Search

CloudFormation

Stack Name : wsi-env-resource
AWSTemplateFormatVersion: "2010-09-09" Description: Create Main VPC, Backup VPC, File Server, VPC Peering, and Route Tables Resources: MainVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: wsi-main-vpc MainPublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MainVPC CidrBlock: 10.0.1.0/24 AvailabilityZone: !Select [0, !GetAZs ""] MapPublicIpOnLaunch: true Tags: - Key: Name Value: wsi-main-public-subnet-1 MainPublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MainVPC CidrBlock: 10.0.2.0/24 AvailabilityZone: !Select [1, !GetAZs ""] MapPublicIpOnLaunch: true Tags: - Key: Name Value: wsi-main-public-subnet-2 MainPrivateSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MainVPC CidrBlock: 10.0.11.0/24 AvailabilityZone: !Select [0, !GetAZs ""] Tags: - Key: Name Value: wsi-main-private-subnet-1 MainPrivateSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MainVPC CidrBlock: 10.0.12.0/24 AvailabilityZone: !Select [1, !GetAZs ""] Tags: - Key: Name Value: wsi-main-private-subnet-2 MainPublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref MainVPC Tags: - Key: Name Value: wsi-main-public-rt MainPublicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref MainPublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref MainInternetGateway MainPublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref MainPublicSubnet1 RouteTableId: !Ref MainPublicRouteTable MainPublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref MainPublicSubnet2 RouteTableId: !Ref MainPublicRouteTable MainPrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref MainVPC Tags: - Key: Name Value: wsi-main-private-rt MainPrivateSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref MainPrivateSubnet1 RouteTableId: !Ref MainPrivateRouteTable MainPrivateSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref MainPrivateSubnet2 RouteTableId: !Ref MainPrivateRouteTable MainInternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: wsi-main-igw MainIGWAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref MainVPC InternetGatewayId: !Ref MainInternetGateway MainEIP: Type: AWS::EC2::EIP Properties: Domain: vpc MainNATGateway: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt MainEIP.AllocationId SubnetId: !Ref MainPublicSubnet1 Tags: - Key: Name Value: wsi-main-natgw MainPrivateRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref MainPrivateRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref MainNATGateway BackupVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.20.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: wsi-backup-vpc BackupPublicSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref BackupVPC CidrBlock: 10.20.1.0/24 AvailabilityZone: !Select [0, !GetAZs ""] MapPublicIpOnLaunch: true Tags: - Key: Name Value: wsi-backup-public-subnet BackupPrivateSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref BackupVPC CidrBlock: 10.20.2.0/24 AvailabilityZone: !Select [1, !GetAZs ""] Tags: - Key: Name Value: wsi-backup-private-subnet BackupPublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref BackupVPC Tags: - Key: Name, Value: wsi-backup-public-rt BackupPublicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref BackupPublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref BackupInternetGateway BackupPublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref BackupPublicSubnet RouteTableId: !Ref BackupPublicRouteTable BackupPrivateRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref BackupVPC Tags: - Key: Name, Value: wsi-backup-private-rt BackupPrivateRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref BackupPrivateRouteTable DestinationCidrBlock: 0.0.0.0/0 NatGatewayId: !Ref BackupNATGateway BackupPrivateSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref BackupPrivateSubnet RouteTableId: !Ref BackupPrivateRouteTable BackupInternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: wsi-backup-igw BackupIGWAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref BackupVPC InternetGatewayId: !Ref BackupInternetGateway BackupEIP: Type: AWS::EC2::EIP Properties: Domain: vpc BackupNATGateway: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt BackupEIP.AllocationId SubnetId: !Ref BackupPublicSubnet Tags: - Key: Name Value: wsi-backup-natgw BackupSG: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow SSH and TCP for backup VpcId: !Ref BackupVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 2049 ToPort: 2049 CidrIp: 10.0.0.0/8 BackupFileServer: Type: AWS::EC2::Instance Properties: InstanceType: c5.large ImageId: ami-0f605570d05d73472 SubnetId: !Ref BackupPrivateSubnet SecurityGroupIds: - !Ref BackupSG UserData: Fn::Base64: !Sub | #!/bin/bash sudo yum install -y httpd sudo systemctl start httpd sudo systemctl enable httpd echo "Backup Server Ready" | sudo tee /var/www/html/index.html Tags: - Key: Name Value: backup-file-server BackupVpcPeering: Type: AWS::EC2::VPCPeeringConnection Properties: VpcId: !Ref MainVPC PeerVpcId: !Ref BackupVPC Tags: - Key: Name Value: main-to-backup-peering MainToBackupRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref MainPrivateRouteTable DestinationCidrBlock: 10.20.0.0/16 VpcPeeringConnectionId: !Ref BackupVpcPeering BackupToMainRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref BackupPrivateRouteTable DestinationCidrBlock: 10.0.0.0/16 VpcPeeringConnectionId: !Ref BackupVpcPeering
YAML
복사