Skip to content

Commit

Permalink
Forgot to add the actual template
Browse files Browse the repository at this point in the history
  • Loading branch information
@pmt4u
pmt4u committed Oct 3, 2019
1 parent ebd49c0 commit 19ba504
Showing 1 changed file with 327 additions and 0 deletions.
327 changes: 327 additions & 0 deletions control-tower-client-vpc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,327 @@
AWSTemplateFormatVersion: 2010-09-09

Description: This stack creates the underlying infrastructure for the Control Tower Client Account

Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label: VPC and Subnet CIDR configuration
Parameters:
- VPCCIDR
- PublicSubnet1ACIDR
- PublicSubnet1BCIDR
- PrivateSubnet1ACIDR
- PrivateSubnet1BCIDR
- PrivateSubnet2ACIDR
- PrivateSubnet2BCIDR
ParameterLabels:
VPCCIDR: VPC CIDR
PublicSubnet1ACIDR: Public subnet 1A CIDR
PublicSubnet1BCIDR: Public subnet 1A CIDR
PrivateSubnet1ACIDR: Private subnet 1A CIDR
PrivateSubnet1BCIDR: Private subnet 1B CIDR
PrivateSubnet2ACIDR: Private subnet 2A CIDR
PrivateSubnet2BCIDR: Private subnet 2B CIDR

Parameters:
VPCCIDR:
Default: 172.16.0.0/16
Description: CIDR block for the Primary VPC
Type: String
PublicSubnet1ACIDR:
Default: 172.16.16.0/20
Description: CIDR block for public subnet 1A located in Availability Zone 1
Type: String
PublicSubnet1BCIDR:
Default: 172.16.32.0/20
Description: CIDR block for public subnet 1A located in Availability Zone 2
Type: String
PrivateSubnet1ACIDR:
Default: 172.16.48.0/20
Description: CIDR block for private subnet 1A located in Availability Zone 1
Type: String
PrivateSubnet1BCIDR:
Default: 172.16.64.0/20
Description: CIDR block for private subnet 1B located in Availability Zone 2
Type: String
PrivateSubnet2ACIDR:
Default: 172.16.80.0/20
Description: CIDR block for private subnet 2A located in Availability Zone 1
Type: String
PrivateSubnet2BCIDR:
Default: 172.16.96.0/20
Description: CIDR block for private subnet 2B located in Availability Zone 2
Type: String

Resources:
PrimaryVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: !Ref VPCCIDR
Tags:
- Key: Name
Value: PrimaryVPC

PublicSubnet1A:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PrimaryVPC
CidrBlock: !Ref PublicSubnet1ACIDR
AvailabilityZone: !Select
- '0'
- !GetAZs
Ref: 'AWS::Region'
Tags:
- Key: Name
Value: PublicSubnet1A

PublicSubnet1B:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PrimaryVPC
CidrBlock: !Ref PublicSubnet1BCIDR
AvailabilityZone: !Select
- '1'
- !GetAZs
Ref: 'AWS::Region'
Tags:
- Key: Name
Value: PublicSubnet1B

PrivateSubnet1A:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PrimaryVPC
CidrBlock: !Ref PrivateSubnet1ACIDR
AvailabilityZone: !Select
- '0'
- !GetAZs
Ref: 'AWS::Region'
Tags:
- Key: Name
Value: PrivateSubnet1A

PrivateSubnet1B:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PrimaryVPC
CidrBlock: !Ref PrivateSubnet1BCIDR
AvailabilityZone: !Select
- '1'
- !GetAZs
Ref: 'AWS::Region'
Tags:
- Key: Name
Value: PrivateSubnet1B

PrivateSubnet2A:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PrimaryVPC
CidrBlock: !Ref PrivateSubnet2ACIDR
AvailabilityZone: !Select
- '0'
- !GetAZs
Ref: 'AWS::Region'
Tags:
- Key: Name
Value: PrivateSubnet2A

PrivateSubnet2B:
Type: 'AWS::EC2::Subnet'
Properties:
VpcId: !Ref PrimaryVPC
CidrBlock: !Ref PrivateSubnet2BCIDR
AvailabilityZone: !Select
- '1'
- !GetAZs
Ref: 'AWS::Region'
Tags:
- Key: Name
Value: PrivateSubnet2B

PublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref PrimaryVPC
Tags:
- Key: Name
Value: PublicRouteTable

PublicSubnetRouteTableAssociationA:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1A

PublicSubnetRouteTableAssociationB:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref PublicSubnet1B

PrivateRouteTableA:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref PrimaryVPC
Tags:
- Key: Name
Value: PrivateRouteTableA

PrivateRouteTableB:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref PrimaryVPC
Tags:
- Key: Name
Value: PrivateRouteTableB

PrivateRouteTableAssociation1A:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref PrivateRouteTableA
SubnetId: !Ref PrivateSubnet1A

PrivateRouteTableAssociation1B:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref PrivateRouteTableB
SubnetId: !Ref PrivateSubnet1B

PrivateRouteTableAssociation2A:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref PrivateRouteTableA
SubnetId: !Ref PrivateSubnet2A

PrivateRouteTableAssociation2B:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref PrivateRouteTableB
SubnetId: !Ref PrivateSubnet2B

InternetGateway:
Type: AWS::EC2::InternetGateway
DeletionPolicy: Retain
Properties:
Tags:
- Key: Network
Value: Public
- Key: Name
Value: InternetGateway

VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
DeletionPolicy: Retain
Properties:
VpcId: !Ref PrimaryVPC
InternetGatewayId: !Ref InternetGateway

PublicSubnetRoute:
DependsOn: VPCGatewayAttachment
DeletionPolicy: Retain
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway

IAMServiceRoleVPCFlowLogs:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- vpc-flow-logs.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
RoleName: IAMServiceRoleVPCFlowLogs
Policies:
- PolicyName: aws-iamservicerole-vpcflowlogs-policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
- 'logs:DescribeLogGroups'
- 'logs:DescribeLogStreams'
Resource: '*'
Effect: Allow

VPCFlowLogLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub ${AWS::AccountId}-FlowLog
RetentionInDays: 90

VPCFlowLog:
DependsOn: PrimaryVPC
Type: AWS::EC2::FlowLog
Properties:
DeliverLogsPermissionArn: !GetAtt IAMServiceRoleVPCFlowLogs.Arn
LogGroupName: !Ref VPCFlowLogLogGroup
ResourceId: !Ref PrimaryVPC
ResourceType: VPC
TrafficType: ALL

VPCFlowLogStream:
Type: AWS::Logs::LogStream
Properties:
LogGroupName: !Ref VPCFlowLogLogGroup

Outputs:
oVPCClient:
Value: !Ref PrimaryVPC
Export:
Name: oVPCClient

oPublicSubnetRouteTable:
Value: !Ref PublicRouteTable
Export:
Name: oPublicSubnetRouteTable

oPrivateSubnetRouteTableA:
Value: !Ref PrivateRouteTableA
Export:
Name: oPrivateSubnetRouteTableA

oPrivateSubnetRouteTableB:
Value: !Ref PrivateRouteTableB
Export:
Name: oPrivateSubnetRouteTableB

oPublicSubnet1A:
Value: !Ref PublicSubnet1A
Export:
Name: oPublicSubnet1A

oPublicSubnet1B:
Value: !Ref PublicSubnet1B
Export:
Name: oPublicSubnet1B

oPrivateSubnet1A:
Value: !Ref PrivateSubnet1A
Export:
Name: oPrivateSubnet1A

oPrivateSubnet1B:
Value: !Ref PrivateSubnet1B
Export:
Name: oPrivateSubnet1B

oPrivateSubnet2A:
Value: !Ref PrivateSubnet2A
Export:
Name: oPrivateSubnet2A

oPrivateSubnet2B:
Value: !Ref PrivateSubnet2B
Export:
Name: oPrivateSubnet2B

0 comments on commit 19ba504

Please sign in to comment.