LoginSignup
15
14

More than 5 years have passed since last update.

@okamura-s(shinsuke okamura)in株式会社 信興テクノミスト

CloudFormationでクロススタック参照(YAML版)

Posted at

はじめに

今回はCloudFormationのクロススタック参照を試してみたいと思います。
前回作成したVPCテンプレートを修正し、S3&VPCエンドポイントのテンプレートから参照できるようにいたします。

AWS CloudFormation で YAML テンプレートとクロススタックリファレンスをサポート

テンプレートファイル

VPC作成テンプレートでOutputsセクションを追加し、
ルートテーブルとサブネットをエクスポートするように記載しております。
※Exportする名前はAWSアカウントおよびリージョンで一意にする必要があるので
 被らないように命名規則を作ってください。
 今回はリソース同様、<環境>-<システム名>-<リソース名>という形にしてます。

以下、VPC作成テンプレート

CFn_CreateVPCsubnet.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description:
  VPC & subnet create
Parameters:
  EnvType:
    Description: Environment type.
    Default: dev
    Type: String
    AllowedValues:
      - dev
      - mnt
      - prd
    ConstraintDescription: must specify dev or mnt or prd.
  ProjectId:
    Description: Project name id.
    Type: String
    MinLength: "3"
    MaxLength: "3"
    AllowedPattern: "[a-zA-Z0-9]*"
    ConstraintDescription: must specify Project id.

Resources:
# Create VPC
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/24
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      InstanceTenancy: default
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"vpc" ] ]

# Create Public RouteTable
  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MyVPC
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"pub-route" ] ]

# Create Private RouteTable
  PrivateRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MyVPC
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"pri-route" ] ]

# Create Public Subnet A
  PublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.0.0/27
      AvailabilityZone: "ap-northeast-1a"
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"PublicSunetA" ] ]
  PubSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetA
      RouteTableId: !Ref PublicRouteTable

# Create Public Subnet C
  PublicSubnetC:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.0.32/27
      AvailabilityZone: "ap-northeast-1c"
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"PublicSunetC" ] ]
  PubSubnetCRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnetC
      RouteTableId: !Ref PublicRouteTable

# Create Private Subnet A
  PrivateSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.0.64/27
      AvailabilityZone: "ap-northeast-1a"
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"PrivateSubnetA" ] ]
  PriSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnetA
      RouteTableId: !Ref PrivateRouteTable

# Create Private Subnet C
  PrivateSubnetC:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.0.96/27
      AvailabilityZone: "ap-northeast-1c"
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"PrivateSubnetC" ] ]
  PriSubnetCRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnetC
      RouteTableId: !Ref PrivateRouteTable

# Create InternetGateway
  myInternetGateway:
    Type: "AWS::EC2::InternetGateway"
    Properties:
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"igw" ] ]
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MyVPC
      InternetGatewayId: !Ref myInternetGateway

# Create VPNGateway
  myVPNGateway:
    Type: "AWS::EC2::VPNGateway"
    Properties:
      Type: ipsec.1
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"vgw" ] ]
  AttachVpnGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MyVPC
      VpnGatewayId: !Ref myVPNGateway

# Route for InternetGateway or VPNGateway
  myRoute:
    Type: AWS::EC2::Route
    DependsOn: myInternetGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myInternetGateway
      #GatewayId: !Ref myVPNGateway

Outputs:
  StackVPC:
    Description: The ID of the VPC
    Value: !Ref MyVPC
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId" , "vpcid"]]

  PublicRouteTable:
    Description: The ID of the PublicRouteTable
    Value: !Ref PublicRouteTable
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PublicRouteTable"]]

  PrivateRouteTable:
    Description: The ID of the PrivateRouteTable
    Value: !Ref PrivateRouteTable
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PrivateRouteTable"]]

  StackPubSubnetA:
    Description: The ID of the VPC Subnet
    Value: !Ref PublicSubnetA
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PublicSubnetA"]]

  StackPubSubnetB:
    Description: The ID of the VPC Subnet
    Value: !Ref PublicSubnetC
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PublicSubnetC"]]

  StackPriSubnetA:
    Description: The ID of the VPC Subnet
    Value: !Ref PrivateSubnetA
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PrivateSubnetA"]]

  StackPriSubnetB:
    Description: The ID of the VPC Subnet
    Value: !Ref PrivateSubnetC
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PrivateSubnetC"]]

"Fn::ImportValue"の箇所で、上記のエクスポートした情報をインポートしています。
VPCとルートテーブルを利用しています。

以下、S3&VCPエンドポイント作成

CFn_CreateS3.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description:
  S3 & VPC Endpoint create
Parameters:
  EnvType:
    Description: Environment type.
    Default: dev
    Type: String
    AllowedValues:
      - dev
      - mnt
      - prd
    ConstraintDescription: must specify dev or mnt or prd.
  ProjectId:
    Description: Project name id.
    Type: String
    MinLength: "3"
    MaxLength: "3"
    AllowedPattern: "[a-zA-Z0-9]*"
    ConstraintDescription: must specify Project id.

Resources:
# Create S3 by log
  LogS3:
    Type: "AWS::S3::Bucket"
    Properties:
      BucketName: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"logbucket" ] ]
      Tags:
      - Key: Name
        Value: !Join [ "-", [ "Ref":"EnvType" , "Ref":"ProjectId" ,"LogBucket" ] ]

  LogS3Endpoint:
    Type: "AWS::EC2::VPCEndpoint"
    Properties:
      RouteTableIds:
        - { "Fn::ImportValue": !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PublicRouteTable"]] }
        - { "Fn::ImportValue": !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "PrivateRouteTable"]] }
      ServiceName:
        !Sub "com.amazonaws.${AWS::Region}.s3"
      VpcId: { "Fn::ImportValue": !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId" , "vpcid"]] }

Outputs:
  LogS3:
    Description: Log S3 Bucket
    Value: !Ref LogS3
    Export:
      Name: !Join [ "-", [ "Ref":"EnvType", "Ref":"ProjectId", "LogBucket"]]

ちなみに短縮形多用しておりますが、ImportValueのところは以下のエラーがでたため、短縮形の利用を諦めました。
```
Template validation error: Template format error: YAML not well-formed. (line 36, column 26)

まとめ

組み込み関数の組み合わせでエラーが多発して手こずりましたが、なんとかできました。
次はEC2インスタンスに挑戦したいと思います!

ちなみにエンドポイント作成はクロススタック参照せず、
VPC作成テンプレートに入れたほうがよいと後から思いました笑

15
14
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
15
14