Overview

A configuration package to deploy an Amazon VPC with no Internet Connectivty. Connectivity to AWS services can be enabled using VPC Endpoints. Configuration items includes number of Subnets, Routing Tables, Security Groups, and VPC Flow Logs.

Configure & Deploy

Configuration Presets

  • Creates 2 subnets (using the first 2 AZs of the region)
  • Do not enable VPC Flow Logs

Configuration Template

EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
EDIT
Items
11
Size
3.5 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      EnableDnsSupport: true
  PrivateSubnet1:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: 10.0.0.0/24
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Subnet AZ A
      AvailabilityZone:
        'Fn::Select':
          - '0'
          - 'Fn::GetAZs':
              Ref: 'AWS::Region'
  PrivateSubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: false
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Subnet AZ B
      AvailabilityZone:
        'Fn::Select':
          - '1'
          - 'Fn::GetAZs':
              Ref: 'AWS::Region'
  RouteTablePrivate1:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Route Table A
  RouteTablePrivate1Association1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId:
        Ref: RouteTablePrivate1
      SubnetId:
        Ref: PrivateSubnet1
  RouteTablePrivate2:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId:
        Ref: VPC
      Tags:
        - Key: Name
          Value: Private Route Table B
  RouteTablePrivate2Association1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId:
        Ref: RouteTablePrivate2
      SubnetId:
        Ref: PrivateSubnet2
  sVPCEndpoint:
    Type: 'AWS::EC2::VPCEndpoint'
    Properties:
      ServiceName:
        'Fn::Join':
          - ''
          - - com.amazonaws.
            - Ref: 'AWS::Region'
            - .s3
      VpcId:
        Ref: VPC
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal: '*'
            Action:
              - '*'
            Resource:
              - '*'
      RouteTableIds:
        - Ref: RouteTablePrivate1
        - Ref: RouteTablePrivate2
  dynamodbVPCEndpoint:
    Type: 'AWS::EC2::VPCEndpoint'
    Properties:
      ServiceName:
        'Fn::Join':
          - ''
          - - com.amazonaws.
            - Ref: 'AWS::Region'
            - .dynamodb
      VpcId:
        Ref: VPC
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal: '*'
            Action:
              - '*'
            Resource:
              - '*'
      RouteTableIds:
        - Ref: RouteTablePrivate1
        - Ref: RouteTablePrivate2
  SgForecVPCEndpoint:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security group to allow access to ec2 VPC Endpoint
      SecurityGroupIngress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: tcp
          FromPort: '443'
          ToPort: '443'
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: '-1'
      VpcId:
        Ref: VPC
  ecVPCEndpoint:
    Type: 'AWS::EC2::VPCEndpoint'
    Properties:
      VpcEndpointType: Interface
      ServiceName:
        'Fn::Join':
          - ''
          - - com.amazonaws.
            - Ref: 'AWS::Region'
            - .ec2
      VpcId:
        Ref: VPC
      SubnetIds:
        - Ref: PrivateSubnet1
        - Ref: PrivateSubnet2
      PrivateDnsEnabled: true
      SecurityGroupIds:
        - Ref: SgForecVPCEndpoint
Parameters: {}
Metadata: {}
Conditions: {}