Merge pull request #258 from NetApp/cloud-formation-script

kcantrel · web-flow · commit a622d42c2f89 · 2025-11-26T12:01:52.000-06:00
Add cloud formation script
diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml
@@ -0,0 +1,222 @@
+
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Launch EC2 instance with user data script downloaded from Github and dynamic parameters
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: "EC2 Configuration"
+        Parameters:
+          - OperationSystem
+          - InstanceType
+          - InstanceName
+          - KeyName
+          - VpcId
+          - SubnetId
+      - Label:
+          default: "AMI Configuration"
+        Parameters:
+          - LatestLinuxAMI
+          - LatestWindowsAMI
+      - Label:
+          default: "FSxN Configuration"
+        Parameters:
+          - SecretArn
+          - ManagementEndpointIP
+          - VolumeName
+          - VolumeSize
+          - SvmName
+          - Username
+          - DriveLetter
+      - Label:
+          default: "Networking"
+        Parameters:
+          - CidrIp
+      - Label:
+          default: "User Data Scripts"
+        Parameters:
+          - LinuxUserDataUrl
+          - WindowsUserDataUrl
+    ParameterLabels:
+      OperationSystem:
+        default: "Operating System"
+      InstanceType:
+        default: "Instance Type"
+      InstanceName:
+        default: "Instance Name"
+      KeyName:
+        default: "Key Pair Name"
+      VpcId:
+        default: "VPC ID"
+      SubnetId:
+        default: "Subnet ID"
+      SecretArn:
+        default: "AWS Secret ARN"
+      ManagementEndpointIP:
+        default: "Management Endpoint IP"
+      VolumeName:
+        default: "Volume Name"
+      VolumeSize:
+        default: "Volume Size (GiB)"
+      SvmName:
+        default: "SVM Name"
+      Username:
+        default: "Username"
+      DriveLetter:
+        default: "Drive Letter (Windows Only)"
+      CidrIp:
+        default: "CIDR IP for SSH/RDP Access"
+      LinuxUserDataUrl:
+        default: "Linux User Data Script URL"
+      WindowsUserDataUrl:
+        default: "Windows User Data Script URL"
+      LatestLinuxAMI:
+        default: "Linux AMI"
+      LatestWindowsAMI:
+        default: "Windows AMI"
+      
+Parameters:
+  OperationSystem:
+    Type: String
+    AllowedValues:
+      - Linux
+      - Windows
+  InstanceType:
+    Type: String
+    Default: t3.large
+    Description: EC2 instance type
+  InstanceName:
+    Type: String
+    Description: EC2 instance name
+  KeyName:
+    Type: AWS::EC2::KeyPair::KeyName
+    Description: Name of an existing EC2 KeyPair
+  VpcId:
+    Type: AWS::EC2::VPC::Id
+    Description: VPC ID
+  SubnetId:
+    Type: AWS::EC2::Subnet::Id
+    Description: Subnet ID
+  SecretArn:
+    Type: String
+    Description: Full ARN of the AWS Secrets Manager secret containing FSxN credentials
+  ManagementEndpointIP:
+    Type: String
+    Description: Management endpoint IP Address of your FSxN
+  VolumeName:
+    Type: String
+    Description: Volume Name
+  VolumeSize:
+    Type: Number
+    Description: Volume Size in GiB
+  SvmName:
+    Type: String
+    Default: fsx
+    Description: SVM Name
+  Username:
+    Type: String
+    Description: Username to run under
+  DriveLetter:
+    Type: String
+    Default: d
+    Description: Drive Letter - valid for Windows only
+  CidrIp:
+    Type: String
+    Description: CIDR IP for SSH access to the instance
+  LinuxUserDataUrl:
+    Type: String
+    Default: https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/refs/heads/main/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh
+    Description: URL to Linux user data script
+  WindowsUserDataUrl:
+    Type: String
+    Default: https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/refs/heads/main/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1
+    Description: URL to Windows user data script
+  LatestLinuxAMI:  
+    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'  
+    Default: '/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64'  
+    Description: 'Linux AMI to use for the EC2 instance (default is the latest Amazon Linux 2023)'  
+  LatestWindowsAMI:  
+    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'  
+    Default: '/aws/service/ami-windows-latest/TPM-Windows_Server-2025-English-Full-Base'  
+    Description: 'Windows AMI to use for the EC2 instance (default is the latest Windows Server 2025)'
+
+Conditions:
+  IsLinux: !Equals [ !Ref OperationSystem, "Linux" ]
+  IsWindows: !Equals [ !Ref OperationSystem, "Windows" ]
+  
+Resources:
+  EC2InstanceSecurityGroup: 
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Security group for the EC2 instance
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: !If
+            - IsLinux
+            - 22
+            - 3389
+          ToPort: !If
+            - IsLinux
+            - 22
+            - 3389
+          CidrIp: !Ref CidrIp
+  EC2InstanceRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: ec2.amazonaws.com
+            Action: sts:AssumeRole
+      Path: /
+
+      Policies:  
+        - PolicyName: "LambdaPolicy"  
+          PolicyDocument:  
+            Version: "2012-10-17"  
+            Statement:  
+              - Effect: "Allow"  
+                Action:  
+                  - "secretsManager:GetSecretValue"
+                Resource:  
+                  - !Ref SecretArn
+
+  EC2InstanceProfile:
+    Type: AWS::IAM::InstanceProfile
+    Properties:
+      Roles:
+        - !Ref EC2InstanceRole
+  MyEC2Instance:
+    Type: AWS::EC2::Instance
+    Properties:
+      InstanceType: !Ref InstanceType
+      ImageId: !If [IsLinux, !Ref LatestLinuxAMI, !Ref LatestWindowsAMI]  
+      KeyName: !Ref KeyName
+      SecurityGroupIds:
+        - !Ref EC2InstanceSecurityGroup
+      SubnetId: !Ref SubnetId
+      IamInstanceProfile: !Ref EC2InstanceProfile
+      Tags:
+        - Key: Name
+          Value: !Ref InstanceName
+      UserData: !If
+        - IsLinux
+        - Fn::Base64: !Sub |
+            #!/bin/bash
+            curl -o /tmp/userdata-script.sh ${LinuxUserDataUrl}
+            chmod +x /tmp/userdata-script.sh
+            # Pass parameters to the script
+            /tmp/userdata-script.sh "${SecretArn}" "${ManagementEndpointIP }" "${VolumeName}" "${VolumeSize}" "${SvmName}" "${Username}"
+        - Fn::Base64: !Sub |
+            <powershell>
+            Invoke-WebRequest -Uri ${WindowsUserDataUrl} -OutFile C:\userdata-script.ps1
+            (Get-Content 'C:\userdata-script.ps1') | Where-Object { $_ -notmatch '^<powershell>$|^</powershell>$' } | Set-Content 'C:\userdata-script.ps1'
+            powershell.exe -ExecutionPolicy Bypass -File C:\userdata-script.ps1 -SecretIdParam "${SecretArn}" -FSxNAdminIpParam "${ManagementEndpointIP }" -VolumeNameParam "${VolumeName}" -VolumeSizeParam "${VolumeSize}" -DriveLetterParam "${DriveLetter}" -SvmNameParam "${SvmName}" -UsernameParam "${Username}"
+            </powershell>
+Outputs:
+  InstanceId:
+    Description: EC2 Instance ID
+    Value: !Ref MyEC2Instance
diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh
@@ -20,6 +20,7 @@ AWS_REGION="${AWS_REGION:=$2}"
 FSXN_ADMIN_IP="${FSXN_ADMIN_IP:=$3}"
 VOLUME_NAME="${VOLUME_NAME:=$4}"
 VOLUME_SIZE="${VOLUME_SIZE:=$5}"
+SVM_NAME="${6:-$SVM_NAME}"
 
 min=100
 max=999
diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1 b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1
@@ -5,7 +5,8 @@ param(
    [string]$FSxNAdminIpParam,
    [string]$VolumeNameParam,
    [string]$VolumeSizeParam,
-   [string]$DriveLetterParam
+   [string]$DriveLetterParam,
+   [string]$SvmNameParam
 )
 # "AWS secret ARN, e.g arn:aws:secretsmanager:us-east-1:111222333444:secret:MySecret-123456"
 $secretId=
@@ -18,15 +19,16 @@ $volSize=
 # "drive letter to use, e.g. d"
 $drive_letter=
 
+# Defaults
+$user="fsxadmin"
+$svm_name="fsx"
+
 $secretId = if ($SecretIdParam) { $SecretIdParam } else { $secretId }
 $ip = if ($FSxNAdminIpParam) { $FSxNAdminIpParam } else { $ip }
 $volName = if ($VolumeNameParam) { $VolumeNameParam } else { $volName }
 $volSize = if ($VolumeSizeParam) { $VolumeSizeParam } else { $volSize }
 $drive_letter = if ($DriveLetterParam) { $DriveLetterParam } else { $drive_letter }
-
-# Defaults
-$user="fsxadmin"
-$svm_name="fsx"
+$svm_name = if ($SvmNameParam) { $SvmNameParam } else { $svm_name }
 
 # default values
 # The script will create a log file and uninstall script
