I'm trying to build out a small infrastructure:
- A single VPC
- A single subnet
- A single security group with a single rule: ssh
- A single instance
So far, in order to make it remotely functional I've had to add:
- Internet Gateway
- Route Table
When I deploy the template, it creates successfully. I can look through my console and see all of the components.
What I'm having a problem with is connecting to the instance afterward. Attempts to connect via ssh time out.
I think I've narrowed this problem down to the fact that when the stack is built, two route tables are deployed. One is marked as main which has no default route added to it, The other one I explicitly define in my template and to which I add the default route.
If I add the default route to the template-define table after the fact, I can ssh.
I guess my questions are:
- how do I mark the table that I'm creating in the template as the main table, or
- how do I tell CloudFormation to not create the default table that is being marked as main, or
- how do I get the default route into the main table?
Template:
AWSTemplateFormatVersion: 2010-09-09
Resources:
vpcCandidateEyMm7zuOcn:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 192.168.0.0/16
EnableDnsHostnames: 'true'
EnableDnsSupport: 'true'
InstanceTenancy: default
Tags:
- Key: Test
Value: Test
Metadata:
'AWS::CloudFormation::Designer':
id: 052446e9-ed29-4689-8eb2-2006482f7a65
IgCandidateEyMm7zuOcn:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Test
Value: Test
AigCandidateEyMm7zuOcn:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
VpcId:
Ref: vpcCandidateEyMm7zuOcn
InternetGatewayId:
Ref: IgCandidateEyMm7zuOcn
RtblCandidateEyMm7zuOcn:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId:
Ref: vpcCandidateEyMm7zuOcn
myRoute:
Type: AWS::EC2::Route
DependsOn: IgCandidateEyMm7zuOcn
Properties:
RouteTableId:
Ref: RtblCandidateEyMm7zuOcn
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: IgCandidateEyMm7zuOcn
subnetCandidateEyMm7zuOcn:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 192.168.1.0/24
MapPublicIpOnLaunch: 'true'
Tags:
- Key: Test
Value: Test
VpcId: !Ref vpcCandidateEyMm7zuOcn
Metadata:
'AWS::CloudFormation::Designer':
id: b9300540-4fb5-4a9c-a432-d12d9a78e08c
allowSSH:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: 'Allow SSH from Anywhere'
VpcId:
Ref: vpcCandidateEyMm7zuOcn
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
ansibleInstance:
Type: 'AWS::EC2::Instance'
Properties:
ImageId: ami-4bf3d731
KeyName: AWSCentOS7
InstanceType: t2.micro
SubnetId: !Ref subnetCandidateEyMm7zuOcn
SecurityGroupIds:
- !Ref allowSSH
Tags:
- Key: Name
Value: Test
UserData:
Fn::Base64: !Sub |
#!/bin/bash
pip install ansible
cd ~
wget https://s3.amazonaws.com/ansibledepot/web.tar.gz
tar zxvf web.tar.gz
Metadata:
'AWS::CloudFormation::Designer':
id: 63fffdde-e058-45ad-b2c8-7cf00fd54351
No comments:
Post a Comment