diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml new file mode 100644 index 0000000..d6cdacf --- /dev/null +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/EC2-cloud_formation.yaml @@ -0,0 +1,222 @@ + +AWSTemplateFormatVersion: '2010-09-09' +Description: Launch EC2 instance with user data script downloaded from Github and dynamic parameters +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - Label: + default: "EC2 Configuration" + Parameters: + - OperationSystem + - InstanceType + - InstanceName + - KeyName + - VpcId + - SubnetId + - Label: + default: "AMI Configuration" + Parameters: + - LatestLinuxAMI + - LatestWindowsAMI + - Label: + default: "FSxN Configuration" + Parameters: + - SecretArn + - ManagementEndpointIP + - VolumeName + - VolumeSize + - SvmName + - Username + - DriveLetter + - Label: + default: "Networking" + Parameters: + - CidrIp + - Label: + default: "User Data Scripts" + Parameters: + - LinuxUserDataUrl + - WindowsUserDataUrl + ParameterLabels: + OperationSystem: + default: "Operating System" + InstanceType: + default: "Instance Type" + InstanceName: + default: "Instance Name" + KeyName: + default: "Key Pair Name" + VpcId: + default: "VPC ID" + SubnetId: + default: "Subnet ID" + SecretArn: + default: "AWS Secret ARN" + ManagementEndpointIP: + default: "Management Endpoint IP" + VolumeName: + default: "Volume Name" + VolumeSize: + default: "Volume Size (GiB)" + SvmName: + default: "SVM Name" + Username: + default: "Username" + DriveLetter: + default: "Drive Letter (Windows Only)" + CidrIp: + default: "CIDR IP for SSH/RDP Access" + LinuxUserDataUrl: + default: "Linux User Data Script URL" + WindowsUserDataUrl: + default: "Windows User Data Script URL" + LatestLinuxAMI: + default: "Linux AMI" + LatestWindowsAMI: + default: "Windows AMI" + +Parameters: + OperationSystem: + Type: String + AllowedValues: + - Linux + - Windows + InstanceType: + Type: String + Default: t3.large + Description: EC2 instance type + InstanceName: + Type: String + Description: EC2 instance name + KeyName: + Type: AWS::EC2::KeyPair::KeyName + Description: Name of an existing EC2 KeyPair + VpcId: + Type: AWS::EC2::VPC::Id + Description: VPC ID + SubnetId: + Type: AWS::EC2::Subnet::Id + Description: Subnet ID + SecretArn: + Type: String + Description: Full ARN of the AWS Secrets Manager secret containing FSxN credentials + ManagementEndpointIP: + Type: String + Description: Management endpoint IP Address of your FSxN + VolumeName: + Type: String + Description: Volume Name + VolumeSize: + Type: Number + Description: Volume Size in GiB + SvmName: + Type: String + Default: fsx + Description: SVM Name + Username: + Type: String + Description: Username to run under + DriveLetter: + Type: String + Default: d + Description: Drive Letter - valid for Windows only + CidrIp: + Type: String + Description: CIDR IP for SSH access to the instance + LinuxUserDataUrl: + Type: String + Default: https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/refs/heads/main/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh + Description: URL to Linux user data script + WindowsUserDataUrl: + Type: String + Default: https://raw.githubusercontent.com/NetApp/FSx-ONTAP-samples-scripts/refs/heads/main/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1 + Description: URL to Windows user data script + LatestLinuxAMI: + Type: 'AWS::SSM::Parameter::Value' + Default: '/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64' + Description: 'Linux AMI to use for the EC2 instance (default is the latest Amazon Linux 2023)' + LatestWindowsAMI: + Type: 'AWS::SSM::Parameter::Value' + Default: '/aws/service/ami-windows-latest/TPM-Windows_Server-2025-English-Full-Base' + Description: 'Windows AMI to use for the EC2 instance (default is the latest Windows Server 2025)' + +Conditions: + IsLinux: !Equals [ !Ref OperationSystem, "Linux" ] + IsWindows: !Equals [ !Ref OperationSystem, "Windows" ] + +Resources: + EC2InstanceSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: Security group for the EC2 instance + VpcId: !Ref VpcId + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: !If + - IsLinux + - 22 + - 3389 + ToPort: !If + - IsLinux + - 22 + - 3389 + CidrIp: !Ref CidrIp + EC2InstanceRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: ec2.amazonaws.com + Action: sts:AssumeRole + Path: / + + Policies: + - PolicyName: "LambdaPolicy" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "secretsManager:GetSecretValue" + Resource: + - !Ref SecretArn + + EC2InstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !Ref EC2InstanceRole + MyEC2Instance: + Type: AWS::EC2::Instance + Properties: + InstanceType: !Ref InstanceType + ImageId: !If [IsLinux, !Ref LatestLinuxAMI, !Ref LatestWindowsAMI] + KeyName: !Ref KeyName + SecurityGroupIds: + - !Ref EC2InstanceSecurityGroup + SubnetId: !Ref SubnetId + IamInstanceProfile: !Ref EC2InstanceProfile + Tags: + - Key: Name + Value: !Ref InstanceName + UserData: !If + - IsLinux + - Fn::Base64: !Sub | + #!/bin/bash + curl -o /tmp/userdata-script.sh ${LinuxUserDataUrl} + chmod +x /tmp/userdata-script.sh + # Pass parameters to the script + /tmp/userdata-script.sh "${SecretArn}" "${ManagementEndpointIP }" "${VolumeName}" "${VolumeSize}" "${SvmName}" "${Username}" + - Fn::Base64: !Sub | + + Invoke-WebRequest -Uri ${WindowsUserDataUrl} -OutFile C:\userdata-script.ps1 + (Get-Content 'C:\userdata-script.ps1') | Where-Object { $_ -notmatch '^$|^$' } | Set-Content 'C:\userdata-script.ps1' + powershell.exe -ExecutionPolicy Bypass -File C:\userdata-script.ps1 -SecretIdParam "${SecretArn}" -FSxNAdminIpParam "${ManagementEndpointIP }" -VolumeNameParam "${VolumeName}" -VolumeSizeParam "${VolumeSize}" -DriveLetterParam "${DriveLetter}" -SvmNameParam "${SvmName}" -UsernameParam "${Username}" + +Outputs: + InstanceId: + Description: EC2 Instance ID + Value: !Ref MyEC2Instance \ No newline at end of file diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh index 287d36e..ac4b468 100755 --- a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/linux_userData.sh @@ -20,6 +20,7 @@ AWS_REGION="${AWS_REGION:=$2}" FSXN_ADMIN_IP="${FSXN_ADMIN_IP:=$3}" VOLUME_NAME="${VOLUME_NAME:=$4}" VOLUME_SIZE="${VOLUME_SIZE:=$5}" +SVM_NAME="${6:-$SVM_NAME}" min=100 max=999 diff --git a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1 b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1 index bc536de..2541c60 100644 --- a/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1 +++ b/Management-Utilities/ec2-user-data-iscsi-create-and-mount/windows_userData.ps1 @@ -5,7 +5,8 @@ param( [string]$FSxNAdminIpParam, [string]$VolumeNameParam, [string]$VolumeSizeParam, - [string]$DriveLetterParam + [string]$DriveLetterParam, + [string]$SvmNameParam ) # "AWS secret ARN, e.g arn:aws:secretsmanager:us-east-1:111222333444:secret:MySecret-123456" $secretId= @@ -18,15 +19,16 @@ $volSize= # "drive letter to use, e.g. d" $drive_letter= +# Defaults +$user="fsxadmin" +$svm_name="fsx" + $secretId = if ($SecretIdParam) { $SecretIdParam } else { $secretId } $ip = if ($FSxNAdminIpParam) { $FSxNAdminIpParam } else { $ip } $volName = if ($VolumeNameParam) { $VolumeNameParam } else { $volName } $volSize = if ($VolumeSizeParam) { $VolumeSizeParam } else { $volSize } $drive_letter = if ($DriveLetterParam) { $DriveLetterParam } else { $drive_letter } - -# Defaults -$user="fsxadmin" -$svm_name="fsx" +$svm_name = if ($SvmNameParam) { $SvmNameParam } else { $svm_name } # default values # The script will create a log file and uninstall script