AWSTemplateFormatVersion: '2010-09-09' Description: Lab7 Task 1 template which builds VPC, supporting resources, a basic networking structure, and some Security groups for use in later tasks. Parameters: VPCCIDR: Description: CIDR Block for VPC Type: String Default: 10.0.0.0/16 AllowedValues: - 10.0.0.0/16 PublicSubnet1Param: Description: Public Subnet 1 Type: String Default: 10.0.0.0/24 AllowedValues: - 10.0.0.0/24 PublicSubnet2Param: Description: Public Subnet 2 Type: String Default: 10.0.1.0/24 AllowedValues: - 10.0.1.0/24 AppSubnet1Param: Description: App Subnet 1 Type: String Default: 10.0.2.0/24 AllowedValues: - 10.0.2.0/24 AppSubnet2Param: Description: App Subnet 2 Type: String Default: 10.0.3.0/24 AllowedValues: - 10.0.3.0/24 DatabaseSubnet1Param: Description: Private Subnet 1 Type: String Default: 10.0.4.0/24 AllowedValues: - 10.0.4.0/24 DatabaseSubnet2Param: Description: Private Subnet 2 Type: String Default: 10.0.5.0/24 AllowedValues: - 10.0.5.0/24 Resources: LabVPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VPCCIDR EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default Tags: - Key: Name Value: LabVPC - Key: Env Value: devlab LabInternetGateway: Type: AWS::EC2::InternetGateway AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref LabVPC InternetGatewayId: !Ref LabInternetGateway NATGateway1: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt ElasticIPAddress1.AllocationId SubnetId: !Ref PublicSubnet1 Tags: - Key: Name Value: NATGateway1 - Key: env Value: devlab ElasticIPAddress1: Type: AWS::EC2::EIP Properties: Domain: vpc Tags: - Key: env Value: devlab NATGateway2: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt ElasticIPAddress2.AllocationId SubnetId: !Ref PublicSubnet2 Tags: - Key: Name Value: NATGateway2 - Key: env Value: devlab ElasticIPAddress2: Type: AWS::EC2::EIP Properties: Domain: vpc Tags: - Key: env Value: devlab PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref LabVPC CidrBlock: !Ref PublicSubnet1Param MapPublicIpOnLaunch: true AvailabilityZone: !Select - '0' - !GetAZs '' Tags: - Key: Name Value: PublicSubnet1 PublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref LabVPC CidrBlock: !Ref PublicSubnet2Param MapPublicIpOnLaunch: true AvailabilityZone: !Select - '1' - !GetAZs '' Tags: - Key: Name Value: PublicSubnet2 AppSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref LabVPC CidrBlock: !Ref AppSubnet1Param MapPublicIpOnLaunch: false AvailabilityZone: !Select - '0' - !GetAZs '' Tags: - Key: Name Value: AppSubnet1 AppSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref LabVPC CidrBlock: !Ref AppSubnet2Param MapPublicIpOnLaunch: false AvailabilityZone: !Select - '1' - !GetAZs '' Tags: - Key: Name Value: AppSubnet2 DatabaseSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref LabVPC CidrBlock: !Ref DatabaseSubnet1Param MapPublicIpOnLaunch: false AvailabilityZone: !Select - '0' - !GetAZs '' Tags: - Key: Name Value: DatabaseSubnet1 DatabaseSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref LabVPC CidrBlock: !Ref DatabaseSubnet2Param MapPublicIpOnLaunch: false AvailabilityZone: !Select - '1' - !GetAZs '' Tags: - Key: Name Value: DatabaseSubnet2 PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref LabVPC Tags: - Key: Name Value: PublicRouteTable PrivateRouteTableAZ1: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref LabVPC Tags: - Key: Name Value: PrivateRouteTableAZ1 PrivateRouteTableAZ2: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref LabVPC Tags: - Key: Name Value: PrivateRouteTableAZ2 PublicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref LabInternetGateway PrivateRouteAZ1: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTableAZ1 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway1 PrivateRouteAZ2: Type: AWS::EC2::Route Properties: RouteTableId: !Ref PrivateRouteTableAZ2 DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref NATGateway2 PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet1 RouteTableId: !Ref PublicRouteTable PublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet2 RouteTableId: !Ref PublicRouteTable AppSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref AppSubnet1 RouteTableId: !Ref PrivateRouteTableAZ1 AppSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref AppSubnet2 RouteTableId: !Ref PrivateRouteTableAZ2 DatabaseSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref DatabaseSubnet1 RouteTableId: !Ref PrivateRouteTableAZ1 DatabaseSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref DatabaseSubnet2 RouteTableId: !Ref PrivateRouteTableAZ2 AppInstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security Group allowing HTTP traffic for lab instances VpcId: !Ref LabVPC Tags: - Key: Name Value: AppInstanceSecurityGroup SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 RDSSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security Group allowing RDS instances to have internet traffic VpcId: !Ref LabVPC Tags: - Key: Name Value: RDSSecurityGroup EFSMountTargetSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Security Group allowing traffic between EFS Mount Targets and Amazon EC2 instances VpcId: !Ref LabVPC Tags: - Key: Name Value: EFSMountTargetSecurityGroup SecurityGroupIngress: - IpProtocol: tcp SourceSecurityGroupId: !Ref AppInstanceSecurityGroup FromPort: 80 ToPort: 80 Outputs: Region: Description: Lab Region Value: !Ref AWS::Region DatabaseSubnet1CIDR: Description: CIDR block for the DB Subnet in AZ a Value: !Ref DatabaseSubnet1Param DatabaseSubnet2CIDR: Description: CIDR block for the DB Subnet in AZ b Value: !Ref DatabaseSubnet2Param DatabaseSubnet1ID: Description: The Subnet ID for the DB Subnet in AZ a Value: !Ref DatabaseSubnet1 Export: Name: DatabaseSubnet1ID DatabaseSubnet2ID: Description: The Subnet ID for the DB Subnet in AZ b Value: !Ref DatabaseSubnet2 Export: Name: DatabaseSubnet2ID AppInstanceSecurityGroupID: Description: The Security Group ID for the Lab Instance Security Group Value: !Ref AppInstanceSecurityGroup Export: Name: AppInstanceSecurityGroupID EFSMountTargetSecurityGroupID: Description: The Security Group ID for the Lab EFS Mount Target Value: !Ref EFSMountTargetSecurityGroup Export: Name: EFSMountTargetSecurityGroupID RDSSecurityGroupID: Description: The Security Group ID for the Lab RDS cluster Value: !Ref RDSSecurityGroup Export: Name: RDSSecurityGroupID VPCID: Description: The VPC ID for the lab Value: !Ref LabVPC Export: Name: VPCID