AWS: A SysAdmin's Guide to Understanding AWS Networks: '2 Tier Example' (part 1)

This example shows a basic '2 Tier' AWS infrastructure, where the Webserver sits in the 'Presentation' or 'Public' subnet and routes out to and in from the Internet through the Internet Gateway, and the Database Server sits in the 'Data' or 'Private' subnet and routes out only to the Internet through the NAT instance and then to the Internet Gateway.  Image 1 shows the infrastructure we are trying to create.

Image 1

There are a number of ways that this infrastructure can be created.  The obvious way is to create it through the Amazon Console, with each element being created in the  graphical Web interface, but you can also use the AWS CLI to create each element with a CLI command.  However, there is one way that we can create an entire VPC based infrastructure (or stack) in one go.  This involves templating the entire design first and then playing it back as many times as we want, using the AWS service called Cloudformation.

The best way I've found to do this is to build up the design from first principles first and draw it out as shown in image 2.

Image 2
N.B. I have left on the object IDs of the example infrastructure I built, just so you can follow the routing and connections, but obviously when you build your infrastructure, the IDs will change.

Now, to start building this stack using the basic template.  This template is blank, but it's nice to see it before we start to build on it.

Now, by adding each of the elements e.g. VPC, Subnets, Routing Table, Internet Gateway and the Routes we can create a basic VPC based stack template.  

Now, that template will create everything in Image 2 apart from the NAT and any of the Security options (e.g. Security Groups and ACLs) simply because they are more complicated and we will save them for part 2.

So, we have the template... how do we now create the environment?  Well, it's very simple, we simply use the following command to check the validity of the syntax;

aws cloudformation validate-template --template-body file:///home/cloudformation/2-tier/basic-vpc-stack.json 

Then we run the next command to create the environment in Cloudformation;

aws cloudformation create-stack --stack-name "Palindrome-Stack" --template-body file:///home/cloudformation/2-tier/basic-vpc-stack.json 

At this point, if you don't get any errors, things have probably started well... so you need to connect into the AWS Console and view the events in Cloudformation.  If this completes successfully, you should have an infrastructure built as shown in Image 2 (obviously without the NAT server as I've already explained.)

No comments :