@cfn-modules/ec2-instance-amazon-linux2 NPM

cfn-modules: AWS EC2 instance (Amazon Linux 2)

AWS EC2 instance based on Amazon Linux 2 with a fixed public IP address (Elastic IP), auto recovery, alerting, IAM user SSH access, following an mutable infrastructure approach (root volume is reused in case of auto recovery).

Install

Install Node.js and npm first!

npm i @cfn-modules/ec2-instance-amazon-linux2

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Instance:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
        BastionModule: !GetAtt 'Bastion.Outputs.StackName' # optional
        HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
        KeyName: '' # optional
        IAMUserSSHAccess: 'false' # optional
        SystemsManagerAccess: 'true' # optional
        InstanceType: 't2.micro' # optional
        Name: 'test' # optional
        AZChar: 'A' # optional
        SubnetReach: 'Public' # optional
        LogGroupRetentionInDays: '14' # optional
        SubDomainNameWithDot: 'test.' # optional
        UserData: '' # optional
        IngressTcpPort1: '' # optional
        IngressTcpClientSgModule1: '' # optional
        IngressTcpPort2: '' # optional
        IngressTcpClientSgModule2: '' # optional
        IngressTcpPort3: '' # optional
        IngressTcpClientSgModule3: '' # optional
        ClientSgModule1: '' # optional
        ClientSgModule2: '' # optional
        ClientSgModule3: '' # optional
        FileSystemModule1: '' # optional
        VolumeModule1: '' # optional
        AmazonLinux2Version: '2.0.20180622.1' # set this to the latest available version!
        ManagedPolicyArns: '' # optional
      TemplateURL: './node_modules/@cfn-modules/ec2-instance-amazon-linux2/module.yml'

Examples

ec2-ssm

Related modules

Parameters

Limitations

Highly available: EC2 instances only live in a single AZ by design
Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
Secure: Root volume it not backed up
Monitoring: Network In+Out is not monitored according to capacity of instance type

Migration Guides

Migrate to v2

If SystemsManagerAccess is set to true, we no longer attach the AWS managed policy AmazonEC2RoleforSSM for security reasons. Instead we only allow the SSM agent to communicate with the backend and we enable Session Manager. If you need more permissions, checkout our SSM example.