Greetings
In my previous post, I talked briefly about gettings started with CloudFormation. The best way to learn anything is to do practicals. Hence, let's create an EC2 instance with CloudFormation.
When you manually create an EC2 instance using the AWS console, you can see ImageId for your InstanceType. Copy it and paste it into the CloudFormation file.
cfn-ec2.yml
Go to EC2 and check your newly created instance.
Ref is an intrinsic function that returns the value of the specified parameter or resource.
Syntax in YAML for this is;
In my previous post, I talked briefly about gettings started with CloudFormation. The best way to learn anything is to do practicals. Hence, let's create an EC2 instance with CloudFormation.
What are we going to do?
- Create an EC2
- Set the KeyPair
- Create a SecurityGroup
- Add SecurityGroup to EC2
Create an EC2 with CloudFormation
When we create an EC2 instance with CloudFormation, we can supply the ImageId and InstanceType. We can supply many more properties but for this example, we are not going to use them. Hence all those will default. This means our EC2 instance will be created on default VPC with default configurations.When you manually create an EC2 instance using the AWS console, you can see ImageId for your InstanceType. Copy it and paste it into the CloudFormation file.
cfn-ec2.yml
AWSTemplateFormatVersion: 2010-09-09
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-05fa00d4c63e32376
Step
two is to upload this to AWS.- Go to AWS CloudFormation
- Click on Stacks
- Click on Create stack -> with new resources
- Choose "Template is ready"
- Choose "Upload a file"
- Select your cfn-ec2.yml file
- Give a Stack name (HelloWorldEC2)
- Click Next -> Next -> Create stack
- Wait.. this will few seconds/minutes
Go to EC2 and check your newly created instance.
Let's add the KeyPair
We can add a KeyPair to our instance. For this, create a KeyPair from AWS Console. (I assume you know this step)EC2 -> KeyPair
Make sure to download the .pem file and set the correct
permission.chmod 400 mykey.pem
Then, we can use the KeyName property to attach our KeyPair.AWSTemplateFormatVersion: 2010-09-09
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-05fa00d4c63e32376
KeyName: "MyKeyPair"
Go
to CloudFormatin and make an update with the new file. Make sure your default
SecurityGroup has allowed port 22 ingress access.ssh -i MyKeyPair.pem ec2-user@<public-ip>
All good! Now exit from it
since we are going to create a new SecurityGroup and attach it.Create a SecurityGroup
We are going to add an ingress rule to ssh into the ec2 instance. This can be done as follow where we allow tcp access to port 22.MyInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow SSH access to the EC2 instance
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
If
we upload our CloudFormation file it will create a security group. However, it
will not attach to our ec2 instance because we have not mentioned it. How can
we do that? This is where can use CloudFormation helper functions.Ref is an intrinsic function that returns the value of the specified parameter or resource.
Syntax in YAML for this is;
Ref: logicalName
However, there is another shorter format that
we are going to use.!Ref logicalName
In our
EC2 SecurityGroups we can reference the security groups as below.SecurityGroups:
- !Ref MyInstanceSecurityGroup
Our complete file now
looks like this.AWSTemplateFormatVersion: 2010-09-09
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-05fa00d4c63e32376
KeyName: MyKeyPair
SecurityGroups:
- !Ref MyInstanceSecurityGroup
MyInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow SSH access to the EC2 instance
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Make sure to delete your stack. Unless it will cost you for your ec2
instance without knowing.
There is an issue when we hard code values like this. We can not truly reusable this template. Of course, we can edit it and upload it. However, there is a better way to do that. That is using CloudFormation Parameters. Let's do that in the next post.
Happy learning ☺
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
Summary
In this short tutorial, we have created an EC2 instance with CloudFormation. After that, we added a KeyPair to it. That teaches us how to use existing property with CloudFormation. Then we created another resource in the security group and attached it using the Ref function.There is an issue when we hard code values like this. We can not truly reusable this template. Of course, we can edit it and upload it. However, there is a better way to do that. That is using CloudFormation Parameters. Let's do that in the next post.
Happy learning ☺
References
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.htmlhttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
Comments
Post a Comment