stackit 0.1.7 → 0.1.9

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/lib/stackit/cli/stack_cli.rb +2 -0
  3. data/lib/stackit/stack/managed_stack.rb +11 -10
  4. data/lib/stackit/version.rb +1 -1
  5. data/templates/vpc-tiered.json +1050 -0
  6. data/templates/vpc-tiered.parameters +90 -0
  7. data/templates/vpc.json +614 -0
  8. data/templates/vpc.parameters +54 -0
  9. data/templates/vpn.json +258 -0
  10. data/templates/vpn.parameters +70 -0
  11. metadata +8 -2
data/templates/vpc-tiered.parameters ADDED
@@ -0,0 +1,90 @@
1
+ [
2
+ {
3
+ "ParameterKey": "VpcName",
4
+ "ParameterValue": "StackIT"
5
+ },
6
+ {
7
+ "ParameterKey": "RemoteAdminNetwork",
8
+ "ParameterValue": "127.0.0.1/32"
9
+ },
10
+ {
11
+ "ParameterKey": "VpcCidrNetwork",
12
+ "ParameterValue": "172.16.0.0/16"
13
+ },
14
+ {
15
+ "ParameterKey": "PublicCidrAZ1",
16
+ "ParameterValue": "172.16.110.0/24"
17
+ },
18
+ {
19
+ "ParameterKey": "PublicCidrAZ2",
20
+ "ParameterValue": "172.16.120.0/24"
21
+ },
22
+ {
23
+ "ParameterKey": "PublicCidrAZ3",
24
+ "ParameterValue": "172.16.130.0/24"
25
+ },
26
+ {
27
+ "ParameterKey": "WebTierCidrAZ1",
28
+ "ParameterValue": "172.16.111.0/24"
29
+ },
30
+ {
31
+ "ParameterKey": "WebTierCidrAZ2",
32
+ "ParameterValue": "172.16.121.0/24"
33
+ },
34
+ {
35
+ "ParameterKey": "WebTierCidrAZ3",
36
+ "ParameterValue": "172.16.131.0/24"
37
+ },
38
+ {
39
+ "ParameterKey": "AppTierCidrAZ1",
40
+ "ParameterValue": "172.16.112.0/24"
41
+ },
42
+ {
43
+ "ParameterKey": "AppTierCidrAZ2",
44
+ "ParameterValue": "172.16.122.0/24"
45
+ },
46
+ {
47
+ "ParameterKey": "AppTierCidrAZ3",
48
+ "ParameterValue": "172.16.132.0/24"
49
+ },
50
+ {
51
+ "ParameterKey": "DatabaseTierCidrAZ1",
52
+ "ParameterValue": "172.16.113.0/24"
53
+ },
54
+ {
55
+ "ParameterKey": "DatabaseTierCidrAZ2",
56
+ "ParameterValue": "172.16.123.0/24"
57
+ },
58
+ {
59
+ "ParameterKey": "DatabaseTierCidrAZ3",
60
+ "ParameterValue": "172.16.133.0/24"
61
+ },
62
+ {
63
+ "ParameterKey": "AdministrationTierCidrAZ1",
64
+ "ParameterValue": "172.16.114.0/24"
65
+ },
66
+ {
67
+ "ParameterKey": "AdministrationTierCidrAZ2",
68
+ "ParameterValue": "172.16.124.0/24"
69
+ },
70
+ {
71
+ "ParameterKey": "AdministrationTierCidrAZ3",
72
+ "ParameterValue": "172.16.134.0/24"
73
+ },
74
+ {
75
+ "ParameterKey": "VpcAvailabilityZone1",
76
+ "ParameterValue": "us-east-1a"
77
+ },
78
+ {
79
+ "ParameterKey": "VpcAvailabilityZone2",
80
+ "ParameterValue": "us-east-1c"
81
+ },
82
+ {
83
+ "ParameterKey": "VpcAvailabilityZone3",
84
+ "ParameterValue": "us-east-1e"
85
+ },
86
+ {
87
+ "ParameterKey": "DevOpsBucketName",
88
+ "ParameterValue": "devops-automation"
89
+ }
90
+ ]
data/templates/vpc.json ADDED
@@ -0,0 +1,614 @@
1
+ {
2
+ "AWSTemplateFormatVersion" : "2010-09-09",
3
+
4
+ "Description" : "StackIT VPC",
5
+
6
+ "Parameters" : {
7
+
8
+ "VpcName": {
9
+ "Description" : "The friendly name to assign to the VPC",
10
+ "Type": "String",
11
+ "MinLength": "1",
12
+ "MaxLength": "255",
13
+ "AllowedPattern" : "[-_ a-zA-Z0-9]*",
14
+ "ConstraintDescription" : "can contain only ASCII characters."
15
+ },
16
+
17
+ "RemoteAdminNetwork" : {
18
+ "Description" : "The WAN IP address range of the office",
19
+ "Type": "String",
20
+ "MinLength": "9",
21
+ "MaxLength": "18",
22
+ "Default": "127.0.0.1/32",
23
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
24
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
25
+ },
26
+
27
+ "VpcCidrNetwork" : {
28
+ "Description" : "The VPC network allocation",
29
+ "Type": "String",
30
+ "MinLength": "9",
31
+ "MaxLength": "18",
32
+ "Default": "172.16.0.0/16",
33
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
34
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
35
+ },
36
+
37
+ "PublicCidrAZ1" : {
38
+ "Description" : "The public subnet network in availability zone 1",
39
+ "Type": "String",
40
+ "MinLength": "9",
41
+ "MaxLength": "18",
42
+ "Default": "172.16.110.0/24",
43
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
44
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
45
+ },
46
+
47
+ "PublicCidrAZ2" : {
48
+ "Description" : "The public subnet network in availability zone 2",
49
+ "Type": "String",
50
+ "MinLength": "9",
51
+ "MaxLength": "18",
52
+ "Default": "172.16.120.0/24",
53
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
54
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
55
+ },
56
+
57
+ "PublicCidrAZ3" : {
58
+ "Description" : "The public subnet network in availability zone 3",
59
+ "Type": "String",
60
+ "MinLength": "9",
61
+ "MaxLength": "18",
62
+ "Default": "172.16.130.0/24",
63
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
64
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
65
+ },
66
+
67
+ "PrivateCidrAZ1" : {
68
+ "Description" : "The private network in availability zone 1",
69
+ "Type": "String",
70
+ "MinLength": "9",
71
+ "MaxLength": "18",
72
+ "Default": "172.16.111.0/24",
73
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
74
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
75
+ },
76
+
77
+ "PrivateCidrAZ2" : {
78
+ "Description" : "The private network in availability zone 2",
79
+ "Type": "String",
80
+ "MinLength": "9",
81
+ "MaxLength": "18",
82
+ "Default": "172.16.121.0/24",
83
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
84
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
85
+ },
86
+
87
+ "PrivateCidrAZ3" : {
88
+ "Description" : "The private network in availability zone 3",
89
+ "Type": "String",
90
+ "MinLength": "9",
91
+ "MaxLength": "18",
92
+ "Default": "172.16.131.0/24",
93
+ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
94
+ "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
95
+ },
96
+
97
+ "VpcAvailabilityZone1" : {
98
+ "Description" : "Availability zone 1",
99
+ "Type": "String",
100
+ "MinLength": "10",
101
+ "Default": "us-east-1a"
102
+ },
103
+
104
+ "VpcAvailabilityZone2" : {
105
+ "Description" : "Availability zone 2",
106
+ "Type": "String",
107
+ "MinLength": "10",
108
+ "Default": "us-east-1c"
109
+ },
110
+
111
+ "VpcAvailabilityZone3" : {
112
+ "Description" : "Availability zone 3",
113
+ "Type": "String",
114
+ "MinLength": "10",
115
+ "Default": "us-east-1d"
116
+ },
117
+
118
+ "DevOpsBucketName": {
119
+ "Type": "String",
120
+ "MinLength": "1",
121
+ "MaxLength": "255",
122
+ "Description": "Bucket name where devops automation artifacts are stored",
123
+ "Default": "devops-automation"
124
+ }
125
+
126
+ },
127
+
128
+ "Resources" : {
129
+
130
+ "Vpc" : {
131
+ "Type" : "AWS::EC2::VPC",
132
+ "Properties" : {
133
+ "EnableDnsSupport" : "true",
134
+ "EnableDnsHostnames": "true",
135
+ "CidrBlock" : { "Ref" : "VpcCidrNetwork" },
136
+ "Tags" : [
137
+ { "Key" : "Name", "Value" : { "Ref" : "VpcName" } }
138
+ ]
139
+ }
140
+ },
141
+
142
+ "InternetGateway" : {
143
+ "Type" : "AWS::EC2::InternetGateway",
144
+ "Properties" : {
145
+ "Tags" : [
146
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-igw" ] ] } },
147
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }
148
+ ]
149
+ }
150
+ },
151
+
152
+ "AttachGateway" : {
153
+ "Type" : "AWS::EC2::VPCGatewayAttachment",
154
+ "Properties" : {
155
+ "VpcId" : { "Ref" : "Vpc" },
156
+ "InternetGatewayId" : { "Ref" : "InternetGateway" }
157
+ }
158
+ },
159
+
160
+ "PublicRouteTable" : {
161
+ "Type" : "AWS::EC2::RouteTable",
162
+ "Properties" : {
163
+ "VpcId" : {"Ref" : "Vpc"},
164
+ "Tags" : [
165
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public" ] ] } },
166
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }
167
+ ]
168
+ }
169
+ },
170
+
171
+ "DefaultPublicRoute" : {
172
+ "Type" : "AWS::EC2::Route",
173
+ "DependsOn" : "AttachGateway",
174
+ "Properties" : {
175
+ "RouteTableId" : { "Ref" : "PublicRouteTable" },
176
+ "DestinationCidrBlock" : "0.0.0.0/0",
177
+ "GatewayId" : { "Ref" : "InternetGateway" }
178
+ }
179
+ },
180
+
181
+ "PrivateRouteTableAZ1" : {
182
+ "Type" : "AWS::EC2::RouteTable",
183
+ "Properties" : {
184
+ "VpcId" : {"Ref" : "Vpc"},
185
+ "Tags" : [
186
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az1" ] ] } }
187
+ ]
188
+ }
189
+ },
190
+
191
+ "PrivateRouteTableAZ2" : {
192
+ "Type" : "AWS::EC2::RouteTable",
193
+ "Properties" : {
194
+ "VpcId" : {"Ref" : "Vpc"},
195
+ "Tags" : [
196
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az2" ] ] } }
197
+ ]
198
+ }
199
+ },
200
+
201
+ "PrivateRouteTableAZ3" : {
202
+ "Type" : "AWS::EC2::RouteTable",
203
+ "Properties" : {
204
+ "VpcId" : {"Ref" : "Vpc"},
205
+ "Tags" : [
206
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az3" ] ] } }
207
+ ]
208
+ }
209
+ },
210
+
211
+ "PrivateNetworkAcl" : {
212
+ "Type" : "AWS::EC2::NetworkAcl",
213
+ "Properties" : {
214
+ "VpcId" : {"Ref" : "Vpc"},
215
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private" ] ] } }]
216
+ }
217
+ },
218
+
219
+ "InboundAllTrafficPrivateNetworkAclEntry" : {
220
+ "Type" : "AWS::EC2::NetworkAclEntry",
221
+ "Properties" : {
222
+ "NetworkAclId" : {"Ref" : "PrivateNetworkAcl"},
223
+ "RuleNumber" : "1000",
224
+ "Protocol" : "-1",
225
+ "RuleAction" : "allow",
226
+ "Egress" : "false",
227
+ "CidrBlock" : "0.0.0.0/0",
228
+ "PortRange" : {"From" : "0", "To" : "65535"}
229
+ }
230
+ },
231
+
232
+ "OutboundAllTrafficPrivateNetworkAclEntry" : {
233
+ "Type" : "AWS::EC2::NetworkAclEntry",
234
+ "Properties" : {
235
+ "NetworkAclId" : {"Ref" : "PrivateNetworkAcl"},
236
+ "RuleNumber" : "1000",
237
+ "Protocol" : "-1",
238
+ "RuleAction" : "allow",
239
+ "Egress" : "true",
240
+ "CidrBlock" : "0.0.0.0/0",
241
+ "PortRange" : {"From" : "0", "To" : "65535"}
242
+ }
243
+ },
244
+
245
+ "PublicNetworkAcl" : {
246
+ "Type" : "AWS::EC2::NetworkAcl",
247
+ "Properties" : {
248
+ "VpcId" : {"Ref" : "Vpc"},
249
+ "Tags" : [{ "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public" ] ] } } ]
250
+ }
251
+ },
252
+
253
+ "InboundIcmpPublicNetworkAclEntry" : {
254
+ "Type" : "AWS::EC2::NetworkAclEntry",
255
+ "Properties" : {
256
+ "NetworkAclId" : {"Ref" : "PublicNetworkAcl"},
257
+ "RuleNumber" : "1",
258
+ "Protocol" : "1",
259
+ "RuleAction" : "allow",
260
+ "Egress" : "false",
261
+ "CidrBlock" : "0.0.0.0/0",
262
+ "Icmp" : { "Code" : "-1", "Type" : "-1" },
263
+ "PortRange" : {"From" : "0", "To" : "65535"}
264
+ }
265
+ },
266
+
267
+ "InboundAllTrafficPublicNetworkAclEntry" : {
268
+ "Type" : "AWS::EC2::NetworkAclEntry",
269
+ "Properties" : {
270
+ "NetworkAclId" : {"Ref" : "PublicNetworkAcl"},
271
+ "RuleNumber" : "1000",
272
+ "Protocol" : "-1",
273
+ "RuleAction" : "allow",
274
+ "Egress" : "false",
275
+ "CidrBlock" : "0.0.0.0/0",
276
+ "PortRange" : {"From" : "0", "To" : "65535"}
277
+ }
278
+ },
279
+
280
+ "OutboundAllTrafficPublicNetworkAclEntry" : {
281
+ "Type" : "AWS::EC2::NetworkAclEntry",
282
+ "Properties" : {
283
+ "NetworkAclId" : {"Ref" : "PublicNetworkAcl"},
284
+ "RuleNumber" : "1000",
285
+ "Protocol" : "-1",
286
+ "RuleAction" : "allow",
287
+ "Egress" : "true",
288
+ "CidrBlock" : "0.0.0.0/0",
289
+ "PortRange" : {"From" : "0", "To" : "65535"}
290
+ }
291
+ },
292
+
293
+ "PublicSubnetAZ1" : {
294
+ "Type" : "AWS::EC2::Subnet",
295
+ "Properties" : {
296
+ "VpcId" : { "Ref" : "Vpc" },
297
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
298
+ "CidrBlock" : { "Ref" : "PublicCidrAZ1" },
299
+ "Tags" : [
300
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-az1" ] ] } },
301
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }
302
+ ]
303
+ }
304
+ },
305
+
306
+ "PublicSubnetAZ2" : {
307
+ "Type" : "AWS::EC2::Subnet",
308
+ "Properties" : {
309
+ "VpcId" : { "Ref" : "Vpc" },
310
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
311
+ "CidrBlock" : { "Ref" : "PublicCidrAZ2" },
312
+ "Tags" : [
313
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-az2" ] ] } },
314
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }
315
+ ]
316
+ }
317
+ },
318
+
319
+ "PublicSubnetAZ3" : {
320
+ "Type" : "AWS::EC2::Subnet",
321
+ "Properties" : {
322
+ "VpcId" : { "Ref" : "Vpc" },
323
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
324
+ "CidrBlock" : { "Ref" : "PublicCidrAZ3" },
325
+ "Tags" : [
326
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-public-az3" ] ] } },
327
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId" } }
328
+ ]
329
+ }
330
+ },
331
+
332
+ "PublicSubnetAZ1RouteTableAssociation" : {
333
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
334
+ "Properties" : {
335
+ "SubnetId" : { "Ref" : "PublicSubnetAZ1" },
336
+ "RouteTableId" : { "Ref" : "PublicRouteTable" }
337
+ }
338
+ },
339
+
340
+ "PublicSubnetAZ2RouteTableAssociation" : {
341
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
342
+ "Properties" : {
343
+ "SubnetId" : { "Ref" : "PublicSubnetAZ2" },
344
+ "RouteTableId" : { "Ref" : "PublicRouteTable" }
345
+ }
346
+ },
347
+
348
+ "PublicSubnetAZ3RouteTableAssociation" : {
349
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
350
+ "Properties" : {
351
+ "SubnetId" : { "Ref" : "PublicSubnetAZ3" },
352
+ "RouteTableId" : { "Ref" : "PublicRouteTable" }
353
+ }
354
+ },
355
+
356
+ "PublicSubnetAZ1NetworkAclAssociation" : {
357
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
358
+ "Properties" : {
359
+ "SubnetId" : { "Ref" : "PublicSubnetAZ1" },
360
+ "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
361
+ }
362
+ },
363
+
364
+ "PublicSubnetAZ2NetworkAclAssociation" : {
365
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
366
+ "Properties" : {
367
+ "SubnetId" : { "Ref" : "PublicSubnetAZ2" },
368
+ "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
369
+ }
370
+ },
371
+
372
+ "PublicSubnetAZ3NetworkAclAssociation" : {
373
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
374
+ "Properties" : {
375
+ "SubnetId" : { "Ref" : "PublicSubnetAZ3" },
376
+ "NetworkAclId" : { "Ref" : "PublicNetworkAcl" }
377
+ }
378
+ },
379
+
380
+ "PrivateSubnetAZ1" : {
381
+ "Type" : "AWS::EC2::Subnet",
382
+ "Properties" : {
383
+ "VpcId" : { "Ref" : "Vpc" },
384
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone1" },
385
+ "CidrBlock" : { "Ref" : "PrivateCidrAZ1" },
386
+ "Tags" : [
387
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az1" ] ] } },
388
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }
389
+ ]
390
+ }
391
+ },
392
+
393
+ "PrivateSubnetAZ2" : {
394
+ "Type" : "AWS::EC2::Subnet",
395
+ "Properties" : {
396
+ "VpcId" : { "Ref" : "Vpc" },
397
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone2" },
398
+ "CidrBlock" : { "Ref" : "PrivateCidrAZ2" },
399
+ "Tags" : [
400
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az2" ] ] } },
401
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }
402
+ ]
403
+ }
404
+ },
405
+
406
+ "PrivateSubnetAZ3" : {
407
+ "Type" : "AWS::EC2::Subnet",
408
+ "Properties" : {
409
+ "VpcId" : { "Ref" : "Vpc" },
410
+ "AvailabilityZone" : { "Ref" : "VpcAvailabilityZone3" },
411
+ "CidrBlock" : { "Ref" : "PrivateCidrAZ3" },
412
+ "Tags" : [
413
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-private-az3" ] ] } },
414
+ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} }
415
+ ]
416
+ }
417
+ },
418
+
419
+ "PrivateSubnetAZ1RouteTableAssociation" : {
420
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
421
+ "Properties" : {
422
+ "SubnetId" : { "Ref" : "PrivateSubnetAZ1" },
423
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" }
424
+ }
425
+ },
426
+
427
+ "PrivateSubnetAZ2RouteTableAssociation" : {
428
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
429
+ "Properties" : {
430
+ "SubnetId" : { "Ref" : "PrivateSubnetAZ2" },
431
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" }
432
+ }
433
+ },
434
+
435
+ "PrivateSubnetAZ3RouteTableAssociation" : {
436
+ "Type" : "AWS::EC2::SubnetRouteTableAssociation",
437
+ "Properties" : {
438
+ "SubnetId" : { "Ref" : "PrivateSubnetAZ3" },
439
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" }
440
+ }
441
+ },
442
+
443
+ "PrivateSubnetAZ1NetworkAclAssociation" : {
444
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
445
+ "Properties" : {
446
+ "SubnetId" : { "Ref" : "PrivateSubnetAZ1" },
447
+ "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" }
448
+ }
449
+ },
450
+
451
+ "PrivateSubnetAZ2NetworkAclAssociation" : {
452
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
453
+ "Properties" : {
454
+ "SubnetId" : { "Ref" : "PrivateSubnetAZ2" },
455
+ "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" }
456
+ }
457
+ },
458
+
459
+ "PrivateSubnetAZ3NetworkAclAssociation" : {
460
+ "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
461
+ "Properties" : {
462
+ "SubnetId" : { "Ref" : "PrivateSubnetAZ3" },
463
+ "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" }
464
+ }
465
+ },
466
+
467
+ "NatEipAZ1": {
468
+ "Type" : "AWS::EC2::EIP",
469
+ "Properties" : {
470
+ "Domain": "vpc"
471
+ }
472
+ },
473
+
474
+ "NatEipAZ2": {
475
+ "Type" : "AWS::EC2::EIP",
476
+ "Properties" : {
477
+ "Domain": "vpc"
478
+ }
479
+ },
480
+
481
+ "NatEipAZ3": {
482
+ "Type" : "AWS::EC2::EIP",
483
+ "Properties" : {
484
+ "Domain": "vpc"
485
+ }
486
+ },
487
+
488
+ "NatGatewayAZ1": {
489
+ "Type" : "AWS::EC2::NatGateway",
490
+ "Properties" : {
491
+ "AllocationId" : { "Fn::GetAtt" : [ "NatEipAZ1", "AllocationId" ]},
492
+ "SubnetId": { "Ref": "PublicSubnetAZ1" }
493
+ }
494
+ },
495
+
496
+ "NatGatewayAZ2": {
497
+ "Type" : "AWS::EC2::NatGateway",
498
+ "Properties" : {
499
+ "AllocationId" : { "Fn::GetAtt" : [ "NatEipAZ2", "AllocationId" ]},
500
+ "SubnetId": { "Ref": "PublicSubnetAZ2" }
501
+ }
502
+ },
503
+
504
+ "NatGatewayAZ3": {
505
+ "Type" : "AWS::EC2::NatGateway",
506
+ "Properties" : {
507
+ "AllocationId" : { "Fn::GetAtt" : [ "NatEipAZ3", "AllocationId" ]},
508
+ "SubnetId": { "Ref": "PublicSubnetAZ3" }
509
+ }
510
+ },
511
+
512
+ "NatGatewayDefaultRouteAZ1" : {
513
+ "Type" : "AWS::EC2::Route",
514
+ "Properties" : {
515
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ1" },
516
+ "DestinationCidrBlock" : "0.0.0.0/0",
517
+ "NatGatewayId" : { "Ref" : "NatGatewayAZ1" }
518
+ }
519
+ },
520
+
521
+ "NatGatewayDefaultRouteAZ2" : {
522
+ "Type" : "AWS::EC2::Route",
523
+ "Properties" : {
524
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ2" },
525
+ "DestinationCidrBlock" : "0.0.0.0/0",
526
+ "NatGatewayId" : { "Ref" : "NatGatewayAZ2" }
527
+ }
528
+ },
529
+
530
+ "NatGatewayDefaultRouteAZ3" : {
531
+ "Type" : "AWS::EC2::Route",
532
+ "Properties" : {
533
+ "RouteTableId" : { "Ref" : "PrivateRouteTableAZ3" },
534
+ "DestinationCidrBlock" : "0.0.0.0/0",
535
+ "NatGatewayId" : { "Ref" : "NatGatewayAZ3" }
536
+ }
537
+ },
538
+
539
+ "DefaultIngressSecurityGroup" : {
540
+ "Type" : "AWS::EC2::SecurityGroup",
541
+ "Properties" : {
542
+ "VpcId" : { "Ref" : "Vpc" },
543
+ "GroupDescription" : "Enable SSH and ping from office and between nodes in the VPC",
544
+ "SecurityGroupIngress": [
545
+ {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "RemoteAdminNetwork"}},
546
+ {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : { "Ref" : "RemoteAdminNetwork"}},
547
+ {"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "VpcCidrNetwork"}},
548
+ {"IpProtocol" : "icmp", "FromPort" : "-1", "ToPort" : "-1", "CidrIp" : { "Ref" : "VpcCidrNetwork"}}
549
+ ],
550
+ "Tags" : [
551
+ { "Key" : "Name", "Value" : { "Fn::Join": [ "", [ {"Ref": "VpcName"}, "-default-ingress" ] ] } }
552
+ ]
553
+ }
554
+ },
555
+
556
+ "S3EndpointAZ1": {
557
+ "Type" : "AWS::EC2::VPCEndpoint",
558
+ "Properties" : {
559
+ "ServiceName": { "Fn::Join": [ "", [ "com.amazonaws.", { "Ref": "AWS::Region" }, ".s3" ] ] },
560
+ "VpcId": {"Ref": "Vpc"},
561
+ "RouteTableIds": [
562
+ {"Ref": "PublicRouteTable"},
563
+ {"Ref": "PrivateRouteTableAZ1"},
564
+ {"Ref": "PrivateRouteTableAZ2"},
565
+ {"Ref": "PrivateRouteTableAZ3"}
566
+ ]
567
+ }
568
+ },
569
+
570
+ "DevOpsBucket": {
571
+ "Type" : "AWS::S3::Bucket",
572
+ "Properties" : {
573
+ "AccessControl" : "BucketOwnerFullControl",
574
+ "BucketName" : { "Ref": "DevOpsBucketName" }
575
+ }
576
+ },
577
+
578
+ "OpsWorksServiceRole": {
579
+ "Type": "AWS::IAM::Role",
580
+ "Properties": {
581
+ "AssumeRolePolicyDocument": {
582
+ "Statement": [{
583
+ "Effect": "Allow",
584
+ "Principal": {
585
+ "Service": [ "opsworks.amazonaws.com" ]
586
+ },
587
+ "Action": [ "sts:AssumeRole" ]
588
+ }]
589
+ },
590
+ "Path": "/",
591
+ "Policies": [{
592
+ "PolicyName": "opsworks-service",
593
+ "PolicyDocument": {
594
+ "Statement": [{
595
+ "Effect": "Allow",
596
+ "Action": [
597
+ "ec2:*",
598
+ "cloudwatch:GetMetricStatistics",
599
+ "elasticloadbalancing:*",
600
+ "rds:*",
601
+ "iam:PassRole"
602
+ ],
603
+ "Resource": "*"
604
+ }]
605
+ }
606
+ }]
607
+ }
608
+ }
609
+
610
+ },
611
+
612
+ "Outputs" : {
613
+ }
614
+ }