aayushbakliwal/baseTemplate.yml Secret

## baseTemplate.yml
AWSTemplateFormatVersion: 2010-09-09
Description: Creates 1 VPC with 1 AZ, 2 Subnets, and one EC2 Instance. This template creates a VPC and adds an EC2 instance with a Public IP address and a security group in a single AZ with SSM Instance Profile.
             **WARNING** This template creates an Amazon
             EC2 instance. You will be billed for the AWS resources used if you create a  stack from this template.
Parameters:
  AvailabilityZoneSelection:
    Description: Availability Zone
    Type: AWS::EC2::AvailabilityZone::Name
    Default: ap-northeast-1a
  LatestAmiId:
    Description: Latest EC2 AMI from Systems Manager Parameter Store
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
  InstanceType:
    Description: WebServer EC2 instance type
    Type: String
    Default: t3.micro
Resources:
# Inspection VPC Deployment for the AWS Network Firwall
  InspectionVPC:
    Type: AWS::EC2::VPC
    Properties:
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      CidrBlock: 10.1.0.0/16
      Tags:
        - Key: Name
          Value: "ANFW Inspection VPC"
  FirewallSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Ref AvailabilityZoneSelection
      CidrBlock: 10.1.1.0/28
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: "Firewall Subnet"
      VpcId: !Ref InspectionVPC
  InspectionVPCInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - Key: "Name"
          Value: "Inspection VPC IGW"
  FirstAttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      InternetGatewayId: !Ref InspectionVPCInternetGateway
      VpcId: !Ref InspectionVPC
  ProtectedWebServerSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Ref AvailabilityZoneSelection
      CidrBlock: 10.1.3.0/28
      Tags:
        - Key: Name
          Value: "Protected WebServer Subnet"
      VpcId: !Ref InspectionVPC
# EC2 host deployment with an NGINX web server and SSM instance profile for Session Manager Management
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: "Instance Security Group"
      GroupDescription: "Allow ICMP from 10.0.0.0/8"
      VpcId: !Ref InspectionVPC
      SecurityGroupIngress:
        - IpProtocol: icmp
          ToPort: -1
          FromPort: -1
          CidrIp: 10.0.0.0/8
  WebServerEC2InstanceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: WebServerEC2InstanceRole
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      # The managed policy to allows the EC2 access to SSM permissions
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
  ProtectedWebServerEIP:
    Type: "AWS::EC2::EIP"
    Properties:
      Domain: vpc
      InstanceId: !Ref WebServer
  WebServerInstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: "/"
      Roles:
        - !Ref WebServerEC2InstanceRole
  WebServer:
    DependsOn: WebServerEC2InstanceRole
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref LatestAmiId
      InstanceType: !Ref InstanceType
      IamInstanceProfile: !Ref WebServerInstanceProfile
      NetworkInterfaces:
        - DeviceIndex: 0
          PrivateIpAddress: 10.1.3.4
          SubnetId: !Ref ProtectedWebServerSubnet
          GroupSet:
            - !Ref WebServerSecurityGroup
      Tags:
        - Key: Name
          Value: "Test Workload"

Outputs:
  PublicIp:
    Description: WebServer Public IP
    Value: !GetAtt WebServer.PublicIp
    Export:
      Name: !Sub "${AWS::StackName}-PublicIp"
	AWSTemplateFormatVersion: 2010-09-09
	Description: Creates 1 VPC with 1 AZ, 2 Subnets, and one EC2 Instance. This template creates a VPC and adds an EC2 instance with a Public IP address and a security group in a single AZ with SSM Instance Profile.
	WARNING This template creates an Amazon
	EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.
	Parameters:
	AvailabilityZoneSelection:
	Description: Availability Zone
	Type: AWS::EC2::AvailabilityZone::Name
	Default: ap-northeast-1a
	LatestAmiId:
	Description: Latest EC2 AMI from Systems Manager Parameter Store
	Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
	Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
	InstanceType:
	Description: WebServer EC2 instance type
	Type: String
	Default: t3.micro
	Resources:
	# Inspection VPC Deployment for the AWS Network Firwall
	InspectionVPC:
	Type: AWS::EC2::VPC
	Properties:
	EnableDnsSupport: 'true'
	EnableDnsHostnames: 'true'
	CidrBlock: 10.1.0.0/16
	Tags:
	- Key: Name
	Value: "ANFW Inspection VPC"
	FirewallSubnet:
	Type: AWS::EC2::Subnet
	Properties:
	AvailabilityZone: !Ref AvailabilityZoneSelection
	CidrBlock: 10.1.1.0/28
	MapPublicIpOnLaunch: true
	Tags:
	- Key: Name
	Value: "Firewall Subnet"
	VpcId: !Ref InspectionVPC
	InspectionVPCInternetGateway:
	Type: AWS::EC2::InternetGateway
	Properties:
	Tags:
	- Key: "Name"
	Value: "Inspection VPC IGW"
	FirstAttachGateway:
	Type: AWS::EC2::VPCGatewayAttachment
	Properties:
	InternetGatewayId: !Ref InspectionVPCInternetGateway
	VpcId: !Ref InspectionVPC
	ProtectedWebServerSubnet:
	Type: AWS::EC2::Subnet
	Properties:
	AvailabilityZone: !Ref AvailabilityZoneSelection
	CidrBlock: 10.1.3.0/28
	Tags:
	- Key: Name
	Value: "Protected WebServer Subnet"
	VpcId: !Ref InspectionVPC
	# EC2 host deployment with an NGINX web server and SSM instance profile for Session Manager Management
	WebServerSecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupName: "Instance Security Group"
	GroupDescription: "Allow ICMP from 10.0.0.0/8"
	VpcId: !Ref InspectionVPC
	SecurityGroupIngress:
	- IpProtocol: icmp
	ToPort: -1
	FromPort: -1
	CidrIp: 10.0.0.0/8
	WebServerEC2InstanceRole:
	Type: 'AWS::IAM::Role'
	Properties:
	RoleName: WebServerEC2InstanceRole
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- ec2.amazonaws.com
	Action:
	- 'sts:AssumeRole'
	Path: /
	# The managed policy to allows the EC2 access to SSM permissions
	ManagedPolicyArns:
	- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
	ProtectedWebServerEIP:
	Type: "AWS::EC2::EIP"
	Properties:
	Domain: vpc
	InstanceId: !Ref WebServer
	WebServerInstanceProfile:
	Type: AWS::IAM::InstanceProfile
	Properties:
	Path: "/"
	Roles:
	- !Ref WebServerEC2InstanceRole
	WebServer:
	DependsOn: WebServerEC2InstanceRole
	Type: AWS::EC2::Instance
	Properties:
	ImageId: !Ref LatestAmiId
	InstanceType: !Ref InstanceType
	IamInstanceProfile: !Ref WebServerInstanceProfile
	NetworkInterfaces:
	- DeviceIndex: 0
	PrivateIpAddress: 10.1.3.4
	SubnetId: !Ref ProtectedWebServerSubnet
	GroupSet:
	- !Ref WebServerSecurityGroup
	Tags:
	- Key: Name
	Value: "Test Workload"

	Outputs:
	PublicIp:
	Description: WebServer Public IP
	Value: !GetAtt WebServer.PublicIp
	Export:
	Name: !Sub "${AWS::StackName}-PublicIp"