-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathVPCforTGW.yml
151 lines (139 loc) · 3.78 KB
/
VPCforTGW.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
AWSTemplateFormatVersion: "2010-09-09"
Description: VPC and EC2 for Transit Gateway
Mappings:
RegionMap:
us-east-1:
Linux2: ami-0be2609ba883822ec
us-east-2:
Linux2: ami-0a0ad6b70e61be944
us-west-1:
Linux2: ami-03130878b60947df3
us-west-2:
Linux2: ami-0a36eb8fadc976275
ap-northeast-1:
Linux2: ami-01748a72bed07727c
ap-northeast-2:
Linux2: ami-0094965d55b3bb1ff
Parameters:
KeyName:
Description: Name of KeyPair
Type: AWS::EC2::KeyPair::KeyName
MainNumber:
Description: 0~255
Type: Number
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Sub '10.${MainNumber}.0.0/16'
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${MainNumber} - VPC'
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Sub '10.${MainNumber}.1.0/24'
AvailabilityZone: !Select [ 0, !GetAZs ]
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub '${MainNumber} - Public Subnet'
PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: !Sub '10.${MainNumber}.2.0/24'
AvailabilityZone: !Select [ 1, !GetAZs ]
Tags:
- Key: Name
Value: !Sub '${MainNumber} - Private Subnet'
IGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub 'IGW ${MainNumber}'
Attachigw:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref IGW
VpcId: !Ref VPC
PublicRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub '${MainNumber} - Public RT'
PublicRoute:
Type: AWS::EC2::Route
DependsOn: Attachigw
Properties:
RouteTableId: !Ref PublicRT
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGW
PublicSubnetRTAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRT
SubnetId: !Ref PublicSubnet
PrivateRT:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub '${MainNumber} - Private RT'
PrivateSubnetRTAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateRT
SubnetId: !Ref PrivateSubnet
SGforBastion:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: allow 22
GroupName: !Sub '${MainNumber} - bastionSG'
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
SGforPrivate:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: allow Bastion
GroupName: !Sub '${MainNumber} - privateSG'
SecurityGroupIngress:
- IpProtocol: -1
SourceSecurityGroupId : !GetAtt SGforBastion.GroupId
VpcId: !Ref VPC
EC2forBastion:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", Linux2 ]
KeyName: !Ref KeyName
AvailabilityZone: !GetAtt PublicSubnet.AvailabilityZone
InstanceType: t3.micro
SubnetId: !Ref PublicSubnet
SecurityGroupIds:
- !Ref SGforBastion
Tags:
- Key: Name
Value: !Sub '${MainNumber} - BastionEC2'
EC2forPrivate:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", Linux2 ]
KeyName: !Ref KeyName
AvailabilityZone: !GetAtt PrivateSubnet.AvailabilityZone
InstanceType: t3.micro
SubnetId: !Ref PrivateSubnet
SecurityGroupIds:
- !Ref SGforPrivate
Tags:
- Key: Name
Value: !Sub '${MainNumber} - PrivateEC2'