Last active
July 31, 2018 06:46
-
-
Save atedja/88359b963d05d0473debe24d070ec9c9 to your computer and use it in GitHub Desktop.
CloudFormation to create a VPC with Public/Private Subnets and SSH/HTTPS Security Groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Resources: | |
VPC: | |
Type: "AWS::EC2::VPC" | |
Properties: | |
CidrBlock: "10.0.0.0/16" | |
EnableDnsSupport: true | |
EnableDnsHostnames: true | |
InstanceTenancy: default | |
Tags: | |
- Key: Name | |
Value: TestVPC | |
# Create the subnets | |
PublicSubnetA: | |
Type: "AWS::EC2::Subnet" | |
Properties: | |
AvailabilityZone: "us-east-1a" | |
VpcId: !Ref VPC | |
CidrBlock: "10.0.0.0/20" | |
MapPublicIpOnLaunch: true | |
Tags: | |
- Key: Name | |
Value: Public Subnet A | |
PrivateSubnetA: | |
Type: "AWS::EC2::Subnet" | |
Properties: | |
AvailabilityZone: "us-east-1a" | |
VpcId: !Ref VPC | |
CidrBlock: "10.0.16.0/20" | |
MapPublicIpOnLaunch: false | |
Tags: | |
- Key: Name | |
Value: Private Subnet A | |
PublicSubnetB: | |
Type: "AWS::EC2::Subnet" | |
Properties: | |
AvailabilityZone: "us-east-1b" | |
VpcId: !Ref VPC | |
CidrBlock: "10.0.32.0/20" | |
MapPublicIpOnLaunch: true | |
Tags: | |
- Key: Name | |
Value: Public Subnet B | |
PrivateSubnetB: | |
Type: "AWS::EC2::Subnet" | |
Properties: | |
AvailabilityZone: "us-east-1b" | |
VpcId: !Ref VPC | |
CidrBlock: "10.0.64.0/20" | |
MapPublicIpOnLaunch: false | |
Tags: | |
- Key: Name | |
Value: Private Subnet B | |
# Public Subnet Gateway using Internet Gateway | |
InternetGateway: | |
Type: "AWS::EC2::InternetGateway" | |
VPCGatewayAttachment: | |
Type: "AWS::EC2::VPCGatewayAttachment" | |
Properties: | |
VpcId: !Ref VPC | |
InternetGatewayId: !Ref InternetGateway | |
PublicRouteTable: | |
Type: "AWS::EC2::RouteTable" | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: Public Subnets Route Table | |
PublicInternetRoute: | |
Type: "AWS::EC2::Route" | |
Properties: | |
DestinationCidrBlock: "0.0.0.0/0" | |
GatewayId: !Ref InternetGateway | |
RouteTableId: !Ref PublicRouteTable | |
# Public Subnet - RouteTables Associations | |
PublicSubnetAAssociation: | |
Type: "AWS::EC2::SubnetRouteTableAssociation" | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
SubnetId: !Ref PublicSubnetA | |
PublicSubnetBAssociation: | |
Type: "AWS::EC2::SubnetRouteTableAssociation" | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
SubnetId: !Ref PublicSubnetB | |
# Private Subnet Gateway using NAT | |
NatGatewayElasticIP: | |
Type: "AWS::EC2::EIP" | |
Properties: | |
Domain: vpc | |
NatGateway: | |
Type: "AWS::EC2::NatGateway" | |
Properties: | |
AllocationId: !GetAtt NatGatewayElasticIP.AllocationId | |
SubnetId: !Ref PublicSubnetA | |
PrivateRouteTable: | |
Type: "AWS::EC2::RouteTable" | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: Private Subnets Route Table | |
PrivateInternetRoute: | |
Type: "AWS::EC2::Route" | |
Properties: | |
DestinationCidrBlock: "0.0.0.0/0" | |
NatGatewayId: !Ref NatGateway | |
RouteTableId: !Ref PrivateRouteTable | |
# Private Subnet - RouteTables Associations | |
PrivateSubnetAAssociation: | |
Type: "AWS::EC2::SubnetRouteTableAssociation" | |
Properties: | |
RouteTableId: !Ref PrivateRouteTable | |
SubnetId: !Ref PrivateSubnetA | |
PrivateSubnetBAssociation: | |
Type: "AWS::EC2::SubnetRouteTableAssociation" | |
Properties: | |
RouteTableId: !Ref PrivateRouteTable | |
SubnetId: !Ref PrivateSubnetB | |
# Security Groups | |
PrivateSSHSecurityGroup: | |
Type: "AWS::EC2::SecurityGroup" | |
Properties: | |
GroupName: "Private SSH" | |
GroupDescription: "SSH from within VPC" | |
VpcId: !Ref VPC | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 22 | |
ToPort: 22 | |
CidrIp: "10.0.0.0/16" | |
PrivateHTTPSSecurityGroup: | |
Type: "AWS::EC2::SecurityGroup" | |
Properties: | |
GroupName: "Private HTTPS" | |
GroupDescription: "Private HTTP/S Traffic from within VPC" | |
VpcId: !Ref VPC | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 80 | |
ToPort: 80 | |
CidrIp: "10.0.0.0/16" | |
- IpProtocol: tcp | |
FromPort: 443 | |
ToPort: 443 | |
CidrIp: "10.0.0.0/16" | |
PublicHTTPSecurityGroup: | |
Type: "AWS::EC2::SecurityGroup" | |
Properties: | |
GroupName: "Public HTTPS" | |
GroupDescription: "Public HTTP/S Access" | |
VpcId: !Ref VPC | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 80 | |
ToPort: 80 | |
CidrIp: "0.0.0.0/0" | |
- IpProtocol: tcp | |
FromPort: 443 | |
ToPort: 443 | |
CidrIp: "0.0.0.0/0" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment