{ | |
"AWSTemplateFormatVersion" : "2010-09-09", | |
"Description" : "Builds a NAT host. **WARNING** This template creates Amazon EC2 instance(s). You will be billed for the AWS resources used if you create a stack from this template.", | |
"Parameters" : { | |
"KeyName" : { | |
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances", | |
"Type" : "String", | |
"MinLength": "1", | |
"MaxLength": "64", | |
"AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
"ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
}, | |
"VpcId" : { | |
"Type" : "String", | |
"Description" : "VpcId of your existing Virtual Private Cloud (VPC)" | |
}, | |
"SubnetId" : { | |
"Type" : "String", | |
"Description" : "SubnetId of an existing Public facing subnet in your Virtual Private Cloud (VPC)" | |
} | |
}, | |
"Mappings" : { | |
"AWSNATAMI": { | |
"us-east-1": {"AMI": "ami-6e9e4b06"}, | |
"us-west-2": {"AMI": "ami-8b6912bb"}, | |
"us-west-1": {"AMI": "ami-1d2b2958"}, | |
"eu-west-1": {"AMI": "ami-14913f63"}, | |
"ap-northeast-1": {"AMI": "ami-27d6e626"} | |
} | |
}, | |
"Resources" : { | |
"NATIPAddress" : { | |
"Type" : "AWS::EC2::EIP", | |
"Properties" : { | |
"Domain" : "vpc", | |
"InstanceId" : { "Ref" : "NATDevice" } | |
} | |
}, | |
"NATDevice" : { | |
"Type" : "AWS::EC2::Instance", | |
"Properties" : { | |
"InstanceType" : "m3.medium", | |
"KeyName" : { "Ref" : "KeyName" }, | |
"SubnetId" : { "Ref" : "SubnetId" }, | |
"SourceDestCheck" : "false", | |
"ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
"SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }] | |
} | |
}, | |
"NATSecurityGroup" : { | |
"Type" : "AWS::EC2::SecurityGroup", | |
"Properties" : { | |
"GroupDescription" : "Enable internal access to the NAT device", | |
"VpcId" : { "Ref" : "VpcId" }, | |
"SecurityGroupIngress" : [ | |
{ "IpProtocol" : "tcp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "192.168.0.0/16" }, | |
{ "IpProtocol" : "udp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "192.168.0.0/16" } , | |
{ "IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "192.168.0.0/16" } | |
], | |
"SecurityGroupEgress" : [ | |
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" }, | |
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" }, | |
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" }, | |
{ "IpProtocol" : "tcp", "FromPort" : "9418", "ToPort" : "9418", "CidrIp" : "0.0.0.0/0" }, | |
{ "IpProtocol" : "tcp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "192.168.0.0/16" }, | |
{ "IpProtocol" : "udp", "FromPort" : "123", "ToPort" : "123", "CidrIp" : "0.0.0.0/0" }, | |
{ "IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "0.0.0.0/0" } | |
] | |
} | |
}, | |
"PrivateRouteTable" : { | |
"Type" : "AWS::EC2::RouteTable", | |
"Properties" : { | |
"VpcId" : {"Ref" : "VpcId"}, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private Route" } | |
] | |
} | |
}, | |
"PrivateRoute" : { | |
"Type" : "AWS::EC2::Route", | |
"Properties" : { | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" }, | |
"DestinationCidrBlock" : "0.0.0.0/0", | |
"InstanceId" : { "Ref" : "NATDevice" } | |
} | |
} | |
}, | |
"Outputs" : { | |
"PrivateRouteTableId" : { | |
"Value" : {"Ref" : "PrivateRouteTable"}, | |
"Description" : "Private Route Table ID" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment