Last active
August 16, 2019 02:11
-
-
Save y13i/807c68575ca33184564e7da8c853cfba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Parameters": { | |
| "VpcCidr": { | |
| "Description": "VPC network range. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing", | |
| "Type": "String", | |
| "Default": "10.0.0.0/16", | |
| "AllowedPattern": "^(10\\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|172\\.(1[6-9]|2[0-9]|3[01])|192\\.168)\\.0\\.0/(1[6-9]|2[0-8])$" | |
| }, | |
| "SubnetCidrBits": { | |
| "Type": "Number", | |
| "Default": 12, | |
| "MinValue": 4, | |
| "MaxValue": 13 | |
| }, | |
| "NatEnabled": { | |
| "Type": "String", | |
| "AllowedValues": ["true", "false"], | |
| "Default": "false" | |
| }, | |
| "ImageId": { | |
| "Type": "AWS::EC2::Image::Id" | |
| }, | |
| "KeyName": { | |
| "Type": "AWS::EC2::KeyPair::KeyName" | |
| } | |
| }, | |
| "Conditions": { | |
| "NatEnabledCondition": { | |
| "Fn::Equals": [{ "Ref": "NatEnabled" }, "true"] | |
| } | |
| }, | |
| "Resources": { | |
| "Vpc": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "EnableDnsSupport": true, | |
| "EnableDnsHostnames": true, | |
| "CidrBlock": { "Ref": "VpcCidr" }, | |
| "Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
| } | |
| }, | |
| "InternetGateway": { | |
| "Type": "AWS::EC2::InternetGateway", | |
| "Properties": { | |
| "Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
| } | |
| }, | |
| "InternetGatewayAttachment": { | |
| "Type": "AWS::EC2::VPCGatewayAttachment", | |
| "Properties": { | |
| "VpcId": { "Ref": "Vpc" }, | |
| "InternetGatewayId": { "Ref": "InternetGateway" } | |
| } | |
| }, | |
| "PublicRouteTable": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { "Fn::Sub": "${AWS::StackName}-public" } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicToInternetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { "Ref": "PublicRouteTable" }, | |
| "GatewayId": { "Ref": "InternetGateway" } | |
| } | |
| }, | |
| "PublicSubnet0": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::Select": [ | |
| 0, | |
| { | |
| "Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
| } | |
| ] | |
| }, | |
| "MapPublicIpOnLaunch": true, | |
| "AvailabilityZone": { | |
| "Fn::Select": [0, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
| }, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-public-0" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet0RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PublicRouteTable" }, | |
| "SubnetId": { "Ref": "PublicSubnet0" } | |
| } | |
| }, | |
| "PublicSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::Select": [ | |
| 1, | |
| { | |
| "Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
| } | |
| ] | |
| }, | |
| "MapPublicIpOnLaunch": true, | |
| "AvailabilityZone": { | |
| "Fn::Select": [1, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
| }, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-public-1" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet1RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PublicRouteTable" }, | |
| "SubnetId": { "Ref": "PublicSubnet1" } | |
| } | |
| }, | |
| "PublicSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::Select": [ | |
| 2, | |
| { | |
| "Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
| } | |
| ] | |
| }, | |
| "MapPublicIpOnLaunch": true, | |
| "AvailabilityZone": { | |
| "Fn::Select": [2, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
| }, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-public-2" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet2RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PublicRouteTable" }, | |
| "SubnetId": { "Ref": "PublicSubnet2" } | |
| } | |
| }, | |
| "NatGateway0ElasticIp": { | |
| "Type": "AWS::EC2::EIP", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "Domain": "vpc" | |
| } | |
| }, | |
| "NatGateway0": { | |
| "Type": "AWS::EC2::NatGateway", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "AllocationId": { | |
| "Fn::GetAtt": ["NatGateway0ElasticIp", "AllocationId"] | |
| }, | |
| "SubnetId": { "Ref": "PublicSubnet0" }, | |
| "Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
| } | |
| }, | |
| "NatGateway1ElasticIp": { | |
| "Type": "AWS::EC2::EIP", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "Domain": "vpc" | |
| } | |
| }, | |
| "NatGateway1": { | |
| "Type": "AWS::EC2::NatGateway", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "AllocationId": { | |
| "Fn::GetAtt": ["NatGateway1ElasticIp", "AllocationId"] | |
| }, | |
| "SubnetId": { "Ref": "PublicSubnet1" }, | |
| "Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
| } | |
| }, | |
| "NatGateway2ElasticIp": { | |
| "Type": "AWS::EC2::EIP", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "Domain": "vpc" | |
| } | |
| }, | |
| "NatGateway2": { | |
| "Type": "AWS::EC2::NatGateway", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "AllocationId": { | |
| "Fn::GetAtt": ["NatGateway2ElasticIp", "AllocationId"] | |
| }, | |
| "SubnetId": { "Ref": "PublicSubnet2" }, | |
| "Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }] | |
| } | |
| }, | |
| "PrivateRouteTable0": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { "Fn::Sub": "${AWS::StackName}-private-0" } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable0InternetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { "Ref": "PrivateRouteTable0" }, | |
| "NatGatewayId": { "Ref": "NatGateway0" } | |
| } | |
| }, | |
| "PrivateSubnet0": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::Select": [ | |
| 3, | |
| { | |
| "Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
| } | |
| ] | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "AvailabilityZone": { | |
| "Fn::Select": [0, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
| }, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-private-0" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet0RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PrivateRouteTable0" }, | |
| "SubnetId": { "Ref": "PrivateSubnet0" } | |
| } | |
| }, | |
| "PrivateRouteTable1": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { "Fn::Sub": "${AWS::StackName}-private-1" } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable1InternetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { "Ref": "PrivateRouteTable1" }, | |
| "NatGatewayId": { "Ref": "NatGateway1" } | |
| } | |
| }, | |
| "PrivateSubnet1": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::Select": [ | |
| 4, | |
| { | |
| "Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
| } | |
| ] | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "AvailabilityZone": { | |
| "Fn::Select": [1, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
| }, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-private-1" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet1RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PrivateRouteTable1" }, | |
| "SubnetId": { "Ref": "PrivateSubnet1" } | |
| } | |
| }, | |
| "PrivateRouteTable2": { | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { "Fn::Sub": "${AWS::StackName}-private-2" } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable2InternetRoute": { | |
| "Type": "AWS::EC2::Route", | |
| "Condition": "NatEnabledCondition", | |
| "Properties": { | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "RouteTableId": { "Ref": "PrivateRouteTable2" }, | |
| "NatGatewayId": { "Ref": "NatGateway2" } | |
| } | |
| }, | |
| "PrivateSubnet2": { | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::Select": [ | |
| 5, | |
| { | |
| "Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }] | |
| } | |
| ] | |
| }, | |
| "MapPublicIpOnLaunch": false, | |
| "AvailabilityZone": { | |
| "Fn::Select": [2, { "Fn::GetAZs": { "Ref": "AWS::Region" } }] | |
| }, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-private-2" | |
| } | |
| } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnet2RouteTableAssociation": { | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PrivateRouteTable2" }, | |
| "SubnetId": { "Ref": "PrivateSubnet2" } | |
| } | |
| }, | |
| "SystemsManagerEndpoint": { | |
| "Type": "AWS::EC2::VPCEndpoint", | |
| "Properties": { | |
| "VpcEndpointType": "Interface", | |
| "PrivateDnsEnabled": true, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "SubnetIds": [ | |
| { "Ref": "PrivateSubnet0" }, | |
| { "Ref": "PrivateSubnet1" }, | |
| { "Ref": "PrivateSubnet2" } | |
| ], | |
| "SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }], | |
| "ServiceName": { | |
| "Fn::Sub": "com.amazonaws.${AWS::Region}.ssm" | |
| } | |
| } | |
| }, | |
| "SystemsManagerMessagesEndpoint": { | |
| "Type": "AWS::EC2::VPCEndpoint", | |
| "Properties": { | |
| "VpcEndpointType": "Interface", | |
| "PrivateDnsEnabled": true, | |
| "VpcId": { "Ref": "Vpc" }, | |
| "SubnetIds": [ | |
| { "Ref": "PrivateSubnet0" }, | |
| { "Ref": "PrivateSubnet1" }, | |
| { "Ref": "PrivateSubnet2" } | |
| ], | |
| "SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }], | |
| "ServiceName": { | |
| "Fn::Sub": "com.amazonaws.${AWS::Region}.ssmmessages" | |
| } | |
| } | |
| }, | |
| "InstanceRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "Service": ["ec2.amazonaws.com"] | |
| }, | |
| "Action": ["sts:AssumeRole"] | |
| } | |
| ] | |
| }, | |
| "ManagedPolicyArns": [ | |
| "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | |
| ] | |
| } | |
| }, | |
| "InstanceProfile": { | |
| "Type": "AWS::IAM::InstanceProfile", | |
| "Properties": { | |
| "Roles": [{ "Ref": "InstanceRole" }] | |
| } | |
| }, | |
| "Instance": { | |
| "Type": "AWS::EC2::Instance", | |
| "DependsOn": "NatGateway0", | |
| "Properties": { | |
| "InstanceType": "t3.nano", | |
| "KeyName": { "Ref": "KeyName" }, | |
| "ImageId": { "Ref": "ImageId" }, | |
| "SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }], | |
| "SubnetId": { "Ref": "PrivateSubnet0" }, | |
| "IamInstanceProfile": { "Ref": "InstanceProfile" }, | |
| "Tags": [ | |
| { | |
| "Key": "Name", | |
| "Value": { | |
| "Fn::Sub": "${AWS::StackName}-private" | |
| } | |
| } | |
| ], | |
| "UserData": { | |
| "Fn::Base64": { | |
| "Fn::Join": [ | |
| "\n", | |
| [ | |
| "#!/bin/bash -xe", | |
| "yum -y update", | |
| "yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm" | |
| ] | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "DefaultSecurityGroup": { | |
| "Value": { "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] } | |
| }, | |
| "PublicSubnet0": { | |
| "Value": { "Ref": "PublicSubnet0" } | |
| }, | |
| "PublicSubnet1": { | |
| "Value": { "Ref": "PublicSubnet1" } | |
| }, | |
| "PublicSubnet2": { | |
| "Value": { "Ref": "PublicSubnet2" } | |
| }, | |
| "PrivateSubnet0": { | |
| "Value": { "Ref": "PrivateSubnet0" } | |
| }, | |
| "PrivateSubnet1": { | |
| "Value": { "Ref": "PrivateSubnet1" } | |
| }, | |
| "PrivateSubnet2": { | |
| "Value": { "Ref": "PrivateSubnet2" } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment