brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Oct 01. 2021

20탄-6. CF - Pub3,Pri3,Db2 ,EC2

<1> 요청 사항 - Pub 3 , Pri 3 , DB 2 Subnet , 각 서브넷에 EC2 1개 자동 생성

<2> Cloudformation 코드에 들어가야 하는것

<3> Cloudformation 내용

<4> 다른 Cloudformation 파일 보기



<1> 요청 사항 - Pub 3 , Pri DB 2 Subnet , 각 서브넷에 EC2 1개 자동 생성


VPC 1개

Public Subnet 3개

Private Sunet 3개 

Db Subnet 2개 



<2> Cloudformation 코드에 들어가야 하는것


pub관련  8개

PublicSubnet1 

PublicSubnet2

PublicSubnet3

PublicRouteTable 테이블

PublicRoute  0.0.0.0

PublicSubnetRouteTableAssociation1

PublicSubnetRouteTableAssociation2:

PublicSubnetRouteTableAssociation3


private 관련 7개

PrivateSubnet1

PrivateSubnet2

PrivateSubnet3

PrivateRouteTable:  테이블

PrivateSubnetRouteTableAssociation1: 

PrivateSubnetRouteTableAssociation2

PrivateSubnetRouteTableAssociation3



DB관련 5개

dbsubnert1:

dbsubnert3:

dbroutettable: 테이블

dbsubnertRouteTableAssociation1:

dbsubnertRouteTableAssociation2


공통 3개

VPC

IGW

IGW Attatch


EC2  관련 3개- public

KeyName

testSecurityGroup:

Instance


EC2  관련 1개- private

Instance





<3> Cloudformation 내용


AWSTemplateFormatVersion: 2010-09-09

Description: Deploy a VPC


Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:


#VPC1-1

  VPC:

    Type: AWS::EC2::VPC

    Properties:

      CidrBlock: 10.10.10.0/23

      EnableDnsHostnames: true

      Tags:

      - Key: Name

        Value: dev-vpc

#VPC1-2

  InternetGateway:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

      - Key: Name

        Value: igw

#VPC1-3

  AttachGateway:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      VpcId: !Ref VPC

      InternetGatewayId: !Ref InternetGateway




#Pub-subnet3-1

  PublicSubnet1:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.10.0/26

      AvailabilityZone: !Select 

        - '0'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Pub-Subnet-a


#Pri-subnet3-1

  PrivateSubnet1:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.11.0/26

      AvailabilityZone: !Select 

        - '0'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Pri-Subnet-a


#dbsubnert2-1

  dbsubnert1:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.10.192/26

      AvailabilityZone: !Select 

        - '0'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: db-subnet-a


#Pub-subnet3-2

  PublicSubnet2:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.10.64/26

      AvailabilityZone: !Select 

        - '1'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Pub-Subnet-b


 #Pri-subnet3-2       

  PrivateSubnet2:

    Type: AWS::EC2::Subnet   

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.11.64/26

      AvailabilityZone: !Select 

        - '1'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Pri-Subnet-b


#Pub-subnet3-3

  PublicSubnet3:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.10.128/26

      AvailabilityZone: !Select 

        - '2'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Pub-Subnet-c


#Pri-subnet3-3

  PrivateSubnet3:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.11.128/26

      AvailabilityZone: !Select 

        - '2'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Pri-Subnet-c


#dbsubnert2-2

  dbsubnert3:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.10.11.192/26

      AvailabilityZone: !Select 

        - '2'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: db-subnet-c


#Pub-subnet3-4

  PublicRouteTable:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC

      Tags:

        - Key: Name

          Value: Pub-rt


#Pub-subnet3-5

  PublicRoute:

    Type: AWS::EC2::Route

    Properties:

      RouteTableId: !Ref PublicRouteTable

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref InternetGateway


#Pub-subnet3-6

  PublicSubnetRouteTableAssociation1:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PublicSubnet1

      RouteTableId: !Ref PublicRouteTable


#Pub-subnet3-7

  PublicSubnetRouteTableAssociation2:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PublicSubnet2

      RouteTableId: !Ref PublicRouteTable


#Pub-subnet3-8

  PublicSubnetRouteTableAssociation3:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PublicSubnet3

      RouteTableId: !Ref PublicRouteTable


#Pri-subnet3-4

  PrivateRouteTable:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC

      Tags:

      - Key: Name

        Value: Pri-rt


#Pri-subnet3-5

  PrivateSubnetRouteTableAssociation1:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PrivateSubnet1

      RouteTableId: !Ref PrivateRouteTable


#Pri-subnet3-6

  PrivateSubnetRouteTableAssociation2:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PrivateSubnet2

      RouteTableId: !Ref PrivateRouteTable


#Pri-subnet3-7

  PrivateSubnetRouteTableAssociation3:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PrivateSubnet3

      RouteTableId: !Ref PrivateRouteTable      


#dbsubnert2-3  

  dbroutettable:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC

      Tags:

      - Key: Name

        Value: db-rt  


#dbsubnert2-4

  dbsubnertRouteTableAssociation1:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref dbsubnert1

      RouteTableId: !Ref dbroutettable


 #dbsubnert2-5

  dbsubnertRouteTableAssociation3:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref dbsubnert3

      RouteTableId: !Ref dbroutettable


      

  testSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22

      VpcId: !Ref VPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0




  testPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-03b42693dc6a7dc35

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: test-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref PublicSubnet1

          GroupSet:

          - !Ref testSecurityGroup

          AssociatePublicIpAddress: true


  testPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-03b42693dc6a7dc35

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: test-Private-EC2-1

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref PrivateSubnet1

          GroupSet:

          - !Ref testSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "sss"

            echo "sss"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart

            hostnamectl --static set-hostname test-Private-EC2-1            

 


 VPC1Instance2:

    Type: AWS::EC2::Instance

    Properties:

      ImageId: ami-03b42693dc6a7dc35

      InstanceType: t2.micro

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: test-Private-EC2-2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref PrivateSubnet3

          GroupSet:

          - !Ref testSecurityGroup          

      UserData:

        Fn::Base64: |

          #!/bin/bash

          (

          echo "sssq3"

          echo "sssq3"

          ) | passwd --stdin root

          sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

          sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

          service sshd restart

          hostnamectl --static set-hostname test-Private-EC2-2                              



Outputs:

  VPC:

    Description: VPC

    Value: !Ref VPC


  AZ1:

    Description: Availability Zone 1

    Value: !GetAtt

      - PublicSubnet1

      - AvailabilityZone


  AZ2:

    Description: Availability Zone 2

    Value: !GetAtt

      - PublicSubnet2

      - AvailabilityZone


  AZ3:

    Description: Availability Zone 2

    Value: !GetAtt

      - PublicSubnet3

      - AvailabilityZone




<4> 다른 Cloudformation 파일 보기


https://brunch.co.kr/@topasvga/1781


브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari