File:  [Local Repository] / templates / aws / vpc-public-private-nat-igw.json
Revision 1.1: download - view: text, annotated - select for diffs
Wed Aug 5 13:45:35 2015 UTC (9 years, 4 months ago) by nick
Branches: MAIN
CVS tags: HEAD
Added AWS Cloudformation Template for VPC with a public and private subnet with IGW and NAT instances configured.

{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "CloudFormation template for a generic VPC with public and private subnets (with private network Internet access via NAT)",

  "Parameters" : {
    
    "KeyPairName" : {
      "Description" : "Name of an existing EC2 KeyPair (find or create here: https://console.aws.amazon.com/ec2/v2/home#KeyPairs: )",
      "Type" : "String",
      "MinLength": "1",
      "MaxLength": "64",
      "AllowedPattern" : "[-_ a-zA-Z0-9]*",
      "ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
    },

    "ServerAccess" : {
      "Description" : "CIDR IP range allowed to login to the NAT instance",
      "Type" : "String",
      "MinLength": "9",
      "MaxLength": "18",
      "Default" : "0.0.0.0/0",
      "AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x."
    }
    
  },

  "Mappings" : {
    "SubnetConfig" : {
      "VPC"     : { "CIDR" : "10.44.0.0/16" },
      "Public"  : { "CIDR" : "10.44.0.0/24" },
      "Private" : { "CIDR" : "10.44.1.0/24" }
    },
    "NatRegionMap" : {
      "us-east-1"      : { "AMI" : "ami-184dc970" },
      "us-west-1"      : { "AMI" : "ami-a98396ec" },
      "us-west-2"      : { "AMI" : "ami-290f4119" },
      "eu-west-1"      : { "AMI" : "ami-14913f63" },
      "eu-central-1"   : { "AMI" : "ami-ae380eb3" },
      "sa-east-1"      : { "AMI" : "ami-8122969c" },
      "ap-southeast-1" : { "AMI" : "ami-6aa38238" },
      "ap-southeast-2" : { "AMI" : "ami-893f53b3" },
      "ap-northeast-1" : { "AMI" : "ami-27d6e626" }
    }
  },

  "Resources" : {

    "VPC" : {
      "Type" : "AWS::EC2::VPC",
      "Properties" : {
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]},
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Public" },
      { "Key" : "Name", "Value" : "NAT VPC" }
        ]
      }
    },

    "PublicSubnet" : {
      "DependsOn" : ["VPC"],
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Public", "CIDR" ]},
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Public" },
      { "Key" : "Name", "Value" : "Public Subnet" }
        ]
      }
    },

    "InternetGateway" : {
      "Type" : "AWS::EC2::InternetGateway",
      "Properties" : {
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Public" }
        ]
      }
    },

    "GatewayToInternet" : {
       "DependsOn" : ["VPC", "InternetGateway"],
       "Type" : "AWS::EC2::VPCGatewayAttachment",
       "Properties" : {
         "VpcId" : { "Ref" : "VPC" },
         "InternetGatewayId" : { "Ref" : "InternetGateway" }
       }
    },

    "PublicRouteTable" : {
      "DependsOn" : ["VPC"],
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Public" }
        ]
      }
    },

    "PublicRoute" : {
      "DependsOn" : ["PublicRouteTable", "InternetGateway"],
      "Type" : "AWS::EC2::Route",
      "Properties" : {
        "RouteTableId" : { "Ref" : "PublicRouteTable" },
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : { "Ref" : "InternetGateway" }
      }
    },

    "PublicSubnetRouteTableAssociation" : {
      "DependsOn" : ["PublicSubnet", "PublicRouteTable"],
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "PublicSubnet" },
        "RouteTableId" : { "Ref" : "PublicRouteTable" }
      }
    },

    "PrivateSubnet" : {
      "DependsOn" : ["VPC"],
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Private", "CIDR" ]},
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Private" },
      { "Key" : "Name", "Value" : "Private Subnet" }
        ]
      }
    },

    "PrivateRouteTable" : {
      "DependsOn" : ["VPC"],
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Private" }
        ]
      }
    },

    "PrivateSubnetRouteTableAssociation" : {
      "DependsOn" : ["PrivateSubnet", "PrivateRouteTable"],
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "PrivateSubnet" },
        "RouteTableId" : { "Ref" : "PrivateRouteTable" }
      }
    },

    "NatSecurityGroup" : {
      "DependsOn" : ["VPC"],
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "NAT Security Group",
        "VpcId" : { "Ref" : "VPC" },
    "SecurityGroupIngress" : [{
            "IpProtocol" : "tcp",
            "FromPort" : "22",
            "ToPort" : "22",
            "CidrIp" : { "Ref" : "ServerAccess" }
        },{
            "IpProtocol" : "tcp",
            "FromPort" : "3389",
            "ToPort" : "3389",
            "CidrIp" : { "Ref" : "ServerAccess" }
        }],
    "Tags" : [
      { "Key" : "Name", "Value" : "NAT Security Group" }
        ]
      }
    },

    "NatSecurityGroupIngress1" : {
      "DependsOn" : ["NatSecurityGroup"],
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
    "GroupId": { "Ref": "NatSecurityGroup" },
    "IpProtocol": "icmp",
    "FromPort": "-1",
    "ToPort": "-1",
    "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
      }
    },

    "NatSecurityGroupIngress22" : {
      "DependsOn" : ["NatSecurityGroup"],
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
    "GroupId": { "Ref": "NatSecurityGroup" },
    "IpProtocol": "tcp",
    "FromPort": "22",
    "ToPort": "22",
    "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
      }
    },
    
    "NatSecurityGroupIngress3389" : {
      "DependsOn" : ["NatSecurityGroup"],
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
    "GroupId": { "Ref": "NatSecurityGroup" },
    "IpProtocol": "tcp",
    "FromPort": "3389",
    "ToPort": "3389",
    "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
      }
    },

    "NatSecurityGroupIngress80" : {
      "DependsOn" : ["NatSecurityGroup"],
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
    "GroupId": { "Ref": "NatSecurityGroup" },
    "IpProtocol": "tcp",
    "FromPort": "80",
    "ToPort": "80",
    "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
      }
    },

    "NatSecurityGroupIngress443" : {
      "DependsOn" : ["NatSecurityGroup"],
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
    "GroupId": { "Ref": "NatSecurityGroup" },
    "IpProtocol": "tcp",
    "FromPort": "443",
    "ToPort": "443",
    "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" }
      }
    },

    "NAT" : {
      "DependsOn" : ["PublicSubnet", "NatSecurityGroup"],
      "Type" : "AWS::EC2::Instance",
      "Properties" : {
        "InstanceType" : "t2.micro",
        "KeyName"  : { "Ref" : "KeyPairName" },
        "SourceDestCheck" : "false",
        "ImageId" : { "Fn::FindInMap" : [ "NatRegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
    "NetworkInterfaces" : [{
          "GroupSet"                 : [{ "Ref" : "NatSecurityGroup" }],
          "AssociatePublicIpAddress" : "true",
          "DeviceIndex"              : "0",
          "DeleteOnTermination"      : "true",
          "SubnetId"                 : { "Ref" : "PublicSubnet" }
        }],
    "Tags" : [
      { "Key" : "Name", "Value" : "NAT" }
        ],
    "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
      "#!/bin/bash\n",
      "yum update -y && yum install -y yum-cron && chkconfig yum-cron on"
    ]]}}
      }
    },

    "PrivateRoute" : {
      "DependsOn" : ["PrivateRouteTable", "NAT"],
      "Type" : "AWS::EC2::Route",
      "Properties" : {
        "RouteTableId" : { "Ref" : "PrivateRouteTable" },
        "DestinationCidrBlock" : "0.0.0.0/0",
        "InstanceId" : { "Ref" : "NAT" }
      }
    }

  },

  "Outputs" : {
    "NATIP" : {
      "Description" : "NAT IP address",
      "Value" : { "Fn::GetAtt" : [ "NAT", "PublicIp" ] }
    }
  }
  
}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>