practica sistemas seguros AWS

2025-07-09 21:31:08 +02:00
parent f873c00e4f
commit a1e649cbf7
2 changed files with 218 additions and 0 deletions
--- a/Seguros/template.yaml
+++ b/Seguros/template.yaml
@ -0,0 +1,183 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Practica AWS - Despliegue de infraestructura resiliente con autoescalado
+
+Parameters:
+  KeyName:
+    Description: Par de claves EC2 a usar
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: Debe ser un par de claves ya existente en esta región.
+
+Resources:
+  # VPC
+  VpcPractica:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: 10.0.0.0/16
+      EnableDnsSupport: true
+      EnableDnsHostnames: true
+      Tags:
+        - Key: Name
+          Value: vpc-tarea
+
+  # Internet Gateway
+  InternetGatewayPractica:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: Name
+          Value: igw-tarea
+
+  # Attach IGW to VPC
+  AttachGateway:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId: !Ref VpcPractica
+      InternetGatewayId: !Ref InternetGatewayPractica
+
+  # Subnet pública en AZ 1
+  PublicSubnet1:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref VpcPractica
+      CidrBlock: 10.0.0.0/25
+      MapPublicIpOnLaunch: true
+      AvailabilityZone: !Select [0, !GetAZs ""]
+      Tags:
+        - Key: Name
+          Value: public-subnet1-tarea
+
+  # Subnet pública en AZ 2
+  PublicSubnet2:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref VpcPractica
+      CidrBlock: 10.0.0.128/25
+      MapPublicIpOnLaunch: true
+      AvailabilityZone: !Select [1, !GetAZs ""]
+      Tags:
+        - Key: Name
+          Value: public-subnet2-tarea
+
+  # Tabla de rutas
+  RouteTablePractica:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId: !Ref VpcPractica
+      Tags:
+        - Key: Name
+          Value: rtb-tarea
+
+  # Ruta por defecto a internet
+  DefaultRoute:
+    Type: AWS::EC2::Route
+    Properties:
+      RouteTableId: !Ref RouteTablePractica
+      DestinationCidrBlock: 0.0.0.0/0
+      GatewayId: !Ref InternetGatewayPractica
+
+  # Asociar tabla de rutas a Subnet1
+  Subnet1RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref PublicSubnet1
+      RouteTableId: !Ref RouteTablePractica
+
+  # Asociar tabla de rutas a Subnet2
+  Subnet2RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref PublicSubnet2
+      RouteTableId: !Ref RouteTablePractica
+
+  # Grupo de seguridad
+  SecurityGroupPractica:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: sg_tarea
+      GroupDescription: Permitir trafico HTTP y SSH
+      VpcId: !Ref VpcPractica
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: 22
+          ToPort: 22
+          CidrIp: 0.0.0.0/0
+      Tags:
+        - Key: Name
+          Value: sg-tarea
+
+  # Plantilla de lanzamiento (Launch Template)
+  LaunchTemplatePractica:
+    Type: AWS::EC2::LaunchTemplate
+    Properties:
+      LaunchTemplateName: lt-vm_tarea
+      LaunchTemplateData:
+        TagSpecifications:
+          - ResourceType: instance
+            Tags:
+              - Key: Name
+                Value: vm_tarea
+        ImageId: "ami-021d9f8e43481e7da" # Ubuntu Server 22.04 LTS (eu-west-1)
+        InstanceType: t2.micro
+        KeyName: !Ref KeyName
+        NetworkInterfaces:
+          - DeviceIndex: 0
+            AssociatePublicIpAddress: true
+            Groups:
+              - !Ref SecurityGroupPractica
+        UserData:
+          Fn::Base64: |
+            #!/bin/bash
+            sudo apt update -y
+            sudo apt install -y apache2
+            sudo systemctl start apache2
+            sudo systemctl enable apache2
+            INSTANCE_IP=$(curl -s http://ifconfig.me)
+            INSTANCE_DNS=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
+            echo "<html><body><h1>vm_tarea</h1><p>DNS: $INSTANCE_DNS</p><p>IP: $INSTANCE_IP</p></body></html>" | sudo tee /var/www/html/index.html > /dev/null
+
+  # Grupo de autoescalado usando ambas subredes
+  AutoScalingGroupPractica:
+    Type: AWS::AutoScaling::AutoScalingGroup
+    Properties:
+      LaunchTemplate:
+        LaunchTemplateId: !Ref LaunchTemplatePractica
+        Version: !GetAtt LaunchTemplatePractica.LatestVersionNumber
+      MinSize: 2
+      MaxSize: 2
+      DesiredCapacity: 2
+      VPCZoneIdentifier:
+        - !Ref PublicSubnet1
+        - !Ref PublicSubnet2
+      Tags:
+        - Key: Name
+          Value: vm_tarea
+          PropagateAtLaunch: true
+
+Outputs:
+  VpcId:
+    Description: ID de la VPC creada
+    Value: !Ref VpcPractica
+
+  PublicSubnet1Id:
+    Description: ID de la subred pública 1
+    Value: !Ref PublicSubnet1
+
+  PublicSubnet2Id:
+    Description: ID de la subred pública 2
+    Value: !Ref PublicSubnet2
+
+  AutoScalingGroupName:
+    Description: Nombre del grupo de autoescalado
+    Value: !Ref AutoScalingGroupPractica
+
+  SecurityGroupId:
+    Description: ID del grupo de seguridad creado
+    Value: !Ref SecurityGroupPractica
+
+  LaunchTemplateId:
+    Description: ID de la plantilla de lanzamiento
+    Value: !Ref LaunchTemplatePractica