Skip to main content

EC2 Webserver with VPC

AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS CloudFormation Simple Infrastructure Template
VPC_Single_Instance_In_Subnet: This template will show how to create a VPC and
add an EC2 instance with an Elastic IP address and a security group.
Parameters:
VPCCIDR:
Description: CIDR Block for VPC
Type: String
Default: 10.199.0.0/16
AllowedValues:
- 10.199.0.0/16
PUBSUBNET1:
Description: Public Subnet 1
Type: String
Default: 10.199.10.0/24
AllowedValues:
- 10.199.10.0/24
## TASK 2.1 - BEGIN: Add the parameter definition for InstanceType
InstanceType:
Description: WebServer EC2 Instance Type
Type: String
Default: t2.nano
AllowedValues:
- t2.nano
- t2.micro
- t2.small
ConstraintDescription: must be a valid ec2 instance type(t2.nano, t2.micro, t2.small)
## TASK 2.1 - END
LatestAmiId:
Description: Find the current AMI ID using System Manager Parameter Store
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

Resources:
VPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: !Ref VPCCIDR
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: Application
Value: !Ref 'AWS::StackId'
- Key: Name
Value: CF lab environment
Subnet:
Type: 'AWS::EC2::Subnet'
DependsOn: VPC
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PUBSUBNET1
MapPublicIpOnLaunch: 'true'
AvailabilityZone: !Select
- '0'
- !GetAZs ''
Tags:
- Key: Application
Value: !Ref 'AWS::StackId'
- Key: Name
Value: Public Subnet
InternetGateway:
Type: 'AWS::EC2::InternetGateway'
DependsOn: VPC
Properties:
Tags:
- Key: Application
Value: !Ref 'AWS::StackId'
AttachGateway:
Type: 'AWS::EC2::VPCGatewayAttachment'
DependsOn: VPC
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
RouteTable:
Type: 'AWS::EC2::RouteTable'
DependsOn: VPC
Properties:
VpcId: !Ref VPC
Tags:
- Key: Application
Value: !Ref 'AWS::StackId'
## Route resource
# TASK 2.2 - BEGIN: Add the resource definition for ROUTE
Route:
Type: AWS::EC2::Route
DependsOn:
- VPC
- AttachGateway
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# TASK 2.2 - END
SubnetRouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
DependsOn:
- VPC
- InternetGateway
Properties:
SubnetId: !Ref Subnet
RouteTableId: !Ref RouteTable
NetworkAcl:
Type: 'AWS::EC2::NetworkAcl'
DependsOn:
- VPC
- InternetGateway
Properties:
VpcId: !Ref VPC
Tags:
- Key: Application
Value: !Ref 'AWS::StackId'
InboundHTTPNetworkAclEntry:
Type: 'AWS::EC2::NetworkAclEntry'
DependsOn:
- VPC
- InternetGateway
Properties:
NetworkAclId: !Ref NetworkAcl
RuleNumber: '100'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '80'
To: '80'
InboundNetworkAclEntry:
Type: 'AWS::EC2::NetworkAclEntry'
DependsOn:
- VPC
- InternetGateway
Properties:
NetworkAclId: !Ref NetworkAcl
RuleNumber: '101'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '22'
To: '22'
InboundResponsePortsNetworkAclEntry:
Type: 'AWS::EC2::NetworkAclEntry'
DependsOn:
- VPC
- InternetGateway
Properties:
NetworkAclId: !Ref NetworkAcl
RuleNumber: '102'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '1024'
To: '65535'
OutBoundHTTPNetworkAclEntry:
Type: 'AWS::EC2::NetworkAclEntry'
DependsOn:
- VPC
- InternetGateway
Properties:
NetworkAclId: !Ref NetworkAcl
RuleNumber: '100'
Protocol: '6'
RuleAction: allow
Egress: 'true'
CidrBlock: 0.0.0.0/0
PortRange:
From: '80'
To: '80'
OutBoundHTTPSNetworkAclEntry:
Type: 'AWS::EC2::NetworkAclEntry'
DependsOn:
- VPC
- InternetGateway
Properties:
NetworkAclId: !Ref NetworkAcl
RuleNumber: '101'
Protocol: '6'
RuleAction: allow
Egress: 'true'
CidrBlock: 0.0.0.0/0
PortRange:
From: '443'
To: '443'
OutBoundResponsePortsNetworkAclEntry:
Type: 'AWS::EC2::NetworkAclEntry'
DependsOn:
- VPC
- InternetGateway
Properties:
NetworkAclId: !Ref NetworkAcl
RuleNumber: '102'
Protocol: '6'
RuleAction: allow
Egress: 'true'
CidrBlock: 0.0.0.0/0
PortRange:
From: '1024'
To: '65535'
SubnetNetworkAclAssociation:
Type: 'AWS::EC2::SubnetNetworkAclAssociation'
Properties:
SubnetId: !Ref Subnet
NetworkAclId: !Ref NetworkAcl
IPAddress:
Type: 'AWS::EC2::EIP'
DependsOn: AttachGateway
Properties:
Domain: vpc
InstanceId: !Ref WebServerInstance
InstanceSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
VpcId: !Ref VPC
GroupDescription: Enable HTTP via port 80
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
# TASK 5.1 - BEGIN: Change IP Range to 0.0.0.0/0
CidrIp: 1.1.1.1/32
# TASK 5.1 - END
WebServerInstance:
Type: 'AWS::EC2::Instance'
DependsOn: AttachGateway
Metadata:
Comment: Install a simple application
'AWS::CloudFormation::Init':
config:
packages:
yum:
httpd: []
files:
/var/www/html/index.html:
content: !Join
- |+

- - >-
<h1>Congratulations, you have successfully deployed a simple
infrastructure using AWS CloudFormation.</h1>
mode: '000644'
owner: root
group: root
/etc/cfn/cfn-hup.conf:
content: !Join
- ''
- - |
[main]
- stack=
- !Ref 'AWS::StackId'
- |+

- region=
- !Ref 'AWS::Region'
- |+

mode: '000400'
owner: root
group: root
/etc/cfn/hooks.d/cfn-auto-reloader.conf:
content: !Join
- ''
- - |
[cfn-auto-reloader-hook]
- |
triggers=post.update
- >
path=Resources.WebServerInstance.Metadata.AWS::CloudFormation::Init
- 'action=/opt/aws/bin/cfn-init -v '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerInstance '
- ' --region '
- !Ref 'AWS::Region'
- |+

- |
runas=root
mode: '000400'
owner: root
group: root
services:
sysvinit:
httpd:
enabled: 'true'
ensureRunning: 'true'
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- /etc/cfn/cfn-hup.conf
- /etc/cfn/hooks.d/cfn-auto-reloader.conf
Properties:
InstanceType: !Ref InstanceType
ImageId: !Ref LatestAmiId
Tags:
- Key: Application
Value: !Ref 'AWS::StackId'
- Key: Name
Value: Lab Host
NetworkInterfaces:
- GroupSet:
- !Ref InstanceSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
DeleteOnTermination: 'true'
SubnetId: !Ref Subnet
UserData: !Base64
'Fn::Join':
- ''
- - |
#!/bin/bash -xe
- |
yum update -y aws-cfn-bootstrap
- '/opt/aws/bin/cfn-init -v '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerInstance '
- ' --region '
- !Ref 'AWS::Region'
- |+

- '/opt/aws/bin/cfn-signal -e $? '
- ' --stack '
- !Ref 'AWS::StackName'
- ' --resource WebServerInstance '
- ' --region '
- !Ref 'AWS::Region'
- |+

CreationPolicy:
ResourceSignal:
Timeout: PT15M
##Outputs
Outputs:
MySecurityGroup:
Description: Application instance's security group name
Value:
!GetAtt
- InstanceSecurityGroup
- GroupId
# TASK 2.3 - BEGIN: Add the output definition for URL
AppURL:
Description: Newly Created application URL
Value: !Sub 'http://${WebServerInstance.PublicIp}'
# TASK 2.3 - END