| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "Builds a NAT host. **WARNING** This template creates Amazon EC2 instance(s). You will be billed for the AWS resources used if you create a stack from this template.", | |
| "Parameters" : { | |
| "KeyName" : { | |
| "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances", | |
| "Type" : "String", | |
| "MinLength": "1", | |
| "MaxLength": "64", | |
| "AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
| "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
| }, | |
| "VpcId" : { | |
| "Type" : "String", | |
| "Description" : "VpcId of your existing Virtual Private Cloud (VPC)" | |
| }, | |
| "SubnetId" : { | |
| "Type" : "String", | |
| "Description" : "SubnetId of an existing Public facing subnet in your Virtual Private Cloud (VPC)" | |
| } | |
| }, | |
| "Mappings" : { | |
| "AWSNATAMI": { | |
| "us-east-1": {"AMI": "ami-6e9e4b06"}, | |
| "us-west-2": {"AMI": "ami-8b6912bb"}, | |
| "us-west-1": {"AMI": "ami-1d2b2958"}, | |
| "eu-west-1": {"AMI": "ami-14913f63"}, | |
| "ap-northeast-1": {"AMI": "ami-27d6e626"} | |
| } | |
| }, | |
| "Resources" : { | |
| "NATIPAddress" : { | |
| "Type" : "AWS::EC2::EIP", | |
| "Properties" : { | |
| "Domain" : "vpc", | |
| "InstanceId" : { "Ref" : "NATDevice" } | |
| } | |
| }, | |
| "NATDevice" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "InstanceType" : "m3.medium", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "SubnetId" : { "Ref" : "SubnetId" }, | |
| "SourceDestCheck" : "false", | |
| "ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
| "SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }] | |
| } | |
| }, | |
| "NATSecurityGroup" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable internal access to the NAT device", | |
| "VpcId" : { "Ref" : "VpcId" }, | |
| "SecurityGroupIngress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "192.168.0.0/16" }, | |
| { "IpProtocol" : "udp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "192.168.0.0/16" } , | |
| { "IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "192.168.0.0/16" } | |
| ], | |
| "SecurityGroupEgress" : [ | |
| { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" }, | |
| { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" }, | |
| { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0" }, | |
| { "IpProtocol" : "tcp", "FromPort" : "9418", "ToPort" : "9418", "CidrIp" : "0.0.0.0/0" }, | |
| { "IpProtocol" : "tcp", "FromPort" : "0", "ToPort" : "65535", "CidrIp" : "192.168.0.0/16" }, | |
| { "IpProtocol" : "udp", "FromPort" : "123", "ToPort" : "123", "CidrIp" : "0.0.0.0/0" }, | |
| { "IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : "0.0.0.0/0" } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : {"Ref" : "VpcId"}, | |
| "Tags" : [ | |
| {"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
| {"Key" : "Network", "Value" : "Private Route" } | |
| ] | |
| } | |
| }, | |
| "PrivateRoute" : { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "InstanceId" : { "Ref" : "NATDevice" } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "PrivateRouteTableId" : { | |
| "Value" : {"Ref" : "PrivateRouteTable"}, | |
| "Description" : "Private Route Table ID" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment