AWS CloudFormation Template
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Parameters" : {
"BastionHostKeyName" : {
"Type" : "String",
"Description" : "The name of the private key file to use for SSH/RDP access to the bastion host."
},
"BastionSecurityCIDR" : {
"Type" : "String",
"Description" : "The CIDR range to use to lock down security on the bastion host.",
"Default" : "0.0.0.0/0"
},
"BastionInstanceType" : {
"Type" : "String",
"Description" : "The size of the instance to use for the bastion host."
}
},
"Mappings" : {
"AmazonLinuxAMI": {
"us-east-1": {
"AMI": "ami-1ecae776"
},
"us-west-1": {
"AMI": "ami-d114f295"
},
"us-west-2": {
"AMI": "ami-e7527ed7"
},
"eu-west-1": {
"AMI": "ami-a10897d6"
},
"eu-central-1": {
"AMI": "ami-a8221fb5"
},
"sa-east-1": {
"AMI": "ami-b52890a8"
},
"ap-southeast-1": {
"AMI": "ami-68d8e93a"
},
"ap-southeast-2": {
"AMI": "ami-fd9cecc7"
},
"ap-northeast-1": {
"AMI": "ami-cbf90ecb"
}
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.1.0.0/16",
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"Tags" : [{
"Key" : "Name",
"Value" : "Lab VPC"
}
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"DependsOn" : "VPC"
},
"AttachGateway" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"DependsOn" : ["VPC", "InternetGateway"],
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"InternetGatewayId" : {
"Ref" : "InternetGateway"
}
}
},
"PublicSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"CidrBlock" : "10.1.10.0/24",
"MapPublicIpOnLaunch" : "true",
"AvailabilityZone" : {
"Fn::Select" : [
"0", {
"Fn::GetAZs" : ""
}
]
},
"Tags" : [{
"Key" : "Name",
"Value" : "Public Subnet 1"
}
]
}
},
"PrivateSubnet1" : {
"Type" : "AWS::EC2::Subnet",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"CidrBlock" : "10.1.50.0/24",
"AvailabilityZone" : {
"Fn::Select" : [
"0", {
"Fn::GetAZs" : ""
}
]
},
"Tags" : [{
"Key" : "Name",
"Value" : "Private Subnet 1"
}
]
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : ["VPC", "AttachGateway"],
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "Public"
}
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : ["PublicRouteTable", "AttachGateway"],
"Properties" : {
"RouteTableId" : {
"Ref" : "PublicRouteTable"
},
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : {
"Ref" : "InternetGateway"
}
}
},
"PublicSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn" : ["PublicRouteTable", "PublicSubnet1", "AttachGateway"],
"Properties" : {
"SubnetId" : {
"Ref" : "PublicSubnet1"
},
"RouteTableId" : {
"Ref" : "PublicRouteTable"
}
}
},
"PrivateRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "Private"
}
]
}
},
"PrivateSubnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"DependsOn" : ["PublicRouteTable", "PrivateSubnet1", "AttachGateway"],
"Properties" : {
"SubnetId" : {
"Ref" : "PrivateSubnet1"
},
"RouteTableId" : {
"Ref" : "PrivateRouteTable"
}
}
},
"PrivateNetworkAcl" : {
"Type" : "AWS::EC2::NetworkAcl",
"DependsOn" : "AttachGateway",
"Properties" : {
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Network",
"Value" : "Private"
}
]
}
},
"NATInstance" : {
"Type" : "AWS::EC2::Instance",
"DependsOn" : ["AttachGateway", "PublicRoute", "PublicSubnet1"],
"Properties" : {
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
},
"InstanceType" : "t2.small",
"NetworkInterfaces" : [{
"DeviceIndex" : "0",
"AssociatePublicIpAddress" : "true",
"SubnetId" : {
"Ref" : "PublicSubnet1"
},
"GroupSet" : [{
"Ref" : "NATSecurityGroup"
}
]
}
],
"SourceDestCheck" : "false",
"Tags" : [{
"Key" : "Name",
"Value" : "NAT"
}
],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"\n",
[
"#!/bin/bash",
"yum -y update",
"echo 1 > /proc/sys/net/ipv4/ip_forward",
"echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects",
"/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE",
"/sbin/iptables-save > /etc/sysconfig/iptables",
"mkdir -p /etc/sysctl.d/",
"cat <<EOF > /etc/sysctl.d/nat.conf",
"net.ipv4.ip_forward = 1",
"net.ipv4.conf.eth0.send_redirects = 0",
"EOF \n"
]
]
}
}
}
},
"NATSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"DependsOn" : "AttachGateway",
"Properties" : {
"GroupDescription" : "Enable internal access to the NAT device",
"VpcId" : {
"Ref" : "VPC"
},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "1024",
"CidrIp" : "10.1.50.0/24"
}, {
"IpProtocol" : "udp",
"FromPort" : "0",
"ToPort" : "1024",
"CidrIp" : "10.1.50.0/24"
}
],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}, {
"IpProtocol" : "udp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}
]
}
},
"PrivateRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : ["NATInstance", "PrivateRouteTable"],
"Properties" : {
"RouteTableId" : {
"Ref" : "PrivateRouteTable"
},
"DestinationCidrBlock" : "0.0.0.0/0",
"InstanceId" : {
"Ref" : "NATInstance"
}
}
},
"BastionServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"DependsOn" : "AttachGateway",
"Properties" : {
"GroupDescription" : "Security Group for bastion server",
"VpcId" : {
"Ref" : "VPC"
},
"Tags" : [{
"Key" : "Name",
"Value" : "BastionServerSecurityGroup"
}, {
"Key" : "ResourceGroup",
"Value" : "CloudFormationResource"
}
],
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : {
"Ref" : "BastionSecurityCIDR"
}
}
]
}
},
"BastionServer" : {
"Type" : "AWS::EC2::Instance",
"DependsOn" : ["NATInstance"],
"Properties" : {
"ImageId" : {
"Fn::FindInMap" : [
"AmazonLinuxAMI", {
"Ref" : "AWS::Region"
},
"AMI"
]
},
"InstanceType" : {
"Ref" : "BastionInstanceType"
},
"KeyName" : {
"Ref" : "BastionHostKeyName"
},
"NetworkInterfaces" : [{
"DeviceIndex" : "0",
"AssociatePublicIpAddress" : "true",
"SubnetId" : {
"Ref" : "PrivateSubnet1"
},
"GroupSet" : [{
"Ref" : "BastionServerSecurityGroup"
}
]
}
],
"Tags" : [{
"Key" : "Name",
"Value" : "BastionServer"
}
],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [
"",
[
"#!/bin/bash -ex \n",
"yum -y update \n"
]
]
}
}
}
}
}
}
AWS CloudFormation Template的更多相关文章
- Lab_7_Automating_v2.5
System Operations - Lab 7: Automating Deployments with CloudFormation - 2.5 ======================== ...
- 【译】OpenStack Heat基础介绍
原文:http://blog.scottlowe.org/2014/05/01/an-introduction-to-openstack-heat/ 本文将简要地介绍OpenStack Heat. H ...
- OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备)
OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备) 一.操作前需了解: 1. OpenStack提供IaaS(基础设施即服务)服务,它是开源的云计 ...
- System Operations on AWS - Lab 7 - CloudFormation
CloudFormation模板:创建一个VPC(包含Public子网,Private子网,分别在不同的AZ),创建NAT,Bastion Server在Public子网. 1. 修改并运行AWS C ...
- DevOps on AWS之Cloudformation实践篇
cloudformation入门实践 AWS cloudformation通过模板对AWS云资源进行编排和调用.并且可以通过模板代码层面的修改就可以对现有环境进行升级改造,云端业务的灵活便捷特点展现无 ...
- DevOps on AWS之Cloudformation概念介绍篇
Cloudformation的相关概念 AWS cloudformation是一项典型的(IAC)基础架构即代码服务..通过编写模板对亚马逊云服务的资源进行调用和编排.借助cloudformation ...
- 亚马逊云服务之CloudFormation
亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即服务. PaaS: Platform as a ...
- CloudFormation
亚马逊云服务之CloudFormation 亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即 ...
- OpenStack-Heat中的AWS::WaitCondition的使用
在heat中.一个instance的创建成功信号是在这个instance状态成为active之后发出的,这时候user-data可能还没有运行.可是heat已经觉得这个resource创建成功了,開始 ...
随机推荐
- PKU 1007
题名:DNA排序 题意:给定字符串长度.个数,计算每个字符串的逆序数,然后从大到小排列,有兴趣的可以去看下原题. 计算字符串逆序数,然后排序,这里使用了快速排序算法,string释放的时候竟然有问题, ...
- SE Homework 1 —An Error Impressed Me
在对两个对象进行比较.判断是否相等时,直接用 == 放在两个对象中间,例如下面的代码: Infor i1 = new Infor(111,"AA"); Infor i2 = new ...
- Python常用函数、方法、模块记录
常用函数: 1.pow():乘方 2.abs():绝对值 3.round():四舍五入 4.int():转换为整数 5.input():键盘输入(会根据用户的输入来做类型的转换) raw_input( ...
- Caffe 源碼閱讀(六) InternalThread
类InternalThread是一个虚类,是Caffe中的多线程接口,其本质是为封装了boost::thread 看源码可以得到以下结论: 1.每个派生类都需要实现一个InternalThreadEn ...
- LESS用法·
CSS 彻底改变了 Web 页面的设计,但 CSS 仍然是静态的,而且在其句法发展方面受到限制.这些限制是有目的且合乎情理的,鼓励广泛加以实现.但开发人员和设计人员常常发现 CSS 使用起来很单调乏味 ...
- MySql数据库忘记root密码
以windows为例: 1. 关闭正在运行的MySQL服务.(services.msc运行停止服务) 2. 打开DOS窗口,转到mysql\bin目录.(输入cd..返回到c盘根目录下,一般MySQL ...
- java工厂-积木系列
这里记录一个例子,工厂模式的理论就不扯淡了. 遇到的问题:支付方式有很多种,比如微信支付 支付宝支付 银联支付 等等.我们在在实现的时候发现他么的流程上是相似的,以及每个方式都有大量的个性配置,在实例 ...
- [读书笔记]自动装箱的陷阱以及==与equals
先看一段代码,来自周志明的<深入理解Java虚拟机>. Integer a = 1; Integer b = 2; Integer c = 3; Integer d = 3; Intege ...
- IOS常见异常捕获
前言:在开发APP时,我们通常都会需要捕获异常,防止应用程序突然的崩溃,防止给予用户不友好的体验.其实Objective-C的异常处理方法和JAVA的雷同,懂JAVA的朋友一看就懂.我为什么要写这篇博 ...
- 《我是一只IT小小鸟》读书笔记
大一进来的第一个学期 我对我所读的软件工程专业感到迷茫与不知.就这么昏昏沉沉的度过了一个学期,第二个学期一开始,在上第一节新增加的“大学生创业与指导”课程充满了好奇,在课上老师推荐的一本书<我是 ...