在学习Cloudformation一段时间后写出了如下代码,分享一下。
介绍
创建了一个包含两个共有子网和两个私有子网的VPC,并且为它创建出了安全组(开放了80端口用于httpd服务,22端口用于ssh连接)。最后还有一个EC2实例用于测试,成功如下。
代码
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Deploy a VPC",
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"Tags": [
{
"Key": "Name",
"Value": "Lab VPC"
}
]
}
},
"EIP1": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "VPC"
}
},
"EIP2": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "VPC"
}
},
"NAT1": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"EIP1",
"AllocationId"
]
},
"SubnetId": {
"Ref": "PublicSubnet1"
},
"Tags": [
{
"Key": "Name",
"Value": "NAT1"
}
]
}
},
"NAT2": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"EIP2",
"AllocationId"
]
},
"SubnetId": {
"Ref": "PublicSubnet2"
},
"Tags": [
{
"Key": "Name",
"Value": "NAT2"
}
]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "Lab Internet Gateway"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
}
},
"WebSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "web sg",
"GroupDescription": "sg for web",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"CidrIp": "0.0.0.0/0"
}
],
"VpcId": {
"Ref": "VPC"
}
}
},
"PublicSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"MapPublicIpOnLaunch": true,
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "cn-northwest-1a",
"Tags": [
{
"Key": "Name",
"Value": "Public Subnet 1"
}
]
}
},
"PublicSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"MapPublicIpOnLaunch": true,
"CidrBlock": "10.0.3.0/24",
"AvailabilityZone": "cn-northwest-1b",
"Tags": [
{
"Key": "Name",
"Value": "Public Subnet 2"
}
]
}
},
"Instance1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-0b559eb60740a96b4",
"InstanceType": "t3.micro",
"KeyName" :{"Ref" : "KeyPair"},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"yum -y update\n",
"yum -y install httpd\n",
"chkconfig httpd on\n",
"systemctl start httpd\n",
"echo '<html><h1>Hello From Your Web Server!</h1></html>' > /var/www/html/index.html\n"
]
]
}
},
"NetworkInterfaces": [
{
"DeviceIndex": "0",
"GroupSet": [
{
"Ref": "WebSG"
}
],
"SubnetId": {
"Ref": "PublicSubnet1"
}
}
]
}
},
"PrivateSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.2.0/24",
"AvailabilityZone": "cn-northwest-1a",
"Tags": [
{
"Key": "Name",
"Value": "Private Subnet 1"
}
]
}
},
"PrivateSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.4.0/24",
"AvailabilityZone": "cn-northwest-1b",
"Tags": [
{
"Key": "Name",
"Value": "Private Subnet 2"
}
]
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public Route Table"
}
]
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"PublicSubnetRouteTableAssociation1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet1"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"PublicSubnetRouteTableAssociation2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet2"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"PrivateRouteTable1": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Private Route Table1"
}
]
}
},
"PrivateRouteTable2": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Private Route Table2"
}
]
}
},
"PrivateRoute1": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable1"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NAT1"
}
}
},
"PrivateRoute2": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable2"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NAT2"
}
}
},
"PrivateSubnetRouteTableAssociation1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet1"
},
"RouteTableId": {
"Ref": "PrivateRouteTable1"
}
}
},
"PrivateSubnetRouteTableAssociation2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet2"
},
"RouteTableId": {
"Ref": "PrivateRouteTable2"
}
}
}
},
"Parameters":{
"KeyPair":{
"Type":"String",
"Default":"keypair"
}
}
}