輔助魔法

今日會把架構上的剩下服務講完。

NACL這邊使用預設的，就不用在YAML特別撰寫。

Route table的設定以下會用到

routeTableName:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC
      Tags:
        - Key: itdemo-rt-cf
          Value: v1
  routeName:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref routeTableName
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref igwName
  routeTableAssocName:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref subnetName
      RouteTableId: !Ref routeTableName

DestinationCidrBlock: 0.0.0.0/0，外網為最終目的地。

Internet gateway的設定以下會用到

igwName:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: itdemo-igw-cf
          Value: v1
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref myVPC 
      InternetGatewayId: !Ref igwName

整個YAML檔如下：

Resources:
  myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: itdemo-vpc-cf
          Value: v1
  subnetName:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: us-east-2a
      VpcId: !Ref myVPC
      CidrBlock: 10.0.0.0/24
      MapPublicIpOnLaunch: true
      Tags:
        - Key: itdemo-subnet-cf
          Value: v1
  igwName:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: itdemo-igw-cf
          Value: v1
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref myVPC 
      InternetGatewayId: !Ref igwName
  routeTableName:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref myVPC
      Tags:
        - Key: itdemo-rt-cf
          Value: v1
  routeName:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref routeTableName
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref igwName
  routeTableAssocName:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref subnetName
      RouteTableId: !Ref routeTableName
  secGroupName:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: itdemo-sg
      GroupDescription: it 30 days demo
      VpcId: !Ref myVPC 
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      Tags:
        - Key: itdemo-sg-cf
          Value: v1
  myEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        - DeviceName: "/dev/xvda"
          Ebs:
            VolumeSize: 30
            VolumeType: gp3
      KeyName: "itdemo"
      SubnetId: !Ref subnetName
      DisableApiTermination: false
      ImageId: ami-0443305dabd4be2bc
      InstanceType: "t3.micro"
      SecurityGroupIds:
        - !Ref secGroupName
      UserData: !Base64 |
        #!/bin/bash -ex
        # put your script here
      Tags:
        - Key: itdemo-ec2-cf
          Value: v1

CloudFormation建置環境步驟：

1. Create Stack
2. 選擇你的YAML做上傳，確定點選Next
   
3. Stack name隨意取名
4. 點選Next，到Create Stack
5. 等待CloudFormation建立好資源
   
   之前建立的好的SSH key就可以測試，機器能否遠端連入，以下是成功遠端連入
   
   刪除資源，只要再回CloudFormation介面，點選delete，就可以把剛剛創建好的資源全部刪除。
   
   若對雲端不熟悉，建議從[Day6]開始看起，才會有對架構有全面的了解
   ps.至於Day6是哪一篇，可以從第一篇自己慢慢往上數，或是可以每一篇都看，或許會探索到新大陸