feat(ec2): extend BastionHostLinux to support CloudFormationInit (#17507)

Implements #17161

Extends the `BastionHostLinux` constructor to accept optional `CloudFormationInit` and `ApplyCloudFormationInitOptions` arguments to be passed to the underlying instance.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: mpvosseller

packages/@aws-cdk/aws-ec2/lib/bastion-host.ts

@@ -2,8 +2,9 @@ import { IPrincipal, IRole, PolicyStatement } from '@aws-cdk/aws-iam';
 import { CfnOutput, Resource, Stack } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { AmazonLinuxGeneration, InstanceArchitecture, InstanceClass, InstanceSize, InstanceType } from '.';
+import { CloudFormationInit } from './cfn-init';
 import { Connections } from './connections';
-import { IInstance, Instance } from './instance';
+import { ApplyCloudFormationInitOptions, IInstance, Instance } from './instance';
 import { AmazonLinuxCpuType, IMachineImage, MachineImage } from './machine-image';
 import { IPeer } from './peer';
 import { Port } from './port';
@@ -80,6 +81,22 @@ export interface BastionHostLinuxProps {
    * @default - Uses the block device mapping of the AMI
    */
   readonly blockDevices?: BlockDevice[];
+
+  /**
+   * Apply the given CloudFormation Init configuration to the instance at startup
+   *
+   * @default - no CloudFormation init
+   */
+  readonly init?: CloudFormationInit;
+
+  /**
+   * Use the given options for applying CloudFormation Init
+   *
+   * Describes the configsets to use and the timeout to wait
+   *
+   * @default - default options
+   */
+  readonly initOptions?: ApplyCloudFormationInitOptions;
 }
 
 /**
@@ -159,6 +176,8 @@ export class BastionHostLinux extends Resource implements IInstance {
       }),
       vpcSubnets: props.subnetSelection ?? {},
       blockDevices: props.blockDevices ?? undefined,
+      init: props.init,
+      initOptions: props.initOptions,
     });
     this.instance.addToRolePolicy(new PolicyStatement({
       actions: [

packages/@aws-cdk/aws-ec2/test/bastion-host.test.ts

@@ -1,6 +1,7 @@
 import '@aws-cdk/assert-internal/jest';
-import { Stack } from '@aws-cdk/core';
-import { BastionHostLinux, BlockDeviceVolume, InstanceClass, InstanceSize, InstanceType, SubnetType, Vpc } from '../lib';
+import { ResourcePart } from '@aws-cdk/assert-internal';
+import { Duration, Stack } from '@aws-cdk/core';
+import { BastionHostLinux, BlockDeviceVolume, CloudFormationInit, InitCommand, InstanceClass, InstanceSize, InstanceType, SubnetType, Vpc } from '../lib';
 
 describe('bastion host', () => {
   test('default instance is created in basic', () => {
@@ -123,4 +124,41 @@ describe('bastion host', () => {
 
 
   });
+
+  test('add CloudFormation Init to instance', () => {
+    // GIVEN
+    const stack = new Stack();
+    const vpc = new Vpc(stack, 'VPC');
+
+    // WHEN
+    new BastionHostLinux(stack, 'Bastion', {
+      vpc,
+      initOptions: {
+        timeout: Duration.minutes(30),
+      },
+      init: CloudFormationInit.fromElements(
+        InitCommand.shellCommand('echo hello'),
+      ),
+    });
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::EC2::Instance', {
+      CreationPolicy: {
+        ResourceSignal: {
+          Timeout: 'PT30M',
+        },
+      },
+      Metadata: {
+        'AWS::CloudFormation::Init': {
+          config: {
+            commands: {
+              '000': {
+                command: 'echo hello',
+              },
+            },
+          },
+        },
+      },
+    }, ResourcePart.CompleteDefinition);
+  });
 });