rhysgodfrey · October 19, 2014 15:25
diff --git a/aws-quick-start-demo-vpc-setup.template b/aws-quick-start-demo-vpc-setup.template
 {
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "AWS Quick Start Demo - VPC, Security Group, S3 Bucket and IAM role setup.",

  "Parameters" : {
    
  },
  "Resources" : {

    "VPC" : {
      "Type" : "AWS::EC2::VPC",
      "Properties" : {
        "CidrBlock" : "10.99.0.0/16",
        "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "AWS Quick Start Demo VPC" } ]
      }
    },

    "SubnetA" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "CidrBlock" : "10.99.0.0/24",
        "AvailabilityZone" : "eu-west-1a",
        "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "Public Subnet A" } ]
      }
    },

    "SubnetB" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "CidrBlock" : "10.99.1.0/24",
        "AvailabilityZone" : "eu-west-1b",
        "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "Public Subnet B" } ]
      }
    },

    "SubnetC" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "CidrBlock" : "10.99.2.0/24",
        "AvailabilityZone" : "eu-west-1c",
        "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "Public Subnet C" } ]
      }
    },

    "InternetGateway" : {
      "Type" : "AWS::EC2::InternetGateway",
      "Properties" : {
        "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ]
      }
    },

    "AttachGateway" : {
       "Type" : "AWS::EC2::VPCGatewayAttachment",
       "Properties" : {
         "VpcId" : { "Ref" : "VPC" },
         "InternetGatewayId" : { "Ref" : "InternetGateway" }
       }
    },

    "RouteTable" : {
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
        "VpcId" : {"Ref" : "VPC"},
        "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ]
      }
    },

    "Route" : {
      "Type" : "AWS::EC2::Route",
      "DependsOn" : "AttachGateway",
      "Properties" : {
        "RouteTableId" : { "Ref" : "RouteTable" },
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : { "Ref" : "InternetGateway" }
      }
    },

    "SubnetARouteTableAssociation" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "SubnetA" },
        "RouteTableId" : { "Ref" : "RouteTable" }
      }
    },

    "SubnetBRouteTableAssociation" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "SubnetB" },
        "RouteTableId" : { "Ref" : "RouteTable" }
      }
    },

    "SubnetCRouteTableAssociation" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "SubnetC" },
        "RouteTableId" : { "Ref" : "RouteTable" }
      }
    },

    "SecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "GroupDescription" : "Security Group for the Demo App",
        "SecurityGroupIngress" : [
         ],
        "Tags" : [ { "Key" : "Name", "Value" : "demo-app-sg" } ]
      }
    },
    "S3Bucket" : {
      "Type" : "AWS::S3::Bucket",
      "Properties" : {
        "AccessControl" : "PublicRead"
      }
    },
    "S3BucketPolicy" : {
      "Type" : "AWS::S3::BucketPolicy",
      "Properties" : {
        "Bucket" : {"Ref" : "S3Bucket"},
        "PolicyDocument": {
          "Statement":[{
    	    "Action":["s3:GetObject"],
    	    "Effect":"Allow",
    	    "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ]]},
    	    "Principal":"*"
          }]
        }
      }
    },
    "DemoAppRole": {
       "Type": "AWS::IAM::Role",
       "Properties": {
          "AssumeRolePolicyDocument": {
             "Version" : "2012-10-17",
             "Statement": [ {
                "Effect": "Allow",
                "Principal": {
                   "Service": [ "ec2.amazonaws.com" ]
                },
                "Action": [ "sts:AssumeRole" ]
             } ]
          },
          "Path": "/"
       }
    },
    "DemoRolePolicies": {
       "Type": "AWS::IAM::Policy",
       "Properties": {
          "PolicyName": "root",
          "PolicyDocument": {
             "Version" : "2012-10-17",
             "Statement": [ {
                 "Effect":"Allow",
                 "Action":[
                    "s3:ListAllMyBuckets"
                 ],
                 "Resource":"arn:aws:s3:::*"
              },
              {
                 "Effect":"Allow",
                 "Action":[
                    "s3:ListBucket",
                    "s3:GetBucketLocation"
                 ],
                 "Resource":"arn:aws:s3:::rwg-aws-demo"
              },
              {
                 "Effect":"Allow",
                 "Action":[
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObject"
                 ],
                 "Resource":"arn:aws:s3:::rwg-aws-demo/*"
              } ]
          },
          "Roles": [ { "Ref": "DemoAppRole" } ]
       }
    },
    "DemoInstanceProfile": {
       "Type": "AWS::IAM::InstanceProfile",
       "Properties": {
          "Path": "/",
          "Roles": [ { "Ref": "DemoAppRole" } ]
       }
    }
  },

  "Outputs" : {
    "S3Bucket" : {
      "Value" : { "Ref": "S3Bucket" },
      "Description" : "Name of S3 bucket"
    },
    "SecurityGroup" : {
      "Value" : { "Ref": "SecurityGroup" },
      "Description" : "Name of Security Group"
    },
    "Role" : {
      "Value" : { "Ref": "DemoInstanceProfile" },
      "Description" : "Name of IAM Role"
    },
    "SubnetA" : {
      "Value" : { "Ref": "SubnetA" },
      "Description" : "ID of Subnet A"
    },
    "SubnetB" : {
      "Value" : { "Ref": "SubnetB" },
      "Description" : "ID of Subnet B"
    },
    "SubnetC" : {
      "Value" : { "Ref": "SubnetC" },
      "Description" : "ID of Subnet C"
    },
    "VPC" : {
      "Value" : { "Ref": "VPC" },
      "Description" : "ID of VPC"
    }
  }
 }
	{
	"AWSTemplateFormatVersion" : "2010-09-09",

	"Description" : "AWS Quick Start Demo - VPC, Security Group, S3 Bucket and IAM role setup.",

	"Parameters" : {

	},
	"Resources" : {

	"VPC" : {
	"Type" : "AWS::EC2::VPC",
	"Properties" : {
	"CidrBlock" : "10.99.0.0/16",
	"Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "AWS Quick Start Demo VPC" } ]
	}
	},

	"SubnetA" : {
	"Type" : "AWS::EC2::Subnet",
	"Properties" : {
	"VpcId" : { "Ref" : "VPC" },
	"CidrBlock" : "10.99.0.0/24",
	"AvailabilityZone" : "eu-west-1a",
	"Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "Public Subnet A" } ]
	}
	},

	"SubnetB" : {
	"Type" : "AWS::EC2::Subnet",
	"Properties" : {
	"VpcId" : { "Ref" : "VPC" },
	"CidrBlock" : "10.99.1.0/24",
	"AvailabilityZone" : "eu-west-1b",
	"Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "Public Subnet B" } ]
	}
	},

	"SubnetC" : {
	"Type" : "AWS::EC2::Subnet",
	"Properties" : {
	"VpcId" : { "Ref" : "VPC" },
	"CidrBlock" : "10.99.2.0/24",
	"AvailabilityZone" : "eu-west-1c",
	"Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }, { "Key" : "Name", "Value" : "Public Subnet C" } ]
	}
	},

	"InternetGateway" : {
	"Type" : "AWS::EC2::InternetGateway",
	"Properties" : {
	"Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ]
	}
	},

	"AttachGateway" : {
	"Type" : "AWS::EC2::VPCGatewayAttachment",
	"Properties" : {
	"VpcId" : { "Ref" : "VPC" },
	"InternetGatewayId" : { "Ref" : "InternetGateway" }
	}
	},

	"RouteTable" : {
	"Type" : "AWS::EC2::RouteTable",
	"Properties" : {
	"VpcId" : {"Ref" : "VPC"},
	"Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ]
	}
	},

	"Route" : {
	"Type" : "AWS::EC2::Route",
	"DependsOn" : "AttachGateway",
	"Properties" : {
	"RouteTableId" : { "Ref" : "RouteTable" },
	"DestinationCidrBlock" : "0.0.0.0/0",
	"GatewayId" : { "Ref" : "InternetGateway" }
	}
	},

	"SubnetARouteTableAssociation" : {
	"Type" : "AWS::EC2::SubnetRouteTableAssociation",
	"Properties" : {
	"SubnetId" : { "Ref" : "SubnetA" },
	"RouteTableId" : { "Ref" : "RouteTable" }
	}
	},

	"SubnetBRouteTableAssociation" : {
	"Type" : "AWS::EC2::SubnetRouteTableAssociation",
	"Properties" : {
	"SubnetId" : { "Ref" : "SubnetB" },
	"RouteTableId" : { "Ref" : "RouteTable" }
	}
	},

	"SubnetCRouteTableAssociation" : {
	"Type" : "AWS::EC2::SubnetRouteTableAssociation",
	"Properties" : {
	"SubnetId" : { "Ref" : "SubnetC" },
	"RouteTableId" : { "Ref" : "RouteTable" }
	}
	},

	"SecurityGroup" : {
	"Type" : "AWS::EC2::SecurityGroup",
	"Properties" : {
	"VpcId" : { "Ref" : "VPC" },
	"GroupDescription" : "Security Group for the Demo App",
	"SecurityGroupIngress" : [
	],
	"Tags" : [ { "Key" : "Name", "Value" : "demo-app-sg" } ]
	}
	},
	"S3Bucket" : {
	"Type" : "AWS::S3::Bucket",
	"Properties" : {
	"AccessControl" : "PublicRead"
	}
	},
	"S3BucketPolicy" : {
	"Type" : "AWS::S3::BucketPolicy",
	"Properties" : {
	"Bucket" : {"Ref" : "S3Bucket"},
	"PolicyDocument": {
	"Statement":[{
	"Action":["s3:GetObject"],
	"Effect":"Allow",
	"Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ]]},
	"Principal":"*"
	}]
	}
	}
	},
	"DemoAppRole": {
	"Type": "AWS::IAM::Role",
	"Properties": {
	"AssumeRolePolicyDocument": {
	"Version" : "2012-10-17",
	"Statement": [ {
	"Effect": "Allow",
	"Principal": {
	"Service": [ "ec2.amazonaws.com" ]
	},
	"Action": [ "sts:AssumeRole" ]
	} ]
	},
	"Path": "/"
	}
	},
	"DemoRolePolicies": {
	"Type": "AWS::IAM::Policy",
	"Properties": {
	"PolicyName": "root",
	"PolicyDocument": {
	"Version" : "2012-10-17",
	"Statement": [ {
	"Effect":"Allow",
	"Action":[
	"s3:ListAllMyBuckets"
	],
	"Resource":"arn:aws:s3:::*"
	},
	{
	"Effect":"Allow",
	"Action":[
	"s3:ListBucket",
	"s3:GetBucketLocation"
	],
	"Resource":"arn:aws:s3:::rwg-aws-demo"
	},
	{
	"Effect":"Allow",
	"Action":[
	"s3:PutObject",
	"s3:GetObject",
	"s3:DeleteObject"
	],
	"Resource":"arn:aws:s3:::rwg-aws-demo/*"
	} ]
	},
	"Roles": [ { "Ref": "DemoAppRole" } ]
	}
	},
	"DemoInstanceProfile": {
	"Type": "AWS::IAM::InstanceProfile",
	"Properties": {
	"Path": "/",
	"Roles": [ { "Ref": "DemoAppRole" } ]
	}
	}
	},

	"Outputs" : {
	"S3Bucket" : {
	"Value" : { "Ref": "S3Bucket" },
	"Description" : "Name of S3 bucket"
	},
	"SecurityGroup" : {
	"Value" : { "Ref": "SecurityGroup" },
	"Description" : "Name of Security Group"
	},
	"Role" : {
	"Value" : { "Ref": "DemoInstanceProfile" },
	"Description" : "Name of IAM Role"
	},
	"SubnetA" : {
	"Value" : { "Ref": "SubnetA" },
	"Description" : "ID of Subnet A"
	},
	"SubnetB" : {
	"Value" : { "Ref": "SubnetB" },
	"Description" : "ID of Subnet B"
	},
	"SubnetC" : {
	"Value" : { "Ref": "SubnetC" },
	"Description" : "ID of Subnet C"
	},
	"VPC" : {
	"Value" : { "Ref": "VPC" },
	"Description" : "ID of VPC"
	}
	}
	}