Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
sample-2018-01
{
"Resources" : {
"TestVPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.0.0.0/16",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"InstanceTenancy" : "default",
"Tags" : [ {"Key" : "Name", "Value" : "TestVPC"}]
}
},
"TestIGW" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [ {"Key" : "Name", "Value" : "TestIGW"}]
}
},
"AttachIGW" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"InternetGatewayId" : { "Ref" : "TestIGW" },
"VpcId" : { "Ref" : "TestVPC" }
}
}
}
}
{
"Parameters" : {
"KeyName" : {
"Description" : "input EC2 Keyname",
"Type" : "AWS::EC2::KeyPair::KeyName"
}
},
"Resources" : {
"KadaiVPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.0.0.0/16",
"InstanceTenancy" : "default",
"Tags" : [ {"Key" : "Name", "Value" : "KadaiVPC"}]
}
},
"KadaiIGW" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [ {"Key" : "Name", "Value" : "KadaiIGW"}]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "KadaiVPC" },
"Tags" : [ {"Key" : "Name", "Value" : "PublicRoute"}]
}
},
"Route" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRoute" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "KadaiIGW" }
}
},
"AttachIGW" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"InternetGatewayId" : { "Ref" : "KadaiIGW" },
"VpcId" : { "Ref" : "KadaiVPC" }
}
},
"BastionSubnet" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"CidrBlock" : "10.0.1.0/24",
"VpcId" : { "Ref" : "KadaiVPC" },
"Tags" : [ {"Key" : "Name", "Value" : "BastionSubnet"}]
}
},
"BastionSubnetRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "BastionSubnet" },
"RouteTableId" : { "Ref" : "PublicRoute" }
}
},
"BastionSG" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "KadaiVPC" },
"GroupDescription" : "KadaiIGW",
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" },
],
"Tags" : [ {"Key" : "Name", "Value" : "BastionSG"}]
}
},
"PowerUserRole" : {
"Type" : "AWS::IAM::Role",
"Properties" : {
"AssumeRolePolicyDocument" : {
"Statement": [ {
"Effect": "Allow",
"Principal": { "Service": [ "ec2.amazonaws.com" ] },
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path" : "/",
"Policies" :[ {
"PolicyName" : "PowerUserPolicy",
"PolicyDocument" : {
"Statement": [ {
"Sid": "PowerUserStmt",
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
} ]
}
}]
}
},
"PowerUserProfile" : {
"Type" : "AWS::IAM::InstanceProfile",
"Properties" : {
"Path": "/",
"Roles" : [ { "Ref" : "PowerUserRole" } ]
}
},
"BastionEC2" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "ap-northeast-1a",
"IamInstanceProfile": { "Ref" : "PowerUserProfile" },
"ImageId": "ami-33c25b55",
"InstanceType" : "t2.micro",
"KeyName": { "Ref": "KeyName" },
"SubnetId" : {"Ref" : "BastionSubnet" },
"SecurityGroupIds" : [ { "Ref": "BastionSG" } ],
"Tags" : [ {"Key" : "Name", "Value" : "Bastion"} ]
}
},
"BastionEIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"InstanceId": { "Ref": "BastionEC2" }
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.