Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: https://github.com/boltopspro/vpc/blob/master/README.md The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at contact@boltops.com or https://www.boltops.com

VPC Blueprint

Watch the video

CodeBuild

BoltOps Badge

This blueprint provisions a highly available VPC based on the Standardized Architecture for PCI DSS.

  • By default, it's configured to provision Subnets across 3 Availability Zones. This can easily change to less or more AZs.
  • In each AZ, it provisions a public subnet, private app subnet, and private data subnet. This can also easily be changed.

Prerequisite

Usage

  1. Add blueprint to your Gemfile
  2. Configure configs/vpc values
  3. Deploy blueprint

Add

Add the blueprint to your lono project's Gemfile.

gem "vpc", git: "git@github.com:boltopspro/vpc.git"

Configure

Configure the configs/vpc/params and configs/vpc/variables files. We'll configure all 3 vpc blueprints:

LONO_ENV=development lono seed vpc
LONO_ENV=management  lono seed vpc
LONO_ENV=production  lono seed vpc

The generated files in configs/vpc folder look something like this:

configs/vpc/
├── params
│   ├── development.txt
│   ├── management.txt
│   └── production.txt
└── variables
    ├── development.rb
    ├── management.rb
    └── production.rb

So you have an idea of what they look like, here are the development ones:

configs/vpc/params/development.txt:

DomainName=development.local
VpcName=main-development

configs/vpc/variables/development.rb:

@vpc_cidr = "10.20.0.0/16"
@subnets = [
  {name: "PrivateApp1",  cidr: "10.20.0.0/19"},   # 8,192 hosts
  {name: "PrivateData1", cidr: "10.20.32.0/20"},  # 4,096 hosts
  {name: "Public1",      cidr: "10.20.48.0/20"},  # 4,096 hosts

  {name: "PrivateApp2",  cidr: "10.20.64.0/19"},  # 8,192 hosts
  {name: "PrivateData2", cidr: "10.20.96.0/20"},  # 4,096 hosts
  {name: "Public2",      cidr: "10.20.112.0/20"}, # 4,096 hosts

  {name: "PrivateApp3",  cidr: "10.20.128.0/19"}, # 8,192 hosts
  {name: "PrivateData3", cidr: "10.20.160.0/20"}, # 4,096 hosts
  {name: "Public3",      cidr: "10.20.176.0/20"}, # 4,096 hosts
]

Check on the values and change them for your needs for all 3 environments: development, production, and management. Each environment VPC has different CIDR ranges so we can peer them later.

Deploy

Let's deploy now with lono cfn deploy.

LONO_ENV=development lono cfn deploy vpc --sure --no-wait
LONO_ENV=management  lono cfn deploy vpc --sure --no-wait
LONO_ENV=production  lono cfn deploy vpc --sure --no-wait

And just like that we have 3 VPCs.

If you are using a Single AWS Account, use these commands instead: One Account.

IAM Permissions

The IAM permissions required for this stack are described below.

Service Description
cloudformation To launch the CloudFormation stack.
ec2 VPC components like Subnets, Route Tables, etc.
elasticache ElastiCache CacheSubnetGroup
iam IAM role to enable VPC Flow log.
rds RDS DBSubnetGroup
s3 Lono managed s3 bucket

Back to Reference Architecture

That's it. Go back to the main boltopspro/reference-architecture

About

Public documentation for boltopspro/vpc

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages