-
Notifications
You must be signed in to change notification settings - Fork 0
/
basic_vpc.yaml
179 lines (178 loc) · 6.38 KB
/
basic_vpc.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
AWSTemplateFormatVersion: '2010-09-09'
Description: >
Example template that creates a VPC with 2 public and private subnets. Includes a NAT, IGW, and S3 VPCE.
Can be used to connect an Agent to a VPC for peering and/or IP whitelisting.
Metadata:
License: >
Copyright 2023 Monte Carlo Data, Inc.
The Software contained herein (the “Software”) is the intellectual property of Monte Carlo Data, Inc. (“Licensor”),
and Licensor retains all intellectual property rights in the Software, including any and all derivatives, changes and
improvements thereto. Only customers who have entered into a commercial agreement with Licensor for use or
purchase of the Software (“Licensee”) are licensed or otherwise authorized to use the Software, and any Licensee
agrees that it obtains no copyright or other intellectual property rights to the Software, except for the license
expressly granted below or in accordance with the terms of their commercial agreement with Licensor (the
“Agreement”). Subject to the terms and conditions of the Agreement, Licensor grants Licensee a non-exclusive,
non-transferable, non-sublicensable, revocable, limited right and license to use the Software, in each case solely
internally within Licensee’s organization for non-commercial purposes and only in connection with the service
provided by Licensor pursuant to the Agreement, and in object code form only. Without Licensor’s express prior
written consent, Licensee may not, directly or indirectly, (i) distribute the Software, any portion thereof, or any
modifications, enhancements, or derivative works of any of the foregoing (collectively, the “Derivatives”) to any
third party, (ii) license, market, sell, offer for sale or otherwise attempt to commercialize any Software, Derivatives,
or portions thereof, (iii) use the Software, Derivatives, or any portion thereof for the benefit of any third party, (iv)
use the Software, Derivatives, or any portion thereof in any manner or with respect to any commercial activity
which competes, or is reasonably likely to compete, with any business that Licensor conducts, proposes to conduct
or demonstrably anticipates conducting, at any time; or (v) seek any patent or other intellectual property rights or
protections over or in connection with any Software of Derivatives.
AWS::CloudFormation::Interface:
ParameterGroups:
- Parameters:
- VpcCIDR
- SubnetCIDRs
ParameterLabels:
VpcCIDR:
default: Specify the CIDR block for the VPC
SubnetCIDRs:
default: Specify the CIDR blocks for the subnets
Parameters:
SubnetCIDRs:
Default: 10.0.0.0/24,10.0.1.0/24,10.0.2.0/24,10.0.3.0/24
Description: >
A Comma-delimited list of four CIDR blocks. Must be contained in VPC CIDR with no overlap between subnets.
Type: CommaDelimitedList
VpcCIDR:
Default: 10.0.0.0/16
Description: The starting IP and the size of the VPC using CIDR notation.
Type: String
Outputs:
NatGatewayId:
Description: Nat Gateway ID.
Value: !Ref NatGw
PrivateRouteTable:
Description: Private route table ID.
Value: !Ref PrivateRouteTable
PrivateSubnetAz1:
Description: Private subnet (first AZ).
Value: !Ref PrivateSubnetAz1
PrivateSubnetAz2:
Description: Private subnet (second AZ).
Value: !Ref PrivateSubnetAz2
PublicIP:
Description: >
IP address from which connected private resources access the Internet (e.g. if IP whitelisting is used).
Value: !Ref EIP
VpcId:
Description: VPC ID.
Value: !Ref VPC
Resources:
EIP:
Properties:
Domain: vpc
Type: AWS::EC2::EIP
InternetGw:
Type: AWS::EC2::InternetGateway
InternetGwAttachment:
Properties:
InternetGatewayId: !Ref InternetGw
VpcId: !Ref VPC
Type: AWS::EC2::VPCGatewayAttachment
InternetGwRoute:
DependsOn: InternetGwAttachment
Properties:
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref InternetGw
RouteTableId: !Ref PublicRouteTable
Type: AWS::EC2::Route
NatGw:
Properties:
AllocationId: !GetAtt EIP.AllocationId
SubnetId: !Ref PublicSubnetAz1
Type: AWS::EC2::NatGateway
NatGwRoute:
Properties:
DestinationCidrBlock: '0.0.0.0/0'
NatGatewayId: !Ref NatGw
RouteTableId: !Ref PrivateRouteTable
Type: AWS::EC2::Route
PrivateAz1Route:
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnetAz1
Type: AWS::EC2::SubnetRouteTableAssociation
PrivateAz2Route:
Properties:
RouteTableId: !Ref PrivateRouteTable
SubnetId: !Ref PrivateSubnetAz2
Type: AWS::EC2::SubnetRouteTableAssociation
PrivateRouteTable:
Properties:
VpcId: !Ref VPC
Type: AWS::EC2::RouteTable
PrivateSubnetAz1:
Properties:
AvailabilityZone: !Select
- '0'
- !GetAZs ''
CidrBlock: !Select
- 2
- !Ref SubnetCIDRs
VpcId: !Ref VPC
Type: AWS::EC2::Subnet
PrivateSubnetAz2:
Properties:
AvailabilityZone: !Select
- '1'
- !GetAZs ''
CidrBlock: !Select
- 3
- !Ref SubnetCIDRs
VpcId: !Ref VPC
Type: AWS::EC2::Subnet
PublicAz1Route:
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetAz1
Type: AWS::EC2::SubnetRouteTableAssociation
PublicAz2Route:
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnetAz2
Type: AWS::EC2::SubnetRouteTableAssociation
PublicRouteTable:
Properties:
VpcId: !Ref VPC
Type: AWS::EC2::RouteTable
PublicSubnetAz1:
Properties:
AvailabilityZone: !Select
- '0'
- !GetAZs ''
CidrBlock: !Select
- 0
- !Ref SubnetCIDRs
VpcId: !Ref VPC
Type: AWS::EC2::Subnet
PublicSubnetAz2:
Properties:
AvailabilityZone: !Select
- '1'
- !GetAZs ''
CidrBlock: !Select
- 1
- !Ref SubnetCIDRs
VpcId: !Ref VPC
Type: AWS::EC2::Subnet
S3VpcEndpoint:
Properties:
RouteTableIds:
- !Ref PublicRouteTable
- !Ref PrivateRouteTable
ServiceName: !Sub 'com.amazonaws.${AWS::Region}.s3'
VpcEndpointType: Gateway
VpcId: !Ref VPC
Type: AWS::EC2::VPCEndpoint
VPC:
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsHostnames: true
EnableDnsSupport: true
Type: AWS::EC2::VPC