calvin.house/Projects
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding zed-lake project

Browse Source
This commit is contained in:
Calvin L House, Jr
2025-10-13 20:30:00 +00:00
parent e9467a170e
commit 1891145e03
5 changed files with 721 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
zed-lake/zed-iac/cloudformation/zed_stack.yaml Normal file
View File

@@ -0,0 +1,259 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CloudFormation stack for deploying a Zed Lake.'
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: 'Networking Configuration'
Parameters:
- VpcCidr
- SubnetCidr
- Label:
default: 'EC2 Configuration'
Parameters:
- InstanceType
- AmiId
- Label:
default: 'User Data'
Parameters:
- CloudConfig
- Label:
default: 'Unique Suffix'
Parameters:
- UniqueSuffix
Parameters:
VpcCidr:
Type: String
Default: 10.0.0.0/16
Description: CIDR block for the VPC.
SubnetCidr:
Type: String
Default: 10.0.1.0/24
Description: CIDR block for the subnet.
InstanceType:
Type: String
Default: t3.small
Description: EC2 instance type.
AmiId:
Type: AWS::EC2::Image::Id
Description: The ID of the AMI to use for the EC2 instance (e.g., latest Amazon Linux 2 or Ubuntu).
CloudConfig:
Type: String
Description: Base64-encoded cloud-config script for EC2 user data, which will handle SSH key injection.
UniqueSuffix:
Type: String
Description: User supplied unique alphanumeric suffix for resource uniqueness.
Resources:
# Networking
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: use_case
Value: zed_lake
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: use_case
Value: zed_lake
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref SubnetCidr
MapPublicIpOnLaunch: 'true'
AvailabilityZone: !Select [ 0, !GetAZs ]
Tags:
- Key: use_case
Value: zed_lake
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: use_case
Value: zed_lake
RouteToInternet:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref RouteTable
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: Enable SSH (22) and Zed Lake (9867) access from my IP.
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: x.x.x.x/32
Description: SSH from my IP
- IpProtocol: tcp
FromPort: 9867
ToPort: 9867
CidrIp: x.x.x.x/32
Description: Zed Lake access from my IP
Tags:
- Key: use_case
Value: zed_lake
# S3 Bucket Creation
ZedLakeBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub 'zed-lake-${UniqueSuffix}'
VersioningConfiguration:
Status: Enabled
Tags:
- Key: use_case
Value: zed_lake
# Identity creation
ZedLakeInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref ZedLakeEC2Role
ZedLakeEC2Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: /
Policies:
- PolicyName: !Sub 'zed-lake-access-${UniqueSuffix}'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:GetObject
- s3:ListBucket
- s3:GetBucketLocation
Resource:
- !GetAtt ZedLakeBucket.Arn
- !Sub '${ZedLakeBucket.Arn}/*'
- Effect: Allow
Action:
- s3:ListAllMyBuckets
Resource: '*'
ZedLakeUploader:
Type: AWS::IAM::User
Properties:
UserName: !Sub 'zed-lake-uploader-${UniqueSuffix}'
Tags:
- Key: use_case
Value: zed_lake
ZedLakeUploaderPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Sub 'zed-lake-uploader-${UniqueSuffix}'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:ListBucket
- s3:DeleteObject
Resource:
- !GetAtt ZedLakeBucket.Arn
- !Sub '${ZedLakeBucket.Arn}/*'
Users:
- !Ref ZedLakeUploader
ZedLakeUploaderAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref ZedLakeUploader
Status: Active
ZedLakeUploaderCreds:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Sub '/zed-lake/zed-lake-uploader-${UniqueSuffix}'
Description: Credentials for the S3 Uploader IAM User.
SecretString: !Sub |
{
"ACCESS_KEY": "${ZedLakeUploaderAccessKey}",
"SECRET_KEY": "${ZedLakeUploaderAccessKey.SecretAccessKey}"
}
# EC2 Creation
EC2Instance:
Type: AWS::EC2::Instance
DependsOn:
- AttachGateway
Properties:
ImageId: !Ref AmiId
InstanceType: !Ref InstanceType
SubnetId: !Ref PublicSubnet
SecurityGroupIds:
- !Ref EC2SecurityGroup
IamInstanceProfile: !Ref ZedLakeInstanceProfile
UserData: !Ref CloudConfig
Tags:
- Key: use_case
Value: zed_lake
Outputs:
VPCId:
Description: The ID of the newly created VPC
Value: !Ref VPC
PublicSubnetId:
Description: The ID of the public subnet
Value: !Ref PublicSubnet
EC2PublicIP:
Description: Public IP address of the EC2 instance
Value: !GetAtt EC2Instance.PublicIp
ZedLakeBucket:
Description: S3 bucket for data upload
Value: !Ref ZedLakeBucket
ZedLakeUploader:
Description: Zed Lake IAM user to upload to the Zed Lake bucket
Value: !Ref ZedLakeUploader
ZedLakeUploaderCreds:
Description: Secret ARN for ZedLakeUpload identity.
Value: !Ref ZedLakeUploaderCreds