{ "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "Attach IAM Role to an EC2", "Parameters" : { "KeyName" : { "Description" : "EC2 Instance SSH Key", "Type" : "AWS::EC2::KeyPair::KeyName" }, "InstanceType" : { "Description" : "EC2 instance specs configuration", "Type" : "String", "Default" : "t2.micro", "AllowedValues" : ["t2.micro"] } }, "Mappings" : { "AMIs" : { "ap-northeast-1" : { "Name" : "ami-8fbab2f3" }, "ap-southeast-2" : { "Name" : "ami-60a26a02" }, "eu-west-2" : { "Name" : "ami-c12dcda6" } } }, "Resources" : { "HostEC2" : { "Type" : "AWS::EC2::Instance", "Properties" : { "InstanceType" : { "Ref" : "InstanceType" }, "ImageId" : { "Fn::FindInMap" : [ "AMIs", { "Ref" : "AWS::Region" }, "Name" ] }, "KeyName" : { "Ref" : "KeyName" }, "IamInstanceProfile" : { "Ref" : "ListS3BucketsInstanceProfile" }, "SecurityGroupIds" : [ { "Ref" : "SSHAccessSG" } ], "Tags" : [ { "Key" : "Name", "Value" : "Workshop-180524-EC2" }, { "Key" : "Purpose", "Value" : "Workshop" } ] } }, "SSHAccessSG" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Allow SSH access from anywhere", "SecurityGroupIngress" : [ { "FromPort" : "22", "ToPort" : "22", "IpProtocol" : "tcp", "CidrIp" : "0.0.0.0/0" }, { "FromPort" : "80", "ToPort" : "80", "IpProtocol" : "tcp", "CidrIp" : "0.0.0.0/0" } ], "Tags" : [ { "Key" : "Name", "Value" : "SSHAccessSG" }, { "Key" : "Purpose", "Value" : "Workshop" } ] } }, "TempS3" : { "Type" : "AWS::S3::Bucket", "Properties" : { "Tags" : [ { "Key" : "Name", "Value" : "SSHAccessSG" }, { "Key" : "Purpose", "Value" : "Workshop" }] } }, "ListS3BucketsInstanceProfile" : { "Type" : "AWS::IAM::InstanceProfile", "Properties" : { "Path" : "/", "Roles" : [ { "Ref" : "ListS3BucketsRole" } ] } }, "ListS3BucketsPolicy" : { "Type" : "AWS::IAM::Policy", "Properties" : { "PolicyName" : "ListS3BucketsPolicy", "PolicyDocument" : { "Statement" : [ { "Effect" : "Allow", "Action" : [ "s3:*" ], "Resource" : [ { "Fn::GetAtt" : [ "TempS3" , "Arn" ] } , {"Fn::Join" : [ "" , [ { "Fn::GetAtt" : [ "TempS3" , "Arn" ] } , "/*" ] ]} ] }, { "Effect" : "Allow", "Action" : [ "s3:ListBuckets" ], "Resource" : "arn:aws:s3:::*" } ] }, "Roles" : [ { "Ref" : "ListS3BucketsRole" } ] } }, "ListS3BucketsRole" : { "Type" : "AWS::IAM::Role", "Properties" : { "AssumeRolePolicyDocument": { "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Principal" : { "Service" : ["ec2.amazonaws.com"] }, "Action" : [ "sts:AssumeRole" ] } ] }, "Path" : "/" } } }, "Outputs" : { "EC2" : { "Description" : "EC2 IP address", "Value" : { "Fn::GetAtt" : [ "HostEC2", "PublicIp" ] } }, "S3" :{ "Description" : "S3 Bucket Name", "Value" : { "Fn::GetAtt" : [ "TempS3", "DomainName" ] } }, "SSH" : { "Description" : "Connect to EC2 through SSH", "Value" : { "Fn::Join" : [ "", [ "ssh ec2-user@", { "Fn::GetAtt" : [ "HostEC2", "PublicIp" ] }, " -i ", { "Ref" : "KeyName" }, ".pem" ] ] } } } }