Last active
March 13, 2021 19:03
-
-
Save AHaydar/c0e60b68f38e980c87ca8cc355627a7b to your computer and use it in GitHub Desktop.
CloudFormation template to create a secure VPC, Subnets, Bastion Host, and a VM within the private subnet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: Custom vpc, subnets, route table. | |
Parameters: | |
KeyName: | |
Description: EC2 KeyPair | |
Type: AWS::EC2::KeyPair::KeyName | |
Resources: | |
VPC: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: 192.168.0.0/16 | |
EnableDnsSupport: true | |
EnableDnsHostnames: true | |
Tags: | |
- Key: Name | |
Value: awesome-vpc | |
InternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Name | |
Value: awesome-internet-gateway | |
VpcInternetGatewayAttachment: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
VpcId: !Ref VPC | |
InternetGatewayId: !Ref InternetGateway | |
SubnetPrivate: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
AvailabilityZone: !Select [ 0, !GetAZs '' ] | |
CidrBlock: 192.168.0.0/17 | |
Tags: | |
- Key: Name | |
Value: subnet-private | |
SubnetPublic: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
AvailabilityZone: !Select [ 0, !GetAZs '' ] | |
CidrBlock: 192.168.128.0/17 | |
Tags: | |
- Key: Name | |
Value: subnet-public | |
RouteTablePublic: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: route-table-public | |
RouteTableAssociationSubnetPublic: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
SubnetId: !Ref SubnetPublic | |
RouteTableId: !Ref RouteTablePublic | |
RouteTableDefaultPublic: | |
Type: AWS::EC2::Route | |
DependsOn: VpcInternetGatewayAttachment | |
Properties: | |
RouteTableId: !Ref RouteTablePublic | |
DestinationCidrBlock: '0.0.0.0/0' | |
GatewayId: !Ref InternetGateway | |
NatGatewayEIP: | |
Type: AWS::EC2::EIP | |
DependsOn: VpcInternetGatewayAttachment | |
Properties: | |
Domain: vpc | |
NatGateway: | |
Type: AWS::EC2::NatGateway | |
Properties: | |
AllocationId: !GetAtt NatGatewayEIP.AllocationId | |
SubnetId: !Ref SubnetPublic | |
RouteTablePrivate: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: route-table-private | |
RouteTableAssociationSubnetPrivate: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
SubnetId: !Ref SubnetPrivate | |
RouteTableId: !Ref RouteTablePrivate | |
RouteTableDefaultPrivate: | |
Type: AWS::EC2::Route | |
Properties: | |
RouteTableId: !Ref RouteTablePrivate | |
DestinationCidrBlock: '0.0.0.0/0' | |
NatGatewayId: !Ref NatGateway | |
AwesomeEC2Instance: | |
Type: AWS::EC2::Instance | |
Properties: | |
InstanceType: t2.micro | |
ImageId: ami-0947d2ba12ee1ff75 | |
Tags: | |
- Key: Name | |
Value: Private Instance | |
KeyName: !Ref KeyName | |
NetworkInterfaces: | |
- AssociatePublicIpAddress: true | |
DeviceIndex: 0 | |
GroupSet: | |
- !Ref AwesomeSecurityGroup | |
SubnetId: !Ref SubnetPrivate | |
AwesomeSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupDescription: Enable SSH access via port 22 | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 22 | |
ToPort: 22 | |
CidrIp: 0.0.0.0/0 | |
BastionHostEC2Instance: | |
Type: AWS::EC2::Instance | |
Properties: | |
InstanceType: t2.micro | |
ImageId: ami-0947d2ba12ee1ff75 | |
Tags: | |
- Key: Name | |
Value: Bastion Host | |
KeyName: !Ref KeyName | |
NetworkInterfaces: | |
- AssociatePublicIpAddress: true | |
DeviceIndex: 0 | |
GroupSet: | |
- !Ref AwesomeSecurityGroup | |
SubnetId: | |
!Ref SubnetPublic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment