cloudformation script

1. AWSTemplateFormatVersion: '2010-09-09'
2. Description: OpenVPN Setup
3.  
4. Parameters:
5.   NodeImageId:
6.     Description: The OpenVPN AMI Id
7.     Type: AWS::EC2::Image::Id
8.     Default: ami-0461dc52a3f299bf7
9.  
10.   NodeVolumeSize:
11.     Description: The size of the hard drive of the machines (GBs)
12.     Type: Number
13.     Default: 8
14.  
15.   KeyName:
16.     Description: The EC2 Key Pair to allow SSH access to the instances
17.     Type: AWS::EC2::KeyPair::KeyName
18.     Default: openvpn
19.  
20.   NodeInstanceType:
21.     Description: EC2 instance type for the node instances
22.     Type: String
23.     Default: t2.micro
24.  
25.   NodeAutoScalingGroupMinSize:
26.     Type: Number
27.     Description: Minimum size of Node Group ASG.
28.     Default: 1
29.  
30.   NodeAutoScalingGroupMaxSize:
31.     Type: Number
32.     Description: Maximum size of Node Group ASG.
33.     Default: 1
34.  
35.   SubnetIDs:
36.     Type: List<AWS::EC2::Subnet::Id>
37.     Description: The list of the subnets where the app can be deployed
38.  
39.   VPCID:
40.     Type: AWS::EC2::VPC::Id
41.     Description: The VPC where OpenVPN will be installed
42.  
43.   VPCCidr:
44.     Type: String
45.     Description: The VPC CIDR that will be used for configuring the access inside OpenVPN
46.     Default: 10.0.0.0/16
47.  
48.   AllowedIpRange:
49.     Type: String
50.     Default: 0.0.0.0/0
51.  
52.   VpnInitialUsername:
53.     Type: String
54.  
55.   VpnInitialPassword:
56.     Type: String
57.     NoEcho: true
58.  
59.  
60. Resources:
61.   NodeSecurityGroup:
62.     Type: AWS::EC2::SecurityGroup
63.     Properties:
64.       GroupDescription: Security group for all nodes in the cluster
65.       VpcId: !Ref VPCID
66.  
67.   NodeSecurityGroupIngressTCP443:
68.     Type: AWS::EC2::SecurityGroupIngress
69.     Properties:
70.       GroupId: !Ref NodeSecurityGroup
71.       CidrIp: !Ref AllowedIpRange
72.       IpProtocol: tcp
73.       FromPort: 443
74.       ToPort: 443
75.  
76.   NodeSecurityGroupIngressTCP943:
77.     Type: AWS::EC2::SecurityGroupIngress
78.     Properties:
79.       GroupId: !Ref NodeSecurityGroup
80.       CidrIp: !Ref AllowedIpRange
81.       IpProtocol: tcp
82.       FromPort: 943
83.       ToPort: 943
84.  
85.   NodeSecurityGroupIngressTCP945:
86.     Type: AWS::EC2::SecurityGroupIngress
87.     Properties:
88.       GroupId: !Ref NodeSecurityGroup
89.       CidrIp: !Ref AllowedIpRange
90.       IpProtocol: tcp
91.       FromPort: 945
92.       ToPort: 945
93.  
94.   NodeSecurityGroupIngressUDP1194:
95.     Type: AWS::EC2::SecurityGroupIngress
96.     Properties:
97.       GroupId: !Ref NodeSecurityGroup
98.       CidrIp: !Ref AllowedIpRange
99.       IpProtocol: udp
100.       FromPort: 1194
101.       ToPort: 1194
102.  
103.   NodeSecurityGroupEgress:
104.     Type: AWS::EC2::SecurityGroupEgress
105.     Properties:
106.       GroupId: !Ref NodeSecurityGroup
107.       CidrIp: !Ref AllowedIpRange
108.       IpProtocol: -1
109.  
110.   NodeRole:
111.     Type: AWS::IAM::Role
112.     Properties:
113.       AssumeRolePolicyDocument:
114.         Version: '2012-10-17'
115.         Statement:
116.         - Effect: Allow
117.           Principal:
118.             Service:
119.            - ec2.amazonaws.com
120.           Action:
121.          - sts:AssumeRole
122.       Path: "/"
123.  
124.   NodeRolePolicies:
125.     Type: AWS::IAM::Policy
126.     Properties:
127.       PolicyName: !Join
128.         - '-'
129.         - - openvpn
130.           - role
131.       PolicyDocument:
132.         Version: '2012-10-17'
133.         Statement:
134.         - Effect: Deny
135.           Action:
136.            - "*"
137.           Resource: "*"
138.       Roles:
139.      - !Ref NodeRole
140.  
141.   NodeInstanceProfile:
142.     Type: AWS::IAM::InstanceProfile
143.     Properties:
144.       Path: "/openvpn/"
145.       Roles:
146.      - !Ref NodeRole
147.  
148.   NodeGroup:
149.     Type: AWS::AutoScaling::AutoScalingGroup
150.     Properties:
151.       DesiredCapacity: !Ref NodeAutoScalingGroupMaxSize
152.       LaunchConfigurationName: !Ref NodeLaunchConfig
153.       MinSize: !Ref NodeAutoScalingGroupMinSize
154.       MaxSize: !Ref NodeAutoScalingGroupMaxSize
155.       VPCZoneIdentifier: !Ref SubnetIDs
156.       Tags:
157.         - Key: Project
158.           Value: OpenVPN
159.           PropagateAtLaunch: true
160.         - Key: Name
161.           Value: OpenVPN Server
162.           PropagateAtLaunch: true
163.  
164.   NodeLaunchConfig:
165.     Type: AWS::AutoScaling::LaunchConfiguration
166.     Properties:
167.       InstanceType: !Ref NodeInstanceType
168.       ImageId: !Ref NodeImageId
169.       KeyName: !Ref KeyName
170.       SecurityGroups:
171.      - !Ref NodeSecurityGroup
172.       IamInstanceProfile: !Ref NodeInstanceProfile
173.       BlockDeviceMappings:
174.       - DeviceName: /dev/xvda
175.         Ebs:
176.           VolumeSize:
177.             Ref: NodeVolumeSize
178.           VolumeType: gp2
179.           DeleteOnTermination: true
180.       UserData:
181.         Fn::Base64:
182.          !Sub |
183.            #!/bin/bash
184.             sudo /usr/local/openvpn_as/scripts/sacli --key "vpn.server.routing.private_network.1" --value "${VPCCidr}" ConfigPut
185.             sudo /usr/local/openvpn_as/scripts/sacli --user ${VpnInitialUsername} --new_pass ${VpnInitialPassword} SetLocalPassword
186.             sudo /usr/local/openvpn_as/scripts/sacli start