此篇,采用比较严谨的方式,去建置AWS的服务,也是以同样的架构,做对比,如下图:
今日会介绍需要自己设置route table,连接internet gateway,甚至是规划subnet CIDR
首先,还是要先建立一个VPC,但要把AZ跟NAT设定成0,不然会自动使用预设值建立。
myvpc = ec2.Vpc(self, "cdk-vpc",
max_azs=0,
nat_gateways=0,
cidr="10.0.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True
)
再来需要建立自己的subnet,这里的public-subnet是可以随便定义,不会影响後面程序的调用
mysubnet = ec2.Subnet(self, "public-subnet",
availability_zone="us-east-2b",
cidr_block="10.0.30.0/24",
vpc_id=myvpc.vpc_id,
map_public_ip_on_launch=True)
cidr_block:研读前面章节去设定适合的CIDR。如果要事後再新增subnet,mask就设定大一点,留些空间,才可以切新的subnet出来
将建立好的subnet设定route table,以及internet gateway,这样User才可以访问到EC2
mysubnet.add_default_internet_route(myvpc.internet_gateway_id, gateway_attachment=myvpc)
接下来的SG inbound rules和OS设定都一样没有去更动。如果企业在设定SG inbound rules,可以在description说明,这条inbound rules的用途,在日後要修改或新增才不会误删掉导致其他服务访问失败
mysg = ec2.SecurityGroup(self, "cdk-sg-it",
vpc=myvpc,
allow_all_outbound=True,
description="it demo 30 days",
security_group_name="cdk-sg")
mysg.add_ingress_rule(peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(22), description="cdk remote access")
mysg.add_ingress_rule(peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(80), description="cdk use browser to access")
ami = ec2.AmazonLinuxImage(cpu_type=ec2.AmazonLinuxCpuType.X86_64,
edition=ec2.AmazonLinuxEdition.STANDARD,
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE,
virtualization=ec2.AmazonLinuxVirt.HVM,
)
最後就是建立EC2
myec2 = ec2.Instance(self, "myEC2",
instance_name="cdk-ec2-test",
instance_type=ec2.InstanceType("t3.micro"),
machine_image=ami,
allow_all_outbound=True,
availability_zone="us-east-2b",
key_name="itdemo",
security_group=mysg,
vpc_subnets=ec2.SubnetSelection(subnets=[mysubnet]),
user_data=ec2.UserData.custom(userdata),
vpc=myvpc,
block_devices=[ec2.BlockDevice(device_name="/dev/xvda",
volume=ec2.BlockDeviceVolume.ebs(volume_size=10,
volume_type=ec2.EbsDeviceVolumeType.GP3),
mapping_enabled=True)])
vpc_subnets:SubnetSelection选择的参数是subnets,这个subnets需要是List的型态,所以需要做转态的动作,以及直接填入上面设定好的mysubnet这个变数,就可以把EC2建立在us-east-2b以及private ip为10.0.30.X(X:2-254)。
从这两篇文章可以看出明显的对比,subnet cidr、route table,以及attach internet gateway。一个是可以快速建立,另一个则是比较严谨的做法,严谨的做法好处是在使用console上可以熟悉操作以及设定
from aws_cdk import core as cdk
from aws_cdk import (
aws_ec2 as ec2,
core
)
with open("./ittest2/userdata.sh", "r", encoding='utf-8') as file:
userdata = file.read()
class Ittest2Stack(cdk.Stack):
def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
myvpc = ec2.Vpc(self, "cdk-vpc",
max_azs=0,
nat_gateways=0,
cidr="10.0.0.0/16",
enable_dns_hostnames=True,
enable_dns_support=True
)
mysubnet = ec2.Subnet(self, "public-subnet",
availability_zone="us-east-2b",
cidr_block="10.0.30.0/24",
vpc_id=myvpc.vpc_id,
map_public_ip_on_launch=True)
mysubnet.add_default_internet_route(myvpc.internet_gateway_id, gateway_attachment=myvpc)
mysg = ec2.SecurityGroup(self, "cdk-sg-it",
vpc=myvpc,
allow_all_outbound=True,
description="it demo 30 days",
security_group_name="cdk-sg")
mysg.add_ingress_rule(peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(22), description="cdk remote access")
mysg.add_ingress_rule(peer=ec2.Peer.any_ipv4(), connection=ec2.Port.tcp(80), description="cdk use browser to access")
ami = ec2.AmazonLinuxImage(cpu_type=ec2.AmazonLinuxCpuType.X86_64,
edition=ec2.AmazonLinuxEdition.STANDARD,
generation=ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
storage=ec2.AmazonLinuxStorage.GENERAL_PURPOSE,
virtualization=ec2.AmazonLinuxVirt.HVM,
)
myec2 = ec2.Instance(self, "myEC2",
instance_name="cdk-ec2-test",
instance_type=ec2.InstanceType("t3.micro"),
machine_image=ami,
allow_all_outbound=True,
availability_zone="us-east-2b",
key_name="itdemo",
security_group=mysg,
vpc_subnets=ec2.SubnetSelection(subnets=[mysubnet]),
user_data=ec2.UserData.custom(userdata),
vpc=myvpc,
block_devices=[ec2.BlockDevice(device_name="/dev/xvda",
volume=ec2.BlockDeviceVolume.ebs(volume_size=10, volume_type=ec2.EbsDeviceVolumeType.GP3),
mapping_enabled=True)])
core.CfnOutput(self, "publicIP", value=myec2.instance_public_ip)
core.CfnOutput(self, "publicDNS", value=myec2.instance_public_dns_name)
core.CfnOutput(self, "privateIP", value=myec2.instance_private_ip)
core.CfnOutput(self, "privateDNS", value=myec2.instance_private_dns_name)
<<: Day14 开发套件 - 范例程序码介绍03 iOS 端
myint = 7 print(myint) myfloat = 7.0 print(myfloat...
Everybody has a different definition of the good ...
大家好~ 我是五岁~ 今天来画牛头怪~ 今天会尝试卡通风格~ 目标是一只跟人一样站立的牛头怪,武器是...
引言 昨天学到的: 命令 简介 命令 --help 查看命令使用说明 今天的题目正好与 --hel...
前言 本文说明RSI指标。 RSI指标 RSI(Relative Strength Index):相...