AWSTemplateFormatVersion: 2010-09-09 Description: Creating networking resources for VPC and subnets Parameters: Cloud9InstanceType: Type: String Default: t2.small Description: Cloud9 Instance Type GithubRepositoryUrl: Type: String Description: AWS Codepipeline Docker Vulnerability Scan Default: "https://github.com/aws-samples/aws-codepipeline-docker-vulnerability-scan.git" Resources: VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: 10.0.0.0/24 Tags: - Key: Name Value: !Sub "${AWS::StackName}-VPC" PrivateSubnet01: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.0/26 AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" Tags: - Key: Name Value: !Sub "${AWS::StackName}-PrivateSubnet01" PrivateSubnet02: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.64/26 AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: "" Tags: - Key: Name Value: !Sub "${AWS::StackName}-PrivateSubnet02" PublicSubnet01: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.128/26 AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" Tags: - Key: Name Value: !Sub "${AWS::StackName}-PublicSubnet01" PublicSubnet02: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: 10.0.0.192/26 AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: "" Tags: - Key: Name Value: !Sub "${AWS::StackName}-PublicSubnet02" InternetGateway: Type: 'AWS::EC2::InternetGateway' GatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC RouteIGW: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway NAT1: Type: AWS::EC2::NatGateway Properties: AllocationId: Fn::GetAtt: - EIP1 - AllocationId SubnetId: !Ref PublicSubnet01 EIP1: Type: AWS::EC2::EIP Properties: Domain: vpc Route1: Type: AWS::EC2::Route Properties: RouteTableId: Ref: PrivateRouteTable1 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: NAT1 NAT2: Type: AWS::EC2::NatGateway Properties: AllocationId: Fn::GetAtt: - EIP2 - AllocationId SubnetId: !Ref PublicSubnet02 EIP2: Type: AWS::EC2::EIP Properties: Domain: vpc Route2: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTable2 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NAT2 PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PrivateRouteTable1: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PrivateRouteTable2: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC RouteTableAssociation1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet01 RouteTableId: !Ref PublicRouteTable RouteTableAssociation2: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet02 RouteTableId: !Ref PublicRouteTable RouteTableAssociation3: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet01 RouteTableId: !Ref PrivateRouteTable1 RouteTableAssociation4: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet02 RouteTableId: !Ref PrivateRouteTable2 # Cloud9 IDE Cloud9Environment: Type: AWS::Cloud9::EnvironmentEC2 Properties: Name: "Codepipeline-Docker-Vulnerability-Scan" Description: "AWS Codepipeline Docker Vulnerability Scan Workshop" Repositories: - PathComponent: "/aws-codepipeline-docker-vulnerability-scan" RepositoryUrl: !Ref GithubRepositoryUrl SubnetId: !Ref PublicSubnet01 InstanceType: !Ref Cloud9InstanceType Outputs: VpcId: Value: !Ref VPC Export: Name: !Sub "${AWS::StackName}-VpcId" PublicSubnets: Value: !Join [",",[!Ref PublicSubnet01, !Ref PublicSubnet02]] Export: Name: !Sub "${AWS::StackName}-PublicSubnets" PrivateSubnets: Value: !Join [",",[!Ref PrivateSubnet01, !Ref PrivateSubnet02]] Export: Name: !Sub "${AWS::StackName}-PrivateSubnets" Cloud9EnvironmentName: Description: AWS Cloud9 Environment Name Value: !GetAtt Cloud9Environment.Name