Embed Size (px)
Citation preview
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Webinar
https://amzn.to/JPWebinar https://amzn.to/JPArchive
2
•
•
3
•
•
•
•
4
•
•
•
•
•
•
•
5
•
•
•
•
•
•
•
6
•
•
•
•
7
8
•
•
•
StackTemplate
作成/変更/削除
作成するリソースの定義 リソースの集合
VPCリソースの作成/変更/削除
•
•
•
•
•
•
9
11
12
13
•
•
•
•
•
•
•
14
15
Stack
Template
•
•
•
•
•
16
AWSTemplateFormatVersion: 2010-09-09
Description: Sample
Parameters:
KeyName:
Description: "Sample key"
Type: String
Mappings:
RegionMap:
ap-northeast-1:
”AMI": "ami-xxxxxxxxxx"
Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Properties:
SubnetId: "subnet-xxxxxxxxxx"
SecurityGroupIds:
- “sg-xxxxxxxxxx”
KeyName: !Ref KeyName
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", AMI ]
17
AWSTemplateFormatVersion: "version date"
Description:
String
Metadata:
template metadata
Parameters:
set of parameters
Mappings:
set of mappings
Conditions:
set of conditions
Transform:
set of transforms
Resources:
set of resources
Outputs:
set of outputs
18
•
•
•
•
Resources:
MyInstance:
Type: "AWS::EC2::Instance"
Properties:
SubnetId: "subnet-xxxxxxxxxx"
SecurityGroupIds:
- !GetAtt InstanceSecurityGroup.GroupId
KeyName: !Ref KeyName
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", 64 ]
•
•
•
•
•
•
•
19
Resources:
MyEC2Instance:
Type: "AWS::EC2::Instance”
Properties:
SubnetId: "subnet-xxxxxxxxxxxxxxxx"
Outputs:
MyEC2PhysicalID:
Value: !Ref MyEC2Instance
20
•
•
Resources:
MyInstance:
Type: "AWS::EC2::Instance”
Metadata:
MyInstance:
Description: "Information about the instance"
Database:
Description: "Information about the database"
21
•
•
•
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Network Configuration"
Parameters:
- VPCID
- ApplicationSubnetId
-
Label:
default: "EC2 Configuration"
Parameters:
- KeyName
22
•
•
Parameters:
Age:
Description: "input your age."
Type: Number
Default : 30
MinValue: 20
MaxValue: 60
FirstName:
Description: "input your first name."
Type: String
KeyName:
Description: "Sample key"
Type: String
23
24
•
•
• Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Properties:
KeyName: !Ref KeyName
Tags:
-
Key: OwnerAge
Value: !Ref: Age
-
Key: OwnerName
Value: !Ref: FirstName
25
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Properties:
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", AMI ]
Outputs:
ApplicationURL:
Value: !Join ["", [ "http://", !GetAtt Ec2Instance.PublicDnsName , "/index.html"] ]
26
27
•
•
•
•
•
•
•
Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Properties:
KeyName: !Ref "AWS::StackName"
Tags:
-
Key: region
Value: !Ref “AWS::Region”
28
•
•
•
Mappings:
RegionMap:
us-east-1:
"KEYPAIR": "myKey-east"
us-west-1:
"KEYPAIR": "myKey-west”
ap-northeast-1:
"KEYPAIR": "myKey-tokyo"
29
•
•
Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Properties:
KeyName: !FindInMap [ RegionMap, !Ref "AWS::Region", KEYPAIR ]
Mappings:
RegionMap:
us-east-1:
"KEYPAIR": "myKey-east"
us-west-1:
"KEYPAIR": "myKey-west”
ap-northeast-1:
"KEYPAIR": "myKey-tokyo"
•
•
•
•
Parameters:
EnvType:
Description: "Environment type."
Default: "development"
Type: String
AllowedValues: ["production", "staging", "development"]
ConstraintDescription: "must specify."
Conditions:
CreateProdResources: {"Fn::Equals" : [{"Ref" : "EnvType"}, “production"]}
Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Condition: "CreateProdResources"
30
31
•
•
•
•
•
•
•
Transform: AWS::Serverless-2016-10-31
Resources:
MyServerlessFunctionLogicalID:
Transform:
Name: 'AWS::Include'
Parameters:
Location: 's3://MyAmazonS3BucketName/MyFileName.yaml'
Transform: [EchoMacro]
Resources:
FancyTable:
•
•
•
32
Resources:
Ec2Instance:
Outputs:
PublicDNS:
Description: EC2 public DNS
Value: !GetAtt Ec2Instance.PublicDnsName
Outputs:
TSSG:
Value: !Ref TroubleShootingSG
Export:
Name: AccountSG
33
•
•
•
•
34
Template
Stack
35
•
•
•
DB App Server Web Server Hosted zoneS3
Stack
36
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
37
•
•
•
•
•
•
•
•
•
•
38
•
•
•
•
•
•
39
•
•
40
Stack
Stack Stack Stack
Stack
•
•
41
VPC
Public subnet 1
Availability zone 1
Private subnet 1
Availability zone 2
Public subnet 2
Private subnet 2
Stack
DB Instance
AP Server
Auto
Scaling
group
42
Outputs:
SecGrpWebID:
Description: Security Group for Web
Value: !Ref SecGrpWeb
Export:
Name: !Sub ${AWS::StackName}-SecGrpWeb
Resources:
BastionSrv:
Type: "AWS::EC2::Instance"
Properties:
ImageId: !Ref OSImage
InstanceType: t2.micro
KeyName: !Ref KeyPair
NetworkInterfaces:
- DeleteOnTermination: true
Description: Primary network interface
DeviceIndex: 0
SubnetId:
Fn::ImportValue: !Sub ${BaseStackName}-PubSub1
GroupSet:
- Fn::ImportValue: !Sub {SecStackName}-SecGrpWeb
43
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
44
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
•
•
•
45
•
•
46
AWSTemplateFormatVersion: "2010-09-09"
Resources:
Macro:
Type: "AWS::CloudFormation::Macro"
Properties:
FunctionName: arn:aws:lambda:us-east-1:1234567:function:EchoFunction
Name: EchoMacro
AWSTemplateFormatVersion: '2010-09-09'
Transform: [EchoMacro, 'AWS::Serverless-2016-10-31']
Resources:
FancyTable:
Type: AWS::Serverless::SimpleTable
•
•
47
Parameter
Store
Template
•
•
48
MyIAMUser:
Type: AWS::IAM::User
Properties:
UserName: 'MyUserName'
LoginProfile:
Password: '{{resolve:ssm-secure:IAMUserPassword-A:1}}'
•
•
•
49
Parameters :
LatestAmiId :
Type : 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2’
Resources :
Instance :
Type : 'AWS::EC2::Instance'
Properties :
ImageId : !Ref LatestAmiId
50
•
•
•
•
•
•
Template
•
51
const cdk = require('@aws-cdk/cdk');
const s3 = require('@aws-cdk/aws-s3');
class MyStack extends cdk.Stack {
constructor(parent, id, props) {
super(parent, id, props);
new s3.Bucket(this, 'MyFirstBucket', {
versioned: true
});
}
}
•
•
•
•
•
••
•
•
•
52
•
•
•
53
•
•
•
• のマネージドルールにより、差分が発生したらすぐに検知可能
• テンプレートに記載されていないプロパティについては差分をチェックしない
54
Template Stack
•
•
55
•
56
1
Stack
Template
2
Stack
3
Stack
1
Stack
2
Stack
3
Stack
StackSet
AWS Region - A
AWS Region - B
•
•
•
•
57
•
•
58
•
•
59
•
•
60
Template
DB Instance
Instance Instance
•
61
{
"Statement" : [
{
"Effect" : "Deny",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ResourceType" : ["AWS::RDS::DBInstance"]
}
}
},
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
}
]
}
•
•
62
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myS3Bucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
•
•
63
{"Effect":"Allow","Action":["cloudformation:CreateStack"]},{"Effect":"Deny","Action":["cloudformation:CreateStack"]
“Condition”:{‘ForAnyValue:StringLike”:{
“cloudformation:ResourceType”: [“AWS::IAM::*”]}
}}
•
•
•
•
•
•
•
64
•
•
•
•
65
66
Cross Stack Reference
IAM
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
67
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
68
69
VPC
Public subnet 1
Availability zone 1
Private subnet 1
Availability zone 2
Public subnet 2
Private subnet 2
Stack
DB Instance
AP Server
Role
Auto
Scaling
group
Role
•
70
•
71
•
73
74
•
•
•
75
•
•
•
•
•
•
•
•
•
76
•
•
•
77
•
•
./cfn-validate.sh yaml-eip.yaml
./cfn-update.sh create yaml-stack-r53 yaml-r53.yaml
./cfn-update.sh create yaml-stack-eip yaml-eip.yaml R53StackName=yaml-stack-r53
./cfn-status.sh yaml-stack-eip -v
78
79
80
81
82
AWS CloudFormation
AWS CloudFormation
• •
• •
•
••
•
••
83
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ClodFormationResourceManagementPolicy",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:UpdateStack"
],
"Resource": "*",
"Condition": {
"StringLike": {
"cloudformation:TemplateUrl": "https://<S3 endpoint>.amazonaws.com/<bucket>/*"
}
}
},
{
"Sid": "PermissionDelegation",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::xxxxxxxxxxxx:role/CloudFormationServiceRole"
}
]
}
84
AWS CloudFormation
S3
AWS CloudFormation
•
•
•
•
•
•
•
85
•
•
•
86
87
•
•
89
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Webinar
https://amzn.to/JPWebinar https://amzn.to/JPArchive
![[16] A sample software design description document](https://img.pdfslide.net/doc/110x75/586cc9801a28ab633c8b7dcf/16-a-sample-software-design-description-document.jpg)
