export AWS_PROFILE=myprofile \naws sso login<\/code><\/pre>\n\n\n\nAlthough all of these tasks can be completed via the AWS Console (Web GUI), moving towards a IaC (Infrastructure as Code) approach we are building skills in managing everything via the CLI, scripts, SDKs and (REST) APIs, so knowing how to find and see resources via code or commands rather than the GUI is key; this guide therefore is written to this end.<\/p>\n\n\n\n
Simple Example (1 x EC2 Instance, 1 x Security Group)<\/h1>\n\n\n\n
For this getting started guide we’ll use a simple example which is an EC2 Instance<\/strong> with a Security Group<\/strong>. AWS provide some Sample Cloudformation Templates<\/a> which you can look at to see how they work.<\/p>\n\n\n\nWe’ll use this template: EC2InstanceWithSecurityGroupSample.template<\/a>, download, rename to ec2withSecurityGroup.yml<\/strong> and open and have a look.<\/p>\n\n\n\nHere\u2019s a short explanation of what each means with the important ones bolded:<\/p>\n\n\n\n
\n- AWSTemplateFormatVersion: Specifies the AWS CloudFormation template version.<\/li>\n\n\n\n
- Description: A text string that describes the template.<\/li>\n\n\n\n
- Mappings: A mapping of keys and associated values that you can use to specify conditional parameter values. This is CloudFormation\u2019s version of a \u201ccase\u201d statement.<\/li>\n\n\n\n
- Outputs: Describes the values that are returned whenever you view your stack\u2019s properties. This gets displayed in the AWS CloudFormation Console.<\/li>\n\n\n\n
- **Parameters: **Specifies values that you can pass into your template at runtime.<\/li>\n\n\n\n
- *Resources: **Specifies the stack resources and their properties, like our EC2 instance. This is the *only<\/em> required<\/em> property.<\/li>\n<\/ul>\n\n\n\n
Parameters and Resources<\/h2>\n\n\n\n
The most important top-level properties of a CloudFormation template are Parameters <\/strong>and Resources<\/strong>.<\/p>\n\n\n\nThe Parameters<\/strong> section is where you define any parameters such as Names, or KeyNames or Sizing or any other attributes you wish to have as an input into the template when you come to deploy it. I.e. you would have one here that takes your desired InstanceType (e.g. t1.micro) as an input; and this is then used within the Resources section to determine the size of the EC2 instance that will actually be deployed.<\/p>\n\n\n\n...\n\"Parameters\" : {\n \"KeyName\": {\n \"Description\" : \"Name of an existing EC2 KeyPair to enable SSH access to the instance\",\n \"Type\": \"AWS::EC2::KeyPair::KeyName\",\n \"ConstraintDescription\" : \"must be the name of an existing EC2 KeyPair.\"\n },\n\n \"InstanceType\" : {\n \"Description\" : \"WebServer EC2 instance type\",\n \"Type\" : \"String\",\n \"Default\" : \"t2.small\",\n \"AllowedValues\" : [ \"t1.micro\", \"t2.nano\", \"t2.micro\", \"t2.small\", \"t2.medium\", \"t2.large\", \"m1.small\", \"m1.medium\", \"m1.large\", \"m1.xlarge\", \"m2.xlarge\", \"m2.2xlarge\", \"m2.4xlarge\", \"m3.medium\", \"m3.large\", \"m3.xlarge\", \"m3.2xlarge\", \"m4.large\", \"m4.xlarge\", \"m4.2xlarge\", \"m4.4xlarge\", \"m4.10xlarge\", \"c1.medium\", \"c1.xlarge\", \"c3.large\", \"c3.xlarge\", \"c3.2xlarge\", \"c3.4xlarge\", \"c3.8xlarge\", \"c4.large\", \"c4.xlarge\", \"c4.2xlarge\", \"c4.4xlarge\", \"c4.8xlarge\", \"g2.2xlarge\", \"g2.8xlarge\", \"r3.large\", \"r3.xlarge\", \"r3.2xlarge\", \"r3.4xlarge\", \"r3.8xlarge\", \"i2.xlarge\", \"i2.2xlarge\", \"i2.4xlarge\", \"i2.8xlarge\", \"d2.xlarge\", \"d2.2xlarge\", \"d2.4xlarge\", \"d2.8xlarge\", \"hi1.4xlarge\", \"hs1.8xlarge\", \"cr1.8xlarge\", \"cc2.8xlarge\", \"cg1.4xlarge\"]\n,\n \"ConstraintDescription\" : \"must be a valid EC2 instance type.\"\n },\n\n \"SSHLocation\" : {\n \"Description\" : \"The IP address range that can be used to SSH to the EC2 instances\",\n \"Type\": \"String\",\n \"MinLength\": \"9\",\n \"MaxLength\": \"18\",\n \"Default\": \"0.0.0.0\/0\",\n \"AllowedPattern\": \"(\\\\d{1,3})\\\\.(\\\\d{1,3})\\\\.(\\\\d{1,3})\\\\.(\\\\d{1,3})\/(\\\\d{1,2})\",\n \"ConstraintDescription\": \"must be a valid IP CIDR range of the form x.x.x.x\/x.\"\n }\n },\n...<\/code><\/pre>\n\n\n\n![\"(info)\"](\"https:\/\/ssg-confluence.internal.sanger.ac.uk\/s\/-r41nvw\/8703\/51k4y0\/_\/images\/icons\/emoticons\/information.svg\")
You’l notice the default InstanceType <\/strong>is “t2.small” you can override this when you come to deployment, you’ll also notice the KeyName<\/strong>, this has no default value, which means if you don’t specify one at deployment time the cloudformation template won’t be applied.<\/em><\/p>\n\n\n\nThat then brings us to the Resources <\/strong>section, this is where you declare the AWS resources you actually want deployed, within this section you’ll be using References to refer to other parts of the template and with that your parameters when it comes to deployment time.<\/p>\n\n\n\n...\n\"Resources\" : {\n \"EC2Instance\" : {\n \"Type\" : \"AWS::EC2::Instance\",\n \"Properties\" : {\n \"InstanceType\" : { \"Ref\" : \"InstanceType\" },\n \"SecurityGroups\" : [ { \"Ref\" : \"InstanceSecurityGroup\" } ],\n \"KeyName\" : { \"Ref\" : \"KeyName\" },\n \"ImageId\" : { \"Fn::FindInMap\" : [ \"AWSRegionArch2AMI\", { \"Ref\" : \"AWS::Region\" },\n { \"Fn::FindInMap\" : [ \"AWSInstanceType2Arch\", { \"Ref\" : \"InstanceType\" }, \"Arch\" ] } ] }\n }\n },\n\n \"InstanceSecurityGroup\" : {\n \"Type\" : \"AWS::EC2::SecurityGroup\",\n \"Properties\" : {\n \"GroupDescription\" : \"Enable SSH access via port 22\",\n \"SecurityGroupIngress\" : [ {\n \"IpProtocol\" : \"tcp\",\n \"FromPort\" : \"22\",\n \"ToPort\" : \"22\",\n \"CidrIp\" : { \"Ref\" : \"SSHLocation\"}\n } ]\n }\n }\n },\n...<\/code><\/pre>\n\n\n\nPreparation<\/h2>\n\n\n\n
You’ll need to do some preparations before we actually launch the stack.<\/p>\n\n\n\n
Create Default VPC<\/h3>\n\n\n\n
In this particular example we need to ensure we have a default VPC created within the account, otherwise the deployment of the template fails.<\/p>\n\n\n\n
![\"(tick)\"](\"https:\/\/ssg-confluence.internal.sanger.ac.uk\/s\/-r41nvw\/8703\/51k4y0\/_\/images\/icons\/emoticons\/check.svg\")
You may not need to do this if your account already has the default VPC.<\/p>\n\n\n\n
aws ec2 create-default-vpc<\/code><\/pre>\n\n\n\nhttps:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/default-vpc.html<\/a><\/p>\n\n\n\nCreate KeyPair<\/h3>\n\n\n\n
In this particular example we need to create an EC2 KeyPair to use with the EC2 instance we are trying to deploy. You can create the keypair as follows, then you need to change the permissions (on Linux) to ensure you can use it.<\/p>\n\n\n\n
You may not need to do this if you already have an EC2 KeyPair created and the Private Key downloaded to your machine.<\/em><\/p>\n\n\n\naws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem chmod 400 MyKeyPair.pem<\/code><\/pre>\n\n\n\nhttps:\/\/docs.aws.amazon.com\/cli\/latest\/userguide\/cli-services-ec2-keypairs.html<\/a><\/p>\n\n\n\nCreating the Stack<\/h2>\n\n\n\n
Now we are ready to create the stack. But before we do a few comments about the command itself. You’ll notice that there are some arguments we are passing, we’ll take each of these in turn and explain them.<\/p>\n\n\n\n
\n- Template-Body – The template body is the path and filename of the template file you are wanting to apply. <\/li>\n\n\n\n
- Stack-Name – This is the name of the stack within Cloudformation, it will be how it appears and how you can refer to the stack, note that this name is not expressed in the template, it is applied as you run CloudFormation to create the stack.<\/li>\n\n\n\n
- Parameters – These are the parameters we declared within our template, so here we are passing values into those Parameters that will then be used within the Template. These are defined by ParameterKey followed by ParameterValue as a pair separated by a space.\n
\n- KeyName – In this case we’re passing the value “MyKeyPair” which was the EC2 Keypair we had above.<\/li>\n\n\n\n
- InstanceType – In this case we’re passing the value “t2.micro” which is the size of EC2 instance we want.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Now run the command:<\/p>\n\n\n\n
$ aws cloudformation create-stack --template-body file:\/\/ec2withSecurityGroup.yml --stack-name single-instance --parameters ParameterKey=KeyName,ParameterValue=MyKeyPair ParameterKey=InstanceType,ParameterValue=t2.micro<\/code><\/pre>\n\n\n\nYou should get an output such as:<\/p>\n\n\n\n
{ \"StackId\": \"arn:aws:cloudformation:eu-west-2:34912345614:stack\/single-instance\/7854f230-b854-11ed-8338-069354c2cde4\" }<\/code><\/pre>\n\n\n\nNow let’s see what is going on:<\/p>\n\n\n\n
aws cloudformation describe-stacks<\/code><\/pre>\n\n\n\nWithin this output you can find the stack you just created, of course you can add a query to refine this output to only show the key bits of information you are looking for. Or you can specify the stack name to get the output of only just this stack (if you have multiple stacks present).<\/p>\n\n\n\n
aws cloudformation describe-stacks<\/code><\/pre>\n\n\n\nChecking the EC2 Instance (using SSH Connection)<\/h2>\n\n\n\n
Now the stack has been deployed, let’s try to SSH to the EC2 instance. Our Security Policy says this is allowed as there is a rule for SSH. So first we need to find the Public IPv4 DNS name for the instance.<\/p>\n\n\n\n
aws ec2 describe-instances<\/code><\/pre>\n\n\n\nThis gives a lot of output, so let’s refine it for the pertinent information:<\/p>\n\n\n\n
aws ec2 describe-instances --query \"Reservations[*].Instances[*].{PublicIP:PublicIpAddress,Name:Tags[?Key=='Name']|[0].Value,Status:State.Name,PublicDNSName:PublicDnsName}\" --filters Name=instance-state-name,Values=running --output table<\/code><\/pre>\n\n\n\nThat’s better:<\/p>\n\n\n\n
-------------------------------------------------------------------------------------------\n| DescribeInstances |\n+------+-----------------------------------------------------+----------------+-----------+\n| Name | PublicDNSName | PublicIP | Status |\n+------+-----------------------------------------------------+----------------+-----------+\n| None| ec2-18-130-228-29.eu-west-2.compute.amazonaws.com | 18.130.228.29 | running |\n+------+-----------------------------------------------------+----------------+-----------+<\/code><\/pre>\n\n\n\nSo now let’s make a connection to the Public DNS Name with the EC2 Keypair via SSH:<\/p>\n\n\n\n
ssh -i ~\/MyKeyPair.pem ec2-user@ec2-18-130-228-29.eu-west-2.compute.amazonaws.com<\/code><\/pre>\n\n\n\nAnd we are in:<\/p>\n\n\n\n
me@computer:~\/vscode-projects\/misc\/cloudformation$ ssh -i ~\/MyKeyPair.pem ec2-user@ec2-18-130-228-29.eu-west-2.compu\nte.amazonaws.com\nLast login: Wed Mar 1 16:47:23 2023 from 1.2.3.4\n\n __| __|_ )\n _| ( \/ Amazon Linux AMI\n ___|\\___|___|\n\nhttps://aws.amazon.com\/amazon-linux-ami\/2018.03-release-notes\/\n33 package(s) needed for security, out of 50 available\nRun \"sudo yum update\" to apply all updates.\n[ec2-user@ip-172-31-41-251 ~]$<\/code><\/pre>\n\n\n\nClean-Up<\/h2>\n\n\n\n
To wrap up, we’ll delete the stack to ensure we’re not running up any bills, so we can run the following:<\/p>\n\n\n\n
aws cloudformation delete-stack --stack-name single-instance<\/code><\/pre>\n\n\n\nWe can run the below to check it really has gone!<\/p>\n\n\n\n
aws ec2 describe-instances<\/code><\/pre>\n\n\n\nWith a bit of refinement and you can be sure its no longer present.<\/p>\n\n\n\n
aws cloudformation describe-stacks --stack-name single-instance<\/code><\/pre>\n\n\n\nAdditional Information<\/h1>\n\n\n\n\n- https:\/\/blog.boltops.com\/2017\/03\/06\/a-simple-introduction-to-aws-cloudformation-part-1-ec2-instance\/<\/a><\/li>\n\n\n\n
- https:\/\/www.middlewareinventory.com\/blog\/aws-cli-ec2\/<\/a><\/li>\n\n\n\n
- https:\/\/stackoverflow.com\/questions\/27166910\/launching-instances-in-default-vpc-produces-error<\/a><\/li>\n<\/ul>\n\n\n\n
Image Attribution<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"AWS Cloudformation is a tool and declaritive language you can use to declare what you want your “stack” (i.e. your deployment of AWS resources) to look like. You define all the resources you want AWS to spin up in a blueprint document, click a button, and then AWS magically creates it all. This blueprint is … Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":3681,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28,3],"tags":[],"class_list":["post-3679","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","category-cloud"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3679"}],"version-history":[{"count":2,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3679\/revisions"}],"predecessor-version":[{"id":3682,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3679\/revisions\/3682"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/media\/3681"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}