Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Example CloudFormation stack building two public subnets.
---
AWSTemplateFormatVersion: '2010-09-09'
Description:
The Public Subnet, and associated routing information
# Metadata: # no metadata
Parameters:
Environment:
Type: String
Description:
Stack Environment Prefix.
PrimaryAvailabilityZone:
Type: AWS::EC2::AvailabilityZone::Name
Default: us-east-1a # Probably shouldn't set a default, as it makes this region dependent
SecondaryAvailabilityZone:
Type: AWS::EC2::AvailabilityZone::Name
Default: us-east-1b # Probably shouldn't set a default, as it makes this region dependent
#Mappings:
# Conditions: # No Conditions at this time.
# Transform: # No Transforms at this time
Resources:
# We need to create a VPC Gateway, and then attach it to the VPC.
VPCGateway:
# Using an Internet Gateway for now; may change to a VPN gateway if needed, but one step at a time.
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub "${Environment} VPC Internet Gateway"
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref VPCGateway
VpcId:
Fn::ImportValue: !Sub "${Environment}::VPC"
# We need a subnet for publicly available servers. We need two, so that we can register
# a load balancer.
PublicSubnetAZ1:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.1.0/24 # 10.0.10.0 -> 10.0.1.255
MapPublicIpOnLaunch: false # We will use elastic IPs for public-facing servers.
AvailabilityZone: !Ref PrimaryAvailabilityZone
VpcId:
Fn::ImportValue: !Sub "${Environment}::VPC"
Tags:
- Key: Name
Value: !Sub "${Environment} Public Subnet AZ1"
PublicSubnetAZ2:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.2.0/24 # 10.0.20.0 -> 10.0.2.255
MapPublicIpOnLaunch: false # We will use elastic IPs for public-facing servers.
AvailabilityZone: !Ref SecondaryAvailabilityZone
VpcId:
Fn::ImportValue: !Sub "${Environment}::VPC"
Tags:
- Key: Name
Value: !Sub "${Environment} Public Subnet AZ2"
# In order for subnets to receive traffic from the public, we need to create
# routing tables and rules.
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Fn::ImportValue: !Sub "${Environment}::VPC"
Tags:
- Key: Name
Value: !Sub "${Environment} Public Route Table"
PublicSubnetRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0 # We have no idea what IPs may be assigned; got to go global
GatewayId: !Ref VPCGateway
# The route can not be configured until the gateway is attached to the subnet.
DependsOn: VPCGatewayAttachment
PublicRouteTableAssociationAZ1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetAZ1
RouteTableId: !Ref PublicRouteTable
PublicRouteTableAssociationAZ2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetAZ2
RouteTableId: !Ref PublicRouteTable
Outputs:
PublicSubnetAZ1:
Description: The publicly accessible subnet
Value: !Ref PublicSubnetAZ1
Export:
Name: !Sub "${Environment}::PublicSubnetAZ1"
PublicSubnetAZ2:
Description: The publicly accessible subnet
Value: !Ref PublicSubnetAZ2
Export:
Name: !Sub "${Environment}::PublicSubnetAZ2"
@twasink

This comment has been minimized.

Copy link
Owner Author

@twasink twasink commented Jan 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment