Skip to content

Instantly share code, notes, and snippets.

@mshick
Created March 4, 2024 21:27
Show Gist options
  • Save mshick/00249587365da164a2672603da2fc042 to your computer and use it in GitHub Desktop.
Save mshick/00249587365da164a2672603da2fc042 to your computer and use it in GitHub Desktop.
vpc
{
"Resources": {
"Vpc8378EB38": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/Resource"
}
},
"VpcPublicSubnetSubnet1SubnetC1C3749F": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-1a",
"CidrBlock": "10.0.0.0/24",
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "PublicSubnet"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
},
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1/Subnet"
}
},
"VpcPublicSubnetSubnet1RouteTable54741E8C": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1/RouteTable"
}
},
"VpcPublicSubnetSubnet1RouteTableAssociation12F076E3": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "VpcPublicSubnetSubnet1RouteTable54741E8C"
},
"SubnetId": {
"Ref": "VpcPublicSubnetSubnet1SubnetC1C3749F"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1/RouteTableAssociation"
}
},
"VpcPublicSubnetSubnet1DefaultRoute8657BB78": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "VpcIGWD7BA715C"
},
"RouteTableId": {
"Ref": "VpcPublicSubnetSubnet1RouteTable54741E8C"
}
},
"DependsOn": [
"VpcVPCGWBF912B6E"
],
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1/DefaultRoute"
}
},
"VpcPublicSubnetSubnet1EIP2A6702E7": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1/EIP"
}
},
"VpcPublicSubnetSubnet1NATGateway74B4EB81": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"VpcPublicSubnetSubnet1EIP2A6702E7",
"AllocationId"
]
},
"SubnetId": {
"Ref": "VpcPublicSubnetSubnet1SubnetC1C3749F"
},
"Tags": [
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1"
}
]
},
"DependsOn": [
"VpcPublicSubnetSubnet1DefaultRoute8657BB78",
"VpcPublicSubnetSubnet1RouteTableAssociation12F076E3"
],
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PublicSubnetSubnet1/NATGateway"
}
},
"VpcPrivateSubnetSubnet1SubnetBF616886": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-1a",
"CidrBlock": "10.0.1.0/24",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "PrivateSubnet"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Isolated"
},
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc/PrivateSubnetSubnet1"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PrivateSubnetSubnet1/Subnet"
}
},
"VpcPrivateSubnetSubnet1RouteTable955CF273": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc/PrivateSubnetSubnet1"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PrivateSubnetSubnet1/RouteTable"
}
},
"VpcPrivateSubnetSubnet1RouteTableAssociation8FCC9B9E": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "VpcPrivateSubnetSubnet1RouteTable955CF273"
},
"SubnetId": {
"Ref": "VpcPrivateSubnetSubnet1SubnetBF616886"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/PrivateSubnetSubnet1/RouteTableAssociation"
}
},
"VpcIGWD7BA715C": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "ts--dev--us-east-1--vpc/Vpc"
}
]
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/IGW"
}
},
"VpcVPCGWBF912B6E": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "VpcIGWD7BA715C"
},
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/VPCGW"
}
},
"VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": {
"Type": "Custom::VpcRestrictDefaultSG",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E",
"Arn"
]
},
"DefaultSecurityGroupId": {
"Fn::GetAtt": [
"Vpc8378EB38",
"DefaultSecurityGroup"
]
},
"Account": "590044319366"
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Vpc/RestrictDefaultSecurityGroupCustomResource/Default"
}
},
"CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
]
},
"ManagedPolicyArns": [
{
"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
],
"Policies": [
{
"PolicyName": "Inline",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:ec2:us-east-1:590044319366:security-group/",
{
"Fn::GetAtt": [
"Vpc8378EB38",
"DefaultSecurityGroup"
]
}
]
]
}
]
}
]
}
}
]
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role"
}
},
"CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": "cdk-hnb659fds-assets-590044319366-us-east-1",
"S3Key": "dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e.zip"
},
"Timeout": 900,
"MemorySize": 128,
"Handler": "__entrypoint__.handler",
"Role": {
"Fn::GetAtt": [
"CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0",
"Arn"
]
},
"Runtime": "nodejs18.x",
"Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group"
},
"DependsOn": [
"CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0"
],
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler",
"aws:asset:path": "asset.dd5711540f04e06aa955d7f4862fc04e8cdea464cb590dae91ed2976bb78098e",
"aws:asset:property": "Code"
}
},
"RedisSecurityGroupB05951F6": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "ts--dev--us-east-1--vpc/RedisSecurityGroup",
"GroupName": "ts--dev--redis-security-group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
},
{
"CidrIpv6": "::/0",
"Description": "Allow all outbound ipv6 traffic by default",
"IpProtocol": "-1"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/RedisSecurityGroup/Resource"
}
},
"RedisSecurityGroupfromtsdevuseast1vpcLambdaSecurityGroup8A7BB36A63794C87AD23": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"Description": "Allow Lambda functions to connect to Redis",
"FromPort": 6379,
"GroupId": {
"Fn::GetAtt": [
"RedisSecurityGroupB05951F6",
"GroupId"
]
},
"IpProtocol": "tcp",
"SourceSecurityGroupId": {
"Fn::GetAtt": [
"LambdaSecurityGroup0BD9FC99",
"GroupId"
]
},
"ToPort": 6379
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/RedisSecurityGroup/from tsdevuseast1vpcLambdaSecurityGroup8A7BB36A:6379"
}
},
"LambdaSecurityGroup0BD9FC99": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "ts--dev--us-east-1--vpc/LambdaSecurityGroup",
"GroupName": "ts--dev--lambda-security-group",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "Allow all outbound traffic by default",
"IpProtocol": "-1"
},
{
"CidrIpv6": "::/0",
"Description": "Allow all outbound ipv6 traffic by default",
"IpProtocol": "-1"
}
],
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "from 0.0.0.0/0:443",
"FromPort": 443,
"IpProtocol": "tcp",
"ToPort": 443
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/LambdaSecurityGroup/Resource"
}
},
"ParameterOutputVpcVpcArn1E2D412C": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Name": "/ts/dev/default/resources/vpc/vpcArn",
"Type": "String",
"Value": {
"Fn::Join": [
"",
[
"arn:aws:ec2:us-east-1:590044319366:vpc/",
{
"Ref": "Vpc8378EB38"
}
]
]
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/ParameterOutputVpcVpcArn/Resource"
}
},
"ParameterOutputVpcVpcId9C486FE0": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Name": "/ts/dev/default/resources/vpc/vpcId",
"Type": "String",
"Value": {
"Ref": "Vpc8378EB38"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/ParameterOutputVpcVpcId/Resource"
}
},
"ParameterOutputVpcPrivateSubnetIds1548AE4E": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Name": "/ts/dev/default/resources/vpc/privateSubnetIds",
"Type": "StringList",
"Value": {
"Ref": "VpcPrivateSubnetSubnet1SubnetBF616886"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/ParameterOutputVpcPrivateSubnetIds/Resource"
}
},
"ParameterOutputVpcPublicSubnetIds953E15D5": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Name": "/ts/dev/default/resources/vpc/publicSubnetIds",
"Type": "StringList",
"Value": {
"Ref": "VpcPublicSubnetSubnet1SubnetC1C3749F"
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/ParameterOutputVpcPublicSubnetIds/Resource"
}
},
"ParameterOutputVpcSecurityGroupsRedisSecurityGroupId2B904B68": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Name": "/ts/dev/default/resources/vpc/securityGroups/redis/securityGroupId",
"Type": "String",
"Value": {
"Fn::GetAtt": [
"RedisSecurityGroupB05951F6",
"GroupId"
]
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/ParameterOutputVpcSecurityGroupsRedisSecurityGroupId/Resource"
}
},
"ParameterOutputVpcSecurityGroupsLambdaSecurityGroupIdA2588D26": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Name": "/ts/dev/default/resources/vpc/securityGroups/lambda/securityGroupId",
"Type": "String",
"Value": {
"Fn::GetAtt": [
"LambdaSecurityGroup0BD9FC99",
"GroupId"
]
}
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/ParameterOutputVpcSecurityGroupsLambdaSecurityGroupId/Resource"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Analytics": "v2:deflate64:H4sIAAAAAAAA/32PQWuDQBCFf0vu6zZ6So9WShBKES25lnGd2El0N+zMKkH878Va4qk9vXnfPIY3iY6Tg97vYOTINNeoo1pPlYC5Khj5c0KT6Ol0Myo721ORqSLUHZkq1BZlYdtUuiD4AXWHG99YyuwMgZCzj/AyvObFIu8gRxAc4a4KTwMIbodzK+gtPgJrk1+XioD56tGKqtAET3I/ehduPx3+BbltPTLPirlfXvZk2wI89Cjol/Rm1uUbsTzYPKsS2QVvUGWBxfWbPds/VoV3AzXoX4BRpcwolUBLtp2VdQ3qCz8N8UHHz3q/uzBR5IMV6lGXq34Dne1+L60BAAA="
},
"Metadata": {
"aws:cdk:path": "ts--dev--us-east-1--vpc/CDKMetadata/Default"
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment