Last active
March 22, 2020 04:06
-
-
Save it-am/aa9380255f4aad2115198dc2a2878876 to your computer and use it in GitHub Desktop.
Create aws resources required for AWS WorkSpaces service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: AWS resources required for WorkSpaces service | |
Parameters: | |
ADName: | |
Description: AWS managed Directory Name | |
Type: String | |
Default: "corp.example.com" | |
DirAdmninPass: | |
NoEcho: true | |
Description: AD Admin Password (must not contain the word admin, and include three of these four categories lowercase, uppercase, numeric, and special characters) | |
Type: String | |
MinLength: 8 | |
MaxLength: 64 | |
VPCCIDRBlock: | |
Type: String | |
Default: "172.30.0.0/16" | |
NATSubnetA: | |
Type: String | |
Default: "172.30.254.0/24" | |
NATSubnetB: | |
Type: String | |
Default: "172.30.255.0/24" | |
PriSubnetA: | |
Type: String | |
Default: "172.30.1.0/24" | |
PriSubnetB: | |
Type: String | |
Default: "172.30.2.0/24" | |
# ADNetBIOSName: | |
# Description: Directory NetBIOS Name | |
# Type: String | |
# Default: "CORP" | |
Resources: | |
# --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- | |
# create VPC, Private and Public Subnets, InternetGateway, EIPs, NAT Gateways, RouteTables, RouteTableAssociations | |
# this portion of CloudFormation template has been generated using following script: | |
# https://medium.com/@it.melnichenko/python-script-with-troposphere-library-which-automatically-creates-cloudformation-template-for-you-98cc76ca72f3 | |
# in case you would like to modify it please feel free to use provided troposphere script ^ | |
AttachGateway: | |
Properties: | |
InternetGatewayId: !Ref 'InternetGateway' | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::VPCGatewayAttachment | |
InternetGateway: | |
Properties: | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-ig | |
Type: AWS::EC2::InternetGateway | |
MainRouteTable: | |
Properties: | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PublicRouteTable-Main | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::RouteTable | |
NATRoutePriSubnet1a: | |
DependsOn: NATa | |
Properties: | |
DestinationCidrBlock: '0.0.0.0/0' | |
NatGatewayId: !Ref 'NATa' | |
RouteTableId: !Ref 'PrivateRouteTablePriSubnet1a' | |
Type: AWS::EC2::Route | |
NATRoutePriSubnet1b: | |
DependsOn: NATb | |
Properties: | |
DestinationCidrBlock: '0.0.0.0/0' | |
NatGatewayId: !Ref 'NATb' | |
RouteTableId: !Ref 'PrivateRouteTablePriSubnet1b' | |
Type: AWS::EC2::Route | |
NATa: | |
Properties: | |
AllocationId: !GetAtt 'NatEipa.AllocationId' | |
SubnetId: !Ref 'PubSubnetNATa' | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-NATa | |
Type: AWS::EC2::NatGateway | |
NATb: | |
Properties: | |
AllocationId: !GetAtt 'NatEipb.AllocationId' | |
SubnetId: !Ref 'PubSubnetNATb' | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-NATb | |
Type: AWS::EC2::NatGateway | |
NatEipa: | |
Properties: | |
Domain: vpc | |
Type: AWS::EC2::EIP | |
NatEipb: | |
Properties: | |
Domain: vpc | |
Type: AWS::EC2::EIP | |
PriSubnet1a: | |
Properties: | |
AvailabilityZone: !Sub "${AWS::Region}a" | |
CidrBlock: !Ref PriSubnetA | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PriSubnet1a | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::Subnet | |
PriSubnet1b: | |
Properties: | |
AvailabilityZone: !Sub "${AWS::Region}b" | |
CidrBlock: !Ref PriSubnetB | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PriSubnet1b | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::Subnet | |
PrivateRouteTablePriSubnet1a: | |
Properties: | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PrivateRouteTablePriSubnet1a | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::RouteTable | |
PrivateRouteTablePriSubnet1b: | |
Properties: | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PrivateRouteTablePriSubnet1b | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::RouteTable | |
PubSubnetNATa: | |
Properties: | |
AvailabilityZone: !Sub "${AWS::Region}a" | |
CidrBlock: !Ref NATSubnetA | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PubSubnetNATa | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::Subnet | |
PubSubnetNATb: | |
Properties: | |
AvailabilityZone: !Sub "${AWS::Region}b" | |
CidrBlock: !Ref NATSubnetB | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-PubSubnetNATb | |
VpcId: !Ref 'VPC' | |
Type: AWS::EC2::Subnet | |
Route: | |
DependsOn: AttachGateway | |
Properties: | |
DestinationCidrBlock: '0.0.0.0/0' | |
GatewayId: !Ref 'InternetGateway' | |
RouteTableId: !Ref 'MainRouteTable' | |
Type: AWS::EC2::Route | |
SubnetRouteTableAssociationPriSubnet1a: | |
Properties: | |
RouteTableId: !Ref 'PrivateRouteTablePriSubnet1a' | |
SubnetId: !Ref 'PriSubnet1a' | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
SubnetRouteTableAssociationPriSubnet1b: | |
Properties: | |
RouteTableId: !Ref 'PrivateRouteTablePriSubnet1b' | |
SubnetId: !Ref 'PriSubnet1b' | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
SubnetRouteTableAssociationPubSubnetNATa: | |
Properties: | |
RouteTableId: !Ref 'MainRouteTable' | |
SubnetId: !Ref 'PubSubnetNATa' | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
SubnetRouteTableAssociationPubSubnetNATb: | |
Properties: | |
RouteTableId: !Ref 'MainRouteTable' | |
SubnetId: !Ref 'PubSubnetNATb' | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
VPC: | |
Properties: | |
CidrBlock: !Ref VPCCIDRBlock | |
Tags: | |
- Key: Application | |
Value: !Ref 'AWS::StackId' | |
- Key: Name | |
Value: workspaces-vpc | |
Type: AWS::EC2::VPC | |
# --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- | |
# create AWS managed Simple Directory | |
SimpleAD: | |
Type: AWS::DirectoryService::SimpleAD | |
Properties: | |
Name: !Ref ADName | |
Password: | |
Ref: DirAdmninPass | |
Size: Small # or Large | |
VpcSettings: | |
SubnetIds: | |
- Ref: PriSubnet1a | |
- Ref: PriSubnet1b | |
VpcId: | |
Ref: VPC | |
# # create AWS managed Microsoft Active Directory | |
# MicrosoftAD: | |
# Type: AWS::DirectoryService::MicrosoftAD | |
# Properties: | |
# Name: !Ref ADName | |
# Password: | |
# Ref: DirAdmninPass | |
# Edition: Standard # or Enterprise | |
# ShortName: | |
# Ref: ADNetBIOSName | |
# VpcSettings: | |
# SubnetIds: | |
# - Ref: PriSubnet1a | |
# - Ref: PriSubnet1b | |
# VpcId: | |
# Ref: VPC |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment