zware/JFrog-Cloud-Installers
1
0
Fork 0
mirror of https://github.com/ZwareBear/JFrog-Cloud-Installers.git synced 2026-01-21 15:06:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

Checking in code for rt 7.27.10 and xray 3.35.0 version

Browse Source
This commit is contained in:
Giridharan Ramasamy
2021-12-02 21:29:06 +05:30
parent dfb3ee0eda
commit 57390ace44
389 changed files with 29988 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

808
Amazon/artifactory7/v72710/submodules/quickstart-linux-bastion/templates/linux-bastion.template Normal file
View File

@@ -0,0 +1,808 @@
AWSTemplateFormatVersion: 2010-09-09
Description: LinuxBastion+VPC Jul,30,2020 (qs-1qup6ra99) (Please do not remove)
Metadata:
QuickStartDocumentation:
EntrypointName: Launch into an existing VPC
Order: 2
LICENSE: Apache License, Version 2.0
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: Network configuration
Parameters:
- VPCID
- PublicSubnet1ID
- PublicSubnet2ID
- RemoteAccessCIDR
- Label:
default: Amazon EC2 configuration
Parameters:
- KeyPairName
- BastionAMIOS
- BastionInstanceType
- RootVolumeSize
- Label:
default: Linux bastion configuration
Parameters:
- NumBastionHosts
- BastionHostName
- BastionTenancy
- EnableBanner
- BastionBanner
- EnableTCPForwarding
- EnableX11Forwarding
- Label:
default: Alternative configurations
Parameters:
- AlternativeInitializationScript
- OSImageOverride
- AlternativeIAMRole
- EnvironmentVariables
- Label:
default: AWS Quick Start configuration
Parameters:
- QSS3BucketName
- QSS3KeyPrefix
- QSS3BucketRegion
ParameterLabels:
AlternativeIAMRole:
default: Alternative IAM role
AlternativeInitializationScript:
default: Alternative initialization script
BastionAMIOS:
default: Bastion AMI operating system
BastionHostName:
default: Bastion host Name
BastionTenancy:
default: Bastion tenancy
BastionBanner:
default: Banner text
QSS3BucketRegion:
default: Quick Start S3 bucket region
BastionInstanceType:
default: Bastion instance type
EnableBanner:
default: Bastion banner
EnableTCPForwarding:
default: TCP forwarding
EnableX11Forwarding:
default: X11 forwarding
EnvironmentVariables:
default: Environment variables
KeyPairName:
default: Key pair name
NumBastionHosts:
default: Number of bastion hosts
OSImageOverride:
default: Operating system override
PublicSubnet1ID:
default: Public subnet 1 ID
PublicSubnet2ID:
default: Public subnet 2 ID
QSS3BucketName:
default: Quick Start S3 bucket name
QSS3KeyPrefix:
default: Quick Start S3 key prefix
RemoteAccessCIDR:
default: Allowed bastion external access CIDR
VPCID:
default: VPC ID
RootVolumeSize:
default: Root volume size
cfn-lint: { config: { ignore_checks: [E9007] } }
Parameters:
BastionAMIOS:
AllowedValues:
- Amazon-Linux2-HVM
- Amazon-Linux2-HVM-ARM
- CentOS-7-HVM
- Ubuntu-Server-20.04-LTS-HVM
- SUSE-SLES-15-HVM
Default: Amazon-Linux2-HVM
Description: The Linux distribution for the AMI to be used for the bastion instances.
Type: String
BastionHostName:
Default: 'LinuxBastion'
Description: The value used for the name tag of the bastion host.
Type: String
BastionBanner:
Default: ""
Description: Banner text to display upon login.
Type: String
BastionTenancy:
Description: Bastion VPC tenancy (dedicated or default).
Type: String
Default: default
AllowedValues:
- dedicated
- default
BastionInstanceType:
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge
- t4g.nano
- t4g.micro
- t4g.small
- t4g.medium
- t4g.large
- t4g.xlarge
- t4g.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
Default: t2.micro
Description: Amazon EC2 instance type for the bastion instances.
Type: String
EnableBanner:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: Choose *true* to display a banner when connecting via SSH to the bastion.
Type: String
EnableTCPForwarding:
Type: String
Description: To enable TCP forwarding, choose *true*.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
EnableX11Forwarding:
Type: String
Description: To enable X11 forwarding, choose *true*.
Default: 'false'
AllowedValues:
- 'true'
- 'false'
KeyPairName:
Description: Name of an existing public/private key pair. If you do not have one in this AWS Region,
please create it before continuing.
Type: 'AWS::EC2::KeyPair::KeyName'
NumBastionHosts:
AllowedValues:
- '1'
- '2'
- '3'
- '4'
Default: '1'
Description: The number of bastion hosts to create. The maximum number is four.
Type: String
PublicSubnet1ID:
Description: ID of the public subnet 1 that you want to provision the first bastion into (e.g., subnet-a0246dcd).
Type: 'AWS::EC2::Subnet::Id'
PublicSubnet2ID:
Description: ID of the public subnet 2 that you want to provision the second bastion into (e.g., subnet-e3246d8e).
Type: 'AWS::EC2::Subnet::Id'
QSS3BucketName:
AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$
ConstraintDescription: The Quick Start bucket name can include numbers, lowercase
letters, uppercase letters, and hyphens (-). It cannot start or end with a
hyphen (-).
Default: aws-quickstart
Description: Name of the S3 bucket for your copy of the Quick Start assets.
Keep the default name unless you are customizing the template.
Changing the name updates code references to point to a new Quick
Start location. This name can include numbers, lowercase letters,
uppercase letters, and hyphens, but do not start or end with a hyphen (-).
See https://aws-quickstart.github.io/option1.html.
Type: String
QSS3BucketRegion:
Default: 'us-east-1'
Description: The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.
Type: String
QSS3KeyPrefix:
AllowedPattern: ^([0-9a-zA-Z-.]+/)*$
ConstraintDescription: The Quick Start S3 key prefix can include numbers, lowercase letters,
uppercase letters, hyphens (-), and forward slashes (/).
Default: quickstart-linux-bastion/
Description: S3 key prefix that is used to simulate a directory for your copy of the
Quick Start assets. Keep the default prefix unless you are customizing
the template. Changing this prefix updates code references to point to
a new Quick Start location. This prefix can include numbers, lowercase
letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash.
See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html
and https://aws-quickstart.github.io/option1.html.
Type: String
RemoteAccessCIDR:
AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
Description: Allowed CIDR block for external SSH access to the bastions.
Type: String
VPCID:
Description: ID of the VPC (e.g., vpc-0343606e).
Type: 'AWS::EC2::VPC::Id'
AlternativeInitializationScript:
AllowedPattern: ^https.*|^$
ConstraintDescription: URL must begin with https.
Description: An alternative initialization script to run during setup.
Default: ''
Type: String
OSImageOverride:
Description: The Region-specific image to use for the instance.
Type: String
Default: ''
AlternativeIAMRole:
Description: An existing IAM role name to attach to the bastion. If left blank,
a new role will be created.
Default: ''
Type: String
EnvironmentVariables:
Description: A comma-separated list of environment variables for use in
bootstrapping. Variables must be in the format `key=value`. `Value` cannot
contain commas.
Type: String
Default: ''
RootVolumeSize:
Description: The size in GB for the root EBS volume.
Type: Number
Default: '10'
Rules:
SubnetsInVPC:
Assertions:
- Assert:
'Fn::EachMemberIn':
- 'Fn::ValueOfAll':
- 'AWS::EC2::Subnet::Id'
- VpcId
- 'Fn::RefAll': 'AWS::EC2::VPC::Id'
AssertDescription: All subnets must exist in the VPC.
ArmInstance:
Assertions:
- Assert: !Contains
- - t4g.nano
- t4g.medium
- t4g.large
- t4g.micro
- t4g.small
- t4g.2xlarge
- t4g.xlarge
- !Ref 'BastionInstanceType'
AssertDescription: This instance type must use BastionAMIOS type of Amazon-Linux2-HVM-ARM.
RuleCondition: !Equals
- !Ref BastionAMIOS
- Amazon-Linux2-HVM-ARM
Mappings:
AWSAMIRegionMap:
af-south-1:
AMZNLINUX2: ami-0936d2754993c364e
AMZNLINUX2ARM: ami-01d326fa7db123542
US2004HVM: ami-022666956ad401a16
CENTOS7HVM: ami-0a2be7731769e6cc1
# SLES15HVM: ami-EXAMPLE
ap-northeast-1:
AMZNLINUX2: ami-0ca38c7440de1749a
AMZNLINUX2ARM: ami-005322a6d5cecfe58
US2004HVM: ami-015f1a68ce825a8d2
CENTOS7HVM: ami-06a46da680048c8ae
SLES15HVM: ami-056ac8ad44e6a7e1f
ap-northeast-2:
AMZNLINUX2: ami-0f2c95e9fe3f8f80e
AMZNLINUX2ARM: ami-01b0796a552129792
US2004HVM: ami-0be9734c9e68b99f4
CENTOS7HVM: ami-06e83aceba2cb0907
SLES15HVM: ami-0f81fff879bafe6b8
ap-northeast-3:
AMZNLINUX2: ami-06e9ad0943b200859
AMZNLINUX2ARM: ami-02415340f44a47b93
US2004HVM: ami-01cb3e73f8ef13fdc
CENTOS7HVM: ami-02d6b455335e3af14
SLES15HVM: ami-0d8518dd12d11dfc2
ap-south-1:
AMZNLINUX2: ami-010aff33ed5991201
AMZNLINUX2ARM: ami-01ad94fdf8150776c
US2004HVM: ami-00aaac1f2ef4ce965
CENTOS7HVM: ami-026f33d38b6410e30
SLES15HVM: ami-01be89269d32f2a16
ap-southeast-1:
AMZNLINUX2: ami-02f26adf094f51167
AMZNLINUX2ARM: ami-006eccfc9e6f597af
US2004HVM: ami-0012ffabeb7413479
CENTOS7HVM: ami-07f65177cb990d65b
SLES15HVM: ami-070356c21596ddc67
ap-southeast-2:
AMZNLINUX2: ami-0186908e2fdeea8f3
AMZNLINUX2ARM: ami-00719b70b31680d14
US2004HVM: ami-03ec1fe05b3849c74
CENTOS7HVM: ami-0b2045146eb00b617
SLES15HVM: ami-0c4245381c67efb39
ca-central-1:
AMZNLINUX2: ami-0101734ab73bd9e15
AMZNLINUX2ARM: ami-039750f0a88733fff
US2004HVM: ami-04c56d394d31cdeac
CENTOS7HVM: ami-04a25c39dc7a8aebb
SLES15HVM: ami-0c97d9b588207dad6
eu-central-1:
AMZNLINUX2: ami-043097594a7df80ec
AMZNLINUX2ARM: ami-000cbb96a79217336
US2004HVM: ami-0980c5102b5ef10cc
CENTOS7HVM: ami-0e8286b71b81c3cc1
SLES15HVM: ami-05dfd265ea534a3e9
me-south-1:
AMZNLINUX2: ami-0880769bc15eeec4f
AMZNLINUX2ARM: ami-001dc219c441b922d
US2004HVM: ami-03cc0b5db8321f2e5
CENTOS7HVM: ami-011c71a894b10f35b
SLES15HVM: ami-0252c6d3a59c7473b
ap-east-1:
AMZNLINUX2: ami-0aca22cb23f122f27
AMZNLINUX2ARM: ami-01f5cec80321bd86e
US2004HVM: ami-0c7e5903bee96ef81
CENTOS7HVM: ami-0e5c29e6c87a9644f
SLES15HVM: ami-0ad6e15bcbb2dbe38
eu-north-1:
AMZNLINUX2: ami-050fdc53cf6ba8f7f
AMZNLINUX2ARM: ami-00a8ac2b5311cd613
US2004HVM: ami-0663a4867a210287a
CENTOS7HVM: ami-05788af9005ef9a93
SLES15HVM: ami-0741fa1a008af40ad
eu-south-1:
AMZNLINUX2: ami-0f447354763f0eaac
AMZNLINUX2ARM: ami-011d4067dedd119f5
US2004HVM: ami-035e213233577516f
CENTOS7HVM: ami-03014b98e9665115a
SLES15HVM: ami-051cbea0e7660063d
eu-west-1:
AMZNLINUX2: ami-063d4ab14480ac177
AMZNLINUX2ARM: ami-00552336fb4b81164
US2004HVM: ami-0213344887e47003a
CENTOS7HVM: ami-0b850cf02cc00fdc8
SLES15HVM: ami-0a58a1b152ba55f1d
eu-west-2:
AMZNLINUX2: ami-06dc09bb8854cbde3
AMZNLINUX2ARM: ami-03144ab666315a8a3
US2004HVM: ami-0add0a5a0cf9afc6c
CENTOS7HVM: ami-09e5afc68eed60ef4
SLES15HVM: ami-01497522185aaa4ee
eu-west-3:
AMZNLINUX2: ami-0b3e57ee3b63dd76b
AMZNLINUX2ARM: ami-009b1ed4d1f59029a
US2004HVM: ami-01019e7343a5f361d
CENTOS7HVM: ami-0cb72d2e599cffbf9
SLES15HVM: ami-0f238bd4c6fdbefb0
sa-east-1:
AMZNLINUX2: ami-05373777d08895384
AMZNLINUX2ARM: ami-0092271c8131fcde7
US2004HVM: ami-0312c74c38dc7bae6
CENTOS7HVM: ami-0b30f38d939dd4b54
SLES15HVM: ami-0772af912976aa692
us-east-1:
AMZNLINUX2: ami-0d5eff06f840b45e9
AMZNLINUX2ARM: ami-002cc39e7bf021a77
US2004HVM: ami-0db6c6238a40c0681
CENTOS7HVM: ami-0affd4508a5d2481b
SLES15HVM: ami-0b1764f3d7d2e2316
us-gov-west-1:
AMZNLINUX2: ami-0bbf3595bb2fb39ec
AMZNLINUX2ARM: ami-6bd0e80a
SLES15HVM: ami-57c0ba36
us-gov-east-1:
AMZNLINUX2: ami-0cc17d57bec8c6017
AMZNLINUX2ARM: ami-4a31d93b
SLES15HVM: ami-05e4bedfad53425e9
us-east-2:
AMZNLINUX2: ami-077e31c4939f6a2f3
AMZNLINUX2ARM: ami-0029d4ab5707ce922
US2004HVM: ami-03b6c8bd55e00d5ed
CENTOS7HVM: ami-01e36b7901e884a10
SLES15HVM: ami-05ea824317ffc0c20
us-west-1:
AMZNLINUX2: ami-04468e03c37242e1e
AMZNLINUX2ARM: ami-00872c48515f06ba0
US2004HVM: ami-0f5868930cb63c89c
CENTOS7HVM: ami-098f55b4287a885ba
SLES15HVM: ami-00e34a7624e5a7107
us-west-2:
AMZNLINUX2: ami-0cf6f5c8a62fa5da6
AMZNLINUX2ARM: ami-0043879194eb2ad40
US2004HVM: ami-038a0ccaaedae6406
CENTOS7HVM: ami-0bc06212a56393ee1
SLES15HVM: ami-0f1e3b3fb0fec0361
cn-north-1:
AMZNLINUX2: ami-0c52e2685c7218558
AMZNLINUX2ARM: ami-088cc0c104292da9c
CENTOS7HVM: ami-08c16f7e830c0e393
SLES15HVM: ami-021392849b6221a81
cn-northwest-1:
AMZNLINUX2: ami-05b9b6d6acf8ae9b6
AMZNLINUX2ARM: ami-0b5c6ceb80eb57861
CENTOS7HVM: ami-0f21aa96a61df8c44
SLES15HVM: ami-00e1de3ee6d0d28ea
LinuxAMINameMap:
Amazon-Linux2-HVM:
Code: AMZNLINUX2
OS: Amazon
Amazon-Linux2-HVM-ARM:
Code: AMZNLINUX2ARM
OS: Amazon
CentOS-7-HVM:
Code: CENTOS7HVM
OS: CentOS
Ubuntu-Server-18.04-LTS-HVM:
Code: US1804HVM
OS: Ubuntu
Ubuntu-Server-20.04-LTS-HVM:
Code: US2004HVM
OS: Ubuntu
SUSE-SLES-15-HVM:
Code: SLES15HVM
OS: SLES
Conditions:
2BastionCondition: !Or
- !Equals
- !Ref NumBastionHosts
- '2'
- !Condition 3BastionCondition
- !Condition 4BastionCondition
3BastionCondition: !Or
- !Equals
- !Ref NumBastionHosts
- '3'
- !Condition 4BastionCondition
4BastionCondition: !Equals
- !Ref NumBastionHosts
- '4'
UseAlternativeInitialization: !Not
- !Equals
- !Ref AlternativeInitializationScript
- ''
CreateIAMRole: !Equals
- !Ref AlternativeIAMRole
- ''
UseOSImageOverride: !Not
- !Equals
- !Ref OSImageOverride
- ''
UsingDefaultBucket: !Equals
- !Ref QSS3BucketName
- 'aws-quickstart'
DefaultBanner: !Equals [!Ref BastionBanner, ""]
Resources:
BastionMainLogGroup:
Type: 'AWS::Logs::LogGroup'
SSHMetricFilter:
Type: 'AWS::Logs::MetricFilter'
Properties:
LogGroupName: !Ref BastionMainLogGroup
FilterPattern: ON FROM USER PWD
MetricTransformations:
- MetricName: SSHCommandCount
MetricValue: '1'
MetricNamespace: !Sub "AWSQuickStart/${AWS::StackName}"
BastionHostRole:
Condition: CreateIAMRole
Type: 'AWS::IAM::Role'
Properties:
Path: /
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
Principal:
Service:
- !Sub 'ec2.${AWS::URLSuffix}'
Effect: Allow
Version: 2012-10-17
ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore'
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy'
BastionHostPolicy:
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: BastionPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Resource: !Sub
- arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}*
- S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
Effect: Allow
- Action:
- 'logs:CreateLogStream'
- 'logs:GetLogEvents'
- 'logs:PutLogEvents'
- 'logs:DescribeLogGroups'
- 'logs:DescribeLogStreams'
- 'logs:PutRetentionPolicy'
- 'logs:PutMetricFilter'
- 'logs:CreateLogGroup'
Resource: !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${BastionMainLogGroup}:*"
Effect: Allow
- Action:
- 'ec2:DescribeAddresses'
Resource: '*'
Effect: Allow
- Effect: Allow
Action:
- 'ec2:AssociateAddress'
Resource: '*'
Condition:
StringEquals:
ec2:ResourceTag/aws:cloudformation:stack-id: !Ref AWS::StackId
Roles:
- !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
BastionHostProfile:
DependsOn: BastionHostPolicy
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
- !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
Path: /
EIP1:
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
EIP2:
Type: 'AWS::EC2::EIP'
Condition: 2BastionCondition
Properties:
Domain: vpc
EIP3:
Type: 'AWS::EC2::EIP'
Condition: 3BastionCondition
Properties:
Domain: vpc
EIP4:
Type: 'AWS::EC2::EIP'
Condition: 4BastionCondition
Properties:
Domain: vpc
BastionAutoScalingGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
Properties:
LaunchConfigurationName: !Ref BastionLaunchConfiguration
VPCZoneIdentifier:
- !Ref PublicSubnet1ID
- !Ref PublicSubnet2ID
MinSize: !Ref NumBastionHosts
MaxSize: !Ref NumBastionHosts
Cooldown: '900'
DesiredCapacity: !Ref NumBastionHosts
Tags:
- Key: Name
Value: !Ref BastionHostName
PropagateAtLaunch: true
CreationPolicy:
ResourceSignal:
Count: !Ref NumBastionHosts
Timeout: PT60M
AutoScalingCreationPolicy:
MinSuccessfulInstancesPercent: 100
UpdatePolicy:
AutoScalingReplacingUpdate:
WillReplace: true
BastionLaunchConfiguration:
Type: 'AWS::AutoScaling::LaunchConfiguration'
Metadata:
'AWS::CloudFormation::Authentication':
S3AccessCreds:
type: S3
roleName: !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
buckets:
- !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName]
'AWS::CloudFormation::Init':
config:
files:
/tmp/auditd.rules:
mode: '000550'
owner: root
group: root
content: |
-a exit,always -F arch=b64 -S execve
-a exit,always -F arch=b32 -S execve
/tmp/auditing_configure.sh:
source: !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/auditing_configure.sh
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
/tmp/bastion_bootstrap.sh:
source: !If
- UseAlternativeInitialization
- !Ref AlternativeInitializationScript
- !Sub
- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}scripts/bastion_bootstrap.sh
- S3Bucket: !If
- UsingDefaultBucket
- !Sub 'aws-quickstart-${AWS::Region}'
- !Ref 'QSS3BucketName'
S3Region: !If
- UsingDefaultBucket
- !Ref 'AWS::Region'
- !Ref 'QSS3BucketRegion'
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
commands:
a-add_auditd_rules:
cwd: '/tmp/'
env:
BASTION_OS: !FindInMap [LinuxAMINameMap, !Ref BastionAMIOS, OS]
command: "./auditing_configure.sh"
# command:
# - !If [ ]
# - "cat /tmp/auditd.rules >> /etc/audit/rules.d/audit.rules && service auditd restart"
b-bootstrap:
cwd: '/tmp/'
env:
REGION: !Sub ${AWS::Region}
URL_SUFFIX: !Sub ${AWS::URLSuffix}
BANNER_REGION: !If [ UsingDefaultBucket, !Ref 'AWS::Region', !Ref 'QSS3BucketRegion' ]
command: !Sub
- "./bastion_bootstrap.sh --banner ${BannerUrl} --enable ${EnableBanner} --tcp-forwarding ${EnableTCPForwarding} --x11-forwarding ${EnableX11Forwarding}"
- BannerUrl: !If
- DefaultBanner
- !Sub
- s3://${S3Bucket}/${QSS3KeyPrefix}scripts/banner_message.txt
- S3Bucket: !If [ UsingDefaultBucket, !Sub 'aws-quickstart-${AWS::Region}', !Ref 'QSS3BucketName' ]
- !Ref BastionBanner
Properties:
AssociatePublicIpAddress: true
PlacementTenancy: !Ref BastionTenancy
KeyName: !Ref KeyPairName
IamInstanceProfile: !Ref BastionHostProfile
ImageId: !If
- UseOSImageOverride
- !Ref OSImageOverride
- !FindInMap
- AWSAMIRegionMap
- !Ref 'AWS::Region'
- !FindInMap
- LinuxAMINameMap
- !Ref BastionAMIOS
- Code
SecurityGroups:
- !Ref BastionSecurityGroup
InstanceType: !Ref BastionInstanceType
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: !Ref RootVolumeSize
VolumeType: gp2
Encrypted: true
DeleteOnTermination: true
UserData:
Fn::Base64: !Sub
- |
#!/bin/bash
set -x
for e in $(echo "${EnvironmentVariables}" | tr ',' ' '); do
export $e
echo "$e" >> /root/.bashrc
done
export PATH=$PATH:/usr/local/bin
#cfn signaling functions
yum install git -y || apt-get install -y git || zypper -n install git
function cfn_fail
{
cfn-signal -e 1 --stack ${AWS::StackName} --region ${AWS::Region} --resource BastionAutoScalingGroup
exit 1
}
function cfn_success
{
cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource BastionAutoScalingGroup
exit 0
}
until git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git ; do echo "Retrying"; done
cd /quickstart-linux-utilities;
source quickstart-cfn-tools.source;
qs_update-os || qs_err;
qs_bootstrap_pip || qs_err " pip bootstrap failed ";
qs_aws-cfn-bootstrap || qs_err " cfn bootstrap failed ";
EIP_LIST="${EIP1},${EIP2},${EIP3},${EIP4}"
CLOUDWATCHGROUP=${BastionMainLogGroup}
cfn-init -v --stack '${AWS::StackName}' --resource BastionLaunchConfiguration --region ${AWS::Region} || cfn_fail
[ $(qs_status) == 0 ] && cfn_success || cfn_fail
- EIP2:
!If
- 2BastionCondition
- !Ref EIP2
- 'Null'
EIP3:
!If
- 3BastionCondition
- !Ref EIP3
- 'Null'
EIP4:
!If
- 4BastionCondition
- !Ref EIP4
- 'Null'
BastionSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enables SSH Access to Bastion Hosts
VpcId: !Ref VPCID
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref RemoteAccessCIDR
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: !Ref RemoteAccessCIDR
Outputs:
BastionAutoScalingGroup:
Description: Auto Scaling group reference ID.
Value: !Ref BastionAutoScalingGroup
Export:
Name: !Sub '${AWS::StackName}-BastionAutoScalingGroup'
EIP1:
Description: Elastic IP 1 for bastion.
Value: !Ref EIP1
Export:
Name: !Sub '${AWS::StackName}-EIP1'
EIP2:
Condition: 2BastionCondition
Description: Elastic IP 2 for bastion.
Value: !Ref EIP2
Export:
Name: !Sub '${AWS::StackName}-EIP2'
EIP3:
Condition: 3BastionCondition
Description: Elastic IP 3 for bastion.
Value: !Ref EIP3
Export:
Name: !Sub '${AWS::StackName}-EIP3'
EIP4:
Condition: 4BastionCondition
Description: Elastic IP 4 for bastion.
Value: !Ref EIP4
Export:
Name: !Sub '${AWS::StackName}-EIP4'
CloudWatchLogs:
Description: CloudWatch Logs GroupName. Your SSH logs will be stored here.
Value: !Ref BastionMainLogGroup
Export:
Name: !Sub '${AWS::StackName}-CloudWatchLogs'
BastionSecurityGroupID:
Description: Bastion security group ID.
Value: !Ref BastionSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-BastionSecurityGroupID'
BastionHostRole:
Description: Bastion IAM role name.
Value: !If
- CreateIAMRole
- !Ref BastionHostRole
- !Ref AlternativeIAMRole
Export:
Name: !Sub '${AWS::StackName}-BastionHostRole'
Postdeployment:
Description: See the deployment guide for post-deployment steps.
Value: https://aws.amazon.com/quickstart/?quickstart-all.sort-by=item.additionalFields.sortDate&quickstart-all.sort-order=desc&awsm.page-quickstart-all=5