CloudFormation examples
In the CloudFormation example I provided, there's no Mappings section. Let me add an example of a Mappings section that's commonly tested in SAA-C03:
Mappings:
RegionMap:
us-east-1:
AMI: "ami-0b5eea76982371e91"
InstanceType: "t2.micro"
us-west-2:
AMI: "ami-0ceecbb0f30a902a8"
InstanceType: "t2.micro"
eu-west-1:
AMI: "ami-0d71ea30463e0ff8d"
InstanceType: "t2.micro"
EnvironmentMap:
dev:
InstanceType: "t2.micro"
MultiAZ: false
prod:
InstanceType: "t2.small"
MultiAZ: trueTo use these mappings, you would reference them like this:
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref 'AWS::Region', AMI]
InstanceType: !FindInMap [RegionMap, !Ref 'AWS::Region', InstanceType]The key things to remember about Mappings for the exam:
They provide a way to declare conditional values based on region, environment, etc.
Use
!FindInMapintrinsic function to retrieve valuesCommon uses include:
Region-specific AMI IDs
Instance types per environment
Configuration settings based on environment type
Different settings for different AWS regions
Other examples
# 1. Basic VPC Setup
Resources:
MyVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: MyVPC
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
# 2. EC2 Instance with Security Group
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP and SSH
VpcId: !Ref MyVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
WebServerInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-0123456789abcdef0 # Replace with actual AMI ID
SubnetId: !Ref PublicSubnet1
SecurityGroupIds:
- !Ref WebServerSecurityGroup
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
# 3. S3 Bucket with Lifecycle Policy
DataBucket:
Type: AWS::S3::Bucket
Properties:
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: TransitionToIA
Status: Enabled
Transitions:
- TransitionInDays: 90
StorageClass: STANDARD_IA
# 4. Auto Scaling Group with Launch Template
WebServerLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateData:
InstanceType: t2.micro
ImageId: ami-0123456789abcdef0
SecurityGroupIds:
- !Ref WebServerSecurityGroup
WebServerASG:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
VPCZoneIdentifier:
- !Ref PublicSubnet1
LaunchTemplate:
LaunchTemplateId: !Ref WebServerLaunchTemplate
Version: !GetAtt WebServerLaunchTemplate.LatestVersionNumber
MinSize: 1
MaxSize: 3
DesiredCapacity: 2
# 5. Application Load Balancer
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Subnets:
- !Ref PublicSubnet1
SecurityGroups:
- !Ref WebServerSecurityGroup
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 80
Protocol: HTTP
DefaultActions:
- Type: forward
TargetGroupArn: !Ref ALBTargetGroup
# 6. RDS Instance with Multi-AZ
DatabaseInstance:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceClass: db.t3.micro
Engine: mysql
MultiAZ: true
StorageType: gp2
AllocatedStorage: 20
MasterUsername: admin
MasterUserPassword: !Ref DBPassword
VPCSecurityGroups:
- !Ref DBSecurityGroup
Parameters:
DBPassword:
Type: String
NoEcho: true
MinLength: 8
Description: Database admin password
Outputs:
VPCId:
Description: VPC ID
Value: !Ref MyVPC
LoadBalancerDNS:
Description: DNS Name of the Application Load Balancer
Value: !GetAtt ApplicationLoadBalancer.DNSNameLast updated
Was this helpful?