AWSTemplateFormatVersion: '2010-09-09' Description: This template deploys one VPC with a public and private subnets. It deploys an internet gateway, with a default route on the public subnet. Parameters: EnvironmentName: Description: An environment name that is prefixed to resource names Type: String Default: apigwlab VpcCIDR: Description: Please enter the IP range (CIDR notation) for this VPC Type: String Default: 10.0.0.0/16 PublicSubnetCIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the Region Type: String Default: 10.0.1.0/24 PrivateSubnetCIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the Region Type: String Default: 10.0.2.0/24 KeyName: Description : Name of an existing EC2 KeyPair to enable SSH access to the instance Type: AWS::EC2::KeyPair::KeyName ConstraintDescription : must be the name of an existing EC2 KeyPair (Required). Mappings: RegionMap: us-east-1: AMI: ami-0533f2ba8a1995cf9 us-east-2: AMI: ami-07a0844029df33d7d us-west-1: AMI: ami-0a245a00f741d6301 us-west-2: AMI: ami-05b622b5fa0269787 sa-east-1: AMI: ami-0ca43e15336e41670 Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Ref EnvironmentName InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Ref EnvironmentName InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC PublicSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref PublicSubnetCIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${EnvironmentName} - Public Subnet PrivateSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref PrivateSubnetCIDR MapPublicIpOnLaunch: false Tags: - Key: Name Value: !Sub ${EnvironmentName} - Private Subnet NatGatewayEIP: Type: AWS::EC2::EIP DependsOn: InternetGatewayAttachment Properties: Domain: VPC NatGateway: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt NatGatewayEIP.AllocationId SubnetId: !Ref PublicSubnet PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${EnvironmentName} Public Routes PrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${EnvironmentName} Private Routes DefaultPrivateRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NatGateway DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet PrivateSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PrivateRouteTable SubnetId: !Ref PrivateSubnet InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow http to client host VpcId: Ref: VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 VpceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow http to client host VpcId: Ref: VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 EC2Client: Type: AWS::EC2::Instance Properties: ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - AMI InstanceType: t3.small SecurityGroupIds: - !GetAtt InstanceSecurityGroup.GroupId KeyName: !Ref KeyName SubnetId: !Ref PublicSubnet Outputs: VPC: Description: A reference to the created VPC Value: !Ref VPC PrivateSubnet: Description: Private subnet Value: !Ref PrivateSubnet PublicSubnet: Description: Public subnet Value: !Ref PublicSubnet SecurityGroup: Description: A reference to the security group Value: !Ref VpceSecurityGroup