github.com/openshift/installer@v1.4.17/upi/aws/cloudformation/01_vpc.yaml (about) 1 AWSTemplateFormatVersion: 2010-09-09 2 Description: Template for Best Practice VPC with 1-3 AZs 3 4 Parameters: 5 VpcCidr: 6 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-4]))$ 7 ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-24. 8 Default: 10.0.0.0/16 9 Description: CIDR block for VPC. 10 Type: String 11 AvailabilityZoneCount: 12 ConstraintDescription: "The number of availability zones. (Min: 1, Max: 3)" 13 MinValue: 1 14 MaxValue: 3 15 Default: 1 16 Description: "How many AZs to create VPC subnets for. (Min: 1, Max: 3)" 17 Type: Number 18 SubnetBits: 19 ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/19-27. 20 MinValue: 5 21 MaxValue: 13 22 Default: 12 23 Description: "Size of each subnet to create within the availability zones. (Min: 5 = /27, Max: 13 = /19)" 24 Type: Number 25 26 Metadata: 27 AWS::CloudFormation::Interface: 28 ParameterGroups: 29 - Label: 30 default: "Network Configuration" 31 Parameters: 32 - VpcCidr 33 - SubnetBits 34 - Label: 35 default: "Availability Zones" 36 Parameters: 37 - AvailabilityZoneCount 38 ParameterLabels: 39 AvailabilityZoneCount: 40 default: "Availability Zone Count" 41 VpcCidr: 42 default: "VPC CIDR" 43 SubnetBits: 44 default: "Bits Per Subnet" 45 46 Conditions: 47 DoAz3: !Equals [3, !Ref AvailabilityZoneCount] 48 DoAz2: !Or [!Equals [2, !Ref AvailabilityZoneCount], Condition: DoAz3] 49 50 Resources: 51 VPC: 52 Type: "AWS::EC2::VPC" 53 Properties: 54 EnableDnsSupport: "true" 55 EnableDnsHostnames: "true" 56 CidrBlock: !Ref VpcCidr 57 PublicSubnet: 58 Type: "AWS::EC2::Subnet" 59 Properties: 60 VpcId: !Ref VPC 61 CidrBlock: !Select [0, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] 62 AvailabilityZone: !Select 63 - 0 64 - Fn::GetAZs: !Ref "AWS::Region" 65 PublicSubnet2: 66 Type: "AWS::EC2::Subnet" 67 Condition: DoAz2 68 Properties: 69 VpcId: !Ref VPC 70 CidrBlock: !Select [1, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] 71 AvailabilityZone: !Select 72 - 1 73 - Fn::GetAZs: !Ref "AWS::Region" 74 PublicSubnet3: 75 Type: "AWS::EC2::Subnet" 76 Condition: DoAz3 77 Properties: 78 VpcId: !Ref VPC 79 CidrBlock: !Select [2, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] 80 AvailabilityZone: !Select 81 - 2 82 - Fn::GetAZs: !Ref "AWS::Region" 83 InternetGateway: 84 Type: "AWS::EC2::InternetGateway" 85 GatewayToInternet: 86 Type: "AWS::EC2::VPCGatewayAttachment" 87 Properties: 88 VpcId: !Ref VPC 89 InternetGatewayId: !Ref InternetGateway 90 PublicRouteTable: 91 Type: "AWS::EC2::RouteTable" 92 Properties: 93 VpcId: !Ref VPC 94 PublicRoute: 95 Type: "AWS::EC2::Route" 96 DependsOn: GatewayToInternet 97 Properties: 98 RouteTableId: !Ref PublicRouteTable 99 DestinationCidrBlock: 0.0.0.0/0 100 GatewayId: !Ref InternetGateway 101 PublicSubnetRouteTableAssociation: 102 Type: "AWS::EC2::SubnetRouteTableAssociation" 103 Properties: 104 SubnetId: !Ref PublicSubnet 105 RouteTableId: !Ref PublicRouteTable 106 PublicSubnetRouteTableAssociation2: 107 Type: "AWS::EC2::SubnetRouteTableAssociation" 108 Condition: DoAz2 109 Properties: 110 SubnetId: !Ref PublicSubnet2 111 RouteTableId: !Ref PublicRouteTable 112 PublicSubnetRouteTableAssociation3: 113 Condition: DoAz3 114 Type: "AWS::EC2::SubnetRouteTableAssociation" 115 Properties: 116 SubnetId: !Ref PublicSubnet3 117 RouteTableId: !Ref PublicRouteTable 118 PrivateSubnet: 119 Type: "AWS::EC2::Subnet" 120 Properties: 121 VpcId: !Ref VPC 122 CidrBlock: !Select [3, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] 123 AvailabilityZone: !Select 124 - 0 125 - Fn::GetAZs: !Ref "AWS::Region" 126 PrivateRouteTable: 127 Type: "AWS::EC2::RouteTable" 128 Properties: 129 VpcId: !Ref VPC 130 PrivateSubnetRouteTableAssociation: 131 Type: "AWS::EC2::SubnetRouteTableAssociation" 132 Properties: 133 SubnetId: !Ref PrivateSubnet 134 RouteTableId: !Ref PrivateRouteTable 135 NAT: 136 DependsOn: 137 - GatewayToInternet 138 Type: "AWS::EC2::NatGateway" 139 Properties: 140 AllocationId: 141 "Fn::GetAtt": 142 - EIP 143 - AllocationId 144 SubnetId: !Ref PublicSubnet 145 EIP: 146 Type: "AWS::EC2::EIP" 147 Properties: 148 Domain: vpc 149 Route: 150 Type: "AWS::EC2::Route" 151 Properties: 152 RouteTableId: 153 Ref: PrivateRouteTable 154 DestinationCidrBlock: 0.0.0.0/0 155 NatGatewayId: 156 Ref: NAT 157 PrivateSubnet2: 158 Type: "AWS::EC2::Subnet" 159 Condition: DoAz2 160 Properties: 161 VpcId: !Ref VPC 162 CidrBlock: !Select [4, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] 163 AvailabilityZone: !Select 164 - 1 165 - Fn::GetAZs: !Ref "AWS::Region" 166 PrivateRouteTable2: 167 Type: "AWS::EC2::RouteTable" 168 Condition: DoAz2 169 Properties: 170 VpcId: !Ref VPC 171 PrivateSubnetRouteTableAssociation2: 172 Type: "AWS::EC2::SubnetRouteTableAssociation" 173 Condition: DoAz2 174 Properties: 175 SubnetId: !Ref PrivateSubnet2 176 RouteTableId: !Ref PrivateRouteTable2 177 NAT2: 178 DependsOn: 179 - GatewayToInternet 180 Type: "AWS::EC2::NatGateway" 181 Condition: DoAz2 182 Properties: 183 AllocationId: 184 "Fn::GetAtt": 185 - EIP2 186 - AllocationId 187 SubnetId: !Ref PublicSubnet2 188 EIP2: 189 Type: "AWS::EC2::EIP" 190 Condition: DoAz2 191 Properties: 192 Domain: vpc 193 Route2: 194 Type: "AWS::EC2::Route" 195 Condition: DoAz2 196 Properties: 197 RouteTableId: 198 Ref: PrivateRouteTable2 199 DestinationCidrBlock: 0.0.0.0/0 200 NatGatewayId: 201 Ref: NAT2 202 PrivateSubnet3: 203 Type: "AWS::EC2::Subnet" 204 Condition: DoAz3 205 Properties: 206 VpcId: !Ref VPC 207 CidrBlock: !Select [5, !Cidr [!Ref VpcCidr, 6, !Ref SubnetBits]] 208 AvailabilityZone: !Select 209 - 2 210 - Fn::GetAZs: !Ref "AWS::Region" 211 PrivateRouteTable3: 212 Type: "AWS::EC2::RouteTable" 213 Condition: DoAz3 214 Properties: 215 VpcId: !Ref VPC 216 PrivateSubnetRouteTableAssociation3: 217 Type: "AWS::EC2::SubnetRouteTableAssociation" 218 Condition: DoAz3 219 Properties: 220 SubnetId: !Ref PrivateSubnet3 221 RouteTableId: !Ref PrivateRouteTable3 222 NAT3: 223 DependsOn: 224 - GatewayToInternet 225 Type: "AWS::EC2::NatGateway" 226 Condition: DoAz3 227 Properties: 228 AllocationId: 229 "Fn::GetAtt": 230 - EIP3 231 - AllocationId 232 SubnetId: !Ref PublicSubnet3 233 EIP3: 234 Type: "AWS::EC2::EIP" 235 Condition: DoAz3 236 Properties: 237 Domain: vpc 238 Route3: 239 Type: "AWS::EC2::Route" 240 Condition: DoAz3 241 Properties: 242 RouteTableId: 243 Ref: PrivateRouteTable3 244 DestinationCidrBlock: 0.0.0.0/0 245 NatGatewayId: 246 Ref: NAT3 247 S3Endpoint: 248 Type: AWS::EC2::VPCEndpoint 249 Properties: 250 PolicyDocument: 251 Version: 2012-10-17 252 Statement: 253 - Effect: Allow 254 Principal: '*' 255 Action: 256 - '*' 257 Resource: 258 - '*' 259 RouteTableIds: 260 - !Ref PublicRouteTable 261 - !Ref PrivateRouteTable 262 - !If [DoAz2, !Ref PrivateRouteTable2, !Ref "AWS::NoValue"] 263 - !If [DoAz3, !Ref PrivateRouteTable3, !Ref "AWS::NoValue"] 264 ServiceName: !Join 265 - '' 266 - - com.amazonaws. 267 - !Ref 'AWS::Region' 268 - .s3 269 VpcId: !Ref VPC 270 271 Outputs: 272 VpcId: 273 Description: ID of the new VPC. 274 Value: !Ref VPC 275 PublicSubnetIds: 276 Description: Subnet IDs of the public subnets. 277 Value: 278 !Join [ 279 ",", 280 [!Ref PublicSubnet, !If [DoAz2, !Ref PublicSubnet2, !Ref "AWS::NoValue"], !If [DoAz3, !Ref PublicSubnet3, !Ref "AWS::NoValue"]] 281 ] 282 PrivateSubnetIds: 283 Description: Subnet IDs of the private subnets. 284 Value: 285 !Join [ 286 ",", 287 [!Ref PrivateSubnet, !If [DoAz2, !Ref PrivateSubnet2, !Ref "AWS::NoValue"], !If [DoAz3, !Ref PrivateSubnet3, !Ref "AWS::NoValue"]] 288 ] 289 PublicRouteTableId: 290 Description: Public Route table ID 291 Value: !Ref PublicRouteTable 292 PrivateRouteTableIds: 293 Description: Private Route table IDs 294 Value: 295 !Join [ 296 ",", 297 [ 298 !Join ["=", [ 299 !Select [0, "Fn::GetAZs": !Ref "AWS::Region"], 300 !Ref PrivateRouteTable 301 ]], 302 !If [DoAz2, 303 !Join ["=", [!Select [1, "Fn::GetAZs": !Ref "AWS::Region"], !Ref PrivateRouteTable2]], 304 !Ref "AWS::NoValue" 305 ], 306 !If [DoAz3, 307 !Join ["=", [!Select [2, "Fn::GetAZs": !Ref "AWS::Region"], !Ref PrivateRouteTable3]], 308 !Ref "AWS::NoValue" 309 ] 310 ] 311 ]