AWSTemplateFormatVersion: 2010-09-09 Description: CloudFormation Template for SQS VPC Endpoints Tutorial Parameters: KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instance Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. SSHLocation: Description: The IP address range that can be used to SSH to the EC2 instance Type: String MinLength: '9' MaxLength: '18' Default: 0.0.0.0/0 AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Conditions: IsT3Supported: !Equals [!Ref 'AWS::Region', eu-north-1] Mappings: RegionMap: us-east-1: AMI: ami-428aa838 us-east-2: AMI: ami-710e2414 us-west-1: AMI: ami-4a787a2a us-west-2: AMI: ami-7f43f307 ap-northeast-1: AMI: ami-c2680fa4 ap-northeast-2: AMI: ami-3e04a450 ap-southeast-1: AMI: ami-4f89f533 ap-southeast-2: AMI: ami-38708c5a ap-south-1: AMI: ami-3b2f7954 ca-central-1: AMI: ami-7549cc11 eu-central-1: AMI: ami-1b2bb774 eu-west-1: AMI: ami-db1688a2 eu-west-2: AMI: ami-6d263d09 eu-north-1: AMI: ami-87fe70f9 eu-west-3: AMI: ami-5ce55321 sa-east-1: AMI: ami-f1337e9d Resources: VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' Tags: - Key: Name Value: SQS-VPCE-Tutorial-VPC Subnet: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/24 Tags: - Key: Name Value: SQS-VPCE-Tutorial-Subnet InternetGateway: Type: 'AWS::EC2::InternetGateway' Properties: Tags: - Key: Name Value: SQS-VPCE-Tutorial-InternetGateway VPCGatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway RouteTable: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: SQS-VPCE-Tutorial-RouteTable SubnetRouteTableAssociation: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: RouteTableId: !Ref RouteTable SubnetId: !Ref Subnet InternetGatewayRoute: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref RouteTable GatewayId: !Ref InternetGateway DestinationCidrBlock: 0.0.0.0/0 SecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupName: SQS VPCE Tutorial Security Group GroupDescription: Security group for SQS VPC endpoint tutorial VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: '-1' CidrIp: 10.0.0.0/16 - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: !Ref SSHLocation SecurityGroupEgress: - IpProtocol: '-1' CidrIp: 10.0.0.0/16 Tags: - Key: Name Value: SQS-VPCE-Tutorial-SecurityGroup EC2Instance: Type: 'AWS::EC2::Instance' Properties: KeyName: !Ref KeyName InstanceType: !If [IsT3Supported, t3.micro, t2.micro] ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - AMI NetworkInterfaces: - AssociatePublicIpAddress: 'true' DeviceIndex: '0' GroupSet: - !Ref SecurityGroup SubnetId: !Ref Subnet IamInstanceProfile: !Ref EC2InstanceProfile Tags: - Key: Name Value: SQS-VPCE-Tutorial-EC2Instance EC2InstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Roles: - !Ref EC2InstanceRole InstanceProfileName: !Sub 'EC2InstanceProfile-${AWS::Region}' EC2InstanceRole: Type: 'AWS::IAM::Role' Properties: RoleName: !Sub 'SQS-VPCE-Tutorial-EC2InstanceRole-${AWS::Region}' AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: ec2.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/AmazonSQSFullAccess' CFQueue: Type: 'AWS::SQS::Queue' Properties: VisibilityTimeout: 60