This repository contains sample cloudformation infrastructure as code scripts
You have been tasked with creating the required Infrastructure-as-code scripts for a new cloud environment in AWS. The Lead Solutions Architect for the project sends you the following diagram.
Write a CloudFormation script that:
- Creates a VPC
- It will accept the IP Range -also known as CIDR block- from an input parameter
- Creates and attaches an Internet Gateway to the VPC
- Creates Two Subnets within the VPC with Name Tags to call them “Public” and “Private”
- These will also need input parameters for their ranges, just like the VPC.
- The Subnet called “Public” needs to have a NAT Gateway deployed in it
- This will require you to allocate an Elastic IP that you can then use to assign it to the NAT Gateway.
- The Public Subnet needs to have the MapPublicIpOnLaunch property set to true. Use this reference for help.
- The Private Subnet needs to have the MapPublicIpOnLaunch property set to false.
- Both subnets need to be /24 in size.
- If you need assistance with IP math, you can use a subnet calculator such as this one.
- You will need 2 Routing Tables, one named Public and the other one Private
- Assign the Public and Private Subnets to their corresponding Routing table
- Create a Route in the Public Route Table to send default traffic ( 0.0.0.0/0 ) to the Internet Gateway you created
- Create a Route in the Private Route Table to send default traffic ( 0.0.0.0/0 ) to the NAT Gateway
- Finally, once you execute this CloudFormation script, you should be able to delete it and create it again, over and over in a predictable and repeatable manner, this is the true verification of working Infrastructure-as-Code
https://github.com/Ngai-E/CloudFormation-Challenges/tree/main/challenge-1
aws cloudformation create-stack --stack-name challengeStack --template-body file://challenge_1.yml --parameters file://challenge_1.json --capabilities "CAPABILITY_IAM" "CAPABILITY_NAMED_IAM" --region=us-east-1
In this challenge, you have been tasked with deploying a Linux server in a private subnet, using the infrastructure that you created in a previous challenge. In the future, this machine will be a web server that sits behind a load balancer, so it never needs to be public, as long as the Load Balancer can reach it.
Use the VPC and the private subnet to create a webserver created in the Challenge 2.
In order to connect your instance to AWS Systems Manager, you will be using Amazon Linux 2 for your AMI, since it’s already installed and configured in there.
Use the infrastructure we created earlier to build and deploy the following:
- EC2 Instance: An Amazon Linux 2 EC2 server in the private subnet. Choose the right AMI ID as applicable to your region and the
t3.micro
instance-type. - SecurityGroup: A security group for the server, that allows inbound port 80 access, for future use.
- IAM Role and InstanceProfile: The IAM Role to allow EC2 Session Manager to access our server. An InstanceProfile will allow passing the IAM role to our server.
- You will provide input parameters to this script, for future expansion and flexibility.
- Bonus/Optional: Instead of hard-coding the VPC and Subnet ID, use the import-export feature to cross reference the resources created in Challenge 2.
https://github.com/Ngai-E/CloudFormation-Challenges/tree/main/challenge-3
To verify this set up do the following;
- create a jumpbox server in the prublic subnet to connect to the private subnet through ssh.
- configure aws cli in the private linux server
- create a parameter
BaseMachineImage
in your parameter store in your aws console - run the command
aws ssm get-parameters --names BaseMachineImage --region us-east-1
- you shou see it listed and not get a network error such as a timeout
Make sure stack from challenge two has been created successfully
aws cloudformation create-stack --stack-name challengeStack --template-body file://challenge-3.yml --parameters file://challenge-3.json --capabilities "CAPABILITY_IAM" "CAPABILITY_NAMED_IAM" --region=us-east-1