@cfn-modules/ec2-instance-amazon-linux

    2.4.0 • Public • Published

    Build Status NPM version

    cfn-modules: AWS EC2 instance (Amazon Linux)

    AWS EC2 instance based on Amazon Linux with a fixed public IP address (Elastic IP), auto recovery, alerting, IAM user SSH access, following an mutable infrastructure approach (root volume is reused in case of auto recovery).

    Install

    Install Node.js and npm first!

    npm i @cfn-modules/ec2-instance-amazon-linux
    

    Usage

    ---
    AWSTemplateFormatVersion: '2010-09-09'
    Description: 'cfn-modules example'
    Resources:
      Instance:
        Type: 'AWS::CloudFormation::Stack'
        Properties:
          Parameters:
            VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
            AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
            BastionModule: !GetAtt 'Bastion.Outputs.StackName' # optional
            HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
            KeyName: '' # optional
            IAMUserSSHAccess: 'false' # optional
            InstanceType: 't2.micro' # optional
            Name: 'test' # optional
            AZChar: 'A' # optional
            SubnetReach: 'Public' # optional
            LogGroupRetentionInDays: '14' # optional
            SubDomainNameWithDot: 'test.' # optional
            UserData: '' # optional
            IngressTcpPort1: '' # optional
            IngressTcpClientSgModule1: '' # optional
            IngressTcpPort2: '' # optional
            IngressTcpClientSgModule2: '' # optional
            IngressTcpPort3: '' # optional
            IngressTcpClientSgModule3: '' # optional
            ClientSgModule1: '' # optional
            ClientSgModule2: '' # optional
            ClientSgModule3: '' # optional
            FileSystemModule1: '' # optional
            VolumeModule1: '' # optional
            AmazonLinuxVersion: '2018.03.0.20180622' # set this to the latest available version!
            ManagedPolicyArns: '' # optional
          TemplateURL: './node_modules/@cfn-modules/ec2-instance-amazon-linux/module.yml'
    

    Examples

    Related modules

    Parameters

    Name Description Default Required? Allowed values
    VpcModule Stack name of vpc module yes
    AlertingModule Stack name of alerting module no
    BastionModule Stack name of module implementing Bastion no
    HostedZoneModule Stack name of module implementing HostedZone no
    KeyName Key name of the Linux user ec2-user to establish a SSH connection to the EC2 instance (update requires replacement of root volume = data loss!) no
    IAMUserSSHAccess Synchronize public keys of IAM users to enable personalized SSH access (https://github.com/widdix/aws-ec2-ssh)? false no [true, false]
    InstanceType The instance type for the EC2 instance t2.micro no
    Name The name for the EC2 instance auto generated value no
    AZChar Availability zone char (update requires replacement of root volume = data loss!) A no [A, B, C]
    SubnetReach Subnet reach (update requires replacement of root volume = data loss!) Public no [Public, Private]
    LogGroupRetentionInDays Specifies the number of days you want to retain log events 14 no [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
    SubDomainNameWithDot Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter! test. no
    UserData Bash script executed on first instance launch no
    IngressTcpPort1 Port allowing ingress TCP traffic no
    IngressTcpClientSgModule1 Stack name of client-sg module that is required to access IngressTcpPort1 (if you leave this blank, IngressTcpPort1 is open to the world 0.0.0.0/0) no
    IngressTcpPort2 Port allowing ingress TCP traffic no
    IngressTcpClientSgModule2 Stack name of client-sg module that is required to access IngressTcpPort2 (if you leave this blank, IngressTcpPort2 is open to the world 0.0.0.0/0) no
    IngressTcpPort3 Port allowing ingress TCP traffic no
    IngressTcpClientSgModule3 Stack name of client-sg module that is required to access IngressTcpPort3 (if you leave this blank, IngressTcpPort3 is open to the world 0.0.0.0/0) no
    ClientSgModule1 Stack name of client-sg module to mark traffic from EC2 instance no
    ClientSgModule2 Stack name of client-sg module to mark traffic from EC2 instance no
    ClientSgModule3 Stack name of client-sg module to mark traffic from EC2 instance no
    FileSystemModule1 Stack name of efs-file-system module mounted to /mnt/efs1/ (update is not supported) no
    VolumeModule1 Stack name of ebs-volume mounted to /mnt/volume1/ (update is not supported) no
    AmazonLinuxVersion Version of Amazon Linux (update requires replacement of root volume = data loss!) 2018.03.0.20180622 no ['2018.03.0.20190514', '2018.03.0.20181116', '2018.03.0.20180622']
    ManagedPolicyArns Comma-delimited list of IAM managed policy ARNs to attach to the instance's IAM role no

    Limitations

    • Highly available: EC2 instances only live in a single AZ by design
    • Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
    • Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
    • Secure: Root volume it not backed up
    • Monitoring: Network In+Out is not monitored according to capacity of instance type

    Migration Guides

    Migrate to v2

    • If SystemsManagerAccess is set to true, we no longer attach the AWS managed policy AmazonEC2RoleforSSM for security reasons. Instead we only allow the SSM agent to communicate with the backend and we enable Session Manager. If you need more permissions, checkout our SSM example.

    Install

    npm i @cfn-modules/ec2-instance-amazon-linux

    DownloadsWeekly Downloads

    2

    Version

    2.4.0

    License

    Apache-2.0

    Unpacked Size

    219 kB

    Total Files

    27

    Last publish

    Collaborators

    • andreaswittig
    • hellomichibye