Cloud Fromation で ALB を作成してみる

2022年6月28日2022年7月18日

以前あげた記事で ALB の挙動を見てみました。
今回は ALB 作成も Cloud Formation に組み込んだので記事に残して置こうと思います。

参考

• CloudFormation を使って ALB と EC2(2 台)を構築する
• CloudFormation 一撃で Fargate の Blue/Green Deployment 環境を構築する

構成

構成は前と同じで下記のとおりです。

テンプレート

テンプレートは下記のとおりです。

AWSTemplateFormatVersion: "2010-09-09"
Description: "CloudFormation Template Test"
# Setting key and IP
Parameters:
  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instance
    Type: "AWS::EC2::KeyPair::KeyName"
  MyIP:
    Description: IP address allowed to access EC2
    Type: String
Resources:
  # VPC
  HogeVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: "10.0.0.0/16"
      EnableDnsSupport: "true"
      EnableDnsHostnames: "true"
      InstanceTenancy: "default"
      Tags:
        - Key: Name
          Value: "hoge-vpc"
  # InternetGateway
  HogeInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: Name
          Value: "hoge-igw"
  HogeAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref HogeVPC
      InternetGatewayId: !Ref HogeInternetGateway
  # Subnet
  HogePublicSubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: "ap-northeast-1a"
      CidrBlock: "10.0.0.0/24"
      VpcId: !Ref HogeVPC
      Tags:
        - Key: Name
          Value: "hoge-public-subnet-1"
  HogePublicSubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: "ap-northeast-1c"
      CidrBlock: "10.0.1.0/24"
      VpcId: !Ref HogeVPC
      Tags:
        - Key: Name
          Value: "hoge-public-subnet-2"
  # RouteTable
  HogePublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref HogeVPC
      Tags:
        - Key: Name
          Value: !Sub hoge-public-routetable
  HogePublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref HogePublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref HogeInternetGateway
  # Subnet to attach
  HogePublicSubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref HogePublicSubnetA
      RouteTableId: !Ref HogePublicRouteTable
  HogePublicSubnetBRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref HogePublicSubnetB
      RouteTableId: !Ref HogePublicRouteTable
  # EC2
  EC2A:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-00d101850e971728d
      KeyName: !Ref KeyName
      InstanceType: t2.micro
      NetworkInterfaces: # assign public IP
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          SubnetId: !Ref HogePublicSubnetA
          GroupSet:
            - !Ref EC2SG
      UserData: !Base64 | # coding commands what you want
        #!/bin/bash
        sudo amazon-linux-extras install -y nginx1
        sudo systemctl start nginx
      Tags:
        - Key: Name
          Value: hogeEC2A
  EC2B:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-00d101850e971728d
      KeyName: !Ref KeyName
      InstanceType: t2.micro
      NetworkInterfaces: # assign public IP
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          SubnetId: !Ref HogePublicSubnetB
          GroupSet:
            - !Ref EC2SG
      UserData: !Base64 | # coding commands what you want
        #!/bin/bash
        sudo amazon-linux-extras install -y nginx1
        sudo systemctl start nginx
      Tags:
        - Key: Name
          Value: hogeEC2B
  # SecurityGroup
  EC2SG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: hoge-sg
      GroupDescription: Allow SSH and HTTP access only MyIP
      VpcId: !Ref HogeVPC
      SecurityGroupIngress:
        # http
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: !Ref MyIP
        # ssh
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: !Ref MyIP
  ## Target groups
  TargetGroupA:
    Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
    Properties:
      VpcId: !Ref HogeVPC
      Name: "hoge-target-group-A"
      Protocol: HTTP
      Port: 80
      TargetType: instance
      Targets:
        - Id: !Ref EC2A
        - Id: !Ref EC2B
          Port: 80
  ## ALB security group
  ALBSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: hoge-alb-sg
      GroupDescription: Allow HTTP access
      VpcId: !Ref HogeVPC
      # Rule
      SecurityGroupIngress:
        # http
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: "0.0.0.0/0"
  ## ALB
  InternetALB:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Name: hoge-alb
      Scheme: "internet-facing"
      LoadBalancerAttributes:
        - Key: "deletion_protection.enabled"
          Value: false
        - Key: "idle_timeout.timeout_seconds"
          Value: 60
      SecurityGroups:
        - !Ref ALBSecurityGroup
      Subnets:
        - !Ref HogePublicSubnetA
        - !Ref HogePublicSubnetB
  ALBListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref TargetGroupA
          Type: forward
      LoadBalancerArn: !Ref InternetALB
      Port: 80
      Protocol: HTTP
Outputs:
  # Output EC2A status
  EC2APublicIP:
    Value: !GetAtt EC2A.PublicIp
    Description: Public IP of EC2A Ainstance
  # Output EC2B status
  EC2BPublicIP:
    Value: !GetAtt EC2A.PublicIp
    Description: Public IP of EC2B Ainstance