xdc20201211/CloudFormation/vpc+role.yaml

AWSTemplateFormatVersion: 2010-09-09
Resources:
  RootRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
                - ec2.amazonaws.com.cn
                - ecs-tasks.amazonaws.com
                - vpc-flow-logs.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      RoleName: !Ref roleName
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 5a809822-8fad-40ca-bd0f-7aae64ae7b4a
  RolePolicies:
    Type: 'AWS::IAM::Policy'
    Properties:
      PolicyName: root
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action: '*'
            Resource: '*'
      Roles:
        - Ref: RootRole
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 41ab1589-d187-45a1-99aa-379280c9f643
  vpc1:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: !Ref vpccidr
      EnableDnsHostnames: 'true'
      EnableDnsSupport: 'true'
      Tags:
        - Key: Name
          Value: vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 36050a81-2f2b-4482-9d6a-763dbad1b527
  pubnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - '0'
        - !GetAZs ''
      CidrBlock: !Ref pubnet1cidr
      Tags:
        - Key: Name
          Value: pubnet1
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: d00fad60-d71a-4bfc-988a-65236dea5a6f
  pubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - '1'
        - !GetAZs ''
      CidrBlock: !Ref pubnet2cidr
      Tags:
        - Key: Name
          Value: pubnet2
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: dbc87cce-6f33-46fb-8684-24fc5008ad91
  webnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - '0'
        - !GetAZs ''
      CidrBlock: !Ref webnet1cidr
      Tags:
        - Key: Name
          Value: webnet1
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 30f1713d-c319-4dcb-8730-c4baf0cb207a
  webnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - '1'
        - !GetAZs ''
      CidrBlock: !Ref webnet2cidr
      Tags:
        - Key: Name
          Value: webnet2
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: bd5423c4-721b-4194-a7ba-b8d4b437683a
  dbnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - '0'
        - !GetAZs ''
      CidrBlock: !Ref dbnet1cidr
      Tags:
        - Key: Name
          Value: dbnet1
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: d721de76-5cf2-416c-985d-2bd9d10d4c3c
  dbnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Select 
        - '1'
        - !GetAZs ''
      CidrBlock: !Ref dbnet2cidr
      Tags:
        - Key: Name
          Value: dbnet2
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: d3655dff-3e6c-4e71-b429-782c249ead24
  table1:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      Tags:
        - Key: Name
          Value: table1
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 5a28c477-28f7-4f63-96e4-eba4f2af91c8
  table2:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      Tags:
        - Key: Name
          Value: table2
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: e7cb3a54-60cc-4806-b6c5-51dd541555b2
  table3:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      Tags:
        - Key: Name
          Value: table3
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: b031b8a3-c571-4e9b-967f-e777ca927d08
  igw1:
    Type: 'AWS::EC2::InternetGateway'
    Properties: {}
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 4f2d896c-333a-4e40-acf1-a4d29c7f1e04
  EC2VPCG2BPGG:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      InternetGatewayId: !Ref igw1
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 544c5488-107f-4d4f-99d7-f22003afd889
  natgateway1:
    Type: 'AWS::EC2::NatGateway'
    Properties:
      AllocationId: !GetAtt 
        - eip1
        - AllocationId
      SubnetId: !Ref pubnet1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: df5bea53-45ac-47d0-ae9e-32e7d54a37a5
  natgateway2:
    Type: 'AWS::EC2::NatGateway'
    Properties:
      AllocationId: !GetAtt 
        - eip2
        - AllocationId
      SubnetId: !Ref pubnet2
    Metadata:
      'AWS::CloudFormation::Designer':
        id: b8570bf1-7fe5-4d58-8fb9-83e3660f2170
  eip1:
    Type: 'AWS::EC2::EIP'
    Properties: {}
    Metadata:
      'AWS::CloudFormation::Designer':
        id: d77dbe47-fc90-4338-8ff2-af4000405dde
  eip2:
    Type: 'AWS::EC2::EIP'
    Properties: {}
    Metadata:
      'AWS::CloudFormation::Designer':
        id: e8777cd9-8375-401a-ad6f-52051c09dc89
  EC2SRTA51E2B:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref pubnet1
      RouteTableId: !Ref table1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 72574f43-a5f8-4c3b-bcf7-f8b199887e9c
  EC2SRTA2YHOD:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref pubnet2
      RouteTableId: !Ref table1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: f7e5fe7c-a1c1-48e0-8743-daa1f0e3fb06
  EC2SRTA2VWB8:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref table2
      SubnetId: !Ref webnet1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 5b9f52cd-7dd4-4a0e-88d2-ebd48368e2a4
  EC2SRTA26CTN:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref dbnet1
      RouteTableId: !Ref table2
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 3cedd898-d918-44c1-938d-cfc6512301ea
  EC2SRTAH6LA:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref webnet2
      RouteTableId: !Ref table3
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 91524a30-078a-41c2-a34e-0f16b37b3691
  EC2SRTA1VSM:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      SubnetId: !Ref dbnet2
      RouteTableId: !Ref table3
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 1220e1c3-e8c3-4f7a-998d-e60203564b8d
  route1:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref igw1
      RouteTableId: !Ref table1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: d037ea69-ec83-4c36-92f7-12c199349fd9
  route2:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref natgateway1
      RouteTableId: !Ref table2
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 64d213ca-d8f7-45f3-a53b-6001ad55ba0a
  route3:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref natgateway2
      RouteTableId: !Ref table3
    Metadata:
      'AWS::CloudFormation::Designer':
        id: c5cec4ea-e367-424f-9e78-92220722b760
  elbgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: sg_elb
      GroupName: sg_elb
      Tags:
        - Key: Name
          Value: sg_elb
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 41ff46eb-edb8-456f-9183-4d7eea31e49a
  webgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: !Ref sgName
      GroupName: !Ref sgName
      Tags:
        - Key: Name
          Value: !Ref sgName
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 7777
          ToPort: 7777
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 3d3c83e4-c428-4628-a0e2-d4415ec6cfd6
  dbgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: dbgroup
      GroupName: elasticache_memcache
      Tags:
        - Key: Name
          Value: elasticache_memcache
      SecurityGroupIngress:
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: !Ref cacheport
          ToPort: !Ref cacheport
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '2049'
          ToPort: '2049'
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '5432'
          ToPort: '5432'
          IpProtocol: tcp
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
  redissg:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: redissg
      GroupName: elasticache_redis
      Tags:
        - Key: Name
          Value: elasticache_redis
      SecurityGroupIngress:
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '6379'
          ToPort: '6379'
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '2049'
          ToPort: '2049'
          IpProtocol: tcp
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: e2fe8abf-7e4a-472a-88e6-52c5b75b9924
  efssg:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: sgefs
      GroupName: sg_efs
      Tags:
        - Key: Name
          Value: sg_efs
      SecurityGroupIngress:
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '2049'
          ToPort: '2049'
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref lambdasg
          FromPort: '2049'
          ToPort: '2049'
          IpProtocol: tcp
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: a2a71bad-d448-4630-ae7a-ac51d0366306
  cachegroup:
    Type: 'AWS::ElastiCache::SubnetGroup'
    Properties:
      CacheSubnetGroupName: cachegroup
      Description: cachegroup
      SubnetIds:
        - !Ref dbnet1
        - !Ref dbnet2
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 4c252f4a-8901-40df-b0a2-386cee29c258
  rdsgroup:
    Type: 'AWS::RDS::DBSubnetGroup'
    Properties:
      DBSubnetGroupDescription: rdsgroup
      DBSubnetGroupName: rdsgroup
      Tags:
        - Key: Name
          Value: rdsgroup
      SubnetIds:
        - !Ref dbnet1
        - !Ref dbnet2
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 00338a06-280d-4c12-9255-b77136a19138
  rdssg:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: sg_rds
      GroupName: sg_rds
      Tags:
        - Key: Name
          Value: sg_rds
      SecurityGroupIngress:
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '3306'
          ToPort: '3306'
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref webgroup
          FromPort: '5432'
          ToPort: '5432'
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref lambdasg
          FromPort: '5432'
          ToPort: '5432'
          IpProtocol: tcp
        - SourceSecurityGroupId: !Ref lambdasg
          FromPort: '3306'
          ToPort: '3306'
          IpProtocol: tcp
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
  lambdasg:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: sg_lambda
      GroupName: sg_lambda
      Tags:
        - Key: Name
          Value: sg_lambda
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId: !Ref vpc1
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 6efe5731-b5ea-4e23-9b48-1353eaea32a1
Parameters:
  vpccidr:
    Type: String
    Default: 192.168.0.0/16
  pubnet1cidr:
    Type: String
    Default: 192.168.1.0/24
  pubnet2cidr:
    Type: String
    Default: 192.168.2.0/24
  webnet1cidr:
    Type: String
    Default: 192.168.3.0/24
  webnet2cidr:
    Type: String
    Default: 192.168.4.0/24
  dbnet1cidr:
    Type: String
    Default: 192.168.5.0/24
  dbnet2cidr:
    Type: String
    Default: 192.168.6.0/24
  cacheport:
    Type: String
    Default: '11211'
  sgName:
    Type: String
    Default: sg_ai
  roleName:
    Type: String
    Default: BaseRole
Outputs:
  PUBnet1id:
    Value: !Ref pubnet1
  PUBnet2id:
    Value: !Ref pubnet2
  WEBbnet1id:
    Value: !Ref webnet1
  WEBnet2id:
    Value: !Ref webnet2
  DBnet1id:
    Value: !Ref dbnet1
  DBnet2id:
    Value: !Ref dbnet2
  Vpcid:
    Value: !Ref vpc1
  ELBsg:
    Value: !Ref elbgroup
  ServerSG:
    Value: !Ref webgroup
  MemSg:
    Value: !Ref dbgroup
  EFSsg:
    Value: !Ref efssg
  RedisSg:
    Value: !Ref redissg