From 9c55e7abc74661b9775e7df1d1d92c11b0509f66 Mon Sep 17 00:00:00 2001 From: Andrew Gargan Date: Thu, 27 Oct 2022 10:01:46 -0700 Subject: [PATCH] Final changes for blog assets --- .../templates/eks-cluster-prework.template.yaml | 15 ++++++++++----- .../templates/prework.template.yaml | 7 ++++--- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml b/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml index a27fdef..4bde7c8 100644 --- a/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml +++ b/blog-assets/eks-cluster-prework/templates/eks-cluster-prework.template.yaml @@ -4,13 +4,18 @@ Parameters: AccessCIDR: Default: 0.0.0.0/0 Type: String + KeyPairName: + Description: Name of an existing key pair, which allows you to securely connect to your bastion instance after it launches. + Leave empty to proceed without a key pair. You would need to use AWS Systems Manager Session Manager to connect to the provisioned EC2 instances. + Type: String + Default: "" JobName: Type: String Default: 'example-job' AvailabilityZones: Description: List of Availability Zones to use for the subnets in the VPC. Three Availability Zones are used for this deployment. - Type: List AvailabilityZones: + Type: List NumberOfAZs: Type: String AllowedValues: ["2", "3"] @@ -28,22 +33,22 @@ Resources: Properties: TemplateURL: 'https://aws-quickstart.s3.amazonaws.com/quickstart-amazon-eks/templates/amazon-eks-entrypoint-new-vpc.template.yaml' Parameters: - # QuickStart properties - QSS3BucketName: aws-quickstart - QSS3KeyPrefix: quickstart-amazon-eks/ # Cluster properties ProvisionBastionHost: Enabled + KeyPairName: !Ref KeyPairName RemoteAccessCIDR: !Ref AccessCIDR AvailabilityZones: !Join [ ',', !Ref 'AvailabilityZones' ] + NumberOfAZs: !Ref NumberOfAZs NodeInstanceType: t3.large NumberOfNodes: 1 MaxNumberOfNodes: 1 PreworkStack: + DependsOn: EKSStack Type: AWS::CloudFormation::Stack Properties: TemplateURL: 'https://aws-quickstart.s3.amazonaws.com/quickstart-examples/blog-assets/eks-cluster-prework/templates/prework.template.yaml' Parameters: - ClusterName: !Sub "EKSStack.Outputs.EKSClusterName" + ClusterName: !GetAtt "EKSStack.Outputs.EKSClusterName" PreworkScriptBucket: !Ref PreworkScriptBucket PreworkScriptObject: !Ref PreworkScriptObject JobName: !Ref JobName diff --git a/blog-assets/eks-cluster-prework/templates/prework.template.yaml b/blog-assets/eks-cluster-prework/templates/prework.template.yaml index 5aa919f..570a73d 100644 --- a/blog-assets/eks-cluster-prework/templates/prework.template.yaml +++ b/blog-assets/eks-cluster-prework/templates/prework.template.yaml @@ -8,7 +8,7 @@ Parameters: Default: aws-quickstart PreworkScriptObject: Type: String - Default: "quickstart-examples/samples/eks-cluster-prework/scripts/pw-script.sh" + Default: "quickstart-examples/blog-assets/eks-cluster-prework/scripts/pw-script.sh" JobName: Type: String Default: example-job @@ -32,12 +32,12 @@ Resources: { "Effect": "Allow", "Principal": { - "Federated": "arn:aws:iam::${AWS::AccountId}:oidc-provider/${GetOIDCProvider}" + "Federated": "arn:aws:iam::${AWS::AccountId}:oidc-provider/${OIDCProvider}" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { - "${GetOIDCProvider}:sub": "system:serviceaccount:${NameSpace}:${ResourceName}" + "${OIDCProvider}:sub": "system:serviceaccount:${NameSpace}:${ResourceName}" } } } @@ -169,6 +169,7 @@ Resources: sleep 15; export AWS_REGION=${AWS::Region}; export NS=${NameSpace}; + yum install -y aws-cli; aws sts get-caller-identity; aws s3 cp ${!S3_SCRIPT_URL} ./prework-script.sh && chmod +x ./prework-script.sh &&