Skip to content

Instantly share code, notes, and snippets.

@scottk212

scottk212/multi-az_with_nat_gateways.template

Forked from coingraham/New_VPC.yaml
Created January 31, 2019 06:27
Show Gist options
  • Save scottk212/793265002951dfe2ddf6a883729b4146 to your computer and use it in GitHub Desktop.
Save scottk212/793265002951dfe2ddf6a883729b4146 to your computer and use it in GitHub Desktop.
Download ZIP
multiaz-vpc with redundant nat gateways.
Raw
multi-az_with_nat_gateways.template
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"Multi-AZ VPC (2 public and 2 private subnets) with redundant Gateway NATs",
"Parameters":{
"NamePrefix":{
"Description":"A string that will be prepended to stack resource names",
"Type":"String",
"Default":"CHANGEME"
},
"VpcCidr":{
"Description":"The RFC1918 CIDR address range assigned to the VPC",
"Type":"String",
"Default":"10.0.0.0/16",
"AllowedPattern":"(((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)[.]){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)(/(1[69]|2[0-8])))",
"ConstraintDescription":"must be a valid IP CIDR range (between a /28 and /16 netmask) of the form x.x.x.x/x"
},
"PublicSubnetCIDRs":{
"Description":"Comma-delimited list of three CIDR blocks",
"Type":"CommaDelimitedList",
"Default":"10.0.0.0/24, 10.0.10.0/24",
"ConstraintDescription":"must be a valid IP CIDR range (between a /28 and /16 netmask) of the form x.x.x.x/x"
},
"PrivateSubnetCIDRs":{
"Description":"Comma-delimited list of three CIDR blocks",
"Type":"CommaDelimitedList",
"Default":"10.0.1.0/24, 10.0.11.0/24",
"ConstraintDescription":"must be a valid IP CIDR range (between a /28 and /16 netmask) of the form x.x.x.x/x"
},
"PrivateKeyName":{
"Description":"AWS EC2 Key Pair",
"Type":"AWS::EC2::KeyPair::KeyName"
},
"ExternalWhitelistIP":{
"Description":"The IP address/range that is allowed outside SSH access to the VPC through the NAT",
"Type":"String",
"Default":"161.162.0.0/16",
"AllowedPattern":"(((2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)[.]){3}(2(5[0-5]|[0-4][0-9])|[01]?[0-9][0-9]?)(/(3[012]|[12]?[0-9])))",
"ConstraintDescription":"must be a valid IP CIDR range of the form x.x.x.x/x"
}
},
"Resources":{
"VPC":{
"Type":"AWS::EC2::VPC",
"Properties":{
"CidrBlock":{
"Ref":"VpcCidr"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"VPC"
]
]
}
}
]
}
},
"IGW":{
"Type":"AWS::EC2::InternetGateway",
"Properties":{
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"VPC-IGW"
]
]
}
}
]
}
},
"IGWAttachment":{
"Type":"AWS::EC2::VPCGatewayAttachment",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"InternetGatewayId":{
"Ref":"IGW"
}
}
},
"PublicSubnet1":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PublicSubnet1"
]
]
}
}
],
"CidrBlock":{
"Fn::Select":[
"0",
{
"Ref":"PublicSubnetCIDRs"
}
]
},
"AvailabilityZone":{
"Fn::Select":[
"0",
{
"Fn::GetAZs":{
"Ref":"AWS::Region"
}
}
]
}
}
},
"PublicSubnet2":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PublicSubnet2"
]
]
}
}
],
"CidrBlock":{
"Fn::Select":[
"1",
{
"Ref":"PublicSubnetCIDRs"
}
]
},
"AvailabilityZone":{
"Fn::Select":[
"1",
{
"Fn::GetAZs":{
"Ref":"AWS::Region"
}
}
]
}
}
},
"PublicRouteTable":{
"Type":"AWS::EC2::RouteTable",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PublicRouteTable"
]
]
}
}
]
}
},
"PublicRoute":{
"Type":"AWS::EC2::Route",
"Properties":{
"RouteTableId":{
"Ref":"PublicRouteTable"
},
"DestinationCidrBlock":"0.0.0.0/0",
"GatewayId":{
"Ref":"IGW"
}
}
},
"PublicSubnet1RouteTableAssociation":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet1"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PublicSubnet2RouteTableAssociation":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"PublicSubnet2"
},
"RouteTableId":{
"Ref":"PublicRouteTable"
}
}
},
"PrivateSubnet1":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PrivateSubnet1"
]
]
}
}
],
"CidrBlock":{
"Fn::Select":[
"0",
{
"Ref":"PrivateSubnetCIDRs"
}
]
},
"AvailabilityZone":{
"Fn::Select":[
"0",
{
"Fn::GetAZs":{
"Ref":"AWS::Region"
}
}
]
}
}
},
"PrivateSubnet2":{
"Type":"AWS::EC2::Subnet",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PrivateSubnet2"
]
]
}
}
],
"CidrBlock":{
"Fn::Select":[
"1",
{
"Ref":"PrivateSubnetCIDRs"
}
]
},
"AvailabilityZone":{
"Fn::Select":[
"1",
{
"Fn::GetAZs":{
"Ref":"AWS::Region"
}
}
]
}
}
},
"GatewayNATEIP1":{
"DependsOn":"IGWAttachment",
"Type":"AWS::EC2::EIP",
"Properties":{
"Domain":"vpc"
}
},
"GatewayNAT1":{
"DependsOn":"IGWAttachment",
"Type":"AWS::EC2::NatGateway",
"Properties":{
"AllocationId":{
"Fn::GetAtt":[
"GatewayNATEIP1",
"AllocationId"
]
},
"SubnetId":{
"Ref":"PublicSubnet1"
}
}
},
"PrivateRouteTable1":{
"Type":"AWS::EC2::RouteTable",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PrivateRouteTable1"
]
]
}
}
]
}
},
"PrivateRoute1":{
"Type":"AWS::EC2::Route",
"Properties":{
"RouteTableId":{
"Ref":"PrivateRouteTable1"
},
"DestinationCidrBlock":"0.0.0.0/0",
"NatGatewayId":{
"Ref":"GatewayNAT1"
}
}
},
"PrivateSubnet1RouteTableAssociation":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet1"
},
"RouteTableId":{
"Ref":"PrivateRouteTable1"
}
}
},
"GatewayNATEIP2":{
"DependsOn":"IGWAttachment",
"Type":"AWS::EC2::EIP",
"Properties":{
"Domain":"vpc"
}
},
"GatewayNAT2":{
"DependsOn":"IGWAttachment",
"Type":"AWS::EC2::NatGateway",
"Properties":{
"AllocationId":{
"Fn::GetAtt":[
"GatewayNATEIP2",
"AllocationId"
]
},
"SubnetId":{
"Ref":"PublicSubnet2"
}
}
},
"PrivateRouteTable2":{
"Type":"AWS::EC2::RouteTable",
"Properties":{
"VpcId":{
"Ref":"VPC"
},
"Tags":[
{
"Key":"Name",
"Value":{
"Fn::Join":[
"-",
[
{
"Ref":"NamePrefix"
},
{
"Ref":"AWS::StackName"
},
"PrivateRouteTable2"
]
]
}
}
]
}
},
"PrivateRoute2":{
"Type":"AWS::EC2::Route",
"Properties":{
"RouteTableId":{
"Ref":"PrivateRouteTable2"
},
"DestinationCidrBlock":"0.0.0.0/0",
"NatGatewayId":{
"Ref":"GatewayNAT2"
}
}
},
"PrivateSubnet2RouteTableAssociation":{
"Type":"AWS::EC2::SubnetRouteTableAssociation",
"Properties":{
"SubnetId":{
"Ref":"PrivateSubnet2"
},
"RouteTableId":{
"Ref":"PrivateRouteTable2"
}
}
}
},
"Outputs":{
"VpcId":{
"Description":"VPC ID",
"Value":{
"Ref":"VPC"
}
},
"IgwId":{
"Description":"VPC Internet Gateway ID",
"Value":{
"Ref":"IGW"
}
},
"PublicSubnet1":{
"Description":"Public Subnet 1 ID",
"Value":{
"Ref":"PublicSubnet1"
}
},
"PublicSubnet2":{
"Description":"Public Subnet 2 ID",
"Value":{
"Ref":"PublicSubnet2"
}
},
"PrivateSubnet1":{
"Description":"Private Subnet 1 ID",
"Value":{
"Ref":"PrivateSubnet1"
}
},
"PrivateSubnet2":{
"Description":"Private Subnet 2 ID",
"Value":{
"Ref":"PrivateSubnet2"
}
},
"PublicRouteTable":{
"Description":"VPC Public Route Tables",
"Value":{
"Ref":"PublicRouteTable"
}
},
"PrivateRouteTable1":{
"Description":"VPC Private Route Tables",
"Value":{
"Ref":"PrivateRouteTable1"
}
},
"PrivateRouteTable2":{
"Description":"VPC Private Route Tables",
"Value":{
"Ref":"PrivateRouteTable2"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment