CloudFormationはとっても便利なのですが、VPCからインスタンスまで一つのテンプレート内に書くと、構成がしっかり決まっている場合は問題ないのですが、後から構成を変える場合にはいったん全部消えてしまうことがあり融通がきかない面があります。
そういった場合のためにテンンプレートを部品ごとに分割して、あとから構成を変更、インスタンスの追加などを行えるようなテンプレートを書きました。
#########################################################
# ここで分割
#########################################################
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Prefix:
Type: String
Description: "A prefix that does not conflict with other instances when multiple instances are launched"
VPCCidr:
Type: String
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
MinLength: 9
MaxLength: 18
Default: 10.0.0.0/16
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
Resources:
MainVpc:
Properties:
CidrBlock: !Ref VPCCidr
Tags:
- Key: 'Name'
MainInetGateway:
Properties:
Tags:
- Key: 'Name'
MainVpcGatewayAttachment:
Properties:
InternetGatewayId: !Ref MainInetGateway
VpcId: !Ref MainVpc
Outputs:
VPCCidr:
Export:
Name: 'VPCCidr'
MainVpc:
Export:
MainInetGateway:
Export:
Name: 'main-igw-id'
#########################################################
# 分割
#########################################################
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Prefix:
Type: String
Description: "A prefix that does not conflict with other instances when multiple instances are launched"
SubnetCidr:
Type: String
Description: SubnetCidr
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
MinLength: 9
MaxLength: 18
Default: 10.0.1.0/24
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
Resources:
PublicSubnet:
Properties:
CidrBlock: !Ref SubnetCidr
MapPublicIpOnLaunch: true
Tags:
- Key: 'Name'
PublicRouteTable:
Properties:
Tags:
- Key: 'Name'
PublicDefaultRoute:
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: {'Fn::ImportValue': 'main-igw-id'}
PublicSubnetRouteTableAssociation:
Properties:
SubnetId: !Ref PublicSubnet
RouteTableId: !Ref PublicRouteTable
Outputs:
SubnetCidr:
Export:
Name: 'SubnetCidr'
PublicSubnet:
Export:
Name: !Sub 'public-subnet-id'
#########################################################
# 分割
#########################################################
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Prefix:
Type: String
Description: "A prefix that does not conflict with other instances when multiple instances are launched"
Resources:
PublicSecurityGroupWin:
Properties:
GroupName: public-sg-Win
SecurityGroupIngress:
FromPort: '3389'
ToPort: '3389'
CidrIp: 0.0.0.0/0
Tags:
- Key: 'Name'
PublicSecurityGroupLinux:
Properties:
SecurityGroupIngress:
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Outputs:
PublicSecurityGroupWin:
Export:
Name: !Sub 'PublicSecurityGroupWin-id'
PublicSecurityGroupLinux:
Export:
Name: !Sub 'PublicSecurityGroupLinux-id'
#########################################################
# 分割
#########################################################
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Ec2KeyName:
WindowsLatestAmi:
AllowedValues: ["/aws/service/ami-windows-latest/Windows_Server-2016-Japanese-Full-Base", "/aws/service/ami-windows-latest/Windows_Server-2019-Japanese-Full-Base"]
InstanceType:
Type: String
AllowedValues: ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge"]
Default: "t2.micro"
Description: 'Select InstanceType'
Prefix:
Type: String
Description: "A prefix that does not conflict with other instances when multiple instances are launched"
PrivateIpAddress:
Type: String
Description: PrivateIpAddress x.x.x.x
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x
MinLength: 9
MaxLength: 18
Default: 10.0.1.10
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})
Hostname:
Type: String
Description: "Input Hostname"
Resources:
EC2Win:
Properties:
ImageId: !Ref WindowsLatestAmi
InstanceType: !Ref InstanceType
KeyName: !Ref Ec2KeyName
SubnetId: !ImportValue public-subnet-id
PrivateIpAddress: !Ref PrivateIpAddress
SecurityGroupIds: [ !ImportValue PublicSecurityGroupWin-id ]
UserData:
# disabled IEenhanced security
$AdminPath = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserPath = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
$AdminPath, $UserPath | % { Set-ItemProperty -Path $_ -Name "IsInstalled" -Value 0 }
Stop-Process -Name Explorer
# set JST TimeZone
tzutil /s "Tokyo Standard Time"
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\TimeZoneInformation" -Name "RealTimeIsUniversal" -Value 1
# disabled firewall
Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled false
# show fileext and hidden file
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Value 0
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Value 1
# set high performance
powercfg.exe -SETACTIVE 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
# Set Hostname
!Ref Rename-Computer -NewName ${Hostname} -Force
</powershell>
Tags:
- Key: 'Name'
#########################################################
# 分割
#########################################################
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Prefix:
Type: String
Description: "A prefix that does not conflict with other instances when multiple instances are launched"
Parameters:
Ec2KeyName:
Description: 'Select KeyPair'
LinuxLatestAmi:
InstanceType:
Type: String
AllowedValues: ["t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large", "t2.xlarge", "t2.2xlarge"]
Default: "t2.micro"
Description: 'Select InstanceType'
Prefix:
Type: String
Description: "A prefix that does not conflict with other instances when multiple instances are launched"
PrivateIpAddress:
Type: String
Description: PrivateIpAddress x.x.x.x
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x
MinLength: 9
MaxLength: 18
Default: 10.0.1.30
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})
Resources:
EC2Linux:
Properties:
ImageId: !Ref LinuxLatestAmi
InstanceType: !Ref InstanceType
KeyName: !Ref Ec2KeyName
SubnetId: !ImportValue public-subnet-id
PrivateIpAddress: !Ref PrivateIpAddress
SecurityGroupIds: [ !ImportValue PublicSecurityGroupLinux-id ]
#!/bin/bash -ex
sudo su -
yum -y update
systemctl start httpd
systemctl status httpd
systemctl enable httpd
Tags:
- Key: 'Name'