{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates an eNB VPC for 5G Infra test environment.", "Metadata": { "Version" : "2.0", "Comment" : "This template configures VPC network with the following resources:", "Comment" : " - Public and private subnets", "Comment" : " - Internet Gateway and NAT", "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "VPC Network Configuration" }, "Parameters": [ "AvailabilityZones", "VPCeNBName", "VPCeNBCIDR", "VPCeNBPubSubnet1CIDR", "VPCeNBPrvSubnetMgmtCIDR", "VPCeNBPrvSubnetS1UCIDR", "VPCeNBTenancy", "RemoteAccessCIDR", "ENBNETCIDR", "S3BucketName" ] } ], "ParameterLabels": { "AvailabilityZones": { "default": "Availability Zones" }, "VPCeNBName": { "default": "VPC-eNB Name" }, "VPCeNBCIDR": { "default": "VPC-eNB CIDR" }, "ENBNETCIDR": { "default": "eNB Network CIDR" }, "VPCeNBPubSubnet1CIDR": { "default": "VPC-eNB Public subnet 1 CIDR" }, "VPCeNBPrvSubnetMgmtCIDR": { "default": "VPC-eNB Private subnet Mgmt CIDR" }, "VPCeNBPrvSubnetS1UCIDR": { "default": "VPC-eNB Private subnet S1U CIDR" }, "RemoteAccessCIDR": { "default": "Allowed Instance External Access CIDR" }, "VPCeNBTenancy": { "default": "Default" }, "S3BucketName": { "default": "S3 Bucket Name" } } } }, "Parameters": { "AvailabilityZones": { "Description": "Select one Availability Zone for the VPC.", "Type": "List" }, "VPCeNBName": { "Description": "VPC eNB name", "Type": "String", "Default": "VPC-eNB" }, "VPCeNBCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.2.0.0/16", "Description": "CIDR block for VPC-eNB", "Type": "String" }, "ENBNETCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "192.168.0.0/16", "Description": "CIDR block for ENB_NET", "Type": "String" }, "VPCeNBPubSubnet1CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.2.0.0/24", "Description": "VPC-eNBP public subnet 1 located in Availability Zone 1", "Type": "String" }, "VPCeNBPrvSubnetMgmtCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.2.1.0/24", "Description": "VPC-eNBP private subnet Mgmt located in Availability Zone 1", "Type": "String" }, "VPCeNBPrvSubnetS1UCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.2.2.0/24", "Description": "VPC-eNBP private subnet S1U located in Availability Zone 1", "Type": "String" }, "VPCeNBTenancy": { "AllowedValues": [ "default" ], "Default": "default", "Description": "The allowed tenancy of instances launched into VPC-eNB", "Type": "String" }, "RemoteAccessCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Description": "Allowed CIDR block for external SSH access to the EC2 instance", "Type": "String", "Default": "0.0.0.0/0" }, "S3BucketName": { "Description": "S3 Bucket Name", "MinLength" : "1", "Type": "String" } }, "Resources": { "VPCeNB": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": { "Ref": "VPCeNBCIDR" }, "InstanceTenancy": { "Ref": "VPCeNBTenancy" }, "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "Name", "Value": {"Ref": "VPCeNBName"} } ] } }, "VPCeNBInternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-IGW"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCeNBGatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "InternetGatewayId": { "Ref": "VPCeNBInternetGateway" } } }, "VPCeNBPubSubnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "CidrBlock": { "Ref": "VPCeNBPubSubnet1CIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-pubSubnet"} }, { "Key": "Network", "Value": "Public" } ], "MapPublicIpOnLaunch": true } }, "VPCeNBPubSubnetRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-pubSubnet-rtbl"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCeNBPubSubnetRoute": { "DependsOn": "VPCeNBGatewayAttachment", "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCeNBPubSubnetRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCeNBInternetGateway" } } }, "VPCeNBPubSubnet1RouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCeNBPubSubnet1" }, "RouteTableId": { "Ref": "VPCeNBPubSubnetRouteTable" } } }, "VPCeNBPrvSubnetMgmt": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "CidrBlock": { "Ref": "VPCeNBPrvSubnetMgmtCIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-prvSubnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCeNBPrvSubnetMgmtRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-prvSubnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCeNBPrvSubnetMgmtRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCeNBPrvSubnetMgmtRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCeNBNATGateway1" } } }, "VPCeNBPrvSubnetMgmtRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCeNBPrvSubnetMgmt" }, "RouteTableId": { "Ref": "VPCeNBPrvSubnetMgmtRouteTable" } } }, "VPCeNBPrvSubnetS1U": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "CidrBlock": { "Ref": "VPCeNBPrvSubnetS1UCIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-S1U-Subnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCeNBPrvSubnetS1URouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCeNB" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-S1U-Subnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCeNBPrvSubnetS1URoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCeNBPrvSubnetS1URouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCeNBNATGateway1" } } }, "VPCeNBPrvSubnetS1URouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCeNBPrvSubnetS1U" }, "RouteTableId": { "Ref": "VPCeNBPrvSubnetS1URouteTable" } } }, "VPCeNBNAT1EIP": { "DependsOn": "VPCeNBGatewayAttachment", "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-EIP"} } ] } }, "VPCeNBNATGateway1": { "DependsOn": "VPCeNBGatewayAttachment", "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCeNBNAT1EIP", "AllocationId" ] }, "SubnetId": { "Ref": "VPCeNBPubSubnet1" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-NATGW"} } ] } }, "GetSupernetCIDR": { "Type": "Custom::SupernetCIDR", "Properties": { "ServiceToken": { "Fn::GetAtt" : ["SupernetCIDRFunction", "Arn"] }, "VPCCIDR": {"Ref": "VPCeNBCIDR"} } }, "SupernetCIDRFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": {"Ref": "S3BucketName"}, "S3Key": "lambda_function.zip" }, "Handler": "lambda_function.handler_supernet_ip_cidr", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Runtime": "python3.8", "Timeout": "30" } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] } }, "SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enables SSH Access to EC2 instance", "GroupName": {"Fn::Sub": "${VPCeNBName}-Instance-SG"}, "VpcId": { "Ref": "VPCeNB" }, "SecurityGroupIngress": [ { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": {"Fn::GetAtt": ["GetSupernetCIDR", "SupernetCIDR"]} }, { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": { "Ref": "ENBNETCIDR" } } ], "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCeNBName}-Instance-SG"} } ] } } }, "Outputs": { "VPCeNBID": { "Value": { "Ref": "VPCeNB" }, "Description": "VPC-eNB ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCeNBID" } } }, "VPCeNBPublicSubnetID": { "Value": { "Ref": "VPCeNBPubSubnet1" }, "Description": "VPC-eNB Public Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCeNBPubSubnet1" } } }, "VPCeNBS1USubnetID": { "Value": { "Ref": "VPCeNBPrvSubnetS1U" }, "Description": "VPC-eNB S1U Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCeNBPrvSubnetS1U" } } }, "VPCeNBPrvSubnetMgmtRouteTableID": { "Value": { "Ref": "VPCeNBPrvSubnetMgmtRouteTable" }, "Description": "VPC-eNB Mgmt Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCeNBPrvSubnetMgmtRouteTable" } } }, "VPCeNBPrvSubnetS1URouteTableID": { "Value": { "Ref": "VPCeNBPrvSubnetS1URouteTable" }, "Description": "VPC-eNB S1U Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCeNBPrvSubnetS1URouteTable" } } } } }