Merge pull request #209 from allez-allez-allez/update-guac-cwa

Updates guac template to include cloudwatch agent to collect logs
plus3it · Jul 31, 2019 · 44567af · 44567af
2 parents b84d02b + 84b0624
commit 44567af
Show file tree

Hide file tree

Showing 30 changed files with 105 additions and 31 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.3.4
+current_version = 0.3.5
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/templates/db_mssql_alwayson.template.cfn.json b/templates/db_mssql_alwayson.template.cfn.json
@@ -298,7 +298,7 @@
                 }
             }
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "MssqlNode1InstanceId": {

diff --git a/templates/db_rds_mysql_audit_plugin.element.template.cfn.json b/templates/db_rds_mysql_audit_plugin.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This template deploys a MySQL RDS instance",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "JDBCConnectionString": {

diff --git a/templates/ds_ad_primary_dc.element.template.cfn.json b/templates/ds_ad_primary_dc.element.template.cfn.json
@@ -56,7 +56,7 @@
         }
     },
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "DomainAdmin": {

diff --git a/templates/ds_ad_private_hosted_zone.element.template.cfn.json b/templates/ds_ad_private_hosted_zone.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a Route53 private hosted zone, to resolve the domain to the AD Domain Controllers via DHCP.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "HostedZoneId": {

diff --git a/templates/ds_ad_replica_dc.element.template.cfn.json b/templates/ds_ad_replica_dc.element.template.cfn.json
@@ -56,7 +56,7 @@
         }
     },
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "DomainControllerID": {

diff --git a/templates/ds_ad_security_groups.element.template.cfn.json b/templates/ds_ad_security_groups.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates 2 security groups for an Active Directory domain -- one for Domain Controllers and one for Domain Members.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "DomainControllerSGID": {

diff --git a/templates/ds_dhcp_options.element.template.cfn.json b/templates/ds_dhcp_options.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates an Active Directory domain with a single domain controller. The default Domain Administrator password will be the one retrieved from the instance.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Parameters": {
         "DomainControllerIPs": {

diff --git a/templates/ds_singleaz_ad.compound.template.cfn.json b/templates/ds_singleaz_ad.compound.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This template creates an Active Directory infrastructure in a Single AZ.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "DomainAdmin": {

diff --git a/templates/es_service_domain.element.template.cfn.json b/templates/es_service_domain.element.template.cfn.json
@@ -39,7 +39,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "DedicatedMasterCount": {

diff --git a/templates/nw_create_peer_role.element.template.cfn.json b/templates/nw_create_peer_role.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This template creates an assumable role for cross account VPC peering.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "RoleARN": {

diff --git a/templates/nw_dualaz_multitier_nat_with_eni.compound.template.cfn.json b/templates/nw_dualaz_multitier_nat_with_eni.compound.template.cfn.json
@@ -104,7 +104,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/nw_dualaz_multitier_natgateway.compound.template.cfn.json b/templates/nw_dualaz_multitier_natgateway.compound.template.cfn.json
@@ -94,7 +94,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/nw_nat_gateway.element.template.cfn.json b/templates/nw_nat_gateway.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a NAT Gateway with an Elastic IP, Private route table with route to the NAT Gateway.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "NATGatewayElasticIP": {

diff --git a/templates/nw_nat_with_eni.element.template.cfn.json b/templates/nw_nat_with_eni.element.template.cfn.json
@@ -56,7 +56,7 @@
         }
     },
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "NATElasticNetworkInterfaceId": {

diff --git a/templates/nw_peered_sg.element.template.cfn.json b/templates/nw_peered_sg.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a Security Group to allow remote access from instances in the specified security group within the peered account.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "VpcPeerSecurityGroupId": {

diff --git a/templates/nw_private_subnet.element.template.cfn.json b/templates/nw_private_subnet.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a Private Subnet and associates it with a given Route Table.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "AvailabilityZoneName": {

diff --git a/templates/nw_public_subnet.element.template.cfn.json b/templates/nw_public_subnet.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a Public Subnet and associates it with a given Route Table.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "AvailabilityZoneName": {

diff --git a/templates/nw_r53_peered_domain.element.template.cfn.json b/templates/nw_r53_peered_domain.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a Route53 Private Hosted Zone and the associated resource records for a peered domain.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "PrivateHostedZoneId": {

diff --git a/templates/nw_singleaz_multitier_nat_with_eni.compound.template.cfn.json b/templates/nw_singleaz_multitier_nat_with_eni.compound.template.cfn.json
@@ -101,7 +101,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/nw_singleaz_multitier_natgateway.compound.template.cfn.json b/templates/nw_singleaz_multitier_natgateway.compound.template.cfn.json
@@ -92,7 +92,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/nw_tripleaz_multitier_nat_with_eni.compound.template.cfn.json b/templates/nw_tripleaz_multitier_nat_with_eni.compound.template.cfn.json
@@ -108,7 +108,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/nw_tripleaz_multitier_natgateway.compound.template.cfn.json b/templates/nw_tripleaz_multitier_natgateway.compound.template.cfn.json
@@ -96,7 +96,7 @@
                 }
             ]
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/nw_vpc_peering_connection.element.template.cfn.json b/templates/nw_vpc_peering_connection.element.template.cfn.json
@@ -52,7 +52,7 @@
     },
     "Description": "This element creates a VPC peering connection and adds the necessary route to specified route tables.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "VpcPeeringConnection": {

diff --git a/templates/nw_vpc_with_igw.element.template.cfn.json b/templates/nw_vpc_with_igw.element.template.cfn.json
@@ -2,7 +2,7 @@
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "This element creates a VPC network with an Internet Gateway.",
     "Metadata": {
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "InternetGatewayId": {

diff --git a/templates/ra_guac_autoscale_public_alb.template.cfn.yaml b/templates/ra_guac_autoscale_public_alb.template.cfn.yaml
@@ -46,6 +46,10 @@ Conditions:
     - !Equals
       - !Ref URLText2
       - ''
+  InstallCloudWatchAgent: !Not
+    - !Equals
+      - !Ref CloudWatchAgentUrl
+      - ''
 Description: This templates deploys Guacamole (Guac) instances in an AutoScale Group behind an ALB
 Mappings:
   InstanceTypeMap:
@@ -54,7 +58,7 @@ Mappings:
       Parameters:
         Location: 's3://app-chemistry/snippets/instance_type_map.snippet.cfn.yaml'
 Metadata:
-  Version: 0.3.4
+  Version: 0.3.5
   cfn-lint:
     config:
       ignore_checks:
@@ -89,6 +93,13 @@ Parameters:
     Default: ''
     Description: Text/Label to display branding for the Guac Login page
     Type: String
+  CloudWatchAgentUrl:
+    AllowedPattern: '^$|^s3://.*\.rpm$'
+    Default: ''
+    Description: >-
+      (Optional) S3 URL to CloudWatch Agent installer. Example:
+      s3://amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm
+    Type: String
   DesiredCapacity:
     Default: '1'
     Description: The number of instances the autoscale group will spin up initially
@@ -396,7 +407,9 @@ Resources:
           - Action:
               - 's3:GetObject'
             Effect: Allow
-            Resource: 'arn:aws:s3:::amazon-ssm-*'
+            Resource:
+              - 'arn:aws:s3:::amazon-ssm-*'
+              - 'arn:aws:s3:::amazoncloudwatch-agent/*'
           - Action:
               - 's3:ListBucket'
             Effect: Allow
@@ -432,12 +445,68 @@ Resources:
         configSets:
           config:
             - setup
+            - !If
+              - InstallCloudWatchAgent
+              - cw-agent-install
+              - !Ref "AWS::NoValue"
             - make-guac
             - finalize
           update:
             - setup
             - make-guac
             - finalize
+        cw-agent-install:
+          commands:
+            01-install-cloudwatch-agent:
+              command: !Sub >-
+                aws s3 cp ${CloudWatchAgentUrl} /etc/cfn/scripts/amazon-cloudwatch-agent.rpm &&
+                yum -y localinstall /etc/cfn/scripts/amazon-cloudwatch-agent.rpm
+            10-start-cloudwatch-agent:
+              command: >-
+                /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl
+                -a fetch-config -m ec2 -c
+                file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s
+          files:
+            /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json:
+              content: !Sub |-
+                {
+                  "logs":
+                  {
+                    "logs_collected":
+                    {
+                      "files":
+                      {
+                        "collect_list": [
+                          {
+                            "file_path": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log",
+                            "log_group_name": "/aws/ec2/lx/${AWS::StackName}",
+                            "log_stream_name": "{instance_id}//opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log",
+                            "timestamp_format": "%H:%M:%S %y %b %-d"
+                          },
+                          {
+                            "file_path": "/var/log/cfn-init.log",
+                            "log_group_name": "/aws/ec2/lx/${AWS::StackName}",
+                            "log_stream_name": "{instance_id}//var/log/cfn-init.log",
+                            "timestamp_format": "%H:%M:%S %y %b %-d"
+                          },
+                          {
+                            "file_path": "/var/log/cfn-init-cmd.log",
+                            "log_group_name": "/aws/ec2/lx/${AWS::StackName}",
+                            "log_stream_name": "{instance_id}//var/log/cfn-init-cmd.log",
+                            "timestamp_format": "%H:%M:%S %y %b %-d"
+                          },
+                          {
+                            "file_path": "/var/log/messages",
+                            "log_group_name": "/aws/ec2/lx/${AWS::StackName}",
+                            "log_stream_name": "{instance_id}//var/log/messages",
+                            "timestamp_format": "%H:%M:%S %y %b %-d"
+                          }
+                        ]
+                      }
+                    },
+                    "log_stream_name": "default_logs_{instance_id}"
+                  }
+                }
         finalize:
           commands:
             10-signal-success:
@@ -608,3 +677,8 @@ Resources:
       DesiredCapacity: !Ref MaxCapacity
       Recurrence: !Ref ScaleUpSchedule
     Type: 'AWS::AutoScaling::ScheduledAction'
+  GuacLaunchConfigLogGroup:
+    Condition: InstallCloudWatchAgent
+    Properties:
+      LogGroupName: !Sub "/aws/ec2/lx/${AWS::StackName}"
+    Type: AWS::Logs::LogGroup
diff --git a/templates/ra_rdcb_fileserver_ha.template.cfn.json b/templates/ra_rdcb_fileserver_ha.template.cfn.json
@@ -207,7 +207,7 @@
                 }
             }
         },
-        "Version": "0.3.4"
+        "Version": "0.3.5"
     },
     "Outputs": {
         "RdcbEc2InstanceId": {

diff --git a/templates/ra_rdcb_fileserver_standalone.template.cfn.yaml b/templates/ra_rdcb_fileserver_standalone.template.cfn.yaml
@@ -71,7 +71,7 @@ Metadata:
     ParameterLabels:
       AmiNameSearchString:
         default: AMI Name Search Pattern
-  Version: 0.3.4
+  Version: 0.3.5
   cfn-lint:
     config:
       ignore_checks:

diff --git a/templates/ra_rdgw_autoscale_public_lb.template.cfn.yaml b/templates/ra_rdgw_autoscale_public_lb.template.cfn.yaml
@@ -83,7 +83,7 @@ Metadata:
         default: AMI Name Search Pattern
       ScaleDownDesiredCapacity:
         default: Scale Down Desired Capacity
-  Version: 0.3.4
+  Version: 0.3.5
   cfn-lint:
     config:
       ignore_checks:

diff --git a/templates/ra_rdsh_autoscale_internal_lb.template.cfn.yaml b/templates/ra_rdsh_autoscale_internal_lb.template.cfn.yaml
@@ -89,7 +89,7 @@ Metadata:
         default: AMI Name Search Pattern
       ScaleDownDesiredCapacity:
         default: Scale Down Desired Capacity
-  Version: 0.3.4
+  Version: 0.3.5
   cfn-lint:
     config:
       ignore_checks: