AWS Black Belt Online Seminar AWS CloudFormation アップデート

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
AWS Webinar
https://amzn.to/JPWebinar https://amzn.to/JPArchive

8
•
•
•
StackTemplate
作成/変更/削除
作成するリソースの定義リソースの集合
VPCリソースの
作成/変更/削除

10




























•
•
•
•
•
•
•
14

•
•
•
•
•
16
AWSTemplateFormatVersion: 2010-09-09
Description: Sample
Parameters:
KeyName:
Description: "Sample key"
Type: String
Mappings:
RegionMap:
ap-northeast-1:
”AMI": "ami-xxxxxxxxxx"
Resources:
Ec2Instance:
Type: "AWS::EC2::Instance"
Properties:
SubnetId: "subnet-xxxxxxxxxx"
SecurityGroupIds:
- “sg-xxxxxxxxxx”
KeyName: !Ref KeyName
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", AMI ]

17
AWSTemplateFormatVersion: "version date"
Description:
String
Metadata:
template metadata
Parameters:
set of parameters
Mappings:
set of mappings
Conditions:
set of conditions
Transform:
set of transforms
Resources:
set of resources
Outputs:
set of outputs

18
•
•
•
•
Resources:
MyInstance:
Properties:
SubnetId: "subnet-xxxxxxxxxx"
SecurityGroupIds:
- !GetAtt InstanceSecurityGroup.GroupId
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", 64 ]

•
•
•
•
•
•
•
19
Resources:
MyEC2Instance:
Type: "AWS::EC2::Instance”
Properties:
SubnetId: "subnet-xxxxxxxxxxxxxxxx"
Outputs:
MyEC2PhysicalID:
Value: !Ref MyEC2Instance

20
•
•
Resources:
MyInstance:
Type: "AWS::EC2::Instance”
Metadata:
MyInstance:
Description: "Information about the instance"
Database:
Description: "Information about the database"

21
•
•
•
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Network Configuration"
Parameters:
- VPCID
- ApplicationSubnetId
-
Label:
default: "EC2 Configuration"
Parameters:
- KeyName

22
•
•
Parameters:
Age:
Description: "input your age."
Type: Number
Default : 30
MinValue: 20
MaxValue: 60
FirstName:
Description: "input your first name."
Type: String
KeyName:
Description: "Sample key"
Type: String

24
•
•
• Resources:
Ec2Instance:
Properties:
Tags:
-
Key: OwnerAge
Value: !Ref: Age
-
Key: OwnerName
Value: !Ref: FirstName

25
•
•
•
•
•
•
•
•
•

•
•
•
•
•
•
Resources:
Ec2Instance:
Properties:
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", AMI ]
Outputs:
ApplicationURL:
Value: !Join ["", [ "http://", !GetAtt Ec2Instance.PublicDnsName , "/index.html"] ]
26

27
•
•
•
•
•
•
•
Resources:
Ec2Instance:
Properties:
KeyName: !Ref "AWS::StackName"
Tags:
-
Key: region
Value: !Ref “AWS::Region”

28
•
•
•
Mappings:
RegionMap:
us-east-1:
"KEYPAIR": "myKey-east"
us-west-1:
"KEYPAIR": "myKey-west”
ap-northeast-1:
"KEYPAIR": "myKey-tokyo"

29
•
•
Resources:
Ec2Instance:
Properties:
KeyName: !FindInMap [ RegionMap, !Ref "AWS::Region", KEYPAIR ]
Mappings:
RegionMap:
us-east-1:
"KEYPAIR": "myKey-east"
us-west-1:
"KEYPAIR": "myKey-west”
ap-northeast-1:
"KEYPAIR": "myKey-tokyo"

•
•
•
•
Parameters:
EnvType:
Description: "Environment type."
Default: "development"
Type: String
AllowedValues: ["production", "staging", "development"]
ConstraintDescription: "must specify."
Conditions:
CreateProdResources: {"Fn::Equals" : [{"Ref" : "EnvType"}, “production"]}
Resources:
Ec2Instance:
Condition: "CreateProdResources"
30

31
•
•
•
•
•
•
•
Transform: AWS::Serverless-2016-10-31
Resources:
MyServerlessFunctionLogicalID:
Transform:
Name: 'AWS::Include'
Parameters:
Location: 's3://MyAmazonS3BucketName/MyFileName.yaml'
Transform: [EchoMacro]
Resources:
FancyTable:

•
•
•
32
Resources:
Ec2Instance:
Outputs:
PublicDNS:
Description: EC2 public DNS
Value: !GetAtt Ec2Instance.PublicDnsName
Outputs:
TSSG:
Value: !Ref TroubleShootingSG
Export:
Name: AccountSG

35
•
•
•
DB App Server Web Server Hosted zoneS3
Stack

36
•
•
•
•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
37

•
•
•
•
•
•
•
•
•
•
38

•
•
40
Stack
Stack Stack Stack
Stack

•
•
41
VPC
Public subnet 1
Availability zone 1
Private subnet 1
Availability zone 2
Public subnet 2
Private subnet 2
Stack
DB Instance
AP Server
Auto
Scaling
group

42
Outputs:
SecGrpWebID:
Description: Security Group for Web
Value: !Ref SecGrpWeb
Export:
Name: !Sub ${AWS::StackName}-SecGrpWeb
Resources:
BastionSrv:
Properties:
ImageId: !Ref OSImage
InstanceType: t2.micro
KeyName: !Ref KeyPair
NetworkInterfaces:
- DeleteOnTermination: true
Description: Primary network interface
DeviceIndex: 0
SubnetId:
Fn::ImportValue: !Sub ${BaseStackName}-PubSub1
GroupSet:
- Fn::ImportValue: !Sub {SecStackName}-SecGrpWeb

43
•
•
•
•
•
•
•
•
•
•
•
•
•

•
•
•
44
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31

•
•
46
AWSTemplateFormatVersion: "2010-09-09"
Resources:
Macro:
Type: "AWS::CloudFormation::Macro"
Properties:
FunctionName: arn:aws:lambda:us-east-1:1234567:function:EchoFunction
Name: EchoMacro
AWSTemplateFormatVersion: '2010-09-09'
Transform: [EchoMacro, 'AWS::Serverless-2016-10-31']
Resources:
FancyTable:
Type: AWS::Serverless::SimpleTable

•
•
47
Parameter
Store
Template
•
•

48
MyIAMUser:
Type: AWS::IAM::User
Properties:
UserName: 'MyUserName'
LoginProfile:
Password: '{{resolve:ssm-secure:IAMUserPassword-A:1}}'
•

•
•
49
Parameters :
LatestAmiId :
Type : 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2’
Resources :
Instance :
Type : 'AWS::EC2::Instance'
Properties :
ImageId : !Ref LatestAmiId

50
•
•
•
•
•
•
Template

•
51
const cdk = require('@aws-cdk/cdk');
const s3 = require('@aws-cdk/aws-s3');
class MyStack extends cdk.Stack {
constructor(parent, id, props) {
super(parent, id, props);
new s3.Bucket(this, 'MyFirstBucket', {
versioned: true
});
}
}

•
•
•
•
•
•
•
•
•
•
52

•
•
•
• のマネージドルールにより、差分が発生したらすぐに検知可能
• テンプレートに記載されていないプロパティについては差分をチェックしない
54
Template Stack

•
56
1
Stack
Template
2
Stack
3
Stack
1
Stack
2
Stack
3
Stack
StackSet
AWS Region - A
AWS Region - B

•
•
60
Template
DB Instance
Instance Instance

•
61
{
"Statement" : [
{
"Effect" : "Deny",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ResourceType" : ["AWS::RDS::DBInstance"]
}
}
},
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
}
]
}

•
•
62
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myS3Bucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain

•
•
63
{
"Effect":"Allow",
"Action":["cloudformation:CreateStack"]
},
{
"Effect":"Deny",
"Action":["cloudformation:CreateStack"]
“Condition”:{
‘ForAnyValue:StringLike”:{
“cloudformation:ResourceType”: [“AWS::IAM::*”]
}
}
}

•
•
•
•
•
•
•
64

IAM
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
67

•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
68

69
VPC
Public subnet 1
Availability zone 1
Private subnet 1
Availability zone 2
Public subnet 2
Private subnet 2
Stack
DB Instance
AP Server
Role
Auto
Scaling
group
Role

•
•
•
•
•
•
•
•
•
76

•
•
./cfn-validate.sh yaml-eip.yaml
./cfn-update.sh create yaml-stack-r53 yaml-r53.yaml
./cfn-update.sh create yaml-stack-eip yaml-eip.yaml R53StackName=yaml-stack-r53
./cfn-status.sh yaml-stack-eip -v
78

82
AWS CloudFormation
AWS CloudFormation

• •
• •
•
•
•
•
•
•
83

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ClodFormationResourceManagementPolicy",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:UpdateStack"
],
"Resource": "*",
"Condition": {
"StringLike": {
"cloudformation:TemplateUrl": "https://<S3 endpoint>.amazonaws.com/<bucket>/*"
}
}
},
{
"Sid": "PermissionDelegation",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "arn:aws:iam::xxxxxxxxxxxx:role/CloudFormationServiceRole"
}
]
}
84
AWS CloudFormation
S3
AWS CloudFormation

•
•
•
•
•
•
•
85

AWS Black Belt Online Seminar AWS CloudFormation アップデート

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à AWS Black Belt Online Seminar AWS CloudFormation アップデート

Similaire à AWS Black Belt Online Seminar AWS CloudFormation アップデート (20)

Plus de Amazon Web Services Japan

Plus de Amazon Web Services Japan (20)

Dernier

Dernier (20)

AWS Black Belt Online Seminar AWS CloudFormation アップデート