chapter14/recovery.yaml

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS in Action: chapter 14 (Jenkins running on single EC2 instance with AWS CloudWatch recovery)'
Parameters:
  KeyName:
    Description: 'Key Pair name'
    Type: 'AWS::EC2::KeyPair::KeyName'
    Default: mykey
  JenkinsAdminPassword:
    Description: 'Password for Jenkins admin user'
    Type: String
    AllowedPattern: '[a-zA-Z0-9]*'
    MinLength: 8
    MaxLength: 42
Mappings:
  RegionMap:
    'ap-south-1':
      AMI: 'ami-2ed19c41'
    'eu-west-3':
      AMI: 'ami-c8a017b5'
    'eu-west-2':
      AMI: 'ami-e3051987'
    'eu-west-1':
      AMI: 'ami-760aaa0f'
    'ap-northeast-2':
      AMI: 'ami-fc862292'
    'ap-northeast-1':
      AMI: 'ami-2803ac4e'
    'sa-east-1':
      AMI: 'ami-1678037a'
    'ca-central-1':
      AMI: 'ami-ef3b838b'
    'ap-southeast-1':
      AMI: 'ami-dd7935be'
    'ap-southeast-2':
      AMI: 'ami-1a668878'
    'eu-central-1':
      AMI: 'ami-e28d098d'
    'us-east-1':
      AMI: 'ami-6057e21a'
    'us-east-2':
      AMI: 'ami-aa1b34cf'
    'us-west-1':
      AMI: 'ami-1a033c7a'
    'us-west-2':
      AMI: 'ami-32d8124a'
Resources:
  ##########################################################################
  #                                                                        #
  #                       VPC with one public subnet                       #
  #                                                                        #
  ##########################################################################
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: '172.31.0.0/16'
      EnableDnsHostnames: true
  InternetGateway:
    Type: 'AWS::EC2::InternetGateway'
    Properties: {}
  VPCGatewayAttachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  Subnet:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: '172.31.38.0/24'
      VpcId: !Ref VPC
  RouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
  RouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref Subnet
      RouteTableId: !Ref RouteTable
  RoutePublicNATToInternet:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref RouteTable
      DestinationCidrBlock: '0.0.0.0/0'
      GatewayId: !Ref InternetGateway
    DependsOn: VPCGatewayAttachment
  NetworkAcl:
    Type: 'AWS::EC2::NetworkAcl'
    Properties:
      VpcId: !Ref VPC
  SubnetNetworkAclAssociation:
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
    Properties:
      SubnetId: !Ref Subnet
      NetworkAclId: !Ref NetworkAcl
  NetworkAclEntryIngress:
    Type: 'AWS::EC2::NetworkAclEntry'
    Properties:
      NetworkAclId: !Ref NetworkAcl
      RuleNumber: 100
      Protocol: -1
      RuleAction: allow
      Egress: false
      CidrBlock: '0.0.0.0/0'
  NetworkAclEntryEgress:
    Type: 'AWS::EC2::NetworkAclEntry'
    Properties:
      NetworkAclId: !Ref NetworkAcl
      RuleNumber: 100
      Protocol: -1
      RuleAction: allow
      Egress: true
      CidrBlock: '0.0.0.0/0'
  SecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: 'SecurityGroupforjenkins'
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: 'jenkins-multiaz'
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: '0.0.0.0/0'
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: '0.0.0.0/0'
      - IpProtocol: icmp
        FromPort: -1
        ToPort: -1
        CidrIp: '0.0.0.0/0'
  ##########################################################################
  #                                                                        #
  #                      fixed public IP address (EIP)                     #
  #                                                                        #
  ##########################################################################
  ElasticIP:
    Type: 'AWS::EC2::EIP'
    Properties:
      InstanceId: !Ref VM
      Domain: vpc
    DependsOn: VPCGatewayAttachment
  ##########################################################################
  #                                                                        #
  #                      EC2 instance running Jenkins                      #
  #                                                                        #
  ##########################################################################
  VM:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', AMI]
      InstanceType: 't2.micro'
      KeyName: !Ref KeyName
      NetworkInterfaces:
      - AssociatePublicIpAddress: true
        DeleteOnTermination: true
        DeviceIndex: '0'
        GroupSet:
        - !Ref SecurityGroup
        SubnetId: !Ref Subnet
      UserData:
        'Fn::Base64': !Sub |
          #!/bin/bash -x
          bash -ex << "TRY"
            # install Jenkins
            wget -q -T 60 https://archives.jenkins-ci.org/redhat/jenkins-1.616-1.1.noarch.rpm
            rpm --install jenkins-1.616-1.1.noarch.rpm

            # configure Jenkins
            sed -i -e 's/JENKINS_ARGS=""/JENKINS_ARGS="--argumentsRealm.passwd.admin=${JenkinsAdminPassword} --argumentsRealm.roles.admin=admin"/g' /etc/sysconfig/jenkins
            if [ ! -f /var/lib/jenkins/config.xml ]; then
              echo '<?xml version="1.0" encoding="UTF-8"?><hudson><version>1.0</version><useSecurity>true</useSecurity><authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy"/><securityRealm class="hudson.security.LegacySecurityRealm"/></hudson>' > /var/lib/jenkins/config.xml
              chown jenkins:jenkins /var/lib/jenkins/config.xml
            fi

            # start jenkins
            service jenkins start
          TRY
          /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource VM --region ${AWS::Region}
      Tags:
      - Key: Name
        Value: 'jenkins-recovery'
    CreationPolicy:
      ResourceSignal:
        Timeout: PT10M
    DependsOn: VPCGatewayAttachment
  RecoveryAlarm:
    Type: 'AWS::CloudWatch::Alarm'
    Properties:
      AlarmDescription: 'Recover EC2 instance when underlying hardware fails.'
      Namespace: 'AWS/EC2'
      MetricName: 'StatusCheckFailed_System'
      Statistic: Maximum
      Period: 60
      EvaluationPeriods: 5
      ComparisonOperator: GreaterThanThreshold
      Threshold: 0
      AlarmActions:
      - !Sub 'arn:aws:automate:${AWS::Region}:ec2:recover'
      Dimensions:
      - Name: InstanceId
        Value: !Ref VM
Outputs:
  JenkinsURL:
    Description: 'URL to access web interface of Jenkins server.'
    Value: !Sub 'http://${ElasticIP}:8080'
  User:
    Description: 'Administrator user for Jenkins.'
    Value: admin
  Password:
    Description: 'Password for Jenkins administrator user.'
    Value: !Ref JenkinsAdminPassword