Cloudformation (9) (1)

Deploy AWS Private Subnet,Nat Gateway, Elastic Ip, Private Route Table & Associate Using Cloudfromation

Welcome back to the series of AWS Cloudformation For Beginners 👨🏻‍💻. In this blog we will be deploying AWS Private Subnet, AWS Nat Gateway, AWS Elastic Ip, AWS Private Route Table And Associate them accordingly.

If you are a beginner and want to start your journey towards infra-as-code developer as part of your devops role buckle up 🚴‍♂️ and lets get started and understand core cloudformation concepts by implementing it…🎬

🌟Launch Private Subnet, Nat Gateway, Private Route Table & Associate🌟

Create Private Subnet, Nat Gateway, Elastic Ip, Private Route Table And Associate Private Route Table To Private Subnet so that access to internet can be made available in secure manner.image.png🔳 Parameters:-
✦ CustomVPC :- Using this parameter for VPC “AWS::EC2::VPC::Id” we can list existing VPC list into the account and select anyone from them. Apart from this list we can also you default value if no value is selected in the parameter.
✦ CustomInternetGateway :- Using this parameter for Internet gateway with type “String” we are setting default value for this parameter.
✦ PublicSubnet: Using this parameter for Subnet “AWS::EC2::Subnet::Id” we can list existing subnet list from the account and select anyone from them. Apart from this list we can also you default value if no value is selected in the parameter.
🔳 Resources
✦ PrivateSubnet:-Specifies a subnet for a VPC.When you create each subnet, you provide the VPC ID and IPv4 CIDR block for the subnet. After you create a subnet, you can’t change its CIDR block. The size of the subnet’s IPv4 CIDR block can be the same as a VPC’s IPv4 CIDR block, or a subset of a VPC’s IPv4 CIDR block.
✦ eipforNatGateway:-Specifies an Elastic IP (EIP) address and can, optionally, associate it with an Amazon EC2 instance.
✦ natGateway:-Specifies a network address translation (NAT) gateway in the specified subnet. You can create either a public NAT gateway or a private NAT gateway. The default is a public NAT gateway. If you create a public NAT gateway, you must specify an elastic IP address.
✦ PrivateRoute:-Specifies a route in a route table within a VPC.You must specify either DestinationCidrBlock or DestinationIpv6CidrBlock, plus the ID of one of the target resources.
✦ PrivateRouteTable:- Specifies a route table for a specified VPC. After you create a route table, you can add routes and associate the table with a subnet.
✦ PrivateSubnetARouteTableAssociation:-Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. A route table can be associated with multiple subnets.
🔳 Outputs: Its always a best practice to print output for your resources.
✦ outputVPC: A reference to the created VPC.
✦ outputPrivateSubnets: A reference to the created Private Subnets.
✦ outputEipforNatGateway: A reference to the created EipforNatGateway.
✦ outputNatGateway: A reference to the created NatGateway.
✦ outputPrivateRouteTable: A reference to the created PrivateRouteTable.
✦ outputPrivateRoute: A reference to the created Private Route.
✦ outputPrivateSubnetRouteTableAssociation: A reference to the created PrivateSubnetRouteTableAssociation.

Parameters:
CustomVPC: Description: Select One VPC available in your existing account Type: AWS::EC2::VPC::Id Default: <Default VPC ID> CustomInternetGateway: Description: Select One internet gateway available in your existing account Type: String Default: "<Internet gateway ID>" PublicSubnet: Description: Select one public subnet available in your existing account Type: AWS::EC2::Subnet::Id Default: "<Public subnet ID>" Resources: PrivateSubnet: Type: AWS::EC2::Subnet Properties: AvailabilityZone: !Select [ 0, !GetAZs '' ] MapPublicIpOnLaunch: true VpcId: !Ref CustomVPC CidrBlock: 10.0.0.64/26 Tags: - Key: Name Value: PrivateSubnet eipforNatGateway: Type: AWS::EC2::EIP Properties: Domain: vpc natGateway: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt eipforNatGateway.AllocationId SubnetId: !Ref PublicSubnet PrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref CustomVPC Tags: - Key: Name Value: PrivateRouteTable PrivateRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref natGateway # Route traffic through the NAT Gateway: PrivateSubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet RouteTableId: !Ref PrivateRouteTable Outputs: outputVPC: Description: A reference to the created VPC Value: !Ref CustomVPC outputPrivateSubnets: Description: A reference to the created Private subnet Value: !Ref PrivateSubnet outputEipforNatGateway: Description: A reference to the created EipforNatGateway Value: !Ref eipforNatGateway outputNatGateway: Description: A reference to the created NatGateway Value: !Ref natGateway outputPrivateRouteTable: Description: A reference to the created Private Route Table Value: !Ref PrivateRouteTable outputPrivateRoute: Description: A reference to the created Private Route Value: !Ref PrivateRoute outputPrivateSubnetRouteTableAssociation: Description: A reference to the created Private Subnet RouteTable Association Value: !Ref PrivateSubnetARouteTableAssociation
 

🔊 To view entire github code click here

1️⃣ Lets validate our template 👨‍💻

aws cloudformation validate-template --template-body file://<file path>

2️⃣ After successful template verification lets create stack using our template 👨‍💻

aws cloudformation create-stack --stack-name launchprivatesubnetwithnat --template-body file://<file path>

Note:- If you are not providing default vpc id in parameter then you will have to use below command

aws cloudformation create-stack --stack-name launchprivatesubnetwithnat --template-body file://<file path> --parameters ParameterKey=CustomVPC,ParameterValue=<VPC ID>

3️⃣ Check if the stack we created via template is completed successfully 👨‍💻

aws cloudformation list-stack-resources --stack-name launchprivatesubnetwithnat

4️⃣ Describe stack and its resources to view its properties 👨‍💻

aws cloudformation describe-stacks --stack-name launchprivatesubnetwithnat
aws cloudformation describe-stack-resources --stack-name launchprivatesubnetwithnat

5️⃣ Check events for stack formation 👨‍💻

aws cloudformation describe-stack-events --stack-name launchprivatesubnetwithnat

👁‍🗨👁‍🗨 YouTube Tutorial 📽

⛔️ AWS::EC2::VPC
⛔️ AWS::EC2::InternetGateway
⛔️ AWS::EC2::Subnet
⛔️ AWS::EC2::RouteTable
⛔️ AWS::EC2::Route
⛔️ AWS::EC2::SubnetRouteTableAssociation
⛔️ Condition functions
⛔️ Managing route tables for your VPC
⛔️ AWS::EC2::EIP
⛔️ AWS::EC2::NatGateway

In this blog I have covered 1 usecases in which we will create
✦ Private Subnet,Nat Gateway, Elastic Ip, Private Route Table & Associate. I have used AWS CLI command to deploy these template and trust me AWS CLI is the realtime hero and I would suggest you to get acquainted towards it. Going forward I will be releasing further parts to this CloudFormation journey

📢 Stay tuned for my next blog…..

So, did you find my content helpful? If you did or like my other content, feel free to buy me a coffee. Thanks

Dheeraj_Pic1 (2)

Author - Dheeraj Choudhary

I am an IT Professional with 11+ years of experience specializing in DevOps & Build and Release Engineering, Software configuration management in automating, build, deploy and release. I blog about AWS and DevOps on my YouTube channel, which focuses on content such as, AWS, DevOps, open source, AI-ML and AWS community activities.

RELATED ARTICLES

714 Responses