Class LaunchTemplateConfig

CustomizationsConfig / AppConfigItem | Ec2FirewallConfig / LaunchTemplateConfig / NetworkInterfaceItemConfig

Configure a launch template for the application.

See

https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestLaunchTemplateData.html

Example

launchTemplate:
  name: appA-lt
  blockDeviceMappings:
    - deviceName: /dev/xvda
      ebs:
        deleteOnTermination: true
        encrypted: true
        # this kms key is in security-config.yaml under keyManagementService
        kmsKeyId: key1
  securityGroups:
    # security group is from network-config.yaml under the same vpc
    - SharedServices-Main-Rsyslog-sg
  # Key pair should exist in that account and region
  keyName: keyName
  # this instance profile is in iam-config.yaml under roleSets
  iamInstanceProfile: EC2-Default-SSM-AD-Role
  # Local or public SSM parameter store lookup for Image ID
  imageId: ${ACCEL_LOOKUP::ImageId:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}
  instanceType: t3.xlarge
  # IMDSv2 is enabled by default. Disable it by setting this to false.
  enforceImdsv2: true
  networkInterfaces:
    - deleteOnTermination: true
      description: secondary network interface
      deviceIndex: 1
      groups:
        # security group is from network-config.yaml under the same vpc
        - SharedServices-Main-Rsyslog-sg
      networkCardIndex: 1
      # subnet is from network-config.yaml under the same vpc
      subnetId: SharedServices-App-A
  # this path is relative to the config repository and the content should be in regular text.
  # Its encoded in base64 before passing in to launch Template
  userData: appConfigs/appA/launchTemplate/userData.sh

Hierarchy

  • LaunchTemplateConfig

Implements

Constructors

constructor

Properties

blockDeviceMappings enforceImdsv2 iamInstanceProfile imageId instanceType keyPair name networkInterfaces securityGroups userData

Constructors

constructor

Properties

Readonly blockDeviceMappings

blockDeviceMappings: undefined | BlockDeviceMappingItem[] = undefined

Readonly enforceImdsv2

enforceImdsv2: undefined | boolean = undefined

By default, IMDSv2 is enabled. Disable it by setting this to false.

Readonly iamInstanceProfile

iamInstanceProfile: undefined | string = undefined

Name of the instance profile created by accelerator in iam-config.yaml under roleSets

Readonly imageId

imageId: string = ''

Valid AMI ID or a reference to ssm parameter store to get AMI ID. If ssm parameter is referenced it should follow the pattern ${ACCEL_LOOKUP::ImageId:/path/to/ssm/parameter/for/ami}

For example to get the latest x86_64 amazon linux 2 ami, the value would be ${ACCEL_LOOKUP::ImageId:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}

Readonly instanceType

instanceType: string = ''

Valid instance type which can be launched in the target account and region.

Readonly keyPair

keyPair: undefined | string = undefined

The name of the key pair. LZA does not create keypair. This should exist in the account/region or else deployment will fail.

Readonly name

name: string = ''

Readonly networkInterfaces

networkInterfaces: undefined | NetworkInterfaceItemConfig[] = undefined

One or more network interfaces. If you specify a network interface, you must specify any security groups and subnets as part of the network interface.

Readonly securityGroups

securityGroups: undefined | string[] = undefined

One or more security group names. These should be created under the VPC in network-config.yaml

Readonly userData

userData: undefined | string = undefined

Path to user data. The path is relative to the config repository and the content should be in regular text. It is encoded in base64 before passing in to Launch Template

Remarks

If defining user data for an EC2 firewall instance or AutoScaling group, you may use the variable ${ACCEL_LOOKUP::S3:BUCKET:firewall-config} in order to dynamically resolve the name of the S3 bucket where S3 firewall configurations are stored by the accelerator. This bucket is used when the configFile, configDir or licenseFile properties are defined for a firewall.

See

Ec2FirewallAutoScalingGroupConfig | Ec2FirewallInstanceConfig

Settings

Member Visibility

Theme

Generated using TypeDoc