![呼び出し側のOutputsの利利⽤用
v eccube-‐‑‒vpc-‐‑‒09vpc.jsonはOutputsを定義
v VPCID, ELBSubnetAId, ELBSubnetBId,
ECSubnetAId, ECSubnetBId,
RDSSubnetAId, RDSSubentBId
v 呼び出し元での使い⽅方
{ “Fn::GetAtt” :[“vpcMake”, “Outputs.VPCID”] }
ARAKI Yasuhiro](https://image.slidesharecdn.com/jawsvpc3-130215192213-phpapp02/75/Jaws-CloudFormation-w-VPC-3-3-9-2048.jpg)
![AWS::ElasticLoadBalancing::LoadBalancer
v ELBはVPCにおいては、配置するサブネッ
トと、セキュリティグループを指定
"elbeccube": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Subnets": [
{ "Fn::GetAtt" :["vpcMake", "Outputs.ELBSubnetAId"] },
{ "Fn::GetAtt" :["vpcMake", "Outputs.ELBSubnetBId"] }
],
"SecurityGroups" : [{"Ref" : "LoadBalancerSecurityGroup"}],
……(略)
ARAKI Yasuhiro](https://image.slidesharecdn.com/jawsvpc3-130215192213-phpapp02/75/Jaws-CloudFormation-w-VPC-3-3-11-2048.jpg)
![AWS::EC2::SecurityGroup
v VPCに所属しているかをProperties中に
VpcIdとして宣⾔言
"LoadBalancerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access on port 80",
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] },
"SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80",
"ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ],
"SecurityGroupEgress" : [ { "IpProtocol" : "tcp", "FromPort" : "80",
"ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ]}},
ARAKI Yasuhiro](https://image.slidesharecdn.com/jawsvpc3-130215192213-phpapp02/75/Jaws-CloudFormation-w-VPC-3-3-12-2048.jpg)
![AWS::EC2::Instance
v SubnetIdを指定
"instanceib3ba90b3": {
"Type": "AWS::EC2::Instance",
"Properties": {
"SubnetId": {"Fn::GetAtt":["vpcMake", "Outputs.ECSubnetAId"]},
…… (略)
ARAKI Yasuhiro](https://image.slidesharecdn.com/jawsvpc3-130215192213-phpapp02/75/Jaws-CloudFormation-w-VPC-3-3-13-2048.jpg)
![AWS::RDS::DBSubnetGroup
v SubnetIdを指定
"MyDBSubnetGroup" : {
"Type" : "AWS::RDS::DBSubnetGroup",
"Properties" : {
"DBSubnetGroupDescription" : "Subnets available for the RDS DB Instance",
"SubnetIds" : [
{ "Fn::GetAtt" :["vpcMake", "Outputs.RDSSubnetAId"] },
{ "Fn::GetAtt" :["vpcMake", "Outputs.RDSSubnetBId"] }
]}},
ARAKI Yasuhiro](https://image.slidesharecdn.com/jawsvpc3-130215192213-phpapp02/75/Jaws-CloudFormation-w-VPC-3-3-14-2048.jpg)
![AWS::RDS::DBSecurityGroup
v RDSにはDBSecurityGroupを指定
"dbsgdefault": {
"Type": "AWS::RDS::DBSecurityGroup",
"Properties":{
"GroupDescription": "RDS security group in private",
"EC2VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] },
"DBSecurityGroupIngress": [{
"CIDRIP": "10.1.20.0/23"
} ]}}
ARAKI Yasuhiro](https://image.slidesharecdn.com/jawsvpc3-130215192213-phpapp02/75/Jaws-CloudFormation-w-VPC-3-3-15-2048.jpg)
Uploaded byYasuhiro Araki, Ph.D
Jaws−横浜ハンズオンーCloudFormation w/ VPC 3/3
AWS CloudFormatioNをつかった世界最速ハンズオン。EC2で作った環境をVPCに移行する。
More Related Content
Similar to Jaws−横浜ハンズオンーCloudFormation w/ VPC 3/3
Jaws−横浜ハンズオンーCloudFormation w/ VPC 3/3
- 1. ハンズオン: CloudFormationをつかったVPCへのシス テム移⾏行行 ARAKI Yasuhiro
- 2. このハンズオンのための準備 v CloudFormation(CFN)の知識識 v インストール v CloudFormationのコマンドラインツール (必須) v テキストエディタ(必須) v JSONエディタ(任意) ARAKI Yasuhiro
- 3. CloudFormationのコマンドラインツール v https://s3.amazonaws.com/cloudformation-‐‑‒cli/ AWSCloudFormation-‐‑‒cli.zip ARAKI Yasuhiro
- 4.
- 5.
- 6. 本ハンズオンの進め⽅方 v 時間がないので以下CFNTを実⾏行行 v http://arakisa.s3.amazonaws.com/ CloudFormation/eccube-‐‑‒ vpc-‐‑‒09instance.json v その中⾝身を解説していきます。 ARAKI Yasuhiro
- 7.
- 8. CFNTからCFNTを呼び出す AWS::CloudFormation::Stack "Resources" : { "vpcMake" : { "Type" : "AWS::CloudFormation::Stack", "Properties" : { "TemplateURL" : "https://s3-‐‑‒ap-‐‑‒northeast-‐‑‒1.amazonaws.com/ arakisa /CloudFormation/eccube-‐‑‒vpc-‐‑‒09vpc.json", "TimeoutInMinutes" : "60" } }, ARAKI Yasuhiro
- 9. 呼び出し側のOutputsの利利⽤用 v eccube-‐‑‒vpc-‐‑‒09vpc.jsonはOutputsを定義 v VPCID, ELBSubnetAId, ELBSubnetBId, ECSubnetAId, ECSubnetBId, RDSSubnetAId, RDSSubentBId v 呼び出し元での使い⽅方 { “Fn::GetAtt” :[“vpcMake”, “Outputs.VPCID”] } ARAKI Yasuhiro
- 10. VPC環境に対応した修正 v VPC内で使⽤用を定義するために特別なパラ メータをあたえなければならないリソースタ イプ v AWS::ElasticLoadBalancing::LoadBalancer v AWS::EC2::SecurityGroup v AWS::EC2::Instance v AWS::RDS::DBSubnetGroup ARAKI Yasuhiro
- 11. AWS::ElasticLoadBalancing::LoadBalancer v ELBはVPCにおいては、配置するサブネッ トと、セキュリティグループを指定 "elbeccube": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "Subnets": [ { "Fn::GetAtt" :["vpcMake", "Outputs.ELBSubnetAId"] }, { "Fn::GetAtt" :["vpcMake", "Outputs.ELBSubnetBId"] } ], "SecurityGroups" : [{"Ref" : "LoadBalancerSecurityGroup"}], ……(略) ARAKI Yasuhiro
- 12. AWS::EC2::SecurityGroup v VPCに所属しているかをProperties中に VpcIdとして宣⾔言 "LoadBalancerSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable HTTP access on port 80", "VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ], "SecurityGroupEgress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ]}}, ARAKI Yasuhiro
- 13. AWS::EC2::Instance v SubnetIdを指定 "instanceib3ba90b3": { "Type": "AWS::EC2::Instance", "Properties": { "SubnetId": {"Fn::GetAtt":["vpcMake", "Outputs.ECSubnetAId"]}, …… (略) ARAKI Yasuhiro
- 14. AWS::RDS::DBSubnetGroup v SubnetIdを指定 "MyDBSubnetGroup" : { "Type" : "AWS::RDS::DBSubnetGroup", "Properties" : { "DBSubnetGroupDescription" : "Subnets available for the RDS DB Instance", "SubnetIds" : [ { "Fn::GetAtt" :["vpcMake", "Outputs.RDSSubnetAId"] }, { "Fn::GetAtt" :["vpcMake", "Outputs.RDSSubnetBId"] } ]}}, ARAKI Yasuhiro
- 15. AWS::RDS::DBSecurityGroup v RDSにはDBSecurityGroupを指定 "dbsgdefault": { "Type": "AWS::RDS::DBSecurityGroup", "Properties":{ "GroupDescription": "RDS security group in private", "EC2VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, "DBSecurityGroupIngress": [{ "CIDRIP": "10.1.20.0/23" } ]}} ARAKI Yasuhiro
- 16.