Use CloudFormation to Launch an Amazon EC2 Web Server
2/10 fun hands-on projects to learn AWS
This is the 2nd challenge from Drew Firement fun 10 AWS challenges post on Linkedin. I never used CloudFormation before. Mostly I use Terraform as my primary IaC tool. Let’s see how it goes with the CloudFormation.
Basically, in this example, we are supposed to create
EC2 instance, and required
SecurityGroup using Cloud Formation Designer.
Using CloudFormation Designer you can visualize your template and view how your resources connected each other. With the designer, it also comes with an integrated
YAML editor. That makes it easy to tweak your design as you need.
- Open AWS CloudFormation Designer
2. On the left side of the page, You can find the Resource types pane and inside that, you can find the Ec2 subgroup. Find a
VPC resource and drag that to the Canvas pane.
3. Click the edit button and rename the
VPC as your wish. You can see template automatically gets modified as per your design changes.
4. You can resize the
VPC resource to expand its size as we need to add several other components later into it.
Subnet resource type inside the
VPC and rename it
PublicSubnet. When you add a
subnet inside the
VPC, the CF designer automatically links the
6. Add Instance resource type inside the
PublicSubnet resources, You can rename the instance as your wish.
7. Add a
SecurityGroup resource type inside the
VPC and rename it.
InternetGateway resource type anywhere outside of the
9. To create a connection between the
VPC, hover over the internet gateway attachment and drag the connection to the
10. Now we need a way to direct network traffic within the subnet. Let’s add
RouteTable for that inside the
11. Next we can add
Route resource type inside the
RouteTable. Then use
GatewayId to create a connection from
Route resource to the
12. Create explicit dependency between the
Route resource and the Internet gateway-VPC attachment.
For CF to associate a route with an Internet gateway, we need to associate the Internet gateway with the
VPC first. To manage this dependency we need to drag a connection from
DependsOn dot in Route resource to Internet gateway-VPC attachment as below.
13. Ec2 Instance resource depends on the Public Route to route traffic to the Internet.
Drag depends on the connection from Ec2 Resource to Route Resource.
14. To associate the Public route table with the Public subnet, the AWS official documentation suggests dragging a connection from the Public route table to the subnet. But as per my experience, I can only find depend on connection in the Route table UI, hence I added SubnetRouteTableAssociation code block manually to the template as below.
We can parameterize the template to avoid hardcoded values in the template. As an example, we don’t need to hard code webservers instance type instead we can use parameters to specify the instance type when you create a stack.
- Click on an open area in the CloudFormation Designer canvas. In the editor pane, choose the Parameters tab in the Components view. Then add the below parameters.
Mappings are a set of keys that are associated with a set of name-value pairs. We can use it for specifying values based on an input parameters value. In this context we will use a mapping to specify an
AMI ID for an
EC2 instance based on the instance type and region in which you create the stack.
- In the editor pane, choose the Mappings tab. and add the below mapping.
I’m adding only 4 regions here. If you need any other region feel free to add as you need.
To declare values that we need to be available in response we can define them in outputs. In our example, we can get the WebServer Instance public URL as a response.
- In the editor pane, select the Outputs tab and describe the output URL as below.
Define Resource Properties
We need to configure additional configurations for a couple of resources. Such as
- In the designer view choose
VPCresource and in the editor view chose the properties tab. Then add the following properties as below.
CIDR block for
PublicSubnet as well.
3. Add destination
CIDR block for
4. Allow access from
SSH traffic in
5. Configure WebServerInstance
We need to define a couple of properties for the instance like Instance type, ImageId, Also to have a Public IP address we need to define NetworkInterface property as well.
Finally, we specify the configuration script as a UserData to run after the instance is up and running.
6. Add web server configuration metadata
Choose WebServerInstance and pick the Metadata tab then add the following metadata.
Now we have completed all configurations. We can create a stack and see how things work.
- In the CloudFormation designer toolbar, select Create Stack icon.
2. Above action will save the template in the S3 bucket and then open the CF Create Stack Wizard. You can select Next.
3. Provide a name for the stack and specify the parameters.
4. You can proceed with default parameters unless you need to configure any additional settings. choose Next.
5. Click Create stack
6. We can Check Output for WebServer address.
7. We can verify our WebServer is Up and running.
You can find the full template here.