AWS-STL-Meetup-12.yaml

# Add a NAT Gateway

Parameters:
  VpcCidr:
    Default: 10.10.0.0/16
    Type: String

  PublicSubnetCidr:
    Default: 10.10.0.0/24
    Type: String

  PrivateSubnetCidr:
    Default: 10.10.1.0/24
    Type: String

  ImageId:
    Default: ami-0d8f6eb4f641ef691
    Type: String

  InstanceType:
    Default: t3.micro
    Type: String

  KeyName:
    Default: AWS-STL-Meetup
    Type: String

  WebInstanceIp:
    Default: 10.10.0.10
    Type: String

  BackendInstanceIp:
    Default: 10.10.1.10
    Type: String

Resources:
  Vpc:
    Type: "AWS::EC2::VPC"
    Properties: 
      CidrBlock: !Ref VpcCidr

  InternetGateway:
    Type: "AWS::EC2::InternetGateway"

  InternetGatewayAttachment:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties: 
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref Vpc

  NatGatewayElasticIp:
    Type: "AWS::EC2::EIP"
  
  NatGateway:
    Type: "AWS::EC2::NatGateway"
    Properties: 
      AllocationId: !Ref NatGatewayElasticIp
      SubnetId: !Ref PublicSubnet

  PublicSubnet:
    Type: "AWS::EC2::Subnet"
    Properties: 
      CidrBlock: !Ref PublicSubnetCidr
      VpcId: !Ref Vpc

  PublicSubnetRouteTable:
    Type: "AWS::EC2::RouteTable"
    Properties: 
      VpcId: !Ref Vpc

  PublicSubnetRouteTableAssociation:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties: 
      RouteTableId: !Ref PublicSubnetRouteTable
      SubnetId: !Ref PublicSubnet

  PublicSubnetDefaultRoute:
    Type: "AWS::EC2::Route"
    Properties: 
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
      RouteTableId: !Ref PublicSubnetRouteTable

  PrivateSubnet:
    Type: "AWS::EC2::Subnet"
    Properties: 
      CidrBlock: !Ref PrivateSubnetCidr
      VpcId: !Ref Vpc

  PrivateSubnetRouteTable:
    Type: "AWS::EC2::RouteTable"
    Properties: 
      VpcId: !Ref Vpc

  PrivateSubnetRouteTableAssociation:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties: 
      RouteTableId: !Ref PrivateSubnetRouteTable
      SubnetId: !Ref PrivateSubnet

  WebSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties: 
      GroupDescription: Web Security Group
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          FromPort: 80
          IpProtocol: tcp
          ToPort: 80
        - CidrIp: 0.0.0.0/0
          FromPort: -1
          IpProtocol: icmp
          ToPort: -1
      VpcId: !Ref Vpc

  WebInstance:
    Type: "AWS::EC2::Instance"
    Properties: 
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SecurityGroupIds: 
        - !Ref WebSecurityGroup
      SubnetId: !Ref PublicSubnet
      PrivateIpAddress: !Ref WebInstanceIp
      UserData:
        Fn::Base64:
          !Sub |
              #!/bin/bash
              amazon-linux-extras install nginx1.12
              service nginx start
              chkconfig nginx on

  WebInstanceElasticIp:
    Type: "AWS::EC2::EIP"
    Properties:
      InstanceId: !Ref WebInstance

  BackendSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties: 
      GroupDescription: Backend Security Group
      SecurityGroupIngress:
        - SourceSecurityGroupId: !Ref WebSecurityGroup
          FromPort: 80
          IpProtocol: tcp
          ToPort: 80
      VpcId: !Ref Vpc

  BackendInstance:
    Type: "AWS::EC2::Instance"
    Properties: 
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SecurityGroupIds: 
        - !Ref BackendSecurityGroup
      SubnetId: !Ref PrivateSubnet
      PrivateIpAddress: !Ref BackendInstanceIp