Skip to content

Instantly share code, notes, and snippets.

@amit-naudiyal

amit-naudiyal/template-subnet

Created June 29, 2019 06:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save amit-naudiyal/69d4c60f781ea5439b810de55735e569 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save amit-naudiyal/69d4c60f781ea5439b810de55735e569 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
template-subnet
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "EKS cluster (dedicated VPC: true, dedicated IAM: true) [created and managed by eksctl]",
"Resources": {
"ClusterSharedNodeSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Communication between all nodes in the cluster",
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/ClusterSharedNodeSecurityGroup"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"ControlPlane": {
"Type": "AWS::EKS::Cluster",
"Properties": {
"Name": "eksworkshop-eksctl",
"ResourcesVpcConfig": {
"SecurityGroupIds": [{
"Ref": "ControlPlaneSecurityGroup"
}],
"SubnetIds": [{
"Ref": "SubnetPublicUSEAST1A"
}, {
"Ref": "SubnetPublicUSEAST1B"
}, {
"Ref": "SubnetPrivateUSEAST1A"
}, {
"Ref": "SubnetPrivateUSEAST1B"
}]
},
"RoleArn": {
"Fn::GetAtt": "ServiceRole.Arn"
},
"Version": "1.12"
}
},
"ControlPlaneSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Communication between the control plane and worker nodegroups",
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/ControlPlaneSecurityGroup"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"IngressInterNodeGroupSG": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"Description": "Allow nodes to communicate with each other (all ports)",
"FromPort": 0,
"GroupId": {
"Ref": "ClusterSharedNodeSecurityGroup"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "ClusterSharedNodeSecurityGroup"
},
"ToPort": 65535
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/InternetGateway"
}
}]
}
},
"NATGateway": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": "NATIP.AllocationId"
},
"SubnetId": {
"Ref": "SubnetPublicUSEAST1A"
},
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/NATGateway"
}
}]
}
},
"NATIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"PolicyCloudWatchMetrics": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [{
"Action": ["cloudwatch:PutMetricData"],
"Effect": "Allow",
"Resource": "*"
}],
"Version": "2012-10-17"
},
"PolicyName": {
"Fn::Sub": "${AWS::StackName}-PolicyCloudWatchMetrics"
},
"Roles": [{
"Ref": "ServiceRole"
}]
}
},
"PolicyNLB": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [{
"Action": ["elasticloadbalancing:*", "ec2:CreateSecurityGroup", "ec2:Describe*"],
"Effect": "Allow",
"Resource": "*"
}],
"Version": "2012-10-17"
},
"PolicyName": {
"Fn::Sub": "${AWS::StackName}-PolicyNLB"
},
"Roles": [{
"Ref": "ServiceRole"
}]
}
},
"PrivateRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/PrivateRouteTable"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"PrivateSubnetRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "NATGateway"
},
"RouteTableId": {
"Ref": "PrivateRouteTable"
}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/PublicRouteTable"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"PublicSubnetRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "InternetGateway"
},
"RouteTableId": {
"Ref": "PublicRouteTable"
}
}
},
"RouteTableAssociationPrivateUSEAST1A": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"SubnetId": {
"Ref": "SubnetPrivateUSEAST1A"
}
}
},
"RouteTableAssociationPrivateUSEAST1B": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PrivateRouteTable"
},
"SubnetId": {
"Ref": "SubnetPrivateUSEAST1B"
}
}
},
"RouteTableAssociationPublicUSEAST1A": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"SubnetId": {
"Ref": "SubnetPublicUSEAST1A"
}
}
},
"RouteTableAssociationPublicUSEAST1B": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "PublicRouteTable"
},
"SubnetId": {
"Ref": "SubnetPublicUSEAST1B"
}
}
},
"ServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [{
"Action": ["sts:AssumeRole"],
"Effect": "Allow",
"Principal": {
"Service": ["eks.amazonaws.com"]
}
}],
"Version": "2012-10-17"
},
"ManagedPolicyArns": ["arn:aws:iam::aws:policy/AmazonEKSServicePolicy", "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"]
}
},
"SubnetPrivateUSEAST1A": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-1a",
"CidrBlock": "192.168.64.0/19",
"Tags": [{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
}, {
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/SubnetPrivateUSEAST1A"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"SubnetPrivateUSEAST1B": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-1b",
"CidrBlock": "192.168.96.0/19",
"Tags": [{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
}, {
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/SubnetPrivateUSEAST1B"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"SubnetPublicUSEAST1A": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-1a",
"CidrBlock": "192.168.0.0/19",
"Tags": [{
"Key": "kubernetes.io/role/elb",
"Value": "1"
}, {
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/SubnetPublicUSEAST1A"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"SubnetPublicUSEAST1B": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "us-east-1b",
"CidrBlock": "192.168.32.0/19",
"Tags": [{
"Key": "kubernetes.io/role/elb",
"Value": "1"
}, {
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/SubnetPublicUSEAST1B"
}
}],
"VpcId": {
"Ref": "VPC"
}
}
},
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"Tags": [{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}/VPC"
}
}]
}
},
"VPCGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "InternetGateway"
},
"VpcId": {
"Ref": "VPC"
}
}
}
},
"Outputs": {
"ARN": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::ARN"
}
},
"Value": {
"Fn::GetAtt": "ControlPlane.Arn"
}
},
"CertificateAuthorityData": {
"Value": {
"Fn::GetAtt": "ControlPlane.CertificateAuthorityData"
}
},
"ClusterStackName": {
"Value": {
"Ref": "AWS::StackName"
}
},
"Endpoint": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::Endpoint"
}
},
"Value": {
"Fn::GetAtt": "ControlPlane.Endpoint"
}
},
"SecurityGroup": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::SecurityGroup"
}
},
"Value": {
"Ref": "ControlPlaneSecurityGroup"
}
},
"ServiceRoleARN": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::ServiceRoleARN"
}
},
"Value": {
"Fn::GetAtt": "ServiceRole.Arn"
}
},
"SharedNodeSecurityGroup": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::SharedNodeSecurityGroup"
}
},
"Value": {
"Ref": "ClusterSharedNodeSecurityGroup"
}
},
"SubnetsPrivate": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::SubnetsPrivate"
}
},
"Value": {
"Fn::Join": [",", [{
"Ref": "SubnetPrivateUSEAST1A"
}, {
"Ref": "SubnetPrivateUSEAST1B"
}]]
}
},
"SubnetsPublic": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::SubnetsPublic"
}
},
"Value": {
"Fn::Join": [",", [{
"Ref": "SubnetPublicUSEAST1A"
}, {
"Ref": "SubnetPublicUSEAST1B"
}]]
}
},
"VPC": {
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}::VPC"
}
},
"Value": {
"Ref": "VPC"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment