brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Nov 03. 2019

 20탄-CF-Pub1,pri1,nat1,ec2 1대

<1> 문제점

<2> 개선방향

<3> 사용법

<4> 생성 완료된 내용 확인




<1> 문제점


기존에 웹 콘솔로 신규 vpc와 subnet, nat,EC2  구축하는데 2시간이 걸렸다.




<2> 개선방향


cloudformation으로  10분 안에 만들어보자




<3> 사용법


1. cloudformation   > create stack







2. 파일 업로드해서 구축한다.


public  subnet 1, private  subnet1, EIP , NAT  , EC2 각 1개씩  구성을 해보자.



Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.


Resources:

  CloudNetaVPC:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.0.0.0/16

     EnableDnsSupport: true

     EnableDnsHostnames: true

     Tags:

        - Key: Name

          Value: CloudNeta-VPC


  CloudNetaIGW:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: CloudNeta-IGW


  CloudNetaIGWAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref CloudNetaIGW

      VpcId: !Ref CloudNetaVPC


  CloudNetaPublicRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref CloudNetaVPC

      Tags:

        - Key: Name

          Value: CloudNeta-Public-RT


  DefaultPublicRoute:

    Type: AWS::EC2::Route

    DependsOn: CloudNetaIGWAttachment

    Properties:

      RouteTableId: !Ref CloudNetaPublicRT

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref CloudNetaIGW


  CloudNetaPrivateRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref CloudNetaVPC

      Tags:

        - Key: Name

          Value: CloudNeta-Private-RT


  CloudNetaPublicSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref CloudNetaVPC

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.0.0.0/24

      Tags:

        - Key: Name

          Value: CloudNeta-Public-SN


  CloudNetaPrivateSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref CloudNetaVPC

      AvailabilityZone: !Select [ 2, !GetAZs '' ]

      CidrBlock: 10.0.1.0/24

      Tags:

        - Key: Name

          Value: CloudNeta-Private-SN


  CloudNetaPublicSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref CloudNetaPublicRT

      SubnetId: !Ref CloudNetaPublicSN


  CloudNetaPrivateSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref CloudNetaPrivateRT

      SubnetId: !Ref CloudNetaPrivateSN


  CloudNetaSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

      VpcId: !Ref CloudNetaVPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0


  CloudNetaPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: CloudNeta-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref CloudNetaPublicSN

          GroupSet:

          - !Ref CloudNetaSecurityGroup

          AssociatePublicIpAddress: true

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

            IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

            yum install -y httpd

            service httpd start

            chkconfig httpd on

            echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html


  CloudNetaPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: CloudNeta-Private-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref CloudNetaPrivateSN

          GroupSet:

          - !Ref CloudNetaSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "q222"

            echo "q222"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart





3

참고


CloudFormation 템플릿 전체 모여진곳

https://docs.aws.amazon.com/ko_kr/AWSCloudFormation/latest/UserGuide/cfn-sample-templates.html




4

참고 사이트

https://github.com/PacktPublishing/AWS-Networking-Cookbook/blob/master/Chapter05/CFT-vpc1.json



public  subnet 1, private  subnet1, EIP NAT  , EC2 각 1개씩  구성을 해보자.



진행상태를 확인할 수 있다.




생성 완료를 확인하자.








<4> 생성 완료된 내용 확인


public  subnet 1, private  subnet1, EIP NAT  , EC2 각 1개 확인 해보자



1) VPC 구축됨.




2) Subnet이 4개 구축됨

Public 2 , Private 2개  구축됨.



3) Route Table 이 2개 생성됨

IGW route table

NAT route table




4) IGW도 자동 생성됨




5) EIP도 자동 생성됨



6) NAT도 자동 생성됨






매거진의 이전글 527. Cloudformation ALB추가
브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari