20탄-CF-Pub1,pri1,nat1,ec2 1대

<1> 문제점

<2> 개선방향

<3> 사용법

<4> 생성 완료된 내용 확인

<1> 문제점

기존에 웹 콘솔로 신규 vpc와 subnet, nat,EC2  구축하는데 2시간이 걸렸다.

<2> 개선방향

cloudformation으로  10분 안에 만들어보자

<3> 사용법

1. cloudformation   > create stack

2. 파일 업로드해서 구축한다.

public  subnet 1, private  subnet1, EIP , NAT  , EC2 각 1개씩  구성을 해보자.

3_vpc1-public1-private1-ec2-2ea-endpoint.yaml

Parameters:

  KeyName:

    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter

    Type: AWS::EC2::KeyPair::KeyName

    ConstraintDescription: must be the name of an existing EC2 KeyPair.

Resources:

  CloudNetaVPC:

    Type: AWS::EC2::VPC

    Properties:

     CidrBlock: 10.0.0.0/16

     EnableDnsSupport: true

     EnableDnsHostnames: true

     Tags:

        - Key: Name

          Value: CloudNeta-VPC

  CloudNetaIGW:

    Type: AWS::EC2::InternetGateway

    Properties:

      Tags:

        - Key: Name

          Value: CloudNeta-IGW

  CloudNetaIGWAttachment:

    Type: AWS::EC2::VPCGatewayAttachment

    Properties:

      InternetGatewayId: !Ref CloudNetaIGW

      VpcId: !Ref CloudNetaVPC

  CloudNetaPublicRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref CloudNetaVPC

      Tags:

        - Key: Name

          Value: CloudNeta-Public-RT

  DefaultPublicRoute:

    Type: AWS::EC2::Route

    DependsOn: CloudNetaIGWAttachment

    Properties:

      RouteTableId: !Ref CloudNetaPublicRT

      DestinationCidrBlock: 0.0.0.0/0

      GatewayId: !Ref CloudNetaIGW

  CloudNetaPrivateRT:

    Type: AWS::EC2::RouteTable

    Properties:

      VpcId: !Ref CloudNetaVPC

      Tags:

        - Key: Name

          Value: CloudNeta-Private-RT

  CloudNetaPublicSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref CloudNetaVPC

      AvailabilityZone: !Select [ 0, !GetAZs '' ]

      CidrBlock: 10.0.0.0/24

      Tags:

        - Key: Name

          Value: CloudNeta-Public-SN

  CloudNetaPrivateSN:

    Type: AWS::EC2::Subnet

    Properties:

      VpcId: !Ref CloudNetaVPC

      AvailabilityZone: !Select [ 2, !GetAZs '' ]

      CidrBlock: 10.0.1.0/24

      Tags:

        - Key: Name

          Value: CloudNeta-Private-SN

  CloudNetaPublicSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref CloudNetaPublicRT

      SubnetId: !Ref CloudNetaPublicSN

  CloudNetaPrivateSNRouteTableAssociation:

    Type: AWS::EC2::SubnetRouteTableAssociation

    Properties:

      RouteTableId: !Ref CloudNetaPrivateRT

      SubnetId: !Ref CloudNetaPrivateSN

  CloudNetaSecurityGroup:

    Type: AWS::EC2::SecurityGroup

    Properties:

      GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP

      VpcId: !Ref CloudNetaVPC

      SecurityGroupIngress:

      - IpProtocol: tcp

        FromPort: '80'

        ToPort: '80'

        CidrIp: 0.0.0.0/0

      - IpProtocol: tcp

        FromPort: '22'

        ToPort: '22'

        CidrIp: 0.0.0.0/0

      - IpProtocol: icmp

        FromPort: -1

        ToPort: -1

        CidrIp: 0.0.0.0/0

  CloudNetaPublicEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: CloudNeta-Public-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref CloudNetaPublicSN

          GroupSet:

          - !Ref CloudNetaSecurityGroup

          AssociatePublicIpAddress: true

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`

            IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`

            yum install -y httpd

            service httpd start

            chkconfig httpd on

            echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html

  CloudNetaPrivateEC2:

    Type: AWS::EC2::Instance

    Properties:

      InstanceType: t2.micro

      ImageId: ami-0094965d55b3bb1ff

      KeyName: !Ref KeyName

      Tags:

        - Key: Name

          Value: CloudNeta-Private-EC2

      NetworkInterfaces:

        - DeviceIndex: 0

          SubnetId: !Ref CloudNetaPrivateSN

          GroupSet:

          - !Ref CloudNetaSecurityGroup

      UserData:

        Fn::Base64:

          !Sub |

            #!/bin/bash

            (

            echo "q222"

            echo "q222"

            ) | passwd --stdin root

            sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config

            sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config

            service sshd restart

3

참고

CloudFormation 템플릿 전체 모여진곳

https://docs.aws.amazon.com/ko_kr/AWSCloudFormation/latest/UserGuide/cfn-sample-templates.html

4

참고 사이트

https://github.com/PacktPublishing/AWS-Networking-Cookbook/blob/master/Chapter05/CFT-vpc1.json

public  subnet 1, private  subnet1, EIP , NAT  , EC2 각 1개씩  구성을 해보자.

진행상태를 확인할 수 있다.

생성 완료를 확인하자.

<4> 생성 완료된 내용 확인

public  subnet 1, private  subnet1, EIP , NAT  , EC2 각 1개 확인 해보자

1) VPC 구축됨.

2) Subnet이 4개 구축됨

Public 2 , Private 2개  구축됨.

3) Route Table 이 2개 생성됨

IGW route table

NAT route table

4) IGW도 자동 생성됨

5) EIP도 자동 생성됨

6) NAT도 자동 생성됨