Let's create a VPC environment with CloudFormation (how to write a template file)
2019.03.22
0 
table of contents
Hello everyone,
I'm Okazaki, a member of the SRE team in the System Solutions Department.
I've been involved in a lot of AWS development projects, and I've had many opportunities to use CloudFormation. I'd like to introduce a simple way to use it.
In this article, I'll explain how to fill out the template file required to run CloudFormation.
What is CloudFormation?
CloudFormation is a service provided by AWS that allows you to manage and build resources in the AWS cloud environment using YML and JSON format files.
You can manage the launch, stop, and deletion of AWS resources in units called stacks from a single console, rather than from each console.
While costs will be incurred for EC2 instances built with CloudFormation, there are no additional charges for CloudFormation itself.
Building around VPC
Let's create a VPC using CloudFormation based on the following yml file
vpc.yml
--- AWSTemplateFormatVersion: '2010-09-09' # Parameter settings Parameters: # Enter each identifier ProjectCode: Type: String Default: test Description: Project Code # Enter VPC CIDR VPCCidr: Type: String Default: 10.31.0.0/16 Description: VPCCidr # Enter Subnet CIDR PublicSubnetCidr: Type: String Default: 10.31.0.0/24 Description: PublicSubnetCidr Resources: # VPC related #VPC settings VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ] # Internet gateway settings InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, igw ] ] AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTableIGW: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ] PublicRouteIGW: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTableIGW DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway # Subnet settings PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC AvailabilityZone: ap-northeast-1a CidrBlock: !Ref PublicSubnetCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]
Explanation of each item
Now let me explain the above yml file
--- AWSTemplateFormatVersion: '2010-09-09'
Enter the format version of the CloudFormation template.
The current latest template format version is 2010-09-09,
which is the only valid value as of March 21, 2019.
# Parameter settings Parameters: # Enter each identifier ProjectCode: Type: String Default: test Description: Project Code # Enter VPC CIDR VPCCidr: Type: String Default: 10.31.0.0/16 Description: VPCCider # Enter Subnet CIDR PublicSubnetCidr: Type: String Default: 10.31.0.0/24 Description: PublicSubnetCider
When creating each resource, it's fine to create the same values each time, but
there may be times when you want to change values for ease of operation.
In CloudFormation, you can freely change these values in the "Parameters" section.
In the sample file, a common identifier for each resource is set as ProjectCode, and
the default value is set to test, but you can freely enter this for each stack.
The VPC CIDR and Subnet CIDR are also set as default values, but you can also set the values on a stack-by-stack basis.
Resources: # VPC related # VPC settings VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ]
The section above called "Resources" is where you manage AWS resources.
The VPC part is called a logical ID, and can be set to any value, and can also be called from other resources.
However, if each is not unique, an error will occur at runtime.
The Type:~ part is where you define the actual AWS resource. The part
under Properties is where you configure the VPC itself, and the VPCCidr parameter mentioned earlier is called with a function called Ref, which calls the predefined CIDR and inserts it into the CidrBlock.
In this case, we are only configuring the CidrBlock in the VPC, but detailed settings can be found on the official AWS website, so please check it out.
About the official AWS "AWS::EC2::VPC"
In addition, a Name tag is added to the Tags section for ease of understanding.
Here too, the Value section is joined using the Join function so that it is tagged with the identifier -vpc.
AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTableIGW: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ] PublicRouteIGW: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTableIGW DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway # Subnet settings PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC AvailabilityZone: ap-northeast-1a CidrBlock: !Ref PublicSubnetCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]
Other resources are declared in the same way using Type:~, detailed settings are made in Properties, and the Name tag is linked
summary
This time I explained how to write the template files required to build a VPC with CloudFormation, but the
actual execution part will be long, so I will write about it next time.
You probably launch AWS resources manually every day, but using tools like this
will help reduce the amount of work, so if you use AWS frequently,
I would definitely recommend using it, as it is free to use.
0
Loading...0
The person who wrote this article
About the author
