diff --git a/08-cloudwatch-logs/8-1-2.yaml b/08-cloudwatch-logs/8-1-2.yaml new file mode 100644 index 00000000..27b2e4cd --- /dev/null +++ b/08-cloudwatch-logs/8-1-2.yaml @@ -0,0 +1,207 @@ +AWSTemplateFormatVersion: "2010-09-09" +Parameters: + UbuntuAMI: + Type: "AWS::SSM::Parameter::Value" + Default: '/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id' + VPCID: + Type: 'AWS::EC2::VPC::Id' + Default: vpc-01985823e6f6c6cd6 + SubnetID: + Type: 'AWS::EC2::Subnet::Id' + Default: subnet-0acbdee505baabb45 +Resources: + LaunchTemplate: + Type: AWS::EC2::LaunchTemplate + Properties: + LaunchTemplateName: EC2LaunchTemplate + LaunchTemplateData: + InstanceType: t3.nano + ImageId: !Ref UbuntuAMI + IamInstanceProfile: + Name: !Ref InstanceProfile + NetworkInterfaces: + - DeviceIndex: 0 + AssociatePublicIpAddress: True + SubnetId: !Ref SubnetID + UserData: + Fn::Base64: !Sub | + #!/bin/bash -xe + /usr/bin/apt-get update -y + /usr/bin/apt-get install -y python3-pip + python3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-2.0-9.tar.gz + /usr/local/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2 --configsets default --region ${AWS::Region} + /usr/local/bin/cfn-signal --exit-code $? --stack ${AWS::StackName} --resource EC2 --region ${AWS::Region} + EC2: + Type: AWS::EC2::Instance + Properties: + LaunchTemplate: + LaunchTemplateId: !Ref LaunchTemplate + Version: "1" + CreationPolicy: + ResourceSignal: + Timeout: PT5M + Count: '1' + Metadata: + AWS::CloudFormation::Init: + configSets: + default: + - install + - config + - launch + install: + sources: + /etc/cloudwatchagent: https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip + commands: + installCloudwatch: + command: ./install.sh + cwd: /etc/cloudwatchagent + config: + files: + /opt/aws/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json: + content: | + { + "agent": { + "metrics_collection_interval": 10, + "logfile": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log" + }, + "metrics": { + "namespace": "AllenNamespace", + "metrics_collected": { + "cpu": { + "resources": [ + "*" + ], + "measurement": [ + {"name": "cpu_usage_idle", "rename": "CPU_USAGE_IDLE", "unit": "Percent"}, + {"name": "cpu_usage_nice", "unit": "Percent"}, + "cpu_usage_guest" + ], + "totalcpu": false, + "metrics_collection_interval": 10 + }, + "disk": { + "resources": [ + "/", + "/tmp" + ], + "measurement": [ + {"name": "free", "rename": "DISK_FREE", "unit": "Gigabytes"}, + "total", + "used" + ], + "ignore_file_system_types": [ + "sysfs", "devtmpfs" + ], + "metrics_collection_interval": 60 + }, + "diskio": { + "resources": [ + "*" + ], + "measurement": [ + "reads", + "writes", + "read_time", + "write_time", + "io_time" + ], + "metrics_collection_interval": 60 + }, + "swap": { + "measurement": [ + "swap_used", + "swap_free", + "swap_used_percent" + ] + }, + "mem": { + "measurement": [ + "mem_used", + "mem_cached", + "mem_total" + ], + "metrics_collection_interval": 1 + }, + "net": { + "resources": [ + "eth0" + ], + "measurement": [ + "bytes_sent", + "bytes_recv", + "drop_in", + "drop_out" + ] + }, + "netstat": { + "measurement": [ + "tcp_established", + "tcp_syn_sent", + "tcp_close" + ], + "metrics_collection_interval": 60 + }, + "processes": { + "measurement": [ + "running", + "sleeping", + "dead" + ] + } + }, + "aggregation_dimensions" : [["ImageId"], ["InstanceId", "InstanceType"], ["d1"],[]], + "force_flush_interval" : 30 + }, + "logs": { + "logs_collected": { + "files": { + "collect_list": [ + { + "file_path": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log", + "log_group_name": "allen.fisher.c9logs", + "log_stream_name": "c9.training", + "timezone": "Local" + }, + { + "file_path": "/opt/aws/amazon-cloudwatch-agent/logs/test.log", + "log_group_name": "allen.fisher.c9logs", + "log_stream_name": "c9.training", + "timezone": "Local" + } + ] + } + }, + "log_stream_name": "c9.training", + "force_flush_interval" : 15 + } + } + launch: + commands: + launchCloudwatch: + command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json -s + InstanceProfile: + Type: AWS::IAM::InstanceProfile + Properties: + Roles: + - !Ref RoleCloudWatch + RoleCloudWatch: + Type: AWS::IAM::Role + Properties: + ManagedPolicyArns: + - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy + - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - + Effect: "Allow" + Principal: + Service: + - "ec2.amazonaws.com" + Action: + - "sts:AssumeRole" + SecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: 'Stelligent-U 08 CloudWatch' + VpcId: !Ref VPCID diff --git a/08-cloudwatch-logs/8-2-1.yaml b/08-cloudwatch-logs/8-2-1.yaml new file mode 100644 index 00000000..f9a2fe45 --- /dev/null +++ b/08-cloudwatch-logs/8-2-1.yaml @@ -0,0 +1,96 @@ +AWSTemplateFormatVersion: "2010-09-09" + +Parameters: + LogGroupName: + Type: String + Default: FidelisOgunsanmiLogGroup + CTrailBucketName: + Type: String + Default: fidelis-mod08-trail-bucket + CTrailName: + Type: String + Default: FidelisMod8Ctrail + +Resources: + LogGroup: + Type: AWS::Logs::LogGroup + Properties: + LogGroupName: !Ref LogGroupName + RetentionInDays: 60 + Tags: + - Key: user + Value: fidelis.ogunsanmi + - Key: "stelligent-u-lesson" + Value: "8" + + TrailS3Bucket: + Type: AWS::S3::Bucket + Properties: + BucketName: !Ref CTrailBucketName + Tags: + - Key: user + Value: fidelis.ogunsanmi + - Key: "stelligent-u-lesson" + Value: "8" + + TrailS3BucketPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Ref TrailS3Bucket + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: + - cloudtrail.amazonaws.com + Action: s3:GetBucketAcl + Resource: !GetAtt TrailS3Bucket.Arn + - Effect: Allow + Principal: + Service: + - cloudtrail.amazonaws.com + Action: s3:PutObject + Resource: !Sub ${TrailS3Bucket.Arn}/* + Condition: + StringEquals: + s3:x-amz-acl: bucket-owner-full-control + + CWatchRole: + Type: "AWS::IAM::Role" + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Sid: "" + Effect: "Allow" + Principal: + Service: "cloudtrail.amazonaws.com" + Action: "sts:AssumeRole" + Policies: + - PolicyName: "fidelis-cloud-watch-logs" + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: "Allow" + Action: + - "logs:CreateLogStream" + - "logs:PutLogEvents" + Resource: "*" + + CTrail: + Type: AWS::CloudTrail::Trail + Properties: + CloudWatchLogsLogGroupArn: !GetAtt LogGroup.Arn + CloudWatchLogsRoleArn: !GetAtt CWatchRole.Arn + IsLogging: true + S3BucketName: !Ref CTrailBucketName + TrailName: !Ref CTrailName + Tags: + - Key: user + Value: fidelis.ogunsanmi + - Key: "stelligent-u-lesson" + Value: "8" + DependsOn: CWatchRole + + \ No newline at end of file diff --git a/08-cloudwatch-logs/8-2-2.yaml b/08-cloudwatch-logs/8-2-2.yaml new file mode 100644 index 00000000..63b77c9d --- /dev/null +++ b/08-cloudwatch-logs/8-2-2.yaml @@ -0,0 +1,13 @@ +AWSTemplateFormatVersion: "2010-09-09" + +Resources: + MyBucket: + Type: AWS::S3::Bucket + Properties: + BucketName: "fidelis-ogunsanmi-stelligent-u" + AccessControl: "BucketOwnerFullControl" + Tags: + - Key: user + Value: fidelis.ogunsanmi + - Key: "stelligent-u-lesson" + Value: "8" \ No newline at end of file diff --git a/08-cloudwatch-logs/8.1.2.yml b/08-cloudwatch-logs/8.1.2.yml deleted file mode 100644 index a29d425f..00000000 --- a/08-cloudwatch-logs/8.1.2.yml +++ /dev/null @@ -1,89 +0,0 @@ -AWSTemplateFormatVersion: "2010-09-09" -Parameters: - UbuntuAMI: - Type: "AWS::SSM::Parameter::Value" - Default: '/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id' - VPCID: - Type: 'AWS::EC2::VPC::Id' - SubnetID: - Type: 'AWS::EC2::Subnet::Id' -Resources: - LaunchTemplate: - Type: AWS::EC2::LaunchTemplate - Properties: - LaunchTemplateName: EC2LaunchTemplate - LaunchTemplateData: - InstanceType: t3.nano - ImageId: !Ref UbuntuAMI - IamInstanceProfile: - Name: !Ref InstanceProfile - NetworkInterfaces: - - DeviceIndex: 0 - AssociatePublicIpAddress: True - SubnetId: !Ref SubnetID - UserData: - Fn::Base64: !Sub | - #!/bin/bash -xe - /usr/bin/apt-get update -y - /usr/bin/apt-get install -y python3-pip - python3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-2.0-9.tar.gz - /usr/local/bin/cfn-init -v --stack ${AWS::StackName} --resource EC2 --configsets default --region ${AWS::Region} - /usr/local/bin/cfn-signal --exit-code $? --stack ${AWS::StackName} --resource EC2 --region ${AWS::Region} - EC2: - Type: AWS::EC2::Instance - Properties: - LaunchTemplate: - LaunchTemplateId: !Ref LaunchTemplate - Version: "1" - CreationPolicy: - ResourceSignal: - Timeout: PT5M - Count: '1' - Metadata: - AWS::CloudFormation::Init: - configSets: - default: - - install - - config - - launch - install: - sources: - /etc/cloudwatchagent: https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip - commands: - installCloudwatch: - command: ./install.sh - cwd: /etc/cloudwatchagent - config: - files: - /opt/aws/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json: - # Add your configuration file here - launch: - commands: - launchCloudwatch: - command: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/amazon-cloudwatch-agent.json -s - InstanceProfile: - Type: AWS::IAM::InstanceProfile - Properties: - Roles: - - !Ref RoleCloudWatch - RoleCloudWatch: - Type: AWS::IAM::Role - Properties: - ManagedPolicyArns: - - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy - - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - - Effect: "Allow" - Principal: - Service: - - "ec2.amazonaws.com" - Action: - - "sts:AssumeRole" - SecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: 'Stelligent-U 08 CloudWatch' - VpcId: !Ref VPCID diff --git a/08-cloudwatch-logs/exec.sh b/08-cloudwatch-logs/exec.sh new file mode 100755 index 00000000..320d1c53 --- /dev/null +++ b/08-cloudwatch-logs/exec.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +PROFILE="labmfa" +LOG_GROUP_NAME="fidelis.ogunsanmi.c9logs" +LOG_STREAM_NAME="c9.training" +TEMPLATE="8-2-2.yaml" +STACK_NAME="fidelistestbucket" +REGION="us-east-1" + +# deploy the stack +aws cloudformation deploy --template-file $TEMPLATE \ + --stack-name $STACK_NAME --profile $PROFILE \ + --capabilities CAPABILITY_NAMED_IAM \ + --region $REGION + +# create log group +# aws logs create-log-group --log-group-name $LOG_GROUP_NAME \ +# --profile $PROFILE \ +# --region $REGION + +# create log stream +# aws logs create-log-stream --log-group-name $LOG_GROUP_NAME \ +# --log-stream-name $LOG_STREAM_NAME \ +# --profile $PROFILE \ +# --region $REGION + +# set retention policy +# aws logs put-retention-policy --log-group-name $LOG_GROUP_NAME \ +# --retention-in-days 60 \ +# --profile $PROFILE \ +# --region $REGION + +# delete log stream +# aws logs delete-log-stream --log-group-name $LOG_GROUP_NAME \ +# --log-stream-name $LOG_STREAM_NAME \ +# --profile $PROFILE \ +# --region $REGION + +# # delete log group +# aws logs delete-log-group --log-group-name $LOG_GROUP_NAME \ +# --profile $PROFILE \ +# --region $REGION + + + \ No newline at end of file