-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcube-in-a-box-cloudformation.yml
173 lines (170 loc) · 5.92 KB
/
cube-in-a-box-cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
AWSTemplateFormatVersion: "2010-09-09"
Metadata:
License: Apache-2.0
Description: "Open Data Cube template with EC2 instance and RDS."
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.small
AllowedValues:
[
t2.small,
t2.medium,
t2.large,
m1.large,
m1.xlarge,
m2.xlarge,
c4.large,
c4.xlarge,
c4.2xlarge,
g2.8xlarge,
r3.large,
r3.xlarge,
]
ConstraintDescription: must be a valid EC2 instance type.
ExtentToIndex:
Description: An extent to index for use in the Cube in a Box
Type: String
Default: "25,20,35,30"
SecretPassword:
Description: Password to open up the Jupyter notebook
Type: String
Default: "secretpassword"
EC2InstanceName:
Description: The name of the Cube in a Box EC2 instance
Type: String
Default: "Cube-in-a-Box"
SSHLocation:
Description: The IP address range that can be used to access the Cube in a Box
Type: String
MinLength: "9"
MaxLength: "18"
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Region:
Description: The AWS region to deploy in
Type: String
Default: us-west-2
AllowedValues: [us-west-2, ap-southeast-2]
Mappings:
RegionMap:
us-west-2:
"HVM64": "ami-04ef7170e45541f07"
ap-southeast-2:
"HVM64": "ami-033c54f661460cfd2"
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref "InstanceType"
SecurityGroups: [!Ref "InstanceSecurityGroup"]
KeyName: !Ref "KeyName"
ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", HVM64]
IamInstanceProfile: !Ref ODCInstanceProfile
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 50
UserData:
Fn::Base64: !Sub |
#!/bin/bash -ex
# Install our dependencies
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get -y install python-pip
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update
apt-get install -y docker-ce python3-pip unzip wget
pip3 install docker-compose
# Get our code
wget https://github.com/crc-si/cube-in-a-box/archive/master.zip -O /tmp/archive.zip
unzip /tmp/archive.zip
mv cube-in-a-box-master /opt/odc
# We need to remove some local vars. This is a bit of a hack...
sed --in-place 's/secretpassword/${SecretPassword}/g' /opt/odc/docker-compose.yml
# We need write access in these places
chmod -R 777 /opt/odc/notebooks
cd /opt/odc
# Start the machines
sudo docker-compose -f docker-compose.yml -f docker-compose-prod.yml pull
sudo docker-compose -f docker-compose.yml -f docker-compose-prod.yml up -d
# Wait for them to wake up
sleep 15
# Initialise and load a product, and then some data
# Note to future self, we can't use make here because of TTY interactivity (the -T flag)
sudo docker-compose -f docker-compose.yml -f docker-compose-prod.yml exec -T jupyter datacube -v system init
sudo docker-compose -f docker-compose.yml -f docker-compose-prod.yml exec -T jupyter datacube product add https://raw.githubusercontent.com/digitalearthafrica/config/master/products/esa_s2_l2a.odc-product.yaml
sudo docker-compose -f docker-compose.yml -f docker-compose-prod.yml exec -T jupyter bash -c "stac-to-dc --bbox=${ExtentToIndex} --collections='sentinel-s2-l2a-cogs' --datetime='2020-01-01/2020-03-31' s2_l2a"
Tags:
- Key: "Name"
Value: !Ref "EC2InstanceName"
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable access
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
CidrIp: !Ref "SSHLocation"
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
CidrIp: !Ref "SSHLocation"
- IpProtocol: tcp
FromPort: "8888"
ToPort: "8888"
CidrIp: !Ref "SSHLocation"
ODCRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
RolePolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: odc-policy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: ["S3:ListBucket"]
Resource: ["arn:aws:s3:::landsat-pds"]
- Effect: Allow
Action: ["S3:GetObject"]
Resource: ["arn:aws:s3:::landsat-pds/*"]
Roles:
- !Ref ODCRole
ODCInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref ODCRole
Outputs:
InstanceId:
Description: InstanceId of the newly created EC2 instance
Value: !Ref "EC2Instance"
AZ:
Description: Availability Zone of the newly created EC2 instance
Value: !GetAtt [EC2Instance, AvailabilityZone]
PublicDNS:
Description: Public DNSName of the newly created EC2 instance
Value: !GetAtt [EC2Instance, PublicDnsName]
PublicIP:
Description: Public IP address of the newly created EC2 instance
Value: !GetAtt [EC2Instance, PublicIp]