Last active
May 13, 2021 15:16
-
-
Save aLucaz/ccba379b23752193b2e65ef01a9f4625 to your computer and use it in GitHub Desktop.
Cloud Formation Yaml to Create Simple Infraestructure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Description: | |
Goal | |
-> create a VPC with | |
-> 1 public subnet | |
-> 1 private subnet | |
-> create an Internet Gateway | |
-> create a Nat Gateway | |
-> create public instance as bastion | |
-> create private instance | |
Parameters: | |
VpcCidr: | |
Type: String | |
Default: 10.0.0.0/16 | |
PublicSubnetACidr: | |
Type: String | |
Default: 10.0.1.0/24 | |
PrivateSubnetACidr: | |
Type: String | |
Default: 10.0.2.0/24 | |
BastionKeyPairName: | |
Type: AWS::EC2::KeyPair::KeyName | |
Default: poc-cf-keypair | |
Resources: | |
VPC: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: !Ref VpcCidr | |
EnableDnsSupport: true | |
EnableDnsHostnames: true | |
Tags: | |
- Key: Name | |
Value: poc-cf-vpc | |
PublicSubnetA: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
AvailabilityZone: us-west-1a | |
CidrBlock: !Ref PublicSubnetACidr | |
MapPublicIpOnLaunch: True | |
Tags: | |
- Key: Name | |
Value: poc-cf-public-subnet-a | |
PrivateSubnetA: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
AvailabilityZone: us-west-1b | |
CidrBlock: !Ref PrivateSubnetACidr | |
Tags: | |
- Key: Name | |
Value: poc-cf-private-subnet-a | |
# Connecting VPC to internet | |
InternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Name | |
Value: ig-vpc | |
InternetGatewayAttachement: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
InternetGatewayId: !Ref InternetGateway | |
VpcId: !Ref VPC | |
# Creating VPC route table with an entry to route Internet traffic to the Internet Gateway | |
PublicRouteTable: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: Public routes | |
DefaultPublicRoute: | |
Type: AWS::EC2::Route | |
DependsOn: InternetGatewayAttachement | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: !Ref InternetGateway | |
# Creating public subnet A route table association | |
PublicSubnetARouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: !Ref PublicRouteTable | |
SubnetId: !Ref PublicSubnetA | |
# Now we neer Nat Gateway Associations to our private subnet | |
NatGatewayAIP: | |
Type: AWS::EC2::EIP | |
DependsOn: InternetGatewayAttachement | |
Properties: | |
Domain: vpc | |
NatGatewayA: | |
Type: AWS::EC2::NatGateway | |
Properties: | |
AllocationId: !GetAtt NatGatewayAIP.AllocationId | |
SubnetId: !Ref PublicSubnetA | |
# Creating a private subnet A route table association, to this we need a Nat Gateway | |
PrivateRouteTableA: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: Private routes | |
DefaultPrivateRoute: | |
Type: AWS::EC2::Route | |
Properties: | |
RouteTableId: !Ref PrivateRouteTableA | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !Ref NatGatewayA | |
PrivateSubnetARouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Properties: | |
RouteTableId: !Ref PrivateRouteTableA | |
SubnetId: !Ref PrivateSubnetA | |
# Creating a EC2 instance and SG as Bastion in public subnet | |
BastionSG: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupDescription: we use this instance as ssh bastion | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 22 | |
ToPort: 22 | |
CidrIp: 0.0.0.0/0 | |
Tags: | |
- Key: Name | |
Value: poc-cf-bastion-sg | |
BastionInstance: | |
Type: AWS::EC2::Instance | |
Properties: | |
ImageId: ami-0d382e80be7ffdae5 | |
InstanceType: t2.micro | |
KeyName: !Ref BastionKeyPairName | |
SubnetId: !Ref PublicSubnetA | |
SecurityGroupIds: | |
- !Ref BastionSG | |
Tags: | |
- Key: Name | |
Value: poc-cf-bastion-instance | |
# Note: At this point i had to create a New Key Pair on AWS Console! named poc-cf-keypair | |
# Creating a EC2 instance and DG as Private | |
PrivateSG: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupDescription: this is our private instance | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 22 | |
ToPort: 22 | |
SourceSecurityGroupId: !Ref BastionSG | |
Tags: | |
- Key: Name | |
Value: poc-cf-private-dg | |
PrivateInstance: | |
Type: AWS::EC2::Instance | |
Properties: | |
ImageId: ami-0d382e80be7ffdae5 | |
InstanceType: t2.micro | |
KeyName: !Ref BastionKeyPairName | |
SubnetId: !Ref PrivateSubnetA | |
SecurityGroupIds: | |
- !Ref PrivateSG | |
Tags: | |
- Key: Name | |
Value: poc-cf-private-instance |
Amazing!
Thanks!, I just updated the NatGateway parameter to receive Bastion NatGateway Id! and it's working 😄
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
nice work!