More than 1 year has passed since last update.

Cloudformation基礎

Posted at 2022-04-10

はじめに

Cloudformationを触る機会があったので型をメモとして残しておきます。

まずはこれ

AWSTemplateFormatVersion: 2010-09-09
Description: XXXXX

VPC

myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16 
      EnableDnsSupport: true
      Tags:
        - Key: Name 
          Value: vpc

Subnet

AZとVPCの指定をする

PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ap-northeast-1a 
      VpcId: !Ref myVPC 
      CidrBlock: 10.0.0.0/24 
      Tags:
        - Key: Name 
          Value: public-subnet

InternetGateway

IGWの作成とVPCにアタッチする作業

myigw:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name 
          Value: igw-cfn 

AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref myVPC 
      InternetGatewayId: !Ref myigw

Natgateway

NATを経由するとプライベートIPをパブリックIPに変換するからEIPが必要になる？
NatgatewayはEIPとサブネットを紐付ける
!GetAtt : テンプレートの属性からリソースを返す
　　　　-　ex ) !GetAtt myELB.DNSName
　　　　-　 !GetAtt logicalNameOfResource.attributeName

NATGatewayEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

NATGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NATGatewayEIP.AllocationId
      SubnetId: !Ref PublicSubnet
      Tags:
        - Key: Name
          Value: test-natgw

RouteTable

VPCに紐付けたルートテーブルを定義
Routeを追加する際は、RouteTableIdを指定する
SubnetRouteTableAssociateで定義したルートテーブルをサブネットに紐付け

routeTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC 
      Tags:
        - Key: Name 
          Value: routetable 
RouteIgw:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myigw 
      RouteTableId: !Ref routeTable 
 
RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref routeTable
      SubnetId: !Ref PublicSubnet

EC2

myEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-09ebacdc178ae23b7 
      InstanceType: t2.micro
      SubnetId : !Ref PublicSubnet
      SecurityGroupIds:
        - !Ref SSHSecurityGroup
        - !Ref HTTPSecurityGroup
      Tags:
        - Key: Name 
          Value: ec2-based-on-cfn

SSHSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Enable SSH access via port 22
        GroupName: test
        VpcId: !Ref myVPC
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: 22
              ToPort: 22
              CidrIp: 0.0.0.0/0

HTTPSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: HTTP access port 80
        GroupName: test1
        VpcId: !Ref myVPC
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: 80
              ToPort: 80
              CidrIp: 0.0.0.0/0

終わりに

触って慣れるしかないですね、、
今後この記事は更新していきたいと思います。

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up