Dheeraj Choudhary
Dheeraj Choudhary's Blog

Dheeraj Choudhary's Blog

Deploy AWS Cloudformation Templates Using AWS CLI | Create NACL, Inbound & Outbound Routes, Security Group & Associate With Subnet

Deploy AWS Cloudformation Templates Using AWS CLI | Create NACL, Inbound & Outbound Routes, Security Group & Associate With Subnet

Dheeraj Choudhary
·May 4, 2022·

5 min read

Subscribe to my newsletter and never miss my upcoming articles

Play this article

Table of contents

Welcome back to the series of AWS Cloudformation For Beginners 👨🏻‍💻. In this blog we will be deploying AWS NACL, Inbound & Outbound Routes, Security Group & Associate With Subnet.

If you are a beginner and want to start your journey towards infra-as-code developer as part of your devops role buckle up 🚴‍♂️ and lets get started and understand core cloudformation concepts by implementing it...🎬

❗️❗️❗️ Pre-Requisite ❗️❗️❗️

1️⃣ Add visual studio code extension [Mandatory]

2️⃣ Adding VS Code Indentation Extension For Cloudformation Templates [Optional]

3️⃣ Deploy VPC, IGW & Associate [Mandatory]

4️⃣ Deploy only public subnet template from below blog [Mandatory]

🌟Launch NACL, Inbound & Outbound Routes And Associate With Subnet🌟

Create NACL, NACL Inbound & Outbound Routes And Associate Nacl With Subnet image.png 🔳 Parameters:-
CustomVPC :- Using this parameter for VPC "AWS::EC2::VPC::Id" we can list existing VPC list into the account and select anyone from them. Apart from this list we can also you default value if no value is selected in the parameter.
PublicSubnet: Using this parameter for Subnet "AWS::EC2::Subnet::Id" we can list existing subnet list from the account and select anyone from them. Apart from this list we can also you default value if no value is selected in the parameter.
🔳 Resources
MyNACL:- As part of this resource we use type "AWS::EC2::NetworkAcl".
InboundRule & OutboundRule:-. Specifies an entry, known as a rule, in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules.
mySubnetNetworkAclAssociation:-Associates a subnet with a network ACL.
🔳 Outputs: Its always a best practice to print output for your resources.
outputNACL: A reference to the created NACL.
outputInboundRule: A reference to the created NACL Inbound Rule.
outputEipforNatGateway: A reference to the created EipforNatGateway.
outputNACLOutboundRule: A reference to the created NACL Outbound Rule.
outputNACLSubnetNetworkAclAssociation: A reference to the created NACL Subnet NetworkAcl Association.

Parameters:
  CustomVPC:
    Description: Select One VPC available in your existing account
    Type: AWS::EC2::VPC::Id
    Default: "<your default VPC ID>"
  PublicSubnet:
    Description: Select one public subnet available in your existing account
    Type: AWS::EC2::Subnet::Id
    Default: "your default public subnet id"
Resources:
  MyNACL:
    Type: AWS::EC2::NetworkAcl
    Properties:
       VpcId: !Ref CustomVPC
       Tags:
       - Key: Name
         Value: Nacl
  InboundRule:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
       NetworkAclId:
         Ref: MyNACL
       RuleNumber: 100
       Protocol: 6
       RuleAction: allow
       CidrBlock: 172.16.0.0/24
       PortRange:
         From: 22
         To: 22
  OutboundRule:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
       NetworkAclId:
         Ref: MyNACL
       RuleNumber: 100
       Protocol: -1
       Egress: true
       RuleAction: allow
       CidrBlock: 0.0.0.0/0
  mySubnetNetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
       SubnetId:
         Ref: PublicSubnet
       NetworkAclId:
         Ref: MyNACL
Outputs:
  outputNACL:
    Description: A reference to the created NACL
    Value: !Ref MyNACL
  outputInboundRule:
    Description: A reference to the created NACL Inbound Rule
    Value: !Ref InboundRule
  outputNACLOutboundRule:
    Description: A reference to the created NACL Outbound Rule
    Value: !Ref OutboundRule
  outputNACLSubnetNetworkAclAssociation:
    Description: A reference to the created NACL Subnet NetworkAcl Association
    Value: !Ref mySubnetNetworkAclAssociation

🔊 To view entire github code click here

1️⃣ Lets validate our template 👨‍💻

aws cloudformation validate-template --template-body file://<file path>

2️⃣ After successfull template verification lets create stack using our template 👨‍💻

aws cloudformation create-stack --stack-name naclwithsubnetassociation --template-body file://<file path>

Note:- If you are not providing default vpc id in parameter then you will have to use below command

aws cloudformation create-stack --stack-name naclwithsubnetassociation --template-body file://<file path> --parameters ParameterKey=CustomVPC,ParameterValue=<VPC ID>

3️⃣ Check if the stack we created via template is completed successfully 👨‍💻

aws cloudformation list-stack-resources --stack-name naclwithsubnetassociation

4️⃣ Describe stack and its resources to view its properties 👨‍💻

aws cloudformation describe-stacks --stack-name naclwithsubnetassociation
aws cloudformation describe-stack-resources --stack-name naclwithsubnetassociation

5️⃣ Check events for stack formation 👨‍💻

aws cloudformation describe-stack-events --stack-name naclwithsubnetassociation

👁‍🗨👁‍🗨 YouTube Tutorial 📽

🌟Deploy Security Group🌟

🔳 Resources
InstanceSecurityGroup:- As part of this resource we use type "AWS::EC2::SecurityGroup".Specifies a security group. To create a security group, use the VpcId property to specify the VPC for which to create the security group.
🔳 Outputs: Its always a best practice to print output for your resources.
outputInstanceSecurityGroup: A reference to the created security group.

Resources:
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access and HTTP access on the inbound port
      GroupName: AllowAllTraffic
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
Outputs:
  outputInstanceSecurityGroup:
    Description: A reference to the created security group
    Value: !Ref InstanceSecurityGroup

To view entire github code click here

1️⃣ Lets validate our template 👨‍💻

aws cloudformation validate-template --template-body file://<file path>

2️⃣ After successfull template verification lets create stack using our template 👨‍💻

aws cloudformation create-stack --stack-name launchsecuritygroup --template-body file://<file path>

3️⃣ Check if the stack we created via template is completed successfully 👨‍💻

aws cloudformation list-stack-resources --stack-name launchsecuritygroup

4️⃣ Describe stack and its resources to view its properties 👨‍💻

aws cloudformation describe-stacks --stack-name launchsecuritygroup
aws cloudformation describe-stack-resources --stack-name launchsecuritygroup

5️⃣ Check events for stack formation 👨‍💻

aws cloudformation describe-stack-events --stack-name launchsecuritygroup

👁‍🗨👁‍🗨 YouTube Tutorial 📽

❗️❗️Important AWS Documentation To Be Viewed❗️❗️

⛔️ AWS::EC2::VPC
⛔️ AWS::EC2::NetworkAcl
⛔️ AWS::EC2::Subnet
⛔️ AWS::EC2::NetworkAclEntry
⛔️ AWS::EC2::SubnetNetworkAclAssociation
⛔️ AWS::EC2::SecurityGroup
⛔️ Condition functions

🥁🥁 Conclusion 🥁🥁

In this blog I have covered 2 scenarios in which we will create
✦ AWS NACL, NACL Inbound & Outbound Routes And Associate Nacl With Subnet
✦ Security Group
I have used AWS CLI command to deploy these template and trust me AWS CLI is the realtime hero and I would suggest you to get acquainted towards it. Stay with me for the next release.

📢 Stay tuned for my next blog.....

🎊So, did you find my content helpful? If you did or like my other content, feel free to buy me a coffee. Thanks. 🎊

💫Cloudformation Series Sequence💫

🔰 Deploy VPC With Internet Gateway & Associate I
🔰 Public, Private Subnet & Route Table Creation & Association II
🔰 Private Subnet,Nat Gateway, Elastic Ip, Private Route Table & Associate III
🔰 NACL, Inbound & Outbound Routes, Security Group & Associate With Subnet IV
🔰 EC2 With Security Group & User Data & Mapping V
🔰 Target Group, Elastic Load Balancer & ELB Listener VI
🔰 Build Web Application Layer With AWS CloudFormation VII

⌛️Realtime Usecases Cloudformation Templates⏳

💨 Schedule Automatic Detection Of Unused AWS EBS Volumes & Notify
💨 Schedule Automatic Detection Of Non Associated AWS Elastic IP's In AWS Account On Weekly Basis And Notify
💨 Schedule Automatic Deregistration Of AWS AMI On Weekly Basis And Notify

👨🏻‍💻Cloudformation Github Repository👨🏻‍💻

Did you find this article valuable?

Support Dheeraj Choudhary by becoming a sponsor. Any amount is appreciated!

See recent sponsors Learn more about Hashnode Sponsors
 
Share this