Created
May 17, 2021 14:44
-
-
Save aLucaz/2d1cb934a02cad9825a58ab22c7df92b to your computer and use it in GitHub Desktop.
Revisions
-
aLucaz created this gist
May 17, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,389 @@ Description: Goal -> create a VPC with -> 1 public subnet -> 1 private subnet -> create an Internet Gateway -> create a Nat Gateway -> create public instance as bastion -> create private instance -> create a load balancer -> add autoscaling support Parameters: VpcCidr: Type: String Default: 10.0.0.0/16 PublicSubnetACidr: Type: String Default: 10.0.1.0/24 PublicSubnetBCidr: Type: String Default: 10.0.2.0/24 PrivateSubnetACidr: Type: String Default: 10.0.11.0/24 PrivateSubnetBCidr: Type: String Default: 10.0.12.0/24 BastionKeyPairName: Type: AWS::EC2::KeyPair::KeyName Default: poc-cf-keypair PublicInstanceType: AllowedValues: - t2.micro - t2.small Default: t2.micro Type: String PublicSubnetAAZ: AllowedValues: - us-west-1a Default: us-west-1a Type: String PublicSubnetBAZ: AllowedValues: - us-west-1b Default: us-west-1b Type: String PrivateInstanceType: AllowedValues: - t2.micro - t2.small Default: t2.micro Type: String PrivateSubnetAAZ: AllowedValues: - us-west-1a Default: us-west-1a Type: String PrivateSubnetBAZ: AllowedValues: - us-west-1b Default: us-west-1b Type: String Mappings: RegionMap: us-west-1: HVM64: ami-0d382e80be7ffdae5 Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCidr EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: poc-cf-vpc PublicSubnetA: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Ref PublicSubnetAAZ CidrBlock: !Ref PublicSubnetACidr MapPublicIpOnLaunch: True Tags: - Key: Name Value: poc-cf-public-subnet-a PublicSubnetB: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Ref PublicSubnetBAZ CidrBlock: !Ref PublicSubnetBCidr MapPublicIpOnLaunch: True Tags: - Key: Name Value: poc-cf-public-subnet-b PrivateSubnetA: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Ref PrivateSubnetAAZ CidrBlock: !Ref PrivateSubnetACidr Tags: - Key: Name Value: poc-cf-private-subnet-a PrivateSubnetB: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Ref PrivateSubnetBAZ CidrBlock: !Ref PrivateSubnetBCidr Tags: - Key: Name Value: poc-cf-private-subnet-b # Connecting VPC to internet InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: ig-vpc InternetGatewayAttachement: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC # Creating VPC route table with an entry to route Internet traffic to the Internet Gateway PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Public routes DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachement Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway # Creating public subnet A & B route table association PublicSubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnetA PublicSubnetBRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnetB # Now we neer Nat Gateway Associations to our private subnet NatGatewayAIP: Type: AWS::EC2::EIP DependsOn: InternetGatewayAttachement Properties: Domain: vpc NatGatewayA: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt NatGatewayAIP.AllocationId SubnetId: !Ref PublicSubnetA # Creating a private subnet A & B route table association, to this we need a Nat Gateway PrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private routes DefaultPrivateRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NatGatewayA PrivateSubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PrivateRouteTable SubnetId: !Ref PrivateSubnetA PrivateSubnetBRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PrivateRouteTable SubnetId: !Ref PrivateSubnetB # Creating a EC2 instance and SG as Bastion in public subnet BastionSG: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VPC GroupDescription: we use this instance as ssh bastion SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 Tags: - Key: Name Value: poc-cf-bastion-sg BastionInstance: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap - RegionMap - !Ref AWS::Region - HVM64 InstanceType: !Ref PublicInstanceType KeyName: !Ref BastionKeyPairName SubnetId: !Ref PublicSubnetA SecurityGroupIds: - !Ref BastionSG Tags: - Key: Name Value: poc-cf-bastion-instance # Note: At this point i had to create a New Key Pair on AWS Console! named poc-cf-keypair # Creating a EC2 instance and DG as Private PrivateSG: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VPC GroupDescription: this is our private instance SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 SourceSecurityGroupId: !Ref BastionSG Tags: - Key: Name Value: poc-cf-private-dg # Creating Amazon Auto Scaling configuration LauchConfig: Type: AWS::AutoScaling::LaunchConfiguration Properties: ImageId: !FindInMap - RegionMap - !Ref AWS::Region - HVM64 InstanceType: !Ref PrivateInstanceType KeyName: !Ref BastionKeyPairName SecurityGroups: - !Ref PrivateSG AutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: - !Ref PrivateSubnetA - !Ref PrivateSubnetB LaunchConfigurationName: !Ref LauchConfig TargetGroupARNs: - !Ref TargetGroup1 MaxSize: 2 MinSize: 1 Tags: - Key: Name Value: poc-cf-private-instance-asg PropagateAtLaunch: True UpdatePolicy: AutoScalingReplacingUpdate: WillReplace: True ScaleUpPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: AdjustmentType: ChangeInCapacity AutoScalingGroupName: !Ref AutoScalingGroup Cooldown: '100' ScalingAdjustment: 1 ScaleDownPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: AdjustmentType: ChangeInCapacity AutoScalingGroupName: !Ref AutoScalingGroup Cooldown: '100' ScalingAdjustment: -1 # Configuring target groups TargetGroup1: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Port: 80 Protocol: HTTP VpcId: !Ref VPC HealthCheckIntervalSeconds: 30 HealthCheckPath: / HealthCheckPort: 80 HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 2 Tags: - Key: Name Value: TG-1 # Adding load balancer LoadBalancerSG: Type: AWS::EC2::SecurityGroup Properties: VpcId: !Ref VPC GroupDescription: we use this SG for the load balancer SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 Tags: - Key: Name Value: poc-cf-lb-sg LoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: IpAddressType: ipv4 Scheme: internet-facing SecurityGroups: - !Ref LoadBalancerSG Subnets: - !Ref PublicSubnetA - !Ref PublicSubnetB Tags: - Key: Name Value: poc-cf-lb Type: application Listener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: forward TargetGroupArn: Ref: TargetGroup1 LoadBalancerArn: Ref: LoadBalancer Port: 80 Protocol: HTTP