brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Oct 01. 2021

20탄-4. CF - Pub1,Pri1,EC2 각 1대


<1> 요청 사항 - Pub1 , Pri1  Subnet , 각 서브넷에 EC2 1개 자동 생성

<2> Cloudformation 코드에 들어가야 하는것

<3> Cloudformation 내용

<4> 다른 Cloudformation 파일 보기



<1> 요청 사항 - Pub1 , Pri1  Subnet , 각 서브넷에 EC2 1개 자동 생성


VPC 1개

Public Subnet 1개

Private Sunet 1개 구성이다.

pub ec2 1개

pri ec2 1개




<2> Cloudformation 코드에 들어가야 하는것


pub관련  4개

PublicSubnet1 

PublicRouteTable 테이블

PublicRoute  0.0.0.0

PublicSubnetRouteTableAssociation1


private 관련 3개

PrivateSubnet1

PrivateRouteTable:  테이블

PrivateSubnetRouteTableAssociation1: 


ec2 keypair 1개  - ec2를 생성하므로 keypair가 필요하다.


공통

VPC

IGW

IGW Attatch


EC2 -1번 코드

Keyname

Security Group

Instance


EC2 -2번 코드

Instance



<3> Cloudformation 내용


Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:

  TESTVPC:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.0.0.0/16

     EnableDnsSupport: true

     EnableDnsHostnames: true

     Tags:

        - Key: Name

          Value: TEST-VPC


  TESTIGW:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: TEST-IGW


  TESTIGWAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref TESTIGW

      VpcId: !Ref TESTVPC




  TESTPublicRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref TESTVPC

      Tags:

        - Key: Name

          Value: TEST-Public-RT


  DefaultPublicRoute:

    Type: AWS::EC2::Route

    DependsOn: TESTIGWAttachment

    Properties:

      RouteTableId: !Ref TESTPublicRT

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref TESTIGW


  TESTPrivateRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref TESTVPC

      Tags:

        - Key: Name

          Value: TEST-Private-RT


  TESTPublicSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref TESTVPC

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.0.0.0/24

      Tags:

        - Key: Name

          Value: TEST-Public-SN


  TESTPrivateSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref TESTVPC

      AvailabilityZone: !Select [ 2, !GetAZs '' ]

      CidrBlock: 10.0.1.0/24

      Tags:

        - Key: Name

          Value: TEST-Private-SN


  TESTPublicSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref TESTPublicRT

      SubnetId: !Ref TESTPublicSN



  TESTPrivateSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref TESTPrivateRT

      SubnetId: !Ref TESTPrivateSN




  TESTSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

      VpcId: !Ref TESTVPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0



  TESTPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-03b42693dc6a7dc35

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: TEST-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref TESTPublicSN

          GroupSet:

          - !Ref TESTSecurityGroup

          AssociatePublicIpAddress: true

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

            IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

            yum install -y httpd

            service httpd start

            chkconfig httpd on

            echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html



  TESTPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-03b42693dc6a7dc35

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: TEST-Private-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref TESTPrivateSN

          GroupSet:

          - !Ref TESTSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "se3"

            echo "se3"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart




<4> 다른 Cloudformation 파일 보기


https://brunch.co.kr/@topasvga/1781


감사합니다.

매거진의 이전글 20탄-3. CF - Pub1,Pri1,EC2 각 1대
브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari