forked from aws-samples/codepipeline-nested-cfn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vpc-stack.yml
323 lines (299 loc) · 8.22 KB
/
vpc-stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
Description: Creates VPC and required components of VPC
Parameters:
VPCCIDR:
Type: String
Description: CIDR block should be used to create the VPC (e.g. 172.21.1.0/24)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/24)
PublicSubnet1:
Type: String
Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.0/26)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/26)
PublicSubnet2:
Type: String
Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.64/26)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.64/26)
PrivateSubnet1:
Type: String
Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.128/26)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.128/26)
PrivateSubnet2:
Type: String
Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.192/26)
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.192/26)
UATApprovalEmail:
Type: String
Description: Email address to which UAT approval should be sent
AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)"
ConstraintDescription: Must be a valid email address. (e.g. [email protected])
ProdApprovalEmail:
Type: String
Description: Email address to which Prod approval should be sent
AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)"
ConstraintDescription: Must be a valid email address. (e.g. [email protected])
TagPrefix:
Type: String
Description: Enter Prefix that should be used for Tags.
Resources:
S3Bucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UATTopic:
Type: "AWS::SNS::Topic"
Properties:
Subscription:
-
Endpoint:
Ref: UATApprovalEmail
Protocol: "email"
ProdTopic:
Type: "AWS::SNS::Topic"
Properties:
Subscription:
-
Endpoint:
Ref: UATApprovalEmail
Protocol: "email"
VPC:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock:
Ref: VPCCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value:
Ref: TagPrefix
PubSubnet1:
Type: "AWS::EC2::Subnet"
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PublicSubnet1
AvailabilityZone:
Fn::Sub: ${AWS::Region}a
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PublicSubnet1
PubSubnet2:
Type: "AWS::EC2::Subnet"
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PublicSubnet2
AvailabilityZone:
Fn::Sub: ${AWS::Region}b
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PublicSubnet2
PriSubnet1:
Type: "AWS::EC2::Subnet"
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet1
AvailabilityZone:
Fn::Sub: ${AWS::Region}a
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PrivateSubnet1
PriSubnet2:
Type: "AWS::EC2::Subnet"
Properties:
VpcId:
Ref: VPC
CidrBlock:
Ref: PrivateSubnet2
AvailabilityZone:
Fn::Sub: ${AWS::Region}b
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PrivateSubnet2
InternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-IGW
GatewayToInternet:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
VpcId:
Ref: VPC
InternetGatewayId:
Ref: InternetGateway
NATEIP1:
Type: "AWS::EC2::EIP"
Properties:
Domain: vpc
DependsOn: GatewayToInternet
NATEIP2:
Type: "AWS::EC2::EIP"
Properties:
Domain: vpc
DependsOn: GatewayToInternet
NAT1:
Type: "AWS::EC2::NatGateway"
Properties:
AllocationId:
Fn::GetAtt: [ NATEIP1, AllocationId ]
SubnetId:
Ref: PubSubnet1
NAT2:
Type: "AWS::EC2::NatGateway"
Properties:
AllocationId:
Fn::GetAtt: [ NATEIP2, AllocationId ]
SubnetId:
Ref: PubSubnet2
PublicRouteTable:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PublicRouteTable
PrivateRouteTable1:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PrivateRouteTable1
PrivateRouteTable2:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId:
Ref: VPC
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-PrivateRouteTable2
PublicRoute:
Type: "AWS::EC2::Route"
DependsOn: GatewayToInternet
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: InternetGateway
RouteTableId:
Ref: PublicRouteTable
PrivateRoute1:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NAT1
RouteTableId:
Ref: PrivateRouteTable1
PrivateRoute2:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NAT2
RouteTableId:
Ref: PrivateRouteTable2
PubSubnet1RTAssoc:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId:
Ref: PublicRouteTable
SubnetId:
Ref: PubSubnet1
PubSubnet2RTAssoc:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId:
Ref: PublicRouteTable
SubnetId:
Ref: PubSubnet2
PrivSubnet1RTAssoc:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId:
Ref: PrivateRouteTable1
SubnetId:
Ref: PriSubnet1
PrivSubnet2RTAssoc:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
RouteTableId:
Ref: PrivateRouteTable2
SubnetId:
Ref: PriSubnet2
RDSSubnetGroup:
Type: "AWS::RDS::DBSubnetGroup"
Properties:
DBSubnetGroupDescription: "RDS DB Subnet group"
SubnetIds:
- Ref: PriSubnet1
- Ref: PriSubnet2
Tags:
- Key: Name
Value:
Fn::Sub: ${TagPrefix}-DBSubnetGroup
Outputs:
S3BucketName:
Value:
Ref: S3Bucket
Description: Name of the S3 bucket
UATTopic:
Value:
Fn::GetAtt: [ UATTopic, TopicName ]
Description: Name of the SNS Topic for UAT Approval
ProdTopic:
Value:
Fn::GetAtt: [ ProdTopic, TopicName ]
Description: Name of the SNS Topic for Prod Approval
VPCID:
Description: "VPC ID"
Value:
Ref: VPC
PrivateSubnet1:
Description: "Subnet ID of private subnet in AZ1"
Value:
Ref: PriSubnet1
PrivateSubnet2:
Description: "Subnet ID of private subnet in AZ2"
Value:
Ref: PriSubnet2
PublicSubnet1:
Description: "Subnet ID of public subnet in AZ1"
Value:
Ref: PubSubnet1
PublicSubnet2:
Description: "Subnet ID of public subnet in AZ2"
Value:
Ref: PubSubnet2
DBSubnetGroup:
Description: "Name of the DB Subnet group"
Value:
Ref: RDSSubnetGroup
NATEIP1:
Description: "NAT Gateway ID in AZ1"
Value:
Ref: NAT1
NATEIP2:
Description: "NAT Gateway ID in AZ2"
Value:
Ref: NAT2