Various AWS CloudFormation Scripts that I have created.
https://github.com/Talderon/AWS_CloudFormation/wiki
There have been a lot of updates in the Wiki that are NOT just CloudFormation docs, some info on AWS ElasticSearch Service has been added as well as some other helpful bits. Please check them out and let me know if they help or are confusing or what. Feedback Please!!!
I am creating this repo because I am having a very hard time finding CF Templates for some "edge case" templates that aren't as popular and used as much. I am also tired of looking on sites where peole state "Hey, I got my template working" and then refuse to share what they have put together.
I am hoping that this collection helps someone figure out how to do what they need to get done with CloudFormation.
All of these templates will come in YAML and JSON format, feel free to use either. All of these templates are originally written in YAML and then I work to convert them to JSON, if there are issue with the JSON version, please let me know, but I have better exposure to YAML.
Please feel free to open issues for questions, issues or requests that come up using these. I will work to fix/update/Answer them as time allows.
I will work to document these as well as I can, but please feel free to use these as needed. I will work to include a Wiki Page for each template that expands on some information needed to successfully use them.
The informaiton provided here is just to give you a quick glimpse into what the templates do, for details, please check out the Wiki pages for each of these templates.
If you are going to remove Optional items from the template, be sure you remove them everywhere (not just in Parameters).
For tempalte validation, I use cfn-lint (https://pypi.org/project/cfn-lint/) as well as CloudFormations Template Validator (using Design View). Also, ALL of these templates have been validated/tested and known to be working in my environment. If you have issues, please open an issue and provide as much details as possible for me to help troubleshoot.
Please note that only the YAML templates have comments in them. I use a converter to convert from YAML to JSON (and I do test the JSON files) and it strips the comments from them. If you have any questrions, and you use the JSON tempaltes, best to look at the YAML templates and the Wiki to see if you can get the information needed. If you cannot find the information, open an issue and I will try and get it fixed/answered for you. Thanks!
This template was built to help automate (to a degree) the creation of a Systems Manager Maintenace Window and jobs to update the SSM Agents installed on variuos machines. This template should work in Windows and Linux distro's, but only tested on Windows. The Run Command Document used to build this schedule is an AWS Supplied Document that works with both platforms.
SSMAgentcf.yaml - Failing on run #1ResolvedTemplate error when using S3 Logging section #2Resolved
This document will cover the creation of a Windows/Linux Server Patching Maintenance Windows, Task and Targets for the maintenance.
This Maintnance Window runs the following Document: AWS-RunPatchBaseline
Template error when using S3 Logging section #2Resolved
- User Pool
- User Pool Client
- Federated Identity Pool
- IAM Roles: Only allows users in the previously created Identity Pool (x2)
- Assigns the IAM Roles to the Identity Pool
- No issues at this time
NOTE In order to create Elastisearch Domain in AWS using CloudFormation verify you have the following Service Role created in IAM!!
AWSServiceRoleForAmazonElasticsearchService
If you do not have this Role, create it using the following CLi Command:
aws iam create-service-linked-role --aws-service-name es.amazonaws.com
- No issues at this time
Multiple Templates here:
- This tempaltes will use an existing VPC, but will create new Subnets and Security Group.
- This tempaltes will use an existing VPC and Subnets, but will create new Security Group.
- This template will use existing VPC, SubNets and SecurityGroup. No New Infra is built outside the Search Domain infra.
- This template uses Paramter Store values from Systems Manager - See Wiki for details.
- Check out this Wiki Page to make things more secure: AWS ElasticSearch Service Plus Cognito
- This template will create an ElasticSearch Domain with Public Access
- This tempalte also restricts access via IP Addresses
- You can use the Cognito Template to further secure your ElasticSearch Domain (see Cognito Wiki Page (link in first bullet point))
- There is a policy in the page above that shows you how to restrict by IP and Cognito as well