Last active
August 16, 2019 02:11
-
-
Save y13i/807c68575ca33184564e7da8c853cfba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Parameters": { | |
"VpcCidr": { | |
"Description": "VPC network range. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing", | |
"Type": "String", | |
"Default": "10.0.0.0/16", | |
"AllowedPattern": "^(10\\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|172\\.(1[6-9]|2[0-9]|3[01])|192\\.168)\\.0\\.0/(1[6-9]|2[0-8])$" | |
}, | |
"SubnetCidrBits": { | |
"Type": "Number", | |
"Default": 12, | |
"MinValue": 4, | |
"MaxValue": 13 | |
}, | |
"NatEnabled": { | |
"Type": "String", | |
"AllowedValues": ["true", "false"], | |
"Default": "false" | |
}, | |
"ImageId": { | |
"Type": "AWS::EC2::Image::Id" | |
}, | |
"KeyName": { | |
"Type": "AWS::EC2::KeyPair::KeyName" | |
} | |
}, | |
"Conditions": { | |
"NatEnabledCondition": { | |
"Fn::Equals": [{ "Ref": "NatEnabled" }, "true"] | |
} | |
}, | |
"Resources": { | |
"Vpc": { | |
"Type": "AWS::EC2::VPC", | |
"Properties": { | |
"EnableDnsSupport": true, | |
"EnableDnsHostnames": true, | |
"CidrBlock": { "Ref": "VpcCidr" }, | |
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
} | |
}, | |
"InternetGateway": { | |
"Type": "AWS::EC2::InternetGateway", | |
"Properties": { | |
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
} | |
}, | |
"InternetGatewayAttachment": { | |
"Type": "AWS::EC2::VPCGatewayAttachment", | |
"Properties": { | |
"VpcId": { "Ref": "Vpc" }, | |
"InternetGatewayId": { "Ref": "InternetGateway" } | |
} | |
}, | |
"PublicRouteTable": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Sub": "${AWS::StackName}-public" } | |
} | |
] | |
} | |
}, | |
"PublicToInternetRoute": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { "Ref": "PublicRouteTable" }, | |
"GatewayId": { "Ref": "InternetGateway" } | |
} | |
}, | |
"PublicSubnet0": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": { | |
"Fn::Select": [ | |
0, | |
{ | |
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
} | |
] | |
}, | |
"MapPublicIpOnLaunch": true, | |
"AvailabilityZone": { | |
"Fn::Select": [0, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
}, | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-public-0" | |
} | |
} | |
] | |
} | |
}, | |
"PublicSubnet0RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { "Ref": "PublicRouteTable" }, | |
"SubnetId": { "Ref": "PublicSubnet0" } | |
} | |
}, | |
"PublicSubnet1": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": { | |
"Fn::Select": [ | |
1, | |
{ | |
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
} | |
] | |
}, | |
"MapPublicIpOnLaunch": true, | |
"AvailabilityZone": { | |
"Fn::Select": [1, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
}, | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-public-1" | |
} | |
} | |
] | |
} | |
}, | |
"PublicSubnet1RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { "Ref": "PublicRouteTable" }, | |
"SubnetId": { "Ref": "PublicSubnet1" } | |
} | |
}, | |
"PublicSubnet2": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": { | |
"Fn::Select": [ | |
2, | |
{ | |
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
} | |
] | |
}, | |
"MapPublicIpOnLaunch": true, | |
"AvailabilityZone": { | |
"Fn::Select": [2, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
}, | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-public-2" | |
} | |
} | |
] | |
} | |
}, | |
"PublicSubnet2RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { "Ref": "PublicRouteTable" }, | |
"SubnetId": { "Ref": "PublicSubnet2" } | |
} | |
}, | |
"NatGateway0ElasticIp": { | |
"Type": "AWS::EC2::EIP", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"Domain": "vpc" | |
} | |
}, | |
"NatGateway0": { | |
"Type": "AWS::EC2::NatGateway", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"AllocationId": { | |
"Fn::GetAtt": ["NatGateway0ElasticIp", "AllocationId"] | |
}, | |
"SubnetId": { "Ref": "PublicSubnet0" }, | |
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
} | |
}, | |
"NatGateway1ElasticIp": { | |
"Type": "AWS::EC2::EIP", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"Domain": "vpc" | |
} | |
}, | |
"NatGateway1": { | |
"Type": "AWS::EC2::NatGateway", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"AllocationId": { | |
"Fn::GetAtt": ["NatGateway1ElasticIp", "AllocationId"] | |
}, | |
"SubnetId": { "Ref": "PublicSubnet1" }, | |
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
} | |
}, | |
"NatGateway2ElasticIp": { | |
"Type": "AWS::EC2::EIP", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"Domain": "vpc" | |
} | |
}, | |
"NatGateway2": { | |
"Type": "AWS::EC2::NatGateway", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"AllocationId": { | |
"Fn::GetAtt": ["NatGateway2ElasticIp", "AllocationId"] | |
}, | |
"SubnetId": { "Ref": "PublicSubnet2" }, | |
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
} | |
}, | |
"PrivateRouteTable0": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Sub": "${AWS::StackName}-private-0" } | |
} | |
] | |
} | |
}, | |
"PrivateRouteTable0InternetRoute": { | |
"Type": "AWS::EC2::Route", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { "Ref": "PrivateRouteTable0" }, | |
"NatGatewayId": { "Ref": "NatGateway0" } | |
} | |
}, | |
"PrivateSubnet0": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": { | |
"Fn::Select": [ | |
3, | |
{ | |
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
} | |
] | |
}, | |
"MapPublicIpOnLaunch": false, | |
"AvailabilityZone": { | |
"Fn::Select": [0, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
}, | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-private-0" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateSubnet0RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { "Ref": "PrivateRouteTable0" }, | |
"SubnetId": { "Ref": "PrivateSubnet0" } | |
} | |
}, | |
"PrivateRouteTable1": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Sub": "${AWS::StackName}-private-1" } | |
} | |
] | |
} | |
}, | |
"PrivateRouteTable1InternetRoute": { | |
"Type": "AWS::EC2::Route", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { "Ref": "PrivateRouteTable1" }, | |
"NatGatewayId": { "Ref": "NatGateway1" } | |
} | |
}, | |
"PrivateSubnet1": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": { | |
"Fn::Select": [ | |
4, | |
{ | |
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
} | |
] | |
}, | |
"MapPublicIpOnLaunch": false, | |
"AvailabilityZone": { | |
"Fn::Select": [1, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
}, | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-private-1" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateSubnet1RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { "Ref": "PrivateRouteTable1" }, | |
"SubnetId": { "Ref": "PrivateSubnet1" } | |
} | |
}, | |
"PrivateRouteTable2": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { "Fn::Sub": "${AWS::StackName}-private-2" } | |
} | |
] | |
} | |
}, | |
"PrivateRouteTable2InternetRoute": { | |
"Type": "AWS::EC2::Route", | |
"Condition": "NatEnabledCondition", | |
"Properties": { | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"RouteTableId": { "Ref": "PrivateRouteTable2" }, | |
"NatGatewayId": { "Ref": "NatGateway2" } | |
} | |
}, | |
"PrivateSubnet2": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"CidrBlock": { | |
"Fn::Select": [ | |
5, | |
{ | |
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
} | |
] | |
}, | |
"MapPublicIpOnLaunch": false, | |
"AvailabilityZone": { | |
"Fn::Select": [2, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
}, | |
"VpcId": { "Ref": "Vpc" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-private-2" | |
} | |
} | |
] | |
} | |
}, | |
"PrivateSubnet2RouteTableAssociation": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"RouteTableId": { "Ref": "PrivateRouteTable2" }, | |
"SubnetId": { "Ref": "PrivateSubnet2" } | |
} | |
}, | |
"SystemsManagerEndpoint": { | |
"Type": "AWS::EC2::VPCEndpoint", | |
"Properties": { | |
"VpcEndpointType": "Interface", | |
"PrivateDnsEnabled": true, | |
"VpcId": { "Ref": "Vpc" }, | |
"SubnetIds": [ | |
{ "Ref": "PrivateSubnet0" }, | |
{ "Ref": "PrivateSubnet1" }, | |
{ "Ref": "PrivateSubnet2" } | |
], | |
"SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }], | |
"ServiceName": { | |
"Fn::Sub": "com.amazonaws.${AWS::Region}.ssm" | |
} | |
} | |
}, | |
"SystemsManagerMessagesEndpoint": { | |
"Type": "AWS::EC2::VPCEndpoint", | |
"Properties": { | |
"VpcEndpointType": "Interface", | |
"PrivateDnsEnabled": true, | |
"VpcId": { "Ref": "Vpc" }, | |
"SubnetIds": [ | |
{ "Ref": "PrivateSubnet0" }, | |
{ "Ref": "PrivateSubnet1" }, | |
{ "Ref": "PrivateSubnet2" } | |
], | |
"SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }], | |
"ServiceName": { | |
"Fn::Sub": "com.amazonaws.${AWS::Region}.ssmmessages" | |
} | |
} | |
}, | |
"InstanceRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"AssumeRolePolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": ["ec2.amazonaws.com"] | |
}, | |
"Action": ["sts:AssumeRole"] | |
} | |
] | |
}, | |
"ManagedPolicyArns": [ | |
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | |
] | |
} | |
}, | |
"InstanceProfile": { | |
"Type": "AWS::IAM::InstanceProfile", | |
"Properties": { | |
"Roles": [{ "Ref": "InstanceRole" }] | |
} | |
}, | |
"Instance": { | |
"Type": "AWS::EC2::Instance", | |
"DependsOn": "NatGateway0", | |
"Properties": { | |
"InstanceType": "t3.nano", | |
"KeyName": { "Ref": "KeyName" }, | |
"ImageId": { "Ref": "ImageId" }, | |
"SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }], | |
"SubnetId": { "Ref": "PrivateSubnet0" }, | |
"IamInstanceProfile": { "Ref": "InstanceProfile" }, | |
"Tags": [ | |
{ | |
"Key": "Name", | |
"Value": { | |
"Fn::Sub": "${AWS::StackName}-private" | |
} | |
} | |
], | |
"UserData": { | |
"Fn::Base64": { | |
"Fn::Join": [ | |
"\n", | |
[ | |
"#!/bin/bash -xe", | |
"yum -y update", | |
"yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm" | |
] | |
] | |
} | |
} | |
} | |
} | |
}, | |
"Outputs": { | |
"DefaultSecurityGroup": { | |
"Value": { "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] } | |
}, | |
"PublicSubnet0": { | |
"Value": { "Ref": "PublicSubnet0" } | |
}, | |
"PublicSubnet1": { | |
"Value": { "Ref": "PublicSubnet1" } | |
}, | |
"PublicSubnet2": { | |
"Value": { "Ref": "PublicSubnet2" } | |
}, | |
"PrivateSubnet0": { | |
"Value": { "Ref": "PrivateSubnet0" } | |
}, | |
"PrivateSubnet1": { | |
"Value": { "Ref": "PrivateSubnet1" } | |
}, | |
"PrivateSubnet2": { | |
"Value": { "Ref": "PrivateSubnet2" } | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment