brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Oct 01. 2021

20탄-3. CF - Pub1,Pri1,EC2 각 1대

테스트 환경을 구축하기 위해 Cloudformation을 공부해보자

실무에서도 빠르게 인프라를 구축하기 위해 많이 사용한다.


<1> 요청 사항 - Pub1 , Pri1  Subnet , 각 서브넷에 EC2 1개 자동 생성

<2> Cloudformation 코드에 들어가야 하는것

<3> Cloudformation 내용

<4> 다른 Cloudformation 파일 보기



<1> 요청 사항 - Pub1 , Pri1  Subnet 각 서브넷에 EC2 1개 자동 생성


VPC 1개

Public Subnet 1개

Private Sunet 1개 구성이다.

pub ec2 1개

pri ec2 1개



<2> Cloudformation 코드에 들어가야 하는것


pub관련  4개

PublicSubnet1 

PublicRouteTable 테이블

PublicRoute  0.0.0.0

PublicSubnetRouteTableAssociation1


private 관련 3개

PrivateSubnet1

PrivateRouteTable:  테이블

PrivateSubnetRouteTableAssociation1: 


공통 3개

VPC

IGW

IGW Attatch


EC2 

Pub EC2  1대

Pri EC2 1대

ec2 keypair 1개  

- ec2를 생성하므로 keypair가 필요하다.


보안그룹1개

- 서버에서 사용





<3> Cloudformation 내용


Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:

  testVPC:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.0.0.0/16

     Tags:

        - Key: Name

          Value: test-VPC


  testIGW:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: test-IGW


  testIGWAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref testIGW

      VpcId: !Ref testVPC


  testPublicRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref testVPC

      Tags:

        - Key: Name

          Value: test-Public-RT


  DefaultPublicRoute:

    Type: AWS::EC2::Route

    DependsOn: testIGWAttachment

    Properties:

      RouteTableId: !Ref testPublicRT

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref testIGW


  testPrivateRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref testVPC

      Tags:

        - Key: Name

          Value: test-Private-RT


  testPublicSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref testVPC

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.0.0.0/24

      Tags:

        - Key: Name

          Value: test-Public-SN


  testPrivateSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref testVPC

      AvailabilityZone: !Select [ 2, !GetAZs '' ]

      CidrBlock: 10.0.1.0/24

      Tags:

        - Key: Name

          Value: test-Private-SN


  testPublicSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref testPublicRT

      SubnetId: !Ref testPublicSN


  testPrivateSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref testPrivateRT

      SubnetId: !Ref testPrivateSN


  testSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22

      VpcId: !Ref testVPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0



  testPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-03b42693dc6a7dc35

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: test-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref testPublicSN

          GroupSet:

          - !Ref testSecurityGroup

          AssociatePublicIpAddress: true



  testPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-03b42693dc6a7dc35

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: test-Private-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref testPrivateSN

          GroupSet:

          - !Ref testSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "seoqw"

            echo "seoqw"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart




<4> 다른 Cloudformation 파일 보기


https://brunch.co.kr/@topasvga/1781


브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari