/
template.yml
247 lines (223 loc) · 7.96 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
## =================== VERSION =================== #
AWSTemplateFormatVersion: 2010-09-09
## =================== DESCRIPTION =================== #
Description: >-
AWS CloudFormation sample template.
Create a custom VPC with a pair of public and private subnets spread across two AZs
## =================== PARAMETERS =================== #
Parameters:
paramVpcCIDR:
Description: Enter the IP range (CIDR notation) for VPC
Type: String
Default: 10.192.0.0/16
paramPublicSubnet1CIDR:
Description: Enter the IP range (CIDR notation) for the public subnet in AZ A
Type: String
Default: 10.192.10.0/24
paramPublicSubnet2CIDR:
Description: Enter the IP range (CIDR notation) for the public subnet in AZ B
Type: String
Default: 10.192.11.0/24
paramPrivateSubnet1CIDR:
Description: Enter the IP range (CIDR notation) for the private subnet in AZ A
Type: String
Default: 10.192.20.0/24
paramPrivateSubnet2CIDR:
Description: Enter the IP range (CIDR notation) for the private subnet in AZ B
Type: String
Default: 10.192.21.0/24
paramUniqueName:
Description: Give a unique name for "CloudFormationLab" tag value
Type: String
Default: CodeFormation Practise
## =================== RESOURCES =================== #
Resources:
# ---------------- Step 1 ----------------
# a) Create a VPC
myVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref paramVpcCIDR
EnableDnsSupport: true # let instances in the VPC get DNS hostnames
EnableDnsHostnames: true # allow DNS resolution
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# b) Create a Internet Gateway
myInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# c) Attach the Internet Gateway to the VPC
myVPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref myVPC
InternetGatewayId: !Ref myInternetGateway
# ---------------- Step 2 ----------------
# a) Create a public route table for the VPC (will be public once it is associated with the Internet Gateway)
myPublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref myVPC
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# b) Associate the public route table with the Internet Gateway
myPublicRoute:
Type: AWS::EC2::Route
DependsOn: myVPCGatewayAttachment
Properties:
RouteTableId: !Ref myPublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref myInternetGateway
# c) Create a public subnet in AZ 1 (will be public once it is associated with public route table)
myPublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref myVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ] # AZ 1
CidrBlock: !Ref paramPublicSubnet1CIDR
MapPublicIpOnLaunch: true # allow instances launched in this subnet receive a public IPv4 address
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# Create a public subnet in AZ 2 (will be public once it is associated with public route table)
myPublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref myVPC
AvailabilityZone: !Select [ 1, !GetAZs '' ] # AZ 2
CidrBlock: !Ref paramPublicSubnet2CIDR
MapPublicIpOnLaunch: true # allow instances launched in this subnet receive a public IPv4 address
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# d) Associate the public route table with the public subnet in AZ 1
myPublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref myPublicRouteTable
SubnetId: !Ref myPublicSubnet1
# Associate the public route table with the public subnet in AZ 2
myPublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref myPublicRouteTable
SubnetId: !Ref myPublicSubnet2
# ---------------- Step 3 ----------------
# a) Specify an Elastic IP (EIP) address for a NAT Gateway in AZ 1
myEIPforNatGateway1:
Type: AWS::EC2::EIP
DependsOn: myVPCGatewayAttachment
Properties:
Domain: vpc # if the region supports EC2-Classic, the default is "standard", otherwise - "vpc"
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# Specify an Elastic IP (EIP) address for a NAT Gateway in AZ 2
myEIPforNatGateway2:
Type: AWS::EC2::EIP
DependsOn: myVPCGatewayAttachment
Properties:
Domain: vpc # if the region supports EC2-Classic, the default is "standard", otherwise - "vpc"
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# b) Create a NAT Gateway in the public subnet for AZ 1
myNatGateway1:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt myEIPforNatGateway1.AllocationId
SubnetId: !Ref myPublicSubnet1
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# Create a NAT Gateway in the public subnet for AZ 2
myNatGateway2:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt myEIPforNatGateway2.AllocationId
SubnetId: !Ref myPublicSubnet2
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# c) Create a private route table for AZ 1
myPrivateRouteTable1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref myVPC
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# Create a private route table for AZ 2
myPrivateRouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref myVPC
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# d) Associate the private route table with the Nat Gateway in AZ 1
myPrivateRouteForAz1:
Type: AWS::EC2::Route
DependsOn: myVPCGatewayAttachment
Properties:
RouteTableId: !Ref myPrivateRouteTable1
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref myNatGateway1
# Associate the private route table with the Nat Gateway in AZ 2
myPrivateRouteForAz2:
Type: AWS::EC2::Route
DependsOn: myVPCGatewayAttachment
Properties:
RouteTableId: !Ref myPrivateRouteTable2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref myNatGateway2
# e) Create a private subnet in AZ 1
myPrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref myVPC
AvailabilityZone: !Select [ 0, !GetAZs '' ] # AZ 1
CidrBlock: !Ref paramPrivateSubnet1CIDR
MapPublicIpOnLaunch: false # private subnet doesn't need public IP
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# Create a private subnet in AZ 2
myPrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref myVPC
AvailabilityZone: !Select [ 1, !GetAZs '' ] # AZ 2
CidrBlock: !Ref paramPrivateSubnet2CIDR
MapPublicIpOnLaunch: false # private subnet doesn't need public IP
Tags:
- Key: MasteringCF
Value: !Ref paramUniqueName
# f) Associate the private route table with the private subnet in AZ 1
myPrivateSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref myPrivateRouteTable1
SubnetId: !Ref myPrivateSubnet1
# Associate the private route table with the private subnet in AZ 2
myPrivateSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref myPrivateRouteTable2
SubnetId: !Ref myPrivateSubnet2
## =================== OUTPUTS =================== #
Outputs:
outputVPC:
Description: A reference to the created VPC
Value: !Ref myVPC
outputPublicSubnets:
Description: A list of the public subnets
Value: !Join [ ",", [ !Ref myPublicSubnet1, !Ref myPublicSubnet2 ]]
outputPrivateSubnets:
Description: A list of the private subnets
Value: !Join [ ",", [ !Ref myPrivateSubnet1, !Ref myPrivateSubnet2 ]]