• このエントリーをはてなブックマークに追加

マルチAZ冗長構成でDMZ、Trust、Operationの複数サブネット、ルーティングテーブル、セキュリティグループが存在するVPCを作成・構築するCloudFormationテンプレート 〜Multi AZ VPC CloudFormation Template〜

  • このエントリーをはてなブックマークに追加

AWSでEC2、VPCを用いて似たようなネットワーク構成を複数構築する場合、CloudFormationでVPCの構成をテンプレート化しておくとCloudFormationでテンプレートを読み込ませて実行するだけで同様のものが作成できるため大変便利です。

今回はCloudFormationテンプレートでマルチAZ冗長構成でDMZ、Trust、Operationの複数サブネット、ルーティングテーブル、セキュリティグループが存在するVPCを作成・構築するCloudFormationテンプレートを備忘録として記載しておこうと思います。

※ここでいうOperationサブネットは各EC2インスタンスにアクセスする踏み台やAWSのCLIやAPIを実行してAWSリソースを操作したり、アプリケーションをデプロイしたりするEC2インスタンスを配置するサブネットを想定しています。

スポンサーリンク

マルチAZ冗長構成でDMZ、Trust、Operationの複数サブネット、ルーティングテーブル、セキュリティグループが存在するVPCを作成・構築するCloudFormationテンプレート

CloudFormationテンプレートの構成

構成内容

  • VPC:1つ作成
  • Availability Zone:2つ作成
  • Subnet:2つのAZそれぞれに3つのサブネット(DMZ subnet、Trust subnet、Operation subnet)を作成
  • Route Table:DMZ、Trust、Operationの3つをデフォルトの内容で作成(Route Table DMZはInternet Gatewayと関連付け)
  • Security Group:DMZ、Trust、Operationの3つをデフォルトの内容で作成
  • Internet Gateway:1つ作成
  • Network ACL:デフォルトと同じ内容のものを作成
  • DHCP Options:デフォルトと同じ内容のものを作成

構成図

Multi AZ VPC CloudFormation Template

Multi AZ VPC CloudFormation Template

テンプレートJSONのMappings=>SubnetConfigの値を変更することでVPC、各SubnetのCIDR、各Availability Zoneの値を変更できます。

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Mappings" : {
    "SubnetConfig" : {
      "VPC"     : { "CIDR" : "10.0.0.0/16" },
      "DMZ1"  : { "CIDR" : "10.0.10.0/24" },
      "DMZ2"  : { "CIDR" : "10.0.11.0/24" },
      "TRST1"  : { "CIDR" : "10.0.20.0/24" },
      "TRST2"  : { "CIDR" : "10.0.21.0/24" },
      "OPT1"  : { "CIDR" : "10.0.30.0/24" },
      "OPT2"  : { "CIDR" : "10.0.31.0/24" },
      "AZ1"  : { "AZ" : "ap-northeast-1a" },
      "AZ2"  : { "AZ" : "ap-northeast-1c" }
    }
  },
  "Resources": {
    "VPC4YOU": {
      "Type": "AWS::EC2::VPC",
      "Properties": { 
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]},
        "InstanceTenancy": "default",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "false",
        "Tags": [
          {
            "Key": "Name",
            "Value": "VPC"
          }
        ]
      }
    },
    "SUB4TRST1": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "TRST1", "CIDR" ]},
        "AvailabilityZone" : { "Fn::FindInMap" : [ "SubnetConfig", "AZ1", "AZ" ]},
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "TRST1"
          }
        ]
      }
    },
    "SUB4TRST2": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "TRST2", "CIDR" ]},
        "AvailabilityZone" : { "Fn::FindInMap" : [ "SubnetConfig", "AZ2", "AZ" ]},
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "TRST2"
          }
        ]
      }
    },
    "SUB4OPT2": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "OPT2", "CIDR" ]},
        "AvailabilityZone" : { "Fn::FindInMap" : [ "SubnetConfig", "AZ2", "AZ" ]},
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "OPT2"
          }
        ]
      }
    },
    "SUB4OPT1": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "OPT1", "CIDR" ]},
        "AvailabilityZone" : { "Fn::FindInMap" : [ "SubnetConfig", "AZ1", "AZ" ]},
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "OPT1"
          }
        ]
      }
    },
    "SUB4DMZ1": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "DMZ1", "CIDR" ]},
        "AvailabilityZone" : { "Fn::FindInMap" : [ "SubnetConfig", "AZ1", "AZ" ]},
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "DMZ1"
          }
        ]
      }
    },
    "SUB4DMZ2": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "DMZ2", "CIDR" ]},
        "AvailabilityZone" : { "Fn::FindInMap" : [ "SubnetConfig", "AZ2", "AZ" ]},
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "DMZ2"
          }
        ]
      }
    },
    "IGW4YOU": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {
        "Tags": [
          {
            "Key": "Name",
            "Value": "IGW"
          }
        ]
      }
    },
    "DHCP4YOU": {
      "Type": "AWS::EC2::DHCPOptions",
      "Properties": {
        "Tags": [
          {
            "Key": "Name",
            "Value": "DHCP"
          }
        ],
        "DomainName": "us-west-1.compute.internal",
        "DomainNameServers": [
          "AmazonProvidedDNS"
        ]
      }
    },
    "NACL4YOU": {
      "Type": "AWS::EC2::NetworkAcl",
      "Properties": {
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "ACL"
          }
        ]
      }
    },
    "RT4DMZ": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "RT4DMZ"
          }
        ]
      }
    },
    "RT4TRST": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "RT4TRST"
          }
        ]
      }
    },
    "RT4OPT": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "RT4OPT"
          }
        ]
      }
    },
    "SG4OPT": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG4OPT",
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "SG4OPT"
          }
        ]
      }
    },
    "SG4DMZ": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG4DMZ",
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "SG4DMZ"
          }
        ]
      }
    },
    "SG4TRST": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG4TRST",
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "SG4TRST"
          }
        ]
      }
    },
    "acl3": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Egress": "true",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "100",
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        }
      }
    },
    "acl4": {
      "Type": "AWS::EC2::NetworkAclEntry",
      "Properties": {
        "CidrBlock": "0.0.0.0/0",
        "Protocol": "-1",
        "RuleAction": "allow",
        "RuleNumber": "100",
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        }
      }
    },
    "subnetacl7": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        },
        "SubnetId": {
          "Ref": "SUB4TRST2"
        }
      }
    },
    "subnetacl8": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        },
        "SubnetId": {
          "Ref": "SUB4DMZ2"
        }
      }
    },
    "subnetacl9": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        },
        "SubnetId": {
          "Ref": "SUB4TRST1"
        }
      }
    },
    "subnetacl10": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        },
        "SubnetId": {
          "Ref": "SUB4OPT2"
        }
      }
    },
    "subnetacl11": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        },
        "SubnetId": {
          "Ref": "SUB4OPT1"
        }
      }
    },
    "subnetacl12": {
      "Type": "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties": {
        "NetworkAclId": {
          "Ref": "NACL4YOU"
        },
        "SubnetId": {
          "Ref": "SUB4DMZ1"
        }
      }
    },
    "gw2": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "InternetGatewayId": {
          "Ref": "IGW4YOU"
        }
      }
    },
    "subnetroute8": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "RT4DMZ"
        },
        "SubnetId": {
          "Ref": "SUB4DMZ2"
        }
      }
    },
    "subnetroute9": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "RT4DMZ"
        },
        "SubnetId": {
          "Ref": "SUB4DMZ1"
        }
      }
    },
    "subnetroute10": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "RT4TRST"
        },
        "SubnetId": {
          "Ref": "SUB4TRST1"
        }
      }
    },
    "subnetroute11": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "RT4TRST"
        },
        "SubnetId": {
          "Ref": "SUB4TRST2"
        }
      }
    },
    "subnetroute12": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "RT4OPT"
        },
        "SubnetId": {
          "Ref": "SUB4OPT2"
        }
      }
    },
    "subnetroute13": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "RT4OPT"
        },
        "SubnetId": {
          "Ref": "SUB4OPT1"
        }
      }
    },
    "route2": {
      "Type": "AWS::EC2::Route",
      "Properties": {
        "DestinationCidrBlock": "0.0.0.0/0",
        "RouteTableId": {
          "Ref": "RT4DMZ"
        },
        "GatewayId": {
          "Ref": "IGW4YOU"
        }
      },
      "DependsOn": "gw2"
    },
    "dchpassoc2": {
      "Type": "AWS::EC2::VPCDHCPOptionsAssociation",
      "Properties": {
        "VpcId": {
          "Ref": "VPC4YOU"
        },
        "DhcpOptionsId": {
          "Ref": "DHCP4YOU"
        }
      }
    },
    "egress4": {
      "Type": "AWS::EC2::SecurityGroupEgress",
      "Properties": {
        "GroupId": {
          "Ref": "SG4OPT"
        },
        "IpProtocol": "-1",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "egress5": {
      "Type": "AWS::EC2::SecurityGroupEgress",
      "Properties": {
        "GroupId": {
          "Ref": "SG4DMZ"
        },
        "IpProtocol": "-1",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "egress6": {
      "Type": "AWS::EC2::SecurityGroupEgress",
      "Properties": {
        "GroupId": {
          "Ref": "SG4TRST"
        },
        "IpProtocol": "-1",
        "CidrIp": "0.0.0.0/0"
      }
    }
  },
  "Description": ""
}
スポンサーリンク
  • このエントリーをはてなブックマークに追加