npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aws-mdaa/ec2

v1.5.0

Published

MDAA ec2 module

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mdaa-dev-teammdaa-dev-team

Keywords

Readme

EC2

The EC2 CDK application is used to configure and deploy secure EC2 instances and associated resources.

Deployed Resources and Compliance Details

ec2

KMS CMK - Created if an existing KMS key is not provided for each instance/keypair.

  • Will be used to encrypt Instance EBS volumes and KeyPair Secrets
  • adminRoles will be granted admin and user permissions to the key via key policy
  • Additional accesses to the key may be granted as necessary by IAM policy

EC2 KeyPairs - Will be created for use by EC2 Instances, with private key material stored within a Secret.

  • KeyPairs and their Secrets will be retained post stack deletion
  • Each KeyPair Secret will be encrypted with the module KMS CMK if an existing key is not specified

EC2 Security Groups - Will be used by EC2 instances to control network access. Can also be used by other modules.

  • All egress will be allowed by default
  • No ingress will be allowed by default

EC2 Instances - Secure EC2 instances.

  • Instances have termination protection enabled and will be retained post stack deletion.
  • Each configured EBS volume will use the module KMS CMK if an existing key is not specified
  • AMI-configured volumes must be accounted for within the config, otherwise AMI deployment with unencrypted volumes will be attempted, but will fail due to additional post-deployment checks conducted by the underlying MDAA EC2 L2 construct

Configuration

MDAA Config

Add the following snippet to your mdaa.yaml under the modules: section of a domain/env in order to use this module:

          ec2: # Module Name can be customized
            module_path: "@aws-mdaa/ec2" # Must match module NPM package name
            module_configs:
              - ./ec2.yaml # Filename/path can be customized

Module Config (./ec2.yaml)

Config Schema Docs


# List of roles which will be granted access to the KMS key
# as well as KeyPair secrets containing private keys.
# Roles can be referenced by name, arn, or id
adminRoles:
  - name: Admin
  - arn: arn:{{partition}}:iam::{{account}}:role/some-admin-role
  - id: some-role-id

# List of EC2 KeyPairs to be created. Each keypair
# will have it's private key material stored in a Secret,
# with access granted to Admin roles.
keyPairs:
  # Each keyPair has a unique name.
  # To create a keyPair with default settings, specify
  # an empty config object '{}'
  test-key-pair: {}
  # Key pairs can also specify an existing KMS key
  test-key-pair2:
    kmsKeyArn: "arn:{{partition}}:kms:{{region}}:{{account}}:key/test-key"

# List of security groups to be created
securityGroups:
  sg1:
    vpcId: vpc-testvpc
    ingressRules:
      # Ingress from a CIDR range
      ipv4:
        - cidr: 10.0.0.0/28
          port: 443
          protocol: tcp
    egressRules:
      # Allow egress to prefixLists for gateway VPC endpoints
      prefixList:
        - prefixList: pl-4ea54027
          description: prefix list for com.amazonaws.{{region}}.dynamodb
          protocol: tcp
          port: 443
        - prefixList: pl-7da54014
          description: prefix list for com.amazonaws.{{region}}.s3
          protocol: tcp
          port: 443
      # Egress to a cidr range
      ipv4:
        - cidr: 10.0.0.0/28
          port: 443
          protocol: tcp
      # Egress to an existing Security group
      sg:
        - sgId: ssm:/ml/sm/sg/id
          port: 5472
          protocol: tcp

# List of cfn init Objects to be created
cfnInit:
#Name for cfn-init object, is free form, used to refer to init object in instance using initName prop
  initWindows:
#list of configSets created, can choose which configSets to run using initOptions prop of ec2. 
#If initOptions are not provided, default configSet is run
#Each configSet consists of list of configs to be run in that order
    configSets:
#Name of configSet
      default:
#configs prop of configset is a list of configs to be run in that order
        configs:
          - "awscli"
          - "Preinstall"
      confgiset2:
        configs:
          - "Preinstall"
          - "awscli"
#configs prop of cfnInit consist of list of configs, these configs are the ones used in configSets
    configs:
#Name of config
      awscli:
#package prop of config is a list of packages to be installed
        packages:
#identifier key of package, this is free form and can be any string
          awspackage:
#package manager to be used
# msi | rpm | python | yum | apt | gem
            packageManager: msi
#location of package
            packageLocation: "https://awscli.amazonaws.com/AWSCLIV2.msi"
          anotherpackage:
            packageManager: msi
            packageLocation: "https://awscli.amazonaws.com/anotherpackagefromconfig.msi"
      Preinstall:
        packages:
          git:
            packageManager: msi
            packageLocation: "https://awscli.amazonaws.com/somepackagefromconfig.msi"
# Commands section consist of list of commands, these commands are run in lexographical order of their identifier(key) name
        commands:
#Identifier(key) for the the command, commands are run in lexographical order of their identifier(key) name
          01testCommand:
#command can be either shellcommand or argvs, shellcommand is in string format, argvs in list of strings format
            shellCommand: 'echo "this is a command"'
          02anotherTestCommand:
            shellCommand: 'echo "this TOO is a command"'
#Test command is run before the command to see if command needs to be run,
# success output of test command results in skipping run of main command
            testCommand: 'echo "this is test command"'
#directory where the command needs to be run
            workingDir: '/some/dir/'
#if the command causes reboot, set waitForever to true to resume cfn-init after reboot is complete
            waitForever: true
#if command take time to run, can set waitAfterCompletion to some duration. In minutes
            # waitAfterCompletion: 4
#if command needs service restart after command has run
            restartRequired: true
#files prop to create files
        files:
#Identifier(key) for the the file, is used to name the file created.
          testfile.txt:
#path of file in source location
            filePath: './somefile.txt'
#if file needs service restart after file has been created
            restartRequired: true
#Services section consist of list of services
        services:
#name of service as used in OS
          cfn-hup:
#If service needs to be enabled
            enabled: true
#to make sure service is running
            ensureRunning: true
# to restart the service after file or package or command run.
#If any of those have restartRequired true >> have to set it true here to implement it
            restartRequired: true

  initLinux:
    configSets:
      default:
        configs:
          - "Apache"
          - "Prereq"
      confgiset2:
        configs:
          - "Prereq"
          - "Apache"
    configs:
      Prereq:
        packages:
          git:
            packageManager: yum
            packageName: git
            packageVersions: []
          rpmpackage:
            packageManager: rpm
            packageLocation: "https://awscli.amazonaws.com/rpmpackage.rpm"
          jqpackage:
            packageManager: yum
            packageName: jq
            packageVersions: []
      Apache:
        packages:
          apachepackage:
            packageManager: yum
            packageName: httpd
            packageVersions: []

# List of ec2 instances to be created
instances:
  # Each instance is uniquely named within the config
  instance-1:
    securityGroup: sg1 # Name of securityGroup from 'securityGroups` section of config
    # VPC/AZ configuration for the instance
    vpcId: vpc-testvpc
    subnetId: subnet-testsubnet
    availabilityZone: "{{region}}a"
    # Type of the instance
    instanceType: t3.medium
    # AMI of the instance
    amiId: ami-linux
    # Role which will be used as Instance Profile
    # Role can be referenced using arn, name, or id
    instanceRole:
      arn: arn:{{partition}}:iam::{{account}}:role/instance-role
    # Instance storage config
    # Note that if deploying an unencrypted AMI,
    # you MUST specify the AMI's root volume deviceName
    # in at least one blockDevice below to
    # ensure that the root volume is encrypted
    blockDevices:
      - deviceName: "/dev/sda1"
        volumeSizeInGb: 32
        ebsType: gp3
    # Indicates which os will run on the instance
    # 'linux' | 'windows' | 'unknown'
    osType: linux
    # Optional - path to local user data script relative to this config
    userDataScriptPath: "./userdata.sh"
    # The name of a key pair created by the 'keyPairs' section of this config
    keyPairName: test-key-pair
    # The name of a init configuration to be applied to this instance, name is referred from initMap section
    initName: initLinux

  instance-2:
    securityGroupId: sg-123412412 # ID of an existing security group created outside of this config
    vpcId: vpc-testvpc
    subnetId: subnet-testsubnet
    instanceType: t3.medium
    availabilityZone: "{{region}}b"
    amiId: ami-windows
    instanceRole:
      name: some-instance-role-name
    blockDevices:
      - deviceName: "/dev/sda1"
        volumeSizeInGb: 32
        ebsType: gp3
      - deviceName: "/dev/sdb1"
        volumeSizeInGb: 16
        ebsType: gp2
    kmsKeyArn: "arn:{{partition}}:kms:{{region}}:{{account}}:key/test-key"
    osType: windows
    userDataScriptPath: "./userdata.ps1"
    # Name of an existing key pair created outside of this config
    existingKeyPairName: "rsa-key"
    initName: initWindows