updated userData script for ec2 deploy

2025-03-28 15:29:21 +00:00 · 2023-03-13 23:52:13 -07:00
parent 4d1462624b
commit 14e3f62b95
1 changed files with 134 additions and 15 deletions
--- a/self-host/aws/ec2-cloudformation
+++ b/self-host/aws/ec2-cloudformation
@ -1,41 +1,114 @@
-AWSTemplateFormatVersion: "2010-09-09"
-Description: CloudFormation template to deploy Infisical on a EC2 instance
-
+AWSTemplateFormatVersion: 2010-09-09
+Description: >-
+  CloudFormation template to deploy Infisical on a EC2 instance with a
+  DocumentDB instance
 Parameters:
  KeyPairName:
    Description: The name of the EC2 Key Pair to enable SSH access to the instance
-    Type: AWS::EC2::KeyPair::KeyName
+    Type: "AWS::EC2::KeyPair::KeyName"
  VpcId:
    Description: The ID of the VPC in which to launch the instance
-    Type: AWS::EC2::VPC::Id
-
+    Type: "AWS::EC2::VPC::Id"
+  DocumentDBUsername:
+    Description: The username for the DocumentDB instance
+    Type: String
+    MinLength: 5
+  DocumentDBPassword:
+    Description: The password for the DocumentDB instance (minimum 8 characters)
+    Type: String
+    MinLength: 8
+    NoEcho: true
 Resources:
+  DocumentDBCluster:
+    Type: "AWS::DocDB::DBCluster"
+    Properties:
+      EngineVersion: 4.0.0
+      StorageEncrypted: true
+      MasterUsername: !Ref DocumentDBUsername
+      MasterUserPassword: !Ref DocumentDBPassword
+      VpcSecurityGroupIds:
+        - !Ref DocumentDBClusterSecurityGroup
+      DBClusterParameterGroupName: !Ref DBClusterParameterGroup
+    Metadata:
+      "AWS::CloudFormation::Designer":
+        id: 73b974cf-eed3-4f7d-8657-6a6746bac169
+    DependsOn:
+      - DBClusterParameterGroup
+  DBClusterParameterGroup:
+    Type: "AWS::DocDB::DBClusterParameterGroup"
+    Properties:
+      Description: "description"
+      Family: "docdb4.0"
+      Parameters:
+        tls: "disabled"
+        ttl_monitor: "disabled"
+      Tags:
+        - Key: "String"
+          Value: "String"
+  DocumentDBInstance:
+    Type: "AWS::DocDB::DBInstance"
+    Properties:
+      DBInstanceClass: db.t4g.medium
+      DBClusterIdentifier: !Ref DocumentDBCluster
+    Metadata:
+      "AWS::CloudFormation::Designer":
+        id: f04cee38-175e-4432-9ad7-62ca28bbf935
+  DocumentDBClusterSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: Allow inbound traffic for DocumentDB cluster
+      VpcId: !Ref VpcId
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 27017
+          ToPort: 27017
+          SourceSecurityGroupId: !Ref InstanceSecurityGroup
  EC2Instance:
    Type: "AWS::EC2::Instance"
    Properties:
-      ImageId: ami-0c94855ba95c71c99
-      InstanceType: t2.micro
+      ImageId: ami-0557a15b87f6559cf
+      InstanceType: t2.medium
      KeyName: !Ref KeyPairName
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
-          sudo yum update -y
-          sudo amazon-linux-extras install docker -y
-          sudo service docker start
-          sudo usermod -a -G docker ec2-user
-          sudo chkconfig docker on
-          sudo yum install -y git
+          cd /home/ubuntu
+          curl -fsSL https://get.docker.com -o get-docker.sh
+          sh get-docker.sh
          sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
          sudo chmod +x /usr/local/bin/docker-compose
          git clone https://github.com/Infisical/infisical.git
          cd infisical
-          mv .env.example .env
+
+          DOCUMENT_DB_CONNECTION_URL="mongodb://${DocumentDBUsername}:${DocumentDBPassword}@${DocumentDBCluster.Endpoint}:${DocumentDBCluster.Port}/infisical?replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false"
+
+          ENCRYPTION_KEY=$(openssl rand -hex 16)
+          JWT_SIGNUP_SECRET=$(openssl rand -hex 16)
+          JWT_REFRESH_SECRET=$(openssl rand -hex 16)
+          JWT_AUTH_SECRET=$(openssl rand -hex 16)
+          JWT_SERVICE_SECRET=$(openssl rand -hex 16)
+
+          touch .env 
+
+          echo "ENCRYPTION_KEY=${!ENCRYPTION_KEY}" >> .env
+          echo "JWT_SIGNUP_SECRET=${!JWT_SIGNUP_SECRET}" >> .env
+          echo "JWT_REFRESH_SECRET=${!JWT_REFRESH_SECRET}" >> .env
+          echo "JWT_AUTH_SECRET=${!JWT_AUTH_SECRET}" >> .env
+          echo "JWT_SERVICE_SECRET=${!JWT_SERVICE_SECRET}" >> .env
+          echo "MONGO_URL=${!DOCUMENT_DB_CONNECTION_URL}" >> .env
+
          docker-compose up -d
+
      SecurityGroupIds:
        - !Ref InstanceSecurityGroup
      Tags:
        - Key: Name
          Value: infisical
+    Metadata:
+      "AWS::CloudFormation::Designer":
+        id: 2c0a771c-5002-4785-9848-0377e33cd0e9
+    DependsOn:
+      - DocumentDBInstance

  InstanceSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
@ -51,7 +124,53 @@ Resources:
          ToPort: 80
          CidrIp: 0.0.0.0/0
      VpcId: !Ref VpcId
+    Metadata:
+      "AWS::CloudFormation::Designer":
+        id: 1fd6856a-11e5-4369-84fa-d18d4011b3de

 Outputs:
  InstanceIP:
    Value: !GetAtt EC2Instance.PublicIp
+Metadata:
+  "AWS::CloudFormation::Designer":
+    1fd6856a-11e5-4369-84fa-d18d4011b3de:
+      size:
+        width: 60
+        height: 60
+      position:
+        x: 60
+        "y": 90
+      z: 1
+      embeds: []
+    2c0a771c-5002-4785-9848-0377e33cd0e9:
+      size:
+        width: 60
+        height: 60
+      position:
+        x: 180
+        "y": 90
+      z: 1
+      embeds: []
+      isassociatedwith:
+        - 1fd6856a-11e5-4369-84fa-d18d4011b3de
+      dependson:
+        - 2cabaada-fbdb-4945-bf95-a0406704dd5a
+        - f04cee38-175e-4432-9ad7-62ca28bbf935
+    73b974cf-eed3-4f7d-8657-6a6746bac169:
+      size:
+        width: 60
+        height: 60
+      position:
+        x: 390
+        "y": 210
+      z: 1
+      embeds: []
+    f04cee38-175e-4432-9ad7-62ca28bbf935:
+      size:
+        width: 60
+        height: 60
+      position:
+        x: 270
+        "y": 90
+      z: 1
+      embeds: []