In the previous post, we used designer to create the LAB we wanted in a simple graphical way. Now we will go in to the template parts and add in the parameters we need to join it all together.

In the designer, click on each resource below, then in the template section at the bottom of the screen click the Components TAB (making sure you are in YAML mode as per the button on the right. JSON will work – but the scripts I am using are in YAML so you need to enter it as YAML first then you can convert it to JSON). Delete the initial {} next to the Properties: string if it is present.

Resource:
     VPC
Add to Properties:
      EnableDnsSupport: ‘true’
      EnableDnsHostnames: ‘true’
      # — this configures the private subnet block for the whole VPC
      CidrBlock: 10.0.0.0/16
      Tags:
        –
          Key: ‘Name’
          Value: ‘CloudFormation WebServer’

Result sample:

Resource:
    Subnet
Add to Properties:
      # — this configures the specific subnet within the VPC we will be working with
      CidrBlock: 10.0.0.0/24
      Tags:
        –
          Key: ‘Name’
          Value: ‘CloudFormation WebServer’
Resource:
     Route
Add to Properties:
     # — this configures a default route outbound to the IGW
     DestinationCidrBlock: 0.0.0.0/0
Resource:
      ACLIN
Add to Properties:
      # — this configures no traffic blocking for inbound traffic via the ACL
      CidrBlock: 0.0.0.0/0
      Egress: ‘false’
      PortRange:
        From: ‘0’
        To: ‘65535’
      Protocol: -1
      RuleAction: Allow
      RuleNumber: 100
Resource:
      ACLOUT
Add to Properties:
    # — this configures no ACL blocking for outbound traffic
    CidrBlock: 0.0.0.0/0
      Egress: ‘true’
      PortRange:
        From: ‘0’
        To: ‘65535’
      Protocol: ‘-1’
      RuleAction: Allow
      RuleNumber: 100
Resource:
      PublicSecurity
Add to Properties:
      # — this permits port 80 inbound to the web server from any source
      GroupDescription: Web Ingress Group
      SecurityGroupIngress:
        – IpProtocol: tcp
          FromPort: ’80’
          ToPort: ’80’
          CidrIp: 0.0.0.0/0
      Tags:
        –
          Key: ‘Name’
          Value: ‘CloudFormation WebServer’
Resource:
      IGW
Add to Properties:
      Tags:
        –
          Key: ‘Name’
          Value: ‘CloudFormation WebServer’
Resource:
      wwwInstance
Delete all the existing text below Properties, and replace with:
      # — !Ref is a variable, and this one references the AMI type we chose at the start
      InstanceType: !Ref ‘InstanceType’
      ImageId: !Ref LatestAmiId
      # — this variable holds the Key Pair for the Linux server access (which you need to create BEFORE the CloudFormation template is run)
      KeyName: !Ref KeyName
      NetworkInterfaces:
        – GroupSet:
            – Ref: PublicSecurity
          SubnetId: !Ref Subnet
          AssociatePublicIpAddress: ‘false’
          DeviceIndex: ‘0’
          DeleteOnTermination: ‘true’
      Tags:
        –
          Key: ‘Name’
          Value: ‘CloudFormation WebServer’
      # — this is the script that will be run on the wwwInstance once it is spun up, to enable http and a string to show on the screen for success !This is the part I consider the secret of this script, as it runs the required setup on the linux server so its ready for use once completed
      UserData:
        ‘Fn::Base64’: !Sub >
          #!/bin/bash -xe
          sudo yum update -y 
          sudo yum install httpd -y|
          sudo systemctl start httpd 
          sudo systemctl enable httpd
          echo “<html><body><p><h1 align=center>Congrats – you have a working
          web server !!</h1></body></html>” > /var/www/html/index.html
Resource:
      Overall Template (click outside the VPC to get to this section)
Add to Parameters:
  # — each of these variable are choices we will get at the start that go into the template
  LatestAmiId:
    Type: ‘AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>’
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
  InstanceType:
    Description: ‘Enter t1.micro, t2.micro, or t3.micro. Default is t3.micro.’
    Type: String
    Default: t3.micro
    AllowedValues:
      – t1.micro
      – t2.micro
      – t3.micro
  KeyName:
    Description: Name of an EC2 KeyPair to enable SSH access to the instance.
    Type: ‘AWS::EC2::KeyPair::KeyName’
    ConstraintDescription: must be the name of an existing EC2 KeyPair.
Add to Outputs (to the right of Parameters and Mappings):
  # — these options will display once the CloudFormation template has completed running
  CloudInfo:
    Value: ‘Here are some sample outputs from CloudFormation:’
  FQDN:
    Description: Public DNS for web server
    Value: !GetAtt wwwInstance.PublicDnsName
  InstanceID:
    Description: The Instance ID
    Value: !Ref wwwInstance

Once that’s all entered, you can chose the Tick at the top left to ‘Validate template‘, then click Create Stack next to the tick to launch ! This will take you through a few screens to Create the stack – chose next to each, select a name for the Stack (e.g. CloudForm-LAB), an instance type, and the keypair name (this needs to have been created prior via EC2 – KeyPairs – for OpenSSH), and then Next, Next and Create stack.

This will take you to the creation screen, where you can click the Circle Arrow to watch the setup of all resources. If all is well, after about 2 mins it will say CREATE_COMPLETE on the left.

If you get a ROLLBACK_IN_PROGRESS and CREATE_FAIL, just scroll down to see what the issue was that failed the template. Then you can DELETE the Stack, and once that’s cleared go back in and edit the template issue and run again.

Once it has completed, click on the Outputs link to get the public DNS for the web server, so you can test if its working.

If all is correct, simply copy the FQDN address to your web browser, and you should see (note it may take a minute from when the lab finished until the httpd is running):

Congrats – you have a working web server !!

Perfect ! You have just automated a full AWS VPC environment that is templated and can be rebuilt any time.

Click HERE to download the full template used in this LAB

Now we want to be able to SSH to this instance, but we forgot to enable port 22 as part of the secuirty rule set. In the next post, we will load an updated template to fix that and allow us to SSH in to the linux server for further changes.

AWS Cloudformation LAB Part2
Tagged on:                 

Leave a Reply

Your email address will not be published. Required fields are marked *