These scripts are intended to be general-purpose, for organizations other than Danware to quickly allocate CloudFormation stacks, EC2 instances with cfn-init
actions, database hosts with SQL schemas, etc.
To check the output of cloud-init
user data scripts, view /var/log/cloud-init-output.log
once the instance has started and passed all status checks. Initiation of automatic updates via yum-cron
are logged in /var/log/cron
and actual completed updates are logged in /var/log/yum.log
. Initiation of describing an instance's CloudFormation::Init
metadata via cfn-hup
is logged in /var/log/cfn-hup.log
, and the cfn-init
command that parses and executes this metadata is logged in /var/log/cfn-init.log
.
This is the order in which you should create stacks from the various CloudFormation templates in this repository. Stacks must only be created in Regions that support all of the services used by resources in the stack.
Set up services
region-s3-logs
stack so that the bucket containing CloudTrail logs can itself be logged. Must also be created after the KMS key that will be used to encrypt the CloudTrail logs. That key requires special permissions to work correctly, so you can use this key policy as a template, substituting in the appropriate values for ${AWS::AccountId}
and ${AWS::Username}
.region-s3-logs
stack so that the bucket containing Lambda deployment packages can be logged.region-s3-logs
stack so that the bucket containing CloudFront logs can itself be logged.Set up organization directory
region-vpc
stacks created above as a parameter, and must be placed in the same region as one of those stacks.Add utility Lambda functions
region-lambda-bucket
stack so that the organization's bucket for Lambda packages can be referenced.Secure VPCs
region-vpc
stack.region-vpc
stacks. There should be one bastion host in each Availability Zone of the VPCs that you wish to protect.Set up websites/webapps
region-vpc
stacks, and requires an Elastic IP address. The stack also attaches/mounts some Elastic Block Store volumes to the server, and lets the user specify its instance type, thus permitting later upgrades.