20탄-CF-Pub1,pri1,nat1,ec2 1대

<1> 문제점

<2> 개선방향

<3> 사용법

<4> 생성 완료된 내용 확인

<1> 문제점

기존에 웹 콘솔로 신규 vpc와 subnet, nat,EC2 구축하는데 2시간이 걸렸다.

<2> 개선방향

cloudformation으로 10분 안에 만들어보자

<3> 사용법

1. cloudformation > create stack

2. 파일 업로드해서 구축한다.

public subnet 1, private subnet1, EIP , NAT , EC2 각 1개씩 구성을 해보자.

3_vpc1-public1-private1-ec2-2ea-endpoint.yaml

Parameters:

KeyName:

Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

Type: AWS::EC2::KeyPair::KeyName

ConstraintDescription: must be the name of an existing EC2 KeyPair.

Resources:

CloudNetaVPC:

Type: AWS::EC2::VPC

Properties:

CidrBlock: 10.0.0.0/16

EnableDnsSupport: true

EnableDnsHostnames: true

Tags:

- Key: Name

Value: CloudNeta-VPC

CloudNetaIGW:

Type: AWS::EC2::InternetGateway

Properties:

Tags:

- Key: Name

Value: CloudNeta-IGW

CloudNetaIGWAttachment:

Type: AWS::EC2::VPCGatewayAttachment

Properties:

InternetGatewayId: !Ref CloudNetaIGW

VpcId: !Ref CloudNetaVPC

CloudNetaPublicRT:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref CloudNetaVPC

Tags:

- Key: Name

Value: CloudNeta-Public-RT

DefaultPublicRoute:

Type: AWS::EC2::Route

DependsOn: CloudNetaIGWAttachment

Properties:

RouteTableId: !Ref CloudNetaPublicRT

DestinationCidrBlock: 0.0.0.0/0

GatewayId: !Ref CloudNetaIGW

CloudNetaPrivateRT:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref CloudNetaVPC

Tags:

- Key: Name

Value: CloudNeta-Private-RT

CloudNetaPublicSN:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref CloudNetaVPC

AvailabilityZone: !Select [ 0, !GetAZs '' ]

CidrBlock: 10.0.0.0/24

Tags:

- Key: Name

Value: CloudNeta-Public-SN

CloudNetaPrivateSN:

Type: AWS::EC2::Subnet

Properties:

VpcId: !Ref CloudNetaVPC

AvailabilityZone: !Select [ 2, !GetAZs '' ]

CidrBlock: 10.0.1.0/24

Tags:

- Key: Name

Value: CloudNeta-Private-SN

CloudNetaPublicSNRouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

RouteTableId: !Ref CloudNetaPublicRT

SubnetId: !Ref CloudNetaPublicSN

CloudNetaPrivateSNRouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

RouteTableId: !Ref CloudNetaPrivateRT

SubnetId: !Ref CloudNetaPrivateSN

CloudNetaSecurityGroup:

Type: AWS::EC2::SecurityGroup

Properties:

GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

VpcId: !Ref CloudNetaVPC

SecurityGroupIngress:

- IpProtocol: tcp

FromPort: '80'

ToPort: '80'

CidrIp: 0.0.0.0/0

- IpProtocol: tcp

FromPort: '22'

ToPort: '22'

CidrIp: 0.0.0.0/0

- IpProtocol: icmp

FromPort: -1

ToPort: -1

CidrIp: 0.0.0.0/0

CloudNetaPublicEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: t2.micro

ImageId: ami-0094965d55b3bb1ff

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: CloudNeta-Public-EC2

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref CloudNetaPublicSN

GroupSet:

- !Ref CloudNetaSecurityGroup

AssociatePublicIpAddress: true

UserData:

Fn::Base64:

!Sub |

#!/bin/bash

AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

yum install -y httpd

service httpd start

chkconfig httpd on

echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html

CloudNetaPrivateEC2:

Type: AWS::EC2::Instance

Properties:

InstanceType: t2.micro

ImageId: ami-0094965d55b3bb1ff

KeyName: !Ref KeyName

Tags:

- Key: Name

Value: CloudNeta-Private-EC2

NetworkInterfaces:

- DeviceIndex: 0

SubnetId: !Ref CloudNetaPrivateSN

GroupSet:

- !Ref CloudNetaSecurityGroup

UserData:

Fn::Base64:

!Sub |

#!/bin/bash

(

echo "q222"

echo "q222"

) | passwd --stdin root

sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

service sshd restart

3

참고

CloudFormation 템플릿 전체 모여진곳

https://docs.aws.amazon.com/ko_kr/AWSCloudFormation/latest/UserGuide/cfn-sample-templates.html

4

참고 사이트

https://github.com/PacktPublishing/AWS-Networking-Cookbook/blob/master/Chapter05/CFT-vpc1.json

public subnet 1, private subnet1, EIP , NAT , EC2 각 1개씩 구성을 해보자.

진행상태를 확인할 수 있다.

생성 완료를 확인하자.

<4> 생성 완료된 내용 확인

public subnet 1, private subnet1, EIP , NAT , EC2 각 1개 확인 해보자

1) VPC 구축됨.

2) Subnet이 4개 구축됨

Public 2 , Private 2개 구축됨.

3) Route Table 이 2개 생성됨

IGW route table

NAT route table

4) IGW도 자동 생성됨

5) EIP도 자동 생성됨

6) NAT도 자동 생성됨