AWS CloudFormationの勉強
基本的な構成を作ってみた
- VPC、InternetGateway、RouteTable、Subnetの基本セット
- NetworkAclはとりあえず空
- SecurityGroupはWebサーバ用、DB用の2つ
- Webサーバ用EC2インスタンス2つにPublicIPが振られる
- RDBはMutiAZ、MutiAZで必要なDBSubnetGroup
- 図はCacooで書いた
JSONテンプレート
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "01 Start Cloud Formation",
"Parameters" : {
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "t2.micro",
"AllowedValues" : [ "t2.micro","t2.small","t2.medium","m3.medium","m3.large","m3.xlarge","m3.2xlarge","c4.large","c4.xlarge","c4.2xlarge","c4.4xlarge","c4.8xlarge","c3.large","c3.xlarge","c3.2xlarge","c3.4xlarge","c3.8xlarge","r3.large","r3.xlarge","r3.2xlarge","r3.4xlarge","r3.8xlarge","i2.xlarge","i2.2xlarge","i2.4xlarge","i2.8xlarge","d2.xlarge","d2.2xlarge","d2.4xlarge","d2.8xlarge","g2.2xlarge","g2.8xlarge" ],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "String",
"MinLength": "1",
"MaxLength": "255",
"AllowedPattern" : "[\\x20-\\x7E]*",
"ConstraintDescription" : "can contain only ASCII characters."
},
"SSHLocation" : {
"Description" : " The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"DBUser": {
"NoEcho": "true",
"Description" : "The database admin account username",
"Type": "String",
"MinLength": "1",
"MaxLength": "16",
"AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*",
"ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters."
},
"DBPassword": {
"NoEcho": "true",
"Description" : "The database admin account password",
"Type": "String",
"MinLength": "8",
"MaxLength": "41",
"AllowedPattern" : "[a-zA-Z0-9]*",
"ConstraintDescription" : "must contain only alphanumeric characters."
}
},
"Mappings" : {
},
"Conditions" : {
},
"Resources" : {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock" : "10.0.0.0/16",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"SubnetPublicAZa" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "10.0.10.0/24",
"AvailabilityZone": "ap-northeast-1a",
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"SubnetPublicAZc" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "10.0.11.0/24",
"AvailabilityZone": "ap-northeast-1c",
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"SubnetPrivateAZa" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "10.0.20.0/24",
"AvailabilityZone": "ap-northeast-1a",
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"SubnetPrivateAZc" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "10.0.21.0/24",
"AvailabilityZone": "ap-northeast-1c",
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"InternetGateway" : {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"InternetGatewayAttach" : {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": { "Ref" : "VPC" },
"InternetGatewayId": { "Ref" : "InternetGateway" }
}
},
"RouteTable" : {
"Type": "AWS::EC2::RouteTable",
"Properties" : {
"VpcId": { "Ref" : "VPC" },
"Tags": [
{
"Key": "Application",
"Value": { "Ref" : "AWS::StackId" }
}
]
}
},
"Route" : {
"Type": "AWS::EC2::Route",
"DependsOn": "InternetGatewayAttach",
"Properties": {
"RouteTableId": { "Ref" : "RouteTable" },
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": { "Ref" : "InternetGateway" }
}
},
"SubnetRouteTableAssociationPublicAZa" : {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref" : "SubnetPublicAZa" },
"RouteTableId": { "Ref" : "RouteTable" }
}
},
"SubnetRouteTableAssociationPublicAZc" : {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref" : "SubnetPublicAZc" },
"RouteTableId": { "Ref" : "RouteTable" }
}
},
"SubnetRouteTableAssociationPrivateAZa" : {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref" : "SubnetPublicAZa" },
"RouteTableId": { "Ref" : "RouteTable" }
}
},
"SubnetRouteTableAssociationPrivateAZc" : {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": { "Ref" : "SubnetPublicAZc" },
"RouteTableId": { "Ref" : "RouteTable" }
}
},
"NetworkAcl" : {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {"Ref" : "VPC"},
"Tags": [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ]
}
},
"SecurityGroupWeb" : {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": { "Ref" : "VPC" },
"GroupDescription": "Web Server security group",
"SecurityGroupIngress": [
{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : { "Ref" : "SSHLocation"}
},
{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}
]
}
},
"SecurityGroupDb" : {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": { "Ref" : "VPC" },
"GroupDescription": "Database Server security group",
"SecurityGroupIngress": [
{
"IpProtocol" : "tcp",
"FromPort" : "3306",
"ToPort" : "3306",
"SourceSecurityGroupId" : { "Ref" : "SecurityGroupWeb"}
}
]
}
},
"InstanceWebServerAZa": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-cbf90ecb",
"InstanceType": { "Ref" : "InstanceType" },
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeviceIndex": 0,
"GroupSet": [
{ "Ref" : "SecurityGroupWeb" }
],
"SubnetId": {
"Ref": "SubnetPublicAZa"
}
}
],
"Monitoring": false,
"KeyName": { "Ref" : "KeyName" },
"UserData": "",
"Tags": [
{
"Key": "Name",
"Value": "app-web"
}
]
}
},
"InstanceWebServerAZc": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-cbf90ecb",
"InstanceType": { "Ref" : "InstanceType" },
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeviceIndex": 0,
"GroupSet": [
{ "Ref" : "SecurityGroupWeb" }
],
"SubnetId": {
"Ref": "SubnetPublicAZc"
}
}
],
"Monitoring": false,
"KeyName": { "Ref" : "KeyName" },
"UserData": "",
"Tags": [
{
"Key": "Name",
"Value": "app-web"
}
]
}
},
"DBSubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties" : {
"DBSubnetGroupDescription" : "db subnet group",
"SubnetIds" : [
{ "Ref": "SubnetPrivateAZa" },
{ "Ref": "SubnetPrivateAZc" }
]
}
},
"DBParameterGroup": {
"Type": "AWS::RDS::DBParameterGroup",
"Properties" : {
"Description": "My Parameter group",
"Family": "Mysql5.6"
}
},
"DBInstance": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"AllocatedStorage" : "20",
"AutoMinorVersionUpgrade" : false,
"BackupRetentionPeriod" : "7",
"DBInstanceClass" : "db.t2.micro",
"DBInstanceIdentifier" : "mydbinstance",
"DBName" : "myapp",
"DBParameterGroupName" : { "Ref" : "DBParameterGroup" },
"DBSubnetGroupName" : { "Ref" : "DBSubnetGroup" },
"Engine" : "MySQL",
"EngineVersion" : "5.6.22",
"MasterUsername" : { "Ref" : "DBUser" },
"MasterUserPassword" : { "Ref" : "DBPassword" },
"MultiAZ" : true,
"Port" : "3306",
"PreferredBackupWindow" : "04:00-04:30",
"PubliclyAccessible" : false,
"StorageType" : "gp2",
"VPCSecurityGroups" : [
{ "Ref" : "SecurityGroupDb" }
]
}
}
},
"Outputs" : {
}
}
リポジトリ
勉強の成果はこのリポジトリにコミットしてる
https://github.com/violetyk/study-aws-cloud-formation
