概要
CloudFormationを用いたNetwork-Security-Serverの作成
構成図
構築されるリソース
・VPC
・Subnet
・Security Group
・Internet Gateway
・RouteTable
・EC2
作業手順
1.Network Layerの作成
2.Security Layerの作成
3.Application Layerの作成
1.Network Layerの作成
テンプレート例
Parameters:
EnvironmentName:
Description: An environment name that is prefixed to resource names
Type: String
Default: hirose-test
VpcCIDR:
Description: Please enter the IP range (CIDR notation) for this VPC
Type: String
Default: 172.17.96.0/20
PublicSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 172.17.96.0/24
PublicSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 172.17.97.0/24
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref EnvironmentName
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Ref EnvironmentName
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
DependsOn: InternetGateway
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [0, !GetAZs ""]
CidrBlock: !Ref PublicSubnet1CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ1)
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [1, !GetAZs ""]
CidrBlock: !Ref PublicSubnet2CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ2)
myRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: hirose-rt
myRoute:
Type: AWS::EC2::Route
DependsOn: myRouteTable
Properties:
RouteTableId: !Ref myRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
mySubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref myRouteTable
Outputs:
myVPC:
Value: !Ref VPC
Export:
Name: VPC-hirose
PublicSubnet1:
Value: !Ref PublicSubnet1
Export:
Name: PubSubName-1a
PublicSubnet2:
Value: !Ref PublicSubnet2
Export:
Name: PubSubName-1c
実際に作成されたリソース(CloudFormationにて)
2.Security Layerの作成
Resources:
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SecurityGroup for EC2
GroupName: SG-hirose
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: SGForEC2
VpcId: !ImportValue VPC-hirose
Outputs:
MySecurityGroup:
Value: !Ref SecurityGroup
Export:
Name: SG-hirose-22
実際に作成されたリソース(CloudFormationにて)
3.Application Layerの作成
Resources:
myEC2Instance:
Type: AWS::EC2::Instance
Properties:
KeyName: awsc-key-285-hirose-01
ImageId: ami-022282eb775c6a4fa
InstanceType: t2.micro
Monitoring: false
SecurityGroupIds:
- # 自身の作成したSecurityGroupID
VpcId: # 自身の作成したVPCID
SubnetId: # 自身の作成したSubnetID
Tags:
- Key: Name
Value: hirose-ec2
myEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref myEC2Instance
実際に作成されたリソース(CloudFormationにて)
Teratermからssh接続確認
Elastic Ip:3.114.70.82
EC2へssh接続完了!
最後に
書籍やWeb動画で構文の基礎知識の理解が概ねできたところで実際に手を動かして、Try&Errorを繰り返した方が理解が早いと感じました。
次回は、テンプレート間の参照を組み込んだIaCの作成を行いたいと思います