20탄-6. CF - Pub3,Pri3,Db2 ,EC2

<1> 요청 사항 - Pub 3 , Pri 3 , DB 2 Subnet , 각 서브넷에 EC2 1개 자동 생성

<2> Cloudformation 코드에 들어가야 하는것

<3> Cloudformation 내용

<4> 다른 Cloudformation 파일 보기

<1> 요청 사항 - Pub 3 , Pri 3 , DB 2 Subnet , 각 서브넷에 EC2 1개 자동 생성

VPC 1개

Public Subnet 3개

Private Sunet 3개

Db Subnet 2개

<2> Cloudformation 코드에 들어가야 하는것

pub관련 8개

PublicSubnet1

PublicSubnet2

PublicSubnet3

PublicRouteTable 테이블

PublicRoute 0.0.0.0

PublicSubnetRouteTableAssociation1

PublicSubnetRouteTableAssociation2:

PublicSubnetRouteTableAssociation3

private 관련 7개

PrivateSubnet1

PrivateSubnet2

PrivateSubnet3

PrivateRouteTable: 테이블

PrivateSubnetRouteTableAssociation1:

PrivateSubnetRouteTableAssociation2

PrivateSubnetRouteTableAssociation3

DB관련 5개

dbsubnert1:

dbsubnert3:

dbroutettable: 테이블

dbsubnertRouteTableAssociation1:

dbsubnertRouteTableAssociation2

공통 3개

VPC

IGW

IGW Attatch

EC2 관련 3개- public

KeyName

testSecurityGroup:

Instance

EC2 관련 1개- private

Instance

<3> Cloudformation 내용

AWSTemplateFormatVersion: 2010-09-09

Description: Deploy a VPC

Parameters:

KeyName:

Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

Type: AWS::EC2::KeyPair::KeyName

ConstraintDescription: must be the name of an existing EC2 KeyPair.

Resources:

#VPC1-1

VPC:

Type: AWS::EC2::VPC

Properties:

CidrBlock: 10.10.10.0/23

EnableDnsHostnames: true

Tags:

- Key: Name

Value: dev-vpc

#VPC1-2

InternetGateway:

Type: AWS::EC2::InternetGateway

Properties:

Tags:

- Key: Name

Value: igw

#VPC1-3

AttachGateway:

Type: AWS::EC2::VPCGatewayAttachment

Properties:

VpcId: !Ref VPC

InternetGatewayId: !Ref InternetGateway

#Pub-subnet3-1

PublicSubnet1:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.10.0/26

AvailabilityZone: !Select

- '0'

- !GetAZs ''

Tags:

- Key: Name

Value: Pub-Subnet-a

#Pri-subnet3-1

PrivateSubnet1:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.11.0/26

AvailabilityZone: !Select

- '0'

- !GetAZs ''

Tags:

- Key: Name

Value: Pri-Subnet-a

#dbsubnert2-1

dbsubnert1:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.10.192/26

AvailabilityZone: !Select

- '0'

- !GetAZs ''

Tags:

- Key: Name

Value: db-subnet-a

#Pub-subnet3-2

PublicSubnet2:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.10.64/26

AvailabilityZone: !Select

- '1'

- !GetAZs ''

Tags:

- Key: Name

Value: Pub-Subnet-b

#Pri-subnet3-2

PrivateSubnet2:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.11.64/26

AvailabilityZone: !Select

- '1'

- !GetAZs ''

Tags:

- Key: Name

Value: Pri-Subnet-b

#Pub-subnet3-3

PublicSubnet3:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.10.128/26

AvailabilityZone: !Select

- '2'

- !GetAZs ''

Tags:

- Key: Name

Value: Pub-Subnet-c

#Pri-subnet3-3

PrivateSubnet3:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.11.128/26

AvailabilityZone: !Select

- '2'

- !GetAZs ''

Tags:

- Key: Name

Value: Pri-Subnet-c

#dbsubnert2-2

dbsubnert3:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref VPC

CidrBlock: 10.10.11.192/26

AvailabilityZone: !Select

- '2'

- !GetAZs ''

Tags:

- Key: Name

Value: db-subnet-c

#Pub-subnet3-4

PublicRouteTable:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref VPC

Tags:

- Key: Name

Value: Pub-rt

#Pub-subnet3-5

PublicRoute:

Type: AWS::EC2::Route

Properties:

RouteTableId: !Ref PublicRouteTable

DestinationCidrBlock: 0.0.0.0/0

GatewayId: !Ref InternetGateway

#Pub-subnet3-6

PublicSubnetRouteTableAssociation1:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PublicSubnet1

RouteTableId: !Ref PublicRouteTable

#Pub-subnet3-7

PublicSubnetRouteTableAssociation2:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PublicSubnet2

RouteTableId: !Ref PublicRouteTable

#Pub-subnet3-8

PublicSubnetRouteTableAssociation3:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PublicSubnet3

RouteTableId: !Ref PublicRouteTable

#Pri-subnet3-4

PrivateRouteTable:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref VPC

Tags:

- Key: Name

Value: Pri-rt

#Pri-subnet3-5

PrivateSubnetRouteTableAssociation1:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PrivateSubnet1

RouteTableId: !Ref PrivateRouteTable

#Pri-subnet3-6

PrivateSubnetRouteTableAssociation2:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PrivateSubnet2

RouteTableId: !Ref PrivateRouteTable

#Pri-subnet3-7

PrivateSubnetRouteTableAssociation3:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref PrivateSubnet3

RouteTableId: !Ref PrivateRouteTable

#dbsubnert2-3

dbroutettable:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref VPC

Tags:

- Key: Name

Value: db-rt

#dbsubnert2-4

dbsubnertRouteTableAssociation1:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref dbsubnert1

RouteTableId: !Ref dbroutettable

#dbsubnert2-5

dbsubnertRouteTableAssociation3:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

SubnetId: !Ref dbsubnert3

RouteTableId: !Ref dbroutettable

testSecurityGroup:

Type: AWS::EC2::SecurityGroup

Properties:

GroupDescription: Enable HTTP access via port 80 and SSH access via port 22

VpcId: !Ref VPC

SecurityGroupIngress:

- IpProtocol: tcp

FromPort: '80'

ToPort: '80'

CidrIp: 0.0.0.0/0

- IpProtocol: tcp

FromPort: '22'

ToPort: '22'

CidrIp: 0.0.0.0/0

testPublicEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: t2.micro

ImageId: ami-03b42693dc6a7dc35

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: test-Public-EC2

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref PublicSubnet1

GroupSet:

- !Ref testSecurityGroup

AssociatePublicIpAddress: true

testPrivateEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: t2.micro

ImageId: ami-03b42693dc6a7dc35

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: test-Private-EC2-1

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref PrivateSubnet1

GroupSet:

- !Ref testSecurityGroup

UserData:

Fn::Base64:

!Sub |

#!/bin/bash

(

echo "sss"

echo "sss"

) | passwd --stdin root

sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

service sshd restart

hostnamectl --static set-hostname test-Private-EC2-1

VPC1Instance2:

Type: AWS::EC2::Instance

Properties:

ImageId: ami-03b42693dc6a7dc35

InstanceType: t2.micro

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: test-Private-EC2-2

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref PrivateSubnet3

GroupSet:

- !Ref testSecurityGroup

UserData:

Fn::Base64: |

#!/bin/bash

(

echo "sssq3"

echo "sssq3"

) | passwd --stdin root

sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

service sshd restart

hostnamectl --static set-hostname test-Private-EC2-2

Outputs:

VPC:

Description: VPC

Value: !Ref VPC

AZ1:

Description: Availability Zone 1

Value: !GetAtt

- PublicSubnet1

- AvailabilityZone

AZ2:

Description: Availability Zone 2

Value: !GetAtt

- PublicSubnet2

- AvailabilityZone

AZ3:

Description: Availability Zone 2

Value: !GetAtt

- PublicSubnet3

- AvailabilityZone

<4> 다른 Cloudformation 파일 보기

https://brunch.co.kr/@topasvga/1781

(몰아보기) CloudFormation