Last active
December 16, 2021 19:59
-
-
Save pjkelly/cbabf0e5617f6f2305f1696395cf905d to your computer and use it in GitHub Desktop.
Cloudformation Template for Public/Private VPC - Used to create peering connection between Lambda VPC and MongoDB Atlas, also allows public outbound traffic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| service: project-vpc | |
| variablesResolutionMode: 20210326 | |
| # Concepts From: | |
| # https://raw.githubusercontent.com/awsdocs/aws-lambda-developer-guide/main/templates/vpc-privatepublic.yaml | |
| # https://datachef.co/blog/aws-vpc-with-public-and-private-subnets/ | |
| # https://ordina-jworks.github.io/cloud/2020/02/19/Combining-MongoDB-and-AWS-Lambda.html#vpc-peering-connect-your-lambda-functions-with-your-mongodb-atlas-cluster | |
| custom: | |
| stage: ${opt:stage} | |
| region: us-east-1 | |
| platform: project | |
| vpcPeeringConnectionId: ${file(src/config.js):vpcPeeringConnectionId} | |
| vpcPeeringConnectionCidrBlock: ${file(src/config.js):vpcPeeringConnectionCidrBlock} | |
| provider: | |
| name: aws | |
| runtime: nodejs14.x | |
| stage: "${self:custom.stage}" | |
| environment: | |
| SERVERLESS_ENV: "${self:custom.stage}" | |
| functions: | |
| resources: | |
| Resources: | |
| pubPrivateVPC: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: 10.1.0.0/16 | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| Tags: | |
| - Key: Name | |
| Value: !Ref AWS::StackName | |
| publicSubnet1: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref pubPrivateVPC | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: "" | |
| CidrBlock: 10.1.10.0/24 | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: Name | |
| Value: !Join ["-", [!Ref "AWS::StackName","public-subnet"]] | |
| privateSubnet1: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref pubPrivateVPC | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: "" | |
| CidrBlock: 10.1.30.0/24 | |
| MapPublicIpOnLaunch: false | |
| Tags: | |
| - Key: Name | |
| Value: !Join ["-", [!Ref "AWS::StackName","private-subnet-a"]] | |
| privateSubnet2: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| VpcId: !Ref pubPrivateVPC | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 1 | |
| - Fn::GetAZs: "" | |
| CidrBlock: 10.1.40.0/24 | |
| MapPublicIpOnLaunch: false | |
| Tags: | |
| - Key: Name | |
| Value: !Join ["-", [!Ref "AWS::StackName","private-subnet-b"]] | |
| internetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Join ["-", [!Ref "AWS::StackName","gateway"]] | |
| gatewayToInternet: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| VpcId: !Ref pubPrivateVPC | |
| InternetGatewayId: !Ref internetGateway | |
| publicRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref pubPrivateVPC | |
| publicRoute: | |
| Type: AWS::EC2::Route | |
| DependsOn: gatewayToInternet | |
| Properties: | |
| RouteTableId: !Ref publicRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref internetGateway | |
| publicMongoRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref publicRouteTable | |
| DestinationCidrBlock: "${self:custom.vpcPeeringConnectionCidrBlock}" | |
| VpcPeeringConnectionId: "${self:custom.vpcPeeringConnectionId}" | |
| publicSubnet1RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| SubnetId: !Ref publicSubnet1 | |
| RouteTableId: !Ref publicRouteTable | |
| natGateway: | |
| Type: AWS::EC2::NatGateway | |
| DependsOn: natPublicIP | |
| Properties: | |
| AllocationId: !GetAtt natPublicIP.AllocationId | |
| SubnetId: !Ref publicSubnet1 | |
| natPublicIP: | |
| Type: AWS::EC2::EIP | |
| DependsOn: pubPrivateVPC | |
| Properties: | |
| Domain: vpc | |
| privateRouteTable: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: !Ref pubPrivateVPC | |
| privateRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref privateRouteTable | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref natGateway | |
| privateMongoRoute: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: !Ref privateRouteTable | |
| DestinationCidrBlock: "${self:custom.vpcPeeringConnectionCidrBlock}" | |
| VpcPeeringConnectionId: "${self:custom.vpcPeeringConnectionId}" | |
| privateSubnet1RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| SubnetId: !Ref privateSubnet1 | |
| RouteTableId: !Ref privateRouteTable | |
| privateSubnet2RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| SubnetId: !Ref privateSubnet2 | |
| RouteTableId: !Ref privateRouteTable | |
| Outputs: | |
| pubPrivateVPCID: | |
| Description: VPC ID | |
| Value: !Ref pubPrivateVPC | |
| Export: | |
| Name: !Join ["-", [!Ref "AWS::StackName","vpc"]] | |
| publicSubnet1ID: | |
| Description: Public Subnet A ID | |
| Value: !Ref publicSubnet1 | |
| Export: | |
| Name: !Join ["-", [!Ref "AWS::StackName","public-subnet-a"]] | |
| privateSubnet1ID: | |
| Description: Private Subnet A ID | |
| Value: !Ref privateSubnet1 | |
| Export: | |
| Name: !Join ["-", [!Ref "AWS::StackName","private-subnet-a"]] | |
| privateSubnet2ID: | |
| Description: Private Subnet B ID | |
| Value: !Ref privateSubnet2 | |
| Export: | |
| Name: !Join ["-", [!Ref "AWS::StackName","private-subnet-b"]] | |
| privateVPCSecurityGroup: | |
| Description: Default security for Lambda VPC | |
| Value: !GetAtt pubPrivateVPC.DefaultSecurityGroup | |
| Export: | |
| Name: !Join ["-", [!Ref "AWS::StackName","vpc-sg"]] | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment