@cfn-modules/asg-singleton-amazon-linux2

AWS Auto Scaling Group running a single EC2 instance based on Amazon Linux 2 with a fixed public IP address (Elastic IP), alerting, IAM user SSH access, following an immutable infrastructure approach (root volume can be replaced at any time)

2.4.0
latest
Source
npm

Version published: last month

Maintainers: 0

Created: 7 years ago

Source

cfn-modules: AWS Auto Scaling Group singleton (Amazon Linux 2)

Install

Install Node.js and npm first!

npm i @cfn-modules/asg-singleton-amazon-linux2

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Asg:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcModule: !GetAtt 'Vpc.Outputs.StackName' # required
        AlertingModule: !GetAtt 'Alerting.Outputs.StackName' # optional
        BastionModule: !GetAtt 'Bastion.Outputs.StackName' # optional
        HostedZoneModule: !GetAtt 'HostedZone.Outputs.StackName' # optional
        KeyName: '' # optional
        IAMUserSSHAccess: false # optional
        SystemsManagerAccess: true # optional
        InstanceType: 't2.micro' # optional
        Name: 'test' # optional
        AZChar: 'A' # optional
        SubnetReach: 'Public' # optional
        LogGroupRetentionInDays: 14 # optional
        SubDomainNameWithDot: 'test.' # optional
        UserData: '' # optional
        IngressTcpPort1: '' # optional
        IngressTcpClientSgModule1: '' # optional
        IngressTcpPort2: '' # optional
        IngressTcpClientSgModule2: '' # optional
        IngressTcpPort3: '' # optional
        IngressTcpClientSgModule3: '' # optional
        ClientSgModule1: '' # optional
        ClientSgModule2: '' # optional
        ClientSgModule3: '' # optional
        FileSystemModule1: '' # optional
        AmazonLinux2Version: '2.0.20180622.1' # set this to the latest available version!
        ManagedPolicyArns: '' # optional
      TemplateURL: './node_modules/@cfn-modules/asg-singleton-amazon-linux2/module.yml'

Examples

asg-singleton-ssm

Parameters

Name	Description	Default	Required?	Allowed values
VpcModule	Stack name of vpc module		yes
AlertingModule	Stack name of alerting module		no
BastionModule	Stack name of module implementing Bastion		no
HostedZoneModule	Stack name of module implementing HostedZone		no
KeyName	Key name of the Linux user ec2-user to establish a SSH connection to the EC2 instance		no
IAMUserSSHAccess	Synchronize public keys of IAM users to enable personalized SSH access (https://github.com/widdix/aws-ec2-ssh)?	false	no	[true, false]
SystemsManagerAccess	Enable AWS Systems Manager agent and authorization	true	no	[true, false]
InstanceType	The instance type for the EC2 instance	t2.micro	no
Name	The name for the EC2 instance	auto generated value	no
AZChar	Availability zone char	A	no	[A, B, C]
SubnetReach	Subnet reach	Public	no	[Public, Private]
LogGroupRetentionInDays	Specifies the number of days you want to retain log events	14	no	[1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
SubDomainNameWithDot	Name that is used to create the DNS entry with trailing dot, e.g. §{SubDomainNameWithDot}§{HostedZoneName}. Leave blank for naked (or apex and bare) domain. Requires HostedZoneModule parameter!	test.	no
UserData	Bash script executed on first instance launch		no
IngressTcpPort1	Port allowing ingress TCP traffic		no
IngressTcpClientSgModule1	Stack name of client-sg module that is required to access IngressTcpPort1 (if you leave this blank, IngressTcpPort1 is open to the world 0.0.0.0/0)		no
IngressTcpPort2	Port allowing ingress TCP traffic		no
IngressTcpClientSgModule2	Stack name of client-sg module that is required to access IngressTcpPort2 (if you leave this blank, IngressTcpPort2 is open to the world 0.0.0.0/0)		no
IngressTcpPort3	Port allowing ingress TCP traffic		no
IngressTcpClientSgModule3	Stack name of client-sg module that is required to access IngressTcpPort3 (if you leave this blank, IngressTcpPort3 is open to the world 0.0.0.0/0)		no
ClientSgModule1	Stack name of client-sg module to mark traffic from EC2 instance		no
ClientSgModule2	Stack name of client-sg module to mark traffic from EC2 instance		no
ClientSgModule3	Stack name of client-sg module to mark traffic from EC2 instance		no
FileSystemModule1	Stack name of efs-file-system module mounted to /mnt/efs1		no
AmazonLinux2Version	Version of Amazon Linux 2	2.0.20180622.1	no	['2.0.20190508', '2.0.20181114', '2.0.20180622.1']
ManagedPolicyArns	Comma-delimited list of IAM managed policy ARNs to attach to the instance's IAM role		no

Limitations

Highly available: A single EC2 instance is running at a time (will be automatically replaced in case of failure)
Scalable: EC2 instances capacity (CPU, RAM, network, ...) is limited by design
Secure: Root volume is not encrypted at-rest (not possible unless the AMI is encrypted)
Secure: Root volume it not backed up
Monitoring: Network In+Out is not monitored according to capacity of instance type

Migration Guides

Migrate to v2

If SystemsManagerAccess is set to true, we no longer attach the AWS managed policy AmazonEC2RoleforSSM for security reasons. Instead we only allow the SSM agent to communicate with the backend and we enable Session Manager. If you need more permissions, checkout our SSM example.

Keywords

FAQs

What is @cfn-modules/asg-singleton-amazon-linux2?

Is @cfn-modules/asg-singleton-amazon-linux2 well maintained?

Package last updated on 13 Dec 2024

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install