AWS CloudFormation template with single & redundant system

3/1/2014Naoya Hashimoto

• Overview• System Architecture - Network• System Architecture - EC2• Template Structure - Dependency & Resources• Template Structure - Function• Template Structure - RPM packages• Operation Manual - AWS CLI (1)• Operation Manual - AWS CLI (2)• Operation Manual - AWS CLI (3)

Table of Contents

• Use CloudFormation to create Stacks composed of VPC, Internet Gateway, Route Table, ELB, EC2 Instance, EBS Volumes

• Single pattern with EC2 Instances WEB server and DB server with the same AZ• Redundant pattern with EC2 Instances WEB server and DB server with multi-AZ• Install LAMP package with Cloud-init• Add & resize another EBS Volumes for WEB server and DB Server

Overview

Stack – single patternAWS CloudFormation

Amazon VPC

Internet Gateway

Route Table

WEB on Instance

DB on Instance

Elastic LoadBalancing

Availability Zone

Stack – redundant pattern

WEB on Instance

DB on Instance

Availability Zone

WEB on Instance

DB on Instance

Availability Zone

Elastic LoadBalancing

2014/3/1 3

System Architecture - Networkvpc.template

Name AvailabilityZone Role

SubnetPublicVarA00 ap-northeast-1a ELB

SubnetPublicVarC01 ap-northeast-1c ELB

SubnetPublicVarA02 ap-northeast-1a Instances in AutoScaling Group

SubnetPublicVarC03 ap-northeast-1c Instances in AutoScaling Group

SubnetPublicFixA08 ap-northeast-1a Instances in Fixed IP address

SubnetPublicFixC09 ap-northeast-1c Instances in Fixed IP address

2014/3/1 4

cloudformation-single.template cloudformation-redundant.template

ec2-single.templateec2-redundant.template

vpc.template vpc.template

System Architecture - EC2

2014/3/1 5

Single

Template Structure - Dependency &

Resources Redundant

① cloudformation-single.template ① cloudformation-redundant.template

② vpc.template

③ ec2-single.template ③ ec2-redundant.template

AWS::EC2::InternetGatewayAWS::EC2::NetworkAclAWS::EC2::NetworkAclEntryAWS::EC2::RouteAWS::EC2::RouteTableAWS::EC2::SubnetAWS::EC2::SubnetNetworkAclAssociationAWS::EC2::SubnetRouteTableAssociationAWS::EC2::VPCAWS::EC2::VPCGatewayAttachmentAWS::CloudFormation::WaitCondition

AWS::CloudFormation::WaitConditionHandleAWS::EC2::EIPAWS::EC2::InstanceAWS::EC2::SecurityGroupAWS::ElasticLoadBalancing::LoadBalancer

AWS::CloudFormation::WaitConditionAWS::CloudFormation::WaitConditionHandleAWS::EC2::EIPAWS::EC2::InstanceAWS::EC2::SecurityGroupAWS::ElasticLoadBalancing::LoadBalancer

AWS::CloudFormation::Stack AWS::CloudFormation::Stack

2014/3/1 6

Template Structure - Function

overviewcloudformation-single.template cloudformation-redundant.template

vpc.template

ec2-single.template ec2-redundant.template

EC2 resource template for single, redundant pattern Create the following resources:

Instance, EBS Volume, ELB, EIP, Security GroupsInstall Apache, PHP, MySQLEnable/Disable the services will be started automatically upon bootCreate a linux user, opuser for Attach another EBS Volumes, create file system and resize them

Base template for single, redundant patternAdd output values from nested stacksInput key to the following items(values):

VPC CIDR, Instance Type, Volume Size, SSH KeyName, SecurityGroup CIDR(Customer’s GW, Office GW, Monitoring Server’s GW), DB Root Password

Pass the parameters to the nested stackOutput the parameters

VPC CIDR, Subnet ID , Instance Type, Instance ID, EIP, Volume Size, SecurityGroup CIDR(Customer GW, Own Office GW, Monitoring Server GW)

Common template for single, redundant patternCreate the following resources:

VPC, Subnet, Network ACL, Internet GW, Routing Table

Single Redundant

2014/3/1 7

• Commono gcc, gcc-c++, make, wget, unzip, git, ntp, opensslo sendmail, postfix

• WEB Servero mod_ssl, httpd, httpd-devel, httpd-tools

• DB Servero mysql, mysql-devel, mysql-embedded-devel, mysql-libs, mysql-server※Using MySQL Community repository(http://repo.mysql.com/mysql-community-release-el6.rpm) to install MySQL via yum on CentOS.

Template Structure - RPM packages

2014/3/1 8

Precondition• Login to Amazon Linux AMI to deploy stack.• Grant IAM Role with administrator privilege on the

instance.

Operation Manual - AWS CLI (1)

2014/3/1 9

• Template PATH on githubhttps://github.com/hashnao/aws-cloudformation/tree/master/EC2

• Validate template$ git clone https://github.com/hashnao/aws-cloudformation$ cd aws-cloudformation-master/EC2/$ aws cloudformation validate-template \--template-body file://$PWD/cloudformation-single.template • Create Stack$ aws cloudformation create-stack \--capabilities CAPABILITY_IAM \--template-body file://$PWD/cloudformation-single.template \--stack-name <Stack Name> \--parameters ParameterKey=CustomerName,ParameterValue=<Character string> \--parameters ParameterKey=DBRootPasssword,ParameterValue=<Character string> \--parameters ParameterKey=InstanceTypeDB,ParameterValue=<Instance Type> \--parameters ParameterKey=InstanceTypeWeb,ParameterValue=<Instance Type> \--parameters ParameterKey=KeyName,ParameterValue=<SSH KeyName> \--parameters ParameterKey=SecurityGroupCidrCustomer,ParameterValue=<CIDR> \--parameters ParameterKey=SecurityGroupCidrMonitor,ParameterValue=<CIDR> \--parameters ParameterKey=SecurityGroupCidrOffice,ParameterValue=<CIDR> \--parameters ParameterKey=VolumeSizeDB,ParameterValue=<Number> \--parameters ParameterKey=VolumeSizeDB,ParameterValue=<Number> \--parameters ParameterKey=VPCCIDR,ParameterValue=<1st and 2nd octet> • Describe stack$ aws cloudformation describe-stacks --stack-name <Stack Name> • List stack resource$ aws cloudformation list-stack-resources --stack-name <Stack Name> • Describe Stack Events$ aws cloudformation describe-stack-events --stack-name <Stack Name>

Operation Manual - AWS CLI (2)

2014/3/1 10

※Sample command with parameters• Create Stack$ aws cloudformation create-stack \--capabilities CAPABILITY_IAM \--template-body file://$PWD/cloudformation-single.template \--stack-name samplesingle \--parameters ParameterKey=CustomerName,ParameterValue=samplesingle \--parameters ParameterKey=DBRootPasssword,ParameterValue=mysql00 \--parameters ParameterKey=InstanceTypeDB,ParameterValue=t1.micro \--parameters ParameterKey=InstanceTypeWeb,ParameterValue=t1.micro \--parameters ParameterKey=KeyName,ParameterValue=default \--parameters ParameterKey=SecurityGroupCidrCustomer,ParameterValue=0.0.0.0/0 \--parameters ParameterKey=SecurityGroupCidrMonitor,ParameterValue=0.0.0.0/0 \--parameters ParameterKey=SecurityGroupCidrOffice,ParameterValue=0.0.0.0/0 \--parameters ParameterKey=VolumeSizeDB,ParameterValue=10 \--parameters ParameterKey=VolumeSizeDB,ParameterValue=10 \--parameters ParameterKey=VPCCIDR,ParameterValue=10.0

Operation Manual - AWS CLI (3)

2014/3/1 11

Now, OpsWorks is waiting!

2014/3/1 12