cf.yaml

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'ipfs pin server'
Parameters:
  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t2.micro
    AllowedValues:
    - t2.micro
  OperatorEMail:
    Description: EMail address to notify if there are any scaling operations
    Type: String
    AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)"
    ConstraintDescription: must be a valid email address.
  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instances
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
  ApiKey:
    Description: An API key for access to setting and removing pins
    Type: String
  SSHLocation:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: '9'
    MaxLength: '18'
    Default: 0.0.0.0/0
    AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Resources:
  S3Role: 
    Type: "AWS::IAM::Role"
    Properties: 
      AssumeRolePolicyDocument: 
        Version: "2012-10-17"
        Statement: 
          - 
            Effect: "Allow"
            Principal: 
              Service: 
                - "ec2.amazonaws.com"
            Action: 
              - "sts:AssumeRole"
      Path: "/"
      Policies: 
        - 
          PolicyName: {"Fn::Join": ["", ["s3", {"Ref": "AWS::Region"}, {"Ref": "Bucket"}]]}
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - 
                Effect: "Allow"
                Action: "*"
                Resource: {"Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "Bucket"}, "/*"]]}
              - 
                Effect: "Allow"
                Action: "*"
                Resource: {"Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "Bucket"}]]}                
                
  InstanceProfile: 
    Type: "AWS::IAM::InstanceProfile"
    Properties: 
      Path: "/"
      Roles: 
        - 
          Ref: "S3Role"
  Bucket:
    Type: AWS::S3::Bucket
  NotificationTopic:
    Type: AWS::SNS::Topic
    Properties:
      Subscription:
      - Endpoint:
          Ref: OperatorEMail
        Protocol: email
  WebServerGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AvailabilityZones:
        Fn::GetAZs: ''
      LaunchConfigurationName:
        Ref: LaunchConfig
      MinSize: '1'
      MaxSize: '1'
      LoadBalancerNames:
      - Ref: ElasticLoadBalancer
      NotificationConfiguration:
        TopicARN:
          Ref: NotificationTopic
        NotificationTypes:
        - autoscaling:EC2_INSTANCE_LAUNCH
        - autoscaling:EC2_INSTANCE_LAUNCH_ERROR
        - autoscaling:EC2_INSTANCE_TERMINATE
        - autoscaling:EC2_INSTANCE_TERMINATE_ERROR
  LaunchConfig:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      KeyName:
        Ref: KeyName
      ImageId: ami-7ed1a006
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      IamInstanceProfile:
        Ref: InstanceProfile
      InstanceType:
        Ref: InstanceType
      UserData:
        Fn::Base64:
          Fn::Join:
          - ""
          - - "#!/bin/bash -xe\n"
            - "wget https://ipfs.io/ipfs/QmcWZbsRZDuxyPLciSVt3Q1zqowpv2MJBMwYX5AZCh2t9j -O /tmp/startup\n"
            - "chmod +x /tmp/startup\n"
            - "sudo -u ubuntu /tmp/startup "
            - {Ref: ApiKey}
            - " "
            - {Ref: Bucket}
  ElasticLoadBalancer:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    Properties:
      AvailabilityZones:
        Fn::GetAZs: ''
      CrossZone: 'true'
      Listeners:
      - LoadBalancerPort: '443'
        InstancePort: '443'
        Protocol: TCP
      SecurityGroups:
      - Fn::GetAtt: 
        - ELBSecurityGroup
        - GroupId
      HealthCheck:
        Target: TCP:443
        HealthyThreshold: '3'
        UnhealthyThreshold: '5'
        Interval: '30'
        Timeout: '5'
  ELBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable HTTPS from everywhere
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '443'
        ToPort: '443'
        CidrIp: 0.0.0.0/0
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access and HTTP from the load balancer only
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp:
          Ref: SSHLocation
      - IpProtocol: tcp
        FromPort: '443'
        ToPort: '443'
        SourceSecurityGroupOwnerId:
          Fn::GetAtt:
          - ElasticLoadBalancer
          - SourceSecurityGroup.OwnerAlias
        SourceSecurityGroupName:
          Fn::GetAtt:
          - ElasticLoadBalancer
          - SourceSecurityGroup.GroupName
Outputs:
  URL:
    Description: The URL of the website
    Value:
      Fn::Join:
      - ''
      - - https://
        - Fn::GetAtt:
          - ElasticLoadBalancer
          - DNSName