Powered By Blogger

Thursday, April 20, 2017

AWS Cloud Formation


Amazon Web Services CloudFormationis a free service that provides Amazon Web Service (AWS) customers with the tools they need to create and manage the infrastructure a particular software application requires to run on Amazon Web Services
CloudFormation has two parts: templates and stacks. A template is a JavaScript Object Notation (JSON) text file. The file, which is declarative and not scripted, defines what AWS resources or non-AWS resources are required to run the application. ( I will walk you through with the example at the end of this article ) 
When the template is submitted to the service, CloudFormation creates the necessary resources in the customer's account and builds a running of the template, putting dependencies and data flows in the right order automatically. The running instance is called a stack.
We  can make changes to the stack after it’s been deployed by using CloudFormation tools and an editing process that is similar to version control. When a stack is deleted, all related resources are deleted automatically as well.


advantage of CloudFormation is that it allows developers to automate service provisioning steps in a fairly simple way. There is no extra charge for AWS CloudFormation; customers only pay for the AWS resources that are required to run their applications.

Example
Below is self explanatory example of sample template 

{
  "AWSTemplateFormatVersion" : "2010-09-09",
 ##This is mandatory 

  "Description" : "AWS CloudFormation Sample Template EC2_Instance_With_Ephemeral_Drives: Example to show how to attach ephemeral drives using EC2 block device mappings. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.",

  "Parameters" : {
    "KeyName": {
      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the web server",
      "Type": "AWS::EC2::KeyPair::KeyName",
      "ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
    },
##This is parameter for spinningup new EC2-Instance and its pre-requsites 
    "InstanceType" : {
      "Description" : "WebServer EC2 instance type",  
      "Type" : "String",
      "Default" : "t2.small", ## Instance type , there are lot more instance type but I choose t2.small for example 
     "ConstraintDescription" : "must be a valid EC2 instance type."
    },

    "SSHLocation": {
      "Description": "Lockdown SSH access to the bastion host (default can be accessed from anywhere)",
      "Type": "String",
      "MinLength": "9",
      "MaxLength": "18",
      "Default": "0.0.0.0/0", ##Mandatory field as we need to access server from IP range , 0.0.0.0/0 means over the internet and nyone can access it 
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
    }
  },

  "Mappings" : {
    "AWSInstanceType2Arch" : {
      "t1.micro"    : { "Arch" : "PV64"   }
      
    },
    

    "AWSRegionArch2AMI" : {  #provide region and their respectvie images (AMID with ID) 
      "us-east-1"        : {"PV64" : "ami-2a69aa47", "HVM64" : "ami-6869aa05", "HVMG2" : "ami-920f8984"},
      "us-west-2"        : {"PV64" : "ami-7f77b31f", "HVM64" : "ami-7172b611", "HVMG2" : "ami-54d44234"}
  },

  "Resources" : {
    "EC2Instance" : {
      "Type" : "AWS::EC2::Instance", 
      "Properties" : {
        "KeyName" : { "Ref" : "KeyName" },
        "InstanceType" : { "Ref" : "InstanceType" },
        "ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" },
                          { "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
        "SecurityGroups" : [{ "Ref" : "EC2SecurityGroup" }],
        "BlockDeviceMappings" : [
          {
            "DeviceName"  : "/dev/sdc",
            "VirtualName" : "ephemeral0"
          }
        ]
      }
    },

    "EC2SecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup", #this will create secutiry group with given ingress rule port number and cidr range 
      "Properties" : {
        "GroupDescription" : "SSH access",
        "SecurityGroupIngress" : [{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHLocation" }}]
      }
    }
  },

  "Outputs" : {
    "Instance" : {
      "Value" : { "Fn::GetAtt" : [ "EC2Instance", "PublicDnsName" ] }, 
      "Description" : "DNS Name of the newly created EC2 instance"
    }
  }
}
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)