brunch
매거진 클라우드 포메이션 AWS

20탄-8.CF - Pub1,Pri1, EC2 각 1대

by Master Seo
Oct 1. 2021

다음 클라우드 포메이션은

Public에 EC2 1대를 생성

Private에 EC2 1대를 생성하는 것이다.


Private EC2에서 테스트가 필요할때 사용한다.

public ec2에 접속후, private ec2에 접속한다!!!


<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성

<2> Cloudformation 코드에 들어가야 하는것

<3> Cloudformation 내용

<4> 다른 Cloudformation 파일 보기



<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성


필요사항

VPC 1개

Public Subnet 1개

Private Sunet 1개

EC2 각 1개씩



<2> Cloudformation 코드에 들어가야 하는것


pub관련 4개

PublicSubnet1

PublicRouteTable 테이블

PublicRoute 0.0.0.0

PublicSubnetRouteTableAssociation1


private 관련 3개

PrivateSubnet1

PrivateRouteTable: 테이블

PrivateSubnetRouteTableAssociation1:


공통 3개 타입

VPC

IGW

IGW Attatch


EC2 3개

KeyName

SecurityGroup

Instance

// ec2 keypair 1개 - ec2를 생성하므로 keypair가 필요하다.


3 ec2 2.png



<3> Cloudformation 내용


# pub ec2 1/3

Parameters:

KeyName:

Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

Type: AWS::EC2::KeyPair::KeyName

ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:

ServerChkVPC:

Type: AWS::EC2::VPC

Properties:

CidrBlock: 10.0.0.0/16

EnableDnsSupport: true

EnableDnsHostnames: true

Tags:

- Key: Name

Value: ServerChk-VPC


ServerChkIGW:

Type: AWS::EC2::InternetGateway

Properties:

Tags:

- Key: Name

Value: ServerChk-IGW


ServerChkIGWAttachment:

Type: AWS::EC2::VPCGatewayAttachment

Properties:

InternetGatewayId: !Ref ServerChkIGW

VpcId: !Ref ServerChkVPC



ServerChkPublicRT:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref ServerChkVPC

Tags:

- Key: Name

Value: ServerChk-Public-RT


DefaultPublicRoute:

Type: AWS::EC2::Route

DependsOn: ServerChkIGWAttachment

Properties:

RouteTableId: !Ref ServerChkPublicRT

DestinationCidrBlock: 0.0.0.0/0

GatewayId: !Ref ServerChkIGW


ServerChkPrivateRT:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref ServerChkVPC

Tags:

- Key: Name

Value: ServerChk-Private-RT


ServerChkPublicSN:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref ServerChkVPC

AvailabilityZone: !Select [ 0, !GetAZs '' ]

CidrBlock: 10.0.0.0/24

Tags:

- Key: Name

Value: ServerChk-Public-SN


ServerChkPrivateSN:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref ServerChkVPC

AvailabilityZone: !Select [ 2, !GetAZs '' ]

CidrBlock: 10.0.1.0/24

Tags:

- Key: Name

Value: ServerChk-Private-SN


ServerChkPublicSNRouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

RouteTableId: !Ref ServerChkPublicRT

SubnetId: !Ref ServerChkPublicSN

ServerChkPrivateSNRouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

RouteTableId: !Ref ServerChkPrivateRT

SubnetId: !Ref ServerChkPrivateSN


# pub ec2 secuity - 2/3

ServerChkSecurityGroup:

Type: AWS::EC2::SecurityGroup

Properties:

GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

VpcId: !Ref ServerChkVPC

SecurityGroupIngress:

- IpProtocol: tcp

FromPort: '80'

ToPort: '80'

CidrIp: 0.0.0.0/0

- IpProtocol: tcp

FromPort: '22'

ToPort: '22'

CidrIp: 0.0.0.0/0

- IpProtocol: icmp

FromPort: -1

ToPort: -1

CidrIp: 0.0.0.0/0



#pub EC2 3/3

ServerChkPublicEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: t2.micro

ImageId: ami-0094965d55b3bb1ff

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: ServerChk-Public-EC2

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref ServerChkPublicSN

GroupSet:

- !Ref ServerChkSecurityGroup

AssociatePublicIpAddress: true

UserData:

Fn::Base64:

!Sub |

#!/bin/bash

AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

yum install -y httpd

service httpd start

chkconfig httpd on

echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html



# pri ec2

ServerChkPrivateEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: t2.micro

ImageId: ami-0094965d55b3bb1ff

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: ServerChk-Private-EC2

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref ServerChkPrivateSN

GroupSet:

- !Ref ServerChkSecurityGroup

UserData:

Fn::Base64:

!Sub |

#!/bin/bash

(

echo "qwe"

echo "qwe"

) | passwd --stdin root

sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

service sshd restart



<4> 다른 Cloudformation 파일 보기


https://brunch.co.kr/@topasvga/1781

(몰아보기) CloudFormation

https://brunch.co.kr/@topasvga/748 https://brunch.co.kr/@topasvga/1909 https://brunch.co.kr/@topasvga/1910 https://brunch.co.kr/@topasvga/1911 https://brunch.co.kr/@topasvga/1912 https://brunch.

https://brunch.co.kr/@topasvga/1781

 


keyword
Master Seo 소속 클라우드전문가카페 직업 엔지니어 프로필

전) 네이버 엔지니어 7년, 네이버 클라우드 공인강사,마스터, PRO , AWS아키프로, Google프로아키, Azure어드민, CCNP, 맛집,여행 전문가, 좋은 기운을 주는사람

구독자 2,546
매거진의 이전글20탄-7. CF -Pub1,Pri1,NAT 1개