K's Atelier

個人的な学習記録

instance connectできる環境

AWS勉強の参考に，EC2を起動してinstance connectできるまでの環境を構築した。

CloudFormation

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  AvailabilityZone1:
    Description: AvailabilityZone1
    Type: String
    Default: ap-northeast-1a
  ImageId:
    Description: ami-id
    Type: String
    Default: ami-052c9af0c988f8bbd
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
      - Key: Name
        Value: testVPC

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: Name
        Value: testIGW

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: !Ref AvailabilityZone1
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: testSubnet1

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: testRT

  PublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnetRouteTableAssociation1:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable

  EC2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: EC2 Security Group
      VpcId: !Ref VPC
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
      Tags:
        - Key: Name
          Value: testSG

#EC2 Instance
  EC2Instance1:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref ImageId 
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref EC2SecurityGroup
      SubnetId: !Ref PublicSubnet1
      Tags:
        - Key: Name
          Value: app-server-1
      UserData: 
        Fn::Base64: !Sub |
          #!/bin/bash
          yum update -y
          yum install -y httpd
          systemctl start httpd
          systemctl enable httpd
          echo "<h1>Hello from Region !Ref AvailabilityZone1</h1>" > /var/www/html/index.html

元のテンプレートの影響で，要らないものも交じっているが，まぁ動く。

AWS CLI

# VPCを作成する

aws ec2 create-vpc \
    --cidr-block 10.10.0.0/16 \
    --tag-specifications \
'ResourceType=vpc,Tags=[{Key=Name,Value=testVPC}]'

## VPC idを変数に格納する
VPC_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testVPC" \
    --query 'Tags[0].ResourceId' --output text)

# Internet Gatewayを作成する

aws ec2 create-internet-gateway \
    --tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=testIGW}]'

IGW_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testIGW" \
    --query 'Tags[0].ResourceId' --output text)

# Internet GatewayをVPCにアタッチする

aws ec2 attach-internet-gateway \
    --internet-gateway-id $IGW_ID \
    --vpc-id $VPC_ID

# Subnetを作成する

aws ec2 create-subnet \
    --vpc-id $VPC_ID \
    --cidr-block 10.10.1.0/24 \
    --availability-zone ap-northeast-1a \
    --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=testSubnet}]'

SUBNET_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testSubnet" \
    --query 'Tags[0].ResourceId' --output text)

# Route Tableを作成する

aws ec2 create-route-table \
    --vpc-id $VPC_ID \
    --tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value=testRT}]'

RT_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testRT" \
    --query 'Tags[0].ResourceId' --output text)

# Routing情報を作成する

aws ec2 create-route \
    --route-table-id $RT_ID \
    --destination-cidr-block 0.0.0.0/0 \
    --gateway-id $IGW_ID

aws ec2 associate-route-table \
    --route-table-id $RT_ID \
    --subnet-id $SUBNET_ID

# EC2のセキュリティグループを作成する

aws ec2 create-security-group \
    --group-name testSG \
    --description "test security group" \
    --vpc-id $VPC_ID \
    --tag-specifications 'ResourceType=security-group,Tags=[{Key=Name,Value=testSG}]'

SG_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testSG" \
    --query 'Tags[0].ResourceId' --output text)

aws ec2 authorize-security-group-ingress \
    --group-id $SG_ID \
    --protocol tcp \
    --port 22 \
    --cidr 0.0.0.0/0

# EC2インスタンスを作成する

aws ec2 run-instances \
    --image-id ami-0947c48ae0aaf6781\
    --instance-type t2.micro \
    --security-group-ids $SG_ID \
    --subnet-id $SUBNET_ID \
    --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=testInstance}]'

EC2_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testInstance" \
    --query 'Tags[0].ResourceId' --output text)


aws ec2 allocate-address \
    --tag-specifications 'ResourceType=elastic-ip,Tags=[{Key=Name,Value=testEIP}]'

EIP_ID=$(aws ec2 describe-tags \
    --filter "Name=tag-value,Values=testEIP" \
    --query 'Tags[0].ResourceId' --output text)

aws ec2 associate-address \
    --instance-id $EC2_ID \
    --allocation-id $EIP_ID

AWS CLI版は，遊び終わったらElastic IPとEC2の消し忘れに注意。無駄に課金される。
勉強には試行錯誤できる分，CLIの方が良い。