-
Notifications
You must be signed in to change notification settings - Fork 0
/
AWSVPCfor DDVE.yml
173 lines (139 loc) · 5.24 KB
/
AWSVPCfor DDVE.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#### This Template will deploy the following
#### Deploy:
#### - VPC in Region EU-West-1
#### - 2 X Private Subnets and 2 X Public Subnets - One each across two AZ's
#### - create 2 Routing tables for both private and public Subnets
#### - spin up an Integnet gateway to allow traffic exit the VPC form the Public Subnets
#### - Create an S3 bucket as a target DDVE Datastore, allowing user input to add a unique S3 bucket name. The bucket will be deployed in the region where the CF template was executed
#### - Output of Template will generate S3 bucket name... Note.... this must be globally unique so chosse wisely or else the script will fail.
Parameters:
BucketName:
Type: String
Resources:
PubPrivateVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 10.100.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: Dell-Demo-APEX-VPC
PublicSubnet1:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PubPrivateVPC
AvailabilityZone: eu-west-1a
CidrBlock: 10.100.100.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: APEX-Public-AZ1-100
PublicSubnet2:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PubPrivateVPC
AvailabilityZone: eu-west-1b
CidrBlock: 10.100.110.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: APEX-Public-AZ2-110
PrivateSubnet1:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PubPrivateVPC
AvailabilityZone: eu-west-1a
CidrBlock: 10.100.200.0/24
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: APEX-Private-AZ1-200
PrivateSubnet2:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PubPrivateVPC
AvailabilityZone: eu-west-1b
CidrBlock: 10.100.210.0/24
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: APEX-Private-AZ2-210
InternetGateway:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
- Key: Name
Value: Dublin-VPC-IGW
- Key: Network
Value: Public
GatewayToInternet:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
VpcId: !Ref PubPrivateVPC
InternetGatewayId: !Ref InternetGateway
#### Add Public Routes and associate to public subnets
PublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref PubPrivateVPC
Tags:
- Key: Network
Value: Public
- Key: Name
Value: APEX-Public-Route
PublicRoute:
Type: 'AWS::EC2::Route'
DependsOn: GatewayToInternet
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnet1RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
PublicSubnet2RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable
#### Add Private Route and associate to private subnets
PrivateRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref PubPrivateVPC
Tags:
- Key: Network
Value: Private
- Key: Name
Value: APEX-Private-Route
PrivateSubnet1RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PrivateSubnet2
RouteTableId: !Ref PrivateRouteTable
PrivateSubnet2RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PrivateSubnet1
RouteTableId: !Ref PrivateRouteTable
##### Create S3 Endpoint and attach to VPC
S3VPCENDPOINT:
Type: AWS::EC2::VPCEndpoint
Properties:
RouteTableIds:
- !Ref PrivateRouteTable
VpcEndpointType: Gateway
ServiceName: !Sub com.amazonaws.eu-west-1.s3
VpcId: !Ref PubPrivateVPC
####### Create S3 Bucket, with user input to ensure unique bucket name is chosen
APEXS3BUCKET:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Ref BucketName
Outputs:
S3Bucket:
Description: Bucket Created using this template.
Value: !Ref APEXS3BUCKET