{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "wombat", "Parameters": { "AvailabilityZone": { "Description": "Availability Zone", "Type": "String", "Default": "<%= @availability_zone %>" }, "DemoName": { "Description": "Name of the customer or organization", "Type": "String", "Default": "<%= @demo %>" }, "Version": { "Description": "Version", "Type": "String", "Default": "<%= @version %>" }, "KeyName": { "Description": "Name of an existing ec2 KeyPair to enable SSH access", "Type": "AWS::EC2::KeyPair::KeyName", "ConstraintDescription": "must be the name of an existing EC2 KeyPair." }, "SSHLocation": { "Description": "The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, "TTL": { "Description": "Time in hours for the demo to stay active. Default is 4, maximum is 720 hours (30 days).", "Type": "Number", "Default": <%= @ttl %>, "MinValue": 0, "MaxValue": 720 }, "ChefServerAMI": { "Type": "String", "Default": "<%= @chef_server_ami %>", "Description": "AMI ID for the Chef Server" }, "ComplianceAMI": { "Type": "String", "Default": "<%= @compliance_ami %>", "Description": "AMI ID for the Compliance Server" }, <% 1.upto(@build_nodes) do |i| -%> "BuildNode<%= i.to_s %>AMI": { "Type": "String", "Default": "<%= @build_node_ami[i] %>", "Description": "AMI ID for Build Node <%= i %>" }, <% end -%> <% @infra.each do |name, ami| -%> "<%= name %>AMI": { "Type": "String", "Default": "<%= ami %>", "Description": "AMI ID for <%= name %>" }, <% end -%> <% 1.upto(@workstations) do |i| -%> "WindowsWorkstation<%= i.to_s %>AMI": { "Type": "String", "Default": "<%= @workstation_ami[i] %>", "Description": "AMI ID for the Windows Workstation" }, <% end -%> "AutomateAMI": { "Type": "String", "Default": "<%= @automate_ami %>", "Description": "AMI ID for the Automate Server" } }, "Resources": { <% if @iam_roles -%> "InstanceProfile" : { "Type" : "AWS::IAM::InstanceProfile", "Properties" : { "Path" : "/", "Roles" : <%= @iam_roles %> } }, <% end -%> "VPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "172.31.0.0/16", "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "VPC" ] ] } } ] } }, "SubnetAutomate": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Ref": "AvailabilityZone" }, "VpcId": { "Ref": "VPC" }, "CidrBlock": "172.31.54.0/24", "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Automate Subnet" ] ] } } ] } }, "SubnetProd": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Ref": "AvailabilityZone" }, "VpcId": { "Ref": "VPC" }, "CidrBlock": "172.31.62.0/24", "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Prod Subnet" ] ] } } ] } }, "SubnetWorkstations": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Ref": "AvailabilityZone" }, "VpcId": { "Ref": "VPC" }, "CidrBlock": "172.31.10.0/24", "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Workstations Subnet" ] ] } } ] } }, "InternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, " IG" ] ] } } ] } }, "AttachGateway": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPC" }, "InternetGatewayId": { "Ref": "InternetGateway" } } }, "RouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Demo RouteTable" ] ] } } ] } }, "Route": { "Type": "AWS::EC2::Route", "DependsOn": "AttachGateway", "Properties": { "RouteTableId": { "Ref": "RouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "InternetGateway" } } }, "SubnetRouteTableAssociationAutomate": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "SubnetAutomate" }, "RouteTableId": { "Ref": "RouteTable" } } }, "SubnetRouteTableAssociationProd": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "SubnetProd" }, "RouteTableId": { "Ref": "RouteTable" } } }, "SubnetRouteTableAssociationWorkstations": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "SubnetWorkstations" }, "RouteTableId": { "Ref": "RouteTable" } } }, "NetworkAcl": { "Type": "AWS::EC2::NetworkAcl", "Properties": { "VpcId": { "Ref": "VPC" }, "Tags": [ { "Key": "Application", "Value": { "Ref": "AWS::StackId" }, "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "NetworkAcl" ] ] } } ] } }, "InboundNetworkAclEntry": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "100", "Protocol": "-1", "RuleAction": "allow", "Egress": "false", "CidrBlock": "0.0.0.0/0" } }, "OutBoundNetworkAclEntry": { "Type": "AWS::EC2::NetworkAclEntry", "Properties": { "NetworkAclId": { "Ref": "NetworkAcl" }, "RuleNumber": "100", "Protocol": "-1", "RuleAction": "allow", "Egress": "true", "CidrBlock": "0.0.0.0/0" } }, "SubnetNetworkAclAssociationAutomate": { "Type": "AWS::EC2::SubnetNetworkAclAssociation", "Properties": { "SubnetId": { "Ref": "SubnetAutomate" }, "NetworkAclId": { "Ref": "NetworkAcl" } } }, "SubnetNetworkAclAssociationProd": { "Type": "AWS::EC2::SubnetNetworkAclAssociation", "Properties": { "SubnetId": { "Ref": "SubnetProd" }, "NetworkAclId": { "Ref": "NetworkAcl" } } }, "SubnetNetworkAclAssociationPOCWorkstations": { "Type": "AWS::EC2::SubnetNetworkAclAssociation", "Properties": { "SubnetId": { "Ref": "SubnetWorkstations" }, "NetworkAclId": { "Ref": "NetworkAcl" } } }, <% 1.upto(@workstations) do |i| -%> "WindowsWorkstation<%= i.to_s %>": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "m3.large", <% if @iam_roles -%> "IamInstanceProfile" : {"Ref" : "InstanceProfile"}, <% end -%> "AvailabilityZone": { "Ref": "AvailabilityZone" }, "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "DemoSecurityGroup" } ], "AssociatePublicIpAddress": "true", "PrivateIpAddress": "172.31.54.<%= 200 + i %>", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "SubnetAutomate" } } ], "KeyName": { "Ref": "KeyName" }, "ImageId": { "Ref": "WindowsWorkstation<%= i.to_s %>AMI" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Workstation" ] ] } } ] } }, <% end -%> <% 1.upto(@build_nodes) do |i| -%> "BuildNode<%= i.to_s %>": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "m3.large", "AvailabilityZone": { "Ref": "AvailabilityZone" }, "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "DemoSecurityGroup" } ], "AssociatePublicIpAddress": "true", "PrivateIpAddress": "172.31.54.<%= 50 + i %>", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "SubnetAutomate" } } ], "KeyName": { "Ref": "KeyName" }, "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "hostnamectl set-hostname build-node-<%= i.to_s %>\n"]]} }, "ImageId": { "Ref": "BuildNode<%= i.to_s %>AMI" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Build Node <%= i.to_s %>" ] ] } } ] } }, <% end -%> <% @infra.sort.each do |name, _ami| -%> "<%= name %>": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "m3.large", "AvailabilityZone": { "Ref": "AvailabilityZone" }, "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "DemoSecurityGroup" } ], "AssociatePublicIpAddress": "true", "PrivateIpAddress": "172.31.54.<%= 101 + @infra.keys.find_index(name) %>", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "SubnetAutomate" } } ], "KeyName": { "Ref": "KeyName" }, "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "hostnamectl set-hostname <%= name %>\n"]]} }, "ImageId": { "Ref": "<%= name %>AMI" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "<%= name %>" ] ] } } ] } }, <% end -%> "Chef": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "c3.xlarge", "AvailabilityZone": { "Ref": "AvailabilityZone" }, "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sda1", "Ebs" : { "VolumeSize" : "50" } } ], "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "DemoSecurityGroup" } ], "AssociatePublicIpAddress": "true", "PrivateIpAddress": "172.31.54.10", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "SubnetAutomate" } } ], "KeyName": { "Ref": "KeyName" }, "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "hostnamectl set-hostname chef\n", "chef-server-ctl reconfigure\n"]]} }, "ImageId": { "Ref": "ChefServerAMI" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Chef Server" ] ] } } ] } }, "Automate": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "c3.xlarge", "AvailabilityZone": { "Ref": "AvailabilityZone" }, "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sda1", "Ebs" : { "VolumeSize" : "50" } } ] , "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "DemoSecurityGroup" } ], "AssociatePublicIpAddress": "true", "PrivateIpAddress": "172.31.54.11", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "SubnetAutomate" } } ], "KeyName": { "Ref": "KeyName" }, "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "hostnamectl set-hostname automate\n", "delivery-ctl reconfigure\n"]]} }, "ImageId": { "Ref": "AutomateAMI" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Automate Server" ] ] } } ] } }, "Compliance": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "c3.large", "AvailabilityZone": { "Ref": "AvailabilityZone" }, "BlockDeviceMappings" : [ { "DeviceName" : "/dev/sda1", "Ebs" : { "VolumeSize" : "8" } } ] , "NetworkInterfaces": [ { "GroupSet": [ { "Ref": "DemoSecurityGroup" } ], "AssociatePublicIpAddress": "true", "PrivateIpAddress": "172.31.54.12", "DeviceIndex": "0", "DeleteOnTermination": "true", "SubnetId": { "Ref": "SubnetAutomate" } } ], "KeyName": { "Ref": "KeyName" }, "UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "hostnamectl set-hostname compliance\n", "chef-compliance-ctl reconfigure\n"]]} }, "ImageId": { "Ref": "ComplianceAMI" }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join" : [ " ", [ { "Ref": "DemoName" }, "Compliance Server" ] ] } } ] } }, "DemoSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "VPC" }, "GroupDescription": "Enable required ports for Chef Server", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": { "Ref": "SSHLocation" } }, { "IpProtocol": "tcp", "FromPort": "0", "ToPort": "65535", "CidrIp": "172.31.0.0/16" }, { "IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "tcp", "FromPort": "443", "ToPort": "443", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }, { "IpProtocol": "udp", "FromPort": "3389", "ToPort": "3389", "CidrIp": "0.0.0.0/0" } ] } } }, "Outputs": <% workstations_hash = {} -%> <% 1.upto(@workstations) do |i| workstations_hash["WindowsWorkstation#{i.to_s}PubDNS"] = { "Description" => "Public IP address of the Windows Workstation", "Value" => { "Fn::GetAtt" => [ "WindowsWorkstation#{i.to_s}", "PublicIp" ] } } end -%> <%= workstations_hash.to_json %> }