CloudFormationのJSONコード書きの練習 続
- ITよもやま
- 2020-2-12
やっぱクソ長い気がする😂
今回は3分割
- stack1 VPC周りを作成
- stack2 TAG付け用のIAMロール作成
- stack3 インスタンス作成
stack1
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "trial env template. trial-tagging-stack1-vpc",
"Parameters" : {
"APPParam" : {
"Type" : "String",
"Default" : "trial.alterwoeks.tokyo",
"Description" : "eg. URL."
}
},
"Resources" : {
"TrialTSvpc" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "192.168.4.0/24",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"InstanceTenancy" : "default",
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTSVPC"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
]
}
},
"TrialTSSubnetAZa63" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : "192.168.4.0/26",
"MapPublicIpOnLaunch" : "true",
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTS-Subnet0-63"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VpcId" : {"Ref" : "TrialTSvpc"}
}
},
"TrialTSRouteTable1" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTS-RouteTable1"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VpcId" : {"Ref" : "TrialTSvpc"}
}
},
"TrialTSRoute1" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "TrialTSigw" },
"RouteTableId" : { "Ref" : "TrialTSRouteTable1" }
},
"DependsOn" : "TrialTSigw"
},
"TrialTSRoute1AssocSubnetAZa" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : { "Ref" : "TrialTSRouteTable1" },
"SubnetId" : { "Ref" : "TrialTSSubnetAZa63" }
},
"DependsOn" : "TrialTSRouteTable1"
},
"TrialTSSGtoOffice" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "TrialTS-toOffice",
"GroupDescription" : "for Out Fitter",
"SecurityGroupEgress" : [
{
"CidrIp" : "0.0.0.0/0",
"Description" : "all outbounds IPv4",
"FromPort" : "0",
"IpProtocol" : "-1",
"ToPort" : "65535"
}
],
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTS-toOffice"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VpcId" : {"Ref" : "TrialTSvpc"}
}
},
"TrialTSSG1" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "TrialTS-SG1",
"GroupDescription" : "for mail-group",
"SecurityGroupEgress" : [
{
"CidrIp" : "0.0.0.0/0",
"Description" : "all outbounds IPv4",
"FromPort" : "0",
"IpProtocol" : "-1",
"ToPort" : "65535"
}
],
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTS-SG1"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VpcId" : {"Ref" : "TrialTSvpc"}
}
},
"TrialTSSGinternal" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "TrialTS-SG-internal",
"GroupDescription" : "for mail-group",
"SecurityGroupEgress" : [
{
"CidrIp" : "0.0.0.0/0",
"Description" : "all outbounds IPv4",
"FromPort" : "0",
"IpProtocol" : "-1",
"ToPort" : "65535"
}
],
"SecurityGroupIngress" : [
{
"CidrIp" : "192.168.4.0/24",
"Description" : "All inbounds",
"FromPort" : "0",
"IpProtocol" : "-1",
"ToPort" : "65535"
},
{
"CidrIp" : "192.168.4.0/24",
"Description" : "All inbounds",
"FromPort" : "0",
"IpProtocol" : "-1",
"ToPort" : "65535"
},
{
"SourceSecurityGroupId" : {"Ref" : "TrialTSSG1"},
"Description" : "All inbounds",
"FromPort" : "0",
"IpProtocol" : "-1",
"ToPort" : "65535"
}
],
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTS-SG-internal"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VpcId" : {"Ref" : "TrialTSvpc"}
}
},
"TrialTSigw" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{
"Key" : "Name",
"Value" : "TrialTS-igw"
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
]
}
},
"TrialTSigwAttach" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "TrialTSvpc" },
"InternetGatewayId" : { "Ref" : "TrialTSigw" }
}
}
},
"Outputs" : {
"EXPTrialTSvpc" : {
"Description" : "Export TrialTSvpc",
"Value" : { "Ref" : "TrialTSvpc" },
"Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-vpc" }}
},
"EXPTrialTSSGtoOffice" : {
"Description" : "Export SGtoOffice",
"Value" : { "Ref" : "TrialTSSGtoOffice" },
"Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGtoOffice" }}
},
"EXPTrialTSSG1" : {
"Description" : "Export SG1",
"Value" : { "Ref" : "TrialTSSG1" },
"Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SG1" }}
},
"EXPTrialTSSGinternal" : {
"Description" : "Export SGinternal",
"Value" : { "Ref" : "TrialTSSGinternal" },
"Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGinternal" }}
},
"EXPTrialTSSubnetA" : {
"Description" : "Export SubnetA",
"Value" : { "Ref" : "TrialTSSubnetAZa63" },
"Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SubnetA" }}
}
}
}
stack2
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "trial env template. trial-tagging-stack2-iam",
"Parameters" : {
"NameParam" : {
"Type" : "String",
"Default" : "trialTS",
"Description" : "eg. hostname."
},
"APPParam" : {
"Type" : "String",
"Default" : "trial.alterwoeks.tokyo",
"Description" : "eg. URL."
}
},
"Resources" : {
"TrialTSTagRole" : {
"Type" : "AWS::IAM::Role",
"Properties" : {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": [ "ec2.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
} ]
},
"Description" : "Tag Edit Role",
"Path" : "/",
"RoleName" : "TrialTSTagEditRole",
"Tags" : [
{
"Key" : "Name",
"Value" : { "Ref" : "NameParam" }
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
]
}
},
"TrialTSTagPolicy" : {
"Type" : "AWS::IAM::Policy",
"Properties" : {
"PolicyDocument" : {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Resource": "*"
}
]
},
"PolicyName" : "TrialTSTagEditPolicy",
"Roles" : [ "TrialTSTagEditRole" ]
},
"DependsOn" : [ "TrialTSTagRole" ]
},
"TrialTSprofile" : {
"Type" : "AWS::IAM::InstanceProfile",
"Properties" : {
"InstanceProfileName" : "TrialTSInstanceTagProfile",
"Path" : "/",
"Roles" : [ "TrialTSTagEditRole" ]
}
}
}
}
stack3
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "trial env template. trial-tagging-stack3-instance",
"Parameters" : {
"NameParam" : {
"Type" : "String",
"Default" : "trialTS",
"Description" : "as hostname."
},
"ServerNameParam" : {
"Type" : "String",
"Default" : "input-Japanease-server-name",
"Description" : "as Japanease server name"
},
"APPParam" : {
"Type" : "String",
"Default" : "trial.alterwoeks.tokyo",
"Description" : "as URL"
}
},
"Resources" : {
"TrialTSInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/sda1",
"Ebs" : { "DeleteOnTermination" : "true", "Encrypted" : "false", "VolumeSize" : "55", "VolumeType" : "gp2" }
}
],
"EbsOptimized" : "true",
"IamInstanceProfile" : "TrialTSInstanceTagProfile",
"ImageId" : "ami-014192b9d69d36b87",
"InstanceInitiatedShutdownBehavior" : "stop",
"InstanceType" : "t3a.small",
"Monitoring" : "false",
"NetworkInterfaces" : [
{
"AssociatePublicIpAddress" : "true",
"DeleteOnTermination" : "true",
"Description" : "TrialTSENI",
"DeviceIndex" : "0",
"GroupSet" : [
{
"Fn::ImportValue" : { "Fn::Sub" : "trial-tagging-stack1-vpc-SGtoOffice" }
},
{
"Fn::ImportValue" : { "Fn::Sub" : "trial-tagging-stack1-vpc-SG1" }
},
{
"Fn::ImportValue" : { "Fn::Sub" : "trial-tagging-stack1-vpc-SGinternal" }
}
],
"PrivateIpAddress" : "192.168.4.11",
"SubnetId" : { "Fn::ImportValue" : { "Fn::Sub" : "trial-tagging-stack1-vpc-SubnetA" } }
}
],
"Tags" : [
{
"Key" : "Name",
"Value" : { "Ref" : "NameParam" }
},
{
"Key" : "ServerName",
"Value" : { "Ref" : "ServerNameParam" }
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"<powershell>\n",
"tzutil /s 'Tokyo Standard Time'\n",
"net user Administrator HINATAzaka46\n",
"Rename-Computer -NewName '",{ "Ref" : "NameParam" },"' -Force\n",
"Set-Disk -Number 1 -IsOffline:$false\n",
"Initialize-Disk -Number 1 -PartitionStyle GPT\n",
"New-Partition -DiskNumber 1 -UseMaximumSize -DriveLetter D\n",
"Format-Volume -DriveLetter D -FileSystem NTFS -Confirm:$false\n",
"Set-Disk -Number 2 -IsOffline:$false\n",
"Initialize-Disk -Number 2 -PartitionStyle GPT\n",
"New-Partition -DiskNumber 2 -UseMaximumSize -DriveLetter E\n",
"Format-Volume -DriveLetter E -FileSystem NTFS -Confirm:$false\n",
"Set-Disk -Number 3 -IsOffline:$false\n",
"Initialize-Disk -Number 3 -PartitionStyle GPT\n",
"New-Partition -DiskNumber 3 -UseMaximumSize -DriveLetter F\n",
"Format-Volume -DriveLetter F -FileSystem NTFS -Confirm:$false\n",
"$AWS_AVAIL_ZONE=(curl http://169.254.169.254/latest/meta-data/placement/availability-zone).Content\n",
"$AWS_REGION=$AWS_AVAIL_ZONE.Substring(0,$AWS_AVAIL_ZONE.length-1)\n",
"$AWS_INSTANCE_ID=(curl http://169.254.169.254/latest/meta-data/instance-id).Content\n",
"Get-EC2Instance\n",
"$iitag = New-Object Amazon.EC2.Model.Tag\n",
"$iitag.key = \"IDINFO\"\n",
"$iitag.value = \"$AWS_INSTANCE_ID\"\n",
"New-EC2Tag -Resource $AWS_INSTANCE_ID -Region $AWS_REGION -Tag $iitag\n",
"$ROOT_VOLUME_IDS=((Get-EC2Instance -Region $AWS_REGION -InstanceId $AWS_INSTANCE_ID).Instances.BlockDeviceMappings | where-object DeviceName -match '/dev/sda1').Ebs.VolumeId\n",
"$cnametag = New-Object Amazon.EC2.Model.Tag\n",
"$cnametag.key = \"Name\"\n",
"$cnametag.value = \"",{ "Ref" : "NameParam" },"\"\n",
"New-EC2Tag -Resource $ROOT_VOLUME_IDS -Region $AWS_REGION -Tag $cnametag\n",
"$cctag = New-Object Amazon.EC2.Model.Tag\n",
"$cctag.key = \"APP\"\n",
"$cctag.value = \"",{ "Ref" : "APPParam" },"\"\n",
"New-EC2Tag -Resource $ROOT_VOLUME_IDS -Region $AWS_REGION -Tag $cctag\n",
"$ctag = New-Object Amazon.EC2.Model.Tag\n",
"$ctag.key = \"DEVICE\"\n",
"$ctag.value = \"C:\\\"\n",
"New-EC2Tag -Resource $ROOT_VOLUME_IDS -Region $AWS_REGION -Tag $ctag\n",
"$citag = New-Object Amazon.EC2.Model.Tag\n",
"$citag.key = \"IDINFO\"\n",
"$citag.value = \"$ROOT_VOLUME_IDS\"\n",
"New-EC2Tag -Resource $ROOT_VOLUME_IDS -Region $AWS_REGION -Tag $citag\n",
"$XVDD_VOLUME_IDS=((Get-EC2Instance -Region $AWS_REGION -InstanceId $AWS_INSTANCE_ID).Instances.BlockDeviceMappings | where-object DeviceName -match 'xvdd').Ebs.VolumeId\n",
"$dtag = New-Object Amazon.EC2.Model.Tag\n",
"$dtag.key = \"DEVICE\"\n",
"$dtag.value = \"D:\\\"\n",
"New-EC2Tag -Resource $XVDD_VOLUME_IDS -Region $AWS_REGION -Tag $dtag\n",
"$ditag = New-Object Amazon.EC2.Model.Tag\n",
"$ditag.key = \"IDINFO\"\n",
"$ditag.value = \"$XVDD_VOLUME_IDS\"\n",
"New-EC2Tag -Resource $XVDD_VOLUME_IDS -Region $AWS_REGION -Tag $ditag\n",
"$XVDE_VOLUME_IDS=((Get-EC2Instance -Region $AWS_REGION -InstanceId $AWS_INSTANCE_ID).Instances.BlockDeviceMappings | where-object DeviceName -match 'xvde').Ebs.VolumeId\n",
"$etag = New-Object Amazon.EC2.Model.Tag\n",
"$etag.key = \"DEVICE\"\n",
"$etag.value = \"E:\\\"\n",
"New-EC2Tag -Resource $XVDE_VOLUME_IDS -Region $AWS_REGION -Tag $etag\n",
"$eitag = New-Object Amazon.EC2.Model.Tag\n",
"$eitag.key = \"IDINFO\"\n",
"$eitag.value = \"$XVDE_VOLUME_IDS\"\n",
"New-EC2Tag -Resource $XVDE_VOLUME_IDS -Region $AWS_REGION -Tag $eitag\n",
"$XVDF_VOLUME_IDS=((Get-EC2Instance -Region $AWS_REGION -InstanceId $AWS_INSTANCE_ID).Instances.BlockDeviceMappings | where-object DeviceName -match 'xvdf').Ebs.VolumeId\n",
"$ftag = New-Object Amazon.EC2.Model.Tag\n",
"$ftag.key = \"DEVICE\"\n",
"$ftag.value = \"F:\\\"\n",
"New-EC2Tag -Resource $XVDF_VOLUME_IDS -Region $AWS_REGION -Tag $ftag\n",
"$fitag = New-Object Amazon.EC2.Model.Tag\n",
"$fitag.key = \"IDINFO\"\n",
"$fitag.value = \"$XVDF_VOLUME_IDS\"\n",
"New-EC2Tag -Resource $XVDF_VOLUME_IDS -Region $AWS_REGION -Tag $fitag\n",
"</powershell>\n"
]]}}
}
},
"TrialTSstrageVol1" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"Encrypted" : "false",
"Size" : "1",
"Tags" : [
{
"Key" : "Name",
"Value" : { "Ref" : "NameParam" }
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VolumeType" : "gp2"
}
},
"TrialTSstrageVol1Attach" : {
"Type" : "AWS::EC2::VolumeAttachment",
"Properties" : {
"Device" : "xvdd",
"InstanceId" : { "Ref" : "TrialTSInstance" },
"VolumeId" : { "Ref" : "TrialTSstrageVol1" }
},
"DependsOn" : [ "TrialTSInstance" ]
},
"TrialTSstrageVol2" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"Encrypted" : "false",
"Size" : "2",
"Tags" : [
{
"Key" : "Name",
"Value" : { "Ref" : "NameParam" }
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VolumeType" : "gp2"
}
},
"TrialTSstrageVol2Attach" : {
"Type" : "AWS::EC2::VolumeAttachment",
"Properties" : {
"Device" : "xvde",
"InstanceId" : { "Ref" : "TrialTSInstance" },
"VolumeId" : { "Ref" : "TrialTSstrageVol2" }
},
"DependsOn" : [ "TrialTSstrageVol1Attach" ]
},
"TrialTSstrageVol3" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"Encrypted" : "false",
"Size" : "3",
"Tags" : [
{
"Key" : "Name",
"Value" : { "Ref" : "NameParam" }
},
{
"Key" : "APP",
"Value" : { "Ref" : "APPParam" }
}
],
"VolumeType" : "gp2"
}
},
"TrialTSstrageVol3Attach" : {
"Type" : "AWS::EC2::VolumeAttachment",
"Properties" : {
"Device" : "xvdf",
"InstanceId" : { "Ref" : "TrialTSInstance" },
"VolumeId" : { "Ref" : "TrialTSstrageVol3" }
},
"DependsOn" : [ "TrialTSstrageVol2Attach" ]
}
}
}
今日はここまで