■テンプレートの概要
1.AMIからEC2インスタンスを立ち上げる
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Resources:
CreateEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-06a17900f024535fb
#ImageIdは自分のAMI IDに書き換えてください。
InstanceType: t2.micro
2.Parametersを作成し、ref関数を使い参照する
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Parameters:
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
ConstraintDescription: must be a valid EC2 instance type
#Parametersでインスタンスタイプを選択できるようにする。
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-06a17900f024535fb
InstanceType: !Ref InstanceType
#Ref関数でParametersを参照する。
Tags:
- Key: Name
Value: ec2
3.Mappings関数を使い、複数のリージョンの複数のAMIから選択できるようにする
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Parameters:
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
ConstraintDescription: must be a valid EC2 instance type
Mappings:
RegionMap:
ap-northeast-1:
hvm: "ami-06a17900f024535fb"
ap-southeast-1:
hvm: "ami-055a628643638b600"
#Mappings関数を使い、複数のリージョンの複数のAMIから選択できるようにします。東京リージョンとシンガポールリージョンのAMIにそれぞれ置き換えてください。
Description: Create EC2 Instance
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', hvm]
#FindInMap関数でMappings関数からのものを指定する。
InstanceType: !Ref InstanceType
Tags:
- Key: Name
Value: ec2
4.サブネットを指定する
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Parameters:
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
ConstraintDescription: must be a valid EC2 instance type
SubnetId:
Type: String
Default: subnet-0a17e4a1945a371a8
AllowedValues:
- subnet-0a17e4a1945a371a8
- subnet-08a5374d316da6f60
- subnet-0c7bd98f8caa00b15
- subnet-09621152100bbd5f6
ConstraintDescription: must be a valid SbunetID
#自分のサブネットIDを指定してください。
Mappings:
RegionMap:
ap-northeast-1:
hvm: "ami-06a17900f024535fb"
ap-southeast-1:
hvm: "ami-055a628643638b600"
Description: Create EC2 Instance
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', hvm]
InstanceType: !Ref InstanceType
SubnetId: !Ref SubnetId
#Ref関数を指定します。
Tags:
- Key: Name
Value: ec2
5.ストーレージタイプを指定できるようにする
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Parameters:
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
ConstraintDescription: must be a valid EC2 instance type
SubnetId:
Type: String
Default: subnet-0a17e4a1945a371a8
AllowedValues:
- subnet-0a17e4a1945a371a8
- subnet-08a5374d316da6f60
- subnet-0c7bd98f8caa00b15
- subnet-09621152100bbd5f6
ConstraintDescription: must be a valid SbunetID
Mappings:
RegionMap:
ap-northeast-1:
hvm: "ami-06a17900f024535fb"
ap-southeast-1:
hvm: "ami-055a628643638b600"
Description: Create EC2 Instance
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', hvm]
InstanceType: !Ref InstanceType
SubnetId: !Ref SubnetId
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
VolumeSize: 8
#ブロックデバイスを追加しています。もちろんParametersに設定して反映させることも可能です。
Tags:
- Key: Name
Value: ec2
6.セキュリティグループとSSHを選択できるようにする。
AWSTemplateFormatVersion: "2010-09-09"
Description: Create EC2 Instance
Parameters:
InstanceType:
Description: WebServer EC2 instance type
Type: String
Default: t2.micro
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
ConstraintDescription: must be a valid EC2 instance type
SubnetId:
Type: String
Default: subnet-0a17e4a1945a371a8
AllowedValues:
- subnet-0a17e4a1945a371a8
- subnet-08a5374d316da6f60
- subnet-0c7bd98f8caa00b15
- subnet-09621152100bbd5f6
ConstraintDescription: must be a valid SbunetID
KeyName:
Description : Name of an existing EC2 KeyPair.
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription : Can contain only ASCII characters.
#KeyPairを指定する。
SSHLocation:
Description: IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
#SSHを解放する値を指定する。
Mappings:
RegionMap:
ap-northeast-1:
hvm: "ami-06a17900f024535fb"
ap-southeast-1:
hvm: "ami-055a628643638b600"
Description: Create EC2 Instance
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', hvm]
InstanceType: !Ref InstanceType
SubnetId: !Ref SubnetId
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp2
VolumeSize: 8
Tags:
- Key: Name
Value: myInstance
KeyName: !Ref KeyName
#Parametersで指定したKeyNameを指定できるようにする。
SecurityGroupIds:
- !GetAtt "InstanceSecurityGroup.GroupId"
#セキュリティグループは別のリソースになります。ここでは下のInstanceSecurityGroupをSecurityGroupIdsに指定します。
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: connect with ssh
VpcId: vpc-08fbdc5732395adab
#自分のVpcIdに変更してください。
SecurityGroupIngress:
-
IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: !Ref SSHLocation
7.VPCを構築してみる。
AWSTemplateFormatVersion: '2010-09-09'
Description:
VPC & subnet create
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: CloudFormation-VPC
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: CloudFormation-VPC-PublicRT
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: CloudFormation-VPC-PrivateRT
PublicSubnet1A:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.0.0/24
AvailabilityZone: "ap-northeast-1a"
Tags:
- Key: Name
Value: CloudFormation-public-subnet-1a
PubSubnet1ARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1A
RouteTableId: !Ref PublicRouteTable
PublicSubnet1C:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: "ap-northeast-1c"
Tags:
- Key: Name
Value: CloudFormation-public-subnet-1c
PubSubnet1CRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1C
RouteTableId: !Ref PublicRouteTable
PrivateSubnet1A:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: "ap-northeast-1a"
Tags:
- Key: Name
Value: CloudFormation-private-subnet-1a
PriSubnet1ARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1A
RouteTableId: !Ref PrivateRouteTable
PrivateSubnet1C:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.3.0/24
AvailabilityZone: "ap-northeast-1c"
Tags:
- Key: Name
Value: CloudFormation-private-subnet-1c
PriSubnet1CRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1C
RouteTableId: !Ref PrivateRouteTable
myInternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: CloudFormation-ING
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref myInternetGateway
myRoute:
Type: AWS::EC2::Route
DependsOn: myInternetGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref myInternetGateway
Outputs:
StackVPC:
Description: The ID of the VPC
Value: !Ref MyVPC
Export:
Name: !Sub "${AWS::StackName}-VPCID"
StackPublicSubnet1A:
Description: The ID of the VPC Subnet
Value: !Ref PublicSubnet1A
Export:
Name: !Sub "${AWS::StackName}-PublicSubnet1A"
StackPublicSubnet1C:
Description: The ID of the VPC Subnet
Value: !Ref PublicSubnet1C
Export:
Name: !Sub "${AWS::StackName}-PublicSubnet1C"
StackPrivateSubnet1A:
Description: The ID of the VPC Subnet
Value: !Ref PrivateSubnet1A
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet1A"
StackPrivateSubnet1C:
Description: The ID of the VPC Subnet
Value: !Ref PrivateSubnet1C
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet1C"
Outputsで作成したものが以下のようにエクスポートに作成される。
例えばEC2インスタンスを今作成したVPCのサブネットに作成したい場合、
EC2スタックの方に以下の通り記述することで、インポートすることができる。
SubnetId: !ImportValue naata-PublicSubnet1A
このようにいくつかのテンプレートを分けて運用する。