cdk example ec2 in vpc with ssm

Author: kristianpaul

README.md

@@ -99,6 +99,8 @@ $ cdk destroy
 | [lambda-s3-trigger](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/lambda-s3-trigger/) | S3 trigger for Lambda |
 | [stepfunctions](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/stepfunctions/) | A simple StepFunctions workflow |
 | [url-shortner](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/url-shortener) | Demo from the [Infrastructure ***is*** Code with the AWS CDK](https://youtu.be/ZWCvNFUN-sU) AWS Online Tech Talk |
+| [ec2-instance](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/ec2/instance/) | Create EC2 Instance in new VPC with Systems Manager enabled |
+
 
 ## JavaScript examples <a name="JavaScript"></a>
 

python/ec2/instance/README.md

@@ -0,0 +1,16 @@
+
+# Create EC2 Instance in new VPC with Systems Manager enabled
+
+This example includes:
+
+* Own VPC with public subnet (following AWS Defaults for new accounts)
+* Based on latest Amazon Linux 2
+* System Manager replaces SSH (Remote session available trough the AWS Console or the AWS CLI.)
+* Userdata executed from script in S3 (`configuration.sh`).
+
+## Useful commands
+
+ * `cdk bootstrap`   initialice assets before deploy
+ * `cdk synth`       emits the synthesized CloudFormation template
+ * `cdk deploy`      deploy this stack to your default AWS account/region
+ * `aws ssm start-session --target i-xxxxxxxxx` remote session for shell access

python/ec2/instance/app.py

@@ -0,0 +1,62 @@
+import os.path
+
+from aws_cdk.aws_s3_assets import Asset
+
+from aws_cdk import (
+    aws_ec2 as ec2,
+    aws_iam as iam,
+    core    
+)
+
+dirname = os.path.dirname(__file__)
+
+
+class EC2InstanceStack(core.Stack):
+
+    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
+        super().__init__(scope, id, **kwargs)
+
+        # VPC
+        vpc = ec2.Vpc(self, "VPC",
+            nat_gateways=0,
+            subnet_configuration=[ec2.SubnetConfiguration(name="public",subnet_type=ec2.SubnetType.PUBLIC)]
+            )
+
+        # AMI 
+        amzn_linux = ec2.MachineImage.latest_amazon_linux(
+            generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
+            edition=ec2.AmazonLinuxEdition.STANDARD,
+            virtualization=ec2.AmazonLinuxVirt.HVM,
+            storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE
+            )
+
+        # Instance Role and SSM Managed Policy
+        role = iam.Role(self, "InstanceSSM", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"))
+
+        role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AmazonEC2RoleforSSM"))
+
+        # Instance
+        instance = ec2.Instance(self, "Instance",
+            instance_type=ec2.InstanceType("t3.nano"),
+            machine_image=amzn_linux,
+            vpc = vpc,
+            role = role
+            )
+
+        # Script in S3 as Asset
+        asset = Asset(self, "Asset", path=os.path.join(dirname, "configure.sh"))
+        local_path = instance.user_data.add_s3_download_command(
+            bucket=asset.bucket,
+            bucket_key=asset.s3_object_key
+        )
+
+        # Userdata executes script from S3
+        instance.user_data.add_execute_file_command(
+            file_path=local_path
+            )
+        asset.grant_read(instance.role)
+
+app = core.App()
+EC2InstanceStack(app, "ec2-instance")
+
+app.synth()

python/ec2/instance/cdk.json

@@ -0,0 +1,3 @@
+{
+  "app": "python3 app.py"
+}

python/ec2/instance/configure.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+# Use this to install software packages

python/ec2/instance/requirements.txt

@@ -0,0 +1,4 @@
+aws-cdk.core
+aws-cdk.aws_ec2
+aws-cdk.aws_iam
+aws-cdk.aws_s3_assets