├── README.md
└── template.json


/README.md:
--------------------------------------------------------------------------------
 1 | # aws-network-basic
 2 | [「さわって学ぶクラウドインフラ・Amazon Web Services 基礎からのネットワーク＆サーバー構築」](https://www.amazon.co.jp/dp/4822262960) の内容を、CloudFormation を用いて構築を試みるためのリポジトリです。
 3 | 
 4 | ## 各章単位での作業実施 Pull-Request 一覧
 5 | ### Chapter.2 ネットワークを構築する
 6 | 
 7 | - [Chapter 2 : ネットワークを構築する (#1)](https://github.com/a-know/aws-network-basic/pull/1)
 8 | 
 9 | 
10 | ### Chapter.3 サーバーを構築する
11 | 
12 | - [Chapter 3 : サーバーを構築する (#2)](https://github.com/a-know/aws-network-basic/pull/2)
13 | - [Webサーバにアタッチするデバイスの修正 (#3)](https://github.com/a-know/aws-network-basic/pull/3)
14 | 
15 | 
16 | ### Chapter.4 Web サーバーソフトをインストールする
17 | 
18 | - [Chapter 4 : Web サーバーソフトをインストールする (#4)](https://github.com/a-know/aws-network-basic/pull/4)
19 | 
20 | 
21 | ### Chapter.5 HTTP プロトコルの動きを確認する
22 | 
23 | - CloudFormation用 json ファイルへの変更なし
24 | 
25 | ### Chapter.6 プライベートサブネットを構築する
26 | 
27 | - [Chapter 6 : プライベートサブネットを構築する (#5)](https://github.com/a-know/aws-network-basic/pull/5)
28 | 
29 | ### Chapter.7 NATサーバーを構築する
30 | 
31 | - [Chapter 7 : NATサーバーを構築する (#6)](https://github.com/a-know/aws-network-basic/pull/6)
32 | 
33 | 
34 | ### Chapter.8 DB を用いたブログシステムの構築
35 | 
36 | - [Chapter 8 : DB を用いたブログシステムの構築 (#7)](https://github.com/a-know/aws-network-basic/pull/7)
37 | 


--------------------------------------------------------------------------------
/template.json:
--------------------------------------------------------------------------------
  1 | {
  2 |   "AWSTemplateFormatVersion" : "2010-09-09",
  3 |   "Mappings": {
  4 |     "ELBLogger": {
  5 |       "us-east-1":      { "AccountID": "127311923021" },
  6 |       "us-west-2":      { "AccountID": "797873946194" },
  7 |       "us-west-1":      { "AccountID": "027434742980" },
  8 |       "eu-west-1":      { "AccountID": "156460612806" },
  9 |       "ap-southeast-1": { "AccountID": "114774131450" },
 10 |       "ap-southeast-2": { "AccountID": "783225319266" },
 11 |       "ap-northeast-1": { "AccountID": "582318560864" },
 12 |       "sa-east-1":      { "AccountID": "507241528517" },
 13 |       "us-gov-west-1":  { "AccountID": "048591011584" }
 14 |     }
 15 |   },
 16 |   "Resources" : {
 17 |     "MyVPC" : {
 18 |       "Type" : "AWS::EC2::VPC",
 19 |       "Properties" : {
 20 |         "CidrBlock" : "10.0.0.0/16",
 21 |         "EnableDnsSupport" : "true",
 22 |         "EnableDnsHostnames" : "true",
 23 |         "InstanceTenancy" : "default",
 24 |         "Tags" : [ {"Key" : "Name", "Value" : "VPC領域"} ]
 25 |       }
 26 |     },
 27 |     "MyPublicSubnet" : {
 28 |       "Type" : "AWS::EC2::Subnet",
 29 |       "Properties" : {
 30 |         "VpcId" : { "Ref" : "MyVPC" },
 31 |         "CidrBlock" : "10.0.1.0/24",
 32 |         "AvailabilityZone" : "ap-northeast-1c",
 33 |         "Tags" : [ { "Key" : "Name", "Value" : "パブリックサブネット" } ]
 34 |       }
 35 |     },
 36 |     "MyPrivateSubnet" : {
 37 |       "Type" : "AWS::EC2::Subnet",
 38 |       "Properties" : {
 39 |         "VpcId" : { "Ref" : "MyVPC" },
 40 |         "CidrBlock" : "10.0.2.0/24",
 41 |         "AvailabilityZone" : "ap-northeast-1c",
 42 |         "Tags" : [ { "Key" : "Name", "Value" : "プライベートサブネット" } ]
 43 |       }
 44 |     },
 45 |     "MyIGW" : {
 46 |       "Type" : "AWS::EC2::InternetGateway",
 47 |       "Properties" : {
 48 |         "Tags" : [ {"Key" : "Name", "Value" : "インターネットゲートウェイ"}]
 49 |       }
 50 |     },
 51 |     "AttachGateway" : {
 52 |       "Type" : "AWS::EC2::VPCGatewayAttachment",
 53 |       "Properties" : {
 54 |         "VpcId" : { "Ref" : "MyVPC" },
 55 |         "InternetGatewayId" : { "Ref" : "MyIGW" }
 56 |       }
 57 |     },
 58 |     "MyRouteTable" : {
 59 |       "Type" : "AWS::EC2::RouteTable",
 60 |       "Properties" : {
 61 |         "VpcId" : { "Ref" : "MyVPC" },
 62 |         "Tags" : [ { "Key" : "Name", "Value" : "パブリックルートテーブル" } ]
 63 |       }
 64 |     },
 65 |     "MyPrivateRouteTable" : {
 66 |       "Type" : "AWS::EC2::RouteTable",
 67 |       "Properties" : {
 68 |         "VpcId" : { "Ref" : "MyVPC" },
 69 |         "Tags" : [ { "Key" : "Name", "Value" : "プライベートルートテーブル" } ]
 70 |       }
 71 |     },
 72 |     "AttachPublicRouteTableToPublicSubnet" : {
 73 |       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
 74 |       "Properties" : {
 75 |         "RouteTableId" : { "Ref" : "MyRouteTable" },
 76 |         "SubnetId" : { "Ref" : "MyPublicSubnet" }
 77 |       }
 78 |     },
 79 |     "AttachPrivateRouteTableToPrivateSubnet" : {
 80 |       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
 81 |       "Properties" : {
 82 |         "RouteTableId" : { "Ref" : "MyPrivateRouteTable" },
 83 |         "SubnetId" : { "Ref" : "MyPrivateSubnet" }
 84 |       }
 85 |     },
 86 |     "MyRoute" : {
 87 |       "Type" : "AWS::EC2::Route",
 88 |       "Properties" : {
 89 |         "RouteTableId" : { "Ref" : "MyRouteTable" },
 90 |         "DestinationCidrBlock" : "0.0.0.0/0",
 91 |         "GatewayId" : { "Ref" : "MyIGW" }
 92 |       }
 93 |     },
 94 |     "MyPrivateRoute" : {
 95 |       "Type" : "AWS::EC2::Route",
 96 |       "Properties" : {
 97 |         "RouteTableId" : { "Ref" : "MyPrivateRouteTable" },
 98 |         "DestinationCidrBlock" : "0.0.0.0/0",
 99 |         "InstanceId" : { "Ref" : "MyNatEC2Instance" }
100 |       }
101 |     },
102 |     "MyPublicSecurityGroup": {
103 |       "Type" : "AWS::EC2::SecurityGroup",
104 |       "Properties" : {
105 |         "GroupDescription" : "SecurityGroup for web-server instance in public-subnet",
106 |         "SecurityGroupIngress" : [
107 |           {
108 |              "IpProtocol" : "tcp",
109 |              "FromPort" : "22",
110 |              "ToPort" : "22",
111 |              "CidrIp" : "0.0.0.0/0"
112 |           },
113 |           {
114 |             "IpProtocol" : "tcp",
115 |             "FromPort" : "80",
116 |             "ToPort" : "80",
117 |             "CidrIp" : "0.0.0.0/0"
118 |           },
119 |           {
120 |             "IpProtocol" : "icmp",
121 |             "FromPort" : "-1",
122 |             "ToPort" : "-1",
123 |             "CidrIp" : "0.0.0.0/0"
124 |           }
125 |         ],
126 |         "Tags" :  [ { "Key" : "Name", "Value" : "WEB-SG" } ],
127 |         "VpcId" : { "Ref" : "MyVPC" }
128 |       }
129 |     },
130 |     "MyDatabaseSecurityGroup": {
131 |       "Type" : "AWS::EC2::SecurityGroup",
132 |       "Properties" : {
133 |         "GroupDescription" : "SecurityGroup for db-server instance in private-subnet",
134 |         "SecurityGroupIngress" : [
135 |           {
136 |            "IpProtocol" : "tcp",
137 |            "FromPort" : "22",
138 |            "ToPort" : "22",
139 |            "CidrIp" : "0.0.0.0/0"
140 |          },
141 |          {
142 |           "IpProtocol" : "tcp",
143 |           "FromPort" : "3306",
144 |           "ToPort" : "3306",
145 |           "CidrIp" : "0.0.0.0/0"
146 |          },
147 |          {
148 |           "IpProtocol" : "icmp",
149 |           "FromPort" : "-1",
150 |           "ToPort" : "-1",
151 |           "CidrIp" : "0.0.0.0/0"
152 |          }
153 |         ],
154 |         "Tags" :  [ { "Key" : "Name", "Value" : "DB-SG" } ],
155 |         "VpcId" : { "Ref" : "MyVPC" }
156 |       }
157 |     },
158 |     "MyNatSecurityGroup": {
159 |       "Type" : "AWS::EC2::SecurityGroup",
160 |       "Properties" : {
161 |         "GroupDescription" : "SecurityGroup for nat-server instance in public-subnet",
162 |         "SecurityGroupIngress" : [
163 |           {
164 |             "IpProtocol" : "tcp",
165 |             "FromPort" : "22",
166 |             "ToPort" : "22",
167 |             "CidrIp" : "10.0.1.10/32"
168 |           },
169 |           {
170 |             "IpProtocol" : "tcp",
171 |             "FromPort" : "80",
172 |             "ToPort" : "80",
173 |             "CidrIp" : "10.0.2.0/24"
174 |           },
175 |           {
176 |             "IpProtocol" : "tcp",
177 |             "FromPort" : "443",
178 |             "ToPort" : "443",
179 |             "CidrIp" : "10.0.2.0/24"
180 |           }
181 |         ],
182 |         "SecurityGroupEgress" : [
183 |           {
184 |             "IpProtocol" : "tcp",
185 |             "FromPort" : "80",
186 |             "ToPort" : "80",
187 |             "CidrIp" : "0.0.0.0/0"
188 |           },
189 |           {
190 |             "IpProtocol" : "tcp",
191 |             "FromPort" : "443",
192 |             "ToPort" : "443",
193 |             "CidrIp" : "0.0.0.0/0"
194 |           }
195 |         ],
196 |         "Tags" :  [ { "Key" : "Name", "Value" : "NAT-SG" } ],
197 |         "VpcId" : { "Ref" : "MyVPC" }
198 |       }
199 |     },
200 |     "MyPublicEC2Instance": {
201 |       "Type" : "AWS::EC2::Instance",
202 |       "Metadata" : {
203 |         "Comment1" : "Configure the bootstrap helpers to install the Apache Web Server",
204 | 
205 |         "AWS::CloudFormation::Init" : {
206 |           "configSets" : {
207 |             "Install" : [ "Install" ]
208 |           },
209 | 
210 |           "Install" : {
211 |             "packages" : {
212 |               "yum" : {
213 |                 "httpd"        : [],
214 |                 "mysql"        : [],
215 |                 "php"          : [],
216 |                 "php-mysql"    : [],
217 |                 "php-mbstring" : []
218 |               }
219 |             },
220 |             "services" : {
221 |               "sysvinit" : {
222 |                 "httpd" : { "enabled" : "true", "ensureRunning" : "true" }
223 |               }
224 |             }
225 |           }
226 |         }
227 |       },
228 |       "CreationPolicy" : {
229 |         "ResourceSignal" : {
230 |           "Timeout" : "PT5M"
231 |         }
232 |       },
233 |       "Properties" : {
234 |         "ImageId" : "ami-4985b048",
235 |         "InstanceType" : "t2.nano",
236 |         "KeyName" : "macbook12",
237 |         "Tags" : [
238 |           { "Key" : "Name", "Value" : "Webサーバー" }
239 |         ],
240 |         "UserData" : {
241 |           "Fn::Base64" :
242 |             { "Fn::Join" :
243 |               [
244 |                 "",
245 |                 [
246 |                   "#!/bin/bash -xe\n",
247 |                   "yum install -y aws-cfn-bootstrap\n",
248 |                   "# Install the files and packages from the metadata\n",
249 |                   "/opt/aws/bin/cfn-init -v ",
250 |                   "         --stack ", { "Ref" : "AWS::StackName" },
251 |                   "         --resource MyPublicEC2Instance ",
252 |                   "         --configsets Install ",
253 |                   "         --region ", { "Ref" : "AWS::Region" },
254 |                   "\n",
255 |                   "# Signal the status from cfn-init\n",
256 |                   "/opt/aws/bin/cfn-signal -e $? ",
257 |                   "         --stack ", { "Ref" : "AWS::StackName" },
258 |                   "         --resource MyPublicEC2Instance ",
259 |                   "         --region ", { "Ref" : "AWS::Region" },
260 |                   "\n"
261 |                 ]
262 |               ]
263 |             }
264 |         },
265 |         "NetworkInterfaces": [
266 |           {
267 |             "AssociatePublicIpAddress": "true",
268 |             "DeviceIndex": "0",
269 |             "DeleteOnTermination" : "true",
270 |             "PrivateIpAddress" : "10.0.1.10",
271 |             "SubnetId": { "Ref" : "MyPublicSubnet" },
272 |             "GroupSet": [ { "Ref" : "MyPublicSecurityGroup" } ]
273 |           }
274 |         ],
275 |         "BlockDeviceMappings" : [
276 |           {
277 |             "DeviceName" : "/dev/xvda",
278 |             "Ebs" : {
279 |                "VolumeType" : "standard",
280 |                "DeleteOnTermination" : "true",
281 |                "VolumeSize" : "8"
282 |             }
283 |           }
284 |         ]
285 |       }
286 |     },
287 |     "MyPrivateEC2Instance": {
288 |       "Type" : "AWS::EC2::Instance",
289 |       "Metadata" : {
290 |         "Comment1" : "Configure the bootstrap helpers to install the MySQL Server",
291 | 
292 |         "AWS::CloudFormation::Init" : {
293 |           "configSets" : {
294 |             "InstallAndRun" : [ "Install", "Configure" ]
295 |           },
296 | 
297 |           "Install" : {
298 |             "packages" : {
299 |               "yum" : {
300 |                 "mysql-server" : []
301 |               }
302 |             },
303 |             "files" : {
304 |               "/tmp/setup.mysql" : {
305 |                 "content" : {
306 |                   "Fn::Join" : [
307 |                     "",
308 |                     [
309 |                       "CREATE DATABASE ", "wordpress", " DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;\n",
310 |                       "GRANT ALL ON ", "wordpress", ".* TO ",
311 |                       "wordpress", "@'%' IDENTIFIED BY '", "wordpresspasswd", "';\n",
312 |                       "flush privileges;\n"
313 |                     ]
314 |                   ]
315 |                 },
316 |                 "mode"  : "000400",
317 |                 "owner" : "root",
318 |                 "group" : "root"
319 |               },
320 |               "/etc/cfn/cfn-hup.conf" : {
321 |                 "content" : {
322 |                   "Fn::Join" : [
323 |                     "",
324 |                     [
325 |                       "[main]\n",
326 |                       "stack=", { "Ref" : "AWS::StackId" }, "\n",
327 |                       "region=", { "Ref" : "AWS::Region" }, "\n"
328 |                     ]
329 |                   ]
330 |                 },
331 |                 "mode"    : "000400",
332 |                 "owner"   : "root",
333 |                 "group"   : "root"
334 |               },
335 |               "/etc/cfn/hooks.d/cfn-auto-reloader.conf" : {
336 |                 "content": {
337 |                   "Fn::Join" : [
338 |                     "",
339 |                     [
340 |                       "[cfn-auto-reloader-hook]\n",
341 |                       "triggers=post.update\n",
342 |                       "path=Resources.MyPrivateEC2Instance.Metadata.AWS::CloudFormation::Init\n",
343 |                       "action=/opt/aws/bin/cfn-init -v ",
344 |                       "         --stack ", { "Ref" : "AWS::StackName" },
345 |                       "         --resource MyPrivateEC2Instance ",
346 |                       "         --configsets InstallAndRun ",
347 |                       "         --region ", { "Ref" : "AWS::Region" }, "\n",
348 |                       "runas=root\n"
349 |                     ]
350 |                   ]
351 |                 }
352 |               }
353 |             },
354 |             "services" : {
355 |               "sysvinit" : {
356 |                 "mysqld" : { "enabled" : "true", "ensureRunning" : "true" },
357 |                 "cfn-hup" : {
358 |                   "enabled" : "true",
359 |                   "ensureRunning" : "true",
360 |                   "files" : [
361 |                     "/etc/cfn/cfn-hup.conf",
362 |                     "/etc/cfn/hooks.d/cfn-auto-reloader.conf"
363 |                   ]
364 |                 }
365 |               }
366 |             }
367 |           },
368 |           "Configure" : {
369 |             "commands" : {
370 |               "01_set_mysql_root_password" : {
371 |                 "command" : { "Fn::Join" : ["", ["mysqladmin -u root password '", "p@ssw0rd", "'"]]},
372 |                 "test" : { "Fn::Join" : ["", ["$(mysql ", "wordpress", " -u root --password='", "p@ssw0rd", "' >/dev/null 2>&1 </dev/null); (( $? != 0 ))"]]}
373 |               },
374 |               "02_create_database" : {
375 |                 "command" : { "Fn::Join" : ["", ["mysql -u root --password='", "p@ssw0rd", "' < /tmp/setup.mysql"]]},
376 |                 "test" : { "Fn::Join" : ["", ["$(mysql ", "wordpress", " -u root --password='", "p@ssw0rd", "' >/dev/null 2>&1 </dev/null); (( $? != 0 ))"]]}
377 |               }
378 |             }
379 |           }
380 |         }
381 |       },
382 |       "CreationPolicy" : {
383 |         "ResourceSignal" : {
384 |           "Timeout" : "PT10M"
385 |         }
386 |       },
387 |       "Properties" : {
388 |         "ImageId" : "ami-4985b048",
389 |         "InstanceType" : "t2.micro",
390 |         "KeyName" : "macbook12",
391 |         "Tags" : [
392 |           { "Key" : "Name", "Value" : "DBサーバー" }
393 |         ],
394 |         "UserData" : {
395 |           "Fn::Base64" :
396 |             { "Fn::Join" :
397 |               [
398 |                 "",
399 |                 [
400 |                   "#!/bin/bash -xe\n",
401 |                   "yum install -y aws-cfn-bootstrap\n",
402 |                   "# Install the files and packages from the metadata\n",
403 |                   "/opt/aws/bin/cfn-init -v ",
404 |                   "         --stack ", { "Ref" : "AWS::StackName" },
405 |                   "         --resource MyPrivateEC2Instance ",
406 |                   "         --configsets InstallAndRun ",
407 |                   "         --region ", { "Ref" : "AWS::Region" },
408 |                   "\n",
409 |                   "# Signal the status from cfn-init\n",
410 |                   "/opt/aws/bin/cfn-signal -e $? ",
411 |                   "         --stack ", { "Ref" : "AWS::StackName" },
412 |                   "         --resource MyPrivateEC2Instance ",
413 |                   "         --region ", { "Ref" : "AWS::Region" },
414 |                   "\n"
415 |                 ]
416 |               ]
417 |             }
418 |         },
419 |         "NetworkInterfaces": [
420 |           {
421 |             "AssociatePublicIpAddress": "false",
422 |             "DeviceIndex": "0",
423 |             "DeleteOnTermination" : "true",
424 |             "PrivateIpAddress" : "10.0.2.10",
425 |             "SubnetId": { "Ref" : "MyPrivateSubnet" },
426 |             "GroupSet": [ { "Ref" : "MyDatabaseSecurityGroup" } ]
427 |           }
428 |         ],
429 |         "BlockDeviceMappings" : [
430 |           {
431 |             "DeviceName" : "/dev/xvda",
432 |             "Ebs" : {
433 |                "VolumeType" : "standard",
434 |                "DeleteOnTermination" : "true",
435 |                "VolumeSize" : "8"
436 |             }
437 |           }
438 |         ]
439 |       }
440 |     },
441 |     "MyNatEC2Instance": {
442 |       "Type" : "AWS::EC2::Instance",
443 |       "Properties" : {
444 |         "ImageId" : "ami-2f0f6448",
445 |         "InstanceType" : "t2.nano",
446 |         "KeyName" : "macbook12",
447 |         "SourceDestCheck" : false,
448 |         "Tags" : [
449 |           { "Key" : "Name", "Value" : "NATサーバー" }
450 |         ],
451 |         "NetworkInterfaces": [
452 |           {
453 |             "AssociatePublicIpAddress": "true",
454 |             "DeviceIndex": "0",
455 |             "DeleteOnTermination" : "true",
456 |             "PrivateIpAddress" : "10.0.1.20",
457 |             "SubnetId": { "Ref" : "MyPublicSubnet" },
458 |             "GroupSet": [ { "Ref" : "MyNatSecurityGroup" } ]
459 |           }
460 |         ],
461 |         "BlockDeviceMappings" : [
462 |           {
463 |             "DeviceName" : "/dev/xvda",
464 |             "Ebs" : {
465 |                "VolumeType" : "standard",
466 |                "DeleteOnTermination" : "true",
467 |                "VolumeSize" : "8"
468 |             }
469 |           }
470 |         ]
471 |       }
472 |     },
473 |     "MyElasticLoadBalancer": {
474 |       "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
475 |       "Properties": {
476 |         "Scheme": "internet-facing",
477 |         "SecurityGroups": [ { "Ref" : "MyPublicSecurityGroup" } ],
478 |         "LoadBalancerName" : "MyElasticLoadBalancer",
479 |         "Subnets" : [ { "Ref" : "MyPublicSubnet" } ],
480 |         "Instances" : [ { "Ref" : "MyPublicEC2Instance" } ],
481 |         "Tags" : [
482 |           { "Key" : "Name", "Value" : "ELB" }
483 |         ],
484 |         "Listeners": [{
485 |           "LoadBalancerPort": "80",
486 |           "InstancePort": "80",
487 |           "Protocol": "HTTP"
488 |         }],
489 |         "HealthCheck": {
490 |           "Target": "HTTP:80/",
491 |           "HealthyThreshold": "3",
492 |           "UnhealthyThreshold": "5",
493 |           "Interval": "30",
494 |           "Timeout": "5"
495 |         },
496 |         "AccessLoggingPolicy": {
497 |           "Enabled" : "true",
498 |           "S3BucketName" : { "Ref":"LogBucket" }
499 |         }
500 |       }
501 |     },
502 |     "LogBucket" : {
503 |       "Type" : "AWS::S3::Bucket",
504 |       "DeletionPolicy" : "Retain"
505 |     },
506 |     "LogBucketPolicy" : {
507 |       "Type" : "AWS::S3::BucketPolicy",
508 |       "Properties" : {
509 |         "Bucket" : { "Ref" : "LogBucket" },
510 |         "PolicyDocument" : {
511 |           "Id" : "LogBucketPolicy",
512 |           "Statement" : [
513 |             {
514 |               "Sid" : "WriteAccess",
515 |               "Action" : [ "s3:PutObject" ],
516 |               "Effect" : "Allow",
517 |               "Resource" : {
518 |                 "Fn::Join" : [ "", [ "arn:aws:s3:::", { "Ref" : "LogBucket" } , "/AWSLogs/", { "Ref" : "AWS::AccountId" }, "/*" ] ]
519 |               },
520 |               "Principal" : {
521 |                 "AWS" : { "Fn::FindInMap" : [ "ELBLogger", { "Ref": "AWS::Region" }, "AccountID" ] }
522 |               }
523 |             }
524 |           ]
525 |         }
526 |       }
527 |     }
528 |   }
529 | }
530 | 


--------------------------------------------------------------------------------