AWSTemplateFormatVersion: '2010-09-09' Description: VPC with public and private subnets (1 AZs) & NAT # Use three subnets Mappings: Networking: VPC: CIDR: 10.0.0.0/16 PublicSubnet: CIDR: 10.0.1.0/24 PrivateSubnet: CIDR: 10.0.2.0/24 Resources: # Create a VPC VPC: Type: AWS::EC2::VPC Properties: EnableDnsSupport: 'true' EnableDnsHostnames: 'true' CidrBlock: !FindInMap - Networking - VPC - CIDR Tags: - Key: Name Value: HPC VPC # Create an IGW and add it to the VPC InternetGateway: Type: AWS::EC2::InternetGateway GatewayToInternet: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway # Create a NAT GW then add it to the public subnet NATGateway: DependsOn: GatewayToInternet Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt ElasticIP.AllocationId SubnetId: !Ref PublicSubnet ElasticIP: Type: AWS::EC2::EIP Properties: Domain: vpc # Create and set the route table PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PublicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref InternetGateway # Build the subnet and associate the route table with it PublicSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC MapPublicIpOnLaunch: true CidrBlock: !FindInMap - Networking - PublicSubnet - CIDR AvailabilityZone: !Select - '0' - !GetAZs Ref: AWS::Region Tags: - Key: Name Value: 'HPC Public Subnet' # Then create and associate the route table to the public subnet PublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet RouteTableId: !Ref PublicRouteTable # Create the 3 private subnets PrivateSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: !FindInMap - Networking - PrivateSubnet - CIDR AvailabilityZone: !Select - '0' - !GetAZs Ref: AWS::Region Tags: - Key: Name Value: 'HPC Private Subnet' # Then the route tab and associate it to the three subnets PrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC PrivateRouteToInternet: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTable DestinationCidrBlock: '0.0.0.0/0' NatGatewayId: !Ref NATGateway PrivateSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PrivateSubnet RouteTableId: !Ref PrivateRouteTable # And create the Cloud9 Instance C9IDE: Type: AWS::Cloud9::EnvironmentEC2 Properties: Name: Fn::Join: - '' - - 'HPC-Cloud9-IDE-' - !Select - 0 - !Split - "-" - !Select - 2 - !Split - '/' - !Ref AWS::StackId Description: !Sub 'Your Cloud9 IDE' AutomaticStopTimeMinutes: 600 SubnetId: !Ref 'PublicSubnet' InstanceType: t2.micro # Create a bucket and build a role to read and write to this bucket S3EncryptionKey: Type: AWS::KMS::Key Properties: KeyPolicy: Version: '2012-10-17' Statement: - Sid: Enable IAM User Permissions Effect: Allow Principal: AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root' Action: 'kms:*' Resource: '*' WorkshopS3Bucket: Type: AWS::S3::Bucket Properties: BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: 'aws:kms' KMSMasterKeyID: !GetAtt S3EncryptionKey.Arn DeletionPolicy: Delete BucketName: Fn::Join: - '' - - 'workshop-bucket-' - !Select - 0 - !Split - "-" - !Select - 2 - !Split - '/' - !Ref AWS::StackId WorkshopS3BucketRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - sts:AssumeRole WorkshopS3BucketPolicy: Type: AWS::IAM::Policy Properties: PolicyName: WorkshopS3BucketPolicy PolicyDocument: Statement: - Effect: Allow Action: - s3:* Resource: - !Join [ "", [ "arn:aws:s3:::", !Ref 'WorkshopS3Bucket' , "/*" ] ] Roles: - !Ref WorkshopS3BucketRole # Print the outputs Outputs: VPC: Value: !Ref VPC Description: ID of the VPC Export: Name: !Sub ${AWS::StackName}-VPC PublicSubnet: Value: !Ref PublicSubnet Description: ID of the public subnet Export: Name: !Sub ${AWS::StackName}-PublicSubnet PrivateSubnet: Value: !Ref PrivateSubnet Description: ID of the PrivateSubnet Export: Name: !Sub ${AWS::StackName}-PrivateSubnet Cloud9URL: Description: Cloud9 Environment Value: Fn::Join: - '' - - !Sub https://${AWS::Region}.console.aws.amazon.com/cloud9/ide/ - !Ref C9IDE Export: Name: !Sub ${AWS::StackName}-Cloud-9IDE WorkshopS3Bucket: Description: S3 Bucket used for the workshop Value: !Ref WorkshopS3Bucket WorkshopS3BucketRole: Description: EC2 Role to Read and Write to the Bucket Value: !Ref WorkshopS3BucketRole WorkshopName: Description: Workshop Name Value: Fn::Join: - '' - - 'ComputeWorkshop-' - !Select - 0 - !Split - "-" - !Select - 2 - !Split - '/' - !Ref AWS::StackId