Amazon Linux 2をCFnでデプロイするときのコードサンプル

2021-05-29 - 読み終える時間: 5 分

なんてことは無いのだが、メモ。

コード全文

{
  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "a test env template. atest-stack-02",

  "Parameters" : {
    "mg1EIPParam" : {
      "Type" : "String",
      "Default" : "255.255.255.255",
      "Description" : "as Global IP"
    },
    "endpointEC2Param" : {
      "Type" : "String",
      "Default" : "vpce-XXXX.ec2.ap-northeast-1.vpce.amazonaws.com",
      "Description" : "as PrivateLink DNS Name"
    }
  },

  "serverENI" : {
    "Type" : "AWS::EC2::NetworkInterface",
    "Properties" : {
      "Description" : "server-eth0",
      "GroupSet" : [
      {
        "Fn::ImportValue" : { "Fn::Sub" : "stack-01-SG01" }
      }
      ],
      "PrivateIpAddress" : "192.168.1.11",
      "SourceDestCheck" : "false",
      "SubnetId" : { "Fn::ImportValue" : { "Fn::Sub" : "stack-01-SubnetAPublic" }},
      "Tags" : [
      {
        "Key" : "Name",
        "Value" : "server-eth0"
      },
      {
        "Key" : "APP",
        "Value" : "atest.test"
      }
      ]
    }
  },
  "serverInstance" : {
    "Type" : "AWS::EC2::Instance",
    "Properties" : {
      "AvailabilityZone" : "ap-northeast-1a",
      "BlockDeviceMappings" : [
      {
        "DeviceName" : "/dev/xvda",
        "Ebs" : { "DeleteOnTermination" : "true", "Encrypted" : "false", "VolumeSize" : "10", "VolumeType" : "gp2" }
      }
      ],
      "EbsOptimized" : "true",
      "IamInstanceProfile" : "atestTagProfile",
      "ImageId" : "ami-058d2967d775357af",
      "InstanceInitiatedShutdownBehavior" : "stop",
      "InstanceType" : "t3a.nano",
      "KeyName" : "atest-defkey",
      "Monitoring" : "false",
      "NetworkInterfaces" : [
      {
        "DeleteOnTermination" : "false",
        "DeviceIndex" : "0",
        "NetworkInterfaceId" : { "Ref" : "serverENI" }
      }
      ],
      "Tags" : [
      {
        "Key" : "Name",
        "Value" : "server"
      },
      {
        "Key" : "APP",
        "Value" : "atest.test"
      }
      ],
      "Tenancy" : "default",
      "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
        "#cloud-config\n",
        "#vim:syntax=yaml\n",
        "users:\n",
        "# A user by the name `ec2-user` is created in the image by default.\n",
        "  - default\n",
        "  - name: atestadmin\n",
        "    gecos: 'amazonLinux2 admin'\n",
        "    groups: wheel\n",
        "    sudo: ['ALL=(ALL) NOPASSWD:ALL']\n",
        "    ssh-authorized-keys:\n",
        "    - ssh-rsa [YOUR PUBLIC KEY]\n",
        "    lock_passwd: true\n",
        "chpasswd:\n",
        "  list: |\n",
        "    ec2-user:atest.aws-dummyMasterUser\n",
        "# In the above line, do not add any spaces after 'ec2-user:'.\n",
        "  - path: /etc/resolv.conf\n",
        "    content: |\n",
        "      ; generated by /usr/sbin/dhclient-script\n",
        "      search ap-northeast-1.compute.internal\n",
        "      search atest.test\n",
        "      options timeout:2 attempts:5\n",
        "      nameserver 192.168.1.9\n",
        "write_files:\n",
        "  - path: /etc/cloud/cloud.cfg.d/80_disable_network_after_firstboot.cfg\n",
        "    content: |\n",
        "      # Disable network configuration after first boot\n",
        "      manage_resolv_conf: false\n",
        "      network:\n",
        "        config: disabled\n",
        "  - path: /tmp/awscli-def.config\n",
        "    content: |\n",
        "      \n",
        "      \n",
        "      ap-northeast-1\n",
        "      json\n",
        "ssh_deletekeys: true\n",
        "ssh_keys:\n",
        "    rsa_public: [YOUR PUBLIC KEY]\n",
        "packages:\n",
        "  - lvm2.x86_64\n",
        "  - expect.x86_64\n",
        "runcmd:\n",
        "  - hostnamectl set-hostname server.atest.test\n",
        "  - aws configure < /tmp/awscli-def.config\n",
        "  - AWS_AVAIL_ZONE=$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone)\n",
        "  - AWS_REGION=${AWS_AVAIL_ZONE::-1}\n",
        "  - AWS_INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)\n",
        "  - AWS_ENDPOINT=",{ "Ref" : "endpointEC2Param" },"\n",
        "  - ROOT_VOLUME_IDS=$(aws --endpoint-url https://$AWS_ENDPOINT/ ec2 describe-instances --region $AWS_REGION --instance-id $AWS_INSTANCE_ID --output text --query Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)\n",
        "  - aws --endpoint-url https://$AWS_ENDPOINT/ ec2 create-tags --resources $ROOT_VOLUME_IDS --region $AWS_REGION --tags Key=Name,Value=server\n",
        "  - aws --endpoint-url https://$AWS_ENDPOINT/ ec2 create-tags --resources $ROOT_VOLUME_IDS --region $AWS_REGION --tags Key=APP,Value=atest.test\n",
        "disable_root: true\n"
      ]]}}
    }
  },
  "serverVol1" : {
    "Type" : "AWS::EC2::Volume",
    "Properties" : {
      "AvailabilityZone" : "ap-northeast-1a",
      "Encrypted" : "false",
      "SnapshotId" : "[YOUR SNAPSHOT ID]",
      "Size" : "5",
      "Tags" : [
      {
        "Key" : "Name",
        "Value" : "server-storage"
      },
      {
        "Key" : "APP",
        "Value" : "atest.test"
      }
      ],
      "VolumeType" : "gp2"
    }
  },
  "serverVol1Attach" : {
    "Type" : "AWS::EC2::VolumeAttachment",
    "Properties" : {
      "Device" : "/dev/xvdb",
      "InstanceId" : { "Ref" : "serverInstance" },
      "VolumeId" : { "Ref" : "serverVol1" }
    }
  },
  "Outputs" : {
    "EXPserverInstance" : {
      "Description" : "Export serverInstance",
      "Value" : { "Ref" : "serverInstance" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-server" }}
    }
  }
}