Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
134 lines (127 sloc) 3.94 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: "Firebox Cloud"
Parameters:
ParamStackName:
Type: String
Description: "Name used in resource tags and names"
ParamFireboxAMI:
Type: String
ParamInstanceType:
Type: String
Description: Allowed instance type for Firebox Cloud AMI.
ParamKeyName:
Type: String
Description: "EC2 Key Pair name for CLI Commands over SSH"
Resources:
FireboxPublicNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Firebox Public Network Interface
GroupSet:
- !ImportValue FireboxPublicSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue FireboxPublicSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: FireboxPublicEni
- Key: Stack
Value: !Ref ParamStackName
FireboxManagementNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Firebox Management Network Interface
GroupSet:
- !ImportValue FireboxManagementEniSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue FireboxManagementSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: FireboxManagementEni
- Key: Stack
Value: !Ref ParamStackName
FireboxWebServerNetworkInterface:
Type: "AWS::EC2::NetworkInterface"
Properties:
Description: Firebox Web Server Network Interface
GroupSet:
- !ImportValue FireboxWebServerEniSecurityGroup
- !ImportValue SSHAdminSecurityGroup
SubnetId: !ImportValue WebServerSubnet
SourceDestCheck: false
Tags:
- Key: Name
Value: FireboxWebServerEni
- Key: Stack
Value: !Ref ParamStackName
Firebox:
Type: "AWS::EC2::Instance"
Properties:
ImageId:
Ref: ParamFireboxAMI
InstanceType:
Ref: ParamInstanceType
NetworkInterfaces:
- NetworkInterfaceId:
Ref: FireboxPublicNetworkInterface
DeviceIndex: '0'
- NetworkInterfaceId:
Ref: FireboxManagementNetworkInterface
DeviceIndex: '1'
- NetworkInterfaceId:
Ref: FireboxWebServerNetworkInterface
DeviceIndex: '2'
KeyName: !Ref ParamKeyName
Tags:
- Key: Name
Value: FireboxCloud
- Key: Stack
Value: !Ref ParamStackName
#Route all traffic to the firebox
#that is destined for teh Interent
#from the web server subnet
FireboxNATRouteWeb:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: "0.0.0.0/0"
NetworkInterfaceId:
!Ref FireboxWebServerNetworkInterface
RouteTableId:
!ImportValue WebServerRouteTable
#Do not want to open to Interent but
#if turning on SSH for testing
#access to packet capture host will need this
FireboxNATRouteMgmt:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: "0.0.0.0/0"
NetworkInterfaceId:
!Ref FireboxManagementNetworkInterface
RouteTableId:
!ImportValue FireboxManagementRouteTable
Outputs:
FireboxManagementNetworkInterface:
Value: !Ref FireboxManagementNetworkInterface
Export:
Name: "FireboxManagementNetworkInterface"
FireboxPublicNetworkInterface:
Value: !Ref FireboxPublicNetworkInterface
Export:
Name: "FireboxPublicNetworkInterface"
FireboxWebServerNetworkInterface:
Value: !Ref FireboxWebServerNetworkInterface
Export:
Name: "FireboxWebServerNetworkInterface"
Firebox:
Value: !Ref Firebox
Export:
Name: "Firebox"
FireboxManagementPrivateIpAddress:
Value: !GetAtt FireboxManagementNetworkInterface.PrimaryPrivateIpAddress
Export:
Name: "FireboxPrimaryManagementIpAddress"
FireboxWebPrivateIpAddress:
Value: !GetAtt FireboxWebServerNetworkInterface.PrimaryPrivateIpAddress
Export:
Name: "FireboxPrimaryWebServerIpAddress"