Created
January 15, 2016 08:31
-
-
Save iolloyd/33692f853231b80b6114 to your computer and use it in GitHub Desktop.
VPC template including NAT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "CloudFormation template: VPC, subnets(public, private), NAT for private network Internet access", | |
| "Parameters": { | |
| "KeyPairName": { | |
| "Description": "A key pair name", | |
| "Type": "String", | |
| "MinLength": "1", | |
| "MaxLength": "64", | |
| "AllowedPattern": "[-_ a-zA-Z0-9]*", | |
| "ConstraintDescription": "Alphanumerics, underscores, spaces, and dashes." | |
| }, | |
| "ServerAccess": { | |
| "Description": "CIDR IP range allowed to login to the NAT instance", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "0.0.0.0/0", | |
| "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription": "Must be a valid range of form x.x.x.x/x." | |
| } | |
| }, | |
| "Mappings": { | |
| "SubnetConfig": { | |
| "VPC": { | |
| "CIDR": "10.45.0.0/16" | |
| }, | |
| "Public": { | |
| "CIDR": "10.45.0.0/24" | |
| }, | |
| "Private": { | |
| "CIDR": "10.45.1.0/24" | |
| } | |
| }, | |
| "NatRegionMap": { | |
| "us-east-1": { | |
| "AMI": "ami-123ab456" | |
| }, | |
| "us-west-1": { | |
| "AMI": "ami-123cd7789" | |
| }, | |
| } | |
| }, | |
| "Resources": { | |
| "VPC": { | |
| "Type": "AWS::EC2::VPC", | |
| "Properties": { | |
| "CidrBlock": { | |
| "Fn::FindInMap": [ | |
| "SubnetConfig", | |
| "VPC", | |
| "CIDR" | |
| ] | |
| }, | |
| "Tags": [ | |
| {"Key": "Application", "Value": { "Ref": "AWS::StackName" }}, | |
| {"Key": "Network", "Value": "Public"}, | |
| {"Key": "Name", "Value": "NAT VPC"} | |
| ] | |
| } | |
| }, | |
| "PublicSubnet": { | |
| "DependsOn": ["VPC"], | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { | |
| "Ref": "VPC" }, | |
| "CidrBlock": { | |
| "Fn::FindInMap": ["CIDR", "Public", "SubnetConfig"] | |
| }, | |
| "Tags": [ | |
| {"Key": "Application", "Value": { "Ref": "AWS::StackName"}}, | |
| {"Key": "Network", "Value": "Public"}, | |
| {"Key": "Name", "Value": "Public Subnet"} | |
| ] | |
| } | |
| }, | |
| "InternetGateway": { | |
| "Type": "AWS::EC2::InternetGateway", | |
| "Properties": { | |
| "Tags": [ | |
| {"Key": "Application", "Value": { "Ref": "AWS::StackName" }}, | |
| {"Key": "Network", "Value": "Public"} | |
| ] | |
| } | |
| }, | |
| "GatewayToInternet": { | |
| "DependsOn": ["VPC", "InternetGateway"], | |
| "Type": "AWS::EC2::VPCGatewayAttachment", | |
| "Properties": { | |
| "VpcId": { "Ref": "VPC" }, | |
| "InternetGatewayId": { "Ref": "InternetGateway" } | |
| } | |
| }, | |
| "PublicRouteTable": { | |
| "DependsOn": ["VPC"], | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { "Ref": "VPC" }, | |
| "Tags": [ | |
| { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, | |
| { "Key": "Network", "Value": "Public" } | |
| ] | |
| } | |
| }, | |
| "PublicRoute": { | |
| "DependsOn": ["PublicRouteTable", "InternetGateway"], | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PublicRouteTable" }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "GatewayId": { "Ref": "InternetGateway" } | |
| } | |
| }, | |
| "PublicSubnetRouteTableAssociation": { | |
| "DependsOn": ["PublicSubnet", "PublicRouteTable"], | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { "Ref": "PublicSubnet" }, | |
| "RouteTableId": { "Ref": "PublicRouteTable" } | |
| } | |
| }, | |
| "PrivateSubnet": { | |
| "DependsOn": ["VPC"], | |
| "Type": "AWS::EC2::Subnet", | |
| "Properties": { | |
| "VpcId": { "Ref": "VPC" }, | |
| "CidrBlock": { "Fn::FindInMap": [ "SubnetConfig", "Private", "CIDR" ]}, | |
| "Tags": [ | |
| { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, | |
| { "Key": "Network", "Value": "Private" }, | |
| { "Key": "Name", "Value": "Private Subnet" } | |
| ] | |
| } | |
| }, | |
| "PrivateRouteTable": { | |
| "DependsOn": ["VPC"], | |
| "Type": "AWS::EC2::RouteTable", | |
| "Properties": { | |
| "VpcId": { "Ref": "VPC" }, | |
| "Tags": [ | |
| { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, | |
| { "Key": "Network", "Value": "Private" } | |
| ] | |
| } | |
| }, | |
| "PrivateSubnetRouteTableAssociation": { | |
| "DependsOn": ["PrivateSubnet", "PrivateRouteTable"], | |
| "Type": "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties": { | |
| "SubnetId": { "Ref": "PrivateSubnet" }, | |
| "RouteTableId": { "Ref": "PrivateRouteTable" } | |
| } | |
| }, | |
| "NatSecurityGroup": { | |
| "DependsOn": ["VPC"], | |
| "Type": "AWS::EC2::SecurityGroup", | |
| "Properties": { | |
| "GroupDescription": "NAT Security Group", | |
| "VpcId": { "Ref": "VPC" }, | |
| "SecurityGroupIngress": [{ | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "CidrIp": { "Ref": "ServerAccess" } | |
| },{ | |
| "IpProtocol": "tcp", | |
| "FromPort": "3389", | |
| "ToPort": "3389", | |
| "CidrIp": { "Ref": "ServerAccess" } | |
| }], | |
| "Tags": [ | |
| { "Key": "Name", "Value": "NAT Security Group" } | |
| ] | |
| } | |
| }, | |
| "NatSecurityGroupIngress1": { | |
| "DependsOn": ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "icmp", | |
| "FromPort": "-1", | |
| "ToPort": "-1", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress22": { | |
| "DependsOn": ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "22", | |
| "ToPort": "22", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress3389": { | |
| "DependsOn": ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "3389", | |
| "ToPort": "3389", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress80": { | |
| "DependsOn": ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "80", | |
| "ToPort": "80", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NatSecurityGroupIngress443": { | |
| "DependsOn": ["NatSecurityGroup"], | |
| "Type": "AWS::EC2::SecurityGroupIngress", | |
| "Properties": { | |
| "GroupId": { "Ref": "NatSecurityGroup" }, | |
| "IpProtocol": "tcp", | |
| "FromPort": "443", | |
| "ToPort": "443", | |
| "SourceSecurityGroupId": { "Ref": "NatSecurityGroup" } | |
| } | |
| }, | |
| "NAT": { | |
| "DependsOn": ["PublicSubnet", "NatSecurityGroup"], | |
| "Type": "AWS::EC2::Instance", | |
| "Properties": { | |
| "InstanceType": "t2.micro", | |
| "KeyName": { "Ref": "KeyPairName" }, | |
| "SourceDestCheck": "false", | |
| "ImageId": { "Fn::FindInMap": [ "NatRegionMap", { "Ref": "AWS::Region" }, "AMI" ]}, | |
| "NetworkInterfaces": [{ | |
| "GroupSet": [{ "Ref": "NatSecurityGroup" }], | |
| "AssociatePublicIpAddress": "true", | |
| "DeviceIndex": "0", | |
| "DeleteOnTermination": "true", | |
| "SubnetId": { "Ref": "PublicSubnet" } | |
| }], | |
| "Tags": [ | |
| { "Key": "Name", "Value": "NAT" } | |
| ], | |
| "UserData": { | |
| "Fn::Base64": { | |
| "Fn::Join": [ | |
| "", | |
| [ | |
| "#!/bin/bash\n", | |
| "yum update -y && yum install -y yum-cron && chkconfig yum-cron on" | |
| ] | |
| ] | |
| } | |
| } | |
| } | |
| }, | |
| "PrivateRoute": { | |
| "DependsOn": ["PrivateRouteTable", "NAT"], | |
| "Type": "AWS::EC2::Route", | |
| "Properties": { | |
| "RouteTableId": { "Ref": "PrivateRouteTable" }, | |
| "DestinationCidrBlock": "0.0.0.0/0", | |
| "InstanceId": { "Ref": "NAT" } | |
| } | |
| } | |
| }, | |
| "Outputs": { | |
| "NATIP": { | |
| "Description": "NAT IP address", | |
| "Value": { "Fn::GetAtt": [ "NAT", "PublicIp" ] } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment