{"id":2592,"date":"2022-08-03T08:35:46","date_gmt":"2022-08-03T08:35:46","guid":{"rendered":"https:\/\/www.checkmateq.com\/blog\/?p=2592"},"modified":"2023-08-04T16:35:34","modified_gmt":"2023-08-04T16:35:34","slug":"deploy-vpc-using-cloud-formation","status":"publish","type":"post","link":"https:\/\/www.checkmateq.com\/blog\/deploy-vpc-using-cloud-formation","title":{"rendered":"How to Deploy a VPC using Cloud Formation in AWS?"},"content":{"rendered":"

Note: <\/strong>This blog assumes that you already know how to create a VPC using AWS web console\u00a0 and have a clear understand of it’s architecture and requirements, if you are new to Cloud Formation<\/a> please refer this blog<\/a> for basic understand of what it is.<\/p>\n

What are Parameters, Resources, Outputs in an<\/span> AWS Cloud Formation template?<\/h3>\n

Parameters<\/strong><\/h3>\n

when you want to allow\u00a0 any user input while creating a stack like name of a s3 bucket\u00a0 or if\u00a0 you want to reuse the same template it’s not recommended to hardcode all the details of your resources rather you can give these details using parameters, let’s see this while creating the stack in aws<\/a> console, and\u00a0 it’s completely optional to define parameters in a template , below is an example parameter which is intended to be used for a VPC CIDR.<\/p>\n

Parameters:\r\n  VpcCIDR:\r\n    Default: 10.0.0.0\/16\r\n    Description: Please enter the CIDR (IP range) for this VPC\r\n    Type: String\r\n<\/pre>\n
all the parameters that you declare in a template should be under Parameters:<\/strong> tag only and VpcCIDR:<\/strong> is the\u00a0 logical names\u00a0 it can be any alpha alphanumeric value and it should\u00a0 be unique from all the logical names that were defined with in a template as one can refer to this parameter with this logical name only, different parameter types allowed string , number, list of numbers, comma-delimited list , the type of value allowed for a particular parameter is declared under Type:,\u00a0<\/strong>and the value given for Default:\u00a0<\/strong>key word will be used by cloud formation for\u00a0 creating the stack\/infrastructure if no other value is given by the user while creating the stack.<\/p>\n
Resources<\/strong><\/h3>\n
there more than 200 plus resources available in aws\u00a0 , the infrastructure that you want to deploy should be declared under Resources<\/strong> tag in configuration file , and every resource will have its own properties and there will be some required properties for each resource\u00a0 that need to be declared to deploy\u00a0 a resource, below is the basic syntax to declare a resource<\/p>\n
Resources:\r\n  VPC:\r\n    Type: AWS::EC2::VPC\r\n    Properties:\r\n      CidrBlock: !Ref VpcCIDR\r\n      EnableDnsHostnames: true\r\n      EnableDnsSupport: true\r\n      InstanceTenancy: default\r\n      Tags:\r\n        - Key: Name\r\n          Value: Test VPC\r\n<\/pre>\n
Here Resources:<\/strong> is tag under which you need to declare resources that you want deploy and Type:AWS::EC2::VPC<\/strong> is the resource key word for VPC . CidrBlock, EnableDnsHostnames, InstanceTenancy are the basic properties that are needed to create a vpc, and as you can see Intrinsic function !Ref<\/strong> is used to get the value for CidrBlock property by referring to VpcCIDR<\/strong> which is declared in Parameters part.<\/p>\n
Intrinsic\u00a0functions are basically built-in functions that comes within the AWS cloud formation, The intrinsic function Ref<\/strong> returns the value of the given parameter\u00a0 or resource, when you specify a parameter’s logical name, it returns the value of the parameter and if you specify a resource’s logical name, it returns a value that you can\u00a0 use to refer to that resource.<\/p>\n
Outputs <\/b><\/h3>\n
once the stack is created or the infrastructure<\/a> is deployed to get the details of resources , for example you have deployed a\u00a0 ec2 instance and you want Id of that instance you have to go all the way to ec2 dashboard in AWS\u00a0 web console for this , to make it easier we can declare outputs with in the same template you are using to create your infrastructure , this will give you specific details in the output section of cloud formation, lets see this while creating the stack in CF.
\nbelow is the basic syntax to declare a output ,<\/p>\n
Outputs:\r\n  Logical ID:\r\n    Description: Information about the value\r\n    Value: Value to return\r\n    Export:\r\n      Name: Name of resource to export\r\n<\/pre>\n
Intrinsic Function in AWS Cloud Formation<\/h3>\n
Before going on to create whole template to create a VPC Let’s look in to two more intrinsic functions.<\/p>\n
!Sub<\/strong>
\nThe intrinsic function \u00a0Fn: :Sub<\/strong> called as substitute function substitutes variables in an input string with values that you specify, you can use this function to construct commands or outputs in your template, go through the below given yaml configuration and explanation below it.<\/p>\n
Resources:\r\n  VPC:\r\n    Type: AWS::EC2::VPC\r\n    Properties:\r\n      CidrBlock: !Ref VpcCIDR\r\n      EnableDnsHostnames: true\r\n      EnableDnsSupport: true\r\n      InstanceTenancy: default\r\n      Tags:\r\n        - Key: Name\r\n          Value: Test VPC\r\nOutputs:\r\n  VPC:\r\n    Description: VPC ID\r\n    Export:\r\n      Name: !Sub ${AWS::StackName}-VPC\r\n    Value: !Ref VPC\r\n<\/pre>\n
In the\u00a0 above cloud formation template, Fn:: Sub is used in the output to give a export name, ${Variable name }\u00a0<\/strong> this is the syntax to describe a variable using substitute function, !Sub ${AWS::StackName}\u00a0<\/strong> is used it to get the stack name and giving it as a Export name.<\/p>\n
GetAZs<\/strong><\/p>\n
The intrinsic function\u00a0Fn::GetAZs<\/strong>\u00a0returns an array that lists Availability Zones in a region in alphabetical order, so that way you don’t have to hard-code a full list of Availability Zones for a specified region.<\/p>\n
Select <\/strong>intrinsic function select\u00a0 returns a single object from a list of objects based on given index.<\/p>\n
Cloud Formation Template to Create\u00a0 VPC<\/h3>\n
Below is the complete configuration in yaml for creating a VPC(CIDR: 10.0.0.0\/16 ) with one public (CIDR: 10.0.0.0\/24) and one private subnet(CIDR: 10.0.1.0\/24), go through each block and save in a yaml file.<\/p>\n
AWSTemplateFormatVersion: 2010-09-09\r\n\r\nDescription: This template creates vpc with public and private subnets\r\n\r\n# Parameters are used to to build flexible\/reusable CloudFormation templates\r\nParameters:\r\n  VpcCIDR:\r\n    Default: 10.0.0.0\/16\r\n    Description: Please enter the IP range (CIDR notation) for this VPC\r\n    Type: String\r\n\r\n  PublicSubnet1CIDR:\r\n    Default: 10.0.0.0\/24\r\n    Description: Please enter the IP range (CIDR notation) for the public subnet 1\r\n    Type: String\r\n\r\n  PrivateSubnet1CIDR:\r\n    Default: 10.0.2.0\/24\r\n    Description: Please enter the IP range (CIDR notation) for the private subnet 1\r\n    Type: String\r\n\r\n  SSHLocation:\r\n    Default: 0.0.0.0\/0\r\n    Description: The IP address range that can be used to access the web server using SSH.\r\n    MaxLength: '18'\r\n    MinLength: '9'\r\n    Type: String\r\n\r\nResources:\r\n# Create VPC\r\n  VPC:\r\n    Type: AWS::EC2::VPC\r\n    Properties:\r\n      CidrBlock: !Ref VpcCIDR\r\n      EnableDnsHostnames: true\r\n      EnableDnsSupport: true\r\n      InstanceTenancy: default\r\n      Tags:\r\n        - Key: Name\r\n          Value: Test VPC\r\n\r\n# Create Internet Gateway\r\n  InternetGateway:\r\n    Type: AWS::EC2::InternetGateway\r\n    Properties:\r\n      Tags:\r\n        - Key: Name\r\n          Value: Test IGW\r\n\r\n# Attach Internet Gateway to VPC\r\n  InternetGatewayAttachment:\r\n    Type: AWS::EC2::VPCGatewayAttachment\r\n    Properties:\r\n      InternetGatewayId: !Ref InternetGateway\r\n      VpcId: !Ref VPC\r\n\r\n# Create Public Subnet1\r\n  PublicSubnet1:\r\n    Type: AWS::EC2::Subnet\r\n    Properties:\r\n      AvailabilityZone: !Select [ 0, !GetAZs '' ]\r\n      CidrBlock: !Ref PublicSubnet1CIDR\r\n      MapPublicIpOnLaunch: true\r\n      Tags:\r\n        - Key: Name\r\n          Value: Public Subnet 1\r\n      VpcId: !Ref VPC\r\n\r\n# Create Route Table\r\n  PublicRouteTable:\r\n    Type: AWS::EC2::RouteTable\r\n    Properties:\r\n      Tags:\r\n        - Key: Name\r\n          Value: Public Route Table\r\n      VpcId: !Ref VPC\r\n\r\n# Add a Public Route to the Route Table\r\n  PublicRoute:\r\n    Type: AWS::EC2::Route\r\n    Properties:\r\n      DestinationCidrBlock: 0.0.0.0\/0\r\n      GatewayId: !Ref InternetGateway\r\n      RouteTableId: !Ref PublicRouteTable\r\n\r\n# Associate Public Subnet1 with Public Route Table\r\n  PublicSubnet1RouteTableAssociation:\r\n    Type: AWS::EC2::SubnetRouteTableAssociation\r\n    Properties:\r\n      RouteTableId: !Ref PublicRouteTable\r\n      SubnetId: !Ref PublicSubnet1\r\n\r\n# Create Private Subnet1\r\n  PrivateSubnet1:\r\n    Type: AWS::EC2::Subnet\r\n    Properties:\r\n      AvailabilityZone: !Select [ 0, !GetAZs  '' ]\r\n      CidrBlock: !Ref PrivateSubnet1CIDR\r\n      MapPublicIpOnLaunch: false\r\n      Tags:\r\n        - Key: Name\r\n          Value: Private Subnet 1 | App Tier\r\n      VpcId: !Ref VPC\r\n\r\n# Create Security Group for the Web Server\r\n  WebServerSecurityGroup:\r\n    Type: 'AWS::EC2::SecurityGroup'\r\n    Properties:\r\n      GroupDescription: Enable traffic on ports 80\/http, 443\/https, 22\/SSH\r\n      SecurityGroupIngress:\r\n        - IpProtocol: tcp\r\n          FromPort: '80'\r\n          ToPort: '80'\r\n          CidrIp: \"0.0.0.0\/0\"\r\n        - IpProtocol: tcp\r\n          FromPort: '443'\r\n          ToPort: '443'\r\n          CidrIp: \"0.0.0.0\/0\"\r\n        - IpProtocol: tcp\r\n          FromPort: '22'\r\n          ToPort: '22'\r\n          CidrIp: \"0.0.0.0\/0\"\r\n      Tags:\r\n        - Key: Name\r\n          Value: WebServer Security Group\r\n      VpcId: !Ref VPC\r\n\r\n#Create an EC2 instance in public subnet.\r\n  EC2Instance:\r\n    Type: AWS::EC2::Instance\r\n    Properties:\r\n      InstanceType: t2.micro\r\n      ImageId: \"ami-051dfed8f67f095f5\"\r\n      KeyName: key9\r\n      NetworkInterfaces:\r\n        - DeviceIndex: 0\r\n          AssociatePublicIpAddress: true\r\n          DeleteOnTermination: true\r\n          SubnetId: !Ref PublicSubnet1\r\n          GroupSet: \r\n            - !Ref WebServerSecurityGroup\r\n\r\nOutputs:\r\n# Export VPC ID\r\n  VPC:\r\n    Description: VPC ID\r\n    Export:\r\n      Name: !Sub ${AWS::StackName}-VPC\r\n    Value: !Ref VPC\r\n\r\n# Export Public Subnet 1 \r\n  PublicSubnet1:\r\n    Description: Public Subnet 1 ID\r\n    Export:\r\n      Name: !Sub ${AWS::StackName}-PublicSubnet1\r\n    Value: !Ref PublicSubnet1\r\n\r\n# Export Private Subnet 1\r\n  PrivateSubnet1:\r\n    Description: Private Subnet 1 ID\r\n    Export:\r\n      Name: !Sub ${AWS::StackName}-PrivateSubnet1\r\n    Value: !Ref PrivateSubnet1\r\n\r\n# Export WebServer Security Group ID\r\n  WebServerSecurityGroup:\r\n    Description: Webserver Security Group ID\r\n    Export:\r\n      Name: !Sub ${AWS::StackName}-WebServerSecurityGroup\r\n    Value: !Ref WebServerSecurityGroup\r\n\r\n# Export DataBase Security Group ID\r\n  EC2Instance:\r\n    Description: EC2 Instance  ID\r\n    Export:\r\n      Name: !Sub ${AWS::StackName}-EC2Instance\r\n    Value: !Ref EC2Instance\r\n<\/pre>\n
Steps to Create Infrastructure using Cloud Formation and Configuration Template<\/h3>\n
On your AWS web console search for Cloud Formation then click on create\u00a0<\/strong>stack.<\/b><\/p>\n
Stack<\/b>: To create resources defined in template you need to create a stack in cloud formation which allows you to manage your resources like delete update or create.
\n\"\"<\/p>\n
Then in step-2<\/strong> give a name to your stack and also you change the default values of the parameters that you declared in the configuration template.<\/p>\n
\"\"<\/p>\n
In step-3<\/strong> you can give tags and the IAM role that should be used by CF to create your stack and in Step-4\u00a0<\/strong>Review all the details and click on Create Stack ,\u00a0<\/strong>this will redirect you to events page where you can see the progress of the deployment.<\/p>\n
\"\"<\/p>\n
Now go to Outputs to see the values that you have exported in the configuration file.<\/p>\n
\"\"<\/p>\n
 <\/p>\n
Please contact<\/a> our cloud consultants if you have any cloud infrastructure related issues to be discussed.<\/p>\n","protected":false},"excerpt":{"rendered":"
Note: This blog assumes that you already know how to create a VPC using AWS web console\u00a0 and have a clear understand of it’s architecture and requirements, if you are new to Cloud Formation please refer this blog for basic understand of what it is. What are Parameters, Resources, Outputs in an AWS Cloud Formation … Continue reading “How to Deploy a VPC using Cloud Formation in AWS?”<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":2619,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[3,2,71,70,69,68,59,11,63,23,16,24,8],"_links":{"self":[{"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/posts\/2592"}],"collection":[{"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/comments?post=2592"}],"version-history":[{"count":25,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/posts\/2592\/revisions"}],"predecessor-version":[{"id":4259,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/posts\/2592\/revisions\/4259"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/media\/2619"}],"wp:attachment":[{"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/media?parent=2592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/categories?post=2592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.checkmateq.com\/blog\/wp-json\/wp\/v2\/tags?post=2592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}