Skip to content

Instantly share code, notes, and snippets.

@moosh3

moosh3/0nodegroup

Last active January 26, 2020 00:07
Show Gist options
  • Save moosh3/27cc7adaed1258f9c1daf373173e7deb to your computer and use it in GitHub Desktop.
Save moosh3/27cc7adaed1258f9c1daf373173e7deb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0nodegroup
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html
Raw
documentdb.yaml
Description: "AWS CloudFormation Sample Template DocumentDB_Quick_Create: Sample template showing how to create a DocumentDB DB cluster and DB instance. **WARNING** This template creates an Amazon DocumentDB resources and you will be billed for the AWS resources used if you create a stack from this template."
Parameters:
DBClusterName:
Default: "MyCluster"
Description : "Cluster name"
Type: "String"
MinLength: "1"
MaxLength: "64"
AllowedPattern : "[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*"
ConstraintDescription : "Must begin with a letter and contain only alphanumeric characters."
DBInstanceName:
Default: "MyInstance"
Description : "Instance name"
Type: "String"
MinLength: "1"
MaxLength: "64"
AllowedPattern : "[a-zA-Z][a-zA-Z0-9]*(-[a-zA-Z0-9]+)*"
ConstraintDescription : "Must begin with a letter and contain only alphanumeric characters."
MasterUser:
NoEcho: "true"
Description : "The database admin account username"
Type: "String"
MinLength: "1"
MaxLength: "16"
AllowedPattern: "[a-zA-Z][a-zA-Z0-9]*"
ConstraintDescription : "Must begin with a letter and contain only alphanumeric characters."
MasterPassword:
NoEcho: "true"
Description : "The database admin account password"
Type: "String"
MinLength: "1"
MaxLength: "41"
AllowedPattern : "[a-zA-Z0-9]+"
ConstraintDescription : "must contain only alphanumeric characters."
DBInstanceClass:
Description : "Instance class. Please refer to: https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-classes-by-region"
Type: "String"
AllowedValues:
- db.r4.large
- db.r4.xlarge
- db.r4.2xlarge
- db.r4.4xlarge
- db.r4.8xlarge
- db.r4.16xlarge
- db.r5.large
- db.r5.xlarge
- db.r5.2xlarge
- db.r5.4xlarge
- db.r5.12xlarge
- db.r5.24xlarge
ConstraintDescription : "Instance type must be of the ones supported for the region. Please refer to: https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-classes-by-region"
Resources:
DBCluster:
Type: "AWS::DocDB::DBCluster"
DeletionPolicy: Delete
Properties:
DBClusterIdentifier: !Ref DBClusterName
MasterUsername: !Ref MasterUser
MasterUserPassword: !Ref MasterPassword
DBInstance:
Type: "AWS::DocDB::DBInstance"
Properties:
DBClusterIdentifier: !Ref DBCluster
DBInstanceIdentifier: !Ref DBInstanceName
DBInstanceClass: !Ref DBInstanceClass
DependsOn: DBCluster
Outputs:
ClusterId:
Value: !Ref DBCluster
ClusterEndpoint:
Value: !GetAtt DBCluster.Endpoint
ClusterReadEndpoint:
Value: !GetAtt DBCluster.ReadEndpoint
ClusterPort:
Value: !GetAtt DBCluster.Port
InstanceId:
Value: !Ref DBInstance
InstancePort:
Value: !GetAtt DBInstance.Port
InstanceEndpoint:
Value: !GetAtt DBInstance.Endpoint
Raw
eks.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Amazon EKS - Node Group'
Parameters:
VPCStack:
Type: String
Description: VPC Stack Name
Resources:
#
# IAM Role needed by the cluster
#
ClusterRole:
Description: Allows EKS to manage clusters on your behalf.
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
- arn:aws:iam::aws:policy/AmazonEKSServicePolicy
ClusterControlPlaneSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
VpcId:
Fn::ImportValue:
!Sub "${VPCStack}-VPCID"
Cluster:
Type: "AWS::EKS::Cluster"
Properties:
Version: "1.10"
RoleArn: !GetAtt ClusterRole.Arn
ResourcesVpcConfig:
SecurityGroupIds:
- !Ref ClusterControlPlaneSecurityGroup
SubnetIds:
- Fn::ImportValue:
!Sub "${VPCStack}-PublicSubnet1ID"
- Fn::ImportValue:
!Sub "${VPCStack}-PublicSubnet2ID"
Outputs:
ClusterName:
Value: !Ref Cluster
Description: Cluster Name
Export:
Name:
Fn::Sub: "${AWS::StackName}-ClusterName"
ClusterArn:
Value: !GetAtt Cluster.Arn
Description: Cluster Arn
Export:
Name:
Fn::Sub: "${AWS::StackName}-ClusterArn"
ClusterEndpoint:
Value: !GetAtt Cluster.Endpoint
Description: Cluster Endpoint
Export:
Name:
Fn::Sub: "${AWS::StackName}-ClusterEndpoint"
ClusterControlPlaneSecurityGroup:
Value: !Ref ClusterControlPlaneSecurityGroup
Description: ClusterControlPlaneSecurityGroup
Export:
Name:
Fn::Sub: "${AWS::StackName}-ClusterControlPlaneSecurityGroup"
Raw
enable-cloudtrail.yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Enable AWS CloudTrail. This template creates a CloudTrail trail, an Amazon S3 bucket where logs are published, and an Amazon SNS topic where notifications are sent.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Trail Configuration
Parameters:
- EnableLogFileValidation
- IncludeGlobalEvents
- MultiRegion
- Label:
default: Delivery Notifications
Parameters:
- PublishToTopic
- NotificationEmail
ParameterLabels:
EnableLogFileValidation:
default: Enable log file validation
IncludeGlobalEvents:
default: Include global service events
MultiRegion:
default: Is this a multi-region trail
PublishToTopic:
default: Send notifications to SNS
NotificationEmail:
default: Notification Email (optional)
Parameters:
EnableLogFileValidation:
Type: String
Default: False
Description: Indicates whether CloudTrail validates the integrity of log files.
AllowedValues:
- True
- False
IncludeGlobalEvents:
Type: String
Default: False
Description: Indicates whether the trail is publishing events from global services, such as IAM, to the log files.
AllowedValues:
- True
- False
MultiRegion:
Type: String
Default: False
Description: Indicates whether the CloudTrail trail is created in the region in which you create the stack (false) or in all regions (true).
AllowedValues:
- True
- False
PublishToTopic:
Type: String
Default: False
Description: Indicates whether notifications are published to SNS.
AllowedValues:
- True
- False
NotificationEmail:
Type: String
Default: ''
Description: Email address for notifications (for new topics).
Conditions:
IsMultiRegion: !Equals
- !Ref MultiRegion
- True
Publish: !Equals
- !Ref PublishToTopic
- True
CreateSubscription: !And
- !Condition Publish
- !Not
- !Equals
- !Ref NotificationEmail
- ''
Resources:
TrailBucket:
DeletionPolicy: Retain
Type: AWS::S3::Bucket
TrailBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref TrailBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AWSTrailBucketPermissionsCheck
Effect: Allow
Principal:
Service:
- cloudtrail.amazonaws.com
Action: s3:GetBucketAcl
Resource:
- !Sub "arn:aws:s3:::${TrailBucket}"
- Sid: AWSTrailBucketDelivery
Effect: Allow
Principal:
Service:
- cloudtrail.amazonaws.com
Action: s3:PutObject
Resource: !Sub "arn:aws:s3:::${TrailBucket}/AWSLogs/${AWS::AccountId}/*"
TrailTopic:
Condition: Publish
Type: AWS::SNS::Topic
Properties:
DisplayName: AWS CloudTrail Notification Topic
TrailTopicPolicy:
Condition: Publish
Type: AWS::SNS::TopicPolicy
Properties:
Topics:
- !Ref TrailTopic
PolicyDocument:
Statement:
- Sid: AWSCloudTrailSNSPolicy
Action:
- sns:Publish
Effect: Allow
Resource: !Ref TrailTopic
Principal:
Service:
- cloudtrail.amazonaws.com
EmailNotification:
Condition: CreateSubscription
Type: AWS::SNS::Subscription
Properties:
Endpoint: !Ref NotificationEmail
Protocol: email
TopicArn: !Ref TrailTopic
Trail:
DependsOn:
- TrailBucketPolicy
Type: AWS::CloudTrail::Trail
Properties:
S3BucketName: !Ref TrailBucket
SnsTopicName: !If
- Publish
- !GetAtt TrailTopic.TopicName
- !Ref AWS::NoValue
IsLogging: true
EnableLogFileValidation: !Ref EnableLogFileValidation
IncludeGlobalServiceEvents: !If
- IsMultiRegion
- true
- !Ref IncludeGlobalEvents
IsMultiRegionTrail: !Ref MultiRegion
Raw
iam.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation Sample Template IAM_Users_Groups_and_Policies: Sample
template showing how to create IAM users, groups and policies. It creates a single
user that is a member of a users group and an admin group. The groups each have
different IAM policies associated with them. Note: This example also creates an
AWSAccessKeyId/AWSSecretKey pair associated with the new user. The example is somewhat
contrived since it creates all of the users and groups, typically you would be creating
policies, users and/or groups that contain referemces to existing users or groups
in your environment. Note that you will need to specify the CAPABILITY_IAM flag
when you create the stack to allow this template to execute. You can do this through
the AWS management console by clicking on the check box acknowledging that you understand
this template creates IAM resources or by specifying the CAPABILITY_IAM flag to
the cfn-create-stack command line tool or CreateStack API call. '
Parameters:
Password:
NoEcho: 'true'
Type: String
Description: New account password
MinLength: '1'
MaxLength: '41'
ConstraintDescription: the password must be between 1 and 41 characters
Resources:
CFNUser:
Type: AWS::IAM::User
Properties:
LoginProfile:
Password:
Ref: Password
CFNUserGroup:
Type: AWS::IAM::Group
CFNAdminGroup:
Type: AWS::IAM::Group
Users:
Type: AWS::IAM::UserToGroupAddition
Properties:
GroupName:
Ref: CFNUserGroup
Users:
- Ref: CFNUser
Admins:
Type: AWS::IAM::UserToGroupAddition
Properties:
GroupName:
Ref: CFNAdminGroup
Users:
- Ref: CFNUser
CFNUserPolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: CFNUsers
PolicyDocument:
Statement:
- Effect: Allow
Action:
- cloudformation:Describe*
- cloudformation:List*
- cloudformation:Get*
Resource: "*"
Groups:
- Ref: CFNUserGroup
CFNAdminPolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: CFNAdmins
PolicyDocument:
Statement:
- Effect: Allow
Action: cloudformation:*
Resource: "*"
Groups:
- Ref: CFNAdminGroup
CFNKeys:
Type: AWS::IAM::AccessKey
Properties:
UserName:
Ref: CFNUser
Outputs:
AccessKey:
Value:
Ref: CFNKeys
Description: AWSAccessKeyId of new user
SecretKey:
Value:
Fn::GetAtt:
- CFNKeys
- SecretAccessKey
Description: AWSSecretKey of new user
Raw
mfa-config-check.yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Enables an AWS Config rule to check whether the root user of your AWS account requires multi-factor authentication for console sign-in.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Configuration
- Parameters:
- Frequency
ParameterLabels:
- Frequency:
default: Frequency
Parameters:
Frequency:
Type: String
Default: 24hours
Description: Maximum rule execution frequency.
AllowedValues:
- 1hour
- 3hours
- 6hours
- 12hours
- 24hours
Mappings:
Settings:
FrequencyMap:
1hour : One_Hour
3hours : Three_Hours
6hours : Six_Hours
12hours : Twelve_Hours
24hours : TwentyFour_Hours
Resources:
CheckForRootMFA:
Type: AWS::Config::ConfigRule
Properties:
Description: Checks whether the root user of your AWS account requires multi-factor authentication for console sign-in.
MaximumExecutionFrequency: !FindInMap
- Settings
- FrequencyMap
- !Ref Frequency
Source:
Owner: AWS
SourceIdentifier: ROOT_ACCOUNT_MFA_ENABLED
Raw
nodegroup.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Amazon EKS - Node Group'
Parameters:
KeyName:
Description: The EC2 Key Pair to allow SSH access to the instances
Type: AWS::EC2::KeyPair::KeyName
VPCStack:
Type: String
Description: VPC Stack Name
ClusterStack:
Type: String
Description: Cluster Stack Name
NodeImageId:
Type: AWS::EC2::Image::Id
Description: AMI id for the node instances.
Default: ami-dea4d5a1
NodeInstanceType:
Description: EC2 instance type for the node instances
Type: String
Default: t2.medium
AllowedValues:
- t2.small
- t2.medium
- t2.large
- t2.xlarge
- t2.2xlarge
- m3.medium
- m3.large
- m3.xlarge
- m3.2xlarge
- m4.large
- m4.xlarge
- m4.2xlarge
- m4.4xlarge
- m4.10xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.12xlarge
- m5.24xlarge
- c4.large
- c4.xlarge
- c4.2xlarge
- c4.4xlarge
- c4.8xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.18xlarge
- i3.large
- i3.xlarge
- i3.2xlarge
- i3.4xlarge
- i3.8xlarge
- i3.16xlarge
- r3.xlarge
- r3.2xlarge
- r3.4xlarge
- r3.8xlarge
- r4.large
- r4.xlarge
- r4.2xlarge
- r4.4xlarge
- r4.8xlarge
- r4.16xlarge
- x1.16xlarge
- x1.32xlarge
- p2.xlarge
- p2.8xlarge
- p2.16xlarge
- p3.2xlarge
- p3.8xlarge
- p3.16xlarge
ConstraintDescription: must be a valid EC2 instance type
NodeAutoScalingGroupMinSize:
Type: Number
Description: Minimum size of Node Group ASG.
Default: 1
NodeAutoScalingGroupMaxSize:
Type: Number
Description: Maximum size of Node Group ASG.
Default: 3
ClusterName:
Description: The cluster name provided when the cluster was created. If it is incorrect, nodes will not be able to join the cluster.
Type: String
NodeGroupName:
Description: Unique identifier for the Node Group.
Type: String
Default: 'one'
Mappings:
MaxPodsPerNode:
c4.large:
MaxPods: 29
c4.xlarge:
MaxPods: 58
c4.2xlarge:
MaxPods: 58
c4.4xlarge:
MaxPods: 234
c4.8xlarge:
MaxPods: 234
c5.large:
MaxPods: 29
c5.xlarge:
MaxPods: 58
c5.2xlarge:
MaxPods: 58
c5.4xlarge:
MaxPods: 234
c5.9xlarge:
MaxPods: 234
c5.18xlarge:
MaxPods: 737
i3.large:
MaxPods: 29
i3.xlarge:
MaxPods: 58
i3.2xlarge:
MaxPods: 58
i3.4xlarge:
MaxPods: 234
i3.8xlarge:
MaxPods: 234
i3.16xlarge:
MaxPods: 737
m3.medium:
MaxPods: 12
m3.large:
MaxPods: 29
m3.xlarge:
MaxPods: 58
m3.2xlarge:
MaxPods: 118
m4.large:
MaxPods: 20
m4.xlarge:
MaxPods: 58
m4.2xlarge:
MaxPods: 58
m4.4xlarge:
MaxPods: 234
m4.10xlarge:
MaxPods: 234
m5.large:
MaxPods: 29
m5.xlarge:
MaxPods: 58
m5.2xlarge:
MaxPods: 58
m5.4xlarge:
MaxPods: 234
m5.12xlarge:
MaxPods: 234
m5.24xlarge:
MaxPods: 737
p2.xlarge:
MaxPods: 58
p2.8xlarge:
MaxPods: 234
p2.16xlarge:
MaxPods: 234
p3.2xlarge:
MaxPods: 58
p3.8xlarge:
MaxPods: 234
p3.16xlarge:
MaxPods: 234
r3.xlarge:
MaxPods: 58
r3.2xlarge:
MaxPods: 58
r3.4xlarge:
MaxPods: 234
r3.8xlarge:
MaxPods: 234
r4.large:
MaxPods: 29
r4.xlarge:
MaxPods: 58
r4.2xlarge:
MaxPods: 58
r4.4xlarge:
MaxPods: 234
r4.8xlarge:
MaxPods: 234
r4.16xlarge:
MaxPods: 737
t2.small:
MaxPods: 8
t2.medium:
MaxPods: 17
t2.large:
MaxPods: 35
t2.xlarge:
MaxPods: 44
t2.2xlarge:
MaxPods: 44
x1.16xlarge:
MaxPods: 234
x1.32xlarge:
MaxPods: 234
Resources:
NodeInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref NodeInstanceRole
NodeInstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
NodeSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for all nodes in the cluster
VpcId:
Fn::ImportValue:
!Sub "${VPCStack}-VPCID"
Tags:
- Key: !Sub "kubernetes.io/cluster/${ClusterName}"
Value: 'owned'
NodeSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: NodeSecurityGroup
Properties:
Description: Allow node to communicate with each other
GroupId: !Ref NodeSecurityGroup
SourceSecurityGroupId: !Ref NodeSecurityGroup
IpProtocol: '-1'
FromPort: 0
ToPort: 65535
NodeSecurityGroupFromControlPlaneIngress:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: NodeSecurityGroup
Properties:
Description: Allow worker Kubelets and pods to receive communication from the cluster control plane
GroupId: !Ref NodeSecurityGroup
SourceSecurityGroupId:
Fn::ImportValue:
!Sub "${ClusterStack}-ClusterControlPlaneSecurityGroup"
IpProtocol: tcp
FromPort: 1025
ToPort: 65535
ControlPlaneEgressToNodeSecurityGroup:
Type: AWS::EC2::SecurityGroupEgress
DependsOn: NodeSecurityGroup
Properties:
Description: Allow the cluster control plane to communicate with worker Kubelet and pods
GroupId:
Fn::ImportValue:
!Sub "${ClusterStack}-ClusterControlPlaneSecurityGroup"
DestinationSecurityGroupId: !Ref NodeSecurityGroup
IpProtocol: tcp
FromPort: 1025
ToPort: 65535
ClusterControlPlaneSecurityGroupIngress:
Type: AWS::EC2::SecurityGroupIngress
DependsOn: NodeSecurityGroup
Properties:
Description: Allow pods to communicate with the cluster API Server
GroupId:
Fn::ImportValue:
!Sub "${ClusterStack}-ClusterControlPlaneSecurityGroup"
SourceSecurityGroupId: !Ref NodeSecurityGroup
IpProtocol: tcp
ToPort: 443
FromPort: 443
NodeGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
DesiredCapacity: !Ref NodeAutoScalingGroupMaxSize
LaunchConfigurationName: !Ref NodeLaunchConfig
MinSize: !Ref NodeAutoScalingGroupMinSize
MaxSize: !Ref NodeAutoScalingGroupMaxSize
VPCZoneIdentifier:
- Fn::ImportValue:
!Sub "${VPCStack}-PublicSubnet1ID"
- Fn::ImportValue:
!Sub "${VPCStack}-PublicSubnet2ID"
Tags:
- Key: Name
Value: !Sub "${ClusterName}-${NodeGroupName}-Node"
PropagateAtLaunch: 'true'
- Key: !Sub 'kubernetes.io/cluster/${ClusterName}'
Value: 'owned'
PropagateAtLaunch: 'true'
UpdatePolicy:
AutoScalingRollingUpdate:
MinInstancesInService: '1'
MaxBatchSize: '1'
NodeLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
AssociatePublicIpAddress: 'true'
IamInstanceProfile: !Ref NodeInstanceProfile
ImageId: !Ref NodeImageId
InstanceType: !Ref NodeInstanceType
KeyName: !Ref KeyName
SecurityGroups:
- !Ref NodeSecurityGroup
UserData:
Fn::Base64:
Fn::Join: [
"",
[
"#!/bin/bash -xe\n",
"CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki", "\n",
"CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt", "\n",
"MODEL_DIRECTORY_PATH=~/.aws/eks", "\n",
"MODEL_FILE_PATH=$MODEL_DIRECTORY_PATH/eks-2017-11-01.normal.json", "\n",
"mkdir -p $CA_CERTIFICATE_DIRECTORY", "\n",
"mkdir -p $MODEL_DIRECTORY_PATH", "\n",
"curl -o $MODEL_FILE_PATH https://s3-us-west-2.amazonaws.com/amazon-eks/1.10.3/2018-06-05/eks-2017-11-01.normal.json", "\n",
"aws configure add-model --service-model file://$MODEL_FILE_PATH --service-name eks", "\n",
"aws eks describe-cluster --region=", { Ref: "AWS::Region" }," --name=", { Ref: ClusterName }," --query 'cluster.{certificateAuthorityData: certificateAuthority.data, endpoint: endpoint}' > /tmp/describe_cluster_result.json", "\n",
"cat /tmp/describe_cluster_result.json | grep certificateAuthorityData | awk '{print $2}' | sed 's/[,\"]//g' | base64 -d > $CA_CERTIFICATE_FILE_PATH", "\n",
"MASTER_ENDPOINT=$(cat /tmp/describe_cluster_result.json | grep endpoint | awk '{print $2}' | sed 's/[,\"]//g')", "\n",
"INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)", "\n",
"sed -i s,MASTER_ENDPOINT,$MASTER_ENDPOINT,g /var/lib/kubelet/kubeconfig", "\n",
"sed -i s,CLUSTER_NAME,", { Ref: ClusterName }, ",g /var/lib/kubelet/kubeconfig", "\n",
"sed -i s,REGION,", { Ref: "AWS::Region" }, ",g /etc/systemd/system/kubelet.service", "\n",
"sed -i s,MAX_PODS,", { "Fn::FindInMap": [ MaxPodsPerNode, { Ref: NodeInstanceType }, MaxPods ] }, ",g /etc/systemd/system/kubelet.service", "\n",
"sed -i s,MASTER_ENDPOINT,$MASTER_ENDPOINT,g /etc/systemd/system/kubelet.service", "\n",
"sed -i s,INTERNAL_IP,$INTERNAL_IP,g /etc/systemd/system/kubelet.service", "\n",
"DNS_CLUSTER_IP=10.100.0.10", "\n",
"if [[ $INTERNAL_IP == 10.* ]] ; then DNS_CLUSTER_IP=172.20.0.10; fi", "\n",
"sed -i s,DNS_CLUSTER_IP,$DNS_CLUSTER_IP,g /etc/systemd/system/kubelet.service", "\n",
"sed -i s,CERTIFICATE_AUTHORITY_FILE,$CA_CERTIFICATE_FILE_PATH,g /var/lib/kubelet/kubeconfig" , "\n",
"sed -i s,CLIENT_CA_FILE,$CA_CERTIFICATE_FILE_PATH,g /etc/systemd/system/kubelet.service" , "\n",
"systemctl daemon-reload", "\n",
"systemctl restart kubelet", "\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { Ref: "AWS::StackName" },
" --resource NodeGroup ",
" --region ", { Ref: "AWS::Region" }, "\n"
]
]
Outputs:
NodeInstanceRole:
Description: The node instance role
Value: !GetAtt NodeInstanceRole.Arn
Raw
sqs.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS CloudFormation Sample Template SQS_With_CloudWatch_Alarms: Sample
template showing how to create an SQS queue with AWS CloudWatch alarms on queue
depth. **WARNING** This template creates an Amazon SQS Queue and one or more Amazon
CloudWatch alarms. You will be billed for the AWS resources used if you create a
stack from this template.'
Parameters:
AlarmEMail:
Description: EMail address to notify if there are any operational issues
Type: String
AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)"
ConstraintDescription: must be a valid email address.
Resources:
MyQueue:
Type: AWS::SQS::Queue
Properties: {}
AlarmTopic:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Endpoint:
Ref: AlarmEMail
Protocol: email
QueueDepthAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: Alarm if queue depth grows beyond 10 messages
Namespace: AWS/SQS
MetricName: ApproximateNumberOfMessagesVisible
Dimensions:
- Name: QueueName
Value:
Fn::GetAtt:
- MyQueue
- QueueName
Statistic: Sum
Period: '300'
EvaluationPeriods: '1'
Threshold: '10'
ComparisonOperator: GreaterThanThreshold
AlarmActions:
- Ref: AlarmTopic
InsufficientDataActions:
- Ref: AlarmTopic
Outputs:
QueueURL:
Description: URL of newly created SQS Queue
Value:
Ref: MyQueue
QueueARN:
Description: ARN of newly created SQS Queue
Value:
Fn::GetAtt:
- MyQueue
- Arn
QueueName:
Description: Name newly created SQS Queue
Value:
Fn::GetAtt:
- MyQueue
- QueueName
Raw
vpc.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: VPC
Parameters:
AvailabilityZones:
Description: 'List of Availability Zones to use for the subnets in the VPC. Note:
The logical order is preserved.'
Type: List<AWS::EC2::AvailabilityZone::Name>
Default: 'us-east-1a, us-east-1b'
CreateAdditionalPrivateSubnets:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: Set to true to create a network ACL protected subnet in each Availability
Zone. If false, the CIDR parameters for those subnets will be ignored. If true,
it also requires that the 'Create private subnets' parameter is also true to
have any effect.
Type: String
CreatePrivateSubnets:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: Set to false to create only public subnets. If false, the CIDR parameters
for ALL private subnets will be ignored.
Type: String
KeyPairName:
Description: Public/private key pairs allow you to securely connect to your NAT
instance after it launches. This is used only if the region does not support
NAT gateways.
Type: AWS::EC2::KeyPair::KeyName
NATInstanceType:
AllowedValues:
- t2.nano
- t2.micro
- t2.small
- t2.medium
- t2.large
- m3.medium
- m3.large
- m4.large
Default: t2.small
Description: Amazon EC2 instance type for the NAT instances. This is used only
if the region does not support NAT gateways.
Type: String
NumberOfAZs:
AllowedValues:
- '2'
- '3'
- '4'
Default: '2'
Description: Number of Availability Zones to use in the VPC. This must match your
selections in the list of Availability Zones parameter.
Type: String
PrivateSubnet1ACIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/19
Description: CIDR block for private subnet 1A located in Availability Zone 1
Type: String
PrivateSubnet1BCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.192.0/21
Description: CIDR block for private subnet 1B with dedicated network ACL located
in Availability Zone 1
Type: String
PrivateSubnet2ACIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.32.0/19
Description: CIDR block for private subnet 2A located in Availability Zone 2
Type: String
PrivateSubnet2BCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.200.0/21
Description: CIDR block for private subnet 2B with dedicated network ACL located
in Availability Zone 2
Type: String
PrivateSubnet3ACIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.64.0/19
Description: CIDR block for private subnet 3A located in Availability Zone 3
Type: String
PrivateSubnet3BCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.208.0/21
Description: CIDR block for private subnet 3B with dedicated network ACL located
in Availability Zone 3
Type: String
PrivateSubnet4ACIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.96.0/19
Description: CIDR block for private subnet 4A located in Availability Zone 4
Type: String
PrivateSubnet4BCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.216.0/21
Description: CIDR block for private subnet 4B with dedicated network ACL located
in Availability Zone 4
Type: String
PublicSubnet1CIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.128.0/20
Description: CIDR block for the public DMZ subnet 1 located in Availability Zone
1
Type: String
PublicSubnet2CIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.144.0/20
Description: CIDR block for the public DMZ subnet 2 located in Availability Zone
2
Type: String
PublicSubnet3CIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.160.0/20
Description: CIDR block for the public DMZ subnet 3 located in Availability Zone
3
Type: String
PublicSubnet4CIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.176.0/20
Description: CIDR block for the public DMZ subnet 4 located in Availability Zone
4
Type: String
VPCCIDR:
AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$"
ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28
Default: 10.0.0.0/16
Description: CIDR block for the VPC
Type: String
VPCTenancy:
AllowedValues:
- default
- dedicated
Default: default
Description: The allowed tenancy of instances launched into the VPC
Type: String
Mappings:
AWSAMIRegionMap:
AMI:
AWSNATHVM: amzn-ami-vpc-nat-hvm-2017.03.0.20170401-x86_64-ebs
us-gov-west-1:
AWSNATHVM: ami-3f0a8f5e
Conditions:
3AZCondition:
Fn::Or:
- Fn::Equals:
- Ref: NumberOfAZs
- '3'
- Condition: 4AZCondition
4AZCondition:
Fn::Equals:
- Ref: NumberOfAZs
- '4'
AdditionalPrivateSubnetsCondition:
Fn::And:
- Fn::Equals:
- Ref: CreatePrivateSubnets
- 'true'
- Fn::Equals:
- Ref: CreateAdditionalPrivateSubnets
- 'true'
AdditionalPrivateSubnets&3AZCondition:
Fn::And:
- Condition: AdditionalPrivateSubnetsCondition
- Condition: 3AZCondition
AdditionalPrivateSubnets&4AZCondition:
Fn::And:
- Condition: AdditionalPrivateSubnetsCondition
- Condition: 4AZCondition
GovCloudCondition:
Fn::Equals:
- Ref: AWS::Region
- us-gov-west-1
NATInstanceCondition:
Fn::And:
- Condition: PrivateSubnetsCondition
- Condition: GovCloudCondition
NATGatewayCondition:
Fn::And:
- Condition: PrivateSubnetsCondition
- Fn::Not:
- Condition: GovCloudCondition
NATInstance&3AZCondition:
Fn::And:
- Condition: NATInstanceCondition
- Condition: 3AZCondition
NATInstance&4AZCondition:
Fn::And:
- Condition: NATInstanceCondition
- Condition: 4AZCondition
NATGateway&3AZCondition:
Fn::And:
- Condition: NATGatewayCondition
- Condition: 3AZCondition
NATGateway&4AZCondition:
Fn::And:
- Condition: NATGatewayCondition
- Condition: 4AZCondition
NVirginiaRegionCondition:
Fn::Equals:
- Ref: AWS::Region
- us-east-1
PrivateSubnetsCondition:
Fn::Equals:
- Ref: CreatePrivateSubnets
- 'true'
PrivateSubnets&3AZCondition:
Fn::And:
- Condition: PrivateSubnetsCondition
- Condition: 3AZCondition
PrivateSubnets&4AZCondition:
Fn::And:
- Condition: PrivateSubnetsCondition
- Condition: 4AZCondition
S3VPCEndpointCondition:
Fn::And:
- Condition: PrivateSubnetsCondition
- Fn::Not:
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- us-gov-west-1
- Fn::Equals:
- Ref: AWS::Region
- cn-north-1
Resources:
DHCPOptions:
Type: AWS::EC2::DHCPOptions
Properties:
DomainName:
Fn::If:
- NVirginiaRegionCondition
- ec2.internal
- Fn::Join:
- ''
- - Ref: AWS::Region
- ".compute.internal"
DomainNameServers:
- AmazonProvidedDNS
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock:
Ref: VPCCIDR
InstanceTenancy:
Ref: VPCTenancy
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: Name
Value:
Ref: AWS::StackName
VPCDHCPOptionsAssociation:
Type: AWS::EC2::VPCDHCPOptionsAssociation
Properties:
VpcId:
Ref: VPC
DhcpOptionsId:
Ref: DHCPOptions
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value:
Ref: AWS::StackName
- Key: Network
Value: Public
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: VPC
InternetGatewayId:
Ref: InternetGateway
PrivateSubnet1A:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet1ACIDR
AvailabilityZone:
Fn::Select:
- '0'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 1A
- Key: Network
Value: Private
PrivateSubnet1B:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet1BCIDR
AvailabilityZone:
Fn::Select:
- '0'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 1B
- Key: Network
Value: Private
PrivateSubnet2A:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet2ACIDR
AvailabilityZone:
Fn::Select:
- '1'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 2A
- Key: Network
Value: Private
PrivateSubnet2B:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet2BCIDR
AvailabilityZone:
Fn::Select:
- '1'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 2B
- Key: Network
Value: Private
PrivateSubnet3A:
Condition: PrivateSubnets&3AZCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet3ACIDR
AvailabilityZone:
Fn::Select:
- '2'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 3A
- Key: Network
Value: Private
PrivateSubnet3B:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet3BCIDR
AvailabilityZone:
Fn::Select:
- '2'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 3B
- Key: Network
Value: Private
PrivateSubnet4A:
Condition: PrivateSubnets&4AZCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet4ACIDR
AvailabilityZone:
Fn::Select:
- '3'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 4A
- Key: Network
Value: Private
PrivateSubnet4B:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet4BCIDR
AvailabilityZone:
Fn::Select:
- '3'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Private subnet 4B
- Key: Network
Value: Private
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PublicSubnet1CIDR
AvailabilityZone:
Fn::Select:
- '0'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Public subnet 1
- Key: Network
Value: Public
MapPublicIpOnLaunch: true
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PublicSubnet2CIDR
AvailabilityZone:
Fn::Select:
- '1'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Public subnet 2
- Key: Network
Value: Public
MapPublicIpOnLaunch: true
PublicSubnet3:
Condition: 3AZCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PublicSubnet3CIDR
AvailabilityZone:
Fn::Select:
- '2'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Public subnet 3
- Key: Network
Value: Public
MapPublicIpOnLaunch: true
PublicSubnet4:
Condition: 4AZCondition
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PublicSubnet4CIDR
AvailabilityZone:
Fn::Select:
- '3'
- Ref: AvailabilityZones
Tags:
- Key: Name
Value: Public subnet 4
- Key: Network
Value: Public
MapPublicIpOnLaunch: true
PrivateSubnet1ARouteTable:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 1A
- Key: Network
Value: Private
PrivateSubnet1ARoute:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet1ARouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance1
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway1
- Ref: AWS::NoValue
PrivateSubnet1ARouteTableAssociation:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet1A
RouteTableId:
Ref: PrivateSubnet1ARouteTable
PrivateSubnet2ARouteTable:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 2A
- Key: Network
Value: Private
PrivateSubnet2ARoute:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet2ARouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance2
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway2
- Ref: AWS::NoValue
PrivateSubnet2ARouteTableAssociation:
Condition: PrivateSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet2A
RouteTableId:
Ref: PrivateSubnet2ARouteTable
PrivateSubnet3ARouteTable:
Condition: PrivateSubnets&3AZCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 3A
- Key: Network
Value: Private
PrivateSubnet3ARoute:
Condition: PrivateSubnets&3AZCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet3ARouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance3
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway3
- Ref: AWS::NoValue
PrivateSubnet3ARouteTableAssociation:
Condition: PrivateSubnets&3AZCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet3A
RouteTableId:
Ref: PrivateSubnet3ARouteTable
PrivateSubnet4ARouteTable:
Condition: PrivateSubnets&4AZCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 4A
- Key: Network
Value: Private
PrivateSubnet4ARoute:
Condition: PrivateSubnets&4AZCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet4ARouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance4
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway4
- Ref: AWS::NoValue
PrivateSubnet4ARouteTableAssociation:
Condition: PrivateSubnets&4AZCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet4A
RouteTableId:
Ref: PrivateSubnet4ARouteTable
PrivateSubnet1BRouteTable:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 1B
- Key: Network
Value: Private
PrivateSubnet1BRoute:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet1BRouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance1
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway1
- Ref: AWS::NoValue
PrivateSubnet1BRouteTableAssociation:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet1B
RouteTableId:
Ref: PrivateSubnet1BRouteTable
PrivateSubnet1BNetworkAcl:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::NetworkAcl
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: NACL Protected subnet 1
- Key: Network
Value: NACL Protected
PrivateSubnet1BNetworkAclEntryInbound:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'false'
NetworkAclId:
Ref: PrivateSubnet1BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet1BNetworkAclEntryOutbound:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
NetworkAclId:
Ref: PrivateSubnet1BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet1BNetworkAclAssociation:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId:
Ref: PrivateSubnet1B
NetworkAclId:
Ref: PrivateSubnet1BNetworkAcl
PrivateSubnet2BRouteTable:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 2B
- Key: Network
Value: Private
PrivateSubnet2BRoute:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet2BRouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance2
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway2
- Ref: AWS::NoValue
PrivateSubnet2BRouteTableAssociation:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet2B
RouteTableId:
Ref: PrivateSubnet2BRouteTable
PrivateSubnet2BNetworkAcl:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::NetworkAcl
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: NACL Protected subnet 2
- Key: Network
Value: NACL Protected
PrivateSubnet2BNetworkAclEntryInbound:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'false'
NetworkAclId:
Ref: PrivateSubnet2BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet2BNetworkAclEntryOutbound:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
NetworkAclId:
Ref: PrivateSubnet2BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet2BNetworkAclAssociation:
Condition: AdditionalPrivateSubnetsCondition
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId:
Ref: PrivateSubnet2B
NetworkAclId:
Ref: PrivateSubnet2BNetworkAcl
PrivateSubnet3BRouteTable:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 3B
- Key: Network
Value: Private
PrivateSubnet3BRoute:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet3BRouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance3
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway3
- Ref: AWS::NoValue
PrivateSubnet3BRouteTableAssociation:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet3B
RouteTableId:
Ref: PrivateSubnet3BRouteTable
PrivateSubnet3BNetworkAcl:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::NetworkAcl
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: NACL Protected subnet 3
- Key: Network
Value: NACL Protected
PrivateSubnet3BNetworkAclEntryInbound:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'false'
NetworkAclId:
Ref: PrivateSubnet3BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet3BNetworkAclEntryOutbound:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
NetworkAclId:
Ref: PrivateSubnet3BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet3BNetworkAclAssociation:
Condition: AdditionalPrivateSubnets&3AZCondition
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId:
Ref: PrivateSubnet3B
NetworkAclId:
Ref: PrivateSubnet3BNetworkAcl
PrivateSubnet4BRouteTable:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Private subnet 4B
- Key: Network
Value: Private
PrivateSubnet4BRoute:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateSubnet4BRouteTable
DestinationCidrBlock: 0.0.0.0/0
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance4
- Ref: AWS::NoValue
NatGatewayId:
Fn::If:
- NATGatewayCondition
- Ref: NATGateway4
- Ref: AWS::NoValue
PrivateSubnet4BRouteTableAssociation:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PrivateSubnet4B
RouteTableId:
Ref: PrivateSubnet4BRouteTable
PrivateSubnet4BNetworkAcl:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::NetworkAcl
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: NACL Protected subnet 4
- Key: Network
Value: NACL Protected
PrivateSubnet4BNetworkAclEntryInbound:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'false'
NetworkAclId:
Ref: PrivateSubnet4BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet4BNetworkAclEntryOutbound:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
NetworkAclId:
Ref: PrivateSubnet4BNetworkAcl
Protocol: "-1"
RuleAction: allow
RuleNumber: '100'
PrivateSubnet4BNetworkAclAssociation:
Condition: AdditionalPrivateSubnets&4AZCondition
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId:
Ref: PrivateSubnet4B
NetworkAclId:
Ref: PrivateSubnet4BNetworkAcl
PublicSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
PublicSubnetRoute:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PublicSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: InternetGateway
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PublicSubnet1
RouteTableId:
Ref: PublicSubnetRouteTable
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PublicSubnet2
RouteTableId:
Ref: PublicSubnetRouteTable
PublicSubnet3RouteTableAssociation:
Condition: 3AZCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PublicSubnet3
RouteTableId:
Ref: PublicSubnetRouteTable
PublicSubnet4RouteTableAssociation:
Condition: 4AZCondition
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId:
Ref: PublicSubnet4
RouteTableId:
Ref: PublicSubnetRouteTable
NAT1EIP:
Condition: PrivateSubnetsCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance1
- Ref: AWS::NoValue
NAT2EIP:
Condition: PrivateSubnetsCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance2
- Ref: AWS::NoValue
NAT3EIP:
Condition: PrivateSubnets&3AZCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance3
- Ref: AWS::NoValue
NAT4EIP:
Condition: PrivateSubnets&4AZCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId:
Fn::If:
- NATInstanceCondition
- Ref: NATInstance4
- Ref: AWS::NoValue
NATGateway1:
Condition: NATGatewayCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- NAT1EIP
- AllocationId
SubnetId:
Ref: PublicSubnet1
NATGateway2:
Condition: NATGatewayCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- NAT2EIP
- AllocationId
SubnetId:
Ref: PublicSubnet2
NATGateway3:
Condition: NATGateway&3AZCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- NAT3EIP
- AllocationId
SubnetId:
Ref: PublicSubnet3
NATGateway4:
Condition: NATGateway&4AZCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- NAT4EIP
- AllocationId
SubnetId:
Ref: PublicSubnet4
NATInstance1:
Condition: NATInstanceCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- AWSAMIRegionMap
- Ref: AWS::Region
- AWSNATHVM
InstanceType:
Ref: NATInstanceType
Tags:
- Key: Name
Value: NAT1
NetworkInterfaces:
- GroupSet:
- Ref: NATInstanceSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
DeleteOnTermination: 'true'
SubnetId:
Ref: PublicSubnet1
KeyName:
Fn::If:
- NATInstanceCondition
- Ref: KeyPairName
- Ref: AWS::NoValue
SourceDestCheck: 'false'
NATInstance2:
Condition: NATInstanceCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- AWSAMIRegionMap
- Ref: AWS::Region
- AWSNATHVM
InstanceType:
Ref: NATInstanceType
Tags:
- Key: Name
Value: NAT2
NetworkInterfaces:
- GroupSet:
- Ref: NATInstanceSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
DeleteOnTermination: 'true'
SubnetId:
Ref: PublicSubnet2
KeyName:
Fn::If:
- NATInstanceCondition
- Ref: KeyPairName
- Ref: AWS::NoValue
SourceDestCheck: 'false'
NATInstance3:
Condition: NATInstance&3AZCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- AWSAMIRegionMap
- Ref: AWS::Region
- AWSNATHVM
InstanceType:
Ref: NATInstanceType
Tags:
- Key: Name
Value: NAT3
NetworkInterfaces:
- GroupSet:
- Ref: NATInstanceSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
DeleteOnTermination: 'true'
SubnetId:
Ref: PublicSubnet3
KeyName:
Fn::If:
- NATInstanceCondition
- Ref: KeyPairName
- Ref: AWS::NoValue
SourceDestCheck: 'false'
NATInstance4:
Condition: NATInstance&4AZCondition
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- AWSAMIRegionMap
- Ref: AWS::Region
- AWSNATHVM
InstanceType:
Ref: NATInstanceType
Tags:
- Key: Name
Value: NAT4
NetworkInterfaces:
- GroupSet:
- Ref: NATInstanceSecurityGroup
AssociatePublicIpAddress: 'true'
DeviceIndex: '0'
DeleteOnTermination: 'true'
SubnetId:
Ref: PublicSubnet4
KeyName:
Fn::If:
- NATInstanceCondition
- Ref: KeyPairName
- Ref: AWS::NoValue
SourceDestCheck: 'false'
NATInstanceSecurityGroup:
Condition: NATInstanceCondition
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enables outbound internet access for the VPC via the NAT instances
VpcId:
Ref: VPC
SecurityGroupIngress:
- IpProtocol: "-1"
FromPort: '1'
ToPort: '65535'
CidrIp:
Ref: VPCCIDR
S3VPCEndpoint:
Condition: S3VPCEndpointCondition
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action: "*"
Effect: Allow
Resource: "*"
Principal: "*"
RouteTableIds:
- Ref: PrivateSubnet1ARouteTable
- Ref: PrivateSubnet2ARouteTable
- Fn::If:
- PrivateSubnets&3AZCondition
- Ref: PrivateSubnet3ARouteTable
- Ref: AWS::NoValue
- Fn::If:
- PrivateSubnets&4AZCondition
- Ref: PrivateSubnet4ARouteTable
- Ref: AWS::NoValue
- Fn::If:
- AdditionalPrivateSubnetsCondition
- Ref: PrivateSubnet1BRouteTable
- Ref: AWS::NoValue
- Fn::If:
- AdditionalPrivateSubnetsCondition
- Ref: PrivateSubnet2BRouteTable
- Ref: AWS::NoValue
- Fn::If:
- AdditionalPrivateSubnets&3AZCondition
- Ref: PrivateSubnet3BRouteTable
- Ref: AWS::NoValue
- Fn::If:
- AdditionalPrivateSubnets&4AZCondition
- Ref: PrivateSubnet4BRouteTable
- Ref: AWS::NoValue
ServiceName:
Fn::Join:
- ''
- - com.amazonaws.
- Ref: AWS::Region
- ".s3"
VpcId:
Ref: VPC
Outputs:
NAT1EIP:
Condition: PrivateSubnetsCondition
Description: NAT 1 IP address
Value:
Ref: NAT1EIP
Export:
Name:
Fn::Sub: "${AWS::StackName}-NAT1EIP"
NAT2EIP:
Condition: PrivateSubnetsCondition
Description: NAT 2 IP address
Value:
Ref: NAT2EIP
Export:
Name:
Fn::Sub: "${AWS::StackName}-NAT2EIP"
NAT3EIP:
Condition: PrivateSubnets&3AZCondition
Description: NAT 3 IP address
Value:
Ref: NAT3EIP
Export:
Name:
Fn::Sub: "${AWS::StackName}-NAT3EIP"
NAT4EIP:
Condition: PrivateSubnets&4AZCondition
Description: NAT 4 IP address
Value:
Ref: NAT4EIP
Export:
Name:
Fn::Sub: "${AWS::StackName}-NAT4EIP"
PrivateSubnet1ACIDR:
Condition: PrivateSubnetsCondition
Description: Private subnet 1A CIDR in Availability Zone 1
Value:
Ref: PrivateSubnet1ACIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet1ACIDR"
PrivateSubnet1AID:
Condition: PrivateSubnetsCondition
Description: Private subnet 1A ID in Availability Zone 1
Value:
Ref: PrivateSubnet1A
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet1AID"
PrivateSubnet1BCIDR:
Condition: AdditionalPrivateSubnetsCondition
Description: Private subnet 1B CIDR in Availability Zone 1
Value:
Ref: PrivateSubnet1BCIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet1BCIDR"
PrivateSubnet1BID:
Condition: AdditionalPrivateSubnetsCondition
Description: Private subnet 1B ID in Availability Zone 1
Value:
Ref: PrivateSubnet1B
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet1BID"
PrivateSubnet2ACIDR:
Condition: PrivateSubnetsCondition
Description: Private subnet 2A CIDR in Availability Zone 2
Value:
Ref: PrivateSubnet2ACIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet2ACIDR"
PrivateSubnet2AID:
Condition: PrivateSubnetsCondition
Description: Private subnet 2A ID in Availability Zone 2
Value:
Ref: PrivateSubnet2A
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet2AID"
PrivateSubnet2BCIDR:
Condition: AdditionalPrivateSubnetsCondition
Description: Private subnet 2B CIDR in Availability Zone 2
Value:
Ref: PrivateSubnet2BCIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet2BCIDR"
PrivateSubnet2BID:
Condition: AdditionalPrivateSubnetsCondition
Description: Private subnet 2B ID in Availability Zone 2
Value:
Ref: PrivateSubnet2B
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet2BID"
PrivateSubnet3ACIDR:
Condition: PrivateSubnets&3AZCondition
Description: Private subnet 3A CIDR in Availability Zone 3
Value:
Ref: PrivateSubnet3ACIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet3ACIDR"
PrivateSubnet3AID:
Condition: PrivateSubnets&3AZCondition
Description: Private subnet 3A ID in Availability Zone 3
Value:
Ref: PrivateSubnet3A
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet3AID"
PrivateSubnet3BCIDR:
Condition: AdditionalPrivateSubnets&3AZCondition
Description: Private subnet 3B CIDR in Availability Zone 3
Value:
Ref: PrivateSubnet3BCIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet3BCIDR"
PrivateSubnet3BID:
Condition: AdditionalPrivateSubnets&3AZCondition
Description: Private subnet 3B ID in Availability Zone 3
Value:
Ref: PrivateSubnet3B
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet3BID"
PrivateSubnet4ACIDR:
Condition: PrivateSubnets&4AZCondition
Description: Private subnet 4A CIDR in Availability Zone 4
Value:
Ref: PrivateSubnet4ACIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet4ACIDR"
PrivateSubnet4AID:
Condition: PrivateSubnets&4AZCondition
Description: Private subnet 4A ID in Availability Zone 4
Value:
Ref: PrivateSubnet4A
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet4AID"
PrivateSubnet4BCIDR:
Condition: AdditionalPrivateSubnets&4AZCondition
Description: Private subnet 4B CIDR in Availability Zone 4
Value:
Ref: PrivateSubnet4BCIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet4BCIDR"
PrivateSubnet4BID:
Condition: AdditionalPrivateSubnets&4AZCondition
Description: Private subnet 4B ID in Availability Zone 4
Value:
Ref: PrivateSubnet4B
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet4BID"
PublicSubnet1CIDR:
Description: Public subnet 1 CIDR in Availability Zone 1
Value:
Ref: PublicSubnet1CIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet1CIDR"
PublicSubnet1ID:
Description: Public subnet 1 ID in Availability Zone 1
Value:
Ref: PublicSubnet1
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet1ID"
PublicSubnet2CIDR:
Description: Public subnet 2 CIDR in Availability Zone 2
Value:
Ref: PublicSubnet2CIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet2CIDR"
PublicSubnet2ID:
Description: Public subnet 2 ID in Availability Zone 2
Value:
Ref: PublicSubnet2
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet2ID"
PublicSubnet3CIDR:
Condition: 3AZCondition
Description: Public subnet 3 CIDR in Availability Zone 3
Value:
Ref: PublicSubnet3CIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet3CIDR"
PublicSubnet3ID:
Condition: 3AZCondition
Description: Public subnet 3 ID in Availability Zone 3
Value:
Ref: PublicSubnet3
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet3ID"
PublicSubnet4CIDR:
Condition: 4AZCondition
Description: Public subnet 4 CIDR in Availability Zone 4
Value:
Ref: PublicSubnet4CIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet4CIDR"
PublicSubnet4ID:
Condition: 4AZCondition
Description: Public subnet 4 ID in Availability Zone 4
Value:
Ref: PublicSubnet4
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnet4ID"
S3VPCEndpoint:
Condition: S3VPCEndpointCondition
Description: S3 VPC Endpoint
Value:
Ref: S3VPCEndpoint
Export:
Name:
Fn::Sub: "${AWS::StackName}-S3VPCEndpoint"
PrivateSubnet1ARouteTable:
Condition: PrivateSubnetsCondition
Value:
Ref: PrivateSubnet1ARouteTable
Description: Private subnet 1A route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet1ARouteTable"
PrivateSubnet1BRouteTable:
Condition: AdditionalPrivateSubnetsCondition
Value:
Ref: PrivateSubnet1BRouteTable
Description: Private subnet 1B route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet1BRouteTable"
PrivateSubnet2ARouteTable:
Condition: PrivateSubnetsCondition
Value:
Ref: PrivateSubnet2ARouteTable
Description: Private subnet 2A route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet2ARouteTable"
PrivateSubnet2BRouteTable:
Condition: AdditionalPrivateSubnetsCondition
Value:
Ref: PrivateSubnet2BRouteTable
Description: Private subnet 2B route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet2BRouteTable"
PrivateSubnet3ARouteTable:
Condition: PrivateSubnets&3AZCondition
Value:
Ref: PrivateSubnet3ARouteTable
Description: Private subnet 3A route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet3ARouteTable"
PrivateSubnet3BRouteTable:
Condition: AdditionalPrivateSubnets&3AZCondition
Value:
Ref: PrivateSubnet3BRouteTable
Description: Private subnet 3B route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet3BRouteTable"
PrivateSubnet4ARouteTable:
Condition: PrivateSubnets&4AZCondition
Value:
Ref: PrivateSubnet4ARouteTable
Description: Private subnet 4A route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet4ARouteTable"
PrivateSubnet4BRouteTable:
Condition: AdditionalPrivateSubnets&4AZCondition
Value:
Ref: PrivateSubnet4BRouteTable
Description: Private subnet 4B route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PrivateSubnet4BRouteTable"
PublicSubnetRouteTable:
Value:
Ref: PublicSubnetRouteTable
Description: Public subnet route table
Export:
Name:
Fn::Sub: "${AWS::StackName}-PublicSubnetRouteTable"
VPCCIDR:
Value:
Ref: VPCCIDR
Description: VPC CIDR
Export:
Name:
Fn::Sub: "${AWS::StackName}-VPCCIDR"
VPCID:
Value:
Ref: VPC
Description: VPC ID
Export:
Name:
Fn::Sub: "${AWS::StackName}-VPCID"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment