{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "This template creates a MEC VPC for 5G Infra test environment.", "Metadata": { "Version" : "2.0", "Comment" : "This template configures VPC network with the following resources:", "Comment" : " - Public and private subnets", "Comment" : " - Internet Gateway and NAT", "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "VPC Network Configuration" }, "Parameters": [ "AvailabilityZones", "VPCMECName", "VPCMECCIDR", "VPCMECPubSubnet1CIDR", "VPCMECPrvSubnetMgmtSx1CIDR", "VPCMECPrvSubnetS1UCIDR", "VPCMECPrvSubnetSGICIDR", "VPCMECTenancy", "RemoteAccessCIDR", "ENBNETCIDR", "S3BucketName" ] } ], "ParameterLabels": { "AvailabilityZones": { "default": "Availability Zones" }, "VPCMECName": { "default": "VPC MEC Name" }, "VPCMECCIDR": { "default": "VPC-MEC CIDR" }, "ENBNETCIDR": { "default": "eNB Network CIDR" }, "VPCMECPubSubnet1CIDR": { "default": "VPC-MEC Public subnet 1 CIDR" }, "VPCMECPrvSubnetMgmtSx1CIDR": { "default": "VPC-MEC Private subnet Mgmt/Sx CIDR" }, "VPCMECPrvSubnetS1UCIDR": { "default": "VPC-MEC Private subnet S1U CIDR" }, "VPCMECPrvSubnetSGICIDR": { "default": "VPC-MEC Private subnet SGI CIDR" }, "RemoteAccessCIDR": { "default": "Allowed Instance External Access CIDR" }, "VPCMECTenancy": { "default": "VPC-MEC Tenancy" }, "S3BucketName": { "default": "S3 Bucket Name" } } } }, "Parameters": { "AvailabilityZones": { "Description": "Select one Availability Zone for the VPC.", "Type": "List" }, "VPCMECName": { "Description": "VPC eNB name", "Type": "String", "Default": "VPC-MEC" }, "VPCMECCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.1.0.0/16", "Description": "CIDR block for VPC-MEC", "Type": "String" }, "ENBNETCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "192.168.0.0/16", "Description": "CIDR block for ENB_NET", "Type": "String" }, "VPCMECPubSubnet1CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.1.0.0/24", "Description": "VPC-MECP public subnet 1 located in Availability Zone 1", "Type": "String" }, "VPCMECPrvSubnetMgmtSx1CIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.1.1.0/24", "Description": "VPC-MECP private subnet Mgmt/Sx located in Availability Zone 1", "Type": "String" }, "VPCMECPrvSubnetS1UCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.1.2.0/24", "Description": "VPC-MECP private subnet S1U located in Availability Zone 1", "Type": "String" }, "VPCMECPrvSubnetSGICIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/(1[6-9]|2[0-8]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/16-28", "Default": "10.1.3.0/24", "Description": "VPC-MECP private subnet SGI located in Availability Zone 1", "Type": "String" }, "VPCMECTenancy": { "AllowedValues": [ "default", "dedicated" ], "Default": "default", "Description": "The allowed tenancy of instances launched into the VPC-MEC", "Type": "String" }, "RemoteAccessCIDR": { "AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", "ConstraintDescription": "CIDR block parameter must be in the form x.x.x.x/x", "Description": "Allowed CIDR block for external SSH access to the EC2 instance", "Type": "String", "Default": "0.0.0.0/0" }, "S3BucketName": { "Description": "S3 Bucket Name", "MinLength" : "1", "Type": "String" } }, "Resources": { "VPCMEC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": { "Ref": "VPCMECCIDR" }, "InstanceTenancy": { "Ref": "VPCMECTenancy" }, "EnableDnsSupport": "true", "EnableDnsHostnames": "true", "Tags": [ { "Key": "Name", "Value": {"Ref": "VPCMECName"} } ] } }, "VPCMECInternetGateway": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-IGW"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCMECGatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "InternetGatewayId": { "Ref": "VPCMECInternetGateway" } } }, "VPCMECPubSubnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "CidrBlock": { "Ref": "VPCMECPubSubnet1CIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-pubSubnet"} }, { "Key": "Network", "Value": "Public" } ], "MapPublicIpOnLaunch": true } }, "VPCMECPubSubnetRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-pubSubnet-rtbl"} }, { "Key": "Network", "Value": "Public" } ] } }, "VPCMECPubSubnetRoute": { "DependsOn": "VPCMECGatewayAttachment", "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCMECPubSubnetRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCMECInternetGateway" } } }, "VPCMECPubSubnet1RouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCMECPubSubnet1" }, "RouteTableId": { "Ref": "VPCMECPubSubnetRouteTable" } } }, "VPCMECPrvSubnetMgmtSx": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "CidrBlock": { "Ref": "VPCMECPrvSubnetMgmtSx1CIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-prvSubnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCMECPrvSubnetMgmtSxRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-prvSubnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCMECPrvSubnetMgmtSxRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCMECPrvSubnetMgmtSxRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCMECNATGateway1" } } }, "VPCMECPrvSubnetMgmtSxRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCMECPrvSubnetMgmtSx" }, "RouteTableId": { "Ref": "VPCMECPrvSubnetMgmtSxRouteTable" } } }, "VPCMECPrvSubnetS1U": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "CidrBlock": { "Ref": "VPCMECPrvSubnetS1UCIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-S1U-Subnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCMECPrvSubnetS1URouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-S1U-Subnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCMECPrvSubnetS1URoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCMECPrvSubnetS1URouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCMECNATGateway1" } } }, "VPCMECPrvSubnetS1URouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCMECPrvSubnetS1U" }, "RouteTableId": { "Ref": "VPCMECPrvSubnetS1URouteTable" } } }, "VPCMECPrvSubnetSGI": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "CidrBlock": { "Ref": "VPCMECPrvSubnetSGICIDR" }, "AvailabilityZone": { "Fn::Select": [ "0", { "Ref": "AvailabilityZones" } ] }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-SGI-Subnet"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCMECPrvSubnetSGIRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCMEC" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-SGI-Subnet-rtbl"} }, { "Key": "Network", "Value": "Private" } ] } }, "VPCMECPrvSubnetSGIRoute": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCMECPrvSubnetSGIRouteTable" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCMECNATGateway1" } } }, "VPCMECPrvSubnetSGIRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "VPCMECPrvSubnetSGI" }, "RouteTableId": { "Ref": "VPCMECPrvSubnetSGIRouteTable" } } }, "VPCMECNAT1EIP": { "DependsOn": "VPCMECGatewayAttachment", "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-EIP"} } ] } }, "VPCMECNATGateway1": { "DependsOn": "VPCMECGatewayAttachment", "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCMECNAT1EIP", "AllocationId" ] }, "SubnetId": { "Ref": "VPCMECPubSubnet1" }, "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-NATGW"} } ] } }, "GetSupernetCIDR": { "Type": "Custom::SupernetCIDR", "Properties": { "ServiceToken": { "Fn::GetAtt" : ["SupernetCIDRFunction", "Arn"] }, "VPCCIDR": {"Ref": "VPCMECCIDR"} } }, "SupernetCIDRFunction": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": {"Ref": "S3BucketName"}, "S3Key": "lambda_function.zip" }, "Handler": "lambda_function.handler_supernet_ip_cidr", "Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] }, "Runtime": "python3.8", "Timeout": "30" } }, "LambdaExecutionRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": {"Service": ["lambda.amazonaws.com"]}, "Action": ["sts:AssumeRole"] }] }, "Path": "/", "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] } }, "SecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enables SSH Access to EC2 instance", "GroupName": {"Fn::Sub": "${VPCMECName}-Instance-SG"}, "VpcId": { "Ref": "VPCMEC" }, "SecurityGroupIngress": [ { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": {"Fn::GetAtt": ["GetSupernetCIDR", "SupernetCIDR"]} }, { "IpProtocol": "-1", "FromPort": "-1", "ToPort": "-1", "CidrIp": { "Ref": "ENBNETCIDR" } } ], "Tags": [ { "Key": "Name", "Value": {"Fn::Sub": "${VPCMECName}-Instance-SG"} } ] } } }, "Outputs": { "VPCMECID": { "Value": { "Ref": "VPCMEC" }, "Description": "VPC-MEC ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECID" } } }, "VPCMECPublicSubnetID": { "Value": { "Ref": "VPCMECPubSubnet1" }, "Description": "VPC-MEC Public Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPubSubnet1" } } }, "VPCMECPrivateSubnetID": { "Value": { "Ref": "VPCMECPrvSubnetMgmtSx" }, "Description": "VPC-MEC Private Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPrvSubnetMgmtSx" } } }, "VPCMECS1USubnetID": { "Value": { "Ref": "VPCMECPrvSubnetS1U" }, "Description": "VPC-MEC S1U Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPrvSubnetS1U" } } }, "VPCMECSGISubnetID": { "Value": { "Ref": "VPCMECPrvSubnetSGI" }, "Description": "VPC-MEC SGI Subnet ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPrvSubnetSGI" } } }, "VPCMECPrvSubnetS1URouteTableID": { "Value": { "Ref": "VPCMECPrvSubnetS1URouteTable" }, "Description": "VPC-MEC S1U Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPrvSubnetS1URouteTable" } } }, "VPCMECPrvSubnetSGIRouteTableID": { "Value": { "Ref": "VPCMECPrvSubnetSGIRouteTable" }, "Description": "VPC-MEC SGI Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPrvSubnetSGIRouteTable" } } }, "VPCMECPrvSubnetMgmtRouteTableID": { "Value": { "Ref": "VPCMECPrvSubnetMgmtSxRouteTable" }, "Description": "VPC-MEC Mgmt Route Table ID", "Export": { "Name": { "Fn::Sub": "${AWS::StackName}-VPCMECPrvSubnetMgmtSxRouteTable" } } } } }