AWSTemplateFormatVersion: 2010-09-09
Description: >-
This template deploys the infrastructure components for the re-platformed Java solution.
The deployed resources include a VPC, two public subnets, two app private subnets, two DB
private subnets, an internet gateway, two NAT gateways, public and private route tables.
It also deploys an S3 bucket to store resource and configuration files.
**WARNING** You will be billed for the AWS resources created if you create a stack from this template.
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
########################################################################
Parameters:
# General
EnvironmentName:
Description: An environment name that is prefixed to resource names
Type: String
Default: JavaWebApp
BucketName:
Description: Enter a unique bucket name to store your resources
Type: String
Default: java-webapp-bucket
VpcCIDR:
Description: Please enter the IP range (CIDR notation) for this VPC
Type: String
Default: 10.0.0.0/16
PublicSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone
Type: String
Default: 10.0.0.0/24
PublicSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone
Type: String
Default: 10.0.1.0/24
PrivateSubnet1CIDR:
Description: Please enter the IP range (CIDR notation) for the web app private subnet in the first Availability Zone
Type: String
Default: 10.0.2.0/23
PrivateSubnet2CIDR:
Description: Please enter the IP range (CIDR notation) for the web app private subnet in the second Availability Zone
Type: String
Default: 10.0.4.0/23
PrivateSubnet3CIDR:
Description: Please enter the IP range (CIDR notation) for the database private subnet in the first Availability Zone
Type: String
Default: 10.0.6.0/23
PrivateSubnet4CIDR:
Description: Please enter the IP range (CIDR notation) for the database private subnet in the second Availability Zone
Type: String
Default: 10.0.8.0/23
Resources:
# Virtual Private Cloud for the solution
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCIDR
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Ref EnvironmentName
# Internet Gateway to allow communication between the VPC and internet
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Ref EnvironmentName
# Attaches the internet gateway to the VPC
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
# Public subnet in the first availability zone
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet1CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ1)
# Public subnet in the second availability zone
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PublicSubnet2CIDR
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Subnet (AZ2)
# Private web application subnet in the first availability zone
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet1CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} WebApp Private Subnet (AZ1)
# Private web application subnet in the second availability zone
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet2CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} WebApp Private Subnet (AZ2)
# Private database subnet in the first availability zone
PrivateSubnet3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 0, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet3CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} DB Private Subnet (AZ1)
# Private database subnet in the second availability zone
PrivateSubnet4:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
AvailabilityZone: !Select [ 1, !GetAZs '' ]
CidrBlock: !Ref PrivateSubnet4CIDR
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} DB Private Subnet (AZ2)
# Elastic IP for the first NAT Gateway
NatGateway1EIP:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachment
Properties:
Domain: vpc
# Elastic IP for the second NAT Gateway
NatGateway2EIP:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachment
Properties:
Domain: vpc
# NAT Gateway in the first availability zone
NatGateway1:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGateway1EIP.AllocationId
SubnetId: !Ref PublicSubnet1
# NAT Gateway in the second availability zone
NatGateway2:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NatGateway2EIP.AllocationId
SubnetId: !Ref PublicSubnet2
# Public route table
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Public Routes
# Default route for internet traffic to the internet gateway
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
# Associate public subnet in the first AZ to the public route table
PublicSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1
# Associate public subnet in the second AZ to the public route table
PublicSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet2
# Private route table in the first AZ
PrivateRouteTable1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} WebApp Private Routes (AZ1)
# Default route for internet traffic from the app private subnet through the NAT gateway in the first AZ
DefaultPrivateRoute1:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable1
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway1
# Associate app private subnet in the first AZ to the public route table
PrivateSubnet1RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable1
SubnetId: !Ref PrivateSubnet1
# App private route table in the second AZ
PrivateRouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} WebApp Private Routes (AZ2)
# Default route for internet traffic from the app private subnet through the NAT gateway in the second AZ
DefaultPrivateRoute2:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway2
# Associate app private subnet in the second AZ to the public route table
PrivateSubnet2RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable2
SubnetId: !Ref PrivateSubnet2
# DB private route table in the first AZ
PrivateRouteTable3:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} DB Private Routes (AZ1)
# Associate DB private subnet in the first AZ to the private route table
PrivateSubnet3RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable3
SubnetId: !Ref PrivateSubnet3
# DB private route table in the second AZ
PrivateRouteTable4:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} DB Private Routes (AZ2)
# Associate DB private subnet in the second AZ to the private route table
PrivateSubnet4RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRouteTable4
SubnetId: !Ref PrivateSubnet4
# Security group with no inbound traffic
NoIngressSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "no-ingress-sg"
GroupDescription: "Security group with no ingress rule"
VpcId: !Ref VPC
# S3 bucket to store the resource & config files
S3Bucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Retain
Properties:
BucketName: !Ref BucketName
Outputs:
VPC:
Description: A reference to the created VPC
Value: !Ref VPC
Export:
Name: !Sub '${AWS::StackName}'
PublicSubnets:
Description: A list of the public subnets
Value: !Join [ ",", [ !Ref PublicSubnet1, !Ref PublicSubnet2 ]]
Export:
Name: !Sub '${AWS::StackName}-PublicSubnets'
PrivateSubnets:
Description: A list of the private subnets
Value: !Join [ ",", [ !Ref PrivateSubnet1, !Ref PrivateSubnet2, !Ref PrivateSubnet3, !Ref PrivateSubnet4 ]]
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnets'
PublicSubnet1:
Description: A reference to the public subnet in the 1st Availability Zone
Value: !Ref PublicSubnet1
Export:
Name: !Sub '${AWS::StackName}-PublicSubnet1'
PublicSubnet1CIDR:
Description: A reference to the public subnet CIDR range in the 1st Availability Zone
Value: !Ref PublicSubnet1CIDR
Export:
Name: !Sub '${AWS::StackName}-PublicSubnet1CIDR'
PublicSubnet2:
Description: A reference to the public subnet in the 2nd Availability Zone
Value: !Ref PublicSubnet2
Export:
Name: !Sub '${AWS::StackName}-PublicSubnet2'
PublicSubnet2CIDR:
Description: A reference to the public subnet CIDR range in the 2nd Availability Zone
Value: !Ref PublicSubnet2CIDR
Export:
Name: !Sub '${AWS::StackName}-PublicSubnet2CIDR'
PrivateSubnet1:
Description: A reference to the private subnet in the 1st Availability Zone
Value: !Ref PrivateSubnet1
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet1'
PrivateSubnet1CIDR:
Description: A reference to the private subnet CIDR range in the 1st Availability Zone
Value: !Ref PrivateSubnet1CIDR
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet1CIDR'
PrivateSubnet2:
Description: A reference to the private subnet in the 2nd Availability Zone
Value: !Ref PrivateSubnet2
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet2'
PrivateSubnet2CIDR:
Description: A reference to the private subnet CIDR range in the 2nd Availability Zone
Value: !Ref PrivateSubnet2CIDR
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet2CIDR'
PrivateSubnet3:
Description: A reference to the DB private subnet in the 1st Availability Zone
Value: !Ref PrivateSubnet3
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet3'
PrivateSubnet3CIDR:
Description: A reference to the DB private subnet CIDR range in the 1st Availability Zone
Value: !Ref PrivateSubnet3CIDR
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet3CIDR'
PrivateSubnet4:
Description: A reference to the private subnet in the 2nd Availability Zone
Value: !Ref PrivateSubnet4
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet4'
PrivateSubnet4CIDR:
Description: A reference to the DB private subnet CIDR range in the 2nd Availability Zone
Value: !Ref PrivateSubnet4CIDR
Export:
Name: !Sub '${AWS::StackName}-PrivateSubnet4CIDR'
NoIngressSecurityGroup:
Description: Security group with no ingress rule
Value: !Ref NoIngressSecurityGroup
Export:
Name: !Sub '${AWS::StackName}-NoIngressSecurityGroup'