How to create AWS Network Architecture using CloudFormation

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

This article guides users to use CloudFormation to automate infrastructure deployment on AWS. This template is specifically for automatic creation:

  • Virtual private network
  • Internet gateway
  • 2 NAT gateways
  • Routing table, routing and routing table association
  • Subnet (private and public)

prerequisites

  • An AWS account.
  • Users who have permission to create resources on the account. Especially the full access to CloudFormation.
  • You don’t need an IDE like Visual Studio editor to write and edit scripts, but it will be very convenient.

CloudFormation template

As mentioned above, the following script is used to automatically create the network infrastructure. The user can modify the template to specific details to suit his/her preferred needs. The parts to be modified include:

  • CIDR block selected for VPC and subnet.
  • The subnet to be created.
  • The NAT gateway to be created.
  • The names and tags of all resources created.
---
AWSTemplateFormatVersion: "2010-09-09"
Description: Template to Create our a test environment Network Architecture with 4 private  subnets and 2 public subnets

Parameters:
  VPCBlock:
    Type: String
    Description: The CIDR Block for the VPC
    Default: 192.168.0.0/16

  PrivateSubnet01Block:
    Type: String
    Description: The CIDR Block for the private subnet 01
    Default: 192.168.1.0/26

  PrivateSubnet02Block:
    Type: String
    Description: The CIDR Block for the private subnet 02
    Default: 192.168.1.64/26

  PrivateSubnet03Block:
    Type: String
    Description: The CIDR Block for the private subnet 03
    Default: 192.168.1.128/26

  PrivateSubnet04Block:
    Type: String
    Description: The CIDR Block for the private subnet 04
    Default: 192.168.1.192/26

  PublicSubnet01Block:
    Type: String
    Description: The CIDR Block for the public subnet 01
    Default: 192.168.0.0/28

  PublicSubnet02Block:
    Type: String
    Description: The CIDR Block for the public subnet 02
    Default: 192.168.0.16/28

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties: 
      CidrBlock: !Ref VPCBlock
      EnableDnsHostnames: true
      EnableDnsSupport: true
      InstanceTenancy: default
      Tags: 
        - Key: Name
          Value: eu-central-1-test-Environment-VPC
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test

  IGW: 
    Type: AWS::EC2::InternetGateway
    Properties: 
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-IGW
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  VPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties: 
      InternetGatewayId: !Ref IGW
      VpcId: !Ref VPC

  NatGateway01:
    DependsOn:
    - PublicSubnet01
    - VPCGatewayAttachment
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: eipalloc-***************
      SubnetId: !Ref PublicSubnet01
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-NatGateway01
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  NatGateway02:
    DependsOn:
    - PublicSubnet02
    - VPCGatewayAttachment
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: eipalloc-******************
      SubnetId: !Ref PublicSubnet02
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-NatGateway02
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PublicRouteTable
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PrivateRouteTable01:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PrivateRouteTable01
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PrivateRouteTable02:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PrivateRouteTable02
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PublicRoute:
    DependsOn: VPCGatewayAttachment
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref IGW

  PrivateRoute01:
    DependsOn:
    - VPCGatewayAttachment
    - NatGateway01
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable01
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway01

  PrivateRoute02:
    DependsOn:
    - VPCGatewayAttachment
    - NatGateway02
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable02
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway02

  PrivateSubnet01:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: eu-central-1a
      CidrBlock: !Ref PrivateSubnet01Block
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PrivateSubnet01
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PrivateSubnet02:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: eu-central-1b
      CidrBlock: !Ref PrivateSubnet02Block
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PrivateSubnet02
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PrivateSubnet03:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: eu-central-1a
      CidrBlock: !Ref PrivateSubnet03Block
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PrivateSubnet03
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PrivateSubnet04:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: eu-central-1b
      CidrBlock: !Ref PrivateSubnet04Block
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PrivateSubnet04
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PublicSubnet01:
    Type: AWS::EC2::Subnet
    Properties:
      MapPublicIpOnLaunch: true
      AvailabilityZone: eu-central-1a
      CidrBlock: !Ref PublicSubnet01Block
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PublicSubnet01
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PublicSubnet02:
    Type: AWS::EC2::Subnet
    Properties:
      MapPublicIpOnLaunch: true
      AvailabilityZone: eu-central-1b
      CidrBlock: !Ref PublicSubnet02Block
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: eu-central-1-test-Environment-PublicSubnet02
        - Key: createdBy
          Value: Maureen Barasa
        - Key: Project
          Value: test-blog
        - Key: Environment
          Value: test 

  PublicSubnet01RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet01
      RouteTableId: !Ref PublicRouteTable

  PublicSubnet02RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet02
      RouteTableId: !Ref PublicRouteTable

  PrivateSubnet01RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnet01
      RouteTableId: !Ref PrivateRouteTable01

  PrivateSubnet02RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnet02
      RouteTableId: !Ref PrivateRouteTable02

  PrivateSubnet03RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnet03
      RouteTableId: !Ref PrivateRouteTable01

  PrivateSubnet04RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnet04
      RouteTableId: !Ref PrivateRouteTable02

Outputs:
  PublicSubnet01Id:
    Description: Public Subnet 01 ID in the VPC
    Value: !Ref PublicSubnet01
    Export: 
      Name: !Sub "${AWS::StackName}-PublicSubnet01Id"

  PublicSubnet02Id:
    Description: Public Subnet 02 ID in the VPC
    Value: !Ref PublicSubnet02
    Export: 
      Name: !Sub "${AWS::StackName}-PublicSubnet02Id"

  PrivateSubne01tId:
    Description: Private Subnet 01 ID in the VPC
    Value: !Ref PrivateSubnet01
    Export: 
      Name: !Sub "${AWS::StackName}-PrivateSubnetId"

  PrivateSubne02tId:
    Description: Private Subnet 02 ID in the VPC
    Value: !Ref PrivateSubnet02
    Export: 
      Name: !Sub "${AWS::StackName}-PrivateSubnet02Id"

  PrivateSubne03tId:
    Description: Private Subnet 03 ID in the VPC
    Value: !Ref PrivateSubnet03
    Export: 
      Name: !Sub "${AWS::StackName}-PrivateSubnet03Id"

  PrivateSubne04tId:
    Description: Private Subnet IDs in the VPC
    Value: !Ref PrivateSubnet04
    Export: 
      Name: !Sub "${AWS::StackName}-PrivateSubnet04Id"

  VpcId:
    Description: The VPC Id
    Value: !Ref VPC
    Export: 
      Name: !Sub "${AWS::StackName}-VPCID"

Template/script introduction

Our template is divided into three parts:

Parameters section: This section allows users to enter custom values ​​for the resource they are creating. It is best used with dynamic values. These values ​​are periodically changed on the template.

Resources Section: This section allows users to use templates to define the AWS resources they want to create.

Output section: This part contains the name of the created resource. In addition, if you need to export these resources for use on other stacks, the output section provides this option through the export session.

Create stack to execute template

After finishing editing the script/template, log in to your AWS cloud account. Search for CloudFormation under Services. Then on the CloudFormation console, click create stack according to the image below.

Create CloudFormation stack

On the drop-down menu, select Create stack with new resource. As shown below.

How to create AWS Network Architecture using CloudFormationCreate a CloudFormation stack with new resources

On the Create Stack window, select Upload template. Then, select the file/script created in the previous section. Click Next.

How to create AWS Network Architecture using CloudFormationUpload CloudFormation template

The opened window allows the user to enter the stack name and template parameters. Here the user can decide to change the template default value to his own custom value. When finished, click Next.

How to create AWS Network Architecture using CloudFormationEnter the stack name and parameters

In the following window, configure the stack options. These include labels, stacking strategies, rollback configurations, etc. When finished, click “Next”. This will open a check window to check all the previously completed configurations. If the user is satisfied, they can click Create Stack.

In addition, when using templates to create resources, users can watch events on the CloudFormation console. See below.

How to create AWS Network Architecture using CloudFormationWatch stack creation event

After the template is created, all resources will be created on the template. Now your network architecture is ready.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-ug.pdf

Happy Building

More articles about AWS:

How to stream logs in AWS from CloudWatch to ElasticSearch

Set up Elasticsearch Cluster with Kibana on AWS

Grant developers access to the EKS Kubernetes cluster

Install Istio Service Mesh in the EKS Kubernetes cluster

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

Sidebar