Let's create a VPC environment with CloudFormation (how to write a template file)

Hello everyone,
this is Okazaki from the SRE team of the System Solutions Department.

I have been involved in construction on AWS for some time, and I would like to introduce a simple way to use "CloudFormation", which I have had many opportunities to come into contact with during that time.
This time, I will explain how to fill in the template file required to run CloudFormation.

What is CloudFormation? ?

This is a service that allows you to manage and build resources in the AWS cloud environment provided by AWS using yml and json format files.
You can manage starting, stopping, and deleting AWS resources in units called stacks from a single console instead of from each console.
There are fees for EC2 instances etc. built with CloudFormation, but there are no additional fees for CloudFormation itself.

Build around VPC

Now, let's create a VPC using CloudFormation based on the yml file below.

vpc.yml

--- AWSTemplateFormatVersion: '2010-09-09' # Parameter settings Parameters: # Enter each identifier ProjectCode: Type: String Default: test Description: Project Code # Enter the VPC CIDR VPCCidr: Type: String Default: 10.31. 0.0/16 Description: VPCCidr # Enter the CIDR of the Subnet PublicSubnetCidr: Type: String Default: 10.31.0.0/24 Description: PublicSubnetCidr Resources: # Around VPC #VPC settings VPC: Type: AWS::EC2::VPC Properties: CidrBlock : !Ref VPCCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ] # Internet gateway settings InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, igw ] ] AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTableIGW: Type: AWS::EC2: :RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ] PublicRouteIGW: Type: AWS::EC2: :Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTableIGW DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway # Subnet settings PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC AvailabilityZone : ap-northeast-1a CidrBlock: !Ref PublicSubnetCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]

Explanation for each item

Now, I will explain the above yml file.

--- AWSTemplateFormatVersion: '2010-09-09'

I am filling in the format version of the CloudFormation template.
The current latest template format version is 2010-09-09,
which is the only valid value as of March 21, 2019.

# Parameter settings Parameters: # Enter each identifier ProjectCode: Type: String Default: test Description: Project Code # Enter the VPC CIDR VPCCidr: Type: String Default: 10.31.0.0/16 Description: VPCCider # Enter the Subnet CIDR PublicSubnetCidr: Type: String Default: 10.31.0.0/24 Description: PublicSubnetCider

It's fine if you want to create a fixed value each time you create each resource, but
there may be times when you want to change the value to make it easier to use.
In CloudFormation, if you want to change these values ​​freely, you can set them in the "Parameters" section.
In the sample file, a common identifier for each resource is set as ProjectCode, and
the initial value is test, but you can freely enter it in the stack.
VPC Cidr and Subnet Cidr are also set as initial values, but in the same way, values ​​can be set for each stack.

Resources: # Around VPC #VPC settings VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCidr Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ]

The section that manages AWS resources is the "Resources" section above.
The VPC part is called a logical ID, which can be set to any value and can be called from other resources.
However, if each is not unique, an error will occur at runtime.
Type:~ is the part that defines the actual AWS resource.
The area under Properties is the settings for the VPC itself, and the VPCCidr parameter we mentioned earlier is called with a function called Ref, and the predefined CIDR is called and inserted into CidrBlock.
This time, only CidrBlock will be configured in VPC, but the detailed settings are available on the AWS official website, so please check it again.
About AWS official “AWS::EC2::VPC”

In addition, we have added a Name tag to make it easier to understand in the Tags section.
Here too, we use a function called Join to join the Value part so that it is tagged with the identifier -vpc.

  AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTableIGW: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ] PublicRouteIGW: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTableIGW DestinationCidrBlock: 0.0.0.0/ 0 GatewayId: !Ref InternetGateway # Subnet settings PublicSubnet: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: VpcId: !Ref VPC AvailabilityZone: ap-northeast-1a CidrBlock: !Ref PublicSubnetCidr Tags: - Key: Name Value : !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]

In the same way, for other resources, declare each resource with Type:~, make detailed settings in Properties, and link the Name tag.

summary

This time, I wrote about how to write the template file necessary to build a VPC with CloudFormation, but
since the actual execution part will be long, I would like to write it again next time.
You may have to start up AWS resources manually every day, but
I think using these tools can reduce the amount of work required, so if you often use AWS,
it is free to use. So I hope you will take advantage of it.