Use CloudFormation to Launch an Amazon EC2 Web Server
2/10 fun hands-on projects to learn AWS
This is the 2nd challenge from Drew Firement fun 10 AWS challenges post on Linkedin. I never used CloudFormation before. Mostly I use Terraform as my primary IaC tool. Let’s see how it goes with the CloudFormation.
Basically, in this example, we are supposed to create VPC, PublicSubnet, RouteTable with Routes, InternetGateway, EC2 instance, and required SecurityGroup using Cloud Formation Designer.
Using CloudFormation Designer you can visualize your template and view how your resources connected each other. With the designer, it also comes with an integrated JSON or YAML editor. That makes it easy to tweak your design as you need.
Adding Resources
- Open AWS CloudFormation Designer
2. On the left side of the page, You can find the Resource types pane and inside that, you can find the Ec2 subgroup. Find a VPC resource and drag that to the Canvas pane.
3. Click the edit button and rename the VPC as your wish. You can see template automatically gets modified as per your design changes.
4. You can resize the VPC resource to expand its size as we need to add several other components later into it.
5. Add Subnet resource type inside the VPC and rename it PublicSubnet. When you add a subnet inside the VPC, the CF designer automatically links the subnet with VPC.
6. Add Instance resource type inside the PublicSubnet resources, You can rename the instance as your wish.
7. Add a SecurityGroup resource type inside the VPC and rename it.
8. Add InternetGateway resource type anywhere outside of the VPC
9. To create a connection between the InternetGateway and VPC, hover over the internet gateway attachment and drag the connection to the VPC.
10. Now we need a way to direct network traffic within the subnet. Let’s add RouteTable for that inside the VPC.
11. Next we can add Route resource type inside the RouteTable. Then use GatewayId to create a connection from Route resource to the InternetGateway.
12. Create explicit dependency between the Route resource and the Internet gateway-VPC attachment.
For CF to associate a route with an Internet gateway, we need to associate the Internet gateway with the VPC first. To manage this dependency we need to drag a connection from DependsOn dot in Route resource to Internet gateway-VPC attachment as below.
13. Ec2 Instance resource depends on the Public Route to route traffic to the Internet.
Drag depends on the connection from Ec2 Resource to Route Resource.
14. To associate the Public route table with the Public subnet, the AWS official documentation suggests dragging a connection from the Public route table to the subnet. But as per my experience, I can only find depend on connection in the Route table UI, hence I added SubnetRouteTableAssociation code block manually to the template as below.
Parameterize Template
We can parameterize the template to avoid hardcoded values in the template. As an example, we don’t need to hard code webservers instance type instead we can use parameters to specify the instance type when you create a stack.
- Click on an open area in the CloudFormation Designer canvas. In the editor pane, choose the Parameters tab in the Components view. Then add the below parameters.
Mappings
Mappings are a set of keys that are associated with a set of name-value pairs. We can use it for specifying values based on an input parameters value. In this context we will use a mapping to specify an AMI ID for an EC2 instance based on the instance type and region in which you create the stack.
- In the editor pane, choose the Mappings tab. and add the below mapping.
I’m adding only 4 regions here. If you need any other region feel free to add as you need.
Outputs
To declare values that we need to be available in response we can define them in outputs. In our example, we can get the WebServer Instance public URL as a response.
- In the editor pane, select the Outputs tab and describe the output URL as below.
Define Resource Properties
We need to configure additional configurations for a couple of resources. Such as VPC CIDR block, Subnet CIDR, SecurityGroups, etc.
- In the designer view choose
VPCresource and in the editor view chose the properties tab. Then add the following properties as below.
2. Add CIDR block for PublicSubnet as well.
3. Add destination CIDR block for PublicRoute
4. Allow access from HTTP and SSH traffic in WebServerSecurityGroup
5. Configure WebServerInstance
We need to define a couple of properties for the instance like Instance type, ImageId, Also to have a Public IP address we need to define NetworkInterface property as well.
Finally, we specify the configuration script as a UserData to run after the instance is up and running.
6. Add web server configuration metadata
Choose WebServerInstance and pick the Metadata tab then add the following metadata.
Provision Resources
Now we have completed all configurations. We can create a stack and see how things work.
- In the CloudFormation designer toolbar, select Create Stack icon.
2. Above action will save the template in the S3 bucket and then open the CF Create Stack Wizard. You can select Next.
3. Provide a name for the stack and specify the parameters.
4. You can proceed with default parameters unless you need to configure any additional settings. choose Next.
5. Click Create stack
6. We can Check Output for WebServer address.
7. We can verify our WebServer is Up and running.
You can find the full template here.