AWSTemplateFormatVersion: "2010-09-09"
Description: "CloudFormation template to create an EC2 instance with security group and IAM role with S3 and CloudWatch access."
Parameters:
VpcId:
Type: AWS::EC2::VPC::Id
Description: VPC ID where the instance will be deployed.
SubnetId:
Type: AWS::EC2::Subnet::Id
Description: Subnet ID where the instance will be launched.
AmiId:
Type: AWS::EC2::Image::Id
Description: AMI ID for the EC2 instance.
InstanceType:
Type: String
Default: t3.micro
AllowedValues:
- t2.micro
- t2.small
- t3.micro
- t3.small
Description: EC2 instance type.
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Key pair for SSH access.
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref AmiId
InstanceType: !Ref InstanceType
SubnetId: !Ref SubnetId
SecurityGroupIds:
- !Ref InstanceSecurityGroup
KeyName: !Ref KeyName
IamInstanceProfile: !Ref EC2InstanceProfile
Tags:
- Key: Name
Value: CF-EC2-Instance
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable SSH and HTTP access
VpcId: !Ref VpcId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
EC2IAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: ec2.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: S3CloudWatchAccess
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:ListBucket"
- "s3:GetObject"
Resource: "*"
- Effect: Allow
Action:
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "logs:DescribeLogStreams"
Resource: "*"
EC2InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref EC2IAMRole
No comments:
Post a Comment