stackit 0.1.7 → 0.1.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/stackit/cli/stack_cli.rb +2 -0
  3. data/lib/stackit/stack/managed_stack.rb +11 -10
  4. data/lib/stackit/version.rb +1 -1
  5. data/templates/vpc-tiered.json +1050 -0
  6. data/templates/vpc-tiered.parameters +90 -0
  7. data/templates/vpc.json +614 -0
  8. data/templates/vpc.parameters +54 -0
  9. data/templates/vpn.json +258 -0
  10. data/templates/vpn.parameters +70 -0
  11. metadata +8 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 376c009d8b1dc4acd9857ddd96121935a46260de
4
- data.tar.gz: e850d0f6dc207dd5e56b1b1b4f46911b1bf3b022
3
+ metadata.gz: 33bad9d7a59c02a98816dcd1b5d66f3bdf1f926f
4
+ data.tar.gz: bdc19bd454463d43451b9814d5577988281d7aed
5
5
  SHA512:
6
- metadata.gz: cf63e60888843e5ce0702cbdbaa909dea98c92bccc234cd0c9de0178c3a2754fded5d6d9025e2002fda12f8623c473f865a1c9d14cd343654c7c8012b2caf60d
7
- data.tar.gz: b39fafa969cfa402d0715b27b846d2390bc254d8a516407ed170e91de0672b92c6426f112febac870394bfa9abb43820fe0a23ce05529b3d32d617e6d40a3087
6
+ metadata.gz: c079aa965096fc179aac39e373f9db79e348284d3bf201884c89514696f2c710ac452e9f948db936da2dcccb78f88707739190c5bbd560b476a177b6a1636b5b
7
+ data.tar.gz: 9bbe58a0e50948d4676e7870963ea606c0a62ba92726291738aa42e3cd723980cf869c029afb011f1aa7286613410449095175a5f940861ef489ce662eb91b0b
data/lib/stackit/cli/stack_cli.rb CHANGED
@@ -17,6 +17,7 @@ module Stackit
17
17
  method_option :parameters, aliases: '-p', type: :hash, desc: 'Parameters supplied to the cloudformation template', default: {}
18
18
  method_option :parameters_file, desc: 'Parameters supplied to the cloudformation template'
19
19
  method_option :parameter_map, :aliases => '-pm', type: :hash, default: {}, desc: 'Parameter map used to direct dependent parameter values to stack template parameters'
20
+ method_option :disable_rollback, :type => :boolean, :default => false, :desc => 'Disable cloudformation rollback when creation fails'
20
21
  method_option :wait, :aliases => '-w', type: :boolean, default: false, desc: 'Wait for the stack to enter STATUS_COMPLETE before returning or raise an exception if it times out'
21
22
  method_option :force, :desc => 'Force a stack update on unchanged templates'
22
23
  method_option :dry_run, :type => :boolean, :default => false, :desc => 'Run all code except AWS API calls'
@@ -45,6 +46,7 @@ module Stackit
45
46
  method_option :parameters, aliases: '-p', type: :hash, desc: 'Parameters supplied to the cloudformation template', default: {}
46
47
  method_option :parameters_file, desc: 'Parameters supplied to the cloudformation template'
47
48
  method_option :parameter_map, :aliases => '-pm', type: :hash, default: {}, desc: 'Parameter map used to direct dependent parameter values to stack template parameters'
49
+ method_option :disable_rollback, :type => :boolean, :default => false, :desc => 'Disable cloudformation rollback when update fails'
48
50
  method_option :wait, :aliases => '-w', type: :boolean, default: false, desc: 'Wait for the stack to enter STATUS_COMPLETE before returning or raise an exception if it times out'
49
51
  method_option :force, :desc => 'Force a stack update on unchanged templates'
50
52
  method_option :dry_run, :type => :boolean, :default => false, :desc => 'Run all code except AWS API calls'
data/lib/stackit/stack/managed_stack.rb CHANGED
@@ -14,16 +14,17 @@ module Stackit
14
14
 
15
15
  def initialize(options={})
16
16
  super(options)
17
- @template = create_template(options[:template])
18
- @user_defined_parameters = symbolized_user_defined_parameters(options[:user_defined_parameters])
19
- @parameter_map = symbolized_parameter_map(options[:parameter_map])
20
- @stack_name = options[:stack_name] || default_stack_name
21
- @depends = options[:depends] || []
22
- @debug = !!options[:debug] || Stackit.debug
23
- @force = options[:force]
24
- @wait = options[:wait]
25
- @dry_run = options[:dry_run]
26
- @notifier = options[:notifier] || Stackit::ThorNotifier.new
17
+ self.template = create_template(options[:template])
18
+ self.user_defined_parameters = symbolized_user_defined_parameters(options[:user_defined_parameters])
19
+ self.parameter_map = symbolized_parameter_map(options[:parameter_map])
20
+ self.stack_name = options[:stack_name] || default_stack_name
21
+ self.depends = options[:depends] || []
22
+ self.disable_rollback = self.debug ? true : !!options[:disable_rollback]
23
+ self.debug = !!options[:debug] || Stackit.debug
24
+ self.force = options[:force]
25
+ self.wait = options[:wait]
26
+ self.dry_run = options[:dry_run]
27
+ self.notifier = options[:notifier] || Stackit::ThorNotifier.new
27
28
  parse_file_parameters(options[:parameters_file]) if options[:parameters_file]
28
29
  create_stack_policy(options[:stack_policy])
29
30
  create_stack_policy_during_update(options[:stack_policy_during_update])
data/lib/stackit/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Stackit
2
- VERSION = "0.1.7"
2
+ VERSION = "0.1.9"
3
3
  end
data/templates/vpc-tiered.json ADDED
@@ -0,0 +1,1050 @@
1
+ {
2
+ "AWSTemplateFormatVersion" : "2010-09-09",
3
+
4
+ "Description" : "StackIT VPC",
5
+
6
+ "Parameters" : {
7
+
8
+ "VpcName": {
9
+ "Description" : "The friendly name to assign to the VPC",
10
+ "Type": "String",
11
+ "MinLength": "1",
12
+ "MaxLength": "255",
13
+ "AllowedPattern" : "[-_ a-zA-Z0-9]*",
14
+ "ConstraintDescription" : "can contain only ASCII characters."
15
+ },
16
+
17
+ "RemoteAdminNetwork" : {
18
+ "Description" : "WAN IP address/range of a remote administration network",
19
+ "Type": "String",
20
+ "MinLength": "9",
21
+ "MaxLength": "18",
22
+ "Default": "127.0.0.1/32",
23
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
24
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
25
+ },
26
+
27
+ "VpcCidrNetwork" : {
28
+ "Description" : "The VPC network allocation",
29
+ "Type": "String",
30
+ "MinLength": "9",
31
+ "MaxLength": "18",
32
+ "Default": "172.16.0.0/16",
33
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
34
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
35
+ },
36
+
37
+ "PublicCidrAZ1" : {
38
+ "Description" : "The public subnet network in availability zone 1",
39
+ "Type": "String",
40
+ "MinLength": "9",
41
+ "MaxLength": "18",
42
+ "Default": "172.16.110.0/24",
43
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
44
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
45
+ },
46
+
47
+ "PublicCidrAZ2" : {
48
+ "Description" : "The public subnet network in availability zone 2",
49
+ "Type": "String",
50
+ "MinLength": "9",
51
+ "MaxLength": "18",
52
+ "Default": "172.16.120.0/24",
53
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
54
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
55
+ },
56
+
57
+ "PublicCidrAZ3" : {
58
+ "Description" : "The public subnet network in availability zone 3",
59
+ "Type": "String",
60
+ "MinLength": "9",
61
+ "MaxLength": "18",
62
+ "Default": "172.16.130.0/24",
63
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
64
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
65
+ },
66
+
67
+ "WebTierCidrAZ1" : {
68
+ "Description" : "The private web tier in availability zone 1",
69
+ "Type": "String",
70
+ "MinLength": "9",
71
+ "MaxLength": "18",
72
+ "Default": "172.16.111.0/24",
73
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
74
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
75
+ },
76
+
77
+ "WebTierCidrAZ2" : {
78
+ "Description" : "The private web tier in availability zone 2",
79
+ "Type": "String",
80
+ "MinLength": "9",
81
+ "MaxLength": "18",
82
+ "Default": "172.16.121.0/24",
83
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
84
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
85
+ },
86
+
87
+ "WebTierCidrAZ3" : {
88
+ "Description" : "The private web tier in availability zone 3",
89
+ "Type": "String",
90
+ "MinLength": "9",
91
+ "MaxLength": "18",
92
+ "Default": "172.16.131.0/24",
93
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
94
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
95
+ },
96
+
97
+ "AppTierCidrAZ1" : {
98
+ "Description" : "The private app tier in availability zone 1",
99
+ "Type": "String",
100
+ "MinLength": "9",
101
+ "MaxLength": "18",
102
+ "Default": "172.16.112.0/24",
103
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
104
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
105
+ },
106
+
107
+ "AppTierCidrAZ2" : {
108
+ "Description" : "The private app tier in availability zone 2",
109
+ "Type": "String",
110
+ "MinLength": "9",
111
+ "MaxLength": "18",
112
+ "Default": "172.16.122.0/24",
113
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
114
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
115
+ },
116
+
117
+ "AppTierCidrAZ3" : {
118
+ "Description" : "The private app tier in availability zone 3",
119
+ "Type": "String",
120
+ "MinLength": "9",
121
+ "MaxLength": "18",
122
+ "Default": "172.16.132.0/24",
123
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
124
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
125
+ },
126
+
127
+ "DatabaseTierCidrAZ1" : {
128
+ "Description" : "The private database tier in availability zone 1",
129
+ "Type": "String",
130
+ "MinLength": "9",
131
+ "MaxLength": "18",
132
+ "Default": "172.16.113.0/24",
133
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
134
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
135
+ },
136
+
137
+ "DatabaseTierCidrAZ2" : {
138
+ "Description" : "The private database tier in availability zone 2",
139
+ "Type": "String",
140
+ "MinLength": "9",
141
+ "MaxLength": "18",
142
+ "Default": "172.16.123.0/24",
143
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
144
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
145
+ },
146
+
147
+ "DatabaseTierCidrAZ3" : {
148
+ "Description" : "The private database tier in availability zone 3",
149
+ "Type": "String",
150
+ "MinLength": "9",
151
+ "MaxLength": "18",
152
+ "Default": "172.16.133.0/24",
153
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
154
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
155
+ },
156
+
157
+ "AdministrationTierCidrAZ1" : {
158
+ "Description" : "The private administration tier in availability zone 1",
159
+ "Type": "String",
160
+ "MinLength": "9",
161
+ "MaxLength": "18",
162
+ "Default": "172.16.114.0/24",
163
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
164
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
165
+ },
166
+
167
+ "AdministrationTierCidrAZ2" : {
168
+ "Description" : "The private administration tier in availability zone 2",
169
+ "Type": "String",
170
+ "MinLength": "9",
171
+ "MaxLength": "18",
172
+ "Default": "172.16.124.0/24",
173
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
174
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
175
+ },
176
+
177
+ "AdministrationTierCidrAZ3" : {
178
+ "Description" : "The private administration tier in availability zone 3",
179
+ "Type": "String",
180
+ "MinLength": "9",
181
+ "MaxLength": "18",
182
+ "Default": "172.16.134.0/24",
183
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
184
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
185
+ },
186
+
187
+ "VpcAvailabilityZone1" : {
188
+ "Description" : "Availability zone 1",
189
+ "Type": "String",
190
+ "MinLength": "10",
191
+ "Default": "us-east-1a"
192
+ },
193
+
194
+ "VpcAvailabilityZone2" : {
195
+ "Description" : "Availability zone 2",
196
+ "Type": "String",
197
+ "MinLength": "10",
198
+ "Default": "us-east-1c"
199
+ },
200
+
201
+ "VpcAvailabilityZone3" : {
202
+ "Description" : "Availability zone 3",
203
+ "Type": "String",
204
+ "MinLength": "10",
205
+ "Default": "us-east-1d"
206
+ },
207
+
208
+ "DevOpsBucketName": {
209
+ "Type": "String",
210
+ "MinLength": "1",
211
+ "MaxLength": "255",
212
+ "Description": "Bucket name where devops automation artifacts are stored",
213
+ "Default": "devops-automation"
214
+ }
215
+
216
+ },
217
+
218
+ "Resources" : {
219
+
220
+ "Vpc" : {
221
+ "Type" : "AWS::EC2::VPC",
222
+ "Properties" : {
223
+ "EnableDnsSupport" : "true",
224
+ "EnableDnsHostnames": "true",
225
+ "CidrBlock" : { "Ref" : "VpcCidrNetwork" },
226
+ "Tags" : [
227
+ { "Key" : "Name", "Value" : { "Ref" : "VpcName" } }
228
+ ]
229
+ }
230
+ },
231
+
232
+ "InternetGateway" : {
233
+ "Type" : "AWS::EC2::InternetGateway",
234
+ "Properties" : {
235
+ "Tags" : [
236
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-igw" ] ] } }
237
+ ]
238
+ }
239
+ },
240
+
241
+ "AttachGateway" : {
242
+ "Type" : "AWS::EC2::VPCGatewayAttachment",
243
+ "Properties" : {
244
+ "VpcId" : { "Ref" : "Vpc" },
245
+ "InternetGatewayId" : { "Ref" : "InternetGateway" }
246
+ }
247
+ },
248
+
249
+ "PublicRouteTable" : {
250
+ "Type" : "AWS::EC2::RouteTable",
251
+ "Properties" : {
252
+ "VpcId" : {"Ref" : "Vpc"},
253
+ "Tags" : [
254
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public" ] ] } }
255
+ ]
256
+ }
257
+ },
258
+
259
+ "PrivateRouteTableAZ1" : {
260
+ "Type" : "AWS::EC2::RouteTable",
261
+ "Properties" : {
262
+ "VpcId" : {"Ref" : "Vpc"},
263
+ "Tags" : [
264
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az1" ] ] } }
265
+ ]
266
+ }
267
+ },
268
+
269
+ "PrivateRouteTableAZ2" : {
270
+ "Type" : "AWS::EC2::RouteTable",
271
+ "Properties" : {
272
+ "VpcId" : {"Ref" : "Vpc"},
273
+ "Tags" : [
274
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az2" ] ] } }
275
+ ]
276
+ }
277
+ },
278
+
279
+ "PrivateRouteTableAZ3" : {
280
+ "Type" : "AWS::EC2::RouteTable",
281
+ "Properties" : {
282
+ "VpcId" : {"Ref" : "Vpc"},
283
+ "Tags" : [
284
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az3" ] ] } }
285
+ ]
286
+ }
287
+ },
288
+
289
+ "DefaultPublicRoute" : {
290
+ "Type" : "AWS::EC2::Route",
291
+ "DependsOn" : "AttachGateway",
292
+ "Properties" : {
293
+ "RouteTableId" : { "Ref" : "PublicRouteTable" },
294
+ "DestinationCidrBlock" : "0.0.0.0/0",
295
+ "GatewayId" : { "Ref" : "InternetGateway" }
296
+ }
297
+ },
298
+
299
+ "PublicNetworkAcl" : {
300
+ "Type" : "AWS::EC2::NetworkAcl",
301
+ "Properties" : {
302
+ "VpcId" : {"Ref" : "Vpc"},
303
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-tier" ] ] } } ]
304
+ }
305
+ },
306
+
307
+ "InboundIcmpPublicNetworkAclEntry" : {
308
+ "Type" : "AWS::EC2::NetworkAclEntry",
309
+ "Properties" : {
310
+ "NetworkAclId" : {"Ref" : "PublicNetworkAcl"},
311
+ "RuleNumber" : "1",
312
+ "Protocol" : "1",
313
+ "RuleAction" : "allow",
314
+ "Egress" : "false",
315
+ "CidrBlock" : "0.0.0.0/0",
316
+ "Icmp" : { "Code" : "-1", "Type" : "-1" },
317
+ "PortRange" : {"From" : "0", "To" : "65535"}
318
+ }
319
+ },
320
+
321
+ "InboundAllTrafficPublicNetworkAclEntry" : {
322
+ "Type" : "AWS::EC2::NetworkAclEntry",
323
+ "Properties" : {
324
+ "NetworkAclId" : {"Ref" : "PublicNetworkAcl"},
325
+ "RuleNumber" : "1000",
326
+ "Protocol" : "-1",
327
+ "RuleAction" : "allow",
328
+ "Egress" : "false",
329
+ "CidrBlock" : "0.0.0.0/0",
330
+ "PortRange" : {"From" : "0", "To" : "65535"}
331
+ }
332
+ },
333
+
334
+ "OutboundAllTrafficPublicNetworkAclEntry" : {
335
+ "Type" : "AWS::EC2::NetworkAclEntry",
336
+ "Properties" : {
337
+ "NetworkAclId" : {"Ref" : "PublicNetworkAcl"},
338
+ "RuleNumber" : "1000",
339
+ "Protocol" : "-1",
340
+ "RuleAction" : "allow",
341
+ "Egress" : "true",
342
+ "CidrBlock" : "0.0.0.0/0",
343
+ "PortRange" : {"From" : "0", "To" : "65535"}
344
+ }
345
+ },
346
+
347
+ "PublicSubnetAZ1" : {
348
+ "Type" : "AWS::EC2::Subnet",
349
+ "Properties" : {
350
+ "VpcId" : { "Ref" : "Vpc" },
351
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
352
+ "CidrBlock" : { "Ref" : "PublicCidrAZ1" },
353
+ "Tags" : [
354
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-az1" ] ] } }
355
+ ]
356
+ }
357
+ },
358
+
359
+ "PublicSubnetAZ2" : {
360
+ "Type" : "AWS::EC2::Subnet",
361
+ "Properties" : {
362
+ "VpcId" : { "Ref" : "Vpc" },
363
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
364
+ "CidrBlock" : { "Ref" : "PublicCidrAZ2" },
365
+ "Tags" : [
366
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-az2" ] ] } }
367
+ ]
368
+ }
369
+ },
370
+
371
+ "PublicSubnetAZ3" : {
372
+ "Type" : "AWS::EC2::Subnet",
373
+ "Properties" : {
374
+ "VpcId" : { "Ref" : "Vpc" },
375
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
376
+ "CidrBlock" : { "Ref" : "PublicCidrAZ3" },
377
+ "Tags" : [
378
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-az3" ] ] } }
379
+ ]
380
+ }
381
+ },
382
+
383
+ "PublicSubnetAZ1RouteTableAssociation" : {
384
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
385
+ "Properties" : {
386
+ "SubnetId" : { "Ref" : "PublicSubnetAZ1" },
387
+ "RouteTableId" : { "Ref" : "PublicRouteTable" }
388
+ }
389
+ },
390
+
391
+ "PublicSubnetAZ2RouteTableAssociation" : {
392
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
393
+ "Properties" : {
394
+ "SubnetId" : { "Ref" : "PublicSubnetAZ2" },
395
+ "RouteTableId" : { "Ref" : "PublicRouteTable" }
396
+ }
397
+ },
398
+
399
+ "PublicSubnetAZ3RouteTableAssociation" : {
400
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
401
+ "Properties" : {
402
+ "SubnetId" : { "Ref" : "PublicSubnetAZ3" },
403
+ "RouteTableId" : { "Ref" : "PublicRouteTable" }
404
+ }
405
+ },
406
+
407
+ "PublicSubnetAZ1NetworkAclAssociation" : {
408
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
409
+ "Properties" : {
410
+ "SubnetId" : { "Ref" : "PublicSubnetAZ1" },
411
+ "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
412
+ }
413
+ },
414
+
415
+ "PublicSubnetAZ2NetworkAclAssociation" : {
416
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
417
+ "Properties" : {
418
+ "SubnetId" : { "Ref" : "PublicSubnetAZ2" },
419
+ "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
420
+ }
421
+ },
422
+
423
+ "PublicSubnetAZ3NetworkAclAssociation" : {
424
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
425
+ "Properties" : {
426
+ "SubnetId" : { "Ref" : "PublicSubnetAZ3" },
427
+ "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
428
+ }
429
+ },
430
+
431
+ "WebTierNetworkAcl" : {
432
+ "Type" : "AWS::EC2::NetworkAcl",
433
+ "Properties" : {
434
+ "VpcId" : {"Ref" : "Vpc"},
435
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-web-tier" ] ] } }]
436
+ }
437
+ },
438
+
439
+ "InboundAllTrafficWebTierNetworkAclEntry" : {
440
+ "Type" : "AWS::EC2::NetworkAclEntry",
441
+ "Properties" : {
442
+ "NetworkAclId" : {"Ref" : "WebTierNetworkAcl"},
443
+ "RuleNumber" : "1000",
444
+ "Protocol" : "-1",
445
+ "RuleAction" : "allow",
446
+ "Egress" : "false",
447
+ "CidrBlock" : "0.0.0.0/0",
448
+ "PortRange" : {"From" : "0", "To" : "65535"}
449
+ }
450
+ },
451
+
452
+ "OutboundAllTrafficWebTierNetworkAclEntry" : {
453
+ "Type" : "AWS::EC2::NetworkAclEntry",
454
+ "Properties" : {
455
+ "NetworkAclId" : {"Ref" : "WebTierNetworkAcl"},
456
+ "RuleNumber" : "1000",
457
+ "Protocol" : "-1",
458
+ "RuleAction" : "allow",
459
+ "Egress" : "true",
460
+ "CidrBlock" : "0.0.0.0/0",
461
+ "PortRange" : {"From" : "0", "To" : "65535"}
462
+ }
463
+ },
464
+
465
+ "WebTierSubnetAZ1" : {
466
+ "Type" : "AWS::EC2::Subnet",
467
+ "Properties" : {
468
+ "VpcId" : { "Ref" : "Vpc" },
469
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
470
+ "CidrBlock" : { "Ref" : "WebTierCidrAZ1" },
471
+ "Tags" : [
472
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-web-az1" ] ] } }
473
+ ]
474
+ }
475
+ },
476
+
477
+ "WebTierSubnetAZ2" : {
478
+ "Type" : "AWS::EC2::Subnet",
479
+ "Properties" : {
480
+ "VpcId" : { "Ref" : "Vpc" },
481
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
482
+ "CidrBlock" : { "Ref" : "WebTierCidrAZ2" },
483
+ "Tags" : [
484
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-web-az2" ] ] } }
485
+ ]
486
+ }
487
+ },
488
+
489
+ "WebTierSubnetAZ3" : {
490
+ "Type" : "AWS::EC2::Subnet",
491
+ "Properties" : {
492
+ "VpcId" : { "Ref" : "Vpc" },
493
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
494
+ "CidrBlock" : { "Ref" : "WebTierCidrAZ3" },
495
+ "Tags" : [
496
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-web-az3" ] ] } }
497
+ ]
498
+ }
499
+ },
500
+
501
+ "WebTierSubnetAZ1RouteTableAssociation" : {
502
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
503
+ "Properties" : {
504
+ "SubnetId" : { "Ref" : "WebTierSubnetAZ1" },
505
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" }
506
+ }
507
+ },
508
+
509
+ "WebTierSubnetAZ2RouteTableAssociation" : {
510
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
511
+ "Properties" : {
512
+ "SubnetId" : { "Ref" : "WebTierSubnetAZ2" },
513
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" }
514
+ }
515
+ },
516
+
517
+ "WebTierSubnetAZ3RouteTableAssociation" : {
518
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
519
+ "Properties" : {
520
+ "SubnetId" : { "Ref" : "WebTierSubnetAZ3" },
521
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" }
522
+ }
523
+ },
524
+
525
+ "WebTierSubnetAZ1NetworkAclAssociation" : {
526
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
527
+ "Properties" : {
528
+ "SubnetId" : { "Ref" : "WebTierSubnetAZ1" },
529
+ "NetworkAclId" : { "Ref" : "WebTierNetworkAcl" }
530
+ }
531
+ },
532
+
533
+ "WebTierAZ2NetworkAclAssociation" : {
534
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
535
+ "Properties" : {
536
+ "SubnetId" : { "Ref" : "WebTierSubnetAZ2" },
537
+ "NetworkAclId" : { "Ref" : "WebTierNetworkAcl" }
538
+ }
539
+ },
540
+
541
+ "WebTierSubnetAZ3NetworkAclAssociation" : {
542
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
543
+ "Properties" : {
544
+ "SubnetId" : { "Ref" : "WebTierSubnetAZ3" },
545
+ "NetworkAclId" : { "Ref" : "WebTierNetworkAcl" }
546
+ }
547
+ },
548
+
549
+ "AppTierNetworkAcl" : {
550
+ "Type" : "AWS::EC2::NetworkAcl",
551
+ "Properties" : {
552
+ "VpcId" : {"Ref" : "Vpc"},
553
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-app-tier" ] ] } }]
554
+ }
555
+ },
556
+
557
+ "InboundAllTrafficAppTierNetworkAclEntry" : {
558
+ "Type" : "AWS::EC2::NetworkAclEntry",
559
+ "Properties" : {
560
+ "NetworkAclId" : {"Ref" : "AppTierNetworkAcl"},
561
+ "RuleNumber" : "1000",
562
+ "Protocol" : "-1",
563
+ "RuleAction" : "allow",
564
+ "Egress" : "false",
565
+ "CidrBlock" : "0.0.0.0/0",
566
+ "PortRange" : {"From" : "0", "To" : "65535"}
567
+ }
568
+ },
569
+
570
+ "OutboundAllTrafficAppTierNetworkAclEntry" : {
571
+ "Type" : "AWS::EC2::NetworkAclEntry",
572
+ "Properties" : {
573
+ "NetworkAclId" : {"Ref" : "AppTierNetworkAcl"},
574
+ "RuleNumber" : "1000",
575
+ "Protocol" : "-1",
576
+ "RuleAction" : "allow",
577
+ "Egress" : "true",
578
+ "CidrBlock" : "0.0.0.0/0",
579
+ "PortRange" : {"From" : "0", "To" : "65535"}
580
+ }
581
+ },
582
+
583
+ "AppTierSubnetAZ1" : {
584
+ "Type" : "AWS::EC2::Subnet",
585
+ "Properties" : {
586
+ "VpcId" : { "Ref" : "Vpc" },
587
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
588
+ "CidrBlock" : { "Ref" : "AppTierCidrAZ1" },
589
+ "Tags" : [
590
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-app-az1" ] ] } }
591
+ ]
592
+ }
593
+ },
594
+
595
+ "AppTierSubnetAZ2" : {
596
+ "Type" : "AWS::EC2::Subnet",
597
+ "Properties" : {
598
+ "VpcId" : { "Ref" : "Vpc" },
599
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
600
+ "CidrBlock" : { "Ref" : "AppTierCidrAZ2" },
601
+ "Tags" : [
602
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-app-az2" ] ] } }
603
+ ]
604
+ }
605
+ },
606
+
607
+ "AppTierSubnetAZ3" : {
608
+ "Type" : "AWS::EC2::Subnet",
609
+ "Properties" : {
610
+ "VpcId" : { "Ref" : "Vpc" },
611
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
612
+ "CidrBlock" : { "Ref" : "AppTierCidrAZ3" },
613
+ "Tags" : [
614
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-app-az3" ] ] } }
615
+ ]
616
+ }
617
+ },
618
+
619
+ "AppTierSubnetAZ1RouteTableAssociation" : {
620
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
621
+ "Properties" : {
622
+ "SubnetId" : { "Ref" : "AppTierSubnetAZ1" },
623
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" }
624
+ }
625
+ },
626
+
627
+ "AppTierSubnetAZ2RouteTableAssociation" : {
628
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
629
+ "Properties" : {
630
+ "SubnetId" : { "Ref" : "AppTierSubnetAZ2" },
631
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" }
632
+ }
633
+ },
634
+
635
+ "AppTierSubnetAZ3RouteTableAssociation" : {
636
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
637
+ "Properties" : {
638
+ "SubnetId" : { "Ref" : "AppTierSubnetAZ3" },
639
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" }
640
+ }
641
+ },
642
+
643
+ "AppTierSubnetAZ1NetworkAclAssociation" : {
644
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
645
+ "Properties" : {
646
+ "SubnetId" : { "Ref" : "AppTierSubnetAZ1" },
647
+ "NetworkAclId" : { "Ref" : "AppTierNetworkAcl" }
648
+ }
649
+ },
650
+
651
+ "AppTierAZ2NetworkAclAssociation" : {
652
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
653
+ "Properties" : {
654
+ "SubnetId" : { "Ref" : "AppTierSubnetAZ2" },
655
+ "NetworkAclId" : { "Ref" : "AppTierNetworkAcl" }
656
+ }
657
+ },
658
+
659
+ "AppTierSubnetAZ3NetworkAclAssociation" : {
660
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
661
+ "Properties" : {
662
+ "SubnetId" : { "Ref" : "AppTierSubnetAZ3" },
663
+ "NetworkAclId" : { "Ref" : "AppTierNetworkAcl" }
664
+ }
665
+ },
666
+
667
+ "DatabaseTierNetworkAcl" : {
668
+ "Type" : "AWS::EC2::NetworkAcl",
669
+ "Properties" : {
670
+ "VpcId" : {"Ref" : "Vpc"},
671
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-database-tier" ] ] } }]
672
+ }
673
+ },
674
+
675
+ "InboundAllTrafficDatabaseTierNetworkAclEntry" : {
676
+ "Type" : "AWS::EC2::NetworkAclEntry",
677
+ "Properties" : {
678
+ "NetworkAclId" : {"Ref" : "DatabaseTierNetworkAcl"},
679
+ "RuleNumber" : "1000",
680
+ "Protocol" : "-1",
681
+ "RuleAction" : "allow",
682
+ "Egress" : "false",
683
+ "CidrBlock" : "0.0.0.0/0",
684
+ "PortRange" : {"From" : "0", "To" : "65535"}
685
+ }
686
+ },
687
+
688
+ "OutboundAllTrafficDatabaseTierNetworkAclEntry" : {
689
+ "Type" : "AWS::EC2::NetworkAclEntry",
690
+ "Properties" : {
691
+ "NetworkAclId" : {"Ref" : "DatabaseTierNetworkAcl"},
692
+ "RuleNumber" : "1000",
693
+ "Protocol" : "-1",
694
+ "RuleAction" : "allow",
695
+ "Egress" : "true",
696
+ "CidrBlock" : "0.0.0.0/0",
697
+ "PortRange" : {"From" : "0", "To" : "65535"}
698
+ }
699
+ },
700
+
701
+ "DatabaseTierSubnetAZ1" : {
702
+ "Type" : "AWS::EC2::Subnet",
703
+ "Properties" : {
704
+ "VpcId" : { "Ref" : "Vpc" },
705
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
706
+ "CidrBlock" : { "Ref" : "DatabaseTierCidrAZ1" },
707
+ "Tags" : [
708
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-database-az1" ] ] } }
709
+ ]
710
+ }
711
+ },
712
+
713
+ "DatabaseTierSubnetAZ2" : {
714
+ "Type" : "AWS::EC2::Subnet",
715
+ "Properties" : {
716
+ "VpcId" : { "Ref" : "Vpc" },
717
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
718
+ "CidrBlock" : { "Ref" : "DatabaseTierCidrAZ2" },
719
+ "Tags" : [
720
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-database-az2" ] ] } }
721
+ ]
722
+ }
723
+ },
724
+
725
+ "DatabaseTierSubnetAZ3" : {
726
+ "Type" : "AWS::EC2::Subnet",
727
+ "Properties" : {
728
+ "VpcId" : { "Ref" : "Vpc" },
729
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
730
+ "CidrBlock" : { "Ref" : "DatabaseTierCidrAZ3" },
731
+ "Tags" : [
732
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-database-az3" ] ] } }
733
+ ]
734
+ }
735
+ },
736
+
737
+ "DatabaseTierSubnetAZ1RouteTableAssociation" : {
738
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
739
+ "Properties" : {
740
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ1" },
741
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" }
742
+ }
743
+ },
744
+
745
+ "DatabaseTierSubnetAZ2RouteTableAssociation" : {
746
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
747
+ "Properties" : {
748
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ2" },
749
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" }
750
+ }
751
+ },
752
+
753
+ "DatabaseTierSubnetAZ3RouteTableAssociation" : {
754
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
755
+ "Properties" : {
756
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ3" },
757
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" }
758
+ }
759
+ },
760
+
761
+ "DatabaseTierSubnetAZ1NetworkAclAssociation" : {
762
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
763
+ "Properties" : {
764
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ1" },
765
+ "NetworkAclId" : { "Ref" : "DatabaseTierNetworkAcl" }
766
+ }
767
+ },
768
+
769
+ "DatabaseTierAZ2NetworkAclAssociation" : {
770
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
771
+ "Properties" : {
772
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ2" },
773
+ "NetworkAclId" : { "Ref" : "DatabaseTierNetworkAcl" }
774
+ }
775
+ },
776
+
777
+ "DatabaseTierSubnetAZ3NetworkAclAssociation" : {
778
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
779
+ "Properties" : {
780
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ3" },
781
+ "NetworkAclId" : { "Ref" : "DatabaseTierNetworkAcl" }
782
+ }
783
+ },
784
+
785
+ "AdministrationTierNetworkAcl" : {
786
+ "Type" : "AWS::EC2::NetworkAcl",
787
+ "Properties" : {
788
+ "VpcId" : {"Ref" : "Vpc"},
789
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-administration-tier" ] ] } }]
790
+ }
791
+ },
792
+
793
+ "InboundAllTrafficAdministrationTierNetworkAclEntry" : {
794
+ "Type" : "AWS::EC2::NetworkAclEntry",
795
+ "Properties" : {
796
+ "NetworkAclId" : {"Ref" : "DatabaseTierNetworkAcl"},
797
+ "RuleNumber" : "1000",
798
+ "Protocol" : "-1",
799
+ "RuleAction" : "allow",
800
+ "Egress" : "false",
801
+ "CidrBlock" : "0.0.0.0/0",
802
+ "PortRange" : {"From" : "0", "To" : "65535"}
803
+ }
804
+ },
805
+
806
+ "OutboundAllTrafficAdministrationTierNetworkAclEntry" : {
807
+ "Type" : "AWS::EC2::NetworkAclEntry",
808
+ "Properties" : {
809
+ "NetworkAclId" : {"Ref" : "DatabaseTierNetworkAcl"},
810
+ "RuleNumber" : "1000",
811
+ "Protocol" : "-1",
812
+ "RuleAction" : "allow",
813
+ "Egress" : "true",
814
+ "CidrBlock" : "0.0.0.0/0",
815
+ "PortRange" : {"From" : "0", "To" : "65535"}
816
+ }
817
+ },
818
+
819
+ "AdministrationTierSubnetAZ1" : {
820
+ "Type" : "AWS::EC2::Subnet",
821
+ "Properties" : {
822
+ "VpcId" : { "Ref" : "Vpc" },
823
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
824
+ "CidrBlock" : { "Ref" : "AdministrationTierCidrAZ1" },
825
+ "Tags" : [
826
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-administration-az1" ] ] } }
827
+ ]
828
+ }
829
+ },
830
+
831
+ "AdministrationTierSubnetAZ2" : {
832
+ "Type" : "AWS::EC2::Subnet",
833
+ "Properties" : {
834
+ "VpcId" : { "Ref" : "Vpc" },
835
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
836
+ "CidrBlock" : { "Ref" : "AdministrationTierCidrAZ2" },
837
+ "Tags" : [
838
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-administration-az2" ] ] } }
839
+ ]
840
+ }
841
+ },
842
+
843
+ "AdministrationTierSubnetAZ3" : {
844
+ "Type" : "AWS::EC2::Subnet",
845
+ "Properties" : {
846
+ "VpcId" : { "Ref" : "Vpc" },
847
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
848
+ "CidrBlock" : { "Ref" : "AdministrationTierCidrAZ3" },
849
+ "Tags" : [
850
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-administration-az3" ] ] } }
851
+ ]
852
+ }
853
+ },
854
+
855
+ "AdministrationTierSubnetAZ1RouteTableAssociation" : {
856
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
857
+ "Properties" : {
858
+ "SubnetId" : { "Ref" : "AdministrationTierSubnetAZ1" },
859
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" }
860
+ }
861
+ },
862
+
863
+ "DatabaseTierSubnetAZ2RouteTableAssociation" : {
864
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
865
+ "Properties" : {
866
+ "SubnetId" : { "Ref" : "DatabaseTierSubnetAZ2" },
867
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" }
868
+ }
869
+ },
870
+
871
+ "AdministrationTierSubnetAZ3RouteTableAssociation" : {
872
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
873
+ "Properties" : {
874
+ "SubnetId" : { "Ref" : "AdministrationTierSubnetAZ3" },
875
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" }
876
+ }
877
+ },
878
+
879
+ "AdministrationTierSubnetAZ1NetworkAclAssociation" : {
880
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
881
+ "Properties" : {
882
+ "SubnetId" : { "Ref" : "AdministrationTierSubnetAZ1" },
883
+ "NetworkAclId" : { "Ref" : "AdministrationTierNetworkAcl" }
884
+ }
885
+ },
886
+
887
+ "AdministrationTierSubnetAZ2NetworkAclAssociation" : {
888
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
889
+ "Properties" : {
890
+ "SubnetId" : { "Ref" : "AdministrationTierSubnetAZ2" },
891
+ "NetworkAclId" : { "Ref" : "AdministrationTierNetworkAcl" }
892
+ }
893
+ },
894
+
895
+ "AdministrationTierSubnetAZ3NetworkAclAssociation" : {
896
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
897
+ "Properties" : {
898
+ "SubnetId" : { "Ref" : "AdministrationTierSubnetAZ3" },
899
+ "NetworkAclId" : { "Ref" : "AdministrationTierNetworkAcl" }
900
+ }
901
+ },
902
+
903
+ "NatEipAZ1": {
904
+ "Type" : "AWS::EC2::EIP",
905
+ "Properties" : {
906
+ "Domain": "vpc"
907
+ }
908
+ },
909
+
910
+ "NatEipAZ2": {
911
+ "Type" : "AWS::EC2::EIP",
912
+ "Properties" : {
913
+ "Domain": "vpc"
914
+ }
915
+ },
916
+
917
+ "NatEipAZ3": {
918
+ "Type" : "AWS::EC2::EIP",
919
+ "Properties" : {
920
+ "Domain": "vpc"
921
+ }
922
+ },
923
+
924
+ "NatGatewayAZ1": {
925
+ "Type" : "AWS::EC2::NatGateway",
926
+ "Properties" : {
927
+ "AllocationId" : { "Fn::GetAtt" : [ "NatEipAZ1", "AllocationId" ]},
928
+ "SubnetId": { "Ref": "PublicSubnetAZ1" }
929
+ }
930
+ },
931
+
932
+ "NatGatewayAZ2": {
933
+ "Type" : "AWS::EC2::NatGateway",
934
+ "Properties" : {
935
+ "AllocationId" : { "Fn::GetAtt" : [ "NatEipAZ2", "AllocationId" ]},
936
+ "SubnetId": { "Ref": "PublicSubnetAZ2" }
937
+ }
938
+ },
939
+
940
+ "NatGatewayAZ3": {
941
+ "Type" : "AWS::EC2::NatGateway",
942
+ "Properties" : {
943
+ "AllocationId" : { "Fn::GetAtt" : [ "NatEipAZ3", "AllocationId" ]},
944
+ "SubnetId": { "Ref": "PublicSubnetAZ3" }
945
+ }
946
+ },
947
+
948
+ "NatGatewayDefaultRouteAZ1" : {
949
+ "Type" : "AWS::EC2::Route",
950
+ "Properties" : {
951
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" },
952
+ "DestinationCidrBlock" : "0.0.0.0/0",
953
+ "NatGatewayId" : { "Ref" : "NatGatewayAZ1" }
954
+ }
955
+ },
956
+
957
+ "NatGatewayDefaultRouteAZ2" : {
958
+ "Type" : "AWS::EC2::Route",
959
+ "Properties" : {
960
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" },
961
+ "DestinationCidrBlock" : "0.0.0.0/0",
962
+ "NatGatewayId" : { "Ref" : "NatGatewayAZ2" }
963
+ }
964
+ },
965
+
966
+ "NatGatewayDefaultRouteAZ3" : {
967
+ "Type" : "AWS::EC2::Route",
968
+ "Properties" : {
969
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" },
970
+ "DestinationCidrBlock" : "0.0.0.0/0",
971
+ "NatGatewayId" : { "Ref" : "NatGatewayAZ3" }
972
+ }
973
+ },
974
+
975
+ "DefaultIngressSecurityGroup" : {
976
+ "Type" : "AWS::EC2::SecurityGroup",
977
+ "Properties" : {
978
+ "VpcId" : { "Ref" : "Vpc" },
979
+ "GroupDescription" : "Enable SSH and ping from office and between nodes in the VPC",
980
+ "SecurityGroupIngress": [
981
+ {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "RemoteAdminNetwork"}},
982
+ {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : { "Ref" : "RemoteAdminNetwork"}},
983
+ {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "VpcCidrNetwork"}},
984
+ {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : { "Ref" : "VpcCidrNetwork"}}
985
+ ],
986
+ "Tags" : [
987
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-default-ingress" ] ] } }
988
+ ]
989
+ }
990
+ },
991
+
992
+ "S3EndpointAZ1": {
993
+ "Type" : "AWS::EC2::VPCEndpoint",
994
+ "Properties" : {
995
+ "ServiceName": { "Fn::Join": [ "", [ "com.amazonaws.", { "Ref": "AWS::Region" }, ".s3" ] ] },
996
+ "VpcId": {"Ref": "Vpc"},
997
+ "RouteTableIds": [
998
+ {"Ref": "PublicRouteTable"},
999
+ {"Ref": "PrivateRouteTableAZ1"},
1000
+ {"Ref": "PrivateRouteTableAZ2"},
1001
+ {"Ref": "PrivateRouteTableAZ3"}
1002
+ ]
1003
+ }
1004
+ },
1005
+
1006
+ "DevOpsBucket": {
1007
+ "Type" : "AWS::S3::Bucket",
1008
+ "Properties" : {
1009
+ "AccessControl" : "BucketOwnerFullControl",
1010
+ "BucketName" : { "Ref": "DevOpsBucketName" }
1011
+ }
1012
+ },
1013
+
1014
+ "OpsWorksServiceRole": {
1015
+ "Type": "AWS::IAM::Role",
1016
+ "Properties": {
1017
+ "AssumeRolePolicyDocument": {
1018
+ "Statement": [{
1019
+ "Effect": "Allow",
1020
+ "Principal": {
1021
+ "Service": [ "opsworks.amazonaws.com" ]
1022
+ },
1023
+ "Action": [ "sts:AssumeRole" ]
1024
+ }]
1025
+ },
1026
+ "Path": "/",
1027
+ "Policies": [{
1028
+ "PolicyName": "opsworks-service",
1029
+ "PolicyDocument": {
1030
+ "Statement": [{
1031
+ "Effect": "Allow",
1032
+ "Action": [
1033
+ "ec2:*",
1034
+ "cloudwatch:GetMetricStatistics",
1035
+ "elasticloadbalancing:*",
1036
+ "rds:*",
1037
+ "iam:PassRole"
1038
+ ],
1039
+ "Resource": "*"
1040
+ }]
1041
+ }
1042
+ }]
1043
+ }
1044
+ }
1045
+
1046
+ },
1047
+
1048
+ "Outputs" : {
1049
+ }
1050
+ }