Mirovoy Reference Architecture - Bastion Auto-Scaling Group This template creates a bastion auto-scaling group in the Mirovoy VPC public subnets. By default the auto-scaling configuration is desired: 0, min: 0, max:1. Cross reference with the security groups configuraiton which controls access to the bastion hosts.
The list of parameters for this template:
Type: String
Description: An alternate account to be created on bastion instances with superuser permissions.
Type: String
Description: The public key text to be installed in the authorized_hosts file for the admin user. Will also be installed as an accepted key for the default admin user.
Type: String
Description: Specify an existing IAM Role name to attach to the bastion. If left blank, a new role will be created.
Type: String
Description: Specify an alternative initialization script to run during setup.
Type: String Default: var/banner_message.txt Description: Path and file under S3 prefix for Banner text to display upon login. Should not start with a "/".
Type: AWS::EC2::SecurityGroup::Id
Description: Select the bastion security group.
Type: AWS::SSM::Parameter::ValueAWS::EC2::Image::Id Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Description: AMI ID to use for the mail servers
Type: String Default: t3.nano Description: Bastion EC2 instance type.
Type: String Default: mirovoy-cf-assets Description: S3 bucket name for the Mirovoy CloudFormation assets.
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an EC2 KeyPair. Your bastion instances will launch with this KeyPair.
Type: String Default: false Description: To include a banner to be displayed when connecting via SSH to the bastion, set this parameter to true.
Type: String
Description: Specify a comma separated list of environment variables for use in bootstrapping by the alternative initialization script. Variables must be in the format KEY=VALUE. VALUE cannot contain commas.
Type: String Default: 2 Description: Number of subnets. This must match your selections in the list of subnets below. You should select all Public subnets.
Type: String Default: bastion/ Description: S3 key prefix for the Mirovoy CloudFormation assets. This should be the top-level directory path inside the bucket, leading to the assets for this template (e.g., scripts directory, etc... are located)
Type: String Default: var/skel/ Description: Path under S3 prefix for shell configuration file to put in the alternate admin user's home dir, via /etc/skel/. Should end in a slash.
Type: ListAWS::EC2::Subnet::Id
Description: Select existing subnets. The number selected must match the number of subnets above. Subnets selected must be in separate AZs. You should select all Public subnets.
The list of resources this template creates:
Type: AWS::AutoScaling::AutoScalingGroup
Type: AWS::IAM::Role
Type: AWS::IAM::Policy
Type: AWS::IAM::InstanceProfile
Type: AWS::AutoScaling::LaunchConfiguration
The list of outputs this template exposes: