@@ -130,7 +130,7 @@ Metadata:
130130 enableCloudFront :
131131 default : " Create Amazon CloudFront distribution"
132132 originType :
133- default : " Orign type"
133+ default : " CloudFront origin type"
134134
135135Parameters :
136136 processorArchitecture :
@@ -147,16 +147,18 @@ Parameters:
147147 Default : Amazon Linux 2023
148148 ec2KeyPair :
149149 Type : AWS::EC2::KeyPair::KeyName
150- Description : " https://console.aws.amazon.com/ec2/#KeyPairs"
150+ Description : https://console.aws.amazon.com/ec2/#KeyPairs
151151 ConstraintDescription : Specify a key pair
152152 AllowedPattern : " .+"
153153 instanceType :
154154 Type : String
155- Description : " https://console.aws.amazon.com/ec2/#InstanceTypes"
155+ Description : https://console.aws.amazon.com/ec2/#InstanceTypes
156+ AllowedPattern : " ^[a-z\\ -\\ d\\ .]+$"
157+ ConstraintDescription : Specify valid EC2 instance type
156158 Default : t4g.xlarge
157159 ec2TerminationProtection :
158160 Type : String
159- Description : " https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingDisableAPITermination.html"
161+ Description : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_ChangingDisableAPITermination.html
160162 Default : " Yes"
161163 AllowedValues :
162164 - " Yes"
@@ -165,13 +167,13 @@ Parameters:
165167 vpcID :
166168 Type : AWS::EC2::VPC::Id
167169 Description : " https://console.aws.amazon.com/vpcconsole/home#vpcs:"
168- ConstraintDescription : Specify a valid value
169- AllowedPattern : " .+ "
170+ AllowedPattern : .+
171+ ConstraintDescription : Select a VPC
170172 subnetID :
171173 Type : AWS::EC2::Subnet::Id
172174 Description : " https://console.aws.amazon.com/vpcconsole/home#subnets:"
173- ConstraintDescription : Specify a valid value
174- AllowedPattern : " .+ "
175+ AllowedPattern : .+
176+ ConstraintDescription : Select a Subnet
175177 assignStaticIP :
176178 Type : String
177179 Description : " https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html"
@@ -181,23 +183,27 @@ Parameters:
181183 Default : " Yes"
182184 displayPublicIP :
183185 Type : String
184- Description : " https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts- public-addresses "
186+ Description : Select No if EC2 has no public IP
185187 AllowedValues :
186188 - " Yes"
187189 - " No"
188190 Default : " Yes"
189191
190192 ingressIPv4 :
191193 Type : String
192- Description : " e.g. 1.2.3.4/32, get your source IP from https://checkip.amazonaws.com "
194+ Description : e.g. 1.2.3.4/32, get your source IP from https://checkip.amazonaws.com
195+ AllowedPattern : " ^\\ d+\\ .\\ d+\\ .\\ d+\\ .\\ d+\\ /\\ d+$"
196+ ConstraintDescription : Specify valid IPv4 prefix
193197 Default : 0.0.0.0/0
194198 ingressIPv6 :
195199 Type : String
196- Description : " https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#ipv6-addressing"
200+ Description : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-ipv6-addresses.html
201+ AllowedPattern : .+
202+ ConstraintDescription : Specify valid IPv6 prefix
197203 Default : ::/0
198204 allowSSHport :
199205 Type : String
200- # Description: Allow SSH from internet
206+ Description : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-linux-inst-ssh.html
201207 AllowedValues :
202208 - " Yes"
203209 - " No"
@@ -242,7 +248,7 @@ Parameters:
242248 Default : " "
243249 r53ZoneID :
244250 Type : String
245- Description : " https://console.aws.amazon.com/route53/v2/ hostedzones"
251+ Description : https://console.aws.amazon.com/route53/hostedzones https://certbot-dns-route53.readthedocs.io/
246252 Default : " "
247253
248254 volumeSize :
@@ -261,17 +267,19 @@ Parameters:
261267
262268 enableBackup :
263269 Type : String
270+ Description : https://docs.aws.amazon.com/aws-backup/
264271 AllowedValues :
265272 - " Yes"
266273 - " No"
267274 Default : " Yes"
268275 scheduleExpression :
269276 Type : String
270- Description : https://en.wikipedia.org/wiki/Cron#CRON_expression
271- AllowedPattern : " .+ "
277+ Description : https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-scheduled-rule-pattern.html
278+ AllowedPattern : .+
272279 Default : " cron(0 1 ? * * *)"
273280 scheduleExpressionTimezone : # https://nodatime.org/TimeZones?version=2024a&format=json
274281 Type : String
282+ Description : https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html#time-zones
275283 AllowedValues :
276284 - Africa/Abidjan
277285 - Africa/Algiers
@@ -631,7 +639,7 @@ Parameters:
631639
632640 installDocker :
633641 Type : String
634- # Description: Install Docker
642+ Description : https://docs.docker.com/engine/
635643 AllowedValues :
636644 - " Yes"
637645 - " No"
@@ -1187,16 +1195,22 @@ Resources:
11871195 " /opt/dcv-post-reboot.sh "
11881196 content : !Sub |
11891197 #!/bin/bash
1190- sysctl -w net.ipv6.conf.all.disable_ipv6=1
1191- sysctl -w net.ipv6.conf.default.disable_ipv6=1
1198+ # sysctl -w net.ipv6.conf.all.disable_ipv6=1
1199+ # sysctl -w net.ipv6.conf.default.disable_ipv6=1
11921200
11931201 /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource ec2Instance --region ${AWS::Region}
11941202
11951203 dnf update -q -y
11961204
1197- sysctl -w net.ipv6.conf.all.disable_ipv6=0
1198- sysctl -w net.ipv6.conf.default.disable_ipv6=0
1205+ # https://docs.aws.amazon.com/linux/al2023/ug/managing-repos-os-updates.html#automatic-restart-services
1206+ dnf install -q -y smart-restart
1207+ touch /etc/smart-restart-conf.d/0-pre-restart
1208+ chmod +x /etc/smart-restart-conf.d/0-pre-restart
1209+ touch /etc/smart-restart-conf.d/0-post-restart
1210+ chmod +x /etc/smart-restart-conf.d/0-post-restart
11991211
1212+ #sysctl -w net.ipv6.conf.all.disable_ipv6=0
1213+ #sysctl -w net.ipv6.conf.default.disable_ipv6=0
12001214
12011215 rm -f /etc/systemd/system/dcv-post-reboot.service
12021216 rm -f ${!0}
@@ -1253,7 +1267,7 @@ Resources:
12531267
12541268 # Update OS
12551269 dnf update -q -y
1256- sleep 15
1270+ sleep 10
12571271
12581272 # AWS CLI
12591273 echo "export AWS_CLI_AUTO_PROMPT=on-partial" >> /home/ec2-user/.bashrc
@@ -1266,8 +1280,6 @@ Resources:
12661280
12671281 # https://docs.aws.amazon.com/linux/al2023/ug/deterministic-upgrades-usage.html#deterministic-upgrade-override-persist
12681282 echo latest | sudo tee /etc/dnf/vars/releasever
1269- # https://docs.aws.amazon.com/linux/al2023/ug/managing-repos-os-updates.html#automatic-restart-services
1270- dnf install -q -y smart-restart
12711283
12721284 # CloudWatch agent: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-EC2-Instance.html
12731285 dnf install -q -y amazon-cloudwatch-agent
@@ -1769,8 +1781,8 @@ Resources:
17691781 cd /tmp/cfn
17701782
17711783 # disable IPv6 during setup
1772- sysctl -w net.ipv6.conf.all.disable_ipv6=1
1773- sysctl -w net.ipv6.conf.default.disable_ipv6=1
1784+ # sysctl -w net.ipv6.conf.all.disable_ipv6=1
1785+ # sysctl -w net.ipv6.conf.default.disable_ipv6=1
17741786
17751787 dnf clean all
17761788 dnf install -q -y wget tmux unzip tar curl-minimal sed
@@ -1793,8 +1805,8 @@ Resources:
17931805 systemctl enable dcv-post-reboot
17941806
17951807 # enable back IPv6
1796- sysctl -w net.ipv6.conf.all.disable_ipv6=0
1797- sysctl -w net.ipv6.conf.default.disable_ipv6=0
1808+ # sysctl -w net.ipv6.conf.all.disable_ipv6=0
1809+ # sysctl -w net.ipv6.conf.default.disable_ipv6=0
17981810
17991811 sleep 1 && reboot
18001812 Tags :
@@ -2004,6 +2016,12 @@ Outputs:
20042016 Description : EC2 Serial Console
20052017 Value : !Sub "https://${AWS::Region}.console.aws.amazon.com/ec2-instance-connect/ssh?&connType=serial&instanceId=${ec2Instance}&serialPort=0#/"
20062018
2019+ EC2iamRole :
2020+ Description : EC2 IAM role
2021+ Value : !Sub
2022+ - " https://console.aws.amazon.com/iam/home#/roles/details/${role}"
2023+ - role : !Select [1, !Split ["/", !GetAtt instanceIamRole.Arn]]
2024+
20072025 SSMsessionManager :
20082026 Description : SSM Session Manager
20092027 Value : !Sub "https://${AWS::Region}.console.aws.amazon.com/systems-manager/session-manager/${ec2Instance}"
0 commit comments