Skip to content

Instantly share code, notes, and snippets.

@Twinuma

Twinuma/ddos_bestpractice_vpc_template.json

Last active September 1, 2015 07:19
Show Gist options
  • Save Twinuma/b1dd011db4ae138f2f57 to your computer and use it in GitHub Desktop.
Save Twinuma/b1dd011db4ae138f2f57 to your computer and use it in GitHub Desktop.
Download ZIP
DDoSに対するAWSのベストプラクティスを構築するテンプレート
Raw
ddos_bestpractice_vpc_template.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"vpce17ecf84": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "false",
"Tags": [
{
"Key": "Name",
"Value": "demo-vpc"
}
]
}
},
"subnet7f2f8926": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.3.0/24",
"AvailabilityZone": "ap-northeast-1c",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-front-1c"
}
]
}
},
"subnet512f8908": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "ap-northeast-1c",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-dmz-1c"
}
]
}
},
"subnet0067e877": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"AvailabilityZone": "ap-northeast-1a",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-front-1a"
}
]
}
},
"subnet2e67e859": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": "ap-northeast-1a",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-dmz-1a"
}
]
}
},
"subnet1f2f8946": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.5.0/24",
"AvailabilityZone": "ap-northeast-1c",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-backend-1c"
}
]
}
},
"subnete067e897": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.4.0/24",
"AvailabilityZone": "ap-northeast-1a",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-backend-1a"
}
]
}
},
"igw3335fc56": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "demo-gateway"
}
]
}
},
"dopt6dfee90f": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "ap-northeast-1.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclfe79fe9b": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "vpce17ecf84"
}
}
},
"rtb5422a231": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "demo-custom-table"
}
]
}
},
"rtbda21a1bf": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "vpce17ecf84"
}
}
},
"sgnatsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "for nat security group",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "nat-sg"
}
]
}
},
"sgdefault": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "default VPC security group",
"VpcId": "vpc-3a5d825f"
}
},
"sgdbsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "for database security group",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "db-sg"
}
]
}
},
"sgwebsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "for web security group",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "web-sg"
}
]
}
},
"sgsshonlysg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "ssh only security group",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "ssh-only-sg"
}
]
}
},
"sgelbsg": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "for elb security group",
"VpcId": {
"Ref": "vpce17ecf84"
},
"Tags": [
{
"Key": "Name",
"Value": "elb-sg"
}
]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "100",
"PortRange": {
"From": "80",
"To": "80"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "200",
"PortRange": {
"From": "443",
"To": "443"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl3": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "300",
"PortRange": {
"From": "1024",
"To": "65535"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl4": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "400",
"PortRange": {
"From": "22",
"To": "22"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl5": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "100",
"PortRange": {
"From": "80",
"To": "80"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl6": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "200",
"PortRange": {
"From": "443",
"To": "443"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl7": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "300",
"PortRange": {
"From": "22",
"To": "22"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"acl8": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "6",
"RuleAction": "allow",
"RuleNumber": "400",
"PortRange": {
"From": "1024",
"To": "65535"
},
"NetworkAclId": {
"Ref": "aclfe79fe9b"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclfe79fe9b"
},
"SubnetId": {
"Ref": "subnet2e67e859"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclfe79fe9b"
},
"SubnetId": {
"Ref": "subnet1f2f8946"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclfe79fe9b"
},
"SubnetId": {
"Ref": "subnet7f2f8926"
}
}
},
"subnetacl4": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclfe79fe9b"
},
"SubnetId": {
"Ref": "subnet512f8908"
}
}
},
"subnetacl5": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclfe79fe9b"
},
"SubnetId": {
"Ref": "subnete067e897"
}
}
},
"subnetacl6": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclfe79fe9b"
},
"SubnetId": {
"Ref": "subnet0067e877"
}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "vpce17ecf84"
},
"InternetGatewayId": {
"Ref": "igw3335fc56"
}
}
},
"subnetroute1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtb5422a231"
},
"SubnetId": {
"Ref": "subnet512f8908"
}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtb5422a231"
},
"SubnetId": {
"Ref": "subnet2e67e859"
}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb5422a231"
},
"GatewayId": {
"Ref": "igw3335fc56"
}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "vpce17ecf84"
},
"DhcpOptionsId": {
"Ref": "dopt6dfee90f"
}
}
},
"ingress1": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress2": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "sgsshonlysg"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress3": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress4": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgdefault"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgdefault"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress5": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgdbsg"
},
"IpProtocol": "tcp",
"FromPort": "3306",
"ToPort": "3306",
"SourceSecurityGroupId": {
"Ref": "sgwebsg"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress6": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgdefault"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgdefault"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress7": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgwebsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Ref": "sgelbsg"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress8": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgwebsg"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "sgsshonlysg"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress9": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgdefault"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "sgdefault"
},
"SourceSecurityGroupOwnerId": "792454999443"
}
},
"ingress10": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgsshonlysg"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
},
"ingress11": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgelbsg"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
},
"ingress12": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sgelbsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
},
"egress1": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"CidrIp": "0.0.0.0/0"
}
},
"egress2": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgnatsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
},
"egress3": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgdefault"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress4": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgdbsg"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress5": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgdefault"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress6": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgwebsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"DestinationSecurityGroupId": {
"Ref": "sgnatsg"
}
}
},
"egress7": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgwebsg"
},
"IpProtocol": "tcp",
"FromPort": "3306",
"ToPort": "3306",
"DestinationSecurityGroupId": {
"Ref": "sgdbsg"
}
}
},
"egress8": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgwebsg"
},
"IpProtocol": "tcp",
"FromPort": "443",
"ToPort": "443",
"DestinationSecurityGroupId": {
"Ref": "sgnatsg"
}
}
},
"egress9": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgdefault"
},
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"egress10": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgsshonlysg"
},
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"DestinationSecurityGroupId": {
"Ref": "sgwebsg"
}
}
},
"egress11": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "sgelbsg"
},
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"DestinationSecurityGroupId": {
"Ref": "sgwebsg"
}
}
}
},
"Description": "DDos Best Practice VPC Template",
"Outputs": {
"sgnatsgName": {
"Value": {
"Ref": "sgnatsg"
}
},
"sgdefaultName": {
"Value": {
"Ref": "sgdefault"
}
},
"sgdbsgName": {
"Value": {
"Ref": "sgdbsg"
}
},
"sgwebsgName": {
"Value": {
"Ref": "sgwebsg"
}
},
"sgsshonlysgName": {
"Value": {
"Ref": "sgsshonlysg"
}
},
"sgelbsgName": {
"Value": {
"Ref": "sgelbsg"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment