LoginSignup
2
0

More than 1 year has passed since last update.

@tatsuya11bbs(Tatsuya)

Cloudformation基礎

Posted at

はじめに

Cloudformationを触る機会があったので型をメモとして残しておきます。

まずはこれ

AWSTemplateFormatVersion: 2010-09-09
Description: XXXXX

VPC

myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16 
      EnableDnsSupport: true
      Tags:
        - Key: Name 
          Value: vpc

Subnet

  • AZとVPCの指定をする
PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: ap-northeast-1a 
      VpcId: !Ref myVPC 
      CidrBlock: 10.0.0.0/24 
      Tags:
        - Key: Name 
          Value: public-subnet

InternetGateway

  • IGWの作成とVPCにアタッチする作業
myigw:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name 
          Value: igw-cfn 

AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref myVPC 
      InternetGatewayId: !Ref myigw

Natgateway

  • NATを経由するとプライベートIPをパブリックIPに変換するからEIPが必要になる?
  • NatgatewayはEIPとサブネットを紐付ける
  • !GetAtt : テンプレートの属性からリソースを返す
        - ex ) !GetAtt myELB.DNSName
        -  !GetAtt logicalNameOfResource.attributeName
NATGatewayEIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

NATGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NATGatewayEIP.AllocationId
      SubnetId: !Ref PublicSubnet
      Tags:
        - Key: Name
          Value: test-natgw

RouteTable

  • VPCに紐付けたルートテーブルを定義
  • Routeを追加する際は、RouteTableIdを指定する
  • SubnetRouteTableAssociateで定義したルートテーブルをサブネットに紐付け
routeTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC 
      Tags:
        - Key: Name 
          Value: routetable 
RouteIgw:
    Type: AWS::EC2::Route
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myigw 
      RouteTableId: !Ref routeTable 
 
RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref routeTable
      SubnetId: !Ref PublicSubnet

EC2

myEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-09ebacdc178ae23b7 
      InstanceType: t2.micro
      SubnetId : !Ref PublicSubnet
      SecurityGroupIds:
        - !Ref SSHSecurityGroup
        - !Ref HTTPSecurityGroup
      Tags:
        - Key: Name 
          Value: ec2-based-on-cfn  

SSHSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Enable SSH access via port 22
        GroupName: test
        VpcId: !Ref myVPC
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: 22
              ToPort: 22
              CidrIp: 0.0.0.0/0

HTTPSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: HTTP access port 80
        GroupName: test1
        VpcId: !Ref myVPC
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: 80
              ToPort: 80
              CidrIp: 0.0.0.0/0

終わりに

触って慣れるしかないですね、、
今後この記事は更新していきたいと思います。

2
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
0