This template will deploy a VPC which contains two public subnets (using an Internet Gateway) and two private subnets. There are also two EC2 applications created which are hosted in private subnets in different Availability Zones (HA). The EC2's will check when the NAT Gateway is working and install + host an Apache server. There EC2s were able to download the httpd package from the internet by using that NAT Gateway. Also an additional EC2 is created in a public subnet (public IP) to make this EC2 reachable from the internet. This EC2 will serve as bastion host. It is possible to SSH inside the bastion host and connect from there to the private EC2 instances which are hosting the basic website.
- Create a key pair on AWS and define this key pair in your parameters.json
- Define parameters in parameters.json
Create stack using AWS CLI:
$ aws cloudformation create-stack --stack-name vpc-demo --template-body file://template.yaml --parameters file://parameters.json
Resources created in initial ChangeSet:
- Visit Load Balancer: http://alb-xxx.eu-west-1.elb.amazonaws.com/
- Test LB by turning of an EC2 instance.
- SSH to Bastion Host
$ ssh-add -K demo-key.pem
Identity added: demo-key.pem (demo-key.pem)
# SSH to Public IP of bastion host
$ ssh -A [email protected]
- SSH from inside Bastion Host to private application instances
# SSH from Bastion host to private instances
$ ssh [email protected]
$ exit
$ ssh [email protected]
$ exit