SES Example - Cloudformation template

1. {
2.   "AWSTemplateFormatVersion": "2010-09-09",
3.   "Description": "SES IAM user creation example.",
4.  
5.   "Parameters": {
6.     "InstanceType": {
7.       "Description": "Instance Type of the EC2 instances in the Autoscale group.",
8.       "Type": "String",
9.       "AllowedValues": [ "t1.micro", "m1.small", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.medium", "c1.xlarge", "cc1.4xlarge" ],
10.       "ConstraintDescription": "must be a valid EC2 instance type.",
11.       "Default": "t1.micro"
12.     },
13.  
14.     "KeyName": {
15.       "Description": "SSH Key name to install on the EC2 instances.",
16.       "Type": "String"
17.     },
18.  
19.     "BucketName": {
20.       "Description": "Bucket used to retrieve package of the app from.",
21.       "Type": "String"
22.     }
23.   },
24.  
25.   "Mappings": {
26.     "AWSRegion2AMI": {
27.       "us-east-1": { "AMI": "ami-05355a6c" },
28.       "us-west-1": { "AMI": "ami-0358ce33" },
29.       "us-west-2": { "AMI": "ami-3ffed17a" },
30.       "eu-west-1": { "AMI": "ami-c7c0d6b3" },
31.       "sa-east-1": { "AMI": "ami-39b23d38" },
32.       "ap-southeast-1": { "AMI": "ami-39b23d38" },
33.       "ap-southeast-2": { "AMI": "ami-d16bfbeb" },
34.       "ap-northeast-1": { "AMI": "ami-39b23d38" }
35.     }
36.   },
37.  
38.   "Resources": {
39.     "SESUser": {
40.       "Type": "AWS::IAM::User",
41.       "Description": "User used to send email through SES",
42.       "Properties": {
43.         "Path": "/application/",
44.         "Policies": [ {
45.           "PolicyName": "SESIAM",
46.           "PolicyDocument": { "Statement": [
47.             { "Effect": "Allow", "Action": "ses:SendRawEmail", "Resource": "*" },
48.             { "Effect": "Allow", "Action": "cloudformation:DescribeStackResource", "Resource": "*" },
49.             { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*" }
50.           ] }
51.         } ]
52.       }
53.     },
54.  
55.     "SESKeys": {
56.       "Type": "AWS::IAM::AccessKey",
57.       "Properties": {
58.         "UserName": { "Ref": "SESUser" }
59.       }
60.     },
61.  
62.     "PermitICMPSSH": {
63.       "Type": "AWS::EC2::SecurityGroup",
64.       "Properties": {
65.         "GroupDescription": "Allowing incoming on ssh port",
66.         "SecurityGroupIngress": [ {
67.           "CidrIp": "0.0.0.0/0",
68.           "IpProtocol": "tcp",
69.           "FromPort": "22",
70.           "ToPort": "22"
71.         },
72.         {
73.           "CidrIp": "0.0.0.0/0",
74.           "IpProtocol": "icmp",
75.           "FromPort": "-1",
76.           "ToPort": "-1"
77.         } ]
78.       }
79.     },
80.  
81.     "SESInstance": {
82.       "Type": "AWS::EC2::Instance",
83.       "Metadata": {
84.         "AWS::CloudFormation::Init": {
85.           "configSets": {
86.             "default": [ "prepare_env", "postfix_conf", "finish_conf" ]
87.           },
88.  
89.           "prepare_env": {
90.             "packages": {
91.               "yum": {
92.                 "postfix": []
93.               }
94.             },
95.             "services": {
96.               "sysvinit": {
97.                 "sendmail": {
98.                   "enabled": "false",
99.                   "ensureRunning": "false"
100.                 }
101.               }
102.             },
103.  
104.             "files": {
105.               "/etc/cfn/cfn-hup.conf": {
106.                 "content": { "Fn::Join" : ["", [
107.                   "[main]\n",
108.                   "stack=", { "Ref": "AWS::StackName" }, "\n",
109.                   "credential-file=/etc/cfn/cfn-credentials\n",
110.                   "interval=5\n",
111.                   "region=", { "Ref": "AWS::Region" }, "\n"
112.                 ]]},
113.                 "mode"    : "000400",
114.                 "owner"   : "root",
115.                 "group"   : "root"
116.               },
117.  
118.               "/etc/cfn/cfn-credentials": {
119.                 "content": { "Fn::Join" : ["", [
120.                   "AWSAccessKeyId=", { "Ref": "SESKeys" }, "\n",
121.                   "AWSSecretKey=", {"Fn::GetAtt": ["SESKeys", "SecretAccessKey"]}, "\n"
122.                 ]]},
123.                 "mode"    : "000400",
124.                 "owner"   : "root",
125.                 "group"   : "root"
126.               },
127.  
128.               "/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
129.                 "content": { "Fn::Join": ["", [
130.                   "[cfn-auto-reloader-hook]\n",
131.                   "triggers=post.update\n",
132.                   "path=Resources.SESInstance.Metadata.AWS::CloudFormation::Init\n",
133.                   "action=/opt/aws/bin/cfn-init -s ", { "Ref": "AWS::StackName" }, " -r SESInstance ",
134.                   " --region ", { "Ref": "AWS::Region" }, "\n",
135.                   "runas=root\n"
136.                 ]]}
137.               },
138.  
139.               "/tmp/sasl_passwd.rb": {
140.                 "source" : { "Fn::Join": [ "", ["https://", { "Ref" : "BucketName" }, ".s3.amazonaws.com/ses_example/postfix_sasl_passwd.rb" ] ] },
141.                 "context": {
142.                   "access_key": { "Ref": "SESKeys" },
143.                   "secret_key": { "Fn::GetAtt": [ "SESKeys", "SecretAccessKey" ] }
144.                 },
145.                 "mode"   : "000755",
146.                 "owner"  : "root",
147.                 "group"  : "root"
148.               }
149.             }
150.           },
151.  
152.           "postfix_conf": {
153.             "files": {
154.               "/etc/postfix/main.cf": {
155.                 "source" : { "Fn::Join": [ "", ["https://", { "Ref" : "BucketName" }, ".s3.amazonaws.com/ses_example/postfix_main.cf" ] ] },
156.                 "mode"   : "000644",
157.                 "owner"  : "root",
158.                 "group"  : "root"
159.               }
160.             },
161.  
162.             "commands": {
163.               "generate_sasl_passwd": {
164.                 "command": "ruby /tmp/sasl_passwd.rb"
165.               }
166.             }
167.           },
168.  
169.           "finish_conf": {
170.             "commands": {
171.               "makedb_postfix": {
172.                 "command": "postmap hash:/etc/postfix/sasl_passwd && /etc/init.d/postfix restart"
173.               }
174.             },
175.  
176.             "services": {
177.               "sysvinit": {
178.                 "cfn-hup": {
179.                   "enabled": "true",
180.                   "ensureRunning": "true"
181.                 },
182.  
183.                 "postfix": {
184.                   "enabled": "true",
185.                   "ensureRunning": "true"
186.                 }
187.               }
188.             }
189.           }
190.         },
191.  
192.         "AWS::CloudFormation::Authentication": {
193.           "S3AccessCreds": {
194.             "type": "S3",
195.             "accessKeyId": { "Ref": "SESKeys" },
196.             "secretKey": { "Fn::GetAtt": [ "SESKeys", "SecretAccessKey" ] },
197.             "buckets": [ { "Ref": "BucketName" } ]
198.           }
199.         }
200.       },
201.  
202.       "Properties": {
203.         "KeyName": { "Ref": "KeyName" },
204.         "ImageId": { "Fn::FindInMap": [ "AWSRegion2AMI", { "Ref": "AWS::Region" }, "AMI" ] },
205.         "InstanceType": { "Ref": "InstanceType" },
206.         "SecurityGroups": [ { "Ref": "PermitICMPSSH" } ],
207.         "UserData": { "Fn::Base64": { "Fn::Join": [ "", [
208.             "#!/bin/bash\n",
209.             "#########################################\n",
210.             "#########################################\n",
211.             "#########################################\n",
212.             "## CloudFormation Instances Bootstrap\n",
213.             "#########################################\n",
214.  
215.             "# Helper function\n",
216.             "function error_exit\n",
217.             "{\n",
218.             "  /opt/aws/bin/cfn-signal -e 1 -r \"$1\" '", { "Ref": "WaitHandle" }, "'\n",
219.             "  exit 1\n",
220.             "}\n",
221.  
222.             "yum -y update aws-cfn-bootstrap || error_exit \"ERROR: Could not update aws-cfn-bootstrap.\"\n",
223.  
224.             "/opt/aws/bin/cfn-init -v -s ", { "Ref": "AWS::StackName" }, " -r SESInstance",
225.             "  --region ", { "Ref": "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n",
226.  
227.             "/opt/aws/bin/cfn-signal -e 0 -r 'Stack Complete.' '", { "Ref": "WaitHandle" }, "'\n"
228.             ]
229.           ] }
230.         },
231.  
232.         "Tags": [
233.           {
234.             "Key": "Name",
235.             "Value": "ses_example"
236.           }
237.         ]
238.       }
239.     },
240.  
241.     "WaitHandle": {
242.       "Type": "AWS::CloudFormation::WaitConditionHandle"
243.     },
244.  
245.     "WaitCondition": {
246.       "Type": "AWS::CloudFormation::WaitCondition",
247.       "DependsOn": "SESInstance",
248.       "Properties": {
249.         "Handle": {"Ref": "WaitHandle"},
250.         "Timeout": "300"
251.       }
252.     }
253.   },
254.  
255.   "Outputs": {
256.     "InstanceID": {
257.       "Value": { "Ref": "SESInstance" }
258.     }
259.   }
260. }