AWSTemplateFormatVersion: '2010-09-09' Description: This custom VPC template creates a SINGLE-AZ, single-subnet VPC infrastructure with managed NAT gateways in the public subnet within the Availability Zone. You can also create additional private subnets with dedicated custom network access control lists (ACLs). If you deploy the Quick Start in a region that doesn't support NAT gateways, NAT instances are deployed instead. **WARNING** This template creates AWS resources. You will be billed for the AWS resources used if you create a stack from this template. QS(0027) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Availability Zone Configuration Parameters: - AvailabilityZone - Label: default: Network Configuration Parameters: - VPCCIDR - PublicSubnet1CIDR - PublicSubnetTag1 - PublicSubnetTag2 - PublicSubnetTag3 ParameterLabels: AvailabilityZone: default: Availability Zone PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnetTag1: default: Tag for Public Subnets PublicSubnetTag2: default: Tag for Public Subnets PublicSubnetTag3: default: Tag for Public Subnets VPCCIDR: default: VPC CIDR VPCTenancy: default: VPC Tenancy RemoteAccessCIDR: default: Remote Access CIDR Parameters: AvailabilityZone: Description: 'A single Availability Zones to use for the subnets in the VPC.' Type: AWS::EC2::AvailabilityZone::Name PublicSubnet1CIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.128.0/20 Description: CIDR block for the public DMZ subnet 1 located in Availability Zone 1 Type: String PublicSubnetTag1: AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$ ConstraintDescription: tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: Network=Public Description: tag to add to public subnets, in format Key=Value (Optional) Type: String PublicSubnetTag2: AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$ ConstraintDescription: tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: tag to add to public subnets, in format Key=Value (Optional) Type: String PublicSubnetTag3: AllowedPattern: ^([a-zA-Z0-9+\-._:/@]+=[a-zA-Z0-9+\-.,_:/@ *\\"'\[\]\{\}]*)?$ ConstraintDescription: tags must be in format "Key=Value" keys can only contain [a-zA-Z0-9+\-._:/@], values can contain [a-zA-Z0-9+\-._:/@ *\\"'\[\]\{\}] Default: '' Description: tag to add to public subnets, in format Key=Value (Optional) Type: String RemoteAccessCIDR: AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) Default: '0.0.0.0/0' Type: String Description: IP CIDR Range that is allowed to access the nodes (Including SSH, MemSQL on 3306, and viewing the MemSQL Studio) ConstraintDescription: CIDR range must be in the form x.x.x.x/x VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: CIDR block for the VPC Type: String VPCTenancy: AllowedValues: - default - dedicated Default: default Description: The allowed tenancy of instances launched into the VPC Type: String Conditions: NVirginiaRegionCondition: !Equals - !Ref 'AWS::Region' - us-east-1 PublicSubnetTag1Condition: !Not - !Equals - !Ref 'PublicSubnetTag1' - '' PublicSubnetTag2Condition: !Not - !Equals - !Ref 'PublicSubnetTag2' - '' PublicSubnetTag3Condition: !Not - !Equals - !Ref 'PublicSubnetTag3' - '' Resources: DHCPOptions: Type: AWS::EC2::DHCPOptions Properties: DomainName: !If - NVirginiaRegionCondition - ec2.internal - !Sub '${AWS::Region}.compute.internal' DomainNameServers: - AmazonProvidedDNS VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref 'VPCCIDR' InstanceTenancy: !Ref 'VPCTenancy' EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Ref 'AWS::StackName' VPCDHCPOptionsAssociation: Type: AWS::EC2::VPCDHCPOptionsAssociation Properties: VpcId: !Ref 'VPC' DhcpOptionsId: !Ref 'DHCPOptions' InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Ref 'AWS::StackName' VPCGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref 'VPC' InternetGatewayId: !Ref 'InternetGateway' PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref 'VPC' CidrBlock: !Ref 'PublicSubnet1CIDR' AvailabilityZone: !Ref 'AvailabilityZone' Tags: - Key: Name Value: Public subnet 1 - !If - PublicSubnetTag1Condition - Key: !Select - '0' - !Split - '=' - !Ref 'PublicSubnetTag1' Value: !Select - '1' - !Split - '=' - !Ref 'PublicSubnetTag1' - !Ref 'AWS::NoValue' - !If - PublicSubnetTag2Condition - Key: !Select - '0' - !Split - '=' - !Ref 'PublicSubnetTag2' Value: !Select - '1' - !Split - '=' - !Ref 'PublicSubnetTag2' - !Ref 'AWS::NoValue' - !If - PublicSubnetTag3Condition - Key: !Select - '0' - !Split - '=' - !Ref 'PublicSubnetTag3' Value: !Select - '1' - !Split - '=' - !Ref 'PublicSubnetTag3' - !Ref 'AWS::NoValue' MapPublicIpOnLaunch: true PublicSubnetRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref 'VPC' Tags: - Key: Name Value: Public Subnet - Key: Network Value: Public Subnet PublicSubnetRoute: DependsOn: VPCGatewayAttachment Type: AWS::EC2::Route Properties: RouteTableId: !Ref 'PublicSubnetRouteTable' DestinationCidrBlock: '0.0.0.0/0' GatewayId: !Ref 'InternetGateway' PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref 'PublicSubnet1' RouteTableId: !Ref 'PublicSubnetRouteTable' MemSQLAccess: Type: AWS::EC2::SecurityGroup Properties: SecurityGroupIngress: - ToPort: 22 FromPort: 22 IpProtocol: tcp CidrIp: !Ref 'RemoteAccessCIDR' - ToPort: 3306 FromPort: 3306 IpProtocol: tcp CidrIp: !Ref 'RemoteAccessCIDR' - ToPort: 800 FromPort: 80 IpProtocol: tcp CidrIp: !Ref 'RemoteAccessCIDR' VpcId: !Ref 'VPC' GroupDescription: "Rules for the MemSQL Cluster" Outputs: PublicSubnet1CIDR: Description: Public subnet 1 CIDR in Availability Zone 1 Value: !Ref 'PublicSubnet1CIDR' Export: Name: !Sub '${AWS::StackName}-PublicSubnet1CIDR' PublicSubnet1ID: Description: Public subnet 1 ID in Availability Zone 1 Value: !Ref 'PublicSubnet1' Export: Name: !Sub '${AWS::StackName}-PublicSubnet1ID' PublicSubnetRouteTable: Value: !Ref 'PublicSubnetRouteTable' Description: Public subnet route table Export: Name: !Sub '${AWS::StackName}-PublicSubnetRouteTable' VPCCIDR: Value: !Ref 'VPCCIDR' Description: VPC CIDR Export: Name: !Sub '${AWS::StackName}-VPCCIDR' VPCID: Value: !Ref 'VPC' Description: VPC ID Export: Name: !Sub '${AWS::StackName}-VPCID' MemSQLAccessSG: Value: !Ref 'MemSQLAccess' Description: 'Security Group allowing access to MemSQL instances'