ちょっと修正しました。
改修箇所
1.AMIは最新のAmazonlinux2になる
2.BackendSubnetを追加
3.SubnetのAZを指定
AWSTemplateFormatVersion: '2010-09-09'
Description: VPC,subnetx4(Frontx2,Backx2),Bastion
Parameters:
# SSH用キーペアの指定
KeyPair:
Description: For SSH
Type: AWS::EC2::KeyPair::KeyName
BastionAMI:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
Resources:
hogehogeVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/21
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: Name
Value: hogehoge-VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: hogehoge-VPC-IGW
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref hogehogeVPC
InternetGatewayId: !Ref InternetGateway
FrontendRouteTable:
Type: AWS::EC2::RouteTable
DependsOn: AttachGateway
Properties:
VpcId: !Ref hogehogeVPC
Tags:
- Key: Name
Value: hogehoge-VPC-FrontendRoute
FrontendRoute:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref FrontendRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
FrontendSubnet01:
Type: AWS::EC2::Subnet
DependsOn: AttachGateway
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: 'false'
VpcId: !Ref hogehogeVPC
Tags:
- Key: Name
Value: hogehoge-VPC-FrontendSubnet01
FrontendSubnetRouteTableAssociation01:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref FrontendSubnet01
RouteTableId: !Ref FrontendRouteTable
FrontendSubnet02:
Type: AWS::EC2::Subnet
DependsOn: AttachGateway
Properties:
AvailabilityZone: ap-northeast-1d
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: 'false'
VpcId: !Ref hogehogeVPC
Tags:
- Key: Name
Value: hogehoge-VPC-FrontendSubnet02
FrontendSubnetRouteTableAssociation02:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref FrontendSubnet02
RouteTableId: !Ref FrontendRouteTable
BackendRouteTable:
Type: AWS::EC2::RouteTable
DependsOn: AttachGateway
Properties:
VpcId: !Ref hogehogeVPC
Tags:
- Key: Name
Value: hogehoge-VPC-BackendRoute
BackendSubnet01:
Type: AWS::EC2::Subnet
DependsOn: AttachGateway
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 10.0.4.0/24
MapPublicIpOnLaunch: 'false'
VpcId: !Ref hogehogeVPC
Tags:
- Key: Name
Value: hogehoge-VPC-BackendSubnet01
BackendSubnetRouteTableAssociation01:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref BackendSubnet01
RouteTableId: !Ref BackendRouteTable
BackendSubnet02:
Type: AWS::EC2::Subnet
DependsOn: AttachGateway
Properties:
AvailabilityZone: ap-northeast-1d
CidrBlock: 10.0.5.0/24
MapPublicIpOnLaunch: 'false'
VpcId: !Ref hogehogeVPC
Tags:
- Key: Name
Value: hogehoge-VPC-BackendSubnet02
BackendSubnetRouteTableAssociation02:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref BackendSubnet02
RouteTableId: !Ref BackendRouteTable
bastionSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: Bastion-SG
VpcId: !Ref hogehogeVPC
Tags:
- Key: 'Name'
Value: 'bastionSG'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 1.1.1.1/32
bastionEC2:
Type: 'AWS::EC2::Instance'
Properties:
# EBS設定
BlockDeviceMappings:
- DeviceName: '/dev/xvda'
Ebs:
VolumeType: 'gp2'
VolumeSize: 8
ImageId: !Ref BastionAMI
# シャットダウン時の動作
InstanceInitiatedShutdownBehavior: 'stop'
# インスタンスタイプ
InstanceType: 't3.nano'
# キーペア
KeyName: !Ref KeyPair
# 詳細モニタリング設定
Monitoring: false
# セキュリティグループ
SecurityGroupIds:
- !GetAtt bastionSecurityGroup.GroupId
# サブネット
SubnetId: !Ref FrontendSubnet01
# テナンシー
Tenancy: 'default'
# バースト無制限の無効化
CreditSpecification:
CPUCredits: 'standard'
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum -y update
timedatectl set-timezone Asia/Tokyo
localectl set-locale LANG=ja_JP.UTF-8
localectl set-keymap jp106
# タグ
Tags:
- Key: 'Name'
Value: 'hogehoge-bastion'
bastionEIP:
Type: "AWS::EC2::EIP"
Properties:
Domain: vpc
bastionEIPAssociate:
Type: AWS::EC2::EIPAssociation
Properties:
AllocationId: !GetAtt bastionEIP.AllocationId
InstanceId: !Ref bastionEC2
