Last active
June 2, 2024 23:54
-
-
Save jeffbrl/b1984d12b4523107cc56756dd9ee46bf to your computer and use it in GitHub Desktop.
Linux Bastion with GUI - CloudFormation template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: 2010-09-09 | |
| Description: >- | |
| AWS CloudFormation template to create a linux bastion host with a GUI that can | |
| be accessed via x2go. | |
| Parameters: | |
| KeyName: | |
| Description: Name of an existing EC2 KeyPair to enable SSH access to the instances | |
| Type: String | |
| VPC: | |
| Description: Name of an existing VPC | |
| Type: AWS::EC2::VPC::Id | |
| Subnet: | |
| Description: Name of an existing subnet in which the instance should be launched | |
| Type: AWS::EC2::Subnet::Id | |
| SourceIpCIDR: | |
| Description: Source IP CIDR block | |
| Type: String | |
| MinLength: '9' | |
| MaxLength: '18' | |
| Default: 0.0.0.0/0 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
| ConstraintDescription: Must use a valid IP CIDR range using slash notation (e.g., x.x.x.x/y) | |
| EnableIPv6: | |
| Description: Enable IPv6 | |
| Type: String | |
| Default: true | |
| Conditions: | |
| isIPv6enabled: !Equals [ !Ref EnableIPv6, EnableIPv6 ] | |
| Mappings: | |
| LinuxRegionMap: | |
| us-east-2: | |
| UbuntuAMI: ami-0d5bf08bc8017c83b | |
| Resources: | |
| SecurityGroup: | |
| Type: 'AWS::EC2::SecurityGroup' | |
| Description: SG to permit TCP Port 22 (ssh, x2go) | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Join [ '-', [ !Ref 'AWS::StackName', 'permit-tcp22' ] ] | |
| GroupName: !Join [ '-', [ !Ref 'AWS::StackName', 'permit-tcp22' ] ] | |
| GroupDescription: Permit port 22 for ssh and x2go | |
| VpcId: !Ref VPC | |
| SecurityGroupIngress: | |
| - IpProtocol: tcp | |
| CidrIp: !Ref SourceIpCIDR | |
| FromPort: 22 | |
| ToPort: 22 | |
| EC2Instance: | |
| Type: 'AWS::EC2::Instance' | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Join [ '-', [ !Ref 'AWS::StackName', 'bastion' ] ] | |
| KeyName: !Ref KeyName | |
| InstanceType: t3.medium | |
| ImageId: !FindInMap [ LinuxRegionMap, !Ref 'AWS::Region', UbuntuAMI ] | |
| NetworkInterfaces: | |
| - Ipv6AddressCount: !If [isIPv6enabled, 1, 0 ] | |
| AssociatePublicIpAddress: true | |
| DeviceIndex: "0" | |
| GroupSet: | |
| - !Ref SecurityGroup | |
| SubnetId: !Ref Subnet | |
| UserData: | |
| Fn::Base64: !Sub | | |
| #!/bin/bash -xe | |
| apt-get update | |
| apt-get install -y xorg lxde-core lxterminal autocutsel chromium-browser | |
| add-apt-repository -y ppa:x2go/stable | |
| apt-get update | |
| apt-get install -y x2goserver x2goserver-xsession x2golxdebindings | |
| Outputs: | |
| PublicDNS: | |
| Description: Public DNS for EC2 instance | |
| Value: !GetAtt EC2Instance.PublicDnsName |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment