Skip to content

Instantly share code, notes, and snippets.

@aLucaz
Last active May 13, 2021 15:16
Show Gist options
  • Save aLucaz/ccba379b23752193b2e65ef01a9f4625 to your computer and use it in GitHub Desktop.
Save aLucaz/ccba379b23752193b2e65ef01a9f4625 to your computer and use it in GitHub Desktop.
Cloud Formation Yaml to Create Simple Infraestructure
Description:
Goal
-> create a VPC with
-> 1 public subnet
-> 1 private subnet
-> create an Internet Gateway
-> create a Nat Gateway
-> create public instance as bastion
-> create private instance
Parameters:
VpcCidr:
Type: String
Default: 10.0.0.0/16
PublicSubnetACidr:
Type: String
Default: 10.0.1.0/24
PrivateSubnetACidr:
Type: String
Default: 10.0.2.0/24
BastionKeyPairName:
Type: AWS::EC2::KeyPair::KeyName
Default: poc-cf-keypair
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: poc-cf-vpc
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: us-west-1a
CidrBlock: !Ref PublicSubnetACidr
MapPublicIpOnLaunch: True
Tags:
- Key: Name
Value: poc-cf-public-subnet-a
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: us-west-1b
CidrBlock: !Ref PrivateSubnetACidr
Tags:
- Key: Name
Value: poc-cf-private-subnet-a
# Connecting VPC to internet
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: ig-vpc
InternetGatewayAttachement:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# Creating VPC route table with an entry to route Internet traffic to the Internet Gateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public routes
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachement
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Creating public subnet A route table association
PublicSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetA
# Now we neer Nat Gateway Associations to our private subnet
NatGatewayAIP:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachement
Properties:
Domain: vpc
NatGatewayA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGatewayAIP.AllocationId
SubnetId: !Ref PublicSubnetA
# Creating a private subnet A route table association, to this we need a Nat Gateway
PrivateRouteTableA:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private routes
DefaultPrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTableA
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGatewayA
PrivateSubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTableA
SubnetId: !Ref PrivateSubnetA
# Creating a EC2 instance and SG as Bastion in public subnet
BastionSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: we use this instance as ssh bastion
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: poc-cf-bastion-sg
BastionInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0d382e80be7ffdae5
InstanceType: t2.micro
KeyName: !Ref BastionKeyPairName
SubnetId: !Ref PublicSubnetA
SecurityGroupIds:
- !Ref BastionSG
Tags:
- Key: Name
Value: poc-cf-bastion-instance
# Note: At this point i had to create a New Key Pair on AWS Console! named poc-cf-keypair
# Creating a EC2 instance and DG as Private
PrivateSG:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPC
GroupDescription: this is our private instance
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
SourceSecurityGroupId: !Ref BastionSG
Tags:
- Key: Name
Value: poc-cf-private-dg
PrivateInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0d382e80be7ffdae5
InstanceType: t2.micro
KeyName: !Ref BastionKeyPairName
SubnetId: !Ref PrivateSubnetA
SecurityGroupIds:
- !Ref PrivateSG
Tags:
- Key: Name
Value: poc-cf-private-instance
@aLucaz
Copy link
Author

aLucaz commented May 13, 2021

Thanks!, I just updated the NatGateway parameter to receive Bastion NatGateway Id! and it's working 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment