CursoCiberseguridad/Sistemas Seguros/template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: Practica AWS - Despliegue de infraestructura resiliente con autoescalado

Parameters:
  KeyName:
    Description: Par de claves EC2 a usar
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: Debe ser un par de claves ya existente en esta región.

Resources:
  # VPC
  VpcPractica:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: vpc-tarea

  # Internet Gateway
  InternetGatewayPractica:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: igw-tarea

  # Attach IGW to VPC
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VpcPractica
      InternetGatewayId: !Ref InternetGatewayPractica

  # Subnet pública en AZ 1
  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VpcPractica
      CidrBlock: 10.0.0.0/25
      MapPublicIpOnLaunch: true
      AvailabilityZone: !Select [0, !GetAZs ""]
      Tags:
        - Key: Name
          Value: public-subnet1-tarea

  # Subnet pública en AZ 2
  PublicSubnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VpcPractica
      CidrBlock: 10.0.0.128/25
      MapPublicIpOnLaunch: true
      AvailabilityZone: !Select [1, !GetAZs ""]
      Tags:
        - Key: Name
          Value: public-subnet2-tarea

  # Tabla de rutas
  RouteTablePractica:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VpcPractica
      Tags:
        - Key: Name
          Value: rtb-tarea

  # Ruta por defecto a internet
  DefaultRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTablePractica
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGatewayPractica

  # Asociar tabla de rutas a Subnet1
  Subnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref RouteTablePractica

  # Asociar tabla de rutas a Subnet2
  Subnet2RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet2
      RouteTableId: !Ref RouteTablePractica

  # Grupo de seguridad
  SecurityGroupPractica:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: sg_tarea
      GroupDescription: Permitir trafico HTTP y SSH
      VpcId: !Ref VpcPractica
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      Tags:
        - Key: Name
          Value: sg-tarea

  # Plantilla de lanzamiento (Launch Template)
  LaunchTemplatePractica:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: lt-vm_tarea
      LaunchTemplateData:
        TagSpecifications:
          - ResourceType: instance
            Tags:
              - Key: Name
                Value: vm_tarea
        ImageId: "ami-021d9f8e43481e7da" # Ubuntu Server 22.04 LTS (eu-west-1)
        InstanceType: t2.micro
        KeyName: !Ref KeyName
        NetworkInterfaces:
          - DeviceIndex: 0
            AssociatePublicIpAddress: true
            Groups:
              - !Ref SecurityGroupPractica
        UserData:
          Fn::Base64: |
            #!/bin/bash
            sudo apt update -y
            sudo apt install -y apache2
            sudo systemctl start apache2
            sudo systemctl enable apache2
            INSTANCE_IP=$(curl -s http://ifconfig.me)
            INSTANCE_DNS=$(curl -s http://169.254.169.254/latest/meta-data/public-hostname)
            echo "<html><body><h1>vm_tarea</h1><p>DNS: $INSTANCE_DNS</p><p>IP: $INSTANCE_IP</p></body></html>" | sudo tee /var/www/html/index.html > /dev/null

  # Grupo de autoescalado usando ambas subredes
  AutoScalingGroupPractica:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      LaunchTemplate:
        LaunchTemplateId: !Ref LaunchTemplatePractica
        Version: !GetAtt LaunchTemplatePractica.LatestVersionNumber
      MinSize: 2
      MaxSize: 2
      DesiredCapacity: 2
      VPCZoneIdentifier:
        - !Ref PublicSubnet1
        - !Ref PublicSubnet2
      Tags:
        - Key: Name
          Value: vm_tarea
          PropagateAtLaunch: true

Outputs:
  VpcId:
    Description: ID de la VPC creada
    Value: !Ref VpcPractica

  PublicSubnet1Id:
    Description: ID de la subred pública 1
    Value: !Ref PublicSubnet1

  PublicSubnet2Id:
    Description: ID de la subred pública 2
    Value: !Ref PublicSubnet2

  AutoScalingGroupName:
    Description: Nombre del grupo de autoescalado
    Value: !Ref AutoScalingGroupPractica

  SecurityGroupId:
    Description: ID del grupo de seguridad creado
    Value: !Ref SecurityGroupPractica

  LaunchTemplateId:
    Description: ID de la plantilla de lanzamiento
    Value: !Ref LaunchTemplatePractica