How to Create a VPC Using Cloudformation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome back to another lecture in this lecture we will use cloudformation to create a vpc with public and private subnets in two different availability zones before you create a cloudformation template of any aws service i recommend that you know how to create that service using the management console once you know how to create that service using the management console then you can use the same steps to create that service using cloud formation i'll leave a link in the description on how to create a vpc using the management console we're also going to use this reference architecture to create our vpc so let's start to start i want you to open your text editor i am using the sublime text editor and i'm going to leave the link in the description once you've opened your text editor the first thing we are going to do is save our file you can create a cloudformation template using two different file formats the first one is yamo and the second one is json we are going to be using the yamo format for this lecture so to save my template i'm going to select file and i'm going to select save as then browse to the location where you want to save your template i'm going to select this folder and in here i'm going to type vpc dot yaml y-a-m-l so once you type vpc.yaml click save and we have saved our file format as yemo you can see it up here that's the first thing you need to do once you have saved your file the next thing i want you to do is open google i'm going to open google in google type cloud formation documentation and press enter and under your search results select the aws cloud formation documentation then select user guide and on this page you will find all the information you need to create your cloud formation template to create a cloudformation template for our vpc i want you to select working with templates i'm going to select that arrow and that drop down then i want you to select template anatomy i'm going to select it your template anatomy is the different sections that you can have in your class formation template and i'm going to scroll down to the yamo and this is the yamo version for the different sections you can have in your template and if you scroll down in here you can see the different sections that we have up here they are listed down here and for the template version it is telling you it is optional description is optional metadata is optional perimeters is optional rules is optional mapping is optional and so on the only section here that is required is the resource section so anything that is optional it is saying that even if you don't include that in your template you can still create your resources the only section you need to create your resources is the resource section so scroll back up to start our vpc template the first thing we are going to do is just copy all this section i'm going to click this here to copy it and come to your text editor and paste it in there and maybe what i'll do is i'll dock this side by side so you can see what we are doing to create our vpc the section we are going to include is the template format the description metadata perimeters and resource and output so for this transform to rules you can delete those select everything and delete it and i'm going to move this up here to clean this up a little bit i'm going to delete those things under and so make sure you delete the information under it i'm going to delete that i'm going to delete this i'm going to delete this and i'll delete this as well once you've deleted those information you should have this and what we are going to do is start building this template from top to bottom the next thing i'm going to do is i'm just going to delete this little dash theme you don't really need it so this is what we have the first information we are going to add to our template is the template version so again scroll down on this page select format version all the information you need for your format version is this information so there is only one format version now and it is this 2010909 so you can just copy i'm going to copy it and just come under your version and paste it in there and that's all you need to do we have add the version for our template for description i'm going to click back and on this page i'm going to select description for the description section the description section enables you to include comments about your template since we are going to use this template to create a vpc i'll type this template creates vpc with public and private subnets i'm going to click in there and space and start typing my comments and once you've typed your comments that's all you need to do for the description we have completed that section we are going to skip the metadata section for now and create our perimeters i'm going to explain the reason why we are doing that in a bit but for now let's create our parameters so i'm going to go back to the documentation and go back and on this page i'm going to select parameters you can use the perimeter section to customize your template in this lecture we are going to use the perimeter section to enter the cider block for our vpc and subnets this is the reference architecture for this vpc our vpc has a cider block of 10.0.0.0.16 and we also have some slider blocks for our subnets we are going to use the perimeter section to enter this information so i'm going to minimize it and in the aws documentation scroll down down here you will see the yamu format for perimeter this perimeters right here represents this so the next thing you need to create is a perimeter logical id your perimeter logical id is just any name you give to that parameter so this part you make it up so for example we want to create a perimeter logical id for our vpc cider right so what we'll do is in your template i'm going to click there and press enter when you press enter it will indent it for you so make sure you have the indent in there that is very important so in here you can type your logical id in there so the first parameter we want to create is for our vpc slider in here i'm going to type vpc insider and again this is a name you are making up is not any name that is specific to anything in the cloud formation documentation this is a name you are making up yourself and once you've entered what the name of that perimeter will be press enter again and the next thing you can enter is some properties you want to include in that perimeter for this perimeter we are working on some other properties we can include is and if you scroll down you will see some other properties down here the first property we are going to use for this vpc slider is the default so in my cloud formation template i'm going to type default in there as you see it in the documentation and this is how you specify it and i'm going to press space and for your default value you can leave it empty or you can put something in there for our vpc our vpc has a cider block of 10.0.0.0.16. so we can put that value as our default value i'm going to type that value in then press enter next we are going to add another property for our vpc slider parameter so in the documentation i'm going to scroll down the next property we can add is the description so in my template type description in there then i'll click space a description property is just the description for this perimeter so in here we can type something like please enter the ip range for this vpc and once you've entered your description press enter and the last property we can enter for this perimeter is the type of value this perimeter will accept so if you scroll up you will see the type properties there so i'm going to type it in here then in the documentation if you scroll down to see information about all these different properties you can read them here so i'm going to go to the type and on that type you'll see the different values you can enter for this example we are going to use a string if you don't understand what any of this mean you can leave a comment or you can read the documentation the documentation is pretty clear on what this means we want our data type to be a string so in your cloud formation template type string in there and this is all we need to do to create that perimeter for our vpc slider block next let's create another parameter for our public subnet one so if i look at our reference architecture our public subnet one has a cider block of 10.0.0.0.24 so i'm going to minimize this and press enter and press enter again and press the backspace to come to the beginning so what you want to do is you can just copy this parameter you created i'm going to copy and i'll go back down here and i'm going to paste it in there so when you paste it make sure it lines up with the vpc slider so from here all you have to do is just modify it we can modify the logical id and change it to public subnet one slider then we can modify our default value i'll change this to 24 then we can also modify our description so our description should say please enter the ip address range for the public subnet one i'm going to delete this at the end and i'll type the public subnet one and this is all we need to do to create the perimeter for our public subnet one slider block let's create another perimeter for our public subnet to cider block so in here you're going to enter press enter again then come to the beginning then copy this perimeter and come back down here and paste it in there and all you have to do is modify it we are going to change this to subnet 2. the slider block for our public subnet 2 is 10.0.1.0.24 so we can change it in here 10.0.1 change that to 1. 1 0 24 then under the description we are going to change it to public subnet 2. and that's all you need to do to create your perimeter for public subnet 2. now for the first assignment i want you to finish the perimeters i want you to create the perimeters for the remaining subnets so we still have to create the perimeter for the cider block of private subnet one private subnet private subnet 3 and private subnet 4. so pause this video and create the parameters for those subnet cider blog so i hope you've paused the video and complete this assignment on your own this is one of the ways you can learn how to build a cloud formation template so instead of typing with me i want to give you pretty much a concept of how to create one to create the next perimeter for private subnet one i'm going to copy this then i'm going to press enter and press enter again and press backspace to start at the beginning and i'm going to paste that in there and all you have to do is modify this information we'll change this to private subnet one then we'll change our slider block to 10.0.2 dot 0 24 then we will change our description to private subnet one this is all you need to do to create the perimeter for the private subnet one slider block i'm going to copy it and press enter enter and go back and paste it down there and change this to private subnet 2 and also change the sider block to 10.0.3 and change the description to private subnet 2. we are going to press enter again press enter backspace paste it change this to private subnet 3. change the slider to 10.0.4 and change this to private subnet three and next we are going to create the perimeters for our private subnet for cider block again i'm going to come down here press enter press enter again backspace i'm going to copy this and paste it down there and just modify it change that to 4. and modify the slider block to 10.0.5.0.24 and we are going to change our description and this is all you need to create a perimeter remember you can add different properties to your perimeter and if there is any type of parameters you are trying to create you have all these different properties here you can add to it let's create another perimeter and this perimeter will be used to specify the ip address range that can ssh into the ec2 instance in our vpc i'm going to call this parameter ssh location and i'll include it in the description so copy this perimeter and paste it into the list of your perimeter i'm going to come here press enter press enter again i'm going to go all the way to the beginning and i'm going to paste it in there so this is what the perimeter looks like under this perimeter again we have add some properties which you can find those properties down here and for allow pattern we have specified the type of pattern that this perimeter is going to accept this allow pattern is saying that this perimeter is going to accept digital value from one to three digits slash period digital value from one to three digits and so on so that is how you enter the allow pattern for this ssh location then we enter the constraint description this is just to help the user know what this value is asking for then we also enter the default value and we enter the description for it then we specify the maximum length this parameter can be and we also specify the minimum length then we specify the data type which is a string so copy this from the description and paste it into your list of perimeter once you've done that i want you to save your template i'm going to save it the next thing we are going to do is create our resources so come to the cloudformation documentation and scroll down until you find template reference select template reference then select the first option which is resource and property reference i'll select it in here you can see this section contains reference information for all aws resource and property types that are supported by aws cloud formation so any resource you are trying to create you'll find that resource here and the property type remember i said earlier that before you create any service in cloud formation make sure you know how to create that service using the management console then whatever steps you use to create that service in the management console you can use the same step to create that service in cloud formation for example i have created this list and this list contains all the steps we use to create our vpc in the management console we are going to use these steps to create our resources in cloud formation to start the first resource i need to create is a vpc i'm going to minimize this then in the cloud formation documentation i'm going to scroll down and look for ec2 and these are in alphabetical order so i just need to scroll to e ec2 is here i'll select it and in here you will find the aws resource type the resource type always start with aws in this case ec2 and the type of resource we are trying to create and these are also aligned in alphabetical order based on the resource type we are trying to create so in our case we want to create a vpc so i'm going to scroll down all the way to v until i find the vpc you can see it here aws ec2 vpc select it and let's scroll down to the yaml format and in the yaml format this is what the syntax looks like to create your vpc these are all the properties that are configurable under this vpc results and it also tells you the type of value it takes and if you need more details on any of this information you can click on it or scroll down here you will see the definition down here for our vpc resource we are going to use all these properties but depending on the type of configuration you are going for in some case you may not need to use all these properties for the resource type and properties that we are going to be using in this lecture i've created this template for you and this template pretty much just contains this information so for every resource we are going to create i've added the resource type and the properties we need for that resource and this information for example for the vpc is pretty much the same as this you can download this template from the course description to follow along to start i'm going to copy my vpc resource i'll copy it in your resource press enter and press backspace to the beginning and paste that vpc resource in there going to paste it once you have pasted your vpc resource now we can start entering our information the first is our cider blog remember we created our cider block up here so down here we are just going to reference this cider block that we created up here to reference perimeters and other resources in your cloud formation template you need to use what we call an intrinsic function so in your cloud formation documentation scroll all the way down i'm going to scroll all the way down and look for intrinsic function you'll see it right here i'll select it and in here you have all the intrinsic function that you can use to reference various attributes in your cloud formation template and if you need more information on them you can select it to get more information the intrinsic function we need to reference our vpc sider block is the ref one i'm going to right click to open it in a new tab then i'm going to go to that tab and in here scroll down and for yamu you'll see the syntax type so what we need to do is use the exclamation mark we'll type ref and the name of the resource we are trying to reference so in our cider blog type exclamation mark then type ref space then we are going to enter a dpc slider and this is how you reference a perimeter in your cloud formation template so what we are saying here is whenever this cloud formation is creating this vpc resource for decider block reference whatever value we put in this perimeter so that's what that is saying for the next property enable dns hostname that value is a boolean so what that means is it can either be true or false in there we are going to type true because we want to enable it then for enable dns support we are going to type through in there as well for tenancy we can either have dedicated or default so in here we are going to type default and for our tags for the key we are going to add name and for the value we are going to enter the name we want to give our vpc i'll call my test vpc and this is all you need to do to create your vpc resource the next resource we are going to create according to our list is the internet gateway so again you can scroll back up in here and select template reference and select resource and property reference and remember you look for the ec2 resource and in here this is sorted in alphabetical order so we want to look for internet gateway you can see it there i'm going to select it and if you scroll down under yaml you will see the syntax to create an internet gateway you can also find this syntax in the template that i provided to you so in the template i'm going to copy it here create internet gateway copy that syntax then i'm going to come back and after your vpc tag value press enter press enter again and press backspace all the way to the beginning and paste that syntax in there i'm going to scroll down for our internet gateway the only property we need to enter is our tag so for the key i'm going to type name and for the value i'm going to enter test internet gateway and this is all we need to enter to create our internet gateway the next resource we are going to create is attach this internet gateway to our vpc so again i'm going to open my reference template or you can look for it in the documentation the syntax that i have in the reference template came straight from the documentation so to make it faster you can use the reference template and if you need any information on any of the resource or properties that you don't understand you can look for them in the documentation and a fast way to look for a resource in the documentation is for example if i copy this vpc resource copy it and come to google and just paste it in there under your search results you can see it here it is the aws ec2 vpc which is exactly what i paste in there if you select it it is going to take you to the exact location of that resource in the documentation so sometimes this is the way i do it i'm going to close this and i'm going to open my reference template and so what i'm going to do now is i'm just going to dock this next to that so i can go back and forth so now i'm going to copy the attach internet gateway to vpc resource and i'm going to come back to my template and come down here press enter press enter again go all the way to the beginning and paste it in there once you have pasted the attached internet gateway resource under the properties we need to reference our internet gateway id to refresh your internet gateway id you will use the ref so again exclamation mark and ref then you are going to enter the logical name of your internet gateway which is right here so in here i'm going to type internet gateway so remember this logical name we explained it in the perimeter this is just a name you make up for example vpc internet gateway internet gateway attachments these are the names that i made up you can call them anything you want so when you are referencing them in the resource property for example my internet gateway make sure you are referencing whatever name you give your internet gateway up here next we are going to enter our vpc id so we are going to do the same thing exclamation mark ref and we enter space and we want it to reference our vpc so you type vpc there and again the vpc name is the logical name of myvpc the next resources we are going to create is our public subnet one and public subnet two so again i'm going to come here i'm going to copy my public subnet one and come back here i'm going to press enter and press enter again i'll go all the way to the back and paste it in there once you've pasted your public subnet 1 resource now we can start entering the properties for our public subnet one the first property is availability zone to reference an availability zone you are going to use an intrinsic function so i'm going to scroll down again and go to my intrinsic function and down here i'm just going to open it in a new tab the intrinsic function you are going to use to get your availability zone is the select and the get easys and if you need more information on what those syntax looks like you can select it and scroll down to the yaml and you'll see what it looks like and in your cloud formation template this is how you're going to enter it this is how you reference an availability zone in your cloud formation template let me explain what it means so when you launch this template in any region the select is going to select a list of availability zones in that region and once it asks the list of availability zone you are telling me to select the first item on that list so what this zero means is that and i lend this in python let me open something imagine you have a list and this is the list of your availability zone in that region so when you have 0 in your template cloudformation is going to select the first availability zone of that list and this is how indexing work based on which number you put in your template cloudformation is going to select the item that falls under that index so that's what we are saying in here we are saying once you get the list of availability zone pick the first availability zone on that list so the next one we are going to enter is our cider block and we are going to use the ref and we are going to reference our public subnet one cider block which is up here so whatever logical name you give to your public subnet one that is what you are going to enter down here and the next one is my public on launch for that option we are going to type true and the next one we are going to add is our tag again we are going to give it a name and the value is going to be public subnet 1. for our vpc id we are going to use the exclamation ref again and we are going to enter the logical name of our vpc and this is how you create your public subnet one using this public subnet one as an example i want you to create the public subnet tool by yourself and the hint i'm going to give you is use the reference architecture and remember for your public subnet too you are putting it in a second availability zone not the first one so pause this video and create the resource for your public subnet too to create the resource for my public subnet 2 i'm going to select the resource here copy going to come here and i'm going to press enter and press enter again press backspace i'm going to paste it in there and i'm going to enter the properties for my public subnet too for the availability zone we are going to use the select and get azs function and it looks like this and this time remember we are putting it in a different availability zone so now we entered one because we are selecting the item at index one so at index one we want to select the second availability zone in that region so that is why we have one in here for our cider block we are going to use the ref and we are going to reference our public subnet 2 up here cider so just type public subnet to cider under mapping at launch we are going to enter true under tag name we are going to enter name and for value we are going to enter public subnet too and for our vpc id we are going to use ref again and this is how you create your public subnet 1 and public subnet 2 in 2 different availability zone the next resource to create is our route table so i'm going to come in here and i'm going to copy the resource for my route table i'm going to come back in here and paste it in here and we are going to enter the properties the properties we need to enter is the route table name we will enter a name and for the value we are going to give it let's call it public route table and for our vpc we are going to use the rev function the next resource we are going to create is adding a public route to this route table to do that i'm going to come here i'm going to copy the syntax for that resource i'm going to come back to my template going to come down press enter and paste it in there and for the properties we need the destination cider block for the destination cider block that is always going to be 0.0.0.0 i'm going to enter it and for our internet gateway id we are going to use the ref and we are going to specify our internet gateway which is up here and for our route table id we are going to do the same we are going to use ref and enter our public route table the next resource we need to create on our list is to attach the public subnets to the route table to do that again i've entered the resource in here for you and again all this resource they came straight from the documentation so copy this i'm going to copy come back to my vpc template i'm going to press enter go back and paste it in there you can see the resource type which is subnet route table association so the first property we are going to enter is the id of our route table we are going to use the ref function and we are going to be referencing our route table which we call public route table and for our subnet id we are going to be referencing public subnet one remember when you associate your subnet with a route table you have to do it one by one so in this resource we are associating public subnet one so for the subnet id i'm going to reference my public subnet one so again in here i'll type ref public subnet one next we are going to create the resource for our public subnet tool association i'm going to go down i'm going to come back here i'm going to copy it and come back to my vpc template i'm going to paste it in there and route table id are going to reference our route table and for subnet id we are going to reference our public subnet tool and if you look in our logical id you will see we are saying public subnet to route table association my rules for creating a logical id or logical name is i try to make it as descriptive as the resource i'm creating so for subnet id i'm going to enter ref public subnet2 the next resource we are going to create is our private subnet so i'm going to come in here and i'm just going to copy all the resource for my private subnet i'll copy all this up to private subnet one so you should have private subnet one private subnet two three and four i'm going to copy them and go to my template and i'm going to press enter i'm going to press backspace and paste them in there and for my private subnet one we are going to enter the properties again for the availability zone you can use the same information as your public subnet one you know why because those two subnets are going to be in the same availability zone so if i open our reference architecture you can see our public subnet one and private subnet one are in the same availability zone so all you can do is just copy this and come down there and paste it in here for the cider block of our private subnet one we are going to reference the perimeter we created for that private subnet one sider and for map ip on launch we are going to make it false because this is a private subnet and the instances in it should not have an ip address we are going to enter our tag we'll specify the name and for the value use the same description as our reference architecture so enter private subnet one this little dash and app here so i'm going to enter that in here and for the vpc id we are going to use the ref and this is how you enter the information for the private subnet one for your next assignment i want you to finish creating the rest of this private subnets so you have to create private subnet 2 private subnet 3 and privacy of net4 make sure you use the reference architecture if you are lost so remember private subnet 2 is in the second availability zone private subnet 3 is in the first availability zone and private subnet 4 is in the second availability zone also remember the description for each subnets so make sure you are entering the tags properly and you are also referencing the right side of log so pause the video and try to create the rest of the private subnets on your own for your private subnet too make sure you are putting it in the availability zone at index 1 and make sure you are referencing your private subnet to cite a block and my public ip is going to be false and you are going to enter your tag name private subnet to app tier and reference your vpc for private subnet 3 make sure you are selecting the availability zone at index for the cider block you are going to reference your private subnet three sider for my public ip again it is going to be false for the tags you're going to give it a name private subnet 3 database tier and for private subnet for you are selecting the availability zone at index one you are going to reference your privacy subnet for slider it is going to be false for my public ip and for your tag it is going to be private subnet for database tier the final step in our list is to create security groups in our vpc we are going to create security groups in our vpc for application load balancer ssh ec2 and rds to start let's select our reference template i'm going to select my reference template and i'm going to copy the application load balancer security group so copy the first one and come back in your template and i'm going to come down here press enter and paste it there once you have pasted we are going to enter our properties for this security group and again if you copy the resource type copy and in google you paste it in there press enter you select that you can get more information on how to create a security group so for the group description that is just a description for this security group we are going to use the security group for our application load balancer and for our application load balancer we always enable traffic on http and https so we can enter that as a description so i can enter something like this under security group ingress in there we are going to type tcp for the protocol on the front part we are going to type 80 on the 2 part we are also going to type 80. for the sider the slider is going to be 0.0 under ip protocol we are going to type tcp again on the front part we are going to type 443 and the two port we are going to type for 443 and the sider ip is also going to be 0.0.0.0.0 we are going to add a tag and i'll call it application load balancer security group and for vpc id we are going to reference our vpc so what the security group means is that this security group is going to allow internet traffic on port 80 on tcp protocol and it is also going to allow internet traffic on port 443 on a tcp protocol so that's pretty much what the security group means let's create our second security group for our ssh again i'm going to come in here i'm going to copy the ssh security group i'm going to come down here and paste it in there give it a description and i'm just going to call it ssh security group and under security group ingress for the ip protocol it is going to be tcp on the front port it is going to be port 22 to port it is going to be port 22 and for the sider ip remember we create an ssh location perimeter up here and this perimeter allows us to specify the ip dac and ssh into our ec2 instance in the vpc so we are going to reference that ssh location in our ssh security group so for this slider ip reference that ssh perimeter then we are going to enter our tag and for value you can call it ssh security group then for vpc id we are going to reference our vpc next we are going to create the security groups for our ec2 instance i'm going to come back to my reference template and copy this i'm going to come back to my vpc template and paste it in there and we are going to enter our description the description for this security group should say something like this security group is going to allow internet traffic from the application load balancer and ssh traffic from the ssh security group so enter your description and if you don't understand why we are making our security groups this way i'm going to leave a link in the description to the video i created on security groups and how to control traffic with your security groups so for the ip protocol we are going to type tcp on the front part we are going to type 80 to part we are going to type ad as well for the source security group id we are going to reference our application load balance as security group because we only want our ec2 instance to accept internet traffic from our application load balancer so i'm going to reference my application load balancer security group for the ip protocol we are going to enter tcp again on the front we are going to enter 443 and 2 we are going to enter 443 and the source security group id again we are going to enter our application load balancer security group and this information we are entering is equivalent to when you create a rule when you are creating a security group this is why i said you should learn how to create this in the management console first before you do it in cloud formation the next rule we are going to create is for the ssh security group so under ip protocol type tcp again and the front part we are going to type 22 and the 2 port we are also going to type 22 and for the source security group id we are going to reference our ssh security group we are going to enter our tag and give it a value i'll call it web server security group and for the vpc id we are going to reference our vpc the last security group we are going to create is the security group for our database so i'm going to come back here i'm going to copy that last i'm one to come here and press enter and paste it down there then give it a description and on high p protocol i'm going to enter tcp for the front port it is going to be 3306 and the 2 port is also going to be 3306 for the source security group id we are going to reference our web server security group because we only want our database to accept traffic from our web server security group then we are going to add our tag i'll give it a name and the value is going to be database security group and for our ppc id we are going to reference our vpc and this is all the resources we need to create in our vpc and what i want you to do now is make sure you save your work i'm going to save it and once you have saved your work we are going to use this template to create a stack in the management console before we do that i want you to do one thing scroll up and for the metadata resource i want you to add the pound sign next to it and what the pound sign does is it makes it a comment so anything that has a pound sign before it cloud formation is going to ignore it when it is running this template since we have not created any property for our metadata i don't want it to give us an error so just put that comment there and we are going to do the same thing for the output section so go down to output and enter the pound sign there and save your work again i'm going to save it and now let's go to the management console i'm going to first close this and i'm going to right click and open the management console in a new tab and sign in into your management console i have signed into the management console i'm going to maximize this so you can see in the management console select services and under management and governance come down and select cloud formation in the cloud formation dashboard select create stack leave it on template is ready and we are going to upload a template file i'll select this option then select choose file to browse to the location of your template i'm going to select my template and click open then once you've loaded your template click next on this page we are going to enter a stack name i'll call it vpc and down here you can see the parameters we created in our template so if i dock this to the left and scroll up you can see all the perimeters we created are here for example our default value are specified here as well so let's say you want to use this template to create another vpc that has a different cider block so what you can do is you can change this default value in here this is one of the benefits to having perimeters in your template another point i want to make before we create our vpc is look in our template under our perimeters we have specified our perimeters by vpc cider public subnet 1 public subnet 2 and so on but when we launch our cloud formation template for this vpc our perimeters are not listed in the order that we have them in our template imagine having a lot of perimeters in here and those perimeters are disorganized then it will be difficult for the users using your template to find what they need so to just make your work clean it is better to always organize your perimeters and group them together to group our perimeters together we are going to use the metadata section let's create the metadata section before we launch our cloudformation template i'm going to go back to the documentation and scroll up under working with templates select template anatomy and we are going to scroll down and we are going to select metadata and in here you will find more information about metadata to use the metadata to group our perimeters in the order we want them this is what it looks like so under the metadata section in the aws documentation let me move this this way you are going to look for the aws cloud formation interface which is right here and if you select it and select label it will give you more information on how to use label let's copy this metadata and paste it in our template i'm going to copy it and come back to your vpc template come down under the metadata and paste it there remember to remove the comment for your metadata so i'm going to remove that part sign you should have something like this and to explain this metadata we are using the aws cloud formation interface to group our perimeters you can see we have grouped our perimeters into three labels and this is how you create a label the first label we named it vpc slider and that is referencing our vpc cider perimeter and for the second label we have used that label to group our subnet sliders and we call that label subnet cider and the third label is our ssh label and we have used that label to group our ssh location every information under those label is the same logical name as our perimeter so you can see vpc slider vpc sider public subnet one sider public subnet one slider and so on so once you've added that label save your template and i'm going to close this too and let's go back to the management console and i'm going to maximize this let's go back and let's upload our template again i'll select choose file and i'm going to select my template again and click open and click next and now you can see we are using the metadata to organize our perimeter let me move this again so you can see the first one is the vpc slider you have that up here and the perimeter that we have put in it is our vpc slider which is right here the second label is our subnet slider you can see it right here and the perimeters we have put in it is our subnet parameters and you can see all of them down here and they are listed in the order we specify them here and the last label is our ssh slider here you can see it down there and that has our ssh location perimeter in it and this is one of the ways you use metadata make sure you give your stack a name i'll call it vpc then scroll down and click next and i'll maximize this on this page you have some option for your stack you can add a tag to your stack and select some iem rule we are going to leave all this as default scroll down click next and review everything and scroll down and click create stack and it is now using our template to create our cloudformation stack for the vpc and under events if you refresh it will show you the resources it is currently creating and if you keep pressing refresh it is going to update you on the resources that are created if you click on the resource tab you will see the resources that are created and under the parameters tab you will see the perimeters under outputs we haven't specified any outputs yet we are going to do that next on that template tab you'll see your template in there and let's go back to events once cloud formation has created all the resources in your template it is going to say create complete and if there is an error in your template the create is going to fail but in our case we did everything right and the create is complete so now to verify the resources we created i'm going to open a new tab and i'm going to select services and select vpc on the vpc dashboard select your vpcs and you can see the test vpc we specify in our cloudformation template the cider block we specified was 10.0.0.0.16. and let's filter our vpc to only show our test vpc i'm going to click filter by vpc and i'm only going to select my test vpc let's review our subnets i'm going to select subnets and again we have to filter this again i'll filter it by my test vpc in my test vpc if i move it and i'm going to sort this you can see we have private subnet 1 private subnet 2 private subnet 3 private subnet 4 and these are all the tags we specify in our templates we have public subnet one public subnet too let's review the availability zones for this subnet so if i move this and you can see that we have private subnet one uss1a and private subnet to uss1b and for all the other subnets they are in usa1a and uss1b uss1a and uss1b according to our reference architecture you can also see the slider block we specify for our subnets so everything looks good here so i'm going to move on to route table remember we create one route table which is the public route table you can see it here we also associate two subnets to it and if we review this this should be our public subnet 1 and public subnet 2. i'm going to select my route table and if i select subnet associations and i'm going to drag this out you can see the subnets are public subnet 1 and public subnet 2. that looks good we created an internet gateway let's select it and you can see our test internet gateway and that internet gateway is attached to our test vpc that looks good let's go down and let's review our security group i'm going to select security groups and again i have to filter it by my test vpc and for our test vpc if i move this the four security groups we created is our web server security group database security group ssh security group and application load balancer security group for our web server security group the inbound rules we specify you can see we are allowing ssh access from the ssh security group and we are allowing http and http access from the application load balancer security group and the same thing goes on for the other security groups and this is pretty much how you create a template for a vpc there is one more section we have to create in our cloud formation template and that is the output section you use the output to export some information about your vpc so you can reference those information in another cloud formation template so that's what we are going to be doing next we are done here i'm going to close this and go back to your cloud formation stack select the stack and we are going to delete it to delete this stack click delete and click delete stack and if you press refresh and it is going to tell you the resources that are being deleted if you click refresh again it has delete the application load balancer security group and ssh security group i'll click refresh again and it is now deleting the vpc so we'll give it some time to finish deleting all of our resources once all your resources are deleted it is going to show up like this i'm going to go back to the cloud formation documentation and i'm going to dock this like this and under working with templates let's select template anatomy again and scroll all the way down and this time we want to select outputs so select outputs you can use the output section to export values in your cloudformation template that you can import into another cloudformation stack to create our output section in your cloudformation template let's scroll all the way down to the output section in the output section the first thing i'm going to do is uncomment and remove that pound sign the values that we want to export from this cloudformation template are our vpc id the id for all of our subnets and the id for all of our security groups so let's go to the documentation and scroll down to see what the syntax looks like so under the output syntax remember this output represents this over here so the next thing you need to add is your logical id name your logical id name again that's the name you create so in my cloud formation template i'm going to press enter and i'm going to create a logical id name the first resource we want to export and output for is our vpc so for my logical id i'm going to type vpc then i'll press enter the next property is description i'm going to type description and we are going to give it a description the value we are exporting is our vpc id so you can type vpc id in there then we are going to press enter the next property we are going to create is our export so i like to arrange this in alphabetical order it doesn't matter in which order you list them but if you look in the aws documentation they tend to list this in the alphabetical order i'm not sure why they didn't do that for this one so i'm going to list it in alphabetical order and i'm going to enter export here and press enter then we are going to type the name under our type name and the value for the name looks like this enter this value in your template and i'll also leave it in the description let me explain what this value means we are using the sub intrinsic function and we are using a pseudo perimeter that returns our stack name and we just have vpc here so this last one at the end you can make it whatever you want because this output is for vpc i like to keep everything consistent so what this is going to do is it is going to take our stack name and join it with this vpc so you'll see what that means as we go on but that's how you enter it and if you want to read more about pseudo perimeter let's open our cloudformation documentation in another tab and on the left side scroll down select template reference and scroll down and select sudo parameters and in here you can read more about pseudo parameters if i scroll down and you will see the pseudo perimeter we are using and this sudo perimeter returns the name of the stack as specified with the aws cloud formation creates that command so pretty much what this is saying is this sudo perimeter will return whatever name we give to our stack remember when we were creating our cloud formation stack we called it vpc then this sudo perimeter will return that name and add it to this let's go back to our cloud formation documentation and the next property we need to enter is the value so i'm going to come to my cloudformation template press enter and make sure you press backspace one time so your value should line up with the export then type value the value we are going to reference is our vpc so i'm going to use the rev function this is how you create an output to export your vpc id the next resource we are going to create an output for is our public subnet one so i'm just going to copy this information copy then come down here to the beginning and paste it in there then all we have to do is modify this logical name the description the name and the value so we want to create this output for our public subnet one we are going to delete this and type public subnet one in there and we are going to change the description to public subnet one id we're also going to change the export name to public subnet one and we'll change the value to public subnet one as well let's do the same thing for public subnet too i'm going to copy this and come down here and paste it there and just modify this information i'll change that to two change the description to public subnet to id change the export name to public subnet 2 and change the value to public subnet 2. let's create the next output for our private subnet i'm going to press enter paste it down there and modify this information i'll call this private subnet one and i'm going to change the description to private subnet one and i'm going to change the export name to private subnet one and i'm also going to change the value to private subnet one as well for your last assignment in this lecture i want you to create the output for the remaining resources so create the output for private subnet 2 private subnet 3 private subnet 4 and all the security groups we have four security groups create an output for application load balancer security group ssh security group web server security group and database security group to create an output for those resources remember you can copy this information paste it down here and modify the logical name the description and the export name and the value name to the logical name of that resource pause this video and try to create it on your own to create an output for private subnet 1 i'm going to copy this information and come down and paste it there and change the logical name to private subnet 2 change the description to private subnet 2 id change the export name to private subnet 2 and change the value to private subnet 2. i'm going to press enter paste it there i'm going to change the logical name to private subnet 3. change the description to private subnet 3 id change the export name to private subnet 3 and change the value to private subnet 3. and i'm going to press enter again and paste in there i'm going to change the logical name to private subnet 4 change the description to private subnet 4 change the export name to private subnet 4 and change the value to private subnet for next we are going to create the output for our security groups so i'm going to press enter press back paste it there and modify this information the first security group we are creating our output for is our application load balancer security group so i'm going to modify this information and call it application load balancer security group i'm going to modify the description to say application load balancer security group id i'm going to modify the export name i'll call it application load balancer security group and i'm going to modify the value as well we are going to create the next output for our ssh security group i'm going to copy this and paste it down here and modify the logical name i'll call it ssh security group and i'm going to modify the description to say ssh security group id i'm going to modify the export name i'll change it to ssh security group and i'll do the same thing for the value next we are going to create our output for the web server security group i'm going to press enter paste and change this information and i'm also going to change the description to web server security group id and i'm going to modify the name and i'm going to modify the value and the last output we are going to create is for our database security group i'm going to press enter and paste it in there and scroll up and i'm going to modify the logical name and i'm going to modify the description to say database security group id and i'm going to modify the export name and i'm also going to modify the value and this is how you create an output for resources in your cloud formation template i'm going to clean up these lines down here next save your template i'm going to select file and click save and review your work make sure everything looks good on the output let's go to the management console to create our stack i'm going to select the cloud formation management console and let me maximize this i'm going to select create stack and we are going to upload our file and choose your file i'm going to select my template click open click next and we are going to give our stack a name i'll call it vpc again we are going to leave our default value as it is scroll down click next and scroll down again and click next and scroll down again and click create stack and it is now creating our stack if i click refresh up here you can see the events it is creating the internet gateway and the vpc i'm going to click refresh again it has completed creating the vpc and the internet gateway now it is creating the security groups we are going to give it a minute for cloud formation to create all the resources then we are going to come to the outputs tab then we should see our outputs in there my vpc stack creation is now completed and there is no error and you can also see on the left side it says create complete so now if we go to our outputs tab and you are going to see all the outputs we export from our template the main thing i want you to pay attention to is the export name when you are importing this value into another template you are going to be importing it using this export name and i'll show you in the next lecture and the values that we are going to be exporting into another template are the values here which is the id for our application load balancer security group database and so on and this is how you create a cloud formation template for a vpc in the next lecture we are going to be creating our template for the night gateway and with that we are done with this lecture to delete your cloudformation stack make sure it is selected and select delete and click delete stack and if you come back to the events tab and click refresh and you can see it is not deleting all your resources thank you and i'll see you in the next lecture bye

Info

Channel: AOS Notes

Views: 8,339

Rating: undefined out of 5

Keywords: How to Create a VPC Using CloudFormation, aws, aws cloudformation, cloudformation, aws cloudformation tutorial, aws cloudformation demo, aws tutorial, cloudformation template, vpc, aws vpc, amazon, aws cloudformation deep dive, aws cloudformation template tutorial, amazon web services, aws cloudformation templates, cloudformation tutorial, aws cloud formation, aws cloudformation designer, aws cloud, virtual private cloud, json, yaml, aws cloudformation editor, aosnotes, cloudcomputing

Id: aR_XZIM1c58

Channel Id: undefined

Length: 78min 15sec (4695 seconds)

Published: Thu Feb 04 2021