Challenge Question: Automating Infrastructure Deployment on AWS
This weeks Challenge is to create AWS Cloud Resources using a Cloudformation template and CLI tools.
The Resources Created are:
A VPC with a public and Private Subnet
An internet Gateway
A security Group
An EC2 instance that boots up with a sample web application
The CloudFormation Template
we would be using a .yaml file template Start Creating the stack with
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudForce 004
Resources:
Now we are going to specify the resources
To Create a VPC
- The Properties specified are for the CIDR Block and enabling DNS with the name of the VPC as CloudForceVPC
CloudForceVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: CloudForceVPC
My key pair
MyKeyPair:
Type: AWS::EC2::KeyPair
Properties:
KeyName: my-key-pair
The Subnets
My public and Private divided into 2 cidr blocks and AZs of US-East-1a.
Also references from the Created VPC
CloudForcePublic:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CloudForceVPC
CidrBlock: 172.16.0.0/20
AvailabilityZone: us-east-1a
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: CloudForcePublic
CloudForcePrivate:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CloudForceVPC
CidrBlock: 172.16.128.0/20
AvailabilityZone: us-east-1a
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: CloudForcePrivate
The Internet Gateway
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: CloudForceIG
Attach the Internet Gateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref CloudForceVPC
InternetGatewayId: !Ref InternetGateway
Create a route table
RouteTablePublic:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref CloudForceVPC
Tags:
- Key: Name
Value: PublicRouteTable
Create a Public Route
PublicRoute1:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTablePublic
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
Associate the Route to the public subnet
AssociatePublic1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref CloudForcePublic
RouteTableId: !Ref RouteTablePublic
Now Create the Instance
MyInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02396cdd13e9a1257
InstanceType: t2.micro
SecurityGroupIds:
- !Ref InstanceSecurityGroup
KeyName: my-key-pair
UserData: !Base64 |
#!/bin/bash
yum update -y
yum install -y httpd git
systemctl start httpd
systemctl enable httpd
cd /var/www/html
rm -rf *
git clone https://github.com/lewisawe/cloudForceWebSawe.git .
systemctl restart httpd
Tags:
- Key: Name
Value: CloudForceEC2
With the Instance security Group
InstanceSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH and HTTP access via port 22 and
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Deploy the template with CLI
aws cloudformation create-stack --stack-name CloudForceStack --template-body file://CloudForce/challenge004/challenge.yaml
Confirm it works
Delete The stack
aws cloudformation delete-stack \
--stack-name CloudForceStack
References
GitHub Cloudformation Template
https://github.com/lewisawe/CloudForce/blob/main/challenge004
Sample CloudForce Sky Website Code