Open In App

Creating a Virtual Private Cloud (VPC) with Subnets Using AWS CloudFormation Designer: Step-by-Step Guide

Last Updated : 01 Feb, 2024
Improve
Improve
Like Article
Like
Save
Share
Report

CloudFormation is a service offered by AWS. The goal of this service is to send user requests to AWS through a script written by the user. After receiving a response from AWS, the service displays that information in the AWS console log to update the user on the request status. The term “script” refers to the YAML or JSON file created by the user, and its contents are based on the user’s specific needs. This script is designed to be repeatable and trackable and can contribute to cost savings.

When performing the manual steps outlined in the script one by one, there is a risk of making mistakes in previous steps, potentially preventing the user from reaching their end goal. In such cases, it becomes necessary to recheck and configure the steps again. This is particularly challenging for beginners, as there is a high likelihood of modifying or deleting the wrong service or another project service.

To mitigate these issues, the CloudFormation service comes into play. If the written script fails to execute, the service ensures that all the services created by AWS in the preceding steps are rolled back and deleted. Additionally, a comprehensive error message is displayed on the AWS Console, aiding users in identifying and addressing any issues that may have arisen during the process.

Step To Build a VPC (Virtual Private Cloud) with CloudFormation

Getting started with the AWS CloudFormation

Step 1: We will use an IAM user to log into the AWS console to get started. When executing actions in AWS, it is advised to use an IAM user account instead of the root account. If you’re not sure how to create an IAM user, just follow these easy instructions:

  • Access your root account by logging in.

aws-login

  • Open the AWS Management Console.
  • Look for “IAM” and choose the IAM service.

iam-console-navigation

  • Choose “Users” from the navigation pane on the left.

user-navigation

  • Press the “Create user” button.

click-create-user

  • Give the username and choose the right kind of access (e.g., programmatic access, AWS Management Console access, or both).
  • If necessary, provide the user with a password.

add-user-details

  • Press the “Next: Permissions” button.
  • Link the user account to the applicable permissions policies.

set-permissions

  • Click “Create user” after reviewing the user’s information.

review-user

  • Keep the user’s access keys safe (if applicable).

Step 2:Now Login with user IAM user account in AWS console.

IAM user credentials

Step 3:Before proceeding to the next step, it’s important to note that creating a VPC (Virtual Private Cloud) using CloudFormation necessitates a script written in either YAML or JSON format. For the purposes of this article, we’ve prepared a script in YAML.Save above YAML script in your local device with .yaml extension to perform this task.

Description:  This template deploys a VPC, with a pair of public and private subnets spread
across two Availability Zones. It deploys an internet gateway, with a default
route on the public subnets.

Parameters:
EnvironmentName:
Description: An environment name that is prefixed to resource names
Type: String
VpcCIDR:
Description: Please enter the IP range (CIDR notation) for this VPC
Type: String
Default: 252.8.0.0/16
PublicSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 252.8.10.0/24
PublicSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone
Type: String
Default: 252.8.11.0/24
PrivateSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone
Type: String
Default: 252.8.20.0/24
PrivateSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone
Type: String
Default: 252.8.21.0/24

Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref EnvironmentName
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Ref EnvironmentName
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet1CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ1)
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet2CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ2)
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet1CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Subnet (AZ1)
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet2CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Subnet (AZ2)
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Routes
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet2
PrivateRouteTable1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Routes (AZ1)
PrivateSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable1
SubnetId: !Ref PrivateSubnet1
PrivateRouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Routes (AZ2)
PrivateSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable2
SubnetId: !Ref PrivateSubnet2
NoIngressSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "no-ingress-sg"
GroupDescription: "Security group with no ingress rule"
VpcId: !Ref VPC

Outputs:
VPC:
Description: A reference to the created VPC
Value: !Ref VPC
PublicSubnets:
Description: A list of the public subnets
Value: !Join [ ",", [ !Ref PublicSubnet1, !Ref PublicSubnet2 ]]
PrivateSubnets:
Description: A list of the private subnets
Value: !Join [ ",", [ !Ref PrivateSubnet1, !Ref PrivateSubnet2 ]]
PublicSubnet1:
Description: A reference to the public subnet in the 1st Availability Zone
Value: !Ref PublicSubnet1
PublicSubnet2:
Description: A reference to the public subnet in the 2nd Availability Zone
Value: !Ref PublicSubnet2
PrivateSubnet1:
Description: A reference to the private subnet in the 1st Availability Zone
Value: !Ref PrivateSubnet1
PrivateSubnet2:
Description: A reference to the private subnet in the 2nd Availability Zone
Value: !Ref PrivateSubnet2
NoIngressSecurityGroup:
Description: Security group with no ingress rule
Value: !Ref NoIngressSecurityGroup

Steps To Build a CloudFormation Stack

Step 1: Assuming you’ve logged in with your IAM user, head to the console, search for “CloudFormation,” and select the CloudFormation service.

click-cloud-formation

Click on CloudFormation

Step 2: On the dashboard, click on the “Create stack” button and select the first option,  “With new resources (standard)”.

click-create-stack

new-resource

Click on “With new resources”

Step 3: A template file is required for the stack, which can be either a local file or an object file in an S3 bucket. here, we will be using a local template. First, select the local template file by clicking on the “Template is ready” button, next “Upload a template file”, then click on “Choose file” to continue.

create-stack

Step 4: Enter a Stack name and EnvironmentName in the designated fields. The remaining details will be automatically populated based on the script provided in the previous step. Once you’ve entered this information, proceed by clicking on the “Next” button.

stack-name

Write “Stack name” and “EnvironmentName”

Step 5: Tailor the stack options to meet your specific requirements and then click on the “Next” button.

next-step

Click on Next

Step 6: Double-check all details before submitting your request to AWS.

review-details

Review details and Click on Submit

Step 7: If our script runs successfully, we’ll see an output confirming its completion in the Outputs section of the console in a format written in our script. Otherwise, AWS will automatically roll back the request.

output-of-script-execution

Script successfully executed

  • Under the “Events” tab, we can see the current status or event data.
creation-status

Creation status of our requests

Verification Of Our Requests

In the script, we have specified our requests. Now, Let’s confirm whether AWS has executed them successfully or not.Now, navigate to the VPC section within the AWS Management Console and click on it to access your VPC resources.

vpc-navigation

Click on VPC

On the left panel, you’ll find a list of interfaces that lead to your created resources. These act as gateways to view and manage your VPC, subnets, route tables, and internet gateways. Let’s click on each one to explore their details.

vpc-dashboard

VPC Dashboard

VPCs Establishment

  • The virtual private cloud (VPC) is established in alignment with our scripted configuration.
  • Code snippet of our VPCs Establishment:
Parameters:
EnvironmentName:
Description: An environment name that is prefixed to resource names
Type: String
VpcCIDR:
Description: Please enter the IP range (CIDR notation) for this VPC
Type: String
Default: 252.8.0.0/16

Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref EnvironmentName
vpc

VPC

Subnets Creation

  • Subnets are generated based on our configuration.
  • Code snippet for our Subnets Creation:
Parameters:
PublicSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 252.8.10.0/24
PublicSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone
Type: String
Default: 252.8.11.0/24
PrivateSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone
Type: String
Default: 252.8.20.0/24
PrivateSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone
Type: String
Default: 252.8.21.0/24

Resources:
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet1CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ1)
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet2CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ2)
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet1CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Subnet (AZ1)
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet2CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Subnet (AZ2)

Subnets

Route Table Configuration

  • The route table is established as per our configuration.
  • Code snippet for our Route Table Configuration:
Resources:
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Routes
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet2
PrivateRouteTable1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Routes (AZ1)
PrivateSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable1
SubnetId: !Ref PrivateSubnet1
PrivateRouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Routes (AZ2)
PrivateSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable2
SubnetId: !Ref PrivateSubnet2

Route Table

Internet Gateway Configuration

  • The internet gateway is created in line with our configuration.
  • Code snippet for our Internet Gateway Configuration:
Resources:
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Ref EnvironmentName
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC

Internet gateways

AWS CloudFormation Designer For VPC- FAQs

What Are CloudFormation And AWS?

Amazon Web Services is a cloud computing platform that provides a range of services, including database management, processing power, and storage that is available on demand. AWS CloudFormation is a service that facilitates the automation and management of AWS resource creation and deployment using code (YAML or JSON).

Why Create A VPC Using CloudFormation?

Create a VPC using CloudFormation because.

  • Faster: Compared to manual configuration, automating resource creation saves time and effort.
  • Consistent: Guarantees uniform deployment of infrastructure in all environments.
  • Repeatable: Development and testing infrastructure that is readily repeatable.
  • Manageable: Updating and maintaining infrastructure is made easier with code-based templates.


Like Article
Suggest improvement
Previous
Next
Share your thoughts in the comments

Similar Reads