In the
previous post, we used designer to create the LAB we wanted in a simple graphical way. Now we will go in to the template parts and add in the parameters we need to join it all together.
In the designer, click on each resource below, then in the template section at the bottom of the screen click the
Components TAB (making sure you are in
YAML mode as per the button on the right. JSON will work - but the scripts I am using are in YAML so you need to enter it as YAML first then you can convert it to JSON). Delete the initial
{} next to the
Properties: string if it is present.
Resource:
VPC
Add to Properties:
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
# --- this configures the private subnet block for the whole VPC
CidrBlock: 10.0.0.0/16
Tags:
-
Key: 'Name'
Value: 'CloudFormation WebServer'
Result sample:
Resource:
Subnet
Add to Properties:
# --- this configures the specific subnet within the VPC we will be working with
CidrBlock: 10.0.0.0/24
Tags:
-
Key: 'Name'
Value: 'CloudFormation WebServer'
Resource:
Route
Add to Properties:
# --- this configures a default route outbound to the IGW
DestinationCidrBlock: 0.0.0.0/0
Resource:
ACLIN
Add to Properties:
# --- this configures no traffic blocking for inbound traffic via the ACL
CidrBlock: 0.0.0.0/0
Egress: 'false'
PortRange:
From: '0'
To: '65535'
Protocol: -1
RuleAction: Allow
RuleNumber: 100
Resource:
ACLOUT
Add to Properties:
# --- this configures no ACL blocking for outbound traffic
CidrBlock: 0.0.0.0/0
Egress: 'true'
PortRange:
From: '0'
To: '65535'
Protocol: '-1'
RuleAction: Allow
RuleNumber: 100
Resource:
PublicSecurity
Add to Properties:
# --- this permits port 80 inbound to the web server from any source
GroupDescription: Web Ingress Group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
Tags:
-
Key: 'Name'
Value: 'CloudFormation WebServer'
Resource:
IGW
Add to Properties:
Tags:
-
Key: 'Name'
Value: 'CloudFormation WebServer'
Resource:
wwwInstance
Delete all the existing text below Properties, and replace with:
# --- !Ref is a variable, and this one references the AMI type we chose at the start
InstanceType: !Ref 'InstanceType'
ImageId: !Ref LatestAmiId
# --- this variable holds the Key Pair for the Linux server access (which you need to create BEFORE the CloudFormation template is run)
KeyName: !Ref KeyName
NetworkInterfaces:
- GroupSet:
- Ref: PublicSecurity
SubnetId: !Ref Subnet
AssociatePublicIpAddress: 'false'
DeviceIndex: '0'
DeleteOnTermination: 'true'
Tags:
-
Key: 'Name'
Value: 'CloudFormation WebServer'
# --- this is the script that will be run on the wwwInstance once it is spun up, to enable http and a string to show on the screen for success !This is the part I consider the secret of this script, as it runs the required setup on the linux server so its ready for use once completed
UserData:
'Fn::Base64': !Sub >
#!/bin/bash -xe
sudo yum update -y
sudo yum install httpd -y
sudo systemctl start httpd
sudo systemctl enable httpd
echo "<html><body><p><h1 align=center>Congrats - you have a working
web server !!</h1></body></html>" > /var/www/html/index.html
Resource:
Overall Template (click outside the VPC to get to this section)
Add to Parameters:
# --- each of these variable are choices we will get at the start that go into the template
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
InstanceType:
Description: 'Enter t1.micro, t2.micro, or t3.micro. Default is t3.micro.'
Type: String
Default: t3.micro
AllowedValues:
- t1.micro
- t2.micro
- t3.micro
KeyName:
Description: Name of an EC2 KeyPair to enable SSH access to the instance.
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: must be the name of an existing EC2 KeyPair.
Add to Outputs (to the right of Parameters and Mappings):
# --- these options will display once the CloudFormation template has completed running
CloudInfo:
Value: 'Here are some sample outputs from CloudFormation:'
FQDN:
Description: Public DNS for web server
Value: !GetAtt wwwInstance.PublicDnsName
InstanceID:
Description: The Instance ID
Value: !Ref wwwInstance
Once that's all entered, you can chose the
Tick at the top left to '
Validate template', then click
Create Stack next to the tick to launch ! This will take you through a few screens to Create the stack - chose
next to each,
select a name for the Stack (e.g. CloudForm-LAB), an
instance type, and the
keypair name (this needs to have been created prior via EC2 - KeyPairs - for OpenSSH), and then
Next,
Next and
Create stack.
This will take you to the creation screen, where you can click the
Circle Arrow to watch the setup of all resources. If all is well, after about 2 mins it will say
CREATE_COMPLETE on the left.
If you get a ROLLBACK_IN_PROGRESS and CREATE_FAIL, just scroll down to see what the issue was that failed the template. Then you can DELETE the Stack, and once that's cleared go back in and edit the template issue and run again.
Once it has completed, click on the Outputs link to get the public DNS for the web server, so you can test if its working.
If all is correct, simply copy the FQDN address to your web browser, and you should see (note it may take a minute from when the lab finished until the httpd is running):
Congrats - you have a working web server !!
Perfect ! You have just automated a full AWS VPC environment that is templated and can be rebuilt any time.
Click
HERE to download the full template used in this LAB
Now we want to be able to SSH to this instance, but we forgot to enable port 22 as part of the secuirty rule set. In the
next post, we will load an updated template to fix that and allow us to SSH in to the linux server for further changes.