-
Notifications
You must be signed in to change notification settings - Fork 32
/
tgw-spoke-synapse.njk
49 lines (49 loc) · 1.78 KB
/
tgw-spoke-synapse.njk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
AWSTemplateFormatVersion: 2010-09-09
Description: >-
Setup the AWS transit gateway spoke
Parameters:
TransitGatewayId:
Description: 'The sage transit gateway id'
Type: String
TransitGatewayEndpointCidr:
Description: 'The transit gateway endpoint CIDR'
Type: String
AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'
VpcId:
Description: 'The VPC ID to attach'
Type: AWS::EC2::VPC::Id
Resources:
Attachment:
Type: AWS::EC2::TransitGatewayAttachment
Properties:
SubnetIds: [{{ VpcSubnetGroups.Red.PrivateSubnets }}]
TransitGatewayId: !Ref TransitGatewayId
VpcId: !Ref VpcId
{% for subnet_group, group_data in VpcSubnetGroups %}
{% set private_subnet_route_table_ids_list = group_data.PrivateSubnetRouteTableIds.split(',') %}
{% for PrivateSubnetRouteTableId in private_subnet_route_table_ids_list %}
Route{{ PrivateSubnetRouteTableId | replace('-','') | replace(' ','') }}:
DependsOn: Attachment
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: !Ref TransitGatewayEndpointCidr
RouteTableId: {{ PrivateSubnetRouteTableId }}
TransitGatewayId: !Ref TransitGatewayId
{% endfor %}
{% endfor %}
SecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: !Sub 'Security Group for ${TransitGatewayEndpointCidr}'
VpcId: !Ref VpcId
SecurityGroupIngress:
- CidrIp: !Ref TransitGatewayEndpointCidr
Description: !Sub 'Allow access from ${TransitGatewayEndpointCidr}'
FromPort: -1
ToPort: -1
IpProtocol: "-1"
SecurityGroupEgress:
- CidrIp: "0.0.0.0/0"
FromPort: -1
ToPort: -1
IpProtocol: "-1"