CustomizationsConfig / AppConfigItem | Ec2FirewallConfig / LaunchTemplateConfig / NetworkInterfaceItemConfig

Configure a launch template for the application.

See

https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestLaunchTemplateData.html

Example

launchTemplate:
name: appA-lt
blockDeviceMappings:
- deviceName: /dev/xvda
ebs:
deleteOnTermination: true
encrypted: true
# this kms key is in security-config.yaml under keyManagementService
kmsKeyId: key1
securityGroups:
# security group is from network-config.yaml under the same vpc
- SharedServices-Main-Rsyslog-sg
# Key pair should exist in that account and region
keyName: keyName
# this instance profile is in iam-config.yaml under roleSets
iamInstanceProfile: EC2-Default-SSM-AD-Role
# Local or public SSM parameter store lookup for Image ID
imageId: ${ACCEL_LOOKUP::ImageId:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}
instanceType: t3.xlarge
# IMDSv2 is enabled by default. Disable it by setting this to false.
enforceImdsv2: true
networkInterfaces:
- deleteOnTermination: true
description: secondary network interface
deviceIndex: 1
groups:
# security group is from network-config.yaml under the same vpc
- SharedServices-Main-Rsyslog-sg
networkCardIndex: 1
# subnet is from network-config.yaml under the same vpc
subnetId: SharedServices-App-A
# this path is relative to the config repository and the content should be in regular text.
# Its encoded in base64 before passing in to launch Template
userData: appConfigs/appA/launchTemplate/userData.sh

Hierarchy

  • LaunchTemplateConfig

Implements

Constructors

Properties

blockDeviceMappings: undefined | BlockDeviceMappingItem[] = undefined
enforceImdsv2: undefined | boolean = undefined

By default, IMDSv2 is enabled. Disable it by setting this to false.

iamInstanceProfile: undefined | string = undefined

Name of the instance profile created by accelerator in iam-config.yaml under roleSets

imageId: string = ''

Valid AMI ID or a reference to ssm parameter store to get AMI ID. If ssm parameter is referenced it should follow the pattern ${ACCEL_LOOKUP::ImageId:/path/to/ssm/parameter/for/ami}

For example to get the latest x86_64 amazon linux 2 ami, the value would be ${ACCEL_LOOKUP::ImageId:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}

instanceType: string = ''

Valid instance type which can be launched in the target account and region.

keyPair: undefined | string = undefined

The name of the key pair. LZA does not create keypair. This should exist in the account/region or else deployment will fail.

name: string = ''
networkInterfaces: undefined | NetworkInterfaceItemConfig[] = undefined

One or more network interfaces. If you specify a network interface, you must specify any security groups and subnets as part of the network interface.

securityGroups: undefined | string[] = undefined

One or more security group names. These should be created under the VPC in network-config.yaml

userData: undefined | string = undefined

Path to user data. The path is relative to the config repository and the content should be in regular text. It is encoded in base64 before passing in to Launch Template

Remarks

If defining user data for an EC2 firewall instance or AutoScaling group, you may use the variable ${ACCEL_LOOKUP::S3:BUCKET:firewall-config} in order to dynamically resolve the name of the S3 bucket where S3 firewall configurations are stored by the accelerator. This bucket is used when the configFile, configDir or licenseFile properties are defined for a firewall.

See

Ec2FirewallAutoScalingGroupConfig | Ec2FirewallInstanceConfig

Generated using TypeDoc