Skip to content

Instantly share code, notes, and snippets.

@klang

klang/bettervpc.yaml

Last active February 5, 2021 10:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save klang/fea409d47417ae29ab081918ad3a654d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save klang/fea409d47417ae29ab081918ad3a654d to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. klang revised this gist Feb 5, 2021. 1 changed file with 169 additions and 0 deletions.
    169 changes: 169 additions & 0 deletions bettervpc.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,169 @@
    AWSTemplateFormatVersion: "2010-09-09"
    Description: "Simple VPC with one public subnet and one instance - access via ssm, rds (and port 80)"

    Parameters:
    KeyName:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Name of an existing EC2 KeyPair to enable SSH/RDP access to the instance
    VPCCIDR:
    Type: String
    Description: VPC address range
    Default: 10.15.0.0/16
    PublicSubnetCIDR:
    Type: String
    Description: Public Subnet in VPC
    Default: 10.15.1.0/24
    CompanyWANIP:
    Type: String
    Description: Company WANIP - Format x.x.x.x/32
    Default: 162.158.134.60/32

    Resources:

    ## Infrastructure. VPC, Subnet, InternetGateway, Routes

    VPC:
    Type: AWS::EC2::VPC
    Properties:
    CidrBlock: !Ref VPCCIDR
    InstanceTenancy: default
    Tags:
    - Key: Name
    Value: Simple VPC

    PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
    VpcId: !Ref VPC
    CidrBlock: !Ref PublicSubnetCIDR
    Tags:
    - Key: Name
    Value: Public

    InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
    Tags:
    - Key: Name
    Value: Simple VPC

    InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
    VpcId: !Ref VPC
    InternetGatewayId: !Ref InternetGateway

    RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
    VpcId: !Ref VPC
    Tags:
    - Key: Name
    Value: Public

    RouteAttachment:
    Type: AWS::EC2::Route
    DependsOn:
    - InternetGatewayAttachment
    - RouteTable
    Properties:
    RouteTableId: !Ref RouteTable
    DestinationCidrBlock: "0.0.0.0/0"
    GatewayId: !Ref InternetGateway

    VPCRouteSubnet:
    Type: AWS::EC2::SubnetRouteTableAssociation
    DependsOn: RouteTable
    Properties:
    RouteTableId: !Ref RouteTable
    SubnetId: !Ref PublicSubnet

    ## security groups

    HTTPSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
    VpcId: !Ref VPC
    GroupDescription: http-access-form-everywhere
    SecurityGroupEgress:
    - CidrIp: 0.0.0.0/0
    IpProtocol: "-1"
    SecurityGroupIngress:
    - IpProtocol: tcp
    FromPort: 80
    ToPort: 80

    RDPSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
    VpcId: !Ref VPC
    GroupName: "Basic RDP access from the office"
    GroupDescription: RDP-from-office
    SecurityGroupEgress:
    - CidrIp: 0.0.0.0/0
    IpProtocol: "-1"
    SecurityGroupIngress:
    - IpProtocol: tcp
    FromPort: 3389
    ToPort: 3389
    CidrIp: !Ref CompanyWANIP

    WindowsInstance:
    Type: "AWS::EC2::Instance"
    Properties:
    ImageId: "ami-0a262e3ac12949132"
    KeyName: !Ref KeyName
    Tags:
    - Key: Name
    Value: Windows Server
    InstanceType: "t3.medium"
    Tenancy: "default"
    Monitoring: true
    DisableApiTermination: false
    InstanceInitiatedShutdownBehavior: "stop"
    CreditSpecification:
    CPUCredits: "unlimited"
    EbsOptimized: true
    BlockDeviceMappings:
    -
    DeviceName: "/dev/sda1"
    Ebs:
    VolumeSize: 80
    DeleteOnTermination: true
    VolumeType: "gp2"
    NetworkInterfaces:
    -
    DeviceIndex: 0
    Description: "Primary network interface"
    AssociatePublicIpAddress: true
    DeleteOnTermination: true
    SubnetId: !Ref PublicSubnet
    Ipv6AddressCount: 0
    GroupSet:
    - !Ref HTTPSecurityGroup
    - !Ref RDPSecurityGroup

    SSMInstanceRole:
    Type: AWS::IAM::Role
    Properties:
    RoleName: !Sub "${AWS::StackName}-SSMInstanceProfile"
    Path: "/"
    AssumeRolePolicyDocument:
    Version: '2012-10-17'
    Statement:
    - Action: sts:AssumeRole
    Effect: Allow
    Principal:
    Service:
    - ec2.amazonaws.com
    ManagedPolicyArns:
    - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
    - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore

    SSMInstanceProfile:
    # it takes wierdly long time to create this resource.
    Type: AWS::IAM::InstanceProfile
    Properties:
    Path: "/"
    Roles:
    - !Ref SSMInstanceRole
  2. klang created this gist Feb 5, 2021.
    131 changes: 131 additions & 0 deletions simplevpc.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,131 @@
    AWSTemplateFormatVersion: "2010-09-09"
    Description: "Simple VPC with one public subnet and one instance"

    Parameters:
    KeyName:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    VPCCIDR:
    Type: String
    Description: VPC address range
    Default: 10.15.0.0/16
    PublicSubnetCIDR:
    Type: String
    Description: Public Subnet in VPC
    Default: 10.15.1.0/24
    CompanyWANIP:
    Type: String
    Description: Company WANIP - Format x.x.x.x/32
    Default: 162.158.134.60/32


    Resources:

    ## Infrastructure. VPC, Subnet, InternetGateway, Routes

    VPC:
    Type: AWS::EC2::VPC
    Properties:
    CidrBlock: !Ref VPCCIDR
    InstanceTenancy: default
    Tags:
    - Key: Name
    Value: Simple VPC

    PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
    VpcId: !Ref VPC
    CidrBlock: !Ref PublicSubnetCIDR
    Tags:
    - Key: Name
    Value: Public

    InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
    Tags:
    - Key: Name
    Value: Simple VPC

    InternetGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
    VpcId: !Ref VPC
    InternetGatewayId: !Ref InternetGateway

    RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
    VpcId: !Ref VPC
    Tags:
    - Key: Name
    Value: Public

    RouteAttachment:
    Type: AWS::EC2::Route
    DependsOn:
    - InternetGatewayAttachment
    - RouteTable
    Properties:
    RouteTableId: !Ref RouteTable
    DestinationCidrBlock: "0.0.0.0/0"
    GatewayId: !Ref InternetGateway

    VPCRouteSubnet:
    Type: AWS::EC2::SubnetRouteTableAssociation
    DependsOn: RouteTable
    Properties:
    RouteTableId: !Ref RouteTable
    SubnetId: !Ref PublicSubnet

    ## security groups

    RDPSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
    VpcId: !Ref VPC
    GroupName: "Basic RDP access from the office"
    GroupDescription: RDP-from-office
    SecurityGroupEgress:
    - CidrIp: 0.0.0.0/0
    IpProtocol: "-1"
    SecurityGroupIngress:
    - IpProtocol: tcp
    FromPort: 3389
    ToPort: 3389
    CidrIp: !Ref CompanyWANIP

    WindowsInstance:
    Type: "AWS::EC2::Instance"
    Properties:
    ImageId: "ami-0a174bb076b94a327"
    KeyName: !Ref KeyName
    Tags:
    - Key: Name
    Value: Windows Server
    InstanceType: "t3.medium"
    Tenancy: "default"
    Monitoring: true
    DisableApiTermination: false
    InstanceInitiatedShutdownBehavior: "stop"
    CreditSpecification:
    CPUCredits: "unlimited"
    EbsOptimized: true
    BlockDeviceMappings:
    -
    DeviceName: "/dev/sda1"
    Ebs:
    VolumeSize: 80
    DeleteOnTermination: true
    VolumeType: "gp2"
    NetworkInterfaces:
    -
    DeviceIndex: 0
    Description: "Primary network interface"
    AssociatePublicIpAddress: true
    DeleteOnTermination: true
    SubnetId: !Ref PublicSubnet
    Ipv6AddressCount: 0
    GroupSet:
    - !Ref RDPSecurityGroup