ちょっと修正しました。
改修箇所
1.AMIは最新のAmazonlinux2になる
2.BackendSubnetを追加
3.SubnetのAZを指定
AWSTemplateFormatVersion: '2010-09-09' Description: VPC,subnetx4(Frontx2,Backx2),Bastion Parameters: # SSH用キーペアの指定 KeyPair: Description: For SSH Type: AWS::EC2::KeyPair::KeyName BastionAMI: Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> Default: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" Resources: hogehogeVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/21 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' Tags: - Key: Name Value: hogehoge-VPC InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: hogehoge-VPC-IGW AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref hogehogeVPC InternetGatewayId: !Ref InternetGateway FrontendRouteTable: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref hogehogeVPC Tags: - Key: Name Value: hogehoge-VPC-FrontendRoute FrontendRoute: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref FrontendRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway FrontendSubnet01: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: AvailabilityZone: ap-northeast-1a CidrBlock: 10.0.1.0/24 MapPublicIpOnLaunch: 'false' VpcId: !Ref hogehogeVPC Tags: - Key: Name Value: hogehoge-VPC-FrontendSubnet01 FrontendSubnetRouteTableAssociation01: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref FrontendSubnet01 RouteTableId: !Ref FrontendRouteTable FrontendSubnet02: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: AvailabilityZone: ap-northeast-1d CidrBlock: 10.0.2.0/24 MapPublicIpOnLaunch: 'false' VpcId: !Ref hogehogeVPC Tags: - Key: Name Value: hogehoge-VPC-FrontendSubnet02 FrontendSubnetRouteTableAssociation02: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref FrontendSubnet02 RouteTableId: !Ref FrontendRouteTable BackendRouteTable: Type: AWS::EC2::RouteTable DependsOn: AttachGateway Properties: VpcId: !Ref hogehogeVPC Tags: - Key: Name Value: hogehoge-VPC-BackendRoute BackendSubnet01: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: AvailabilityZone: ap-northeast-1a CidrBlock: 10.0.4.0/24 MapPublicIpOnLaunch: 'false' VpcId: !Ref hogehogeVPC Tags: - Key: Name Value: hogehoge-VPC-BackendSubnet01 BackendSubnetRouteTableAssociation01: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref BackendSubnet01 RouteTableId: !Ref BackendRouteTable BackendSubnet02: Type: AWS::EC2::Subnet DependsOn: AttachGateway Properties: AvailabilityZone: ap-northeast-1d CidrBlock: 10.0.5.0/24 MapPublicIpOnLaunch: 'false' VpcId: !Ref hogehogeVPC Tags: - Key: Name Value: hogehoge-VPC-BackendSubnet02 BackendSubnetRouteTableAssociation02: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref BackendSubnet02 RouteTableId: !Ref BackendRouteTable bastionSecurityGroup: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: Bastion-SG VpcId: !Ref hogehogeVPC Tags: - Key: 'Name' Value: 'bastionSG' SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 1.1.1.1/32 bastionEC2: Type: 'AWS::EC2::Instance' Properties: # EBS設定 BlockDeviceMappings: - DeviceName: '/dev/xvda' Ebs: VolumeType: 'gp2' VolumeSize: 8 ImageId: !Ref BastionAMI # シャットダウン時の動作 InstanceInitiatedShutdownBehavior: 'stop' # インスタンスタイプ InstanceType: 't3.nano' # キーペア KeyName: !Ref KeyPair # 詳細モニタリング設定 Monitoring: false # セキュリティグループ SecurityGroupIds: - !GetAtt bastionSecurityGroup.GroupId # サブネット SubnetId: !Ref FrontendSubnet01 # テナンシー Tenancy: 'default' # バースト無制限の無効化 CreditSpecification: CPUCredits: 'standard' UserData: Fn::Base64: !Sub | #!/bin/bash yum -y update timedatectl set-timezone Asia/Tokyo localectl set-locale LANG=ja_JP.UTF-8 localectl set-keymap jp106 # タグ Tags: - Key: 'Name' Value: 'hogehoge-bastion' bastionEIP: Type: "AWS::EC2::EIP" Properties: Domain: vpc bastionEIPAssociate: Type: AWS::EC2::EIPAssociation Properties: AllocationId: !GetAtt bastionEIP.AllocationId InstanceId: !Ref bastionEC2