app/cloudformation-templates/default.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"HaloAgentKey": {
"Type": "String",
"Description": "CloudPassage Halo Agent Install Key"
},
"KeyName": {
"Type": "AWS::EC2::KeyPair::KeyName",
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the EC2 instances"
},
"ServerAMI": {
"Type": "String",
"Description": "AMI ID of server"
},
"ServerCount": {
"Type": "String",
"Description": "How many instances to provision"
},
"HaloServerTag": {
"Type": "String",
"Description": "Server tag for group placement"
},
"InstanceType": {
"Description": "The EC2 instance type",
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"t2.micro",
"t2.small"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"HaloServerLabel": {
"Description": "Server label to be used when registering with Halo.",
"Type": "String",
"Default": "Halo Test"
},
"CLICommand": {
"Description": "Base-64 encoded command to be run on boot.",
"Type": "String",
"Default": "Cg=="
},
"SSHLocation": {
"Description": " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.98.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true"
}
},
"Subnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.98.0.0/24"
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway"
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
}
},
"RouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
}
}
},
"Route": {
"Type": "AWS::EC2::Route",
"DependsOn": "AttachGateway",
"Properties": {
"RouteTableId": {
"Ref": "RouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"SubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "Subnet"
},
"RouteTableId": {
"Ref": "RouteTable"
}
}
},
"NetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC"
}
}
},
"InboundHTTPNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "NetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "80",
"To": "80"
}
}
},
"InboundSSHNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "NetworkAcl"
},
"RuleNumber": "101",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "22",
"To": "22"
}
}
},
"InboundResponsePortsNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "NetworkAcl"
},
"RuleNumber": "102",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "1024",
"To": "65535"
}
}
},
"OutBoundHTTPNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "NetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "80",
"To": "80"
}
}
},
"OutBoundHTTPSNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "NetworkAcl"
},
"RuleNumber": "101",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "443",
"To": "443"
}
}
},
"OutBoundResponsePortsNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "NetworkAcl"
},
"RuleNumber": "102",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "1024",
"To": "65535"
}
}
},
"SubnetNetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "Subnet"
},
"NetworkAclId": {
"Ref": "NetworkAcl"
}
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"GroupDescription": "Security group for all Halo resources",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "3306",
"ToPort": "3306",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"AllowTrafficInSecGroup": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "InstanceSecurityGroup"
},
"IpProtocol": "-1",
"FromPort": "1",
"ToPort": "65535",
"SourceSecurityGroupId": {
"Ref": "InstanceSecurityGroup"
}
}
},
"ServerAutoScalingGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"VPCZoneIdentifier": [
{
"Ref": "Subnet"
}
],
"LaunchConfigurationName": {
"Ref": "ServerLaunchConfig"
},
"MinSize": "1",
"MaxSize": "10",
"DesiredCapacity": {
"Ref": "ServerCount"
}
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT15M"
}
},
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MinInstancesInService": "1",
"MaxBatchSize": "1",
"PauseTime": "PT12M",
"WaitOnResourceSignals": "False"
}
}
},
"ServerLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"DependsOn": [
"VPC"
],
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"base_config": [
"install_cfn",
"install_halo",
"run_optional"
]
},
"install_cfn": {
"files": {
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.WebServer.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource ServerLaunchConfig ",
" --configsets base_config ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
}
},
"services": {
"sysvinit": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}
},
"install_halo": {
"files": {
"/tmp/installHalo.sh": {
"content": {
"Fn::Join": [
"",
[ "which yum \n",
"if [ $? -eq 0 ]; then\n",
" echo \"[cloudpassage]\" > /etc/yum.repos.d/cloudpassage.repo\n",
" echo \"name=CloudPassage\" >> /etc/yum.repos.d/cloudpassage.repo\n",
" echo \"baseurl=http://packages.cloudpassage.com/redhat/\\$basearch\" >> /etc/yum.repos.d/cloudpassage.repo\n",
" echo \"gpgcheck=1\" >> /etc/yum.repos.d/cloudpassage.repo\n",
" rpm --import http://packages.cloudpassage.com/cloudpassage.packages.key\n",
" yum check-update\n",
" yum -y install cphalo\n",
"else\n",
" echo \"deb https://production.packages.cloudpassage.com/debian debian main\" > /etc/apt/sources.list.d/cloudpassage.list\n",
" curl https://production.packages.cloudpassage.com/cloudpassage.packages.key | sudo apt-key add -\n",
" sudo apt-get update > /dev/null \n",
" sudo apt-get -y install cphalo\n",
"fi\n",
"/opt/cloudpassage/bin/configure --agent-key=",
{
"Ref": "HaloAgentKey"
},
" --tag=",
{
"Ref": "HaloServerTag"
},
" --server-label=\"",
{
"Ref": "HaloServerLabel"
},
"\"",
"\n",
"/etc/init.d/cphalod start"
]
]
},
"mode": "000755",
"owner": "root",
"group": "root"
}
},
"commands": {
"01_install_halo": {
"command": "/tmp/installHalo.sh"
}
}
},
"run_optional": {
"files": {
"/tmp/run_optional.b64": {
"content": {
"Fn::Join": [
"",
[
{
"Ref": "CLICommand"
}
]
]
},
"mode": "000600",
"owner": "root",
"group": "root"
}
},
"commands": {
"run_optional": {
"command": "cat /tmp/run_optional.b64 | base64 -d | /bin/sh"
}
}
}
}
},
"Properties": {
"ImageId": {
"Ref": "ServerAMI"
},
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroups": [
{
"Ref": "InstanceSecurityGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"AssociatePublicIpAddress": "true",
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"if [ -e /usr/bin/rpm ]; then\n",
" rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm || echo \"Not installing EPEL\" \n",
" yum install -y python-pip pystache python-daemon\n",
" pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz || echo \"Not installing aws-cfn-bootstrap\"\n",
" ln -s /usr/init/redhat/cfn-hup /etc/rc.d/init.d/cfn-hup\n",
" mkdir -p /opt/aws/bin/\n",
" ln -s /usr/bin/cfn-hup /opt/aws/bin/cfn-hup\n",
" chmod 755 /opt/aws/bin/cfn-hup\n",
" chmod 755 /etc/rc.d/init.d/cfn-hup\n",
" chkconfig --add cfn-hup \n",
" chkconfig cfn-hup on \n",
"else\n",
" apt-get update && apt-get install -y python-pip\n",
" pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
" ln -s /usr/local/init/ubuntu/cfn-hup /etc/init.d/cfn-hup\n",
" chmod 755 /etc/init.d/cfn-hup \n",
" update-rc.d cfn-hup defaults \n",
" update-rc.d cfn-hup enable \n",
"fi\n",
"cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource ServerLaunchConfig ",
" --configsets base_config ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource ServerAutoScalingGroup ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT15M"
}
}
}
},
"Outputs": {}
}