-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathtemplate.yaml
98 lines (88 loc) · 2.48 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
AWSTemplateFormatVersion: "2010-09-09"
Description: >
Deploys and EC2 instance and an alarm to shut the instance down during inactivity.
Parameters:
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
Description: This is the latest Amazon Linux AMI.
Key:
Type: 'AWS::EC2::KeyPair::KeyName'
Description: The EC2 KeyPair you will use to access your development instance.
InstanceType:
Type: String
Default: t3.nano
Description: Note that if you are free tier eligible, t3.micro is free.
Resources:
DevelopmentInstance:
Type: AWS::EC2::Instance
Properties:
IamInstanceProfile: !Ref InstanceProfile
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceType
KeyName: !Ref Key
SecurityGroupIds:
- !Ref SG
Tags:
- Key: Name
Value: MyDevelopmentMachine
InactivityAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
ActionsEnabled: True
AlarmActions:
- !Sub 'arn:aws:automate:${AWS::Region}:ec2:stop'
AlarmDescription: !Sub 'Stops ${DevelopmentInstance} after 1 hour of inactivity.'
ComparisonOperator: LessThanOrEqualToThreshold
Dimensions:
-
Name: InstanceId
Value: !Ref DevelopmentInstance
EvaluationPeriods: 1
MetricName: CPUUtilization
Namespace: AWS/EC2
Period: 3600
Statistic: Maximum
Threshold: .1
TreatMissingData: missing
SG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Permits SSH traffic from all IP addresses.
SecurityGroupIngress:
-
CidrIp: 0.0.0.0/0
FromPort: 22
IpProtocol: tcp
ToPort: 22
-
CidrIpv6: ::/0
FromPort: 22
IpProtocol: tcp
ToPort: 22
Tags:
- Key: Name
Value: MyDevelopmentMachineSG
InstanceRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
InstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: "/"
Roles:
- !Ref InstanceRole