辅助魔法强化AWS上的服务扩大范围

辅助魔法

今日会把架构上的剩下服务讲完。

NACL这边使用预设的，就不用在YAML特别撰写。

Route table的设定以下会用到

routeTableName:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC
      Tags:
        - Key: itdemo-rt-cf
          Value: v1
  routeName:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref routeTableName
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref igwName
  routeTableAssocName:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref subnetName
      RouteTableId: !Ref routeTableName

DestinationCidrBlock: 0.0.0.0/0，外网为最终目的地。

Internet gateway的设定以下会用到

igwName:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: itdemo-igw-cf
          Value: v1
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref myVPC 
      InternetGatewayId: !Ref igwName

整个YAML档如下：

Resources:
  myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: itdemo-vpc-cf
          Value: v1
  subnetName:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: us-east-2a
      VpcId: !Ref myVPC
      CidrBlock: 10.0.0.0/24
      MapPublicIpOnLaunch: true
      Tags:
        - Key: itdemo-subnet-cf
          Value: v1
  igwName:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: itdemo-igw-cf
          Value: v1
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref myVPC 
      InternetGatewayId: !Ref igwName
  routeTableName:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC
      Tags:
        - Key: itdemo-rt-cf
          Value: v1
  routeName:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref routeTableName
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref igwName
  routeTableAssocName:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref subnetName
      RouteTableId: !Ref routeTableName
  secGroupName:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: itdemo-sg
      GroupDescription: it 30 days demo
      VpcId: !Ref myVPC 
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      Tags:
        - Key: itdemo-sg-cf
          Value: v1
  myEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        - DeviceName: "/dev/xvda"
          Ebs:
            VolumeSize: 30
            VolumeType: gp3
      KeyName: "itdemo"
      SubnetId: !Ref subnetName
      DisableApiTermination: false
      ImageId: ami-0443305dabd4be2bc
      InstanceType: "t3.micro"
      SecurityGroupIds:
        - !Ref secGroupName
      UserData: !Base64 |
        #!/bin/bash -ex
        # put your script here
      Tags:
        - Key: itdemo-ec2-cf
          Value: v1

CloudFormation建置环境步骤：

Create Stack
选择你的YAML做上传，确定点选Next
Stack name随意取名
点选Next，到Create Stack
等待CloudFormation建立好资源

之前建立的好的SSH key就可以测试，机器能否远端连入，以下是成功远端连入

删除资源，只要再回CloudFormation介面，点选delete，就可以把刚刚创建好的资源全部删除。

若对云端不熟悉，建议从[Day6]开始看起，才会有对架构有全面的了解
ps.至於Day6是哪一篇，可以从第一篇自己慢慢往上数，或是可以每一篇都看，或许会探索到新大陆