Create launch templates with AWS CloudFormation
This section provides an example for creating an Amazon EC2 launch template using AWS CloudFormation.
Launch templates allow you to create templates for configuring and provisioning Amazon EC2
instances within AWS. With launch templates, you can store launch parameters so that
you do not have to specify them every time you launch an instance. For more examples,
see the Examples section in the AWS::EC2::LaunchTemplate
resource.
For more information about launch templates, see Launch an instance from a launch template.
For information about creating launch templates for use with Auto Scaling groups, see Launch templates in the Amazon EC2 Auto Scaling User Guide.
Snippet categories
Create a launch template that specifies security groups, tags, user data, and an IAM role
This snippet shows an AWS::EC2::LaunchTemplate resource that contains the configuration
information to launch an instance. You specify values for the ImageId
,
InstanceType
, SecurityGroups
, UserData
,
and TagSpecifications
properties. The SecurityGroups
property specifies an existing EC2 security group and a new security group. The
Ref
function gets the ID of the AWS::EC2::SecurityGroup resource myNewEC2SecurityGroup
that's declared elsewhere in the stack template.
The launch template includes a section for custom user data. You can pass in configuration tasks and scripts that run when an instance launches in this section. In this example, the user data installs the AWS Systems Manager Agent and starts the agent.
The launch template also includes an IAM role that allows applications running
on instances to perform actions on your behalf. This example shows an AWS::IAM::Role resource for the launch template, which uses the
IamInstanceProfile
property to specify the IAM role. The Ref
function gets the name of the AWS::IAM::InstanceProfile resource myInstanceProfile
. To
configure the permissions of the IAM role, you specify a value for the
ManagedPolicyArns
property.
JSON
{ "Resources":{ "myLaunchTemplate":{ "Type":"AWS::EC2::LaunchTemplate", "Properties":{ "LaunchTemplateName":{ "Fn::Sub": "${AWS::StackName}-launch-template" }, "LaunchTemplateData":{ "ImageId":"
ami-02354e95b3example
", "InstanceType":"t3.micro
", "IamInstanceProfile":{ "Name":{ "Ref":"myInstanceProfile" } }, "SecurityGroupIds":[ { "Ref":"myNewEC2SecurityGroup
" }, "sg-083cd3bfb8example
" ], "UserData":{ "Fn::Base64":{ "Fn::Join": [ "", [ "#!/bin/bash\n
", "cd /tmp\n
", "yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm\n
", "systemctl enable amazon-ssm-agent\n
", "systemctl start amazon-ssm-agent\n
" ] ] } }, "TagSpecifications":[ { "ResourceType":"instance", "Tags":[ { "Key":"environment
", "Value":"development
" } ] }, { "ResourceType":"volume", "Tags":[ { "Key":"environment
", "Value":"development
" } ] } ] } } }, "myInstanceRole":{ "Type":"AWS::IAM::Role", "Properties":{ "RoleName":"InstanceRole", "AssumeRolePolicyDocument":{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Principal":{ "Service":[ "ec2.amazonaws.com" ] }, "Action":[ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns":[ "arn:aws:iam::aws:policy/myCustomerManagedPolicy
" ] } }, "myInstanceProfile":{ "Type":"AWS::IAM::InstanceProfile", "Properties":{ "Path":"/", "Roles":[ { "Ref":"myInstanceRole" } ] } } } }
YAML
--- Resources: myLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: !Sub ${AWS::StackName}-launch-template LaunchTemplateData: ImageId:
ami-02354e95b3example
InstanceType:t3.micro
IamInstanceProfile: Name: !Ref myInstanceProfile SecurityGroupIds: - !RefmyNewEC2SecurityGroup
-sg-083cd3bfb8example
UserData: Fn::Base64: !Sub |#!/bin/bash cd /tmp yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm systemctl enable amazon-ssm-agent systemctl start amazon-ssm-agent
TagSpecifications: - ResourceType: instance Tags: - Key:environment
Value:development
- ResourceType: volume Tags: - Key:environment
Value:development
myInstanceRole: Type: AWS::IAM::Role Properties: RoleName: InstanceRole AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Principal: Service: - 'ec2.amazonaws.com' Action: - 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/myCustomerManagedPolicy
' myInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: '/' Roles: - !Ref myInstanceRole