As previously discussed, I’m doing a small series of posts around bringing the AWS infrastructure that I use into the current era, and putting it all into CloudFormation. In this post, I’m going to cover setting up the first stack. This is going to set up a Virtual Private Cloud (or VPC), which is where the rest of the stuff I make later will sit.
What’s a Virtual Private Cloud?
A VPC is a virtual network of virtual servers. It’s your own mini-slice of the AWS cloud, and the machines within the VPC are aware of each other – in fact, they are on their own subnet (or subnets).
Why use a VPC?
You don’t have to set up a VPC to use AWS. You can simply create servers. That’s what I’ve been doing up until now. It’s just that it’s a bit limited.
I want to use a VPC for two big reasons:
- I want to be able to use more recent/powerful/cheaper machine images, with OpsWorks. They’re only available if I also use a VPC.
- I want to use an Elastic Load Balancer, in part to manage HTTPS certificates and connections. This requires a VPC and subnets.
Setting up the Stack
Here’s my config, at this particular stage:
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: | |
| Global configuration that could be used by multiple related stacks | |
| # Metadata: # no metadata | |
| Parameters: | |
| Environment: | |
| Type: String | |
| Description: | |
| Stack Environment Prefix. | |
| Resources: | |
| # We need at least one resource. The VPC is the logical one to include here. | |
| VPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| # The range of ip addresses used in the VPC. Subnets will be inside this. | |
| # Using the /16 lets me easily have subnets that don't overlap without | |
| # needing to remember bit masks. | |
| CidrBlock: 10.0.0.0/16 # 10.0.0.0 -> 10.0.255.255 | |
| EnableDnsSupport: true # If false, the servers don't seem to get access to DNS at all. | |
| InstanceTenancy: default | |
| Tags: | |
| - Key: Name | |
| Value: !Sub "${Environment} VPC" | |
| Outputs: | |
| VPC: | |
| Description: The ID for the Virtual Private Cloud; needed by more or less everything. | |
| Value: !Ref VPC | |
| Export: | |
| Name: !Sub "${Environment}::VPC" |
I put the VPC into its own file, because I don’t want to delete it when tearing down an environment for the sake of testing. There’s lots of things that get annoying to re-create if the VPC is changed (cough OpsWorks stacks) – so we put the VPC in its own file. (Later, when I bring in nested stacks, this will not be in the nested stack).
Break It Down
First, note that I use YAML for my CloudFormation files. I’m not a huge fan of YAML in general, but the JSON option doesn’t allow you to use comments, and comments are essential. (Sidebar: when parsing JSON, always enable comments. It’s non-standard, but it’s useful). Using YAML also lets me use a more convenient shorthand for accessing some inbuilt functions (the Sub one is used here). I strongly suggest you do the same.
The Parameters block provides me with some configuration options. It allows me, if I want, to create different instances of the stack. In this case, I use an Environment parameter. This particular parameter is common to all my stack files, and I use it to separate test stacks from the prod ones. (I could also do this with AWS sub-accounts)
The Resources block specifies what this file provides. Here I set up the Virtual Private Cloud.
Finally, in the Outputs section, I export the VPC reference out, so that other files can link to it.
Share this:
Software is too expensive to build cheaply.... 
One thought on “AiL – Baby’s First CloudFormation Stack”