Created
October 20, 2019 16:04
-
-
Save javigs82/6553bd72284297bfa7d2e2a624d5a2aa to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Copyright 2018 | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # http://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'VPC: public and private subnets in three availability zones, a template' | |
| Metadata: | |
| 'AWS::CloudFormation::Interface': | |
| ParameterGroups: | |
| - Label: | |
| default: 'VPC Parameters' | |
| Parameters: | |
| - ClassB | |
| Parameters: | |
| ClassB: | |
| Description: 'Class B of VPC (10.XXX.0.0/16)' | |
| Type: Number | |
| Default: 0 | |
| ConstraintDescription: 'Must be in the range [0-255]' | |
| MinValue: 0 | |
| MaxValue: 255 | |
| Resources: | |
| VPC: | |
| Type: 'AWS::EC2::VPC' | |
| Properties: | |
| CidrBlock: !Sub '10.${ClassB}.0.0/16' | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| InstanceTenancy: default | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-vpc' | |
| InternetGateway: | |
| Type: 'AWS::EC2::InternetGateway' | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-igw' | |
| VPCGatewayAttachment: | |
| Type: 'AWS::EC2::VPCGatewayAttachment' | |
| Properties: | |
| VpcId: !Ref VPC | |
| InternetGatewayId: !Ref InternetGateway | |
| SubnetAPublic: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [0, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.0.0/20' | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-A-public-sn' | |
| - Key: Reach | |
| Value: public | |
| SubnetAPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [0, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.16.0/20' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-A-private-sn' | |
| - Key: Reach | |
| Value: private | |
| SubnetBPublic: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [1, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.32.0/20' | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-B-public-sn' | |
| - Key: Reach | |
| Value: public | |
| SubnetBPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [1, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.48.0/20' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-B-private-sn' | |
| - Key: Reach | |
| Value: private | |
| SubnetCPublic: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [2, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.64.0/20' | |
| MapPublicIpOnLaunch: true | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-C-public-sn' | |
| - Key: Reach | |
| Value: public | |
| SubnetCPrivate: | |
| Type: 'AWS::EC2::Subnet' | |
| Properties: | |
| AvailabilityZone: !Select [2, !GetAZs ''] | |
| CidrBlock: !Sub '10.${ClassB}.80.0/20' | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-C-private-sn' | |
| - Key: Reach | |
| Value: private | |
| RouteTablePublic: # should be RouteTableAPublic, but logical id was not changed for backward compatibility | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-A-public-rt' | |
| RouteTablePrivate: # should be RouteTableAPrivate, but logical id was not changed for backward compatibility | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-A-private-rt' | |
| RouteTableBPublic: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-B-public-rt' | |
| RouteTableBPrivate: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-B-private-rt' | |
| RouteTableCPublic: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-C-public-rt' | |
| RouteTableCPrivate: | |
| Type: 'AWS::EC2::RouteTable' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-C-private-rt' | |
| RouteTableAssociationAPublic: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPublic | |
| RouteTableId: !Ref RouteTablePublic | |
| RouteTableAssociationAPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPrivate | |
| RouteTableId: !Ref RouteTablePrivate | |
| RouteTableAssociationBPublic: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPublic | |
| RouteTableId: !Ref RouteTableBPublic | |
| RouteTableAssociationBPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPrivate | |
| RouteTableId: !Ref RouteTableBPrivate | |
| RouteTableAssociationCPublic: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetCPublic | |
| RouteTableId: !Ref RouteTableCPublic | |
| RouteTableAssociationCPrivate: | |
| Type: 'AWS::EC2::SubnetRouteTableAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetCPrivate | |
| RouteTableId: !Ref RouteTableCPrivate | |
| RouteTablePublicInternetRoute: # should be RouteTablePublicAInternetRoute, but logical id was not changed for backward compatibility | |
| Type: 'AWS::EC2::Route' | |
| DependsOn: VPCGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref RouteTablePublic | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| GatewayId: !Ref InternetGateway | |
| RouteTablePublicBInternetRoute: | |
| Type: 'AWS::EC2::Route' | |
| DependsOn: VPCGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref RouteTableBPublic | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| GatewayId: !Ref InternetGateway | |
| RouteTablePublicCInternetRoute: | |
| Type: 'AWS::EC2::Route' | |
| DependsOn: VPCGatewayAttachment | |
| Properties: | |
| RouteTableId: !Ref RouteTableCPublic | |
| DestinationCidrBlock: '0.0.0.0/0' | |
| GatewayId: !Ref InternetGateway | |
| NetworkAclPublic: | |
| Type: 'AWS::EC2::NetworkAcl' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-public-acl' | |
| NetworkAclPrivate: | |
| Type: 'AWS::EC2::NetworkAcl' | |
| Properties: | |
| VpcId: !Ref VPC | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${AWS::StackName}-private-acl' | |
| SubnetNetworkAclAssociationAPublic: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPublic | |
| NetworkAclId: !Ref NetworkAclPublic | |
| SubnetNetworkAclAssociationAPrivate: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetAPrivate | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| SubnetNetworkAclAssociationBPublic: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPublic | |
| NetworkAclId: !Ref NetworkAclPublic | |
| SubnetNetworkAclAssociationBPrivate: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetBPrivate | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| SubnetNetworkAclAssociationCPublic: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetCPublic | |
| NetworkAclId: !Ref NetworkAclPublic | |
| SubnetNetworkAclAssociationCPrivate: | |
| Type: 'AWS::EC2::SubnetNetworkAclAssociation' | |
| Properties: | |
| SubnetId: !Ref SubnetCPrivate | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| NetworkAclEntryInPublicAllowAll: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPublic | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: false | |
| CidrBlock: '0.0.0.0/0' | |
| NetworkAclEntryOutPublicAllowAll: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPublic | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: true | |
| CidrBlock: '0.0.0.0/0' | |
| NetworkAclEntryInPrivateAllowVPC: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: false | |
| CidrBlock: '0.0.0.0/0' | |
| NetworkAclEntryOutPrivateAllowVPC: | |
| Type: 'AWS::EC2::NetworkAclEntry' | |
| Properties: | |
| NetworkAclId: !Ref NetworkAclPrivate | |
| RuleNumber: 99 | |
| Protocol: -1 | |
| RuleAction: allow | |
| Egress: true | |
| CidrBlock: '0.0.0.0/0' | |
| Outputs: | |
| TemplateID: | |
| Description: 'javigs82.me template id.' | |
| Value: 'networking-3azs' | |
| TemplateVersion: | |
| Description: 'javigs82.me template version.' | |
| Value: '__VERSION__' | |
| StackName: | |
| Description: 'Stack name.' | |
| Value: !Sub '${AWS::StackName}' | |
| AZs: | |
| Description: 'AZs' | |
| Value: 3 | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZs' | |
| AZA: | |
| Description: 'AZ of A' | |
| Value: !Select [0, !GetAZs ''] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZA' | |
| AZB: | |
| Description: 'AZ of B' | |
| Value: !Select [1, !GetAZs ''] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZB' | |
| AZC: | |
| Description: 'AZ of C' | |
| Value: !Select [2, !GetAZs ''] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-AZC' | |
| CidrBlock: | |
| Description: 'The set of IP addresses for the VPC.' | |
| Value: !GetAtt 'VPC.CidrBlock' | |
| Export: | |
| Name: !Sub '${AWS::StackName}-CidrBlock' | |
| VPC: | |
| Description: 'VPC.' | |
| Value: !Ref VPC | |
| Export: | |
| Name: !Sub '${AWS::StackName}-VPC' | |
| SubnetsPublic: | |
| Description: 'Subnets public.' | |
| Value: !Join [',', [!Ref SubnetAPublic, !Ref SubnetBPublic, !Ref SubnetCPublic]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetsPublic' | |
| SubnetsPrivate: | |
| Description: 'Subnets private.' | |
| Value: !Join [',', [!Ref SubnetAPrivate, !Ref SubnetBPrivate, !Ref SubnetCPrivate]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetsPrivate' | |
| RouteTablesPrivate: | |
| Description: 'Route tables private.' | |
| Value: !Join [',', [!Ref RouteTablePrivate, !Ref RouteTableBPrivate, !Ref RouteTableCPrivate]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTablesPrivate' | |
| RouteTablesPublic: | |
| Description: 'Route tables public.' | |
| Value: !Join [',', [!Ref RouteTablePublic, !Ref RouteTableBPublic, !Ref RouteTableCPublic]] | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTablesPublic' | |
| SubnetAPublic: | |
| Description: 'Subnet A public.' | |
| Value: !Ref SubnetAPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetAPublic' | |
| RouteTableAPublic: | |
| Description: 'Route table A public.' | |
| Value: !Ref RouteTablePublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableAPublic' | |
| SubnetAPrivate: | |
| Description: 'Subnet A private.' | |
| Value: !Ref SubnetAPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetAPrivate' | |
| RouteTableAPrivate: | |
| Description: 'Route table A private.' | |
| Value: !Ref RouteTablePrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableAPrivate' | |
| SubnetBPublic: | |
| Description: 'Subnet B public.' | |
| Value: !Ref SubnetBPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetBPublic' | |
| RouteTableBPublic: | |
| Description: 'Route table B public.' | |
| Value: !Ref RouteTableBPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableBPublic' | |
| SubnetBPrivate: | |
| Description: 'Subnet B private.' | |
| Value: !Ref SubnetBPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetBPrivate' | |
| RouteTableBPrivate: | |
| Description: 'Route table B private.' | |
| Value: !Ref RouteTableBPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableBPrivate' | |
| SubnetCPublic: | |
| Description: 'Subnet C public.' | |
| Value: !Ref SubnetCPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetCPublic' | |
| RouteTableCPublic: | |
| Description: 'Route table C public.' | |
| Value: !Ref RouteTableCPublic | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableCPublic' | |
| SubnetCPrivate: | |
| Description: 'Subnet C private.' | |
| Value: !Ref SubnetCPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-SubnetCPrivate' | |
| RouteTableCPrivate: | |
| Description: 'Route table C private.' | |
| Value: !Ref RouteTableCPrivate | |
| Export: | |
| Name: !Sub '${AWS::StackName}-RouteTableCPrivate' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment