AWSTemplateFormatVersion: 2010-09-09 Description: This template builds the VPC, public and private subnets, NAT gateway, and several Security Groups (qs-1s6n2i64h) Metadata: cfn-lint: config: ignore_checks: - W9001 - W9002 - W9003 - W9004 - W9006 Parameters: VpcCidr: Type: String AvailabilityZones: Type: CommaDelimitedList NumberAZs: Type: String PrivateSubnetCidr1: Type: String PrivateSubnetCidr2: Type: String PrivateSubnetCidr3: Type: String PrivateSubnetCidr4: Type: String PrivateSubnetCidr5: Type: String PrivateSubnetCidr6: Type: String PublicSubnetCidr1: Type: String PublicSubnetCidr2: Type: String PublicSubnetCidr3: Type: String PublicSubnetCidr4: Type: String PublicSubnetCidr5: Type: String PublicSubnetCidr6: Type: String QClusterLocalZone: Type: String SideCarAZ: Type: String SideCarPrivateSubnetCidr: Type: String Conditions: Prov1AZandDR: !Or - !Equals [!Ref NumberAZs, 1] - !Equals [!Ref NumberAZs, 2] ProvMultiAZ: !Not [Condition: Prov1AZandDR] LocalAZ: !Not - !Equals - !Ref QClusterLocalZone - "NO" Provision2: !Or [!Equals [!Ref NumberAZs, "2"], Condition: Provision3] Provision3: !Or [!Equals [!Ref NumberAZs, "3"], Condition: Provision4] Provision4: !Or [!Equals [!Ref NumberAZs, "4"], Condition: Provision5] Provision5: !Or [!Equals [!Ref NumberAZs, "5"], Condition: Provision6] Provision6: !Equals [!Ref NumberAZs, "6"] Resources: VPC: Type: "AWS::EC2::VPC" Properties: EnableDnsSupport: true EnableDnsHostnames: true CidrBlock: !Ref VpcCidr Tags: - Key: Name Value: !Sub "${AWS::StackName} - Cloud-Q-Quickstart" PrivateSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnetCidr1 AvailabilityZone: !Select [0, !Ref AvailabilityZones] Tags: - Key: Name Value: !If - Prov1AZandDR - !Sub "${AWS::StackName} - Private-Prod" - !Sub "${AWS::StackName} - Private-a" PrivateSubnet2: Type: "AWS::EC2::Subnet" Condition: Provision2 Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnetCidr2 AvailabilityZone: !Select [1, !Ref AvailabilityZones] Tags: - Key: Name Value: !If - Prov1AZandDR - !Sub "${AWS::StackName} - Private-DR" - !Sub "${AWS::StackName} - Private-b" PrivateSubnet3: Type: "AWS::EC2::Subnet" Condition: Provision3 Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnetCidr3 AvailabilityZone: !Select [2, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Private-c" PrivateSubnet4: Type: "AWS::EC2::Subnet" Condition: Provision4 Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnetCidr4 AvailabilityZone: !Select [3, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Private-d" PrivateSubnet5: Type: "AWS::EC2::Subnet" Condition: Provision5 Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnetCidr5 AvailabilityZone: !Select [4, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Private-e" PrivateSubnet6: Type: "AWS::EC2::Subnet" Condition: Provision6 Properties: VpcId: !Ref VPC CidrBlock: !Ref PrivateSubnetCidr6 AvailabilityZone: !Select [5, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Private-f" SideCarPrivateSubnet: Type: "AWS::EC2::Subnet" Condition: LocalAZ Properties: VpcId: !Ref VPC CidrBlock: !Ref SideCarPrivateSubnetCidr AvailabilityZone: !Ref SideCarAZ Tags: - Key: Name Value: !Sub "${AWS::StackName} - Private-Lambda" PublicSubnet1: Type: "AWS::EC2::Subnet" Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnetCidr1 AvailabilityZone: !Select [0, !Ref AvailabilityZones] Tags: - Key: Name Value: !If - Prov1AZandDR - !Sub "${AWS::StackName} - Public-Prod" - !Sub "${AWS::StackName} - Public-a" PublicSubnet2: Type: "AWS::EC2::Subnet" Condition: Provision2 Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnetCidr2 AvailabilityZone: !Select [1, !Ref AvailabilityZones] Tags: - Key: Name Value: !If - Prov1AZandDR - !Sub "${AWS::StackName} - Public-DR" - !Sub "${AWS::StackName} - Public-b" PublicSubnet3: Type: "AWS::EC2::Subnet" Condition: Provision3 Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnetCidr3 AvailabilityZone: !Select [2, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Public-c" PublicSubnet4: Type: "AWS::EC2::Subnet" Condition: Provision4 Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnetCidr4 AvailabilityZone: !Select [3, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Public-d" PublicSubnet5: Type: "AWS::EC2::Subnet" Condition: Provision5 Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnetCidr5 AvailabilityZone: !Select [4, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Public-e" PublicSubnet6: Type: "AWS::EC2::Subnet" Condition: Provision6 Properties: VpcId: !Ref VPC CidrBlock: !Ref PublicSubnetCidr6 AvailabilityZone: !Select [5, !Ref AvailabilityZones] Tags: - Key: Name Value: !Sub "${AWS::StackName} - Public-f" InternetGateway: Type: "AWS::EC2::InternetGateway" Properties: Tags: - Key: Name Value: !Sub "${AWS::StackName} - Cloud-Q-Quickstart" VPCGatewayAttachment: Type: "AWS::EC2::VPCGatewayAttachment" Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway PublicRouteTable: Type: "AWS::EC2::RouteTable" Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub "${AWS::StackName} - Public" PublicRoute: Type: "AWS::EC2::Route" DependsOn: VPCGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnetRouteTableAssociation1: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicRouteTable PublicSubnetRouteTableAssociation2: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision2 Properties: SubnetId: !Ref PublicSubnet2 RouteTableId: !Ref PublicRouteTable PublicSubnetRouteTableAssociation3: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision3 Properties: SubnetId: !Ref PublicSubnet3 RouteTableId: !Ref PublicRouteTable PublicSubnetRouteTableAssociation4: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision4 Properties: SubnetId: !Ref PublicSubnet4 RouteTableId: !Ref PublicRouteTable PublicSubnetRouteTableAssociation5: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision5 Properties: SubnetId: !Ref PublicSubnet5 RouteTableId: !Ref PublicRouteTable PublicSubnetRouteTableAssociation6: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision6 Properties: SubnetId: !Ref PublicSubnet6 RouteTableId: !Ref PublicRouteTable PrivateRouteTable: Type: "AWS::EC2::RouteTable" Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub "${AWS::StackName} - Private" PrivateSubnetRouteTableAssociation1: Type: "AWS::EC2::SubnetRouteTableAssociation" Properties: SubnetId: !Ref PrivateSubnet1 RouteTableId: !Ref PrivateRouteTable PrivateSubnetRouteTableAssociation2: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision2 Properties: SubnetId: !Ref PrivateSubnet2 RouteTableId: !Ref PrivateRouteTable PrivateSubnetRouteTableAssociation3: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision3 Properties: SubnetId: !Ref PrivateSubnet3 RouteTableId: !Ref PrivateRouteTable PrivateSubnetRouteTableAssociation4: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision4 Properties: SubnetId: !Ref PrivateSubnet4 RouteTableId: !Ref PrivateRouteTable PrivateSubnetRouteTableAssociation5: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision5 Properties: SubnetId: !Ref PrivateSubnet5 RouteTableId: !Ref PrivateRouteTable PrivateSubnetRouteTableAssociation6: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: Provision6 Properties: SubnetId: !Ref PrivateSubnet6 RouteTableId: !Ref PrivateRouteTable SideCarPrivateSubnetRouteTableAssociation: Type: "AWS::EC2::SubnetRouteTableAssociation" Condition: LocalAZ Properties: SubnetId: !Ref SideCarPrivateSubnet RouteTableId: !Ref PrivateRouteTable NatGateway: Type: "AWS::EC2::NatGateway" Properties: AllocationId: !GetAtt - NatEIP - AllocationId SubnetId: !Ref PublicSubnet1 Tags: - Key: Name Value: !Sub "${AWS::StackName} - Cloud-Q-Quickstart" NatEIP: DependsOn: VPCGatewayAttachment Type: "AWS::EC2::EIP" Properties: Domain: vpc Tags: - Key: Name Value: !Sub "${AWS::StackName} - Cloud-Q-Quickstart" NatRoute: Type: "AWS::EC2::Route" Properties: RouteTableId: !Ref PrivateRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NatGateway DefaultSg: Type: "AWS::EC2::SecurityGroup" Properties: GroupDescription: default VpcId: !Ref VPC S3Endpoint: Type: 'AWS::EC2::VPCEndpoint' Properties: RouteTableIds: - !Ref PrivateRouteTable - !Ref PublicRouteTable ServiceName: !Sub 'com.amazonaws.${AWS::Region}.s3' VpcId: !Ref VPC Outputs: VPCID: Value: !Ref VPC PrivateSubnetId: Condition: Prov1AZandDR Value: !Ref PrivateSubnet1 PrivateSubnetIdDR: Condition: Prov1AZandDR Value: !If [Provision2, !Ref PrivateSubnet2, ""] PublicSubnetId: Condition: Prov1AZandDR Value: !Ref PublicSubnet1 PublicSubnetIdDR: Condition: Prov1AZandDR Value: !If [Provision2, !Ref PublicSubnet2, ""] PrivateSubnetIds: Condition: ProvMultiAZ Value: !Join - ", " - - !Ref PrivateSubnet1 - !If [Provision2, !Ref PrivateSubnet2, !Ref AWS::NoValue] - !If [Provision3, !Ref PrivateSubnet3, !Ref AWS::NoValue] - !If [Provision4, !Ref PrivateSubnet4, !Ref AWS::NoValue] - !If [Provision5, !Ref PrivateSubnet5, !Ref AWS::NoValue] - !If [Provision6, !Ref PrivateSubnet6, !Ref AWS::NoValue] PublicSubnetIds: Condition: ProvMultiAZ Value: !Join - ", " - - !Ref PublicSubnet1 - !If [Provision2, !Ref PublicSubnet2, !Ref AWS::NoValue] - !If [Provision3, !Ref PublicSubnet3, !Ref AWS::NoValue] - !If [Provision4, !Ref PublicSubnet4, !Ref AWS::NoValue] - !If [Provision5, !Ref PublicSubnet5, !Ref AWS::NoValue] - !If [Provision6, !Ref PublicSubnet6, !Ref AWS::NoValue] SideCarPrivateSubnetId: Condition: Prov1AZandDR Value: !If [LocalAZ, !Ref SideCarPrivateSubnet, !Ref PrivateSubnet1]