-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcfn.yml
167 lines (166 loc) · 4.67 KB
/
cfn.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
AWSTemplateFormatVersion: 2010-09-09
Parameters:
AllowedIP:
Type: String
Default: '8.8.8.0/24'
Description: CIDR of allowed access to EC2 instance
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.1.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
DependsOn: VPC
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.1.10.0/24
AvailabilityZone: !Select [ 0, !GetAZs '' ]
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Public-A
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.1.50.0/24
AvailabilityZone: !Select [ 0, !GetAZs '']
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-Private-A
# Some route tables for our subnets:
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public
PublicRoute1: # Public route table has direct routing to IGW:
Type: AWS::EC2::Route
DependsOn: AttachGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private
PrivateRoute1:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGateway
PublicSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetA
RouteTableId: !Ref PublicRouteTable
PrivateSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetA
RouteTableId: !Ref PrivateRouteTable
NATGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt ElasticIPAddress.AllocationId
SubnetId: !Ref PublicSubnetA
Tags:
- Key: Name
Value: !Sub NAT-${AWS::StackName}
ElasticIPAddress:
Type: AWS::EC2::EIP
Properties:
Domain: VPC
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
DependsOn: AttachGateway
Properties:
GroupName: !Sub EC2SecurityGroup-${AWS::StackName}
GroupDescription: Enable internal access to the NAT device
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref AllowedIP
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: '0'
ToPort: '65535'
CidrIp: 0.0.0.0/0
- IpProtocol: udp
FromPort: '0'
ToPort: '65535'
CidrIp: 0.0.0.0/0
EC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: !FindInMap [ AmazonLinuxAMI, !Ref "AWS::Region", AMI]
NetworkInterfaces:
- DeviceIndex: '0'
SubnetId: !Ref PrivateSubnetA
AssociatePublicIpAddress: False
GroupSet: [!Ref EC2SecurityGroup]
SourceDestCheck: false
Tags:
- Key: Name
Value: !Sub NAT-${AWS::StackName}'
Outputs:
VPC:
Description: VPC of the base network
Value: !Ref VPC
Export:
Name: !Sub ${AWS::StackName}-VPC
PublicSubnetA:
Description: First Public Subnet
Value: !Ref PublicSubnetA
Export:
Name: !Sub ${AWS::StackName}-PublicSubnetA
PrivateSubnetA:
Description: First Private Subnet
Value: !Ref PrivateSubnetA
Export:
Name: !Sub ${AWS::StackName}-PrivateSubnetA
Mappings:
# This is the Amazon Linux 2 AMI. Adjust these values as needed, they can change a few times per year:
AmazonLinuxAMI:
us-east-1:
AMI: ami-04681a1dbd79675a5 # N Virginia
us-east-2:
AMI: ami-0cf31d971a3ca20d6 # Ohio
us-west-1:
AMI: ami-0782017a917e973e7 # N California
us-west-2:
AMI: ami-6cd6f714 # Oregon
eu-west-1:
AMI: ami-0bdb1d6c15a40392c # Ireland
eu-central-1:
AMI: ami-0f5dbc86dd9cbf7a8 # Frankfurt
sa-east-1:
AMI: ami-0ad7b0031d41ed4b9 # Sao Paulo
ap-southeast-1:
AMI: ami-01da99628f381e50a # Singaport
ap-southeast-2:
AMI: ami-00e17d1165b9dd3ec # Sydney
ap-northeast-1:
AMI: ami-08847abae18baa040 # Tokyo