{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters" : {
"BastionHostKeyName" : {
"Type" : "String",
"Description" : "The name of the private key file to use for SSH/RDP access to the bastion host."
},
"BastionSecurityCIDR" : {
"Type" : "String",
"Description" : "The CIDR range to use to lock down security on the bastion host.",
"Default" : "0.0.0.0/0"
},
"BastionInstanceType" : {
"Type" : "String",
"Description" : "The size of the instance to use for the bastion host."
}
},
"Mappings" : {
"AmazonLinuxAMI": {
"us-east-1": {
"AMI": "ami-1ecae776"
},
"us-west-1": {
"AMI": "ami-d114f295"
},
"us-west-2": {
"AMI": "ami-e7527ed7"
},
"eu-west-1": {
"AMI": "ami-a10897d6"
},
"eu-central-1": {
"AMI": "ami-a8221fb5"
},
"sa-east-1": {
"AMI": "ami-b52890a8"
},
"ap-southeast-1": {
"AMI": "ami-68d8e93a"
},
"ap-southeast-2": {
"AMI": "ami-fd9cecc7"
},
"ap-northeast-1": {
"AMI": "ami-cbf90ecb"
}
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.1.0.0/16",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"Tags" : [{
"Key" : "Name",
"Value" : "Lab VPC"
}
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"DependsOn" : "VPC"
},
"AttachGateway" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"DependsOn" : ["VPC", "InternetGateway"],
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"InternetGatewayId" : {
"Ref" : "InternetGateway"
}
}
},
"PublicSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"CidrBlock" : "10.1.10.0/24",
"MapPublicIpOnLaunch" : "true",
"AvailabilityZone" : {
"Fn::Select" : [
"0", {
"Fn::GetAZs" : ""
}
]
},
"Tags" : [{
"Key" : "Name",
"Value" : "Public Subnet 1"
}
]
}
},
"PrivateSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"CidrBlock" : "10.1.50.0/24",
"AvailabilityZone" : {
"Fn::Select" : [
"0", {
"Fn::GetAZs" : ""
}
]
},
"Tags" : [{
"Key" : "Name",
"Value" : "Private Subnet 1"
}
]
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : ["VPC", "AttachGateway"],
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "Public"
}
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : ["PublicRouteTable", "AttachGateway"],
"Properties" : {
"RouteTableId" : {
"Ref" : "PublicRouteTable"
},
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : {
"Ref" : "InternetGateway"
}
}
},
"PublicSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn" : ["PublicRouteTable", "PublicSubnet1", "AttachGateway"],
"Properties" : {
"SubnetId" : {
"Ref" : "PublicSubnet1"
},
"RouteTableId" : {
"Ref" : "PublicRouteTable"
}
}
},
"PrivateRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "Private"
}
]
}
},
"PrivateSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn" : ["PublicRouteTable", "PrivateSubnet1", "AttachGateway"],
"Properties" : {
"SubnetId" : {
"Ref" : "PrivateSubnet1"
},
"RouteTableId" : {
"Ref" : "PrivateRouteTable"
}
}
},
"PrivateNetworkAcl" : {
"Type" : "AWS::EC2::NetworkAcl",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Network",
"Value" : "Private"
}
]
}
},
"NATInstance" : {
"Type" : "AWS::EC2::Instance",
"DependsOn" : ["AttachGateway", "PublicRoute", "PublicSubnet1"],
"Properties" : {
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
},
"InstanceType" : "t2.small",
"NetworkInterfaces" : [{
"DeviceIndex" : "0",
"AssociatePublicIpAddress" : "true",
"SubnetId" : {
"Ref" : "PublicSubnet1"
},
"GroupSet" : [{
"Ref" : "NATSecurityGroup"
}
]
}
],
"SourceDestCheck" : "false",
"Tags" : [{
"Key" : "Name",
"Value" : "NAT"
}
],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"\n",
[
"#!/bin/bash",
"yum -y update",
"echo 1 > /proc/sys/net/ipv4/ip_forward",
"echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects",
"/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE",
"/sbin/iptables-save > /etc/sysconfig/iptables",
"mkdir -p /etc/sysctl.d/",
"cat <<EOF > /etc/sysctl.d/nat.conf",
"net.ipv4.ip_forward = 1",
"net.ipv4.conf.eth0.send_redirects = 0",
"EOF \n"
]
]
}
}
}
},
"NATSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"DependsOn" : "AttachGateway",
"Properties" : {
"GroupDescription" : "Enable internal access to the NAT device",
"VpcId" : {
"Ref" : "VPC"
},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "1024",
"CidrIp" : "10.1.50.0/24"
}, {
"IpProtocol" : "udp",
"FromPort" : "0",
"ToPort" : "1024",
"CidrIp" : "10.1.50.0/24"
}
],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}, {
"IpProtocol" : "udp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}
]
}
},
"PrivateRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : ["NATInstance", "PrivateRouteTable"],
"Properties" : {
"RouteTableId" : {
"Ref" : "PrivateRouteTable"
},
"DestinationCidrBlock" : "0.0.0.0/0",
"InstanceId" : {
"Ref" : "NATInstance"
}
}
},
"BastionServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"DependsOn" : "AttachGateway",
"Properties" : {
"GroupDescription" : "Security Group for bastion server",
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "BastionServerSecurityGroup"
}, {
"Key" : "ResourceGroup",
"Value" : "CloudFormationResource"
}
],
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : {
"Ref" : "BastionSecurityCIDR"
}
}
]
}
},
"BastionServer" : {
"Type" : "AWS::EC2::Instance",
"DependsOn" : ["NATInstance"],
"Properties" : {
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
},
"InstanceType" : {
"Ref" : "BastionInstanceType"
},
"KeyName" : {
"Ref" : "BastionHostKeyName"
},
"NetworkInterfaces" : [{
"DeviceIndex" : "0",
"AssociatePublicIpAddress" : "true",
"SubnetId" : {
"Ref" : "PrivateSubnet1"
},
"GroupSet" : [{
"Ref" : "BastionServerSecurityGroup"
}
]
}
],
"Tags" : [{
"Key" : "Name",
"Value" : "BastionServer"
}
],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"",
[
"#!/bin/bash -ex \n",
"yum -y update \n"
]
]
}
}
}
}
}
}

  

AWS CloudFormation Template的更多相关文章

  1. Lab_7_Automating_v2.5

    System Operations - Lab 7: Automating Deployments with CloudFormation - 2.5 ======================== ...

  2. 【译】OpenStack Heat基础介绍

    原文:http://blog.scottlowe.org/2014/05/01/an-introduction-to-openstack-heat/ 本文将简要地介绍OpenStack Heat. H ...

  3. OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备)

    OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备) 一.操作前需了解:     1. OpenStack提供IaaS(基础设施即服务)服务,它是开源的云计 ...

  4. System Operations on AWS - Lab 7 - CloudFormation

    CloudFormation模板:创建一个VPC(包含Public子网,Private子网,分别在不同的AZ),创建NAT,Bastion Server在Public子网. 1. 修改并运行AWS C ...

  5. DevOps on AWS之Cloudformation实践篇

    cloudformation入门实践 AWS cloudformation通过模板对AWS云资源进行编排和调用.并且可以通过模板代码层面的修改就可以对现有环境进行升级改造,云端业务的灵活便捷特点展现无 ...

  6. DevOps on AWS之Cloudformation概念介绍篇

    Cloudformation的相关概念 AWS cloudformation是一项典型的(IAC)基础架构即代码服务..通过编写模板对亚马逊云服务的资源进行调用和编排.借助cloudformation ...

  7. 亚马逊云服务之CloudFormation

    亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即服务. PaaS: Platform as a ...

  8. CloudFormation

    亚马逊云服务之CloudFormation   亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即 ...

  9. OpenStack-Heat中的AWS::WaitCondition的使用

    在heat中.一个instance的创建成功信号是在这个instance状态成为active之后发出的,这时候user-data可能还没有运行.可是heat已经觉得这个resource创建成功了,開始 ...

随机推荐

  1. ios--个人资料修改

    点击进行编辑  (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *) ...

  2. 20145210 20145226 《信息安全系统设计基础》实验五 简单嵌入式WEB服务器实验

    20145210 20145226 <信息安全系统设计基础>实验五 简单嵌入式WEB服务器实验 结对伙伴:20145226 夏艺华 实验报告封面 实验目的与要求 · 掌握在ARM开发板实现 ...

  3. java.lang.NoClassDefFoundError: com/fasterxml/jackson/core/JsonProcessingException

    我从0手动搭建框架,启动tomcat,遇到这个错:java.lang.NoClassDefFoundError: com/fasterxml/jackson/core/JsonProcessingEx ...

  4. 阿里云服务器远程mysql连不上

    使用grant all privilege命令添加了远程访问账号,可是还是怎么都连不上,查了好多才知道,原来在linux下,需要开启允许对外访问的网络端口才行. 使用以下步骤即可开启3306端口: / ...

  5. 第三个Sprint总结

    工作进展:项目基本已经完成 工作状况:                                      

  6. G - 非常可乐

    Time Limit:1000MS     Memory Limit:32768KB     64bit IO Format:%I64d & %I64u Submit Status Pract ...

  7. 《The Evolution of Lua》读书笔记 1

    lua的优点: 可移植性 容易嵌入 体积小 高效率 这些优点都来自于lua的设计目标:简洁.从Scheme获得了很多灵感,包括匿名函数,合理的语义域概念   lua前身: 巴西被禁运,引入计算机软件和 ...

  8. Neo4j 查询已经创建的索引与约束

    在Neo4j 2.0之后为cypher语法增加了一些类似于DDL的语法,能够自己创建索引,约束等等. 有如下的方法可以查询到当前图数据库的索引数量: neo4j-shell 使用:index –ind ...

  9. “添加到收藏夹”功能(share)

    以下分享自: 如何给网站增加“添加到收藏夹” 给网站添加“添加到收藏夹”理论上应该是很简单的事情,但是受到各种浏览器和操作系统的不一致的问题,使得这个问题异常的繁琐啊. 下面是梳理的一些资料,仅供参考 ...

  10. php 获取静态方法调用的类名

    方法一: class foo { static public function test() { var_dump(get_called_class()); } } class bar extends ...