Skip to content

Instantly share code, notes, and snippets.

@stevecaldwell77

stevecaldwell77/desc.md

Last active January 13, 2023 17:08
Show Gist options
  • Star 16 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save stevecaldwell77/b2e9f9179b4e52235fcee24cf37c8dc9 to your computer and use it in GitHub Desktop.
Save stevecaldwell77/b2e9f9179b4e52235fcee24cf37c8dc9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
desc.md

CloudFormation snippet to create a VPC to be used for lambda functions. Qualities of the VPC:

  • 4 subnets: 2 public, 2 private (lambda functions should be attached to the private ones).
  • 2 Elastic IPs that can be used to identify traffic coming from lambda functions (e.g. for firewall holes).
  • Security group that can be used for lambda functions.

Notes:

  • uses regions us-east-1a, us-east-1b
  • uses ip block of 10.15.0.0/16 for VPC
Raw
lambda-vpc.json
{
"Resources": {
"VpcLambda": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.15.0.0/16"
}
},
"SubnetLambdaPublic1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.15.0.0/18",
"AvailabilityZone": "us-east-1a",
"MapPublicIpOnLaunch": true,
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"SubnetLambdaPublic2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.15.64.0/18",
"AvailabilityZone": "us-east-1b",
"MapPublicIpOnLaunch": true,
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"SubnetLambdaPrivate1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.15.128.0/18",
"AvailabilityZone": "us-east-1a",
"MapPublicIpOnLaunch": false,
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"SubnetLambdaPrivate2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.15.192.0/18",
"AvailabilityZone": "us-east-1b",
"MapPublicIpOnLaunch": false,
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"InternetGatewayLambda": {
"Type": "AWS::EC2::InternetGateway"
},
"VPCGatewayAttachmentLambda": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "VpcLambda"
},
"InternetGatewayId": {
"Ref": "InternetGatewayLambda"
}
}
},
"ElasticIpLambda1": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"ElasticIpLambda2": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"NatGatewayLambda1": {
"DependsOn": "VPCGatewayAttachmentLambda",
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ElasticIpLambda1",
"AllocationId"
]
},
"SubnetId": {
"Ref": "SubnetLambdaPublic1"
}
}
},
"NatGatewayLambda2": {
"DependsOn": "VPCGatewayAttachmentLambda",
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"ElasticIpLambda2",
"AllocationId"
]
},
"SubnetId": {
"Ref": "SubnetLambdaPublic2"
}
}
},
"RouteTableLambdaPublic1": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"RouteTableLambdaPublic2": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"RouteTableLambdaPrivate1": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"RouteTableLambdaPrivate2": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VpcLambda"
}
}
},
"RouteLambdaPublic1": {
"Type": "AWS::EC2::Route",
"DependsOn": "VPCGatewayAttachmentLambda",
"Properties": {
"RouteTableId": {
"Ref": "RouteTableLambdaPublic1"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGatewayLambda"
}
}
},
"RouteLambdaPublic2": {
"Type": "AWS::EC2::Route",
"DependsOn": "VPCGatewayAttachmentLambda",
"Properties": {
"RouteTableId": {
"Ref": "RouteTableLambdaPublic2"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGatewayLambda"
}
}
},
"RouteLambdaPrivate1": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "RouteTableLambdaPrivate1"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NatGatewayLambda1"
}
}
},
"RouteLambdaPrivate2": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "RouteTableLambdaPrivate2"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NatGatewayLambda2"
}
}
},
"SubnetRouteTableAssociationLambdaPublic1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "SubnetLambdaPublic1"
},
"RouteTableId": {
"Ref": "RouteTableLambdaPublic1"
}
}
},
"SubnetRouteTableAssociationLambdaPublic2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "SubnetLambdaPublic2"
},
"RouteTableId": {
"Ref": "RouteTableLambdaPublic2"
}
}
},
"SubnetRouteTableAssociationLambdaPrivate1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "SubnetLambdaPrivate1"
},
"RouteTableId": {
"Ref": "RouteTableLambdaPrivate1"
}
}
},
"SubnetRouteTableAssociationLambdaPrivate2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "SubnetLambdaPrivate2"
},
"RouteTableId": {
"Ref": "RouteTableLambdaPrivate2"
}
}
},
"SecurityGroupLambda": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for lambda functions",
"VpcId": {
"Ref": "VpcLambda"
}
}
}
},
"Outputs": {
"VpcSubnetIdLambda1": {
"Description": "ID of subnet #1 to use for lambda functions",
"Value": {
"Ref": "SubnetLambdaPrivate1"
}
},
"VpcSubnetIdLambda2": {
"Description": "ID of subnet #2 to use for lambda functions",
"Value": {
"Ref": "SubnetLambdaPrivate2"
}
},
"IpAddressLambda1": {
"Description": "IP address #1 used by lambda functions in our VPC",
"Value": {
"Ref": "ElasticIpLambda1"
}
},
"IpAddressLambda2": {
"Description": "IP address #2 used by lambda functions in our VPC",
"Value": {
"Ref": "ElasticIpLambda2"
}
},
"SecurityGroupIdLambda": {
"Description": "ID of security group use for lambda functions",
"Value": {
"Ref": "SecurityGroupLambda"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment