CloudFormation Template Dev - II
Michael Vargas

CloudFormation Template Dev - II

Michael Vargas Michael Vargas

Michael Vargas

Published Aug 10, 2018
+ Follow

Overview

A key benefit of cloud computing is the ability to automate provisioning of infrastructure in a programmatic way. The tool that accomplishes this feat is known as CloudFormation. CloudFormation provides the capability of defining a VPC and it's components as well as defining corresponding security groups and roles. This can be done in a file written in JSON. The benefit of using cloudformation is that you provision and automate deployments which happen in a repeatable fashion. More so, you can simply provision a new environment as necessary with on-demand execution of the cloudformation stack. Put practically, if you want to create a development, qa and staging environment, you simply externalize environment settings and pass them as arguments to your cloud formation script which will then internally stand up each environment identically.

You can find the first article which introduced some of the preliminary considerations necessary to devlop CloudFormation templates here. In that article, we define what cloudformation is, how to define a template, a description and declare resources for creating a top level VPC.

We ultimately end up coming up with this CloudFormation template:

{
   "AWSTemplateFormatVersion" : "2018-09-09",
   "Description" : "A VPC Example",
   "Resources" : {
        "VPC" : {
            "Type" : "AWS::EC2::VPC",
            "Properties" : {
                "CidrBlock" : "IP_ADDRESS_HERE",
                "EnableDnsSupport" : true,
                "EnableDnsHostnames" : true,
                "InstanceTenancy" : "default",
                "Tags" : [{
                   "Key" : "Name",
                   "Value" : "ACME Corp VPC"
                }]
            }
        } 
   } 
}

Internet Gateways

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.

In order for our VPC to access the internet, we need to develop our CloudFormation template to use an internet gateway. This allows accessibility from our VPC to other networks.

We can define this like so:

"InternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {
        "Tags": [{
          "Key":   "Name",
          "Value": "IP_ADDRESS_HERE
"
        }]
      }
    },

Notice, in the above example, we define a JSON complex type, "InternetGateway" and define the following properties on it.

The type AWS::EC2::InternetGateway is used for defining an Internet Gateway. This is what instructs the CloudFormation engine to create it.

  • Properties - we can use to define Tags which can assist us with searching and locating this component in the future. Notice that our Tag also can contain an array of properties we define using key map value pairs in each.

This brings our template definition to the following:

{
   "AWSTemplateFormatVersion" : "2018-09-09",
   "Description" : "A VPC Example",
   "Resources" : {
        "VPC" : {
            "Type" : "AWS::EC2::VPC",
            "Properties" : {
                "CidrBlock" : "IP_ADDRESS_HERE",
                "EnableDnsSupport" : true,
                "EnableDnsHostnames" : true,
                "InstanceTenancy" : "default",
                "Tags" : [{
                   "Key" : "Name",
                   "Value" : "ACME Corp VPC"
                }]
            }
        },
        "InternetGateway": {
               "Type": "AWS::EC2::InternetGateway",
               "Properties": {
                    "Tags": [{
                    "Key":   "Name",
                    "Value": "IP_ADDRESS_HERE"
                    }]
               }
        },
   } 
}

So far, we've defined an Internet Gateway and have begun constructing the building blocks for our VPC, however, these two objects know nothing about each other. For use to create an association between the two, we need to attach our Internet Gateway to the VPC.

This is what allows a specific VPC to communicate to a specific Internet Gateway. That associate is essentially maps the two components of the VPC together.

As you might suspect, we need to define another complex type that creates this association. We do so by creating the following:

"VPCGatewayAttachment": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "VpcId": {"Ref": "VPC"},
        "InternetGatewayId": {"Ref": "InternetGateway"}
      }
},

Once again, The type AWS::EC2::VPCGatewayAttachment is used for defining this association.

  • Properties - we can use to define two important properties VpcID and InternetGatewayId.

For us to locate a specific value we've defined in another part of the template, we use the instrinsic function Ref which returns the value of the specified parameter or resource.

  • When you specify a parameter's logical name, it returns the value of the parameter.
  • When you specify a resource's logical name, it returns a value that you can typically use to refer to that resource, such as a physical ID.

In our specific case:

        "VpcId": {"Ref": "VPC"},
        "InternetGatewayId": {"Ref": "InternetGateway"}

We use the ref function to locate the value associated to the "VPC" block we've defined in another section of our CloudFormation template:

"VPC" : {
            "Type" : "AWS::EC2::VPC",
            "Properties" : {
                "CidrBlock" : "IP_ADDRESS_HERE",
                "EnableDnsSupport" : true,
                "EnableDnsHostnames" : true,
                "InstanceTenancy" : "default",
                "Tags" : [{
                   "Key" : "Name",
                   "Value" : "ACME Corp VPC"
                }]
            }
        },

That value is now bound to the VpcId which essentially is creating the association between the two constructs. In addition, we're tying the InternetGatewayId using the exact same process with the intrinsic function Ref. The value associated with Ref that is returned can be used to refer to the Internet Gateway definition we've defined in another part.

With all this in place, we now have the following template created so far:

{
   "AWSTemplateFormatVersion" : "2018-09-09",
   "Description" : "A VPC Example",
   "Resources" : {
        "VPC" : {
            "Type" : "AWS::EC2::VPC",
            "Properties" : {
                "CidrBlock" : "IP_ADDRESS_HERE",
                "EnableDnsSupport" : true,
                "EnableDnsHostnames" : true,
                "InstanceTenancy" : "default",
                "Tags" : [{
                   "Key" : "Name",
                   "Value" : "ACME Corp VPC"
                }]
            }
        },
        "InternetGateway": {
               "Type": "AWS::EC2::InternetGateway",
               "Properties": {
                    "Tags": [{
                    "Key":   "Name",
                    "Value": "IP_ADDRESS_HERE"
                    }]
               }
        },
        "VPCGatewayAttachment": {
                "Type": "AWS::EC2::VPCGatewayAttachment",
                "Properties": {
                    "VpcId": {"Ref": "VPC"},
                    "InternetGatewayId": {"Ref": "InternetGateway"}
                }
        },
   } 
}


In the next article, we'll continue developing our CloudFormation template and start defining subnets. For more information on CloudFormation and all things AWS related, check out uxdsummit.com!

Thanks for reading!


To view or add a comment, sign in

More articles by Michael Vargas

  • AWS Step Functions Part V
    Mar 20, 2019

    AWS Step Functions Part V

    We've put together the workflow to support an on-boarding badge process. In this article, we're going to tweak the…

  • AWS Step Functions Part IV
    Mar 13, 2019

    AWS Step Functions Part IV

    We've put together the foundation for our workflow. In this article, we're ready to integrate all the different moving…

  • Workflow Series III: AWS Step Functions
    Mar 6, 2019

    Workflow Series III: AWS Step Functions

    Hey there! We're working on putting together a workflow that implements a distributed processes. A process that could…

  • Workflow Series II: Creating A Simple Workflow With DynamoDB Streams
    Feb 27, 2019

    Workflow Series II: Creating A Simple Workflow With DynamoDB Streams

    Before we begin, check out the previous article here to give some background. We're working on developing a workflow.

  • Workflow Series: AWS Step Functions
    Feb 20, 2019

    Workflow Series: AWS Step Functions

    A workflow consists of an orchestrated and repeatable pattern which can resemble or model a business or technical…

  • The Serverless Framework
    Feb 13, 2019

    The Serverless Framework

    What's Serverless? The Serverless Framework is a free and open-source web framework written using Node.js.

  • Writing Asynchronous Lambda Functions
    Feb 6, 2019

    Writing Asynchronous Lambda Functions

    Thanks to the introduction of NodeJS 8.10 runtime environments, it's now possible to create asynchronous AWS Lambda…

  • ES8 Features: Async/Await
    Jan 18, 2019

    ES8 Features: Async/Await

    The asynchronous function was developed to solve the problem of dealing with promises and callback h, e, double hockey…

    2 Comments
  • What is Serverless Architecture anyways?
    Jan 11, 2019

    What is Serverless Architecture anyways?

    This article is about the fundamentals to decide if it's something you want to consider. I promise to not write about…

  • Unit Testing AWS Lambda Functions
    Jan 4, 2019

    Unit Testing AWS Lambda Functions

    Background: In my previous article, we defined an interface that communicates to our database. This could be specific…

See all articles

Others also viewed

Explore content categories