{ "Resources": { "BaseImageGeneratorSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Allow the application instances to access the NAT device", "VpcId" : { "Ref" : "VPC" }, "SecurityGroupIngress": [ {"IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0"} ], "SecurityGroupEgress": [ {"IpProtocol": "-1", "CidrIp": "0.0.0.0/0"} ] } }, "BaseImageGenerator" : { "Type" : "AWS::EC2::Instance", "Metadata": { "AWS::CloudFormation::Init": {} }, "Properties" : { "InstanceType": "m3.large", "ImageId": {"Ref": "BaseAMIVar"}, "KeyName": {"Ref": "IAMKeypairNameVar"}, "NetworkInterfaces": [{ "DeviceIndex": "0", "AssociatePublicIpAddress": "true", "DeleteOnTermination": "true", "SubnetId": {"Ref": "PublicSubnet"}, "GroupSet" : [{"Ref" : "BaseImageGeneratorSecurityGroup"}] }], "BlockDeviceMappings": [ {"DeviceName": "/dev/xvdc", "Ebs": { "VolumeSize": "5", "VolumeType" : "gp2" }}, {"DeviceName": "/dev/xvdd", "Ebs": { "VolumeSize": "50", "VolumeType" : "gp2" }} ], "UserData": {"Fn::Base64": {"Fn::Join": ["", [ "#!/bin/bash\n", "export AWS_REGION='", {"Ref": "AWS::Region"}, "'\n", "export AWS_STACK_NAME='", {"Ref": "AWS::StackName"}, "'\n", "export AWS_INSTANCE_LOGICAL_NAME='BaseImageGenerator'\n", {"Ref": "UserDataEnvironmentVar"}, "\n", {"Ref": "BaseImageGeneratorRoleScriptVar"}, "\n" ]]}} } } } }