-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvpc.yml
144 lines (131 loc) · 3.11 KB
/
vpc.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
AWSTemplateFormatVersion: "2010-09-09"
Description: VPC Resources
Parameters:
Cidr:
Description: Vpc Cidr
Type: String
Subnets:
Description: Vpc Subnets list
Type: List<String>
Resources:
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref Cidr
InstanceTenancy: default
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties: { }
GatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref Vpc
InternetGatewayId: !Ref InternetGateway
DhcpOption:
Type: AWS::EC2::DHCPOptions
Properties:
DomainName: 'ec2.internal'
DomainNameServers:
- AmazonProvidedDNS
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref Vpc
Route:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref RouteTable
GatewayId: !Ref InternetGateway
DependsOn: GatewayAttachment
SubnetAcl:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref Vpc
InSubnetAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref SubnetAcl
RuleNumber: '32000'
Protocol: '-1'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
Icmp:
Code: '-1'
Type: '-1'
PortRange:
From: '1'
To: '65535'
OutSubnetAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref SubnetAcl
RuleNumber: '32000'
Protocol: '-1'
RuleAction: allow
Egress: 'true'
CidrBlock: 0.0.0.0/0
Icmp:
Code: '-1'
Type: '-1'
PortRange:
From: '1'
To: '65535'
Zone1:
Type: AWS::CloudFormation::Stack
DependsOn: GatewayAttachment
Properties:
TemplateURL: zone.yml
Parameters:
Range: 1
CidrBlock: !Select [ 0, !Ref Subnets ]
Vpc: !Ref Vpc
NetworkAclId: !Ref SubnetAcl
RouteTableId: !Ref RouteTable
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs: ''
Zone2:
Type: AWS::CloudFormation::Stack
DependsOn: GatewayAttachment
Properties:
TemplateURL: zone.yml
Parameters:
Range: 2
CidrBlock: !Select [ 1, !Ref Subnets ]
Vpc: !Ref Vpc
NetworkAclId: !Ref SubnetAcl
RouteTableId: !Ref RouteTable
AvailabilityZone:
Fn::Select:
- 1
- Fn::GetAZs: ''
Outputs:
Vpc:
Description: VPC
Value: !Ref Vpc
AvailabilityZones:
Description: Availability zones actually used
Value: !Join
- ','
- - !GetAtt Zone1.Outputs.AvailabilityZone
- !GetAtt Zone2.Outputs.AvailabilityZone
Subnets:
Description: Subnets
Value: !Join
- ','
- - !GetAtt Zone1.Outputs.Subnet
- !GetAtt Zone2.Outputs.Subnet
Subnet1:
Description: Subnet 1
Value: !GetAtt Zone1.Outputs.Subnet
Subnet2:
Description: Subnet 2
Value: !GetAtt Zone2.Outputs.Subnet
RouteTable:
Description: Vpc route table
Value: !Ref RouteTable