In this article, I’m going to talk about how to write a template file that’s necessary to execute CloudFormation.
What is CloudFormation?
It is a service for managing and developing yml.json formatted resources presented by AWS.
You can start, stop, and delete the AWS resources in a unit of stacks from a single console rather than managing from individual consoles.
It costs for EC2 instances that are created by CloudFormation, but there is no extra charge for CloudFormation itself.
Building VPC
Now, let’s create VPC based on the following yml file using CloudFormation.
vpc.yml
---
AWSTemplateFormatVersion: '2010-09-09'
# Parameter setting
Parameters:
# Enter each identifiers
ProjectCode:
Type: String
Default: test
Description: Project Code
# Enter VPC’s CIDR
VPCCidr:
Type: String
Default: 10.31.0.0/16
Description: VPCCidr
# Enter subnet’s CIDR
PublicSubnetCidr:
Type: String
Default: 10.31.0.0/24
Description: PublicSubnetCidr
Resources:
# Around VPC
#VPC settings
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VPCCidr
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ]
# InternetGateway settings
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, igw ] ]
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTableIGW:
Type: AWS::EC2::RouteTable
DependsOn: AttachGateway
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ]
PublicRouteIGW:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTableIGW
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Subnet settings
PublicSubnet:
Type: AWS::EC2::Subnet
DependsOn: AttachGateway
Properties:
VpcId: !Ref VPC
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetCidr
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]
Description of each contents
Let me describe the above yml file.
---
AWSTemplateFormatVersion: '2010-09-09'
It shows the format version of the CloudFormations template.
# Parameter setting
Parameters:
# Enter each identifiers
ProjectCode:
Type: String
Default: test
Description: Project Code
# Enter VPC’s CIDR
VPCCidr:
Type: String
Default: 10.31.0.0/16
Description: VPCCidr
# Enter subnet’s CIDR
PublicSubnetCidr:
Type: String
Default: 10.31.0.0/24
Description: PublicSubnetCidrWhen you want to create each resource, it is also ok to set the same value all the time but you may also want to change the value to make the operation easier.
In CloudFormation, it allows you to change the value however you like in the “Parameters” section.
In the sample file, it sets a common identifier for each resource as a ProjectCode, and the initial value is set, but you can change them with a stack as you wish.
The CIDR for VPC and subnets are also set as initial values, but same as the sample file, the values can also be changed with units of stack.
Resources:
# Around VPC
#VPC setting
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VPCCidr
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, vpc ] ]The section that manages AWS resources is the above “Resources”.
The VPC part is called the logical ID which can be referred to optional ones and it also can be referred from other resources.
However, each logical ID needs to be unique otherwise an error will occur when it’s executed.
The “Type: “ part defines the actual AWS resource.
Under the “Properties” is the configuration part of the VPC which calls VPCCidr parameters that have been set earlier with the function Ref, calls the predefined CIDR, and inserts it into the CidrBlock.
I’m setting only CidrBlock this time, but the detailed settings are mentioned in the AWS official documentation that you can take a look at.
Also, I added the name tag in the tags section for clarity.
This one also uses a function called Join to attach the -vpc tag to the Value part.
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTableIGW:
Type: AWS::EC2::RouteTable
DependsOn: AttachGateway
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, public-route-table-igw ] ]
PublicRouteIGW:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTableIGW
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Subnet settings
PublicSubnet:
Type: AWS::EC2::Subnet
DependsOn: AttachGateway
Properties:
VpcId: !Ref VPC
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetCidr
Tags:
- Key: Name
Value: !Join [ "-", [ !Ref ProjectCode, public-subnet ] ]For the other resources, they are also declared in the same way with “Type: ” and detailed settings are made in the “Properties”, and the Name tag is associated with each resource.
Summary
In this article I talked about how to write a template file necessary to build a VPC.
I’d like to explain the execution part in the next article because it’ll be very long.
You have to manually set up AWS resources on a daily basis, but using these tools can reduce the effort you spend.
Since this tool is free to use, I strongly recommend it if you use AWS frequently.
This blog post is translated from a blog post written by Junichiro Okazaki on our Japanese website Beyond Co..