# ---------------------------------------------------------------------------------------------------------------
# CloudFormation Template 1 of 1 -
# Provisions a multiple VPC environment to provide an AWS environment with built-in security groups and networking
#
# @author Kanishk Mahajan
# ----------------------------------------------------------------------------------------------------------------
{
"Resources" : {
"vpc1" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.33.64.0/18",
"EnableDnsSupport" : true,
"EnableDnsHostnames" : true,
"InstanceTenancy" : "default",
"Tags" : [ {"Key" : "Name", "Value" : "vpc1"} ]
}
},
"vpc1snA1" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A1"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"0",
{
"Fn::GetAZs" : ""
}
]
},
"CidrBlock" : "10.33.64.0/20"
}
},
"vpc1snA2" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A2"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"0",
{
"Fn::GetAZs" : ""
}
]
},
"CidrBlock" : "10.33.80.0/20"
}
},
"vpc1snA3" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A3"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"1",
{
"Fn::GetAZs" : ""
}
]
},
"CidrBlock" : "10.33.96.0/20"
}
},
"vpc1snA4" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "vpc1_sn_A4"} ],
"AvailabilityZone" : {
"Fn::Select" : [
"1",
{
"Fn::GetAZs" : ""
}
]
},
"CidrBlock" : "10.33.112.0/20"
}
},
"igwvpc1" : {
"Type" : "AWS::EC2::InternetGateway",
"DependsOn" : "vpc1",
"Properties" : {
"Tags" : [ {"Key" : "Name", "Value" : "IGW-VPC1"} ]
}
},
"igwvpc1attachment" : {
"DependsOn" : "igwvpc1",
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"InternetGatewayId" : {"Ref" : "igwvpc1"},
"VpcId" : {"Ref" : "vpc1"}
}
},
"rtpublic" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "RT-Public"} ]
}
},
"rtpublicdefault" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "igwvpc1attachment",
"Properties" : {
"RouteTableId" : { "Ref" : "rtpublic" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "igwvpc1" }
}
},
"rtpublicpubA" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref" : "rtpublic" },
"SubnetId" : {"Ref" : "vpc1snA1" }
}
},
"sgbastion" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "SG-BASTION",
"GroupDescription" : "SG-BASTION",
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : 22,
"ToPort" : 22,
"CidrIp" : "0.0.0.0/0"
}],
"Tags" : [ {"Key" : "Name", "Value" : "SG-BASTION"} ],
"VpcId" : {"Ref" : "vpc1"}
}
},
"sginternal" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupName" : "SG-INTERNAL",
"GroupDescription" : "SG-INTERNAL",
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : 22,
"ToPort" : 22,
"SourceSecurityGroupId" : {"Ref" : "sgbastion"}
}],
"Tags" : [ {"Key" : "Name", "Value" : "SG-INTERNAL"} ],
"VpcId" : {"Ref" : "vpc1"}
}
},
"sginternalselfref" : {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "sginternal"
},
"IpProtocol": -1,
"FromPort": -1,
"ToPort": -1,
"SourceSecurityGroupId": {
"Ref": "sginternal"
}
}
},
"rtprivatea" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "RT-PrivateA"} ]
}
},
"rtprivateb" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "RT-PrivateB"} ]
}
},
"rtprivatec" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref" : "vpc1"},
"Tags" : [ {"Key" : "Name", "Value" : "RT-PrivateC"} ]
}
},
"rtprivatea3" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref" : "rtprivatea" },
"SubnetId" : {"Ref" : "vpc1snA3" }
}
},
"rtprivatea4" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref" : "rtprivatea" },
"SubnetId" : {"Ref" : "vpc1snA4" }
}
}
},
"Outputs" : {
"vpc1id" : {
"Description" : "ID of VPC 1",
"Value" : {"Ref" : "vpc1"},
"Export" : {
"Name" : "vpc1id"
}
},
"vpc1sn1cidr" : {
"Description" : "CIDR of VPC 1 Subnet A1",
"Value" : "10.33.64.0/20",
"Export" : {
"Name" : "vpc1sn1cidr"
}
},
"subnetvpc1A1" : {
"Description" : "ID of Subnet A1 in VPC 1",
"Value" : {"Ref" : "vpc1snA1"},
"Export" : {
"Name" : "subnetvpc1A1"
}
},
"subnetvpc1A2" : {
"Description" : "ID of Subnet A2 in VPC 1",
"Value" : {"Ref" : "vpc1snA2"},
"Export" : {
"Name" : "subnetvpc1A2"
}
},
"subnetvpc1A3" : {
"Description" : "ID of Subnet A3 in VPC 1",
"Value" : {"Ref" : "vpc1snA3"},
"Export" : {
"Name" : "subnetvpc1A3"
}
},
"securitygroupid" : {
"Description" : "ID of Public Bastion SG",
"Value" : {"Ref" : "sgbastion"},
"Export" : {
"Name" : "securitygroupid"
}
},
"subnetvpc1A4" : {
"Description" : "ID of Subnet A4 in VPC 1",
"Value" : {"Ref" : "vpc1snA4"},
"Export" : {
"Name" : "subnetvpc1A4"
}
},
"routetablesubnetvpc1" : {
"Description" : "ID of RouteTable for VPC 1 A1 Subnet",
"Value" : {"Ref" : "rtpublic"},
"Export" : {
"Name" : "routetablesubnetvpc1"
}
}
}
}