# * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. # * # * Permission is hereby granted, free of charge, to any person obtaining a copy of this # * software and associated documentation files (the "Software"), to deal in the Software # * without restriction, including without limitation the rights to use, copy, modify, # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to # * permit persons to whom the Software is furnished to do so. # * # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. AWSTemplateFormatVersion: '2010-09-09' Description: Service Catalog Test - Networks Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 172.16.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true' Tags: - Key: Env Value: test - Key: Name Value: sc-test-vpc SubnetA: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 0 - Fn::GetAZs: "" CidrBlock: 172.16.1.0/24 VpcId: !Ref VPC Tags: - Key: Env Value: test - Key: Name Value: sc-test-subnet-1 SubnetB: Type: AWS::EC2::Subnet Properties: AvailabilityZone: Fn::Select: - 1 - Fn::GetAZs: "" CidrBlock: 172.16.2.0/24 VpcId: !Ref VPC Tags: - Key: Env Value: test - Key: Name Value: sc-test-subnet-2 SecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: SC Test Security Group GroupName: sc-lab-test-sg VpcId: !Ref VPC Tags: - Key: Env Value: test - Key: Name Value: sc-test-sg KMSKey: Type: AWS::KMS::Key Properties: Description: "Test KMS Key" KeyPolicy: Version: "2012-10-17" Id: "key-default-1" Statement: - Sid: "Enable IAM User Permissions" Effect: "Allow" Principal: AWS: - !Sub 'arn:aws:iam::${AWS::AccountId}:root' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-alb-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-autoscaling-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-alb-listener-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-alb-target-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-dms-endpoint-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-dms-instance-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-dynamodb-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-ebs-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-efs-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-elasticache-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-elasticsearch-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-fsx-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-kinesis-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-sns-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-sqs-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-sagemaker-product-role' - !Sub 'arn:aws:iam::${AWS::AccountId}:role/sc-s3-product-role' Action: "kms:*" Resource: "*" DMSReplicationSubnetGroup: Type: AWS::DMS::ReplicationSubnetGroup Properties: ReplicationSubnetGroupIdentifier: "dmstestreplicationgroup" ReplicationSubnetGroupDescription: "Test DMS Replication Group" SubnetIds: - !Ref SubnetA - !Ref SubnetB ECSubnetGroup: Type: AWS::ElastiCache::SubnetGroup Properties: Description: "Cache Subnet Group" CacheSubnetGroupName: ec-test-subnet-group SubnetIds: - !Ref SubnetA - !Ref SubnetB ECSecurityGroup: Type: AWS::ElastiCache::SecurityGroup Properties: Description: ec-test-security-group SageMakerRole: Type: 'AWS::IAM::Role' Properties: RoleName: sc-test-sagemaker-role AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - sagemaker.amazonaws.com Action: - 'sts:AssumeRole' Path: / ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonSageMakerFullAccess Outputs: VPCId: Value: !Ref VPC SubnetA: Value: !Ref SubnetA SubnetB: Value: !Ref SubnetB TestSG: Value: !Ref SecurityGroup TestKMS: Value: !Ref KMSKey DMSGroup: Value: !Ref DMSReplicationSubnetGroup ECSubnet: Value: !Ref ECSubnetGroup ECSG: Value: !Ref ECSecurityGroup SMRole: Value: !Ref SageMakerRole