個人的な備忘録です。
VPCピアリングとか、TransitGatewayとかってCFnで管理しようとすると急に難しくなる気がするのは私だけでしょうか。。。
その苦手意識を少しでも払しょくするためのお勉強です。
※これらのyamlはオハイオリージョンでデプロイしています。
リージョンが別でも問題は無いと思いますが確認はしていません。
VPC系のデプロイ
stg-env.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'VPC, Subnet, and Internet Gateway CloudFormation Template'
Parameters:
Environment:
Type: String
Default: 'stg'
Description: Environment prefix for resource names
VpcCidr:
Type: String
Default: '10.0.0.0/16'
Description: CIDR block for VPC
PublicSubnetCidr:
Type: String
Default: '10.0.1.0/24'
Description: CIDR block for Public Subnet
Resources:
# VPC
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: !Sub '${Environment}-vpc'
# Internet Gateway
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub '${Environment}-igw'
# IGWをVPCにアタッチ
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref MyInternetGateway
# パブリックサブネット
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: !Ref PublicSubnetCidr
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub '${Environment}-public-subnet'
# ルートテーブル
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: !Sub '${Environment}-public-rtb'
# インターネットへのルート
PublicRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref MyInternetGateway
# サブネットとルートテーブルの関連付け
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
Outputs:
VPCId:
Description: VPC ID
Value: !Ref MyVPC
Export:
Name: !Sub '${Environment}-VPC-ID'
PublicSubnetId:
Description: Public Subnet ID
Value: !Ref PublicSubnet
Export:
Name: !Sub '${Environment}-PublicSubnet-ID'
InternetGatewayId:
Description: Internet Gateway ID
Value: !Ref MyInternetGateway
Export:
Name: !Sub '${Environment}-IGW-ID'
PublicRouteTableId:
Description: Public Route Table ID
Value: !Ref PublicRouteTable
Export:
Name: !Sub '${Environment}-public-rtb-id'
dev-env.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'VPC, Subnet, and Internet Gateway CloudFormation Template for Dev Environment'
Parameters:
Environment:
Type: String
Default: 'dev'
Description: Environment prefix for resource names
VpcCidr:
Type: String
Default: '172.16.0.0/16'
Description: CIDR block for VPC
PublicSubnetCidr:
Type: String
Default: '172.16.1.0/24'
Description: CIDR block for Public Subnet
Resources:
# VPC
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: !Sub '${Environment}-vpc'
# Internet Gateway
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub '${Environment}-igw'
# IGWをVPCにアタッチ
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref MyInternetGateway
# パブリックサブネット
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: !Ref PublicSubnetCidr
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub '${Environment}-public-subnet'
# ルートテーブル
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: !Sub '${Environment}-public-rtb'
# インターネットへのルート
PublicRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref MyInternetGateway
# サブネットとルートテーブルの関連付け
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
Outputs:
VPCId:
Description: VPC ID
Value: !Ref MyVPC
Export:
Name: !Sub '${Environment}-VPC-ID'
PublicSubnetId:
Description: Public Subnet ID
Value: !Ref PublicSubnet
Export:
Name: !Sub '${Environment}-PublicSubnet-ID'
InternetGatewayId:
Description: Internet Gateway ID
Value: !Ref MyInternetGateway
Export:
Name: !Sub '${Environment}-IGW-ID'
PublicRouteTableId:
Description: Public Route Table ID
Value: !Ref PublicRouteTable
Export:
Name: !Sub '${Environment}-public-rtb-id'
prd-env.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'VPC, Subnet, and Internet Gateway CloudFormation Template for Production Environment'
Parameters:
Environment:
Type: String
Default: 'prd'
Description: Environment prefix for resource names
VpcCidr:
Type: String
Default: '192.168.0.0/16'
Description: CIDR block for VPC
PublicSubnetCidr:
Type: String
Default: '192.168.1.0/24'
Description: CIDR block for Public Subnet
Resources:
# VPC
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: !Sub '${Environment}-vpc'
# Internet Gateway
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub '${Environment}-igw'
# IGWをVPCにアタッチ
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref MyVPC
InternetGatewayId: !Ref MyInternetGateway
# パブリックサブネット
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: !Ref PublicSubnetCidr
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub '${Environment}-public-subnet'
# ルートテーブル
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: !Sub '${Environment}-public-rtb'
# インターネットへのルート
PublicRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref MyInternetGateway
# サブネットとルートテーブルの関連付け
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
Outputs:
VPCId:
Description: VPC ID
Value: !Ref MyVPC
Export:
Name: !Sub '${Environment}-VPC-ID'
PublicSubnetId:
Description: Public Subnet ID
Value: !Ref PublicSubnet
Export:
Name: !Sub '${Environment}-PublicSubnet-ID'
InternetGatewayId:
Description: Internet Gateway ID
Value: !Ref MyInternetGateway
Export:
Name: !Sub '${Environment}-IGW-ID'
PublicRouteTableId:
Description: Public Route Table ID
Value: !Ref PublicRouteTable
Export:
Name: !Sub '${Environment}-public-rtb-id'
vpc-peering.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'VPC Peering Configuration for Dev, Stg, and Prd Environments'
Parameters:
DevVpcId:
Type: String
Description: Dev VPC ID
Default: 'vpc-xxxxxxxxx'
StgVpcId:
Type: String
Description: Stg VPC ID
Default: 'vpc-yyyyyyyyy'
PrdVpcId:
Type: String
Description: Prd VPC ID
Default: 'vpc-zzzzzzzzz'
Resources:
# Dev <-> Stg VPC Peering
DevStgPeeringConnection:
Type: AWS::EC2::VPCPeeringConnection
Properties:
VpcId: !Ref DevVpcId
PeerVpcId: !Ref StgVpcId
Tags:
- Key: Name
Value: dev-stg-peering
# Dev <-> Prd VPC Peering
DevPrdPeeringConnection:
Type: AWS::EC2::VPCPeeringConnection
Properties:
VpcId: !Ref DevVpcId
PeerVpcId: !Ref PrdVpcId
Tags:
- Key: Name
Value: dev-prd-peering
# Stg <-> Prd VPC Peering
StgPrdPeeringConnection:
Type: AWS::EC2::VPCPeeringConnection
Properties:
VpcId: !Ref StgVpcId
PeerVpcId: !Ref PrdVpcId
Tags:
- Key: Name
Value: stg-prd-peering
# Dev Route Table - Route to Stg
DevToStgRoute:
Type: AWS::EC2::Route
DependsOn: DevStgPeeringConnection
Properties:
RouteTableId: !ImportValue dev-public-rtb-id
DestinationCidrBlock: '10.0.0.0/16'
VpcPeeringConnectionId: !Ref DevStgPeeringConnection
# Dev Route Table - Route to Prd
DevToPrdRoute:
Type: AWS::EC2::Route
DependsOn: DevPrdPeeringConnection
Properties:
RouteTableId: !ImportValue dev-public-rtb-id
DestinationCidrBlock: '192.168.0.0/16'
VpcPeeringConnectionId: !Ref DevPrdPeeringConnection
# Stg Route Table - Route to Dev
StgToDevRoute:
Type: AWS::EC2::Route
DependsOn: DevStgPeeringConnection
Properties:
RouteTableId: !ImportValue stg-public-rtb-id
DestinationCidrBlock: '172.16.0.0/16'
VpcPeeringConnectionId: !Ref DevStgPeeringConnection
# Stg Route Table - Route to Prd
StgToPrdRoute:
Type: AWS::EC2::Route
DependsOn: StgPrdPeeringConnection
Properties:
RouteTableId: !ImportValue stg-public-rtb-id
DestinationCidrBlock: '192.168.0.0/16'
VpcPeeringConnectionId: !Ref StgPrdPeeringConnection
# Prd Route Table - Route to Dev
PrdToDevRoute:
Type: AWS::EC2::Route
DependsOn: DevPrdPeeringConnection
Properties:
RouteTableId: !ImportValue prd-public-rtb-id
DestinationCidrBlock: '172.16.0.0/16'
VpcPeeringConnectionId: !Ref DevPrdPeeringConnection
# Prd Route Table - Route to Stg
PrdToStgRoute:
Type: AWS::EC2::Route
DependsOn: StgPrdPeeringConnection
Properties:
RouteTableId: !ImportValue prd-public-rtb-id
DestinationCidrBlock: '10.0.0.0/16'
VpcPeeringConnectionId: !Ref StgPrdPeeringConnection
Outputs:
DevStgPeeringConnectionId:
Description: Dev-Stg VPC Peering Connection ID
Value: !Ref DevStgPeeringConnection
Export:
Name: dev-stg-peering-id
DevPrdPeeringConnectionId:
Description: Dev-Prd VPC Peering Connection ID
Value: !Ref DevPrdPeeringConnection
Export:
Name: dev-prd-peering-id
StgPrdPeeringConnectionId:
Description: Stg-Prd VPC Peering Connection ID
Value: !Ref StgPrdPeeringConnection
Export:
Name: stg-prd-peering-id
sgのデプロイ
stg-sg.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Security Group for STG Environment EC2 instances'
Parameters:
Environment:
Type: String
Default: 'stg'
Description: Environment prefix for resource names
VPCId:
Type: String
Description: VPC ID where the security group will be created
Resources:
# EC2用セキュリティグループ(全ての通信を許可)
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub '${Environment}-ec2-sg'
GroupDescription: !Sub 'Security group for ${Environment} EC2 instances - Allow all traffic'
VpcId: !Ref VPCId
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Description: Allow all inbound traffic
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic
Tags:
- Key: Name
Value: !Sub '${Environment}-ec2-sg'
- Key: Environment
Value: !Ref Environment
Outputs:
EC2SecurityGroupId:
Description: EC2 Security Group ID
Value: !Ref EC2SecurityGroup
Export:
Name: !Sub '${Environment}-EC2-SG-ID'
dev-sg.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Security Group for DEV Environment EC2 instances'
Parameters:
Environment:
Type: String
Default: 'dev'
Description: Environment prefix for resource names
VPCId:
Type: String
Description: VPC ID where the security group will be created
Resources:
# EC2用セキュリティグループ(全ての通信を許可)
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub '${Environment}-ec2-sg'
GroupDescription: !Sub 'Security group for ${Environment} EC2 instances - Allow all traffic'
VpcId: !Ref VPCId
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Description: Allow all inbound traffic
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic
Tags:
- Key: Name
Value: !Sub '${Environment}-ec2-sg'
- Key: Environment
Value: !Ref Environment
Outputs:
EC2SecurityGroupId:
Description: EC2 Security Group ID
Value: !Ref EC2SecurityGroup
Export:
Name: !Sub '${Environment}-EC2-SG-ID'
prd-sg.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Security Group for PRD Environment EC2 instances'
Parameters:
Environment:
Type: String
Default: 'prd'
Description: Environment prefix for resource names
VPCId:
Type: String
Description: VPC ID where the security group will be created
Resources:
# EC2用セキュリティグループ(全ての通信を許可)
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub '${Environment}-ec2-sg'
GroupDescription: !Sub 'Security group for ${Environment} EC2 instances - Allow all traffic'
VpcId: !Ref VPCId
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Description: Allow all inbound traffic
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
Description: Allow all outbound traffic
Tags:
- Key: Name
Value: !Sub '${Environment}-ec2-sg'
- Key: Environment
Value: !Ref Environment
Outputs:
EC2SecurityGroupId:
Description: EC2 Security Group ID
Value: !Ref EC2SecurityGroup
Export:
Name: !Sub '${Environment}-EC2-SG-ID'
EC2のデプロイ
3つのVPCに一気にデプロイします。
ec2-key.pemという名前でキーペアを事前に作成しておいてください。
AWSTemplateFormatVersion: '2010-09-09'
Description: 'EC2 instances for DEV, STG, and PRD Environments in Ohio Region'
Parameters:
# 共通パラメータ
KeyPairName:
Type: String
Default: 'ec2-key'
Description: Name of an existing EC2 KeyPair (ec2-key.pem)
# DEV環境のパラメータ
DevVPCId:
Type: String
Default: 'vpc-xxxxxxxxx'
Description: VPC ID for DEV environment (172.16.0.0/16)
DevSubnetId:
Type: String
Default: 'subnet-xxxxxxxxx'
Description: Subnet ID for DEV environment (172.16.1.0/24)
DevSecurityGroupId:
Type: String
Default: 'sg-xxxxxxxxx'
Description: Security Group ID for DEV environment (dev-ec2-sg)
# STG環境のパラメータ
StgVPCId:
Type: String
Default: 'vpc-yyyyyyyyy'
Description: VPC ID for STG environment (10.0.0.0/16)
StgSubnetId:
Type: String
Default: 'subnet-yyyyyyyyy'
Description: Subnet ID for STG environment (10.0.1.0/24)
StgSecurityGroupId:
Type: String
Default: 'sg-yyyyyyyyy'
Description: Security Group ID for STG environment (stg-ec2-sg)
# PRD環境のパラメータ
PrdVPCId:
Type: String
Default: 'vpc-zzzzzzzzz'
Description: VPC ID for PRD environment (192.168.0.0/16)
PrdSubnetId:
Type: String
Default: 'subnet-zzzzzzzzz'
Description: Subnet ID for PRD environment (192.168.1.0/24)
PrdSecurityGroupId:
Type: String
Default: 'sg-zzzzzzzzz'
Description: Security Group ID for PRD environment (prd-ec2-sg)
# インスタンスタイプ
InstanceType:
Type: String
Default: 't2.micro'
Description: EC2 instance type for all environments
AllowedValues:
- t2.micro
- t2.small
- t2.medium
- t3.micro
- t3.small
- t3.medium
# AMI ID (Ohio Region用)
LatestAmiId:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64
Description: Latest Amazon Linux 2023 AMI ID for us-east-2 (Ohio)
Resources:
# ========== DEV環境 ==========
# DEV用EC2インスタンス
DevEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceType
KeyName: !Ref KeyPairName
SubnetId: !Ref DevSubnetId
SecurityGroupIds:
- !Ref DevSecurityGroupId
Tags:
- Key: Name
Value: 'dev-ec2-instance'
- Key: Environment
Value: 'dev'
UserData:
Fn::Base64: |
#!/bin/bash
yum update -y
echo "Environment: dev" > /etc/environment-info
echo "Region: us-east-2 (Ohio)" >> /etc/environment-info
echo "Network: 172.16.0.0/16" >> /etc/environment-info
# ========== STG環境 ==========
# STG用EC2インスタンス
StgEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceType
KeyName: !Ref KeyPairName
SubnetId: !Ref StgSubnetId
SecurityGroupIds:
- !Ref StgSecurityGroupId
Tags:
- Key: Name
Value: 'stg-ec2-instance'
- Key: Environment
Value: 'stg'
UserData:
Fn::Base64: |
#!/bin/bash
yum update -y
echo "Environment: stg" > /etc/environment-info
echo "Region: us-east-2 (Ohio)" >> /etc/environment-info
echo "Network: 10.0.0.0/16" >> /etc/environment-info
# ========== PRD環境 ==========
# PRD用EC2インスタンス
PrdEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref LatestAmiId
InstanceType: !Ref InstanceType
KeyName: !Ref KeyPairName
SubnetId: !Ref PrdSubnetId
SecurityGroupIds:
- !Ref PrdSecurityGroupId
Tags:
- Key: Name
Value: 'prd-ec2-instance'
- Key: Environment
Value: 'prd'
UserData:
Fn::Base64: |
#!/bin/bash
yum update -y
echo "Environment: prd" > /etc/environment-info
echo "Region: us-east-2 (Ohio)" >> /etc/environment-info
echo "Network: 192.168.0.0/16" >> /etc/environment-info
Outputs:
# ========== DEV環境のOutputs ==========
DevEC2InstanceId:
Description: DEV EC2 Instance ID
Value: !Ref DevEC2Instance
Export:
Name: 'dev-EC2-Instance-ID'
DevEC2PublicIP:
Description: DEV EC2 Public IP Address
Value: !GetAtt DevEC2Instance.PublicIp
Export:
Name: 'dev-EC2-Public-IP'
DevEC2PrivateIP:
Description: DEV EC2 Private IP Address (172.16.x.x)
Value: !GetAtt DevEC2Instance.PrivateIp
Export:
Name: 'dev-EC2-Private-IP'
DevSSHCommand:
Description: SSH command for DEV environment
Value: !Sub 'ssh -i ec2-key.pem ec2-user@${DevEC2Instance.PublicIp}'
# ========== STG環境のOutputs ==========
StgEC2InstanceId:
Description: STG EC2 Instance ID
Value: !Ref StgEC2Instance
Export:
Name: 'stg-EC2-Instance-ID'
StgEC2PublicIP:
Description: STG EC2 Public IP Address
Value: !GetAtt StgEC2Instance.PublicIp
Export:
Name: 'stg-EC2-Public-IP'
StgEC2PrivateIP:
Description: STG EC2 Private IP Address (10.0.x.x)
Value: !GetAtt StgEC2Instance.PrivateIp
Export:
Name: 'stg-EC2-Private-IP'
StgSSHCommand:
Description: SSH command for STG environment
Value: !Sub 'ssh -i ec2-key.pem ec2-user@${StgEC2Instance.PublicIp}'
# ========== PRD環境のOutputs ==========
PrdEC2InstanceId:
Description: PRD EC2 Instance ID
Value: !Ref PrdEC2Instance
Export:
Name: 'prd-EC2-Instance-ID'
PrdEC2PublicIP:
Description: PRD EC2 Public IP Address
Value: !GetAtt PrdEC2Instance.PublicIp
Export:
Name: 'prd-EC2-Public-IP'
PrdEC2PrivateIP:
Description: PRD EC2 Private IP Address (192.168.x.x)
Value: !GetAtt PrdEC2Instance.PrivateIp
Export:
Name: 'prd-EC2-Private-IP'
PrdSSHCommand:
Description: SSH command for PRD environment
Value: !Sub 'ssh -i ec2-key.pem ec2-user@${PrdEC2Instance.PublicIp}'