Skip to content

Instantly share code, notes, and snippets.

@nz

nz/cfn.toml

Last active June 1, 2016 01:29
Show Gist options
  • Save nz/39b50ffa9408feaefd3032ed0bb9d73e to your computer and use it in GitHub Desktop.
Save nz/39b50ffa9408feaefd3032ed0bb9d73e to your computer and use it in GitHub Desktop.
Download ZIP
Because why not
Raw
cfn.toml
AWSTemplateFormatVersion = "2010-09-09"
Description = "AWS CloudFormation Sample Template vpc_multiple_subnets.template: Sample template showing how to create a VPC with multiple subnets. The first subnet is public and contains the load balancer, the second subnet is private and contains an EC2 instance behind the load balancer. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template."
[Mappings.AWSInstanceType2Arch.c1.medium]
Arch = "64"
[Mappings.AWSInstanceType2Arch.c1.xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m1.large]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m1.medium]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m1.small]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m1.xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m2.2xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m2.4xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m2.xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m3.2xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.m3.xlarge]
Arch = "64"
[Mappings.AWSInstanceType2Arch.t1.micro]
Arch = "64"
[Mappings.AWSRegionArch2AMI.ap-northeast-1]
32 = "ami-7871c579"
64 = "ami-7671c577"
[Mappings.AWSRegionArch2AMI.ap-southeast-1]
32 = "ami-425a2010"
64 = "ami-5e5a200c"
[Mappings.AWSRegionArch2AMI.ap-southeast-2]
32 = "ami-f98512c3"
64 = "ami-43851279"
[Mappings.AWSRegionArch2AMI.eu-west-1]
32 = "ami-018bb975"
64 = "ami-998bb9ed"
[Mappings.AWSRegionArch2AMI.sa-east-1]
32 = "ami-a039e6bd"
64 = "ami-a239e6bf"
[Mappings.AWSRegionArch2AMI.us-east-1]
32 = "ami-aba768c2"
64 = "ami-81a768e8"
[Mappings.AWSRegionArch2AMI.us-west-1]
32 = "ami-458fd300"
64 = "ami-b18ed2f4"
[Mappings.AWSRegionArch2AMI.us-west-2]
32 = "ami-fcff72cc"
64 = "ami-feff72ce"
[Outputs.URL]
Description = "URL of the website"
[Outputs.URL.Value]
Fn::Join = ["",["http://",{"Fn::GetAtt":["ElasticLoadBalancer","DNSName"]}]]
[Parameters.InstanceCount]
Default = "1"
Description = "Number of EC2 instances to launch"
Type = "Number"
[Parameters.InstanceType]
AllowedValues = ["t1.micro","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","m3.xlarge","m3.2xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"]
ConstraintDescription = "must be a valid EC2 instance type."
Default = "m1.small"
Description = "WebServer EC2 instance type"
Type = "String"
[Resources.AttachGateway]
Type = "AWS::EC2::VPCGatewayAttachment"
[Resources.AttachGateway.Properties.InternetGatewayId]
Ref = "InternetGateway"
[Resources.AttachGateway.Properties.VpcId]
Ref = "VPC"
[Resources.ElasticLoadBalancer]
Type = "AWS::ElasticLoadBalancing::LoadBalancer"
[Resources.ElasticLoadBalancer.Properties]
Listeners = [{"LoadBalancerPort":"80","InstancePort":"80","Protocol":"HTTP"}]
SecurityGroups = [{"Ref":"LoadBalancerSecurityGroup"}]
Subnets = [{"Ref":"PublicSubnet"}]
[Resources.ElasticLoadBalancer.Properties.HealthCheck]
HealthyThreshold = "3"
Interval = "90"
Target = "HTTP:80/"
Timeout = "60"
UnhealthyThreshold = "5"
[Resources.InboundDynamicPortsPublicNetworkAclEntry]
Type = "AWS::EC2::NetworkAclEntry"
[Resources.InboundDynamicPortsPublicNetworkAclEntry.Properties]
CidrBlock = "0.0.0.0/0"
Egress = "false"
Protocol = "6"
RuleAction = "allow"
RuleNumber = "101"
[Resources.InboundDynamicPortsPublicNetworkAclEntry.Properties.NetworkAclId]
Ref = "PublicNetworkAcl"
[Resources.InboundDynamicPortsPublicNetworkAclEntry.Properties.PortRange]
From = "1024"
To = "65535"
[Resources.InboundHTTPPublicNetworkAclEntry]
Type = "AWS::EC2::NetworkAclEntry"
[Resources.InboundHTTPPublicNetworkAclEntry.Properties]
CidrBlock = "0.0.0.0/0"
Egress = "false"
Protocol = "6"
RuleAction = "allow"
RuleNumber = "100"
[Resources.InboundHTTPPublicNetworkAclEntry.Properties.NetworkAclId]
Ref = "PublicNetworkAcl"
[Resources.InboundHTTPPublicNetworkAclEntry.Properties.PortRange]
From = "80"
To = "80"
[Resources.InboundPrivateNetworkAclEntry]
Type = "AWS::EC2::NetworkAclEntry"
[Resources.InboundPrivateNetworkAclEntry.Properties]
CidrBlock = "0.0.0.0/0"
Egress = "false"
Protocol = "6"
RuleAction = "allow"
RuleNumber = "100"
[Resources.InboundPrivateNetworkAclEntry.Properties.NetworkAclId]
Ref = "PrivateNetworkAcl"
[Resources.InboundPrivateNetworkAclEntry.Properties.PortRange]
From = "0"
To = "65535"
[Resources.InstanceSecurityGroup]
Type = "AWS::EC2::SecurityGroup"
[Resources.InstanceSecurityGroup.Properties]
GroupDescription = "Enable HTTP access on the configured port"
SecurityGroupIngress = [{"IpProtocol":"tcp","FromPort":"80","ToPort":"80","SourceSecurityGroupId":{"Ref":"LoadBalancerSecurityGroup"}}]
[Resources.InstanceSecurityGroup.Properties.VpcId]
Ref = "VPC"
[Resources.InternetGateway]
Type = "AWS::EC2::InternetGateway"
[Resources.InternetGateway.Properties]
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Public"}]
[Resources.LaunchConfig]
Type = "AWS::AutoScaling::LaunchConfiguration"
[Resources.LaunchConfig.Properties]
SecurityGroups = [{"Ref":"InstanceSecurityGroup"}]
[Resources.LaunchConfig.Properties.ImageId]
Fn::FindInMap = ["AWSRegionArch2AMI",{"Ref":"AWS::Region"},{"Fn::FindInMap":["AWSInstanceType2Arch",{"Ref":"InstanceType"},"Arch"]}]
[Resources.LaunchConfig.Properties.InstanceType]
Ref = "InstanceType"
[Resources.LaunchConfig.Properties.UserData]
Fn::Base64 = "80"
[Resources.LoadBalancerSecurityGroup]
Type = "AWS::EC2::SecurityGroup"
[Resources.LoadBalancerSecurityGroup.Properties]
GroupDescription = "Enable HTTP access on port 80"
SecurityGroupEgress = [{"IpProtocol":"tcp","FromPort":"80","ToPort":"80","CidrIp":"0.0.0.0/0"}]
SecurityGroupIngress = [{"IpProtocol":"tcp","FromPort":"80","ToPort":"80","CidrIp":"0.0.0.0/0"}]
[Resources.LoadBalancerSecurityGroup.Properties.VpcId]
Ref = "VPC"
[Resources.OutBoundDynamicPortPublicNetworkAclEntry]
Type = "AWS::EC2::NetworkAclEntry"
[Resources.OutBoundDynamicPortPublicNetworkAclEntry.Properties]
CidrBlock = "0.0.0.0/0"
Egress = "true"
Protocol = "6"
RuleAction = "allow"
RuleNumber = "101"
[Resources.OutBoundDynamicPortPublicNetworkAclEntry.Properties.NetworkAclId]
Ref = "PublicNetworkAcl"
[Resources.OutBoundDynamicPortPublicNetworkAclEntry.Properties.PortRange]
From = "1024"
To = "65535"
[Resources.OutBoundPrivateNetworkAclEntry]
Type = "AWS::EC2::NetworkAclEntry"
[Resources.OutBoundPrivateNetworkAclEntry.Properties]
CidrBlock = "0.0.0.0/0"
Egress = "true"
Protocol = "6"
RuleAction = "allow"
RuleNumber = "100"
[Resources.OutBoundPrivateNetworkAclEntry.Properties.NetworkAclId]
Ref = "PrivateNetworkAcl"
[Resources.OutBoundPrivateNetworkAclEntry.Properties.PortRange]
From = "0"
To = "65535"
[Resources.OutboundHTTPPublicNetworkAclEntry]
Type = "AWS::EC2::NetworkAclEntry"
[Resources.OutboundHTTPPublicNetworkAclEntry.Properties]
CidrBlock = "0.0.0.0/0"
Egress = "true"
Protocol = "6"
RuleAction = "allow"
RuleNumber = "100"
[Resources.OutboundHTTPPublicNetworkAclEntry.Properties.NetworkAclId]
Ref = "PublicNetworkAcl"
[Resources.OutboundHTTPPublicNetworkAclEntry.Properties.PortRange]
From = "80"
To = "80"
[Resources.PrivateNetworkAcl]
Type = "AWS::EC2::NetworkAcl"
[Resources.PrivateNetworkAcl.Properties]
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Private"}]
[Resources.PrivateNetworkAcl.Properties.VpcId]
Ref = "VPC"
[Resources.PrivateRouteTable]
Type = "AWS::EC2::RouteTable"
[Resources.PrivateRouteTable.Properties]
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Private"}]
[Resources.PrivateRouteTable.Properties.VpcId]
Ref = "VPC"
[Resources.PrivateSubnet]
Type = "AWS::EC2::Subnet"
[Resources.PrivateSubnet.Properties]
CidrBlock = "10.0.1.0/24"
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Private"}]
[Resources.PrivateSubnet.Properties.VpcId]
Ref = "VPC"
[Resources.PrivateSubnetNetworkAclAssociation]
Type = "AWS::EC2::SubnetNetworkAclAssociation"
[Resources.PrivateSubnetNetworkAclAssociation.Properties.NetworkAclId]
Ref = "PrivateNetworkAcl"
[Resources.PrivateSubnetNetworkAclAssociation.Properties.SubnetId]
Ref = "PrivateSubnet"
[Resources.PrivateSubnetRouteTableAssociation]
Type = "AWS::EC2::SubnetRouteTableAssociation"
[Resources.PrivateSubnetRouteTableAssociation.Properties.RouteTableId]
Ref = "PrivateRouteTable"
[Resources.PrivateSubnetRouteTableAssociation.Properties.SubnetId]
Ref = "PrivateSubnet"
[Resources.PublicNetworkAcl]
Type = "AWS::EC2::NetworkAcl"
[Resources.PublicNetworkAcl.Properties]
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Public"}]
[Resources.PublicNetworkAcl.Properties.VpcId]
Ref = "VPC"
[Resources.PublicRoute]
DependsOn = "AttachGateway"
Type = "AWS::EC2::Route"
[Resources.PublicRoute.Properties]
DestinationCidrBlock = "0.0.0.0/0"
[Resources.PublicRoute.Properties.GatewayId]
Ref = "InternetGateway"
[Resources.PublicRoute.Properties.RouteTableId]
Ref = "PublicRouteTable"
[Resources.PublicRouteTable]
Type = "AWS::EC2::RouteTable"
[Resources.PublicRouteTable.Properties]
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Public"}]
[Resources.PublicRouteTable.Properties.VpcId]
Ref = "VPC"
[Resources.PublicSubnet]
Type = "AWS::EC2::Subnet"
[Resources.PublicSubnet.Properties]
CidrBlock = "10.0.0.0/24"
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Public"}]
[Resources.PublicSubnet.Properties.VpcId]
Ref = "VPC"
[Resources.PublicSubnetNetworkAclAssociation]
Type = "AWS::EC2::SubnetNetworkAclAssociation"
[Resources.PublicSubnetNetworkAclAssociation.Properties.NetworkAclId]
Ref = "PublicNetworkAcl"
[Resources.PublicSubnetNetworkAclAssociation.Properties.SubnetId]
Ref = "PublicSubnet"
[Resources.PublicSubnetRouteTableAssociation]
Type = "AWS::EC2::SubnetRouteTableAssociation"
[Resources.PublicSubnetRouteTableAssociation.Properties.RouteTableId]
Ref = "PublicRouteTable"
[Resources.PublicSubnetRouteTableAssociation.Properties.SubnetId]
Ref = "PublicSubnet"
[Resources.VPC]
Type = "AWS::EC2::VPC"
[Resources.VPC.Properties]
CidrBlock = "10.0.0.0/16"
Tags = [{"Key":"Application","Value":{"Ref":"AWS::StackId"}},{"Key":"Network","Value":"Public"}]
[Resources.WebServerGroup]
Type = "AWS::AutoScaling::AutoScalingGroup"
[Resources.WebServerGroup.Properties]
AvailabilityZones = [{"Fn::GetAtt":["PrivateSubnet","AvailabilityZone"]}]
LoadBalancerNames = [{"Ref":"ElasticLoadBalancer"}]
MaxSize = "10"
MinSize = "1"
Tags = [{"Key":"Network","Value":"Public","PropagateAtLaunch":"true"}]
VPCZoneIdentifier = [{"Ref":"PrivateSubnet"}]
[Resources.WebServerGroup.Properties.DesiredCapacity]
Ref = "InstanceCount"
[Resources.WebServerGroup.Properties.LaunchConfigurationName]
Ref = "LaunchConfig"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment