Tuesday, 21 September 2021

AWS Networking - Part IV: Create VPC Using the AWS CloudFormation

The focus of this section is to show how we can create a VPC using AWS CloudFormation service. Figure 1-12 shows our example AWS CloudFormation Templates. Its first section, AWSTemplateFormatVersion, specifies the template language format. At the time of writing, 2010-09-09 is the latest and only valid version. We can use the Description section to describe our template. Note that it must follow the AWSTemplateFormatVersion Section. AWSTemplateFormation-Version and Description are optional sections. The Resources section specifies the actual AWS resources and their properties. Each AWS resource is identified with a logical name. I have given the logical name NwktVPC for our example VPC. We can use resource-specific logical names for defining dependencies between resources. For example, when adding the AWS::EC2::Subnet resource to our template, we assign the VpcId value by calling it from the AWS::EC2::VPC resource using !REF intrinsinc function. I will explain the process in the Subnet section later. The resources and their properties are defined under logical names. The Resources section is the only required section in AWS CloudFormation-Template. AWS CloudFormation Templates are identified by using Stack Names in AWS Cloud Formation. Our example Stack Name is MyNetworkStack.


Figure 1-12: AWS CloudFormation: VPC.


Create Template


I have created a text file using the YAML format. The file defines the set of properties for our new VPC named NWKT-VPC-02. After writing the file, I saved it to my computer using the name MyVpc.yml. You can use your favorite repository for storing the template.

 

AWSTemplateFormatVersion: "2010-09-09"

Description: NWKT Second VPC In London

Resources:

 NwktVPC:

   Type: AWS::EC2::VPC

   Properties:

     CidrBlock: 192.168.0.0/16

     InstanceTenancy: default

     EnableDnsSupport: 'true'

     EnableDnsHostnames: 'true'

     Tags:

       - Key: Name

         Value: NWKT-VPC-02

Example 1-6: AWS Cloud Foration Template for VPC.

  

Uppload Template


After saving the file, I downloaded it to AWS using the Stack Name MyNetworkStack. We will receive a notification when the stack is downloaded.

 

aws cloudformation create-stack --stack-name MyNetworkStack --template-body file://C:\Toni\AWS-CF-Templates\MyVPC.yml

 

{

    "StackId": "arn:aws:cloudformation:eu-west-2:123456654321:stack/MyNetworkStack/8d42ac70-1939-11ec-81f9-06cf091d9f40"

}

Example 1-7: AWS CLI: Upload Template to AWS.


Verification Using AWS Console


We can verify that our Stack MyNetworkStack is created into AWS from the AWS Management Console. First, we select CloudFormation from the Service section.


Figure 1-13: AWS management Console – CloudFormation Service.


Next, we select the Stacks option from the CloudFormation section (figure 1-14). We can see that we have one stack, MyNetworkStack, and its status is Create_Complete. We can observe the stack by clicking the Stacks details option from the CloudFormation section.


Figure 1-14: CloudFormation Stacks.


The Stack info tab in figure 1-15 shows the AWS assigned Amazon Resource Name for the stack and the Description we used in our template.


Figure 1-15: MyNetworkStack - Stack Info.


The Resources tab lists type of resources along with their Logical and Physical Identifier.


Figure 1-16: MyNetworkStack - Resources.


The Template tab in figure 1-17 shows the actual template which we previously upload to AWS.


Figure 1-17: MyNetworkStackTemplate.


VPC Verification using AWS CLI


We can retrieve the stack-specific information from AWS by using the command aws cloudformation describe-stacks (example 1-8).


aws cloudformation describe-stacks

{

    "Stacks": [

        {

            "StackId": "arn:aws:cloudformation:eu-west-2:123456654321:stack/MyNetworkStack/8d42ac70-1939-11ec-81f9-06cf091d9f40",

            "StackName": "MyNetworkStack",

            "Description": "NWKT Second VPC In London",

            "CreationTime": "2021-09-19T11:05:51.593Z",

            "RollbackConfiguration": {},

            "StackStatus": "CREATE_COMPLETE",

            "DisableRollback": false,

            "NotificationARNs": [],

            "Tags": [],

            "DriftInformation": {

                "StackDriftStatus": "NOT_CHECKED"

            }

        }

    ]

}

Example 1-8: AWS CLI: Retrieve VPC Information.


We can verify that the VPC defined in our AWS CloudFormation template is created using the AWS CLI command aws ec2 describe-vpcs --filters Name=tag:Name,Values=NWKT-VPC-02. Note that our VPC has three AWS assigned tags in addition to the Name tag. They describe a) the Stack-Id, b) the logical name of the VPC resource, and c) the Stack Name.

 

aws ec2 describe-vpcs --filters Name=tag:Name,Values=NWKT-VPC-02

{

    "Vpcs": [

        {

            "CidrBlock": "192.168.0.0/16",

            "DhcpOptionsId": "dopt-09217361",

            "State": "available",

            "VpcId": "vpc-0687dedcfd950d0de",

            "OwnerId": "123456654321",

            "InstanceTenancy": "default",

            "CidrBlockAssociationSet": [

                {

                    "AssociationId": "vpc-cidr-assoc-05f07968b6ac29e7d",

                    "CidrBlock": "192.168.0.0/16",

                    "CidrBlockState": {

                        "State": "associated"

                    }

                }

            ],

            "IsDefault": false,

            "Tags": [

                {

                    "Key": "Name",

                    "Value": "NWKT-VPC-02"

                },

                {

                    "Key": "aws:cloudformation:stack-id",

                    "Value": "arn:aws:cloudformation:eu-west-2:123456654321:stack/MyNetworkStack/8d42ac70-1939-11ec-81f9-06cf091d9f40"

                },

                {

                    "Key": "aws:cloudformation:logical-id",

                    "Value": "NwktVPC"

                },

                {

                    "Key": "aws:cloudformation:stack-name",

                    "Value": "MyNetworkStack"

                }

            ]

        }

    ]

}

Example 1-9: AWS CLI: Retrieve VPC Information.


The next post shows how we add Subnets to VPC. 


No comments:

Post a Comment