Skip to main content

Let's create an EC2 instance with AWS CloudFormation

Greetings

In my previous post, I talked briefly about gettings started with CloudFormation. The best way to learn anything is to do practicals. Hence, let's create an EC2 instance with CloudFormation.

What are we going to do?

  1. Create an EC2
  2. Set the KeyPair
  3. Create a SecurityGroup
  4. Add SecurityGroup to EC2

Create an EC2 with CloudFormation

When we create an EC2 instance with CloudFormation, we can supply the ImageId and InstanceType. We can supply many more properties but for this example, we are not going to use them. Hence all those will default. This means our EC2 instance will be created on default VPC with default configurations.

When you manually create an EC2 instance using the AWS console, you can see ImageId for your InstanceType. Copy it and paste it into the CloudFormation file.

cfn-ec2.yml
AWSTemplateFormatVersion: 2010-09-09

MyEC2Instance:
  Type: AWS::EC2::Instance
  Properties:
    InstanceType: t2.micro
    ImageId: ami-05fa00d4c63e32376
Step two is to upload this to AWS.
  1. Go to AWS CloudFormation
  2. Click on Stacks
  3. Click on Create stack -> with new resources
  4. Choose "Template is ready"
  5. Choose "Upload a file"
  6. Select your cfn-ec2.yml file
  7. Give a Stack name (HelloWorldEC2)
  8. Click Next -> Next -> Create stack
  9. Wait.. this will few seconds/minutes
You would see "CREATE_COMPLETE" event.
Go to EC2 and check your newly created instance.

Let's add the KeyPair

We can add a KeyPair to our instance. For this, create a KeyPair from AWS Console. (I assume you know this step)
EC2 -> KeyPair
Make sure to download the .pem file and set the correct permission.
chmod 400 mykey.pem
Then, we can use the KeyName property to attach our KeyPair.
AWSTemplateFormatVersion: 2010-09-09

MyEC2Instance:
  Type: AWS::EC2::Instance
  Properties:
    InstanceType: t2.micro
    ImageId: ami-05fa00d4c63e32376
    KeyName: "MyKeyPair"
Go to CloudFormatin and make an update with the new file. Make sure your default SecurityGroup has allowed port 22 ingress access.
ssh -i MyKeyPair.pem ec2-user@<public-ip>
All good! Now exit from it since we are going to create a new SecurityGroup and attach it.

Create a SecurityGroup

We are going to add an ingress rule to ssh into the ec2 instance. This can be done as follow where we allow tcp access to port 22.
MyInstanceSecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: Allow SSH access to the EC2 instance
    SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
If we upload our CloudFormation file it will create a security group. However, it will not attach to our ec2 instance because we have not mentioned it. How can we do that? This is where can use CloudFormation helper functions.

Ref is an intrinsic function that returns the value of the specified parameter or resource.

Syntax in YAML for this is;
Ref: logicalName
However, there is another shorter format that we are going to use.
!Ref logicalName
In our EC2 SecurityGroups we can reference the security groups as below.
SecurityGroups:
- !Ref MyInstanceSecurityGroup
Our complete file now looks like this.
AWSTemplateFormatVersion: 2010-09-09

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-05fa00d4c63e32376
      KeyName: MyKeyPair
      SecurityGroups:
      - !Ref MyInstanceSecurityGroup

  MyInstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow SSH access to the EC2 instance
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
Make sure to delete your stack. Unless it will cost you for your ec2 instance without knowing.

Summary

In this short tutorial, we have created an EC2 instance with CloudFormation. After that, we added a KeyPair to it. That teaches us how to use existing property with CloudFormation. Then we created another resource in the security group and attached it using the Ref function.

There is an issue when we hard code values like this. We can not truly reusable this template. Of course, we can edit it and upload it. However, there is a better way to do that. That is using CloudFormation Parameters. Let's do that in the next post.

Happy learning ☺

References

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html

Comments