概要
AWS CloudFormationでインフラ構築を自動化する。
今回はいわゆるWeb-DB構成を作成する。
目的
- CloudFormationに慣れる
- 構築の自動化
- 構築の冪等性の確保
- 構築内容・手順の可視化(IaC)
今回作成する構成
処理概要
作成したテンプレート
AWSTemplateFormatVersion: "2010-09-09" Description: Create EC2 Instance Parameters: InstanceType: Description: WebServer EC2 Instance type Type: String Default: t2.micro AllowedValues: - t1.micro - t2.nano - t2.micro - t2.small - t2.medium - t2.large ConstraintDescription: must be a valid EC2 instance type KeyName: Description: Name of an existing EC2 KeyPair Type: AWS::EC2::KeyPair::KeyName Default: keypair01 ConstraintDescription: Can contain onluy ASCII characters SSHLocation: Description: IP address range that con be userd to SSH to the EC2 instances Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x DBMasterUserName: Type: String Default: admin DBMasterUserPassword: Type: String Default: password EngineVersion: Type: String Default: 5.7.12 InstanceClass: Type: String Default: db.t2.small AllowedValues: - db.t2.micro - db.t2.small - db.t2.medium - db.t2.large - db.t2.xlarge - db.t2.2xlarge Mappings: RegionMap: ap-northeast-1: hvm: "ami-001f026eaf69770b4" ap-southeast-1: hmv: "ami-0e8e39877665a7c92" AzMap: AZ1: AZ: ap-northeast-1a AZ2: AZ: ap-northeast-1c Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: vpc PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/24 AvailabilityZone: !FindInMap [AzMap, AZ1, AZ] Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: publicsubnet-az1 PublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.1.0/24 AvailabilityZone: !FindInMap [AzMap, AZ2, AZ] Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: publicsubnet-az2 PrivateSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.2.0/24 AvailabilityZone: !FindInMap [AzMap, AZ1, AZ] Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: privatesubnet-az1 PrivateSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.3.0/24 AvailabilityZone: !FindInMap [AzMap, AZ2, AZ] Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: privatesubnet-az2 InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: igw AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Application Value: !Ref AWS::StackId - Key: Name Value: rt Route: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref RouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref RouteTable PublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet2 RouteTableId: !Ref RouteTable ElasticIP1: Type: AWS::EC2::EIP DependsOn: AttachGateway Properties: Domain: vpc InstanceId: !Ref EC2Instance1 Tags: - Key: Name Value: eip1 ElasticIP2: Type: AWS::EC2::EIP DependsOn: AttachGateway Properties: Domain: vpc InstanceId: !Ref EC2Instance2 Tags: - Key: Name Value: eip2 InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VPC GroupDescription: Enable SSH access via port 22 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref SSHLocation Tags: - Key: Name Value: securitygroup-ec2 EC2Instance1: Type: AWS::EC2::Instance DependsOn: AttachGateway Properties: ImageId: Fn::FindInMap: [RegionMap, !Ref AWS::Region, hvm] InstanceType: !Ref InstanceType KeyName: !Ref KeyName Tags: - Key: Name Value: ec2-az1 NetworkInterfaces: - GroupSet: - !Ref InstanceSecurityGroup AssociatePublicIpAddress: true DeviceIndex: 0 DeleteOnTermination: true SubnetId: !Ref PublicSubnet1 EC2Instance2: Type: AWS::EC2::Instance DependsOn: AttachGateway Properties: ImageId: Fn::FindInMap: [RegionMap, !Ref AWS::Region, hvm] InstanceType: !Ref InstanceType KeyName: !Ref KeyName Tags: - Key: Name Value: ec2-az2 NetworkInterfaces: - GroupSet: - !Ref InstanceSecurityGroup AssociatePublicIpAddress: true DeviceIndex: 0 DeleteOnTermination: true SubnetId: !Ref PublicSubnet2 DBSubnetGroup: Type: AWS::RDS::DBSubnetGroup Properties: DBSubnetGroupDescription: DBSubnetGroup DBSubnetGroupName: dbsubnetgroup SubnetIds: - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 Tags: - Key: Name Value: dbsubnetgroup DBSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: SecurityGroup SecurityGroupIngress: - CidrIp: 0.0.0.0/0 FromPort: 3306 IpProtocol: tcp ToPort: 3306 VpcId: !Ref VPC Tags: - Key: Name Value: securitygroup-db DBClusterParameterGroup: Type: AWS::RDS::DBClusterParameterGroup Properties: Description: DBCluster Family: aurora-mysql5.7 Parameters: time_zone: Asia/Tokyo DBCluster: Type: AWS::RDS::DBCluster Properties: DBClusterIdentifier: dbcluster DBClusterParameterGroupName: !Ref DBClusterParameterGroup DBSubnetGroupName: !Ref DBSubnetGroup DatabaseName: db Engine: aurora-mysql EngineVersion: !Ref EngineVersion MasterUserPassword: !Ref DBMasterUserPassword MasterUsername: !Ref DBMasterUserName VpcSecurityGroupIds: - !Ref DBSecurityGroup Tags: - Key: Name Value: dbcluster DeletionPolicy: Delete DBInstance1: Type: AWS::RDS::DBInstance Properties: DBClusterIdentifier: !Ref DBCluster DBInstanceClass: !Ref InstanceClass Engine: aurora-mysql AvailabilityZone: !FindInMap [AzMap, AZ1, AZ] Tags: - Key: Name Value: db-az1 DBInstance2: Type: AWS::RDS::DBInstance Properties: DBClusterIdentifier: !Ref DBCluster DBInstanceClass: !Ref InstanceClass Engine: aurora-mysql AvailabilityZone: !FindInMap [AzMap, AZ2, AZ] Tags: - Key: Name Value: db-az2