I like learning new stuff.
Which is why I invest time and moneys into courses.
I really enjoy courses where you are forced into rolling up your own sleeves in order to create something. Recently a course I did allowed me to do a project in AWS CloudFormation.
Using a YAML CloudFormation template, I created an Internet Gateway, and a VPC (Virtual Private Cloud) along with an EC2 (Elastic Compute) instance that resided within the VPC.
A VPC with an EC2 instance and an Internet Gateway in AWS is commonly used to create a secure, scalable, and isolated network environment where resources like servers and databases can be hosted.
The EC2 instance can be used to host a webserver for example, while the Internet Gateway allows access to the internet (so users can access for example a website hosted on the EC2 instance). The VPC allows you to control traffic to the EC2 instance.
The courses I am following at this moment are from Emre Yilmaz, by the way. I highly recommend his courses, he takes you through content step by step at a perfect pace. They can be found at Udemy. For the record, I have no affiliation with him, I just really like his stuff.
Template can be viewed below.
AWSTemplateFormatVersion: "2010-09-09"
Description:
An EC2 instance, in a security group, in a public subnet within a VPC.
Resources:
# Creating a VPC.
MyVPC: # This is the ID/name your VPC gets in the "Resources"-tab in your CloudFormation stack. Not the same as the name of the VPC (which is set in "Tags").
Type: AWS::EC2::VPC
Properties:
CidrBlock: 192.168.0.0/16
Tags: # This is how you name your VPC.
- Key: Name
Value: TheVPC
# Creating a subnet that is within the VPC.
MyPublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 192.168.0.0/24 # This must be within the range of the CidrBlock defined in the relevant VPC. I had 192.168.1.0/24 here and this resulted in the EC2 instance not having a public IP address.
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: TheSubnet
# Creating a route table that is within the VPC.
MyRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVPC
Tags:
- Key: Name
Value: TheRouteTable
# Creating an association between MyRouteTable and MySubnet.
MyRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref MyRouteTable
SubnetId: !Ref MyPublicSubnet
# Creating an internet gateway. An internet gateway acts as a bridge between the VPC and the public internet.
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: TheInternetGateway
# Attaching the internet gateway to the VPC.
MyInternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyInternetGateway
VpcId: !Ref MyVPC
# In order for a subnet in the VPC to be able to access the public internet, it must have a route table with a route with a destination CidrBlock 0.0.0.0/0 (ALL IP addresses: the public internet ).
# This route must be attached to the internet gateway.
# Adding a route to the route table for internet access using the internet gateway.
MyInternetRoute:
Type: AWS::EC2::Route
DependsOn:
- MyInternetGatewayAttachment
Properties:
GatewayId: !Ref MyInternetGateway
RouteTableId: !Ref MyRouteTable
DestinationCidrBlock: 0.0.0.0/0
# Creating an EC2 instance
MyEC2Instance:
Type: AWS::EC2::Instance
DependsOn:
- MyPublicSubnet
- MyRouteTableAssociation
Properties:
ImageId: ami-0de02246788e4a354
InstanceType: t2.micro
SubnetId: !Ref MyPublicSubnet
SecurityGroupIds:
- !Ref MySecurityGroup
Tags:
- Key: Name
Value: TheEC2Instance
- Key: Project
Value: EC2 Instance within a security group that has access to the public internet
# Creating a security group in which the EC2 instance will be placed
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for EC2 instance
VpcId: !Ref MyVPC
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: icmp
FromPort: -1
ToPort: -1