20탄-8.CF - Pub1,Pri1, EC2 각 1대

다음 클라우드 포메이션은   

Public에 EC2 1대를 생성

Private에 EC2 1대를 생성하는 것이다.

Private EC2에서 테스트가 필요할때 사용한다.

public ec2에 접속후, private ec2에 접속한다!!!

<1> 요청 사항 - Pub1 , Pri1  Subnet , 각 서브넷에 EC2 1개 자동 생성

<2> Cloudformation 코드에 들어가야 하는것

<3> Cloudformation 내용

<4> 다른 Cloudformation 파일 보기

<1> 요청 사항 - Pub1 , Pri1  Subnet , 각 서브넷에 EC2 1개 자동 생성

필요사항 

VPC 1개

Public Subnet 1개

Private Sunet 1개 

EC2 각 1개씩

<2> Cloudformation 코드에 들어가야 하는것

pub관련  4개

PublicSubnet1 

PublicRouteTable 테이블

PublicRoute  0.0.0.0

PublicSubnetRouteTableAssociation1

private 관련 3개

PrivateSubnet1

PrivateRouteTable:  테이블

PrivateSubnetRouteTableAssociation1: 

공통 3개 타입

VPC

IGW

IGW Attatch

EC2  3개

KeyName

SecurityGroup

Instance

// ec2 keypair 1개  - ec2를 생성하므로 keypair가 필요하다.

<3> Cloudformation 내용

# pub ec2  1/3

Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.

Resources:

  ServerChkVPC:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.0.0.0/16

     EnableDnsSupport: true

     EnableDnsHostnames: true

     Tags:

        - Key: Name

          Value: ServerChk-VPC

  ServerChkIGW:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: ServerChk-IGW

  ServerChkIGWAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref ServerChkIGW

      VpcId: !Ref ServerChkVPC

  ServerChkPublicRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref ServerChkVPC

      Tags:

        - Key: Name

          Value: ServerChk-Public-RT

  DefaultPublicRoute:

    Type: AWS::EC2::Route

    DependsOn: ServerChkIGWAttachment

    Properties:

      RouteTableId: !Ref ServerChkPublicRT

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref ServerChkIGW

  ServerChkPrivateRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref ServerChkVPC

      Tags:

        - Key: Name

          Value: ServerChk-Private-RT

  ServerChkPublicSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref ServerChkVPC

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.0.0.0/24

      Tags:

        - Key: Name

          Value: ServerChk-Public-SN

  ServerChkPrivateSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref ServerChkVPC

      AvailabilityZone: !Select [ 2, !GetAZs '' ]

      CidrBlock: 10.0.1.0/24

      Tags:

        - Key: Name

          Value: ServerChk-Private-SN

  ServerChkPublicSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref ServerChkPublicRT

      SubnetId: !Ref ServerChkPublicSN

  ServerChkPrivateSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref ServerChkPrivateRT

      SubnetId: !Ref ServerChkPrivateSN

# pub ec2 secuity  - 2/3

  ServerChkSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

      VpcId: !Ref ServerChkVPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0

#pub EC2    3/3

  ServerChkPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: ServerChk-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref ServerChkPublicSN

          GroupSet:

          - !Ref ServerChkSecurityGroup

          AssociatePublicIpAddress: true

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

            IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

            yum install -y httpd

            service httpd start

            chkconfig httpd on

            echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html

# pri ec2

  ServerChkPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: ServerChk-Private-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref ServerChkPrivateSN

          GroupSet:

          - !Ref ServerChkSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "qwe"

            echo "qwe"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart

<4> 다른 Cloudformation 파일 보기

https://brunch.co.kr/@topasvga/1781

(몰아보기) CloudFormation