Millward2000 · October 5, 2021 08:07
diff --git a/tgw.yaml b/tgw.yaml
 Description: Base Template for TGW testing with three VPCs
 Parameters:
  AvailabilityZones:
    Description: 'Lists of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved.'
    Type: List<AWS::EC2::AvailabilityZone::Name>
  cgwPublicIp:
    Type: String
    Description: The public IP address of the customer side VPN Appliance
    Default: '1.1.1.1'
  cidrVpcA:
    Type: String
    Description: CIDR block for VPC-A
    Default: '10.64.0.0/16'
  cidrVpcB:
    Type: String
    Description: CIDR block for VPC-B
    Default: '10.65.0.0/16'
  cidrVpcC:
    Type: String
    Description: CIDR block for VPC-C
    Default: '10.66.0.0/16'
  cidrSubnetA:
    Type: String
    Description: CIDR block for Subnet-A
    Default: '10.64.0.0/24'
  cidrSubnetB:
    Type: String
    Description: CIDR block for Subnet-B
    Default: '10.65.0.0/24'
  cidrSubnetC:
    Type: String
    Description: CIDR block for Subnet-C
    Default: '10.66.0.0/24'
  keyName:
    Description: The existing AWS Key that you would like to use
    Type: AWS::EC2::KeyPair::KeyName
    Default: eu-west-1
  sgCidrSummary:
    Type: String
    Description: The summarised range of VPC Subnets that you would like to permit, ideally as a /14 assuming 3 /16 CIDR blocks and one for VPC
    Default: '10.64.0.0/16'
 Mappings:
  RegionMap:
    eu-west-1:
      ami: ami-0ffea00000f287d30
    af-south-1:
      ami: ami-050312a64b6fd7ad9
 Resources:
  myTransitGateway:
    Type: "AWS::EC2::TransitGateway"
    Properties:
      AmazonSideAsn: 65000
      Description: "TGW Route Integration Test"
      AutoAcceptSharedAttachments: "disable"
      DefaultRouteTableAssociation: "enable"
      DnsSupport: "enable"
      VpnEcmpSupport: "enable"
      Tags:
      - Key: Name
        Value: TGW
  myCustomerGateway: 
    Type: AWS::EC2::CustomerGateway
    Properties: 
        Type: ipsec.1
        BgpAsn: 65001
        IpAddress: !Ref cgwPublicIp
  myVPNConnection: 
    Type: AWS::EC2::VPNConnection
    Properties: 
      Type: ipsec.1
      StaticRoutesOnly: true
      CustomerGatewayId: 
        !Ref myCustomerGateway
      TransitGatewayId: 
        !Ref myTransitGateway
  myVpcA:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref cidrVpcA
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
      - Key: Name
        Value: VPC-A
  myVpcB:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref cidrVpcB
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
      - Key: Name
        Value: VPC-B
  myVpcC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: !Ref cidrVpcC
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
      - Key: Name
        Value: VPC-C
  mySubnetA:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref myVpcA
      CidrBlock: !Ref cidrSubnetA
      AvailabilityZone: !Select ['0', !Ref 'AvailabilityZones']
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: Subnet-A
  mySubnetB:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref myVpcB
      CidrBlock: !Ref cidrSubnetB
      AvailabilityZone: !Select ['0', !Ref 'AvailabilityZones']
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: Subnet-B
  mySubnetC:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref myVpcC
      CidrBlock: !Ref cidrSubnetC
      AvailabilityZone: !Select ['0', !Ref 'AvailabilityZones']
      MapPublicIpOnLaunch: true
      Tags:
      - Key: Name
        Value: Subnet-C
  myIgA:
    Type: 'AWS::EC2::InternetGateway'
  myIgAttachA:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      InternetGatewayId: !Ref myIgA
      VpcId: !Ref myVpcA
  myRtA:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref myVpcA
  myRouteA:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref myRtA
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myIgA
  mySrtaA:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref myRtA
      SubnetId: !Ref mySubnetA
  myIgB:
    Type: 'AWS::EC2::InternetGateway'
  myIgAttachB:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      InternetGatewayId: !Ref myIgB
      VpcId: !Ref myVpcB
  myRtB:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref myVpcB
  myRouteB:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref myRtB
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myIgB
  mySrtaB:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref myRtB
      SubnetId: !Ref mySubnetB
  myIgC:
    Type: 'AWS::EC2::InternetGateway'
  myIgAttachC:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      InternetGatewayId: !Ref myIgC
      VpcId: !Ref myVpcC
  myRtC:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref myVpcC
  myRouteC:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref myRtC
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref myIgC
  mySrtaC:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref myRtC
      SubnetId: !Ref mySubnetC
  myEc2InstanceA:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ami]
      InstanceType: t3.micro
      KeyName: !Ref keyName
      SubnetId: !Ref mySubnetA
      SecurityGroupIds:
        - !Ref mySgA
  mySgA:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security Group that Permits EC2 Instances B and C to connect
      GroupName: SG-A
      SecurityGroupIngress:
        - CidrIp: !Ref sgCidrSummary
          Description: IP Traffic from all Private CIDR Blocks
          IpProtocol: '-1'
        - CidrIp: 0.0.0.0/0
          Description: Allow SSH Access on port 22 for Testing
          FromPort: 22
          IpProtocol: tcp
          ToPort: 22
      VpcId: !Ref myVpcA
  myEc2InstanceB:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ami]
      InstanceType: t3.micro
      KeyName: !Ref keyName
      SubnetId: !Ref mySubnetB
      SecurityGroupIds:
        - !Ref mySgB
  mySgB:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security Group that Permits EC2 Instances A and C to connect
      GroupName: SG-B
      SecurityGroupIngress:
        - CidrIp: !Ref sgCidrSummary
          Description: IP Traffic from all Private CIDR Blocks
          IpProtocol: '-1'
        - CidrIp: 0.0.0.0/0
          Description: Allow SSH Access on port 22 for Testing
          FromPort: 22
          IpProtocol: tcp
          ToPort: 22
      VpcId: !Ref myVpcB
  myEc2InstanceC:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ami]
      InstanceType: t3.micro
      KeyName: !Ref keyName
      SubnetId: !Ref mySubnetC
      SecurityGroupIds:
        - !Ref mySgC
  mySgC:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security Group that Permits EC2 Instances A and B to connect
      GroupName: SG-C
      SecurityGroupIngress:
        - CidrIp: !Ref sgCidrSummary
          Description: IP Traffic from all Private CIDR Blocks
          IpProtocol: '-1'
        - CidrIp: 0.0.0.0/0
          Description: Allow SSH Access on port 22 for Testing
          FromPort: 22
          IpProtocol: tcp
          ToPort: 22
      VpcId: !Ref myVpcC
 Outputs:
  aPublicIp:
    Value: !GetAtt myEc2InstanceA.PublicIp
    Description: Public IP of Instance A
  bPublicIp:
    Value: !GetAtt myEc2InstanceB.PublicIp
    Description: Public IP of Instance B
  cPublicIp:
    Value: !GetAtt myEc2InstanceC.PublicIp
    Description: Public IP of Instance C
	Description: Base Template for TGW testing with three VPCs
	Parameters:
	AvailabilityZones:
	Description: 'Lists of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved.'
	Type: List<AWS::EC2::AvailabilityZone::Name>
	cgwPublicIp:
	Type: String
	Description: The public IP address of the customer side VPN Appliance
	Default: '1.1.1.1'
	cidrVpcA:
	Type: String
	Description: CIDR block for VPC-A
	Default: '10.64.0.0/16'
	cidrVpcB:
	Type: String
	Description: CIDR block for VPC-B
	Default: '10.65.0.0/16'
	cidrVpcC:
	Type: String
	Description: CIDR block for VPC-C
	Default: '10.66.0.0/16'
	cidrSubnetA:
	Type: String
	Description: CIDR block for Subnet-A
	Default: '10.64.0.0/24'
	cidrSubnetB:
	Type: String
	Description: CIDR block for Subnet-B
	Default: '10.65.0.0/24'
	cidrSubnetC:
	Type: String
	Description: CIDR block for Subnet-C
	Default: '10.66.0.0/24'
	keyName:
	Description: The existing AWS Key that you would like to use
	Type: AWS::EC2::KeyPair::KeyName
	Default: eu-west-1
	sgCidrSummary:
	Type: String
	Description: The summarised range of VPC Subnets that you would like to permit, ideally as a /14 assuming 3 /16 CIDR blocks and one for VPC
	Default: '10.64.0.0/16'
	Mappings:
	RegionMap:
	eu-west-1:
	ami: ami-0ffea00000f287d30
	af-south-1:
	ami: ami-050312a64b6fd7ad9
	Resources:
	myTransitGateway:
	Type: "AWS::EC2::TransitGateway"
	Properties:
	AmazonSideAsn: 65000
	Description: "TGW Route Integration Test"
	AutoAcceptSharedAttachments: "disable"
	DefaultRouteTableAssociation: "enable"
	DnsSupport: "enable"
	VpnEcmpSupport: "enable"
	Tags:
	- Key: Name
	Value: TGW
	myCustomerGateway:
	Type: AWS::EC2::CustomerGateway
	Properties:
	Type: ipsec.1
	BgpAsn: 65001
	IpAddress: !Ref cgwPublicIp
	myVPNConnection:
	Type: AWS::EC2::VPNConnection
	Properties:
	Type: ipsec.1
	StaticRoutesOnly: true
	CustomerGatewayId:
	!Ref myCustomerGateway
	TransitGatewayId:
	!Ref myTransitGateway
	myVpcA:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: !Ref cidrVpcA
	EnableDnsSupport: true
	EnableDnsHostnames: true
	Tags:
	- Key: Name
	Value: VPC-A
	myVpcB:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: !Ref cidrVpcB
	EnableDnsSupport: true
	EnableDnsHostnames: true
	Tags:
	- Key: Name
	Value: VPC-B
	myVpcC:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: !Ref cidrVpcC
	EnableDnsSupport: true
	EnableDnsHostnames: true
	Tags:
	- Key: Name
	Value: VPC-C
	mySubnetA:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref myVpcA
	CidrBlock: !Ref cidrSubnetA
	AvailabilityZone: !Select ['0', !Ref 'AvailabilityZones']
	MapPublicIpOnLaunch: true
	Tags:
	- Key: Name
	Value: Subnet-A
	mySubnetB:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref myVpcB
	CidrBlock: !Ref cidrSubnetB
	AvailabilityZone: !Select ['0', !Ref 'AvailabilityZones']
	MapPublicIpOnLaunch: true
	Tags:
	- Key: Name
	Value: Subnet-B
	mySubnetC:
	Type: AWS::EC2::Subnet
	Properties:
	VpcId: !Ref myVpcC
	CidrBlock: !Ref cidrSubnetC
	AvailabilityZone: !Select ['0', !Ref 'AvailabilityZones']
	MapPublicIpOnLaunch: true
	Tags:
	- Key: Name
	Value: Subnet-C
	myIgA:
	Type: 'AWS::EC2::InternetGateway'
	myIgAttachA:
	Type: 'AWS::EC2::VPCGatewayAttachment'
	Properties:
	InternetGatewayId: !Ref myIgA
	VpcId: !Ref myVpcA
	myRtA:
	Type: 'AWS::EC2::RouteTable'
	Properties:
	VpcId: !Ref myVpcA
	myRouteA:
	Type: 'AWS::EC2::Route'
	Properties:
	RouteTableId: !Ref myRtA
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref myIgA
	mySrtaA:
	Type: 'AWS::EC2::SubnetRouteTableAssociation'
	Properties:
	RouteTableId: !Ref myRtA
	SubnetId: !Ref mySubnetA
	myIgB:
	Type: 'AWS::EC2::InternetGateway'
	myIgAttachB:
	Type: 'AWS::EC2::VPCGatewayAttachment'
	Properties:
	InternetGatewayId: !Ref myIgB
	VpcId: !Ref myVpcB
	myRtB:
	Type: 'AWS::EC2::RouteTable'
	Properties:
	VpcId: !Ref myVpcB
	myRouteB:
	Type: 'AWS::EC2::Route'
	Properties:
	RouteTableId: !Ref myRtB
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref myIgB
	mySrtaB:
	Type: 'AWS::EC2::SubnetRouteTableAssociation'
	Properties:
	RouteTableId: !Ref myRtB
	SubnetId: !Ref mySubnetB
	myIgC:
	Type: 'AWS::EC2::InternetGateway'
	myIgAttachC:
	Type: 'AWS::EC2::VPCGatewayAttachment'
	Properties:
	InternetGatewayId: !Ref myIgC
	VpcId: !Ref myVpcC
	myRtC:
	Type: 'AWS::EC2::RouteTable'
	Properties:
	VpcId: !Ref myVpcC
	myRouteC:
	Type: 'AWS::EC2::Route'
	Properties:
	RouteTableId: !Ref myRtC
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref myIgC
	mySrtaC:
	Type: 'AWS::EC2::SubnetRouteTableAssociation'
	Properties:
	RouteTableId: !Ref myRtC
	SubnetId: !Ref mySubnetC
	myEc2InstanceA:
	Type: 'AWS::EC2::Instance'
	Properties:
	ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ami]
	InstanceType: t3.micro
	KeyName: !Ref keyName
	SubnetId: !Ref mySubnetA
	SecurityGroupIds:
	- !Ref mySgA
	mySgA:
	Type: 'AWS::EC2::SecurityGroup'
	Properties:
	GroupDescription: Security Group that Permits EC2 Instances B and C to connect
	GroupName: SG-A
	SecurityGroupIngress:
	- CidrIp: !Ref sgCidrSummary
	Description: IP Traffic from all Private CIDR Blocks
	IpProtocol: '-1'
	- CidrIp: 0.0.0.0/0
	Description: Allow SSH Access on port 22 for Testing
	FromPort: 22
	IpProtocol: tcp
	ToPort: 22
	VpcId: !Ref myVpcA
	myEc2InstanceB:
	Type: 'AWS::EC2::Instance'
	Properties:
	ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ami]
	InstanceType: t3.micro
	KeyName: !Ref keyName
	SubnetId: !Ref mySubnetB
	SecurityGroupIds:
	- !Ref mySgB
	mySgB:
	Type: 'AWS::EC2::SecurityGroup'
	Properties:
	GroupDescription: Security Group that Permits EC2 Instances A and C to connect
	GroupName: SG-B
	SecurityGroupIngress:
	- CidrIp: !Ref sgCidrSummary
	Description: IP Traffic from all Private CIDR Blocks
	IpProtocol: '-1'
	- CidrIp: 0.0.0.0/0
	Description: Allow SSH Access on port 22 for Testing
	FromPort: 22
	IpProtocol: tcp
	ToPort: 22
	VpcId: !Ref myVpcB
	myEc2InstanceC:
	Type: 'AWS::EC2::Instance'
	Properties:
	ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", ami]
	InstanceType: t3.micro
	KeyName: !Ref keyName
	SubnetId: !Ref mySubnetC
	SecurityGroupIds:
	- !Ref mySgC
	mySgC:
	Type: 'AWS::EC2::SecurityGroup'
	Properties:
	GroupDescription: Security Group that Permits EC2 Instances A and B to connect
	GroupName: SG-C
	SecurityGroupIngress:
	- CidrIp: !Ref sgCidrSummary
	Description: IP Traffic from all Private CIDR Blocks
	IpProtocol: '-1'
	- CidrIp: 0.0.0.0/0
	Description: Allow SSH Access on port 22 for Testing
	FromPort: 22
	IpProtocol: tcp
	ToPort: 22
	VpcId: !Ref myVpcC
	Outputs:
	aPublicIp:
	Value: !GetAtt myEc2InstanceA.PublicIp
	Description: Public IP of Instance A
	bPublicIp:
	Value: !GetAtt myEc2InstanceB.PublicIp
	Description: Public IP of Instance B
	cPublicIp:
	Value: !GetAtt myEc2InstanceC.PublicIp
	Description: Public IP of Instance C