Skip to content

Instantly share code, notes, and snippets.

@rgarcia

rgarcia/vpc.json

Created February 5, 2016 01:10
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rgarcia/e95ba42bd38af466ab1d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rgarcia/e95ba42bd38af466ab1d to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. rgarcia created this gist Feb 5, 2016.
    272 changes: 272 additions & 0 deletions vpc.json
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,272 @@
    {
    "AWSTemplateFormatVersion" : "2010-09-09",

    "Description" : "VPC with two public subnets and two private subnets in different AZs, and a NAT to enable instances in private subnets to access the internet",

    "Parameters" : {
    "KeyName" : {
    "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the bastion host",
    "Type" : "AWS::EC2::KeyPair::KeyName"
    }
    },

    "Mappings" : {
    "AWSNATAMI" : {
    "us-west-2": { "AMI" : "ami-77a4b816" }
    }
    },

    "Resources" : {

    "VPC" : {
    "Type" : "AWS::EC2::VPC",
    "Properties" : {
    "CidrBlock" : "172.40.0.0/16",
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1" }
    ]
    }
    },

    "PublicSubnet1" : {
    "Type" : "AWS::EC2::Subnet",
    "Properties" : {
    "VpcId" : { "Ref" : "VPC" },
    "CidrBlock" : "172.40.0.0/24",
    "AvailabilityZone" : { "Fn::Select" : ["0", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-public-subnet-1" }
    ]
    }
    },

    "PrivateSubnet1" : {
    "Type" : "AWS::EC2::Subnet",
    "Properties" : {
    "VpcId" : { "Ref" : "VPC" },
    "CidrBlock" : "172.40.1.0/24",
    "AvailabilityZone" : { "Fn::Select" : ["0", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-private-subnet-1" }
    ]
    }
    },

    "PublicSubnet2" : {
    "Type" : "AWS::EC2::Subnet",
    "Properties" : {
    "VpcId" : { "Ref" : "VPC" },
    "CidrBlock" : "172.40.2.0/24",
    "AvailabilityZone" : { "Fn::Select" : ["1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-public-subnet-2" }
    ]
    }
    },

    "PrivateSubnet2" : {
    "Type" : "AWS::EC2::Subnet",
    "Properties" : {
    "VpcId" : { "Ref" : "VPC" },
    "CidrBlock" : "172.40.3.0/24",
    "AvailabilityZone" : { "Fn::Select" : ["1", { "Fn::GetAZs" : { "Ref" : "AWS::Region" } }]},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-private-subnet-2" }
    ]
    }
    },

    "InternetGateway" : {
    "Type" : "AWS::EC2::InternetGateway",
    "Properties" : {
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-igw" }
    ]
    }
    },

    "GatewayToInternet" : {
    "Type" : "AWS::EC2::VPCGatewayAttachment",
    "Properties" : {
    "VpcId" : { "Ref" : "VPC" },
    "InternetGatewayId" : { "Ref" : "InternetGateway" }
    }
    },

    "PublicRouteTable" : {
    "Type" : "AWS::EC2::RouteTable",
    "Properties" : {
    "VpcId" : {"Ref" : "VPC"},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-public-route-table"}
    ]
    }
    },

    "PublicRoute" : {
    "Type" : "AWS::EC2::Route",
    "DependsOn" : "GatewayToInternet",
    "Properties" : {
    "RouteTableId" : { "Ref" : "PublicRouteTable" },
    "DestinationCidrBlock" : "0.0.0.0/0",
    "GatewayId" : { "Ref" : "InternetGateway" }
    }
    },

    "PublicSubnet1PublicRouteTableAssociation" : {
    "Type" : "AWS::EC2::SubnetRouteTableAssociation",
    "Properties" : {
    "SubnetId" : { "Ref" : "PublicSubnet1" },
    "RouteTableId" : { "Ref" : "PublicRouteTable" }
    }
    },

    "PublicSubnet1PublicRouteTableAssociation2" : {
    "Type" : "AWS::EC2::SubnetRouteTableAssociation",
    "Properties" : {
    "SubnetId" : { "Ref" : "PublicSubnet2" },
    "RouteTableId" : { "Ref" : "PublicRouteTable" }
    }
    },

    "PrivateRouteTable1" : {
    "Type" : "AWS::EC2::RouteTable",
    "Properties" : {
    "VpcId" : {"Ref" : "VPC"},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-private-route-table-1" }
    ]
    }
    },

    "PrivateRouteTable2" : {
    "Type" : "AWS::EC2::RouteTable",
    "Properties" : {
    "VpcId" : {"Ref" : "VPC"},
    "Tags" : [
    {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} },
    {"Key" : "Name", "Value" : "vpc-1-private-route-table-2" }
    ]
    }
    },

    "PrivateSubnetRouteTableAssociation1" : {
    "Type" : "AWS::EC2::SubnetRouteTableAssociation",
    "Properties" : {
    "SubnetId" : { "Ref" : "PrivateSubnet1" },
    "RouteTableId" : { "Ref" : "PrivateRouteTable1" }
    }
    },

    "PrivateSubnetRouteTableAssociation2" : {
    "Type" : "AWS::EC2::SubnetRouteTableAssociation",
    "Properties" : {
    "SubnetId" : { "Ref" : "PrivateSubnet2" },
    "RouteTableId" : { "Ref" : "PrivateRouteTable2" }
    }
    },

    "PrivateRoute1" : {
    "Type" : "AWS::EC2::Route",
    "Properties" : {
    "RouteTableId" : { "Ref" : "PrivateRouteTable1" },
    "DestinationCidrBlock" : "0.0.0.0/0",
    "InstanceId" : { "Ref" : "NATDevice1" }
    }
    },

    "PrivateRoute2" : {
    "Type" : "AWS::EC2::Route",
    "Properties" : {
    "RouteTableId" : { "Ref" : "PrivateRouteTable2" },
    "DestinationCidrBlock" : "0.0.0.0/0",
    "InstanceId" : { "Ref" : "NATDevice2" }
    }
    },

    "NATIPAddress1" : {
    "Type" : "AWS::EC2::EIP",
    "DependsOn" : "GatewayToInternet",
    "Properties" : {
    "Domain" : "vpc",
    "InstanceId" : { "Ref" : "NATDevice1" }
    }
    },

    "NATIPAddress2" : {
    "Type" : "AWS::EC2::EIP",
    "DependsOn" : "GatewayToInternet",
    "Properties" : {
    "Domain" : "vpc",
    "InstanceId" : { "Ref" : "NATDevice2" }
    }
    },

    "NATDevice1" : {
    "Type" : "AWS::EC2::Instance",
    "Properties" : {
    "InstanceType" : "t2.micro",
    "KeyName" : { "Ref" : "KeyName" },
    "SubnetId" : { "Ref" : "PublicSubnet1" },
    "SourceDestCheck" : "false",
    "ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]},
    "SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }],
    "Tags" : [ {"Key" : "Name", "Value" : "NAT Device"} ]
    }
    },

    "NATDevice2" : {
    "Type" : "AWS::EC2::Instance",
    "Properties" : {
    "InstanceType" : "t2.micro",
    "KeyName" : { "Ref" : "KeyName" },
    "SubnetId" : { "Ref" : "PublicSubnet2" },
    "SourceDestCheck" : "false",
    "ImageId" : { "Fn::FindInMap" : [ "AWSNATAMI", { "Ref" : "AWS::Region" }, "AMI" ]},
    "SecurityGroupIds" : [{ "Ref" : "NATSecurityGroup" }],
    "Tags" : [ {"Key" : "Name", "Value" : "NAT Device"} ]
    }
    },

    "NATSecurityGroup" : {
    "Type" : "AWS::EC2::SecurityGroup",
    "Properties" : {
    "GroupDescription" : "Enable internal access to the NAT device. TODO: add port 22 rule?",
    "VpcId" : { "Ref" : "VPC" },
    "SecurityGroupIngress" : [
    { "IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
    { "IpProtocol" : "tcp", "FromPort" : "443", "ToPort" : "443", "CidrIp" : "0.0.0.0/0"}
    ],
    "SecurityGroupEgress" : [
    { "IpProtocol" : "tcp", "FromPort" : "1", "ToPort" : "65535", "CidrIp" : "0.0.0.0/0"} ]
    }
    }
    },

    "Outputs" : {
    "VpcId" : {
    "Description": "VPC",
    "Value": { "Ref" : "VPC" }
    },
    "PublicSubnets" : {
    "Description" : "Public subnet",
    "Value" : { "Fn::Join" : [",", [{ "Ref" : "PublicSubnet1" }, { "Ref" : "PublicSubnet2" }] ] }
    },
    "PrivateSubnets" : {
    "Description" : "Private subnet",
    "Value" : { "Fn::Join" : [",", [{ "Ref" : "PrivateSubnet1" }, { "Ref" : "PrivateSubnet2" }] ] }
    },
    "AZs" : {
    "Description" : "Availability zones",
    "Value" : { "Fn::Join" : [",", [ { "Fn::GetAtt" : ["PrivateSubnet1", "AvailabilityZone"] }, { "Fn::GetAtt" : ["PrivateSubnet2", "AvailabilityZone"] }]]}
    }
    }
    }