main.yml.j2

{% import 'roles/cfn-orchestrator/templates/cfn.macros.j2' as cfn with context %}
---
AWSTemplateFormatVersion: '2010-09-09'

{{ cfn.metadata(1) }}

Description: >
  Creates a VPC with DNS and Public IPs enabled.
  Creates 4 subnets in 2 AZs (a pair of public/private subnets in each AZ).

Parameters:

  DomainSuffix:
    Description: Enter the domain suffix to add to all domain names.
    Type: String
    Default: aws.hipagesgroup.com.au
  VpcCidr:
    Description: CIDR address for the VPC to be created.
    Type: String
    Default: 10.0.0.0/16

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref VpcCidr
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-VPC }
        - { Key: Environment, Value: !Ref Environment }

{%- for segment_name, segment in segments.iteritems() %}
  {%- set segment_cidr = vpc.cidr | ipsubnet(vpc.slash, loop.index0) -%}

  {% for subnet in range(1, segment.azs + 1) %}

  {{ segment_name | title }}Subnet{{ subnet }}:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: !Select ['{{subnet - 1}}', !GetAZs]
      CidrBlock: {{ segment_cidr| ipsubnet(segment.slash, subnet - 1) }}
      VpcId: !Ref VPC
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-{{ segment_name | title }}Subnet{{ subnet }} }
        - { Key: Environment, Value: !Ref Environment }
  {% endfor -%}
{%- endfor %}

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-InternetGateway }
        - { Key: Environment, Value: !Ref Environment }

  GatewayToInternet:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  NatGateway1:
    DependsOn: GatewayToInternet
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NatGatewayEIP1.AllocationId
      SubnetId: !Ref PublicSubnet1

  NatGatewayEIP1:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

  NatGateway2:
    DependsOn: GatewayToInternet
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NatGatewayEIP2.AllocationId
      SubnetId: !Ref PublicSubnet2

  NatGatewayEIP2:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-PublicRouteTable }
        - { Key: Environment, Value: !Ref Environment }

  PrivateRouteTable1:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-PrivateRouteTable1 }
        - { Key: Environment, Value: !Ref Environment }

  PrivateRouteTable2:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-PrivateRouteTable2 }
        - { Key: Environment, Value: !Ref Environment }

  PublicRoute:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PrivateRoute1:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable1
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway1

  PrivateRoute2:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable2
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway2

  PublicSubnetRouteTableAssociation1:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable

  PublicSubnetRouteTableAssociation2:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet2
      RouteTableId: !Ref PublicRouteTable

  PrivateSubnetRouteTableAssociation1:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnet1
      RouteTableId: !Ref PrivateRouteTable1

  PrivateSubnetRouteTableAssociation2:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PrivateSubnet2
      RouteTableId: !Ref PrivateRouteTable2

  DHCPOptions:
    Type: AWS::EC2::DHCPOptions
    Properties:
      DomainName: !Sub
        - ${AWS::StackName}.${DomainSuffix}
        - { DomainSuffix: !Ref DomainSuffix}
      DomainNameServers: [ AmazonProvidedDNS ]
      Tags:
        - { Key: Name, Value: !Sub ${AWS::StackName}-DHCPOptions }
        - { Key: Environment, Value: !Ref Environment }

Outputs:
  VpcId:
    Description: VPC ID
    Value: !Ref VPC
    Export:
      Name: !Sub ${AWS::StackName}-VpcId
  PublicSubnet1:
    Description: The subnet ID to use for public servers
    Value: !Ref PublicSubnet1
    Export:
      Name: !Sub ${AWS::StackName}-PublicSubnet1
  PublicSubnet2:
    Description: The subnet ID to use for public servers
    Value: !Ref PublicSubnet2
    Export:
      Name: !Sub ${AWS::StackName}-PublicSubnet2
  PrivateSubnet1:
    Description: The subnet ID to use for private servers
    Value: !Ref PrivateSubnet1
    Export:
      Name: !Sub ${AWS::StackName}-PrivateSubnet1
  PrivateSubnet2:
    Description: The subnet ID to use for private servers
    Value: !Ref PrivateSubnet2
    Export:
      Name: !Sub ${AWS::StackName}-PrivateSubnet2
  NatGatewayEIP1:
    Description: The external IP for all private servers
    Value: !Ref NatGatewayEIP1
    Export:
      Name: !Sub ${AWS::StackName}-NatGatewayEIP1
  NatGatewayEIP2:
    Description: The external IP for all private servers
    Value: !Ref NatGatewayEIP2
    Export:
      Name: !Sub ${AWS::StackName}-NatGatewayEIP2