I have written the cloud formation yaml code to create a VPC with 2 public subnet in multi AZ and 2 private subnet with multi AZ. I have created internet gateway, route table & Security Group ( one for public and one for private for both RT and SG ). Associated the subnets in the respective route tables. I have created ALB and ASG. All these using cloud formation.
I have specified desired instance as 2, min as 1 and max as 4 in ASG cloudformation template. In launch configuration template I have mentioned that all the instance should be launched in private subnets with multi AZ. ALB is placed in public subnet and it is internet facing. I haven't created NAT Gateway.
I will create an instance in public subnet with the user data to install httpd. My Question is: Is there any way to create an image of this instance. Condition in the same code
If this is possible what I will do is I will use this ami id of the image which was created from public instance to create an instance in private subnets.
Resources:
CFVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: Cloud_Formation_VPC
CFIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: Cloud_Formation_IGW
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref CFVPC
InternetGatewayId: !Ref CFIGW
CFPublicSubnet1a:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1a
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1a
CFPrivateSubnet1a:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1a
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Private Subnet 1a
CFPublicSubnet1b:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1b
CidrBlock: 10.0.3.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1b
CFPrivateSubnet1b:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref CFVPC
AvailabilityZone: ap-south-1b
CidrBlock: 10.0.4.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Private Subnet 1b
CFPublicRT:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: Public RT
VpcId: !Ref CFVPC
CFPrivateRT:
Type: AWS::EC2::RouteTable
Properties:
Tags:
- Key: Name
Value: Private RT
VpcId: !Ref CFVPC
routetablepublicsubnetassociation1a:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPublicRT
SubnetId: !Ref CFPublicSubnet1a
routetablepublicsubnetassociation1b:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPublicRT
SubnetId: !Ref CFPublicSubnet1b
routetableprivatesubnetassociation1a:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPrivateRT
SubnetId: !Ref CFPrivateSubnet1a
routetableprivatesubnetassociation1b:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref CFPrivateRT
SubnetId: !Ref CFPrivateSubnet1b
CFPublicRoute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref CFIGW
RouteTableId: !Ref CFPublicRT
CFALBSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http/https/ssh
VpcId: !Ref CFVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 106.51.140.198/32
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 122.179.31.197/32
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: -1
CFec2SG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow SSH
VpcId: !Ref CFVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref CFALBSG
CFAlbTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 10
HealthCheckPath: /http
HealthCheckPort: 80
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 7
HealthyThresholdCount: 5
Name: alb-target-group
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: Alb-TargetGp
UnhealthyThresholdCount: 10
VpcId: !Ref CFVPC
CFALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
Type: application
Name: cf-elb
Scheme: internet-facing
SecurityGroups:
- !Ref CFALBSG
Subnets:
- !Ref CFPublicSubnet1a
- !Ref CFPublicSubnet1b
Tags:
- Key: Name
Value: CF-ALB
CFALBListner:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- TargetGroupArn: !Ref CFAlbTargetGroup
Type: forward
LoadBalancerArn: !Ref CFALB
Port: 80
Protocol: HTTP
CFASGLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
AssociatePublicIpAddress: true
ImageId: ami-043f9106e7f451340
InstanceMonitoring: false
InstanceType: t2.micro
KeyName: QuadraKeyBLR
SecurityGroups:
- !Ref CFec2SG
CFPlacementGroup:
Type: AWS::EC2::PlacementGroup
Properties:
Strategy: spread
CFASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: Cloudformation_autoscalling
AvailabilityZones:
- ap-south-1a
- ap-south-1b
LaunchConfigurationName: !Ref CFASGLaunchConfig
VPCZoneIdentifier:
- !Ref CFPrivateSubnet1a
- !Ref CFPrivateSubnet1b
Cooldown: 120
DesiredCapacity: 2
MaxSize: 4
MinSize: 1
PlacementGroup: !Ref CFPlacementGroup
TargetGroupARNs:
- !Ref CFAlbTargetGroup
