Created
November 25, 2014 22:45
-
-
Save anonymous/0e3c3a5097e564892e36 to your computer and use it in GitHub Desktop.
CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)", | |
| "Parameters" : { | |
| "KeyPairName" : { | |
| "Description" : "Name of an existing EC2 KeyPair (find or create here: https://console.aws.amazon.com/ec2/v2/home#KeyPairs: )", | |
| "Type" : "String", | |
| "MinLength": "1", | |
| "MaxLength": "64", | |
| "AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
| "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
| }, | |
| "ServerAccess" : { | |
| "Description" : "CIDR IP range allowed to login to the NAT instance", | |
| "Type" : "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default" : "0.0.0.0/0", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| } | |
| }, | |
| "Mappings" : { | |
| "SubnetConfig" : { | |
| "VPC" : { "CIDR" : "10.44.0.0/16" }, | |
| "Public" : { "CIDR" : "10.44.0.0/24" }, | |
| "Private" : { "CIDR" : "10.44.1.0/24" } | |
| }, | |
| "NatRegionMap" : { | |
| "us-east-1" : { "AMI" : "ami-184dc970" }, | |
| "us-west-1" : { "AMI" : "ami-a98396ec" }, | |
| "us-west-2" : { "AMI" : "ami-290f4119" }, | |
| "eu-west-1" : { "AMI" : "ami-14913f63" }, | |
| "eu-central-1" : { "AMI" : "ami-ae380eb3" }, | |
| "sa-east-1" : { "AMI" : "ami-8122969c" }, | |
| "ap-southeast-1" : { "AMI" : "ami-6aa38238" }, | |
| "ap-southeast-2" : { "AMI" : "ami-893f53b3" }, | |
| "ap-northeast-1" : { "AMI" : "ami-27d6e626" } | |
| } | |
| }, | |
| "Resources" : { | |
| "VPC" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" }, | |
| { "Key" : "Name", "Value" : "NAT VPC" } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" }, | |
| { "Key" : "Name", "Value" : "Public Subnet" } | |
| ] | |
| } | |
| }, | |
| "InternetGateway" : { | |
| "Type" : "AWS::EC2::InternetGateway", | |
| "Properties" : { | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" } | |
| ] | |
| } | |
| }, | |
| "GatewayToInternet" : { | |
| "DependsOn" : ["VPC", "InternetGateway"], | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "InternetGatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicRouteTable" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" } | |
| ] | |
| } | |
| }, | |
| "PublicRoute" : { | |
| "DependsOn" : ["PublicRouteTable", "InternetGateway"], | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "GatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicSubnetRouteTableAssociation" : { | |
| "DependsOn" : ["PublicSubnet", "PublicRouteTable"], | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PublicSubnet" }, | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" } | |
| } | |
| }, | |
| "PrivateSubnet" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Private" }, | |
| { "Key" : "Name", "Value" : "Private Subnet" } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Private" } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnetRouteTableAssociation" : { | |
| "DependsOn" : ["PrivateSubnet", "PrivateRouteTable"], | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PrivateSubnet" }, | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
| } | |
| }, | |
| "NatSecurityGroup" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "NAT Security Group", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "SecurityGroupIngress" : [{ | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "22", | |
| "ToPort" : "22", | |
| "CidrIp" : { "Ref" : "ServerAccess" } | |
| },{ | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "3389", | |
| "ToPort" : "3389", | |
| "CidrIp" : { "Ref" : "ServerAccess" } | |
| }], | |
| "Tags" : [ | |
| { "Key" : "Name", "Value" : "NAT Security Group" } | |
| ] | |
| } | |
| }, | |
| "NatSecurityGroupIngress1" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "icmp", | |
| "FromPort": "-1", | |
| "ToPort": "-1", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress22" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress3389" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "3389", | |
| "ToPort": "3389", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress80" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress443" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NAT" : { | |
| "DependsOn" : ["PublicSubnet", "NatSecurityGroup"], | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "InstanceType" : "t2.micro", | |
| "KeyName" : { "Ref" : "KeyPairName" }, | |
| "SourceDestCheck" : "false", | |
| "ImageId" : { "Fn::FindInMap" : [ "NatRegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
| "NetworkInterfaces" : [{ | |
| "GroupSet" : [{ "Ref" : "NatSecurityGroup" }], | |
| "AssociatePublicIpAddress" : "true", | |
| "DeviceIndex" : "0", | |
| "DeleteOnTermination" : "true", | |
| "SubnetId" : { "Ref" : "PublicSubnet" } | |
| }], | |
| "Tags" : [ | |
| { "Key" : "Name", "Value" : "NAT" } | |
| ], | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash\n", | |
| "yum update -y && yum install -y yum-cron && chkconfig yum-cron on" | |
| ]]}} | |
| } | |
| }, | |
| "PrivateRoute" : { | |
| "DependsOn" : ["PrivateRouteTable", "NAT"], | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "InstanceId" : { "Ref" : "NAT" } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "NATIP" : { | |
| "Description" : "NAT IP address", | |
| "Value" : { "Fn::GetAtt" : [ "NAT", "PublicIp" ] } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment