Annotation of templates/aws/vpc-public-private-nat-igw.json, revision 1.1
1.1 ! nick 1: {
! 2: "AWSTemplateFormatVersion" : "2010-09-09",
! 3:
! 4: "Description" : "CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)",
! 5:
! 6: "Parameters" : {
! 7:
! 8: "KeyPairName" : {
! 9: "Description" : "Name of an existing EC2 KeyPair (find or create here: https://console.aws.amazon.com/ec2/v2/home#KeyPairs: )",
! 10: "Type" : "String",
! 11: "MinLength": "1",
! 12: "MaxLength": "64",
! 13: "AllowedPattern" : "[-_ a-zA-Z0-9]*",
! 14: "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
! 15: },
! 16:
! 17: "ServerAccess" : {
! 18: "Description" : "CIDR IP range allowed to login to the NAT instance",
! 19: "Type" : "String",
! 20: "MinLength": "9",
! 21: "MaxLength": "18",
! 22: "Default" : "0.0.0.0/0",
! 23: "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
! 24: "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x."
! 25: }
! 26:
! 27: },
! 28:
! 29: "Mappings" : {
! 30: "SubnetConfig" : {
! 31: "VPC" : { "CIDR" : "10.44.0.0/16" },
! 32: "Public" : { "CIDR" : "10.44.0.0/24" },
! 33: "Private" : { "CIDR" : "10.44.1.0/24" }
! 34: },
! 35: "NatRegionMap" : {
! 36: "us-east-1" : { "AMI" : "ami-184dc970" },
! 37: "us-west-1" : { "AMI" : "ami-a98396ec" },
! 38: "us-west-2" : { "AMI" : "ami-290f4119" },
! 39: "eu-west-1" : { "AMI" : "ami-14913f63" },
! 40: "eu-central-1" : { "AMI" : "ami-ae380eb3" },
! 41: "sa-east-1" : { "AMI" : "ami-8122969c" },
! 42: "ap-southeast-1" : { "AMI" : "ami-6aa38238" },
! 43: "ap-southeast-2" : { "AMI" : "ami-893f53b3" },
! 44: "ap-northeast-1" : { "AMI" : "ami-27d6e626" }
! 45: }
! 46: },
! 47:
! 48: "Resources" : {
! 49:
! 50: "VPC" : {
! 51: "Type" : "AWS::EC2::VPC",
! 52: "Properties" : {
! 53: "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]},
! 54: "Tags" : [
! 55: { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
! 56: { "Key" : "Network", "Value" : "Public" },
! 57: { "Key" : "Name", "Value" : "NAT VPC" }
! 58: ]
! 59: }
! 60: },
! 61:
! 62: "PublicSubnet" : {
! 63: "DependsOn" : ["VPC"],
! 64: "Type" : "AWS::EC2::Subnet",
! 65: "Properties" : {
! 66: "VpcId" : { "Ref" : "VPC" },
! 67: "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]},
! 68: "Tags" : [
! 69: { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
! 70: { "Key" : "Network", "Value" : "Public" },
! 71: { "Key" : "Name", "Value" : "Public Subnet" }
! 72: ]
! 73: }
! 74: },
! 75:
! 76: "InternetGateway" : {
! 77: "Type" : "AWS::EC2::InternetGateway",
! 78: "Properties" : {
! 79: "Tags" : [
! 80: { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
! 81: { "Key" : "Network", "Value" : "Public" }
! 82: ]
! 83: }
! 84: },
! 85:
! 86: "GatewayToInternet" : {
! 87: "DependsOn" : ["VPC", "InternetGateway"],
! 88: "Type" : "AWS::EC2::VPCGatewayAttachment",
! 89: "Properties" : {
! 90: "VpcId" : { "Ref" : "VPC" },
! 91: "InternetGatewayId" : { "Ref" : "InternetGateway" }
! 92: }
! 93: },
! 94:
! 95: "PublicRouteTable" : {
! 96: "DependsOn" : ["VPC"],
! 97: "Type" : "AWS::EC2::RouteTable",
! 98: "Properties" : {
! 99: "VpcId" : { "Ref" : "VPC" },
! 100: "Tags" : [
! 101: { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
! 102: { "Key" : "Network", "Value" : "Public" }
! 103: ]
! 104: }
! 105: },
! 106:
! 107: "PublicRoute" : {
! 108: "DependsOn" : ["PublicRouteTable", "InternetGateway"],
! 109: "Type" : "AWS::EC2::Route",
! 110: "Properties" : {
! 111: "RouteTableId" : { "Ref" : "PublicRouteTable" },
! 112: "DestinationCidrBlock" : "0.0.0.0/0",
! 113: "GatewayId" : { "Ref" : "InternetGateway" }
! 114: }
! 115: },
! 116:
! 117: "PublicSubnetRouteTableAssociation" : {
! 118: "DependsOn" : ["PublicSubnet", "PublicRouteTable"],
! 119: "Type" : "AWS::EC2::SubnetRouteTableAssociation",
! 120: "Properties" : {
! 121: "SubnetId" : { "Ref" : "PublicSubnet" },
! 122: "RouteTableId" : { "Ref" : "PublicRouteTable" }
! 123: }
! 124: },
! 125:
! 126: "PrivateSubnet" : {
! 127: "DependsOn" : ["VPC"],
! 128: "Type" : "AWS::EC2::Subnet",
! 129: "Properties" : {
! 130: "VpcId" : { "Ref" : "VPC" },
! 131: "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]},
! 132: "Tags" : [
! 133: { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
! 134: { "Key" : "Network", "Value" : "Private" },
! 135: { "Key" : "Name", "Value" : "Private Subnet" }
! 136: ]
! 137: }
! 138: },
! 139:
! 140: "PrivateRouteTable" : {
! 141: "DependsOn" : ["VPC"],
! 142: "Type" : "AWS::EC2::RouteTable",
! 143: "Properties" : {
! 144: "VpcId" : { "Ref" : "VPC" },
! 145: "Tags" : [
! 146: { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
! 147: { "Key" : "Network", "Value" : "Private" }
! 148: ]
! 149: }
! 150: },
! 151:
! 152: "PrivateSubnetRouteTableAssociation" : {
! 153: "DependsOn" : ["PrivateSubnet", "PrivateRouteTable"],
! 154: "Type" : "AWS::EC2::SubnetRouteTableAssociation",
! 155: "Properties" : {
! 156: "SubnetId" : { "Ref" : "PrivateSubnet" },
! 157: "RouteTableId" : { "Ref" : "PrivateRouteTable" }
! 158: }
! 159: },
! 160:
! 161: "NatSecurityGroup" : {
! 162: "DependsOn" : ["VPC"],
! 163: "Type" : "AWS::EC2::SecurityGroup",
! 164: "Properties" : {
! 165: "GroupDescription" : "NAT Security Group",
! 166: "VpcId" : { "Ref" : "VPC" },
! 167: "SecurityGroupIngress" : [{
! 168: "IpProtocol" : "tcp",
! 169: "FromPort" : "22",
! 170: "ToPort" : "22",
! 171: "CidrIp" : { "Ref" : "ServerAccess" }
! 172: },{
! 173: "IpProtocol" : "tcp",
! 174: "FromPort" : "3389",
! 175: "ToPort" : "3389",
! 176: "CidrIp" : { "Ref" : "ServerAccess" }
! 177: }],
! 178: "Tags" : [
! 179: { "Key" : "Name", "Value" : "NAT Security Group" }
! 180: ]
! 181: }
! 182: },
! 183:
! 184: "NatSecurityGroupIngress1" : {
! 185: "DependsOn" : ["NatSecurityGroup"],
! 186: "Type": "AWS::EC2::SecurityGroupIngress",
! 187: "Properties": {
! 188: "GroupId": { "Ref": "NatSecurityGroup" },
! 189: "IpProtocol": "icmp",
! 190: "FromPort": "-1",
! 191: "ToPort": "-1",
! 192: "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
! 193: }
! 194: },
! 195:
! 196: "NatSecurityGroupIngress22" : {
! 197: "DependsOn" : ["NatSecurityGroup"],
! 198: "Type": "AWS::EC2::SecurityGroupIngress",
! 199: "Properties": {
! 200: "GroupId": { "Ref": "NatSecurityGroup" },
! 201: "IpProtocol": "tcp",
! 202: "FromPort": "22",
! 203: "ToPort": "22",
! 204: "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
! 205: }
! 206: },
! 207:
! 208: "NatSecurityGroupIngress3389" : {
! 209: "DependsOn" : ["NatSecurityGroup"],
! 210: "Type": "AWS::EC2::SecurityGroupIngress",
! 211: "Properties": {
! 212: "GroupId": { "Ref": "NatSecurityGroup" },
! 213: "IpProtocol": "tcp",
! 214: "FromPort": "3389",
! 215: "ToPort": "3389",
! 216: "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
! 217: }
! 218: },
! 219:
! 220: "NatSecurityGroupIngress80" : {
! 221: "DependsOn" : ["NatSecurityGroup"],
! 222: "Type": "AWS::EC2::SecurityGroupIngress",
! 223: "Properties": {
! 224: "GroupId": { "Ref": "NatSecurityGroup" },
! 225: "IpProtocol": "tcp",
! 226: "FromPort": "80",
! 227: "ToPort": "80",
! 228: "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
! 229: }
! 230: },
! 231:
! 232: "NatSecurityGroupIngress443" : {
! 233: "DependsOn" : ["NatSecurityGroup"],
! 234: "Type": "AWS::EC2::SecurityGroupIngress",
! 235: "Properties": {
! 236: "GroupId": { "Ref": "NatSecurityGroup" },
! 237: "IpProtocol": "tcp",
! 238: "FromPort": "443",
! 239: "ToPort": "443",
! 240: "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
! 241: }
! 242: },
! 243:
! 244: "NAT" : {
! 245: "DependsOn" : ["PublicSubnet", "NatSecurityGroup"],
! 246: "Type" : "AWS::EC2::Instance",
! 247: "Properties" : {
! 248: "InstanceType" : "t2.micro",
! 249: "KeyName" : { "Ref" : "KeyPairName" },
! 250: "SourceDestCheck" : "false",
! 251: "ImageId" : { "Fn::FindInMap" : [ "NatRegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
! 252: "NetworkInterfaces" : [{
! 253: "GroupSet" : [{ "Ref" : "NatSecurityGroup" }],
! 254: "AssociatePublicIpAddress" : "true",
! 255: "DeviceIndex" : "0",
! 256: "DeleteOnTermination" : "true",
! 257: "SubnetId" : { "Ref" : "PublicSubnet" }
! 258: }],
! 259: "Tags" : [
! 260: { "Key" : "Name", "Value" : "NAT" }
! 261: ],
! 262: "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
! 263: "#!/bin/bash\n",
! 264: "yum update -y && yum install -y yum-cron && chkconfig yum-cron on"
! 265: ]]}}
! 266: }
! 267: },
! 268:
! 269: "PrivateRoute" : {
! 270: "DependsOn" : ["PrivateRouteTable", "NAT"],
! 271: "Type" : "AWS::EC2::Route",
! 272: "Properties" : {
! 273: "RouteTableId" : { "Ref" : "PrivateRouteTable" },
! 274: "DestinationCidrBlock" : "0.0.0.0/0",
! 275: "InstanceId" : { "Ref" : "NAT" }
! 276: }
! 277: }
! 278:
! 279: },
! 280:
! 281: "Outputs" : {
! 282: "NATIP" : {
! 283: "Description" : "NAT IP address",
! 284: "Value" : { "Fn::GetAtt" : [ "NAT", "PublicIp" ] }
! 285: }
! 286: }
! 287:
! 288: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to vpc-public-private-nat-igw.json CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Local Repository] / templates / aws