Skip to content

Instantly share code, notes, and snippets.

@rgarcia

rgarcia/vpc.json

Created February 5, 2016 01:10
Show Gist options
  • Save rgarcia/e95ba42bd38af466ab1d to your computer and use it in GitHub Desktop.
Save rgarcia/e95ba42bd38af466ab1d to your computer and use it in GitHub Desktop.
Download ZIP
VPC
Raw
vpc.json
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "VPC with two public subnets and two private subnets in different AZs, and a NAT to enable instances in private subnets to access the internet",
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the bastion host",
"Type" : "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings" : {
"AWSNATAMI" : {
"us-west-2": { "AMI" : "ami-77a4b816" }
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "172.40.0.0/16",
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1" }
]
}
},
"PublicSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "172.40.0.0/24",
"AvailabilityZone" : { "Fn::Select" : ["0", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-public-subnet-1" }
]
}
},
"PrivateSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "172.40.1.0/24",
"AvailabilityZone" : { "Fn::Select" : ["0", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-private-subnet-1" }
]
}
},
"PublicSubnet2" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "172.40.2.0/24",
"AvailabilityZone" : { "Fn::Select" : ["1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-public-subnet-2" }
]
}
},
"PrivateSubnet2" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "172.40.3.0/24",
"AvailabilityZone" : { "Fn::Select" : ["1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-private-subnet-2" }
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-igw" }
]
}
},
"GatewayToInternet" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"InternetGatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-public-route-table"}
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicSubnet1PublicRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PublicSubnet1" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnet1PublicRouteTableAssociation2" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PublicSubnet2" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PrivateRouteTable1" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-private-route-table-1" }
]
}
},
"PrivateRouteTable2" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "VPC"},
"Tags" : [
{"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
{"Key" : "Name", "Value" : "vpc-1-private-route-table-2" }
]
}
},
"PrivateSubnetRouteTableAssociation1" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PrivateSubnet1" },
"RouteTableId" : { "Ref" : "PrivateRouteTable1" }
}
},
"PrivateSubnetRouteTableAssociation2" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PrivateSubnet2" },
"RouteTableId" : { "Ref" : "PrivateRouteTable2" }
}
},
"PrivateRoute1" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "PrivateRouteTable1" },
"DestinationCidrBlock" : "0.0.0.0/0",
"InstanceId" : { "Ref" : "NATDevice1" }
}
},
"PrivateRoute2" : {
"Type" : "AWS::EC2::Route",
"Properties" : {
"RouteTableId" : { "Ref" : "PrivateRouteTable2" },
"DestinationCidrBlock" : "0.0.0.0/0",
"InstanceId" : { "Ref" : "NATDevice2" }
}
},
"NATIPAddress1" : {
"Type" : "AWS::EC2::EIP",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"Domain" : "vpc",
"InstanceId" : { "Ref" : "NATDevice1" }
}
},
"NATIPAddress2" : {
"Type" : "AWS::EC2::EIP",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"Domain" : "vpc",
"InstanceId" : { "Ref" : "NATDevice2" }
}
},
"NATDevice1" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : "t2.micro",
"KeyName" : { "Ref" : "KeyName" },
"SubnetId" : { "Ref" : "PublicSubnet1" },
"SourceDestCheck" : "false",
"ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]},
"SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }],
"Tags" : [ {"Key" : "Name", "Value" : "NAT Device"} ]
}
},
"NATDevice2" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : "t2.micro",
"KeyName" : { "Ref" : "KeyName" },
"SubnetId" : { "Ref" : "PublicSubnet2" },
"SourceDestCheck" : "false",
"ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]},
"SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }],
"Tags" : [ {"Key" : "Name", "Value" : "NAT Device"} ]
}
},
"NATSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable internal access to the NAT device. TODO: add port 22 rule?",
"VpcId" : { "Ref" : "VPC" },
"SecurityGroupIngress" : [
{ "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
{ "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0"}
],
"SecurityGroupEgress" : [
{ "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0"} ]
}
}
},
"Outputs" : {
"VpcId" : {
"Description": "VPC",
"Value": { "Ref" : "VPC" }
},
"PublicSubnets" : {
"Description" : "Public subnet",
"Value" : { "Fn::Join" : [",", [{ "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" }] ] }
},
"PrivateSubnets" : {
"Description" : "Private subnet",
"Value" : { "Fn::Join" : [",", [{ "Ref" : "PrivateSubnet1" }, { "Ref" : "PrivateSubnet2" }] ] }
},
"AZs" : {
"Description" : "Availability zones",
"Value" : { "Fn::Join" : [",", [ { "Fn::GetAtt" : ["PrivateSubnet1", "AvailabilityZone"] }, { "Fn::GetAtt" : ["PrivateSubnet2", "AvailabilityZone"] }]]}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment