My Saved Presets
You must be logged in to view saved presets

Loading Library ...

VPC Security Controls

Deploy an Amazon VPC (Private Only)

A configuration package to deploy an Amazon VPC with no Internet Connectivty. Connectivity to AWS services can be enabled using VPC Endpoints. Configuration items includes number of Subnets, Routing Tables, Security Groups, and VPC Flow Logs.

A premium subscription is required for this content

Items
9
Size
2.4 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      EnableDnsSupport: true
  PrivateSubnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: 10.0.0.0/24
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Subnet AZ A
      AvailabilityZone:
        'Fn::Select':
          - '0'
          - 'Fn::GetAZs':
              Ref: 'AWS::Region'
  PrivateSubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Subnet AZ B
      AvailabilityZone:
        'Fn::Select':
          - '1'
          - 'Fn::GetAZs':
              Ref: 'AWS::Region'
  RouteTablePrivate1:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Route Table A
  RouteTablePrivate1Association1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId:
        Ref: RouteTablePrivate1
      SubnetId:
        Ref: PrivateSubnet1
  RouteTablePrivate2:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Route Table B
  RouteTablePrivate2Association1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId:
        Ref: RouteTablePrivate2
      SubnetId:
        Ref: PrivateSubnet2
  VPCEndpoint:
    Type: 'AWS::EC2::VPCEndpoint'
    Properties:
      VpcEndpointType: Interface
      ServiceName:
        'Fn::Join':
          - ''
          - - com.amazonaws.
            - Ref: 'AWS::Region'
            - .ec2
      VpcId:
        Ref: VPC
      SubnetIds: !<tag:yaml.org,2002:js/undefined> ''
      PrivateDnsEnabled: true
      SecurityGroupIds:
        - Ref: SgForVPCEndpoint
  SgForVPCEndpoint:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security group to allow access to ec2 VPC Endpoint
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId:
        Ref: VPC
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Configuration Presets

Resource Settings

EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT

© 2024 asecurecloud. All rights reserved.