Skip to content

Instantly share code, notes, and snippets.

@PaulDuvall

PaulDuvall/ecs-pipeline-zerojenkins.json

Last active December 30, 2016 16:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save PaulDuvall/2ed66837fc82a934c54cd4b0756a5c5e to your computer and use it in GitHub Desktop.
Save PaulDuvall/2ed66837fc82a934c54cd4b0756a5c5e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ecs-pipeline-zerojenkins.json
{
"Description":"Automate provisioning of ECS using CodeBuild with CodePipeline, and CodeCommit. **WARNING** This template creates one or more Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
"AWSTemplateFormatVersion":"2010-09-09",
"Parameters":{
"Owner":{
"Description":"Enter Team or Individual Name Responsible for the Stack.",
"Type":"String",
"Default":"FirstName LastName"
},
"Project":{
"Description":"Enter Project Name.",
"Type":"String",
"Default":"VPC Creation"
},
"DeleteAfter":{
"Description":"Enter Date (MM/DD/YYYY). It's Ok to Delete the Stack or 'Never' if meant to be persistent.",
"Type":"String",
"Default":"00/00/201x"
},
"VPCSubnetCidrBlock":{
"Description":"Enter VPC CIDR Block. (i.e. 10.0.0.0/16 = 10.0.0.0-10.0.255.255 = 256 Subnets - 65534 hosts)",
"Type":"String",
"Default":"10.0.0.0/16",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"AvailabilityZone1":{
"Description":"Enter Availability Zone 1 for Public and Private Subnets to use.",
"Type":"String",
"Default":"c",
"AllowedValues":[
"a",
"b",
"c",
"d",
"e",
"f"
]
},
"AvailabilityZone2":{
"Description":"Enter Availability Zone 1 for Public and Private Subnets to use.",
"Type":"String",
"Default":"d",
"AllowedValues":[
"a",
"b",
"c",
"d",
"e",
"f"
]
},
"AvailabilityZone3":{
"Description":"Enter Availability Zone 1 for Public and Private Subnets to use.",
"Type":"String",
"Default":"e",
"AllowedValues":[
"a",
"b",
"c",
"d",
"e",
"f"
]
},
"PublicSubnetCidrBlock1":{
"Description":"Enter Public Subnet 1 CIDR Block.",
"Type":"String",
"Default":"10.0.1.0/24",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"PublicSubnetCidrBlock2":{
"Description":"Enter Public Subnet 2 CIDR Block.",
"Type":"String",
"Default":"10.0.2.0/24",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"PublicSubnetCidrBlock3":{
"Description":"Enter Public Subnet 3 CIDR Block.",
"Type":"String",
"Default":"10.0.3.0/24",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"PrivateSubnetCidrBlock1":{
"Description":"Enter Private Subnet 1 CIDR Block.",
"Type":"String",
"Default":"10.0.4.0/24",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"PrivateSubnetCidrBlock2":{
"Description":"Enter Private Subnet 2 CIDR Block.",
"Type":"String",
"Default":"10.0.5.0/24",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"PrivateSubnetCidrBlock3":{
"Description":"Enter Private Subnet 3 CIDR Block.",
"Type":"String",
"Default":"10.0.6.0/24",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
},
"RemoteAccessNetwork":{
"Description":"Source Network IP CIDR Block such as an Office that can access instances say over VPN. (i.e. 192.168.100.0/24)",
"Type":"String",
"MinLength":"9",
"MaxLength":"18",
"Default":"192.168.100.0/24",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription":"must be a valid CIDR range of the form x.x.x.x/x."
},
"AllowHttpToPublicRuleNumber":{
"Description":"Enter Public Network ACL Rule Number to Allow HTTP From Internet to Public Network.",
"Type":"Number",
"Default":"100"
},
"AllowHttpsToPublicRuleNumber":{
"Description":"Enter Public Network ACL Rule Number to Allow HTTPS From Internet to Public Network.",
"Type":"Number",
"Default":"105"
},
"AllowReturnTrafficToPublicRuleNumber":{
"Description":"Enter Public Network ACL Rule Number to Allow Return Traffic From Internet to Public Network.",
"Type":"Number",
"Default":"110"
},
"AllowVpcSubnetsRuleNumber":{
"Description":"Enter Public Network ACL Rule Number to Allow All VPC Subnets Cross Access to Public Network.",
"Type":"Number",
"Default":"115"
},
"AllowAllOutboundPublicRuleNumber":{
"Description":"Enter Public Network ACL Rule Number to Allow All Outbound Traffic from the Public Network.",
"Type":"Number",
"Default":"100"
},
"AllowAllInboundPrivateRuleNumber":{
"Description":"Enter Private Network ACL Rule Number to Allow All Inbound Traffic.",
"Type":"Number",
"Default":"100"
},
"AllowAllOutboundPrivateRuleNumber":{
"Description":"Enter Private Network ACL Rule Number to Allow All Outbound Traffic.",
"Type":"Number",
"Default":"100"
},
"EmailAddress":{
"Description":"Email Address for sending SNS notifications for CodeCommit",
"Default":"paul.duvall@stelligent.com",
"Type":"String"
},
"EC2KeyPairName":{
"Description":"Name of an existing Amazon EC2 key pair to enable SSH access to the instances.",
"Type":"AWS::EC2::KeyPair::KeyName",
"MinLength":"1",
"MaxLength":"255",
"AllowedPattern":"[\\x20-\\x7E]*",
"ConstraintDescription":"Can contain only ASCII characters."
},
"S3ArtifactObject":{
"Type":"String",
"Default":"public/jenkins/aws-codepipeline-s3-aws-codedeploy-linux-pmd.zip",
"Description":"Application artfiact name in S3."
},
"S3ArtifactBucket":{
"Type":"String",
"Default":"stelligent-training-public",
"Description":"Name of the bucket that the application artifact will be based in."
},
"YourIP":{
"Description":"IP address to connect to SSH from. Check http://checkip.amazonaws.com/ to find yours.",
"Type":"String",
"Default":"99.99.99.99/32",
"MinLength":"10",
"MaxLength":"18",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x."
},
"RepositoryName":{
"Description":"The name of the CodeCommit repo",
"Type":"String",
"Default":"ecs-demo",
"AllowedPattern":"[\\x20-\\x7E]*",
"ConstraintDescription":"Can contain only ASCII characters."
},
"RepositoryBranch":{
"Description":"The name of the branch for the CodeCommit repo",
"Type":"String",
"Default":"master",
"AllowedPattern":"[\\x20-\\x7E]*",
"ConstraintDescription":"Can contain only ASCII characters."
},
"ECSRepoName":{
"Type":"String",
"Default":"pmd-ecr-1240",
"Description":"The name of the ECR Repo"
},
"ImageTag":{
"Type":"String",
"Description":"The version of the image tag",
"Default":"latest"
},
"DesiredCapacity":{
"Type":"Number",
"Default":"1",
"Description":"Number of instances to launch in your ECS cluster"
},
"MaxSize":{
"Type":"Number",
"Default":"1",
"Description":"Maximum number of instances that can be launched in your ECS cluster"
},
"InstanceType":{
"Description":"The EC2 instance type",
"Type":"String",
"Default":"m3.xlarge",
"AllowedValues":[
"t2.micro",
"t2.small",
"t2.medium",
"m3.medium",
"m3.large",
"m3.xlarge",
"m3.2xlarge",
"c3.large",
"c3.xlarge",
"c3.2xlarge",
"c3.4xlarge",
"c3.8xlarge",
"c4.large",
"c4.xlarge",
"c4.2xlarge",
"c4.4xlarge",
"c4.8xlarge",
"r3.large",
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge",
"r3.8xlarge",
"i2.xlarge",
"i2.2xlarge",
"i2.4xlarge",
"i2.8xlarge",
"d2.xlarge",
"d2.2xlarge",
"d2.4xlarge",
"d2.8xlarge",
"hi1.4xlarge",
"hs1.8xlarge",
"cr1.8xlarge",
"cc2.8xlarge"
],
"ConstraintDescription":"must be a valid EC2 instance type."
},
"SSHLocation":{
"Description":" The IP address range that can be used to SSH to the EC2 instances",
"Type":"String",
"MinLength":"9",
"MaxLength":"18",
"Default":"0.0.0.0/0",
"AllowedPattern":"(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings":{
"AWSInstanceType2Virt":{
"t2.micro":{
"Virt":"HVM"
},
"t2.small":{
"Virt":"HVM"
},
"t2.medium":{
"Virt":"HVM"
},
"t2.large":{
"Virt":"HVM"
}
},
"AWSInstanceType2EBSOpt":{
"t2.micro":{
"EBSOpt":"false"
},
"t2.small":{
"EBSOpt":"false"
},
"t2.medium":{
"EBSOpt":"false"
},
"t2.large":{
"EBSOpt":"false"
}
},
"AWSRegionVirt2AMI":{
"us-east-1":{
"HVM":"ami-8fcee4e5"
},
"us-west-2":{
"HVM":"ami-63b25203"
}
},
"AWSRegionToAMI":{
"us-east-1":{
"AMIID":"ami-2b3b6041"
},
"us-west-2":{
"AMIID":"ami-ac6872cd"
},
"eu-west-1":{
"AMIID":"ami-03238b70"
},
"ap-northeast-1":{
"AMIID":"ami-fb2f1295"
},
"ap-southeast-2":{
"AMIID":"ami-43547120"
},
"us-west-1":{
"AMIID":"ami-bfe095df"
},
"ap-southeast-1":{
"AMIID":"ami-c78f43a4"
},
"eu-central-1":{
"AMIID":"ami-e1e6f88d"
}
}
},
"Resources":{
"MyVPC":{
"Type":"AWS::EC2::VPC",
"Properties":{
"EnableDnsSupport":"true",
"EnableDnsHostnames":"true",
"CidrBlock":{
"Ref":"VPCSubnetCidrBlock"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Ref":"AWS::StackName"
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PublicSubnet1":{
"Type":"AWS::EC2::Subnet",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"AvailabilityZone":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::Region"
},
{
"Ref":"AvailabilityZone1"
}
]
]
},
"CidrBlock":{
"Ref":"PublicSubnetCidrBlock1"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-public-az1"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PublicSubnet2":{
"Type":"AWS::EC2::Subnet",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"AvailabilityZone":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::Region"
},
{
"Ref":"AvailabilityZone2"
}
]
]
},
"CidrBlock":{
"Ref":"PublicSubnetCidrBlock2"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-public-az2"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PublicSubnet3":{
"Type":"AWS::EC2::Subnet",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"AvailabilityZone":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::Region"
},
{
"Ref":"AvailabilityZone3"
}
]
]
},
"CidrBlock":{
"Ref":"PublicSubnetCidrBlock3"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-public-az3"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"InternetGateway":{
"Type":"AWS::EC2::InternetGateway",
"Properties":{
"Tags":[
{
"Key":"Name",
"Value":{
"Ref":"AWS::StackName"
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"GatewayToInternet":{
"Type":"AWS::EC2::VPCGatewayAttachment",
"DependsOn":[
"InternetGateway",
"MyVPC"
],
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"InternetGatewayId":{
"Ref":"InternetGateway"
}
}
},
"PublicRouteTable":{
"Type":"AWS::EC2::RouteTable",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-public"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PublicRoute":{
"Type":"AWS::EC2::Route",
"DependsOn":[
"PublicRouteTable",
"InternetGateway"
],
"Properties":{
"RouteTableId":{
"Ref":"PublicRouteTable"
},
"DestinationCidrBlock":"0.0.0.0/0",
"GatewayId":{
"Ref":"InternetGateway"
}
}
},
"PublicSubnetRouteTableAssociation1":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"DependsOn":[
"PublicSubnet1",
"PublicRouteTable"
],
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet1"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PublicSubnetRouteTableAssociation2":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"DependsOn":[
"PublicSubnet2",
"PublicRouteTable",
"GatewayToInternet"
],
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet2"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PublicSubnetRouteTableAssociation3":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"DependsOn":[
"PublicSubnet3",
"PublicRouteTable",
"GatewayToInternet"
],
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet3"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PrivateSubnet1":{
"Type":"AWS::EC2::Subnet",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"AvailabilityZone":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::Region"
},
{
"Ref":"AvailabilityZone1"
}
]
]
},
"CidrBlock":{
"Ref":"PrivateSubnetCidrBlock1"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-private-az1"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PrivateSubnet2":{
"Type":"AWS::EC2::Subnet",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"AvailabilityZone":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::Region"
},
{
"Ref":"AvailabilityZone2"
}
]
]
},
"CidrBlock":{
"Ref":"PrivateSubnetCidrBlock2"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-private-az2"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PrivateSubnet3":{
"Type":"AWS::EC2::Subnet",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"AvailabilityZone":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::Region"
},
{
"Ref":"AvailabilityZone3"
}
]
]
},
"CidrBlock":{
"Ref":"PrivateSubnetCidrBlock3"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-private-az3"
]
]
}
},
{
"Key":"Network",
"Value":"Private"
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PrivateRouteTable":{
"Type":"AWS::EC2::RouteTable",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-private"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"PrivateSubnetRouteTableAssociation1":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"DependsOn":[
"PrivateSubnet1",
"PrivateRouteTable"
],
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet1"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociation2":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"DependsOn":[
"PrivateSubnet2",
"PrivateRouteTable"
],
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet2"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"PrivateSubnetRouteTableAssociation3":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"DependsOn":[
"PrivateSubnet3",
"PrivateRouteTable"
],
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet3"
},
"RouteTableId":{
"Ref":"PrivateRouteTable"
}
}
},
"S3VpcEndpoint":{
"Type":"AWS::EC2::VPCEndpoint",
"DependsOn":[
"MyVPC",
"PrivateRouteTable",
"PublicRouteTable"
],
"Properties":{
"PolicyDocument":{
"Statement":[
{
"Action":"*",
"Effect":"Allow",
"Resource":"*",
"Principal":"*"
}
]
},
"RouteTableIds":[
{
"Ref":"PrivateRouteTable"
},
{
"Ref":"PublicRouteTable"
}
],
"ServiceName":{
"Fn::Join":[
"",
[
"com.amazonaws.",
{
"Ref":"AWS::Region"
},
".s3"
]
]
},
"VpcId":{
"Ref":"MyVPC"
}
}
},
"PublicNetworkAcl":{
"Type":"AWS::EC2::NetworkAcl",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-public-acl"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"InboundPublicNetworkAclAllowHTTP":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PublicNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowHttpToPublicRuleNumber"
},
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"80",
"To":"80"
}
}
},
"InboundPublicNetworkAclAllowHTTPS":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PublicNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowHttpsToPublicRuleNumber"
},
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"443",
"To":"443"
}
}
},
"InboundPublicNetworkAclAllowReturnTraffic":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PublicNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowReturnTrafficToPublicRuleNumber"
},
"Protocol":"6",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"49152",
"To":"65535"
}
}
},
"InboundPublicNetworkAclAllowVPCSubnets":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PublicNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowVpcSubnetsRuleNumber"
},
"Protocol":"-1",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":{
"Ref":"VPCSubnetCidrBlock"
},
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"OutboundPublicNetworkAclAllowAll":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PublicNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowAllOutboundPublicRuleNumber"
},
"Protocol":"-1",
"RuleAction":"allow",
"Egress":"true",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"PublicSubnetNetworkAclAssociation1":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"DependsOn":[
"PublicSubnet1",
"PublicNetworkAcl"
],
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet1"
},
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
}
}
},
"PublicSubnetNetworkAclAssociation2":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"DependsOn":[
"PublicSubnet2",
"PublicNetworkAcl"
],
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet2"
},
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
}
}
},
"PublicSubnetNetworkAclAssociation3":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"DependsOn":[
"PublicSubnet3",
"PublicNetworkAcl"
],
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet3"
},
"NetworkAclId":{
"Ref":"PublicNetworkAcl"
}
}
},
"PrivateNetworkAcl":{
"Type":"AWS::EC2::NetworkAcl",
"DependsOn":"MyVPC",
"Properties":{
"VpcId":{
"Ref":"MyVPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-private-acl"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"InboundEphemeralPrivateNetworkAclAllowAll":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PrivateNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowAllInboundPrivateRuleNumber"
},
"Protocol":"-1",
"RuleAction":"allow",
"Egress":"false",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"OutboundPrivateNetworkAclAllowAll":{
"Type":"AWS::EC2::NetworkAclEntry",
"DependsOn":"PrivateNetworkAcl",
"Properties":{
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
},
"RuleNumber":{
"Ref":"AllowAllOutboundPrivateRuleNumber"
},
"Protocol":"-1",
"RuleAction":"allow",
"Egress":"true",
"CidrBlock":"0.0.0.0/0",
"PortRange":{
"From":"0",
"To":"65535"
}
}
},
"PrivateSubnetNetworkAclAssociation1":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"DependsOn":[
"PrivateSubnet1",
"PrivateNetworkAcl"
],
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet1"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociation2":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"DependsOn":[
"PrivateSubnet2",
"PrivateNetworkAcl"
],
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet2"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"PrivateSubnetNetworkAclAssociation3":{
"Type":"AWS::EC2::SubnetNetworkAclAssociation",
"DependsOn":[
"PrivateSubnet3",
"PrivateNetworkAcl"
],
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet3"
},
"NetworkAclId":{
"Ref":"PrivateNetworkAcl"
}
}
},
"InternalAccessSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"DependsOn":"MyVPC",
"Properties":{
"GroupDescription":"Instance to Instance Access in VPC",
"VpcId":{
"Ref":"MyVPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-instance-to-instance"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
]
}
},
"InternalAccessSecurityGroupIngress":{
"Type":"AWS::EC2::SecurityGroupIngress",
"DependsOn":"InternalAccessSecurityGroup",
"Properties":{
"GroupId":{
"Ref":"InternalAccessSecurityGroup"
},
"IpProtocol":"-1",
"SourceSecurityGroupId":{
"Ref":"InternalAccessSecurityGroup"
}
}
},
"RemoteAccessSecurityGroup":{
"Type":"AWS::EC2::SecurityGroup",
"Properties":{
"GroupDescription":"Instance Access over VPN/Direct Connect",
"VpcId":{
"Ref":"MyVPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::StackName"
},
"-remote-to-instance"
]
]
}
},
{
"Key":"Owner",
"Value":{
"Ref":"Owner"
}
},
{
"Key":"Project",
"Value":{
"Ref":"Project"
}
},
{
"Key":"DeleteAfter",
"Value":{
"Ref":"DeleteAfter"
}
}
],
"SecurityGroupIngress":[
{
"IpProtocol":"-1",
"CidrIp":{
"Ref":"RemoteAccessNetwork"
}
}
],
"SecurityGroupEgress":[
{
"IpProtocol":"-1",
"CidrIp":"0.0.0.0/0"
}
]
}
},
"EcsCluster":{
"Type":"AWS::ECS::Cluster",
"DependsOn":[
"MyVPC"
]
},
"PhpTaskDefinition":{
"Type":"AWS::ECS::TaskDefinition",
"DependsOn":[
"MyVPC"
],
"Properties":{
"ContainerDefinitions":[
{
"Name":"php-simple-app",
"Cpu":"10",
"Essential":"true",
"Image":{
"Fn::Join":[
"",
[
{
"Ref":"AWS::AccountId"
},
".dkr.ecr.us-east-1.amazonaws.com/",
{
"Ref":"ECSRepoName"
},
":",
{
"Ref":"ImageTag"
}
]
]
},
"Memory":"300",
"PortMappings":[
{
"HostPort":80,
"ContainerPort":80
}
]
}
],
"Volumes":[
{
"Name":"my-vol"
}
]
}
},
"EcsElb":{
"Type":"AWS::ElasticLoadBalancing::LoadBalancer",
"DependsOn":[
"MyVPC"
],
"Properties":{
"Subnets":[
{
"Ref":"PublicSubnet1"
},
{
"Ref":"PublicSubnet2"
}
],
"Listeners":[
{
"LoadBalancerPort":"80",
"InstancePort":"80",
"Protocol":"HTTP"
}
],
"SecurityGroups":[
{
"Ref":"RemoteAccessSecurityGroup"
},
{
"Ref":"RemoteAccessSecurityGroup"
}
],
"HealthCheck":{
"Target":"HTTP:80/",
"HealthyThreshold":"2",
"UnhealthyThreshold":"10",
"Interval":"30",
"Timeout":"5"
}
}
},
"ECSAutoScalingGroup":{
"Type":"AWS::AutoScaling::AutoScalingGroup",
"DependsOn":[
"MyVPC"
],
"Properties":{
"VPCZoneIdentifier":[
{
"Ref":"PublicSubnet1"
},
{
"Ref":"PublicSubnet2"
}
],
"LaunchConfigurationName":{
"Ref":"ContainerInstances"
},
"MinSize":"1",
"MaxSize":{
"Ref":"MaxSize"
},
"DesiredCapacity":{
"Ref":"DesiredCapacity"
}
},
"CreationPolicy":{
"ResourceSignal":{
"Timeout":"PT15M"
}
},
"UpdatePolicy":{
"AutoScalingRollingUpdate":{
"MinInstancesInService":"1",
"MaxBatchSize":"1",
"PauseTime":"PT15M",
"WaitOnResourceSignals":"true"
}
}
},
"ContainerInstances":{
"Type":"AWS::AutoScaling::LaunchConfiguration",
"DependsOn":[
"MyVPC"
],
"Metadata":{
"AWS::CloudFormation::Init":{
"config":{
"commands":{
"01_add_instance_to_cluster":{
"command":{
"Fn::Join":[
"",
[
"#!/bin/bash\n",
"echo ECS_CLUSTER=",
{
"Ref":"EcsCluster"
},
" >> /etc/ecs/ecs.config"
]
]
}
}
},
"files":{
"/etc/cfn/cfn-hup.conf":{
"content":{
"Fn::Join":[
"",
[
"[main]\n",
"stack=",
{
"Ref":"AWS::StackId"
},
"\n",
"region=",
{
"Ref":"AWS::Region"
},
"\n"
]
]
},
"mode":"000400",
"owner":"root",
"group":"root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf":{
"content":{
"Fn::Join":[
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.ContainerInstances.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref":"AWS::StackName"
},
" --resource ContainerInstances ",
" --region ",
{
"Ref":"AWS::Region"
},
"\n",
"runas=root\n"
]
]
}
}
},
"services":{
"sysvinit":{
"cfn-hup":{
"enabled":"true",
"ensureRunning":"true",
"files":[
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}
}
}
},
"Properties":{
"ImageId":{
"Fn::FindInMap":[
"AWSRegionToAMI",
{
"Ref":"AWS::Region"
},
"AMIID"
]
},
"SecurityGroups":[
{
"Ref":"RemoteAccessSecurityGroup"
},
{
"Ref":"RemoteAccessSecurityGroup"
}
],
"InstanceType":{
"Ref":"InstanceType"
},
"IamInstanceProfile":{
"Ref":"EC2InstanceProfile"
},
"KeyName":{
"Ref":"EC2KeyPairName"
},
"UserData":{
"Fn::Base64":{
"Fn::Join":[
"",
[
"#!/bin/bash -xe\n",
"yum install -y aws-cfn-bootstrap\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref":"AWS::StackName"
},
" --resource ContainerInstances ",
" --region ",
{
"Ref":"AWS::Region"
},
"\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref":"AWS::StackName"
},
" --resource ECSAutoScalingGroup ",
" --region ",
{
"Ref":"AWS::Region"
},
"\n"
]
]
}
}
}
},
"EcsService":{
"Type":"AWS::ECS::Service",
"DependsOn":[
"MyVPC",
"ECSAutoScalingGroup"
],
"Properties":{
"Cluster":{
"Ref":"EcsCluster"
},
"DesiredCount":"1",
"DeploymentConfiguration":{
"MaximumPercent":100,
"MinimumHealthyPercent":0
},
"LoadBalancers":[
{
"ContainerName":"php-simple-app",
"ContainerPort":"80",
"LoadBalancerName":{
"Ref":"EcsElb"
}
}
],
"Role":{
"Ref":"EcsServiceRole"
},
"TaskDefinition":{
"Ref":"PhpTaskDefinition"
}
}
},
"EcsServiceRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"AssumeRolePolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"ecs.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
},
"Path":"/",
"Policies":[
{
"PolicyName":"ecs-service",
"PolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Action":[
"elasticloadbalancing:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"ec2:Describe*",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource":"*"
}
]
}
}
]
}
},
"EC2Role":{
"Type":"AWS::IAM::Role",
"DependsOn":[
"MyVPC"
],
"Properties":{
"AssumeRolePolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"ec2.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
},
"Path":"/",
"Policies":[
{
"PolicyName":"ecs-service",
"PolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Action":[
"ecs:CreateCluster",
"ecs:RegisterContainerInstance",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Submit*",
"ecr:*",
"ecs:Poll"
],
"Resource":"*"
}
]
}
}
]
}
},
"EC2InstanceProfile":{
"Type":"AWS::IAM::InstanceProfile",
"DependsOn":[
"MyVPC"
],
"Properties":{
"Path":"/",
"Roles":[
{
"Ref":"EC2Role"
}
]
}
},
"CodeBuildRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"AssumeRolePolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"codebuild.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
},
"Path":"/",
"Policies":[
{
"PolicyName":"codebuild-service",
"PolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Action":"*",
"Resource":"*"
}
],
"Version":"2012-10-17"
}
}
]
}
},
"CodePipelineRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"AssumeRolePolicyDocument":{
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"codepipeline.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
},
"Path":"/",
"Policies":[
{
"PolicyName":"codepipeline-service",
"PolicyDocument":{
"Statement":[
{
"Action":[
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:UploadArchive",
"codecommit:GetUploadArchiveStatus",
"codecommit:CancelUploadArchive",
"codebuild:*"
],
"Resource":"*",
"Effect":"Allow"
},
{
"Action":[
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource":"*",
"Effect":"Allow"
},
{
"Action":[
"s3:PutObject"
],
"Resource":[
"arn:aws:s3:::codepipeline*"
],
"Effect":"Allow"
},
{
"Action":[
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:RegisterApplicationRevision"
],
"Resource":"*",
"Effect":"Allow"
},
{
"Action":[
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*",
"iam:PassRole"
],
"Resource":"*",
"Effect":"Allow"
},
{
"Action":[
"lambda:InvokeFunction",
"lambda:ListFunctions"
],
"Resource":"*",
"Effect":"Allow"
}
],
"Version":"2012-10-17"
}
}
]
}
},
"CodeBuildEcsProject":{
"Type":"AWS::CodeBuild::Project",
"DependsOn":"CodeBuildRole",
"Properties":{
"Name":{
"Ref":"AWS::StackName"
},
"Description":"Build ECS application",
"ServiceRole":{
"Fn::GetAtt":[
"CodeBuildRole",
"Arn"
]
},
"Artifacts":{
"Type":"no_artifacts"
},
"Environment":{
"Type":"linuxContainer",
"ComputeType":"BUILD_GENERAL1_SMALL",
"Image":"aws/codebuild/java:openjdk-8"
},
"Source":{
"Location":{
"Fn::Join":[
"",
[
"https://git-codecommit.",
{
"Ref":"AWS::Region"
},
".amazonaws.com/v1/repos/",
{
"Ref":"AWS::StackName"
}
]
]
},
"Type":"CODECOMMIT"
},
"TimeoutInMinutes":10,
"Tags":[
{
"Key":"Owner",
"Value":"ECSProject"
}
]
}
},
"MySNSTopic":{
"Type":"AWS::SNS::Topic",
"Properties":{
"Subscription":[
{
"Endpoint":{
"Ref":"EmailAddress"
},
"Protocol":"email"
}
]
}
},
"CodeCommitEcsRepo":{
"Type":"AWS::CodeCommit::Repository",
"Properties":{
"RepositoryName":{
"Ref":"AWS::StackName"
},
"RepositoryDescription":"CodeCommit Repository for ECS",
"Triggers":[
{
"Name":"MasterTrigger",
"CustomData":{
"Ref":"AWS::StackName"
},
"DestinationArn":{
"Ref":"MySNSTopic"
},
"Events":[
"all"
]
}
]
}
},
"CodePipelineStack":{
"Type":"AWS::CodePipeline::Pipeline",
"DependsOn":"CodeBuildEcsProject",
"Properties":{
"RoleArn":{
"Fn::Join":[
"",
[
"arn:aws:iam::",
{
"Ref":"AWS::AccountId"
},
":role/",
{
"Ref":"CodePipelineRole"
}
]
]
},
"Stages":[
{
"Name":"Source",
"Actions":[
{
"InputArtifacts":[
],
"Name":"Source",
"ActionTypeId":{
"Category":"Source",
"Owner":"AWS",
"Version":"1",
"Provider":"CodeCommit"
},
"OutputArtifacts":[
{
"Name":"MyApp"
}
],
"Configuration":{
"BranchName":{
"Ref":"RepositoryBranch"
},
"RepositoryName":{
"Ref":"AWS::StackName"
}
},
"RunOrder":1
}
]
},
{
"Name":"Build",
"Actions":[
{
"InputArtifacts":[
{
"Name":"MyApp"
}
],
"Name":"Build",
"ActionTypeId":{
"Category":"Build",
"Owner":"AWS",
"Version":"1",
"Provider":"CodeBuild"
},
"OutputArtifacts":[
{
"Name":"MyAppBuild"
}
],
"Configuration":{
"ProjectName":{
"Ref":"CodeBuildEcsProject"
}
},
"RunOrder":1
}
]
}
],
"ArtifactStore":{
"Type":"S3",
"Location":{
"Fn::Join":[
"",
[
"codepipeline-",
{
"Ref":"AWS::Region"
},
"-",
{
"Ref":"AWS::AccountId"
}
]
]
}
}
}
}
},
"Outputs":{
"CodeBuildURL":{
"Value":{
"Fn::Join":[
"",
[
"https://console.aws.amazon.com/codebuild/home?region=",
{
"Ref":"AWS::Region"
},
"#/projects/",
{
"Ref":"CodeBuildEcsProject"
},
"/view"
]
]
},
"Description":"CodeBuild URL"
},
"CodeCommitURL":{
"Value":{
"Fn::Join":[
"",
[
"https://console.aws.amazon.com/codecommit/home?region=",
{
"Ref":"AWS::Region"
},
"#/repository/",
{
"Ref":"AWS::StackName"
},
"/browse/HEAD/--/"
]
]
},
"Description":"Git Repository URL"
},
"CloneUrlSsh":{
"Value":{
"Fn::Join":[
"",
[
"git clone ",
{
"Fn::GetAtt":[
"CodeCommitEcsRepo",
"CloneUrlSsh"
]
},
""
]
]
},
"Description":"Git command for CodeCommit repository"
},
"CodePipelineURL":{
"Value":{
"Fn::Join":[
"",
[
"https://console.aws.amazon.com/codepipeline/home?region=",
{
"Ref":"AWS::Region"
},
"#/view/",
{
"Ref":"CodePipelineStack"
}
]
]
},
"Description":"CodePipeline URL"
},
"Owner":{
"Description":"Team or Individual that Owns this Formation.",
"Value":{
"Ref":"Owner"
}
},
"Project":{
"Description":"The project name",
"Value":{
"Ref":"Project"
}
},
"VPC":{
"Description":"Created VPC",
"Value":{
"Ref":"MyVPC"
}
},
"VPCCIDR":{
"Description":"VPC Subnet CIDR Block",
"Value":{
"Ref":"VPCSubnetCidrBlock"
}
},
"VPCe":{
"Description":"Created VPC Endpoint",
"Value":{
"Ref":"S3VpcEndpoint"
}
},
"PublicRouteTable":{
"Description":"Public Route Table Created for VPC",
"Value":{
"Ref":"PublicRouteTable"
}
},
"PrivateRouteTable":{
"Description":"Private Route Table Created for VPC",
"Value":{
"Ref":"PrivateRouteTable"
}
},
"PublicNetworkAcl":{
"Description":"Public Network ACL Created for VPC",
"Value":{
"Ref":"PublicNetworkAcl"
}
},
"PrivateNetworkAcl":{
"Description":"Private Netowrk ACL Created for VPC",
"Value":{
"Ref":"PrivateNetworkAcl"
}
},
"PublicSubnet1":{
"Description":"Public Subnet 1 Created for VPC",
"Value":{
"Ref":"PublicSubnet1"
}
},
"PublicSubnet2":{
"Description":"Public Subnet 2 Created for VPC",
"Value":{
"Ref":"PublicSubnet2"
}
},
"PublicSubnet3":{
"Description":"Public Subnet 3 Created for VPC",
"Value":{
"Ref":"PublicSubnet3"
}
},
"PrivateSubnet1":{
"Description":"Private Subnet 1 Created for VPC",
"Value":{
"Ref":"PrivateSubnet1"
}
},
"PrivateSubnet2":{
"Description":"Private Subnet 1 Created for VPC",
"Value":{
"Ref":"PrivateSubnet2"
}
},
"PrivateSubnet3":{
"Description":"Private Subnet 1 Created for VPC",
"Value":{
"Ref":"PrivateSubnet3"
}
},
"AvailabilityZone1":{
"Description":"Private Subnet IDs Created for VPC",
"Value":{
"Fn::GetAtt":[
"PublicSubnet1",
"AvailabilityZone"
]
}
},
"AvailabilityZone2":{
"Description":"Private Subnet IDs Created for VPC",
"Value":{
"Fn::GetAtt":[
"PublicSubnet2",
"AvailabilityZone"
]
}
},
"AvailabilityZone3":{
"Description":"Private Subnet IDs Created for VPC",
"Value":{
"Fn::GetAtt":[
"PublicSubnet3",
"AvailabilityZone"
]
}
},
"PublicSubnetCidr1":{
"Description":"Public Subnet IDs Created for VPC",
"Value":{
"Ref":"PublicSubnetCidrBlock1"
}
},
"PublicSubnetCidr2":{
"Description":"Public Subnet IDs Created for VPC",
"Value":{
"Ref":"PublicSubnetCidrBlock2"
}
},
"PublicSubnetCidr3":{
"Description":"Public Subnet IDs Created for VPC",
"Value":{
"Ref":"PublicSubnetCidrBlock3"
}
},
"PrivateSubnetCidr1":{
"Description":"Private Subnet IDs Created for VPC",
"Value":{
"Ref":"PrivateSubnetCidrBlock1"
}
},
"PrivateSubnetCidr2":{
"Description":"Private Subnet IDs Created for VPC",
"Value":{
"Ref":"PrivateSubnetCidrBlock2"
}
},
"PrivateSubnetCidr3":{
"Description":"Private Subnet IDs Created for VPC",
"Value":{
"Ref":"PrivateSubnetCidrBlock3"
}
},
"InternetGateway":{
"Description":"Internet Gateway Created for VPC",
"Value":{
"Ref":"InternetGateway"
}
},
"InternalAccessSecurityGroup":{
"Description":"Instance to Instance Access within VPC",
"Value":{
"Ref":"InternalAccessSecurityGroup"
}
},
"RemoteAccessSecurityGroup":{
"Description":"Remote Network or IP that can Access the instances of VPN or Direct Connect.",
"Value":{
"Ref":"RemoteAccessSecurityGroup"
}
},
"PublicNetworkACLRuleNumbers":{
"Description":"Public Network ACL Rules Numbers Created.",
"Value":{
"Fn::Join":[
"",
[
"Inbound (",
{
"Ref":"AllowHttpToPublicRuleNumber"
},
", ",
{
"Ref":"AllowHttpsToPublicRuleNumber"
},
", ",
{
"Ref":"AllowReturnTrafficToPublicRuleNumber"
},
", ",
{
"Ref":"AllowVpcSubnetsRuleNumber"
},
") ",
"Outbound (",
{
"Ref":"AllowAllOutboundPublicRuleNumber"
},
")"
]
]
}
},
"PrivateNetworkACLRuleNumbers":{
"Description":"Private Network ACL Rules Numbers Created.",
"Value":{
"Fn::Join":[
"",
[
"Inbound (",
{
"Ref":"AllowAllInboundPrivateRuleNumber"
},
") ",
"Outbound (",
{
"Ref":"AllowAllOutboundPrivateRuleNumber"
},
")"
]
]
}
},
"DeleteAfter":{
"Description":"It is ok to delete this Formation after this date",
"Value":{
"Ref":"DeleteAfter"
}
}
},
"Metadata":{
"AWS::CloudFormation::Interface":{
"ParameterGroups":[
{
"Label":{
"default":"Ownership"
},
"Parameters":[
"Owner",
"Project",
"DeleteAfter"
]
},
{
"Label":{
"default":"Remote Configurations"
},
"Parameters":[
"RemoteAccessNetwork"
]
},
{
"Label":{
"default":"AWS Network Configurations"
},
"Parameters":[
"VPCSubnetCidrBlock",
"PublicSubnetCidrBlock1",
"PublicSubnetCidrBlock2",
"PublicSubnetCidrBlock3",
"PrivateSubnetCidrBlock1",
"PrivateSubnetCidrBlock2",
"PrivateSubnetCidrBlock3",
"AvailabilityZone1",
"AvailabilityZone2",
"AvailabilityZone3"
]
},
{
"Label":{
"default":"AWS Network ACL Rule Numbers"
},
"Parameters":[
"AllowHttpToPublicRuleNumber",
"AllowHttpsToPublicRuleNumber",
"AllowReturnTrafficToPublicRuleNumber",
"AllowVpcSubnetsRuleNumber",
"AllowAllOutboundPublicRuleNumber",
"AllowAllInboundPrivateRuleNumber",
"AllowAllOutboundPrivateRuleNumber"
]
}
],
"ParameterLabels":{
"Owner":{
"default":"Team or Individual Owner"
},
"DeleteAfter":{
"default":"Delete After Date"
},
"VPCSubnetCidrBlock":{
"default":"VPC Subnet"
},
"PublicSubnetCidrBlock1":{
"default":"Public Subnet 1"
},
"PublicSubnetCidrBlock2":{
"default":"Public Subnet 2"
},
"PublicSubnetCidrBlock3":{
"default":"Public Subnet 3"
},
"PrivateSubnetCidrBlock1":{
"default":"Private Subnet 1"
},
"PrivateSubnetCidrBlock2":{
"default":"Private Subnet 2"
},
"PrivateSubnetCidrBlock3":{
"default":"Private Subnet 3"
},
"AvailabilityZone1":{
"default":"Availability Zone 1"
},
"AvailabilityZone2":{
"default":"Availability Zone 2"
},
"AvailabilityZone3":{
"default":"Availability Zone 3"
},
"AllowHttpToPublicRuleNumber":{
"default":"HTTP to Public"
},
"AllowHttpsToPublicRuleNumber":{
"default":"HTTPS to Public"
},
"AllowReturnTrafficToPublicRuleNumber":{
"default":"Return Traffic to Public"
},
"AllowVpcSubnetsRuleNumber":{
"default":"VPC Subnets to Public"
},
"AllowAllOutboundPublicRuleNumber":{
"default":"Public Outbound"
},
"AllowAllInboundPrivateRuleNumber":{
"default":"Private Inbound"
},
"AllowAllOutboundPrivateRuleNumber":{
"default":"Private Outbound"
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment