iTranslated by AI
The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article
📖
Instantly Create a Multi-AZ Network with CloudFormation
Hello, I'm Tomada.
I wanted to experiment with various things in a multi-AZ configuration for validation purposes, so I'm sharing a CloudFormation template that allows you to create and destroy just the network (VPC) environment.
Architecture Created
Considering that EC2 instances might be placed later, I have also included an Internet Gateway and a NAT Gateway.
- VPC x 1
- Availability Zone 1 (ap-northeast-1a)
- Public Subnet
- NAT Gateway
- Private Subnet
- Availability Zone 2 (ap-northeast-1c)
- Public Subnet
- Private Subnet
- Internet Gateway
Full Template
AWSTemplateFormatVersion: 2010-09-09
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: Stack Configuration
Parameters:
- EnvironmentName
- ProjectName
-
Label:
default: VPC Configuration
Parameters:
- Region
- VpcCIDR
- AZ1PublicSubnetCIDR
- AZ1PrivateSubnetCIDR
- AZ2PublicSubnetCIDR
- AZ2PrivateSubnetCIDR
Parameters:
EnvironmentName:
Description: Name which you can specify the environment by this name
Type: String
Default: dev
AllowedValues:
- dev
- stg
- prd
ProjectName:
Type: String
Default: Practice
Description: Project Name
VpcCIDR:
Type: String
Default: 10.100.0.0/16
AZ1PublicSubnetCIDR:
Type: String
Default: 10.100.1.0/24
AZ1PrivateSubnetCIDR:
Type: String
Default: 10.100.2.0/24
AZ2PublicSubnetCIDR:
Type: String
Default: 10.100.3.0/24
AZ2PrivateSubnetCIDR:
Type: String
Default: 10.100.4.0/24
Region:
Type: String
Default: ap-northeast-1
Description: Please choose the region.
Resources:
# --------------------------------------
# VPC and common resources between AZs
# --------------------------------------
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-InternetGateway
AttachInternetGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId : !Ref InternetGateway
VpcId: !Ref VPC
# --------------------------------------
# AZ1 (ap-northeast-1a) resources
# --------------------------------------
# Public Subnet
AZ1PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: !Ref AZ1PublicSubnetCIDR
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ1-PublicSubnet
# Private Subnet
AZ1PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: !Ref AZ1PrivateSubnetCIDR
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ1-PrivateSubnet
# Route Table (Public Subnet)
AZ1RouteTableForPublicSubnet:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ1-RouteTableForPublicSubnet
# Route for Internet (Internet Gateway) in Public Subnet
AZ1RouteForPublicSubnet:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref AZ1RouteTableForPublicSubnet
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Route Association
AssocciateAZ1RouteTableForPublicSubnet:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref AZ1RouteTableForPublicSubnet
SubnetId: !Ref AZ1PublicSubnet
# NAT EIP
AZ1NatGatewayEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
# NAT Gateway
NatGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- AZ1NatGatewayEIP
- AllocationId
SubnetId: !Ref AZ1PublicSubnet
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-NatGateway
DependsOn: InternetGateway
# Route Table (Private Subnet)
AZ1RouteTableForPrivateSubnet:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ1-RouteTableForPrivateSubnet
# Route for Internet (NAT Gateway) in Private Subnet
AZ1RouteForPrivateSubnet:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref AZ1RouteTableForPrivateSubnet
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway
# Route Association
AssocciateAZ1RouteTableForPrivateSubnet:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref AZ1RouteTableForPrivateSubnet
SubnetId: !Ref AZ1PrivateSubnet
# --------------------------------------
# AZ2 (ap-northeast-1c) resources
# --------------------------------------
# Public Subnet
AZ2PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: !Ref AZ2PublicSubnetCIDR
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
AvailabilityZone: !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ2-PublicSubnet
# Private Subnet
AZ2PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: !Ref AZ2PrivateSubnetCIDR
MapPublicIpOnLaunch: false
VpcId: !Ref VPC
AvailabilityZone: !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ2-PrivateSubnet
# Route Table (Public Subnet)
AZ2RouteTableForPublicSubnet:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ2-RouteTableForPublicSubnet
# Route for Internet (Internet Gateway) in Public Subnet
AZ2RouteForPublicSubnet:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref AZ2RouteTableForPublicSubnet
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Route Association
AssocciateAZ2RouteTableForPublicSubnet:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref AZ2RouteTableForPublicSubnet
SubnetId: !Ref AZ2PublicSubnet
# Route Table (Private Subnet)
AZ2RouteTableForPrivateSubnet:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${ProjectName}-${EnvironmentName}-${Region}-AZ2-RouteTableForPrivateSubnet
# Route for Internet (NAT Gateway) in Private Subnet
AZ2RouteForPrivateSubnet:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref AZ2RouteTableForPrivateSubnet
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway
# Route Association
AssocciateAZ2RouteTableForPrivateSubnet:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref AZ2RouteTableForPrivateSubnet
SubnetId: !Ref AZ2PrivateSubnet
Parameters
You will be asked to specify the environment name, project name, and CIDR for each subnet.
By the way, the template is designed to automatically select two available AZs within the specified region, in the order they appear.
(In the case of the Tokyo region, this would be in the order of 1a and 1c.)
...
# --------------------------------------
# AZ1 ((ap-noatheast-1c) resources
# --------------------------------------
# PublicSubnet
AZ1PublicSubnet:
...
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
...
As long as the region has at least two AZs, this should be applicable to regions other than Tokyo (ap-northeast-1).
Discussion