Adding a Server to Your AWS VPC

By | 2016-05-17

Vpc In a previous blog, I described how to start with AWS Cloudformation by creating a simple network with a vpc and a subnet. This time I’ll finish up basic Cloudformation by showing how to add a couple security groups and a server.

Creating Security Groups

Security groups define what ports and addresses that your servers will respond to. They also define what addresses that your servers can send information to. In an very common design pattern, you would create security groups and subnets for every tier in your stack, typically web, business logic, and database. For this example, I’ll forgo that for something much simpler: a single business tier with a couple security groups to define allowed incoming and outgoing traffic.

The first security group will allow SSH access. Here’s how I represent it in a Cloudformation template:

"SECURITYGROUPSSH": {
    "Type": "AWS::EC2::SecurityGroup",
    "Properties": {
        "GroupDescription": "Enable SSH access to port 22",
        "VpcId": {
        "Ref": "VPC01"
    },
    "SecurityGroupIngress": [{
        "CidrIp" : "0.0.0.0/0",
        "IpProtocol" : "tcp",
        "ToPort" : 22,
        "FromPort": 22
    }]
}

This group basically says that communication on port 22 is allowed into servers within this group from any IP address.

The second security group will allow both HTTP and HTTPS traffic:

"SECURITYGROUPAPPSERVER": {
    "Type": "AWS::EC2::SecurityGroup",
    "Properties": {
        "GroupDescription": "Enable HTTP/S access on port 80/443",
        "VpcId": {
            "Ref": "VPC01"
        },
        "SecurityGroupIngress": [
            {
                "CidrIp": "0.0.0.0/0",
                "IpProtocol": "tcp",
                "ToPort":80,
                "FromPort": 80
            },
            {
                "CidrIp": "0.0.0.0/0",
                "IpProtocol": "tcp",
                "ToPort":443,
                "FromPort": 443
            }
        ]
    }
}

Creating the App Server

The last step of our network is to launch a server instance within our subnet and groups. The following shows the Cloudformation resource:

"SERVER01": {
    "Type": "AWS::EC2::Instance",
    "Properties": {
        "ImageId": "ami-d2c924b2",
        "SecurityGroupIds": [ 
            {"Ref": "SECURITYGROUPAPPSERVER"}, 
            {"Ref": "SECURITYGROUPSSH"}],
        "InstanceType": "t2.micro",
        "KeyName": "charprop",
        "SubnetId": {
            "Ref": "SUBNET01"
        }
    }
}

AWS resources always have a Type, and in this case it is AWS::EC2::Instance. Other important attributes are defined within the Properties object. Note a few of the important properties: ImageId, SecurityGroupIds, InstanceType, KeyName, and SubnetId.

Servers are created with OS and application images. Images are predefined and have identifiers like ami-d2c924b2, which happens to be a minimal CentOS image. You can create your own image or pick from hundreds, maybe thousands, at the AWS Marketplace.

The SecurityGroupIds assigns security groups. In this case, I’ve assigned 2. The “Ref” keyword means that these security group ids are defined within this same Cloudformation template by their logical id.

The InstanceType defines the server CPU and basic RAM sizes. The t2.micro has 1 GB RAM and 1 virtual CPU. Of course, your application needs will much likely be different. For this example, I will eventually deploy a simple RESTful service, and I think this size will suffice.

Finally, KeyName refers to a keypair defined in my AWS account. If you want to SSH into any instance, you’ll need to associate a keypair and references its name in the Cloudformation template. You can also create key pairs within the template, which I have not done here.

Finishing the Deployment

The last step just deploys a server, a do-nothing server that just sits there. Of course, the point of this blog series is more significant. I wanted to show how to use Cloudformation to set up a network and deploy an application within it. So there is one last piece to this: deploying an application onto the server.

Stay tuned for the last blog in this particular series. Next step: deploy an application.

Getting Source Code

You can see the source for this example on my Github charprops project. The final project will deploy a character properties service that provides Unicode data on characters. Check it out and help out too!

Leave a Reply

Your email address will not be published. Required fields are marked *