Created
September 6, 2017 23:59
-
-
Save yury-sannikov/67b8dd283f2f3073164537d9f9d896a3 to your computer and use it in GitHub Desktop.
Ethereum Virtual Private Cloud Template for Amazon CloudFormation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'Ethereum Cluster VPC with two availability zones' | |
| Metadata: | |
| 'AWS::CloudFormation::Interface': | |
| ParameterGroups: | |
| - Label: | |
| default: 'VPC Parameters' | |
| Parameters: | |
| - ClassB | |
| Parameters: | |
| ClassB: | |
| Description: 'Class B of VPC (10.XXX.0.0/16)' | |
| Type: Number | |
| Default: 0 | |
| ConstraintDescription: 'Must be in the range [0-255]' | |
| MinValue: 0 | |
| MaxValue: 255 | |
| Resources: | |
| VPC: | |
| Type: 'AWS::EC2::VPC' | |
| Properties: | |
| CidrBlock: !Sub '10.${ClassB}.0.0/16' | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| InstanceTenancy: default | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '10.${ClassB}.0.0/16' | |
| InternetGateway: | |
| Type: 'AWS::EC2::InternetGateway' | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '10.${ClassB}.0.0/16' | |
| VPCGatewayAttachment: | |
| Type: 'AWS::EC2::VPCGatewayAttachment' | |
| Properties: | |
| VpcId: !Ref VPC | |
| InternetGatewayId: !Ref InternetGateway | |
| SubnetAPublic: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [0, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.0.0/20' | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'A public' | |
| - Key: Reach | |
| Value: public | |
| SubnetAPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [0, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.16.0/20' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'A private' | |
| - Key: Reach | |
| Value: private | |
| SubnetBPublic: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [1, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.32.0/20' | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'B public' | |
| - Key: Reach | |
| Value: public | |
| SubnetBPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [1, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.48.0/20' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'B private' | |
| - Key: Reach | |
| Value: private | |
| RouteTablePublic: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'A Public' | |
| RouteTablePrivate: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'A Private' | |
| RouteTableBPublic: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'B Public' | |
| RouteTableBPrivate: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: 'B Private' | |
| RouteTableAssociationAPublic: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPublic | |
| RouteTableId: !Ref RouteTablePublic | |
| RouteTableAssociationAPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPrivate | |
| RouteTableId: !Ref RouteTablePrivate | |
| RouteTableAssociationBPublic: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPublic | |
| RouteTableId: !Ref RouteTableBPublic | |
| RouteTableAssociationBPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPrivate | |
| RouteTableId: !Ref RouteTableBPrivate | |
| RouteTablePublicInternetRoute: # should be RouteTablePublicAInternetRoute, but logical id was not changed for backward compatibility | |
| Type: 'AWS::EC2::Route' | |
| DependsOn: VPCGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref RouteTablePublic | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| GatewayId: !Ref InternetGateway | |
| RouteTablePublicBInternetRoute: | |
| Type: 'AWS::EC2::Route' | |
| DependsOn: VPCGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref RouteTableBPublic | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| GatewayId: !Ref InternetGateway | |
| NetworkAclPublic: | |
| Type: 'AWS::EC2::NetworkAcl' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: Public | |
| NetworkAclPrivate: | |
| Type: 'AWS::EC2::NetworkAcl' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: Private | |
| SubnetNetworkAclAssociationAPublic: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPublic | |
| NetworkAclId: !Ref NetworkAclPublic | |
| SubnetNetworkAclAssociationAPrivate: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPrivate | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| SubnetNetworkAclAssociationBPublic: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPublic | |
| NetworkAclId: !Ref NetworkAclPublic | |
| SubnetNetworkAclAssociationBPrivate: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPrivate | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| NetworkAclEntryInPublicAllowAll: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPublic | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: false | |
| CidrBlock: '0.0.0.0/0' | |
| NetworkAclEntryOutPublicAllowAll: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPublic | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: true | |
| CidrBlock: '0.0.0.0/0' | |
| NetworkAclEntryInPrivateAllowVPC: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: false | |
| CidrBlock: '0.0.0.0/0' | |
| NetworkAclEntryOutPrivateAllowVPC: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: true | |
| CidrBlock: '0.0.0.0/0' | |
| Outputs: | |
| StackName: | |
| Description: 'Stack name' | |
| Value: !Sub '${AWS::StackName}' | |
| AZs: | |
| Description: 'AZs' | |
| Value: 2 | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZs' | |
| AZA: | |
| Description: 'AZ of A' | |
| Value: !Select [0, !GetAZs ''] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZA' | |
| AZB: | |
| Description: 'AZ of B' | |
| Value: !Select [1, !GetAZs ''] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZB' | |
| ClassB: | |
| Description: 'Class B.' | |
| Value: !Ref ClassB | |
| Export: | |
| Name: !Sub '${AWS::StackName}-ClassB' | |
| VPC: | |
| Description: 'VPC.' | |
| Value: !Ref VPC | |
| Export: | |
| Name: !Sub '${AWS::StackName}-VPC' | |
| SubnetsPublic: | |
| Description: 'Subnets public.' | |
| Value: !Join [',', [!Ref SubnetAPublic, !Ref SubnetBPublic]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetsPublic' | |
| SubnetsPrivate: | |
| Description: 'Subnets private.' | |
| Value: !Join [',', [!Ref SubnetAPrivate, !Ref SubnetBPrivate]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetsPrivate' | |
| RouteTablePrivate: # deprecated in v4, will be removed in v5 | |
| Description: 'Route table private (deprecated in v4, will be removed in v5).' | |
| Value: !Ref RouteTablePrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTablePrivate' | |
| RouteTablePublic: # deprecated in v4, will be removed in v5 | |
| Description: 'Route table public (deprecated in v4, will be removed in v5).' | |
| Value: !Ref RouteTablePublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTablePublic' | |
| RouteTablesPrivate: | |
| Description: 'Route tables private.' | |
| Value: !Join [',', [!Ref RouteTablePrivate, !Ref RouteTableBPrivate]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTablesPrivate' | |
| RouteTablesPublic: | |
| Description: 'Route tables public.' | |
| Value: !Join [',', [!Ref RouteTablePublic, !Ref RouteTableBPublic]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTablesPublic' | |
| SubnetAPublic: | |
| Description: 'Subnet A public.' | |
| Value: !Ref SubnetAPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetAPublic' | |
| RouteTableAPublic: | |
| Description: 'Route table A public.' | |
| Value: !Ref RouteTablePublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableAPublic' | |
| SubnetAPrivate: | |
| Description: 'Subnet A private.' | |
| Value: !Ref SubnetAPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetAPrivate' | |
| RouteTableAPrivate: | |
| Description: 'Route table A private.' | |
| Value: !Ref RouteTablePrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableAPrivate' | |
| SubnetBPublic: | |
| Description: 'Subnet B public.' | |
| Value: !Ref SubnetBPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetBPublic' | |
| RouteTableBPublic: | |
| Description: 'Route table B public.' | |
| Value: !Ref RouteTableBPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableBPublic' | |
| SubnetBPrivate: | |
| Description: 'Subnet B private.' | |
| Value: !Ref SubnetBPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetBPrivate' | |
| RouteTableBPrivate: | |
| Description: 'Route table B private.' | |
| Value: !Ref RouteTableBPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableBPrivate' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment