Created
January 22, 2022 21:32
-
-
Save kobrinartem/601d4dd3fd781f5401a828fff3ac89b7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
# SPDX-License-Identifier: MIT-0 | |
AWSTemplateFormatVersion: '2010-09-09' | |
Description: Creates 1-, 2- or 3-tier network environment with 1, 2, or 3 Availability Zones (AZs) | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
# Complex conditions trigger this warning. | |
- W1001 | |
AWS::CloudFormation::Interface: | |
ParameterGroups: | |
- Label: | |
default: System Classification | |
Parameters: | |
- pOrg | |
- pSystem | |
- Label: | |
default: Overall VPC Configuration | |
Parameters: | |
- pVpcName | |
- pCidr | |
- pNumAzs | |
- pCreateInternetGateway | |
- pCreateNatGateway | |
- pCreateSingleNatGateway | |
- Label: | |
default: VPC Tier 1 | |
Parameters: | |
- pTier1Create | |
- pTier1Name | |
- pTier1Subnet1Cidr | |
- pTier1Subnet2Cidr | |
- pTier1Subnet3Cidr | |
- Label: | |
default: VPC Tier 2 | |
Parameters: | |
- pTier2Create | |
- pTier2Name | |
- pTier2Subnet1Cidr | |
- pTier2Subnet2Cidr | |
- pTier2Subnet3Cidr | |
- Label: | |
default: VPC Tier 3 | |
Parameters: | |
- pTier3Create | |
- pTier3Name | |
- pTier3Subnet1Cidr | |
- pTier3Subnet2Cidr | |
- pTier3Subnet3Cidr | |
- Label: | |
default: Permissions Boundary | |
Parameters: | |
- pPermissionsBoundaryArn | |
ParameterLabels: | |
pVpcName: | |
default: VPC Name | |
pOrg: | |
default: Business Scope | |
pSystem: | |
default: System Identifier | |
pCidr: | |
default: VPC CIDR Block | |
pNumAzs: | |
default: Number of AZs | |
pCreateInternetGateway: | |
default: Create Internet Gateway? | |
pCreateNatGateway: | |
default: Create NAT Gateways? | |
pCreateSingleNatGateway: | |
default: Create single NAT Gateway? | |
pTier1Create: | |
default: Tier 1 Create? | |
pTier1Name: | |
default: Tier 1 Name | |
pTier1Subnet1Cidr: | |
default: Tier 1 AZ 1 - CIDR | |
pTier1Subnet2Cidr: | |
default: Tier 1 AZ 2 - CIDR | |
pTier1Subnet3Cidr: | |
default: Tier 1 AZ 3 - CIDR | |
pTier2Create: | |
default: Tier 2 Create? | |
pTier2Name: | |
default: Tier 2 Name | |
pTier2Subnet1Cidr: | |
default: Tier 2 AZ 1 - CIDR | |
pTier2Subnet2Cidr: | |
default: Tier 2 AZ 2 - CIDR | |
pTier2Subnet3Cidr: | |
default: Tier 2 AZ 3 - CIDR | |
pTier3Create: | |
default: Tier 3 Create? | |
pTier3Name: | |
default: Tier 3 Name | |
pTier3Subnet1Cidr: | |
default: Tier 3 AZ 1 - CIDR | |
pTier3Subnet2Cidr: | |
default: Tier 3 AZ 2 - CIDR | |
pTier3Subnet3Cidr: | |
default: Tier 3 AZ 3 - CIDR | |
pPermissionsBoundaryArn: | |
default: IAM Permissions Boundary ARN (optional) | |
Parameters: | |
pVpcName: | |
Type: String | |
Description: Name of the VPC and used to qualify names of associated resources | |
Default: dev | |
pOrg: | |
Type: String | |
Description: Used to qualify IAM resource names | |
Default: example | |
pSystem: | |
Type: String | |
Description: Used to qualify IAM role path | |
Default: infra | |
pCidr: | |
Type: String | |
Description: CIDR Format x.x.x.x/x | |
Default: 10.1.0.0/20 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
MinLength: 9 | |
MaxLength: 18 | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pNumAzs: | |
Type: String | |
Default: 3 | |
Description: Number of subnets for each tier | |
AllowedValues: | |
- 1 | |
- 2 | |
- 3 | |
pCreateInternetGateway: | |
Type: String | |
Description: Whether Internet Gateway should be created | |
Default: true | |
AllowedValues: [true, false] | |
pCreateNatGateway: | |
Type: String | |
Description: Whether NAT Gateways should be created | |
Default: true | |
AllowedValues: [true, false] | |
pCreateSingleNatGateway: | |
Type: String | |
Description: Single NAT Gateway in 1st public subnet or NAT Gateway in each public subnet | |
Default: true | |
AllowedValues: [true, false] | |
pTier1Create: | |
Type: String | |
Description: Whether Tier 1 should be created | |
Default: true | |
AllowedValues: [true, false] | |
pTier1Name: | |
Type: String | |
Description: Tier 1 Name | |
Default: public | |
pTier2Create: | |
Type: String | |
Description: Whether Tier 2 should be created | |
Default: true | |
AllowedValues: [true, false] | |
pTier2Name: | |
Type: String | |
Description: Tier 2 Name | |
Default: private | |
pTier3Create: | |
Type: String | |
Description: Whether Tier 3 should be created | |
Default: false | |
AllowedValues: [true, false] | |
pTier3Name: | |
Type: String | |
Description: Tier 3 Name | |
Default: restricted | |
pTier1Subnet1Cidr: | |
Type: String | |
Description: Tier 1 Subnet AZ 1 | |
Default: 10.1.0.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
MinLength: 9 | |
MaxLength: 18 | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier1Subnet2Cidr: | |
Type: String | |
Description: Tier 1 Subnet AZ 2 | |
Default: 10.1.1.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
MinLength: 9 | |
MaxLength: 18 | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier1Subnet3Cidr: | |
Type: String | |
Description: Tier 1 Subnet AZ 3 | |
Default: 10.1.2.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier2Subnet1Cidr: | |
Type: String | |
Description: Tier 2 Subnet AZ 1 | |
Default: 10.1.3.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
MinLength: 9 | |
MaxLength: 18 | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier2Subnet2Cidr: | |
Type: String | |
Description: Tier 2 Subnet AZ 2 | |
Default: 10.1.4.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
MinLength: 9 | |
MaxLength: 18 | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier2Subnet3Cidr: | |
Type: String | |
Description: Tier 2 Subnet AZ 3 | |
Default: 10.1.5.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier3Subnet1Cidr: | |
Type: String | |
Description: Tier 3 Subnet AZ 1 | |
Default: 10.1.6.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier3Subnet2Cidr: | |
Type: String | |
Description: Tier 3 Subnet AZ 2 | |
Default: 10.1.7.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pTier3Subnet3Cidr: | |
Type: String | |
Description: Tier 3 Subnet AZ 3 | |
Default: 10.1.8.0/24 | |
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
pPermissionsBoundaryArn: | |
Description: IAM Permissions Boundary ARN (optional) | |
Type: String | |
Default: '' | |
Conditions: | |
cCreateInternetGatewaySubnet1: !Equals [ !Ref 'pCreateInternetGateway', true ] | |
cCreateInternetGatewaySubnet2: !Or [ !And [ !Equals [ !Ref 'pCreateInternetGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pCreateInternetGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ]] | |
cCreateInternetGatewaySubnet3: !And [ !Equals [ !Ref 'pCreateInternetGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
cCreateSingleNatGateway: !And [ !Equals [ !Ref 'pCreateSingleNatGateway', true ], !Equals [ !Ref 'pCreateNatGateway', true ] ] | |
cCreateNatGatewaySubnet1: !Equals [ !Ref 'pCreateNatGateway', true ] | |
cCreateNatGatewaySubnet2: !And [ !Equals [ !Ref 'pCreateSingleNatGateway', false ], !Or [ !And [ !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] ] | |
cCreateNatGatewaySubnet3: !And [ !Equals [ !Ref 'pCreateSingleNatGateway', false ], !And [ !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
cCreateTier1Subnet1: !Equals [ !Ref 'pTier1Create', true ] | |
cCreateTier2Subnet1: !Equals [ !Ref 'pTier2Create', true ] | |
cCreateTier3Subnet1: !Equals [ !Ref 'pTier3Create', true ] | |
cCreateTier1Subnet2: !Or [ !And [ !Equals [ !Ref 'pTier1Create', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier1Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
cCreateTier2Subnet2: !Or [ !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
cCreateTier3Subnet2: !Or [ !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
cCreateTier1Subnet3: !And [ !Equals [ !Ref 'pTier1Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
cCreateTier2Subnet3: !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
cCreateTier3Subnet3: !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
cCreateTier2NatGatewaySubnet1: !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ] ] | |
cCreateTier2NatGatewaySubnet2: !Or [ !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ]] | |
cCreateTier2NatGatewaySubnet3: !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
cCreateTier3NatGatewaySubnet1: !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ] ] | |
cCreateTier3NatGatewaySubnet2: !Or [ !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ]] | |
cCreateTier3NatGatewaySubnet3: !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
cUsePermissionsBoundary: !Not [!Equals [ !Ref 'pPermissionsBoundaryArn', '' ] ] | |
Resources: | |
rVpc: | |
Type: AWS::EC2::VPC | |
Properties: | |
CidrBlock: !Ref 'pCidr' | |
EnableDnsSupport: true | |
EnableDnsHostnames: true | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}' | |
#------------------------------------------------------------------------------ | |
# Enable VPC FlowLogs | |
#------------------------------------------------------------------------------ | |
rVpcFlowLogRole: | |
Type: AWS::IAM::Role | |
Properties: | |
RoleName: !Sub '${pOrg}-${pSystem}-${pVpcName}-${AWS::Region}-svc-flow-logs' | |
AssumeRolePolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- | |
Effect: Allow | |
Principal: | |
Service: vpc-flow-logs.amazonaws.com | |
Action: sts:AssumeRole | |
Path: !Sub '/${pOrg}/${pSystem}/' | |
Policies: | |
- | |
PolicyName: root | |
PolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- | |
Effect: Allow | |
Action: | |
- logs:CreateLogGroup | |
- logs:CreateLogStream | |
- logs:DescribeLogGroups | |
- logs:DescribeLogStreams | |
- logs:PutLogEvents | |
Resource: !Sub "arn:aws:logs:${AWS::Region}:*:log-group:/${pSystem}/${pVpcName}/flowlogs:*" | |
PermissionsBoundary: !If [ cUsePermissionsBoundary, !Ref pPermissionsBoundaryArn, !Ref 'AWS::NoValue' ] | |
rVpcFlowLogGroup: | |
Type: AWS::Logs::LogGroup | |
Properties: | |
LogGroupName: !Sub '/${pSystem}/${pVpcName}/flowlogs' | |
RetentionInDays: 1 | |
rVpcFlowLog: | |
Type: AWS::EC2::FlowLog | |
Properties: | |
DeliverLogsPermissionArn: !GetAtt rVpcFlowLogRole.Arn | |
LogGroupName: !Ref rVpcFlowLogGroup | |
ResourceId: !Ref rVpc | |
ResourceType: VPC | |
TrafficType: ALL | |
#------------------------------------------------------------------------------ | |
# Internet Gateway | |
#------------------------------------------------------------------------------ | |
rInternetGateway: | |
Type: AWS::EC2::InternetGateway | |
Condition: cCreateInternetGatewaySubnet1 | |
Properties: | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}' | |
rInternetGatewayAttachment: | |
Type: AWS::EC2::VPCGatewayAttachment | |
Condition: cCreateInternetGatewaySubnet1 | |
Properties: | |
InternetGatewayId: !Ref 'rInternetGateway' | |
VpcId: !Ref 'rVpc' | |
#------------------------------------------------------------------------------ | |
# Tier 1 | |
#------------------------------------------------------------------------------ | |
rTier1EipSubnet1: | |
Type: AWS::EC2::EIP | |
Condition: cCreateNatGatewaySubnet1 | |
Properties: | |
Domain: vpc | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-natgw-1' | |
rTier1EipSubnet2: | |
Type: AWS::EC2::EIP | |
Condition: cCreateNatGatewaySubnet2 | |
Properties: | |
Domain: vpc | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-natgw-2' | |
rTier1EipSubnet3: | |
Type: AWS::EC2::EIP | |
Condition: cCreateNatGatewaySubnet3 | |
Properties: | |
Domain: vpc | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-natgw-3' | |
rTier1Subnet1: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier1Subnet1 | |
Properties: | |
AvailabilityZone: !Select | |
- 0 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier1Subnet1Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-1' | |
rTier1Subnet2: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier1Subnet2 | |
Properties: | |
AvailabilityZone: !Select | |
- 1 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier1Subnet2Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-2' | |
rTier1Subnet3: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier1Subnet3 | |
Properties: | |
AvailabilityZone: !Select | |
- 2 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier1Subnet3Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-3' | |
rTier1NatGatewaySubnet1: | |
Type: AWS::EC2::NatGateway | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
DependsOn: rInternetGatewayAttachment | |
Condition: cCreateNatGatewaySubnet1 | |
Properties: | |
AllocationId: !GetAtt rTier1EipSubnet1.AllocationId | |
SubnetId: !Ref 'rTier1Subnet1' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-1' | |
rTier1NatGatewaySubnet2: | |
Type: AWS::EC2::NatGateway | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
DependsOn: rInternetGatewayAttachment | |
Condition: cCreateNatGatewaySubnet2 | |
Properties: | |
AllocationId: !GetAtt rTier1EipSubnet2.AllocationId | |
SubnetId: !Ref 'rTier1Subnet2' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-2' | |
rTier1NatGatewaySubnet3: | |
Type: AWS::EC2::NatGateway | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
DependsOn: rInternetGatewayAttachment | |
Condition: cCreateNatGatewaySubnet3 | |
Properties: | |
AllocationId: !GetAtt rTier1EipSubnet3.AllocationId | |
SubnetId: !Ref 'rTier1Subnet3' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-3' | |
rTier1RouteTable1: | |
Type: AWS::EC2::RouteTable | |
Condition: cCreateInternetGatewaySubnet1 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-1' | |
rTier1RouteTable2: | |
Type: AWS::EC2::RouteTable | |
Condition: cCreateInternetGatewaySubnet2 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-2' | |
rTier1RouteTable3: | |
Type: AWS::EC2::RouteTable | |
Condition: cCreateInternetGatewaySubnet3 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-3' | |
rTier1IgwRoute1: | |
Type: AWS::EC2::Route | |
Condition: cCreateInternetGatewaySubnet1 | |
Properties: | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: !Ref 'rInternetGateway' | |
RouteTableId: !Ref 'rTier1RouteTable1' | |
rTier1IgwRoute2: | |
Type: AWS::EC2::Route | |
Condition: cCreateInternetGatewaySubnet2 | |
Properties: | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: !Ref 'rInternetGateway' | |
RouteTableId: !Ref 'rTier1RouteTable2' | |
rTier1IgwRoute3: | |
Type: AWS::EC2::Route | |
Condition: cCreateInternetGatewaySubnet3 | |
Properties: | |
DestinationCidrBlock: 0.0.0.0/0 | |
GatewayId: !Ref 'rInternetGateway' | |
RouteTableId: !Ref 'rTier1RouteTable3' | |
rTier1Subnet1RouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateInternetGatewaySubnet1 | |
Properties: | |
RouteTableId: !Ref 'rTier1RouteTable1' | |
SubnetId: !Ref 'rTier1Subnet1' | |
rTier1Subnet2RouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateInternetGatewaySubnet2 | |
Properties: | |
RouteTableId: !Ref 'rTier1RouteTable2' | |
SubnetId: !Ref 'rTier1Subnet2' | |
rTier1Subnet3RouteTableAssociation: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateInternetGatewaySubnet3 | |
Properties: | |
RouteTableId: !Ref 'rTier1RouteTable3' | |
SubnetId: !Ref 'rTier1Subnet3' | |
#------------------------------------------------------------------------------ | |
# Tier 2 | |
#------------------------------------------------------------------------------ | |
rTier2Subnet1: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier2Subnet1 | |
Properties: | |
AvailabilityZone: !Select | |
- 0 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier2Subnet1Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-1' | |
rTier2Subnet2: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier2Subnet2 | |
Properties: | |
AvailabilityZone: !Select | |
- 1 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier2Subnet2Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-2' | |
rTier2Subnet3: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier2Subnet3 | |
Properties: | |
AvailabilityZone: !Select | |
- 2 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier2Subnet3Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-3' | |
rTier2RouteTable1: | |
Type: AWS::EC2::RouteTable | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
Condition: cCreateTier2NatGatewaySubnet1 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-1' | |
rTier2RouteTable2: | |
Type: AWS::EC2::RouteTable | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
Condition: cCreateTier2NatGatewaySubnet2 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-2' | |
rTier2RouteTable3: | |
Type: AWS::EC2::RouteTable | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
Condition: cCreateTier2NatGatewaySubnet3 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-3' | |
rTier2NatGwRoute1: | |
Type: AWS::EC2::Route | |
Condition: cCreateTier2NatGatewaySubnet1 | |
Properties: | |
RouteTableId: !Ref 'rTier2RouteTable1' | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !Ref 'rTier1NatGatewaySubnet1' | |
rTier2NatGwRoute2: | |
Type: AWS::EC2::Route | |
Condition: cCreateTier2NatGatewaySubnet2 | |
Properties: | |
RouteTableId: !Ref 'rTier2RouteTable2' | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet2' ] | |
rTier2NatGwRoute3: | |
Type: AWS::EC2::Route | |
Condition: cCreateTier2NatGatewaySubnet3 | |
Properties: | |
RouteTableId: !Ref 'rTier2RouteTable3' | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet3' ] | |
rTier2SubnetRouteTableAssociation1: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateTier2NatGatewaySubnet1 | |
Properties: | |
RouteTableId: !Ref 'rTier2RouteTable1' | |
SubnetId: !Ref 'rTier2Subnet1' | |
rTier2SubnetRouteTableAssociation2: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateTier2NatGatewaySubnet2 | |
Properties: | |
RouteTableId: !Ref 'rTier2RouteTable2' | |
SubnetId: !Ref 'rTier2Subnet2' | |
rTier2SubnetRouteTableAssociation3: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateTier2NatGatewaySubnet3 | |
Properties: | |
RouteTableId: !Ref 'rTier2RouteTable3' | |
SubnetId: !Ref 'rTier2Subnet3' | |
#------------------------------------------------------------------------------ | |
# Tier 3 | |
#------------------------------------------------------------------------------ | |
rTier3Subnet1: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier3Subnet1 | |
Properties: | |
AvailabilityZone: !Select | |
- 0 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier3Subnet1Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-1' | |
rTier3Subnet2: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier3Subnet2 | |
Properties: | |
AvailabilityZone: !Select | |
- 1 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier3Subnet2Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-2' | |
rTier3Subnet3: | |
Type: AWS::EC2::Subnet | |
Condition: cCreateTier3Subnet3 | |
Properties: | |
AvailabilityZone: !Select | |
- 2 | |
- !GetAZs '' | |
CidrBlock: !Ref 'pTier3Subnet3Cidr' | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-3' | |
rTier3RouteTable1: | |
Type: AWS::EC2::RouteTable | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
Condition: cCreateTier3NatGatewaySubnet1 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-1' | |
rTier3RouteTable2: | |
Type: AWS::EC2::RouteTable | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
Condition: cCreateTier3NatGatewaySubnet2 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-2' | |
rTier3RouteTable3: | |
Type: AWS::EC2::RouteTable | |
Metadata: | |
cfn-lint: | |
config: | |
ignore_checks: | |
- E3005 | |
Condition: cCreateTier3NatGatewaySubnet3 | |
DependsOn: rInternetGatewayAttachment | |
Properties: | |
VpcId: !Ref 'rVpc' | |
Tags: | |
- Key: Name | |
Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-3' | |
rTier3NatGwRoute1: | |
Type: AWS::EC2::Route | |
Condition: cCreateTier3NatGatewaySubnet1 | |
Properties: | |
RouteTableId: !Ref 'rTier3RouteTable1' | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !Ref 'rTier1NatGatewaySubnet1' | |
rTier3NatGwRoute2: | |
Type: AWS::EC2::Route | |
Condition: cCreateTier3NatGatewaySubnet2 | |
Properties: | |
RouteTableId: !Ref 'rTier3RouteTable2' | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet2' ] | |
rTier3NatGwRoute3: | |
Type: AWS::EC2::Route | |
Condition: cCreateTier3NatGatewaySubnet3 | |
Properties: | |
RouteTableId: !Ref 'rTier3RouteTable3' | |
DestinationCidrBlock: 0.0.0.0/0 | |
NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet3' ] | |
rTier3SubnetRouteTableAssociation1: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateTier3NatGatewaySubnet1 | |
Properties: | |
RouteTableId: !Ref 'rTier3RouteTable1' | |
SubnetId: !Ref 'rTier3Subnet1' | |
rTier3SubnetRouteTableAssociation2: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateTier3NatGatewaySubnet2 | |
Properties: | |
RouteTableId: !Ref 'rTier3RouteTable2' | |
SubnetId: !Ref 'rTier3Subnet2' | |
rTier3SubnetRouteTableAssociation3: | |
Type: AWS::EC2::SubnetRouteTableAssociation | |
Condition: cCreateTier3NatGatewaySubnet3 | |
Properties: | |
RouteTableId: !Ref 'rTier3RouteTable3' | |
SubnetId: !Ref 'rTier3Subnet3' | |
Outputs: | |
oVpcId: | |
Description: VPC ID | |
Value: !Ref 'rVpc' | |
Export: | |
Name: !Sub '${AWS::StackName}::vpc-id' | |
oTier1Subnet1: | |
Description: Tier 1 Subnet 1 ID | |
Value: !Ref 'rTier1Subnet1' | |
Condition: cCreateTier1Subnet1 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier1Name}-subnet-id-1' | |
oTier1Subnet2: | |
Description: Tier 1 Subnet 2 ID | |
Value: !Ref 'rTier1Subnet2' | |
Condition: cCreateTier1Subnet2 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier1Name}-subnet-id-2' | |
oTier1Subnet3: | |
Description: Tier 1 Subnet 3 ID | |
Value: !Ref 'rTier1Subnet3' | |
Condition: cCreateTier1Subnet3 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier1Name}-subnet-id-3' | |
oTier2Subnet1: | |
Description: Tier 2 Subnet 1 ID | |
Value: !Ref 'rTier2Subnet1' | |
Condition: cCreateTier2Subnet1 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier2Name}-subnet-id-1' | |
oTier2Subnet2: | |
Description: Tier 2 Subnet 2 ID | |
Value: !Ref 'rTier2Subnet2' | |
Condition: cCreateTier2Subnet2 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier2Name}-subnet-id-2' | |
oTier2Subnet3: | |
Description: Tier 2 Subnet 3 ID | |
Value: !Ref 'rTier2Subnet3' | |
Condition: cCreateTier2Subnet3 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier2Name}-subnet-id-3' | |
oTier3Subnet1: | |
Description: Tier 3 Subnet 1 ID | |
Value: !Ref 'rTier3Subnet1' | |
Condition: cCreateTier3Subnet1 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier3Name}-subnet-id-1' | |
oTier3Subnet2: | |
Description: Tier 3 Subnet 2 ID | |
Value: !Ref 'rTier3Subnet2' | |
Condition: cCreateTier3Subnet2 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier3Name}-subnet-id-2' | |
oTier3Subnet3: | |
Description: Tier 3 Subnet 3 ID | |
Value: !Ref 'rTier3Subnet3' | |
Condition: cCreateTier3Subnet3 | |
Export: | |
Name: !Sub '${AWS::StackName}::${pTier3Name}-subnet-id-3' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment