Public Ip Address to EC2 Machine
- Lets add Network Interfaces as mentioned below to the existing template
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet2"
}
}
]
- SecurityGroups & Subnet Id’s can be defined only once either in NetworkInterfaces or directly in resource (EC2::Instance)
- The resulting template is
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This is my first cf template",
"Parameters": {
"subnet1az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet2az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet3az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"keypairname": {
"Description": "keyvaluepair",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Resources": {
"myvpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.1.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet1az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.0.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet2az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.1.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet3az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.2.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"myigw": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"InternetGatewayId": {
"Ref": "myigw"
}
}
},
"myrt": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"igwroute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "myrt"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "myigw"
}
}
},
"subnet1rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet1"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"subnet2rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet2"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"mysubnet3rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet3"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"openssh": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "open ssh port for all",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "open ssh port",
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
}
],
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"apache1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": "ami-06f2f779464715dc5",
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet2"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
}
}
}
Change set:
- We can create a changeset, which is changes to be made to existing template.
- We can rollback our changes to earlier changeset.
- Lets add the new ec2 resource apache2 in subnet1 to the changeset
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This is my first cf template",
"Parameters": {
"subnet1az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet2az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet3az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"keypairname": {
"Description": "keyvaluepair",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Resources": {
"myvpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.1.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet1az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.0.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet2az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.1.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet3az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.2.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"myigw": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"InternetGatewayId": {
"Ref": "myigw"
}
}
},
"myrt": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"igwroute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "myrt"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "myigw"
}
}
},
"subnet1rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet1"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"subnet2rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet2"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"mysubnet3rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet3"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"openssh": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "open ssh port for all",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "open ssh port",
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
}
],
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"apache1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": "ami-06f2f779464715dc5",
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet2"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"apache2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": "ami-06f2f779464715dc5",
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet1"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
}
}
}
Adding Outputs to the template
- Outputs show the necessary information to the user
- Output syntax is as mentioned here
- Lets add two outputs for apache1 & apache2 public ip address
"Outputs": {
"apache1publicip" : {
"Value" : {
"Fn::GetAtt": ["apache1", "PublicIp"]
}
},
"apache2publicip" : {
"Value" : {
"Fn::GetAtt": ["apache2", "PublicIp"]
}
}
}
- The whole file will be looking like below
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This is my first cf template",
"Parameters": {
"subnet1az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet2az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet3az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"keypairname": {
"Description": "keyvaluepair",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Resources": {
"myvpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.1.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet1az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.0.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet2az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.1.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet3az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.2.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"myigw": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"InternetGatewayId": {
"Ref": "myigw"
}
}
},
"myrt": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"igwroute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "myrt"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "myigw"
}
}
},
"subnet1rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet1"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"subnet2rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet2"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"mysubnet3rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet3"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"openssh": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "open ssh port for all",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "open ssh port",
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
}
],
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"apache1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": "ami-06f2f779464715dc5",
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet2"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "apache 1"
}
]
}
},
"apache2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": "ami-06f2f779464715dc5",
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet1"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "apache 2"
}
]
}
}
},
"Outputs": {
"apache1publicip" : {
"Value" : {
"Fn::GetAtt": ["apache1", "PublicIp"]
}
},
"apache2publicip" : {
"Value" : {
"Fn::GetAtt": ["apache2", "PublicIp"]
}
}
}
}
One last problem to be solved.
- Remove hard code ami id. Lets add the Mapping sections
- Lets create a region map with region id & AMI id
- To use Map inside resource use a function "Fn::FindInMap". Now look at the whole template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This is my first cf template",
"Parameters": {
"subnet1az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet2az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"subnet3az": {
"Description": "Enter subnet1 az",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"keypairname": {
"Description": "keyvaluepair",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings":{
"UbuntuImageMap":{
"us-west-2": {
"AMI": "ami-06f2f779464715dc5"
},
"us-east-1": {
"AMI": "ami-07d0cf3af28718ef8"
}
}
},
"Resources": {
"myvpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.1.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet1az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.0.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet2az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.1.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"mysubnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "subnet3az"
},
"VpcId": {
"Ref": "myvpc"
},
"CidrBlock": "10.1.2.0/24",
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"myigw": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"InternetGatewayId": {
"Ref": "myigw"
}
}
},
"myrt": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"igwroute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "myrt"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "myigw"
}
}
},
"subnet1rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet1"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"subnet2rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet2"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"mysubnet3rt": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "mysubnet3"
},
"RouteTableId": {
"Ref": "myrt"
}
}
},
"openssh": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "open ssh port for all",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "open ssh port",
"FromPort": "22",
"IpProtocol": "tcp",
"ToPort": "22"
}
],
"VpcId": {
"Ref": "myvpc"
},
"Tags": [
{
"Key": "Name",
"Value": "Corrected CF"
}
]
}
},
"apache1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": {
"Fn::FindInMap": [
"UbuntuImageMap",
{ "Ref": "AWS::Region" },
"AMI"
]
},
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet2"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "apache 1"
}
]
}
},
"apache2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": {
"Ref": "keypairname"
},
"ImageId": "ami-06f2f779464715dc5",
"InstanceType": "t2.micro",
"NetworkInterfaces":[
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": "0",
"GroupSet":[
{
"Ref": "openssh"
}
],
"SubnetId": {
"Ref": "mysubnet1"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "apache 2"
}
]
}
}
},
"Outputs": {
"apache1publicip" : {
"Value" : {
"Fn::GetAtt": ["apache1", "PublicIp"]
}
},
"apache2publicip" : {
"Value" : {
"Fn::GetAtt": ["apache2", "PublicIp"]
}
}
}
}
References
Pending Topics are
- Stack Sets
- How to call one template from another
- Executing Cloudformation template from CLI
