실습 목표
<https://s3.ap-northeast-2.amazonaws.com/cloudformation.cloudneta.net/STORAGE/Storage.yaml>
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: must be the name of an existing EC2 KeyPair.
LatestAmiId:
Description: (DO NOT CHANGE)
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
AllowedValues:
- /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
Resources:
# IAM Role Instance Profile
STGLabInstanceRole:
Type: AWS::IAM::Role
Properties:
RoleName: STGLabInstanceRole
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
- arn:aws:iam::aws:policy/AmazonS3FullAccess
STGLabRoleForInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: STGLabRoleForInstances
Path: /
Roles:
- !Ref STGLabInstanceRole
# VPC
ELBVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.40.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: ELB-VPC
ELBIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ELB-IGW
ELBIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref ELBIGW
VpcId: !Ref ELBVPC
ELBPublicRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref ELBVPC
Tags:
- Key: Name
Value: ELB-Public-RT
ELBDefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: ELBIGWAttachment
Properties:
RouteTableId: !Ref ELBPublicRT
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref ELBIGW
ELBPublicSN1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref ELBVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: 10.40.1.0/24
Tags:
- Key: Name
Value: ELB-Public-SN-1
ELBPublicSN2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref ELBVPC
AvailabilityZone: !Select [ 2, !GetAZs '' ]
CidrBlock: 10.40.2.0/24
Tags:
- Key: Name
Value: ELB-Public-SN-2
ELBPublicSNRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref ELBPublicRT
SubnetId: !Ref ELBPublicSN1
ELBPublicSNRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref ELBPublicRT
SubnetId: !Ref ELBPublicSN2
# Security Group
ELBSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable
VpcId: !Ref ELBVPC
Tags:
- Key: Name
Value: ELBSG
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '2049'
ToPort: '2049'
CidrIp: 10.40.0.0/16
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
- IpProtocol: icmp
FromPort: -1
ToPort: -1
CidrIp: 0.0.0.0/0
# EC2 Instance
EC2STG1:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: !Ref LatestAmiId
IamInstanceProfile: STGLabRoleForInstances
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: EC2-STG1
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref ELBPublicSN1
GroupSet:
- !Ref ELBSG
AssociatePublicIpAddress: true
PrivateIpAddress: 10.40.1.10
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
hostnamectl --static set-hostname EC2-STG1
yum install httpd tree tmux amazon-efs-utils -y
systemctl start httpd && systemctl enable httpd
echo "<html><h1>AFOS Study - Web Server 1</h1></html>" > /var/www/html/index.html
curl "<https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip>" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install --bin-dir /usr/bin --install-dir /usr/bin --update
EC2STG2:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: !Ref LatestAmiId
IamInstanceProfile: STGLabRoleForInstances
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: EC2-STG2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref ELBPublicSN2
GroupSet:
- !Ref ELBSG
AssociatePublicIpAddress: true
PrivateIpAddress: 10.40.2.10
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
hostnamectl --static set-hostname EC2-STG2
yum install httpd tree tmux amazon-efs-utils -y
systemctl start httpd && systemctl enable httpd
echo "<html><h1>AFOS Study - Web Server 2</h1></html>" > /var/www/html/index.html
curl "<https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip>" -o "awscliv2.zip"
unzip awscliv2.zip
./aws/install --bin-dir /usr/bin --install-dir /usr/bin --update