CloudFormation公式サンプルを読解する
自分がCloudFormationでEC2とかをセットアップしたくて公式のサンプルをとりあえず参考にしようと読み始めて調べたこと疑問に思ったことをただ書いています。
役に立てば幸いです。
公式が提供しているサンプルテンプレート
サンプルテンプレート
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS CloudFormation Sample Template LAMP_Single_Instance: Create a LAMP stack
using a single EC2 instance and a local MySQL database for storage. This
template demonstrates using the AWS CloudFormation bootstrap scripts to
install the packages and files necessary to deploy the Apache web server, PHP
and MySQL at instance launch time. **WARNING** This template creates an Amazon
EC2 instance. You will be billed for the AWS resources used if you create a
stack from this template.
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: must be the name of an existing EC2 KeyPair.
DBName:
Default: MyDatabase
Description: MySQL database name
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
DBUser:
NoEcho: 'true'
Description: Username for MySQL database access
Type: String
MinLength: '1'
MaxLength: '16'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
ConstraintDescription: must begin with a letter and contain only alphanumeric characters.
DBPassword:
NoEcho: 'true'
Description: Password for MySQL database access
Type: String
MinLength: '1'
MaxLength: '41'
AllowedPattern: '[a-zA-Z0-9]*'
ConstraintDescription: must contain only alphanumeric characters.
DBRootPassword:
NoEcho: 'true'
Description: Root password for MySQL
Type: String
MinLength: '1'
MaxLength: '41'
AllowedPattern: '[a-zA-Z0-9]*'
ConstraintDescription: must contain only alphanumeric characters.
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.small
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- g2.2xlarge
- g2.8xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- d2.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- hi1.4xlarge
- hs1.8xlarge
- cr1.8xlarge
- cc2.8xlarge
- cg1.4xlarge
ConstraintDescription: must be a valid EC2 instance type.
SSHLocation:
Description: ' The IP address range that can be used to SSH to the EC2 instances'
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
Mappings:
AWSInstanceType2Arch:
t1.micro:
Arch: HVM64
t2.nano:
Arch: HVM64
t2.micro:
Arch: HVM64
t2.small:
Arch: HVM64
t2.medium:
Arch: HVM64
t2.large:
Arch: HVM64
m1.small:
Arch: HVM64
m1.medium:
Arch: HVM64
m1.large:
Arch: HVM64
m1.xlarge:
Arch: HVM64
m2.xlarge:
Arch: HVM64
m2.2xlarge:
Arch: HVM64
m2.4xlarge:
Arch: HVM64
m3.medium:
Arch: HVM64
m3.large:
Arch: HVM64
m3.xlarge:
Arch: HVM64
m3.2xlarge:
Arch: HVM64
m4.large:
Arch: HVM64
m4.xlarge:
Arch: HVM64
m4.2xlarge:
Arch: HVM64
m4.4xlarge:
Arch: HVM64
m4.10xlarge:
Arch: HVM64
c1.medium:
Arch: HVM64
c1.xlarge:
Arch: HVM64
c3.large:
Arch: HVM64
c3.xlarge:
Arch: HVM64
c3.2xlarge:
Arch: HVM64
c3.4xlarge:
Arch: HVM64
c3.8xlarge:
Arch: HVM64
c4.large:
Arch: HVM64
c4.xlarge:
Arch: HVM64
c4.2xlarge:
Arch: HVM64
c4.4xlarge:
Arch: HVM64
c4.8xlarge:
Arch: HVM64
g2.2xlarge:
Arch: HVMG2
g2.8xlarge:
Arch: HVMG2
r3.large:
Arch: HVM64
r3.xlarge:
Arch: HVM64
r3.2xlarge:
Arch: HVM64
r3.4xlarge:
Arch: HVM64
r3.8xlarge:
Arch: HVM64
i2.xlarge:
Arch: HVM64
i2.2xlarge:
Arch: HVM64
i2.4xlarge:
Arch: HVM64
i2.8xlarge:
Arch: HVM64
d2.xlarge:
Arch: HVM64
d2.2xlarge:
Arch: HVM64
d2.4xlarge:
Arch: HVM64
d2.8xlarge:
Arch: HVM64
hi1.4xlarge:
Arch: HVM64
hs1.8xlarge:
Arch: HVM64
cr1.8xlarge:
Arch: HVM64
cc2.8xlarge:
Arch: HVM64
AWSInstanceType2NATArch:
t1.micro:
Arch: NATHVM64
t2.nano:
Arch: NATHVM64
t2.micro:
Arch: NATHVM64
t2.small:
Arch: NATHVM64
t2.medium:
Arch: NATHVM64
t2.large:
Arch: NATHVM64
m1.small:
Arch: NATHVM64
m1.medium:
Arch: NATHVM64
m1.large:
Arch: NATHVM64
m1.xlarge:
Arch: NATHVM64
m2.xlarge:
Arch: NATHVM64
m2.2xlarge:
Arch: NATHVM64
m2.4xlarge:
Arch: NATHVM64
m3.medium:
Arch: NATHVM64
m3.large:
Arch: NATHVM64
m3.xlarge:
Arch: NATHVM64
m3.2xlarge:
Arch: NATHVM64
m4.large:
Arch: NATHVM64
m4.xlarge:
Arch: NATHVM64
m4.2xlarge:
Arch: NATHVM64
m4.4xlarge:
Arch: NATHVM64
m4.10xlarge:
Arch: NATHVM64
c1.medium:
Arch: NATHVM64
c1.xlarge:
Arch: NATHVM64
c3.large:
Arch: NATHVM64
c3.xlarge:
Arch: NATHVM64
c3.2xlarge:
Arch: NATHVM64
c3.4xlarge:
Arch: NATHVM64
c3.8xlarge:
Arch: NATHVM64
c4.large:
Arch: NATHVM64
c4.xlarge:
Arch: NATHVM64
c4.2xlarge:
Arch: NATHVM64
c4.4xlarge:
Arch: NATHVM64
c4.8xlarge:
Arch: NATHVM64
g2.2xlarge:
Arch: NATHVMG2
g2.8xlarge:
Arch: NATHVMG2
r3.large:
Arch: NATHVM64
r3.xlarge:
Arch: NATHVM64
r3.2xlarge:
Arch: NATHVM64
r3.4xlarge:
Arch: NATHVM64
r3.8xlarge:
Arch: NATHVM64
i2.xlarge:
Arch: NATHVM64
i2.2xlarge:
Arch: NATHVM64
i2.4xlarge:
Arch: NATHVM64
i2.8xlarge:
Arch: NATHVM64
d2.xlarge:
Arch: NATHVM64
d2.2xlarge:
Arch: NATHVM64
d2.4xlarge:
Arch: NATHVM64
d2.8xlarge:
Arch: NATHVM64
hi1.4xlarge:
Arch: NATHVM64
hs1.8xlarge:
Arch: NATHVM64
cr1.8xlarge:
Arch: NATHVM64
cc2.8xlarge:
Arch: NATHVM64
AWSRegionArch2AMI:
us-east-1:
HVM64: ami-0080e4c5bc078760e
HVMG2: ami-0aeb704d503081ea6
us-west-2:
HVM64: ami-01e24be29428c15b2
HVMG2: ami-0fe84a5b4563d8f27
us-west-1:
HVM64: ami-0ec6517f6edbf8044
HVMG2: ami-0a7fc72dc0e51aa77
eu-west-1:
HVM64: ami-08935252a36e25f85
HVMG2: ami-0d5299b1c6112c3c7
eu-west-2:
HVM64: ami-01419b804382064e4
HVMG2: NOT_SUPPORTED
eu-west-3:
HVM64: ami-0dd7e7ed60da8fb83
HVMG2: NOT_SUPPORTED
eu-central-1:
HVM64: ami-0cfbf4f6db41068ac
HVMG2: ami-0aa1822e3eb913a11
eu-north-1:
HVM64: ami-86fe70f8
HVMG2: ami-32d55b4c
ap-northeast-1:
HVM64: ami-00a5245b4816c38e6
HVMG2: ami-09d0e0e099ecabba2
ap-northeast-2:
HVM64: ami-00dc207f8ba6dc919
HVMG2: NOT_SUPPORTED
ap-northeast-3:
HVM64: ami-0b65f69a5c11f3522
HVMG2: NOT_SUPPORTED
ap-southeast-1:
HVM64: ami-05b3bcf7f311194b3
HVMG2: ami-0e46ce0d6a87dc979
ap-southeast-2:
HVM64: ami-02fd0b06f06d93dfc
HVMG2: ami-0c0ab057a101d8ff2
ap-south-1:
HVM64: ami-0ad42f4f66f6c1cc9
HVMG2: ami-0244c1d42815af84a
us-east-2:
HVM64: ami-0cd3dfa4e37921605
HVMG2: NOT_SUPPORTED
ca-central-1:
HVM64: ami-07423fb63ea0a0930
HVMG2: NOT_SUPPORTED
sa-east-1:
HVM64: ami-05145e0b28ad8e0b2
HVMG2: NOT_SUPPORTED
cn-north-1:
HVM64: ami-053617c9d818c1189
HVMG2: NOT_SUPPORTED
cn-northwest-1:
HVM64: ami-0f7937761741dc640
HVMG2: NOT_SUPPORTED
Resources:
WebServerInstance:
Type: 'AWS::EC2::Instance'
Metadata:
'AWS::CloudFormation::Init':
configSets:
InstallAndRun:
- Install
- Configure
Install:
packages:
yum:
mysql: []
mysql-server: []
mysql-libs: []
httpd: []
php: []
php-mysql: []
files:
/var/www/html/index.php:
content: !Join
- ''
- - |
<html>
- |2
<head>
- |2
<title>AWS CloudFormation PHP Sample</title>
- |2
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
- |2
</head>
- |2
<body>
- |2
<h1>Welcome to the AWS CloudFormation PHP Sample</h1>
- |2
<p/>
- |2
<?php
- |2
// Print out the current data and time
- |2
print "The Current Date and Time is: <br/>";
- |2
print date("g:i A l, F j Y.");
- |2
?>
- |2
<p/>
- |2
<?php
- |2
// Setup a handle for CURL
- |2
$curl_handle=curl_init();
- |2
curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,2);
- |2
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
- |2
// Get the hostname of the intance from the instance metadata
- |2
curl_setopt($curl_handle,CURLOPT_URL,'http://169.254.169.254/latest/meta-data/public-hostname');
- |2
$hostname = curl_exec($curl_handle);
- |2
if (empty($hostname))
- |2
{
- |2
print "Sorry, for some reason, we got no hostname back <br />";
- |2
}
- |2
else
- |2
{
- |2
print "Server = " . $hostname . "<br />";
- |2
}
- |2
// Get the instance-id of the intance from the instance metadata
- |2
curl_setopt($curl_handle,CURLOPT_URL,'http://169.254.169.254/latest/meta-data/instance-id');
- |2
$instanceid = curl_exec($curl_handle);
- |2
if (empty($instanceid))
- |2
{
- |2
print "Sorry, for some reason, we got no instance id back <br />";
- |2
}
- |2
else
- |2
{
- |2
print "EC2 instance-id = " . $instanceid . "<br />";
- |2
}
- |2
$Database = "localhost";
- ' $DBUser = "'
- !Ref DBUser
- |
";
- ' $DBPassword = "'
- !Ref DBPassword
- |
";
- |2
print "Database = " . $Database . "<br />";
- |2
$dbconnection = mysql_connect($Database, $DBUser, $DBPassword)
- |2
or die("Could not connect: " . mysql_error());
- |2
print ("Connected to $Database successfully");
- |2
mysql_close($dbconnection);
- |2
?>
- |2
<h2>PHP Information</h2>
- |2
<p/>
- |2
<?php
- |2
phpinfo();
- |2
?>
- |2
</body>
- |
</html>
mode: '000600'
owner: apache
group: apache
/tmp/setup.mysql:
content: !Join
- ''
- - 'CREATE DATABASE '
- !Ref DBName
- |
;
- 'GRANT ALL ON '
- !Ref DBName
- .* TO '
- !Ref DBUser
- '''@localhost IDENTIFIED BY '''
- !Ref DBPassword
- |
';
mode: '000400'
owner: root
group: root
/etc/cfn/cfn-hup.conf:
content: !Join
- ''
- - |
[main]
- stack=
- !Ref 'AWS::StackId'
- |+
- region=
- !Ref 'AWS::Region'
- |+
mode: '000400'
owner: root
group: root
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Join
- ''
- - |
[cfn-auto-reloader-hook]
- |
triggers=post.update
- >
path=Resources.WebServerInstance.Metadata.AWS::CloudFormation::Init
- 'action=/opt/aws/bin/cfn-init -v '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerInstance '
- ' --configsets InstallAndRun '
- ' --region '
- !Ref 'AWS::Region'
- |+
- |
runas=root
mode: '000400'
owner: root
group: root
services:
sysvinit:
mysqld:
enabled: 'true'
ensureRunning: 'true'
httpd:
enabled: 'true'
ensureRunning: 'true'
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- /etc/cfn/cfn-hup.conf
- /etc/cfn/hooks.d/cfn-auto-reloader.conf
Configure:
commands:
01_set_mysql_root_password:
command: !Join
- ''
- - mysqladmin -u root password '
- !Ref DBRootPassword
- ''''
test: !Join
- ''
- - '$(mysql '
- !Ref DBName
- ' -u root --password='''
- !Ref DBRootPassword
- ''' >/dev/null 2>&1 </dev/null); (( $? != 0 ))'
02_create_database:
command: !Join
- ''
- - mysql -u root --password='
- !Ref DBRootPassword
- ''' < /tmp/setup.mysql'
test: !Join
- ''
- - '$(mysql '
- !Ref DBName
- ' -u root --password='''
- !Ref DBRootPassword
- ''' >/dev/null 2>&1 </dev/null); (( $? != 0 ))'
Properties:
ImageId: !FindInMap
- AWSRegionArch2AMI
- !Ref 'AWS::Region'
- !FindInMap
- AWSInstanceType2Arch
- !Ref InstanceType
- Arch
InstanceType: !Ref InstanceType
SecurityGroups:
- !Ref WebServerSecurityGroup
KeyName: !Ref KeyName
UserData: !Base64
'Fn::Join':
- ''
- - |
#!/bin/bash -xe
- |
yum update -y aws-cfn-bootstrap
- |
# Install the files and packages from the metadata
- '/opt/aws/bin/cfn-init -v '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerInstance '
- ' --configsets InstallAndRun '
- ' --region '
- !Ref 'AWS::Region'
- |+
- |
# Signal the status from cfn-init
- '/opt/aws/bin/cfn-signal -e $? '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerInstance '
- ' --region '
- !Ref 'AWS::Region'
- |+
CreationPolicy:
ResourceSignal:
Timeout: PT5M
WebServerSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref SSHLocation
Outputs:
WebsiteURL:
Description: URL for newly created LAMP stack
Value: !Join
- ''
- - 'http://'
- !GetAtt
- WebServerInstance
- PublicDnsName
解説
Parameters
言葉通りテンプレートに対しての引数のような定義で、スタックを作成する際にここで宣言されている変数への設定値を入力するよう要求される。
AWS::CloudFormation::Init
Metadeta配下の宣言で、そもそもAWS::EC2::Instanceのドキュメントに書かれてなかったのでなんじゃそらと混乱した。
Metadata自体はドキュメントを斜め読みしただけなのでおよそ全く意味は理解できていない。
この宣言はInitスクリプト的なものを定義出来るみたいで、ただその構造はまずコマンドを宣言してからコマンド別に実行したい内容を定義してからそれを呼ぶような書き方をする。
サンプルでも複数行にまたがる処理を書いていて、必要なソフトウェアのインストールやサービスの有効化とかしていた。このサンプルだけでも応用には困らなさそうに感じている。
!FindInMap
記号から始まる記述でPHP的だなとか思いながらどこからFindするんだとドキュメントにはMappingsなる宣言がありそこで変数名とその実態となる辞書を定義しているとのことだった。
記述全体がインスタンスタイプの宣言で長くてパッと見で見つけられなくてちょっと焦った。
!Ref
端的に引数に指定したリソース(Resourcesで宣言した論理名)から物理IDを取ってくる。
詳しくはドキュメントを見た方が良いけど、EC2ならインスタンスIDとかElastic IPならIPアドレスとか識別子的なものが返却される。
Fn::Join
子要素を一行の文字列に連結するみたいなんだけどドキュメントを読んでも要領がわからなかった。
サンプルでは複数行にまたがるInitスクリプトの定義や設定ファイルの定義を行連結する為に使っている。改行文字とかの代わりか。
Outputs
コンソールに出力する内容を定義する。
このサンプルではスタック作成後にコンソールにサービスのURLを出力している。
単純なことだけなのとドキュメントも説明だけだといまいちわからない。
出力先にS3とか使えるのかなとか、コマンドラインからCloudFormation実行したら手元のターミナルにそれ出力されるのかなとか知りたい。
!GetAtt
手っ取り早く先にドキュメント。
Refと異なりIDを返却するんじゃなくて、対象の属性、自分の言葉で言えばパラメータか設定値かのキー名から取れる。
定義済みのインスタンスから細かい情報とって来て分岐するようなの書けるのかなと理解している。