diff --git a/README.md b/README.md index 9e2969d81c..7337461751 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,8 @@ $ cdk destroy | [rds](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/rds/) | Creating a MySQL RDS database inside its dedicated VPC | | [stepfunctions](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/stepfunctions/) | A simple StepFunctions workflow | | [url-shortner](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/url-shortener) | Demo from the [Infrastructure ***is*** Code with the AWS CDK](https://youtu.be/ZWCvNFUN-sU) AWS Online Tech Talk | +| [ec2-instance](https://github.com/aws-samples/aws-cdk-examples/tree/master/python/ec2/instance/) | Create EC2 Instance in new VPC with Systems Manager enabled | + ## JavaScript examples diff --git a/python/ec2/instance/README.md b/python/ec2/instance/README.md new file mode 100644 index 0000000000..b6f1285637 --- /dev/null +++ b/python/ec2/instance/README.md @@ -0,0 +1,16 @@ + +# Create EC2 Instance in new VPC with Systems Manager enabled + +This example includes: + +* Own VPC with public subnet (following AWS Defaults for new accounts) +* Based on latest Amazon Linux 2 +* System Manager replaces SSH (Remote session available trough the AWS Console or the AWS CLI.) +* Userdata executed from script in S3 (`configure.sh`). + +## Useful commands + + * `cdk bootstrap` initialice assets before deploy + * `cdk synth` emits the synthesized CloudFormation template + * `cdk deploy` deploy this stack to your default AWS account/region + * `aws ssm start-session --target i-xxxxxxxxx` remote session for shell access diff --git a/python/ec2/instance/app.py b/python/ec2/instance/app.py new file mode 100644 index 0000000000..fef61ac3da --- /dev/null +++ b/python/ec2/instance/app.py @@ -0,0 +1,62 @@ +import os.path + +from aws_cdk.aws_s3_assets import Asset + +from aws_cdk import ( + aws_ec2 as ec2, + aws_iam as iam, + core +) + +dirname = os.path.dirname(__file__) + + +class EC2InstanceStack(core.Stack): + + def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: + super().__init__(scope, id, **kwargs) + + # VPC + vpc = ec2.Vpc(self, "VPC", + nat_gateways=0, + subnet_configuration=[ec2.SubnetConfiguration(name="public",subnet_type=ec2.SubnetType.PUBLIC)] + ) + + # AMI + amzn_linux = ec2.MachineImage.latest_amazon_linux( + generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2, + edition=ec2.AmazonLinuxEdition.STANDARD, + virtualization=ec2.AmazonLinuxVirt.HVM, + storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE + ) + + # Instance Role and SSM Managed Policy + role = iam.Role(self, "InstanceSSM", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com")) + + role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AmazonEC2RoleforSSM")) + + # Instance + instance = ec2.Instance(self, "Instance", + instance_type=ec2.InstanceType("t3.nano"), + machine_image=amzn_linux, + vpc = vpc, + role = role + ) + + # Script in S3 as Asset + asset = Asset(self, "Asset", path=os.path.join(dirname, "configure.sh")) + local_path = instance.user_data.add_s3_download_command( + bucket=asset.bucket, + bucket_key=asset.s3_object_key + ) + + # Userdata executes script from S3 + instance.user_data.add_execute_file_command( + file_path=local_path + ) + asset.grant_read(instance.role) + +app = core.App() +EC2InstanceStack(app, "ec2-instance") + +app.synth() \ No newline at end of file diff --git a/python/ec2/instance/cdk.json b/python/ec2/instance/cdk.json new file mode 100644 index 0000000000..b4baa10225 --- /dev/null +++ b/python/ec2/instance/cdk.json @@ -0,0 +1,3 @@ +{ + "app": "python3 app.py" +} diff --git a/python/ec2/instance/configure.sh b/python/ec2/instance/configure.sh new file mode 100644 index 0000000000..2b88189bd5 --- /dev/null +++ b/python/ec2/instance/configure.sh @@ -0,0 +1,2 @@ +#!/bin/sh +# Use this to install software packages \ No newline at end of file diff --git a/python/ec2/instance/requirements.txt b/python/ec2/instance/requirements.txt new file mode 100644 index 0000000000..902e2acee9 --- /dev/null +++ b/python/ec2/instance/requirements.txt @@ -0,0 +1,4 @@ +aws-cdk.core +aws-cdk.aws_ec2 +aws-cdk.aws_iam +aws-cdk.aws_s3_assets \ No newline at end of file