How to create an AWS EC2 instance in CloudFormation

Andrew Sep 20, 2022 AWS , CLI
3 min read 730 words

Table of Contents

Create an EC2 Instance in CloudFormation

If you need to create an EC2 instance in CloudFormation, then you can do the following:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234

You can set the Instance Name as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver

You can Enable Monitoring as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      Monitoring: true
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver

You can add Termination Protection as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      DisableApiTermination: true
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      Monitoring: true
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver

How to Increase the Root Volume Size

You can Increase the Root Volume Size as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 24
            VolumeType: gp2
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234

Storage in CloudFormation EC2 Instances

You can Add Additional Instance Storage as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 24
            VolumeType: gp2
        -
          DeviceName: "/dev/sdf"
          Ebs:
            VolumeSize: 64
            VolumeType: gp2
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234

You can Attach an Instance Volume as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:      
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Volumes:
        -
          Device: "/dev/sdf"
          VolumeId: !Ref LogVolume

  LogVolume:
    Type: AWS::EC2::Volume
    DeletionPolicy: Snapshot
    Properties:
      AvailabilityZone: us-east-1a
      Size: 24
      Tags:
        -
          Key: Name
          Value: web-log-volume
      VolumeType: gp2

Security Groups in EC2 Instances with CloudFormation

You can Setup a Security Group as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234

Another example:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        -
          IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0

Another example:

AWSTemplateFormatVersion: "2010-09-09"
Resources:  
  DatabaseSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Database server
      GroupName: database     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: sg-abc01234

Another example using referencing:

AWSTemplateFormatVersion: "2010-09-09"
Resources:  
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  DatabaseSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Database server
      GroupName: database     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref WebSecurityGroup

Self referencing a Security Group:

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  SwarmSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Swarm server
      GroupName: swarm
      VpcId: vpc-abc01234

  SwarmIngress1:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: tcp
      FromPort: 2377
      ToPort: 2377
      SourceSecurityGroupId: !Ref SwarmSecurityGroup

  SwarmIngress2:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: tcp
      FromPort: 7946
      ToPort: 7946
      SourceSecurityGroupId: !Ref SwarmSecurityGroup

  SwarmIngress3:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: udp
      FromPort: 7946
      ToPort: 7946
      SourceSecurityGroupId: !Ref SwarmSecurityGroup
  
  SwarmIngress4:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: udp
      FromPort: 4789
      ToPort: 4789
      SourceSecurityGroupId: !Ref SwarmSecurityGroup

Attaching a Security group to an Instance

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - !Ref WebSecurityGroup
      SubnetId: subnet-abc01234

Using an Elastic IP

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
  
  WebElasticIp:
    Type: AWS::EC2::EIP
    Properties:
      InstanceId: !Ref WebInstance
      Domain: vpc

Using it all together in a single template

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  
  ## Security group for WebInstance enabling port 80
  ## from all IP addresses
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
 
  ## EC2 Instance with a custom security group
  ## and a larger root instance device
  ## and an externally created EBS volume attached
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 24
            VolumeType: gp2
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      Monitoring: true
      SecurityGroupIds:
        - !Ref WebSecurityGroup
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver
      Volumes:
        -
          Device: "/dev/sdf"
          VolumeId: !Ref LogVolume
  
  ## EBS Volume for storing web logs
  LogVolume:
    Type: AWS::EC2::Volume
    DeletionPolicy: Snapshot
    Properties:
      AvailabilityZone: us-east-1a
      Size: 64
      Tags:
        -
          Key: Name
          Value: web-log-volume
      VolumeType: gp2

  ## Attach EIP to the instance
  WebElasticIp:
    Type: AWS::EC2::EIP
    Properties:
      InstanceId: !Ref WebInstance
      Domain: vpc
Tags:
Andrew
Andrew

Andrew is a visionary software engineer and DevOps expert with a proven track record of delivering cutting-edge solutions that drive innovation at Ataiva.com. As a leader on numerous high-profile projects, Andrew brings his exceptional technical expertise and collaborative leadership skills to the table, fostering a culture of agility and excellence within the team. With a passion for architecting scalable systems, automating workflows, and empowering teams, Andrew is a sought-after authority in the field of software development and DevOps.

Related Articles

How to Run Commands on an AWS ECS Cluster Task or Container

Sep 19, 2022 • 0 min read

How to Run Commands on an AWS ECS Cluster Task or Container

AWS CLI
How to Enable ContainerInsights on AWS ECS from the AWS CLI

Sep 17, 2022 • 0 min read

How to Enable ContainerInsights on AWS ECS from the AWS CLI

AWS CLI
AppMesh and ECS with Imported ACM certificates on Envoy Sidecar through EFS

Sep 16, 2022 • 5 min read

AppMesh and ECS with Imported ACM certificates on Envoy Sidecar through EFS

AWS CLI Linux
How to Increase the disk size on a Cloud9 instance

Sep 15, 2022 • 0 min read

How to Increase the disk size on a Cloud9 instance

AWS CLI
How to Get the Instance Profile attached to an AWS EC2

Sep 14, 2022 • 0 min read

How to Get the Instance Profile attached to an AWS EC2

AWS CLI

Tags

Actionscript
Advertising
Agile
Ai
Ai compliance
Ai ethics
Ai governance
Ai regulation
Ai risk management
Aiops
Alerting
Algorithms
Android
Angular
Ansible
API
API design
API gateway
API security
Architecture
Argocd
Artificial intelligence
Assemblyscript
Audio
Authentication
Authorization
Automation
Autonomous systems
Aws
Aws lambda
Aws optimization
Azure
Azure functions
Bash
Best practices
Big data
Biometrics
Blockchain
Business process management
C
C
Caching
Carbon footprint
Case study
Cdk
Chaos engineering
Chef
Ci cd
Cicd
Citizen developers
CLI
Cloud
Cloud architecture
Cloud costs
Cloud efficiency
Cloud management
Cloud native
Cloud networking
Cloud waste
Cloudformation
Code organization
Compliance
Computer vision
Concurrency
Connectivity
Consensus algorithms
Container security
Containerization
Containers
Cost management
Cost optimization
Cryptocurrency
Cryptography
Css
Dashboards
Data engineering
Data partitioning
Data structures
Database scaling
Databases
Datadog
Deployment
Developer experience
Devops
Devsecops
Digital transformation
Discovery
Distributed
Distributed systems
Distributed tracing
Docker
Domains
Dsp
Dynatrace
Edge computing
Eks
Elastic
Embedded systems
Energy efficiency
Enterprise architecture
Enterprise technology
Envoy
Error handling
Event driven architecture
Excel
Explainable ai
Facilitation
Fault tolerance
Ffi
Finops
Firebase
Flux
Forensics
Gcp
General
Git
Github actions
Gitops
Go
Google cloud functions
Governance
Graal
Grafana
Graphql
Green computing
Growth
High availability
Hosting
HTML
Hybrid architecture
Iac
Ide
Image processing
Incident management
Infrastructure
Infrastructure as code
Input validation
Interoperability
Interview
Iot
Istio
Java
Javascript
Jenkins
JWT
Kotlin
Kubernetes
Lifetimes
Linux
Llm
Logging
Low code
MAC
Machine learning
Macros
Mariadb
Maths
Maven
Memory management
Memory safety
Metaprogramming
Metrics
Microservices
Misc
Ml
Mlops
Model deployment
Model governance
Model monitoring
Modules
Monitoring
Monolith
Music
Mysql
Network design
Networking
New relic
Nexus
No code
Node
Nosql
Npm
Oauth
Observability
On call
Opentelemetry
Optimization
Owasp API
Pandas
Parallelism
Pattern matching
Performance
Performance optimization
Performance tuning
Php
Pip
Platform
Pod security
Portable execution
Postmortems
Powershell
Production
Programming
Prometheus
Pulumi
Puppet
Python
Quantum advantage
Quantum algorithms
Quantum computing
Quantum strategy
Quantum use cases
Quantum ready
Rapid application development
Rate limiting
React
Real time
Reliability
Replication
Requirements gathering
Resilience
Resource optimization
Responsible ai
Rest
Robotics
Ruby
Rust
S3
Scalability
Scaling
Secrets management
Security
Seo
Serverless
Service mesh
Setup
Shadow it
Sharding
Simulation
Sli
Slo
Slos
Smart contracts
Software
Spring
SQL
Sre
SSH
Ssl
Standard library
Startup
Startups
System design
Technical planning
Terraform
Testing
Traits
Type systems
Typescript
Ubuntu
Vpc
Wasi
Wasm
Web3
Webassembly
Windows
Wsl
Zero trust

Recent Posts