tmclaugh/gist:fb72dbe9a30ba36279b2704ef84dc4d3

## gistfile1.txt
    vpc:
      Type: AWS::EC2::VPC
      Properties:
        CidrBlock: "10.0.0.0/16"
        EnableDnsSupport: false
        EnableDnsHostnames: false
        Tags:
          - Key: Name
            Value: ${self:service}-${self:provider.stage}
    # This doesn't work for all regions but handles the vast majority. I hope
    # when this actually becomes a problem for their to be a better solution.
    vpcSubnet1:
      Type: AWS::EC2::Subnet
      Properties:
        AvailabilityZone:
          Fn::Select:
            - 0
            - Fn::GetAZs: ""
        CidrBlock: 10.0.0.0/20
        VpcId:
          Ref: vpc
    vpcSubnet2:
      Type: AWS::EC2::Subnet
      Properties:
        AvailabilityZone:
          Fn::Select:
            - 1
            - Fn::GetAZs: ""
        CidrBlock: 10.0.16.0/20
        VpcId:
          Ref: vpc
    vpcSubnet3:
      Type: AWS::EC2::Subnet
      Properties:
        AvailabilityZone:
          Fn::Select:
            - 2
            - Fn::GetAZs: ""
        CidrBlock: 10.0.32.0/20
        VpcId:
          Ref: vpc

    securityGroupDefault:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupDescription: ${self:service}-${self:provider.stage}
        Tags:
          - Key: Name
            Value: ${self:service}-${self:provider.stage}
        VpcId:
          Ref: vpc
        # This will override the default SG so we can control rules using
        # AWS::EC2::SecurityGroup{Ingress,Egress} resources.
        SecurityGroupEgress:
        - IpProtocol: -1
          CidrIp: 127.0.0.1/32
    securityGroupEgressDefault:
      Type: AWS::EC2::SecurityGroupEgress
      Properties:
        GroupId:
          Ref: securityGroupDefault
        IpProtocol: -1
        DestinationSecurityGroupId:
          Ref: securityGroupDefault
    securityGroupIngressDefault:
      Type: AWS::EC2::SecurityGroupIngress
      Properties:
        GroupId:
          Ref: securityGroupDefault
        IpProtocol: -1
        SourceSecurityGroupId:
          Ref: securityGroupDefault
	vpc:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: "10.0.0.0/16"
	EnableDnsSupport: false
	EnableDnsHostnames: false
	Tags:
	- Key: Name
	Value: ${self:service}-${self:provider.stage}
	# This doesn't work for all regions but handles the vast majority. I hope
	# when this actually becomes a problem for their to be a better solution.
	vpcSubnet1:
	Type: AWS::EC2::Subnet
	Properties:
	AvailabilityZone:
	Fn::Select:
	- 0
	- Fn::GetAZs: ""
	CidrBlock: 10.0.0.0/20
	VpcId:
	Ref: vpc
	vpcSubnet2:
	Type: AWS::EC2::Subnet
	Properties:
	AvailabilityZone:
	Fn::Select:
	- 1
	- Fn::GetAZs: ""
	CidrBlock: 10.0.16.0/20
	VpcId:
	Ref: vpc
	vpcSubnet3:
	Type: AWS::EC2::Subnet
	Properties:
	AvailabilityZone:
	Fn::Select:
	- 2
	- Fn::GetAZs: ""
	CidrBlock: 10.0.32.0/20
	VpcId:
	Ref: vpc

	securityGroupDefault:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupDescription: ${self:service}-${self:provider.stage}
	Tags:
	- Key: Name
	Value: ${self:service}-${self:provider.stage}
	VpcId:
	Ref: vpc
	# This will override the default SG so we can control rules using
	# AWS::EC2::SecurityGroup{Ingress,Egress} resources.
	SecurityGroupEgress:
	- IpProtocol: -1
	CidrIp: 127.0.0.1/32
	securityGroupEgressDefault:
	Type: AWS::EC2::SecurityGroupEgress
	Properties:
	GroupId:
	Ref: securityGroupDefault
	IpProtocol: -1
	DestinationSecurityGroupId:
	Ref: securityGroupDefault
	securityGroupIngressDefault:
	Type: AWS::EC2::SecurityGroupIngress
	Properties:
	GroupId:
	Ref: securityGroupDefault
	IpProtocol: -1
	SourceSecurityGroupId:
	Ref: securityGroupDefault