{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates an GiLAN VPC for 5G Infra test environment.", "Metadata": { "Version" : "2.0", "Comment" : "This template configures VPC network with the following resources:", "Comment" : " - Public and private subnets", "Comment" : " - Internet Gateway and NAT", "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "VPC Network Configuration" }, "Parameters": [ "AvailabilityZones", "VPCGiLANName", "VPCGiLANCIDR", "UENETCIDR", "VPCGiLANPubSubnet1CIDR", "VPCGiLANPrvSubnetMgmtCIDR", "VPCGiLANPrvSubnetSGICIDR", "VPCGiLANTenancy", "RemoteAccessCIDR", "S3BucketName" ] } ], "ParameterLabels": { "AvailabilityZones": { "default": "Availability Zones" }, "VPCGiLANName": { "default": "VPC-GiLAN Name" }, "VPCGiLANCIDR": { "default": "VPC-GiLAN CIDR" }, "UENETCIDR": { "default": "UE NET CIDR" }, "VPCGiLANPubSubnet1CIDR": { "default": "VPC-GiLAN Public subnet 1 CIDR" }, "VPCGiLANPrvSubnetMgmtCIDR": { "default": "VPC-GiLAN Private subnet Mgmt CIDR" }, "VPCGiLANPrvSubnetSGICIDR": { "default": "VPC-GiLAN Private subnet SGI CIDR" }, "RemoteAccessCIDR": { "default": "Allowed Instance External Access CIDR" }, "VPCGiLANTenancy": { "default": "Default" }, "S3BucketName": { "default": "S3 Bucket Name" } } } }, "Parameters": { "AvailabilityZones": { "Description": "Select one Availability Zone for the VPC.", "Type": "List" }, "VPCGiLANName": { "Description": "VPC GiLAN name", "Type": "String", "Default": "VPC-GiLAN" }, "VPCGiLANCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.3.0.0/16", "Description": "CIDR block for VPC-GiLAN", "Type": "String" }, "VPCGiLANPubSubnet1CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.3.0.0/24", "Description": "VPC-GiLAN public subnet 1 located in Availability Zone 1", "Type": "String" }, "VPCGiLANPrvSubnetMgmtCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.3.1.0/24", "Description": "VPC-GiLAN private subnet Mgmt located in Availability Zone 1", "Type": "String" }, "VPCGiLANPrvSubnetSGICIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.3.3.0/24", "Description": "VPC-GiLAN private subnet SGI located in Availability Zone 1", "Type": "String" }, "UENETCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[0-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Default": "172.16.0.0/12", "Description": "CIDR block for UE NET", "Type": "String" }, "VPCGiLANTenancy": { "AllowedValues": [ "default" ], "Default": "default", "Description": "The allowed tenancy of instances launched into VPC-GiLAN", "Type": "String" }, "RemoteAccessCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Description": "Allowed CIDR block for external SSH access to the EC2 instance", "Type": "String", "Default": "0.0.0.0/0" }, "S3BucketName": { "Description": "S3 Bucket Name", "MinLength" : "1", "Type": "String" } }, "Resources": { "VPCGiLAN": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": { "Ref": "VPCGiLANCIDR" }, "InstanceTenancy": { "Ref": "VPCGiLANTenancy" }, "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "Name", "Value": {"Ref": "VPCGiLANName"} } ] } }, "VPCGiLANInternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-IGW"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCGiLANGatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "InternetGatewayId": { "Ref": "VPCGiLANInternetGateway" } } }, "VPCGiLANPubSubnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "CidrBlock": { "Ref": "VPCGiLANPubSubnet1CIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-pubSubnet"} }, { "Key": "Network", "Value": "Public" } ], "MapPublicIpOnLaunch": true } }, "VPCGiLANPubSubnetRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-pubSubnet-rtbl"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCGiLANPubSubnetRoute": { "DependsOn": "VPCGiLANGatewayAttachment", "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCGiLANPubSubnetRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCGiLANInternetGateway" } } }, "VPCGiLANPubSubnet1RouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCGiLANPubSubnet1" }, "RouteTableId": { "Ref": "VPCGiLANPubSubnetRouteTable" } } }, "VPCGiLANPrvSubnetMgmt": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "CidrBlock": { "Ref": "VPCGiLANPrvSubnetMgmtCIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-prvSubnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCGiLANPrvSubnetMgmtRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-prvSubnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCGiLANPrvSubnetMgmtRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCGiLANPrvSubnetMgmtRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCGiLANNATGateway1" } } }, "VPCGiLANPrvSubnetMgmtRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCGiLANPrvSubnetMgmt" }, "RouteTableId": { "Ref": "VPCGiLANPrvSubnetMgmtRouteTable" } } }, "VPCGiLANPrvSubnetSGI": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "CidrBlock": { "Ref": "VPCGiLANPrvSubnetSGICIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-SGI-Subnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCGiLANPrvSubnetSGIRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCGiLAN" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-SGI-Subnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCGiLANPrvSubnetSGIRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCGiLANPrvSubnetSGIRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCGiLANNATGateway1" } } }, "VPCGiLANPrvSubnetSGIRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCGiLANPrvSubnetSGI" }, "RouteTableId": { "Ref": "VPCGiLANPrvSubnetSGIRouteTable" } } }, "VPCGiLANNAT1EIP": { "DependsOn": "VPCGiLANGatewayAttachment", "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-EIP"} } ] } }, "VPCGiLANNATGateway1": { "DependsOn": "VPCGiLANGatewayAttachment", "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCGiLANNAT1EIP", "AllocationId" ] }, "SubnetId": { "Ref": "VPCGiLANPubSubnet1" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-NATGW"} } ] } }, "GetSupernetCIDR": { "Type": "Custom::SupernetCIDR", "Properties": { "ServiceToken": { "Fn::GetAtt" : ["SupernetCIDRFunction", "Arn"] }, "VPCCIDR": {"Ref": "VPCGiLANCIDR"} } }, "SupernetCIDRFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": {"Ref": "S3BucketName"}, "S3Key": "lambda_function.zip" }, "Handler": "lambda_function.handler_supernet_ip_cidr", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Runtime": "python3.8", "Timeout": "30" } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] } }, "SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enables SSH Access to EC2 instance", "GroupName": {"Fn::Sub": "${VPCGiLANName}-Instance-SG"}, "VpcId": { "Ref": "VPCGiLAN" }, "SecurityGroupIngress": [ { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": {"Fn::GetAtt": ["GetSupernetCIDR", "SupernetCIDR"]} }, { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": { "Ref": "UENETCIDR" } } ], "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCGiLANName}-Instance-SG"} } ] } } }, "Outputs": { "VPCGiLANID": { "Value": { "Ref": "VPCGiLAN" }, "Description": "VPC-GiLAN ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCGiLANID" } } }, "VPCGiLANPublicSubnetID": { "Value": { "Ref": "VPCGiLANPubSubnet1" }, "Description": "VPC-GiLAN Public Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCGiLANPubSubnet1" } } }, "VPCGiLANSGISubnetID": { "Value": { "Ref": "VPCGiLANPrvSubnetSGI" }, "Description": "VPC-GiLAN SGI Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCGiLANPrvSubnetSGI" } } }, "VPCGiLANPrvSubnetMgmtRouteTableID": { "Value": { "Ref": "VPCGiLANPrvSubnetMgmtRouteTable" }, "Description": "VPC-GiLAN Mgmt Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCGiLANPrvSubnetMgmtRouteTable" } } }, "VPCGiLANPrvSubnetSGIRouteTableID": { "Value": { "Ref": "VPCGiLANPrvSubnetSGIRouteTable" }, "Description": "VPC-GiLAN SGI Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCGiLANPrvSubnetSGIRouteTable" } } } } }