-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathstack.yml
132 lines (113 loc) · 3.67 KB
/
stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
AWSTemplateFormatVersion: 2010-09-09
Description: CentOS 7 with GNOME and VNC
####################
Parameters:
DiskSize:
Default: 60
Description: The number of GBs on the primary disk
Type: Number
InstanceType:
Description: The instance type of each node
Default: m4.large
Type: String
KeyName:
Description: The SSH key pair
Type: AWS::EC2::KeyPair::KeyName
StackCreationTimeout:
Description: The amount of time to wait for stack creation
Default: PT60M
Type: String
VncPassword:
Default: centos
Description: The VNC password
Type: String
Subnet:
Description: The subnet to place this node
Type: AWS::EC2::Subnet::Id
Vpc:
Description: The VPC containing the subnet
Type: AWS::EC2::VPC::Id
####################
Outputs:
VncEndpoint:
Description: The VNC endpoint
Export:
Name: !Sub ${AWS::StackName}-VncEndpoint
Value: !Sub ${Instance.PublicDnsName}:5901
####################
Resources:
InstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- ec2.amazonaws.com
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref InstanceRole
VncSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: VNC Security Group
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: 6
FromPort: 5901
ToPort: 5901
VpcId: !Ref Vpc
Instance:
Type: AWS::EC2::Instance
CreationPolicy:
ResourceSignal:
Timeout: !Ref StackCreationTimeout
Properties:
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
DeleteOnTermination: true
VolumeSize: !Ref DiskSize
EbsOptimized: true
IamInstanceProfile: !Ref InstanceProfile
ImageId: ami-6d1c2007
InstanceType: !Ref InstanceType
KeyName: !Ref KeyName
SecurityGroupIds:
- !Ref VncSecurityGroup
SubnetId: !Ref Subnet
UserData:
Fn::Base64: !Sub |
#! /bin/bash -x
# bootstrap
cat <<- EOF > /opt/bootstrap.sh
#! /bin/bash
yum -y update
yum install -y epel-release
yum -y groupinstall "GNOME Desktop"
yum install -y pystache python-daemon python34-pip tigervnc-server
pip3.4 install --upgrade pip awscli
wget -O /opt/aws-cfn-bootstrap-latest.amzn1.noarch.rpm https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.amzn1.noarch.rpm
rpm -i /opt/aws-cfn-bootstrap-latest.amzn1.noarch.rpm
ln -s /usr/local/lib/python2.7/site-packages/cfnbootstrap /usr/lib/python2.7/site-packages/cfnbootstrap
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
sed -i 's/<USER>/centos/g' /etc/systemd/system/vncserver@:1.service
sed -i 's/^\(ExecStart=.*\)"$/\1 -geometry 1920x1080"/' /etc/systemd/system/vncserver@:1.service
su - centos -c 'mkdir -p /home/centos/.vnc'
su - centos -c 'echo -n ${VncPassword} | vncpasswd -f > /home/centos/.vnc/passwd'
chmod 600 /home/centos/.vnc/passwd
systemctl daemon-reload
systemctl enable vncserver@:1
systemctl start vncserver@:1
EOF
# execute
bash -xe /opt/bootstrap.sh
# completed
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource Instance