Skip to content

Instantly share code, notes, and snippets.

@fivethreeo

fivethreeo/django-vpc.cfn.json

Created February 9, 2016 17:36
Show Gist options
  • Save fivethreeo/7ee44238ce9dfc3fecbd to your computer and use it in GitHub Desktop.
Save fivethreeo/7ee44238ce9dfc3fecbd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
django-vpc.cfn.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Provision a VPC (across two AZs) Output the VPC, Subnet, and SG IDs.",
"Parameters": {
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the Elastic Beanstalk and Bastion hosts",
"Type": "String",
"MinLength": "1",
"MaxLength": "255",
"AllowedPattern": "[\\x20-\\x7E]*",
"ConstraintDescription": "can contain only ASCII characters."
},
"SSHFrom": {
"Description": "Lockdown SSH access to the bastion host (default can be accessed from anywhere)",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
},
"NatgatewayCustomResourceLambdaName": {
"Type": "String",
"Default": "cfn-natgateway-0-1-1",
"Description": "The name of the Natgateway Lambda you deployed to test this stack."
},
"VPCAvailabilityZone1": {
"Description": "One of two Availability Zones that will be used to create subnets.",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"VPCAvailabilityZone2": {
"Description": "Two of two Availability Zones that will be used to create subnets. Must be different than VPCAvailabilityZone2.",
"Type": "AWS::EC2::AvailabilityZone::Name"
}
},
"Mappings": {
"SubnetConfig": {
"VPC": {
"CIDR": "10.0.0.0/16"
},
"Public1": {
"CIDR": "10.0.100.0/24"
},
"Public2": {
"CIDR": "10.0.101.0/24"
},
"Private1": {
"CIDR": "10.0.200.0/24"
},
"Private2": {
"CIDR": "10.0.201.0/24"
}
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Fn::FindInMap": ["SubnetConfig", "VPC", "CIDR"]
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"PublicSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": {
"Fn::FindInMap": ["SubnetConfig", "Public1", "CIDR"]
},
"AvailabilityZone": {
"Ref": "VPCAvailabilityZone1"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"PublicSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": {
"Fn::FindInMap": ["SubnetConfig", "Public2", "CIDR"]
},
"AvailabilityZone": {
"Ref": "VPCAvailabilityZone2"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"DependsOn": "VPC",
"Properties": {
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"GatewayToInternet": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"DependsOn": "InternetGateway",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"InternetGatewayId": {
"Ref": "InternetGateway"
}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Private"
}]
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"DependsOn": "GatewayToInternet",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
}
}
},
"PublicSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": "PublicRouteTable",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet1"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"PublicSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": "PublicRouteTable",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet2"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"PublicNetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"InboundHTTPPublicNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "80",
"To": "80"
}
}
},
"InboundHTTPSPublicNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "101",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "443",
"To": "443"
}
}
},
"InboundSSHPublicNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "102",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": {
"Ref": "SSHFrom"
},
"PortRange": {
"From": "22",
"To": "22"
}
}
},
"InboundEmphemeralPublicNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "103",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "1024",
"To": "65535"
}
}
},
"OutboundPublicNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "0",
"To": "65535"
}
}
},
"PublicSubnet1NetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet1"
},
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
}
}
},
"PublicSubnet2NetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "PublicSubnet2"
},
"NetworkAclId": {
"Ref": "PublicNetworkAcl"
}
}
},
"PrivateSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": {
"Fn::FindInMap": ["SubnetConfig", "Private1", "CIDR"]
},
"AvailabilityZone": {
"Ref": "VPCAvailabilityZone1"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"PrivateSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": {
"Fn::FindInMap": ["SubnetConfig", "Private2", "CIDR"]
},
"AvailabilityZone": {
"Ref": "VPCAvailabilityZone2"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Public"
}]
}
},
"MyEIP1": {
"Type" : "AWS::EC2::EIP",
"DependsOn": "PrivateSubnet1",
"Properties" : {
"Domain" : "vpc"
}
},
"MyEIP2": {
"Type" : "AWS::EC2::EIP",
"DependsOn": "PrivateSubnet2",
"Properties" : {
"Domain" : "vpc"
}
},
"MyNatgateway1": {
"Type": "Custom::Natgateway",
"DependsOn": "MyEIP1",
"Properties": {
"ServiceToken": {
"Fn::Join": [
":",
[
"arn",
"aws",
"lambda",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::AccountId"
},
"function",
{
"Ref": "NatgatewayCustomResourceLambdaName"
}
]
]
},
"SubnetId": {
"Ref": "PublicSubnet1"
},
"AllocationId": {
"Fn::GetAtt": [ "MyEIP1", "AllocationId"]
}
}
},
"MyNatgateway2": {
"Type": "Custom::Natgateway",
"DependsOn": "MyEIP2",
"Properties": {
"ServiceToken": {
"Fn::Join": [
":",
[
"arn",
"aws",
"lambda",
{
"Ref": "AWS::Region"
},
{
"Ref": "AWS::AccountId"
},
"function",
{
"Ref": "NatgatewayCustomResourceLambdaName"
}
]
]
},
"SubnetId": {
"Ref": "PublicSubnet2"
},
"AllocationId": {
"Fn::GetAtt": [ "MyEIP2", "AllocationId"]
}
}
},
"PrivateRouteTable1": {
"Type": "AWS::EC2::RouteTable",
"DependsOn": "MyNatgateway1",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Private"
}]
}
},
"PrivateRouteTable2": {
"Type": "AWS::EC2::RouteTable",
"DependsOn": "MyNatgateway2",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Private"
}]
}
},
"PrivateRoute1": {
"Type": "AWS::EC2::Route",
"DependsOn": "MyNatgateway1",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable1"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "MyNatgateway1"
}
}
},
"PrivateRoute2": {
"Type": "AWS::EC2::Route",
"DependsOn": "MyNatgateway2",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable2"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "MyNatgateway2"
}
}
},
"PrivateSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": "PrivateRouteTable1",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet1"
},
"RouteTableId": {
"Ref": "PrivateRouteTable1"
}
}
},
"PrivateSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn": "PrivateRouteTable2",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet2"
},
"RouteTableId": {
"Ref": "PrivateRouteTable2"
}
}
},
"PrivateNetworkAcl": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Tags": [{
"Key": "Application",
"Value": {
"Ref": "AWS::StackId"
}
}, {
"Key": "Network",
"Value": "Private"
}]
}
},
"InboundPrivateNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "false",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "0",
"To": "65535"
}
}
},
"OutBoundPrivateNetworkAclEntry": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
},
"RuleNumber": "100",
"Protocol": "6",
"RuleAction": "allow",
"Egress": "true",
"CidrBlock": "0.0.0.0/0",
"PortRange": {
"From": "0",
"To": "65535"
}
}
},
"PrivateSubnet1NetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet1"
},
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
}
}
},
"PrivateSubnet2NetworkAclAssociation": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"SubnetId": {
"Ref": "PrivateSubnet2"
},
"NetworkAclId": {
"Ref": "PrivateNetworkAcl"
}
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SG that EB instances will launch into.",
"VpcId": {
"Ref": "VPC"
}
}
}
},
"Outputs": {
"InstanceSecurityGroup" : {
"Description" : "The ID of a VPC Security Group that has ingress access to the NAT instance.",
"Value" : { "Ref" : "InstanceSecurityGroup" }
},
"VPCId" : {
"Description" : "A VPC ID.",
"Value" : { "Ref" : "VPC" }
},
"GatewayToInternet" : {
"Description" : "A Internet Gateway.",
"Value" : { "Ref" : "GatewayToInternet" }
},
"PrivateSubnet1" : {
"Description" : "A private VPC subnet ID.",
"Value" : { "Ref" : "PrivateSubnet1" }
},
"PrivateSubnet2" : {
"Description" : "A private VPC subnet ID. Must be in a different AZ than PrivateSubnet1",
"Value" : {"Ref" : "PrivateSubnet2" }
},
"PublicSubnet1" : {
"Description" : "A public VPC subnet ID.",
"Value" : { "Ref" : "PublicSubnet1" }
},
"PublicSubnet2" : {
"Description" : "A public VPC subnet ID. Must be in a different AZ than PrivateSubnet1",
"Value" : { "Ref" : "PublicSubnet2" }
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment