Let's create a VPC environment with CloudFormation (How to write a template file)
2019.03.22
0 
table of contents
Hello everyone,
I'm Okazaki from the SRE team in the System Solutions Department.
Having been involved in many AWS-based projects in the past, I'd like to introduce a simple way to use CloudFormation, which I've had many opportunities to use.
This time, I'll explain how to fill out the template file required to run CloudFormation.
What is CloudFormation?
This service allows you to manage and build resources within the AWS cloud environment using YAML and JSON files.
You can start, stop, and delete AWS resources in units called stacks, all from a single console rather than using separate consoles for each resource.
While there are costs associated with EC2 instances built using CloudFormation, there are no additional charges for CloudFormation itself.
Building around VPC
Let's create a VPC using CloudFormation based on the following yml file
vpc.yml
--- AWSTemplateFormatVersion: '2010-09-09' # Parameter settings Parameters: # Enter each identifier ProjectCode: Type: String Default: test Description: Project Code # Enter VPC CIDR VPCCidr: Type: String Default: 10.31.0.0/16 Description: VPCCidr # Enter Subnet CIDR PublicSubnetCidr: Type: String Default: 10.31.0.0/24 Description: PublicSubnetCidr Resources: # VPC related #VPC settings VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ] # Internet gateway settings InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, igw ] ] AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTableIGW: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ] PublicRouteIGW: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTableIGW DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway # Subnet settings PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC AvailabilityZone: ap-northeast-1a CidrBlock: !Ref PublicSubnetCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]
Explanation of each item
Now let me explain the above yml file
--- AWSTemplateFormatVersion: '2010-09-09'
This field specifies the format version of the CloudFormation template.
The current latest template format version is 2010-09-09,
which is the only valid value as of March 21, 2019.
# Parameter settings Parameters: # Enter each identifier ProjectCode: Type: String Default: test Description: Project Code # Enter VPC CIDR VPCCidr: Type: String Default: 10.31.0.0/16 Description: VPCCider # Enter Subnet CIDR PublicSubnetCidr: Type: String Default: 10.31.0.0/24 Description: PublicSubnetCider
When creating each resource, it's fine if you create the same values every time, but
there are times when you want to change the values to make management easier.
In CloudFormation, you can set these values freely in the "Parameters" section.
In the sample file, a common identifier for each resource is set as ProjectCode, and
the initial value is set to test, but you can freely enter values for each stack.
The VPC Cidr and Subnet Cidr are also set as initial values, but you can set the values in the same way on a per-stack basis.
Resources: # VPC related # VPC settings VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ]
The section for managing AWS resources is the "Resources" section mentioned above.
The VPC part is called a logical ID, and you can set any one you like, and it can be called from other resources.
However, if each one is not unique, an error will occur at runtime.
The "Type:~" part is where you define the actual AWS resources.
Under "Properties" is the setting part for the VPC itself, and the VPCCIDR parameter mentioned earlier is called using the "Ref" function to call the predefined CIDR and insert it into the CidrBlock.
In this case, we are only setting CidrBlock in the VPC, but for detailed settings, please refer to the official AWS documentation.
About AWS::EC2::VPC
Additionally, a Name tag has been added to the Tags section for clarity.
The Value section is also concatenated using the Join function so that it is tagged with the identifier-vpc.
AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTableIGW: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ] PublicRouteIGW: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTableIGW DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway # Subnet settings PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC AvailabilityZone: ap-northeast-1a CidrBlock: !Ref PublicSubnetCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]
Other resources are declared in the same way using Type:~, detailed settings are made in Properties, and the Name tag is linked
summary
This time, I've written about how to write the template file necessary to build a VPC with CloudFormation, but the
actual execution part would be too long, so I'll write about that next time.
You probably have to manually start AWS resources on a daily basis, but I think using tools like this
can reduce the amount of work involved, so if you use AWS often,
I highly recommend you try it since it's free to use.
0
Loading...0
The person who wrote this article
About the author
