20탄-6. CF - Pub3,Pri3,Db2 ,EC2
<1> 요청 사항 - Pub 3 , Pri 3 , DB 2 Subnet , 각 서브넷에 EC2 1개 자동 생성
<2> Cloudformation 코드에 들어가야 하는것
<3> Cloudformation 내용
<4> 다른 Cloudformation 파일 보기
<1> 요청 사항 - Pub 3 , Pri 3 , DB 2 Subnet , 각 서브넷에 EC2 1개 자동 생성
VPC 1개
Public Subnet 3개
Private Sunet 3개
Db Subnet 2개
<2> Cloudformation 코드에 들어가야 하는것
pub관련 8개
PublicSubnet1
PublicSubnet2
PublicSubnet3
PublicRouteTable 테이블
PublicRoute 0.0.0.0
PublicSubnetRouteTableAssociation1
PublicSubnetRouteTableAssociation2:
PublicSubnetRouteTableAssociation3
private 관련 7개
PrivateSubnet1
PrivateSubnet2
PrivateSubnet3
PrivateRouteTable: 테이블
PrivateSubnetRouteTableAssociation1:
PrivateSubnetRouteTableAssociation2
PrivateSubnetRouteTableAssociation3
DB관련 5개
dbsubnert1:
dbsubnert3:
dbroutettable: 테이블
dbsubnertRouteTableAssociation1:
dbsubnertRouteTableAssociation2
공통 3개
VPC
IGW
IGW Attatch
EC2 관련 3개- public
KeyName
testSecurityGroup:
Instance
EC2 관련 1개- private
Instance
<3> Cloudformation 내용
AWSTemplateFormatVersion: 2010-09-09
Description: Deploy a VPC
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Resources:
#VPC1-1
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.10.10.0/23
EnableDnsHostnames: true
Tags:
- Key: Name
Value: dev-vpc
#VPC1-2
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: igw
#VPC1-3
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
#Pub-subnet3-1
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.10.0/26
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Name
Value: Pub-Subnet-a
#Pri-subnet3-1
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.11.0/26
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Name
Value: Pri-Subnet-a
#dbsubnert2-1
dbsubnert1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.10.192/26
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Name
Value: db-subnet-a
#Pub-subnet3-2
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.10.64/26
AvailabilityZone: !Select
- '1'
- !GetAZs ''
Tags:
- Key: Name
Value: Pub-Subnet-b
#Pri-subnet3-2
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.11.64/26
AvailabilityZone: !Select
- '1'
- !GetAZs ''
Tags:
- Key: Name
Value: Pri-Subnet-b
#Pub-subnet3-3
PublicSubnet3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.10.128/26
AvailabilityZone: !Select
- '2'
- !GetAZs ''
Tags:
- Key: Name
Value: Pub-Subnet-c
#Pri-subnet3-3
PrivateSubnet3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.11.128/26
AvailabilityZone: !Select
- '2'
- !GetAZs ''
Tags:
- Key: Name
Value: Pri-Subnet-c
#dbsubnert2-2
dbsubnert3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.10.11.192/26
AvailabilityZone: !Select
- '2'
- !GetAZs ''
Tags:
- Key: Name
Value: db-subnet-c
#Pub-subnet3-4
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Pub-rt
#Pub-subnet3-5
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
#Pub-subnet3-6
PublicSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
#Pub-subnet3-7
PublicSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable
#Pub-subnet3-8
PublicSubnetRouteTableAssociation3:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet3
RouteTableId: !Ref PublicRouteTable
#Pri-subnet3-4
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Pri-rt
#Pri-subnet3-5
PrivateSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1
RouteTableId: !Ref PrivateRouteTable
#Pri-subnet3-6
PrivateSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet2
RouteTableId: !Ref PrivateRouteTable
#Pri-subnet3-7
PrivateSubnetRouteTableAssociation3:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet3
RouteTableId: !Ref PrivateRouteTable
#dbsubnert2-3
dbroutettable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: db-rt
#dbsubnert2-4
dbsubnertRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref dbsubnert1
RouteTableId: !Ref dbroutettable
#dbsubnert2-5
dbsubnertRouteTableAssociation3:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref dbsubnert3
RouteTableId: !Ref dbroutettable
testSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
testPublicEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-03b42693dc6a7dc35
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: test-Public-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref PublicSubnet1
GroupSet:
- !Ref testSecurityGroup
AssociatePublicIpAddress: true
testPrivateEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-03b42693dc6a7dc35
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: test-Private-EC2-1
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref PrivateSubnet1
GroupSet:
- !Ref testSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
(
echo "sss"
echo "sss"
) | passwd --stdin root
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
service sshd restart
hostnamectl --static set-hostname test-Private-EC2-1
VPC1Instance2:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-03b42693dc6a7dc35
InstanceType: t2.micro
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: test-Private-EC2-2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref PrivateSubnet3
GroupSet:
- !Ref testSecurityGroup
UserData:
Fn::Base64: |
#!/bin/bash
(
echo "sssq3"
echo "sssq3"
) | passwd --stdin root
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
service sshd restart
hostnamectl --static set-hostname test-Private-EC2-2
Outputs:
VPC:
Description: VPC
Value: !Ref VPC
AZ1:
Description: Availability Zone 1
Value: !GetAtt
- PublicSubnet1
- AvailabilityZone
AZ2:
Description: Availability Zone 2
Value: !GetAtt
- PublicSubnet2
- AvailabilityZone
AZ3:
Description: Availability Zone 2
Value: !GetAtt
- PublicSubnet3
- AvailabilityZone
<4> 다른 Cloudformation 파일 보기
https://brunch.co.kr/@topasvga/1781
