Description: Creates VPC and required components of VPC Parameters: VPC1CIDR: Type: String Description: CIDR block should be used to create the VPC1 (e.g. 172.21.1.0/24) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/24) VPC1PublicSubnet1: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.0/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/26) VPC1PublicSubnet2: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.64/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.64/26) VPC1PrivateSubnet1: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.128/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.128/26) VPC1PrivateSubnet2: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.192/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.192/26) VPC2CIDR: Type: String Description: CIDR block should be used to create the VPC (e.g. 172.21.1.0/24) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/24) VPC2PublicSubnet1: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.0/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/26) VPC2PublicSubnet2: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.64/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.64/26) VPC2PrivateSubnet1: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.128/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.128/26) VPC2PrivateSubnet2: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.192/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.192/26) VPC3CIDR: Type: String Description: CIDR block should be used to create the VPC (e.g. 172.21.1.0/24) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/24) VPC3PublicSubnet1: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.0/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.0/26) VPC3PublicSubnet2: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.64/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.64/26) VPC3PrivateSubnet1: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.128/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.128/26) VPC3PrivateSubnet2: Type: String Description: CIDR block should be used to create the public subnet in AZ1 (e.g. 172.21.1.192/26) AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{2})" ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. (e.g. 172.21.1.192/26) SNSIAMStackName: Type: String Description: Name of the stack which created SNS topic and IAM roles Default: "IaCIAMCFT" BastionHostAMIid: Type: String Description: AMI ID to be used for Bastion Host Default: ami-009d6802948d06e52 BastionHostSSHKey: Type: String Description: SSH key to be used to login to Bastion Host Default: IaCNewAccount TagPrefix: Type: String Description: Enter Prefix that should be used for Tags. RemoteVpnDeviceIp: Type: String Description: Public IP address of the Customer Gateway (Remote VPN Device) Default: "100.64.100.101" RemoteNetworkCidr: Type: String Description: Remote network IP address Default: "100.64.0.0/16" RemoteBgpAsn: Type: String Description: BGP ASN of Customer Gateway Default: "65555" Resources: VPC1: Type: "AWS::EC2::VPC" Properties: CidrBlock: Ref: VPC1CIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: Ref: TagPrefix VPC1BastionHostSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow ssh to Bastion host VpcId: Ref: VPC1 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 - IpProtocol: icmp FromPort: -1 ToPort: -1 CidrIp: 172.16.0.0/12 VPC1PubSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC1 CidrBlock: Ref: VPC1PublicSubnet1 AvailabilityZone: Fn::Sub: ${AWS::Region}a MapPublicIpOnLaunch: true Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PublicSubnet1 VPC1PubSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC1 CidrBlock: Ref: VPC1PublicSubnet2 AvailabilityZone: Fn::Sub: ${AWS::Region}b MapPublicIpOnLaunch: true Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PublicSubnet2 VPC1PriSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC1 CidrBlock: Ref: VPC1PrivateSubnet1 AvailabilityZone: Fn::Sub: ${AWS::Region}a Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PrivateSubnet1 VPC1PriSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC1 CidrBlock: Ref: VPC1PrivateSubnet2 AvailabilityZone: Fn::Sub: ${AWS::Region}b Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PrivateSubnet2 VPC1EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !Ref BastionHostAMIid InstanceType: t2.micro KeyName: !Ref BastionHostSSHKey NetworkInterfaces: - AssociatePublicIpAddress: "true" DeviceIndex: "0" GroupSet: [ !Ref VPC1BastionHostSG ] SubnetId: !Ref VPC1PubSubnet1 Tags: - Key: Name Value: VPC1BastionHost VPC1InternetGateway: Type: "AWS::EC2::InternetGateway" Properties: Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1IGW VPC1GatewayToInternet: Type: "AWS::EC2::VPCGatewayAttachment" Properties: VpcId: Ref: VPC1 InternetGatewayId: Ref: VPC1InternetGateway VPC1NATEIP1: Type: "AWS::EC2::EIP" Properties: Domain: vpc DependsOn: VPC1GatewayToInternet VPC1NATEIP2: Type: "AWS::EC2::EIP" Properties: Domain: vpc DependsOn: VPC1GatewayToInternet VPC1NAT1: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: [ VPC1NATEIP1, AllocationId ] SubnetId: Ref: VPC1PubSubnet1 VPC1NAT2: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: [ VPC1NATEIP2, AllocationId ] SubnetId: Ref: VPC1PubSubnet2 VPC1PublicRouteTable: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC1 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PublicRouteTable VPC1PrivateRouteTable1: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC1 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PrivateRouteTable1 VPC1PrivateRouteTable2: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC1 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC1PrivateRouteTable2 VPC1PublicRoute: Type: "AWS::EC2::Route" DependsOn: VPC1GatewayToInternet Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: VPC1InternetGateway RouteTableId: Ref: VPC1PublicRouteTable VPC1PrivateRoute1: Type: "AWS::EC2::Route" Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: VPC1NAT1 RouteTableId: Ref: VPC1PrivateRouteTable1 VPC1PrivateRoute2: Type: "AWS::EC2::Route" Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: VPC1NAT2 RouteTableId: Ref: VPC1PrivateRouteTable2 VPC1PubSubnet1RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC1PublicRouteTable SubnetId: Ref: VPC1PubSubnet1 VPC1PubSubnet2RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC1PublicRouteTable SubnetId: Ref: VPC1PubSubnet2 VPC1PrivSubnet1RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC1PrivateRouteTable1 SubnetId: Ref: VPC1PriSubnet1 VPC1PrivSubnet2RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC1PrivateRouteTable2 SubnetId: Ref: VPC1PriSubnet2 VPC1VPNGateway: Type: AWS::EC2::VPNGateway Properties: Type: ipsec.1 Tags: - Key: Name Value: Ref: AWS::StackName VPC1VPNGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: VPC1 VpnGatewayId: Ref: VPC1VPNGateway CustomerGateway: Type: AWS::EC2::CustomerGateway Properties: Type: ipsec.1 BgpAsn: Ref: RemoteBgpAsn IpAddress: Ref: RemoteVpnDeviceIp Tags: - Key: Name Value: Ref: AWS::StackName - Key: VPN Value: Fn::Join: - '' - - 'Gateway to ' - Ref: RemoteVpnDeviceIp VPC1VPNConnection: Type: AWS::EC2::VPNConnection DependsOn: - CustomerGateway - VPC1VPNGateway Properties: Type: ipsec.1 StaticRoutesOnly: 'false' CustomerGatewayId: Ref: CustomerGateway VpnGatewayId: Ref: VPC1VPNGateway Tags: - Key: Name Value: Ref: AWS::StackName - Key: VPN Value: Fn::Join: - '' - - 'Connection to ' - Ref: RemoteNetworkCidr VPC1VPNGatewayRoutePropagationBoth: Type: AWS::EC2::VPNGatewayRoutePropagation DependsOn: - VPC1VPNGateway - VPC1VPNConnection Properties: RouteTableIds: - Ref: VPC1PublicRouteTable - Ref: VPC1PrivateRouteTable1 - Ref: VPC1PrivateRouteTable2 VpnGatewayId: Ref: VPC1VPNGateway VPC2: Type: "AWS::EC2::VPC" Properties: CidrBlock: Ref: VPC2CIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: Ref: TagPrefix VPC2BastionHostSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow ssh to Bastion host VpcId: Ref: VPC2 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 - IpProtocol: icmp FromPort: -1 ToPort: -1 CidrIp: 172.16.0.0/12 VPC2PubSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC2 CidrBlock: Ref: VPC2PublicSubnet1 AvailabilityZone: Fn::Sub: ${AWS::Region}a MapPublicIpOnLaunch: true Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PublicSubnet1 VPC2PubSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC2 CidrBlock: Ref: VPC2PublicSubnet2 AvailabilityZone: Fn::Sub: ${AWS::Region}b MapPublicIpOnLaunch: true Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PublicSubnet2 VPC2PriSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC2 CidrBlock: Ref: VPC2PrivateSubnet1 AvailabilityZone: Fn::Sub: ${AWS::Region}a Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PrivateSubnet1 VPC2PriSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC2 CidrBlock: Ref: VPC2PrivateSubnet2 AvailabilityZone: Fn::Sub: ${AWS::Region}b Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PrivateSubnet2 VPC2EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !Ref BastionHostAMIid InstanceType: t2.micro KeyName: !Ref BastionHostSSHKey NetworkInterfaces: - AssociatePublicIpAddress: "true" DeviceIndex: "0" GroupSet: [ !Ref VPC2BastionHostSG ] SubnetId: !Ref VPC2PubSubnet1 Tags: - Key: Name Value: VPC2BastionHost VPC2InternetGateway: Type: "AWS::EC2::InternetGateway" Properties: Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2IGW VPC2GatewayToInternet: Type: "AWS::EC2::VPCGatewayAttachment" Properties: VpcId: Ref: VPC2 InternetGatewayId: Ref: VPC2InternetGateway VPC2NATEIP1: Type: "AWS::EC2::EIP" Properties: Domain: vpc DependsOn: VPC2GatewayToInternet VPC2NATEIP2: Type: "AWS::EC2::EIP" Properties: Domain: vpc DependsOn: VPC2GatewayToInternet VPC2NAT1: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: [ VPC2NATEIP1, AllocationId ] SubnetId: Ref: VPC2PubSubnet1 VPC2NAT2: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: [ VPC2NATEIP2, AllocationId ] SubnetId: Ref: VPC2PubSubnet2 VPC2PublicRouteTable: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC2 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PublicRouteTable VPC2PrivateRouteTable1: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC2 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PrivateRouteTable1 VPC2PrivateRouteTable2: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC2 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC2PrivateRouteTable2 VPC2PublicRoute: Type: "AWS::EC2::Route" DependsOn: VPC2GatewayToInternet Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: VPC2InternetGateway RouteTableId: Ref: VPC2PublicRouteTable VPC2PrivateRoute1: Type: "AWS::EC2::Route" Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: VPC2NAT1 RouteTableId: Ref: VPC2PrivateRouteTable1 VPC2PrivateRoute2: Type: "AWS::EC2::Route" Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: VPC2NAT2 RouteTableId: Ref: VPC2PrivateRouteTable2 VPC2PubSubnet1RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC2PublicRouteTable SubnetId: Ref: VPC2PubSubnet1 VPC2PubSubnet2RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC2PublicRouteTable SubnetId: Ref: VPC2PubSubnet2 VPC2PrivSubnet1RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC2PrivateRouteTable1 SubnetId: Ref: VPC2PriSubnet1 VPC2PrivSubnet2RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC2PrivateRouteTable2 SubnetId: Ref: VPC2PriSubnet2 VPC3: Type: "AWS::EC2::VPC" Properties: CidrBlock: Ref: VPC3CIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: Ref: TagPrefix VPC3BastionHostSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow ssh to Bastion host VpcId: Ref: VPC3 SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 - IpProtocol: icmp FromPort: -1 ToPort: -1 CidrIp: 172.16.0.0/12 VPC3PubSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC3 CidrBlock: Ref: VPC3PublicSubnet1 AvailabilityZone: Fn::Sub: ${AWS::Region}a MapPublicIpOnLaunch: true Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PublicSubnet1 VPC3PubSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC3 CidrBlock: Ref: VPC3PublicSubnet2 AvailabilityZone: Fn::Sub: ${AWS::Region}b MapPublicIpOnLaunch: true Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PublicSubnet2 VPC3PriSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC3 CidrBlock: Ref: VPC3PrivateSubnet1 AvailabilityZone: Fn::Sub: ${AWS::Region}a Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PrivateSubnet1 VPC3PriSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: VPC3 CidrBlock: Ref: VPC3PrivateSubnet2 AvailabilityZone: Fn::Sub: ${AWS::Region}b Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PrivateSubnet2 VPC3EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: !Ref BastionHostAMIid InstanceType: t2.micro KeyName: !Ref BastionHostSSHKey NetworkInterfaces: - AssociatePublicIpAddress: "true" DeviceIndex: "0" GroupSet: [ !Ref VPC3BastionHostSG ] SubnetId: !Ref VPC3PubSubnet1 Tags: - Key: Name Value: VPC3BastionHost VPC3InternetGateway: Type: "AWS::EC2::InternetGateway" Properties: Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3IGW VPC3GatewayToInternet: Type: "AWS::EC2::VPCGatewayAttachment" Properties: VpcId: Ref: VPC3 InternetGatewayId: Ref: VPC3InternetGateway VPC3NATEIP1: Type: "AWS::EC2::EIP" Properties: Domain: vpc DependsOn: VPC3GatewayToInternet VPC3NATEIP2: Type: "AWS::EC2::EIP" Properties: Domain: vpc DependsOn: VPC3GatewayToInternet VPC3NAT1: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: [ VPC3NATEIP1, AllocationId ] SubnetId: Ref: VPC3PubSubnet1 VPC3NAT2: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: [ VPC3NATEIP2, AllocationId ] SubnetId: Ref: VPC3PubSubnet2 VPC3PublicRouteTable: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC3 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PublicRouteTable VPC3PrivateRouteTable1: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC3 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PrivateRouteTable1 VPC3PrivateRouteTable2: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: VPC3 Tags: - Key: Name Value: Fn::Sub: ${TagPrefix}-VPC3PrivateRouteTable2 VPC3PublicRoute: Type: "AWS::EC2::Route" DependsOn: VPC3GatewayToInternet Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: Ref: VPC3InternetGateway RouteTableId: Ref: VPC3PublicRouteTable VPC3PrivateRoute1: Type: "AWS::EC2::Route" Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: VPC3NAT1 RouteTableId: Ref: VPC3PrivateRouteTable1 VPC3PrivateRoute2: Type: "AWS::EC2::Route" Properties: DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: Ref: VPC3NAT2 RouteTableId: Ref: VPC3PrivateRouteTable2 VPC3PubSubnet1RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC3PublicRouteTable SubnetId: Ref: VPC3PubSubnet1 VPC3PubSubnet2RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC3PublicRouteTable SubnetId: Ref: VPC3PubSubnet2 VPC3PrivSubnet1RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC3PrivateRouteTable1 SubnetId: Ref: VPC3PriSubnet1 VPC3PrivSubnet2RTAssoc: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: RouteTableId: Ref: VPC3PrivateRouteTable2 SubnetId: Ref: VPC3PriSubnet2 VPC1S3VPCE: Type: AWS::EC2::VPCEndpoint Properties: VpcId: Ref: VPC1 RouteTableIds: - Ref: VPC1PublicRouteTable - Ref: VPC1PrivateRouteTable1 - Ref: VPC1PrivateRouteTable2 ServiceName: com.amazonaws.us-east-1.s3 VpcEndpointType: Gateway VPC2S3VPCE: Type: AWS::EC2::VPCEndpoint Properties: VpcId: Ref: VPC2 RouteTableIds: - Ref: VPC2PublicRouteTable - Ref: VPC2PrivateRouteTable1 - Ref: VPC2PrivateRouteTable2 ServiceName: com.amazonaws.us-east-1.s3 VpcEndpointType: Gateway VPC3S3VPCE: Type: AWS::EC2::VPCEndpoint Properties: VpcId: Ref: VPC3 RouteTableIds: - Ref: VPC3PublicRouteTable - Ref: VPC3PrivateRouteTable1 - Ref: VPC3PrivateRouteTable2 ServiceName: com.amazonaws.us-east-1.s3 VpcEndpointType: Gateway VPC1EC2EndpointSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow VPC resources to access private EC2 endpoint VpcId: Ref: VPC1 SecurityGroupIngress: - IpProtocol: -1 FromPort: -1 ToPort: -1 CidrIp: Ref: VPC1CIDR VPC2EC2EndpointSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow VPC resources to access private EC2 endpoint VpcId: Ref: VPC2 SecurityGroupIngress: - IpProtocol: -1 FromPort: -1 ToPort: -1 CidrIp: Ref: VPC2CIDR VPC3EC2EndpointSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow VPC resources to access private EC2 endpoint VpcId: Ref: VPC3 SecurityGroupIngress: - IpProtocol: -1 FromPort: -1 ToPort: -1 CidrIp: Ref: VPC3CIDR VPC1EC2InterfaceEndpoint: Type: AWS::EC2::VPCEndpoint DependsOn: VPC1EC2EndpointSG Properties: PrivateDnsEnabled: true ServiceName: com.amazonaws.us-east-1.ec2 SecurityGroupIds: - !Ref VPC1EC2EndpointSG SubnetIds: - !Ref VPC1PriSubnet1 - !Ref VPC1PriSubnet2 VpcEndpointType: Interface VpcId: !Ref VPC1 VPC2EC2InterfaceEndpoint: Type: AWS::EC2::VPCEndpoint DependsOn: VPC2EC2EndpointSG Properties: PrivateDnsEnabled: true ServiceName: com.amazonaws.us-east-1.ec2 SecurityGroupIds: - !Ref VPC2EC2EndpointSG SubnetIds: - !Ref VPC2PriSubnet1 - !Ref VPC2PriSubnet2 VpcEndpointType: Interface VpcId: !Ref VPC2 VPC3EC2InterfaceEndpoint: Type: AWS::EC2::VPCEndpoint DependsOn: VPC3EC2EndpointSG Properties: PrivateDnsEnabled: true ServiceName: com.amazonaws.us-east-1.ec2 SecurityGroupIds: - !Ref VPC3EC2EndpointSG SubnetIds: - !Ref VPC3PriSubnet1 - !Ref VPC3PriSubnet2 VpcEndpointType: Interface VpcId: !Ref VPC3 VPC1VPC2PeeringConnection: Type: 'AWS::EC2::VPCPeeringConnection' Properties: VpcId: !Ref VPC1 PeerVpcId: !Ref VPC2 VPC1PeeringPublicRoute: Type: 'AWS::EC2::Route' DependsOn: VPC1VPC2PeeringConnection Properties: DestinationCidrBlock: !Ref VPC2CIDR RouteTableId: !Ref VPC1PublicRouteTable VpcPeeringConnectionId: !Ref VPC1VPC2PeeringConnection VPC1PeeringPrivateRoute1: Type: 'AWS::EC2::Route' DependsOn: VPC1VPC2PeeringConnection Properties: DestinationCidrBlock: !Ref VPC2CIDR RouteTableId: !Ref VPC1PrivateRouteTable1 VpcPeeringConnectionId: !Ref VPC1VPC2PeeringConnection VPC1PeeringPrivateRoute2: Type: 'AWS::EC2::Route' DependsOn: VPC1VPC2PeeringConnection Properties: DestinationCidrBlock: !Ref VPC2CIDR RouteTableId: !Ref VPC1PrivateRouteTable2 VpcPeeringConnectionId: !Ref VPC1VPC2PeeringConnection VPC2PeeringPublicRoute: Type: 'AWS::EC2::Route' DependsOn: VPC1VPC2PeeringConnection Properties: DestinationCidrBlock: !Ref VPC1CIDR RouteTableId: !Ref VPC2PublicRouteTable VpcPeeringConnectionId: !Ref VPC1VPC2PeeringConnection VPC2PeeringPrivateRoute1: Type: 'AWS::EC2::Route' DependsOn: VPC1VPC2PeeringConnection Properties: DestinationCidrBlock: !Ref VPC1CIDR RouteTableId: !Ref VPC2PrivateRouteTable1 VpcPeeringConnectionId: !Ref VPC1VPC2PeeringConnection VPC2PeeringPrivateRoute2: Type: 'AWS::EC2::Route' DependsOn: VPC1VPC2PeeringConnection Properties: DestinationCidrBlock: !Ref VPC1CIDR RouteTableId: !Ref VPC2PrivateRouteTable2 VpcPeeringConnectionId: !Ref VPC1VPC2PeeringConnection Outputs: VPC1ID: Description: "VPC1 ID" Value: Ref: VPC1 VPC1PrivateSubnet1: Description: "Subnet ID of private subnet in AZ1" Value: Ref: VPC1PriSubnet1 VPC1PrivateSubnet2: Description: "Subnet ID of private subnet in AZ2" Value: Ref: VPC1PriSubnet2 VPC1PublicSubnet1: Description: "Subnet ID of public subnet in AZ1" Value: Ref: VPC1PubSubnet1 VPC1PublicSubnet2: Description: "Subnet ID of public subnet in AZ2" Value: Ref: VPC1PubSubnet2 NATEIP1: Description: "NAT Gateway ID in AZ1" Value: Ref: VPC1NAT1 NATEIP2: Description: "NAT Gateway ID in AZ2" Value: Ref: VPC1NAT2 VPC2ID: Description: "VPC2 ID" Value: Ref: VPC2 VPC2PrivateSubnet1: Description: "Subnet ID of private subnet in AZ1" Value: Ref: VPC2PriSubnet1 VPC2PrivateSubnet2: Description: "Subnet ID of private subnet in AZ2" Value: Ref: VPC2PriSubnet2 VPC2PublicSubnet1: Description: "Subnet ID of public subnet in AZ1" Value: Ref: VPC2PubSubnet1 VPC2PublicSubnet2: Description: "Subnet ID of public subnet in AZ2" Value: Ref: VPC2PubSubnet2 VPC2NATEIP1: Description: "NAT Gateway ID in AZ1" Value: Ref: VPC2NAT1 VPC2NATEIP2: Description: "NAT Gateway ID in AZ2" Value: Ref: VPC2NAT2 VPC3ID: Description: "VPC3 ID" Value: Ref: VPC3 VPC3PrivateSubnet1: Description: "Subnet ID of private subnet in AZ1" Value: Ref: VPC3PriSubnet1 VPC3PrivateSubnet2: Description: "Subnet ID of private subnet in AZ2" Value: Ref: VPC3PriSubnet2 VPC3PublicSubnet1: Description: "Subnet ID of public subnet in AZ1" Value: Ref: VPC3PubSubnet1 VPC3PublicSubnet2: Description: "Subnet ID of public subnet in AZ2" Value: Ref: VPC3PubSubnet2 VPC3NATEIP1: Description: "NAT Gateway ID in AZ1" Value: Ref: VPC3NAT1 VPC3NATEIP2: Description: "NAT Gateway ID in AZ2" Value: Ref: VPC3NAT2 VPC1S3VPCE: Description: "S3 VPC Endpoint for VPC1" Value: Ref: VPC1S3VPCE VPC2S3VPCE: Description: "S3 VPC Endpoint for VPC2" Value: Ref: VPC2S3VPCE VPC3S3VPCE: Description: "S3 VPC Endpoint for VPC3" Value: Ref: VPC3S3VPCE