--- AWSTemplateFormatVersion: "2010-09-09" Description: "Creates VPC network resources and orchestrates calling nested stacks to setup dask cluster, sagemaker notebook and nlb" Parameters: VPCName: Description: The name of the VPC being created. Type: String Default: "dask-fargate-main" VPCCidr: Description: VPC CIDR Block. Type: String Default: "11.0.0.0/16" PublicSubnet1Cidr: Description: Public Subnet1 CIDR Type: String Default: "11.0.1.0/24" PublicSubnet2Cidr: Description: Public Subnet2 CIDR Type: String Default: "11.0.2.0/24" PrivateSubnet1Cidr: Description: Private Subnet1 CIDR Type: String Default: "11.0.3.0/24" PrivateSubnet2Cidr: Description: Private Subnet2 CIDR Type: String Default: "11.0.4.0/24" Mappings: # This mapping accounts for the scenario when certain AZs # are not available to use (this differs on a per account # per customer basis). E.g., if the 'b' AZ is not available # in a specific region in one's account then updating the # list contained in the mapping below here will allow a # different AZ to be chosen. AZRegions: ap-northeast-1: AZs: ["a", "b"] ap-northeast-2: AZs: ["a", "b"] ap-south-1: AZs: ["a", "b"] ap-southeast-1: AZs: ["a", "b"] ap-southeast-2: AZs: ["a", "b"] ca-central-1: AZs: ["a", "b"] eu-central-1: AZs: ["a", "b"] eu-west-1: AZs: ["a", "b"] eu-west-2: AZs: ["a", "b"] sa-east-1: AZs: ["a", "b"] us-east-1: AZs: ["a", "b"] us-east-2: AZs: ["a", "b"] us-west-1: AZs: ["a", "b"] us-west-2: AZs: ["a", "b"] Resources: VPC: Type: "AWS::EC2::VPC" Properties: EnableDnsSupport: "true" EnableDnsHostnames: "true" CidrBlock: {Ref: VPCCidr} Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Public" - Key: "Name" Value: !Ref 'VPCName' PublicSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: "VPC" AvailabilityZone: Fn::Sub: - "${AWS::Region}${AZ}" - AZ: !Select [ 0, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] CidrBlock: {Ref: PublicSubnet1Cidr} MapPublicIpOnLaunch: "true" Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Public" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-public-' - !Select [ 0, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] PublicSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: "VPC" AvailabilityZone: Fn::Sub: - "${AWS::Region}${AZ}" - AZ: !Select [ 1, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] CidrBlock: {Ref: PublicSubnet2Cidr} MapPublicIpOnLaunch: "true" Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Public" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-public-' - !Select [ 1, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] PrivateSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: "VPC" AvailabilityZone: Fn::Sub: - "${AWS::Region}${AZ}" - AZ: !Select [ 0, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] CidrBlock: {Ref: PrivateSubnet1Cidr} Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Private" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-private-' - !Select [ 0, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] PrivateSubnet2: Type: "AWS::EC2::Subnet" Properties: VpcId: Ref: "VPC" AvailabilityZone: Fn::Sub: - "${AWS::Region}${AZ}" - AZ: !Select [ 1, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] CidrBlock: {Ref: PrivateSubnet2Cidr} Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Private" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-private-' - !Select [ 1, !FindInMap [ "AZRegions", !Ref "AWS::Region", "AZs" ] ] InternetGateway: Type: "AWS::EC2::InternetGateway" Properties: Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Public" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-IGW' GatewayToInternet: Type: "AWS::EC2::VPCGatewayAttachment" Properties: VpcId: Ref: "VPC" InternetGatewayId: Ref: "InternetGateway" PublicRouteTable: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: "VPC" Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Public" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-public-route-table' PublicRoute: Type: "AWS::EC2::Route" DependsOn: "GatewayToInternet" Properties: RouteTableId: Ref: "PublicRouteTable" DestinationCidrBlock: "0.0.0.0/0" GatewayId: Ref: "InternetGateway" PublicSubnetRouteTableAssociation0: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: SubnetId: Ref: "PublicSubnet1" RouteTableId: Ref: "PublicRouteTable" PublicSubnetRouteTableAssociation1: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: SubnetId: Ref: "PublicSubnet2" RouteTableId: Ref: "PublicRouteTable" PublicNetworkAcl: Type: "AWS::EC2::NetworkAcl" Properties: VpcId: Ref: "VPC" Tags: - Key: "Application" Value: Ref: "AWS::StackName" - Key: "Network" Value: "Public" - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-public-nacl' InboundHTTPPublicNetworkAclEntry: Type: "AWS::EC2::NetworkAclEntry" Properties: NetworkAclId: Ref: "PublicNetworkAcl" RuleNumber: "100" Protocol: "-1" RuleAction: "allow" Egress: "false" CidrBlock: "0.0.0.0/0" PortRange: From: "0" To: "65535" OutboundPublicNetworkAclEntry: Type: "AWS::EC2::NetworkAclEntry" Properties: NetworkAclId: Ref: "PublicNetworkAcl" RuleNumber: "100" Protocol: "-1" RuleAction: "allow" Egress: "true" CidrBlock: "0.0.0.0/0" PortRange: From: "0" To: "65535" PublicSubnetNetworkAclAssociation0: Type: "AWS::EC2::SubnetNetworkAclAssociation" Properties: SubnetId: Ref: "PublicSubnet1" NetworkAclId: Ref: "PublicNetworkAcl" PublicSubnetNetworkAclAssociation1: Type: "AWS::EC2::SubnetNetworkAclAssociation" Properties: SubnetId: Ref: "PublicSubnet2" NetworkAclId: Ref: "PublicNetworkAcl" ElasticIP1: Type: "AWS::EC2::EIP" Properties: Domain: "vpc" ElasticIP2: Type: "AWS::EC2::EIP" Properties: Domain: "vpc" NATGateway1: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: - "ElasticIP1" - "AllocationId" SubnetId: Ref: "PublicSubnet1" NATGateway2: Type: "AWS::EC2::NatGateway" Properties: AllocationId: Fn::GetAtt: - "ElasticIP2" - "AllocationId" SubnetId: Ref: "PublicSubnet2" PrivateRouteTable1: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: "VPC" Tags: - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-private-route-table-1' PrivateRouteTable2: Type: "AWS::EC2::RouteTable" Properties: VpcId: Ref: "VPC" Tags: - Key: "Name" Value: !Join - '' - - !Ref "VPCName" - '-private-route-table-2' PrivateRouteToInternet1: Type: "AWS::EC2::Route" Properties: RouteTableId: Ref: "PrivateRouteTable1" DestinationCidrBlock: "0.0.0.0/0" NatGatewayId: Ref: "NATGateway1" PrivateRouteToInternet2: Type: "AWS::EC2::Route" Properties: RouteTableId: Ref: "PrivateRouteTable2" DestinationCidrBlock: "0.0.0.0/0" NatGatewayId: Ref: "NATGateway2" PrivateSubnetRouteTableAssociation1: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: SubnetId: Ref: "PrivateSubnet1" RouteTableId: Ref: "PrivateRouteTable1" PrivateSubnetRouteTableAssociation2: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: SubnetId: Ref: "PrivateSubnet2" RouteTableId: Ref: "PrivateRouteTable2" sgdask: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable Scheduler ports access VpcId: Ref: "VPC" sgdaskingress: Type: AWS::EC2::SecurityGroupIngress DependsOn: sgdask Properties: GroupId: Ref: sgdask IpProtocol: tcp FromPort: '0' ToPort: '65535' SourceSecurityGroupId: Ref: sgdask sgdaskingress2: Type: AWS::EC2::SecurityGroupIngress DependsOn: sgdask Properties: GroupId: Ref: sgdask IpProtocol: tcp FromPort: '8787' ToPort: '8787' CidrIp: Ref: PublicSubnet1Cidr DaskFargateStack: Type: AWS::CloudFormation::Stack DependsOn: "PrivateSubnet1" Properties: TemplateURL: https://octank-claims-web.s3-us-west-2.amazonaws.com/template/dask-cluster.template Parameters: VpcId: Ref: VPC Subnets: Ref: PrivateSubnet1 sgdask: Ref: sgdask SagemakerFargateStack: Type: AWS::CloudFormation::Stack DependsOn: ["PrivateSubnet1","sgdask"] Properties: TemplateURL: https://octank-claims-web.s3-us-west-2.amazonaws.com/template/sagemaker-notebook.template Parameters: sgdask: Ref: sgdask subnet: Ref: PrivateSubnet1 DaskStatusNLBStack: Type: AWS::CloudFormation::Stack DependsOn: ["DaskFargateStack"] Properties: TemplateURL: https://octank-claims-web.s3-us-west-2.amazonaws.com/template/dask-status-nlb.template Parameters: VPC: Ref: VPC Subnet1: Ref: PublicSubnet1 Subnet2: Ref: PublicSubnet2 Outputs: VPCId: Description: "VPCId of VPC" Value: Ref: "VPC" Export: Name: !Sub "${AWS::Region}-${AWS::StackName}-VPC" PublicSubnet1: Description: "SubnetId of public subnet 1" Value: Ref: "PublicSubnet1" Export: Name: !Sub "${AWS::Region}-${AWS::StackName}-PublicSubnet1" PublicSubnet2: Description: "SubnetId of public subnet 2" Value: Ref: "PublicSubnet2" Export: Name: !Sub "${AWS::Region}-${AWS::StackName}-PublicSubnet2" PrivateSubnet1: Description: "SubnetId of private subnet 1" Value: Ref: "PrivateSubnet1" Export: Name: !Sub "${AWS::Region}-${AWS::StackName}-PrivateSubnet1" PrivateSubnet2: Description: "SubnetId of private subnet 2" Value: Ref: "PrivateSubnet2" Export: Name: !Sub "${AWS::Region}-${AWS::StackName}-PrivateSubnet2" DefaultSecurityGroup: Description: "DefaultSecurityGroup Id" Value: !GetAtt VPC.DefaultSecurityGroup Export: Name: !Sub "${AWS::Region}-${AWS::StackName}-DefaultSecurityGroup"