AWSTemplateFormatVersion: '2010-09-09' Description: "Perforce-server-vpc-template" Parameters: EnableReplica: Type: String Default: "No" AllowedValues: - "Yes" - "No" Description: "If you build Perforce Replica Server, select Yes. Replica Server will be the same setting as Master server." AccessCIDR: AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: "must be a valid IP CIDR range of the form x.x.x.x/x." Description: "The IP address range that can be used to access to the EC2 instance" MaxLength: '18' MinLength: '9' Default: '0.0.0.0/0' Type: String Conditions: CreateReplicaServer: !Equals [ !Ref EnableReplica, "Yes" ] Resources: PerforceVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 InstanceTenancy: default EnableDnsSupport: 'true' EnableDnsHostnames: 'false' Tags: - Key: Name Value: Perforce PerforcePublicSubnetMaster: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.0.0/24 AvailabilityZone: !Select - 0 - Fn::GetAZs: !Ref 'AWS::Region' VpcId: Ref: PerforceVPC Tags: - Key: Name Value: Perforce-Public-Subnet-Master PerforcePublicSubnetReplica: Type: AWS::EC2::Subnet Condition: CreateReplicaServer Properties: CidrBlock: 10.0.1.0/24 AvailabilityZone: !Select - 1 - Fn::GetAZs: !Ref 'AWS::Region' VpcId: Ref: PerforceVPC Tags: - Key: Name Value: Perforce-Public-Subnet-Replica PerforceIGW: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: Public-Perforce dopt06d06862: Type: AWS::EC2::DHCPOptions Properties: DomainName: !Sub ${AWS::Region}.compute.internal DomainNameServers: - AmazonProvidedDNS PerforceNACL: Type: AWS::EC2::NetworkAcl Properties: VpcId: Ref: PerforceVPC PerforceRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: Ref: PerforceVPC sgPerforceSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: This security group is for Perforce. VpcId: Ref: PerforceVPC acl1: Type: AWS::EC2::NetworkAclEntry Properties: CidrBlock: 0.0.0.0/0 Egress: 'true' Protocol: '-1' RuleAction: allow RuleNumber: '100' NetworkAclId: Ref: PerforceNACL acl2: Type: AWS::EC2::NetworkAclEntry Properties: CidrBlock: 0.0.0.0/0 Protocol: '-1' RuleAction: allow RuleNumber: '100' NetworkAclId: Ref: PerforceNACL subnetacl1: Type: AWS::EC2::SubnetNetworkAclAssociation Properties: NetworkAclId: Ref: PerforceNACL SubnetId: Ref: PerforcePublicSubnetMaster subnetacl2: Type: AWS::EC2::SubnetNetworkAclAssociation Condition: CreateReplicaServer Properties: NetworkAclId: Ref: PerforceNACL SubnetId: Ref: PerforcePublicSubnetReplica gw1: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: Ref: PerforceVPC InternetGatewayId: Ref: PerforceIGW route1: Type: AWS::EC2::Route Properties: DestinationCidrBlock: 0.0.0.0/0 RouteTableId: Ref: PerforceRouteTable GatewayId: Ref: PerforceIGW DependsOn: gw1 subnetrtbassoc1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: Ref: PerforceRouteTable SubnetId: Ref: PerforcePublicSubnetMaster subnetrtbassoc2: Type: AWS::EC2::SubnetRouteTableAssociation Condition: CreateReplicaServer Properties: RouteTableId: !Ref PerforceRouteTable SubnetId: !Ref PerforcePublicSubnetReplica dchpassoc1: Type: AWS::EC2::VPCDHCPOptionsAssociation Properties: VpcId: !Ref PerforceVPC DhcpOptionsId: !Ref dopt06d06862 ingress1: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref sgPerforceSG IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: !Ref AccessCIDR ingress2: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref sgPerforceSG IpProtocol: tcp FromPort: '443' ToPort: '443' CidrIp: !Ref AccessCIDR ingress3: Type: AWS::EC2::SecurityGroupIngress Properties: GroupId: !Ref sgPerforceSG IpProtocol: tcp FromPort: '1666' ToPort: '1666' CidrIp: !Ref AccessCIDR ingress4: Type: 'AWS::EC2::SecurityGroupIngress' Properties: GroupId: !Ref sgPerforceSG IpProtocol: tcp FromPort: '22' ToPort: '22' SourceSecurityGroupId: !Ref sgPerforceSG ingress5: Type: 'AWS::EC2::SecurityGroupIngress' Properties: GroupId: !Ref sgPerforceSG IpProtocol: tcp FromPort: '443' ToPort: '443' SourceSecurityGroupId: !Ref sgPerforceSG ingress6: Type: 'AWS::EC2::SecurityGroupIngress' Properties: GroupId: !Ref sgPerforceSG IpProtocol: tcp FromPort: '1666' ToPort: '1666' SourceSecurityGroupId: !Ref sgPerforceSG egress1: Type: AWS::EC2::SecurityGroupEgress Properties: GroupId: !Ref sgPerforceSG IpProtocol: '-1' CidrIp: 0.0.0.0/0 # Setting IAM Role for EC2 instance EC2Role: Type: AWS::IAM::Role Properties: Description: "EC2 service role for S3 full access" AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - "ec2.amazonaws.com" Action: - "sts:AssumeRole" Path: / ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3FullAccess RoleName: PerforceEC2RoleForS3Access EC2Profile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - !Ref EC2Role InstanceProfileName: EC2S3AcessProfile Outputs: PerforceMasterSubnetId: Description: "Newly created Public Subnet ID for Master" Value: !Ref PerforcePublicSubnetMaster PerforceReplicaSubnetId: Condition: CreateReplicaServer Description: "Newly created Public Subnet ID for Replica" Value: !Ref PerforcePublicSubnetReplica PerforceSecurityGroupId: Description: "Newly created sercurity group ID for Perforce" Value: !Ref sgPerforceSG PerforceVPCGatewaySettingID: Description: "VPC gateway setting for Perforce" Value: !Ref gw1 EC2ProfileID: Description: "EC2 profile setting for Perforce" Value: !Ref EC2Profile