Enter Private Route Table ID. 28 | Type: String 29 | Default: rtb-0000000 30 | PublicNetworkAcl: 31 | Description: Enter Public Network ACL ID. (Skip if Not Including Public) 32 | Type: String 33 | Default: acl-0000000 34 | PrivateNetworkAcl: 35 | Description: Enter Private Network ACL ID. 36 | Type: String 37 | Default: acl-0000000 38 | RemoteVpnDeviceIp: 39 | Description: Enter External IP Address of the Customer VPN Device. 40 | Type: String 41 | MinLength: '7' 42 | MaxLength: '12' 43 | Default: 0.0.0.0 44 | AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})" 45 | ConstraintDescription: Must be a valid IP Address x.x.x.x 46 | RemoteNetworkCidr: 47 | Description: Enter Remote Network IP Range CIDR (i.e. 192.168.100.0/24). 48 | Type: String 49 | MinLength: '11' 50 | MaxLength: '18' 51 | Default: 192.168.100.0/24 52 | AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" 53 | ConstraintDescription: Must be a valid CIDR range of the form x.x.x.x/x. 54 | IncludePublicSubnets: 55 | Description: Select whether to include the Public Subnets in VPN Access or not. 56 | Type: String 57 | Default: 'true' 58 | AllowedValues: 59 | - 'true' 60 | - 'false' 61 | AllowOfficeNetworktoPublicRuleNumber: 62 | Description: Enter Public Network ACL Rule Number to Allow Office Network. (Skip 63 | if Not Including Public) 64 | Type: Number 65 | Default: '230' 66 | AllowOfficeNetworktoPrivateRuleNumber: 67 | Description: Enter Private Network ACL Rule Number to Allow Office Network. 68 | Type: Number 69 | Default: '230' 70 | Conditions: 71 | IncludePublic: 72 | Fn::Equals: 73 | - Ref: IncludePublicSubnets 74 | - 'true' 75 | ExcludePublic: 76 | Fn::Equals: 77 | - Ref: IncludePublicSubnets 78 | - 'false' 79 | Resources: 80 | VPNGateway: 81 | Type: AWS::EC2::VPNGateway 82 | Properties: 83 | Type: ipsec.1 84 | Tags: 85 | - Key: Name 86 | Value: 87 | Ref: AWS::StackName 88 | - Key: Owner 89 | Value: 90 | Ref: Owner 91 | - Key: Project 92 | Value: 93 | Ref: Project 94 | - Key: DeleteAfter 95 | Value: 96 | Ref: DeleteAfter 97 | VPNGatewayAttachment: 98 | Type: AWS::EC2::VPCGatewayAttachment 99 | Properties: 100 | VpcId: 101 | Ref: VPC 102 | VpnGatewayId: 103 | Ref: VPNGateway 104 | CustomerGateway: 105 | Type: AWS::EC2::CustomerGateway 106 | Properties: 107 | Type: ipsec.1 108 | BgpAsn: '65000' 109 | IpAddress: 110 | Ref: RemoteVpnDeviceIp 111 | Tags: 112 | - Key: Name 113 | Value: 114 | Ref: AWS::StackName 115 | - Key: Owner 116 | Value: 117 | Ref: Owner 118 | - Key: Project 119 | Value: 120 | Ref: Project 121 | - Key: DeleteAfter 122 | Value: 123 | Ref: DeleteAfter 124 | - Key: VPN 125 | Value: 126 | Fn::Join: 127 | - '' 128 | - - 'Gateway to ' 129 | - Ref: RemoteVpnDeviceIp 130 | VPNConnection: 131 | Type: AWS::EC2::VPNConnection 132 | DependsOn: 133 | - CustomerGateway 134 | - VPNGateway 135 | Properties: 136 | Type: ipsec.1 137 | StaticRoutesOnly: 'true' 138 | CustomerGatewayId: 139 | Ref: CustomerGateway 140 | VpnGatewayId: 141 | Ref: VPNGateway 142 | Tags: 143 | - Key: Name 144 | Value: 145 | Ref: AWS::StackName 146 | - Key: Owner 147 | Value: 148 | Ref: Owner 149 | - Key: Project 150 | Value: 151 | Ref: Project 152 | - Key: DeleteAfter 153 | Value: 154 | Ref: DeleteAfter 155 | - Key: VPN 156 | Value: 157 | Fn::Join: 158 | - '' 159 | - - 'Connection to ' 160 | - Ref: RemoteNetworkCidr 161 | PublicRoute: 162 | Condition: IncludePublic 163 | DependsOn: 164 | - VPNConnection 165 | Type: AWS::EC2::Route 166 | Properties: 167 | DestinationCidrBlock: 168 | Ref: RemoteNetworkCidr 169 | GatewayId: 170 | Ref: VPNGateway 171 | RouteTableId: 172 | - Ref: PublicRouteTable 173 | PrivateRoute: 174 | DependsOn: 175 | - VPNConnection 176 | Type: AWS::EC2::Route 177 | Properties: 178 | DestinationCidrBlock: 179 | Ref: RemoteNetworkCidr 180 | GatewayId: 181 | Ref: VPNGateway 182 | RouteTableId: 183 | - Ref: PrivateRouteTable 184 | InboundPublicNetworkAclEntryOfficeNetwork: 185 | Condition: IncludePublic 186 | Type: AWS::EC2::NetworkAclEntry 187 | Properties: 188 | NetworkAclId: 189 | Ref: PublicNetworkAcl 190 | RuleNumber: 191 | Ref: AllowOfficeNetworktoPublicRuleNumber 192 | Protocol: "-1" 193 | RuleAction: allow 194 | Egress: 'false' 195 | CidrBlock: 196 | Ref: RemoteNetworkCidr 197 | PortRange: 198 | From: '0' 199 | To: '65535' 200 | InboundPrivateNetworkAclEntryOfficeNetwork: 201 | Type: AWS::EC2::NetworkAclEntry 202 | Properties: 203 | NetworkAclId: 204 | Ref: PrivateNetworkAcl 205 | RuleNumber: 206 | Ref: AllowOfficeNetworktoPrivateRuleNumber 207 | Protocol: "-1" 208 | RuleAction: allow 209 | Egress: 'false' 210 | CidrBlock: 211 | Ref: RemoteNetworkCidr 212 | PortRange: 213 | From: '0' 214 | To: '65535' 215 | Outputs: 216 | Owner: 217 | Description: Team or Individual that Owns this Formation. 218 | Value: 219 | Ref: Owner 220 | Project: 221 | Description: The project name 222 | Value: 223 | Ref: Project 224 | VPC: 225 | Description: VPC Used 226 | Value: 227 | Ref: VPC 228 | RemoteVpnDeviceIp: 229 | Description: Remote VPN Device IP Used. 230 | Value: 231 | Ref: RemoteVpnDeviceIp 232 | RemoteNetworkCidr: 233 | Description: Remote Network CIDR Used. 234 | Value: 235 | Ref: RemoteNetworkCidr 236 | IncludePublic: 237 | Description: Include Public Subnets? 238 | Value: 239 | Ref: IncludePublicSubnets 240 | AllowOfficeToPublicRuleNumber: 241 | Condition: IncludePublic 242 | Description: Allow Office Network to Public Subnets Rule Number Used. 243 | Value: 244 | Ref: AllowOfficeNetworktoPublicRuleNumber 245 | AllowOfficeToPrivateRuleNumber: 246 | Description: Allow Office Network to Private Subnets Rule Number Used. 247 | Value: 248 | Ref: AllowOfficeNetworktoPrivateRuleNumber 249 | DeleteAfter: 250 | Description: It is ok to delete the Formation after this date 251 | Value: 252 | Ref: DeleteAfter 253 | Metadata: 254 | AWS::CloudFormation::Interface: 255 | ParameterGroups: 256 | - Label: 257 | default: Ownership 258 | Parameters: 259 | - Owner 260 | - Project 261 | - DeleteAfter 262 | - Label: 263 | default: Remote Network Configuration 264 | Parameters: 265 | - RemoteVpnDeviceIp 266 | - RemoteNetworkCidr 267 | - RemoteBgpAsn 268 | - Label: 269 | default: AWS Network Configuration 270 | Parameters: 271 | - VPC 272 | - PrivateRouteTable 273 | - PrivateNetworkAcl 274 | - AllowOfficeNetworktoPrivateRuleNumber 275 | - Label: 276 | default: Include Public Subnet Access (Optional) 277 | Parameters: 278 | - IncludePublicSubnets 279 | - PublicRouteTable 280 | - PublicNetworkAcl 281 | - AllowOfficeNetworktoPublicRuleNumber 282 | ParameterLabels: 283 | Owner: 284 | default: Team or Individual Owner 285 | DeleteAfter: 286 | default: Delete After Date 287 | PublicRouteTable: 288 | default: Public Route Table 289 | PrivateRouteTable: 290 | default: Private Route Table 291 | PublicNetworkAcl: 292 | default: Public Network ACL 293 | PrivateNetworkAcl: 294 | default: Private Network ACL 295 | IncludePublicSubnets: 296 | default: Include Public Subnets? 297 | AllowOfficeNetworktoPublicRuleNumber: 298 | default: Public Rule Number 299 | AllowOfficeNetworktoPrivateRuleNumber: 300 | default: Private Rule Number 301 | RemoteVpnDeviceIp: 302 | default: VPN Device IP 303 | RemoteNetworkCidr: 304 | default: Network CIDR Block 305 | RemoteBgpAsn: 306 | default: VPN Device BGP ASN 307 | --------------------------------------------------------------------------------