Skip to content

Instantly share code, notes, and snippets.

@aLucaz
Created May 18, 2021 13:46
Show Gist options
  • Save aLucaz/fb3adbe307d844821834557c19f1b8c9 to your computer and use it in GitHub Desktop.
Save aLucaz/fb3adbe307d844821834557c19f1b8c9 to your computer and use it in GitHub Desktop.
Cloud Formation Yaml to create private RDS and EC2 connected via tcp
Description:
Goal
-> create a VPC with
-> 1 public subnet
-> 1 private subnet
-> create an Internet Gateway
-> create public instance as bastion
-> create private RDS instance with its inbound rules
Parameters:
VpcCidr:
Type: String
Default: 10.0.0.0/16
PublicSubnetACidr:
Type: String
Default: 10.0.1.0/24
PublicSubnetBCidr:
Type: String
Default: 10.0.2.0/24
PrivateSubnetACidr:
Type: String
Default: 10.0.11.0/24
PrivateSubnetBCidr:
Type: String
Default: 10.0.12.0/24
BastionKeyPairName:
Type: AWS::EC2::KeyPair::KeyName
Default: poc-cf-keypair
PublicInstanceType:
AllowedValues:
- t2.micro
- t2.small
Default: t2.micro
Type: String
PublicSubnetAAZ:
AllowedValues:
- us-west-1a
Default: us-west-1a
Type: String
PublicSubnetBAZ:
AllowedValues:
- us-west-1b
Default: us-west-1b
Type: String
PrivateInstanceType:
AllowedValues:
- t2.micro
- t2.small
Default: t2.micro
Type: String
PrivateSubnetAAZ:
AllowedValues:
- us-west-1a
Default: us-west-1a
Type: String
PrivateSubnetBAZ:
AllowedValues:
- us-west-1b
Default: us-west-1b
Type: String
DBInstanceID:
Default: dbinstance
Type: String
MinLength: 1
MaxLength: 63
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
DBName:
Default: mydb
Type: String
MinLength: 1
MaxLength: 64
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
DBInstanceClass:
Default: db.t2.micro
Type: String
DBAllocatedStorage:
Default: 20
Type: Number
MinValue: 5
MaxValue: 1024
DBUsername:
Default: test
NoEcho: 'true'
Type: String
MinLength: 1
MaxLength: 16
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
DBPassword:
Default: 12345678
NoEcho: 'true'
Type: String
MinLength: 8
MaxLength: 41
AllowedPattern: '[a-zA-Z0-9]*'
Mappings:
RegionMap:
us-west-1:
HVM64: ami-0d382e80be7ffdae5
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: poc-cf-vpc
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PublicSubnetAAZ
CidrBlock: !Ref PublicSubnetACidr
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: poc-cf-public-subnet-a
PublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PublicSubnetBAZ
CidrBlock: !Ref PublicSubnetBCidr
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: poc-cf-public-subnet-b
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PrivateSubnetAAZ
CidrBlock: !Ref PrivateSubnetACidr
Tags:
- Key: Name
Value: poc-cf-private-subnet-a
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Ref PrivateSubnetBAZ
CidrBlock: !Ref PrivateSubnetBCidr
Tags:
- Key: Name
Value: poc-cf-private-subnet-b
# Connecting VPC to internet
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ig-vpc
InternetGatewayAttachement:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# Creating VPC route table with an entry to route Internet traffic to the Internet Gateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public routes
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachement
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Creating public subnet A & B route table association
PublicSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetA
PublicSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetB
# Now we neer Nat Gateway Associations to our private subnet
NatGatewayAIP:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachement
Properties:
Domain: vpc
NatGatewayA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGatewayAIP.AllocationId
SubnetId: !Ref PublicSubnetA
# Creating a private subnet A & B route table association, to this we need a Nat Gateway
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private routes
DefaultPrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGatewayA
PrivateSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnetA
PrivateSubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnetB
# Creating a EC2 instance and SG as Bastion in public subnet
BastionSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: we use this instance as ssh bastion
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: poc-cf-bastion-sg
BastionInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap
- RegionMap
- !Ref AWS::Region
- HVM64
InstanceType: !Ref PublicInstanceType
KeyName: !Ref BastionKeyPairName
SubnetId: !Ref PublicSubnetA
SecurityGroupIds:
- !Ref BastionSG
Tags:
- Key: Name
Value: poc-cf-bastion-instance
# Creating Database instance
DBPrivateSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: this is our private instance
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref BastionSG
- IpProtocol: tcp
FromPort: 3306
ToPort: 3306
SourceSecurityGroupId: !Ref BastionSG
Tags:
- Key: Name
Value: poc-cf-private-dg
DBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: we use this SG for our db
SubnetIds:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
Tags:
- Key: Name
Value: DBSubnetGroup
DB:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceIdentifier: !Ref DBInstanceID
DBName: !Ref DBName
DBInstanceClass: !Ref DBInstanceClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
EngineVersion: 5.7.22
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
AvailabilityZone: !Ref PrivateSubnetAAZ
VPCSecurityGroups:
- !GetAtt DBPrivateSG.GroupId
DBSubnetGroupName: !Ref DBSubnetGroup
PubliclyAccessible: False
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment