brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Jan 02. 2022

(몰아보기) 4탄-ECS를 위한 네트워크 구축-1/4




네트워크를 알아야 자동화를 구현할수 있습니다!!


<1> 자동으로 만들어 지는 리소스?

<2> Cloud Formation  파일

<3> 다른 CloudFormation  예제

<4> 테스트후 매일 리소스 삭제는 필수 입니다.

<5> 다음은  Cloud9 이라는 개발 환경을 만들어 보자~



<1> 자동으로 만들어 지는 리소스?


1

네트워크 구축  리소스 ?

VPC CidrBlock: 10.0.0.0/16

InternetGateway

PublicSubnet1:    CidrBlock: 10.0.0.0/24

PublicSubnet2:      CidrBlock: 10.0.0.0/24

PrivateSubnet1:      CidrBlock: 10.0.1.0/24

PrivateSubnet2:      CidrBlock: 10.0.3.0/24

PublicRouteTable:

PublicRoute:      DestinationCidrBlock: 0.0.0.0/0      GatewayId: !Ref InternetGateway


2

NAT 리소스 는?

NATGW01: NATGW  

EIP:  공인 고정IP로  NAT 가 외부로 나갈때 사용되는 공인IP이다.

PrivateRoute:    DestinationCidrBlock: 0.0.0.0/0       NatGatewayId: !Ref NATGW01


3

로드 밸런서 리소스는 ?

LoadBalancer

TargetGroup

Listener




<2> Cloud Formation  파일


ECS서비스를 위한 네트워크 구축 CloudFormation  입니다.

10분만에 네트워크, nat, 로드밸런서까지 한번에 자동으로 만들어 줍니다.

한번 사용해 보세요~



AWS CloudFormation 서비스를 사용하면 됩니다.



AWSTemplateFormatVersion: 2010-09-09

Description: Deploy a VPC


Resources:

  VPC:

    Type: AWS::EC2::VPC

    Properties:

      CidrBlock: 10.0.0.0/16

      EnableDnsHostnames: true

      Tags:

      - Key: Name

        Value: Lab VPC


  InternetGateway:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

      - Key: Name

        Value: Lab Internet Gateway


  AttachGateway:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      VpcId: !Ref VPC

      InternetGatewayId: !Ref InternetGateway



  PublicSubnet1:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.0.0.0/24

      AvailabilityZone: !Select

        - '0'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Public Subnet 1  


  PublicSubnet2:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.0.2.0/24

      AvailabilityZone: !Select

        - '1'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Public Subnet 2


# 1

  PrivateSubnet1:

    Type: AWS::EC2::Subnet    

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.0.1.0/24

      AvailabilityZone: !Select

        - '0'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Private Subnet 1


  PrivateSubnet2:

    Type: AWS::EC2::Subnet    

    Properties:

      VpcId: !Ref VPC

      CidrBlock: 10.0.3.0/24

      AvailabilityZone: !Select

        - '1'

        - !GetAZs ''

      Tags:

        - Key: Name

          Value: Private Subnet 2          


  PublicRouteTable:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC

      Tags:

        - Key: Name

          Value: Public Route Table


  PublicRoute:

    Type: AWS::EC2::Route

    Properties:

      RouteTableId: !Ref PublicRouteTable

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref InternetGateway


  PublicSubnetRouteTableAssociation1:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PublicSubnet1

      RouteTableId: !Ref PublicRouteTable


  PublicSubnetRouteTableAssociation2:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PublicSubnet2

      RouteTableId: !Ref PublicRouteTable      


# nat1

  NATGW01:

    Type: AWS::EC2::NatGateway    

    Properties:

      AllocationId: !GetAtt EIP.AllocationId

      SubnetId: !Ref PrivateSubnet1


# nat2

  EIP:

    DependsOn: AttachGateway

    Type: AWS::EC2::EIP    

    Properties:

      Domain: vpc


# 2

  PrivateRouteTable:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref VPC

      Tags:

      - Key: Name

        Value: Private Route Table  


# nat 3

  PrivateRoute:

    Type: AWS::EC2::Route    

    Properties:

      RouteTableId: !Ref PrivateRouteTable

      DestinationCidrBlock: 0.0.0.0/0

      NatGatewayId: !Ref NATGW01


# 3

  PrivateSubnetRouteTableAssociation1:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PrivateSubnet1

      RouteTableId: !Ref PrivateRouteTable      

  PrivateSubnetRouteTableAssociation2:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      SubnetId: !Ref PrivateSubnet2

      RouteTableId: !Ref PrivateRouteTable         

   

  albSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80

      VpcId: !Ref VPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0


  instanceSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

      VpcId: !Ref VPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0



# ALB

  ALB:

    Type: AWS::ElasticLoadBalancingV2::LoadBalancer

    Properties:

      Scheme: internet-facing

      Name: VPC1-Seoul-AWS-ALB

      SecurityGroups:

        - !Ref albSecurityGroup

      Subnets:

        - !Ref PublicSubnet1

        - !Ref PublicSubnet2


  ALBTG:

    Type: AWS::ElasticLoadBalancingV2::TargetGroup

    Properties:

      Name: ALBTG

      Port: 80

      Protocol: HTTP

      HealthCheckIntervalSeconds: 10

      HealthyThresholdCount: 3

      UnhealthyThresholdCount: 3

      VpcId: !Ref VPC

      Tags:

      - Key : Name

        Value : VPC1-Seoul-AWS-ALBTG


  ALBListener:

    Type: AWS::ElasticLoadBalancingV2::Listener

    Properties:

      DefaultActions:

        - Type: forward

          TargetGroupArn: !Ref ALBTG

      LoadBalancerArn: !Ref ALB

      Port: 80

      Protocol: HTTP      

Outputs:

  VPC:

    Description: VPC

    Value: !Ref VPC

  AZ1:

    Description: Availability Zone 1

    Value: !GetAtt

      - PublicSubnet1

      - AvailabilityZone



Ecs실습은 이 책 참고 하세요.

https://brunch.co.kr/@topasvga/2077


https://brunch.co.kr/@topasvga/1595



<3> 다른 CloudFormation  예제


https://brunch.co.kr/@topasvga/1781




<4> 테스트후 매일 리소스 삭제는 필수 입니다.


클라우드 포메이션을 삭제

VPC가서 삭제 되었는지 확인 필수 입니다.


https://brunch.co.kr/@topasvga/342



<5> 다음은  Cloud9 이라는 개발 환경을 만들어 보자~


개발 환경을 계속 동일한 환경에서 작업해야 오류가 적다.


https://brunch.co.kr/@topasvga/2087



감사합니다.

브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari