vscode_ec2_python/ec2vscode_python.yaml at main · kwangwl/vscode_ec2_python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
AWSTemplateFormatVersion: '2010-09-09'
Description: VsCode on EC2 with Amazon Linux 2023 & Python 3.9

Parameters:
  Region:
    Description: "The AWS region where the resources will be deployed."
    Type: String
    Default: "ap-northeast-2"

  VpcCidrBlock:
    Description: "The CIDR block for the VPC"
    Type: String
    Default: "172.30.0.0/16"

  PublicSubnetCidrBlock:
    Description: "The CIDR block for the public subnet"
    Type: String
    Default: "172.30.1.0/24"

  InstanceType:
    Description: "EC2 instance type for the server"
    Type: String
    Default: "t3.xlarge"

  AMIType:
    Description: "Select the Amazon Linux version for the EC2 instance"
    Type: String
    Default: "AmazonLinux2023"

  AmazonLinux2023AmiId:
    Type: "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>"
    Default: "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"

  GitRepositoryUrl:
    Description: "The URL of the Git repository to clone"
    Type: String
    Default: "https://github.com/kwangwl/amazon-bedrock-workshop.git"

Resources:
  # VPC 생성
  VsCodeVPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: !Ref VpcCidrBlock
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: VsCodeVPC

  # 인터넷 게이트웨이 생성
  InternetGateway:
    Type: 'AWS::EC2::InternetGateway'
    Properties:
      Tags:
        - Key: Name
          Value: VsCodeInternetGateway

  # VPC와 인터넷 게이트웨이 연결
  AttachGateway:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      VpcId: !Ref VsCodeVPC
      InternetGatewayId: !Ref InternetGateway

  # 퍼블릭 서브넷 생성
  PublicSubnet:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref VsCodeVPC
      CidrBlock: !Ref PublicSubnetCidrBlock
      MapPublicIpOnLaunch: true
      AvailabilityZone: !Select
        - 0
        - !GetAZs
          Ref: 'AWS::Region'
      Tags:
        - Key: Name
          Value: VsCodePublicSubnet

  # 라우트 테이블 생성
  RouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VsCodeVPC
      Tags:
        - Key: Name
          Value: VsCodeRouteTable

  # 퍼블릭 서브넷에 라우트 테이블 연결
  RouteTableAssociation:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref RouteTable

  # 인터넷으로의 기본 라우트 설정
  DefaultRoute:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref RouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  # 보안 그룹 생성 (별도로 User IP 만 열리도록 수정)
  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupName: MyCustomSecurityGroup
      GroupDescription: Enable 8080 and 8080 port
      VpcId: !Ref VsCodeVPC
      # SecurityGroupIngress:

  # IAM Role 생성
  VsCodeInstanceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action: "sts:AssumeRole"
      # 주의: AdministratorAccess 정책은 전체 AWS 계정에 대한 거의 모든 작업을 허용합니다. 보안 및 비용 관리 측면에서 주의가 필요합니다.
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/AdministratorAccess"
      Path: "/"

  # IAM Profile 생성
  VsCodeProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      Path: "/"
      Roles:
        - Ref: VsCodeInstanceRole

  # EC2 인스턴스 생성 (VSCode)
  EC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      IamInstanceProfile: !Ref VsCodeProfile
      InstanceType: t3.xlarge
      ImageId: !Ref AmazonLinux2023AmiId
      NetworkInterfaces:
        - AssociatePublicIpAddress: true
          SubnetId: !Ref PublicSubnet
          DeviceIndex: 0
          GroupSet:
            - !Ref InstanceSecurityGroup
      BlockDeviceMappings:
        - DeviceName: /dev/xvda
          Ebs:
            VolumeSize: 20  # 20GB
            VolumeType: gp3
      UserData:
        'Fn::Base64': !Sub |
          #!/bin/bash
          # AWS CLI 최신 버전 설치
          curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
          unzip awscliv2.zip
          sudo ./aws/install
          # 개발 도구 및 기타 필수 패키지 설치
          yum update -y || dnf update -y
          yum install -y git || dnf install -y git
          yum groupinstall -y "Development Tools" || dnf groupinstall -y "Development Tools"
          # python 3.9 설치
          yum install -y python3.9 || dnf install -y python3.9
          yum install -y python3-pip || dnf yum install -y python3-pip
          ln -s /usr/bin/python3.9 /usr/bin/python
          # VS Code Server 설치
          wget https://github.com/coder/code-server/releases/download/v4.96.2/code-server-4.96.2-linux-amd64.tar.gz
          tar -xzf code-server-4.96.2-linux-amd64.tar.gz
          mv code-server-4.96.2-linux-amd64 /usr/local/lib/code-server
          ln -s /usr/local/lib/code-server/bin/code-server /usr/local/bin/code-server
          # git clone & requirements.txt 설치
          git clone ${GitRepositoryUrl} /home/ec2-user/workshop
          if [ -f /home/ec2-user/workshop/requirements.txt ]; then
            sudo -u ec2-user pip3 install -r /home/ec2-user/workshop/requirements.txt
          fi
          # AWS CLI 설정
          mkdir -p /home/ec2-user/.aws
          cat <<EOF > /home/ec2-user/.aws/config
          [default]
          region = ${Region}
          EOF
          # VS Code Server 설정
          mkdir -p /home/ec2-user/.config/code-server
          cat <<EOF > /home/ec2-user/.config/code-server/config.yaml
          bind-addr: 0.0.0.0:8000
          auth: none
          cert: false
          EOF
          # 권한 부여
          chown -R ec2-user:ec2-user /home/ec2-user/.config /home/ec2-user/workshop
          # VS Code Server 서비스 구성
          cat <<EOF > /etc/systemd/system/code-server.service
          [Unit]
          Description=VS Code Server
          After=network.target
          [Service]
          Type=simple
          User=ec2-user
          ExecStart=/usr/local/bin/code-server --config /home/ec2-user/.config/code-server/config.yaml /home/ec2-user/workshop
          Restart=always
          [Install]
          WantedBy=multi-user.target
          EOF
          systemctl daemon-reload
          systemctl enable code-server
          systemctl start code-server
      Tags:
        - Key: Name
          Value: EC2VSCodeServer

Outputs:
  EC2InstancePublicIP:
    Description: "Public IP address of the VS Code Server EC2 instance"
    Value: !Sub "http://${EC2Instance.PublicIp}:8000"