practica sistemas seguros AWS

Sistemas Seguros/jfabra.yaml

@@ -0,0 +1,35 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Crea el usuario IAM jfabra con acceso completo de solo lectura
+
+Parameters:
+  UserPassword:
+    Type: String
+    NoEcho: true
+    Description: Contraseña para el acceso a la consola de AWS del usuario jfabra
+    MinLength: 8
+    MaxLength: 32
+
+Resources:
+  JfabraUser:
+    Type: AWS::IAM::User
+    Properties:
+      UserName: jfabra
+      LoginProfile:
+        Password: !Ref UserPassword
+        PasswordResetRequired: false
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/ReadOnlyAccess
+      Tags:
+        - Key: Owner
+          Value: jfabra
+        - Key: AccessLevel
+          Value: ReadOnly
+
+Outputs:
+  SignInURL:
+    Description: URL para iniciar sesión con el usuario jfabra
+    Value: !Sub "https://${AWS::AccountId}.signin.aws.amazon.com/console"
+
+  UserName:
+    Description: Nombre del usuario creado
+    Value: !Ref JfabraUser

Sistemas Seguros/template.yaml

@@ -0,0 +1,183 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Practica AWS - Despliegue de infraestructura resiliente con autoescalado
+
+Parameters:
+  KeyName:
+    Description: Par de claves EC2 a usar
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: Debe ser un par de claves ya existente en esta región.
+
+Resources:
+  # VPC
+  VpcPractica:
+    Type: AWS::EC2::VPC
+    Properties:
+      CidrBlock: 10.0.0.0/16
+      EnableDnsSupport: true
+      EnableDnsHostnames: true
+      Tags:
+        - Key: Name
+          Value: vpc-tarea
+
+  # Internet Gateway
+  InternetGatewayPractica:
+    Type: AWS::EC2::InternetGateway
+    Properties:
+      Tags:
+        - Key: Name
+          Value: igw-tarea
+
+  # Attach IGW to VPC
+  AttachGateway:
+    Type: AWS::EC2::VPCGatewayAttachment
+    Properties:
+      VpcId: !Ref VpcPractica
+      InternetGatewayId: !Ref InternetGatewayPractica
+
+  # Subnet pública en AZ 1
+  PublicSubnet1:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref VpcPractica
+      CidrBlock: 10.0.0.0/25
+      MapPublicIpOnLaunch: true
+      AvailabilityZone: !Select [0, !GetAZs ""]
+      Tags:
+        - Key: Name
+          Value: public-subnet1-tarea
+
+  # Subnet pública en AZ 2
+  PublicSubnet2:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: !Ref VpcPractica
+      CidrBlock: 10.0.0.128/25
+      MapPublicIpOnLaunch: true
+      AvailabilityZone: !Select [1, !GetAZs ""]
+      Tags:
+        - Key: Name
+          Value: public-subnet2-tarea
+
+  # Tabla de rutas
+  RouteTablePractica:
+    Type: AWS::EC2::RouteTable
+    Properties:
+      VpcId: !Ref VpcPractica
+      Tags:
+        - Key: Name
+          Value: rtb-tarea
+
+  # Ruta por defecto a internet
+  DefaultRoute:
+    Type: AWS::EC2::Route
+    Properties:
+      RouteTableId: !Ref RouteTablePractica
+      DestinationCidrBlock: 0.0.0.0/0
+      GatewayId: !Ref InternetGatewayPractica
+
+  # Asociar tabla de rutas a Subnet1
+  Subnet1RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref PublicSubnet1
+      RouteTableId: !Ref RouteTablePractica
+
+  # Asociar tabla de rutas a Subnet2
+  Subnet2RouteTableAssociation:
+    Type: AWS::EC2::SubnetRouteTableAssociation
+    Properties:
+      SubnetId: !Ref PublicSubnet2
+      RouteTableId: !Ref RouteTablePractica
+
+  # Grupo de seguridad
+  SecurityGroupPractica:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupName: sg_tarea
+      GroupDescription: Permitir trafico HTTP y SSH
+      VpcId: !Ref VpcPractica
+      SecurityGroupIngress:
+        - IpProtocol: tcp
+          FromPort: 80
+          ToPort: 80
+          CidrIp: 0.0.0.0/0
+        - IpProtocol: tcp
+          FromPort: 22
+          ToPort: 22
+          CidrIp: 0.0.0.0/0
+      Tags:
+        - Key: Name
+          Value: sg-tarea
+
+  # Plantilla de lanzamiento (Launch Template)
+  LaunchTemplatePractica:
+    Type: AWS::EC2::LaunchTemplate
+    Properties:
+      LaunchTemplateName: lt-vm_tarea
+      LaunchTemplateData:
+        TagSpecifications:
+          - ResourceType: instance
+            Tags:
+              - Key: Name
+                Value: vm_tarea
+        ImageId: "ami-021d9f8e43481e7da" # Ubuntu Server 22.04 LTS (eu-west-1)
+        InstanceType: t2.micro
+        KeyName: !Ref KeyName
+        NetworkInterfaces:
+          - DeviceIndex: 0
+            AssociatePublicIpAddress: true
+            Groups:
+              - !Ref SecurityGroupPractica
+        UserData:
+          Fn::Base64: |
+            #!/bin/bash
+            sudo apt update -y
+            sudo apt install -y apache2
+            sudo systemctl start apache2
+            sudo systemctl enable apache2
+            INSTANCE_IP=$(curl -s http://ifconfig.me)
+            INSTANCE_DNS=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
+            echo "<html><body><h1>vm_tarea</h1><p>DNS: $INSTANCE_DNS</p><p>IP: $INSTANCE_IP</p></body></html>" | sudo tee /var/www/html/index.html > /dev/null
+
+  # Grupo de autoescalado usando ambas subredes
+  AutoScalingGroupPractica:
+    Type: AWS::AutoScaling::AutoScalingGroup
+    Properties:
+      LaunchTemplate:
+        LaunchTemplateId: !Ref LaunchTemplatePractica
+        Version: !GetAtt LaunchTemplatePractica.LatestVersionNumber
+      MinSize: 2
+      MaxSize: 2
+      DesiredCapacity: 2
+      VPCZoneIdentifier:
+        - !Ref PublicSubnet1
+        - !Ref PublicSubnet2
+      Tags:
+        - Key: Name
+          Value: vm_tarea
+          PropagateAtLaunch: true
+
+Outputs:
+  VpcId:
+    Description: ID de la VPC creada
+    Value: !Ref VpcPractica
+
+  PublicSubnet1Id:
+    Description: ID de la subred pública 1
+    Value: !Ref PublicSubnet1
+
+  PublicSubnet2Id:
+    Description: ID de la subred pública 2
+    Value: !Ref PublicSubnet2
+
+  AutoScalingGroupName:
+    Description: Nombre del grupo de autoescalado
+    Value: !Ref AutoScalingGroupPractica
+
+  SecurityGroupId:
+    Description: ID del grupo de seguridad creado
+    Value: !Ref SecurityGroupPractica
+
+  LaunchTemplateId:
+    Description: ID de la plantilla de lanzamiento
+    Value: !Ref LaunchTemplatePractica