Welcome back to the series of AWS Cloudformation For Beginners 👨🏻💻. In this blog I am going to deploy resources which are very important as part of your web stack deployments in which we will deploy Deploy Target Group, Elastic Load Balancer & ELB Listener.
If you are a beginner and want to start your journey towards infra-as-code developer as part of your devops role buckle up 🚴♂️ and lets get started and understand core cloudformation concepts by implementing it…🎬
🎨 Diagrammatic Representation 🎨
Template Components Planning Before Build
👨🏻💻Build Target Group, Elastic Load Balancer & ELB Listener👨🏻💻
🔳 Parameters
✦ CustomVPC :- Using this parameter for VPC “AWS::EC2::VPC::Id” we can list existing VPC list into the account and select anyone from them. Apart from this list we can also you default value if no value is selected in the parameter.
✦ PublicSubnet: Using this parameter for Subnet “AWS::EC2::Subnet::Id” we can list existing subnet list from the account and select anyone from them. Apart from this list we can also you default value if no value is selected in the parameter.
Parameters:
CustomVPC:
Description: Select One VPC available in your existing account
Type: AWS::EC2::VPC::Id
Default: "<your default VPC ID>"
PublicSubnet1:
Description: Select one public subnet available in your existing account
Type: AWS::EC2::Subnet::Id
Default: "<your default public subnet id>"
PublicSubnet2:
Description: Select one public subnet available in your existing account
Type: AWS::EC2::Subnet::Id
Default: "<your default public subnet id>"
✦ InstanceSecurityGroup:- Creating Security group and enabling ingress with http and ssh port.
➖ GroupName:- This property is used to mention security group name.
➖ GroupDescription:- This property is used to mention security group description and its mandatory property for this resource.
➖ SecurityGroupIngress:- This property is used to add ingress rules for [udp/tcp] ports enabled secured access to your resources.
➖ Tags:- One of the most important property used in all resources. Always make sure to attach tags for all your resources.
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref CustomVPC
GroupName: "AllowEc2Traffic"
GroupDescription: "Enable SSH access and HTTP access on the inbound port for EC2"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: InstanceSecurityGroup
➖ ImageId:- This property is used to mention EC2 image ID based on which you want to launch your EC2 Instance.
➖ KeyName:- This property is used to mention keynameby using which you can connect to your EC2 instance.
➖ InstanceType:- This property is used to mention which type of instance you want to launch smal/medium/large based on your requirement.
➖ SecurityGroupIds:- This property is used to add list of security group you want to attach to your EC2 instance for enabling access control based on your security requirements.
➖ Tags:- One of the most important property used in all resources. Always make sure to attach tags for all your resources.
UbuntuInstance1:
Type: AWS::EC2::Instance
Properties:
KeyName: CustomVPC
ImageId: ami-04505e74c0741db8d
SubnetId: !Ref PublicSubnet1
InstanceType: t2.micro
SecurityGroupIds:
- !Ref InstanceSecurityGroup
Tags:
- Key: Name
Value: UbuntuInstance1
UbuntuInstance2:
Type: AWS::EC2::Instance
Properties:
KeyName: CustomVPC
ImageId: ami-04505e74c0741db8d
InstanceType: t2.micro
SubnetId: !Ref PublicSubnet2
SecurityGroupIds:
- !Ref InstanceSecurityGroup
Tags:
- Key: Name
Value: UbuntuInstance2
✦ ELBTargetGroup:- Real work of target group is to inform a loadbalancer to whom he should route traffic like EC2/Fixed IP Address/lambda.
➖ HealthCheckIntervalSeconds: The approximate amount of time, in seconds, between health checks of an individual target.
➖ HealthCheckTimeoutSeconds: The amount of time, in seconds, during which no response from a target means a failed health check.
➖ HealthyThresholdCount: The number of consecutive health checks successes required before considering an unhealthy target healthy.
➖ UnhealthyThresholdCount: The number of consecutive health check failures required before considering a target unhealthy.
➖ VpcId: Id of your existing VPC.
➖ TargetType: The type of target that you must specify when registering targets with this target group. You can specific alb/instance/ip/lambda.
➖ Targets: As part of this property we are mentioning the instance id’s to be added as targets.
ELBTargetGroup:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: 6
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
Port: 80
Protocol: HTTP
UnhealthyThresholdCount: 2
VpcId: !Ref CustomVPC
TargetType: instance
Targets:
- Id: !Ref UbuntuInstance1
Port: 80
- Id: !Ref UbuntuInstance2
Port: 80
➖ GroupName:- This property is used to mention security group name.
➖ GroupDescription:- This property is used to mention security group description and its mandatory property for this resource.
➖ SecurityGroupIngress:- This property is used to add ingress rules for [udp/tcp] ports enabled secured access to your resources.
➖ Tags:- One of the most important property used in all resources. Always make sure to attach tags for all your resources.
ELBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "ELBTraffic"
GroupDescription: "Enable HTTP access on the inbound port for ELB"
VpcId: !Ref CustomVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: ELBSecurityGroup✦ ElasticLoadBalancer:- Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets and virtual appliances in one or more Availability Zones (AZs).As part of this resource we use type “AWS::ElasticLoadBalancingV2::LoadBalancer”.
➖ Subnets: The IDs of the public subnets. You can specify only one subnet per Availability Zone.
➖ SecurityGroups: List IDs of the security groups for the load balancer.
ElasticLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
SecurityGroups:
- !Ref ELBSecurityGroup✦ ElbListener:- A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to its registered targets. As part of this resource we use type “AWS::ElasticLoadBalancingV2::Listener”.
➖ DefaultActions: The actions for the default rule. You cannot define a condition for a default rule.
➖ LoadBalancerArn: Refer Amazon Resource Name (ARN) of the load balancer the we have created in above code block.
ElbListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ELBTargetGroup
LoadBalancerArn: !Ref ElasticLoadBalancer
Port: '80'
Protocol: HTTP
🔳 Outputs
Its always a best practice to print output for your resources.
✦ outputmyUbuntuInstance: A reference to the created EC2 Instance.
✦ outputInstanceSecurityGroup:- A reference to the created Security Group.
✦ outputELBTargetGroup: A reference to the created Target Group.
✦ outputELBSecurityGroup: A reference to the created Security Group.
✦ outputElasticLoadBalancer: A reference to the created Elastic Load Balancer.
✦ outputElasticListener: A reference to the created Elastic Load Balancer Listener.
Outputs:
outputInstanceSecurityGroup:
Description: A reference to the created security group
Value: !Ref InstanceSecurityGroup
outputUbuntuInstance:
Description: A reference to the created EC2 Instance
Value: !Ref UbuntuInstance1
outputUbuntuInstance:
Description: A reference to the created EC2 Instance
Value: !Ref UbuntuInstance2
outputELBTargetGroup:
Description: A reference to the created Target Group
Value: !Ref ELBTargetGroup
outputELBSecurityGroup:
Description: A reference to the created Security Group
Value: !Ref ELBSecurityGroup
outputElasticLoadBalancer:
Description: A reference to the created Elastic Load Balancer
Value: !Ref ElasticLoadBalancer
outputElasticListener:
Description: A reference to the created Elastic Load Balancer Listener
Value: !Ref ElbListener
CustomVPC:
Description: Select One VPC available in your existing account
Type: AWS::EC2::VPC::Id
Default: "<your default VPC ID>"
PublicSubnet1:
Description: Select one public subnet available in your existing account
Type: AWS::EC2::Subnet::Id
Default: "<your default public subnet id>"
PublicSubnet2:
Description: Select one public subnet available in your existing account
Type: AWS::EC2::Subnet::Id
Default: "<your default public subnet id>"
Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref CustomVPC
GroupName: "AllowEc2Traffic"
GroupDescription: "Enable SSH access and HTTP access on the inbound port for EC2"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: InstanceSecurityGroup
UbuntuInstance1:
Type: AWS::EC2::Instance
Properties:
KeyName: CustomVPC
ImageId: ami-04505e74c0741db8d
SubnetId: !Ref PublicSubnet1
InstanceType: t2.micro
SecurityGroupIds:
- !Ref InstanceSecurityGroup
Tags:
- Key: Name
Value: UbuntuInstanceWithUserdata1
UbuntuInstance2:
Type: AWS::EC2::Instance
Properties:
KeyName: CustomVPC
ImageId: ami-04505e74c0741db8d
InstanceType: t2.micro
SubnetId: !Ref PublicSubnet2
SecurityGroupIds:
- !Ref InstanceSecurityGroup
Tags:
- Key: Name
Value: UbuntuInstanceWithUserdata2
ELBTargetGroup:
Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
Properties:
HealthCheckIntervalSeconds: 6
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
Port: 80
Protocol: HTTP
UnhealthyThresholdCount: 2
VpcId: !Ref CustomVPC
TargetType: instance
Targets:
- Id: !Ref UbuntuInstance1
Port: 80
- Id: !Ref UbuntuInstance2
Port: 80
ELBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "ELBTraffic"
GroupDescription: "Enable HTTP access on the inbound port for ELB"
VpcId: !Ref CustomVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: ELBSecurityGroup
ElasticLoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
SecurityGroups:
- !Ref ELBSecurityGroup
ElbListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ELBTargetGroup
LoadBalancerArn: !Ref ElasticLoadBalancer
Port: '80'
Protocol: HTTP
1️⃣ Lets validate our template 👨💻
aws cloudformation validate-template --template-body file://<file path>
2️⃣ After successful template verification lets create stack using our template 👨💻
aws cloudformation create-stack --stack-name launchelbwithlistener --template-body file://<file path>
3️⃣ Check if the stack we created via template is completed successfully 👨💻
aws cloudformation list-stack-resources --stack-name launchelbwithlistener
4️⃣ Describe stack and its resources to view its properties 👨💻
aws cloudformation describe-stacks --stack-name launchelbwithlistener
aws cloudformation describe-stack-resources --stack-name launchelbwithlistener
5️⃣ Check events for stack formation 👨💻
aws cloudformation describe-stack-events --stack-name launchelbwithlistener
❗️❗️Important AWS Documentation To Be Viewed❗️❗️
⛔️ Target Groups
⛔️ LoadBalancer
⛔️ ELB Listener
⛔️ EC2
⛔️ Parameters
⛔️ Outputs
🥁🥁 Conclusion 🥁🥁
In this blog I am going to deploy resources which are very important as part of your web stack deployments in which we will create
✦ Ubuntu EC2 instance with Security group.
✦ Target group and its association with EC2.
✦ Elastic Load Balancer, ELB listener, ELB Security Group and its association with Target Groups.
I have used AWS CLI command to deploy these template and trust me AWS CLI is the realtime hero and I would suggest you to get acquainted towards it. Going forward I will be releasing further parts to this CloudFormation journey
📢 Stay tuned for my next blog…..
So, did you find my content helpful? If you did or like my other content, feel free to buy me a coffee. Thanks
Author - Dheeraj Choudhary
Deploy AWS Configuration Along With Security Group And AutoScaling Group Using CloudFormation
Welcome back to the series of AWS Cloudformation For Beginners 👨🏻💻. In this blog we create launch configuration along with security grou ...
Deploy AWS Target Group, Elastic Load Balancer & ELB Listener Using CloudFormation
Welcome back to the series of AWS Cloudformation For Beginners 👨🏻💻. In this blog I am going to deploy resources which are very important ...