{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates an CP VPC for 5G Infra test environment.", "Metadata": { "Version" : "2.0", "Comment" : "This template configures VPC network with the following resources:", "Comment" : " - Public and private subnets", "Comment" : " - Internet Gateway and NAT", "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "VPC Network Configuration" }, "Parameters": [ "AvailabilityZones", "VPCCPName", "VPCCPCIDR", "VPCCPPubSubnet1CIDR", "VPCCPPrvSubnetMgmtCIDR", "VPCCPTenancy", "RemoteAccessCIDR", "S3BucketName" ] } ], "ParameterLabels": { "AvailabilityZones": { "default": "Availability Zones" }, "VPCCPName": { "default": "VPC-CP Name" }, "VPCCPCIDR": { "default": "VPC-CP CIDR" }, "VPCCPPubSubnet1CIDR": { "default": "VPC-CP Public subnet 1 CIDR" }, "VPCCPPrvSubnetMgmtCIDR": { "default": "VPC-CP Private subnet Mgmt/S11-MME CIDR" }, "RemoteAccessCIDR": { "default": "Allowed Instance External Access CIDR" }, "VPCCPTenancy": { "default": "Default" }, "S3BucketName": { "default": "S3 Bucket Name" } } } }, "Parameters": { "AvailabilityZones": { "Description": "Select one Availability Zone for the VPC.", "Type": "List" }, "VPCCPName": { "Description": "VPC CP name", "Type": "String", "Default": "VPC-CP" }, "VPCCPCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.4.0.0/16", "Description": "CIDR block for VPC-CP", "Type": "String" }, "VPCCPPubSubnet1CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.4.0.0/24", "Description": "VPC-CP public subnet 1 located in Availability Zone 1", "Type": "String" }, "VPCCPPrvSubnetMgmtCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.4.1.0/24", "Description": "VPC-CP private subnet Mgmt/S11-MME located in Availability Zone 1", "Type": "String" }, "VPCCPTenancy": { "AllowedValues": [ "default" ], "Default": "default", "Description": "The allowed tenancy of instances launched into VPC-CP", "Type": "String" }, "RemoteAccessCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Description": "Allowed CIDR block for external SSH access to the EC2 instance", "Type": "String", "Default": "0.0.0.0/0" }, "S3BucketName": { "Description": "S3 Bucket Name", "MinLength" : "1", "Type": "String" } }, "Resources": { "VPCCP": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": { "Ref": "VPCCPCIDR" }, "InstanceTenancy": { "Ref": "VPCCPTenancy" }, "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "Name", "Value": {"Ref": "VPCCPName"} } ] } }, "VPCCPInternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-IGW"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCCPGatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPCCP" }, "InternetGatewayId": { "Ref": "VPCCPInternetGateway" } } }, "VPCCPPubSubnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCCP" }, "CidrBlock": { "Ref": "VPCCPPubSubnet1CIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-pubSubnet"} }, { "Key": "Network", "Value": "Public" } ], "MapPublicIpOnLaunch": true } }, "VPCCPPubSubnetRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCCP" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-pubSubnet-rtbl"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCCPPubSubnetRoute": { "DependsOn": "VPCCPGatewayAttachment", "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCCPPubSubnetRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCCPInternetGateway" } } }, "VPCCPPubSubnet1RouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCCPPubSubnet1" }, "RouteTableId": { "Ref": "VPCCPPubSubnetRouteTable" } } }, "VPCCPPrvSubnetMgmt": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCCP" }, "CidrBlock": { "Ref": "VPCCPPrvSubnetMgmtCIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-prvSubnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCCPPrvSubnetMgmtRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCCP" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-prvSubnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCCPPrvSubnetMgmtRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCCPPrvSubnetMgmtRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCCPNATGateway1" } } }, "VPCCPPrvSubnetMgmtRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCCPPrvSubnetMgmt" }, "RouteTableId": { "Ref": "VPCCPPrvSubnetMgmtRouteTable" } } }, "VPCCPNAT1EIP": { "DependsOn": "VPCCPGatewayAttachment", "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-EIP"} } ] } }, "VPCCPNATGateway1": { "DependsOn": "VPCCPGatewayAttachment", "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCCPNAT1EIP", "AllocationId" ] }, "SubnetId": { "Ref": "VPCCPPubSubnet1" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-NATGW"} } ] } }, "GetSupernetCIDR": { "Type": "Custom::SupernetCIDR", "Properties": { "ServiceToken": { "Fn::GetAtt" : ["SupernetCIDRFunction", "Arn"] }, "VPCCIDR": {"Ref": "VPCCPCIDR"} } }, "SupernetCIDRFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": {"Ref": "S3BucketName"}, "S3Key": "lambda_function.zip" }, "Handler": "lambda_function.handler_supernet_ip_cidr", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Runtime": "python3.8", "Timeout": "30" } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] } }, "SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enables SSH Access to EC2 instance", "GroupName": {"Fn::Sub": "${VPCCPName}-Instance-SG"}, "VpcId": { "Ref": "VPCCP" }, "SecurityGroupIngress": [ { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": {"Fn::GetAtt": ["GetSupernetCIDR", "SupernetCIDR"]} } ], "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCCPName}-Instance-SG"} } ] } } }, "Outputs": { "VPCCPID": { "Value": { "Ref": "VPCCP" }, "Description": "VPC-CP ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCCPID" } } }, "VPCCPPublicSubnetID": { "Value": { "Ref": "VPCCPPubSubnet1" }, "Description": "VPC-CP Public Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCCPPubSubnet1" } } }, "VPCCPPrivateSubnetID": { "Value": { "Ref": "VPCCPPrvSubnetMgmt" }, "Description": "VPC-CP Private Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCCPPrvSubnetMgmt" } } }, "VPCCPPrvSubnetMgmtRouteTableID": { "Value": { "Ref": "VPCCPPrvSubnetMgmtRouteTable" }, "Description": "VPC-CP Mgmt Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCCPPrvSubnetMgmtRouteTable" } } } } }