svrist/preserverless.yaml

## preserverless.yaml
....
Parameters:
....
  CidrBlock:
    Default: 172.21.0.0/16
    Description: VPC Cidr Block
    Type: String
    AllowedPattern: "\\d+.\\d+.\\d+.\\d+/\\d+"
    ConstraintDescription: Must be CIDR
  Subnets:
    Type: CommaDelimitedList
    Description: Subnets for VPC
    Default: "172.21.0.0/18, 172.21.64.0/18, 172.21.128.0/18"
....
Mappings:
  RegionMap:
    eu-west-1:
      PrefixListId: pl-6da54004
...
Resources:
...
  stackVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref CidrBlock
      EnableDnsHostnames: True

  Subnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref stackVPC
      CidrBlock: !Select [0, !Ref Subnets]
      AvailabilityZone: !Sub "${AWS::Region}a"
  Subnet2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref stackVPC
      CidrBlock: !Select [1, !Ref Subnets]
      AvailabilityZone: !Sub "${AWS::Region}b"
  Subnet3:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref stackVPC
      CidrBlock: !Select [2, !Ref Subnets]
      AvailabilityZone: !Sub "${AWS::Region}c"

  VPCRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Ref: stackVPC
  Subnet1Route:
      Type: "AWS::EC2::SubnetRouteTableAssociation"
      Properties:
        RouteTableId: !Ref VPCRouteTable
        SubnetId: !Ref Subnet1
  Subnet2Route:
      Type: "AWS::EC2::SubnetRouteTableAssociation"
      Properties:
        RouteTableId: !Ref VPCRouteTable
        SubnetId: !Ref Subnet2
  Subnet3Route:
      Type: "AWS::EC2::SubnetRouteTableAssociation"
      Properties:
        RouteTableId: !Ref VPCRouteTable
        SubnetId: !Ref Subnet3

  myDBEC2SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Access To RDS
      VpcId: !Ref stackVPC
      SecurityGroupEgress:
      - IpProtocol: -1
        DestinationPrefixListId: !FindInMap [RegionMap, !Ref "AWS::Region", PrefixListId]
      - IpProtocol: -1
        CidrIp: 0.0.0.0/0
  SGIngress:
    Type: AWS::EC2::SecurityGroupIngress
    DependsOn: myDBEC2SecurityGroup
    Properties:
      GroupId: !Ref myDBEC2SecurityGroup
      IpProtocol: tcp
      FromPort: 5432
      ToPort: 5432
      SourceSecurityGroupId: !Ref myDBEC2SecurityGroup

  myDBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: DB Private Subnet
      SubnetIds:
        - !Ref Subnet1
        - !Ref Subnet2
        - !Ref Subnet3
...
  S3Endpoint:
    Type: "AWS::EC2::VPCEndpoint"
    Properties:
      ....
      ServiceName: !Sub "com.amazonaws.${AWS::Region}.s3"
      RouteTableIds:
        - !Ref VPCRouteTable
      VpcId: !Ref stackVPC

Outputs:
  ConnectionUrl:
    Description: ConnectionString
    Value: !Sub "\
      postgresql://\
      ${DBUsername}:${DBPassword}@\
      ${pgDB.Endpoint.Address}:${pgDB.Endpoint.Port}\
      /${DBName}\
      "
  SecurityGroup:
    Description: SecurityGroup for this DB
    Value: !GetAtt [myDBEC2SecurityGroup, GroupId]
    Export:
      Name: !Sub "${AWS::StackName}-SecurityGroupID"

  SubnetA:
    Description: First subnet for this DB
    Value: !Ref Subnet1
    Export:
      Name: !Sub "${AWS::StackName}-SubnetA"
....
	....
	Parameters:
	....
	CidrBlock:
	Default: 172.21.0.0/16
	Description: VPC Cidr Block
	Type: String
	AllowedPattern: "\\d+.\\d+.\\d+.\\d+/\\d+"
	ConstraintDescription: Must be CIDR
	Subnets:
	Type: CommaDelimitedList
	Description: Subnets for VPC
	Default: "172.21.0.0/18, 172.21.64.0/18, 172.21.128.0/18"
	....
	Mappings:
	RegionMap:
	eu-west-1:
	PrefixListId: pl-6da54004
	...
	Resources:
	...
	stackVPC:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: !Ref CidrBlock
	EnableDnsHostnames: True

	Subnet1:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref stackVPC
	CidrBlock: !Select [0, !Ref Subnets]
	AvailabilityZone: !Sub "${AWS::Region}a"
	Subnet2:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref stackVPC
	CidrBlock: !Select [1, !Ref Subnets]
	AvailabilityZone: !Sub "${AWS::Region}b"
	Subnet3:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref stackVPC
	CidrBlock: !Select [2, !Ref Subnets]
	AvailabilityZone: !Sub "${AWS::Region}c"

	VPCRouteTable:
	Type: AWS::EC2::RouteTable
	Properties:
	VpcId:
	Ref: stackVPC
	Subnet1Route:
	Type: "AWS::EC2::SubnetRouteTableAssociation"
	Properties:
	RouteTableId: !Ref VPCRouteTable
	SubnetId: !Ref Subnet1
	Subnet2Route:
	Type: "AWS::EC2::SubnetRouteTableAssociation"
	Properties:
	RouteTableId: !Ref VPCRouteTable
	SubnetId: !Ref Subnet2
	Subnet3Route:
	Type: "AWS::EC2::SubnetRouteTableAssociation"
	Properties:
	RouteTableId: !Ref VPCRouteTable
	SubnetId: !Ref Subnet3

	myDBEC2SecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupDescription: Access To RDS
	VpcId: !Ref stackVPC
	SecurityGroupEgress:
	- IpProtocol: -1
	DestinationPrefixListId: !FindInMap [RegionMap, !Ref "AWS::Region", PrefixListId]
	- IpProtocol: -1
	CidrIp: 0.0.0.0/0
	SGIngress:
	Type: AWS::EC2::SecurityGroupIngress
	DependsOn: myDBEC2SecurityGroup
	Properties:
	GroupId: !Ref myDBEC2SecurityGroup
	IpProtocol: tcp
	FromPort: 5432
	ToPort: 5432
	SourceSecurityGroupId: !Ref myDBEC2SecurityGroup

	myDBSubnetGroup:
	Type: AWS::RDS::DBSubnetGroup
	Properties:
	DBSubnetGroupDescription: DB Private Subnet
	SubnetIds:
	- !Ref Subnet1
	- !Ref Subnet2
	- !Ref Subnet3
	...
	S3Endpoint:
	Type: "AWS::EC2::VPCEndpoint"
	Properties:
	....
	ServiceName: !Sub "com.amazonaws.${AWS::Region}.s3"
	RouteTableIds:
	- !Ref VPCRouteTable
	VpcId: !Ref stackVPC

	Outputs:
	ConnectionUrl:
	Description: ConnectionString
	Value: !Sub "\
	postgresql://\
	${DBUsername}:${DBPassword}@\
	${pgDB.Endpoint.Address}:${pgDB.Endpoint.Port}\
	/${DBName}\
	"
	SecurityGroup:
	Description: SecurityGroup for this DB
	Value: !GetAtt [myDBEC2SecurityGroup, GroupId]
	Export:
	Name: !Sub "${AWS::StackName}-SecurityGroupID"

	SubnetA:
	Description: First subnet for this DB
	Value: !Ref Subnet1
	Export:
	Name: !Sub "${AWS::StackName}-SubnetA"
	....