{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters" : {
"BastionHostKeyName" : {
"Type" : "String",
"Description" : "The name of the private key file to use for SSH/RDP access to the bastion host."
},
"BastionSecurityCIDR" : {
"Type" : "String",
"Description" : "The CIDR range to use to lock down security on the bastion host.",
"Default" : "0.0.0.0/0"
},
"BastionInstanceType" : {
"Type" : "String",
"Description" : "The size of the instance to use for the bastion host."
}
},
"Mappings" : {
"AmazonLinuxAMI": {
"us-east-1": {
"AMI": "ami-1ecae776"
},
"us-west-1": {
"AMI": "ami-d114f295"
},
"us-west-2": {
"AMI": "ami-e7527ed7"
},
"eu-west-1": {
"AMI": "ami-a10897d6"
},
"eu-central-1": {
"AMI": "ami-a8221fb5"
},
"sa-east-1": {
"AMI": "ami-b52890a8"
},
"ap-southeast-1": {
"AMI": "ami-68d8e93a"
},
"ap-southeast-2": {
"AMI": "ami-fd9cecc7"
},
"ap-northeast-1": {
"AMI": "ami-cbf90ecb"
}
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.1.0.0/16",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"Tags" : [{
"Key" : "Name",
"Value" : "Lab VPC"
}
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"DependsOn" : "VPC"
},
"AttachGateway" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"DependsOn" : ["VPC", "InternetGateway"],
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"InternetGatewayId" : {
"Ref" : "InternetGateway"
}
}
},
"PublicSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"CidrBlock" : "10.1.10.0/24",
"MapPublicIpOnLaunch" : "true",
"AvailabilityZone" : {
"Fn::Select" : [
"0", {
"Fn::GetAZs" : ""
}
]
},
"Tags" : [{
"Key" : "Name",
"Value" : "Public Subnet 1"
}
]
}
},
"PrivateSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"CidrBlock" : "10.1.50.0/24",
"AvailabilityZone" : {
"Fn::Select" : [
"0", {
"Fn::GetAZs" : ""
}
]
},
"Tags" : [{
"Key" : "Name",
"Value" : "Private Subnet 1"
}
]
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : ["VPC", "AttachGateway"],
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "Public"
}
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : ["PublicRouteTable", "AttachGateway"],
"Properties" : {
"RouteTableId" : {
"Ref" : "PublicRouteTable"
},
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : {
"Ref" : "InternetGateway"
}
}
},
"PublicSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn" : ["PublicRouteTable", "PublicSubnet1", "AttachGateway"],
"Properties" : {
"SubnetId" : {
"Ref" : "PublicSubnet1"
},
"RouteTableId" : {
"Ref" : "PublicRouteTable"
}
}
},
"PrivateRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "Private"
}
]
}
},
"PrivateSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn" : ["PublicRouteTable", "PrivateSubnet1", "AttachGateway"],
"Properties" : {
"SubnetId" : {
"Ref" : "PrivateSubnet1"
},
"RouteTableId" : {
"Ref" : "PrivateRouteTable"
}
}
},
"PrivateNetworkAcl" : {
"Type" : "AWS::EC2::NetworkAcl",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Network",
"Value" : "Private"
}
]
}
},
"NATInstance" : {
"Type" : "AWS::EC2::Instance",
"DependsOn" : ["AttachGateway", "PublicRoute", "PublicSubnet1"],
"Properties" : {
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
},
"InstanceType" : "t2.small",
"NetworkInterfaces" : [{
"DeviceIndex" : "0",
"AssociatePublicIpAddress" : "true",
"SubnetId" : {
"Ref" : "PublicSubnet1"
},
"GroupSet" : [{
"Ref" : "NATSecurityGroup"
}
]
}
],
"SourceDestCheck" : "false",
"Tags" : [{
"Key" : "Name",
"Value" : "NAT"
}
],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"\n",
[
"#!/bin/bash",
"yum -y update",
"echo 1 > /proc/sys/net/ipv4/ip_forward",
"echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects",
"/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE",
"/sbin/iptables-save > /etc/sysconfig/iptables",
"mkdir -p /etc/sysctl.d/",
"cat <<EOF > /etc/sysctl.d/nat.conf",
"net.ipv4.ip_forward = 1",
"net.ipv4.conf.eth0.send_redirects = 0",
"EOF \n"
]
]
}
}
}
},
"NATSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"DependsOn" : "AttachGateway",
"Properties" : {
"GroupDescription" : "Enable internal access to the NAT device",
"VpcId" : {
"Ref" : "VPC"
},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "1024",
"CidrIp" : "10.1.50.0/24"
}, {
"IpProtocol" : "udp",
"FromPort" : "0",
"ToPort" : "1024",
"CidrIp" : "10.1.50.0/24"
}
],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}, {
"IpProtocol" : "udp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}
]
}
},
"PrivateRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : ["NATInstance", "PrivateRouteTable"],
"Properties" : {
"RouteTableId" : {
"Ref" : "PrivateRouteTable"
},
"DestinationCidrBlock" : "0.0.0.0/0",
"InstanceId" : {
"Ref" : "NATInstance"
}
}
},
"BastionServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"DependsOn" : "AttachGateway",
"Properties" : {
"GroupDescription" : "Security Group for bastion server",
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "BastionServerSecurityGroup"
}, {
"Key" : "ResourceGroup",
"Value" : "CloudFormationResource"
}
],
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : {
"Ref" : "BastionSecurityCIDR"
}
}
]
}
},
"BastionServer" : {
"Type" : "AWS::EC2::Instance",
"DependsOn" : ["NATInstance"],
"Properties" : {
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
},
"InstanceType" : {
"Ref" : "BastionInstanceType"
},
"KeyName" : {
"Ref" : "BastionHostKeyName"
},
"NetworkInterfaces" : [{
"DeviceIndex" : "0",
"AssociatePublicIpAddress" : "true",
"SubnetId" : {
"Ref" : "PrivateSubnet1"
},
"GroupSet" : [{
"Ref" : "BastionServerSecurityGroup"
}
]
}
],
"Tags" : [{
"Key" : "Name",
"Value" : "BastionServer"
}
],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"",
[
"#!/bin/bash -ex \n",
"yum -y update \n"
]
]
}
}
}
}
}
}

  

AWS CloudFormation Template的更多相关文章

  1. Lab_7_Automating_v2.5

    System Operations - Lab 7: Automating Deployments with CloudFormation - 2.5 ======================== ...

  2. 【译】OpenStack Heat基础介绍

    原文:http://blog.scottlowe.org/2014/05/01/an-introduction-to-openstack-heat/ 本文将简要地介绍OpenStack Heat. H ...

  3. OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备)

    OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备) 一.操作前需了解:     1. OpenStack提供IaaS(基础设施即服务)服务,它是开源的云计 ...

  4. System Operations on AWS - Lab 7 - CloudFormation

    CloudFormation模板:创建一个VPC(包含Public子网,Private子网,分别在不同的AZ),创建NAT,Bastion Server在Public子网. 1. 修改并运行AWS C ...

  5. DevOps on AWS之Cloudformation实践篇

    cloudformation入门实践 AWS cloudformation通过模板对AWS云资源进行编排和调用.并且可以通过模板代码层面的修改就可以对现有环境进行升级改造,云端业务的灵活便捷特点展现无 ...

  6. DevOps on AWS之Cloudformation概念介绍篇

    Cloudformation的相关概念 AWS cloudformation是一项典型的(IAC)基础架构即代码服务..通过编写模板对亚马逊云服务的资源进行调用和编排.借助cloudformation ...

  7. 亚马逊云服务之CloudFormation

    亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即服务. PaaS: Platform as a ...

  8. CloudFormation

    亚马逊云服务之CloudFormation   亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即 ...

  9. OpenStack-Heat中的AWS::WaitCondition的使用

    在heat中.一个instance的创建成功信号是在这个instance状态成为active之后发出的,这时候user-data可能还没有运行.可是heat已经觉得这个resource创建成功了,開始 ...

随机推荐

  1. 数据库Mysql学习笔记(一)

    Mysql 数据库是数据库初学者最佳的选择的,其语法简单,采用的非底层的SQL语言定义(DDL).操作(DML).控制(DCL)数据库. 入门知识:服务器.库.表. (1)安装Mysql服务器.配置文 ...

  2. 每天学习一点点--word-break和word-wrap用法和区别

    有时候一个又臭又长的单词出现在一个并不宽到足以容纳这个单词时会出现内容溢出容器这种情况: <!DOCTYPE html> <html lang="en"> ...

  3. oracle xmltype导入并解析Excel数据 (四)特别说明

    1.Excel导出,此处没有给出 2.错误原因在中间表,T_EXCEL_IMPORT_GENERATION,其中errormsg不为空的数据 3,中间表入库过程: 需要自己实现,为一个存储过程,存储过 ...

  4. Native VS React Native VS 微信小程序

    随着React Native和 微信小程序的出现,Native一家独大的局面出现裂痕,很多小公司使用已经正在着手微信小程序和React Native了,我公司就已经走上React Native之路.那 ...

  5. Angularjs select的使用

    实例一:基本下拉效果 usage: label for value in array <!-- lang: html --> <select ng-model="selec ...

  6. tableView的高度问题

    新建tableView 到一个普通的视图控制器的View 下,如果大小是全屏高 ,你的数据最下面显示不全,需要在设置高度时候,用屏幕高度-65 即可

  7. 配置使用EF6.0常见的一些问题及解决方案

    前言 最近做了个winform小项目,为方便快速开发,后台框架使用了ef6.0+sqlserver2008架构,遇到各种问题,真是伤脑筋.现将遇到问题和解决方案写下来,方便查阅 提示未注册,找不到驱动 ...

  8. 使用Application对象简单完成网站总访问人数的统计

      Global.asax文件: using System.IO; protected void Application_Start(object sender, EventArgs e) { Fil ...

  9. Autorun.inf文件(2):改变硬盘分区图标

    改变F盘图标. 原理:在f盘下新建一个Autorun.inf文件,文件内容是 [AutoRun]icon=favicon.ico准备名为favicon.ico图标文件,将其放在工程目录里,设计程序将它 ...

  10. 进入meta模式关闭背光灯

    1. 修改文件: mediatek/platform/mt6582/lk/boot_mode.c 2. 修改内容: boot_mode_select()函数: mt65xx_blacklight_of ...