Last active
December 12, 2015 09:39
-
-
Save armaniacs/4752951 to your computer and use it in GitHub Desktop.
JAWS yokohama VPC meta
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion" : "2010-09-09", | |
"Description" : "Instance Deployment on existing vpc", | |
"Parameters": { | |
"SiteURL": { | |
"Type": "String", | |
"Default": "xxxxx.araki.in", | |
"Description" : "Name of a FQDN for ec-site."}, | |
"InstanceType" : { | |
"Description" : "WebServer EC2 instance type", | |
"Type" : "String", | |
"Default" : "m1.small", | |
"AllowedValues" : [ "t1.micro","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"], | |
"ConstraintDescription" : "must be a valid EC2 instance type."}, | |
"BackupWindow": { | |
"Type": "String", | |
"Default": "18:30-19:00", | |
"Description": "The daily time range during which automated backups"}, | |
"DBUser": { | |
"Type": "String", | |
"Default": "eccube_db", | |
"Description": "RDS user"}, | |
"DBPass": { | |
"Type": "String", | |
"Default": "eccube_db", | |
"Description": "RDS password"} | |
}, | |
"Resources" : { | |
"vpcMake" : { | |
"Type" : "AWS::CloudFormation::Stack", | |
"Properties" : { | |
"TemplateURL" : "https://s3-ap-northeast-1.amazonaws.com/arakisa/CloudFormation/eccube-vpc-10vpc.json", | |
"TimeoutInMinutes" : "60" | |
} | |
}, | |
"dnscdpshoparakiin": { | |
"Type": "AWS::Route53::RecordSet", | |
"Properties": { | |
"HostedZoneId": "/hostedzone/Z1TN0F06PFG5ZF", | |
"Name": {"Ref":"SiteURL"}, | |
"Type": "CNAME", | |
"TTL": "300", | |
"Comment": "araki.in ", | |
"ResourceRecords": [ | |
{ "Fn::GetAtt" : [ "elbeccube", "DNSName" ] } | |
]}}, | |
"elbeccube": { | |
"Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
"Properties": { | |
"HealthCheck": { | |
"HealthyThreshold": "10", | |
"Interval": "30", | |
"Target": "HTTP:80/", | |
"Timeout": "5", | |
"UnhealthyThreshold": "2" | |
}, | |
"Instances": [ | |
{"Ref": "instancei2d5f6a2d"}, | |
{"Ref": "instanceib3ba90b3"} | |
], | |
"Listeners": [ | |
{ | |
"InstancePort": "80", | |
"LoadBalancerPort": "80", | |
"Protocol": "HTTP", | |
"PolicyNames": [ | |
] | |
}], | |
"Subnets": [ | |
{ "Fn::GetAtt" :["vpcMake", "Outputs.ELBSubnetAId"] }, | |
{ "Fn::GetAtt" :["vpcMake", "Outputs.ELBSubnetBId"] } | |
], | |
"SecurityGroups" : [{"Ref" : "LoadBalancerSecurityGroup"}] | |
}}, | |
"LoadBalancerSecurityGroup" : { | |
"Type" : "AWS::EC2::SecurityGroup", | |
"Properties" : { | |
"GroupDescription" : "Enable HTTP access on port 80", | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ], | |
"SecurityGroupEgress" : [ { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0" } ] | |
} | |
}, | |
"instanceib3ba90b3": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"AvailabilityZone": "ap-northeast-1a", | |
"DisableApiTermination": "FALSE", | |
"ImageId": "ami-5259eb53", | |
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ | |
"#!/bin/bash \n", | |
"sed -i \"s/cdpshop.araki.in/", | |
{"Ref":"SiteURL"}, | |
"/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"sed -i \"s/eccube.cpve4xcwndrv.ap-northeast-1.rds.amazonaws.com/", | |
{"Fn::GetAtt": ["rdseccube","Endpoint.Address"]}, | |
"/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"sed -i \"s/eccube_db/", | |
{"Ref":"DBUser"}, | |
"/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"sed -i \"s/DB_PASSWORD', 'kumokumo'/DB_PASSWORD', '", | |
{"Ref":"DBPass"}, | |
"'/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"#EOF" | |
]]}}, | |
"InstanceType": {"Ref": "InstanceType"}, | |
"KernelId": "aki-44992845", | |
"Monitoring": "true", | |
"SecurityGroupIds": [{"Ref": "sgeccube"},{"Ref": "sglog"},{"Ref": "sgwatch"}], | |
"SubnetId": {"Fn::GetAtt":["vpcMake", "Outputs.ECSubnetAId"]}, | |
"Tags": [ | |
{ "Key": "Name", | |
"Value": "c-eccube-clone-2a"} | |
]}}, | |
"instancei2d5f6a2d": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"AvailabilityZone": "ap-northeast-1b", | |
"DisableApiTermination": "FALSE", | |
"ImageId": "ami-5259eb53", | |
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [ | |
"#!/bin/bash \n", | |
"sed -i \"s/cdpshop.araki.in/", | |
{"Ref":"SiteURL"}, | |
"/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"sed -i \"s/eccube.cpve4xcwndrv.ap-northeast-1.rds.amazonaws.com/", | |
{"Fn::GetAtt": ["rdseccube","Endpoint.Address"]}, | |
"/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"sed -i \"s/eccube_db/", | |
{"Ref":"DBUser"}, | |
"/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"sed -i \"s/DB_PASSWORD', 'kumokumo'/DB_PASSWORD', '", | |
{"Ref":"DBPass"}, | |
"'/g\" /home/ec2-user/cdp/eccube/data/config/config.php\n", | |
"#EOF" | |
]]}}, | |
"InstanceType": {"Ref": "InstanceType"}, | |
"KernelId": "aki-44992845", | |
"Monitoring": "false", | |
"SecurityGroupIds": [{"Ref": "sgeccube"},{"Ref": "sglog"},{"Ref": "sgwatch"}], | |
"SubnetId": {"Fn::GetAtt":["vpcMake", "Outputs.ECSubnetBId"]}, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": "c-eccube-clone-2b" | |
}]}}, | |
"instanceLog": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"AvailabilityZone": "ap-northeast-1b", | |
"DisableApiTermination": "FALSE", | |
"ImageId": "ami-5259eb53", | |
"InstanceType": {"Ref": "InstanceType"}, | |
"KernelId": "aki-44992845", | |
"Monitoring": "false", | |
"SecurityGroupIds": [{"Ref": "sglog"}], | |
"SubnetId": {"Fn::GetAtt":["vpcMake", "Outputs.LogSubnetBId"]}, | |
"Tags": [{"Key": "Name","Value": "Log analyzer"}] | |
}}, | |
"instanceWatch": { | |
"Type": "AWS::EC2::Instance", | |
"Properties": { | |
"AvailabilityZone": "ap-northeast-1b", | |
"DisableApiTermination": "FALSE", | |
"ImageId": "ami-5259eb53", | |
"InstanceType": {"Ref": "InstanceType"}, | |
"KernelId": "aki-44992845", | |
"Monitoring": "false", | |
"SecurityGroupIds": [{"Ref": "sgwatch"}], | |
"SubnetId": {"Fn::GetAtt":["vpcMake", "Outputs.WatchSubnetBId"]}, | |
"Tags": [{"Key": "Name","Value": "Watcher"}] | |
}}, | |
"sgeccube": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"GroupDescription": "eccube2", | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": "0.0.0.0/0" | |
}, | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"CidrIp": "0.0.0.0/0" | |
} | |
]}}, | |
"sglog": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"GroupDescription": "log analysis cluster", | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": "0.0.0.0/0" | |
} | |
]}}, | |
"sgwatch": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"GroupDescription": "watcher", | |
"SecurityGroupIngress": [ | |
{ | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"CidrIp": "0.0.0.0/0" | |
} | |
]}}, | |
"rdseccube": { | |
"Type": "AWS::RDS::DBInstance", | |
"Properties": { | |
"MultiAZ": "true", | |
"DBSnapshotIdentifier": "eccube-snapshot", | |
"AllocatedStorage": "5", | |
"BackupRetentionPeriod": "1", | |
"DBInstanceClass": "db.m1.small", | |
"DBParameterGroupName": "eccube", | |
"Engine": "mysql", | |
"EngineVersion": "5.5.23", | |
"MasterUsername": {"Ref":"DBUser"}, | |
"MasterUserPassword": {"Ref":"DBPass"}, | |
"Port": "3306", | |
"PreferredBackupWindow": {"Ref":"BackupWindow"}, | |
"PreferredMaintenanceWindow": "thu:19:30-thu:20:00", | |
"DBSecurityGroups": [{"Ref": "dbsgdefault"}], | |
"DBSubnetGroupName" : { "Ref" : "MyDBSubnetGroup" } | |
}}, | |
"MyDBSubnetGroup" : { | |
"Type" : "AWS::RDS::DBSubnetGroup", | |
"Properties" : { | |
"DBSubnetGroupDescription" : "Subnets available for the RDS DB Instance", | |
"SubnetIds" : [ | |
{ "Fn::GetAtt" :["vpcMake", "Outputs.RDSSubnetAId"] }, | |
{ "Fn::GetAtt" :["vpcMake", "Outputs.RDSSubnetBId"] } | |
] | |
} | |
}, | |
"dbsgdefault": { | |
"Type": "AWS::RDS::DBSecurityGroup", | |
"Properties":{ | |
"GroupDescription": "RDS security group in private", | |
"EC2VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"DBSecurityGroupIngress": [{ | |
"CIDRIP": "10.1.20.0/23" | |
} ] | |
} | |
}, | |
"SSSubnetA" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"CidrBlock" : "10.1.200.0/24", | |
"AvailabilityZone" : "ap-northeast-1a"}}, | |
"SSSubnetB" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"CidrBlock" : "10.1.201.0/24", | |
"AvailabilityZone" : "ap-northeast-1b"}}, | |
"SSRouteTable" : { | |
"Type" : "AWS::EC2::RouteTable", | |
"Properties" : { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "SS(fumidai)" } | |
]}}, | |
"SSSubnetRouteTableAssociationSSA" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "SSSubnetA" }, | |
"RouteTableId" : { "Ref" : "SSRouteTable" } | |
}}, | |
"SSSubnetRouteTableAssociationSSB" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "SSSubnetB" }, | |
"RouteTableId" : { "Ref" : "SSRouteTable" } | |
}}, | |
"SSNetworkAcl" : { | |
"Type" : "AWS::EC2::NetworkAcl", | |
"Properties" : { | |
"VpcId" : { "Fn::GetAtt" :["vpcMake", "Outputs.VPCID"] }, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "SS(fumidai)" } | |
]}}, | |
"InboundSSNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "SSNetworkAcl"}, | |
"RuleNumber" : "100", | |
"Protocol" : "-1", | |
"RuleAction" : "allow", | |
"Egress" : "false", | |
"CidrBlock" : "10.10.0.0/16" | |
}}, | |
"OutBoundSSNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "SSNetworkAcl"}, | |
"RuleNumber" : "100", | |
"Protocol" : "-1", | |
"RuleAction" : "allow", | |
"Egress" : "true", | |
"CidrBlock" : "10.10.0.0/16" | |
}}, | |
"SSSubnetNetworkAclAssociationA" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "SSSubnetA" }, | |
"NetworkAclId" : { "Ref" : "SSNetworkAcl" } | |
}}, | |
"SSSubnetNetworkAclAssociationB" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "SSSubnetB" }, | |
"NetworkAclId" : { "Ref" : "SSNetworkAcl" } | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion" : "2010-09-09", | |
"Description" : "VPC and VPC with VPN subnet making for cdpshop", | |
"Resources" : { | |
"VPC" : { | |
"Type" : "AWS::EC2::VPC", | |
"Properties" : { | |
"CidrBlock" : "10.1.0.0/16", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Public" } | |
]}}, | |
"AttachGateway" : { | |
"Type" : "AWS::EC2::VPCGatewayAttachment", | |
"Properties" : { | |
"VpcId" : {"Ref" : "VPC"}, | |
"InternetGatewayId" : {"Ref" : "InternetGateway"} | |
}}, | |
"ELBSubnetA" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.10.0/24", | |
"AvailabilityZone" : "ap-northeast-1a", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Public" } | |
]}}, | |
"ELBSubnetB" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.11.0/24", | |
"AvailabilityZone" : "ap-northeast-1b", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Public" } | |
]}}, | |
"InternetGateway" : { | |
"Type" : "AWS::EC2::InternetGateway", | |
"Properties" : { | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Public" } | |
]}}, | |
"PublicRouteTable" : { | |
"Type" : "AWS::EC2::RouteTable", | |
"Properties" : { | |
"VpcId" : {"Ref" : "VPC"}, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Public" } | |
]}}, | |
"PublicRoute" : { | |
"Type" : "AWS::EC2::Route", | |
"Properties" : { | |
"RouteTableId" : { "Ref" : "PublicRouteTable" }, | |
"DestinationCidrBlock" : "0.0.0.0/0", | |
"GatewayId" : { "Ref" : "InternetGateway" } | |
}}, | |
"PublicSubnetRouteTableAssociationElbA" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ELBSubnetA" }, | |
"RouteTableId" : { "Ref" : "PublicRouteTable" } | |
}}, | |
"PublicSubnetRouteTableAssociationElbB" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ELBSubnetB" }, | |
"RouteTableId" : { "Ref" : "PublicRouteTable" } | |
}}, | |
"PublicNetworkAcl" : { | |
"Type" : "AWS::EC2::NetworkAcl", | |
"Properties" : { | |
"VpcId" : {"Ref" : "VPC"}, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Public" } | |
]}}, | |
"InboundSSHPublicNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PublicNetworkAcl"}, | |
"RuleNumber" : "10", | |
"Protocol" : "6", | |
"RuleAction" : "allow", | |
"Egress" : "false", | |
"CidrBlock" : "0.0.0.0/0", | |
"PortRange" : {"From" : "22", "To" : "22"} | |
} | |
}, | |
"InboundHTTPPublicNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PublicNetworkAcl"}, | |
"RuleNumber" : "20", | |
"Protocol" : "6", | |
"RuleAction" : "allow", | |
"Egress" : "false", | |
"CidrBlock" : "0.0.0.0/0", | |
"PortRange" : {"From" : "80", "To" : "80"} | |
}}, | |
"InboundDynamicPortsPublicNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PublicNetworkAcl"}, | |
"RuleNumber" : "50", | |
"Protocol" : "6", | |
"RuleAction" : "allow", | |
"Egress" : "false", | |
"CidrBlock" : "0.0.0.0/0", | |
"PortRange" : {"From" : "1024", "To" : "65535"} | |
} | |
}, | |
"OutboundHTTPPublicNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PublicNetworkAcl"}, | |
"RuleNumber" : "20", | |
"Protocol" : "6", | |
"RuleAction" : "allow", | |
"Egress" : "true", | |
"CidrBlock" : "0.0.0.0/0", | |
"PortRange" : {"From" : "80", "To" : "80"} | |
}}, | |
"OutBoundDynamicPortPublicNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PublicNetworkAcl"}, | |
"RuleNumber" : "50", | |
"Protocol" : "6", | |
"RuleAction" : "allow", | |
"Egress" : "true", | |
"CidrBlock" : "0.0.0.0/0", | |
"PortRange" : {"From" : "1024", "To" : "65535"} | |
}}, | |
"PublicSubnetNetworkAclAssociationElbA" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ELBSubnetA" }, | |
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" } | |
}}, | |
"PublicSubnetNetworkAclAssociationElbB" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ELBSubnetB" }, | |
"NetworkAclId" : { "Ref" : "PublicNetworkAcl" } | |
}}, | |
"ECSubnetA" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.20.0/24", | |
"AvailabilityZone" : "ap-northeast-1a", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private" } | |
]}}, | |
"ECSubnetB" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.21.0/24", | |
"AvailabilityZone" : "ap-northeast-1b", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private" } | |
]}}, | |
"RDSSubnetA" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.30.0/24", | |
"AvailabilityZone" : "ap-northeast-1a", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private" } | |
]}}, | |
"RDSSubnetB" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.31.0/24", | |
"AvailabilityZone" : "ap-northeast-1b", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private" } | |
]}}, | |
"LogSubnetB" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.241.0/24", | |
"AvailabilityZone" : "ap-northeast-1b", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Log" } | |
]}}, | |
"WatchSubnetB" : { | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : "10.1.251.0/24", | |
"AvailabilityZone" : "ap-northeast-1b", | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Watch" } | |
]}}, | |
"PrivateRouteTable" : { | |
"Type" : "AWS::EC2::RouteTable", | |
"Properties" : { | |
"VpcId" : {"Ref" : "VPC"}, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private" } | |
]}}, | |
"PrivateSubnetRouteTableAssociationA" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ECSubnetA" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
}}, | |
"PrivateSubnetRouteTableAssociationB" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ECSubnetB" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
}}, | |
"PrivateSubnetRouteTableAssociationRDSA" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "RDSSubnetA" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
}}, | |
"PrivateSubnetRouteTableAssociationRDSB" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "RDSSubnetB" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
}}, | |
"PrivateSubnetRouteTableAssociationLogB" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "LogSubnetB" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
}}, | |
"PrivateSubnetRouteTableAssociationWatchB" : { | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "WatchSubnetB" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
}}, | |
"PrivateNetworkAcl" : { | |
"Type" : "AWS::EC2::NetworkAcl", | |
"Properties" : { | |
"VpcId" : {"Ref" : "VPC"}, | |
"Tags" : [ | |
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackName"} }, | |
{"Key" : "Network", "Value" : "Private" } | |
]}}, | |
"InboundPrivateNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PrivateNetworkAcl"}, | |
"RuleNumber" : "100", | |
"Protocol" : "-1", | |
"RuleAction" : "allow", | |
"Egress" : "false", | |
"CidrBlock" : "10.1.0.0/16" | |
}}, | |
"OutBoundPrivateNetworkAclEntry" : { | |
"Type" : "AWS::EC2::NetworkAclEntry", | |
"Properties" : { | |
"NetworkAclId" : {"Ref" : "PrivateNetworkAcl"}, | |
"RuleNumber" : "100", | |
"Protocol" : "-1", | |
"RuleAction" : "allow", | |
"Egress" : "true", | |
"CidrBlock" : "10.1.0.0/16" | |
}}, | |
"PrivateSubnetNetworkAclAssociationA" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ECSubnetA" }, | |
"NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } | |
}}, | |
"PrivateSubnetNetworkAclAssociationB" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "ECSubnetB" }, | |
"NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } | |
}}, | |
"PrivateSubnetNetworkAclAssociationRDSA" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "RDSSubnetA" }, | |
"NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } | |
}}, | |
"PrivateSubnetNetworkAclAssociationRDSB" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "RDSSubnetB" }, | |
"NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } | |
}}, | |
"PrivateSubnetNetworkAclAssociationLogB" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "LogSubnetB" }, | |
"NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } | |
}}, | |
"PrivateSubnetNetworkAclAssociationWatchB" : { | |
"Type" : "AWS::EC2::SubnetNetworkAclAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "WatchSubnetB" }, | |
"NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } | |
} | |
} | |
}, | |
"Outputs":{ | |
"ELBSubnetAId":{ | |
"Value":{"Ref": "ELBSubnetA"}, | |
"Description":"Id of ELBSubnetA" | |
}, | |
"ELBSubnetBId":{ | |
"Value":{"Ref": "ELBSubnetB"}, | |
"Description":"Id of ELBSubnetB" | |
}, | |
"ECSubnetAId":{ | |
"Value":{"Ref": "ECSubnetA"}, | |
"Description":"Id of ECSubnetA" | |
}, | |
"ECSubnetBId":{ | |
"Value":{"Ref": "ECSubnetB"}, | |
"Description":"Id of ECSubnetB" | |
}, | |
"RDSSubnetAId":{ | |
"Value":{"Ref": "RDSSubnetA"}, | |
"Description":"Id of RDSSubnetA" | |
}, | |
"RDSSubnetBId":{ | |
"Value":{"Ref": "RDSSubnetB"}, | |
"Description":"Id of RDSSubnetB" | |
}, | |
"LogSubnetBId":{ | |
"Value":{"Ref": "LogSubnetB"}, | |
"Description":"Id of LogSubnetB" | |
}, | |
"WatchSubnetBId":{ | |
"Value":{"Ref": "WatchSubnetB"}, | |
"Description":"Id of WatchSubnetB" | |
}, | |
"VPCID":{ | |
"Value":{ "Ref" : "VPC" }, | |
"Description":"Id of VPC" | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment