CtrlK
BlogDocsLog inGet started
Tessl Logo

giuseppe-trisciuoglio/developer-kit

Comprehensive developer toolkit providing reusable skills for Java/Spring Boot, TypeScript/NestJS/React/Next.js, Python, PHP, AWS CloudFormation, AI/RAG, DevOps, and more.

82

Quality

82%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Risky

Do not use without reviewing

Validation failed for skills in this tile
One or more skills have errors that need to be fixed before they can move to Implementation and Discovery review.
Overview
Quality
Evals
Security
Files

reference.mdplugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-ec2/references/

AWS CloudFormation EC2 - Reference

This reference guide contains detailed information about AWS CloudFormation resources, intrinsic functions, and configurations for EC2 infrastructure.

AWS::EC2::Instance

Creates an EC2 instance.

Properties

PropertyTypeRequiredDescription
ImageIdStringYesThe ID of the AMI
InstanceTypeStringYesThe instance type (e.g., t3.micro)
AvailabilityZoneStringNoThe Availability Zone of the instance
BlockDeviceMappingsListNoBlock device mappings
EbsOptimizedBooleanNoWhether instance is EBS-optimized
IamInstanceProfileStringNoIAM instance profile name or ARN
InstanceIdStringNoFor instance updates only
KeyNameStringNoKey pair name
MonitoringBooleanNoWhether detailed monitoring is enabled
NetworkInterfacesListNoNetwork interfaces
PlacementPlacementNoPlacement settings
SecurityGroupIdsListNoSecurity group IDs
SubnetIdStringNoSubnet ID
TagsList of TagNoTags assigned to the instance
TenancyStringNoTenancy (default, dedicated, host)
UserDataStringNoUser data script (base64 encoded)

Example

Resources:
  Ec2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0ff8a95407f89df2f
      InstanceType: t3.micro
      KeyName: my-key-pair
      SubnetId: !Ref PublicSubnet
      SecurityGroupIds:
        - !Ref InstanceSecurityGroup
      UserData:
        Fn::Base64: |
          #!/bin/bash
          yum update -y
      Tags:
        - Key: Name
          Value: my-instance

Attributes

AttributeDescription
AvailabilityZoneThe Availability Zone of the instance
PrivateDnsNameThe private DNS name
PrivateIpThe private IP address
PublicDnsNameThe public DNS name
PublicIpThe public IP address

AWS::EC2::SecurityGroup

Creates a security group.

Properties

PropertyTypeRequiredDescription
GroupDescriptionStringYesA description of the security group
GroupNameStringNoThe name of the security group
SecurityGroupEgressListNoOutbound rules
SecurityGroupIngressListNoInbound rules
TagsList of TagNoTags assigned to the security group
VpcIdStringNoThe VPC ID

Example

Resources:
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for EC2 instance
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 10.0.0.0/16

Security Group Ingress Patterns

# Allow HTTP from anywhere
- IpProtocol: tcp
  FromPort: 80
  ToPort: 80
  CidrIp: 0.0.0.0/0

# Allow SSH from specific CIDR
- IpProtocol: tcp
  FromPort: 22
  ToPort: 22
  CidrIp: 10.0.0.0/16

# Allow from another security group
- IpProtocol: tcp
  FromPort: 8080
  ToPort: 8080
  SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup

# Allow all ICMP
- IpProtocol: icmp
  FromPort: -1
  ToPort: -1
  CidrIp: 10.0.0.0/16

# Allow all traffic from security group
- IpProtocol: -1
  SourceSecurityGroupId: !Ref DatabaseSecurityGroup

Security Group Egress Patterns

# Allow outbound HTTPS
- IpProtocol: tcp
  FromPort: 443
  ToPort: 443
  CidrIp: 0.0.0.0/0

# Allow all outbound traffic
- IpProtocol: -1
  FromPort: 0
  ToPort: 65535
  CidrIp: 0.0.0.0/0

AWS::IAM::Role

Creates an IAM role.

Properties

PropertyTypeRequiredDescription
AssumeRolePolicyDocumentPolicyDocumentYesTrust policy document
ManagedPolicyArnsListNoARNs of managed policies
PathStringNoPath for the role
PoliciesListNoInline policies
RoleNameStringNoName of the role

Example

Resources:
  Ec2Role:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/ReadOnlyAccess
      Policies:
        - PolicyName: S3Access
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - s3:GetObject
                Resource: !Sub "arn:aws:s3:::my-bucket/*"

AWS::IAM::InstanceProfile

Creates an instance profile.

Properties

PropertyTypeRequiredDescription
InstanceProfileNameStringNoName of the instance profile
PathStringNoPath for the instance profile
RolesListYesRoles to associate with the profile

Example

Resources:
  Ec2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Roles:
        - !Ref Ec2Role
      InstanceProfileName: my-instance-profile

AWS::ElasticLoadBalancingV2::LoadBalancer

Creates an Application Load Balancer.

Properties

PropertyTypeRequiredDescription
NameStringNoName of the load balancer
SchemeStringNointernet-facing or internal
SecurityGroupsListNoSecurity group IDs
SubnetsListYesSubnet IDs
TypeStringNoload balancer type
LoadBalancerAttributesListNoLoad balancer attributes

Example

Resources:
  ApplicationLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: my-alb
      Scheme: internet-facing
      SecurityGroups:
        - !Ref AlbSecurityGroup
      Subnets:
        - !Ref PublicSubnet1
        - !Ref PublicSubnet2
      Type: application
      LoadBalancerAttributes:
        - Key: idle_timeout.timeout_seconds
          Value: "60"
        - Key: deletion_protection.enabled
          Value: "false"

Attributes

AttributeDescription
DNSNameDNS name of the load balancer
CanonicalHostedZoneIDHosted zone ID
LoadBalancerNameName of the load balancer

AWS::ElasticLoadBalancingV2::TargetGroup

Creates a target group for ALB.

Properties

PropertyTypeRequiredDescription
NameStringNoName of the target group
PortNumberYesPort on which targets receive traffic
ProtocolStringYesProtocol for the target group
VpcIdStringYesVPC ID
HealthCheckIntervalSecondsNumberNoHealth check interval
HealthCheckPathStringNoHealth check path
HealthCheckPortStringNoHealth check port
HealthCheckProtocolStringNoHealth check protocol
HealthCheckTimeoutSecondsNumberNoHealth check timeout
HealthyThresholdCountNumberNoHealthy threshold count
UnhealthyThresholdCountNumberNoUnhealthy threshold count
TargetTypeStringNoTarget type (instance, ip, lambda)
TargetsListNoTargets to register

Example

Resources:
  ApplicationTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: my-tg
      Port: 80
      Protocol: HTTP
      VpcId: !Ref VPC
      TargetType: instance
      HealthCheckPath: /health
      HealthCheckIntervalSeconds: 30
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 2
      UnhealthyThresholdCount: 3

AWS::ElasticLoadBalancingV2::Listener

Creates a listener for ALB.

Properties

PropertyTypeRequiredDescription
DefaultActionsListYesDefault actions for the listener
LoadBalancerArnStringYesARN of the load balancer
PortNumberYesPort on which the load balancer is listening
ProtocolStringYesProtocol for the listener
CertificatesListNoCertificates for HTTPS

Example

Resources:
  ApplicationListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref ApplicationTargetGroup
      LoadBalancerArn: !Ref ApplicationLoadBalancer
      Port: 80
      Protocol: HTTP

  HttpsListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref ApplicationTargetGroup
      LoadBalancerArn: !Ref ApplicationLoadBalancer
      Port: 443
      Protocol: HTTPS
      Certificates:
        - CertificateArn: !Ref CertificateArn

AWS::ElasticLoadBalancingV2::ListenerRule

Creates a listener rule for ALB routing.

Properties

PropertyTypeRequiredDescription
ActionsListYesActions for the rule
ConditionsListYesConditions for the rule
ListenerArnStringYesARN of the listener
PriorityNumberYesPriority of the rule

Example

Resources:
  ApiListenerRule:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - Type: forward
          TargetGroupArn: !Ref ApiTargetGroup
      Conditions:
        - Field: path-pattern
          Values:
            - /api/*
            - /v1/*
      ListenerArn: !Ref ApplicationListener
      Priority: 10

AWS::EC2::SpotFleet

Creates a SPOT fleet request.

Properties

PropertyTypeRequiredDescription
SpotFleetRequestConfigDataSpotFleetRequestConfigDataYesConfiguration for the request

SpotFleetRequestConfigData Properties

PropertyTypeRequiredDescription
AllocationStrategyStringNoStrategy for allocating SPOT instances
IamFleetRoleStringYesIAM role for SPOT fleet
SpotPriceStringNoMaximum SPOT price
TargetCapacityNumberYesTarget capacity
TerminateInstancesWithExpirationBooleanNoTerminate on expiration
TypeStringNoRequest type
LaunchSpecificationsListYesLaunch specifications

Example

Resources:
  SpotFleet:
    Type: AWS::EC2::SpotFleet
    Properties:
      SpotFleetRequestConfigData:
        TargetCapacity: 10
        IamFleetRole: !GetAtt SpotFleetRole.Arn
        AllocationStrategy: capacityOptimized
        SpotPrice: "0.05"
        Type: request
        LaunchSpecifications:
          - ImageId: !Ref AmiId
            InstanceType: t3.micro
            SubnetId: !Ref SubnetId

AWS::EC2::NetworkInterface

Creates a network interface.

Properties

PropertyTypeRequiredDescription
DescriptionStringNoDescription of the network interface
GroupSetListNoSecurity group IDs
SubnetIdStringYesSubnet ID

Example

Resources:
  NetworkInterface:
    Type: AWS::EC2::NetworkInterface
    Properties:
      SubnetId: !Ref SubnetId
      Description: My network interface
      GroupSet:
        - !Ref SecurityGroup

Attributes

AttributeDescription
PrimaryPrivateIpAddressPrimary private IP address
SecondaryPrivateIpAddressesSecondary private IP addresses

AWS::AutoScaling::LaunchConfiguration

Creates a launch configuration for Auto Scaling.

Properties

PropertyTypeRequiredDescription
ImageIdStringYesID of the AMI
InstanceTypeStringYesInstance type
AssociatePublicIpAddressBooleanNoAssociate public IP
EbsOptimizedBooleanNoEBS optimized
IamInstanceProfileStringNoIAM instance profile
InstanceMonitoringBooleanNoInstance monitoring
SecurityGroupsListNoSecurity groups
UserDataStringNoUser data script

Example

Resources:
  LaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: !Ref AmiId
      InstanceType: !Ref InstanceType
      IamInstanceProfile: !Ref InstanceProfile
      SecurityGroups:
        - !Ref SecurityGroup

AWS::AutoScaling::AutoScalingGroup

Creates an Auto Scaling group.

Properties

PropertyTypeRequiredDescription
LaunchConfigurationNameStringCondLaunch configuration name
LaunchTemplateLaunchTemplateCondLaunch template
MaxSizeStringYesMaximum size
MinSizeStringYesMinimum size
DesiredCapacityStringNoDesired capacity
VPCZoneIdentifierListNoSubnet IDs
TargetGroupARNsListNoTarget group ARNs
HealthCheckTypeStringNoHealth check type (EC2 or ELB)
HealthCheckGracePeriodNumberNoGrace period in seconds
TerminationPoliciesListNoTermination policies

Example

Resources:
  AutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: my-asg
      LaunchConfigurationName: !Ref LaunchConfiguration
      MinSize: "2"
      MaxSize: "10"
      DesiredCapacity: "2"
      VPCZoneIdentifier:
        - !Ref Subnet1
        - !Ref Subnet2
      TargetGroupARNs:
        - !Ref TargetGroupArn
      HealthCheckType: ELB
      HealthCheckGracePeriod: 300

AWS::AutoScaling::ScalingPolicy

Creates a scaling policy.

Properties

PropertyTypeRequiredDescription
AutoScalingGroupNameStringYesName of ASG
PolicyTypeStringNoPolicy type
TargetTrackingConfigurationTargetTrackingConfigurationCondTarget tracking config
StepAdjustmentListNoStep adjustments

Example

Resources:
  ScalingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      AutoScalingGroupName: !Ref AutoScalingGroup
      PolicyType: TargetTrackingScaling
      TargetTrackingConfiguration:
        PredefinedMetricSpecification:
          PredefinedMetricType: ASGAverageCPUUtilization
        TargetValue: 70.0

AWS::CloudWatch::Alarm

Creates a CloudWatch alarm.

Properties

PropertyTypeRequiredDescription
AlarmNameStringNoName of the alarm
AlarmDescriptionStringNoDescription
MetricNameStringYesMetric name
NamespaceStringYesNamespace
DimensionsListNoDimensions
StatisticStringNoStatistic
PeriodNumberNoPeriod in seconds
EvaluationPeriodsNumberYesEvaluation periods
ThresholdNumberYesThreshold
ComparisonOperatorStringYesComparison operator
AlarmActionsListNoActions on alarm
OKActionsListNoActions on OK

Example

Resources:
  CpuHighAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub ${AWS::StackName}-cpu-high
      AlarmDescription: CPU utilization exceeds 80%
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: InstanceId
          Value: !Ref Ec2Instance
      Statistic: Average
      Period: 300
      EvaluationPeriods: 2
      Threshold: 80
      ComparisonOperator: GreaterThanThreshold
      AlarmActions:
        - !Ref SnsTopic

AWS::SNS::Topic

Creates an SNS topic for notifications.

Properties

PropertyTypeRequiredDescription
TopicNameStringNoName of the topic

Example

Resources:
  AlarmTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: !Sub ${AWS::StackName}-alarms

Intrinsic Functions Reference

!Ref

Returns the value of the specified parameter or resource.

# Reference a parameter
InstanceType: !Ref InstanceType

# Reference a resource (returns the physical ID)
InstanceId: !Ref Ec2Instance

!GetAtt

Returns the value of an attribute from a resource.

# Get public IP
PublicIp: !GetAtt Ec2Instance.PublicIp

# Get role ARN
RoleArn: !GetAtt Ec2Role.Arn

# Get ALB DNS name
DnsName: !GetAtt ApplicationLoadBalancer.DNSName

!Sub

Substitutes variables in an input string with their values.

# With variable substitution
Name: !Sub ${AWS::StackName}-instance

# Without variable substitution
Name: !Sub "literal-string"

!Join

Combines a list of values into a single value.

# Join with comma
SubnetIds: !Join [",", [!Ref Subnet1, !Ref Subnet2]]

!Select

Returns a single object from a list of objects.

# Select first AZ
AvailabilityZone: !Select [0, !GetAZs '']

# Select from list
SubnetId: !Select [0, !Ref SubnetIds]

!FindInMap

Returns the value corresponding to keys in a two-level map.

# Find in mapping
ImageId: !FindInMap [RegionMap, !Ref AWS::Region, HVM64]

!If

Returns one value if the specified condition is true and another if false.

# Conditional value
SubnetId: !If [IsProduction, !Ref ProdSubnet, !Ref DevSubnet]

!Equals

Compares two values.

# Condition
IsProduction: !Equals [!Ref Environment, production]

!ImportValue

Returns the value of an output exported by another stack.

# Import value
VpcId: !ImportValue ${NetworkStackName}-VpcId

Instance Types

Common Instance Types

FamilyTypesUse Case
t3nano, micro, small, medium, large, xlargeGeneral purpose
m5large, xlarge, 2xlarge, 4xlargeGeneral purpose
m6ilarge, xlarge, 2xlarge, 4xlargeGeneral purpose
c5large, xlarge, 2xlarge, 4xlargeCompute optimized
c6ilarge, xlarge, 2xlarge, 4xlargeCompute optimized
r5large, xlarge, 2xlarge, 4xlargeMemory optimized
r6ilarge, xlarge, 2xlarge, 4xlargeMemory optimized
i3large, xlarge, 2xlarge, 4xlargeStorage optimized
g4dnxlarge, 2xlarge, 4xlargeGPU

Burstable Performance Instances

The t3 family provides baseline CPU performance with the ability to burst:

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues:
      - t3.nano
      - t3.micro
      - t3.small
      - t3.medium
      - t3.large
      - t3.xlarge
      - t3.2xlarge

Common AMI IDs

Amazon Linux 2 (HVM)

Regionx86_64ARM64
us-east-1ami-0ff8a95407f89df2fami-0a0c776d80e2a1f3c
us-west-2ami-0a0c776d80e2a1f3cami-0a0c776d80e2a1f3c
eu-west-1ami-0ff8a95407f89df2fami-0a0c776d80e2a1f3c

Using SSM Parameter

Parameters:
  LatestAmiId:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

Limits and Quotas

EC2 Limits

ResourceDefault Limit
Instances per region20
Volumes per instance26
ENIs per instanceVaries by type
Security groups per VPC500
Rules per security group60 inbound + 60 outbound

ALB Limits

ResourceDefault Limit
Listeners per load balancer10
Rules per listener25 (default) / 100 (increased)
Targets per target group1000
Load balancers per region50

IAM Limits

ResourceDefault Limit
Roles per account1000
Instance profiles per account500
Policies per account1500

Tags Best Practices

Recommended Tagging Strategy

Resources:
  Ec2Instance:
    Type: AWS::EC2::Instance
    Properties:
      Tags:
        - Key: Name
          Value: !Sub ${EnvironmentName}-instance
        - Key: Environment
          Value: !Ref EnvironmentName
        - Key: Project
          Value: !Ref ProjectName
        - Key: ManagedBy
          Value: CloudFormation
        - Key: CostCenter
          Value: !Ref CostCenter
        - Key: Owner
          Value: !Ref Owner

Common Tags

Tag KeyDescriptionExample Values
NameHuman-readable nameproduction-web-01
EnvironmentDeployment environmentdevelopment, staging, production
ProjectProject namemy-project
OwnerTeam or individualteam@example.com
ManagedByManaging toolCloudFormation
CostCenterBudget allocation12345
VersionResource version1.0.0
ApplicationApplication namemyapp

CloudWatch Metrics for EC2

Basic Metrics

MetricDescription
CPUUtilizationCPU utilization percentage
DiskReadOpsDisk read operations
DiskWriteOpsDisk write operations
NetworkInNetwork bytes in
NetworkOutNetwork bytes out
StatusCheckFailedStatus check failures

Detailed Monitoring Metrics

MetricDescription
CPUCreditUsageCPU credits used
CPUCreditBalanceCPU credits available
DiskReadBytesBytes read from disk
DiskWriteBytesBytes written to disk
NetworkPacketsInPackets in
NetworkPacketsOutPackets out

Best Practices Summary

  1. Use SSM parameters for AMI IDs to get latest patches automatically
  2. Use IAM roles instead of embedding credentials
  3. Use security groups for instance-level access control
  4. Use ALB for distributing traffic to multiple instances
  5. Enable detailed monitoring for production instances
  6. Use Auto Scaling for high availability and cost optimization
  7. Tag resources consistently for cost allocation and management
  8. Use Spot instances for cost-sensitive, fault-tolerant workloads
  9. Separate concerns using multiple security groups
  10. Use cross-stack references for modular architectures

plugins

developer-kit-aws

skills

aws-cloudformation

aws-cloudformation-ec2

references

examples.md

reference.md

EXAMPLES.md

REFERENCE.md

SKILL.md

README.md

tile.json