Skip to content

Instantly share code, notes, and snippets.

@chrisjmendez

chrisjmendez/vpc_w_public_ips_and_dns.yaml

Created April 2, 2018 03:59
Show Gist options
  • Save chrisjmendez/335660ef15eb14cf847116cfd8a063d9 to your computer and use it in GitHub Desktop.
Save chrisjmendez/335660ef15eb14cf847116cfd8a063d9 to your computer and use it in GitHub Desktop.
Download ZIP
How to create a VPC with DNS and Public IPs enabled.
Raw
vpc_w_public_ips_and_dns.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation Sample Template VPC_with_PublicIPs_And_DNS: Sample
template showing how to create a VPC with DNS and Public IPs enabled. You will be
billed for the AWS resources used if you create a stack from this template.'
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the bastion
host
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
SSHLocation:
Description: Lockdown SSH access to the bastion host (default can be accessed
from anywhere)
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: must be a valid CIDR range of the form x.x.x.x/x.
EC2InstanceType:
Description: EC2 instance type
Type: String
Default: t2.small
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m1.small
- m1.medium
- m1.large
- m1.xlarge
- m2.xlarge
- m2.2xlarge
- m2.4xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- c1.medium
- c1.xlarge
- c3.large
- c3.xlarge
- c3.2xlarge
- c3.4xlarge
- c3.8xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- g2.2xlarge
- g2.8xlarge
- r3.large
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- i2.xlarge
- i2.2xlarge
- i2.4xlarge
- i2.8xlarge
- d2.xlarge
- d2.2xlarge
- d2.4xlarge
- d2.8xlarge
- hi1.4xlarge
- hs1.8xlarge
- cr1.8xlarge
- cc2.8xlarge
- cg1.4xlarge
ConstraintDescription: must be a valid EC2 instance type.
Mappings:
SubnetConfig:
VPC:
CIDR: 10.0.0.0/16
Public:
CIDR: 10.0.0.0/24
AWSInstanceType2Arch:
t1.micro:
Arch: PV64
t2.nano:
Arch: HVM64
t2.micro:
Arch: HVM64
t2.small:
Arch: HVM64
t2.medium:
Arch: HVM64
t2.large:
Arch: HVM64
m1.small:
Arch: PV64
m1.medium:
Arch: PV64
m1.large:
Arch: PV64
m1.xlarge:
Arch: PV64
m2.xlarge:
Arch: PV64
m2.2xlarge:
Arch: PV64
m2.4xlarge:
Arch: PV64
m3.medium:
Arch: HVM64
m3.large:
Arch: HVM64
m3.xlarge:
Arch: HVM64
m3.2xlarge:
Arch: HVM64
m4.large:
Arch: HVM64
m4.xlarge:
Arch: HVM64
m4.2xlarge:
Arch: HVM64
m4.4xlarge:
Arch: HVM64
m4.10xlarge:
Arch: HVM64
c1.medium:
Arch: PV64
c1.xlarge:
Arch: PV64
c3.large:
Arch: HVM64
c3.xlarge:
Arch: HVM64
c3.2xlarge:
Arch: HVM64
c3.4xlarge:
Arch: HVM64
c3.8xlarge:
Arch: HVM64
c4.large:
Arch: HVM64
c4.xlarge:
Arch: HVM64
c4.2xlarge:
Arch: HVM64
c4.4xlarge:
Arch: HVM64
c4.8xlarge:
Arch: HVM64
g2.2xlarge:
Arch: HVMG2
g2.8xlarge:
Arch: HVMG2
r3.large:
Arch: HVM64
r3.xlarge:
Arch: HVM64
r3.2xlarge:
Arch: HVM64
r3.4xlarge:
Arch: HVM64
r3.8xlarge:
Arch: HVM64
i2.xlarge:
Arch: HVM64
i2.2xlarge:
Arch: HVM64
i2.4xlarge:
Arch: HVM64
i2.8xlarge:
Arch: HVM64
d2.xlarge:
Arch: HVM64
d2.2xlarge:
Arch: HVM64
d2.4xlarge:
Arch: HVM64
d2.8xlarge:
Arch: HVM64
hi1.4xlarge:
Arch: HVM64
hs1.8xlarge:
Arch: HVM64
cr1.8xlarge:
Arch: HVM64
cc2.8xlarge:
Arch: HVM64
AWSInstanceType2NATArch:
t1.micro:
Arch: NATPV64
t2.nano:
Arch: NATHVM64
t2.micro:
Arch: NATHVM64
t2.small:
Arch: NATHVM64
t2.medium:
Arch: NATHVM64
t2.large:
Arch: NATHVM64
m1.small:
Arch: NATPV64
m1.medium:
Arch: NATPV64
m1.large:
Arch: NATPV64
m1.xlarge:
Arch: NATPV64
m2.xlarge:
Arch: NATPV64
m2.2xlarge:
Arch: NATPV64
m2.4xlarge:
Arch: NATPV64
m3.medium:
Arch: NATHVM64
m3.large:
Arch: NATHVM64
m3.xlarge:
Arch: NATHVM64
m3.2xlarge:
Arch: NATHVM64
m4.large:
Arch: NATHVM64
m4.xlarge:
Arch: NATHVM64
m4.2xlarge:
Arch: NATHVM64
m4.4xlarge:
Arch: NATHVM64
m4.10xlarge:
Arch: NATHVM64
c1.medium:
Arch: NATPV64
c1.xlarge:
Arch: NATPV64
c3.large:
Arch: NATHVM64
c3.xlarge:
Arch: NATHVM64
c3.2xlarge:
Arch: NATHVM64
c3.4xlarge:
Arch: NATHVM64
c3.8xlarge:
Arch: NATHVM64
c4.large:
Arch: NATHVM64
c4.xlarge:
Arch: NATHVM64
c4.2xlarge:
Arch: NATHVM64
c4.4xlarge:
Arch: NATHVM64
c4.8xlarge:
Arch: NATHVM64
g2.2xlarge:
Arch: NATHVMG2
g2.8xlarge:
Arch: NATHVMG2
r3.large:
Arch: NATHVM64
r3.xlarge:
Arch: NATHVM64
r3.2xlarge:
Arch: NATHVM64
r3.4xlarge:
Arch: NATHVM64
r3.8xlarge:
Arch: NATHVM64
i2.xlarge:
Arch: NATHVM64
i2.2xlarge:
Arch: NATHVM64
i2.4xlarge:
Arch: NATHVM64
i2.8xlarge:
Arch: NATHVM64
d2.xlarge:
Arch: NATHVM64
d2.2xlarge:
Arch: NATHVM64
d2.4xlarge:
Arch: NATHVM64
d2.8xlarge:
Arch: NATHVM64
hi1.4xlarge:
Arch: NATHVM64
hs1.8xlarge:
Arch: NATHVM64
cr1.8xlarge:
Arch: NATHVM64
cc2.8xlarge:
Arch: NATHVM64
AWSRegionArch2AMI:
us-east-1:
PV64: ami-2a69aa47
HVM64: ami-97785bed
HVMG2: ami-0a6e3770
us-west-2:
PV64: ami-7f77b31f
HVM64: ami-f2d3638a
HVMG2: ami-ee15a196
us-west-1:
PV64: ami-a2490dc2
HVM64: ami-824c4ee2
HVMG2: ami-0da4a46d
eu-west-1:
PV64: ami-4cdd453f
HVM64: ami-d834aba1
HVMG2: ami-af8013d6
eu-west-2:
PV64: NOT_SUPPORTED
HVM64: ami-403e2524
HVMG2: NOT_SUPPORTED
eu-west-3:
PV64: NOT_SUPPORTED
HVM64: ami-8ee056f3
HVMG2: NOT_SUPPORTED
eu-central-1:
PV64: ami-6527cf0a
HVM64: ami-5652ce39
HVMG2: ami-1d58ca72
ap-northeast-1:
PV64: ami-3e42b65f
HVM64: ami-ceafcba8
HVMG2: ami-edfd658b
ap-northeast-2:
PV64: NOT_SUPPORTED
HVM64: ami-863090e8
HVMG2: NOT_SUPPORTED
ap-northeast-3:
PV64: NOT_SUPPORTED
HVM64: ami-83444afe
HVMG2: NOT_SUPPORTED
ap-southeast-1:
PV64: ami-df9e4cbc
HVM64: ami-68097514
HVMG2: ami-c06013bc
ap-southeast-2:
PV64: ami-63351d00
HVM64: ami-942dd1f6
HVMG2: ami-85ef12e7
ap-south-1:
PV64: NOT_SUPPORTED
HVM64: ami-531a4c3c
HVMG2: ami-411e492e
us-east-2:
PV64: NOT_SUPPORTED
HVM64: ami-f63b1193
HVMG2: NOT_SUPPORTED
ca-central-1:
PV64: NOT_SUPPORTED
HVM64: ami-a954d1cd
HVMG2: NOT_SUPPORTED
sa-east-1:
PV64: ami-1ad34676
HVM64: ami-84175ae8
HVMG2: NOT_SUPPORTED
cn-north-1:
PV64: ami-77559f1a
HVM64: ami-cb19c4a6
HVMG2: NOT_SUPPORTED
cn-northwest-1:
PV64: ami-80707be2
HVM64: ami-3e60745c
HVMG2: NOT_SUPPORTED
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
CidrBlock:
Fn::FindInMap:
- SubnetConfig
- VPC
- CIDR
Tags:
- Key: Application
Value:
Ref: AWS::StackName
- Key: Network
Value: Public
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Fn::FindInMap:
- SubnetConfig
- Public
- CIDR
Tags:
- Key: Application
Value:
Ref: AWS::StackName
- Key: Network
Value: Public
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Application
Value:
Ref: AWS::StackName
- Key: Network
Value: Public
GatewayToInternet:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: VPC
InternetGatewayId:
Ref: InternetGateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Application
Value:
Ref: AWS::StackName
- Key: Network
Value: Public
PublicRoute:
Type: AWS::EC2::Route
DependsOn: GatewayToInternet
Properties:
RouteTableId:
Ref: PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: InternetGateway
PublicSubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PublicSubnet
RouteTableId:
Ref: PublicRouteTable
PublicNetworkAcl:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Application
Value:
Ref: AWS::StackName
- Key: Network
Value: Public
InboundHTTPPublicNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId:
Ref: PublicNetworkAcl
RuleNumber: '100'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '80'
To: '80'
InboundHTTPSPublicNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId:
Ref: PublicNetworkAcl
RuleNumber: '101'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '443'
To: '443'
InboundSSHPublicNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId:
Ref: PublicNetworkAcl
RuleNumber: '102'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock:
Ref: SSHLocation
PortRange:
From: '22'
To: '22'
InboundEphemeralPublicNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId:
Ref: PublicNetworkAcl
RuleNumber: '103'
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '1024'
To: '65535'
OutboundPublicNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId:
Ref: PublicNetworkAcl
RuleNumber: '100'
Protocol: '6'
RuleAction: allow
Egress: 'true'
CidrBlock: 0.0.0.0/0
PortRange:
From: '0'
To: '65535'
PublicSubnetNetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId:
Ref: PublicSubnet
NetworkAclId:
Ref: PublicNetworkAcl
EC2Host:
Type: AWS::EC2::Instance
DependsOn: GatewayToInternet
Properties:
InstanceType:
Ref: EC2InstanceType
KeyName:
Ref: KeyName
ImageId:
Fn::FindInMap:
- AWSRegionArch2AMI
- Ref: AWS::Region
- Fn::FindInMap:
- AWSInstanceType2Arch
- Ref: EC2InstanceType
- Arch
NetworkInterfaces:
- GroupSet:
- Ref: EC2SecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
DeleteOnTermination: 'true'
SubnetId:
Ref: PublicSubnet
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable access to the EC2 host
VpcId:
Ref: VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
Outputs:
VPCId:
Description: VPCId of the newly created VPC
Value:
Ref: VPC
PublicSubnet:
Description: SubnetId of the public subnet
Value:
Ref: PublicSubnet
DNSName:
Description: DNS Name of the EC2 host
Value:
Fn::GetAtt:
- EC2Host
- PublicDnsName
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment