How to create an AWS EC2 instance in CloudFormation

3 min read 730 words

Table of Contents

Create an EC2 Instance in CloudFormation

If you need to create an EC2 instance in CloudFormation, then you can do the following:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234

You can set the Instance Name as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver

You can Enable Monitoring as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      Monitoring: true
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver

You can add Termination Protection as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      DisableApiTermination: true
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      Monitoring: true
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver

How to Increase the Root Volume Size

You can Increase the Root Volume Size as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 24
            VolumeType: gp2
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234

Storage in CloudFormation EC2 Instances

You can Add Additional Instance Storage as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 24
            VolumeType: gp2
        -
          DeviceName: "/dev/sdf"
          Ebs:
            VolumeSize: 64
            VolumeType: gp2
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234

You can Attach an Instance Volume as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:      
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
      Volumes:
        -
          Device: "/dev/sdf"
          VolumeId: !Ref LogVolume

  LogVolume:
    Type: AWS::EC2::Volume
    DeletionPolicy: Snapshot
    Properties:
      AvailabilityZone: us-east-1a
      Size: 24
      Tags:
        -
          Key: Name
          Value: web-log-volume
      VolumeType: gp2

Security Groups in EC2 Instances with CloudFormation

You can Setup a Security Group as follows:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234

Another example:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        -
          IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0

Another example:

AWSTemplateFormatVersion: "2010-09-09"
Resources:  
  DatabaseSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Database server
      GroupName: database     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: sg-abc01234

Another example using referencing:

AWSTemplateFormatVersion: "2010-09-09"
Resources:  
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  DatabaseSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Database server
      GroupName: database     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref WebSecurityGroup

Self referencing a Security Group:

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  SwarmSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Swarm server
      GroupName: swarm
      VpcId: vpc-abc01234

  SwarmIngress1:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: tcp
      FromPort: 2377
      ToPort: 2377
      SourceSecurityGroupId: !Ref SwarmSecurityGroup

  SwarmIngress2:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: tcp
      FromPort: 7946
      ToPort: 7946
      SourceSecurityGroupId: !Ref SwarmSecurityGroup

  SwarmIngress3:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: udp
      FromPort: 7946
      ToPort: 7946
      SourceSecurityGroupId: !Ref SwarmSecurityGroup
  
  SwarmIngress4:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SwarmSecurityGroup
      IpProtocol: udp
      FromPort: 4789
      ToPort: 4789
      SourceSecurityGroupId: !Ref SwarmSecurityGroup

Attaching a Security group to an Instance

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - !Ref WebSecurityGroup
      SubnetId: subnet-abc01234

Using an Elastic IP

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      SecurityGroupIds:
        - sg-abc01234
      SubnetId: subnet-abc01234
  
  WebElasticIp:
    Type: AWS::EC2::EIP
    Properties:
      InstanceId: !Ref WebInstance
      Domain: vpc

Using it all together in a single template

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  
  ## Security group for WebInstance enabling port 80
  ## from all IP addresses
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Web server
      GroupName: web     
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
 
  ## EC2 Instance with a custom security group
  ## and a larger root instance device
  ## and an externally created EBS volume attached
  WebInstance:
    Type: AWS::EC2::Instance
    Properties:
      BlockDeviceMappings:
        -
          DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 24
            VolumeType: gp2
      InstanceType: t2.nano
      ImageId: ami-80861296
      KeyName: my-key
      Monitoring: true
      SecurityGroupIds:
        - !Ref WebSecurityGroup
      SubnetId: subnet-abc01234
      Tags:
        -
          Key: Name
          Value: webserver
      Volumes:
        -
          Device: "/dev/sdf"
          VolumeId: !Ref LogVolume
  
  ## EBS Volume for storing web logs
  LogVolume:
    Type: AWS::EC2::Volume
    DeletionPolicy: Snapshot
    Properties:
      AvailabilityZone: us-east-1a
      Size: 64
      Tags:
        -
          Key: Name
          Value: web-log-volume
      VolumeType: gp2

  ## Attach EIP to the instance
  WebElasticIp:
    Type: AWS::EC2::EIP
    Properties:
      InstanceId: !Ref WebInstance
      Domain: vpc
Tags:
Andrew
Andrew

Andrew is a visionary software engineer and DevOps expert with a proven track record of delivering cutting-edge solutions that drive innovation at Ataiva.com. As a leader on numerous high-profile projects, Andrew brings his exceptional technical expertise and collaborative leadership skills to the table, fostering a culture of agility and excellence within the team. With a passion for architecting scalable systems, automating workflows, and empowering teams, Andrew is a sought-after authority in the field of software development and DevOps.

Tags