ぼちぼちですがリソースを追加してきまして、すべてのサブネットを作成するよう追加しました。
サブネットを6つ、アベイラビリティ・ゾーン1a/1cに作成するように
サブネットを妄想の通りにアベイラビリティ・ゾーン1aにつくるように追加します。
ネットワークの構造はとても安易な構造です。
直接外部アクセスする、パブリック・ゾーンにはNAT,LOGIN,ELBのゾーンを作成。
NATやLOGINインスタンスを配置する部分は、1インスタンスだけしか配備しませんから/28(11インスタンス)、もっと小さくてもいいのでしょうが細かすぎると面倒だから/28=16にしてます。
WEBサーバを配置するゾーンは/25で2分割させています。
オートスケールするにしても100台もつかいませんが・・・
プライベート・ゾーンは/24として、広くしています。
定義を記述しているだけなのですけど、行数が多い。。。
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template Simple VPC.",
"Parameters" : {
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "t2.micro",
"AllowedValues" : [ "t2.micro", "t2.small", "t2.medium"],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"NetworkStructure" : {
"Type" : "String",
"Default" : "TEST1",
"AllowedValues" : [ "TEST1", "TEST2" ],
"ConstraintDescription" : ""
}
},
"Mappings" : {
"VPCConfig" : {
"VPCCidr" : { "TEST1" : "10.181.0.0/16", "TEST2" : "10.81.0.0/16" }
},
"SubnetConfig" : {
"ELB1a" : { "TEST1" : "10.181.254.0/28" , "TEST2" : "10.81.254.0/28" },
"NAT1a" : { "TEST1" : "10.181.254.32/28", "TEST2" : "10.81.254.32/28" },
"LOGIN1a" : { "TEST1" : "10.181.254.64/28", "TEST2" : "10.81.254.64/28" },
"WEB1a" : { "TEST1" : "10.181.80.0/25" , "TEST2" : "10.81.80.0/25" },
"Priv11a" : { "TEST1" : "10.181.100.0/24" , "TEST2" : "10.81.100.0/24" },
"Priv21a" : { "TEST1" : "10.181.120.0/24" , "TEST2" : "10.81.120.0/24" },
"ELB1c" : { "TEST1" : "10.181.254.16/28", "TEST2" : "10.81.254.0/28" },
"NAT1c" : { "TEST1" : "10.181.254.48/28", "TEST2" : "10.81.254.32/28" },
"LOGIN1c" : { "TEST1" : "10.181.254.80/28", "TEST2" : "10.81.254.64/28" },
"WEB1c" : { "TEST1" : "10.181.80.128/25", "TEST2" : "10.81.80.0/25" },
"Priv11c" : { "TEST1" : "10.181.110.0/24" , "TEST2" : "10.81.100.0/24" },
"Priv21c" : { "TEST1" : "10.181.130.0/24" , "TEST2" : "10.81.120.0/24" }
},
"AZConfig" : {
"AZ" : { "ELB1a" : "ap-northeast-1a",
"NAT1a" : "ap-northeast-1a",
"LOGIN1a" : "ap-northeast-1a",
"WEB1a" : "ap-northeast-1a",
"Priv11a" : "ap-northeast-1a",
"Priv21a" : "ap-northeast-1a",
"ELB1c" : "ap-northeast-1c",
"NAT1c" : "ap-northeast-1c",
"LOGIN1c" : "ap-northeast-1c",
"WEB1c" : "ap-northeast-1c",
"Priv11c" : "ap-northeast-1c",
"Priv21c" : "ap-northeast-1c"
}
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : { "Fn::FindInMap" : [ "VPCConfig", "VPCCidr", { "Ref" : "NetworkStructure" } ] },
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "VPC" }
]
}
},
"SubnetELB1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "ELB1a"]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "ELB1a", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "ELB1a"}
]
}
},
"SubnetNAT1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "NAT1a" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "NAT1a", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "NAT1a" }
]
}
},
"SubnetLOGIN1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "LOGIN1a" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "LOGIN1a", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "LOGIN1a" }
]
}
},
"SubnetWEB1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "WEB1a" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "WEB1a", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "WEB1a" }
]
}
},
"SubnetPriv11a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "Priv11a" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Priv11a", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "Private1 1a"}
]
}
},
"SubnetPriv21a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "Priv21a" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Priv21a", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "Private2 1a" }
]
}
},
"SubnetELB1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "ELB1c" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "ELB1c", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "ELB1c" }
]
}
},
"SubnetNAT1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "NAT1c" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "NAT1c", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "NAT1c" }
]
}
},
"SubnetLOGIN1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "LOGIN1c" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "LOGIN1c", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "LOGIN1c" }
]
}
},
"SubnetWEB1c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "WEB1c" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "WEB1c", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "WEB1c" }
]
}
},
"SubnetPriv11c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "Priv11c" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Priv11c", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "Private1 1c" }
]
}
},
"SubnetPriv21c" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone" : { "Fn::FindInMap" : [ "AZConfig", "AZ", "Priv21c" ]},
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Priv21c", { "Ref" : "NetworkStructure" } ] },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "Private2 1c" }
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "InternetGateway" }
]
}
},
"GatewayToInternet" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"InternetGatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "Public Network" }
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicSubnetRouteTableAssociation1" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetELB1a"},
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation2" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetNAT1a"},
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation3" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetLOGIN1a"},
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation4" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetELB1c"},
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation5" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetNAT1c"},
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnetRouteTableAssociation6" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetLOGIN1c"},
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PrivateRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } },
{ "Key" : "Network", "Value" : "Private" },
{ "Key" : "Name", "Value" : "Private Network" }
]
}
},
"PrivateRoute" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "PrivateRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"PrivateSubnetRouteTableAssociation1" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetWEB1a"},
"RouteTableId" : { "Ref" : "PrivateRouteTable" }
}
},
"PrivateSubnetRouteTableAssociation2" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetPriv11a"},
"RouteTableId" : { "Ref" : "PrivateRouteTable" }
}
},
"PrivateSubnetRouteTableAssociation3" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetPriv21a"},
"RouteTableId" : { "Ref" : "PrivateRouteTable" }
}
},
"PrivateSubnetRouteTableAssociation4" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetWEB1c"},
"RouteTableId" : { "Ref" : "PrivateRouteTable" }
}
},
"PrivateSubnetRouteTableAssociation5" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetPriv11c"},
"RouteTableId" : { "Ref" : "PrivateRouteTable" }
}
},
"PrivateSubnetRouteTableAssociation6" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref":"SubnetPriv21c"},
"RouteTableId" : { "Ref" : "PrivateRouteTable" }
}
}
},
"Outputs" : {
"VPC" : {
"Description" : "VPC CIDR",
"Value" : { "Fn::FindInMap" : [ "VPCConfig", "VPCCidr", { "Ref" : "NetworkStructure" } ] }
},
"Public" : {
"Description" : "Public Subnet CIDR",
"Value" : { "Fn::FindInMap" : [ "SubnetConfig", "ELB1a", { "Ref" : "NetworkStructure" } ] }
},
"Private" : {
"Description" : "Private Subnet CIDR",
"Value" : { "Fn::FindInMap" : [ "SubnetConfig", "WEB1a", { "Ref" : "NetworkStructure" } ] }
}
}
}
AWS::EC2::SubnetRouteTableAssociationは1対1で記述する必要があるんです
ルートテーブルにサブネットを割り付けしようとする際に、AWS::EC2::SubnetRouteTableAssociationのSubnetIDにリストでサブネットを一覧にしたらエラーになっちゃいまして・・・英語のドキュメントをみたら「Associates a subnet with a route table.」ということでした。 日本語だと、1対1か1対多かは文面からわからないんですよねぇ。
{
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : String,
"SubnetId" : String,
}
}
'String'だから分かれって・・・・
タグ入れしないと見た目にわかりにくい
出来上がったVPCのみていくと、Nameのないリソースがちらほら出てきています。 CloudFormationファイルで個々のリソースにタグを追加して"Name"を記載しておかないと何が何やらわからなくなってきますね。
タグ入れしてできたサブネットですとマネジメント・コンソールで見てもわかりやすくなりました。
そろそろ、NetworkACLを追加しないといけませんね。