| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)", | |
| "Parameters" : { | |
| "KeyPairName" : { | |
| "Description" : "Name of an existing EC2 KeyPair (find or create here: https://console.aws.amazon.com/ec2/v2/home#KeyPairs: )", | |
| "Type" : "String", | |
| "MinLength": "1", | |
| "MaxLength": "64", | |
| "AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
| "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
| }, | |
| "ServerAccess" : { | |
| "Description" : "CIDR IP range allowed to login to the NAT instance", | |
| "Type" : "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default" : "0.0.0.0/0", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "VpcCidr": { | |
| "Description": "CIDR IP range for the Vpc", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "10.44.0.0/16", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "PublicSubnetCidr": { | |
| "Description": "CIDR IP range for the PublicSubnet", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "10.44.0.0/24", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "PrivateSubnetCidr": { | |
| "Description": "CIDR IP range for the PrivateSubnet", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "10.44.1.0/24", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| } | |
| }, | |
| "Mappings" : { | |
| "SubnetConfig" : { | |
| "VPC" : { "CIDR" : { "Ref" : "VpcCidr" } }, | |
| "Public" : { "CIDR" : { "Ref" : "PublicSubnetCidr" } }, | |
| "Private" : { "CIDR" : { "Ref" : "PrivateSubnetCidr" } } | |
| }, | |
| "NatRegionMap" : { | |
| "us-east-1" : { "AMI" : "ami-184dc970" }, | |
| "us-west-1" : { "AMI" : "ami-a98396ec" }, | |
| "us-west-2" : { "AMI" : "ami-290f4119" }, | |
| "eu-west-1" : { "AMI" : "ami-14913f63" }, | |
| "eu-central-1" : { "AMI" : "ami-ae380eb3" }, | |
| "sa-east-1" : { "AMI" : "ami-8122969c" }, | |
| "ap-southeast-1" : { "AMI" : "ami-6aa38238" }, | |
| "ap-southeast-2" : { "AMI" : "ami-893f53b3" }, | |
| "ap-northeast-1" : { "AMI" : "ami-27d6e626" } | |
| } | |
| }, | |
| "Resources" : { | |
| "VPC" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" }, | |
| { "Key" : "Name", "Value" : "NAT VPC" } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" }, | |
| { "Key" : "Name", "Value" : "Public Subnet" } | |
| ] | |
| } | |
| }, | |
| "InternetGateway" : { | |
| "Type" : "AWS::EC2::InternetGateway", | |
| "Properties" : { | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" } | |
| ] | |
| } | |
| }, | |
| "GatewayToInternet" : { | |
| "DependsOn" : ["VPC", "InternetGateway"], | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "InternetGatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicRouteTable" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" } | |
| ] | |
| } | |
| }, | |
| "PublicRoute" : { | |
| "DependsOn" : ["PublicRouteTable", "InternetGateway"], | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "GatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicSubnetRouteTableAssociation" : { | |
| "DependsOn" : ["PublicSubnet", "PublicRouteTable"], | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PublicSubnet" }, | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" } | |
| } | |
| }, | |
| "PrivateSubnet" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Private" }, | |
| { "Key" : "Name", "Value" : "Private Subnet" } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Private" } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnetRouteTableAssociation" : { | |
| "DependsOn" : ["PrivateSubnet", "PrivateRouteTable"], | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PrivateSubnet" }, | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
| } | |
| }, | |
| "NatSecurityGroup" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "NAT Security Group", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "SecurityGroupIngress" : [{ | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "22", | |
| "ToPort" : "22", | |
| "CidrIp" : { "Ref" : "ServerAccess" } | |
| },{ | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "3389", | |
| "ToPort" : "3389", | |
| "CidrIp" : { "Ref" : "ServerAccess" } | |
| }], | |
| "Tags" : [ | |
| { "Key" : "Name", "Value" : "NAT Security Group" } | |
| ] | |
| } | |
| }, | |
| "NatSecurityGroupIngress1" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "icmp", | |
| "FromPort": "-1", | |
| "ToPort": "-1", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress22" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress3389" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "3389", | |
| "ToPort": "3389", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress80" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress443" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NAT" : { | |
| "DependsOn" : ["PublicSubnet", "NatSecurityGroup"], | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "InstanceType" : "t2.micro", | |
| "KeyName" : { "Ref" : "KeyPairName" }, | |
| "SourceDestCheck" : "false", | |
| "ImageId" : { "Fn::FindInMap" : [ "NatRegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
| "NetworkInterfaces" : [{ | |
| "GroupSet" : [{ "Ref" : "NatSecurityGroup" }], | |
| "AssociatePublicIpAddress" : "true", | |
| "DeviceIndex" : "0", | |
| "DeleteOnTermination" : "true", | |
| "SubnetId" : { "Ref" : "PublicSubnet" } | |
| }], | |
| "Tags" : [ | |
| { "Key" : "Name", "Value" : "NAT" } | |
| ], | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash\n", | |
| "yum update -y && yum install -y yum-cron && chkconfig yum-cron on" | |
| ]]}} | |
| } | |
| }, | |
| "PrivateRoute" : { | |
| "DependsOn" : ["PrivateRouteTable", "NAT"], | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "InstanceId" : { "Ref" : "NAT" } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "NATIP" : { | |
| "Description" : "NAT IP address", | |
| "Value" : { "Fn::GetAtt" : [ "NAT", "PublicIp" ] } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment