- 1. Requirements
- 2. Implementation steps
- 3. Software version
- 4. Reference information
This CloudFormation example will do the following:
- Create an S3 bucket to store the CloudFormation template.
- Import SSH key available from local machine instead of creating a new one.
- Create a VPC located in the Singapore region.
- Create Internet Gateway and attach it to VPC.
- Create Route Table and add necessary routes for public subnet.
- Create a public subnet that supports both IPv4 and IPv6.
- Create a Security Group with built-in rules for ports:
- SSH from fixed IP.
- Allow ICMP Ping request.
- Allow HTTP access from internet.
- Create an EC2 instance and automatically install the Nginx webserver.
NOTE: This example is written in the form of "nested stacks", which means breaking down the resources that need to be created into small stacks in CloudFormation. Instead of writing it all into a single template file. This is great for production systems.
You need to install the AWS CLI and perform key configuration on your computer. Check and make sure your IAM account has enough permissions to do work from CLI.
Refer: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
After you clone this repository to your local machine, follow these steps.
Create an S3 bucket to store the CloudFormation (CF) template. This is required when you write CF in nested stacks. Then, the required TemplateURL value calls to the file path located on the S3 bucket. You cannot call the local path here.
Run this command:
Replace the following values with yours:
--profile devopslite: AWS CLI profile name on your machine, in case you only use 1 profileDefault, you can remove this option.--stack-name devopslite-s3-cf-template: rename the stack to the name you want.
aws cloudformation create-stack --profile devopslite --template-body file://s3-cf-template/main.yaml --stack-name devopslite-s3-cf-templateAfter running the command, you can check the S3 result similar to the one below.
Once you have the S3 bucket, you need to put all the template files in this repository into the bucket.
Run the command below to do that.
aws s3 cp --profile devopslite . s3://bucket-cf-template/ --exclude ".git/*" --recursiveDuring use, if you have any changes in the template, run this command again to make sure the template files are updated to the bucket.
We could consider using CI tools to do this automatically, but that's not within the scope of this example.
Now, you just need to run the command below to create the root stack.
aws cloudformation create-stack --profile devopslite --template-body file://root-stack.yaml --stack-name devopslite-stackSimilar to when you create a stack for your S3 bucket, change the profile and stack name as you wish.
You will have to wait a long time for the stack to finish its work, maybe 5-10 minutes. The result will look like the image below.
In case you change something in the template files, after you have uploaded the new file to the S3 bucket, run the command below to update the root stack. It will update your changes to the resource.
aws cloudformation update-stack --profile devopslite --template-body file://root-stack.yaml --stack-name devopslite-stackWARNING: Because this is just an example of using CloudFormation and it is quite simple, there is no danger in using the command aws cloudformation update-stack. However, for production systems, you need to check the change set before performing the update.
Below is a snapshot of CloudFormation's performance, which you can compare with yours.
Here you will probably see that the SG I created will only allow port 22 SSH for the public IP from my computer. I also recommend you do the same.
You can use below command to get public ip quickly.
curl ifconfig.io
You can view the EC2 instance's public DNS through instance details, or you can view it through the instance creation stack. In my example, I will open the Outputs tab of the stack named devopslite-stack-ec2Instance-V42G2RY4HS4V.
Now, if you copy the DNS found in the above step, access it in the browser and the result is similar to the image below, that means everything is successful.
After you're done testing, delete all stacks on CloudFormation to avoid spending money without you noticing.
aws cloudformation delete-stack --profile devopslite --stack-name devopslite-stack
Clearing all resources and stacks on CloudFormation can take a few minutes. For me it was about 3-4 minutes.
Because by default, the S3 bucket cannot be deleted without deleting the objects inside it. Run the command below with CLI to delete all objects inside the bucket.
aws s3 rm --profile devopslite s3://bucket-cf-template --recursiveAnd finally, delete the stack to create S3 with the bucket.
aws cloudformation delete-stack --profile devopslite --stack-name devopslite-s3-cf-template| Software | Version |
|---|---|
| AWS CLI | 2.7.12 |
- https://curiousorbit.com/blog/aws-cloudformation-nested-stacks
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html
- https://docs.aws.amazon.com/cli/latest/reference/cloudformation/index.html