brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Oct 01. 2021

20탄-9. CF -Pub1,Pri1,EC2 1개,EC

<1> Public에 EC2 1대를 생성, Private에 EC2 2대를 생성하는 것이다.

<2> CloudFormation 파일



<1> Public에 EC2 1대를 생성, Private에 EC2 2대를 생성하는 것이다.


로드밸런서 테스트시 사용한다.

public ec2에 접속후, private ec2에 접속한다!!!


ec2 keypair 1개  - ec2를 생성하므로 keypair가 필요하다.


필요 리소스 ?

VPC 1개

Public Subnet 1개

Private Sunet 1개 

Pub에 EC2 1개

Private에 EC2 2개


공통 3개

VPC

IGW

IGW Attatch


pub 관련  4개

PublicSubnet1 

PublicRouteTable 테이블

PublicRoute  0.0.0.0

PublicSubnetRouteTableAssociation1


private 관련 3개

PrivateSubnet1

PrivateRouteTable:  테이블

PrivateSubnetRouteTableAssociation1: 


EC2  관련 3개

KeyName

Instance

SecurityGroup




<2> CloudFormation 파일



# EC2   1/3

Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:

  VPC1:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.40.0.0/16

     EnableDnsSupport: true

     EnableDnsHostnames: true

     Tags:

      - Key: Name

        Value: NATInstance-VPC1


  InternetGateway1:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: NATInstance-IGW1


  InternetGatewayAttachment1:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref InternetGateway1

      VpcId: !Ref VPC1


  RouteTable1:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC1

      Tags:

        - Key: Name

          Value: NATInstance-PublicRouteTable1


  DefaultRoute1:

    Type: AWS::EC2::Route

    DependsOn: InternetGatewayAttachment1

    Properties:

      RouteTableId: !Ref RouteTable1

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref InternetGateway1


  Subnet1:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC1

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.40.1.0/24

      Tags:

        - Key: Name

          Value: NATInstance-VPC1-Subnet1


  Subnet1RouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref RouteTable1

      SubnetId: !Ref Subnet1


  RouteTable2:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC1

      Tags:

        - Key: Name

          Value: NATInstance-PrivateRouteTable1


  Subnet2:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC1

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.40.2.0/24

      Tags:

        - Key: Name

          Value: NATInstance-VPC1-Subnet2


  Subnet2RouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref RouteTable2

      SubnetId: !Ref Subnet2


  Instance1ENIEth0:

    Type: AWS::EC2::NetworkInterface

    Properties:

        SubnetId: !Ref Subnet1

        Description: Instance1 eth0

        GroupSet:

        - !Ref SG1

        PrivateIpAddress: 10.40.1.100

        Tags:

            - Key: Name

              Value: NAT-Instance eth0


  VPCEIP1:

      Type: AWS::EC2::EIP

      Properties:

          Domain: vpc

  VPCAssociateEIP1:

      Type: AWS::EC2::EIPAssociation

      Properties:

          AllocationId: !GetAtt VPCEIP1.AllocationId

          NetworkInterfaceId: !Ref Instance1ENIEth0



# EC2   2/3

  Instance1:

    Type: AWS::EC2::Instance

    Properties:

      ImageId: ami-0ded5b0f6eeead568

      InstanceType: t2.micro

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: NAT-Instance

      NetworkInterfaces:

        - NetworkInterfaceId: !Ref Instance1ENIEth0

          DeviceIndex: 0

      UserData:

        Fn::Base64: |

          #!/bin/bash

          hostname NAT-Instance

          yum -y install tcpdump iptraf



  Instance2:

    Type: AWS::EC2::Instance

    DependsOn: Instance1

    Properties:

      ImageId: ami-03b42693dc6a7dc35

      InstanceType: t2.micro

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: Private-EC2-1

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref Subnet2

          GroupSet:

          - !Ref SG2

          PrivateIpAddress: 10.40.2.101

      UserData:

        Fn::Base64: |

          #!/bin/bash

          (

          echo "qwe3"

          echo "qwe3"

          ) | passwd --stdin root

          sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

          sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

          service sshd restart

          hostnamectl --static set-hostname Private-EC2-1


  Instance3:

    Type: AWS::EC2::Instance

    DependsOn: Instance1

    Properties:

      ImageId: ami-03b42693dc6a7dc35

      InstanceType: t2.micro

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: Private-EC2-2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref Subnet2

          GroupSet:

          - !Ref SG2

          PrivateIpAddress: 10.40.2.102

      UserData:

        Fn::Base64: |

          #!/bin/bash

          (

          echo "qwe123"

          echo "qwe123"

          ) | passwd --stdin root

          sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

          sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

          service sshd restart

          hostnamectl --static set-hostname Private-EC2-2



# EC2   3/3

  SG1:

    Type: AWS::EC2::SecurityGroup

    Properties:

      VpcId: !Ref VPC1

      GroupDescription: VPC1-NATInstance-SecurityGroup

      Tags:

      - Key : Name

        Value : VPC1-NATInstance-SecurityGroup

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 10.40.0.0/16

      - IpProtocol: tcp

        FromPort: '443'

        ToPort: '443'

        CidrIp: 10.40.0.0/16

      - IpProtocol: udp

        FromPort: '0'

        ToPort: '65535'

        CidrIp: 10.40.0.0/16

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0




  SG2:

    Type: AWS::EC2::SecurityGroup

    Properties:

      VpcId: !Ref VPC1

      GroupDescription: VPC1-PrivateEC2-SecurityGroup

      Tags:

      - Key : Name

        Value : VPC1-PrivateEC2-SecurityGroup

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 10.40.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0






https://brunch.co.kr/@topasvga/1781


브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari