AWSTemplateFormatVersion: 2010-09-09 Description: >- This template creates a Multi-AZ, multi-subnet VPC infrastructure with managed NAT gateways in the public subnet for each Availability Zone. You can also create additional private subnets with dedicated custom network access control lists (ACLs). If you deploy the Quick Start in a region that doesn't support NAT gateways, NAT instances are deployed instead. **WARNING** This template creates AWS resources. You will be billed for the AWS resources used if you create a stack from this template. QS(0027) Metadata: 'AWS::CloudFormation::Interface': ParameterGroups: - Label: default: Availability Zone Configuration Parameters: - AvailabilityZones - NumberOfAZs - Label: default: Network Configuration Parameters: - VPCCIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - PublicSubnet4CIDR - PublicSubnetTag1 - PublicSubnetTag2 - PublicSubnetTag3 - CreatePrivateSubnets - PrivateSubnet1ACIDR - PrivateSubnet2ACIDR - PrivateSubnet3ACIDR - PrivateSubnet4ACIDR - PrivateSubnetATag1 - PrivateSubnetATag2 - PrivateSubnetATag3 - CreateAdditionalPrivateSubnets - PrivateSubnet1BCIDR - PrivateSubnet2BCIDR - PrivateSubnet3BCIDR - PrivateSubnet4BCIDR - PrivateSubnetBTag1 - PrivateSubnetBTag2 - PrivateSubnetBTag3 - VPCTenancy - Label: default: 'Deprecated: NAT Instance Configuration' Parameters: - KeyPairName - NATInstanceType ParameterLabels: AvailabilityZones: default: Availability Zones CreateAdditionalPrivateSubnets: default: Create additional private subnets with dedicated network ACLs CreatePrivateSubnets: default: Create private subnets KeyPairName: default: 'Deprecated: Key pair name' NATInstanceType: default: 'Deprecated: NAT instance type' NumberOfAZs: default: Number of Availability Zones PrivateSubnet1ACIDR: default: Private subnet 1A CIDR PrivateSubnet1BCIDR: default: Private subnet 1B with dedicated network ACL CIDR PrivateSubnet2ACIDR: default: Private subnet 2A CIDR PrivateSubnet2BCIDR: default: Private subnet 2B with dedicated network ACL CIDR PrivateSubnet3ACIDR: default: Private subnet 3A CIDR PrivateSubnet3BCIDR: default: Private subnet 3B with dedicated network ACL CIDR PrivateSubnet4ACIDR: default: Private subnet 4A CIDR PrivateSubnet4BCIDR: default: Private subnet 4B with dedicated network ACL CIDR PrivateSubnetATag1: default: Tag for Private A Subnets PrivateSubnetATag2: default: Tag for Private A Subnets PrivateSubnetATag3: default: Tag for Private A Subnets PrivateSubnetBTag1: default: Tag for Private B Subnets PrivateSubnetBTag2: default: Tag for Private B Subnets PrivateSubnetBTag3: default: Tag for Private B Subnets PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PublicSubnet3CIDR: default: Public subnet 3 CIDR PublicSubnet4CIDR: default: Public subnet 4 CIDR PublicSubnetTag1: default: Tag for Public Subnets PublicSubnetTag2: default: Tag for Public Subnets PublicSubnetTag3: default: Tag for Public Subnets VPCCIDR: default: VPC CIDR VPCTenancy: default: VPC Tenancy Parameters: AvailabilityZones: Description: >- List of Availability Zones to use for the subnets in the VPC. Note: The logical order is preserved. Type: 'List' CreateAdditionalPrivateSubnets: AllowedValues: - 'true' - 'false' Default: 'false' Description: >- Set to true to create a network ACL protected subnet in each Availability Zone. If false, the CIDR parameters for those subnets will be ignored. If true, it also requires that the 'Create private subnets' parameter is also true to have any effect. Type: String CreatePrivateSubnets: AllowedValues: - 'true' - 'false' Default: 'true' Description: >- Set to false to create only public subnets. If false, the CIDR parameters for ALL private subnets will be ignored. Type: String KeyPairName: Description: Deprecated. NAT gateways are now supported in all regions. Type: String Default: deprecated NATInstanceType: Default: deprecated Description: Deprecated. NAT gateways are now supported in all regions. Type: String NumberOfAZs: AllowedValues: - '2' - '3' - '4' Default: '2' Description: >- Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter. Type: String PrivateSubnet1ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 Description: CIDR block for private subnet 1A located in Availability Zone 1 Type: String PrivateSubnet1BCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.192.0/21 Description: >- CIDR block for private subnet 1B with dedicated network ACL located in Availability Zone 1 Type: String PrivateSubnet2ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.32.0/19 Description: CIDR block for private subnet 2A located in Availability Zone 2 Type: String PrivateSubnet2BCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.200.0/21 Description: >- CIDR block for private subnet 2B with dedicated network ACL located in Availability Zone 2 Type: String PrivateSubnet3ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.64.0/19 Description: CIDR block for private subnet 3A located in Availability Zone 3 Type: String PrivateSubnet3BCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.208.0/21 Description: >- CIDR block for private subnet 3B with dedicated network ACL located in Availability Zone 3 Type: String PrivateSubnet4ACIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.96.0/19 Description: CIDR block for private subnet 4A located in Availability Zone 4 Type: String PrivateSubnet4BCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.216.0/21 Description: >- CIDR block for private subnet 4B with dedicated network ACL located in Availability Zone 4 Type: String PrivateSubnetATag1: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: Network=Private Description: 'tag to add to private subnets A, in format Key=Value (Optional)' Type: String PrivateSubnetATag2: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: 'tag to add to private subnets A, in format Key=Value (Optional)' Type: String PrivateSubnetATag3: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: 'tag to add to private subnets A, in format Key=Value (Optional)' Type: String PrivateSubnetBTag1: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: Network=Private Description: 'tag to add to private subnets B, in format Key=Value (Optional)' Type: String PrivateSubnetBTag2: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: 'tag to add to private subnets B, in format Key=Value (Optional)' Type: String PrivateSubnetBTag3: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: 'tag to add to private subnets B, in format Key=Value (Optional)' Type: String PublicSubnet1CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR block for the public DMZ subnet 1 located in Availability Zone 1 Type: String PublicSubnet2CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.144.0/20 Description: CIDR block for the public DMZ subnet 2 located in Availability Zone 2 Type: String PublicSubnet3CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.160.0/20 Description: CIDR block for the public DMZ subnet 3 located in Availability Zone 3 Type: String PublicSubnet4CIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.176.0/20 Description: CIDR block for the public DMZ subnet 4 located in Availability Zone 4 Type: String PublicSubnetTag1: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: Network=Public Description: 'tag to add to public subnets, in format Key=Value (Optional)' Type: String PublicSubnetTag2: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: 'tag to add to public subnets, in format Key=Value (Optional)' Type: String PublicSubnetTag3: AllowedPattern: '^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"''\[\]\{\}]*)?$' ConstraintDescription: >- tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: 'tag to add to public subnets, in format Key=Value (Optional)' Type: String VPCCIDR: AllowedPattern: >- ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC Type: String VPCTenancy: AllowedValues: - default - dedicated Default: default Description: The allowed tenancy of instances launched into the VPC Type: String Conditions: 3AZCondition: !Or - !Equals - !Ref NumberOfAZs - '3' - !Condition 4AZCondition 4AZCondition: !Equals - !Ref NumberOfAZs - '4' AdditionalPrivateSubnetsCondition: !And - !Equals - !Ref CreatePrivateSubnets - 'true' - !Equals - !Ref CreateAdditionalPrivateSubnets - 'true' AdditionalPrivateSubnets&3AZCondition: !And - !Condition AdditionalPrivateSubnetsCondition - !Condition 3AZCondition AdditionalPrivateSubnets&4AZCondition: !And - !Condition AdditionalPrivateSubnetsCondition - !Condition 4AZCondition GovCloudCondition: !Equals - !Ref 'AWS::Region' - us-gov-west-1 NVirginiaRegionCondition: !Equals - !Ref 'AWS::Region' - us-east-1 PrivateSubnetsCondition: !Equals - !Ref CreatePrivateSubnets - 'true' PrivateSubnets&3AZCondition: !And - !Condition PrivateSubnetsCondition - !Condition 3AZCondition PrivateSubnets&4AZCondition: !And - !Condition PrivateSubnetsCondition - !Condition 4AZCondition PrivateSubnetATag1Condition: !Not - !Equals - !Ref PrivateSubnetATag1 - '' PrivateSubnetATag2Condition: !Not - !Equals - !Ref PrivateSubnetATag2 - '' PrivateSubnetATag3Condition: !Not - !Equals - !Ref PrivateSubnetATag3 - '' PrivateSubnetBTag1Condition: !Not - !Equals - !Ref PrivateSubnetBTag1 - '' PrivateSubnetBTag2Condition: !Not - !Equals - !Ref PrivateSubnetBTag2 - '' PrivateSubnetBTag3Condition: !Not - !Equals - !Ref PrivateSubnetBTag3 - '' PublicSubnetTag1Condition: !Not - !Equals - !Ref PublicSubnetTag1 - '' PublicSubnetTag2Condition: !Not - !Equals - !Ref PublicSubnetTag2 - '' PublicSubnetTag3Condition: !Not - !Equals - !Ref PublicSubnetTag3 - '' Resources: DHCPOptions: Type: 'AWS::EC2::DHCPOptions' Properties: DomainName: !If - NVirginiaRegionCondition - ec2.internal - !Sub '${AWS::Region}.compute.internal' DomainNameServers: - AmazonProvidedDNS VPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: !Ref VPCCIDR InstanceTenancy: !Ref VPCTenancy EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Ref 'AWS::StackName' VPCDHCPOptionsAssociation: Type: 'AWS::EC2::VPCDHCPOptionsAssociation' Properties: VpcId: !Ref VPC DhcpOptionsId: !Ref DHCPOptions InternetGateway: Type: 'AWS::EC2::InternetGateway' Properties: Tags: - Key: Name Value: !Ref 'AWS::StackName' VPCGatewayAttachment: Type: 'AWS::EC2::VPCGatewayAttachment' Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PrivateSubnet1A: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet1ACIDR AvailabilityZone: !Select - '0' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 1A - !If - PrivateSubnetATag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag3 - !Ref 'AWS::NoValue' PrivateSubnet1B: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet1BCIDR AvailabilityZone: !Select - '0' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 1B - !If - PrivateSubnetBTag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag3 - !Ref 'AWS::NoValue' PrivateSubnet2A: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet2ACIDR AvailabilityZone: !Select - '1' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 2A - !If - PrivateSubnetATag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag3 - !Ref 'AWS::NoValue' PrivateSubnet2B: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet2BCIDR AvailabilityZone: !Select - '1' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 2B - !If - PrivateSubnetBTag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag3 - !Ref 'AWS::NoValue' PrivateSubnet3A: Condition: PrivateSubnets&3AZCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet3ACIDR AvailabilityZone: !Select - '2' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 3A - !If - PrivateSubnetATag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag3 - !Ref 'AWS::NoValue' PrivateSubnet3B: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet3BCIDR AvailabilityZone: !Select - '2' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 3B - !If - PrivateSubnetBTag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag3 - !Ref 'AWS::NoValue' PrivateSubnet4A: Condition: PrivateSubnets&4AZCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet4ACIDR AvailabilityZone: !Select - '3' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 4A - !If - PrivateSubnetATag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetATag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetATag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetATag3 - !Ref 'AWS::NoValue' PrivateSubnet4B: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnet4BCIDR AvailabilityZone: !Select - '3' - !Ref AvailabilityZones Tags: - Key: Name Value: Private subnet 4B - !If - PrivateSubnetBTag1Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag1 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag1 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag2Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag2 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag2 - !Ref 'AWS::NoValue' - !If - PrivateSubnetBTag3Condition - Key: !Select - '0' - !Split - = - !Ref PrivateSubnetBTag3 Value: !Select - '1' - !Split - = - !Ref PrivateSubnetBTag3 - !Ref 'AWS::NoValue' PublicSubnet1: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnet1CIDR AvailabilityZone: !Select - '0' - !Ref AvailabilityZones Tags: - Key: Name Value: Public subnet 1 - !If - PublicSubnetTag1Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag1 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag1 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag2Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag2 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag2 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag3Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag3 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag3 - !Ref 'AWS::NoValue' MapPublicIpOnLaunch: true PublicSubnet2: Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnet2CIDR AvailabilityZone: !Select - '1' - !Ref AvailabilityZones Tags: - Key: Name Value: Public subnet 2 - !If - PublicSubnetTag1Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag1 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag1 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag2Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag2 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag2 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag3Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag3 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag3 - !Ref 'AWS::NoValue' MapPublicIpOnLaunch: true PublicSubnet3: Condition: 3AZCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnet3CIDR AvailabilityZone: !Select - '2' - !Ref AvailabilityZones Tags: - Key: Name Value: Public subnet 3 - !If - PublicSubnetTag1Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag1 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag1 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag2Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag2 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag2 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag3Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag3 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag3 - !Ref 'AWS::NoValue' MapPublicIpOnLaunch: true PublicSubnet4: Condition: 4AZCondition Type: 'AWS::EC2::Subnet' Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnet4CIDR AvailabilityZone: !Select - '3' - !Ref AvailabilityZones Tags: - Key: Name Value: Public subnet 4 - !If - PublicSubnetTag1Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag1 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag1 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag2Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag2 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag2 - !Ref 'AWS::NoValue' - !If - PublicSubnetTag3Condition - Key: !Select - '0' - !Split - = - !Ref PublicSubnetTag3 Value: !Select - '1' - !Split - = - !Ref PublicSubnetTag3 - !Ref 'AWS::NoValue' MapPublicIpOnLaunch: true PrivateSubnet1ARouteTable: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 1A - Key: Network Value: Private PrivateSubnet1ARoute: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet1ARouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway1 PrivateSubnet1ARouteTableAssociation: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet1A RouteTableId: !Ref PrivateSubnet1ARouteTable PrivateSubnet2ARouteTable: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 2A - Key: Network Value: Private PrivateSubnet2ARoute: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet2ARouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway2 PrivateSubnet2ARouteTableAssociation: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet2A RouteTableId: !Ref PrivateSubnet2ARouteTable PrivateSubnet3ARouteTable: Condition: PrivateSubnets&3AZCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 3A - Key: Network Value: Private PrivateSubnet3ARoute: Condition: PrivateSubnets&3AZCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet3ARouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway3 PrivateSubnet3ARouteTableAssociation: Condition: PrivateSubnets&3AZCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet3A RouteTableId: !Ref PrivateSubnet3ARouteTable PrivateSubnet4ARouteTable: Condition: PrivateSubnets&4AZCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 4A - Key: Network Value: Private PrivateSubnet4ARoute: Condition: PrivateSubnets&4AZCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet4ARouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway4 PrivateSubnet4ARouteTableAssociation: Condition: PrivateSubnets&4AZCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet4A RouteTableId: !Ref PrivateSubnet4ARouteTable PrivateSubnet1BRouteTable: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 1B - Key: Network Value: Private PrivateSubnet1BRoute: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet1BRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway1 PrivateSubnet1BRouteTableAssociation: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet1B RouteTableId: !Ref PrivateSubnet1BRouteTable PrivateSubnet1BNetworkAcl: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: NACL Protected subnet 1 - Key: Network Value: NACL Protected PrivateSubnet1BNetworkAclEntryInbound: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: false NetworkAclId: !Ref PrivateSubnet1BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet1BNetworkAclEntryOutbound: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: true NetworkAclId: !Ref PrivateSubnet1BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet1BNetworkAclAssociation: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref PrivateSubnet1B NetworkAclId: !Ref PrivateSubnet1BNetworkAcl PrivateSubnet2BRouteTable: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 2B - Key: Network Value: Private PrivateSubnet2BRoute: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet2BRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway2 PrivateSubnet2BRouteTableAssociation: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet2B RouteTableId: !Ref PrivateSubnet2BRouteTable PrivateSubnet2BNetworkAcl: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: NACL Protected subnet 2 - Key: Network Value: NACL Protected PrivateSubnet2BNetworkAclEntryInbound: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: false NetworkAclId: !Ref PrivateSubnet2BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet2BNetworkAclEntryOutbound: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: true NetworkAclId: !Ref PrivateSubnet2BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet2BNetworkAclAssociation: Condition: AdditionalPrivateSubnetsCondition Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref PrivateSubnet2B NetworkAclId: !Ref PrivateSubnet2BNetworkAcl PrivateSubnet3BRouteTable: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 3B - Key: Network Value: Private PrivateSubnet3BRoute: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet3BRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway3 PrivateSubnet3BRouteTableAssociation: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet3B RouteTableId: !Ref PrivateSubnet3BRouteTable PrivateSubnet3BNetworkAcl: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: NACL Protected subnet 3 - Key: Network Value: NACL Protected PrivateSubnet3BNetworkAclEntryInbound: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: false NetworkAclId: !Ref PrivateSubnet3BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet3BNetworkAclEntryOutbound: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: true NetworkAclId: !Ref PrivateSubnet3BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet3BNetworkAclAssociation: Condition: AdditionalPrivateSubnets&3AZCondition Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref PrivateSubnet3B NetworkAclId: !Ref PrivateSubnet3BNetworkAcl PrivateSubnet4BRouteTable: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Private subnet 4B - Key: Network Value: Private PrivateSubnet4BRoute: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PrivateSubnet4BRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway4 PrivateSubnet4BRouteTableAssociation: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PrivateSubnet4B RouteTableId: !Ref PrivateSubnet4BRouteTable PrivateSubnet4BNetworkAcl: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::NetworkAcl' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: NACL Protected subnet 4 - Key: Network Value: NACL Protected PrivateSubnet4BNetworkAclEntryInbound: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: false NetworkAclId: !Ref PrivateSubnet4BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet4BNetworkAclEntryOutbound: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::NetworkAclEntry' Properties: CidrBlock: 0.0.0.0/0 Egress: true NetworkAclId: !Ref PrivateSubnet4BNetworkAcl Protocol: -1 RuleAction: allow RuleNumber: 100 PrivateSubnet4BNetworkAclAssociation: Condition: AdditionalPrivateSubnets&4AZCondition Type: 'AWS::EC2::SubnetNetworkAclAssociation' Properties: SubnetId: !Ref PrivateSubnet4B NetworkAclId: !Ref PrivateSubnet4BNetworkAcl PublicSubnetRouteTable: Type: 'AWS::EC2::RouteTable' Properties: VpcId: !Ref VPC Tags: - Key: Name Value: Public Subnets - Key: Network Value: Public PublicSubnetRoute: DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref PublicSubnetRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicSubnetRouteTable PublicSubnet2RouteTableAssociation: Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PublicSubnet2 RouteTableId: !Ref PublicSubnetRouteTable PublicSubnet3RouteTableAssociation: Condition: 3AZCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PublicSubnet3 RouteTableId: !Ref PublicSubnetRouteTable PublicSubnet4RouteTableAssociation: Condition: 4AZCondition Type: 'AWS::EC2::SubnetRouteTableAssociation' Properties: SubnetId: !Ref PublicSubnet4 RouteTableId: !Ref PublicSubnetRouteTable NAT1EIP: Condition: PrivateSubnetsCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::EIP' Properties: Domain: vpc NAT2EIP: Condition: PrivateSubnetsCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::EIP' Properties: Domain: vpc NAT3EIP: Condition: PrivateSubnets&3AZCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::EIP' Properties: Domain: vpc NAT4EIP: Condition: PrivateSubnets&4AZCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::EIP' Properties: Domain: vpc NATGateway1: Condition: PrivateSubnetsCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::NatGateway' Properties: AllocationId: !GetAtt - NAT1EIP - AllocationId SubnetId: !Ref PublicSubnet1 NATGateway2: Condition: PrivateSubnetsCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::NatGateway' Properties: AllocationId: !GetAtt - NAT2EIP - AllocationId SubnetId: !Ref PublicSubnet2 NATGateway3: Condition: PrivateSubnets&3AZCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::NatGateway' Properties: AllocationId: !GetAtt - NAT3EIP - AllocationId SubnetId: !Ref PublicSubnet3 NATGateway4: Condition: PrivateSubnets&4AZCondition DependsOn: VPCGatewayAttachment Type: 'AWS::EC2::NatGateway' Properties: AllocationId: !GetAtt - NAT4EIP - AllocationId SubnetId: !Ref PublicSubnet4 S3VPCEndpoint: Condition: PrivateSubnetsCondition Type: 'AWS::EC2::VPCEndpoint' Properties: PolicyDocument: Version: 2012-10-17 Statement: - Action: '*' Effect: Allow Resource: '*' Principal: '*' RouteTableIds: - !Ref PrivateSubnet1ARouteTable - !Ref PrivateSubnet2ARouteTable - !If - PrivateSubnets&3AZCondition - !Ref PrivateSubnet3ARouteTable - !Ref 'AWS::NoValue' - !If - PrivateSubnets&4AZCondition - !Ref PrivateSubnet4ARouteTable - !Ref 'AWS::NoValue' - !If - AdditionalPrivateSubnetsCondition - !Ref PrivateSubnet1BRouteTable - !Ref 'AWS::NoValue' - !If - AdditionalPrivateSubnetsCondition - !Ref PrivateSubnet2BRouteTable - !Ref 'AWS::NoValue' - !If - AdditionalPrivateSubnets&3AZCondition - !Ref PrivateSubnet3BRouteTable - !Ref 'AWS::NoValue' - !If - AdditionalPrivateSubnets&4AZCondition - !Ref PrivateSubnet4BRouteTable - !Ref 'AWS::NoValue' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.s3' VpcId: !Ref VPC Outputs: NAT1EIP: Condition: PrivateSubnetsCondition Description: NAT 1 IP address Value: !Ref NAT1EIP Export: Name: !Sub '${AWS::StackName}-NAT1EIP' NAT2EIP: Condition: PrivateSubnetsCondition Description: NAT 2 IP address Value: !Ref NAT2EIP Export: Name: !Sub '${AWS::StackName}-NAT2EIP' NAT3EIP: Condition: PrivateSubnets&3AZCondition Description: NAT 3 IP address Value: !Ref NAT3EIP Export: Name: !Sub '${AWS::StackName}-NAT3EIP' NAT4EIP: Condition: PrivateSubnets&4AZCondition Description: NAT 4 IP address Value: !Ref NAT4EIP Export: Name: !Sub '${AWS::StackName}-NAT4EIP' PrivateSubnet1ACIDR: Condition: PrivateSubnetsCondition Description: Private subnet 1A CIDR in Availability Zone 1 Value: !Ref PrivateSubnet1ACIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1ACIDR' PrivateSubnet1AID: Condition: PrivateSubnetsCondition Description: Private subnet 1A ID in Availability Zone 1 Value: !Ref PrivateSubnet1A Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1AID' PrivateSubnet1BCIDR: Condition: AdditionalPrivateSubnetsCondition Description: Private subnet 1B CIDR in Availability Zone 1 Value: !Ref PrivateSubnet1BCIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1BCIDR' PrivateSubnet1BID: Condition: AdditionalPrivateSubnetsCondition Description: Private subnet 1B ID in Availability Zone 1 Value: !Ref PrivateSubnet1B Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1BID' PrivateSubnet2ACIDR: Condition: PrivateSubnetsCondition Description: Private subnet 2A CIDR in Availability Zone 2 Value: !Ref PrivateSubnet2ACIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2ACIDR' PrivateSubnet2AID: Condition: PrivateSubnetsCondition Description: Private subnet 2A ID in Availability Zone 2 Value: !Ref PrivateSubnet2A Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2AID' PrivateSubnet2BCIDR: Condition: AdditionalPrivateSubnetsCondition Description: Private subnet 2B CIDR in Availability Zone 2 Value: !Ref PrivateSubnet2BCIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2BCIDR' PrivateSubnet2BID: Condition: AdditionalPrivateSubnetsCondition Description: Private subnet 2B ID in Availability Zone 2 Value: !Ref PrivateSubnet2B Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2BID' PrivateSubnet3ACIDR: Condition: PrivateSubnets&3AZCondition Description: Private subnet 3A CIDR in Availability Zone 3 Value: !Ref PrivateSubnet3ACIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet3ACIDR' PrivateSubnet3AID: Condition: PrivateSubnets&3AZCondition Description: Private subnet 3A ID in Availability Zone 3 Value: !Ref PrivateSubnet3A Export: Name: !Sub '${AWS::StackName}-PrivateSubnet3AID' PrivateSubnet3BCIDR: Condition: AdditionalPrivateSubnets&3AZCondition Description: Private subnet 3B CIDR in Availability Zone 3 Value: !Ref PrivateSubnet3BCIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet3BCIDR' PrivateSubnet3BID: Condition: AdditionalPrivateSubnets&3AZCondition Description: Private subnet 3B ID in Availability Zone 3 Value: !Ref PrivateSubnet3B Export: Name: !Sub '${AWS::StackName}-PrivateSubnet3BID' PrivateSubnet4ACIDR: Condition: PrivateSubnets&4AZCondition Description: Private subnet 4A CIDR in Availability Zone 4 Value: !Ref PrivateSubnet4ACIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet4ACIDR' PrivateSubnet4AID: Condition: PrivateSubnets&4AZCondition Description: Private subnet 4A ID in Availability Zone 4 Value: !Ref PrivateSubnet4A Export: Name: !Sub '${AWS::StackName}-PrivateSubnet4AID' PrivateSubnet4BCIDR: Condition: AdditionalPrivateSubnets&4AZCondition Description: Private subnet 4B CIDR in Availability Zone 4 Value: !Ref PrivateSubnet4BCIDR Export: Name: !Sub '${AWS::StackName}-PrivateSubnet4BCIDR' PrivateSubnet4BID: Condition: AdditionalPrivateSubnets&4AZCondition Description: Private subnet 4B ID in Availability Zone 4 Value: !Ref PrivateSubnet4B Export: Name: !Sub '${AWS::StackName}-PrivateSubnet4BID' PublicSubnet1CIDR: Description: Public subnet 1 CIDR in Availability Zone 1 Value: !Ref PublicSubnet1CIDR Export: Name: !Sub '${AWS::StackName}-PublicSubnet1CIDR' PublicSubnet1ID: Description: Public subnet 1 ID in Availability Zone 1 Value: !Ref PublicSubnet1 Export: Name: !Sub '${AWS::StackName}-PublicSubnet1ID' PublicSubnet2CIDR: Description: Public subnet 2 CIDR in Availability Zone 2 Value: !Ref PublicSubnet2CIDR Export: Name: !Sub '${AWS::StackName}-PublicSubnet2CIDR' PublicSubnet2ID: Description: Public subnet 2 ID in Availability Zone 2 Value: !Ref PublicSubnet2 Export: Name: !Sub '${AWS::StackName}-PublicSubnet2ID' PublicSubnet3CIDR: Condition: 3AZCondition Description: Public subnet 3 CIDR in Availability Zone 3 Value: !Ref PublicSubnet3CIDR Export: Name: !Sub '${AWS::StackName}-PublicSubnet3CIDR' PublicSubnet3ID: Condition: 3AZCondition Description: Public subnet 3 ID in Availability Zone 3 Value: !Ref PublicSubnet3 Export: Name: !Sub '${AWS::StackName}-PublicSubnet3ID' PublicSubnet4CIDR: Condition: 4AZCondition Description: Public subnet 4 CIDR in Availability Zone 4 Value: !Ref PublicSubnet4CIDR Export: Name: !Sub '${AWS::StackName}-PublicSubnet4CIDR' PublicSubnet4ID: Condition: 4AZCondition Description: Public subnet 4 ID in Availability Zone 4 Value: !Ref PublicSubnet4 Export: Name: !Sub '${AWS::StackName}-PublicSubnet4ID' S3VPCEndpoint: Condition: PrivateSubnetsCondition Description: S3 VPC Endpoint Value: !Ref S3VPCEndpoint Export: Name: !Sub '${AWS::StackName}-S3VPCEndpoint' PrivateSubnet1ARouteTable: Condition: PrivateSubnetsCondition Value: !Ref PrivateSubnet1ARouteTable Description: Private subnet 1A route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1ARouteTable' PrivateSubnet1BRouteTable: Condition: AdditionalPrivateSubnetsCondition Value: !Ref PrivateSubnet1BRouteTable Description: Private subnet 1B route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1BRouteTable' PrivateSubnet2ARouteTable: Condition: PrivateSubnetsCondition Value: !Ref PrivateSubnet2ARouteTable Description: Private subnet 2A route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2ARouteTable' PrivateSubnet2BRouteTable: Condition: AdditionalPrivateSubnetsCondition Value: !Ref PrivateSubnet2BRouteTable Description: Private subnet 2B route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2BRouteTable' PrivateSubnet3ARouteTable: Condition: PrivateSubnets&3AZCondition Value: !Ref PrivateSubnet3ARouteTable Description: Private subnet 3A route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet3ARouteTable' PrivateSubnet3BRouteTable: Condition: AdditionalPrivateSubnets&3AZCondition Value: !Ref PrivateSubnet3BRouteTable Description: Private subnet 3B route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet3BRouteTable' PrivateSubnet4ARouteTable: Condition: PrivateSubnets&4AZCondition Value: !Ref PrivateSubnet4ARouteTable Description: Private subnet 4A route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet4ARouteTable' PrivateSubnet4BRouteTable: Condition: AdditionalPrivateSubnets&4AZCondition Value: !Ref PrivateSubnet4BRouteTable Description: Private subnet 4B route table Export: Name: !Sub '${AWS::StackName}-PrivateSubnet4BRouteTable' PublicSubnetRouteTable: Value: !Ref PublicSubnetRouteTable Description: Public subnet route table Export: Name: !Sub '${AWS::StackName}-PublicSubnetRouteTable' VPCCIDR: Value: !Ref VPCCIDR Description: VPC CIDR Export: Name: !Sub '${AWS::StackName}-VPCCIDR' VPCID: Value: !Ref VPC Description: VPC ID Export: Name: !Sub '${AWS::StackName}-VPCID'