Last active
February 5, 2021 10:25
-
-
Save klang/fea409d47417ae29ab081918ad3a654d to your computer and use it in GitHub Desktop.
simple vpc with a windows instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)" | |
Parameters: | |
KeyName: | |
Type: AWS::EC2::KeyPair::KeyName | |
Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance | |
VPCCIDR: | |
Type: String | |
Description: VPC address range | |
Default: 10.15.0.0/16 | |
PublicSubnetCIDR: | |
Type: String | |
Description: Public Subnet in VPC | |
Default: 10.15.1.0/24 | |
CompanyWANIP: | |
Type: String | |
Description: Company WANIP - Format x.x.x.x/32 | |
Default: 162.158.134.60/32 | |
Resources: | |
## Infrastructure. VPC, Subnet, InternetGateway, Routes | |
VPC: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: !Ref VPCCIDR | |
InstanceTenancy: default | |
Tags: | |
- Key: Name | |
Value: Simple VPC | |
PublicSubnet: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
CidrBlock: !Ref PublicSubnetCIDR | |
Tags: | |
- Key: Name | |
Value: Public | |
InternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Name | |
Value: Simple VPC | |
InternetGatewayAttachment: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
VpcId: !Ref VPC | |
InternetGatewayId: !Ref InternetGateway | |
RouteTable: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: Public | |
RouteAttachment: | |
Type: AWS::EC2::Route | |
DependsOn: | |
- InternetGatewayAttachment | |
- RouteTable | |
Properties: | |
RouteTableId: !Ref RouteTable | |
DestinationCidrBlock: "0.0.0.0/0" | |
GatewayId: !Ref InternetGateway | |
VPCRouteSubnet: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
DependsOn: RouteTable | |
Properties: | |
RouteTableId: !Ref RouteTable | |
SubnetId: !Ref PublicSubnet | |
## security groups | |
HTTPSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupDescription: http-access-form-everywhere | |
SecurityGroupEgress: | |
- CidrIp: 0.0.0.0/0 | |
IpProtocol: "-1" | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 80 | |
ToPort: 80 | |
RDPSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupName: "Basic RDP access from the office" | |
GroupDescription: RDP-from-office | |
SecurityGroupEgress: | |
- CidrIp: 0.0.0.0/0 | |
IpProtocol: "-1" | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 3389 | |
ToPort: 3389 | |
CidrIp: !Ref CompanyWANIP | |
WindowsInstance: | |
Type: "AWS::EC2::Instance" | |
Properties: | |
ImageId: "ami-0a262e3ac12949132" | |
KeyName: !Ref KeyName | |
Tags: | |
- Key: Name | |
Value: Windows Server | |
InstanceType: "t3.medium" | |
Tenancy: "default" | |
Monitoring: true | |
DisableApiTermination: false | |
InstanceInitiatedShutdownBehavior: "stop" | |
CreditSpecification: | |
CPUCredits: "unlimited" | |
EbsOptimized: true | |
BlockDeviceMappings: | |
- | |
DeviceName: "/dev/sda1" | |
Ebs: | |
VolumeSize: 80 | |
DeleteOnTermination: true | |
VolumeType: "gp2" | |
NetworkInterfaces: | |
- | |
DeviceIndex: 0 | |
Description: "Primary network interface" | |
AssociatePublicIpAddress: true | |
DeleteOnTermination: true | |
SubnetId: !Ref PublicSubnet | |
Ipv6AddressCount: 0 | |
GroupSet: | |
- !Ref HTTPSecurityGroup | |
- !Ref RDPSecurityGroup | |
SSMInstanceRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Sub "${AWS::StackName}-SSMInstanceProfile" | |
Path: "/" | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Action: sts:AssumeRole | |
Effect: Allow | |
Principal: | |
Service: | |
- ec2.amazonaws.com | |
ManagedPolicyArns: | |
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM | |
- arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore | |
SSMInstanceProfile: | |
# it takes wierdly long time to create this resource. | |
Type: AWS::IAM::InstanceProfile | |
Properties: | |
Path: "/" | |
Roles: | |
- !Ref SSMInstanceRole |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: "2010-09-09" | |
Description: "Simple VPC with one public subnet and one instance" | |
Parameters: | |
KeyName: | |
Type: AWS::EC2::KeyPair::KeyName | |
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance | |
VPCCIDR: | |
Type: String | |
Description: VPC address range | |
Default: 10.15.0.0/16 | |
PublicSubnetCIDR: | |
Type: String | |
Description: Public Subnet in VPC | |
Default: 10.15.1.0/24 | |
CompanyWANIP: | |
Type: String | |
Description: Company WANIP - Format x.x.x.x/32 | |
Default: 162.158.134.60/32 | |
Resources: | |
## Infrastructure. VPC, Subnet, InternetGateway, Routes | |
VPC: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: !Ref VPCCIDR | |
InstanceTenancy: default | |
Tags: | |
- Key: Name | |
Value: Simple VPC | |
PublicSubnet: | |
Type: AWS::EC2::Subnet | |
Properties: | |
VpcId: !Ref VPC | |
CidrBlock: !Ref PublicSubnetCIDR | |
Tags: | |
- Key: Name | |
Value: Public | |
InternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Properties: | |
Tags: | |
- Key: Name | |
Value: Simple VPC | |
InternetGatewayAttachment: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Properties: | |
VpcId: !Ref VPC | |
InternetGatewayId: !Ref InternetGateway | |
RouteTable: | |
Type: AWS::EC2::RouteTable | |
Properties: | |
VpcId: !Ref VPC | |
Tags: | |
- Key: Name | |
Value: Public | |
RouteAttachment: | |
Type: AWS::EC2::Route | |
DependsOn: | |
- InternetGatewayAttachment | |
- RouteTable | |
Properties: | |
RouteTableId: !Ref RouteTable | |
DestinationCidrBlock: "0.0.0.0/0" | |
GatewayId: !Ref InternetGateway | |
VPCRouteSubnet: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
DependsOn: RouteTable | |
Properties: | |
RouteTableId: !Ref RouteTable | |
SubnetId: !Ref PublicSubnet | |
## security groups | |
RDPSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
VpcId: !Ref VPC | |
GroupName: "Basic RDP access from the office" | |
GroupDescription: RDP-from-office | |
SecurityGroupEgress: | |
- CidrIp: 0.0.0.0/0 | |
IpProtocol: "-1" | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: 3389 | |
ToPort: 3389 | |
CidrIp: !Ref CompanyWANIP | |
WindowsInstance: | |
Type: "AWS::EC2::Instance" | |
Properties: | |
ImageId: "ami-0a174bb076b94a327" | |
KeyName: !Ref KeyName | |
Tags: | |
- Key: Name | |
Value: Windows Server | |
InstanceType: "t3.medium" | |
Tenancy: "default" | |
Monitoring: true | |
DisableApiTermination: false | |
InstanceInitiatedShutdownBehavior: "stop" | |
CreditSpecification: | |
CPUCredits: "unlimited" | |
EbsOptimized: true | |
BlockDeviceMappings: | |
- | |
DeviceName: "/dev/sda1" | |
Ebs: | |
VolumeSize: 80 | |
DeleteOnTermination: true | |
VolumeType: "gp2" | |
NetworkInterfaces: | |
- | |
DeviceIndex: 0 | |
Description: "Primary network interface" | |
AssociatePublicIpAddress: true | |
DeleteOnTermination: true | |
SubnetId: !Ref PublicSubnet | |
Ipv6AddressCount: 0 | |
GroupSet: | |
- !Ref RDPSecurityGroup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment