{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "AWS CloudFormation Sample Template S3Bucket_Auth_1: Simple test template showing how to get a file from a private S3 bucket onto an EC2 instance using authenticated GetObject requests. In this template the credentials used to access the bucket are defined and attached in the AWS::CloudFormation::Authentication section. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters" : { "KeyName": { "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "String", "MinLength": "1", "MaxLength": "255", "AllowedPattern" : "[\\x20-\\x7E]*", "ConstraintDescription" : "can contain only ASCII characters." }, "InstanceType" : { "Description" : "WebServer EC2 instance type", "Type" : "String", "Default" : "m1.small", "AllowedValues" : [ "t1.micro", "m1.small", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge","m3.xlarge", "m3.2xlarge", "c1.medium", "c1.xlarge", "cc1.4xlarge" ], "ConstraintDescription" : "must be a valid EC2 instance type." }, "BucketName" : { "Description" : "Name of bucket containing index.html", "Type" : "String" }, "SSHLocation" : { "Description" : " The IP address range that can be used to SSH to the EC2 instances", "Type": "String", "MinLength": "9", "MaxLength": "18", "Default": "0.0.0.0/0", "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." } }, "Mappings" : { "AWSInstanceType2Arch" : { "t1.micro" : { "Arch" : "32" }, "m1.small" : { "Arch" : "32" }, "m1.large" : { "Arch" : "64" }, "m1.xlarge" : { "Arch" : "64" }, "m2.xlarge" : { "Arch" : "64" }, "m2.2xlarge" : { "Arch" : "64" }, "m2.4xlarge" : { "Arch" : "64" }, "m3.xlarge" : { "Arch" : "64" }, "m3.2xlarge" : { "Arch" : "64" }, "c1.medium" : { "Arch" : "32" }, "c1.xlarge" : { "Arch" : "64" }, "cc1.4xlarge" : { "Arch" : "64" } }, "AWSRegionArch2AMI" : { "us-east-1" : { "32" : "ami-7f418316", "64" : "ami-7341831a" }, "us-west-1" : { "32" : "ami-951945d0", "64" : "ami-971945d2" }, "us-west-2" : { "32" : "ami-16fd7026", "64" : "ami-10fd7020" }, "eu-west-1" : { "32" : "ami-24506250", "64" : "ami-20506254" }, "sa-east-1" : { "32" : "ami-3e3be423", "64" : "ami-3c3be421" }, "ap-southeast-1" : { "32" : "ami-74dda626", "64" : "ami-7edda62c" }, "ap-southeast-2" : { "32" : "ami-b3990e89", "64" : "ami-bd990e87" }, "ap-northeast-1" : { "32" : "ami-dcfa4edd", "64" : "ami-e8fa4ee9" } } }, "Resources" : { "CfnUser" : { "Type" : "AWS::IAM::User", "Properties" : { "Path": "/", "Policies": [{ "PolicyName": "root", "PolicyDocument": { "Statement":[{ "Effect" : "Allow", "Action" : [ "cloudformation:DescribeStackResource", "s3:GetObject" ], "Resource" :"*" }]} }] } }, "CfnKeys" : { "Type" : "AWS::IAM::AccessKey", "Properties" : { "UserName" : {"Ref": "CfnUser"} } }, "BucketPolicy" : { "Type" : "AWS::S3::BucketPolicy", "Properties" : { "PolicyDocument": { "Version" : "2008-10-17", "Id" : "MyPolicy", "Statement" : [{ "Sid" : "ReadAccess", "Action" : ["s3:GetObject"], "Effect" : "Allow", "Resource" : { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "BucketName" }, "/*"]]}, "Principal" : { "AWS": {"Fn::GetAtt" : ["CfnUser", "Arn"]} } }] }, "Bucket" : { "Ref" : "BucketName" } } }, "WebServer": { "Type": "AWS::EC2::Instance", "DependsOn" : "BucketPolicy", "Metadata" : { "AWS::CloudFormation::Init" : { "config" : { "packages" : { "yum" : { "httpd" : [] } }, "files" : { "/var/www/html/index.html" : { "source" : { "Fn::Join" : ["", ["http://" , { "Ref" : "BucketName" }, ".s3.amazonaws.com/index.html"]]}, "mode" : "000400", "owner" : "apache", "group" : "apache" } }, "services" : { "sysvinit" : { "httpd" : { "enabled" : "true", "ensureRunning" : "true" } } } } }, "AWS::CloudFormation::Authentication" : { "S3AccessCreds" : { "type" : "S3", "accessKeyId" : { "Ref" : "CfnKeys" }, "secretKey" : {"Fn::GetAtt": ["CfnKeys", "SecretAccessKey"]}, "buckets" : [ { "Ref" : "BucketName" } ] } } }, "Properties": { "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] }, "InstanceType" : { "Ref" : "InstanceType" }, "SecurityGroups" : [ {"Ref" : "WebServerSecurityGroup"} ], "KeyName" : { "Ref" : "KeyName" }, "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash\n", "yum update -y aws-cfn-bootstrap\n", "# Install application\n", "/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackId" }, " -r WebServer ", " --region ", { "Ref" : "AWS::Region" }, "\n", "# All is well so signal success\n", "/opt/aws/bin/cfn-signal -e $? '", { "Ref" : "WaitHandle" }, "'\n" ]]}} } }, "WaitHandle" : { "Type" : "AWS::CloudFormation::WaitConditionHandle" }, "WaitCondition" : { "Type" : "AWS::CloudFormation::WaitCondition", "DependsOn" : "WebServer", "Properties" : { "Handle" : {"Ref" : "WaitHandle"}, "Timeout" : "300" } }, "WebServerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable HTTP access via port 80", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"}, {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"}} ] } } }, "Outputs" : { "WebsiteURL" : { "Value" : { "Fn::Join" : ["", ["http://", { "Fn::GetAtt" : [ "WebServer", "PublicDnsName" ]}]] }, "Description" : "URL for newly created application" } } }