AWS News Blog

AWS CloudFormation – Additional VPC Support and New Templates

AWS CloudFormation lets you create and manage a collection of AWS resources (EC2 instances, Elastic IP addresses, RDS DB Instances, and much more), provisioning and updating them in an orderly and predictable fashion.

CloudFormation lets you describe stacks of related resources using a template. The template can include runtime parameters, allowing you to customize each stack as you create it. CloudFormation automatically creates resources in dependency-based order; you simply tell it which resources you need and how you want them to be configured and it will take care of the details.

Last year we gave CloudFormation the power to create entire Virtual Private Clouds (VPCs). Today we are improving that relationship by adding support for a number of new VPC features including public IP addresses, multiple private IP addresses, DNS, static routing, and Elastic IP address association. We have added support for the use of ElastiCache within a VPC and we are also publishing five new CloudFormation templates that you can use to learn more about CloudFormation and how it works with the VPC.

Let’s take a closer look…

VPC Feature Support
With today’s releases, CloudFormation templates can now make use of the latest and greatest VPC features.

Public IP Addresses for EC2 Instances – The AWS::EC2::Instance resource can now request assignment of a public IP address when the instance is launched by setting the AssociatePublicIpAddress property to “true.”

Multiple Private IP Addresses for EC2 Instances – The AWS::EC2::NetworkInterface resource can now request multiple private IP addresses by using the PrivateIpAddresses property.

DNS Support and DNS Hostnames – The EnableDnsSupport property of an AWS::EC2::VPC resource can be set to “false” to disable the built-in DNS resolution within a VPC. The EnableDnsHostnames property can be set to “true” to ask the VPC to assign DNS hostnames to EC2 instances at launch time.

Static Routing for VPN Connections – You can now create VPN connections that use static routes by setting the StaticRoutesOnly property of the AWS::EC2::VPNConnection to “true.” This option can be useful if you can’t or don’t want to use BGP in your on-premises network (see my blog post on Additional VPC Features for more information).

Private IP Attachment – You can now attach an Elastic IP Address to any of the private IP addresses associated with the Elastic Network Interface of an EC2 instance using the AWS::EC2::EIPAssociation resource.

Elastic Network Interface – You can now use the AWS::EC2::NetworkInterfaceAttachment resource to attach an Elastic Network Interface to an EC2 instance in a VPC.

New VPC Templates
We have published four new templates to help you to get started with CloudFormation and the Virtual Private Cloud. I have included some excerpts from each template in order to give you some insight into how to make use of these new features.

VPC ElastiCache Cluster – This template creates a 5 to 10 node ElastiCache cluster that resides in two or more VPC subnets, along with an EC2 instance that contains a sample PHP program to locate (via auto-discovery), access and exercise the cluster.

"CacheCluster" : {      "Type": "AWS::ElastiCache::CacheCluster",      "Properties": {          "CacheSubnetGroupName"    : { "Ref" : "CacheSubnetGroup" },          "CacheNodeType"                : { "Ref" : "CacheNodeType" },          "CacheSecurityGroupNames" : [ { "Ref" : "CacheSecurityGroup" } ],          "Engine"                             : "memcached",          "NumCacheNodes"               : { "Ref" : "NumberOfCacheNodes" }      }  },  

VPC Multi-Tier With Public IPs and DNS – This template creates a multi-tier VPC with multiple subnets and automatic public IP association and DNS support. The first subnet is public and contains a NAT device for internet access from the private subnet and a Bastion host to allow SSH access to the hosts in the private subnet.

"PublicSubnet" : {      "Type" : "AWS::EC2::Subnet",      "Properties" : {          "VpcId" : { "Ref" : "VPC"},          "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]},          "Tags" : [              { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },              { "Key" : "Network", "Value" : "Public" }          ]      }  },  

VPC EC2 Instance With Multiple Static IP Addresses – This template creates an EC2 instance with a single network interface and multiple static IP addresses in an existing VPC.

"Eth0" : {      "Type" : "AWS::EC2::NetworkInterface",      "Properties" : {          "Description"       : "eth0",          "GroupSet"          : [ { "Ref" : "SSHSecurityGroup" } ],          "PrivateIpAddresses": [             { "PrivateIpAddress" : { "Ref" : "PrimaryIPAddress" }, "Primary" : "true" },             { "PrivateIpAddress" : { "Ref" : "SecondaryIPAddress" }, "Primary" : "false" }],          "SourceDestCheck"   : "true",          "SubnetId"          : { "Ref" : "SubnetId" },          "Tags"                : [ {"Key" : "Name", "Value" : "Interface 1"}, {"Key" : "Interface", "Value" : "eth0"}]       }    }  },  

VPC EC2 Instance With Multiple Dynamic IP Addresses – This template creates an EC2 instance with a single network interface and multiple dynamic IP addresses in an existing VPC.

"EIPAssoc1" : {      "Type" : "AWS::EC2::EIPAssociation",      "Properties" : {          "NetworkInterfaceId" : { "Ref"  : "Eth0" },          "AllocationId" : {"Fn::GetAtt" : ["EIP1", "AllocationId"] },          "PrivateIpAddress" : {"Fn::Select" : [ "0", { "Fn::GetAtt" : ["Eth0", "PrimaryPrivateIPAddresses" ]}]}      }  },  

VPC With VPN Connection – This template creates a private subnet with a VPN connection using static routing to an existing VPN endpoint.

"VPNConnection" : {      "Type" : "AWS::EC2::VPNConnection",      "Properties" : {          "Type" : "ipsec.1",          "StaticRoutesOnly" : "true",          "CustomerGatewayId" : {"Ref" : "CustomerGateway"},          "VpnGatewayId" : { "Ref" : "VPNGateway" }      }  },  

Other CloudFormation Features to Check Out
The features that I described above are just a few of the enhancements that we have made to CloudFormation in the last couple of months. We have also added support for Parallel Stack Processing and Nested Stack Updates, access to the AWS GovCloud (US), and support for ElastiCache running Redis.

Go For It
The new features and the new templates are available today and you can start using them now. You may want to check out our complete collection of CloudFormation templates (the linked templates are for the US East (Northern Virginia) Region; you can find the templates for the other AWS Regions here) and the CloudFormation documentation, including the User Guide.

— Jeff;