I’ve been going over CloudFormation. Some of the benefits are:
- Allows you to create and provision resources in a reusable template fashion
- Turns your resources into stacks that work as units
- Allows you to source control your infrastructure
Below are a some templates that I tested on.
A VPC with an EC2 instance:
Description: VPC
Resources:
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: dedicated
Tags:
- Key: Network
Value: Public
mySubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: myVPC
CidrBlock: 10.0.0.0/24
Tags:
- Key: Network
Value: Public
InternetGateway:
Type: AWS::EC2::InternetGateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: myVPC
InternetGatewayId:
Ref: InternetGateway
myRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: myVPC
myRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId:
Ref: myRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: InternetGateway
mySubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: mySubnet
RouteTableId:
Ref: myRouteTable
An EC2 instance with updates applied:
Description: A simple EC2 instance
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-14c5486b
InstanceType: t2.micro
KeyName: mykey
UserData:
#!/bin/bash
yum update -y
yum install -y httpd
service httpd start
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH access via port 22
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0