-
-
Save scottk212/793265002951dfe2ddf6a883729b4146 to your computer and use it in GitHub Desktop.
multiaz-vpc with redundant nat gateways.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion":"2010-09-09", | |
"Description":"Multi-AZ VPC (2 public and 2 private subnets) with redundant Gateway NATs", | |
"Parameters":{ | |
"NamePrefix":{ | |
"Description":"A string that will be prepended to stack resource names", | |
"Type":"String", | |
"Default":"CHANGEME" | |
}, | |
"VpcCidr":{ | |
"Description":"The RFC1918 CIDR address range assigned to the VPC", | |
"Type":"String", | |
"Default":"10.0.0.0/16", | |
"AllowedPattern":"(((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)[.]){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)(/(1[69]|2[0-8])))", | |
"ConstraintDescription":"must be a valid IP CIDR range (between a /28 and /16 netmask) of the form x.x.x.x/x" | |
}, | |
"PublicSubnetCIDRs":{ | |
"Description":"Comma-delimited list of three CIDR blocks", | |
"Type":"CommaDelimitedList", | |
"Default":"10.0.0.0/24, 10.0.10.0/24", | |
"ConstraintDescription":"must be a valid IP CIDR range (between a /28 and /16 netmask) of the form x.x.x.x/x" | |
}, | |
"PrivateSubnetCIDRs":{ | |
"Description":"Comma-delimited list of three CIDR blocks", | |
"Type":"CommaDelimitedList", | |
"Default":"10.0.1.0/24, 10.0.11.0/24", | |
"ConstraintDescription":"must be a valid IP CIDR range (between a /28 and /16 netmask) of the form x.x.x.x/x" | |
}, | |
"PrivateKeyName":{ | |
"Description":"AWS EC2 Key Pair", | |
"Type":"AWS::EC2::KeyPair::KeyName" | |
}, | |
"ExternalWhitelistIP":{ | |
"Description":"The IP address/range that is allowed outside SSH access to the VPC through the NAT", | |
"Type":"String", | |
"Default":"161.162.0.0/16", | |
"AllowedPattern":"(((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)[.]){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)(/(3[012]|[12]?[0-9])))", | |
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x" | |
} | |
}, | |
"Resources":{ | |
"VPC":{ | |
"Type":"AWS::EC2::VPC", | |
"Properties":{ | |
"CidrBlock":{ | |
"Ref":"VpcCidr" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"VPC" | |
] | |
] | |
} | |
} | |
] | |
} | |
}, | |
"IGW":{ | |
"Type":"AWS::EC2::InternetGateway", | |
"Properties":{ | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"VPC-IGW" | |
] | |
] | |
} | |
} | |
] | |
} | |
}, | |
"IGWAttachment":{ | |
"Type":"AWS::EC2::VPCGatewayAttachment", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"InternetGatewayId":{ | |
"Ref":"IGW" | |
} | |
} | |
}, | |
"PublicSubnet1":{ | |
"Type":"AWS::EC2::Subnet", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PublicSubnet1" | |
] | |
] | |
} | |
} | |
], | |
"CidrBlock":{ | |
"Fn::Select":[ | |
"0", | |
{ | |
"Ref":"PublicSubnetCIDRs" | |
} | |
] | |
}, | |
"AvailabilityZone":{ | |
"Fn::Select":[ | |
"0", | |
{ | |
"Fn::GetAZs":{ | |
"Ref":"AWS::Region" | |
} | |
} | |
] | |
} | |
} | |
}, | |
"PublicSubnet2":{ | |
"Type":"AWS::EC2::Subnet", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PublicSubnet2" | |
] | |
] | |
} | |
} | |
], | |
"CidrBlock":{ | |
"Fn::Select":[ | |
"1", | |
{ | |
"Ref":"PublicSubnetCIDRs" | |
} | |
] | |
}, | |
"AvailabilityZone":{ | |
"Fn::Select":[ | |
"1", | |
{ | |
"Fn::GetAZs":{ | |
"Ref":"AWS::Region" | |
} | |
} | |
] | |
} | |
} | |
}, | |
"PublicRouteTable":{ | |
"Type":"AWS::EC2::RouteTable", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PublicRouteTable" | |
] | |
] | |
} | |
} | |
] | |
} | |
}, | |
"PublicRoute":{ | |
"Type":"AWS::EC2::Route", | |
"Properties":{ | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
}, | |
"DestinationCidrBlock":"0.0.0.0/0", | |
"GatewayId":{ | |
"Ref":"IGW" | |
} | |
} | |
}, | |
"PublicSubnet1RouteTableAssociation":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet1" | |
}, | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
} | |
} | |
}, | |
"PublicSubnet2RouteTableAssociation":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PublicSubnet2" | |
}, | |
"RouteTableId":{ | |
"Ref":"PublicRouteTable" | |
} | |
} | |
}, | |
"PrivateSubnet1":{ | |
"Type":"AWS::EC2::Subnet", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PrivateSubnet1" | |
] | |
] | |
} | |
} | |
], | |
"CidrBlock":{ | |
"Fn::Select":[ | |
"0", | |
{ | |
"Ref":"PrivateSubnetCIDRs" | |
} | |
] | |
}, | |
"AvailabilityZone":{ | |
"Fn::Select":[ | |
"0", | |
{ | |
"Fn::GetAZs":{ | |
"Ref":"AWS::Region" | |
} | |
} | |
] | |
} | |
} | |
}, | |
"PrivateSubnet2":{ | |
"Type":"AWS::EC2::Subnet", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PrivateSubnet2" | |
] | |
] | |
} | |
} | |
], | |
"CidrBlock":{ | |
"Fn::Select":[ | |
"1", | |
{ | |
"Ref":"PrivateSubnetCIDRs" | |
} | |
] | |
}, | |
"AvailabilityZone":{ | |
"Fn::Select":[ | |
"1", | |
{ | |
"Fn::GetAZs":{ | |
"Ref":"AWS::Region" | |
} | |
} | |
] | |
} | |
} | |
}, | |
"GatewayNATEIP1":{ | |
"DependsOn":"IGWAttachment", | |
"Type":"AWS::EC2::EIP", | |
"Properties":{ | |
"Domain":"vpc" | |
} | |
}, | |
"GatewayNAT1":{ | |
"DependsOn":"IGWAttachment", | |
"Type":"AWS::EC2::NatGateway", | |
"Properties":{ | |
"AllocationId":{ | |
"Fn::GetAtt":[ | |
"GatewayNATEIP1", | |
"AllocationId" | |
] | |
}, | |
"SubnetId":{ | |
"Ref":"PublicSubnet1" | |
} | |
} | |
}, | |
"PrivateRouteTable1":{ | |
"Type":"AWS::EC2::RouteTable", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PrivateRouteTable1" | |
] | |
] | |
} | |
} | |
] | |
} | |
}, | |
"PrivateRoute1":{ | |
"Type":"AWS::EC2::Route", | |
"Properties":{ | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable1" | |
}, | |
"DestinationCidrBlock":"0.0.0.0/0", | |
"NatGatewayId":{ | |
"Ref":"GatewayNAT1" | |
} | |
} | |
}, | |
"PrivateSubnet1RouteTableAssociation":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet1" | |
}, | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable1" | |
} | |
} | |
}, | |
"GatewayNATEIP2":{ | |
"DependsOn":"IGWAttachment", | |
"Type":"AWS::EC2::EIP", | |
"Properties":{ | |
"Domain":"vpc" | |
} | |
}, | |
"GatewayNAT2":{ | |
"DependsOn":"IGWAttachment", | |
"Type":"AWS::EC2::NatGateway", | |
"Properties":{ | |
"AllocationId":{ | |
"Fn::GetAtt":[ | |
"GatewayNATEIP2", | |
"AllocationId" | |
] | |
}, | |
"SubnetId":{ | |
"Ref":"PublicSubnet2" | |
} | |
} | |
}, | |
"PrivateRouteTable2":{ | |
"Type":"AWS::EC2::RouteTable", | |
"Properties":{ | |
"VpcId":{ | |
"Ref":"VPC" | |
}, | |
"Tags":[ | |
{ | |
"Key":"Name", | |
"Value":{ | |
"Fn::Join":[ | |
"-", | |
[ | |
{ | |
"Ref":"NamePrefix" | |
}, | |
{ | |
"Ref":"AWS::StackName" | |
}, | |
"PrivateRouteTable2" | |
] | |
] | |
} | |
} | |
] | |
} | |
}, | |
"PrivateRoute2":{ | |
"Type":"AWS::EC2::Route", | |
"Properties":{ | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable2" | |
}, | |
"DestinationCidrBlock":"0.0.0.0/0", | |
"NatGatewayId":{ | |
"Ref":"GatewayNAT2" | |
} | |
} | |
}, | |
"PrivateSubnet2RouteTableAssociation":{ | |
"Type":"AWS::EC2::SubnetRouteTableAssociation", | |
"Properties":{ | |
"SubnetId":{ | |
"Ref":"PrivateSubnet2" | |
}, | |
"RouteTableId":{ | |
"Ref":"PrivateRouteTable2" | |
} | |
} | |
} | |
}, | |
"Outputs":{ | |
"VpcId":{ | |
"Description":"VPC ID", | |
"Value":{ | |
"Ref":"VPC" | |
} | |
}, | |
"IgwId":{ | |
"Description":"VPC Internet Gateway ID", | |
"Value":{ | |
"Ref":"IGW" | |
} | |
}, | |
"PublicSubnet1":{ | |
"Description":"Public Subnet 1 ID", | |
"Value":{ | |
"Ref":"PublicSubnet1" | |
} | |
}, | |
"PublicSubnet2":{ | |
"Description":"Public Subnet 2 ID", | |
"Value":{ | |
"Ref":"PublicSubnet2" | |
} | |
}, | |
"PrivateSubnet1":{ | |
"Description":"Private Subnet 1 ID", | |
"Value":{ | |
"Ref":"PrivateSubnet1" | |
} | |
}, | |
"PrivateSubnet2":{ | |
"Description":"Private Subnet 2 ID", | |
"Value":{ | |
"Ref":"PrivateSubnet2" | |
} | |
}, | |
"PublicRouteTable":{ | |
"Description":"VPC Public Route Tables", | |
"Value":{ | |
"Ref":"PublicRouteTable" | |
} | |
}, | |
"PrivateRouteTable1":{ | |
"Description":"VPC Private Route Tables", | |
"Value":{ | |
"Ref":"PrivateRouteTable1" | |
} | |
}, | |
"PrivateRouteTable2":{ | |
"Description":"VPC Private Route Tables", | |
"Value":{ | |
"Ref":"PrivateRouteTable2" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment