aws-cloudformation/tpl-basic.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sandbox server template (basic)

Parameters:
  InstanceType:
    Description: "EC2 instance type (default: t3.small = 2 vCPU, 2GB RAM)"
    Type: String
    Default: t3.small
    AllowedValues:
      - t3.small
      - t3.medium
      - t3.large
      - t3.xlarge
      - t3.2xlarge
  KeyName:
    Description: "Name of an existing EC2 KeyPair to enable SSH access to the instance"
    Type: "AWS::EC2::KeyPair::KeyName"
    ConstraintDescription: "Must be the name of an existing EC2 KeyPair"
  DataDiskSize:
    Description: "Persistent volume size (GiB). Valid range: 20-1024"
    Type: Number
    MinValue: 20
    MaxValue: 1024
    Default: 100

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: "Basic: Required"
        Parameters:
          - InstanceType
          - KeyName
      - Label:
          default: "Advanced: Optional"
        Parameters:
          - DataDiskSize
    ParameterLabels:
      InstanceType:
        default: "Instance type"
      KeyName:
        default: "SSH key"
      DataDiskSize:
        default: "Data disk size"

Mappings:
  Variables:
    LatestAmiId:
      # Get the latest AMI ID from Canonical's public Systems Manager Parameter
      amd64: "{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}"

Resources:
  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: 'Enable SSH, HTTP, HTTPS'
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
          CidrIp: 0.0.0.0/0

  IPAddress:
    Type: 'AWS::EC2::EIP'

  IPAssoc:
    Type: 'AWS::EC2::EIPAssociation'
    Properties:
      InstanceId: !Ref ec2Instance
      EIP: !Ref IPAddress

  PersistentVolume:
    Type: "AWS::EC2::Volume"
    Properties:
      Size: !Ref DataDiskSize
      AvailabilityZone: !GetAtt ec2Instance.AvailabilityZone

  PersistentVolumeMount:
    Type: "AWS::EC2::VolumeAttachment"
    Properties:
      InstanceId: !Ref ec2Instance
      VolumeId: !Ref PersistentVolume
      Device: /dev/sdp

  ec2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      InstanceType: !Ref InstanceType
      AvailabilityZone: !Ref "AWS::NoValue"
      ImageId: !FindInMap [Variables, LatestAmiId, amd64]
      KeyName: !Ref KeyName
      SecurityGroups:
        - !Ref InstanceSecurityGroup
      BlockDeviceMappings:
        # Root volume
        - DeviceName: /dev/sda1
          Ebs:
            VolumeSize: '8'
      UserData: !Base64
        'Fn::Join':
          - ''
          - - |

Outputs:
  InstanceID:
    Value: !Ref ec2Instance
  IPAddress:
    Value: !GetAtt ec2Instance.PublicIp
  InstanceURL:
    Value: !Join [ '', [ 'https://', !GetAtt ec2Instance.PublicIp, '.nip.io' ] ]