AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: Template to create BikeNow VPC and subnets Resources: VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: '10.71.0.0/16' EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default Tags: - Key: Name Value: 'BikeNow VPC' InternetGateway: Type: 'AWS::EC2::InternetGateway' Properties: Tags: - Key: Name Value: 'BikeNow IGW' VPCGatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway SubnetAPublic: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [0, !GetAZs ''] CidrBlock: '10.71.0.0/20' MapPublicIpOnLaunch: true VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Public A' - Key: Reach Value: public SubnetAPrivate: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [0, !GetAZs ''] CidrBlock: '10.71.16.0/20' VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Private A' - Key: Reach Value: private SubnetBPublic: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [1, !GetAZs ''] CidrBlock: '10.71.32.0/20' MapPublicIpOnLaunch: true VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Public B' - Key: Reach Value: public SubnetBPrivate: Type: 'AWS::EC2::Subnet' Properties: AvailabilityZone: !Select [1, !GetAZs ''] CidrBlock: '10.71.48.0/20' VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Private B' - Key: Reach Value: private RouteTableAPublic: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Public route A' RouteTableAPrivate: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Private route A' RouteTableBPublic: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Public route B' RouteTableBPrivate: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: 'BikeNow - Private route B' RouteTableAssociationAPublic: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetAPublic RouteTableId: !Ref RouteTableAPublic RouteTableAssociationAPrivate: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetAPrivate RouteTableId: !Ref RouteTableAPrivate RouteTableAssociationBPublic: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetBPublic RouteTableId: !Ref RouteTableBPublic RouteTableAssociationBPrivate: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref SubnetBPrivate RouteTableId: !Ref RouteTableBPrivate RouteTableAPublicInternetRoute: Type: 'AWS::EC2::Route' DependsOn: VPCGatewayAttachment Properties: RouteTableId: !Ref RouteTableAPublic DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref InternetGateway RouteTableBPublicInternetRoute: Type: 'AWS::EC2::Route' DependsOn: VPCGatewayAttachment Properties: RouteTableId: !Ref RouteTableBPublic DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref InternetGateway NetworkAclPublic: Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: BikeNow - Public NACL NetworkAclPrivate: Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: BikeNow - Private NACL SubnetNetworkAclAssociationAPublic: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetAPublic NetworkAclId: !Ref NetworkAclPublic SubnetNetworkAclAssociationAPrivate: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetAPrivate NetworkAclId: !Ref NetworkAclPrivate SubnetNetworkAclAssociationBPublic: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetBPublic NetworkAclId: !Ref NetworkAclPublic SubnetNetworkAclAssociationBPrivate: Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref SubnetBPrivate NetworkAclId: !Ref NetworkAclPrivate NetworkAclEntryInPublicAllowAll: Type: 'AWS::EC2::NetworkAclEntry' Properties: NetworkAclId: !Ref NetworkAclPublic RuleNumber: 99 Protocol: -1 RuleAction: allow Egress: false CidrBlock: '0.0.0.0/0' NetworkAclEntryOutPublicAllowAll: Type: 'AWS::EC2::NetworkAclEntry' Properties: NetworkAclId: !Ref NetworkAclPublic RuleNumber: 99 Protocol: -1 RuleAction: allow Egress: true CidrBlock: '0.0.0.0/0' NetworkAclEntryInPrivateAllowVPC: Type: 'AWS::EC2::NetworkAclEntry' Properties: NetworkAclId: !Ref NetworkAclPrivate RuleNumber: 99 Protocol: -1 RuleAction: allow Egress: false CidrBlock: '0.0.0.0/0' NetworkAclEntryOutPrivateAllowVPC: Type: 'AWS::EC2::NetworkAclEntry' Properties: NetworkAclId: !Ref NetworkAclPrivate RuleNumber: 99 Protocol: -1 RuleAction: allow Egress: true CidrBlock: '0.0.0.0/0' NAT: DependsOn: VPCGatewayAttachment Type: AWS::EC2::NatGateway Properties: AllocationId: Fn::GetAtt: - EIP - AllocationId SubnetId: Ref: SubnetAPublic Tags: - Key: foo Value: bar EIP: Type: AWS::EC2::EIP Properties: Domain: !Ref VPC RouteANAT: Type: AWS::EC2::Route Properties: RouteTableId: Ref: RouteTableAPrivate DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: NAT RouteBNAT: Type: AWS::EC2::Route Properties: RouteTableId: Ref: RouteTableBPrivate DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: NAT EndpointS3: Type: AWS::EC2::VPCEndpoint Properties: RouteTableIds: - !Ref RouteTableAPublic - !Ref RouteTableBPublic - !Ref RouteTableAPrivate - !Ref RouteTableBPrivate ServiceName: !Sub 'com.amazonaws.${AWS::Region}.s3' VpcId: !Ref VPC Outputs: StackName: Description: 'Stack name.' Value: !Sub '${AWS::StackName}' AZs: Description: 'AZs' Value: 2 AZA: Description: 'AZ of A' Value: !Select [0, !GetAZs ''] AZB: Description: 'AZ of B' Value: !Select [1, !GetAZs ''] CidrBlock: Description: 'The set of IP addresses for the VPC.' Value: !GetAtt 'VPC.CidrBlock' VPC: Description: 'VPC.' Value: !Ref VPC SubnetsPublic: Description: 'Subnets public.' Value: !Join [',', [!Ref SubnetAPublic, !Ref SubnetBPublic]] SubnetsPrivate: Description: 'Subnets private.' Value: !Join [',', [!Ref SubnetAPrivate, !Ref SubnetBPrivate]] RouteTablesPrivate: Description: 'Route tables private.' Value: !Join [',', [!Ref RouteTableAPrivate, !Ref RouteTableBPrivate]] RouteTablesPublic: Description: 'Route tables public.' Value: !Join [',', [!Ref RouteTableAPublic, !Ref RouteTableBPublic]] SubnetAPublic: Description: 'Subnet A public.' Value: !Ref SubnetAPublic RouteTableAPublic: Description: 'Route table A public.' Value: !Ref RouteTableAPublic SubnetAPrivate: Description: 'Subnet A private.' Value: !Ref SubnetAPrivate RouteTableAPrivate: Description: 'Route table A private.' Value: !Ref RouteTableAPrivate SubnetBPublic: Description: 'Subnet B public.' Value: !Ref SubnetBPublic RouteTableBPublic: Description: 'Route table B public.' Value: !Ref RouteTableBPublic SubnetBPrivate: Description: 'Subnet B private.' Value: !Ref SubnetBPrivate RouteTableBPrivate: Description: 'Route table B private.' Value: !Ref RouteTableBPrivate