亚马逊VPC服务,虚拟私有云(Virtual Private Cloud),是把公有云上的云服务资源用网络隔离的方法模拟以用户为个体的云服务私有化服务,亚马逊官网上对其有如下定义:
http://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/GetStarted.html
----------
最后,和大家分享我们为客户制作的VPC cloudformation template, 基本上我们所有的客户的VPC设定都是基于这个设计,什么是AWS Cloudformation? 迟点再跟大家讨论
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Template to bring up a vpc with three public subnet,subnetone and subnettwo are in the same availability zone while subnet three is not, a gateway is attached to the three subnets,a route table with one route is attached to the three subnets",
"Parameters" : {
"AZ1" : {
"Type": "String",
"Description": "the user available Availability Zone 1"
},
"AZ2" : {
"Type": "String",
"Description": "the user available Availability Zone 2"
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsSupport" : true,
"EnableDnsHostnames" : true,
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "Public"
},
{
"Key": "Name",
"Value": "CustomVpc"
}
]
}
},
"VpcSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Open up SSH access and all ports to itself",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
],
"VpcId" : {"Ref" : "VPC"}
}
},
"SecurityGroupRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"DependsOn" : "VpcSecurityGroup",
"Properties": {
"GroupId" : {"Ref":"VpcSecurityGroup"},
"IpProtocol" : "-1",
"SourceSecurityGroupId" : {"Ref": "VpcSecurityGroup"}
}
},
"SecurityInetGroupRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"DependsOn" : "VpcSecurityGroup",
"Properties": {
"GroupId" : {"Ref":"VpcSecurityGroup"},
"IpProtocol" : "-1",
"CidrIp" : "10.0.0.0/16"
}
},
"PublicSubnetOne": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone" : {"Ref" : "AZ1"},
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.0.0/24",
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "Network",
"Value": "Public"
}
]
}
},
"PublicSubnetTwo": {
"Type": "AWS::EC2::Subnet",
"DependsOn": "PublicSubnetOne",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"AvailabilityZone" : {"Ref" : "AZ1"},
"CidrBlock": "10.0.2.0/24",
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "Network",
"Value": "Public"
}
]
}
},
"PublicSubnetThree": {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"AvailabilityZone" : {"Ref" : "AZ2"},
"CidrBlock" : "10.0.4.0/24",
"Tags" : [
{"Key" : "Application","Value" : {"Ref" : "AWS::StackId"}},
{"Key" : "Network","Value" : "Public"}
]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "Network",
"Value": "Public"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "Network",
"Value": "Public"
}
]
}
},
"PublicRouteOne": {
"Type": "AWS::EC2::Route",
"DependsOn": "AttachGateway",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"PubliSubnetOneRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnetOne"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"PublicSubnetTwoRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnetTwo"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"PublicSubnetThreeRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : {"Ref" : "PublicSubnetThree"},
"RouteTableId" : {"Ref" : "PublicRouteTable"}
}
},
"PublicNetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
},
{
"Key": "Network",
"Value": "Public"
}
]
}
},
"InboundHTTPPublicOneNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "80",
"To": "80"
}
}
},
"InboundHTTPSSHPublicOneNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "120",
"Protocol": "-1",
"RuleAction": "allow",
"CidrBlock" : "0.0.0.0/0",
"Egress": "false"
}
},
"InboundDynamicPortsPublicOneNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "101",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "1024",
"To": "65535"
}
}
},
"OutboundHTTPPublicOneNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "Allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "80",
"To": "80"
}
}
},
"OutBoundDynamicPortPublicOneNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "150",
"Protocol": "-1",
"RuleAction": "allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0"
}
},
"PublicSubnetOneNetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnetOne"
},
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
}
}
},
"PublicSubnetTwoNetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnetTwo"
},
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
}
}
}
},
"Outputs": {
"VpcId": {
"Description": "the id of vpc you created",
"Value": {
"Ref": "VPC"
}
},
"VpcSecurityGroup":{
"Description": "the security group id in this VPC",
"Value" : {"Ref":"VpcSecurityGroup"}
},
"PublicSubnetOne": {
"Description": "the subnet one id ",
"Value": {
"Fn::Join" : ["",[
{"Ref" : "PublicSubnetOne"},
":",
{"Ref" : "AZ1"}
]]
}
},
"PublicSubnetTwo": {
"Description": "the subnet two id",
"Value": {
"Fn::Join" : ["",[
{"Ref" : "PublicSubnetTwo"},
":",
{"Ref" : "AZ1"}
]]
}
},
"PublicSubnetThree" : {
"Description" : "the subnet three id",
"Value" : {
"Fn::Join" : ["",[
{"Ref":"PublicSubnetThree"},
":",
{"Ref" : "AZ2"}
]]
}
}
}
}