build_stack.yml

AWSTemplateFormatVersion: '2010-09-09'
Metadata:
  License: Apache-2.0
Description: >-
  Stack to run a notebook job in EC2.
Parameters:
  InstanceProfile:
    Description: ARN of instance profile for the job.
    Type: String
  ImageTag:
    Description: ECR image for the job.
    Type: String
  S3PayloadBucket:
    Description: S3 bucket to use for job payloads.
    Type: String
  S3PayloadKey:
    Description: S3 key to use for job payloads.
    Type: String
  TimeOut:
    Description: Timeout length for the instance in minutes.
    Type: String
  KeyPair:
    Description: EC2 keypair allowing SSH to job instance.
    Type: String
  InstanceType:
    Description: EC2 instance type
    Type: String
    AllowedValues: [t2.large, c5.xlarge]
    ConstraintDescription: Must be a valid EC2 instance type.
  InboundIP:
    Description: The IP address range that can be used to SSH to the EC2 instances
    Type: String
    MinLength: 9
    MaxLength: 18
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Resources:
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref 'InstanceType'
      SecurityGroups: [!Ref 'InstanceSecurityGroup']
      KeyName: !Ref KeyPair
      ImageId: ami-0bab1e17be043c7e9
      IamInstanceProfile: !Ref InstanceProfile
      Tags:
        -
          Key: "ephemeral"
          Value: "true"
      UserData:
        Fn::Base64: !Sub 
            - |
              #!/bin/bash
              set -e
              echo "aws cloudformation delete-stack --region ${AWS::Region} --stack-name ${AWS::StackName}" > delete_stack.sh
              mv delete_stack.sh /usr/local/bin/delete_stack
              chmod +x /usr/local/bin/delete_stack
              trap delete_stack EXIT
              echo "delete_stack" | at now +${TimeOut} minutes 
              yum update -y
              sudo yum install zip unzip
              amazon-linux-extras install docker
              usermod -a -G docker ec2-user
              service docker start &
              $(aws ecr get-login --no-include-email --region ${AWS::Region})
              mkdir ~/job
              aws s3api get-object --bucket ${S3PayloadBucket} --key ${S3PayloadKey} ~/job/payload.zip
              cd ~/job
              unzip ~/job/payload.zip
              docker build -t ${ImageTag} .
              docker push ${ImageTag}
            - { S3PayloadBucket: !Ref 'S3PayloadBucket', S3PayloadKey: !Ref 'S3PayloadKey', ImageTag: !Ref 'ImageTag' }
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: !Ref 'InboundIP'
      Tags:
        -
          Key: "ephemeral"
          Value: "true"
Outputs:
  PublicIP:
    Description: Public IP address of the newly created EC2 instance
    Value: !GetAtt [EC2Instance, PublicIp]