20탄-4. CF - Pub1,Pri1,EC2 각 1대
<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성
<2> Cloudformation 코드에 들어가야 하는것
<3> Cloudformation 내용
<4> 다른 Cloudformation 파일 보기
<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성
VPC 1개
Public Subnet 1개
Private Sunet 1개 구성이다.
pub ec2 1개
pri ec2 1개
<2> Cloudformation 코드에 들어가야 하는것
pub관련 4개
PublicSubnet1
PublicRouteTable 테이블
PublicRoute 0.0.0.0
PublicSubnetRouteTableAssociation1
private 관련 3개
PrivateSubnet1
PrivateRouteTable: 테이블
PrivateSubnetRouteTableAssociation1:
ec2 keypair 1개 - ec2를 생성하므로 keypair가 필요하다.
공통
VPC
IGW
IGW Attatch
EC2 -1번 코드
Keyname
Security Group
Instance
EC2 -2번 코드
Instance
<3> Cloudformation 내용
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Resources:
TESTVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: TEST-VPC
TESTIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: TEST-IGW
TESTIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref TESTIGW
VpcId: !Ref TESTVPC
TESTPublicRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref TESTVPC
Tags:
- Key: Name
Value: TEST-Public-RT
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: TESTIGWAttachment
Properties:
RouteTableId: !Ref TESTPublicRT
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref TESTIGW
TESTPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref TESTVPC
Tags:
- Key: Name
Value: TEST-Private-RT
TESTPublicSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref TESTVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: TEST-Public-SN
TESTPrivateSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref TESTVPC
AvailabilityZone: !Select [ 2, !GetAZs '' ]
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: TEST-Private-SN
TESTPublicSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref TESTPublicRT
SubnetId: !Ref TESTPublicSN
TESTPrivateSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref TESTPrivateRT
SubnetId: !Ref TESTPrivateSN
TESTSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP
VpcId: !Ref TESTVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: 0.0.0.0/0
TESTPublicEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-03b42693dc6a7dc35
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: TEST-Public-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref TESTPublicSN
GroupSet:
- !Ref TESTSecurityGroup
AssociatePublicIpAddress: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`
yum install -y httpd
service httpd start
chkconfig httpd on
echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html
TESTPrivateEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-03b42693dc6a7dc35
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: TEST-Private-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref TESTPrivateSN
GroupSet:
- !Ref TESTSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
(
echo "se3"
echo "se3"
) | passwd --stdin root
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
service sshd restart
<4> 다른 Cloudformation 파일 보기
https://brunch.co.kr/@topasvga/1781
감사합니다.
