Created
January 22, 2022 21:32
-
-
Save kobrinartem/601d4dd3fd781f5401a828fff3ac89b7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | |
| # SPDX-License-Identifier: MIT-0 | |
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Creates 1-, 2- or 3-tier network environment with 1, 2, or 3 Availability Zones (AZs) | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| # Complex conditions trigger this warning. | |
| - W1001 | |
| AWS::CloudFormation::Interface: | |
| ParameterGroups: | |
| - Label: | |
| default: System Classification | |
| Parameters: | |
| - pOrg | |
| - pSystem | |
| - Label: | |
| default: Overall VPC Configuration | |
| Parameters: | |
| - pVpcName | |
| - pCidr | |
| - pNumAzs | |
| - pCreateInternetGateway | |
| - pCreateNatGateway | |
| - pCreateSingleNatGateway | |
| - Label: | |
| default: VPC Tier 1 | |
| Parameters: | |
| - pTier1Create | |
| - pTier1Name | |
| - pTier1Subnet1Cidr | |
| - pTier1Subnet2Cidr | |
| - pTier1Subnet3Cidr | |
| - Label: | |
| default: VPC Tier 2 | |
| Parameters: | |
| - pTier2Create | |
| - pTier2Name | |
| - pTier2Subnet1Cidr | |
| - pTier2Subnet2Cidr | |
| - pTier2Subnet3Cidr | |
| - Label: | |
| default: VPC Tier 3 | |
| Parameters: | |
| - pTier3Create | |
| - pTier3Name | |
| - pTier3Subnet1Cidr | |
| - pTier3Subnet2Cidr | |
| - pTier3Subnet3Cidr | |
| - Label: | |
| default: Permissions Boundary | |
| Parameters: | |
| - pPermissionsBoundaryArn | |
| ParameterLabels: | |
| pVpcName: | |
| default: VPC Name | |
| pOrg: | |
| default: Business Scope | |
| pSystem: | |
| default: System Identifier | |
| pCidr: | |
| default: VPC CIDR Block | |
| pNumAzs: | |
| default: Number of AZs | |
| pCreateInternetGateway: | |
| default: Create Internet Gateway? | |
| pCreateNatGateway: | |
| default: Create NAT Gateways? | |
| pCreateSingleNatGateway: | |
| default: Create single NAT Gateway? | |
| pTier1Create: | |
| default: Tier 1 Create? | |
| pTier1Name: | |
| default: Tier 1 Name | |
| pTier1Subnet1Cidr: | |
| default: Tier 1 AZ 1 - CIDR | |
| pTier1Subnet2Cidr: | |
| default: Tier 1 AZ 2 - CIDR | |
| pTier1Subnet3Cidr: | |
| default: Tier 1 AZ 3 - CIDR | |
| pTier2Create: | |
| default: Tier 2 Create? | |
| pTier2Name: | |
| default: Tier 2 Name | |
| pTier2Subnet1Cidr: | |
| default: Tier 2 AZ 1 - CIDR | |
| pTier2Subnet2Cidr: | |
| default: Tier 2 AZ 2 - CIDR | |
| pTier2Subnet3Cidr: | |
| default: Tier 2 AZ 3 - CIDR | |
| pTier3Create: | |
| default: Tier 3 Create? | |
| pTier3Name: | |
| default: Tier 3 Name | |
| pTier3Subnet1Cidr: | |
| default: Tier 3 AZ 1 - CIDR | |
| pTier3Subnet2Cidr: | |
| default: Tier 3 AZ 2 - CIDR | |
| pTier3Subnet3Cidr: | |
| default: Tier 3 AZ 3 - CIDR | |
| pPermissionsBoundaryArn: | |
| default: IAM Permissions Boundary ARN (optional) | |
| Parameters: | |
| pVpcName: | |
| Type: String | |
| Description: Name of the VPC and used to qualify names of associated resources | |
| Default: dev | |
| pOrg: | |
| Type: String | |
| Description: Used to qualify IAM resource names | |
| Default: example | |
| pSystem: | |
| Type: String | |
| Description: Used to qualify IAM role path | |
| Default: infra | |
| pCidr: | |
| Type: String | |
| Description: CIDR Format x.x.x.x/x | |
| Default: 10.1.0.0/20 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
| MinLength: 9 | |
| MaxLength: 18 | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pNumAzs: | |
| Type: String | |
| Default: 3 | |
| Description: Number of subnets for each tier | |
| AllowedValues: | |
| - 1 | |
| - 2 | |
| - 3 | |
| pCreateInternetGateway: | |
| Type: String | |
| Description: Whether Internet Gateway should be created | |
| Default: true | |
| AllowedValues: [true, false] | |
| pCreateNatGateway: | |
| Type: String | |
| Description: Whether NAT Gateways should be created | |
| Default: true | |
| AllowedValues: [true, false] | |
| pCreateSingleNatGateway: | |
| Type: String | |
| Description: Single NAT Gateway in 1st public subnet or NAT Gateway in each public subnet | |
| Default: true | |
| AllowedValues: [true, false] | |
| pTier1Create: | |
| Type: String | |
| Description: Whether Tier 1 should be created | |
| Default: true | |
| AllowedValues: [true, false] | |
| pTier1Name: | |
| Type: String | |
| Description: Tier 1 Name | |
| Default: public | |
| pTier2Create: | |
| Type: String | |
| Description: Whether Tier 2 should be created | |
| Default: true | |
| AllowedValues: [true, false] | |
| pTier2Name: | |
| Type: String | |
| Description: Tier 2 Name | |
| Default: private | |
| pTier3Create: | |
| Type: String | |
| Description: Whether Tier 3 should be created | |
| Default: false | |
| AllowedValues: [true, false] | |
| pTier3Name: | |
| Type: String | |
| Description: Tier 3 Name | |
| Default: restricted | |
| pTier1Subnet1Cidr: | |
| Type: String | |
| Description: Tier 1 Subnet AZ 1 | |
| Default: 10.1.0.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
| MinLength: 9 | |
| MaxLength: 18 | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier1Subnet2Cidr: | |
| Type: String | |
| Description: Tier 1 Subnet AZ 2 | |
| Default: 10.1.1.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
| MinLength: 9 | |
| MaxLength: 18 | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier1Subnet3Cidr: | |
| Type: String | |
| Description: Tier 1 Subnet AZ 3 | |
| Default: 10.1.2.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier2Subnet1Cidr: | |
| Type: String | |
| Description: Tier 2 Subnet AZ 1 | |
| Default: 10.1.3.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
| MinLength: 9 | |
| MaxLength: 18 | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier2Subnet2Cidr: | |
| Type: String | |
| Description: Tier 2 Subnet AZ 2 | |
| Default: 10.1.4.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | |
| MinLength: 9 | |
| MaxLength: 18 | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier2Subnet3Cidr: | |
| Type: String | |
| Description: Tier 2 Subnet AZ 3 | |
| Default: 10.1.5.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier3Subnet1Cidr: | |
| Type: String | |
| Description: Tier 3 Subnet AZ 1 | |
| Default: 10.1.6.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier3Subnet2Cidr: | |
| Type: String | |
| Description: Tier 3 Subnet AZ 2 | |
| Default: 10.1.7.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pTier3Subnet3Cidr: | |
| Type: String | |
| Description: Tier 3 Subnet AZ 3 | |
| Default: 10.1.8.0/24 | |
| AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})|^$ | |
| ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | |
| pPermissionsBoundaryArn: | |
| Description: IAM Permissions Boundary ARN (optional) | |
| Type: String | |
| Default: '' | |
| Conditions: | |
| cCreateInternetGatewaySubnet1: !Equals [ !Ref 'pCreateInternetGateway', true ] | |
| cCreateInternetGatewaySubnet2: !Or [ !And [ !Equals [ !Ref 'pCreateInternetGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pCreateInternetGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ]] | |
| cCreateInternetGatewaySubnet3: !And [ !Equals [ !Ref 'pCreateInternetGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
| cCreateSingleNatGateway: !And [ !Equals [ !Ref 'pCreateSingleNatGateway', true ], !Equals [ !Ref 'pCreateNatGateway', true ] ] | |
| cCreateNatGatewaySubnet1: !Equals [ !Ref 'pCreateNatGateway', true ] | |
| cCreateNatGatewaySubnet2: !And [ !Equals [ !Ref 'pCreateSingleNatGateway', false ], !Or [ !And [ !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] ] | |
| cCreateNatGatewaySubnet3: !And [ !Equals [ !Ref 'pCreateSingleNatGateway', false ], !And [ !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
| cCreateTier1Subnet1: !Equals [ !Ref 'pTier1Create', true ] | |
| cCreateTier2Subnet1: !Equals [ !Ref 'pTier2Create', true ] | |
| cCreateTier3Subnet1: !Equals [ !Ref 'pTier3Create', true ] | |
| cCreateTier1Subnet2: !Or [ !And [ !Equals [ !Ref 'pTier1Create', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier1Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
| cCreateTier2Subnet2: !Or [ !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
| cCreateTier3Subnet2: !Or [ !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] ] | |
| cCreateTier1Subnet3: !And [ !Equals [ !Ref 'pTier1Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
| cCreateTier2Subnet3: !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
| cCreateTier3Subnet3: !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
| cCreateTier2NatGatewaySubnet1: !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ] ] | |
| cCreateTier2NatGatewaySubnet2: !Or [ !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ]] | |
| cCreateTier2NatGatewaySubnet3: !And [ !Equals [ !Ref 'pTier2Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
| cCreateTier3NatGatewaySubnet1: !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ] ] | |
| cCreateTier3NatGatewaySubnet2: !Or [ !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 2 ] ], !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ]] | |
| cCreateTier3NatGatewaySubnet3: !And [ !Equals [ !Ref 'pTier3Create', true ], !Equals [ !Ref 'pCreateNatGateway', true ], !Equals [ !Ref 'pNumAzs', 3 ] ] | |
| cUsePermissionsBoundary: !Not [!Equals [ !Ref 'pPermissionsBoundaryArn', '' ] ] | |
| Resources: | |
| rVpc: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: !Ref 'pCidr' | |
| EnableDnsSupport: true | |
| EnableDnsHostnames: true | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}' | |
| #------------------------------------------------------------------------------ | |
| # Enable VPC FlowLogs | |
| #------------------------------------------------------------------------------ | |
| rVpcFlowLogRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Sub '${pOrg}-${pSystem}-${pVpcName}-${AWS::Region}-svc-flow-logs' | |
| AssumeRolePolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - | |
| Effect: Allow | |
| Principal: | |
| Service: vpc-flow-logs.amazonaws.com | |
| Action: sts:AssumeRole | |
| Path: !Sub '/${pOrg}/${pSystem}/' | |
| Policies: | |
| - | |
| PolicyName: root | |
| PolicyDocument: | |
| Version: 2012-10-17 | |
| Statement: | |
| - | |
| Effect: Allow | |
| Action: | |
| - logs:CreateLogGroup | |
| - logs:CreateLogStream | |
| - logs:DescribeLogGroups | |
| - logs:DescribeLogStreams | |
| - logs:PutLogEvents | |
| Resource: !Sub "arn:aws:logs:${AWS::Region}:*:log-group:/${pSystem}/${pVpcName}/flowlogs:*" | |
| PermissionsBoundary: !If [ cUsePermissionsBoundary, !Ref pPermissionsBoundaryArn, !Ref 'AWS::NoValue' ] | |
| rVpcFlowLogGroup: | |
| Type: AWS::Logs::LogGroup | |
| Properties: | |
| LogGroupName: !Sub '/${pSystem}/${pVpcName}/flowlogs' | |
| RetentionInDays: 1 | |
| rVpcFlowLog: | |
| Type: AWS::EC2::FlowLog | |
| Properties: | |
| DeliverLogsPermissionArn: !GetAtt rVpcFlowLogRole.Arn | |
| LogGroupName: !Ref rVpcFlowLogGroup | |
| ResourceId: !Ref rVpc | |
| ResourceType: VPC | |
| TrafficType: ALL | |
| #------------------------------------------------------------------------------ | |
| # Internet Gateway | |
| #------------------------------------------------------------------------------ | |
| rInternetGateway: | |
| Type: AWS::EC2::InternetGateway | |
| Condition: cCreateInternetGatewaySubnet1 | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}' | |
| rInternetGatewayAttachment: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Condition: cCreateInternetGatewaySubnet1 | |
| Properties: | |
| InternetGatewayId: !Ref 'rInternetGateway' | |
| VpcId: !Ref 'rVpc' | |
| #------------------------------------------------------------------------------ | |
| # Tier 1 | |
| #------------------------------------------------------------------------------ | |
| rTier1EipSubnet1: | |
| Type: AWS::EC2::EIP | |
| Condition: cCreateNatGatewaySubnet1 | |
| Properties: | |
| Domain: vpc | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-natgw-1' | |
| rTier1EipSubnet2: | |
| Type: AWS::EC2::EIP | |
| Condition: cCreateNatGatewaySubnet2 | |
| Properties: | |
| Domain: vpc | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-natgw-2' | |
| rTier1EipSubnet3: | |
| Type: AWS::EC2::EIP | |
| Condition: cCreateNatGatewaySubnet3 | |
| Properties: | |
| Domain: vpc | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-natgw-3' | |
| rTier1Subnet1: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier1Subnet1 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 0 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier1Subnet1Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-1' | |
| rTier1Subnet2: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier1Subnet2 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 1 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier1Subnet2Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-2' | |
| rTier1Subnet3: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier1Subnet3 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 2 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier1Subnet3Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-3' | |
| rTier1NatGatewaySubnet1: | |
| Type: AWS::EC2::NatGateway | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| DependsOn: rInternetGatewayAttachment | |
| Condition: cCreateNatGatewaySubnet1 | |
| Properties: | |
| AllocationId: !GetAtt rTier1EipSubnet1.AllocationId | |
| SubnetId: !Ref 'rTier1Subnet1' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-1' | |
| rTier1NatGatewaySubnet2: | |
| Type: AWS::EC2::NatGateway | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| DependsOn: rInternetGatewayAttachment | |
| Condition: cCreateNatGatewaySubnet2 | |
| Properties: | |
| AllocationId: !GetAtt rTier1EipSubnet2.AllocationId | |
| SubnetId: !Ref 'rTier1Subnet2' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-2' | |
| rTier1NatGatewaySubnet3: | |
| Type: AWS::EC2::NatGateway | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| DependsOn: rInternetGatewayAttachment | |
| Condition: cCreateNatGatewaySubnet3 | |
| Properties: | |
| AllocationId: !GetAtt rTier1EipSubnet3.AllocationId | |
| SubnetId: !Ref 'rTier1Subnet3' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-3' | |
| rTier1RouteTable1: | |
| Type: AWS::EC2::RouteTable | |
| Condition: cCreateInternetGatewaySubnet1 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-1' | |
| rTier1RouteTable2: | |
| Type: AWS::EC2::RouteTable | |
| Condition: cCreateInternetGatewaySubnet2 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-2' | |
| rTier1RouteTable3: | |
| Type: AWS::EC2::RouteTable | |
| Condition: cCreateInternetGatewaySubnet3 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier1Name}-3' | |
| rTier1IgwRoute1: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateInternetGatewaySubnet1 | |
| Properties: | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref 'rInternetGateway' | |
| RouteTableId: !Ref 'rTier1RouteTable1' | |
| rTier1IgwRoute2: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateInternetGatewaySubnet2 | |
| Properties: | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref 'rInternetGateway' | |
| RouteTableId: !Ref 'rTier1RouteTable2' | |
| rTier1IgwRoute3: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateInternetGatewaySubnet3 | |
| Properties: | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: !Ref 'rInternetGateway' | |
| RouteTableId: !Ref 'rTier1RouteTable3' | |
| rTier1Subnet1RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateInternetGatewaySubnet1 | |
| Properties: | |
| RouteTableId: !Ref 'rTier1RouteTable1' | |
| SubnetId: !Ref 'rTier1Subnet1' | |
| rTier1Subnet2RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateInternetGatewaySubnet2 | |
| Properties: | |
| RouteTableId: !Ref 'rTier1RouteTable2' | |
| SubnetId: !Ref 'rTier1Subnet2' | |
| rTier1Subnet3RouteTableAssociation: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateInternetGatewaySubnet3 | |
| Properties: | |
| RouteTableId: !Ref 'rTier1RouteTable3' | |
| SubnetId: !Ref 'rTier1Subnet3' | |
| #------------------------------------------------------------------------------ | |
| # Tier 2 | |
| #------------------------------------------------------------------------------ | |
| rTier2Subnet1: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier2Subnet1 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 0 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier2Subnet1Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-1' | |
| rTier2Subnet2: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier2Subnet2 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 1 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier2Subnet2Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-2' | |
| rTier2Subnet3: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier2Subnet3 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 2 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier2Subnet3Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-3' | |
| rTier2RouteTable1: | |
| Type: AWS::EC2::RouteTable | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| Condition: cCreateTier2NatGatewaySubnet1 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-1' | |
| rTier2RouteTable2: | |
| Type: AWS::EC2::RouteTable | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| Condition: cCreateTier2NatGatewaySubnet2 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-2' | |
| rTier2RouteTable3: | |
| Type: AWS::EC2::RouteTable | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| Condition: cCreateTier2NatGatewaySubnet3 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier2Name}-3' | |
| rTier2NatGwRoute1: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateTier2NatGatewaySubnet1 | |
| Properties: | |
| RouteTableId: !Ref 'rTier2RouteTable1' | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref 'rTier1NatGatewaySubnet1' | |
| rTier2NatGwRoute2: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateTier2NatGatewaySubnet2 | |
| Properties: | |
| RouteTableId: !Ref 'rTier2RouteTable2' | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet2' ] | |
| rTier2NatGwRoute3: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateTier2NatGatewaySubnet3 | |
| Properties: | |
| RouteTableId: !Ref 'rTier2RouteTable3' | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet3' ] | |
| rTier2SubnetRouteTableAssociation1: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateTier2NatGatewaySubnet1 | |
| Properties: | |
| RouteTableId: !Ref 'rTier2RouteTable1' | |
| SubnetId: !Ref 'rTier2Subnet1' | |
| rTier2SubnetRouteTableAssociation2: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateTier2NatGatewaySubnet2 | |
| Properties: | |
| RouteTableId: !Ref 'rTier2RouteTable2' | |
| SubnetId: !Ref 'rTier2Subnet2' | |
| rTier2SubnetRouteTableAssociation3: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateTier2NatGatewaySubnet3 | |
| Properties: | |
| RouteTableId: !Ref 'rTier2RouteTable3' | |
| SubnetId: !Ref 'rTier2Subnet3' | |
| #------------------------------------------------------------------------------ | |
| # Tier 3 | |
| #------------------------------------------------------------------------------ | |
| rTier3Subnet1: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier3Subnet1 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 0 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier3Subnet1Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-1' | |
| rTier3Subnet2: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier3Subnet2 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 1 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier3Subnet2Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-2' | |
| rTier3Subnet3: | |
| Type: AWS::EC2::Subnet | |
| Condition: cCreateTier3Subnet3 | |
| Properties: | |
| AvailabilityZone: !Select | |
| - 2 | |
| - !GetAZs '' | |
| CidrBlock: !Ref 'pTier3Subnet3Cidr' | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-3' | |
| rTier3RouteTable1: | |
| Type: AWS::EC2::RouteTable | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| Condition: cCreateTier3NatGatewaySubnet1 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-1' | |
| rTier3RouteTable2: | |
| Type: AWS::EC2::RouteTable | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| Condition: cCreateTier3NatGatewaySubnet2 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-2' | |
| rTier3RouteTable3: | |
| Type: AWS::EC2::RouteTable | |
| Metadata: | |
| cfn-lint: | |
| config: | |
| ignore_checks: | |
| - E3005 | |
| Condition: cCreateTier3NatGatewaySubnet3 | |
| DependsOn: rInternetGatewayAttachment | |
| Properties: | |
| VpcId: !Ref 'rVpc' | |
| Tags: | |
| - Key: Name | |
| Value: !Sub '${pSystem}-${pVpcName}-${pTier3Name}-3' | |
| rTier3NatGwRoute1: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateTier3NatGatewaySubnet1 | |
| Properties: | |
| RouteTableId: !Ref 'rTier3RouteTable1' | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !Ref 'rTier1NatGatewaySubnet1' | |
| rTier3NatGwRoute2: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateTier3NatGatewaySubnet2 | |
| Properties: | |
| RouteTableId: !Ref 'rTier3RouteTable2' | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet2' ] | |
| rTier3NatGwRoute3: | |
| Type: AWS::EC2::Route | |
| Condition: cCreateTier3NatGatewaySubnet3 | |
| Properties: | |
| RouteTableId: !Ref 'rTier3RouteTable3' | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: !If [ cCreateSingleNatGateway, !Ref 'rTier1NatGatewaySubnet1', !Ref 'rTier1NatGatewaySubnet3' ] | |
| rTier3SubnetRouteTableAssociation1: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateTier3NatGatewaySubnet1 | |
| Properties: | |
| RouteTableId: !Ref 'rTier3RouteTable1' | |
| SubnetId: !Ref 'rTier3Subnet1' | |
| rTier3SubnetRouteTableAssociation2: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateTier3NatGatewaySubnet2 | |
| Properties: | |
| RouteTableId: !Ref 'rTier3RouteTable2' | |
| SubnetId: !Ref 'rTier3Subnet2' | |
| rTier3SubnetRouteTableAssociation3: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Condition: cCreateTier3NatGatewaySubnet3 | |
| Properties: | |
| RouteTableId: !Ref 'rTier3RouteTable3' | |
| SubnetId: !Ref 'rTier3Subnet3' | |
| Outputs: | |
| oVpcId: | |
| Description: VPC ID | |
| Value: !Ref 'rVpc' | |
| Export: | |
| Name: !Sub '${AWS::StackName}::vpc-id' | |
| oTier1Subnet1: | |
| Description: Tier 1 Subnet 1 ID | |
| Value: !Ref 'rTier1Subnet1' | |
| Condition: cCreateTier1Subnet1 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier1Name}-subnet-id-1' | |
| oTier1Subnet2: | |
| Description: Tier 1 Subnet 2 ID | |
| Value: !Ref 'rTier1Subnet2' | |
| Condition: cCreateTier1Subnet2 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier1Name}-subnet-id-2' | |
| oTier1Subnet3: | |
| Description: Tier 1 Subnet 3 ID | |
| Value: !Ref 'rTier1Subnet3' | |
| Condition: cCreateTier1Subnet3 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier1Name}-subnet-id-3' | |
| oTier2Subnet1: | |
| Description: Tier 2 Subnet 1 ID | |
| Value: !Ref 'rTier2Subnet1' | |
| Condition: cCreateTier2Subnet1 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier2Name}-subnet-id-1' | |
| oTier2Subnet2: | |
| Description: Tier 2 Subnet 2 ID | |
| Value: !Ref 'rTier2Subnet2' | |
| Condition: cCreateTier2Subnet2 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier2Name}-subnet-id-2' | |
| oTier2Subnet3: | |
| Description: Tier 2 Subnet 3 ID | |
| Value: !Ref 'rTier2Subnet3' | |
| Condition: cCreateTier2Subnet3 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier2Name}-subnet-id-3' | |
| oTier3Subnet1: | |
| Description: Tier 3 Subnet 1 ID | |
| Value: !Ref 'rTier3Subnet1' | |
| Condition: cCreateTier3Subnet1 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier3Name}-subnet-id-1' | |
| oTier3Subnet2: | |
| Description: Tier 3 Subnet 2 ID | |
| Value: !Ref 'rTier3Subnet2' | |
| Condition: cCreateTier3Subnet2 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier3Name}-subnet-id-2' | |
| oTier3Subnet3: | |
| Description: Tier 3 Subnet 3 ID | |
| Value: !Ref 'rTier3Subnet3' | |
| Condition: cCreateTier3Subnet3 | |
| Export: | |
| Name: !Sub '${AWS::StackName}::${pTier3Name}-subnet-id-3' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment