-
-
Save justinclayton/0285ea2b8b8f8cfb7461 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion" : "2010-09-09", | |
| "Description" : "CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)", | |
| "Parameters" : { | |
| "KeyPairName" : { | |
| "Description" : "Name of an existing EC2 KeyPair (find or create here: https://console.aws.amazon.com/ec2/v2/home#KeyPairs: )", | |
| "Type" : "String", | |
| "MinLength": "1", | |
| "MaxLength": "64", | |
| "AllowedPattern" : "[-_ a-zA-Z0-9]*", | |
| "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores." | |
| }, | |
| "ServerAccess" : { | |
| "Description" : "CIDR IP range allowed to login to the NAT instance", | |
| "Type" : "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default" : "0.0.0.0/0", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "VpcCidr": { | |
| "Description": "CIDR IP range for the Vpc", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "10.44.0.0/16", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "PublicSubnetCidr": { | |
| "Description": "CIDR IP range for the PublicSubnet", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "10.44.0.0/24", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| }, | |
| "PrivateSubnetCidr": { | |
| "Description": "CIDR IP range for the PrivateSubnet", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "10.44.1.0/24", | |
| "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x." | |
| } | |
| }, | |
| "Mappings" : { | |
| "SubnetConfig" : { | |
| "VPC" : { "CIDR" : { "Ref" : "VpcCidr" } }, | |
| "Public" : { "CIDR" : { "Ref" : "PublicSubnetCidr" } }, | |
| "Private" : { "CIDR" : { "Ref" : "PrivateSubnetCidr" } } | |
| }, | |
| "NatRegionMap" : { | |
| "us-east-1" : { "AMI" : "ami-184dc970" }, | |
| "us-west-1" : { "AMI" : "ami-a98396ec" }, | |
| "us-west-2" : { "AMI" : "ami-290f4119" }, | |
| "eu-west-1" : { "AMI" : "ami-14913f63" }, | |
| "eu-central-1" : { "AMI" : "ami-ae380eb3" }, | |
| "sa-east-1" : { "AMI" : "ami-8122969c" }, | |
| "ap-southeast-1" : { "AMI" : "ami-6aa38238" }, | |
| "ap-southeast-2" : { "AMI" : "ami-893f53b3" }, | |
| "ap-northeast-1" : { "AMI" : "ami-27d6e626" } | |
| } | |
| }, | |
| "Resources" : { | |
| "VPC" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" }, | |
| { "Key" : "Name", "Value" : "NAT VPC" } | |
| ] | |
| } | |
| }, | |
| "PublicSubnet" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" }, | |
| { "Key" : "Name", "Value" : "Public Subnet" } | |
| ] | |
| } | |
| }, | |
| "InternetGateway" : { | |
| "Type" : "AWS::EC2::InternetGateway", | |
| "Properties" : { | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" } | |
| ] | |
| } | |
| }, | |
| "GatewayToInternet" : { | |
| "DependsOn" : ["VPC", "InternetGateway"], | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "InternetGatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicRouteTable" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Public" } | |
| ] | |
| } | |
| }, | |
| "PublicRoute" : { | |
| "DependsOn" : ["PublicRouteTable", "InternetGateway"], | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "GatewayId" : { "Ref" : "InternetGateway" } | |
| } | |
| }, | |
| "PublicSubnetRouteTableAssociation" : { | |
| "DependsOn" : ["PublicSubnet", "PublicRouteTable"], | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PublicSubnet" }, | |
| "RouteTableId" : { "Ref" : "PublicRouteTable" } | |
| } | |
| }, | |
| "PrivateSubnet" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]}, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Private" }, | |
| { "Key" : "Name", "Value" : "Private Subnet" } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "Tags" : [ | |
| { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, | |
| { "Key" : "Network", "Value" : "Private" } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnetRouteTableAssociation" : { | |
| "DependsOn" : ["PrivateSubnet", "PrivateRouteTable"], | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "SubnetId" : { "Ref" : "PrivateSubnet" }, | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" } | |
| } | |
| }, | |
| "NatSecurityGroup" : { | |
| "DependsOn" : ["VPC"], | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "NAT Security Group", | |
| "VpcId" : { "Ref" : "VPC" }, | |
| "SecurityGroupIngress" : [{ | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "22", | |
| "ToPort" : "22", | |
| "CidrIp" : { "Ref" : "ServerAccess" } | |
| },{ | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "3389", | |
| "ToPort" : "3389", | |
| "CidrIp" : { "Ref" : "ServerAccess" } | |
| }], | |
| "Tags" : [ | |
| { "Key" : "Name", "Value" : "NAT Security Group" } | |
| ] | |
| } | |
| }, | |
| "NatSecurityGroupIngress1" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "icmp", | |
| "FromPort": "-1", | |
| "ToPort": "-1", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress22" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress3389" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "3389", | |
| "ToPort": "3389", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress80" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress443" : { | |
| "DependsOn" : ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NAT" : { | |
| "DependsOn" : ["PublicSubnet", "NatSecurityGroup"], | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "InstanceType" : "t2.micro", | |
| "KeyName" : { "Ref" : "KeyPairName" }, | |
| "SourceDestCheck" : "false", | |
| "ImageId" : { "Fn::FindInMap" : [ "NatRegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, | |
| "NetworkInterfaces" : [{ | |
| "GroupSet" : [{ "Ref" : "NatSecurityGroup" }], | |
| "AssociatePublicIpAddress" : "true", | |
| "DeviceIndex" : "0", | |
| "DeleteOnTermination" : "true", | |
| "SubnetId" : { "Ref" : "PublicSubnet" } | |
| }], | |
| "Tags" : [ | |
| { "Key" : "Name", "Value" : "NAT" } | |
| ], | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash\n", | |
| "yum update -y && yum install -y yum-cron && chkconfig yum-cron on" | |
| ]]}} | |
| } | |
| }, | |
| "PrivateRoute" : { | |
| "DependsOn" : ["PrivateRouteTable", "NAT"], | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "RouteTableId" : { "Ref" : "PrivateRouteTable" }, | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "InstanceId" : { "Ref" : "NAT" } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "NATIP" : { | |
| "Description" : "NAT IP address", | |
| "Value" : { "Fn::GetAtt" : [ "NAT", "PublicIp" ] } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment