Skip to content

Instantly share code, notes, and snippets.

@klang
Last active Feb 5, 2021
Embed
What would you like to do?
simple vpc with a windows instance
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
VPCCIDR:
Type: String
Description: VPC address range
Default: 10.15.0.0/16
PublicSubnetCIDR:
Type: String
Description: Public Subnet in VPC
Default: 10.15.1.0/24
CompanyWANIP:
Type: String
Description: Company WANIP - Format x.x.x.x/32
Default: 162.158.134.60/32
Resources:
## Infrastructure. VPC, Subnet, InternetGateway, Routes
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VPCCIDR
InstanceTenancy: default
Tags:
- Key: Name
Value: Simple VPC
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PublicSubnetCIDR
Tags:
- Key: Name
Value: Public
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: Simple VPC
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public
RouteAttachment:
Type: AWS::EC2::Route
DependsOn:
- InternetGatewayAttachment
- RouteTable
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
VPCRouteSubnet:
Type: AWS::EC2::SubnetRouteTableAssociation
DependsOn: RouteTable
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref PublicSubnet
## security groups
HTTPSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: http-access-form-everywhere
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
RDPSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupName: "Basic RDP access from the office"
GroupDescription: RDP-from-office
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3389
ToPort: 3389
CidrIp: !Ref CompanyWANIP
WindowsInstance:
Type: "AWS::EC2::Instance"
Properties:
ImageId: "ami-0a262e3ac12949132"
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: Windows Server
InstanceType: "t3.medium"
Tenancy: "default"
Monitoring: true
DisableApiTermination: false
InstanceInitiatedShutdownBehavior: "stop"
CreditSpecification:
CPUCredits: "unlimited"
EbsOptimized: true
BlockDeviceMappings:
-
DeviceName: "/dev/sda1"
Ebs:
VolumeSize: 80
DeleteOnTermination: true
VolumeType: "gp2"
NetworkInterfaces:
-
DeviceIndex: 0
Description: "Primary network interface"
AssociatePublicIpAddress: true
DeleteOnTermination: true
SubnetId: !Ref PublicSubnet
Ipv6AddressCount: 0
GroupSet:
- !Ref HTTPSecurityGroup
- !Ref RDPSecurityGroup
SSMInstanceRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${AWS::StackName}-SSMInstanceProfile"
Path: "/"
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
SSMInstanceProfile:
# it takes wierdly long time to create this resource.
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref SSMInstanceRole
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple VPC with one public subnet and one instance"
Parameters:
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
VPCCIDR:
Type: String
Description: VPC address range
Default: 10.15.0.0/16
PublicSubnetCIDR:
Type: String
Description: Public Subnet in VPC
Default: 10.15.1.0/24
CompanyWANIP:
Type: String
Description: Company WANIP - Format x.x.x.x/32
Default: 162.158.134.60/32
Resources:
## Infrastructure. VPC, Subnet, InternetGateway, Routes
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VPCCIDR
InstanceTenancy: default
Tags:
- Key: Name
Value: Simple VPC
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PublicSubnetCIDR
Tags:
- Key: Name
Value: Public
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: Simple VPC
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public
RouteAttachment:
Type: AWS::EC2::Route
DependsOn:
- InternetGatewayAttachment
- RouteTable
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway
VPCRouteSubnet:
Type: AWS::EC2::SubnetRouteTableAssociation
DependsOn: RouteTable
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref PublicSubnet
## security groups
RDPSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupName: "Basic RDP access from the office"
GroupDescription: RDP-from-office
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: "-1"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 3389
ToPort: 3389
CidrIp: !Ref CompanyWANIP
WindowsInstance:
Type: "AWS::EC2::Instance"
Properties:
ImageId: "ami-0a174bb076b94a327"
KeyName: !Ref KeyName
Tags:
- Key: Name
Value: Windows Server
InstanceType: "t3.medium"
Tenancy: "default"
Monitoring: true
DisableApiTermination: false
InstanceInitiatedShutdownBehavior: "stop"
CreditSpecification:
CPUCredits: "unlimited"
EbsOptimized: true
BlockDeviceMappings:
-
DeviceName: "/dev/sda1"
Ebs:
VolumeSize: 80
DeleteOnTermination: true
VolumeType: "gp2"
NetworkInterfaces:
-
DeviceIndex: 0
Description: "Primary network interface"
AssociatePublicIpAddress: true
DeleteOnTermination: true
SubnetId: !Ref PublicSubnet
Ipv6AddressCount: 0
GroupSet:
- !Ref RDPSecurityGroup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment