# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: MIT-0 Description: > This template creates the VPC, subnets, routes used by the Fargate ECS cluster as well as Load Balancers. Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsHostnames: true EnableDnsSupport: true InstanceTenancy: default Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC PublicSubnet1: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.0.0/18 VpcId: !Ref VPC AvailabilityZone: !Select [0, !GetAZs ""] MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet1 PublicSubnet1RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet1 PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicSubnet1RouteTable SubnetId: !Ref PublicSubnet1 PublicSubnet1DefaultRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicSubnet1RouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref IGW DependsOn: - VPC PublicSubnet1EIP: Type: AWS::EC2::EIP Properties: Domain: vpc Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet1 PublicSubnet1NATGateway: Type: AWS::EC2::NatGateway Properties: SubnetId: !Ref PublicSubnet1 AllocationId: !GetAtt PublicSubnet1EIP.AllocationId Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet1 PublicSubnet2: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.64.0/18 VpcId: !Ref VPC AvailabilityZone: !Select [1, !GetAZs ""] MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet2 PublicSubnet2RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet2 PublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicSubnet2RouteTable SubnetId: !Ref PublicSubnet2 PublicSubnet2DefaultRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicSubnet2RouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref IGW DependsOn: - VPC PublicSubnet2EIP: Type: AWS::EC2::EIP Properties: Domain: vpc Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet2 PublicSubnet2NATGateway: Type: AWS::EC2::NatGateway Properties: SubnetId: !Ref PublicSubnet2 AllocationId: !GetAtt PublicSubnet2EIP.AllocationId Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PublicSubnet2 PrivateSubnet1: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.128.0/18 VpcId: !Ref VPC AvailabilityZone: !Select [0, !GetAZs ""] MapPublicIpOnLaunch: false Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PrivateSubnet1 PrivateSubnet1RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PrivateSubnet1 PrivateSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PrivateSubnet1RouteTable SubnetId: !Ref PrivateSubnet1 PrivateSubnet1DefaultRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateSubnet1RouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref PublicSubnet1NATGateway PrivateSubnet2: Type: AWS::EC2::Subnet Properties: CidrBlock: 10.0.192.0/18 VpcId: !Ref VPC AvailabilityZone: !Select [1, !GetAZs ""] MapPublicIpOnLaunch: false Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PrivateSubnet2 PrivateSubnet2RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC/PrivateSubnet2 PrivateSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PrivateSubnet2RouteTable SubnetId: !Ref PrivateSubnet2 PrivateSubnet2DefaultRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateSubnet2RouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref PublicSubnet2NATGateway IGW: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Sub ${AWS::StackName}/VPC VPCGW: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref IGW #VPC Interface endpoint to invoke private API endpoint VPCInterfaceEndpoint: Type: AWS::EC2::VPCEndpoint Properties: PrivateDnsEnabled: true SecurityGroupIds: - !Ref CodeBuildTestingSecurityGroup ServiceName: !Sub com.amazonaws.${AWS::Region}.execute-api SubnetIds: - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 VpcEndpointType: Interface VpcId: !Ref VPC CodeBuildTestingSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: !Sub "${AWS::StackName}/ECS/CodeBuildTesting/SecurityGroup" SecurityGroupEgress: - CidrIp: 0.0.0.0/0 Description: Allow all outbound traffic by default IpProtocol: "-1" SecurityGroupIngress: - CidrIp: 10.0.0.0/16 Description: Allow from within the VPC for port 80 FromPort: 80 IpProtocol: tcp ToPort: 80 - CidrIp: 10.0.0.0/16 Description: Allow from within the VPC for port 443 FromPort: 443 IpProtocol: tcp ToPort: 443 - CidrIp: 10.0.0.0/16 Description: Allow from within the VPC for port 22 FromPort: 22 IpProtocol: tcp ToPort: 22 VpcId: !Ref VPC Outputs: VPCID: Description: VPC ID Value: !Ref VPC Export: Name: !Sub '${AWS::StackName}-VPCID' VPCCIDR: Description: VPC CIDR block Value: !GetAtt VPC.CidrBlock PrivateSubnet1: Description: PrivateSubnet1 ID Value: !Ref PrivateSubnet1 Export: Name: !Sub '${AWS::StackName}-PrivateSubnet1' PrivateSubnet2: Description: PrivateSubnet2 ID Value: !Ref PrivateSubnet2 Export: Name: !Sub '${AWS::StackName}-PrivateSubnet2' CodeBuildTestingSecurityGroup: Description: Security Group to Invoke Private API Value: !Ref CodeBuildTestingSecurityGroup Export: Name: !Sub '${AWS::StackName}-CodeBuildTestingSecurityGroup' VPCInterfaceEndpoint: Description: VPC Interface Endpoint to Invoke Private API Value: !Ref VPCInterfaceEndpoint