20탄-3. CF - Pub1,Pri1,EC2 각 1대
테스트 환경을 구축하기 위해 Cloudformation을 공부해보자
실무에서도 빠르게 인프라를 구축하기 위해 많이 사용한다.
<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성
<2> Cloudformation 코드에 들어가야 하는것
<3> Cloudformation 내용
<4> 다른 Cloudformation 파일 보기
<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성
VPC 1개
Public Subnet 1개
Private Sunet 1개 구성이다.
pub ec2 1개
pri ec2 1개
<2> Cloudformation 코드에 들어가야 하는것
pub관련 4개
PublicSubnet1
PublicRouteTable 테이블
PublicRoute 0.0.0.0
PublicSubnetRouteTableAssociation1
private 관련 3개
PrivateSubnet1
PrivateRouteTable: 테이블
PrivateSubnetRouteTableAssociation1:
공통 3개
VPC
IGW
IGW Attatch
EC2
Pub EC2 1대
Pri EC2 1대
ec2 keypair 1개
- ec2를 생성하므로 keypair가 필요하다.
보안그룹1개
- 서버에서 사용
<3> Cloudformation 내용
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Resources:
testVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
Tags:
- Key: Name
Value: test-VPC
testIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: test-IGW
testIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref testIGW
VpcId: !Ref testVPC
testPublicRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref testVPC
Tags:
- Key: Name
Value: test-Public-RT
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: testIGWAttachment
Properties:
RouteTableId: !Ref testPublicRT
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref testIGW
testPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref testVPC
Tags:
- Key: Name
Value: test-Private-RT
testPublicSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref testVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: test-Public-SN
testPrivateSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref testVPC
AvailabilityZone: !Select [ 2, !GetAZs '' ]
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: test-Private-SN
testPublicSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref testPublicRT
SubnetId: !Ref testPublicSN
testPrivateSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref testPrivateRT
SubnetId: !Ref testPrivateSN
testSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22
VpcId: !Ref testVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
testPublicEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-03b42693dc6a7dc35
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: test-Public-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref testPublicSN
GroupSet:
- !Ref testSecurityGroup
AssociatePublicIpAddress: true
testPrivateEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-03b42693dc6a7dc35
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: test-Private-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref testPrivateSN
GroupSet:
- !Ref testSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
(
echo "seoqw"
echo "seoqw"
) | passwd --stdin root
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
service sshd restart
<4> 다른 Cloudformation 파일 보기
https://brunch.co.kr/@topasvga/1781
