다음 클라우드 포메이션은
Public에 EC2 1대를 생성
Private에 EC2 1대를 생성하는 것이다.
Private EC2에서 테스트가 필요할때 사용한다.
public ec2에 접속후, private ec2에 접속한다!!!
<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성
<2> Cloudformation 코드에 들어가야 하는것
<3> Cloudformation 내용
<4> 다른 Cloudformation 파일 보기
<1> 요청 사항 - Pub1 , Pri1 Subnet , 각 서브넷에 EC2 1개 자동 생성
필요사항
VPC 1개
Public Subnet 1개
Private Sunet 1개
EC2 각 1개씩
<2> Cloudformation 코드에 들어가야 하는것
pub관련 4개
PublicSubnet1
PublicRouteTable 테이블
PublicRoute 0.0.0.0
PublicSubnetRouteTableAssociation1
private 관련 3개
PrivateSubnet1
PrivateRouteTable: 테이블
PrivateSubnetRouteTableAssociation1:
공통 3개 타입
VPC
IGW
IGW Attatch
EC2 3개
KeyName
SecurityGroup
Instance
// ec2 keypair 1개 - ec2를 생성하므로 keypair가 필요하다.
<3> Cloudformation 내용
# pub ec2 1/3
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Resources:
ServerChkVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: ServerChk-VPC
ServerChkIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ServerChk-IGW
ServerChkIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref ServerChkIGW
VpcId: !Ref ServerChkVPC
ServerChkPublicRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref ServerChkVPC
Tags:
- Key: Name
Value: ServerChk-Public-RT
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: ServerChkIGWAttachment
Properties:
RouteTableId: !Ref ServerChkPublicRT
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref ServerChkIGW
ServerChkPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref ServerChkVPC
Tags:
- Key: Name
Value: ServerChk-Private-RT
ServerChkPublicSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref ServerChkVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: ServerChk-Public-SN
ServerChkPrivateSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref ServerChkVPC
AvailabilityZone: !Select [ 2, !GetAZs '' ]
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: ServerChk-Private-SN
ServerChkPublicSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref ServerChkPublicRT
SubnetId: !Ref ServerChkPublicSN
ServerChkPrivateSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref ServerChkPrivateRT
SubnetId: !Ref ServerChkPrivateSN
# pub ec2 secuity - 2/3
ServerChkSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP
VpcId: !Ref ServerChkVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: 0.0.0.0/0
#pub EC2 3/3
ServerChkPublicEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0094965d55b3bb1ff
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: ServerChk-Public-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref ServerChkPublicSN
GroupSet:
- !Ref ServerChkSecurityGroup
AssociatePublicIpAddress: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`
yum install -y httpd
service httpd start
chkconfig httpd on
echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html
# pri ec2
ServerChkPrivateEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0094965d55b3bb1ff
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: ServerChk-Private-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref ServerChkPrivateSN
GroupSet:
- !Ref ServerChkSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
(
echo "qwe"
echo "qwe"
) | passwd --stdin root
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
service sshd restart
<4> 다른 Cloudformation 파일 보기
https://brunch.co.kr/@topasvga/1781