cloudformation-template.yaml

AWSTemplateFormatVersion: 2010-09-09
Description: Coffee e-shop cloudformation template

Parameters:
  ImagesBucketName:
    Type: String
    Default: coffee-e-shop-images
    Description: The name of the S3 Bucket to create

Resources:
  # You can’t assign an IAM role directly to the EC2 instance, but you can assign an instance profile, which passes role information to the EC2 instance.
  RootInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: /
      Roles:
        - !Ref S3WritableRole

  S3WritableRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: sts:AssumeRole
      Path: /

  RolePolicies:
    Type: AWS::IAM::Policy
    DependsOn:
      - NodeBackend
    Properties:
      PolicyName: NodeBackendPolicy
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action: s3:*
            Resource: "*"
      Roles:
        - !Ref S3WritableRole

  NodeBackend:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-051f7e7f6c2f40dc1
      KeyName: aws-key-coffee-e-shop
      IamInstanceProfile: !Ref RootInstanceProfile
      SecurityGroups:
        - !Ref NodeBackendSecurityGroup
      UserData: !Base64 |
        #!/bin/bash
        sudo yum update -y
        sudo yum install docker -y

        wget https://github.com/async-devil/coffee-e-shop/archive/refs/heads/main.tar.gz
        tar -xzf main.tar.gz -C /home/ec2-user
        cp /home/ec2-user/coffee-e-shop-main/.env.example /home/ec2-user/coffee-e-shop-main/.prod.env

        wget https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) 
        sudo mv docker-compose-$(uname -s)-$(uname -m) /usr/local/bin/docker-compose
        sudo chmod -v +x /usr/local/bin/docker-compose

        sudo systemctl enable docker.service
        sudo systemctl start docker.service

  NodeBackendSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: allow ssh and http
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 5050
          ToPort: 5050
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

  S3ImagesBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref ImagesBucketName
      PublicAccessBlockConfiguration:
        BlockPublicAcls: false
      OwnershipControls:
        Rules:
          - ObjectOwnership: ObjectWriter

  S3ImagesBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref S3ImagesBucket
      PolicyDocument:
        Id: S3ImagesBucketPolicy
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Action: s3:GetObject
            Principal: "*"
            Resource: !Sub "arn:aws:s3:::${S3ImagesBucket}/*"