{ | |
"AWSTemplateFormatVersion" : "2010-09-09", | |
"Description" : "CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)", | |
"Parameters" : { | |
"KeyPairName" : { | |
"Description" : "Name of an existing EC2 KeyPair (find or create here: https://console.aws.amazon.com/ec2/v2/home#KeyPairs: )", | |
"Type" : "String", | |
"MinLength": "1", | |
"MaxLength": "64", | |
"AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
"ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
}, | |
"ServerAccess" : { | |
"Description" : "CIDR IP range allowed to login to the NAT instance", | |
"Type" : "String", | |
"MinLength": "9", | |
"MaxLength": "18", | |
"Default" : "0.0.0.0/0", | |
"AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
}, | |
"VpcCidr": { | |
"Description": "CIDR IP range for the Vpc", | |
"Type": "String", | |
"MinLength": "9", | |
"MaxLength": "18", | |
"Default": "10.44.0.0/16", | |
"AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
}, | |
"PublicSubnetCidr": { | |
"Description": "CIDR IP range for the PublicSubnet", | |
"Type": "String", | |
"MinLength": "9", | |
"MaxLength": "18", | |
"Default": "10.44.0.0/24", | |
"AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
}, | |
"PrivateSubnetCidr": { | |
"Description": "CIDR IP range for the PrivateSubnet", | |
"Type": "String", | |
"MinLength": "9", | |
"MaxLength": "18", | |
"Default": "10.44.1.0/24", | |
"AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
"ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
} | |
}, | |
"Mappings" : { | |
"SubnetConfig" : { | |
"VPC" : { "CIDR" : { "Ref" : "VpcCidr" } }, | |
"Public" : { "CIDR" : { "Ref" : "PublicSubnetCidr" } }, | |
"Private" : { "CIDR" : { "Ref" : "PrivateSubnetCidr" } } | |
}, | |
"NatRegionMap" : { | |
"us-east-1" : { "AMI" : "ami-184dc970" }, | |
"us-west-1" : { "AMI" : "ami-a98396ec" }, | |
"us-west-2" : { "AMI" : "ami-290f4119" }, | |
"eu-west-1" : { "AMI" : "ami-14913f63" }, | |
"eu-central-1" : { "AMI" : "ami-ae380eb3" }, | |
"sa-east-1" : { "AMI" : "ami-8122969c" }, | |
"ap-southeast-1" : { "AMI" : "ami-6aa38238" }, | |
"ap-southeast-2" : { "AMI" : "ami-893f53b3" }, | |
"ap-northeast-1" : { "AMI" : "ami-27d6e626" } | |
} | |
}, | |
"Resources" : { | |
"VPC" : { | |
"Type" : "AWS::EC2::VPC", | |
"Properties" : { | |
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]}, | |
"Tags" : [ | |
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
{ "Key" : "Network", "Value" : "Public" }, | |
{ "Key" : "Name", "Value" : "NAT VPC" } | |
] | |
} | |
}, | |
"PublicSubnet" : { | |
"DependsOn" : ["VPC"], | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]}, | |
"Tags" : [ | |
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
{ "Key" : "Network", "Value" : "Public" }, | |
{ "Key" : "Name", "Value" : "Public Subnet" } | |
] | |
} | |
}, | |
"InternetGateway" : { | |
"Type" : "AWS::EC2::InternetGateway", | |
"Properties" : { | |
"Tags" : [ | |
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
{ "Key" : "Network", "Value" : "Public" } | |
] | |
} | |
}, | |
"GatewayToInternet" : { | |
"DependsOn" : ["VPC", "InternetGateway"], | |
"Type" : "AWS::EC2::VPCGatewayAttachment", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"InternetGatewayId" : { "Ref" : "InternetGateway" } | |
} | |
}, | |
"PublicRouteTable" : { | |
"DependsOn" : ["VPC"], | |
"Type" : "AWS::EC2::RouteTable", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"Tags" : [ | |
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
{ "Key" : "Network", "Value" : "Public" } | |
] | |
} | |
}, | |
"PublicRoute" : { | |
"DependsOn" : ["PublicRouteTable", "InternetGateway"], | |
"Type" : "AWS::EC2::Route", | |
"Properties" : { | |
"RouteTableId" : { "Ref" : "PublicRouteTable" }, | |
"DestinationCidrBlock" : "0.0.0.0/0", | |
"GatewayId" : { "Ref" : "InternetGateway" } | |
} | |
}, | |
"PublicSubnetRouteTableAssociation" : { | |
"DependsOn" : ["PublicSubnet", "PublicRouteTable"], | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "PublicSubnet" }, | |
"RouteTableId" : { "Ref" : "PublicRouteTable" } | |
} | |
}, | |
"PrivateSubnet" : { | |
"DependsOn" : ["VPC"], | |
"Type" : "AWS::EC2::Subnet", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]}, | |
"Tags" : [ | |
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
{ "Key" : "Network", "Value" : "Private" }, | |
{ "Key" : "Name", "Value" : "Private Subnet" } | |
] | |
} | |
}, | |
"PrivateRouteTable" : { | |
"DependsOn" : ["VPC"], | |
"Type" : "AWS::EC2::RouteTable", | |
"Properties" : { | |
"VpcId" : { "Ref" : "VPC" }, | |
"Tags" : [ | |
{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
{ "Key" : "Network", "Value" : "Private" } | |
] | |
} | |
}, | |
"PrivateSubnetRouteTableAssociation" : { | |
"DependsOn" : ["PrivateSubnet", "PrivateRouteTable"], | |
"Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties" : { | |
"SubnetId" : { "Ref" : "PrivateSubnet" }, | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
} | |
}, | |
"NatSecurityGroup" : { | |
"DependsOn" : ["VPC"], | |
"Type" : "AWS::EC2::SecurityGroup", | |
"Properties" : { | |
"GroupDescription" : "NAT Security Group", | |
"VpcId" : { "Ref" : "VPC" }, | |
"SecurityGroupIngress" : [{ | |
"IpProtocol" : "tcp", | |
"FromPort" : "22", | |
"ToPort" : "22", | |
"CidrIp" : { "Ref" : "ServerAccess" } | |
},{ | |
"IpProtocol" : "tcp", | |
"FromPort" : "3389", | |
"ToPort" : "3389", | |
"CidrIp" : { "Ref" : "ServerAccess" } | |
}], | |
"Tags" : [ | |
{ "Key" : "Name", "Value" : "NAT Security Group" } | |
] | |
} | |
}, | |
"NatSecurityGroupIngress1" : { | |
"DependsOn" : ["NatSecurityGroup"], | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { "Ref": "NatSecurityGroup" }, | |
"IpProtocol": "icmp", | |
"FromPort": "-1", | |
"ToPort": "-1", | |
"SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
} | |
}, | |
"NatSecurityGroupIngress22" : { | |
"DependsOn" : ["NatSecurityGroup"], | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { "Ref": "NatSecurityGroup" }, | |
"IpProtocol": "tcp", | |
"FromPort": "22", | |
"ToPort": "22", | |
"SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
} | |
}, | |
"NatSecurityGroupIngress3389" : { | |
"DependsOn" : ["NatSecurityGroup"], | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { "Ref": "NatSecurityGroup" }, | |
"IpProtocol": "tcp", | |
"FromPort": "3389", | |
"ToPort": "3389", | |
"SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
} | |
}, | |
"NatSecurityGroupIngress80" : { | |
"DependsOn" : ["NatSecurityGroup"], | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { "Ref": "NatSecurityGroup" }, | |
"IpProtocol": "tcp", | |
"FromPort": "80", | |
"ToPort": "80", | |
"SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
} | |
}, | |
"NatSecurityGroupIngress443" : { | |
"DependsOn" : ["NatSecurityGroup"], | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { "Ref": "NatSecurityGroup" }, | |
"IpProtocol": "tcp", | |
"FromPort": "443", | |
"ToPort": "443", | |
"SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
} | |
}, | |
"NAT" : { | |
"DependsOn" : ["PublicSubnet", "NatSecurityGroup"], | |
"Type" : "AWS::EC2::Instance", | |
"Properties" : { | |
"InstanceType" : "t2.micro", | |
"KeyName" : { "Ref" : "KeyPairName" }, | |
"SourceDestCheck" : "false", | |
"ImageId" : { "Fn::FindInMap" : [ "NatRegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
"NetworkInterfaces" : [{ | |
"GroupSet" : [{ "Ref" : "NatSecurityGroup" }], | |
"AssociatePublicIpAddress" : "true", | |
"DeviceIndex" : "0", | |
"DeleteOnTermination" : "true", | |
"SubnetId" : { "Ref" : "PublicSubnet" } | |
}], | |
"Tags" : [ | |
{ "Key" : "Name", "Value" : "NAT" } | |
], | |
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
"#!/bin/bash\n", | |
"yum update -y && yum install -y yum-cron && chkconfig yum-cron on" | |
]]}} | |
} | |
}, | |
"PrivateRoute" : { | |
"DependsOn" : ["PrivateRouteTable", "NAT"], | |
"Type" : "AWS::EC2::Route", | |
"Properties" : { | |
"RouteTableId" : { "Ref" : "PrivateRouteTable" }, | |
"DestinationCidrBlock" : "0.0.0.0/0", | |
"InstanceId" : { "Ref" : "NAT" } | |
} | |
} | |
}, | |
"Outputs" : { | |
"NATIP" : { | |
"Description" : "NAT IP address", | |
"Value" : { "Fn::GetAtt" : [ "NAT", "PublicIp" ] } | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment