Created
January 26, 2021 11:22
-
-
Save inoh/dbc64d014522781fa7e810dc8c829a86 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Resources: | |
EC2VpcFFB3EF08: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: 10.0.0.0/16 | |
EnableDnsHostnames: true | |
EnableDnsSupport: true | |
InstanceTenancy: default | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/Resource | |
EC2VpcPublicSubnet1SubnetD83F3408: | |
Type: AWS::EC2::Subnet | |
Properties: | |
CidrBlock: 10.0.0.0/18 | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
AvailabilityZone: | |
Fn::Select: | |
- 0 | |
- Fn::GetAZs: "" | |
MapPublicIpOnLaunch: true | |
Tags: | |
- Key: aws-cdk:subnet-name | |
Value: Public | |
- Key: aws-cdk:subnet-type | |
Value: Public | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet1 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/Subnet | |
EC2VpcPublicSubnet1RouteTable0093FEFE: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet1 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/RouteTable | |
EC2VpcPublicSubnet1RouteTableAssociationAAFF583B: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPublicSubnet1RouteTable0093FEFE | |
SubnetId: | |
Ref: EC2VpcPublicSubnet1SubnetD83F3408 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/RouteTableAssociation | |
EC2VpcPublicSubnet1DefaultRouteE0FCD0F2: | |
Type: AWS::EC2::Route | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPublicSubnet1RouteTable0093FEFE | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: | |
Ref: EC2VpcIGW53D90023 | |
DependsOn: | |
- EC2VpcVPCGW52F9120B | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/DefaultRoute | |
EC2VpcPublicSubnet1EIP3C6B1606: | |
Type: AWS::EC2::EIP | |
Properties: | |
Domain: vpc | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet1 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/EIP | |
EC2VpcPublicSubnet1NATGateway10E37B4E: | |
Type: AWS::EC2::NatGateway | |
Properties: | |
AllocationId: | |
Fn::GetAtt: | |
- EC2VpcPublicSubnet1EIP3C6B1606 | |
- AllocationId | |
SubnetId: | |
Ref: EC2VpcPublicSubnet1SubnetD83F3408 | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet1 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/NATGateway | |
EC2VpcPublicSubnet2SubnetF81D1D02: | |
Type: AWS::EC2::Subnet | |
Properties: | |
CidrBlock: 10.0.64.0/18 | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
AvailabilityZone: | |
Fn::Select: | |
- 1 | |
- Fn::GetAZs: "" | |
MapPublicIpOnLaunch: true | |
Tags: | |
- Key: aws-cdk:subnet-name | |
Value: Public | |
- Key: aws-cdk:subnet-type | |
Value: Public | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/Subnet | |
EC2VpcPublicSubnet2RouteTable3C23AF87: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/RouteTable | |
EC2VpcPublicSubnet2RouteTableAssociation2E05B5DE: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPublicSubnet2RouteTable3C23AF87 | |
SubnetId: | |
Ref: EC2VpcPublicSubnet2SubnetF81D1D02 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/RouteTableAssociation | |
EC2VpcPublicSubnet2DefaultRoute90101A4E: | |
Type: AWS::EC2::Route | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPublicSubnet2RouteTable3C23AF87 | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: | |
Ref: EC2VpcIGW53D90023 | |
DependsOn: | |
- EC2VpcVPCGW52F9120B | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/DefaultRoute | |
EC2VpcPublicSubnet2EIP5BE9CC68: | |
Type: AWS::EC2::EIP | |
Properties: | |
Domain: vpc | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/EIP | |
EC2VpcPublicSubnet2NATGatewayBD3C35B2: | |
Type: AWS::EC2::NatGateway | |
Properties: | |
AllocationId: | |
Fn::GetAtt: | |
- EC2VpcPublicSubnet2EIP5BE9CC68 | |
- AllocationId | |
SubnetId: | |
Ref: EC2VpcPublicSubnet2SubnetF81D1D02 | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PublicSubnet2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/NATGateway | |
EC2VpcPrivateSubnet1SubnetE727E9E3: | |
Type: AWS::EC2::Subnet | |
Properties: | |
CidrBlock: 10.0.128.0/18 | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
AvailabilityZone: | |
Fn::Select: | |
- 0 | |
- Fn::GetAZs: "" | |
MapPublicIpOnLaunch: false | |
Tags: | |
- Key: aws-cdk:subnet-name | |
Value: Private | |
- Key: aws-cdk:subnet-type | |
Value: Private | |
- Key: Name | |
Value: cdksample/EC2Vpc/PrivateSubnet1 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/Subnet | |
EC2VpcPrivateSubnet1RouteTableFFDB32BE: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PrivateSubnet1 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/RouteTable | |
EC2VpcPrivateSubnet1RouteTableAssociationF63C5BA7: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPrivateSubnet1RouteTableFFDB32BE | |
SubnetId: | |
Ref: EC2VpcPrivateSubnet1SubnetE727E9E3 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/RouteTableAssociation | |
EC2VpcPrivateSubnet1DefaultRoute3C49B15F: | |
Type: AWS::EC2::Route | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPrivateSubnet1RouteTableFFDB32BE | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: | |
Ref: EC2VpcPublicSubnet1NATGateway10E37B4E | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/DefaultRoute | |
EC2VpcPrivateSubnet2SubnetBBE6BBDD: | |
Type: AWS::EC2::Subnet | |
Properties: | |
CidrBlock: 10.0.192.0/18 | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
AvailabilityZone: | |
Fn::Select: | |
- 1 | |
- Fn::GetAZs: "" | |
MapPublicIpOnLaunch: false | |
Tags: | |
- Key: aws-cdk:subnet-name | |
Value: Private | |
- Key: aws-cdk:subnet-type | |
Value: Private | |
- Key: Name | |
Value: cdksample/EC2Vpc/PrivateSubnet2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/Subnet | |
EC2VpcPrivateSubnet2RouteTable0363966E: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc/PrivateSubnet2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/RouteTable | |
EC2VpcPrivateSubnet2RouteTableAssociation62A3738C: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPrivateSubnet2RouteTable0363966E | |
SubnetId: | |
Ref: EC2VpcPrivateSubnet2SubnetBBE6BBDD | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/RouteTableAssociation | |
EC2VpcPrivateSubnet2DefaultRoute7F65CF0B: | |
Type: AWS::EC2::Route | |
Properties: | |
RouteTableId: | |
Ref: EC2VpcPrivateSubnet2RouteTable0363966E | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: | |
Ref: EC2VpcPublicSubnet2NATGatewayBD3C35B2 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/DefaultRoute | |
EC2VpcIGW53D90023: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Name | |
Value: cdksample/EC2Vpc | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/IGW | |
EC2VpcVPCGW52F9120B: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
InternetGatewayId: | |
Ref: EC2VpcIGW53D90023 | |
Metadata: | |
aws:cdk:path: cdksample/EC2Vpc/VPCGW | |
BastionInstanceSecurityGroup71C3847E: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
GroupDescription: cdksample/Bastion/Resource/InstanceSecurityGroup | |
SecurityGroupEgress: | |
- CidrIp: 0.0.0.0/0 | |
Description: Allow all outbound traffic by default | |
IpProtocol: "-1" | |
Tags: | |
- Key: Name | |
Value: BastionHost | |
VpcId: | |
Ref: EC2VpcFFB3EF08 | |
Metadata: | |
aws:cdk:path: cdksample/Bastion/Resource/InstanceSecurityGroup/Resource | |
BastionInstanceRoleD3B36EDD: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Statement: | |
- Action: sts:AssumeRole | |
Effect: Allow | |
Principal: | |
Service: | |
Fn::Join: | |
- "" | |
- - ec2. | |
- Ref: AWS::URLSuffix | |
Version: "2012-10-17" | |
Tags: | |
- Key: Name | |
Value: BastionHost | |
Metadata: | |
aws:cdk:path: cdksample/Bastion/Resource/InstanceRole/Resource | |
BastionInstanceRoleDefaultPolicy457C3156: | |
Type: AWS::IAM::Policy | |
Properties: | |
PolicyDocument: | |
Statement: | |
- Action: | |
- ssmmessages:* | |
- ssm:UpdateInstanceInformation | |
- ec2messages:* | |
Effect: Allow | |
Resource: "*" | |
Version: "2012-10-17" | |
PolicyName: BastionInstanceRoleDefaultPolicy457C3156 | |
Roles: | |
- Ref: BastionInstanceRoleD3B36EDD | |
Metadata: | |
aws:cdk:path: cdksample/Bastion/Resource/InstanceRole/DefaultPolicy/Resource | |
BastionInstanceProfile8FFAF242: | |
Type: AWS::IAM::InstanceProfile | |
Properties: | |
Roles: | |
- Ref: BastionInstanceRoleD3B36EDD | |
Metadata: | |
aws:cdk:path: cdksample/Bastion/Resource/InstanceProfile | |
Bastion6045F255: | |
Type: AWS::EC2::Instance | |
Properties: | |
AvailabilityZone: | |
Fn::Select: | |
- 0 | |
- Fn::GetAZs: "" | |
IamInstanceProfile: | |
Ref: BastionInstanceProfile8FFAF242 | |
ImageId: | |
Ref: SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter | |
InstanceType: t3.nano | |
SecurityGroupIds: | |
- Fn::GetAtt: | |
- BastionInstanceSecurityGroup71C3847E | |
- GroupId | |
SubnetId: | |
Ref: EC2VpcPrivateSubnet1SubnetE727E9E3 | |
Tags: | |
- Key: Name | |
Value: BastionHost | |
UserData: | |
Fn::Base64: >- | |
#!/bin/bash | |
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm | |
DependsOn: | |
- BastionInstanceRoleDefaultPolicy457C3156 | |
- BastionInstanceRoleD3B36EDD | |
Metadata: | |
aws:cdk:path: cdksample/Bastion/Resource/Resource | |
CDKMetadata: | |
Type: AWS::CDK::Metadata | |
Properties: | |
Modules: aws-cdk=1.86.0,@aws-cdk/assets=1.86.0,@aws-cdk/aws-apigateway=1.86.0,@aws-cdk/aws-apigatewayv2=1.86.0,@aws-cdk/aws-applicationautoscaling=1.86.0,@aws-cdk/aws-autoscaling=1.86.0,@aws-cdk/aws-autoscaling-common=1.86.0,@aws-cdk/aws-autoscaling-hooktargets=1.86.0,@aws-cdk/aws-batch=1.86.0,@aws-cdk/aws-certificatemanager=1.86.0,@aws-cdk/aws-cloudformation=1.86.0,@aws-cdk/aws-cloudfront=1.86.0,@aws-cdk/aws-cloudwatch=1.86.0,@aws-cdk/aws-codebuild=1.86.0,@aws-cdk/aws-codecommit=1.86.0,@aws-cdk/aws-codeguruprofiler=1.86.0,@aws-cdk/aws-codepipeline=1.86.0,@aws-cdk/aws-cognito=1.86.0,@aws-cdk/aws-ec2=1.86.0,@aws-cdk/aws-ecr=1.86.0,@aws-cdk/aws-ecr-assets=1.86.0,@aws-cdk/aws-ecs=1.86.0,@aws-cdk/aws-ecs-patterns=1.86.0,@aws-cdk/aws-efs=1.86.0,@aws-cdk/aws-elasticloadbalancing=1.86.0,@aws-cdk/aws-elasticloadbalancingv2=1.86.0,@aws-cdk/aws-events=1.86.0,@aws-cdk/aws-events-targets=1.86.0,@aws-cdk/aws-iam=1.86.0,@aws-cdk/aws-kinesis=1.86.0,@aws-cdk/aws-kinesisfirehose=1.86.0,@aws-cdk/aws-kms=1.86.0,@aws-cdk/aws-lambda=1.86.0,@aws-cdk/aws-logs=1.86.0,@aws-cdk/aws-route53=1.86.0,@aws-cdk/aws-route53-targets=1.86.0,@aws-cdk/aws-s3=1.86.0,@aws-cdk/aws-s3-assets=1.86.0,@aws-cdk/aws-sam=1.86.0,@aws-cdk/aws-secretsmanager=1.86.0,@aws-cdk/aws-servicediscovery=1.86.0,@aws-cdk/aws-sns=1.86.0,@aws-cdk/aws-sns-subscriptions=1.86.0,@aws-cdk/aws-sqs=1.86.0,@aws-cdk/aws-ssm=1.86.0,@aws-cdk/aws-stepfunctions=1.86.0,@aws-cdk/cloud-assembly-schema=1.86.0,@aws-cdk/core=1.86.0,@aws-cdk/custom-resources=1.86.0,@aws-cdk/cx-api=1.86.0,@aws-cdk/region-info=1.86.0,jsii-runtime=Python/3.9.0 | |
Metadata: | |
aws:cdk:path: cdksample/CDKMetadata/Default | |
Condition: CDKMetadataAvailable | |
Outputs: | |
BastionBastionHostId8F8CEB82: | |
Description: Instance ID of the bastion host. Use this to connect via SSM Session Manager | |
Value: | |
Ref: Bastion6045F255 | |
Parameters: | |
SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter: | |
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> | |
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 | |
Conditions: | |
CDKMetadataAvailable: | |
Fn::Or: | |
- Fn::Or: | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ap-east-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ap-northeast-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ap-northeast-2 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ap-south-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ap-southeast-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ap-southeast-2 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- ca-central-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- cn-north-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- cn-northwest-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- eu-central-1 | |
- Fn::Or: | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- eu-north-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- eu-west-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- eu-west-2 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- eu-west-3 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- me-south-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- sa-east-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- us-east-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- us-east-2 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- us-west-1 | |
- Fn::Equals: | |
- Ref: AWS::Region | |
- us-west-2 |
Author
inoh
commented
Jan 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment