AWSTemplateFormatVersion: 2010-09-09 Description: Provisions HIPAA Ready Environment in AWS - Transit gateway(qs-1rabh51ku) Metadata: Identifier: Value: main Input: Description: Input of all required parameters in nested stacks Output: Description: N/A AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Development VPC configuration Parameters: - DevVPCCIDRBlock - Label: default: Production VPC configuration Parameters: - ProdVPCCIDRBlock - Label: default: Imported parameters Parameters: - DevelopmentVPC - DevelopmentVPCSubnet1 - DevelopmentVPCSubnet2 - DevelopmentPrivateRouteTable1 - ProductionVPC - ProductionCoreSubnet1 - ProductionCoreSubnet2 - ProductionPrivateRouteTable1 - ManagementVPC - ManagementCoreSubnet1 - ManagementCoreSubnet2 - ManagementPrivateRouteTable1 - ManagementPrivateRouteTable2 - ManagementPublicRouteTable1 - ManagementPublicRouteTable2 ParameterLabels: DevVPCCIDRBlock: default: Development VPC CIDR block ProdVPCCIDRBlock: default: Production VPC CIDR block DevelopmentVPC: default: Development VPC DevelopmentVPCSubnet1: default: Development VPC subnet 1 DevelopmentVPCSubnet2: default: Development VPC subnet 2 DevelopmentPrivateRouteTable1: default: Development VPC private route table 1 ProductionVPC: default: Production VPC ProductionCoreSubnet1: default: Production VPC private subnet 1 ProductionCoreSubnet2: default: Production VPC private subnet 2 ProductionPrivateRouteTable1: default: Production VPC private route table 1 ManagementVPC: default: Management VPC ManagementCoreSubnet1: default: Management VPC private subnet 1 ManagementCoreSubnet2: default: Management VPC private subnet 2 ManagementPrivateRouteTable1: default: Management VPC private route table 1 ManagementPrivateRouteTable2: default: Management VPC private route table 2 ManagementPublicRouteTable1: default: Management VPC public route table 1 ManagementPublicRouteTable2: default: Management VPC public route table 2 Parameters: DevelopmentVPC: Type: String Description: Development VPC. DevelopmentVPCSubnet1: Type: String Description: Development VPC private subnet 1. DevelopmentVPCSubnet2: Type: String Description: Development VPC private subnet 2. DevelopmentPrivateRouteTable1: Type: String Description: Development VPC private route table 1. ProductionVPC: Type: String Description: Production VPC. ProductionCoreSubnet1: Type: String Description: Production VPC private subnet 1. ProductionCoreSubnet2: Type: String Description: Production VPC private subnet 2. ProductionPrivateRouteTable1: Type: String Description: Production VPC private route table 1. ManagementVPC: Type: String Description: Management VPC. ManagementCoreSubnet1: Type: String Description: Management VPC private subnet 1. ManagementCoreSubnet2: Type: String Description: Management VPC private subnet 2. ManagementPrivateRouteTable1: Type: String Description: Management VPC private route table 1. ManagementPrivateRouteTable2: Type: String Description: Management VPC private route table 2. ManagementPublicRouteTable1: Type: String Description: Management VPC public route table 1. ManagementPublicRouteTable2: Type: String Description: Management VPC public route table 2. DevVPCCIDRBlock: Type: String AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$" Description: Development VPC CIDR block. ProdVPCCIDRBlock: Type: String AllowedPattern: "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$" Description: Production VPC CIDR block. Resources: HIPAATransitGateway: Type: 'AWS::EC2::TransitGateway' Properties: AutoAcceptSharedAttachments: enable DefaultRouteTableAssociation: disable DefaultRouteTablePropagation: disable Description: HIPAA Transit Gateway DnsSupport: enable Tags: - Key: Name Value: HIPAA Transit Gateway - Key: Purpose Value: Networking VpnEcmpSupport: enable ManagementVPCtoTransitGateway: Type: 'AWS::EC2::TransitGatewayAttachment' Properties: SubnetIds: - !Ref ManagementCoreSubnet1 - !Ref ManagementCoreSubnet2 TransitGatewayId: !Ref HIPAATransitGateway VpcId: !Ref ManagementVPC Tags: - Key: Name Value: Management Transit Gateway Attachment - Key: Purpose Value: Networking ProductionVPCtoTransitGateway: Type: 'AWS::EC2::TransitGatewayAttachment' Properties: SubnetIds: - !Ref ProductionCoreSubnet1 - !Ref ProductionCoreSubnet2 TransitGatewayId: !Ref HIPAATransitGateway VpcId: !Ref ProductionVPC Tags: - Key: Name Value: Production Transit Gateway Attachment - Key: Purpose Value: Networking DevVPCtoTransitGateway: Type: 'AWS::EC2::TransitGatewayAttachment' Properties: SubnetIds: - !Ref DevelopmentVPCSubnet1 - !Ref DevelopmentVPCSubnet2 TransitGatewayId: !Ref HIPAATransitGateway VpcId: !Ref DevelopmentVPC Tags: - Key: Name Value: Development Transit Gateway Attachment - Key: Purpose Value: Networking TransitGatewayExternalRouteTable: Type: 'AWS::EC2::TransitGatewayRouteTable' Properties: TransitGatewayId: !Ref HIPAATransitGateway Tags: - Key: Name Value: External Transit Gateway Route Table - Key: Purpose Value: Networking TransitGatewayInternalRouteTable: Type: 'AWS::EC2::TransitGatewayRouteTable' Properties: TransitGatewayId: !Ref HIPAATransitGateway Tags: - Key: Name Value: Internal Transit Gateway Route Table - Key: Purpose Value: Networking TransitGatewayExternalRouteTableAssociation: Type: 'AWS::EC2::TransitGatewayRouteTableAssociation' Properties: TransitGatewayAttachmentId: !Ref ManagementVPCtoTransitGateway TransitGatewayRouteTableId: !Ref TransitGatewayExternalRouteTable TransitGatewayProductionVPCRouteTableAssociation: Type: 'AWS::EC2::TransitGatewayRouteTableAssociation' Properties: TransitGatewayAttachmentId: !Ref ProductionVPCtoTransitGateway TransitGatewayRouteTableId: !Ref TransitGatewayInternalRouteTable TransitGatewayDevelopmentVPCRouteTableAssociation: Type: 'AWS::EC2::TransitGatewayRouteTableAssociation' Properties: TransitGatewayAttachmentId: !Ref DevVPCtoTransitGateway TransitGatewayRouteTableId: !Ref TransitGatewayInternalRouteTable TransitGatewayInternalRouteProp1: Type: 'AWS::EC2::TransitGatewayRouteTablePropagation' Properties: TransitGatewayAttachmentId: !Ref ProductionVPCtoTransitGateway TransitGatewayRouteTableId: !Ref TransitGatewayInternalRouteTable TransitGatewayInternalRouteProp2: Type: 'AWS::EC2::TransitGatewayRouteTablePropagation' Properties: TransitGatewayAttachmentId: !Ref DevVPCtoTransitGateway TransitGatewayRouteTableId: !Ref TransitGatewayInternalRouteTable TransitGatewayExternalRouteProp1: Type: 'AWS::EC2::TransitGatewayRouteTablePropagation' Properties: TransitGatewayAttachmentId: !Ref ManagementVPCtoTransitGateway TransitGatewayRouteTableId: !Ref TransitGatewayExternalRouteTable TransitGatewayInternalRoute1: Type: 'AWS::EC2::TransitGatewayRoute' Properties: TransitGatewayRouteTableId: !Ref TransitGatewayInternalRouteTable DestinationCidrBlock: 0.0.0.0/0 TransitGatewayAttachmentId: !Ref ManagementVPCtoTransitGateway TransitGatewayExternalRoute1: Type: 'AWS::EC2::TransitGatewayRoute' Properties: TransitGatewayRouteTableId: !Ref TransitGatewayExternalRouteTable DestinationCidrBlock: !Ref ProdVPCCIDRBlock TransitGatewayAttachmentId: !Ref ProductionVPCtoTransitGateway TransitGatewayExternalRoute2: Type: 'AWS::EC2::TransitGatewayRoute' Properties: TransitGatewayRouteTableId: !Ref TransitGatewayExternalRouteTable DestinationCidrBlock: !Ref DevVPCCIDRBlock TransitGatewayAttachmentId: !Ref DevVPCtoTransitGateway ManagementPrivateSubnet1Route1: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPrivateRouteTable1 DestinationCidrBlock: !Ref ProdVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPrivateSubnet1Route2: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPrivateRouteTable1 DestinationCidrBlock: !Ref DevVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPrivateSubnet2Route1: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPrivateRouteTable2 DestinationCidrBlock: !Ref ProdVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPrivateSubnet2Route2: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPrivateRouteTable2 DestinationCidrBlock: !Ref DevVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPublicSubnet1Route1: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPublicRouteTable1 DestinationCidrBlock: !Ref ProdVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPublicSubnet1Route2: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPublicRouteTable1 DestinationCidrBlock: !Ref DevVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPublicSubnet2Route1: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPublicRouteTable2 DestinationCidrBlock: !Ref ProdVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway ManagementPublicSubnet2Route2: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ManagementPublicRouteTable2 DestinationCidrBlock: !Ref DevVPCCIDRBlock TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ManagementVPCtoTransitGateway DevelopmentVPCDefaultRoute: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref DevelopmentPrivateRouteTable1 DestinationCidrBlock: 0.0.0.0/0 TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - DevVPCtoTransitGateway ProductionVPCDefaultRoute: Type: 'AWS::EC2::Route' Properties: RouteTableId: !Ref ProductionPrivateRouteTable1 DestinationCidrBlock: 0.0.0.0/0 TransitGatewayId: !Ref HIPAATransitGateway DependsOn: - ProductionVPCtoTransitGateway Outputs: Help: Description: For assistance or questions regarding this quickstart please email compliance-accelerator@amazon.com Value: ''