@cfn-modules/ec2-instance-amazon-linux2
v2.4.0
Published
AWS EC2 instance based on Amazon Linux 2 with a fixed public IP address (Elastic IP), auto recovery, alerting, IAM user SSH access, following an mutable infrastructure approach (root volume is reused in case of auto recovery).
Downloads
115
Readme
cfn-modules: AWS EC2 instance (Amazon Linux 2)
AWS EC2 instance based on Amazon Linux 2 with a fixed public IP address (Elastic IP), auto recovery, alerting, IAM user SSH access, following an mutable infrastructure approach (root volume is reused in case of auto recovery).
Install
Install Node.js and npm first!
npm i @cfn-modules/ec2-instance-amazon-linux2
Usage
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Instance:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
BastionModule: !GetAtt 'Bastion.Outputs.StackName' # optional
HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
KeyName: '' # optional
IAMUserSSHAccess: 'false' # optional
SystemsManagerAccess: 'true' # optional
InstanceType: 't2.micro' # optional
Name: 'test' # optional
AZChar: 'A' # optional
SubnetReach: 'Public' # optional
LogGroupRetentionInDays: '14' # optional
SubDomainNameWithDot: 'test.' # optional
UserData: '' # optional
IngressTcpPort1: '' # optional
IngressTcpClientSgModule1: '' # optional
IngressTcpPort2: '' # optional
IngressTcpClientSgModule2: '' # optional
IngressTcpPort3: '' # optional
IngressTcpClientSgModule3: '' # optional
ClientSgModule1: '' # optional
ClientSgModule2: '' # optional
ClientSgModule3: '' # optional
FileSystemModule1: '' # optional
VolumeModule1: '' # optional
AmazonLinux2Version: '2.0.20180622.1' # set this to the latest available version!
ManagedPolicyArns: '' # optional
TemplateURL: './node_modules/@cfn-modules/ec2-instance-amazon-linux2/module.yml'
Examples
Related modules
Parameters
Limitations
- Highly available: EC2 instances only live in a single AZ by design
- Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
- Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
- Secure: Root volume it not backed up
- Monitoring: Network In+Out is not monitored according to capacity of instance type
Migration Guides
Migrate to v2
- If
SystemsManagerAccess
is set totrue
, we no longer attach the AWS managed policyAmazonEC2RoleforSSM
for security reasons. Instead we only allow the SSM agent to communicate with the backend and we enable Session Manager. If you need more permissions, checkout our SSM example.