기존에 웹 콘솔로 신규 vpc와 subnet, nat,EC2 구축하는데 2시간이 걸렸다.
cloudformation으로 10분 안에 만들어보자
1. cloudformation > create stack
2. 파일 업로드해서 구축한다.
public subnet 1, private subnet1, EIP , NAT , EC2 각 1개씩 구성을 해보자.
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Resources:
CloudNetaVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: CloudNeta-VPC
CloudNetaIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: CloudNeta-IGW
CloudNetaIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref CloudNetaIGW
VpcId: !Ref CloudNetaVPC
CloudNetaPublicRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref CloudNetaVPC
Tags:
- Key: Name
Value: CloudNeta-Public-RT
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: CloudNetaIGWAttachment
Properties:
RouteTableId: !Ref CloudNetaPublicRT
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref CloudNetaIGW
CloudNetaPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref CloudNetaVPC
Tags:
- Key: Name
Value: CloudNeta-Private-RT
CloudNetaPublicSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CloudNetaVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: 10.0.0.0/24
Tags:
- Key: Name
Value: CloudNeta-Public-SN
CloudNetaPrivateSN:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CloudNetaVPC
AvailabilityZone: !Select [ 2, !GetAZs '' ]
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: CloudNeta-Private-SN
CloudNetaPublicSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CloudNetaPublicRT
SubnetId: !Ref CloudNetaPublicSN
CloudNetaPrivateSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CloudNetaPrivateRT
SubnetId: !Ref CloudNetaPrivateSN
CloudNetaSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable HTTP access via port 80 and SSH access via port 22 and ICMP
VpcId: !Ref CloudNetaVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: 0.0.0.0/0
CloudNetaPublicEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0094965d55b3bb1ff
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: CloudNeta-Public-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref CloudNetaPublicSN
GroupSet:
- !Ref CloudNetaSecurityGroup
AssociatePublicIpAddress: true
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
IP=`curl -s http://169.254.169.254/latest/meta-data/local-ipv4`
yum install -y httpd
service httpd start
chkconfig httpd on
echo "<html><h1>Hello from Web Server - Region ( "$AZ" ) - Private IP ( "$IP" )</h1></html>" > /var/www/html/index.html
CloudNetaPrivateEC2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0094965d55b3bb1ff
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: CloudNeta-Private-EC2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref CloudNetaPrivateSN
GroupSet:
- !Ref CloudNetaSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
(
echo "q222"
echo "q222"
) | passwd --stdin root
sed -i "s/^PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PermitRootLogin yes/PermitRootLogin yes/g" /etc/ssh/sshd_config
service sshd restart
3
참고
CloudFormation 템플릿 전체 모여진곳
https://docs.aws.amazon.com/ko_kr/AWSCloudFormation/latest/UserGuide/cfn-sample-templates.html
4
참고 사이트
https://github.com/PacktPublishing/AWS-Networking-Cookbook/blob/master/Chapter05/CFT-vpc1.json
public subnet 1, private subnet1, EIP , NAT , EC2 각 1개씩 구성을 해보자.
진행상태를 확인할 수 있다.
생성 완료를 확인하자.
public subnet 1, private subnet1, EIP , NAT , EC2 각 1개 확인 해보자
1) VPC 구축됨.
2) Subnet이 4개 구축됨
Public 2 , Private 2개 구축됨.
3) Route Table 이 2개 생성됨
IGW route table
NAT route table
4) IGW도 자동 생성됨
5) EIP도 자동 생성됨
6) NAT도 자동 생성됨