AWSTemplateFormatVersion: '2010-09-09' Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. SgIngressCidr: Description: The IP address range that can be used to communicate to the EC2 instances Type: String MinLength: '9' MaxLength: '18' AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Default: 0.0.0.0/0 MyInstanceType: Description: Enter t2.micro, t2.small, t2.medium, t3.micro, t3.small, t3.medium. Default is t2.micro. Type: String Default: t2.micro AllowedValues: - t2.micro - t2.small - t2.medium - t3.micro - t3.small - t3.medium LatestAmiId: Description: (DO NOT CHANGE) Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' AllowedValues: - /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 MyIamUser1AccessKeyID: Description: IAM User 1 - AWS Access Key ID (won't be echoed) Type: String NoEcho: true MyIamUser1SecretAccessKey: Description: IAM User 1 - AWS Secret Access Key (won't be echoed) Type: String NoEcho: true MyIamUser2AccessKeyID: Description: IAM User 2 - AWS Access Key ID (won't be echoed) Type: String NoEcho: true MyIamUser2SecretAccessKey: Description: IAM User 2 - AWS Secret Access Key (won't be echoed) Type: String NoEcho: true ClusterBaseName: Type: String Default: myeks AllowedPattern: "[a-zA-Z][-a-zA-Z0-9]*" Description: must be a valid Allowed Pattern '[a-zA-Z][-a-zA-Z0-9]*' ConstraintDescription: ClusterBaseName - must be a valid Allowed Pattern Resources: # VPC IamVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.10.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-VPC # PublicSubnets PublicSubnet1: Type: AWS::EC2::Subnet Properties: AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: 10.10.1.0/24 VpcId: !Ref IamVPC MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicSubnet1 InternetGateway: Type: AWS::EC2::InternetGateway VPCGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref IamVPC PublicSubnetRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref IamVPC Tags: - Key: Name Value: !Sub ${AWS::StackName}-PublicSubnetRouteTable PublicSubnetRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicSubnetRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicSubnetRouteTable # User-Host-SG IamUserSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: iamuser-host Security Group VpcId: !Ref IamVPC Tags: - Key: Name Value: !Sub ${AWS::StackName}-HOST-SG SecurityGroupIngress: - IpProtocol: '-1' CidrIp: !Ref SgIngressCidr # User1-Host IamUser1EC2: Type: AWS::EC2::Instance Properties: InstanceType: !Ref MyInstanceType ImageId: !Ref LatestAmiId KeyName: !Ref KeyName Tags: - Key: Name Value: !Sub ${AWS::StackName}-user1-host NetworkInterfaces: - DeviceIndex: 0 SubnetId: !Ref PublicSubnet1 GroupSet: - !Ref IamUserSG AssociatePublicIpAddress: true UserData: Fn::Base64: !Sub | #!/bin/bash hostnamectl --static set-hostname "${AWS::StackName}-user1-host" # Install tools yum -y install git tree tmux jq lynx htop wget https://github.com/mikefarah/yq/releases/download/v4.2.0/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/bin/yq amazon-linux-extras install epel -y && yum install moreutils -y # Install aws cli v2 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install export PATH=/usr/local/bin:$PATH source ~/.bash_profile complete -C '/usr/local/bin/aws_completer' aws # Install eksctl curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp mv /tmp/eksctl /usr/local/bin # Install kubectl v1.21.2 curl -LO https://dl.k8s.io/release/v1.21.2/bin/linux/amd64/kubectl install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # Source bash-completion for kubectl eksctl source <(kubectl completion bash) echo 'source <(kubectl completion bash)' >> ~/.bashrc echo 'alias k=kubectl' >> ~/.bashrc echo 'complete -F __start_kubectl k' >> ~/.bashrc source <(eksctl completion bash) echo 'source <(eksctl completion bash)' >> ~/.bashrc # Install kubens kubectx git clone https://github.com/ahmetb/kubectx /opt/kubectx ln -s /opt/kubectx/kubens /usr/local/bin/kubens ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx # Config convenience echo 'alias vi=vim' >> /etc/profile echo "sudo su -" >> /home/ec2-user/.bashrc # Change localtime sed -i "s/UTC/Asia\/Seoul/g" /etc/sysconfig/clock ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime # Install kube-ps1 git clone https://github.com/jonmosco/kube-ps1.git /root/kube-ps1 cat <<"EOT" >> ~/.bash_profile source /root/kube-ps1/kube-ps1.sh function get_cluster_short() { echo "$1" | cut -d . -f1 } KUBE_PS1_CLUSTER_FUNCTION=get_cluster_short KUBE_PS1_SUFFIX=') ' PS1='$(kube_ps1)'$PS1 EOT # CLUSTER_NAME export CLUSTER_NAME=${ClusterBaseName} echo "export CLUSTER_NAME=$CLUSTER_NAME" >> ~/.bashrc # IAM User Credentials export AWS_ACCESS_KEY_ID=${MyIamUser1AccessKeyID} export AWS_SECRET_ACCESS_KEY=${MyIamUser1SecretAccessKey} export AWS_DEFAULT_REGION=${AWS::Region} echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> ~/.bashrc echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> ~/.bashrc echo "export AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> ~/.bashrc echo "export AWS_PAGER=" >> ~/.bashrc # User2-Host IamUser2EC2: Type: AWS::EC2::Instance Properties: InstanceType: !Ref MyInstanceType ImageId: !Ref LatestAmiId KeyName: !Ref KeyName Tags: - Key: Name Value: !Sub ${AWS::StackName}-user2-host NetworkInterfaces: - DeviceIndex: 0 SubnetId: !Ref PublicSubnet1 GroupSet: - !Ref IamUserSG AssociatePublicIpAddress: true UserData: Fn::Base64: !Sub | #!/bin/bash hostnamectl --static set-hostname "${AWS::StackName}-user2-host" # Install tools yum -y install git tree tmux jq lynx htop wget https://github.com/mikefarah/yq/releases/download/v4.2.0/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/bin/yq amazon-linux-extras install epel -y && yum install moreutils -y # Install aws cli v2 curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install export PATH=/usr/local/bin:$PATH source ~/.bash_profile complete -C '/usr/local/bin/aws_completer' aws # Install eksctl curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp mv /tmp/eksctl /usr/local/bin # Install kubectl v1.21.2 curl -LO https://dl.k8s.io/release/v1.21.2/bin/linux/amd64/kubectl install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # Source bash-completion for kubectl eksctl source <(kubectl completion bash) echo 'source <(kubectl completion bash)' >> ~/.bashrc echo 'alias k=kubectl' >> ~/.bashrc echo 'complete -F __start_kubectl k' >> ~/.bashrc source <(eksctl completion bash) echo 'source <(eksctl completion bash)' >> ~/.bashrc # Install kubens kubectx git clone https://github.com/ahmetb/kubectx /opt/kubectx ln -s /opt/kubectx/kubens /usr/local/bin/kubens ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx # Config convenience echo 'alias vi=vim' >> /etc/profile echo "sudo su -" >> /home/ec2-user/.bashrc # Change localtime sed -i "s/UTC/Asia\/Seoul/g" /etc/sysconfig/clock ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime # Install kube-ps1 git clone https://github.com/jonmosco/kube-ps1.git /root/kube-ps1 cat <<"EOT" >> ~/.bash_profile source /root/kube-ps1/kube-ps1.sh function get_cluster_short() { echo "$1" | cut -d . -f1 } KUBE_PS1_CLUSTER_FUNCTION=get_cluster_short KUBE_PS1_SUFFIX=') ' PS1='$(kube_ps1)'$PS1 EOT # CLUSTER_NAME export CLUSTER_NAME=${ClusterBaseName} echo "export CLUSTER_NAME=$CLUSTER_NAME" >> ~/.bashrc # IAM User Credentials export AWS_ACCESS_KEY_ID=${MyIamUser2AccessKeyID} export AWS_SECRET_ACCESS_KEY=${MyIamUser2SecretAccessKey} export AWS_DEFAULT_REGION=${AWS::Region} echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" >> ~/.bashrc echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> ~/.bashrc echo "export AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION" >> ~/.bashrc echo "export AWS_PAGER=" >> ~/.bashrc Outputs: iamuser1host: Value: !GetAtt IamUser1EC2.PublicIp iamuser2host: Value: !GetAtt IamUser2EC2.PublicIp