네트워크를 알아야 자동화를 구현할수 있습니다!!
<1> 자동으로 만들어 지는 리소스?
<2> Cloud Formation 파일
<3> 다른 CloudFormation 예제
<4> 테스트후 매일 리소스 삭제는 필수 입니다.
<5> 다음은 Cloud9 이라는 개발 환경을 만들어 보자~
<1> 자동으로 만들어 지는 리소스?
1
네트워크 구축 리소스 ?
VPC CidrBlock: 10.0.0.0/16
InternetGateway
PublicSubnet1: CidrBlock: 10.0.0.0/24
PublicSubnet2: CidrBlock: 10.0.0.0/24
PrivateSubnet1: CidrBlock: 10.0.1.0/24
PrivateSubnet2: CidrBlock: 10.0.3.0/24
PublicRouteTable:
PublicRoute: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway
2
NAT 리소스 는?
NATGW01: NATGW
EIP: 공인 고정IP로 NAT 가 외부로 나갈때 사용되는 공인IP이다.
PrivateRoute: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGW01
3
로드 밸런서 리소스는 ?
LoadBalancer
TargetGroup
Listener
<2> Cloud Formation 파일
ECS서비스를 위한 네트워크 구축 CloudFormation 입니다.
10분만에 네트워크, nat, 로드밸런서까지 한번에 자동으로 만들어 줍니다.
한번 사용해 보세요~
AWS CloudFormation 서비스를 사용하면 됩니다.
AWSTemplateFormatVersion: 2010-09-09
Description: Deploy a VPC
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
Tags:
- Key: Name
Value: Lab VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: Lab Internet Gateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.0.0/24
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Name
Value: Public Subnet 1
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: !Select
- '1'
- !GetAZs ''
Tags:
- Key: Name
Value: Public Subnet 2
# 1
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Name
Value: Private Subnet 1
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.3.0/24
AvailabilityZone: !Select
- '1'
- !GetAZs ''
Tags:
- Key: Name
Value: Private Subnet 2
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public Route Table
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
PublicSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable
# nat1
NATGW01:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt EIP.AllocationId
SubnetId: !Ref PrivateSubnet1
# nat2
EIP:
DependsOn: AttachGateway
Type: AWS::EC2::EIP
Properties:
Domain: vpc
# 2
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private Route Table
# nat 3
PrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGW01
# 3
PrivateSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1
RouteTableId: !Ref PrivateRouteTable
PrivateSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet2
RouteTableId: !Ref PrivateRouteTable
albSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
instanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: 0.0.0.0/0
# ALB
ALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Name: VPC1-Seoul-AWS-ALB
SecurityGroups:
- !Ref albSecurityGroup
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
ALBTG:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: ALBTG
Port: 80
Protocol: HTTP
HealthCheckIntervalSeconds: 10
HealthyThresholdCount: 3
UnhealthyThresholdCount: 3
VpcId: !Ref VPC
Tags:
- Key : Name
Value : VPC1-Seoul-AWS-ALBTG
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ALBTG
LoadBalancerArn: !Ref ALB
Port: 80
Protocol: HTTP
Outputs:
VPC:
Description: VPC
Value: !Ref VPC
AZ1:
Description: Availability Zone 1
Value: !GetAtt
- PublicSubnet1
- AvailabilityZone
Ecs실습은 이 책 참고 하세요.
<3> 다른 CloudFormation 예제
<4> 테스트후 매일 리소스 삭제는 필수 입니다.
클라우드 포메이션을 삭제
VPC가서 삭제 되었는지 확인 필수 입니다.
https://brunch.co.kr/@topasvga/342
<5> 다음은 Cloud9 이라는 개발 환경을 만들어 보자~
개발 환경을 계속 동일한 환경에서 작업해야 오류가 적다.
감사합니다.