@104corp/cfn-vpc-module 中文文档教程

发布于 4年前 浏览 27 项目主页 更新于 3年前

CloudFormation VPC Module

构建状态NPM 版本

从 CloudFromation 模板

Manage Resources

  • VPC
  • FlowLog
  • InternetGateway
  • NAT Gateway
  • EIP
  • Endpoint
  • DHCPOptions
  • Subnet
  • RouteTable
  • SecurityGroup (Privatelink)
  • S3 Bucket

Install

安装 AWS VPC 服务部署 Node.js 和 npm第一的!

npm i @104corp/cfn-vpc-module

Usage

  • default
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.0.0.0/16'
        PublicSubnetACIDR: '10.0.1.0/24'
        PublicSubnetBCIDR: '10.0.2.0/24'
        PrivateSubnet1ACIDR: '10.0.3.0/24'
        PrivateSubnet1BCIDR: '10.0.4.0/24'
        PrivateSubnet2ACIDR: '10.0.5.0/24'
        PrivateSubnet2BCIDR: '10.0.6.0/24'
        PrivateSubnet3ACIDR: '10.0.7.0/24'
        PrivateSubnet3BCIDR: '10.0.8.0/24'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'
  • With NAT Subnet
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.152.0.0/21'
        PublicSubnetACIDR: '10.152.0.0/26'
        PublicSubnetBCIDR: '10.152.0.64/26'
        PrivateSubnet1ACIDR: '10.152.1.0/24'
        PrivateSubnet1BCIDR: '10.152.2.0/24'
        PrivateSubnet2ACIDR: '10.152.3.0/24'
        PrivateSubnet2BCIDR: '10.152.4.0/24'
        PrivateSubnet3ACIDR: '10.152.5.0/24'
        PrivateSubnet3BCIDR: '10.152.6.0/24'
        NatSubnetACIDR: '10.152.0.128.0/26'
        NatSubnetBCIDR: '10.152.0.192.0/26'
        NatGatewayMultiAZ: 'true'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "devops-infra-cfn-vpc-module",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DeleteTags",
                "s3:*",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "ec2:CreateNatGateway",
                "ec2:*Address*",
                "ec2:*FlowLogs",
                "cloudformation:*",
                "ec2:*NetworkAcl*",
                "ec2:*Route*",
                "ec2:StopInstances",
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:*Vpc*",
                "ec2:*DhcpOptions*",
                "ec2:*Gateway*",
                "ec2:*SecurityGroup*",
                "ec2:*Subnet*",
                "logs:*"
            ],
            "Resource": "*"
        }
    ]
}

Package

$ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml

Deploy

$ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>

templates/main

Description

AWS-HUB-Shared Infrastructure include VPC, Subnet, Security Group …等

Parameters

。此模板的参数列表:

EnvType

类型:String 默认值:开发 说明:此堆栈的环境类型。

StackOwner

类型:字符串 默认值:StackOwnerDefault 说明:(可选)产品所有者名称,默认为 StackOwnerDefault

VpcCIDR

类型:字符串 默认值:0.0.0.0/0 描述:(需要)VPC CIDR

PublicSubnetACIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Public Subnet-1a CIDR

PublicSubnetBCIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Public Subnet-1b CIDR

PrivateSubnet1ACIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Private Subnet-1a-1 CIDR

PrivateSubnet1BCIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Private Subnet-1b-1 CIDR

PrivateSubnet2ACIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Private Subnet-1a-2 CIDR

PrivateSubnet2BCIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Private Subnet-1b-2 CIDR

PrivateSubnet3ACIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Private Subnet-1a-3 CIDR

PrivateSubnet3BCIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)Private Subnet-1b-3 CIDR

NatSubnetACIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)NAT 子网 CIDR

NatSubnetBCIDR

类型:字符串 默认值:0.0.0.0/0 说明:(要求)NAT 子网 CIDR

NatGatewayMultiAZ

类型:字符串 默认值:真 说明:(可选)启用路由的多可用区 NAT 网关。 默认为 true

PublicRoutePropagationVpnGatewayId

类型:String
说明:(可选)当子网路由需要支持Propagation时输入VpnGatewayId。 默认为 ``

PrivateRoutePropagationVpnGatewayId

类型:字符串
说明:(可选)当子网路由需要支持Propagation时输入VpnGatewayId。 默认为 ``

NatRouteAPropagationVpnGatewayId

类型:字符串
说明:(可选)当子网路由需要支持Propagation时输入VpnGatewayId。 默认为 ``

NatRouteBPropagationVpnGatewayId

类型:字符串
说明:(可选)当子网路由需要支持Propagation时输入VpnGatewayId。 默认为``

FlowLogEnable

类型:字符串 默认值:假 说明:(可选)启用 VPC 流日志

FlowLogTrafficType

类型:字符串 默认值:ACCEPT

FlowLogS3Replication

类型:String
说明:(可选)设置流日志复制到其他 S3。

DHCPOptionNtpServers

类型:逗号分隔列表 默认值:169.254.169.123 说明:(可选)实例的 NTP 服务器,默认为 169.254.169.123

DHCPOptionDomainNameServers

类型:CommaDelimitedList 默认值:AmazonProvidedDNS 说明:(可选)实例的域名服务器,默认为 AmazonProvidedDNS

EndpointS3

类型:字符串 默认值:假 说明:(可选)S3 的 VPC 网关端点,默认为 false

EndpointDynamoDB

类型:字符串 默认值:假 说明:(可选)DynamoDB 的 VPC 网关端点,默认为 false

EndpointEC2

类型:字符串 默认值:假 说明:(可选)EC2 的 VPC 接口端点,默认为 false

EndpointECS

类型:字符串 默认值:假 说明:(可选)ECS 的 VPC 接口端点,默认为 false

EndpointSTS

类型:String 默认值:假 说明:(可选)STS 的 VPC 接口端点,默认为 false

EndpointCloudFormation

类型:字符串 默认值:假 说明:(可选)CloudFormation 的 VPC 接口端点,默认为 false

EndpointEC2Messages

类型:字符串 默认值:假 说明:(可选)EC2 消息的 VPC 接口端点,默认为 false

EndpointECRAPI

类型:字符串 默认值:假 说明:(可选)ECR API 的 VPC 接口端点,默认为 false

EndpointECRDKR

类型:字符串 默认值:假 说明:(可选)ECR DKR 的 VPC 接口端点,默认为 false

EndpointECSAgent

类型:字符串 默认值:假 说明:(可选)ECS 代理的 VPC 接口端点,默认为 false

EndpointECSTelemetry

类型:字符串 默认值:假 说明:(可选)用于 ECS 遥测的 VPC 接口端点,默认为 false

EndpointAppstreamAPI

类型:字符串 默认值:假 说明:(可选)应用流 API 的 VPC 接口端点,默认为 false

EndpointAppstreamStreaming

类型:字符串 默认值:假 说明:(可选)App stream 流式传输的 VPC 接口端点,默认为 false

EndpointAthena

类型:String 默认值:假 说明:(可选)Athena 的 VPC 接口端点,默认为 false

EndpointCloudTrail

类型:字符串 默认值:假 说明:(可选)CloudTrail 的 VPC 接口端点,默认为 false

EndpointCodeBuild

类型:字符串 默认值:假 说明:(可选)CodeBuild 的 VPC 接口端点,默认为 false

EndpointCodeCommit

类型:字符串 默认值:假 说明:(可选)CodeCommit 的 VPC 接口端点,默认为 false

EndpointCodePipeline

类型:字符串 默认值:假 说明:(可选)CodePipeline 的 VPC 接口端点,默认为 false

EndpointConfig

类型:字符串 默认值:假 说明:(可选)配置的 VPC 接口端点,默认为 false

EndpointDatasync

类型:字符串 默认值:假 说明:(可选)Datasync 的 VPC 接口端点,默认为 false

EndpointElasticInferenceRuntime

类型:字符串 默认值:假 说明:(可选)弹性接口运行时的 VPC 接口端点,默认为 false

EndpointElasticLoadBalancing

类型:字符串 默认值:假 说明:(可选)用于弹性平衡的 VPC 接口端点,默认为 false

EndpointEvents

类型:字符串 默认值:假 说明:(可选)CloudWatch 事件的 VPC 接口端点,默认为 false

EndpointExecuteAPI

类型:字符串 默认值:假 说明:(可选)执行 API 的 VPC 接口端点,默认为 false

EndpointKinesisFirehose

类型:字符串 默认值:假 说明:(可选)Kinesis Firehose 的 VPC 接口端点,默认为 false

EndpointKinesisStreams

类型:字符串 默认值:假 说明:(可选)Kinesis 流的 VPC 接口端点,默认为 false

EndpointKMS

类型:字符串 默认值:假 说明:(可选)KMS 的 VPC 接口端点,默认为 false

EndpointLogs

类型:字符串 默认值:假 说明:(可选)CloudWatch 日志的 VPC 接口端点,默认为 false

EndpointMonitoring

类型:字符串 默认值:假 说明:(可选)用于 CloudWatch 监控的 VPC 接口端点,默认为 false

EndpointSecretsManager

类型:字符串 默认值:假 说明:(可选)Secrets Manager 的 VPC 接口端点,默认为 false

EndpointSNS

类型:字符串 默认值:假 说明:(可选)SNS 的 VPC 接口端点,默认为 false

EndpointSQS

类型:字符串 默认值:假 说明:(可选)SQS 的 VPC 接口端点,默认为 false

EndpointSSM

类型:字符串 默认值:假 说明:(可选)SSM 的 VPC 接口端点,默认为 false

EndpointSSMMessages

类型:字符串 默认值:假 说明:(可选)SSM 消息的 VPC 接口端点,默认为 false

NameSuffix

类型:String
说明:(可选)附加带有后缀的资源和导出名称。

Resources

此模板创建的资源列表:

VPC

类型:AWS::EC2::VPC

DHCPOptionsSetDefault

类型:AWS::EC2::DHCPOptions

DHCPOptionsSetAssociationDefault

类型:AWS::EC2::VPCDHCPoptionsAssociation

PublicSubnetA

类型:AWS::EC2::Subnet

PublicSubnetB

类型:AWS::EC2 ::子网

PrivateSubnet1A

类型:AWS::EC2::子网

PrivateSubnet1B

类型:AWS::EC2::子网

PrivateSubnet2A

类型:AWS::EC2::子网

PrivateSubnet2B

类型:AWS::EC2::子网

PrivateSubnet3A

类型:AWS::EC2::子网

PrivateSubnet3B

类型: AWS::EC2::子网

InternetGateway

类型:AWS::EC2::InternetGateway

VPCGatewayAttachment

类型:AWS::EC2::VPCGatewayAttachment

ProtectedSubnetA

类型:AWS::EC2::子网

ProtectedSubnetB

类型:AWS::EC2::子网

ProtectedRouteTableA

类型:AWS::EC2: :RouteTable

ProtectedRouteTableB

类型:AWS::EC2::RouteTable

ProtectedRouteA

类型:AWS::EC2::Route

ProtectedRouteB

类型:AWS::EC2::Route

ProtectedRouteBMultiAZ

类型:AWS::EC2::Route

ProtectedSubnetARouteTableAssociation

类型:AWS::EC2::SubnetRouteTableAssociation

ProtectedSubnetBRouteTableAssociation

类型:AWS ::EC2::SubnetRouteTableAssociation

NatEipA

类型:AWS::EC2::EIP

NatEipB

类型:AWS::EC2::EIP

NatGatewayA

类型:AWS::EC2::NatGateway

NatGatewayB

类型:AWS::EC2::NatGateway

PublicRouteTable

类型:AWS::EC2:: RouteTable

PrivateRouteTable

类型:AWS::EC2::RouteTable

PublicRoutePropagation

类型:AWS::EC2::VPNGatewayRoutePropagation

PrivateRoutePropagation

类型:AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteAPropagation

类型:AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteBPropagation

类型:AWS::EC2::VPNGatewayRoutePropagation

PublicSubnetARouteTableAssociation

类型:AWS: :EC2::子网路由表关联 类型

PublicSubnetBRouteTableAssociation

类型:AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1ARouteTableAssociation

:AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2ARouteTableAssociation

类型:AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3ARouteTableAssociation

类型:AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1BRouteTableAssociation

类型:AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2BRouteTableAssociation

类型:AWS: :EC2::SubnetRouteTableAssociation

PrivateSubnet3BRouteTableAssociation

类型:AWS::EC2::SubnetRouteTableAssociation

PublicRoute

类型:AWS::EC2::Route

VPCEndpointS3

类型:AWS::EC2::VPCEndpoint

VPCEndpointDynamoDB

类型:AWS::EC2::VPCEndpoint

VPCEndpointEC2

类型:AWS::EC2::VPCEndpoint

VPCEndpointECS

类型:AWS::EC2::VPCEndpoint

VPCEndpointSTS

类型:AWS::EC2::VPCEndpoint

VPCEndpointCloudFormation

类型:AWS::EC2::VPCEndpoint

VPCEndpointEC2Messages

类型:AWS::EC2::VPCEndpoint

VPCEndpointECRAPI

类型:AWS::EC2::VPCEndpoint

VPCEndpointECRDKR

类型:AWS:: EC2::VPCEndpoint

VPCEndpointECSAgent

类型:AWS::EC2::VPCEndpoint

VPCEndpointECSTelemetry

类型:AWS::EC2::VPCEndpoint

VPCEndpointAppstreamAPI

类型:AWS::EC2::VPCEndpoint

VPCEndpointAppstreamStreaming

类型:AWS::EC2::VPCEndpoint

VPCEndpointAthena

类型:AWS::EC2::VPCEndpoint

VPCEndpointCloudTrail

类型:AWS::EC2::VPCEndpoint

VPCEndpointCodeBuild

类型:AWS::EC2::VPCEndpoint

VPCEndpointCodeCommit

类型:AWS::EC2::VPCEndpoint

VPCEndpointCodePipeline

类型:AWS::EC2::VPCEndpoint

VPCEndpointConfig

类型:AWS::EC2::VPCEndpoint

VPCEndpointDatasync

类型:AWS::EC2 ::VPCEndpoint

VPCEndpointElasticInferenceRuntime

类型:AWS::EC2::VPCEndpoint

VPCEndpointElasticLoadBalancing

类型:AWS::EC2::VPCEndpoint

VPCEndpointEvents

类型:AWS::EC2::VPCEndpoint

VPCEndpointExecuteAPI

类型:AWS::EC2::VPCE ndpoint

VPCEndpointKinesisFirehose

类型:AWS::EC2::VPCEndpoint

VPCEndpointKinesisStreams

类型:AWS::EC2::VPCEndpoint

VPCEndpointKMS

类型:AWS::EC2::VPCEndpoint

VPCEndpointLogs

类型:AWS::EC2::VPCEndpoint

VPCEndpointMonitoring

类型:AWS::EC2::VPCEndpoint

VPCEndpointSecretsManager

类型:AWS: :EC2::VPCEndpoint

VPCEndpointSNS

类型:AWS::EC2::VPCEndpoint

VPCEndpointSQS

类型:AWS::EC2::VPCEndpoint

VPCEndpointSSM

类型:AWS::EC2::VPCEndpoint

VPCEndpointSSMMessages

类型:AWS::EC2::VPCEndpoint

VPCPrivatelinkSecurityGroup

类型:AWS::EC2::SecurityGroup

VPCFlowLog

类型:AWS::EC2::FlowLog

VPCFlowLogS3Bucket

类型:AWS::S3::Bucket

Outputs

此模板公开的输出列表:

VPC

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': [ '-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

InternetGateway

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn ::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn: :Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DefaultSecurityGroup

导出名称:{'Fn::If': ['HasNameSuffix ', {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn ::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}]]}]}

PublicSubnetA

导出 名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {' Ref': 'EnvType'}]]}]}

PublicSubnetB

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', ' public', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1A

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': [ '-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join ': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1B

导出名称:{'Fn::If': [ 'HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}, {'Ref': ' NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}]]}] }

PrivateSubnet2A

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref ': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2B

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN ', 'private', '1c', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3A

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn ::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3B

导出名称:{'Fn ::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType '}]]}]}

VPCPrivatelinkSecurityGroup

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', ' shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'privatelink', 'hub ', 'shared', {'Ref': 'EnvType'}]]}]}

DHCPOptionsSetDefault

导出名称:{'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', [ 'DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType '}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType' }]]}]}

Maintenance

维护者:

  • 104corp

CloudFormation VPC Module

Build StatusNPM version

AWS VPC service deployment from CloudFromation Template

Manage Resources

  • VPC
  • FlowLog
  • InternetGateway
  • NAT Gateway
  • EIP
  • Endpoint
  • DHCPOptions
  • Subnet
  • RouteTable
  • SecurityGroup (Privatelink)
  • S3 Bucket

Install

Install Node.js and npm first!

npm i @104corp/cfn-vpc-module

Usage

  • default
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.0.0.0/16'
        PublicSubnetACIDR: '10.0.1.0/24'
        PublicSubnetBCIDR: '10.0.2.0/24'
        PrivateSubnet1ACIDR: '10.0.3.0/24'
        PrivateSubnet1BCIDR: '10.0.4.0/24'
        PrivateSubnet2ACIDR: '10.0.5.0/24'
        PrivateSubnet2BCIDR: '10.0.6.0/24'
        PrivateSubnet3ACIDR: '10.0.7.0/24'
        PrivateSubnet3BCIDR: '10.0.8.0/24'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'
  • With NAT Subnet
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-vpc-module example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        VpcCIDR: '10.152.0.0/21'
        PublicSubnetACIDR: '10.152.0.0/26'
        PublicSubnetBCIDR: '10.152.0.64/26'
        PrivateSubnet1ACIDR: '10.152.1.0/24'
        PrivateSubnet1BCIDR: '10.152.2.0/24'
        PrivateSubnet2ACIDR: '10.152.3.0/24'
        PrivateSubnet2BCIDR: '10.152.4.0/24'
        PrivateSubnet3ACIDR: '10.152.5.0/24'
        PrivateSubnet3BCIDR: '10.152.6.0/24'
        NatSubnetACIDR: '10.152.0.128.0/26'
        NatSubnetBCIDR: '10.152.0.192.0/26'
        NatGatewayMultiAZ: 'true'
      TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'

IAM Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "devops-infra-cfn-vpc-module",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DeleteTags",
                "s3:*",
                "ec2:CreateTags",
                "ec2:RunInstances",
                "ec2:CreateNatGateway",
                "ec2:*Address*",
                "ec2:*FlowLogs",
                "cloudformation:*",
                "ec2:*NetworkAcl*",
                "ec2:*Route*",
                "ec2:StopInstances",
                "ec2:Describe*",
                "ec2:StartInstances",
                "ec2:*Vpc*",
                "ec2:*DhcpOptions*",
                "ec2:*Gateway*",
                "ec2:*SecurityGroup*",
                "ec2:*Subnet*",
                "logs:*"
            ],
            "Resource": "*"
        }
    ]
}

Package

$ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml

Deploy

$ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>

templates/main

Description

AWS-HUB-Shared Infrastructure included VPC, Subnet, Security Group … etc.

Parameters

The list of parameters for this template:

EnvType

Type: String Default: Dev Description: Environment Type for this Stack.

StackOwner

Type: String Default: StackOwnerDefault Description: (Optional) Product Owner Name, default is StackOwnerDefault

VpcCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) VPC CIDR

PublicSubnetACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1a CIDR

PublicSubnetBCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1b CIDR

PrivateSubnet1ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-1 CIDR

PrivateSubnet1BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-1 CIDR

PrivateSubnet2ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-2 CIDR

PrivateSubnet2BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-2 CIDR

PrivateSubnet3ACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-3 CIDR

PrivateSubnet3BCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-3 CIDR

NatSubnetACIDR

Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

NatSubnetBCIDR

Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

NatGatewayMultiAZ

Type: String Default: true Description: (Optional) Enable Multi-AZ NAT Gateway of Route. default is true

PublicRoutePropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

PrivateRoutePropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

NatRouteAPropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

NatRouteBPropagationVpnGatewayId

Type: String
Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

FlowLogEnable

Type: String Default: false Description: (Optional) Enable VPC Flow log

FlowLogTrafficType

Type: String Default: ACCEPT

FlowLogS3Replication

Type: String
Description: (Optional) Setting flow log replication to other S3.

DHCPOptionNtpServers

Type: CommaDelimitedList Default: 169.254.169.123 Description: (Optional) NTP Servers for instances, default is 169.254.169.123

DHCPOptionDomainNameServers

Type: CommaDelimitedList Default: AmazonProvidedDNS Description: (Optional) Domain Name Server for instances, default is AmazonProvidedDNS

EndpointS3

Type: String Default: false Description: (Optional) VPC Gateway Endpoint for S3, default is false

EndpointDynamoDB

Type: String Default: false Description: (Optional) VPC Gateway Endpoint for DynamoDB, default is false

EndpointEC2

Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2, default is false

EndpointECS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS, default is false

EndpointSTS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for STS, default is false

EndpointCloudFormation

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudFormation, default is false

EndpointEC2Messages

Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2 Messages, default is false

EndpointECRAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR API, default is false

EndpointECRDKR

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR DKR, default is false

EndpointECSAgent

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Agent, default is false

EndpointECSTelemetry

Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Telemetry, default is false

EndpointAppstreamAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream API, default is false

EndpointAppstreamStreaming

Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream streaming, default is false

EndpointAthena

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Athena, default is false

EndpointCloudTrail

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudTrail, default is false

EndpointCodeBuild

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeBuild, default is false

EndpointCodeCommit

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeCommit, default is false

EndpointCodePipeline

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodePipeline, default is false

EndpointConfig

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Config, default is false

EndpointDatasync

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Datasync, default is false

EndpointElasticInferenceRuntime

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic interface runtime, default is false

EndpointElasticLoadBalancing

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic balancing, default is false

EndpointEvents

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch events, default is false

EndpointExecuteAPI

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Execute API, default is false

EndpointKinesisFirehose

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis Firehose, default is false

EndpointKinesisStreams

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis streams, default is false

EndpointKMS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for KMS, default is false

EndpointLogs

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch logs, default is false

EndpointMonitoring

Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch Monitoring, default is false

EndpointSecretsManager

Type: String Default: false Description: (Optional) VPC Interface Endpoint for Secrets Manager, default is false

EndpointSNS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SNS, default is false

EndpointSQS

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SQS, default is false

EndpointSSM

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM, default is false

EndpointSSMMessages

Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM Messages, default is false

NameSuffix

Type: String
Description: (Optional) Append with resource and export name with suffix.

Resources

The list of resources this template creates:

VPC

Type: AWS::EC2::VPC

DHCPOptionsSetDefault

Type: AWS::EC2::DHCPOptions

DHCPOptionsSetAssociationDefault

Type: AWS::EC2::VPCDHCPOptionsAssociation

PublicSubnetA

Type: AWS::EC2::Subnet

PublicSubnetB

Type: AWS::EC2::Subnet

PrivateSubnet1A

Type: AWS::EC2::Subnet

PrivateSubnet1B

Type: AWS::EC2::Subnet

PrivateSubnet2A

Type: AWS::EC2::Subnet

PrivateSubnet2B

Type: AWS::EC2::Subnet

PrivateSubnet3A

Type: AWS::EC2::Subnet

PrivateSubnet3B

Type: AWS::EC2::Subnet

InternetGateway

Type: AWS::EC2::InternetGateway

VPCGatewayAttachment

Type: AWS::EC2::VPCGatewayAttachment

ProtectedSubnetA

Type: AWS::EC2::Subnet

ProtectedSubnetB

Type: AWS::EC2::Subnet

ProtectedRouteTableA

Type: AWS::EC2::RouteTable

ProtectedRouteTableB

Type: AWS::EC2::RouteTable

ProtectedRouteA

Type: AWS::EC2::Route

ProtectedRouteB

Type: AWS::EC2::Route

ProtectedRouteBMultiAZ

Type: AWS::EC2::Route

ProtectedSubnetARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

ProtectedSubnetBRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

NatEipA

Type: AWS::EC2::EIP

NatEipB

Type: AWS::EC2::EIP

NatGatewayA

Type: AWS::EC2::NatGateway

NatGatewayB

Type: AWS::EC2::NatGateway

PublicRouteTable

Type: AWS::EC2::RouteTable

PrivateRouteTable

Type: AWS::EC2::RouteTable

PublicRoutePropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

PrivateRoutePropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteAPropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

ProtectedRouteBPropagation

Type: AWS::EC2::VPNGatewayRoutePropagation

PublicSubnetARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PublicSubnetBRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3ARouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet1BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet2BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PrivateSubnet3BRouteTableAssociation

Type: AWS::EC2::SubnetRouteTableAssociation

PublicRoute

Type: AWS::EC2::Route

VPCEndpointS3

Type: AWS::EC2::VPCEndpoint

VPCEndpointDynamoDB

Type: AWS::EC2::VPCEndpoint

VPCEndpointEC2

Type: AWS::EC2::VPCEndpoint

VPCEndpointECS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSTS

Type: AWS::EC2::VPCEndpoint

VPCEndpointCloudFormation

Type: AWS::EC2::VPCEndpoint

VPCEndpointEC2Messages

Type: AWS::EC2::VPCEndpoint

VPCEndpointECRAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointECRDKR

Type: AWS::EC2::VPCEndpoint

VPCEndpointECSAgent

Type: AWS::EC2::VPCEndpoint

VPCEndpointECSTelemetry

Type: AWS::EC2::VPCEndpoint

VPCEndpointAppstreamAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointAppstreamStreaming

Type: AWS::EC2::VPCEndpoint

VPCEndpointAthena

Type: AWS::EC2::VPCEndpoint

VPCEndpointCloudTrail

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodeBuild

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodeCommit

Type: AWS::EC2::VPCEndpoint

VPCEndpointCodePipeline

Type: AWS::EC2::VPCEndpoint

VPCEndpointConfig

Type: AWS::EC2::VPCEndpoint

VPCEndpointDatasync

Type: AWS::EC2::VPCEndpoint

VPCEndpointElasticInferenceRuntime

Type: AWS::EC2::VPCEndpoint

VPCEndpointElasticLoadBalancing

Type: AWS::EC2::VPCEndpoint

VPCEndpointEvents

Type: AWS::EC2::VPCEndpoint

VPCEndpointExecuteAPI

Type: AWS::EC2::VPCEndpoint

VPCEndpointKinesisFirehose

Type: AWS::EC2::VPCEndpoint

VPCEndpointKinesisStreams

Type: AWS::EC2::VPCEndpoint

VPCEndpointKMS

Type: AWS::EC2::VPCEndpoint

VPCEndpointLogs

Type: AWS::EC2::VPCEndpoint

VPCEndpointMonitoring

Type: AWS::EC2::VPCEndpoint

VPCEndpointSecretsManager

Type: AWS::EC2::VPCEndpoint

VPCEndpointSNS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSQS

Type: AWS::EC2::VPCEndpoint

VPCEndpointSSM

Type: AWS::EC2::VPCEndpoint

VPCEndpointSSMMessages

Type: AWS::EC2::VPCEndpoint

VPCPrivatelinkSecurityGroup

Type: AWS::EC2::SecurityGroup

VPCFlowLog

Type: AWS::EC2::FlowLog

VPCFlowLogS3Bucket

Type: AWS::S3::Bucket

Outputs

The list of outputs this template exposes:

VPC

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

InternetGateway

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DefaultSecurityGroup

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}]]}]}

PublicSubnetA

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}]]}]}

PublicSubnetB

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet1B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet2B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3A

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}]]}]}

PrivateSubnet3B

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}]]}]}

VPCPrivatelinkSecurityGroup

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

DHCPOptionsSetDefault

Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

Maintenance

Maintainers:

  • 104corp
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文