-
Notifications
You must be signed in to change notification settings - Fork 0
/
fullstack-node.yaml
88 lines (79 loc) · 2.23 KB
/
fullstack-node.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
Description: Node.js server
Parameters:
# User data (shell script run on instance launch) is added to
# UserDataFile parameter from bash file by start_stack script
UserDataFile:
Type: String
Resources:
NodeServer:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.nano
ImageId: ami-08e4e35cccc6189f4
IamInstanceProfile: !Ref SSMCoreInstanceProfile
SecurityGroups:
- !Ref SSHSecurityGroup
- !Ref HTTPSecurityGroup
- !Ref HTTPSSecurityGroup
KeyName: EC2ServerKey
UserData: !Ref UserDataFile
NodeEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref NodeServer
SSHSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: SSHGroup
GroupDescription: Enable SSH access to instances via port 22
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 22
ToPort: 22
IpProtocol: tcp
HTTPSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: EC2HTTPGroup
GroupDescription: Enable HTTP traffic to instances via port 80
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 80
ToPort: 80
IpProtocol: tcp
HTTPSSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: EC2HTTPSGroup
GroupDescription: Enable HTTPS traffic to instances via port 443
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 443
ToPort: 443
IpProtocol: tcp
SSMCoreInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: SSMCoreProfile
Roles:
- !Ref SSMCoreIAMRole
SSMCoreIAMRole:
Type: AWS::IAM::Role
Properties:
RoleName: SSMCore
Description: Allow EC2 instance to access SSM
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
Outputs:
InstanceIPAddress:
Description: Public IP address of EC2 instance
Value: !Ref NodeEIP