当前位置：文江博客 Node Package Readme @104corp/cfn-vpc-module 中文文档教程

@104corp/cfn-vpc-module 中文文档教程

发布于 4年前浏览 29 项目主页更新于 3年前

CloudFormation VPC Module

从 CloudFromation 模板

Manage Resources

VPC
FlowLog
InternetGateway
NAT Gateway
EIP
Endpoint
DHCPOptions
Subnet
RouteTable
SecurityGroup (Privatelink)
S3 Bucket

Install

安装 AWS VPC 服务部署 Node.js 和 npm第一的！

npm i @104corp/cfn-vpc-module

Usage

default

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.0.0.0/16'
        PublicSubnetACIDR: '10.0.1.0/24'
        PublicSubnetBCIDR: '10.0.2.0/24'
        PrivateSubnet1ACIDR: '10.0.3.0/24'
        PrivateSubnet1BCIDR: '10.0.4.0/24'
        PrivateSubnet2ACIDR: '10.0.5.0/24'
        PrivateSubnet2BCIDR: '10.0.6.0/24'
        PrivateSubnet3ACIDR: '10.0.7.0/24'
        PrivateSubnet3BCIDR: '10.0.8.0/24'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

With NAT Subnet

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.152.0.0/21'
        PublicSubnetACIDR: '10.152.0.0/26'
        PublicSubnetBCIDR: '10.152.0.64/26'
        PrivateSubnet1ACIDR: '10.152.1.0/24'
        PrivateSubnet1BCIDR: '10.152.2.0/24'
        PrivateSubnet2ACIDR: '10.152.3.0/24'
        PrivateSubnet2BCIDR: '10.152.4.0/24'
        PrivateSubnet3ACIDR: '10.152.5.0/24'
        PrivateSubnet3BCIDR: '10.152.6.0/24'
        NatSubnetACIDR: '10.152.0.128.0/26'
        NatSubnetBCIDR: '10.152.0.192.0/26'
        NatGatewayMultiAZ: 'true'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "devops-infra-cfn-vpc-module",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DeleteTags",
                "s3:*",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "ec2:CreateNatGateway",
                "ec2:*Address*",
                "ec2:*FlowLogs",
                "cloudformation:*",
                "ec2:*NetworkAcl*",
                "ec2:*Route*",
                "ec2:StopInstances",
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:*Vpc*",
                "ec2:*DhcpOptions*",
                "ec2:*Gateway*",
                "ec2:*SecurityGroup*",
                "ec2:*Subnet*",
                "logs:*"
            ],
            "Resource": "*"
        }
    ]
}

Package

$ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml

Deploy

$ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>

templates/main

Description

AWS-HUB-Shared Infrastructure include VPC, Subnet, Security Group …等

Parameters

。此模板的参数列表：

EnvType

类型：String 默认值：开发说明：此堆栈的环境类型。

StackOwner

类型：字符串默认值：StackOwnerDefault 说明：（可选）产品所有者名称，默认为 StackOwnerDefault

VpcCIDR

类型：字符串默认值：0.0.0.0/0 描述：（需要）VPC CIDR

PublicSubnetACIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Public Subnet-1a CIDR

PublicSubnetBCIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Public Subnet-1b CIDR

PrivateSubnet1ACIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Private Subnet-1a-1 CIDR

PrivateSubnet1BCIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Private Subnet-1b-1 CIDR

PrivateSubnet2ACIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Private Subnet-1a-2 CIDR

PrivateSubnet2BCIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Private Subnet-1b-2 CIDR

PrivateSubnet3ACIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Private Subnet-1a-3 CIDR

PrivateSubnet3BCIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）Private Subnet-1b-3 CIDR

NatSubnetACIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）NAT 子网 CIDR

NatSubnetBCIDR

类型：字符串默认值：0.0.0.0/0 说明：（要求）NAT 子网 CIDR

NatGatewayMultiAZ

类型：字符串默认值：真说明：（可选）启用路由的多可用区 NAT 网关。默认为 true

PublicRoutePropagationVpnGatewayId

类型：String
说明：（可选）当子网路由需要支持Propagation时输入VpnGatewayId。默认为 ``

PrivateRoutePropagationVpnGatewayId

类型：字符串
说明：（可选）当子网路由需要支持Propagation时输入VpnGatewayId。默认为 ``

NatRouteAPropagationVpnGatewayId

类型：字符串
说明：（可选）当子网路由需要支持Propagation时输入VpnGatewayId。默认为 ``

NatRouteBPropagationVpnGatewayId

类型：字符串
说明：（可选）当子网路由需要支持Propagation时输入VpnGatewayId。默认为``

FlowLogEnable

类型：字符串默认值：假说明：（可选）启用 VPC 流日志

FlowLogTrafficType

类型：字符串默认值：ACCEPT

FlowLogS3Replication

类型：String
说明：（可选）设置流日志复制到其他 S3。

DHCPOptionNtpServers

类型：逗号分隔列表默认值：169.254.169.123 说明：（可选）实例的 NTP 服务器，默认为 169.254.169.123

DHCPOptionDomainNameServers

类型：CommaDelimitedList 默认值：AmazonProvidedDNS 说明：（可选）实例的域名服务器，默认为 AmazonProvidedDNS

EndpointS3

类型：字符串默认值：假说明：（可选）S3 的 VPC 网关端点，默认为 false

EndpointDynamoDB

类型：字符串默认值：假说明：（可选）DynamoDB 的 VPC 网关端点，默认为 false

EndpointEC2

类型：字符串默认值：假说明：（可选）EC2 的 VPC 接口端点，默认为 false

EndpointECS

类型：字符串默认值：假说明：（可选）ECS 的 VPC 接口端点，默认为 false

EndpointSTS

类型：String 默认值：假说明：（可选）STS 的 VPC 接口端点，默认为 false

EndpointCloudFormation

类型：字符串默认值：假说明：（可选）CloudFormation 的 VPC 接口端点，默认为 false

EndpointEC2Messages

类型：字符串默认值：假说明：（可选）EC2 消息的 VPC 接口端点，默认为 false

EndpointECRAPI

类型：字符串默认值：假说明：（可选）ECR API 的 VPC 接口端点，默认为 false

EndpointECRDKR

类型：字符串默认值：假说明：（可选）ECR DKR 的 VPC 接口端点，默认为 false

EndpointECSAgent

类型：字符串默认值：假说明：（可选）ECS 代理的 VPC 接口端点，默认为 false

EndpointECSTelemetry

类型：字符串默认值：假说明：（可选）用于 ECS 遥测的 VPC 接口端点，默认为 false

EndpointAppstreamAPI

类型：字符串默认值：假说明：（可选）应用流 API 的 VPC 接口端点，默认为 false

EndpointAppstreamStreaming

类型：字符串默认值：假说明：（可选）App stream 流式传输的 VPC 接口端点，默认为 false

EndpointAthena

类型：String 默认值：假说明：（可选）Athena 的 VPC 接口端点，默认为 false

EndpointCloudTrail

类型：字符串默认值：假说明：（可选）CloudTrail 的 VPC 接口端点，默认为 false

EndpointCodeBuild

类型：字符串默认值：假说明：（可选）CodeBuild 的 VPC 接口端点，默认为 false

EndpointCodeCommit

类型：字符串默认值：假说明：（可选）CodeCommit 的 VPC 接口端点，默认为 false

EndpointCodePipeline

类型：字符串默认值：假说明：（可选）CodePipeline 的 VPC 接口端点，默认为 false

EndpointConfig

类型：字符串默认值：假说明：（可选）配置的 VPC 接口端点，默认为 false

EndpointDatasync

类型：字符串默认值：假说明：（可选）Datasync 的 VPC 接口端点，默认为 false

EndpointElasticInferenceRuntime

类型：字符串默认值：假说明：（可选）弹性接口运行时的 VPC 接口端点，默认为 false

EndpointElasticLoadBalancing

类型：字符串默认值：假说明：（可选）用于弹性平衡的 VPC 接口端点，默认为 false

EndpointEvents

类型：字符串默认值：假说明：（可选）CloudWatch 事件的 VPC 接口端点，默认为 false

EndpointExecuteAPI

类型：字符串默认值：假说明：（可选）执行 API 的 VPC 接口端点，默认为 false

EndpointKinesisFirehose

类型：字符串默认值：假说明：（可选）Kinesis Firehose 的 VPC 接口端点，默认为 false

EndpointKinesisStreams

类型：字符串默认值：假说明：（可选）Kinesis 流的 VPC 接口端点，默认为 false

EndpointKMS

类型：字符串默认值：假说明：（可选）KMS 的 VPC 接口端点，默认为 false

EndpointLogs

类型：字符串默认值：假说明：（可选）CloudWatch 日志的 VPC 接口端点，默认为 false

EndpointMonitoring

类型：字符串默认值：假说明：（可选）用于 CloudWatch 监控的 VPC 接口端点，默认为 false

EndpointSecretsManager

类型：字符串默认值：假说明：（可选）Secrets Manager 的 VPC 接口端点，默认为 false

EndpointSNS

类型：字符串默认值：假说明：（可选）SNS 的 VPC 接口端点，默认为 false

EndpointSQS

类型：字符串默认值：假说明：（可选）SQS 的 VPC 接口端点，默认为 false

EndpointSSM

类型：字符串默认值：假说明：（可选）SSM 的 VPC 接口端点，默认为 false

EndpointSSMMessages

类型：字符串默认值：假说明：（可选）SSM 消息的 VPC 接口端点，默认为 false

NameSuffix

类型：String
说明：（可选）附加带有后缀的资源和导出名称。

Resources

此模板创建的资源列表：

VPC

类型：AWS::EC2::VPC

DHCPOptionsSetDefault

类型：AWS::EC2::DHCPOptions

DHCPOptionsSetAssociationDefault

类型：AWS::EC2::VPCDHCPoptionsAssociation

PublicSubnetA

类型：AWS::EC2::Subnet

PublicSubnetB

类型：AWS::EC2 ::子网

PrivateSubnet1A

类型：AWS::EC2::子网

PrivateSubnet1B

类型：AWS::EC2::子网

PrivateSubnet2A

类型：AWS::EC2::子网

PrivateSubnet2B

类型：AWS::EC2::子网

PrivateSubnet3A

类型：AWS::EC2::子网

PrivateSubnet3B

类型： AWS::EC2::子网

InternetGateway

类型：AWS::EC2::InternetGateway

VPCGatewayAttachment

类型：AWS::EC2::VPCGatewayAttachment

ProtectedSubnetA

类型：AWS::EC2::子网

ProtectedSubnetB

类型：AWS::EC2::子网

ProtectedRouteTableA

类型：AWS::EC2： :RouteTable

ProtectedRouteTableB

类型：AWS::EC2::RouteTable

ProtectedRouteA

类型：AWS::EC2::Route

ProtectedRouteB

类型：AWS::EC2::Route

ProtectedRouteBMultiAZ

类型：AWS::EC2::Route

ProtectedSubnetARouteTableAssociation

类型：AWS::EC2::SubnetRouteTableAssociation

ProtectedSubnetBRouteTableAssociation

类型：AWS ::EC2::SubnetRouteTableAssociation

NatEipA

类型：AWS::EC2::EIP

NatEipB

类型：AWS::EC2::EIP

NatGatewayA

类型：AWS::EC2::NatGateway

NatGatewayB

类型：AWS::EC2::NatGateway

PublicRouteTable

类型：AWS::EC2:: RouteTable

PrivateRouteTable

类型：AWS::EC2::RouteTable

PublicRoutePropagation

类型：AWS::EC2::VPNGatewayRoutePropagation

PrivateRoutePropagation

类型：AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteAPropagation

类型：AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteBPropagation

类型：AWS::EC2::VPNGatewayRoutePropagation

PublicSubnetARouteTableAssociation

类型：AWS： :EC2::子网路由表关联类型

PublicSubnetBRouteTableAssociation

类型：AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1ARouteTableAssociation

：AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2ARouteTableAssociation

类型：AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3ARouteTableAssociation

类型：AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1BRouteTableAssociation

类型：AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2BRouteTableAssociation

类型：AWS：：EC2::SubnetRouteTableAssociation

PrivateSubnet3BRouteTableAssociation

类型：AWS::EC2::SubnetRouteTableAssociation

PublicRoute

类型：AWS::EC2::Route

VPCEndpointS3

类型：AWS::EC2::VPCEndpoint

VPCEndpointDynamoDB

类型：AWS::EC2::VPCEndpoint

VPCEndpointEC2

类型：AWS::EC2::VPCEndpoint

VPCEndpointECS

类型：AWS::EC2::VPCEndpoint

VPCEndpointSTS

类型：AWS::EC2::VPCEndpoint

VPCEndpointCloudFormation

类型：AWS::EC2::VPCEndpoint

VPCEndpointEC2Messages

类型：AWS::EC2::VPCEndpoint

VPCEndpointECRAPI

类型：AWS::EC2::VPCEndpoint

VPCEndpointECRDKR

类型：AWS:: EC2::VPCEndpoint

VPCEndpointECSAgent

类型：AWS::EC2::VPCEndpoint

VPCEndpointECSTelemetry

类型：AWS::EC2::VPCEndpoint

VPCEndpointAppstreamAPI

类型：AWS::EC2::VPCEndpoint

VPCEndpointAppstreamStreaming

类型：AWS::EC2::VPCEndpoint

VPCEndpointAthena

类型：AWS::EC2::VPCEndpoint

VPCEndpointCloudTrail

类型：AWS::EC2::VPCEndpoint

VPCEndpointCodeBuild

类型：AWS::EC2::VPCEndpoint

VPCEndpointCodeCommit

类型：AWS::EC2::VPCEndpoint

VPCEndpointCodePipeline

类型：AWS::EC2::VPCEndpoint

VPCEndpointConfig

类型：AWS::EC2::VPCEndpoint

VPCEndpointDatasync

类型：AWS::EC2 ::VPCEndpoint

VPCEndpointElasticInferenceRuntime

类型：AWS::EC2::VPCEndpoint

VPCEndpointElasticLoadBalancing

类型：AWS::EC2::VPCEndpoint

VPCEndpointEvents

类型：AWS::EC2::VPCEndpoint

VPCEndpointExecuteAPI

类型：AWS::EC2::VPCE ndpoint

VPCEndpointKinesisFirehose

类型：AWS::EC2::VPCEndpoint

VPCEndpointKinesisStreams

类型：AWS::EC2::VPCEndpoint

VPCEndpointKMS

类型：AWS::EC2::VPCEndpoint

VPCEndpointLogs

类型：AWS::EC2::VPCEndpoint

VPCEndpointMonitoring

类型：AWS::EC2::VPCEndpoint

VPCEndpointSecretsManager

类型：AWS：：EC2::VPCEndpoint

VPCEndpointSNS

类型：AWS::EC2::VPCEndpoint

VPCEndpointSQS

类型：AWS::EC2::VPCEndpoint

VPCEndpointSSM

类型：AWS::EC2::VPCEndpoint

VPCEndpointSSMMessages

类型：AWS::EC2::VPCEndpoint

VPCPrivatelinkSecurityGroup

类型：AWS::EC2::SecurityGroup

VPCFlowLog

类型：AWS::EC2::FlowLog

VPCFlowLogS3Bucket

类型：AWS::S3::Bucket

Outputs

此模板公开的输出列表：

VPC

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': [ '-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

InternetGateway

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn ::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn: :Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DefaultSecurityGroup

导出名称：{'Fn::If': ['HasNameSuffix ', {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn ::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}]]}]}

PublicSubnetA

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {' Ref': 'EnvType'}]]}]}

PublicSubnetB

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', ' public', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1A

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': [ '-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join ': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1B

导出名称：{'Fn::If': [ 'HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}, {'Ref': ' NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}]]}] }

PrivateSubnet2A

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref ': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2B

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN ', 'private', '1c', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3A

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn ::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3B

导出名称：{'Fn ::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType '}]]}]}

VPCPrivatelinkSecurityGroup

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', ' shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'privatelink', 'hub ', 'shared', {'Ref': 'EnvType'}]]}]}

DHCPOptionsSetDefault

导出名称：{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', [ 'DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType '}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType' }]]}]}

Maintenance

维护者：

104corp

原文

CloudFormation VPC Module

AWS VPC service deployment from CloudFromation Template

Manage Resources

VPC
FlowLog
InternetGateway
NAT Gateway
EIP
Endpoint
DHCPOptions
Subnet
RouteTable
SecurityGroup (Privatelink)
S3 Bucket

Install

Install Node.js and npm first!

npm i @104corp/cfn-vpc-module

Usage

default

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.0.0.0/16'
        PublicSubnetACIDR: '10.0.1.0/24'
        PublicSubnetBCIDR: '10.0.2.0/24'
        PrivateSubnet1ACIDR: '10.0.3.0/24'
        PrivateSubnet1BCIDR: '10.0.4.0/24'
        PrivateSubnet2ACIDR: '10.0.5.0/24'
        PrivateSubnet2BCIDR: '10.0.6.0/24'
        PrivateSubnet3ACIDR: '10.0.7.0/24'
        PrivateSubnet3BCIDR: '10.0.8.0/24'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

With NAT Subnet

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.152.0.0/21'
        PublicSubnetACIDR: '10.152.0.0/26'
        PublicSubnetBCIDR: '10.152.0.64/26'
        PrivateSubnet1ACIDR: '10.152.1.0/24'
        PrivateSubnet1BCIDR: '10.152.2.0/24'
        PrivateSubnet2ACIDR: '10.152.3.0/24'
        PrivateSubnet2BCIDR: '10.152.4.0/24'
        PrivateSubnet3ACIDR: '10.152.5.0/24'
        PrivateSubnet3BCIDR: '10.152.6.0/24'
        NatSubnetACIDR: '10.152.0.128.0/26'
        NatSubnetBCIDR: '10.152.0.192.0/26'
        NatGatewayMultiAZ: 'true'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "devops-infra-cfn-vpc-module",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DeleteTags",
                "s3:*",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "ec2:CreateNatGateway",
                "ec2:*Address*",
                "ec2:*FlowLogs",
                "cloudformation:*",
                "ec2:*NetworkAcl*",
                "ec2:*Route*",
                "ec2:StopInstances",
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:*Vpc*",
                "ec2:*DhcpOptions*",
                "ec2:*Gateway*",
                "ec2:*SecurityGroup*",
                "ec2:*Subnet*",
                "logs:*"
            ],
            "Resource": "*"
        }
    ]
}

Package

$ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml

Deploy

$ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>

templates/main

Description

AWS-HUB-Shared Infrastructure included VPC, Subnet, Security Group … etc.

Parameters

The list of parameters for this template:

EnvType

Type: String Default: Dev Description: Environment Type for this Stack.

StackOwner

Type: String Default: StackOwnerDefault Description: (Optional) Product Owner Name, default is StackOwnerDefault

VpcCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) VPC CIDR

PublicSubnetACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1a CIDR

PublicSubnetBCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1b CIDR

PrivateSubnet1ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-1 CIDR

PrivateSubnet1BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-1 CIDR

PrivateSubnet2ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-2 CIDR

PrivateSubnet2BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-2 CIDR

PrivateSubnet3ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-3 CIDR

PrivateSubnet3BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-3 CIDR

NatSubnetACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

NatSubnetBCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

NatGatewayMultiAZ

Type: String Default: true Description: (Optional) Enable Multi-AZ NAT Gateway of Route. default is true

PublicRoutePropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

PrivateRoutePropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

NatRouteAPropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

NatRouteBPropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

FlowLogEnable

Type: String Default: false Description: (Optional) Enable VPC Flow log

FlowLogTrafficType

Type: String Default: ACCEPT

FlowLogS3Replication

Type: String
Description: (Optional) Setting flow log replication to other S3.

DHCPOptionNtpServers

Type: CommaDelimitedList Default: 169.254.169.123 Description: (Optional) NTP Servers for instances, default is 169.254.169.123

DHCPOptionDomainNameServers

Type: CommaDelimitedList Default: AmazonProvidedDNS Description: (Optional) Domain Name Server for instances, default is AmazonProvidedDNS

EndpointS3

Type: String Default: false Description: (Optional) VPC Gateway Endpoint for S3, default is false

EndpointDynamoDB

Type: String Default: false Description: (Optional) VPC Gateway Endpoint for DynamoDB, default is false

EndpointEC2

Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2, default is false

EndpointECS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS, default is false

EndpointSTS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for STS, default is false

EndpointCloudFormation

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudFormation, default is false

EndpointEC2Messages

Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2 Messages, default is false

EndpointECRAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR API, default is false

EndpointECRDKR

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR DKR, default is false

EndpointECSAgent

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Agent, default is false

EndpointECSTelemetry

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Telemetry, default is false

EndpointAppstreamAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream API, default is false

EndpointAppstreamStreaming

Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream streaming, default is false

EndpointAthena

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Athena, default is false

EndpointCloudTrail

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudTrail, default is false

EndpointCodeBuild

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeBuild, default is false

EndpointCodeCommit

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeCommit, default is false

EndpointCodePipeline

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodePipeline, default is false

EndpointConfig

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Config, default is false

EndpointDatasync

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Datasync, default is false

EndpointElasticInferenceRuntime

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic interface runtime, default is false

EndpointElasticLoadBalancing

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic balancing, default is false

EndpointEvents

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch events, default is false

EndpointExecuteAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Execute API, default is false

EndpointKinesisFirehose

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis Firehose, default is false

EndpointKinesisStreams

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis streams, default is false

EndpointKMS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for KMS, default is false

EndpointLogs

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch logs, default is false

EndpointMonitoring

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch Monitoring, default is false

EndpointSecretsManager

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Secrets Manager, default is false

EndpointSNS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SNS, default is false

EndpointSQS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SQS, default is false

EndpointSSM

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM, default is false

EndpointSSMMessages

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM Messages, default is false

NameSuffix

Type: String
Description: (Optional) Append with resource and export name with suffix.

Resources

The list of resources this template creates:

VPC

Type: AWS::EC2::VPC

DHCPOptionsSetDefault

Type: AWS::EC2::DHCPOptions

DHCPOptionsSetAssociationDefault

Type: AWS::EC2::VPCDHCPOptionsAssociation

PublicSubnetA

Type: AWS::EC2::Subnet

PublicSubnetB

Type: AWS::EC2::Subnet

PrivateSubnet1A

Type: AWS::EC2::Subnet

PrivateSubnet1B

Type: AWS::EC2::Subnet

PrivateSubnet2A

Type: AWS::EC2::Subnet

PrivateSubnet2B

Type: AWS::EC2::Subnet

PrivateSubnet3A

Type: AWS::EC2::Subnet

PrivateSubnet3B

Type: AWS::EC2::Subnet

InternetGateway

Type: AWS::EC2::InternetGateway

VPCGatewayAttachment

Type: AWS::EC2::VPCGatewayAttachment

ProtectedSubnetA

Type: AWS::EC2::Subnet

ProtectedSubnetB

Type: AWS::EC2::Subnet

ProtectedRouteTableA

Type: AWS::EC2::RouteTable

ProtectedRouteTableB

Type: AWS::EC2::RouteTable

ProtectedRouteA

Type: AWS::EC2::Route

ProtectedRouteB

Type: AWS::EC2::Route

ProtectedRouteBMultiAZ

Type: AWS::EC2::Route

ProtectedSubnetARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

ProtectedSubnetBRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

NatEipA

Type: AWS::EC2::EIP

NatEipB

Type: AWS::EC2::EIP

NatGatewayA

Type: AWS::EC2::NatGateway

NatGatewayB

Type: AWS::EC2::NatGateway

PublicRouteTable

Type: AWS::EC2::RouteTable

PrivateRouteTable

Type: AWS::EC2::RouteTable

PublicRoutePropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

PrivateRoutePropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteAPropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteBPropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

PublicSubnetARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PublicSubnetBRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PublicRoute

Type: AWS::EC2::Route

VPCEndpointS3

Type: AWS::EC2::VPCEndpoint

VPCEndpointDynamoDB

Type: AWS::EC2::VPCEndpoint

VPCEndpointEC2

Type: AWS::EC2::VPCEndpoint

VPCEndpointECS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSTS

Type: AWS::EC2::VPCEndpoint

VPCEndpointCloudFormation

Type: AWS::EC2::VPCEndpoint

VPCEndpointEC2Messages

Type: AWS::EC2::VPCEndpoint

VPCEndpointECRAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointECRDKR

Type: AWS::EC2::VPCEndpoint

VPCEndpointECSAgent

Type: AWS::EC2::VPCEndpoint

VPCEndpointECSTelemetry

Type: AWS::EC2::VPCEndpoint

VPCEndpointAppstreamAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointAppstreamStreaming

Type: AWS::EC2::VPCEndpoint

VPCEndpointAthena

Type: AWS::EC2::VPCEndpoint

VPCEndpointCloudTrail

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodeBuild

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodeCommit

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodePipeline

Type: AWS::EC2::VPCEndpoint

VPCEndpointConfig

Type: AWS::EC2::VPCEndpoint

VPCEndpointDatasync

Type: AWS::EC2::VPCEndpoint

VPCEndpointElasticInferenceRuntime

Type: AWS::EC2::VPCEndpoint

VPCEndpointElasticLoadBalancing

Type: AWS::EC2::VPCEndpoint

VPCEndpointEvents

Type: AWS::EC2::VPCEndpoint

VPCEndpointExecuteAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointKinesisFirehose

Type: AWS::EC2::VPCEndpoint

VPCEndpointKinesisStreams

Type: AWS::EC2::VPCEndpoint

VPCEndpointKMS

Type: AWS::EC2::VPCEndpoint

VPCEndpointLogs

Type: AWS::EC2::VPCEndpoint

VPCEndpointMonitoring

Type: AWS::EC2::VPCEndpoint

VPCEndpointSecretsManager

Type: AWS::EC2::VPCEndpoint

VPCEndpointSNS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSQS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSSM

Type: AWS::EC2::VPCEndpoint

VPCEndpointSSMMessages

Type: AWS::EC2::VPCEndpoint

VPCPrivatelinkSecurityGroup

Type: AWS::EC2::SecurityGroup

VPCFlowLog

Type: AWS::EC2::FlowLog

VPCFlowLogS3Bucket

Type: AWS::S3::Bucket

Outputs

The list of outputs this template exposes:

VPC

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

InternetGateway

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DefaultSecurityGroup

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}]]}]}

PublicSubnetA

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}]]}]}

PublicSubnetB

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}]]}]}

VPCPrivatelinkSecurityGroup

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DHCPOptionsSetDefault

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

Maintenance

Maintainers:

104corp

友情链接

文江博客