AWS Cloud is so much more than just a cloud storage provider, something I learnt well during my Masters when for my final (capstone) subject in 2019 I wrote a paper on AWS and its emerging applications. I am presently working through study for the AWS Certified Solution Architect Professional certification, and one of many features that is covered is Cloud Formation.
Cloud Formation is an AWS tool that allows you to script a complete environment to be setup (and as we will see – then change it) via a template design, rather than manually setting up all the components. Great for something that you need to roll out in a repeated (or scalable) fashion, and then have the ability easily to remove all the components once done with the project, so you don’t have to go in to each area and delete each resource (and possible leave some resource(s) in place costing you wasted money!).
In our LAB here we will go through and initially build a Linux instance with a web server within a VPC, with internet access via a public IP. A similar walk through from AWS on this design can be found here:
In our case we will make some slightly different options and methods, as well as use the GUI Designer to make it a bit more graphical and easy to understand what is connecting to where for the resources. Once the lab is build, then we can go to the template editor and add our options/parameters in to the YAML code and build it.
The design we will create looks like this:
So lets get started !
The components we need to make up our lab are:
- A VPC to encompass the instance, rules and routes
- A EC2 linux instance to run the web server
- In and Out ACL rules
- An Inbound Security Group
- An EIP
- An Internet Gateway
It may be worth building this in a region NOT where you currently have resources – just to make it easier to identify which resources are part of the LAB, and being able to trouble shoot or delete resources easily if anything goes wrong with the automatic method.
You will need to log in to your AWS account, and go to CloudFormation (just search it on the main home page). Once in to the CloudFormation page, click on Create stack, then Create template in Designer. You should now be in the drag-n-drop designer, where we can place our resources and build our connections.
From here you can build templates in virtually all AWS services – for us on the left go to EC2. All the resources we will use for this LAB are located under this heading.
As per the above design picture, you now need to add in a VPC. Within the VPC add a SecurityGroup, a Route Table (then a Route inside the RouteTable), a Subnet (then an instance inside the subnet) and a NetworkACL (with 2 NetworkACLEntries inside it).
Outside the VPC add an EIP and an Internet Gateway.
Once that’s setup, you should have something looking like this:
You can download the template up to this stage from HERE
To make things easier, from here go through and rename a few of the resources, just so they make more sense when you read the template.
Right click on the following resources, click on the Eye picture, then in the box at the bottom of the screen chose YAML on the right and Components at the bottom tab, and change the name below the ‘Resources‘ line:
- InternetGateway: IGW (just type over the EC2IG2UXKH string in the example above)
- EIP: EIP
- ROUTE: Route
- Left ACL entry: ACLIN
- Right ACL entry: ACLOUT
- SecurityGroup: PublicSecurity
- Instance: wwwInstance
- Subnet: Subnet
Now when we look at the diagram (and later the template) the references will be a bit clearer. You can do ALL the resources if you want – but at a minimum I have done the above.
Last thing for this section is to link the resources together. For this you will use the purple and pink dots around each resource. If you hover your mouse over each one around a specific resource, you will find it relates to different functions. Link the following by putting your mouse over the relevant dot around the resource, click and drag it to the related resource, as per the following:
- EIP – to wwwInstance
- wwwInstance – ‘SecurityGroup’ to PublicSecurity
- NetworkACL – ‘SubnetNetworkAclAssociation’ to Subnet
- RouteTable – ‘SubnetRouteTableAssociation’ to Subnet
- Route – ‘InternetGateway’ to IGW
- IGW – ‘VPCGatewayAttachement’ to VPC
- Route – ‘Depends on’ link ‘VPCGatewayAttachement to VPC‘
We have now completed the designer part of the setup, with resources and links in place, ready for the parameters to be configured. Your image should look something like the one at the top of this post. Note I will publish the complete template at the end of the series.
You can download the updated template from HERE
In Part2 we will look at setting up the required options in the template to then allow us to build the LAB !