Pulumi SSM Instance - TypeScript

index.ts

const sg = new aws.ec2.SecurityGroup("ssm-sg", {
  vpcId: vpcId,
  description: "Allow all egress, no ingress.",
  egress: [{
    fromPort: 0,
    toPort: 0,
    protocol: "-1",
    cidrBlocks: ["0.0.0.0/0"],
    description: "Allow all"
  }]
});

const role = new aws.iam.Role("ssm-role", {
  assumeRolePolicy: JSON.stringify({
    "Version": "2012-10-17",
    "Statement": {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com",
      },
      "Action": "sts:AssumeRole",
    },
  })
});

new aws.iam.RolePolicyAttachment("ssm-role-policy-attachment", {
  role: role.name,
  policyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
});

const instanceProfile = new aws.iam.InstanceProfile("ssm-instance-profile", {
  role: role.name,
});

const amazonLinux2 = aws.ec2.getAmiOutput({
  mostRecent: true,
  owners: ["amazon"],
  filters: [{
    name: "name",
    values: ["amzn2-ami-hvm-*-x86_64-gp2"],
  }, {
    name: "owner-alias",
    values: ["amazon"]
  }]
});

new aws.ec2.Instance("ssm-instance", {
  ami: amazonLinux2.id,
  instanceType: "t3.micro",
  vpcSecurityGroupIds: [sg.id],
  subnetId: privateSubnetId,
  iamInstanceProfile: instanceProfile.name,
  tags: {
    Name: "pulumi-cf-outputs"
  }
})