Exploring AWS Client Tools - Could Formation and the VPC

Basics of AWS VPC

There is an excellent user guide which is more to the point than much of anything I could write on the VPC
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html

Using Cloud Formation with a Beanstalk in a VPC, with both a pre-existing keypair and a pre-existing security group, requires adding the beanstalk into a pre-existing VPC - namely, the one which contains the security group. Thus, the beanstalk cloud formation template is altered with these options

           "OptionSettings" : [
             {
             "Namespace" : "aws:ec2:vpc",
             "OptionName" : "VPCId",
             "Value" : "vpc-eb8aae80"
             },
             {
             "Namespace" : "aws:ec2:vpc",
             "OptionName" : "Subnets",
             "Value" : "subnet-e98aae82"
             },
             {
             "Namespace" : "aws:autoscaling:launchconfiguration",
             "OptionName" : "SecurityGroups",
             "Value" : "sg-c7a86aa2"
             },

Click for the full file

Now the command I used to create the beanstalk is

 aws cloudformation create-stack --stack-name Practice \
 --template-body=file:///Users/mitchhan/aws-cli/tests/ElasticBeanstalkCustom.template \
 --capabilities=CAPABILITY_IAM

 ec2-describe-instances --filter "tag-value=Prac*"

There are yet better ways to list the instances based on the output of the cloudformation command. More on that later, but for now we have the above partial match and can list the EC2 intance created. Obtaining the instance Id in that way, I can run ec2-describe-instance-status and I can see the EC2 instance is up and running.
Now I can test against it's public IP address if the security group which allows all SSH ( later I will lock it down more, but at least for testing purposes now),

 ssh ec2-user@ec2-54-187-193-238.us-west-2.compute.amazonaws.com -i ~/.ssh/aws_rsa

And I'm logged in. It worked. I check the process table with the ps command and I see tomcat is indeed running.

The next thing to add into cloud formation is the webapp war file I want deployed, and the RDS setup.

Quiz

How many subnets come by default in the VPC?

Show Answer

What if you already have a running environment setup the way you want, but you want to save it as a cloudformation template?
You can do that. Use CloudFormer: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-cloudformer.html http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-cloudformer.html

SSL Certificates

Create an SSL certificate with private key as usual

Upload it to IAM with this command

aws iam upload-server-certificate --server-certificate-name myServerCertificate --certificate-body \
file://public_key_cert_file.pem --private-key file://my_private_key.pem --certificate-chain \
file://my_certificate_chain_file.pem

If you later need to print out what certificates you have stored, and most likely you will, you can use this aws command:

aws iam list-server-certificates

Template documentation implies a property of ServerCertificateId, but the value needed in the cloudformation template for that is actually Arn from the above command, for example:

 "Arn": "arn:aws:iam::479179999999:server-certificate/www.yourdomain.com"

This blog also seems useful:
http://blogs.aws.amazon.com/application-management/post/Tx1H4LR4P9OF6HC/Part-3-Develop-Deploy-and-Manage-for-Scale-with-Elastic-Beanstalk-and-CloudForma

Previous Start