How to Deploy AWS VPC using CloudFormation Template and Update,Delete CloudFormation Stack?

Task 1:Deploy a Stack using AWS CloudFormation

NOTE:Before we do anything,select the region where you want to deploy this cloudformation template.(For demo purposes,I will be using Mumbai Region)

1.In the management console,under services ,Click CloudFormation under Management & Governance.

2.Click Create Stack->Select Upload a template to Amazon S3 under Choose a template option ->Click Next.

3.Specify Stack Name->Click Next->Leave default values->Click Next.

4.Review the Stack->Click Create.

Now we can check the status of the stack as CREATE_IN_PROGRESS until the resources have been created.We can look at events tab for the work being performed by cloudformation.

Stack creation is complete and we can see the list of resources created under resources tab.

Task 2: Let's Examine the resources which got created for deploying VPC using CloudFormation Stack.


Here are the resources that have been created by CloudFormation within one availability zone.

An Amazon VPC

An Internet Gateway

Two Subnets

Two Route Tables

1.On the services menu,Click VPC under Networking & Content Delivery.

2.In the left navigation pane,Click Your VPCs->Select Lab VPC.( VPC which was created using CloudFormation)

3.Here is the code from the CloudFormation template that created this VPC:

AWSTemplateFormatVersion: 2010-09-09 Description: Deploy a VPC

Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsHostnames: true Tags: – Key: Name Value: Lab VPC

This code is in YAML format.CloudFormation accepts both YAML and JSON code format.

The Type parameter in the above code declares the type of resources being created by CloudFormation.The Properties section then specifies more information about the resource to create.In this case,it defines :

CidrBlock:The IP address range associated with the VPC.

EnableDnsHostnames:Configures the VPC to associate DNS names with Amazon EC2 instances.

Tags:Adds a friendly name to the resource.

4.In the left navigation pane,Click Internet Gateways.

Here is the code from the CloudFormation template that created this Internet Gateway:

InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: – Key: Name Value: Lab Internet Gateway

We can also observe that this Internet Gateway is attached to the VPC.This was done with this code in the CloudFormation template.

AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway

A VPC Gateway Attachment creates a relationship between a VPC and a gateway such as Internet Gateway.This template also refers to other elements in the template with the !Ref keyword,followed by name of the other resource.This makes easy to build resources that link to each other by simply referencing the name.

5.In the left navigation pane,Click Subnets.

Two Subnets will appear Public Subnet 1 and Private Subnet 1.

Here is the code from the CloudFormation template that created the subnets:

PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/24 AvailabilityZone: !Select – ‘0’ – !GetAZs ” Tags: – Key: Name Value: Public Subnet 1

PrivateSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 10.0.1.0/24 AvailabilityZone: !Select – ‘0’ – !GetAZs ” Tags: – Key: Name Value: Private Subnet 1

VpcId refers to the VPC that contains the subnet.

CidrBlock is the range of IP address assigned to the subnet.

Availability Zone defines which physical location within the region should contain the subnet.

Availability Zone is using a function called !Select and a function called !GetAZs .The code is retrieving a list of Availability Zones within the region ans is referencing the first element from the list.

6.In the left navigation pane,Click Route Tables.

Two route tables Public Route and Private Route Tables are created.

Here is the code from the CloudFormation template that created Public Route Table and Private Route Table:

PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: – Key: Name Value: Public Route Table

PrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: – Key: Name Value: Private Route Table

Here is the code that defined the route to the internet within the Public Route Table:

PublicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway

RouteTableId indicates the Route Table that owns the route.

DestinationCidrBlock defined the IP address range for this routing rule.(Where 0.0.0.0/0 refers to traffic bound to internet)

GatewayId defines where to route the traffic,which in this case is the Internet Gateway that was defined earlier in the template.

6.Click the Subnet Associations tab.

The console shows that the Public Route Table is associated with Public Subnet 1.A Route Table can be associated with multiple subnets,with each association requiring an explicit linkage.

Here is the code that defined the linkage:

PublicSubnetRouteTableAssociation1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicRouteTable

Similarly for Private Route table is associated with Private Subnet 1.Here is the code that defined the linkage:

PrivateSubnetRouteTableAssociation1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet1 RouteTableId: !Ref PrivateRouteTable

7.On the services menu,Click CloudFormation ->Select the VPC Stack which we created ->Click Outputs Tab .It shows the resources which got created.

VPC is the ID of the VPC that was created.

AZ1 shows the availability zone in which subnets were created.Here is the code that configured the outputs:

Outputs: VPC: Description: VPC Value: !Ref VPC AZ1: Description: Availability Zone 1 Value: !GetAtt – PublicSubnet1 – AvailabilityZone

The AZ1 output uses the !GetAtt function to retrieve an attribute of the resources.In this case,it is retrieving the Availability Zone attribute from Public Subnet 1.

Task 3:Updating a Stack

In this task,we will update the stack with a new CloudFormation template that defines the following resources:

Additional Public and Private Subnets have been added in another Availability Zone .

1.In the Actions menu,Click Update Stack.

2.Select Upload to Amazon S3 template under Choose a template->Select Choose file and upload updated cloudformation template->Click Next->Again Click Next->Again Click Next .

3.Review the CloudFormation template and Click Update.

It indicates that two new subnets will be created and in addition two new Route Tables Associations will be added,to associate these subnets with their appropriate Route Tables.

4.The updated CloudFormation stack is completed ->Click on the outputs tab and we will see the Additional Availability Zone displayed.

Now If we click on Subnets on the left navigation pane,Four Subnets are now displayed.

Task 4:Delete the Stack

In this task,we will delete the stack ,which will automatically delete the VPC and its components.

1.Select the Stack which we created->go to Actions menu->Click Delete Stack.

Once the stack has been deleted,it will disappear from the list and we can also cross check in Your VPCs to see if it is no longer listed.It will also delete its associated Internet Gateways,Subnets and its Route Tables.


©2019 by Raghavendra Kambhampati