--- # Copyright 2018 widdix GmbH # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. AWSTemplateFormatVersion: '2010-09-09' Description: 'VPC: public subnets in three availability zones' Parameters: VPCName: Type: String Default: vpcname ClientIP: Type: String Default: 10.0.0.0/16 Resources: VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: '10.0.0.0/16' EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default Tags: - Key: Name Value: !Ref VPCName InternetGateway: Type: 'AWS::EC2::InternetGateway' Properties: Tags: - Key: Name Value: !Ref VPCName VPCGatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway SubnetAPublic: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [0, !GetAZs ''] CidrBlock: !Sub '10.0.1.0/24' MapPublicIpOnLaunch: true VpcId: !Ref VPC Tags: - Key: Name Value: 'Site-1' - Key: Reach Value: public SubnetBPublic: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [1, !GetAZs ''] CidrBlock: !Sub '10.0.2.0/24' MapPublicIpOnLaunch: true VpcId: !Ref VPC Tags: - Key: Name Value: 'Site-2' - Key: Reach Value: public SubnetCPublic: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [2, !GetAZs ''] CidrBlock: !Sub '10.0.3.0/24' MapPublicIpOnLaunch: true VpcId: !Ref VPC Tags: - Key: Name Value: 'Site-3' - Key: Reach Value: public RouteTablePublic: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Ref VPCName RouteTableAssociationAPublic: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetAPublic RouteTableId: !Ref RouteTablePublic RouteTableAssociationBPublic: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetBPublic RouteTableId: !Ref RouteTablePublic RouteTableAssociationCPublic: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetCPublic RouteTableId: !Ref RouteTablePublic RouteTablePublicInternetRoute: Type: 'AWS::EC2::Route' DependsOn: VPCGatewayAttachment Properties: RouteTableId: !Ref RouteTablePublic DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref InternetGateway NetworkAclPublic: Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Public SubnetNetworkAclAssociationAPublic: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetAPublic NetworkAclId: !Ref NetworkAclPublic SubnetNetworkAclAssociationBPublic: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetBPublic NetworkAclId: !Ref NetworkAclPublic SubnetNetworkAclAssociationCPublic: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetCPublic NetworkAclId: !Ref NetworkAclPublic NetworkAclEntryInPublicAllowAll: Type: 'AWS::EC2::NetworkAclEntry' Properties: NetworkAclId: !Ref NetworkAclPublic RuleNumber: 99 Protocol: -1 RuleAction: allow Egress: false CidrBlock: '0.0.0.0/0' NetworkAclEntryOutPublicAllowAll: Type: 'AWS::EC2::NetworkAclEntry' Properties: NetworkAclId: !Ref NetworkAclPublic RuleNumber: 99 Protocol: -1 RuleAction: allow Egress: true CidrBlock: '0.0.0.0/0' SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow ALL Traffic VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: -1 CidrIp: 10.0.0.0/16 - IpProtocol: tcp FromPort: 3389 ToPort: 3389 CidrIp: !Ref ClientIP - IpProtocol: tcp FromPort: 1433 ToPort: 1433 CidrIp: !Ref ClientIP Outputs: TemplateID: Description: 'Template id.' Value: 'vpc/vpc-3azs' TemplateVersion: Description: 'template version.' Value: '__VERSION__' StackName: Description: 'Stack name.' Value: !Sub '${AWS::StackName}' AZs: Description: 'AZs' Value: 3 Export: Name: !Sub '${AWS::StackName}-AZs' AZA: Description: 'AZ of A' Value: !Select [0, !GetAZs ''] Export: Name: !Sub '${AWS::StackName}-AZA' AZB: Description: 'AZ of B' Value: !Select [1, !GetAZs ''] Export: Name: !Sub '${AWS::StackName}-AZB' AZC: Description: 'AZ of C' Value: !Select [2, !GetAZs ''] Export: Name: !Sub '${AWS::StackName}-AZC' CidrBlock: Description: 'The set of IP addresses for the VPC.' Value: !GetAtt 'VPC.CidrBlock' Export: Name: !Sub '${AWS::StackName}-CidrBlock' VPC: Description: 'VPC.' Value: !Ref VPC Export: Name: !Sub '${AWS::StackName}-VPC' SubnetsPublic: Description: 'Subnets public.' Value: !Join [',', [!Ref SubnetAPublic, !Ref SubnetBPublic, !Ref SubnetCPublic]] Export: Name: !Sub '${AWS::StackName}-SubnetsPublic' RouteTablesPublic: Description: 'Route tables public.' Value: !Ref RouteTablePublic Export: Name: !Sub '${AWS::StackName}-RouteTablesPublic' SubnetAPublic: Description: 'Subnet A public.' Value: !Ref SubnetAPublic Export: Name: !Sub '${AWS::StackName}-SubnetAPublic' SubnetBPublic: Description: 'Subnet B public.' Value: !Ref SubnetBPublic Export: Name: !Sub '${AWS::StackName}-SubnetBPublic' SubnetCPublic: Description: 'Subnet C public.' Value: !Ref SubnetCPublic Export: Name: !Sub '${AWS::StackName}-SubnetCPublic' SecurityGroup: Description: 'SecurityGroup' Value: !Ref SecurityGroup Export: Name: !Sub '${AWS::StackName}-SecurityGroup'