AWS VPC using two or three availability zones with public and private subnets, VPC endpoints for DynamoDB and S3, Flow Logs, and NAT gateways.
Install Node.js and npm first!
npm i @cfn-modules/vpc
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Vpc:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
AlertingModule: '' # optional
ClassB: 0 # optional
NumberOfAvailabilityZones: 3 # optional
S3Endpoint: true # optional
DynamoDBEndpoint: true # optional
FlowLog: 'reject-only' # optional
FlowLogRetentionInDays: 14 # optional
NatGateways: true # optional
TemplateURL: './node_modules/@cfn-modules/vpc/module.yml'
- asg-singleton-ssm
- ec2-ebs
- ec2-efs
- ec2-mysql
- ec2-postgres
- ec2-ssh-bastion
- ec2-ssm
- fargate-alb-proxy-pattern
- fargate-alb-single-container
none
You might want to use this module without embedding it as a nested stack because you want to share the VPC stack with many other CloudFormation stacks.
npm i @cfn-modules/vpc
aws cloudformation package --template-file ./node_modules/@cfn-modules/vpc/module.yml --s3-bucket $BucketName --output-template-file packaged.yml
aws cloudformation deploy --template-file packaged.yml --stack-name vpc --capabilities CAPABILITY_IAM
Once the stack is created, you can use the stack name (in this case vpc) as the value for the VpcModule parameter in other cfn-modules. If this template has been embedded in a parent template where the default have been overridden, it is important to re-export the outputs of the stack so they can be used in oher stand-alone stacks:
StackName:
Value: !GetAtt Vpc.Outputs.StackName
Export:
Name: !Sub '${AWS::StackName}'
This will mean you can refer to the VpcModule in other configurations.
| Name | Description | Default | Required? | Allowed values |
|---|---|---|---|---|
| AlertingModule | Stack name of alerting module | false | ||
| ClassB | Class B of VPC (10.XXX.0.0/16) | 0 | no | [0-255] |
| NumberOfAvailabilityZones | How many availability zones should be used? | 3 | no | [2-3] |
| S3Endpoint | Add S3 endpoint to VPC? | true | no | [true, false] |
| DynamoDBEndpoint | Add DynamoDB endpoint to VPC? | true | no | [true, false] |
| FlowLog | Enable VPC Flow Logs? | reject-only | no | [true, reject-only, false] |
| FlowLogRetentionInDays | Specifies the number of days you want to retain log events | 14 | no | [1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653] |
| NatGateways | Add Nat Gateway per private Subnet? | true | no | [true, false] |