forked from isucon/isucon13
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cf_pprotein.yaml
160 lines (155 loc) · 5.99 KB
/
cf_pprotein.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS CloudFormation for ISUCON13 pprotein
Parameters:
VpcId:
Description: "AWS EC2 VPC ID"
Type: AWS::EC2::VPC::Id
SubnetId:
Description: "AWS EC2 Subnet ID"
Type: AWS::EC2::Subnet::Id
Resources:
GetAvailabilityZoneFunctionExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: GetAvailabilityZoneFunctionPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ec2:DescribeAvailabilityZones
Resource: "*"
GetAvailabilityZoneFunction:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: |
import cfnresponse
import boto3
def handler(event, context):
if event['RequestType'] == "Create":
ec2 = boto3.client('ec2')
response = ec2.describe_availability_zones(
ZoneIds = ['apne1-az1']
)
ZoneName = response['AvailabilityZones'][0]['ZoneName']
cfnresponse.send(event, context, cfnresponse.SUCCESS, {"ZoneName" : ZoneName})
elif event['RequestType'] == "Update":
cfnresponse.send(event, context, cfnresponse.SUCCESS, {})
elif event['RequestType'] == "Delete":
cfnresponse.send(event, context, cfnresponse.SUCCESS, {})
Handler: index.handler
Runtime: python3.9
Timeout: 30
Role: !GetAtt GetAvailabilityZoneFunctionExecutionRole.Arn
GetAvailabilityZone:
Type: Custom::PythonLambdaExecution
Properties:
ServiceToken: !GetAtt GetAvailabilityZoneFunction.Arn
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VpcId
GroupDescription: Security Group for ISUCON13 pprotein
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
CidrIp: "0.0.0.0/0"
- IpProtocol: tcp
FromPort: "443"
ToPort: "443"
CidrIp: "0.0.0.0/0"
- IpProtocol: udp
FromPort: "53"
ToPort: "53"
CidrIp: "0.0.0.0/0"
- IpProtocol: -1
CidrIp: "192.168.0.0/24"
- IpProtocol: tcp
FromPort: 9000
ToPort: 9000
CidrIp: 0.0.0.0/0
InstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
Policies:
- PolicyName: IsuconEC2InstancePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ec2:DescribeInstances
- ec2:DescribeVolumes
- ec2:DescribeNetworkInterfaces
- ec2:DescribeSecurityGroups
- ec2:DescribeAvailabilityZones
Resource: "*"
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref InstanceRole
PproteinInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: "ami-006d211cb716fe8a0"
InstanceType: c5.large
SecurityGroupIds:
- !Ref SecurityGroup
SubnetId: !Ref SubnetId
PrivateIpAddress: "192.168.0.15"
IamInstanceProfile: !Ref InstanceProfile
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 40
VolumeType: gp3
Tags:
- Key: Name
Value: isucon13-pprotein
UserData:
Fn::Base64: |
#cloud-config
write_files:
- path: /home/isucon/.ssh/authorized_keys
owner: isucon:isucon
permissions: '0600'
encoding: b64
content: "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx2R0NCSjhnZHRGUWdoK1JqZGJjZVhpV1VCTXBLcUI3UlNDYkJNVXdGb04KCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQ0FRREt4ZkoxbHJaSzZNb0FNekF5UXdhem9GUkZBNmdNazVvQS80djZhbi8yaTlYb2tyczFHVUloejhYeWJSV1FjY0lCQUJmUmxSTUppTkVWN1ZjbzErQnNOV2FUQm9vUW04QVhheHRxTGlhL1JjZndXaGtMc1ZCWWFqRElPaWphclFReThQUTA2R1NDdDdHeTAxcUpPL252VjVGZFdFalc4Smc3OXJPdmhiQUZzeEZFMERtYXE2WFBhd1VNRmNlMFlMb3BoVUJuZnF3TGpLTTJCUG1GVlRQUjhaU0FGMmVYM1J6akVJNU5jSEptUWh4RThKREJPR2lvK1JQeUFMSExML242bHZMMjJqUWFWYmpHLzhnc0xraG5BbEdPSXQ5UFV0U1g0Vlk1ajM3NlJ1NTE1aUw4MUw2cGFrTWlOV21MZzZJUnAySHBid1ZTMXJWbTJDQ21DQ1JYQU5YMkk0cDNGZ2FYbzl5MWd4K09yUHY4Y3VHTCsrVUNQVU5EdWV6K3NiYzY5Ui9PV29ESmpSMkkvTnlQSEtUNDdGanZZMGxTcnEzR3FvWndHRFdPY0FZcmV5VXFRVHhpWXJKbHJEUTlKWWkrKzhzcE5XS09iek96SE9RNE5vVzVhQWtMRFRxSlMwYUtiUkpDYm9sUktxSzNaaEQvdWtkT0dQYmtLeEtmc0JmamQ1YWU0eElSUUdBRGZ6ZEovcWFpZFN1V3NNMEEyMDZJMUpxY1lHK3VwSkRMRS9vMDZJNTVvN2czUFZrZkRZR0cwWmlNYzhmTk5oN3NtcEJZUFcxZ2syZjQ4b3VqT2RaeVdrck1VaDhSQUNlT2lJZ2FsVzh0ZkRpWGxnQlBSODR6YU0rRit4dG1Cc0NESzc2M0tlMHdJb2JuZ3UvZmUyQmVSUkd3YkQ5TERRPT0Kc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUgwNFhpbG42ZTdLN1I1YnRMUDlWS3kxQVQ4SVVEU1p1V1B3L3NUZnd0aEUKCnNzaC1lZDI1NTE5IEFBQUFDM056YUMxbFpESTFOVEU1QUFBQUlFdFk1ZlZaNk91bWZqSU14ZHBIRHNLZWdYYWJRSCtFdjVPWHhGWTVaeGkrCg=="
- path: /opt/isucon-env-checker/portal_credentials.json
owner: root:root
permissions: '0644'
encoding: b64
content: "eyJkZXYiOiBmYWxzZSwgInRva2VuIjogInVhMERDRldhVjRZRE5sKkx2aSRwVV5SQSNabEVrcXB4czhTbjdROE5qREtlXmokNjNYT2t2dGdiZUBPTmNCdUoiLCAiaG9zdCI6ICJwb3J0YWwuaXN1Y29uLm5ldCJ9"
PproteinInstanceIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref PproteinInstance