In this post, we present a sample CloudFormation template. The template will set up the following components
- VPC
- Subnet inside the VPC.
- Internet gateway. The internet gateway allows the subnet to connect to the public internet.
- Route table. This route table is associated with the subnet.
- Security Group
- EC2 instance
A bottom-up explanation of different components is as follows:
- An EC2 instance needs to be in a subnet and the host-level security control is done through the security group.
- A subnet needs to know where to send traffic. Therefore, it needs a route table. The association between a subnet and a route table is represented by AWS::EC2::SubnetRouteTableAssociation.
- A route table contains routes, which is represented by AWS::EC2::Route.
- To open the traffic to public, we could use the internet gateway whose usage is referenced in a AWS::EC2::Route instance.
The configuration can be confusing. Part of the reason is that there are different ways to represent the association between two components. For example, we could use !Ref or create an association type that has references to the associated components.
Here is a sample CloudFormation template.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
AWSTemplateFormatVersion: "2010-09-09"
Resources:
# VPC Sectoin
MyVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.66.123.0/24
EnableDnsHostnames: false
EnableDnsSupport: false
Tags:
- Key: Name
Value: my-vpc
# Subnet Section
MySubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVpc
CidrBlock: 10.66.123.192/26
AvailabilityZone: "us-east-1a"
Tags:
- Key: Name
Value: my-subnet
# Internet Gateway Section
# - This allows us to make the subnet public.
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: my-internet-gateway
MyInternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyInternetGateway
VpcId: !Ref MyVpc
# Route Table Section
MyRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpc
Tags:
- Key: Name
Value: my-route-table
# Set up a public route. Note that this is associated with the route table.
MyPublicRoute:
Type: AWS::EC2::Route
DependsOn: MyInternetGateway
Properties:
RouteTableId: !Ref MyRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyInternetGateway
# Associate the route table with the VPC.
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyRouteTable
SubnetId: !Ref MySubnet
# Security Group Section
MyEC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref MyVpc
GroupDescription: EC2 Security Group
GroupName: MyEC2SecurityGroup
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: <some-value>
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourcePrefixListId: <some-value>
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: <some-value>
- IpProtocol: icmp
FromPort: -1
ToPort: -1
SourcePrefixListId: <some-value>
# EC2 Instance Section
Node1:
Type: AWS::EC2::Instance
Properties:
Tags:
- Key: Name
Value: my-node-1
Instancetype: t2.micro
ImageId: ami-0aeeebd8d2ab47354
# PrivateIpAddress: <some-value>
NetworkInterfaces:
- AssociatePublicIpAddress: "true"
DeviceIndex: "0"
GroupSet:
- !Ref MyEC2SecurityGroup
SubnetId: !Ref MySubnet
# Output Section
Outputs:
MyVpc:
Value: !Ref MyVpc
MySubnet:
Value: !Ref MySubnect
MyInternetGateway:
Value: !Ref MyInternetGateway
MyInternetGatewayAttachment:
Value: !Ref MyInternetGatewayAttachment
MyRouteTable:
Value: !Ref MyRouteTable
MyPublicRoute:
Value: !Ref MyPublicRoute
SubnetRouteTableAssociation:
Value: !Ref SubnetRouteTableAssociation
MyEC2SecurityGroup:
Value: !Ref MyEC2SecurityGroup
Node1:
Value: !Ref Node1
----- END -----
©2019 - 2023 all rights reserved
Want some fun stuff?
