AWSでテスト用のVPCを作りたいときのCFnコードサンプル

2021-02-18 - 読み終える時間: 10 分

タイトル通り。

ファイルはこちら。 test-stack-01_VPC.json

  • 課金対象外のリソースのみ作成する(はず)
  • AZ-aとAZ-dを使う
  • Subnetは/27で4つ作る
  • VPCのCIDRは 192.168.254.0/24 ※使うときは好きに変えてくれ
  • あとはコードを見て何となく察してほしい

コード全文


  "AWSTemplateFormatVersion" : "2010-09-09",
  "Description" : "a test env template. test-stack-01",

  "Resources" : {
    "atestvpc" : {
      "Type" : "AWS::EC2::VPC",
      "Properties" : {
        "CidrBlock" : "192.168.254.0/24",
        "EnableDnsSupport" : "true",
        "EnableDnsHostnames" : "true",
        "InstanceTenancy" : "default",
        "Tags" : [
        {
          "Key" : "Name",
          "Value" : "atestVPC"
        }
        ]
      }
    },
    "atestSubnetAZaPub" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "AvailabilityZone" : "ap-northeast-1a",
        "CidrBlock" : "192.168.254.0/27",
        "Tags" : [
        {
          "Key" : "Name",
          "Value" : "atest-Subnet254-31"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSubnetAZdPub" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "AvailabilityZone" : "ap-northeast-1d",
        "CidrBlock" : "192.168.254.32/27",
        "Tags" : [
        {
          "Key" : "Name",
          "Value" : "atest-Subnet254-63"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSubnetAZaPri" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "AvailabilityZone" : "ap-northeast-1a",
        "CidrBlock" : "192.168.254.64/27",
        "Tags" : [
        {
          "Key" : "Name",
          "Value" : "atest-Subnet254-95"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSubnetAZdPri" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "AvailabilityZone" : "ap-northeast-1d",
        "CidrBlock" : "192.168.254.96/27",
        "Tags" : [
        {
          "Key" : "Name",
          "Value" : "atest-Subnet254-127"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestRouteTable1" : {
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
        "Tags" : [
        {
          "Key" : "Name",
          "Value" : "atest-RouteTable1"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestRoute1" : {
      "Type" : "AWS::EC2::Route",
      "Properties" : {
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : { "Ref" : "atestigw" },
        "RouteTableId" : { "Ref" : "atestRouteTable1" }
      },
      "DependsOn" : "atestigw"
    },
    "atestRoute1AssocSubnetAZa" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "RouteTableId" : { "Ref" : "atestRouteTable1" },
        "SubnetId" : { "Ref" : "atestSubnetAZaPub" }
      },
      "DependsOn" : "atestRouteTable1"
    },
    "atestRoute1AssocSubnetAZd" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "RouteTableId" : { "Ref" : "atestRouteTable1" },
        "SubnetId" : { "Ref" : "atestSubnetAZdPub" }
      },
      "DependsOn" : "atestRouteTable1"
    },
    "atestSGtoOffice" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "atest-toOffice",
        "GroupDescription" : "for Out Fitter",
        "SecurityGroupEgress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "all outbounds IPv4",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-toOffice"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSG1" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "atest-SG1",
        "GroupDescription" : "atest-SG1",
        "SecurityGroupEgress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "all outbounds IPv4",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-SG1"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSGinternal" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "atest-SG-internal",
        "GroupDescription" : "atest-SG-internal",
        "SecurityGroupEgress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "all outbounds IPv4",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "SecurityGroupIngress" : [
        {
          "CidrIp" : "192.168.254.0/24",
          "Description" : "All inbounds",
          "FromPort" : "0",
          "IpProtocol" : "tcp",
          "ToPort" : "65535"
        },
        {
          "CidrIp" : "192.168.254.0/24",
          "Description" : "All inbounds",
          "FromPort" : "0",
          "IpProtocol" : "tcp",
          "ToPort" : "65535"
        },
        {
          "SourceSecurityGroupId" : {"Ref" : "atestSG1"},
          "Description" : "All inbounds",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-SG-internal"
        }
         ],
         "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSGmailFront" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "atest-SG-mailFront",
        "GroupDescription" : "atest-SG-mailFront",
        "SecurityGroupEgress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "all outbounds IPv4",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "SecurityGroupIngress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All port80tcp inbounds",
          "FromPort" : "80",
          "IpProtocol" : "tcp",
          "ToPort" : "80"
        },
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All port80udp inbounds",
          "FromPort" : "80",
          "IpProtocol" : "udp",
          "ToPort" : "80"
        },
        {
          "SourceSecurityGroupId" : {"Ref" : "atestSG1"},
          "Description" : "All inbounds",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-SG-internal"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSGELB1" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "atest-SG-ELB1",
        "GroupDescription" : "for mail inbound",
        "SecurityGroupEgress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "all outbounds IPv4",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "SecurityGroupIngress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All 465tcp inbounds",
          "FromPort" : "465",
          "IpProtocol" : "tcp",
          "ToPort" : "465"
        },
        {
          "SourceSecurityGroupId" : {"Ref" : "atestSG1"},
          "Description" : "All 587tcp inbounds",
          "FromPort" : "587",
          "IpProtocol" : "tcp",
          "ToPort" : "587"
        }
        ],
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-SG-ELB1"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestSGELB2" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "atest-SG-ELB2",
        "GroupDescription" : "for www inbound",
        "SecurityGroupEgress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "all outbounds IPv4",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "SecurityGroupIngress" : [
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All 80tcp inbounds",
          "FromPort" : "80",
          "IpProtocol" : "tcp",
          "ToPort" : "80"
        },
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All 80udp inbounds",
          "FromPort" : "80",
          "IpProtocol" : "udp",
          "ToPort" : "80"
        },
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All 443tcp inbounds",
          "FromPort" : "443",
          "IpProtocol" : "tcp",
          "ToPort" : "443"
        },
        {
          "CidrIp" : "0.0.0.0/0",
          "Description" : "All 443udp inbounds",
          "FromPort" : "443",
          "IpProtocol" : "udp",
          "ToPort" : "443"
        },
        {
          "SourceSecurityGroupId" : {"Ref" : "atestSG1"},
          "Description" : "All inbounds SG1",
          "FromPort" : "0",
          "IpProtocol" : "-1",
          "ToPort" : "65535"
        }
        ],
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-SG-ELB2"
        }
        ],
        "VpcId" : {"Ref" : "atestvpc"}
      }
    },
    "atestS3atestelblog" : {
      "Type" : "AWS::S3::Bucket",
      "Properties" : {
        "BucketName" : "atest-elb-log",
        "PublicAccessBlockConfiguration" : {
          "BlockPublicAcls" : "true",
          "IgnorePublicAcls" : "true",
          "BlockPublicPolicy" : "true",
          "RestrictPublicBuckets" : "true"
        },
        "LifecycleConfiguration" : { "Rules" : [ { "ExpirationInDays" : "366", "Status" : "Enabled" } ] },
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-elb-log"
        }
        ]
      }
    },
    "atestS3atestelblogPolicy" : {
      "Type" : "AWS::S3::BucketPolicy",
      "Properties" : {
        "Bucket" : { "Ref" : "atestS3atestelblog" },
        "PolicyDocument" : {
          "Statement": [
              {
                  "Sid": "AWSConsoleStmt-1575805915496",
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": { "Fn::Join" : [ "", [ "arn:aws:iam::",{ "Ref" : "AWS::AccountId" },":root" ] ] },
                      "Service": "delivery.logs.amazonaws.com"
                  },
                  "Action": "s3:PutObject",
                  "Resource": "arn:aws:s3:::atest-elb-log/AWSLogs/*"
              }
          ]
        }
      }
    },
    "atestigw" : {
      "Type" : "AWS::EC2::InternetGateway",
      "Properties" : {
        "Tags" :  [
        {
          "Key" : "Name",
          "Value" : "atest-igw"
        }
        ]
      }
    },
    "atestigwAttach" : {
      "Type" : "AWS::EC2::VPCGatewayAttachment",
      "Properties" : {
        "VpcId" : { "Ref" : "atestvpc" },
        "InternetGatewayId" : { "Ref" : "atestigw" }
      }
    }
  },
  "Outputs" : {
    "EXPatestvpc" : {
      "Description" : "Export atestvpc",
      "Value" : { "Ref" : "atestvpc" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-vpc" }}
    },
    "EXPatestSGtoOffice" : {
      "Description" : "Export SGtoOffice",
      "Value" : { "Ref" : "atestSGtoOffice" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGtoOffice" }}
    },
    "EXPatestSG1" : {
      "Description" : "Export SG1",
      "Value" : { "Ref" : "atestSG1" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SG1" }}
    },
    "EXPatestSGinternal" : {
      "Description" : "Export SGinternal",
      "Value" : { "Ref" : "atestSGinternal" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGinternal" }}
    },
    "EXPatestSGMF" : {
      "Description" : "Export SGmailFront",
      "Value" : { "Ref" : "atestSGmailFront" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGMF" }}
    },
    "EXPatestSGELB1" : {
      "Description" : "Export SG ELB",
      "Value" : { "Ref" : "atestSGELB1" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGELB1" }}
    },
    "EXPatestSGELB2" : {
      "Description" : "Export SG ELB",
      "Value" : { "Ref" : "atestSGELB2" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SGELB2" }}
    },
    "EXPatestSubnetApub" : {
      "Description" : "Export SubnetAPub",
      "Value" : { "Ref" : "atestSubnetAZaPub" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SubnetApub" }}
    },
    "EXPatestSubnetApri" : {
      "Description" : "Export SubnetAPri",
      "Value" : { "Ref" : "atestSubnetAZaPri" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SubnetApri" }}
    },
    "EXPatestSubnetDpub" : {
      "Description" : "Export SubnetDPub",
      "Value" : { "Ref" : "atestSubnetAZdPub" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SubnetDpub" }}
    },
    "EXPatestSubnetDpri" : {
      "Description" : "Export SubnetDPri",
      "Value" : { "Ref" : "atestSubnetAZdPri" },
      "Export" : {"Name" : {"Fn::Sub": "${AWS::StackName}-SubnetDpri" }}
    }
  }
}

今日はここまで