diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 58b05a2c..13a71826 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.3.4 +current_version = 0.3.5 commit = True message = Bumps version to {new_version} tag = False diff --git a/templates/db_mssql_alwayson.template.cfn.json b/templates/db_mssql_alwayson.template.cfn.json index 935d1e8a..94d5f1bc 100644 --- a/templates/db_mssql_alwayson.template.cfn.json +++ b/templates/db_mssql_alwayson.template.cfn.json @@ -298,7 +298,7 @@ } } }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "MssqlNode1InstanceId": { diff --git a/templates/db_rds_mysql_audit_plugin.element.template.cfn.json b/templates/db_rds_mysql_audit_plugin.element.template.cfn.json index c730dd20..e3bf3c91 100644 --- a/templates/db_rds_mysql_audit_plugin.element.template.cfn.json +++ b/templates/db_rds_mysql_audit_plugin.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template deploys a MySQL RDS instance", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "JDBCConnectionString": { diff --git a/templates/ds_ad_primary_dc.element.template.cfn.json b/templates/ds_ad_primary_dc.element.template.cfn.json index cee4dd41..68f94e91 100644 --- a/templates/ds_ad_primary_dc.element.template.cfn.json +++ b/templates/ds_ad_primary_dc.element.template.cfn.json @@ -56,7 +56,7 @@ } }, "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "DomainAdmin": { diff --git a/templates/ds_ad_private_hosted_zone.element.template.cfn.json b/templates/ds_ad_private_hosted_zone.element.template.cfn.json index fcee60ce..e8a6c25f 100644 --- a/templates/ds_ad_private_hosted_zone.element.template.cfn.json +++ b/templates/ds_ad_private_hosted_zone.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a Route53 private hosted zone, to resolve the domain to the AD Domain Controllers via DHCP.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "HostedZoneId": { diff --git a/templates/ds_ad_replica_dc.element.template.cfn.json b/templates/ds_ad_replica_dc.element.template.cfn.json index 18c297aa..e70f1bce 100644 --- a/templates/ds_ad_replica_dc.element.template.cfn.json +++ b/templates/ds_ad_replica_dc.element.template.cfn.json @@ -56,7 +56,7 @@ } }, "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "DomainControllerID": { diff --git a/templates/ds_ad_security_groups.element.template.cfn.json b/templates/ds_ad_security_groups.element.template.cfn.json index 07eecda8..82790493 100644 --- a/templates/ds_ad_security_groups.element.template.cfn.json +++ b/templates/ds_ad_security_groups.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates 2 security groups for an Active Directory domain -- one for Domain Controllers and one for Domain Members.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "DomainControllerSGID": { diff --git a/templates/ds_dhcp_options.element.template.cfn.json b/templates/ds_dhcp_options.element.template.cfn.json index d0d9377e..f284f05c 100644 --- a/templates/ds_dhcp_options.element.template.cfn.json +++ b/templates/ds_dhcp_options.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates an Active Directory domain with a single domain controller. The default Domain Administrator password will be the one retrieved from the instance.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Parameters": { "DomainControllerIPs": { diff --git a/templates/ds_singleaz_ad.compound.template.cfn.json b/templates/ds_singleaz_ad.compound.template.cfn.json index 00dd9501..2f758718 100644 --- a/templates/ds_singleaz_ad.compound.template.cfn.json +++ b/templates/ds_singleaz_ad.compound.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates an Active Directory infrastructure in a Single AZ.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "DomainAdmin": { diff --git a/templates/es_service_domain.element.template.cfn.json b/templates/es_service_domain.element.template.cfn.json index b69fd374..be9e08e9 100644 --- a/templates/es_service_domain.element.template.cfn.json +++ b/templates/es_service_domain.element.template.cfn.json @@ -39,7 +39,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "DedicatedMasterCount": { diff --git a/templates/nw_create_peer_role.element.template.cfn.json b/templates/nw_create_peer_role.element.template.cfn.json index d0ed739b..1d70a9af 100644 --- a/templates/nw_create_peer_role.element.template.cfn.json +++ b/templates/nw_create_peer_role.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates an assumable role for cross account VPC peering.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "RoleARN": { diff --git a/templates/nw_dualaz_multitier_nat_with_eni.compound.template.cfn.json b/templates/nw_dualaz_multitier_nat_with_eni.compound.template.cfn.json index 5cdbe408..a2cff183 100644 --- a/templates/nw_dualaz_multitier_nat_with_eni.compound.template.cfn.json +++ b/templates/nw_dualaz_multitier_nat_with_eni.compound.template.cfn.json @@ -104,7 +104,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/nw_dualaz_multitier_natgateway.compound.template.cfn.json b/templates/nw_dualaz_multitier_natgateway.compound.template.cfn.json index a282048d..24272559 100644 --- a/templates/nw_dualaz_multitier_natgateway.compound.template.cfn.json +++ b/templates/nw_dualaz_multitier_natgateway.compound.template.cfn.json @@ -94,7 +94,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/nw_nat_gateway.element.template.cfn.json b/templates/nw_nat_gateway.element.template.cfn.json index 065e8596..3e4db7ac 100644 --- a/templates/nw_nat_gateway.element.template.cfn.json +++ b/templates/nw_nat_gateway.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a NAT Gateway with an Elastic IP, Private route table with route to the NAT Gateway.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "NATGatewayElasticIP": { diff --git a/templates/nw_nat_with_eni.element.template.cfn.json b/templates/nw_nat_with_eni.element.template.cfn.json index 447df6fb..2cdb9ddf 100644 --- a/templates/nw_nat_with_eni.element.template.cfn.json +++ b/templates/nw_nat_with_eni.element.template.cfn.json @@ -56,7 +56,7 @@ } }, "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "NATElasticNetworkInterfaceId": { diff --git a/templates/nw_peered_sg.element.template.cfn.json b/templates/nw_peered_sg.element.template.cfn.json index 3ddbbe7f..4e363b85 100644 --- a/templates/nw_peered_sg.element.template.cfn.json +++ b/templates/nw_peered_sg.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a Security Group to allow remote access from instances in the specified security group within the peered account.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "VpcPeerSecurityGroupId": { diff --git a/templates/nw_private_subnet.element.template.cfn.json b/templates/nw_private_subnet.element.template.cfn.json index fc4b3b2d..1e016064 100644 --- a/templates/nw_private_subnet.element.template.cfn.json +++ b/templates/nw_private_subnet.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a Private Subnet and associates it with a given Route Table.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "AvailabilityZoneName": { diff --git a/templates/nw_public_subnet.element.template.cfn.json b/templates/nw_public_subnet.element.template.cfn.json index 19938e91..7faa3b64 100644 --- a/templates/nw_public_subnet.element.template.cfn.json +++ b/templates/nw_public_subnet.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a Public Subnet and associates it with a given Route Table.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "AvailabilityZoneName": { diff --git a/templates/nw_r53_peered_domain.element.template.cfn.json b/templates/nw_r53_peered_domain.element.template.cfn.json index 712ace84..e1b5ca2d 100644 --- a/templates/nw_r53_peered_domain.element.template.cfn.json +++ b/templates/nw_r53_peered_domain.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a Route53 Private Hosted Zone and the associated resource records for a peered domain.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "PrivateHostedZoneId": { diff --git a/templates/nw_singleaz_multitier_nat_with_eni.compound.template.cfn.json b/templates/nw_singleaz_multitier_nat_with_eni.compound.template.cfn.json index 16f02c8e..b3fd5f02 100644 --- a/templates/nw_singleaz_multitier_nat_with_eni.compound.template.cfn.json +++ b/templates/nw_singleaz_multitier_nat_with_eni.compound.template.cfn.json @@ -101,7 +101,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/nw_singleaz_multitier_natgateway.compound.template.cfn.json b/templates/nw_singleaz_multitier_natgateway.compound.template.cfn.json index 62157a55..45e31adb 100644 --- a/templates/nw_singleaz_multitier_natgateway.compound.template.cfn.json +++ b/templates/nw_singleaz_multitier_natgateway.compound.template.cfn.json @@ -92,7 +92,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/nw_tripleaz_multitier_nat_with_eni.compound.template.cfn.json b/templates/nw_tripleaz_multitier_nat_with_eni.compound.template.cfn.json index fea60433..d5ae0935 100644 --- a/templates/nw_tripleaz_multitier_nat_with_eni.compound.template.cfn.json +++ b/templates/nw_tripleaz_multitier_nat_with_eni.compound.template.cfn.json @@ -108,7 +108,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/nw_tripleaz_multitier_natgateway.compound.template.cfn.json b/templates/nw_tripleaz_multitier_natgateway.compound.template.cfn.json index cd2dacc4..165de5e7 100644 --- a/templates/nw_tripleaz_multitier_natgateway.compound.template.cfn.json +++ b/templates/nw_tripleaz_multitier_natgateway.compound.template.cfn.json @@ -96,7 +96,7 @@ } ] }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/nw_vpc_peering_connection.element.template.cfn.json b/templates/nw_vpc_peering_connection.element.template.cfn.json index 1f21cf1b..b0ab8011 100644 --- a/templates/nw_vpc_peering_connection.element.template.cfn.json +++ b/templates/nw_vpc_peering_connection.element.template.cfn.json @@ -52,7 +52,7 @@ }, "Description": "This element creates a VPC peering connection and adds the necessary route to specified route tables.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "VpcPeeringConnection": { diff --git a/templates/nw_vpc_with_igw.element.template.cfn.json b/templates/nw_vpc_with_igw.element.template.cfn.json index fcd8852e..6136dee2 100644 --- a/templates/nw_vpc_with_igw.element.template.cfn.json +++ b/templates/nw_vpc_with_igw.element.template.cfn.json @@ -2,7 +2,7 @@ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This element creates a VPC network with an Internet Gateway.", "Metadata": { - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "InternetGatewayId": { diff --git a/templates/ra_guac_autoscale_public_alb.template.cfn.yaml b/templates/ra_guac_autoscale_public_alb.template.cfn.yaml index 3663c330..dd6b5d24 100644 --- a/templates/ra_guac_autoscale_public_alb.template.cfn.yaml +++ b/templates/ra_guac_autoscale_public_alb.template.cfn.yaml @@ -46,6 +46,10 @@ Conditions: - !Equals - !Ref URLText2 - '' + InstallCloudWatchAgent: !Not + - !Equals + - !Ref CloudWatchAgentUrl + - '' Description: This templates deploys Guacamole (Guac) instances in an AutoScale Group behind an ALB Mappings: InstanceTypeMap: @@ -54,7 +58,7 @@ Mappings: Parameters: Location: 's3://app-chemistry/snippets/instance_type_map.snippet.cfn.yaml' Metadata: - Version: 0.3.4 + Version: 0.3.5 cfn-lint: config: ignore_checks: @@ -89,6 +93,13 @@ Parameters: Default: '' Description: Text/Label to display branding for the Guac Login page Type: String + CloudWatchAgentUrl: + AllowedPattern: '^$|^s3://.*\.rpm$' + Default: '' + Description: >- + (Optional) S3 URL to CloudWatch Agent installer. Example: + s3://amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm + Type: String DesiredCapacity: Default: '1' Description: The number of instances the autoscale group will spin up initially @@ -396,7 +407,9 @@ Resources: - Action: - 's3:GetObject' Effect: Allow - Resource: 'arn:aws:s3:::amazon-ssm-*' + Resource: + - 'arn:aws:s3:::amazon-ssm-*' + - 'arn:aws:s3:::amazoncloudwatch-agent/*' - Action: - 's3:ListBucket' Effect: Allow @@ -432,12 +445,68 @@ Resources: configSets: config: - setup + - !If + - InstallCloudWatchAgent + - cw-agent-install + - !Ref "AWS::NoValue" - make-guac - finalize update: - setup - make-guac - finalize + cw-agent-install: + commands: + 01-install-cloudwatch-agent: + command: !Sub >- + aws s3 cp ${CloudWatchAgentUrl} /etc/cfn/scripts/amazon-cloudwatch-agent.rpm && + yum -y localinstall /etc/cfn/scripts/amazon-cloudwatch-agent.rpm + 10-start-cloudwatch-agent: + command: >- + /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl + -a fetch-config -m ec2 -c + file:/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json -s + files: + /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json: + content: !Sub |- + { + "logs": + { + "logs_collected": + { + "files": + { + "collect_list": [ + { + "file_path": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log", + "log_group_name": "/aws/ec2/lx/${AWS::StackName}", + "log_stream_name": "{instance_id}//opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log", + "timestamp_format": "%H:%M:%S %y %b %-d" + }, + { + "file_path": "/var/log/cfn-init.log", + "log_group_name": "/aws/ec2/lx/${AWS::StackName}", + "log_stream_name": "{instance_id}//var/log/cfn-init.log", + "timestamp_format": "%H:%M:%S %y %b %-d" + }, + { + "file_path": "/var/log/cfn-init-cmd.log", + "log_group_name": "/aws/ec2/lx/${AWS::StackName}", + "log_stream_name": "{instance_id}//var/log/cfn-init-cmd.log", + "timestamp_format": "%H:%M:%S %y %b %-d" + }, + { + "file_path": "/var/log/messages", + "log_group_name": "/aws/ec2/lx/${AWS::StackName}", + "log_stream_name": "{instance_id}//var/log/messages", + "timestamp_format": "%H:%M:%S %y %b %-d" + } + ] + } + }, + "log_stream_name": "default_logs_{instance_id}" + } + } finalize: commands: 10-signal-success: @@ -608,3 +677,8 @@ Resources: DesiredCapacity: !Ref MaxCapacity Recurrence: !Ref ScaleUpSchedule Type: 'AWS::AutoScaling::ScheduledAction' + GuacLaunchConfigLogGroup: + Condition: InstallCloudWatchAgent + Properties: + LogGroupName: !Sub "/aws/ec2/lx/${AWS::StackName}" + Type: AWS::Logs::LogGroup diff --git a/templates/ra_rdcb_fileserver_ha.template.cfn.json b/templates/ra_rdcb_fileserver_ha.template.cfn.json index 7d35a4e4..9d077bf7 100644 --- a/templates/ra_rdcb_fileserver_ha.template.cfn.json +++ b/templates/ra_rdcb_fileserver_ha.template.cfn.json @@ -207,7 +207,7 @@ } } }, - "Version": "0.3.4" + "Version": "0.3.5" }, "Outputs": { "RdcbEc2InstanceId": { diff --git a/templates/ra_rdcb_fileserver_standalone.template.cfn.yaml b/templates/ra_rdcb_fileserver_standalone.template.cfn.yaml index a78f1ca4..60f34b8b 100644 --- a/templates/ra_rdcb_fileserver_standalone.template.cfn.yaml +++ b/templates/ra_rdcb_fileserver_standalone.template.cfn.yaml @@ -71,7 +71,7 @@ Metadata: ParameterLabels: AmiNameSearchString: default: AMI Name Search Pattern - Version: 0.3.4 + Version: 0.3.5 cfn-lint: config: ignore_checks: diff --git a/templates/ra_rdgw_autoscale_public_lb.template.cfn.yaml b/templates/ra_rdgw_autoscale_public_lb.template.cfn.yaml index 7217352a..5146e9ad 100644 --- a/templates/ra_rdgw_autoscale_public_lb.template.cfn.yaml +++ b/templates/ra_rdgw_autoscale_public_lb.template.cfn.yaml @@ -83,7 +83,7 @@ Metadata: default: AMI Name Search Pattern ScaleDownDesiredCapacity: default: Scale Down Desired Capacity - Version: 0.3.4 + Version: 0.3.5 cfn-lint: config: ignore_checks: diff --git a/templates/ra_rdsh_autoscale_internal_lb.template.cfn.yaml b/templates/ra_rdsh_autoscale_internal_lb.template.cfn.yaml index 37cb5d9e..1494e677 100644 --- a/templates/ra_rdsh_autoscale_internal_lb.template.cfn.yaml +++ b/templates/ra_rdsh_autoscale_internal_lb.template.cfn.yaml @@ -89,7 +89,7 @@ Metadata: default: AMI Name Search Pattern ScaleDownDesiredCapacity: default: Scale Down Desired Capacity - Version: 0.3.4 + Version: 0.3.5 cfn-lint: config: ignore_checks: