CloudFormation example using EC2, SecurityGroup and S3 | Amazon Web Services | Tech Primers

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

most of the time when working with AWS we would have created ec2 instances or as three buckets manually and deleted them manually or stopped them manually what if we automate this by having infrastructure as a code let's try how we can use cloud formation inside AWS in order to create our resources on the fly let's get started [Music] place the bell icon on the YouTube app and never miss any a bit from tech friends before getting into the details of how to create a stack inside cloud formation let's look at the architecture diagram on what we are trying to achieve obviously we are present inside the AWS infrastructure we will be creating a easy to instance and we will be creating an Amazon s3 bucket also in order to log into this easy to instance we need to wrap this ec2 instance with a security group so that we can log into this particular easy to instance using a private key so I have already have a key pair created in my Amazon login and I will be using that particular key pair in order to log into the cc2 instance so we need to set that as well as a part of our provisioning and all these are done using cloud formation so cloud formation is a service provided by Amazon in order to automate our infrastructure provisioning inside the ablest platform so if you want to create destroy update instances automatically then you can use amazon's cloud formation and its template let's move on to the amazon AWS console and search for cloud formation so here it's a create and manage resources with templates so we are going to create a template in fact you can give a JSON file or a Ammal file or we can even design a template so here what we are going to do is we are going to design a template so I'm just clicking on the design template option or you can go to the create stack and then create it from there so first let's design the template and then create you have the create option here from the template directly so you don't have to worry about creation of a stack and then designing a template so let's design a template first so here there's something called two source types where you have different Amazon resources so here I'm going to select the ec2 for our reference I'm going to click and drag the Amazon ec2 instance and here you have a name provided I'm going to name it as easy to instance so once I rename it I need to refresh this UI and then I can add my settings here so then we need a s3 bakit right i will just add as three bucket as well we need an s3 bucket under it can rename this as s3 bucket again we need to refresh this so we got a s3 bucket we have a ec2 instance and notice that there are different sections here properties metadata deletion policy then depends on then condition right so here if you go to the tab called template this shows the complete template of the AWS CloudFormation so in this particular cloud formation we have different resources and stuff let's see how we can create this template from scratch here we have created using the design option but let's try creating this template from scratch and then we can put the template there in order to create our image so let's create a JSON file I'm going to create the template using JSON notation so let's create a JSON file so I'll just call this as decent you can get the template from the github link so I'm going to push this into github so that you can directly get all the CloudFormation templates which I show in the video so the skeleton of the cloud formation template looks something like this so you have something called as a tubeless template format version where you have a version mentioned here the version which was dated to 2010 and there are different sections called parameters mappings resources and outputs so parameters is a section where you can ask user to give different inputs based on which you're resourcing can change so the CloudFormation template is nothing but a template for you to provision your resources so in order to change the type of resources or a type of provisioning then you have this option of parameters where you can set different parameters by the user when they trigger or create a stack so in our example we are going to add some parameters here so I already have the templates loaded as a part of my live template in IntelliJ C this is the live template in IntelliJ I've already loaded some of my parameters and my reusable templates so that I can easily get that for you so if I click this so this is my template so by default I have something called as key name then instant type and SSH location so these are three different parameters which I'm going to ask user to enter the key name would be the key pair because at runtime I'll be able to select the key pair which I want to assign to my ec2 instance so we need to already create a keeper inside ec2 instance and then you can download the private key so that you can log in to the ec2 instance when you assign this particular security into the security group instance type is where you will have to select what type of instance it is whether it is T 1 dot micro T 2 dot Nano etc the size of the instance which matters so you can create different instance types based on your need and finally SSST location so which IP address should be allowed to log in to this medical-grade ec2 instance because dynamically you don't want to allow everybody to log into the sea instance so we want to select a specific IP address by default it allows everything but yeah so these are the values which are provided for each of these four instance type if you notice there are different allowed values in fact you can remove these values and you can allow only a subset since this is the template you can control the whole template so let's say I am going to remove all my allowed values and I am going to allow user to create only two types of values either T 2 dot Nano or P 1 dot micro and I have by default given the name as Nano and this should be visible in the parameters list when we create the stack in the console so the next section is the mapping section so using the mapping section we can map different values based on whatever we selected in the parameters for example when we select e 2 dot macro and based on the particular availability zone or the region which we are in different image can be applied to an ec2 instance so in order to create a ec2 instance we need images and based on the architecture types on the image we need to provide an image ID so image ID is nothing but the image name inside the Amazon infrastructure of the marketplace so we are going to add mappings for that in the magnet section so let's minimize this parameter section and let's go to the mappings so these are the different mappings which I have loaded again so this is all retrieved from the Amazon website so I have got all the mappings for the different regions and their architectures so for example here there is a section called a tubeless instance type 2 architectures or what is the type of architecture which particular for this particular easy - instance so we have provided only T 1 dot micro and T 2 rot Nano so I am going to remove all these totally so - instance type mappings because we did not provide them in the parameters so let me remove them from here the next one is the regional mapping so once we have selected the different architecture types we need to identify what is the image based on the region so for example if I'm the plumber application is used East one for the HV M 64 this is my image so I'll be using this particular image when I'm using t1 micro same way with other configurations as well so that is this particular mapping I'll leave the regional mappings as is because I have so many different regions so you can have different images per region so the next section is the resources section this is where the ec2 and the s3 information should be added so for that as well I already have the template so I will just use that template resource and I have ec2 so once I select ec2 you can see there is a section called ec2 instance so this is the name of the instance which I am providing you can name it - anything else you want and there are some properties inside so these properties are where it says instance type there is a reference to the instance type which is mentioned in the parameter section here so in the parameter section we had an instance type this is exactly the same name what will be referencing here so whatever user selects in the parameter section from the stack will be applied to this particular easy - instance when we are creating it and so that is what this section is the next section is the security groups so this is the security group which we need to assign in order to give access to our ec2 instance so we will look at this particular reference below in a while meanwhile there is something called key name so key name is nothing but the key value pair which will be assigned to this ec2 instance so this is again the name which we have assigned here the key pair which user is going to select at the runtime and finally the image ID so this is where the mappings are going to help because we need to map whatever the user selects based on that and the region as well so that is what this particular says so we have different maps and we have loaded different regions and instance types based on the instant type the user selects the corresponding image ID will be loaded into this particular section so this is the syntax product right it's just adjacent the way we defined Jason so that Amazon can identify which map it can get from so the next section is a security group which we have defined here so security group is where we will be mentioning what are the rules for my ingress and the egress so in vs. my inbound traffic to this particular easy to instance so here we are assigning as such location and this SSST location is enable only for the ports 22 and the reference for that is mentioned here in the parameter so whatever IP address we will be allowing in that will be coming in from this particular section on to this particular security group so that is how you create a ec2 instance by assigning a security group and these are the syntax is for it so the next section we want to create is the s3 bucket because we wanted to s the s3 bucket right so I will just do that I just selected s3 bucket option as well so this is going to create a s3 bucket and I'm adding a dependency to the s3 bucket this is to make sure that I don't create things in parallel I just want to show you how you can create dependencies between these resources all these are resources right easy to user resource s3 bucket is a resource so we want to wait until the ec2 is done and that's when I create a bucket I'm not going to add anything to the bucket right now but we just want to show the dependency to the resources if you don't add the dependency then automatically the ec2 instance and the s3 bucket will be created in parallel so this is how we do it for dependencies and finally we are done with the resources that's what we designed right so we wanted to have s3 and the Amazon ec2 instance along with the security group so we have done that however I need to see one of my values when they A's are created right so there is a section called outputs where you can pull in something from these resources which are created or provision and you can show it up separately so I'm going to have some default term for that as well so I'll just say I wanted 4 different values the first one is the instance ID instance ID is the name of the ec2 instance which gets created and the availability zone is what something we want to look at so I want to retrieve the availability zone inside that particular region to be retrieved and the Public DNS which is what we'll be using for connecting to this particular ec2 instance and finally the IP address of that particular DNS so these are four outputs which I want to see it after the cloud formation template has run or provisioned so we are done with our template so this is the complete template notice that I have a plug-in in IntelliJ which just validates all this right so let's say if I don't have any of these like how we saw initially right if I have this skeleton it shows that I need to have something declared in the parameter section so this is how the cloud formation plug-in is helping us in identifying if there are any issues in the JSON file so I'm going to copy this file and then add it into my design template here so this is the design page which we saw some time ago where we just drag drop some stuff here I'm going to replace my existing content with this new content which we created and the moment i refresh this will get reflected on to my UI so see that there is a section here which got created so see notice that there is s3 bucket and there is this arrow mark which is depends on so we define that is depends on right so we added it depends on clause from the s3 bucket so that it can depend on ec2 and the security group is assigned for an ec2 instance and that is what this arrow mark mean so we have a security group and we have an ec2 instance which is linked with the security group so this is how a design template is created using a cloud formation template so we created the template and then the design got created you can download this image by clicking on this download option and this is going to download a PNG file for us and this will show the exact image whatever we have created here so in fact I can download this and then add it into the template so that we can use it in the github link so download the template now in order to create the stack I can click on this create stack option so the template will be loaded from here directly onto the stack however if you want to upload a JSON template manually you can do that as well so I'll just show you how to do that so here see that our file got uploaded automatically to s3 and then we are getting it created from there however you can choose the file by uploading it from your local so we already have it in local but we created it using design still I would go ahead and use this design so here we are providing a stack name in order to provide a stack name you can make it meaningful I'm going to provide a meaningful name called as s3 ec2 security group because I know this is going to create my s3 in bucket ec2 instance and security group and see that these are the parameters which we provided in the template so there were three parameters key name instance type and SSH location and those are the ones which got listed here see right the there are only two options here if I change the template with different parameters then I will have different parameters so this is controlled by us so the whole mplet of creation of a stack is all controlled by us so let's select our existing key perhaps a I already have a key pair created under my ec2 instance so you can create a key pair from the ec2 instance here and go ahead and create one from the key pair option so here say already bear here so I'm going to use it now coming back to the UI here I'm allowing everybody to log in so right now I want to test it I don't want to get my IP address and post it here in this video so I will just say allow everybody to log into this ec2 instance and I will shut it down later my so I will just set this for now but you can have restricted IP address here I'll click on the next option here there are some tags which you can add so I'll just name a tag for example YouTube that primers I'll just add some tag so that you guys can see this in the ec2 instance the next one is some I am roles if you want to provide some roles you can assign that I don't have anything I don't have any trigger I don't want to have any cloud watch alarm you can do that as well I don't want to do any of these I'll just click on the next option and here I should be able to create my stack I'm just hitting the create option and I should be able to refresh this so he noticed that the status of this particular stack which we created is create in progress so stack is nothing but your collection of provisioning which you have created from a single template so let me refresh it again and see what is the status if I go and say the stack I can see different events I should be able to see different even see this there is a event called creation in progress for stack then there is a creation complete for security group so our security group got created and the instance easy to instance is getting created so let me quickly go and check my ec2 instance yep I can see one in situ instance running see this I selected the nano option t2 Nano and it's already created right awesome so this is our security group again let's go to this particular UI and then I will refresh this so my s3 bucket is getting created now so our ec2 instance is successfully created our security group is created and now AC s3 bucket is getting created and see there is an option to see our template whatever we loaded here there are different tags barometers whatever we set so the parameter shows whatever we had set t to rot nano and the key name and our SSH so let's refresh this again and then see if it is done yep the creation is complete so we have successfully created our CloudFormation template stack and let's go and check right yep so we created a bucket we created a ec2 instance and we created a security group now let me try login to this ec2 instance and then see if you are able to connect to this and then confirm that our security group is working so if I click on the connect option it shows me with the command which I can use to connect so I will just use this I already have my terminal up and running here so I'll just use the command to login to this particular ec2 instance and it's allowing me to log in yep successfully I'm into my ec2 instance see this I am logged into the ec2 instance with ec2 - user so that is the default user on any ec2 instance so I can see different processes which are running in this right so I'm able to log in to the ec2 instance so looks like my security group is successfully working and I can close this right so coming back to the stack coming back to the cloud formation template so there is a new UI which amazon has created so there is an option try it out oh I just feel bad so I will click on this this has now taken us to the new UI which amazon has created for the cloud formation and see that the UI is slightly changed and this is how it shows initially it was showing up in a stack manner now it shows up in the form of tabs so you can see different events here it's exactly the same but the UI is just revamped right so there is a creation progress which happened in there was a creation complete for the instance security group then for ec2 instance we had a create in progress and creating create complete event same with the s3 bucket if let's say there was an issue with the s3 bucket the whole thing will be rolled back right so let's go to resources so the resources tab shows up what are the different resources which got created so if I click on this easy it will directly take me to the ec2 instance which got created as a part of this particular CloudFormation template see this is what got created same with the s3 bucket and the security group so if I go to the security group again it's getting loaded so this is the security group which God created as a part of the template and this is the bucket which got creators if I go to as an s3 so this is the bucket which God created the s3 ec2 security group which we created and there was a section called outputs where we mentioned I wanted for particular values and these are the values which are retrieved see that there is a key and there is a value based on the runtime data this value is generated and provided for us if the availability zone is completely different then it will be showing a different value so this is the instance ID instance ID and the IP address so if I try to update this particular stack these information will be changed because it'll be creating a new ec2 instance so let's try doing that see these these are the parameters and this is the template now in order to update the stack I'll go to actions and click on update stack so here I want to use the existing template but I want to provide a different parameter so here I'll go and select P 1 dot micro instead of T 2 dot nano I'm going to create a p1 dot micro so now what will happen the existing instance will be deleted and then these stacks will be updated so I'll use the exact same information and go into a next there is an option now so here there is something called chain set preview so Amazon provides a snapshot of what will happen if you update this new stack so this new stack says modifying in a ec2 instance so this is a conditional replacement which basically means it's going to replays our instance so I want to do that I'll just click on update stack so this does like a diff so that's the change set basically so here I can see even so I can refresh this option here notice that my terminal is throwing error because it has got logged out of the ec2 instance he says the system is going down for power off because my ec2 instance has got terminated looks like there was a problem see that when I updated this particular ec2 instance it got a rollback command because I cannot update my instance to micro from my free tire because I have a free tire so this is a free tire account I cannot upgrade my instance to micro so that is why the update failed and notice that the rollback also got triggered so this is how a rollback happens so what happens the configuration will be updated or rolled back to the existing configuration for example t2 got Nano so this is what I wanted to show you because in my free tire I can create only a nano instance I cannot create a micro instance so that's why the update failed right so and the error says there is an unsupported error support please check the documentation for suffered confusion because in my free time I don't have access to create a micro instance type and my count CloudFormation template got intelligent and it's rolling back to my existing one so let's see if the rollback is complete yep the rollback is complete now we should be able to see things running right so see that it's still running but with a different IP address and a different public DNS name now if I want to delete everything in one go right I don't want to stop them one by one because I don't know how many things got created right so you can directly click on this particular stack and then go to actions and then do a delete stack so if you click on this delete option all my resources will be cleaned up so I'm going to click click on the delete so that it can clean up all my resources so if I go to the ec2 console I can see here see my instance is getting shut down because I have delete my incense is getting sharam so this is how you can use AWS CloudFormation template in order to automate your creation updation and deletion of your infrastructure provisioning if you want to get the template which I have used to go to the github link and then get it from there if you have any doubts with respect to a doubles cloud formation or something similar do mention that in the comment section below if you want me to make a video on something else do mention that as well as always if you liked the video go ahead and like it if you haven't subscribed to the channel go ahead and subscribe to it meet you again in the next video thank you very much [Music]

Info

Channel: Tech Primers

Views: 36,182

Rating: undefined out of 5

Keywords: techprimers, tech primers, what is cloudformation, what is cloud formation template, usage of cloudformation, cloudformation template tutorial, cloud formation to launch EC2, cloudformation for beginners, how to create EC2 using cloudformation, create EC2 using cloudformation, create security group in cloudformation, amazon web services, aws primer

Id: Zz5xljI1gn8

Channel Id: undefined

Length: 26min 16sec (1576 seconds)

Published: Tue Apr 02 2019