1. {
  2. 	"AWSTemplateFormatVersion" : "2010-09-09",
  3. 	"Parameters" : {
  4. 		"BastionHostKeyName" : {
  5. 			"Type" : "String",
  6. 			"Description" : "The name of the private key file to use for SSH/RDP access to the bastion host."
  7. 		},
  8. 		"BastionSecurityCIDR" : {
  9. 			"Type" : "String",
  10. 			"Description" : "The CIDR range to use to lock down security on the bastion host.",
  11. 			"Default" : "0.0.0.0/0"
  12. 		},
  13. 		"BastionInstanceType" : {
  14. 			"Type" : "String",
  15. 			"Description" : "The size of the instance to use for the bastion host."
  16. 		}
  17. 	},
  18. 	"Mappings" : {
  19. 		"AmazonLinuxAMI": {
  20. 	      "us-east-1": {
  21. 	        "AMI": "ami-1ecae776"
  22. 	      },
  23. 	      "us-west-1": {
  24. 	        "AMI": "ami-d114f295"
  25. 	      },
  26. 	      "us-west-2": {
  27. 	        "AMI": "ami-e7527ed7"
  28. 	      },
  29. 	      "eu-west-1": {
  30. 	        "AMI": "ami-a10897d6"
  31. 	      },
  32. 	      "eu-central-1": {
  33. 	        "AMI": "ami-a8221fb5"
  34. 	      },
  35. 	      "sa-east-1": {
  36. 	        "AMI": "ami-b52890a8"
  37. 	      },
  38. 	      "ap-southeast-1": {
  39. 	        "AMI": "ami-68d8e93a"
  40. 	      },
  41. 	      "ap-southeast-2": {
  42. 	        "AMI": "ami-fd9cecc7"
  43. 	      },
  44. 	      "ap-northeast-1": {
  45. 	        "AMI": "ami-cbf90ecb"
  46. 	      }
  47. 		}
  48. 	},
  49. 	"Resources" : {
  50. 		"VPC" : {
  51. 			"Type" : "AWS::EC2::VPC",
  52. 			"Properties" : {
  53. 				"CidrBlock" : "10.1.0.0/16",
  54. 				"EnableDnsSupport" : "true",
  55. 				"EnableDnsHostnames" : "true",
  56. 				"Tags" : [{
  57. 						"Key" : "Name",
  58. 						"Value" : "Lab VPC"
  59. 					}
  60. 				]
  61. 			}
  62. 		},
  63. 		"InternetGateway" : {
  64. 			"Type" : "AWS::EC2::InternetGateway",
  65. 			"DependsOn" : "VPC"
  66. 		},
  67. 		"AttachGateway" : {
  68. 			"Type" : "AWS::EC2::VPCGatewayAttachment",
  69. 			"DependsOn" : ["VPC", "InternetGateway"],
  70. 			"Properties" : {
  71. 				"VpcId" : {
  72. 					"Ref" : "VPC"
  73. 				},
  74. 				"InternetGatewayId" : {
  75. 					"Ref" : "InternetGateway"
  76. 				}
  77. 			}
  78. 		},
  79. 		"PublicSubnet1" : {
  80. 			"Type" : "AWS::EC2::Subnet",
  81. 			"DependsOn" : "AttachGateway",
  82. 			"Properties" : {
  83. 				"VpcId" : {
  84. 					"Ref" : "VPC"
  85. 				},
  86. 				"CidrBlock" : "10.1.10.0/24",
  87. 				"MapPublicIpOnLaunch" : "true",
  88. 				"AvailabilityZone" : {
  89. 					"Fn::Select" : [
  90. 						"0", {
  91. 							"Fn::GetAZs" : ""
  92. 						}
  93. 					]
  94. 				},
  95. 				"Tags" : [{
  96. 						"Key" : "Name",
  97. 						"Value" : "Public Subnet 1"
  98. 					}
  99. 				]
  100. 			}
  101. 		},
  102. 		"PrivateSubnet1" : {
  103. 			"Type" : "AWS::EC2::Subnet",
  104. 			"DependsOn" : "AttachGateway",
  105. 			"Properties" : {
  106. 				"VpcId" : {
  107. 					"Ref" : "VPC"
  108. 				},
  109. 				"CidrBlock" : "10.1.50.0/24",
  110. 				"AvailabilityZone" : {
  111. 					"Fn::Select" : [
  112. 						"0", {
  113. 							"Fn::GetAZs" : ""
  114. 						}
  115. 					]
  116. 				},
  117. 				"Tags" : [{
  118. 						"Key" : "Name",
  119. 						"Value" : "Private Subnet 1"
  120. 					}
  121. 				]
  122. 			}
  123. 		},
  124. 		"PublicRouteTable" : {
  125. 			"Type" : "AWS::EC2::RouteTable",
  126. 			"DependsOn" : ["VPC", "AttachGateway"],
  127. 			"Properties" : {
  128. 				"VpcId" : {
  129. 					"Ref" : "VPC"
  130. 				},
  131. 				"Tags" : [{
  132. 						"Key" : "Name",
  133. 						"Value" : "Public"
  134. 					}
  135. 				]
  136. 			}
  137. 		},
  138. 		"PublicRoute" : {
  139. 			"Type" : "AWS::EC2::Route",
  140. 			"DependsOn" : ["PublicRouteTable", "AttachGateway"],
  141. 			"Properties" : {
  142. 				"RouteTableId" : {
  143. 					"Ref" : "PublicRouteTable"
  144. 				},
  145. 				"DestinationCidrBlock" : "0.0.0.0/0",
  146. 				"GatewayId" : {
  147. 					"Ref" : "InternetGateway"
  148. 				}
  149. 			}
  150. 		},
  151. 		"PublicSubnet1RouteTableAssociation" : {
  152. 			"Type" : "AWS::EC2::SubnetRouteTableAssociation",
  153. 			"DependsOn" : ["PublicRouteTable", "PublicSubnet1", "AttachGateway"],
  154. 			"Properties" : {
  155. 				"SubnetId" : {
  156. 					"Ref" : "PublicSubnet1"
  157. 				},
  158. 				"RouteTableId" : {
  159. 					"Ref" : "PublicRouteTable"
  160. 				}
  161. 			}
  162. 		},
  163. 		"PrivateRouteTable" : {
  164. 			"Type" : "AWS::EC2::RouteTable",
  165. 			"DependsOn" : "AttachGateway",
  166. 			"Properties" : {
  167. 				"VpcId" : {
  168. 					"Ref" : "VPC"
  169. 				},
  170. 				"Tags" : [{
  171. 						"Key" : "Name",
  172. 						"Value" : "Private"
  173. 					}
  174. 				]
  175. 			}
  176. 		},
  177. 		"PrivateSubnet1RouteTableAssociation" : {
  178. 			"Type" : "AWS::EC2::SubnetRouteTableAssociation",
  179. 			"DependsOn" : ["PublicRouteTable", "PrivateSubnet1", "AttachGateway"],
  180. 			"Properties" : {
  181. 				"SubnetId" : {
  182. 					"Ref" : "PrivateSubnet1"
  183. 				},
  184. 				"RouteTableId" : {
  185. 					"Ref" : "PrivateRouteTable"
  186. 				}
  187. 			}
  188. 		},
  189. 		"PrivateNetworkAcl" : {
  190. 			"Type" : "AWS::EC2::NetworkAcl",
  191. 			"DependsOn" : "AttachGateway",
  192. 			"Properties" : {
  193. 				"VpcId" : {
  194. 					"Ref" : "VPC"
  195. 				},
  196. 				"Tags" : [{
  197. 						"Key" : "Network",
  198. 						"Value" : "Private"
  199. 					}
  200. 				]
  201. 			}
  202. 		},
  203. 		"NATInstance" : {
  204. 			"Type" : "AWS::EC2::Instance",
  205. 			"DependsOn" : ["AttachGateway", "PublicRoute", "PublicSubnet1"],
  206. 			"Properties" : {
  207. 				"ImageId" :         {
  208.           "Fn::FindInMap" : [
  209.             "AmazonLinuxAMI", {
  210.               "Ref" : "AWS::Region"
  211.             },
  212.             "AMI"
  213.           ]
  214.         },
  215. 				"InstanceType" : "t2.small",
  216. 				"NetworkInterfaces" : [{
  217. 						"DeviceIndex" : "0",
  218. 						"AssociatePublicIpAddress" : "true",
  219. 						"SubnetId" : {
  220. 							"Ref" : "PublicSubnet1"
  221. 						},
  222. 						"GroupSet" : [{
  223. 								"Ref" : "NATSecurityGroup"
  224. 							}
  225. 						]
  226. 					}
  227. 				],
  228. 				"SourceDestCheck" : "false",
  229. 				"Tags" : [{
  230. 						"Key" : "Name",
  231. 						"Value" : "NAT"
  232. 					}
  233. 				],
  234. 				"UserData" : {
  235. 					"Fn::Base64" : {
  236. 						"Fn::Join" : [
  237. 							"\n",
  238. 							[
  239. 								"#!/bin/bash",
  240. 								"yum -y update",
  241. 								"echo 1 > /proc/sys/net/ipv4/ip_forward",
  242. 								"echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects",
  243. 								"/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 0.0.0.0/0 -j MASQUERADE",
  244. 								"/sbin/iptables-save > /etc/sysconfig/iptables",
  245. 								"mkdir -p /etc/sysctl.d/",
  246. 								"cat <<EOF > /etc/sysctl.d/nat.conf",
  247. 								"net.ipv4.ip_forward = 1",
  248. 								"net.ipv4.conf.eth0.send_redirects = 0",
  249. 								"EOF \n"
  250. 							]
  251. 						]
  252. 					}
  253. 				}
  254. 			}
  255. 		},
  256. 		"NATSecurityGroup" : {
  257. 			"Type" : "AWS::EC2::SecurityGroup",
  258. 			"DependsOn" : "AttachGateway",
  259. 			"Properties" : {
  260. 				"GroupDescription" : "Enable internal access to the NAT device",
  261. 				"VpcId" : {
  262. 					"Ref" : "VPC"
  263. 				},
  264. 				"SecurityGroupIngress" : [{
  265. 						"IpProtocol" : "tcp",
  266. 						"FromPort" : "0",
  267. 						"ToPort" : "1024",
  268. 						"CidrIp" : "10.1.50.0/24"
  269. 					}, {
  270. 						"IpProtocol" : "udp",
  271. 						"FromPort" : "0",
  272. 						"ToPort" : "1024",
  273. 						"CidrIp" : "10.1.50.0/24"
  274. 					}
  275. 				],
  276. 				"SecurityGroupEgress" : [{
  277. 						"IpProtocol" : "tcp",
  278. 						"FromPort" : "0",
  279. 						"ToPort" : "65535",
  280. 						"CidrIp" : "0.0.0.0/0"
  281. 					}, {
  282. 						"IpProtocol" : "udp",
  283. 						"FromPort" : "0",
  284. 						"ToPort" : "65535",
  285. 						"CidrIp" : "0.0.0.0/0"
  286. 					}
  287. 				]
  288. 			}
  289. 		},
  290. 		"PrivateRoute" : {
  291. 			"Type" : "AWS::EC2::Route",
  292. 			"DependsOn" : ["NATInstance", "PrivateRouteTable"],
  293. 			"Properties" : {
  294. 				"RouteTableId" : {
  295. 					"Ref" : "PrivateRouteTable"
  296. 				},
  297. 				"DestinationCidrBlock" : "0.0.0.0/0",
  298. 				"InstanceId" : {
  299. 					"Ref" : "NATInstance"
  300. 				}
  301. 			}
  302. 		},
  303. 		"BastionServerSecurityGroup" : {
  304. 			"Type" : "AWS::EC2::SecurityGroup",
  305. 			"DependsOn" : "AttachGateway",
  306. 			"Properties" : {
  307. 				"GroupDescription" : "Security Group for bastion server",
  308. 				"VpcId" : {
  309. 					"Ref" : "VPC"
  310. 				},
  311. 				"Tags" : [{
  312. 						"Key" : "Name",
  313. 						"Value" : "BastionServerSecurityGroup"
  314. 					}, {
  315. 						"Key" : "ResourceGroup",
  316. 						"Value" : "CloudFormationResource"
  317. 					}
  318. 				],
  319. 				"SecurityGroupIngress" : [{
  320. 						"IpProtocol" : "tcp",
  321. 						"FromPort" : "22",
  322. 						"ToPort" : "22",
  323. 						"CidrIp" : {
  324. 							"Ref" : "BastionSecurityCIDR"
  325. 						}
  326. 					}
  327. 				]
  328. 			}
  329. 		},
  330. 		"BastionServer" : {
  331. 			"Type" : "AWS::EC2::Instance",
  332. 			"DependsOn" : ["NATInstance"],
  333. 			"Properties" : {
  334. 				"ImageId" :         {
  335.           "Fn::FindInMap" : [
  336.             "AmazonLinuxAMI", {
  337.               "Ref" : "AWS::Region"
  338.             },
  339.             "AMI"
  340.           ]
  341.         },
  342. 				"InstanceType" : {
  343. 					"Ref" : "BastionInstanceType"
  344. 				},
  345. 				"KeyName" : {
  346. 					"Ref" : "BastionHostKeyName"
  347. 				},
  348. 				"NetworkInterfaces" : [{
  349. 						"DeviceIndex" : "0",
  350. 						"AssociatePublicIpAddress" : "true",
  351. 						"SubnetId" : {
  352. 							"Ref" : "PrivateSubnet1"
  353. 						},
  354. 						"GroupSet" : [{
  355. 								"Ref" : "BastionServerSecurityGroup"
  356. 							}
  357. 						]
  358. 					}
  359. 				],
  360. 				"Tags" : [{
  361. 						"Key" : "Name",
  362. 						"Value" : "BastionServer"
  363. 					}
  364. 				],
  365. 				"UserData" : {
  366. 					"Fn::Base64" : {
  367. 						"Fn::Join" : [
  368. 							"",
  369. 							[
  370. 								"#!/bin/bash -ex \n",
  371. 								"yum -y update \n"
  372. 							]
  373. 						]
  374. 					}
  375. 				}
  376. 			}
  377. 		}
  378. 	}
  379. }

  

AWS CloudFormation Template的更多相关文章

  1. Lab_7_Automating_v2.5

    System Operations - Lab 7: Automating Deployments with CloudFormation - 2.5 ======================== ...

  2. 【译】OpenStack Heat基础介绍

    原文:http://blog.scottlowe.org/2014/05/01/an-introduction-to-openstack-heat/ 本文将简要地介绍OpenStack Heat. H ...

  3. OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备)

    OpenStack 初探(一) -- All-In-One模式部署(初学OpenStack必备) 一.操作前需了解:     1. OpenStack提供IaaS(基础设施即服务)服务,它是开源的云计 ...

  4. System Operations on AWS - Lab 7 - CloudFormation

    CloudFormation模板:创建一个VPC(包含Public子网,Private子网,分别在不同的AZ),创建NAT,Bastion Server在Public子网. 1. 修改并运行AWS C ...

  5. DevOps on AWS之Cloudformation实践篇

    cloudformation入门实践 AWS cloudformation通过模板对AWS云资源进行编排和调用.并且可以通过模板代码层面的修改就可以对现有环境进行升级改造,云端业务的灵活便捷特点展现无 ...

  6. DevOps on AWS之Cloudformation概念介绍篇

    Cloudformation的相关概念 AWS cloudformation是一项典型的(IAC)基础架构即代码服务..通过编写模板对亚马逊云服务的资源进行调用和编排.借助cloudformation ...

  7. 亚马逊云服务之CloudFormation

    亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即服务. PaaS: Platform as a ...

  8. CloudFormation

    亚马逊云服务之CloudFormation   亚马逊的Web Service其实包含了一套云服务.云服务主要分为三种: IaaS: Infrastructure as a service,基础设施即 ...

  9. OpenStack-Heat中的AWS::WaitCondition的使用

    在heat中.一个instance的创建成功信号是在这个instance状态成为active之后发出的,这时候user-data可能还没有运行.可是heat已经觉得这个resource创建成功了,開始 ...

随机推荐

  1. 深入理解JavaScript系列:JavaScript的构成

    此篇文章不是干货类型,也算不上概念阐述,就是简单的进行一个思路上的整理. 要了解一样东西或者完成一件事情,首要的就是先要搞清楚他是什么.作为一个前端开发人员,JavaScript应该算作是最核心之一的 ...

  2. HDU 4336 容斥原理 || 状压DP

    状压DP :F(S)=Sum*F(S)+p(x1)*F(S^(1<<x1))+p(x2)*F(S^(1<<x2))...+1; F(S)表示取状态为S的牌的期望次数,Sum表示 ...

  3. HDU5402 暴力模拟

    因为题目中没有说是否是正整数,导致我们以为是DP,没敢做...太可惜了,不过现场赛绝对不会出现这种情况,毕竟所有的提问是都可以看见的. 题意:告诉一个矩阵,然后求从(1,1)到(n,m)能走过的最大和 ...

  4. 修改SharePoint 2013中item Created by 信息

    因为公司的系统有点小bug.额,要做点坏事,把系统没记上的东西偷偷补上去,但是item的created by变成了我(这怎么行,不能让别人知道我做了坏事,一定是隔壁小李干的! 懒得开visual st ...

  5. /date(-62135596800000)转换正常格式的时间

    function formatDatebox(value) { if (value == null || value == '') { return ''; } var dt = parseToDat ...

  6. iredmail安装脚本分析(一)---iRedmail.sh

    iredmail是一套以postfix为核心的整合邮件系统的安装脚本,可以达到快速部署邮件服务器的目的.为了让自己不遗忘shell的语法,所以闲来无事,学习一下他的代码. 我从官网下载他的最新版,解压 ...

  7. Objective-C 代码块(block)的使用

    代码块本质上是和其他变量类似.不同的是,代码块存储的数据是一个函数体.使用代码块是,你可以像调用其他标准函数一样,传入参数数,并得到返回值. 脱字符(^)是块的语法标记.按照我们熟悉的参数语法规约所定 ...

  8. 【转载】Spark性能优化指南——高级篇

    前言 数据倾斜调优 调优概述 数据倾斜发生时的现象 数据倾斜发生的原理 如何定位导致数据倾斜的代码 查看导致数据倾斜的key的数据分布情况 数据倾斜的解决方案 解决方案一:使用Hive ETL预处理数 ...

  9. 二叉树[C实现]

    #include<stdio.h> #include<malloc.h> #include<iostream> //定义节点 typedef struct BiNo ...

  10. ThinkPHP 3.2 获取页面运行时间

    在ThinkPHP中,可以通过在config.php中配置'SHOW_PAGE_TRACE' =>true,打开页面调试,实现页面载入时间的显示.但显示在页面右下角TP的LOGO显然不能适用于我 ...