The is a sample CloudFormation template resource file for creating VPC, Security Group, Subnets, DB Subnet Group, Routes, Internet Gateway, NAT Gateway:
##############################################
#
# This file creates custom vpc and below network resources to launch EC2 and lambda.
# vpc
# private subnets
# public subnet
# internet gw
# nat gw
# routes
# security_groups
# db_subnet_group
#
################################################
Parameters:
NormalyzeOnboardingId:
Type: String
Description: Unique identifier for resources
Default: 'DEFAULT_NORMALYZE_ONBOARDING_ID'
# create a VPC and private subnet with 2 availability zones
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: version
Value: v13
- Key: created_by
Value: Normalyze_cft
- Key: used_by
Value: !Join
- ''
- - 'normalyze-'
- !Ref NormalyzeOnboardingId
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Sub "${AWS::Region}a"
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: is_private_subnet
Value: "True"
- Key: created_by
Value: Normalyze_cft
- Key: used_by
Value: !Join
- ''
- - 'normalyze-'
- !Ref NormalyzeOnboardingId
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: !Sub "${AWS::Region}b"
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: is_private_subnet
Value: "True"
- Key: created_by
Value: Normalyze_cft
- Key: used_by
Value: !Join
- ''
- - 'normalyze-'
- !Ref NormalyzeOnboardingId
# create a public subnet with 1 availability zone
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPC
CidrBlock: 10.0.4.0/24
AvailabilityZone: !Sub "${AWS::Region}a"
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: is_public_subnet
Value: "True"
- Key: created_by
Value: Normalyze_cft
# create a Internet gateway
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: created_by
Value: Normalyze_cft
VPCGatewayAttachment:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
# create a NAT gateway
NatGateway:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayEIP.AllocationId
SubnetId: !Ref PublicSubnetA
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: created_by
Value: Normalyze_cft
# create a elastic/static ip for the NAT gateway
NATGatewayEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: created_by
Value: Normalyze_cft
# create a public route table and a route to the internet gateway
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: created_by
Value: Normalyze_cft
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: InternetGateway
# create a private route table and a route to the NAT gateway
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: created_by
Value: Normalyze_cft
PrivateRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NatGateway
RouteTableAssociationPublicSubnetA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnetA
RouteTableId: !Ref PublicRouteTable
RouteTableAssociationPrivateSubnetA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetA
RouteTableId: !Ref PrivateRouteTable
RouteTableAssociationPrivateSubnetB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnetB
RouteTableId: !Ref PrivateRouteTable
# create security group for ec2 and data scan
Ec2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Normalyze EC2 security group
GroupName: Normalyze EC2 security group
VpcId: !Ref VPC
SecurityGroupEgress:
- IpProtocol: "-1"
FromPort: 0
ToPort: 0
CidrIp: "0.0.0.0/0"
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: usage
Value: EC2
- Key: created_by
Value: Normalyze_cft
- Key: used_by
Value: !Join
- ''
- - 'normalyze-'
- !Ref NormalyzeOnboardingId
DataScanSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Normalyze data-scan security group
GroupName: Normalyze data-scan security group
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: "-1"
FromPort: 0
ToPort: 0
SourceSecurityGroupId: !Ref Ec2SecurityGroup
SecurityGroupEgress:
- IpProtocol: "-1"
FromPort: 0
ToPort: 0
CidrIp: "0.0.0.0/0"
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: usage
Value: RDS
- Key: created_by
Value: Normalyze_cft
- Key: used_by
Value: !Join
- ''
- - 'normalyze-'
- !Ref NormalyzeOnboardingId
# create a db subnet group for rds
DbSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupName: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
DBSubnetGroupDescription: Normalyze RDS subnet group
SubnetIds:
- !Ref PrivateSubnetA
- !Ref PrivateSubnetB
Tags:
- Key: Name
Value: !Join
- ''
- - 'Normalyze-'
- !Ref NormalyzeOnboardingId
- Key: usage
Value: RDS
- Key: created_by
Value: Normalyze_cft