はじめに
AWS CloudFormationにより、AWSにVPCを作成するサンプルです。
VPC内にpublic及びprivateサブネット類を作成し、ついでにt2.nanoでテスト用のECインスタンスを作成するCloudFormationのサンプルです。
参考サイト
以下のページを参考にさせて頂きました。ありがとうございます。
http://qiita.com/takachan/items/92f47356c0a085c49821
http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_Subnets.html
http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
http://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html#RouteTables
CloudFormationテンプレートとCloudFormationスタック作成手順
(1) CloudFormationスタック作成画面の[Select Template]画面でCloudFormationテンプレートを作成してアップロードする。
AWSマネジメントコンソールにログインします。
[CloudFormation]をクリックします。
[CloudFormation]画面が表示されます。
[Create Srack]をクリックします。
CloudFormationスタックを作成出来る[Select Template]画面が表示されます。
[Choose a template]で[Upload a template to Amazon S3]をクリックします。
後述のCloudFormationテンプレート[create-example-vpc-stack.json]を記載したファイル[create-example-vpc-stack.json.txt]を作成します。
[Upload a template to Amazon S3]で作成した[create-example-vpc-stack.json.txt]ファイルを選択してアップロードします。
CloudFormationテンプレートをアップロードしたら、[Next]をクリックします。
create-example-vpc-stack.json
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Create AWS CloudFormation Customize Virtual Private Cloud",
"Parameters" : {
"VpcName": {
"Description" : "Please input VPC name.",
"Type": "String",
"Default" : "example-vpc",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcCidrBlock" : {
"Type" : "String",
"Description" : "Please input an IP range in VPC.",
"Default" : "10.0.0.0/16",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/16",
"ConstraintDescription": ""
},
"VpcSubnetNamePublic1a": {
"Description" : "Please input the subnet name of example-vpc-public-subnet-1a.",
"Type": "String",
"Default" : "example-vpc-public-subnet-1a",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPublic1a" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-public-subnet-1a.",
"Default" : "10.0.3.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"VpcSubnetNamePublic1c": {
"Description" : "Please input the subnet name of example-vpc-public-subnet-1c.",
"Type": "String",
"Default" : "example-vpc-public-subnet-1c",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPublic1c" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-public-subnet-1c.",
"Default" : "10.0.4.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"VpcSubnetNamePrivate1a": {
"Description" : "Please input the subnet name of example-vpc-private-subnet-1a.",
"Type": "String",
"Default" : "example-vpc-private-subnet-1a",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPrivate1a" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-private-subnet-1a.",
"Default" : "10.0.1.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"VpcSubnetNamePrivate1c": {
"Description" : "Please input the subnet name of private-subnet-1c.",
"Type": "String",
"Default" : "example-vpc-private-subnet-1c",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPrivate1c" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-private-subnet-1c.",
"Default" : "10.0.2.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"InternetGatewayName": {
"Description" : "Please input the name of Internet Gateway.",
"Type": "String",
"Default" : "example-vpc-igw",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"InstanceType" : {
"Description" : "EC2 instance type",
"Type" : "String",
"Default" : "t2.nano",
"AllowedValues" : [ "t1.micro","t2.nano","t2.micro","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","m3.xlarge","m3.2xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"NameTags" : {
"Description" : "EC2 instance Name Tags",
"Type" : "String",
"Default" : "example-vpc-server",
"AllowedPattern" : "[\\x20-\\x7E]*",
"ConstraintDescription" : "must be a valid EC2 instance Name Tags."
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "String",
"MinLength": "1",
"MaxLength": "255",
"Default": "example-keypair",
"AllowedPattern" : "[\\x20-\\x7E]*",
"ConstraintDescription" : "can contain only ASCII characters."
},
"SSHLocation" : {
"Description" : " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "10.0.0.0/16",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings" : {},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : { "Ref" : "VpcCidrBlock" },
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcName" } }
]
}
},
"SubnetPublic1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPublic1a" },
"MapPublicIpOnLaunch" : true,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePublic1a" } }
]
}
},
"SubnetPublic1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1c",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPublic1c" },
"MapPublicIpOnLaunch" : true,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePublic1c" } }
]
}
},
"SubnetPrivate1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPrivate1a" },
"MapPublicIpOnLaunch" : false,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePrivate1a" } }
]
}
},
"SubnetPrivate1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1c",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPrivate1c" },
"MapPublicIpOnLaunch" : false,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePrivate1c" } }
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "InternetGatewayName" } }
]
}
},
"GatewayToInternet" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"InternetGatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" }
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicSubnetRouteTableAssociatio1a" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1a" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation1c" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1c" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicNetworkAcl" : {
"Type" : "AWS::EC2::NetworkAcl",
"Properties" : {
"VpcId" : { "Ref" : "VPC" }
}
},
"PublicNetworkAclEntry" : {
"Type" : "AWS::EC2::NetworkAclEntry",
"Properties" : {
"CidrBlock" : { "Ref" : "VpcCidrBlock" },
"Egress" : "true",
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
"Protocol" : "-1",
"RuleAction" : "allow",
"RuleNumber" : "100"
}
},
"PublicSubnetNetworkAclAssociatio1a" : {
"Type" : "AWS::EC2::SubnetNetworkAclAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1a" },
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
}
},
"PublicSubnetNetworkAclAssociatio1c" : {
"Type" : "AWS::EC2::SubnetNetworkAclAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1c" },
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
}
},
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"} }
]
}
},
"EC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : "ami-03cf3903",
"SecurityGroupIds" : [
{ "Ref" : "InstanceSecurityGroup" }
],
"SubnetId" : { "Ref" : "SubnetPrivate1a" },
"InstanceType" : { "Ref" : "InstanceType" },
"KeyName" : { "Ref" : "KeyName" },
"Tags" : [
{ "Key" : "Application", "Value" : "string" },
{ "Key" : "Name", "Value" : { "Ref" : "NameTags"} }
]
}
}
},
"Outputs" : {}
}
(2) [Specify Details]画面でCloudFormationスタックのパラメータを指定する。
[Specify Details]画面が表示されます。
[Select Template]画面でアップロードしたCloudFormationテンプレートで、CloudFormationスタックを作成します。
Stack Nameに適当なスタック名を入力します。仮に[create-example-vpc-stack]と入力します。
CloudFormationスタックの[Parameter]を指定します。
[KeyName]パラメータにはEC2インスタンスにsshログインする時のKeyPair名を指定します。
それ以外のパラメータにはデフォルト値を設定しています。デフォルトのままでよければ、そのまま[Next]をクリックします。
(3) [Option]画面で[Next]をクリック。
[Option]画面が表示されます。
デフォルトのまま[Next]をクリックします。
(4) [Review]画面で[Next]をクリック。
[Review]画面が表示されます。
[Review]画面で[Create]をクリックして、CloudFormationスタックを作成します。
これにより、VPCやサブネットやEC2インスタンスの作成が開始されます。
(5) VPCやサブネットやEC2インスタンスが作成される事を確認する。
作成したCloudFoamationスタックのStatusが「CREATE_COMPLETE」になれば、CloudFormationによるVPC作成は完了です。
CloudFoamationスタックのパラメータをデフォルトで作成した場合、以下のようなVPCやインスタンスが作成されます。
VPCとサブネットとEC2インスタンスが作成されている事を確認します。
・example-vpc
・example-vpc-public-subnet-1a
・example-vpc-public-subnet-1c
・example-vpc-private-subnet-1a
・example-vpc-private-subnet-1c
・example-vpc-server
参考情報
もしCloudFormationでNAT Gatewayまで一緒に作成したい場合、以下のテンプレートを使用します。
ResourcesセクションのTypeの「AWS::EC2::NatGateway」でNAT Gatewayを作成、Typeの「AWS::EC2::EIP」でNAT Gateway用にEIPを割り当てます。
create-example-vpc-stack2.json
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Create AWS CloudFormation Customize Virtual Private Cloud",
"Parameters" : {
"VpcName": {
"Description" : "Please input VPC name.",
"Type": "String",
"Default" : "example-vpc",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcCidrBlock" : {
"Type" : "String",
"Description" : "Please input an IP range in VPC.",
"Default" : "10.0.0.0/16",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/16",
"ConstraintDescription": ""
},
"VpcSubnetNamePublic1a": {
"Description" : "Please input the subnet name of example-vpc-public-subnet-1a.",
"Type": "String",
"Default" : "example-vpc-public-subnet-1a",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPublic1a" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-public-subnet-1a.",
"Default" : "10.0.3.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"VpcSubnetNamePublic1c": {
"Description" : "Please input the subnet name of example-vpc-public-subnet-1c.",
"Type": "String",
"Default" : "example-vpc-public-subnet-1c",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPublic1c" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-public-subnet-1c.",
"Default" : "10.0.4.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"VpcSubnetNamePrivate1a": {
"Description" : "Please input the subnet name of example-vpc-private-subnet-1a.",
"Type": "String",
"Default" : "example-vpc-private-subnet-1a",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPrivate1a" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-private-subnet-1a.",
"Default" : "10.0.1.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"VpcSubnetNamePrivate1c": {
"Description" : "Please input the subnet name of private-subnet-1c.",
"Type": "String",
"Default" : "example-vpc-private-subnet-1c",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"VpcSubnetCidrBlockPrivate1c" : {
"Type" : "String",
"Description" : "Please input an IP range in example-vpc-private-subnet-1c.",
"Default" : "10.0.2.0/24",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/24",
"ConstraintDescription": ""
},
"InternetGatewayName": {
"Description" : "Please input the name of Internet Gateway.",
"Type": "String",
"Default" : "example-vpc-igw",
"AllowedPattern" : "[-a-zA-Z0-9]*",
"ConstraintDescription" : ""
},
"InstanceType" : {
"Description" : "EC2 instance type",
"Type" : "String",
"Default" : "t2.nano",
"AllowedValues" : [ "t1.micro","t2.nano","t2.micro","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","m3.xlarge","m3.2xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"NameTags" : {
"Description" : "EC2 instance Name Tags",
"Type" : "String",
"Default" : "example-vpc-server",
"AllowedPattern" : "[\\x20-\\x7E]*",
"ConstraintDescription" : "must be a valid EC2 instance Name Tags."
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "String",
"MinLength": "1",
"MaxLength": "255",
"Default": "example-keypair",
"AllowedPattern" : "[\\x20-\\x7E]*",
"ConstraintDescription" : "can contain only ASCII characters."
},
"SSHLocation" : {
"Description" : " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "10.0.0.0/16",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings" : {},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : { "Ref" : "VpcCidrBlock" },
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcName" } }
]
}
},
"SubnetPublic1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPublic1a" },
"MapPublicIpOnLaunch" : true,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePublic1a" } }
]
}
},
"SubnetPublic1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1c",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPublic1c" },
"MapPublicIpOnLaunch" : true,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePublic1c" } }
]
}
},
"SubnetPrivate1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPrivate1a" },
"MapPublicIpOnLaunch" : false,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePrivate1a" } }
]
}
},
"SubnetPrivate1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : "ap-northeast-1c",
"CidrBlock" : { "Ref" : "VpcSubnetCidrBlockPrivate1c" },
"MapPublicIpOnLaunch" : false,
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "VpcSubnetNamePrivate1c" } }
]
}
},
"VpcNatGatewayPrivate1a" : {
"Type" : "AWS::EC2::NatGateway",
"Properties" : {
"AllocationId" : { "Fn::GetAtt" : ["VpcNatGatewayEipPrivate1a", "AllocationId"] },
"SubnetId" : { "Ref" : "SubnetPublic1a" }
},
"DependsOn" : "VpcNatGatewayEipPrivate1a"
},
"VpcNatGatewayEipPrivate1a" : {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
}
},
"VpcNatGatewayPrivate1c" : {
"Type" : "AWS::EC2::NatGateway",
"Properties" : {
"AllocationId" : { "Fn::GetAtt" : ["VpcNatGatewayEipPrivate1c", "AllocationId"] },
"SubnetId" : { "Ref" : "SubnetPublic1c" }
},
"DependsOn" : "VpcNatGatewayEipPrivate1c"
},
"VpcNatGatewayEipPrivate1c" : {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{ "Key" : "Name", "Value" : { "Ref" : "InternetGatewayName" } }
]
}
},
"GatewayToInternet" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"InternetGatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" }
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicSubnetRouteTableAssociatio1a" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1a" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation1c" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1c" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicNetworkAcl" : {
"Type" : "AWS::EC2::NetworkAcl",
"Properties" : {
"VpcId" : { "Ref" : "VPC" }
}
},
"PublicNetworkAclEntry" : {
"Type" : "AWS::EC2::NetworkAclEntry",
"Properties" : {
"CidrBlock" : { "Ref" : "VpcCidrBlock" },
"Egress" : "true",
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" },
"Protocol" : "-1",
"RuleAction" : "allow",
"RuleNumber" : "100"
}
},
"PublicSubnetNetworkAclAssociatio1a" : {
"Type" : "AWS::EC2::SubnetNetworkAclAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1a" },
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
}
},
"PublicSubnetNetworkAclAssociatio1c" : {
"Type" : "AWS::EC2::SubnetNetworkAclAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetPublic1c" },
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
}
},
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation"} }
]
}
},
"EC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : "ami-03cf3903",
"SecurityGroupIds" : [
{ "Ref" : "InstanceSecurityGroup" }
],
"SubnetId" : { "Ref" : "SubnetPrivate1a" },
"InstanceType" : { "Ref" : "InstanceType" },
"KeyName" : { "Ref" : "KeyName" },
"Tags" : [
{ "Key" : "Application", "Value" : "string" },
{ "Key" : "Name", "Value" : { "Ref" : "NameTags"} }
]
}
}
},
"Outputs" : {}
}
以上になります。