kevinslin · April 16, 2024 00:25
diff --git a/nimbus.privatelink.aws.yaml b/nimbus.privatelink.aws.yaml
 AWSTemplateFormatVersion: '2010-09-09'
 Description: CloudFormation template to create an Interface VPC Endpoint for integration with Nimbus Ingestion.

 Parameters:
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: The ID of the VPC (us-east-1) in which the endpoint and dependant resources will be created.
  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
    Description: "List of Subnet IDs where the endpoint will be available."
  SecurityGroupId:
    Type: String
    Default: ""
    Description: Optional Security Group ID. If not provided, a new Security Group will be created.
  EndpointTrustedCidr:
    Type: String
    Description: Ignored if SecurityGroupId is provided. The CIDR block of the network allowed to access the endpoint.
    Default: "0.0.0.0/0"

 Conditions:
  CreateSecurityGroup:
    !Equals [ !Ref SecurityGroupId, "" ]

 Resources:
  NimbusEndpointSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Condition: CreateSecurityGroup
    Properties:
      GroupDescription: Security group for VPC Endpoint to Nimbus Ingestion
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: -1
          FromPort: -1
          ToPort: -1
          CidrIp: !Ref EndpointTrustedCidr
      SecurityGroupEgress:
        - IpProtocol: -1
          FromPort: -1
          ToPort: -1
          CidrIp: "0.0.0.0/0"
      Tags:
        - Key: integration
          Value: privatelink
        - Key: vendor
          Value: nimbus
        - Key: managed-by
          Value: cloudformation

  NimbusVpcEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      VpcId: !Ref VpcId
      ServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-05962c4fdfc9ff11a"
      VpcEndpointType: Interface
      SubnetIds: !Ref SubnetIds
      PrivateDnsEnabled: true
      SecurityGroupIds:
        - !If [ CreateSecurityGroup, !Ref NimbusEndpointSecurityGroup, !Ref SecurityGroupId ]

 Outputs:
  VpcEndpointId:
    Description: The ID of the created VPC Endpoint
    Value: !Ref NimbusVpcEndpoint
	AWSTemplateFormatVersion: '2010-09-09'
	Description: CloudFormation template to create an Interface VPC Endpoint for integration with Nimbus Ingestion.

	Parameters:
	VpcId:
	Type: AWS::EC2::VPC::Id
	Description: The ID of the VPC (us-east-1) in which the endpoint and dependant resources will be created.
	SubnetIds:
	Type: List<AWS::EC2::Subnet::Id>
	Description: "List of Subnet IDs where the endpoint will be available."
	SecurityGroupId:
	Type: String
	Default: ""
	Description: Optional Security Group ID. If not provided, a new Security Group will be created.
	EndpointTrustedCidr:
	Type: String
	Description: Ignored if SecurityGroupId is provided. The CIDR block of the network allowed to access the endpoint.
	Default: "0.0.0.0/0"

	Conditions:
	CreateSecurityGroup:
	!Equals [ !Ref SecurityGroupId, "" ]

	Resources:
	NimbusEndpointSecurityGroup:
	Type: AWS::EC2::SecurityGroup
	Condition: CreateSecurityGroup
	Properties:
	GroupDescription: Security group for VPC Endpoint to Nimbus Ingestion
	VpcId: !Ref VpcId
	SecurityGroupIngress:
	- IpProtocol: -1
	FromPort: -1
	ToPort: -1
	CidrIp: !Ref EndpointTrustedCidr
	SecurityGroupEgress:
	- IpProtocol: -1
	FromPort: -1
	ToPort: -1
	CidrIp: "0.0.0.0/0"
	Tags:
	- Key: integration
	Value: privatelink
	- Key: vendor
	Value: nimbus
	- Key: managed-by
	Value: cloudformation

	NimbusVpcEndpoint:
	Type: AWS::EC2::VPCEndpoint
	Properties:
	VpcId: !Ref VpcId
	ServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-05962c4fdfc9ff11a"
	VpcEndpointType: Interface
	SubnetIds: !Ref SubnetIds
	PrivateDnsEnabled: true
	SecurityGroupIds:
	- !If [ CreateSecurityGroup, !Ref NimbusEndpointSecurityGroup, !Ref SecurityGroupId ]

	Outputs:
	VpcEndpointId:
	Description: The ID of the created VPC Endpoint
	Value: !Ref NimbusVpcEndpoint