brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Nov 03. 2019

 20탄-CF-Pub1,pri1,nat1,ec2 1대

<1> 문제점

<2> 개선방향

<3> 사용법

<4> 생성 완료된 내용 확인




<1> 문제점


기존에 웹 콘솔로 신규 vpc와 subnet, nat,EC2  구축하는데 2시간이 걸렸다.




<2> 개선방향


cloudformation으로  10분 안에 만들어보자




<3> 사용법


1. cloudformation   > create stack







2. 파일 업로드해서 구축한다.


public  subnet 1, private  subnet1, EIP , NAT  , EC2 각 1개씩  구성을 해보자.



Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:

  CloudNetaVPC:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.0.0.0/16

     EnableDnsSupport: true

     EnableDnsHostnames: true

     Tags:

        - Key: Name

          Value: CloudNeta-VPC


  CloudNetaIGW:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: CloudNeta-IGW


  CloudNetaIGWAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref CloudNetaIGW

      VpcId: !Ref CloudNetaVPC


  CloudNetaPublicRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref CloudNetaVPC

      Tags:

        - Key: Name

          Value: CloudNeta-Public-RT


  DefaultPublicRoute:

    Type: AWS::EC2::Route

    DependsOn: CloudNetaIGWAttachment

    Properties:

      RouteTableId: !Ref CloudNetaPublicRT

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref CloudNetaIGW


  CloudNetaPrivateRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref CloudNetaVPC

      Tags:

        - Key: Name

          Value: CloudNeta-Private-RT


  CloudNetaPublicSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref CloudNetaVPC

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.0.0.0/24

      Tags:

        - Key: Name

          Value: CloudNeta-Public-SN


  CloudNetaPrivateSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref CloudNetaVPC

      AvailabilityZone: !Select [ 2, !GetAZs '' ]

      CidrBlock: 10.0.1.0/24

      Tags:

        - Key: Name

          Value: CloudNeta-Private-SN


  CloudNetaPublicSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref CloudNetaPublicRT

      SubnetId: !Ref CloudNetaPublicSN


  CloudNetaPrivateSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref CloudNetaPrivateRT

      SubnetId: !Ref CloudNetaPrivateSN


  CloudNetaSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

      VpcId: !Ref CloudNetaVPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0


  CloudNetaPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: CloudNeta-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref CloudNetaPublicSN

          GroupSet:

          - !Ref CloudNetaSecurityGroup

          AssociatePublicIpAddress: true

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

            IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

            yum install -y httpd

            service httpd start

            chkconfig httpd on

            echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html


  CloudNetaPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: CloudNeta-Private-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref CloudNetaPrivateSN

          GroupSet:

          - !Ref CloudNetaSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "q222"

            echo "q222"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart





3

참고


CloudFormation 템플릿 전체 모여진곳

https://docs.aws.amazon.com/ko_kr/AWSCloudFormation/latest/UserGuide/cfn-sample-templates.html




4

참고 사이트

https://github.com/PacktPublishing/AWS-Networking-Cookbook/blob/master/Chapter05/CFT-vpc1.json



public  subnet 1, private  subnet1, EIP NAT  , EC2 각 1개씩  구성을 해보자.



진행상태를 확인할 수 있다.




생성 완료를 확인하자.








<4> 생성 완료된 내용 확인


public  subnet 1, private  subnet1, EIP NAT  , EC2 각 1개 확인 해보자



1) VPC 구축됨.




2) Subnet이 4개 구축됨

Public 2 , Private 2개  구축됨.



3) Route Table 이 2개 생성됨

IGW route table

NAT route table




4) IGW도 자동 생성됨




5) EIP도 자동 생성됨



6) NAT도 자동 생성됨






브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari