概要
AWS CloudFormationでインフラ構築を自動化する。
目的
- CloudFormationに慣れる
- 構築の自動化
- 構築の冪等性の確保
- 構築内容・手順の可視化(IaC)
今回作成する構成
いきなり複雑だと思うかもしれないが、「EC2インスタンスを1つ作成したい」という最小限の目的を達成しようとすると、「その周りのネットワークも作成しなければならない」のでこのようになった。
処理概要
- VPCを作成
- サブネットを作成
- インターネットゲートウェイを作成
- ルートテーブルを作成
- デフォルトゲートウェイを作成
- ElasticIPを作成
- セキュリティグループを作成
- EC2インスタンスを作成
作成したテンプレート
AWSTemplateFormatVersion: "2010-09-09" Description: Create EC2 Instance Parameters: InstanceType: Description: WebServer EC2 Instance type Type: String Default: t2.micro AllowedValues: - t1.micro - t2.nano - t2.micro - t2.small - t2.medium - t2.large ConstraintDescription: must be a valid EC2 instance type KeyName: Description: Name of an existing EC2 KeyPair Type: AWS::EC2::KeyPair::KeyName Default: keypair01 ConstraintDescription: Can contain onluy ASCII characters SSHLocation: Description: IP address range that con be userd to SSH to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x Mappings: RegionMap: ap-northeast-1: hvm: "ami-001f026eaf69770b4" ap-southeast-1: hmv: "ami-0e8e39877665a7c92" Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 Tags: - Key: Application Value: Ref: AWS::StackId - Key: Name Value: vpc-stack01 Subnet: Type: AWS::EC2::Subnet Properties: VpcId: Ref: VPC CidrBlock: 10.0.0.0/24 Tags: - Key: Application Value: Ref: AWS::StackId - Key: Name Value: subnet-stack01 InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Application Value: Ref: AWS::StackId - Key: Name Value: igw-stack01 AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: VPC InternetGatewayId: Ref: InternetGateway RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: VPC Tags: - Key: Application Value: Ref: AWS::StackId - Key: Name Value: rt-stack01 Route: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: Ref: RouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: InternetGateway SubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: Ref: Subnet RouteTableId: Ref: RouteTable IPAddress: Type: AWS::EC2::EIP DependsOn: AttachGateway Properties: Domain: vpc InstanceId: Ref: EC2Instance Tags: - Key: Name Value: eip-stack01 InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: Ref: VPC GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: Ref: SSHLocation Tags: - Key: Name Value: sg-stack01 EC2Instance: Type: AWS::EC2::Instance DependsOn: AttachGateway Properties: ImageId: Fn::FindInMap: [RegionMap, Ref: AWS::Region, hvm] InstanceType: Ref: InstanceType KeyName: Ref: KeyName Tags: - Key: Name Value: instance-stack01 NetworkInterfaces: - GroupSet: - Ref: InstanceSecurityGroup AssociatePublicIpAddress: true DeviceIndex: 0 DeleteOnTermination: true SubnetId: Ref: Subnet Outputs: URL: Value: { "Fn::Join" : [ "", ["http://", { "Fn::GetAtt" : ["EC2Instance", "PublicIp"] }]]} Description: Newly created application URL