Description: This template for Application VPC - VPC3 Parameters: EC2KEY: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances Type: 'AWS::EC2::KeyPair::KeyName' ConstraintDescription: must be the name of an existing EC2 KeyPair. ApplicationServerInstanceType: Description: Choose instance type for application server in private subnet Type: String Default: t4g.micro AllowedValues: - t4g.micro - t4g.small - c4g.medium - c6g.medium ConstraintDescription: must be a valid EC2 instance type. JumpServerCIDR: # Jump Server CIDR in Shared VPC Description: Please enter the JumpServer CIDR in Shared VPC Type: String Default: 10.1.0.0/16 Arm64AmiId: Type: String Default: ami-0d7c3e5665c6b4dbe # Define VPC3 VPC3CIDR: Description: Please enter the IP range (CIDR notation) for this VPC Type: String Default: 10.3.0.0/16 VPC3PublicSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone Type: String Default: 10.3.1.0/24 VPC3PublicSubnet2CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone Type: String Default: 10.3.2.0/24 VPC3PrivateSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone Type: String Default: 10.3.101.0/24 VPC3PrivateSubnet2CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone Type: String Default: 10.3.102.0/24 Resources: # VPC and IGW VPC3: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPC3CIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: VPC3 VPC3InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: VPC3 VPC3InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment DependsOn: VPC3InternetGateway Properties: InternetGatewayId: !Ref VPC3InternetGateway VpcId: !Ref VPC3 VPC3EIP1: Type: AWS::EC2::EIP Properties: Domain: vpc Tags: - Key: Name Value: VPC3NATGateway1 VPC3EIP2: Type: AWS::EC2::EIP Properties: Domain: vpc Tags: - Key: Name Value: VPC3NATGateway2 # 4 subnets VPC3PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC3 AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref VPC3PublicSubnet1CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: VPC3Public1 VPC3PublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC3 AvailabilityZone: !Select [ 1, !GetAZs '' ] CidrBlock: !Ref VPC3PublicSubnet2CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: VPC3Public2 VPC3PrivateSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC3 AvailabilityZone: !Select [ 0, !GetAZs '' ] CidrBlock: !Ref VPC3PrivateSubnet1CIDR MapPublicIpOnLaunch: false Tags: - Key: Name Value: VPC3Private1 VPC3PrivateSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC3 AvailabilityZone: !Select [ 1, !GetAZs '' ] CidrBlock: !Ref VPC3PrivateSubnet2CIDR MapPublicIpOnLaunch: false Tags: - Key: Name Value: VPC3Private2 # NAT Gateway VPC3NATGateway1: DependsOn: VPC3PublicSubnet1 Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt VPC3EIP1.AllocationId SubnetId: !Ref VPC3PublicSubnet1 Tags: - Key: Name Value: VPC3NATGateway1 VPC3NATGateway2: DependsOn: VPC3PublicSubnet2 Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt VPC3EIP2.AllocationId SubnetId: !Ref VPC3PublicSubnet2 Tags: - Key: Name Value: VPC3NATGateway2 # Public Route table # AZ1 VPC3PublicRouteTable1: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC3 Tags: - Key: Name Value: VPC3Public1 VPC3PublicRoute1: Type: AWS::EC2::Route DependsOn: VPC3InternetGatewayAttachment Properties: RouteTableId: !Ref VPC3PublicRouteTable1 DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref VPC3InternetGateway VPC3PublicSubnet1RouteTableAssociation1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref VPC3PublicRouteTable1 SubnetId: !Ref VPC3PublicSubnet1 # AZ2 VPC3PublicRouteTable2: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC3 Tags: - Key: Name Value: VPC3Public2 VPC3PublicRoute2: Type: AWS::EC2::Route DependsOn: VPC3InternetGatewayAttachment Properties: RouteTableId: !Ref VPC3PublicRouteTable2 DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref VPC3InternetGateway VPC3PublicSubnet1RouteTableAssociation2: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref VPC3PublicRouteTable2 SubnetId: !Ref VPC3PublicSubnet2 # Private Route table # AZ1 VPC3PrivateRouteTable1: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC3 Tags: - Key: Name Value: VPC3Private1 VPC3PrivateRoute1: Type: AWS::EC2::Route DependsOn: VPC3NATGateway1 Properties: RouteTableId: !Ref VPC3PrivateRouteTable1 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref VPC3NATGateway1 VPC3PrivateSubnet1RouteTableAssociation1: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref VPC3PrivateRouteTable1 SubnetId: !Ref VPC3PrivateSubnet1 # AZ2 VPC3PrivateRouteTable2: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC3 Tags: - Key: Name Value: VPC3Private2 VPC3PrivateRoute2: Type: AWS::EC2::Route DependsOn: VPC3NATGateway2 Properties: RouteTableId: !Ref VPC3PrivateRouteTable2 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref VPC3NATGateway2 VPC3PrivateSubnet1RouteTableAssociation2: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref VPC3PrivateRouteTable2 SubnetId: !Ref VPC3PrivateSubnet2 # Security Group VPC3SecurtiyGroup1: Type: 'AWS::EC2::SecurityGroup' DependsOn: VPC3PublicSubnet1 Properties: GroupName: VPC3 Application Server GroupDescription: VPC3 Application Server VpcId: !Ref VPC3 SecurityGroupIngress: - IpProtocol: tcp # Allow SSH from JumpServer in Shared VPC FromPort: '22' ToPort: '22' CidrIp: !Ref JumpServerCIDR Description: Allow SSH from JumpServer in Shared VPC - IpProtocol: tcp # allow Web Service from anywhere FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0 Description: Allow Web Service from Shared VPC - IpProtocol: icmp # allow ping from anywhere FromPort: '8' ToPort: '-1' CidrIp: 0.0.0.0/0 Description: Allow Ping from anywhere Tags: - Key: Name Value: VPC03 Application Server # Application Server VPC3VM1: Type: 'AWS::EC2::Instance' DependsOn: VPC3SecurtiyGroup1 Properties: KeyName: !Ref EC2KEY ImageId: !Ref Arm64AmiId InstanceType: !Ref ApplicationServerInstanceType IamInstanceProfile: !Ref SSMIAMprofile AvailabilityZone: !Select [ 0, !GetAZs '' ] SubnetId: !Ref VPC3PrivateSubnet1 Monitoring: true BlockDeviceMappings: # Use gp3 as root disk @2021-01-31 - DeviceName: /dev/xvda Ebs: VolumeType: gp3 VolumeSize: 10 DeleteOnTermination: true SecurityGroupIds: - !Ref VPC3SecurtiyGroup1 Tags: - Key: Name Value: VPC3 Application Server UserData: !Base64 'Fn::Join': - '' - - | #! /bin/bash - | yum update -y - |+ Outputs: VPC3: Value: !Ref VPC3 VPC3PublicSubnet1: Value: !Ref VPC3PublicSubnet1 VPC3PublicSubnet2: Value: !Ref VPC3PublicSubnet2 VPC3PrivateSubnet1: Value: !Ref VPC3PrivateSubnet1 VPC3PrivateSubnet2: Value: !Ref VPC3PrivateSubnet2 VPC3PublicRouteTable1: Value: !Ref VPC3PublicRouteTable1 VPC3PublicRouteTable2: Value: !Ref VPC3PublicRouteTable2 VPC3PrivateRouteTable1: Value: !Ref VPC3PrivateRouteTable1 VPC3PrivateRouteTable2: Value: !Ref VPC3PrivateRouteTable2 VPC3PrivateIP: Value: !GetAtt VPC3VM1.PrivateIp