はじめに
検証の度に環境をGUIでスクラッチするのが面倒だと思いまして、よく利用するVPC構成をCFnを利用して構築します。
参考:CloudFormation テンプレートリファレンス
構成イメージ
入力を求められる項目
逐一入力するのも手間なので、デフォルトで入力値が入力されるようになっています。
| パラメータ名 | 内容 | デフォルト名 |
|---|---|---|
| PJName | リソース名 | cfn-vpc-tetutetu |
| VPCCIDR | VPCのCIDR | 10.1.0.0/16 |
| PublicSubnet A | PublicサブネットAのCIDR | 10.1.10.0/24 |
| PublicSubnet C | PublicサブネットCのCIDR | 10.1.20.0/24 |
| PrivateSubnet A | PrivateサブネットAのCIDR | 10.1.100.0/24 |
| PrivateSubnet C | PrivateサブネットCのCIDR | 10.1.200.0/24 |
テンプレート
AWSTemplateFormatVersion: "2010-09-09"
Description:
VPC,Subnet,IGW,RouteTable, Create
Metadata:
"AWS::CloudFormation::Interface":
ParameterGroups:
- Label:
default: "Project Name"
Parameters:
- PJName
- Label:
default: "Network Configuration"
Parameters:
- VPCCIDR
- PublicSubnetACIDR
- PublicSubnetCCIDR
- PrivateSubnetACIDR
- PrivateSubnetCCIDR
ParameterLabels:
VPCCIDR:
default: "VPC CIDR"
PublicSubnetACIDR:
default: "PublicSubnetA CIDR"
PublicSubnetCCIDR:
default: "PublicSubnetC CIDR"
PrivateSubnetACIDR:
default: "PrivateSubnetA CIDR"
PrivateSubnetCCIDR:
default: "PrivateSubnetC CIDR"
# ------------------------------------------------------------#
# Input Parameters
# ------------------------------------------------------------#
Parameters:
PJName:
Type: String
Default: "cfn-vpc-inamura"
VPCCIDR:
Type: String
Default: "10.1.0.0/16"
PublicSubnetACIDR:
Type: String
Default: "10.1.10.0/24"
PublicSubnetCCIDR:
Type: String
Default: "10.1.20.0/24"
PrivateSubnetACIDR:
Type: String
Default: "10.1.100.0/24"
PrivateSubnetCCIDR:
Type: String
Default: "10.1.200.0/24"
Resources:
# ------------------------------------------------------------#
# VPC
# ------------------------------------------------------------#
# VPC Create
VPC:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: !Ref VPCCIDR
EnableDnsSupport: "true"
EnableDnsHostnames: "true"
InstanceTenancy: default
Tags:
- Key: Name
Value: !Sub "${PJName}-vpc"
# InternetGateway Create
InternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: !Sub "${PJName}-igw"
# IGW Attach
InternetGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# ------------------------------------------------------------#
# Subnet
# ------------------------------------------------------------#
# Public SubnetA Create
PublicSubnetA:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1a"
CidrBlock: !Ref PublicSubnetACIDR
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${PJName}-public-subnet-a"
# Public SubnetC Create
PublicSubnetC:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1c"
CidrBlock: !Ref PublicSubnetCCIDR
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${PJName}-public-subnet-c"
# Private SubnetA Create
PrivateSubnetA:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1a"
CidrBlock: !Ref PrivateSubnetACIDR
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${PJName}-private-subnet-a"
# Private SubnetC Create
PrivateSubnetC:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: "ap-northeast-1c"
CidrBlock: !Ref PrivateSubnetCCIDR
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${PJName}-private-subnet-c"
# ------------------------------------------------------------#
# RouteTable
# ------------------------------------------------------------#
# Public RouteTableA Create
PublicRouteTable:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${PJName}-public-route"
# Private RouteTableA Create
PrivateRouteTable:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${PJName}-private-route"
# ------------------------------------------------------------#
# Routing
# ------------------------------------------------------------#
# PublicRouteA Create
PublicRoute:
Type: "AWS::EC2::Route"
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
# ------------------------------------------------------------#
# RouteTable Associate
# ------------------------------------------------------------#
# PublicRouteTable Associate SubnetA
PublicSubnetARouteTableAssociation:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
SubnetId: !Ref PublicSubnetA
RouteTableId: !Ref PublicRouteTable
# PublicRouteTable Associate SubnetC
PublicSubnetCRouteTableAssociation:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
SubnetId: !Ref PublicSubnetC
RouteTableId: !Ref PublicRouteTable
# PrivateRouteTable Associate SubnetA
PrivateSubnetARouteTableAssociation:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
SubnetId: !Ref PrivateSubnetA
RouteTableId: !Ref PrivateRouteTable
# PrivateRouteTable Associate SubnetC
PrivateSubnetCRouteTableAssociation:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
SubnetId: !Ref PrivateSubnetC
RouteTableId: !Ref PrivateRouteTable
# ------------------------------------------------------------#
# Output Parameters
# ------------------------------------------------------------#
Outputs:
# VPC
VPC:
Value: !Ref VPC
Export:
Name: !Sub "${PJName}-vpc"
# Subnet
PublicSubnetA:
Value: !Ref PublicSubnetA
Export:
Name: !Sub "${PJName}-public-subnet-a"
PublicSubnetC:
Value: !Ref PublicSubnetC
Export:
Name: !Sub "${PJName}-public-subnet-c"
PrivateSubnetA:
Value: !Ref PrivateSubnetA
Export:
Name: !Sub "${PJName}-private-subnet-a"
PrivateSubnetC:
Value: !Ref PrivateSubnetC
Export:
Name: !Sub "${PJName}-private-subnet-c"
さいごに
これで逐一スクラッチでVPCをつくる手間から解放されました。
Routing項目とか構築したリソースどうしをアタッチさせたりと、GUIの裏側で行われていることも自分で構築ができるので理解が深まりそうだなという感想です。
まだまだCFn初心者ですが、少しずつリソースをCFnで構築していきたいと思っております。