Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter Type: AWS::EC2::KeyPair::KeyName ConstraintDescription: must be the name of an existing EC2 KeyPair. SgIngressSshCidr: Description: The IP address range that can be used to communicate to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. LatestAmiId: Description: (DO NOT CHANGE) Type: 'AWS::SSM::Parameter::Value' Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' AllowedValues: - /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Resources: MyVPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: 10.0.0.0/16 Tags: - Key: Name Value: My-VPC MyIGW: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: My-IGW MyIGWAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref MyIGW VpcId: !Ref MyVPC MyPublicRT: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref MyVPC Tags: - Key: Name Value: My-Public-RT DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: MyIGWAttachment Properties: RouteTableId: !Ref MyPublicRT DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref MyIGW MyPublicSN: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MyVPC AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: 10.0.0.0/24 Tags: - Key: Name Value: My-Public-SN MyPublicSNRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref MyPublicRT SubnetId: !Ref MyPublicSN KOPSEC2SG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: kops ec2 Security Group VpcId: !Ref MyVPC Tags: - Key: Name Value: KOPS-EC2-SG SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: !Ref SgIngressSshCidr KOPSEC2: Type: AWS::EC2::Instance Properties: InstanceType: t2.micro ImageId: !Ref LatestAmiId KeyName: !Ref KeyName Tags: - Key: Name Value: kops-ec2 NetworkInterfaces: - DeviceIndex: 0 SubnetId: !Ref MyPublicSN GroupSet: - !Ref KOPSEC2SG AssociatePublicIpAddress: true PrivateIpAddress: 10.0.0.10 UserData: Fn::Base64: !Sub | #!/bin/bash hostnamectl --static set-hostname kops-ec2 yum -y install tree tmux jq curl -LO https://dl.k8s.io/release/v1.20.7/bin/linux/amd64/kubectl install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl curl -Lo kops https://github.com/kubernetes/kops/releases/download/v1.20.0/kops-linux-amd64 chmod +x kops mv kops /usr/local/bin/kops curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install export PATH=/usr/local/bin:$PATH source ~/.bash_profile complete -C '/usr/local/bin/aws_completer' aws ssh-keygen -t rsa -N "" -f /root/.ssh/id_rsa echo 'alias vi=vim' >> /etc/profile echo "sudo su -" >> /home/ec2-user/.bashrc