Skip to main content
HashnodeVitthal Kaul's Blog

Command Palette

Search for a command to run...

Getting Started with AWS CloudFormation

Using the IaC (Infrastructure as Code) service in AWS

Published
5 min read
V
Vitthal Sai Kaul

Introduction

In this blog post, we will delve into AWS CloudFormation, a powerful service offered by Amazon Web Services (AWS) that allows you to define and provision your infrastructure resources in a declarative manner. We will explore some key concepts of AWS CloudFormation, such as Parameters, CloudFormation Stack, and Outputs, which are essential for creating and managing your infrastructure as code. To illustrate these concepts, we'll expand on a code snippet that creates a basic network infrastructure using CloudFormation templates.

AWS CloudFormation

AWS CloudFormation is a service provided by AWS that enables you to define your infrastructure as code using JSON or YAML templates. These templates describe the resources you want to provision, such as Amazon EC2 instances, Amazon S3 buckets, Amazon RDS databases, and more. CloudFormation simplifies the provisioning and management of your infrastructure by automating the resource creation, updating, and deletion processes.

Parameters

Parameters in CloudFormation templates allow you to customize the resources created by your stack. They enable you to provide input values at the time of stack creation, making your templates more flexible and reusable.

Mappings

Mappings are used to create a lookup table within the CloudFormation template.

Resources

Resources are the core components of a CloudFormation template. They represent the AWS resources that you want to create and manage.

Outputs

Outputs in CloudFormation templates provide information about the resources created by the stack. They are useful for retrieving important values or making them accessible to other stacks or services.

Hands-on working

We will create a CloudFormation template is to create a VPC with public and private subnets, launch EC2 instances in those subnets, and configure necessary networking components such as internet gateways, route tables, and security groups.

Parameters:
  instanceType:
    Type: String
    Description: The type of instance to be launched.
    Default: t2.micro
    AllowedValues:
      - t1.micro
      - t1.small
      - t2.small
      - t2.micro

Parameters:

  • instanceType: This parameter allows the user to specify the type of instance they want to launch. It is of type string and has a default value of t2.micro. The allowed values are t1.micro, t1.small, t2.small, and t2.micro.

  • keyPairOptions: This parameter allows the user to provide the name of the key pair to use while launching the instance. It is of type string and has a default value of MyKeyPair. The allowed values are myKeyPairs, testkeypair, and MyKeyPair.

  • availabilityZones: This parameter allows the user to choose the availability zones to launch the subnet into. It is of type string and has a default value of us-east-1a. The allowed values are us-east-1a, us-east-1b, us-east-1c, and us-east-1d.

Mappings: 
  regionAMIMapping: 
    us-east-1: 
      "HVM64": "ami-0ff8a91507f77f867"
    us-west-1: 
      "HVM64": "ami-0bdb828fd58c52235"
    eu-west-1: 
      "HVM64": "ami-047bb4163c506cd98"
    ap-southeast-1: 
      "HVM64": "ami-08569b978cc4dfa10"
    ap-northeast-1: 
      "HVM64": "ami-06cd52961ce9f0d85"
    ap-south-1:
      "HVM64": "ami-04893cdb768d0f9ee"

Mappings:

  • regionAMIMapping: This mapping associates AWS regions with corresponding Amazon Machine Image (AMI) IDs for different instance types. It defines the AMI IDs for different regions and instance types. For example, for the region us-east-1 and instance type HVM64, the mapping provides the AMI ID ami-0ff8a91507f77f867. Similar mappings are defined for other regions and instance types.
Resources:
  createVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 172.35.0.0/16
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'

  createPublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref createVPC
      CidrBlock: 172.35.32.0/20
      AvailabilityZone: !Ref availabilityZones
      MapPublicIpOnLaunch: true

  createPrivateSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref createVPC
      CidrBlock: 172.35.48.0/20
      AvailabilityZone: !Ref availabilityZones
      MapPublicIpOnLaunch: false

  createInternetGateway:
    Type: AWS::EC2::InternetGateway

  attachInternetGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties: 
      InternetGatewayId: !Ref createInternetGateway
      VpcId: !Ref createVPC

  createRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref createVPC

  routeTrafficToInternetGateway:
    Type: AWS::EC2::Route
    DependsOn: attachInternetGateway
    Properties:
      RouteTableId: !Ref createRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref createInternetGateway

  associateRouteWithSubnet:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref createRouteTable
      SubnetId: !Ref createPublicSubnet

  createSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Provide HTTP,PING,SSH access
      VpcId: !Ref createVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: icmp
          FromPort: -1
          ToPort: -1
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  launchPublicEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId:  !FindInMap [regionAMIMapping, !Ref AWS::Region, HVM64]
      KeyName: !Ref keyPairOptions
      InstanceType: !Ref instanceType
      SubnetId: !Ref createPublicSubnet
      SecurityGroupIds:
        - Ref: createSecurityGroup
      Tags:
        - Key: Name
          Value: PublicInstance

  launchPrivateEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId:  !FindInMap [regionAMIMapping, !Ref AWS::Region, HVM64]
      KeyName: !Ref keyPairOptions
      InstanceType: !Ref instanceType
      SubnetId: !Ref createPrivateSubnet
      SecurityGroupIds: 
        - Ref: createSecurityGroup
      Tags:
        - Key: Name
          Value: PrivateInstance

Resources:

  • createVPC: This resource creates an Amazon Virtual Private Cloud (VPC) with the specified CIDR block, enabling DNS support and hostnames.

  • createPublicSubnet: This resource creates a public subnet within the VPC and associates it with the specified availability zone. The subnet allows public IP addresses to be automatically assigned to instances launched in it.

  • createPrivateSubnet: This resource creates a private subnet within the VPC and associates it with the specified availability zone. Instances launched in this subnet won't have public IP addresses.

  • createInternetGateway and attachInternetGateway: These resources create and attach an internet gateway to the VPC, respectively. The internet gateway enables communication between the VPC and the internet.

  • createRouteTable and routeTrafficToInternetGateway: These resources create a route table for the VPC and add a route that directs all internet-bound traffic (0.0.0.0/0) to the internet gateway.

  • associateRouteWithSubnet: This resource associates the previously created route table with the public subnet, allowing it to handle internet traffic.

  • createSecurityGroup: This resource creates a security group that allows inbound access to SSH (port 22), ICMP (ping), and HTTP (port 80). The security group is associated with both public and private instances.

  • launchPublicEC2Instance and launchPrivateEC2Instance: These resources create Amazon EC2 instances in the public and private subnets, respectively. The instances are launched with the specified AMI ID, instance type, subnet ID, security group, and tags.

Outputs:
    publicInstanceId:
      Description: The instance ID of public instance
      Value: !Ref launchPublicEC2Instance

    privateInstanceId:
      Description: The instance ID of private instance
      Value: !Ref launchPrivateEC2Instance

    publicIPofInstance:
      Description: The public IP of public instance
      Value: !GetAtt launchPublicEC2Instance.PublicIp

    privateIPofInstance:
      Description: The private IP of private instance
      Value: !GetAtt launchPrivateEC2Instance.PrivateIp

Outputs:

  • publicInstanceId: This output provides the instance ID of the public EC2 instance.

  • privateInstanceId: This output provides the instance ID of the private EC2 instance.

  • publicIPofInstance: This output provides the public IP address of the public EC2 instance.

  • privateIPofInstance: This output provides the private IP address of the private EC2 instance.

These outputs allow you to easily access and reference the created instances and their IP addresses for further configuration or integration with other services.

Conclusion

In this blog post, we explored the fundamental concepts of AWS CloudFormation: Parameters, CloudFormation Stack, and Outputs. We learned how to use parameters to customize our stack, create resources such as VPCs, subnets, and EC2 instances, and retrieve important information using outputs. AWS CloudFormation empowers you to provision and manage your infrastructure in a scalable, repeatable, and automated manner. By leveraging the power of infrastructure as code, you can achieve greater efficiency and consistency in your AWS deployments.

#aws#cloudformation#iac

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Vitthal Kaul's Blog

10 posts