codegoat/cfn/cfngoat.yaml at bf42bf5b02f3850b1f0ae2ac745656c2731981a6 · uts-itu-dev/codegoat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation Template to deploy insecure infrastructure
Parameters:
  CompanyName:
    Description: Company Name
    Type: String
    Default: acme
  Environment:
    Description: Environment
    Type: String
    Default: dev
  DBName:
    Description: Name of the Database
    Type: String
    Default: db1
  Password:
    Description: Database Password
    Type: String
    NoEcho: True
    MinLength: 1
    MaxLength: 41
    AllowedPattern: ^[a-zA-Z0-9]*$
  LatestAmiId:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

Resources:
  ####################
  ###  EC2 in VPC  ###
  ####################
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      AvailabilityZone:
        Fn::Select:
        - 0
        - Fn::GetAZs: ""
      InstanceType: t2.medium
      SecurityGroupIds:
        - !Ref WebNodeSG
      ImageId: !Ref LatestAmiId
      SubnetId: !Ref WebSubnet
      Tags:
        - Key: Name
          Value: !Sub "${AWS::AccountId}-${CompanyName}-${Environment}-ec2"
      UserData:
        Fn::Base64: |
          #!/bin/bash
          sudo yum -y update
          sudo yum -y install httpd php php-mysqlnd
          sudo systemctl enable httpd
          sudo systemctl start httpd
          export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMAAA
          export AWS_SECRET_ACCESS_KEY=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
          export AWS_DEFAULT_REGION=us-west-2
          echo "<h1>Deployed via CloudFormation</h1>" | sudo tee /var/www/html/index.html


  ############
  ###  S3  ###
  ############

  DataBucket:
    # Public, not encrypted, no access logs, no versioning
    # checkov:skip=CKV_AWS_56: not needed
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
    Properties:
      BucketName: !Sub "${AWS::AccountId}-${CompanyName}-${Environment}-data"
      AccessControl: PublicRead
      Tags:
        - Key: Name
          Value: !Sub "${AWS::AccountId}-${CompanyName}-${Environment}-data"

Outputs:
  EC2PublicDNS:
    Description: Web Host Public DNS Name
    Value: !GetAtt [EC2Instance, PublicDnsName]
  VpcId:
    Description: The ID of the VPC
    Value: !Ref WebVPC
  PublicSubnet:
    Description: The ID of the Public Subnet
    Value: !Ref WebSubnet
  PublicSubnet2:
    Description: The ID of the Public Subnet
    Value: !Ref WebSubnet2

  UserName:
    Description: The Name of the IAM User
    Value: !Ref User
  SecretKey:
    Description: The Secret Key of the IAM User
    Value: !GetAtt AccessKey.SecretAccessKey

  DBAppPublicDNS:
    Description: DB App Public DNS Name
    Value: !GetAtt [DBAppInstance, PublicDnsName]
  DBEndpoint:
    Description: DB Endpoint
    Value: !Sub ${DefaultDB.Endpoint.Address}:{DefaultDB.Endpoint.Port}