22/7/2021 AWS Labs

Arquitectura en AWS - Laboratorio 5:

Automatización de la
implementación de infraestructura
con AWS CloudFormation
Laboratorios de arquitectos de soluciones de AWS

Pagina principal Laboratorio 1 Laboratorio 2 Laboratorio 3 Laboratorio 4

Laboratorio 5 Laboratorio 6

Consola abierta RESUMEN DEL LABORATORIO

La implementación de la infraestructura de manera consistente y

Detalles de confiable es difícil; requiere que las personas sigan procedimientos
conexión documentados sin tomar atajos indocumentados. Además, puede
resultar difícil implementar la infraestructura fuera del horario
Región (Oregon) comercial normal cuando hay menos personal disponible. AWS
CloudFormation cambia esto al definir la infraestructura en una
us-west-2 plantilla que se puede implementar automáticamente, incluso en un
horario automatizado.

En este laboratorio, aprenderá a implementar varias capas de

infraestructura con AWS CloudFormation. También aprenderá a
actualizar una pila, explorar plantillas con AWS CloudFormation
Designer y eliminar una pila.

OBJETIVOS

Después de completar esta práctica de laboratorio, podrá:

Utilice AWS CloudFormation para implementar una capa de

red
Utilice AWS CloudFormation para implementar una capa de
aplicación que haga referencia a la capa de red.
Utilice AWS CloudFormation para actualizar los recursos en
una pila
Explore plantillas con AWS CloudFormation Designer
Eliminar una pila de AWS CloudFormation que tiene una
política de eliminación

https://labs.netec.com/pages/lab5.html 1/12
22/7/2021 AWS Labs

DURACIÓN

Esta práctica de laboratorio requiere aproximadamente 20 minutos

para completarse.

INICIAR LABORATORIO

Esto inicia el proceso de aprovisionamiento de los recursos de su

laboratorio. Se muestra una cantidad estimada de tiempo para
aprovisionar los recursos de sus laboratorios. Debe esperar a que
se aprovisionen sus recursos antes de continuar.

Abra la consola de AWS con el botón verde a la izquierda de

esta página.

En la página de inicio de sesión, coloque el usuario asignado

para el curso

En la sección Contraseña pegue la contraseña asignada

para el curso

Haga clic en "Iniciar sesión"

Enhorabuena, ha iniciado sesión.

Haga clic en la única cuenta que aparece en la interfaz de

usuario.

Seleccione el nombre de la cuenta y aparecerá la lista de

laboratorios.

NOTA: No intente cambiar la contraseña o el usuario.

NOTA: No cambie la región a menos que se le indique.

TAREA 1: DESPLIEGUE UNA CAPA DE RED

A best practice is to deploy infrastructure in layers. Common layers

include the following:

Networking

Application

Database

When using layers, you can re-use infrastructure templates

between systems. For example, you can deploy a common network
topology between Dev/Test/Production or deploy a standard
database for multiple applications.

https://labs.netec.com/pages/lab5.html 2/12
22/7/2021 AWS Labs

In this task, you deploy an AWS CloudFormation template that

creates a networking layer using Amazon Virtual Private Cloud
(Amazon VPC).

1. Right-click the following link and download the template to

your computer: lab-network.yaml

Note: If you want to see how resources are defined, you can open
the template in a text editor.

AWS CloudFormation templates can be written in JSON or YAML.

YAML is similar to JSON, but it is easier to read and edit.

2. In the AWS Management Console, on the Services menu,

click CloudFormation.

3. Click Create stack and configure the following:

STEP 1: SPECIFY TEMPLATE

Template source: Select Upload a template file.

Upload a template file: Click Choose file and select the lab-
network.yaml file you downloaded.

Click Next

STEP 2: SPECIFY STACK DETAILS

Stack name: lab-network

Click Next

STEP 3: CONFIGURE STACK OPTIONS

Tags:

Key: application

Value: inventory

Click Next

STEP 4: REVIEW

Click Create stack

AWS CloudFormation now uses the template to generate a stack of

resources.

https://labs.netec.com/pages/lab5.html 3/12
22/7/2021 AWS Labs

The specified tags will be automatically propagated to the

resources that are created, making it easier to identify resources
that a particular application uses.

3. Click the Stack info tab, under the lab-network name.

4. Wait for the Status to change to CREATE_COMPLETE.

Note: Click the refresh icon every 15 seconds to update the display
if necessary.

Now, examine the resources that were created.

4. Click the Resources tab.

You see a list of the resources created by the template.

Note: If the list is empty, click the refresh icon to update the list.

5. Click the Events tab and scroll through the listing.

The listing shows (in reverse chronological order) the activities that
AWS CloudFormation performed, such as starting to create a
resource and then completing the resource creation. Any errors
encountered during the creation of the stack will be listed in this
tab.

6. Click Outputs tab.

An AWS CloudFormation stack can provide output information,

such as the ID of specific resources and links to resources.

You see two outputs:

PublicSubnet: The value is the ID of the public subnet that

was created (for example, subnet-08aafd57f745035f1

VPC: The value is the ID of the VPC that was created (for
example, vpc-08e2b7d1272ee9fb4)

The Outputs tab can also provide values that other stacks will use.
The Export name column shows these values. In this case, the
VPC and subnet IDs are given an export name so that other stacks
can retrieve the values and build resources inside the VPC and
subnet. You will use these values in the next task.

7. Click the Template tab.

This tab shows the template that was used to create the stack. In
this case, it shows the template that you uploaded while creating
the stack. Feel free to examine the template and see the resources
that were created. The Outputs section at the end of the template
defined the values to export.

https://labs.netec.com/pages/lab5.html 4/12
22/7/2021 AWS Labs

TASK 2: DEPLOYING AN APPLICATION LAYER

Now that the network layering is deployed, it is time to deploy an

application layer that contains an Amazon Elastic Compute Cloud
(Amazon EC2) instance and a security group.

The AWS CloudFormation template will import the VPC and subnet
IDs from the outputs of the existing AWS CloudFormation stack.
The template will then use this information to create the security
group in the VPC and the EC2 instance in the subnet.

8. Right-click the following link and download the template to

your computer: lab-application.yaml

Note: If you want to see how resources are defined, you can open
the template in a text editor.

9. In the left navigation pane, click Stacks.

Note: You may need to expand the navigation pane by clicking the
menu icon.

10. Click Create stack and then With new resources (standard)

11. Configure the following:

STEP 1: SPECIFY TEMPLATE

Template source: Click Upload a template file

Upload a template file: Click Choose file and select the lab-
application.yaml file you downloaded.

Click Next

STEP 2: SPECIFY STACK DETAILS

Stack name: lab-application

NetworkStack name: lab-network

Click Next

Note: The NetworkStackName parameter tells the template the

name of the first stack you created (lab-network) so that the
template can retrieve values from that stack's outputs.

STEP 3: CONFIGURE STACK OPTIONS

Tags:

https://labs.netec.com/pages/lab5.html 5/12
22/7/2021 AWS Labs

Key: application

Value: inventory

Click Next

STEP 4: REVIEW

Click Create stack

While the stack is being created, examine the Events and

Resources tabs to view the resources that are being created.

12. Wait for the Status (on the Stack info tab) to change to
CREATE_COMPLETE.

Your application is now ready!

13. Click the Outputs tab.

14. Copy the URL that is displayed, open a new web browser tab,
paste the URL, and press ENTER

A new browser tab opens, taking you to the application running on

the web server.

An AWS CloudFormation stack can also reference values from

another stack. For example, the following is a portion of the lab-
application template that references the lab-network template:

WebServerSecurityGroup:

Type: AWS::EC2::SecurityGroup

Properties:

GroupDescription: Enable HTTP ingress

VpcId:

Fn::ImportValue:

!Sub ${NetworkStackName}-VPCID

The last line uses the NetworkStackName (lab-network), which you

provided when the stack was created. The template then imports
the value of lab-network-VPCID from the outputs of the first stack
and inserts the value into the VPC ID field of the security group
definition. The result is that the security group is created in the VPC
that the first stack created.

In another example, the following is the code that places the

Amazon EC2 instance into the correct subnet:

SubnetId:

Fn::ImportValue:

https://labs.netec.com/pages/lab5.html 6/12
22/7/2021 AWS Labs

!Sub ${NetworkStackName}-SubnetID

The template takes the subnet ID from the lab-network stack and
uses it in the lab-application stack to launch the instance into the
public subnet that the first stack created.

This demonstrates how you can use multiple AWS CloudFormation

stacks to deploy infrastructure in multiple layers.

TASK 3: UPDATING A STACK

AWS CloudFormation can also update a stack that has been

deployed. When updating a stack, AWS CloudFormation will only
modify or replace the resources that are being changed. Any
resources that are not being changed are left as-is.

In this task, you update the lab-application stack to modify a setting

in the security group. AWS CloudFormation will not modify any of
the other resource

First, you examine the current settings on the security group.

15. In the AWS Management Console, on the Services menu,

click EC2.

16. In the left navidation pane, click Security Groups.

17. Select Web Server Security Group.

18. On the lower half of the page, click the Inbound rules tab.

The security group currently only has one rule, which permits HTTP
traffic.

Now, return to AWS CloudFormation to update the stack.

19. On the Services menu, click CloudFormation

20. Right-click this link and download the updated template to

your computer: lab-application2.yaml

This template has an additional configuration to permit inbound

SSH traffic on port 22:

- IpProtocol: tcp

FromPort: 22

ToPort: 22

CidrIp: 0.0.0.0/0

21. Click the lab-application stack name.

https://labs.netec.com/pages/lab5.html 7/12
22/7/2021 AWS Labs

22. Click Update in the upper right corner and configure:

Click Replace current template

Template source: Click Upload a template file

Upload a template file: Click Choose file and select the lab-
application2.yaml file you downloaded.

23. Click Next two times to advance to the Review page.

In the Change set preview section at the bottom of the page, AWS
CloudFormation displays the resources that will be updated, as
shown in the following image:

AWS CloudFormation will modify the WebServerSecurityGroup

without needing to replace it (Replacement = False). This means
there will be a minor change to the security group, and no
references to the security group will need to change.

24. Click Update stack

25. Wait for the Status (in the Stack info tab) to change
UPDATE_COMPLETE.

Note: Click the refresh icon every 15 seconds to update the display
if necessary.

You can now verify the change.

26. Return to the EC2 console. In the left navigation pane, click
Security Groups.

27. Select the WebServerSecurityGroup.

The Inbound rules tab displays an additional rule for SSH traffic.

The internet gateway is now attached to your Lab VPC. Even

though you have created an internet gateway and attached it to
your VPC, you must also configure the route table of the public
subnet to use the internet gateway.

This demonstrates how you can deploy changes in a repeatable,

documented process. You can store the AWS CloudFormation
template in a source code repository, such as AWS CodeCommit,
https://labs.netec.com/pages/lab5.html 8/12
22/7/2021 AWS Labs

to maintain a history of the template and the infrastructure that has

been deployed.

TASK 4: EXPLORING TEMPLATES WITH AWS

CLOUDFORMATION DESIGNER

AWS CloudFormation Designer is a graphic tool for creating,

viewing, and modifying AWS CloudFormation templates. With
Designer, you can diagram your template resources using a drag-
and-drop interface. Then, edit resource details with the integrated
JSON and YAML editor. Whether you are a new or experienced
AWS CloudFormation user, Designer can help you quickly see the
interrelationship between a template's resources and easily modify
templates.

In this task, you gain some hands-on experience with AWS

CloudFormation Designer.

28. On the Services menu, click CloudFormation.

29. In the left navigation pane, click Designer.

You may need to expand the navigation pane by clicking the menu
icon.

30. Use the file menu in the top left corner to open a Local file
and select the lab-application2.yaml template you
downloaded previously.

Designer displays a graphical representation of the template, as

shown in the following image:

https://labs.netec.com/pages/lab5.html 9/12
22/7/2021 AWS Labs

Rather than drawing a typical architecture diagram, Designer is a

visual editor for AWS CloudFormation templates, so Designer
draws the resources defined in a template and their relationships to
each other.

31. Experiment with the features of the Designer. The following

are a few things to try:

Click a displayed resource. The lower pane then displays the

portion of the template that defines the resource.

From the Resource types pane on the left, drag a new

resource into the design area. The definition of the resource is
automatically inserted into the template.

Drag the resource connector circles to create relationships

between resources.

Open the lab-network.yaml template you downloaded earlier

in the lab, and explore its resources too

32. When you're done, click close in the upper left corner

TASK 5: DELETING THE STACK

When resources are no longer required, AWS CloudFormation can

delete the resources built for the stack.

You can specify a deletion policy for resources. Such a policy can
preserve or (in some cases) back up a resource when its stack is
deleted. This is useful for retaining databases, disk volumes, or any
resource that might be required after stack deletion.

The lab-application stack has been configured to take a snapshot of

an Amazon Elastic Block Store (Amazon EBS) disk volume before it is
deleted. The following code block shows this section of the AWS
CloudFormation template:

DiskVolume:

Type: AWS::EC2::Volume

Properties:

Size: 100

AvailabilityZone: !GetAtt
WebServerInstance.AvailabilityZone

Tags:

- Key: Name

Value: Web Data

DeletionPolicy: Snapshot

The DeletionPolicy in the final line directs AWS CloudFormation to

create a snapshot of the disk volume before it is deleted.

https://labs.netec.com/pages/lab5.html 10/12
22/7/2021 AWS Labs

You will now delete the lab-application stack and see the results of
this deletion policy.

33. Click the name of the lab-application stack.

34. Click Delete in the upper right corner

35. Click Delete stack

You can monitor the deletion process in the Events tab and update
the screen by clicking the refresh icon occasionally. You might also
see a reference to the Amazon EBS snapshot being created.

Now, check that a snapshot was created of the EBS volume before it
was deleted.

37. On the Services menu, click EC2.

38. In the left navigation pane, click Snapshots.

You should see a snapshot with a Started time in the last few minutes.

CLEAN UP RESOURCES

39. Select the only snapshot called Web Data

40. At the top, click on Actions and then Delete option

41. Click Yes, Delete button

42. In the Services menu click CloudFormation.

43. Select the only remaining stack and click Delete at the top right.

44. Click on Delete stack button

IMPORTANT: Notify your instructor that you have

finished cleaning up the resources.

CONCLUSION

¡Congratulations! You now have successufully:

Used AWS CloudFormation to deploy a networking layer

Used AWS CloudFormation to deploy an application layer that
references the networking layer
Used AWS CloudFormation to update resources in a stack
Explored templates with AWS CloudFormation Designer
Deleted an AWS CloudFormation stack that has a deletion policy

https://labs.netec.com/pages/lab5.html 11/12
22/7/2021 AWS Labs

END LAB

Click to go up

https://labs.netec.com/pages/lab5.html 12/12