如何使用CloudFormation创建AWS网络架构
您可以通过以下链接以PDF格式下载本文来支持我们。以PDF格式下载指南关闭关闭关闭
本文指导用户如何使用CloudFormation自动化AWS上的基础架构部署。模板尤其可以自动创建:
- 虚拟专用网
- 互联网网关
- 两个NAT网关
- 路由表,路由和路由表关联
- 分区(私有和公共)
先决条件
- AWS账户。
- 有权在帐户中创建资源的用户。特别是对CloudFormation的完全访问权限。
- 您不需要像Visual Studio Editor这样的IDE来编写和编辑脚本,但这很有用。
CloudFormation模板
如上所述,以下脚本用于自动创建网络基础结构。用户可以微调模板以适应他们的首选需求。要更改的部分如下。
- 为VPC和子网选择的CIDR块。
- 要创建的子网。
- 要创建的NAT网关。
- 创建的所有资源的名称和标签。
---
AWSTemplateFormatVersion: "2010-09-09"
Description: Template to Create our a test environment Network Architecture with 4 private subnets and 2 public subnets
Parameters:
VPCBlock:
Type: String
Description: The CIDR Block for the VPC
Default: 192.168.0.0/16
PrivateSubnet01Block:
Type: String
Description: The CIDR Block for the private subnet 01
Default: 192.168.1.0/26
PrivateSubnet02Block:
Type: String
Description: The CIDR Block for the private subnet 02
Default: 192.168.1.64/26
PrivateSubnet03Block:
Type: String
Description: The CIDR Block for the private subnet 03
Default: 192.168.1.128/26
PrivateSubnet04Block:
Type: String
Description: The CIDR Block for the private subnet 04
Default: 192.168.1.192/26
PublicSubnet01Block:
Type: String
Description: The CIDR Block for the public subnet 01
Default: 192.168.0.0/28
PublicSubnet02Block:
Type: String
Description: The CIDR Block for the public subnet 02
Default: 192.168.0.16/28
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VPCBlock
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: eu-central-1-test-Environment-VPC
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
IGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: eu-central-1-test-Environment-IGW
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref IGW
VpcId: !Ref VPC
NatGateway01:
DependsOn:
- PublicSubnet01
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: eipalloc-***************
SubnetId: !Ref PublicSubnet01
Tags:
- Key: Name
Value: eu-central-1-test-Environment-NatGateway01
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
NatGateway02:
DependsOn:
- PublicSubnet02
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: eipalloc-******************
SubnetId: !Ref PublicSubnet02
Tags:
- Key: Name
Value: eu-central-1-test-Environment-NatGateway02
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PublicRouteTable
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PrivateRouteTable01:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PrivateRouteTable01
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PrivateRouteTable02:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PrivateRouteTable02
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PublicRoute:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGW
PrivateRoute01:
DependsOn:
- VPCGatewayAttachment
- NatGateway01
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable01
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway01
PrivateRoute02:
DependsOn:
- VPCGatewayAttachment
- NatGateway02
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable02
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway02
PrivateSubnet01:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-central-1a
CidrBlock: !Ref PrivateSubnet01Block
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PrivateSubnet01
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PrivateSubnet02:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-central-1b
CidrBlock: !Ref PrivateSubnet02Block
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PrivateSubnet02
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PrivateSubnet03:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-central-1a
CidrBlock: !Ref PrivateSubnet03Block
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PrivateSubnet03
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PrivateSubnet04:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: eu-central-1b
CidrBlock: !Ref PrivateSubnet04Block
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PrivateSubnet04
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PublicSubnet01:
Type: AWS::EC2::Subnet
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone: eu-central-1a
CidrBlock: !Ref PublicSubnet01Block
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PublicSubnet01
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PublicSubnet02:
Type: AWS::EC2::Subnet
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone: eu-central-1b
CidrBlock: !Ref PublicSubnet02Block
VpcId: !Ref VPC
Tags:
- Key: Name
Value: eu-central-1-test-Environment-PublicSubnet02
- Key: createdBy
Value: Maureen Barasa
- Key: Project
Value: test-blog
- Key: Environment
Value: test
PublicSubnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet01
RouteTableId: !Ref PublicRouteTable
PublicSubnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet02
RouteTableId: !Ref PublicRouteTable
PrivateSubnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet01
RouteTableId: !Ref PrivateRouteTable01
PrivateSubnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet02
RouteTableId: !Ref PrivateRouteTable02
PrivateSubnet03RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet03
RouteTableId: !Ref PrivateRouteTable01
PrivateSubnet04RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet04
RouteTableId: !Ref PrivateRouteTable02
Outputs:
PublicSubnet01Id:
Description: Public Subnet 01 ID in the VPC
Value: !Ref PublicSubnet01
Export:
Name: !Sub "${AWS::StackName}-PublicSubnet01Id"
PublicSubnet02Id:
Description: Public Subnet 02 ID in the VPC
Value: !Ref PublicSubnet02
Export:
Name: !Sub "${AWS::StackName}-PublicSubnet02Id"
PrivateSubne01tId:
Description: Private Subnet 01 ID in the VPC
Value: !Ref PrivateSubnet01
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnetId"
PrivateSubne02tId:
Description: Private Subnet 02 ID in the VPC
Value: !Ref PrivateSubnet02
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet02Id"
PrivateSubne03tId:
Description: Private Subnet 03 ID in the VPC
Value: !Ref PrivateSubnet03
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet03Id"
PrivateSubne04tId:
Description: Private Subnet IDs in the VPC
Value: !Ref PrivateSubnet04
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet04Id"
VpcId:
Description: The VPC Id
Value: !Ref VPC
Export:
Name: !Sub "${AWS::StackName}-VPCID"模板/脚本描述
该模板分为三个部分。
参数部分:此部分允许您为用户创建的资源输入自定义值。非常适合与动态值一起使用。在模板中定期更改的值。
资源部分:此部分允许您定义用户使用模板创建的AWS资源。
输出部分:此部分包含创建的资源的名称。另外,如果您需要导出这些资源以供其他堆栈使用,则“输出”部分将通过导出会话提供此选项。
创建一个堆栈以运行模板
编辑脚本/模板后,登录到您的AWS云帐户。在服务下搜索CloudFormation。然后在CloudFormation控制台中,如下图所示[スタックの作成]单击。
创建一个CloudFormation堆栈
在下拉菜单中,[新しいリソースでスタックを作成する]选择。如下图所示。
使用新资源创建CloudFormation堆栈
[スタックの作成]在窗口中[テンプレートのアップロード]选择。然后选择在以上部分中创建的文件/脚本。[次へ]单击。
上载CloudFormation模板
在打开的窗口中,用户可以输入堆栈名称和模板参数。在这里,用户可以决定将模板的默认值更改为其自己的自定义值。完成后[次へ]单击。
请输入堆栈名称和参数
在下一个窗口中,配置堆栈选项。这包括标签,堆栈策略,回滚配置等。完成后[次へ]单击。这将打开一个检查窗口,您可以在其中查看之前所做的所有配置。如果用户满意[スタックの作成]您可以单击。
另外,由于资源是使用模板创建的,因此用户可以在CloudFormation控制台中监视事件。参见下图。
查看堆栈创建事件
创建模板后,将创建该模板的所有资源。网络架构现已准备就绪。
重要连结
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-ug.pdf
快乐大厦
有关AWS的其他文章:
如何在AWS上将日志从CloudWatch流传输到Elastic Search
在AWS上使用Kibana设置Elasticsearch集群
允许开发人员访问EKS Cubernetes集群
在EKS Cubernetes集群上安装Istio服务网格
您可以通过以下链接以PDF格式下载本文来支持我们。以PDF格式下载指南关闭关闭关闭