forked from awslabs/aws-transit-vpc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtransit-vpc-spoke-vpc.template
121 lines (118 loc) · 3.82 KB
/
transit-vpc-spoke-vpc.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "(SO0001s) - Transit VPC spoke: Creates a spoke VPC for TransitVPC testing.",
"Parameters" : {
"PreferredPathTag" : {
"Description" : "Tag to use to configure a preferred CSR VPN endpoint to control traffic flow through the Transit VPC CSRs (e.g. when integrating with stateful on-prem firewalls).",
"Type" : "String",
"Default" : "transitvpc:preferred-path"
},
"PreferredPathValue" : {
"Description" : "Specify if there is a preferred CSR to control the traffic flow through the Transit VPC (e.g. when integrating with stateful on-prem firewalls).",
"Type" : "String",
"Default" : "none",
"AllowedValues" : [ "none", "CSR1", "CSR2" ]
},
"SpokeTag" : {
"Description" : "Tag to use to identify spoke VPCs to connect to Transit VPC.",
"Type" : "String",
"Default" : "transitvpc:spoke"
},
"SpokeTagValue" : {
"Description" : "Tag value to use to identify spoke VPCs to connect to Transit VPC.",
"Type" : "String",
"Default" : "true"
},
"VpcCidr" : {
"Description" : "CIDR block for Transit VPC.",
"Type" : "String",
"Default" : "10.255.0.0/16"
}
},
"Metadata" : {
"AWS::CloudFormation::Interface" : {
"ParameterGroups" : [
{
"Label" : { "default" : "Network Configuration" },
"Parameters" : [ "VpcCidr", "SpokeTag","SpokeTagValue", "PreferredPathTag", "PreferredPathValue" ]
}
],
"ParameterLabels" : {
"SpokeTag" : { "default" : "Transit VPC Tag Name" },
"SpokeTagValue" : { "default" : "Transit VPC Tag Value" },
"PreferredPathTag" : { "default" : "Preferred VPN Endpoint Tag Name" },
"PreferredPathValue" : { "default" : "Preferred Path" },
"VpcCidr" : { "default" : "Transit VPC CIDR Block" }
}
}
},
"Resources" : {
"SpokeVPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : { "Ref" : "VpcCidr" },
"Tags" : [
{ "Key" : "Name", "Value" : "Spoke VPC" }
]
}
},
"VGW" : {
"Type" : "AWS::EC2::VPNGateway",
"Properties" : {
"Type" : "ipsec.1",
"Tags" : [
{ "Key" : "Name", "Value" : "Spoke VPC VGW" },
{ "Key" : { "Ref" : "PreferredPathTag" }, "Value" : { "Ref" : "PreferredPathValue" }},
{ "Key" : { "Ref" : "SpokeTag" }, "Value" : { "Ref" : "SpokeTagValue" }}
]
}
},
"AttachVGWToVPC" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "SpokeVPC" },
"VpnGatewayId" : { "Ref" : "VGW" }
}
},
"VPCRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : { "Ref" : "SpokeVPC" },
"Tags" : [
{ "Key" : "Network", "Value" : "Public" },
{ "Key" : "Name", "Value" : "Spoke VPC" }
]
}
},
"ProgagateRoute" : {
"DependsOn" : "AttachVGWToVPC",
"Type" : "AWS::EC2::VPNGatewayRoutePropagation",
"Properties" : {
"RouteTableIds" : [ { "Ref" : "VPCRouteTable" } ],
"VpnGatewayId" : { "Ref" : "VGW" }
}
}
},
"Outputs" : {
"VPCID" : {
"Description" : "VPC ID",
"Value" : { "Ref" : "SpokeVPC" }
},
"CIDR" : {
"Description" : "VPC CIDR",
"Value" : { "Ref" : "VpcCidr" }
},
"VGWID" : {
"Description" : "VGW ID",
"Value" : { "Ref" : "VGW" }
},
"TransitVPCtags" : {
"Description" : "Tag name/value",
"Value" : { "Fn::Join": [ "", [ { "Ref" : "SpokeTag" }, " = ", { "Ref": "SpokeTagValue" } ] ] }
},
"TransitVPCPath" : {
"Description" : "Tag name/value",
"Value" : { "Fn::Join": [ "", [ { "Ref" : "PreferredPathTag" }, " = ", { "Ref": "PreferredPathValue" } ] ] }
}
}
}