This post provides steps to know how to set up VPC instantly using CloudFormation which includes setting up CIDR, subnets, Security Group, route table, Internet Gateway, and one public EC2 instance. This can act as a base template while designing CloudFormation templates for various architectures.
The architecture to be designed in cloud formation (.YAML format) will be as shown in the picture below: (Note: this architecture is derived from the post Know all the steps to host a website in AWS)
This VPC contains 1 Sydney region, 3 Availability zones (AZ), and one subnet reserved for future AZ. There are 4 subnets in each AZ (Public subnet – for web, App Subnet – private, DB subnet – private, Reserved Subnet (for future) – private) . A Nat gateway is configured in each public subnet to communicate to private subnets with corresponding route tables. Finally, an Internet gateway with an elastic IP will be configured to route traffic to the internet, which means all instances launched in public subnets will have internet access and private subnets will have internet access via Bastion host instance that will be configured in the public subnet.
Tools to utilize while working with CloudFormation template
Template Snippets provided by AWS can be referred to while writing cloudformation template.
Install and use YAML language support by Red Hat, for YAML validations
To check your cloud formation templates for errors use the latest tool called cfn-python-lint . For lint, python must be installed. Use the following command in VS code terminal to install lint.
pip install cfn-lint
// if you get Error: Access is denied. Consider using the `--user` option or check the permissions.
// try following command
pip install --user cfn-lint
// check the version to make sure installation is complete
cfn-lint --version
Then install the extension CloudFromation Linter. If the linter can’t find the path to the cfn-lint.exe then go to the extension settings and provide a full Path to cfn-lint. For eg: C:\Users\Admin\AppData\Roaming\Python\Python39\Scripts\cfn-lint.exe
Cloud Formation Template
Following template will do following > Design the VPC > Design all the subnets > Design Internet gateway > Design route table for web access with reference to Internet Gateway> Associate web subnets to Route table for web > Design a default instance security group > launch an Instance in public subnet A using default instance security group by taking instance type and key pairs as parameters.
Get full code from Git – VPC with subnets and bastion host
Test the CloudFormation template
Upload the template in S3 and get the object URL link
Go to Cloudformation Console > Create Stack > Template is ready > Template Source > Amazon S3 URL > paste the S3 object URL > Next
Provide the name of the stack > Select the key pairs > Next
This is just testing so > Just press Next on Configure stack options
Finally, Create Stack.
Wait for a few minutes stack creation takes a while, go and test the resources.
The test is successful, all the configurations are correct and EC2 can access the internet. Go back to cloud formation and delete the stack, it will delete all the resources allocated.
Setup two S3 to host static website and subdomain redirect
This cloud formation template will create two S3 buckets, one with the root directory, and wwwbucket will redirect the www subdomain to the main bucket and register a DNS in Route53.
Full yaml template code can be found from the Git Link – 2 S3 for a static website with DNS registered in Route 53