AWSTemplateFormatVersion: "2010-09-09"
Description: Auto Scaling Group with ALB, NAT Gateway, and Launch Template
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
LatestAmiId:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: MyVPC
MyIGW1:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: MyIGW1
MyIGW1Attachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyIGW1
VpcId: !Ref MyVPC
MyPublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: MyPublicSubnet1
MyVPC2:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: MyVPC2
MyIGW2:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: MyIGW2
MyIGW2Attachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyIGW2
VpcId: !Ref MyVPC2
MyPublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [2, !GetAZs '']
VpcId: !Ref MyVPC2
CidrBlock: 172.16.1.0/24
Tags:
- Key: Name
Value: MyPublicSubnet2
MyPublicRouting1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: MyPublicRouting1
MyPublicRouting2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC2
Tags:
- Key: Name
Value: MyPublicRouting2
MyPublicSubnet1RoutingAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyPublicRouting1
SubnetId: !Ref MyPublicSubnet1
MyPublicSubnet2RoutingAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyPublicRouting2
SubnetId: !Ref MyPublicSubnet2
MyPublicDefault1:
Type: AWS::EC2::Route
DependsOn: MyIGW1Attachment
Properties:
RouteTableId: !Ref MyPublicRouting1
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyIGW1
MyPublicDefault2:
Type: AWS::EC2::Route
DependsOn: MyIGW2Attachment
Properties:
RouteTableId: !Ref MyPublicRouting2
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyIGW2
MyPublicSecuGroup1:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP HTTPS SSH SNMP(161)
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: MyPublicSecuGroup1
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 161
ToPort: 161
CidrIp: 0.0.0.0/0
MyPublicSecuGroup2:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP HTTPS SSH SNMP(161)
VpcId: !Ref MyVPC2
Tags:
- Key: Name
Value: MyPublicSecuGroup2
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 161
ToPort: 161
CidrIp: 0.0.0.0/0
MyWeb1:
Type: AWS::EC2::Instance
DependsOn: MyIGW1Attachment
Properties:
InstanceType: t3.micro
ImageId: !Ref LatestAmiId
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: MyWeb1
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref MyPublicSubnet1
GroupSet:
- !Ref MyPublicSecuGroup1
AssociatePublicIpAddress: true
PrivateIpAddress: 10.0.1.101
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
yum -y install net-snmp net-snmp-utils
yum -y install tcpdump
echo "<h1>Welcome to AWS WEB Server 01</h1>" > /var/www/html/index.html
mkdir -p /var/www/html/dir1
echo "<h1>Welcome to AWS WEB Server 02</h1>" > /var/www/html/dir1/index.html
systemctl enable --now httpd
systemctl enable --now snmpd
MyWeb2:
Type: AWS::EC2::Instance
DependsOn: MyIGW2Attachment
Properties:
InstanceType: t3.micro
ImageId: !Ref LatestAmiId
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: MyWeb2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref MyPublicSubnet2
GroupSet:
- !Ref MyPublicSecuGroup2
AssociatePublicIpAddress: true
PrivateIpAddress: 172.16.1.101
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
yum -y install net-snmp net-snmp-utils
yum -y install tcpdump
echo "<h1>Welcome to AWS WEB Server 03</h1>" > /var/www/html/index.html
mkdir -p /var/www/html/dir1
echo "<h1>Welcome to AWS WEB Server 04</h1>" > /var/www/html/dir1/index.html
systemctl enable --now httpd
systemctl enable --now snmpd
하나의 VPC에는 하나의 IGW 연결 가능
라우팅 혼란을 방지하기 위함입니다.
여러 개의 IGW가 연결되면 트래픽이 어디로 나갈지 모호해지고, 관리도 어렵습니다.
대신, IGW는 다수의 서브넷(퍼블릭 서브넷)에 공유해서 사용할 수 있습니다.
하나의 VPC 하나의 IGW
NetworkLoadBalancer -port/ip
AWSTemplateFormatVersion: "2010-09-09"
Description: Auto Scaling Group with ALB, NAT Gateway, and Launch Template
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
LatestAmiId:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: MyVPC
MyIGW1:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: MyIGW1
MyIGW1Attachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyIGW1
VpcId: !Ref MyVPC
MyPublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
Tags:
- Key: Name
Value: MyPublicSubnet1
MyVPC2:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 172.16.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: MyVPC2
MyIGW2:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: MyIGW2
MyIGW2Attachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyIGW2
VpcId: !Ref MyVPC2
MyPublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: !Select [2, !GetAZs '']
VpcId: !Ref MyVPC2
CidrBlock: 172.16.1.0/24
Tags:
- Key: Name
Value: MyPublicSubnet2
MyPublicRouting1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: MyPublicRouting1
MyPublicRouting2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC2
Tags:
- Key: Name
Value: MyPublicRouting2
MyPublicSubnet1RoutingAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyPublicRouting1
SubnetId: !Ref MyPublicSubnet1
MyPublicSubnet2RoutingAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyPublicRouting2
SubnetId: !Ref MyPublicSubnet2
MyPublicDefault1:
Type: AWS::EC2::Route
DependsOn: MyIGW1Attachment
Properties:
RouteTableId: !Ref MyPublicRouting1
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyIGW1
MyPublicDefault2:
Type: AWS::EC2::Route
DependsOn: MyIGW2Attachment
Properties:
RouteTableId: !Ref MyPublicRouting2
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyIGW2
MyPublicSecuGroup1:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP HTTPS SSH SNMP(161)
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: MyPublicSecuGroup1
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 161
ToPort: 161
CidrIp: 0.0.0.0/0
MyPublicSecuGroup2:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP HTTPS SSH SNMP(161)
VpcId: !Ref MyVPC2
Tags:
- Key: Name
Value: MyPublicSecuGroup2
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: 161
ToPort: 161
CidrIp: 0.0.0.0/0
MyWeb1:
Type: AWS::EC2::Instance
DependsOn: MyIGW1Attachment
Properties:
InstanceType: t3.micro
ImageId: !Ref LatestAmiId
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: MyWeb1
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref MyPublicSubnet1
GroupSet:
- !Ref MyPublicSecuGroup1
AssociatePublicIpAddress: true
PrivateIpAddress: 10.0.1.101
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
yum -y install net-snmp net-snmp-utils
yum -y install tcpdump
echo "<h1>Welcome to AWS WEB Server 01</h1>" > /var/www/html/index.html
mkdir -p /var/www/html/dir1
echo "<h1>Welcome to AWS WEB Server 02</h1>" > /var/www/html/dir1/index.html
systemctl enable --now httpd
systemctl enable --now snmpd
MyWeb2:
Type: AWS::EC2::Instance
DependsOn: MyIGW2Attachment
Properties:
InstanceType: t3.micro
ImageId: !Ref LatestAmiId
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: MyWeb2
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref MyPublicSubnet2
GroupSet:
- !Ref MyPublicSecuGroup2
AssociatePublicIpAddress: true
PrivateIpAddress: 172.16.1.101
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
yum -y install net-snmp net-snmp-utils
yum -y install tcpdump
echo "<h1>Welcome to AWS WEB Server 03</h1>" > /var/www/html/index.html
mkdir -p /var/www/html/dir1
echo "<h1>Welcome to AWS WEB Server 04</h1>" > /var/www/html/dir1/index.html
systemctl enable --now httpd
systemctl enable --now snmpd
MyWeb3:
Type: AWS::EC2::Instance
DependsOn: MyIGW2Attachment
Properties:
InstanceType: t3.micro
ImageId: !Ref LatestAmiId
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: MyWeb3
NetworkInterfaces:
- DeviceIndex: 0
SubnetId: !Ref MyPublicSubnet2
GroupSet:
- !Ref MyPublicSecuGroup2
AssociatePublicIpAddress: true
PrivateIpAddress: 172.16.1.103
UserData:
Fn::Base64:
!Sub |
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
yum -y install net-snmp net-snmp-utils
yum -y install tcpdump
echo "<h1>Welcome to AWS WEB Server 05</h1>" > /var/www/html/index.html
mkdir -p /var/www/html/dir1
echo "<h1>Welcome to AWS WEB Server 06</h1>" > /var/www/html/dir1/index.html
systemctl enable --now httpd
systemctl enable --now snmpd
MyNLBTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
DependsOn:
- MyWeb2
- MyWeb3
Properties:
Name: MyNLBTargetGroup
Port: 80
Protocol: TCP
VpcId: !Ref MyVPC2
Targets:
- Id: !Ref MyWeb2
Port: 80
- Id: !Ref MyWeb3
Port: 80
Tags:
- Key: Name
Value: MyNLBTargetGroup
MyNLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
DependsOn: MyNLBTargetGroup
Properties:
Type: network
Scheme: internet-facing
Subnets:
- !Ref MyPublicSubnet2
Tags:
- Key: Name
Value: MyNLB
MyNLBListner:
Type: AWS::ElasticLoadBalancingV2::Listener
DependsOn:
- MyNLBTargetGroup
- MyNLB
Properties:
LoadBalancerArn: !Ref MyNLB
Port: 80
Protocol: TCP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref MyNLBTargetGroup
port / ip 할당 가능
