Created
January 26, 2021 11:22
-
-
Save inoh/dbc64d014522781fa7e810dc8c829a86 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Resources: | |
| EC2VpcFFB3EF08: | |
| Type: AWS::EC2::VPC | |
| Properties: | |
| CidrBlock: 10.0.0.0/16 | |
| EnableDnsHostnames: true | |
| EnableDnsSupport: true | |
| InstanceTenancy: default | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/Resource | |
| EC2VpcPublicSubnet1SubnetD83F3408: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| CidrBlock: 10.0.0.0/18 | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: "" | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: aws-cdk:subnet-name | |
| Value: Public | |
| - Key: aws-cdk:subnet-type | |
| Value: Public | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet1 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/Subnet | |
| EC2VpcPublicSubnet1RouteTable0093FEFE: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet1 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/RouteTable | |
| EC2VpcPublicSubnet1RouteTableAssociationAAFF583B: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPublicSubnet1RouteTable0093FEFE | |
| SubnetId: | |
| Ref: EC2VpcPublicSubnet1SubnetD83F3408 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/RouteTableAssociation | |
| EC2VpcPublicSubnet1DefaultRouteE0FCD0F2: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPublicSubnet1RouteTable0093FEFE | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: | |
| Ref: EC2VpcIGW53D90023 | |
| DependsOn: | |
| - EC2VpcVPCGW52F9120B | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/DefaultRoute | |
| EC2VpcPublicSubnet1EIP3C6B1606: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet1 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/EIP | |
| EC2VpcPublicSubnet1NATGateway10E37B4E: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: | |
| Fn::GetAtt: | |
| - EC2VpcPublicSubnet1EIP3C6B1606 | |
| - AllocationId | |
| SubnetId: | |
| Ref: EC2VpcPublicSubnet1SubnetD83F3408 | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet1 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet1/NATGateway | |
| EC2VpcPublicSubnet2SubnetF81D1D02: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| CidrBlock: 10.0.64.0/18 | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 1 | |
| - Fn::GetAZs: "" | |
| MapPublicIpOnLaunch: true | |
| Tags: | |
| - Key: aws-cdk:subnet-name | |
| Value: Public | |
| - Key: aws-cdk:subnet-type | |
| Value: Public | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/Subnet | |
| EC2VpcPublicSubnet2RouteTable3C23AF87: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/RouteTable | |
| EC2VpcPublicSubnet2RouteTableAssociation2E05B5DE: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPublicSubnet2RouteTable3C23AF87 | |
| SubnetId: | |
| Ref: EC2VpcPublicSubnet2SubnetF81D1D02 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/RouteTableAssociation | |
| EC2VpcPublicSubnet2DefaultRoute90101A4E: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPublicSubnet2RouteTable3C23AF87 | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| GatewayId: | |
| Ref: EC2VpcIGW53D90023 | |
| DependsOn: | |
| - EC2VpcVPCGW52F9120B | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/DefaultRoute | |
| EC2VpcPublicSubnet2EIP5BE9CC68: | |
| Type: AWS::EC2::EIP | |
| Properties: | |
| Domain: vpc | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/EIP | |
| EC2VpcPublicSubnet2NATGatewayBD3C35B2: | |
| Type: AWS::EC2::NatGateway | |
| Properties: | |
| AllocationId: | |
| Fn::GetAtt: | |
| - EC2VpcPublicSubnet2EIP5BE9CC68 | |
| - AllocationId | |
| SubnetId: | |
| Ref: EC2VpcPublicSubnet2SubnetF81D1D02 | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PublicSubnet2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PublicSubnet2/NATGateway | |
| EC2VpcPrivateSubnet1SubnetE727E9E3: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| CidrBlock: 10.0.128.0/18 | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: "" | |
| MapPublicIpOnLaunch: false | |
| Tags: | |
| - Key: aws-cdk:subnet-name | |
| Value: Private | |
| - Key: aws-cdk:subnet-type | |
| Value: Private | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PrivateSubnet1 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/Subnet | |
| EC2VpcPrivateSubnet1RouteTableFFDB32BE: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PrivateSubnet1 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/RouteTable | |
| EC2VpcPrivateSubnet1RouteTableAssociationF63C5BA7: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPrivateSubnet1RouteTableFFDB32BE | |
| SubnetId: | |
| Ref: EC2VpcPrivateSubnet1SubnetE727E9E3 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/RouteTableAssociation | |
| EC2VpcPrivateSubnet1DefaultRoute3C49B15F: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPrivateSubnet1RouteTableFFDB32BE | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: | |
| Ref: EC2VpcPublicSubnet1NATGateway10E37B4E | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet1/DefaultRoute | |
| EC2VpcPrivateSubnet2SubnetBBE6BBDD: | |
| Type: AWS::EC2::Subnet | |
| Properties: | |
| CidrBlock: 10.0.192.0/18 | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 1 | |
| - Fn::GetAZs: "" | |
| MapPublicIpOnLaunch: false | |
| Tags: | |
| - Key: aws-cdk:subnet-name | |
| Value: Private | |
| - Key: aws-cdk:subnet-type | |
| Value: Private | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PrivateSubnet2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/Subnet | |
| EC2VpcPrivateSubnet2RouteTable0363966E: | |
| Type: AWS::EC2::RouteTable | |
| Properties: | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc/PrivateSubnet2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/RouteTable | |
| EC2VpcPrivateSubnet2RouteTableAssociation62A3738C: | |
| Type: AWS::EC2::SubnetRouteTableAssociation | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPrivateSubnet2RouteTable0363966E | |
| SubnetId: | |
| Ref: EC2VpcPrivateSubnet2SubnetBBE6BBDD | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/RouteTableAssociation | |
| EC2VpcPrivateSubnet2DefaultRoute7F65CF0B: | |
| Type: AWS::EC2::Route | |
| Properties: | |
| RouteTableId: | |
| Ref: EC2VpcPrivateSubnet2RouteTable0363966E | |
| DestinationCidrBlock: 0.0.0.0/0 | |
| NatGatewayId: | |
| Ref: EC2VpcPublicSubnet2NATGatewayBD3C35B2 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/PrivateSubnet2/DefaultRoute | |
| EC2VpcIGW53D90023: | |
| Type: AWS::EC2::InternetGateway | |
| Properties: | |
| Tags: | |
| - Key: Name | |
| Value: cdksample/EC2Vpc | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/IGW | |
| EC2VpcVPCGW52F9120B: | |
| Type: AWS::EC2::VPCGatewayAttachment | |
| Properties: | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| InternetGatewayId: | |
| Ref: EC2VpcIGW53D90023 | |
| Metadata: | |
| aws:cdk:path: cdksample/EC2Vpc/VPCGW | |
| BastionInstanceSecurityGroup71C3847E: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: cdksample/Bastion/Resource/InstanceSecurityGroup | |
| SecurityGroupEgress: | |
| - CidrIp: 0.0.0.0/0 | |
| Description: Allow all outbound traffic by default | |
| IpProtocol: "-1" | |
| Tags: | |
| - Key: Name | |
| Value: BastionHost | |
| VpcId: | |
| Ref: EC2VpcFFB3EF08 | |
| Metadata: | |
| aws:cdk:path: cdksample/Bastion/Resource/InstanceSecurityGroup/Resource | |
| BastionInstanceRoleD3B36EDD: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Statement: | |
| - Action: sts:AssumeRole | |
| Effect: Allow | |
| Principal: | |
| Service: | |
| Fn::Join: | |
| - "" | |
| - - ec2. | |
| - Ref: AWS::URLSuffix | |
| Version: "2012-10-17" | |
| Tags: | |
| - Key: Name | |
| Value: BastionHost | |
| Metadata: | |
| aws:cdk:path: cdksample/Bastion/Resource/InstanceRole/Resource | |
| BastionInstanceRoleDefaultPolicy457C3156: | |
| Type: AWS::IAM::Policy | |
| Properties: | |
| PolicyDocument: | |
| Statement: | |
| - Action: | |
| - ssmmessages:* | |
| - ssm:UpdateInstanceInformation | |
| - ec2messages:* | |
| Effect: Allow | |
| Resource: "*" | |
| Version: "2012-10-17" | |
| PolicyName: BastionInstanceRoleDefaultPolicy457C3156 | |
| Roles: | |
| - Ref: BastionInstanceRoleD3B36EDD | |
| Metadata: | |
| aws:cdk:path: cdksample/Bastion/Resource/InstanceRole/DefaultPolicy/Resource | |
| BastionInstanceProfile8FFAF242: | |
| Type: AWS::IAM::InstanceProfile | |
| Properties: | |
| Roles: | |
| - Ref: BastionInstanceRoleD3B36EDD | |
| Metadata: | |
| aws:cdk:path: cdksample/Bastion/Resource/InstanceProfile | |
| Bastion6045F255: | |
| Type: AWS::EC2::Instance | |
| Properties: | |
| AvailabilityZone: | |
| Fn::Select: | |
| - 0 | |
| - Fn::GetAZs: "" | |
| IamInstanceProfile: | |
| Ref: BastionInstanceProfile8FFAF242 | |
| ImageId: | |
| Ref: SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter | |
| InstanceType: t3.nano | |
| SecurityGroupIds: | |
| - Fn::GetAtt: | |
| - BastionInstanceSecurityGroup71C3847E | |
| - GroupId | |
| SubnetId: | |
| Ref: EC2VpcPrivateSubnet1SubnetE727E9E3 | |
| Tags: | |
| - Key: Name | |
| Value: BastionHost | |
| UserData: | |
| Fn::Base64: >- | |
| #!/bin/bash | |
| yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm | |
| DependsOn: | |
| - BastionInstanceRoleDefaultPolicy457C3156 | |
| - BastionInstanceRoleD3B36EDD | |
| Metadata: | |
| aws:cdk:path: cdksample/Bastion/Resource/Resource | |
| CDKMetadata: | |
| Type: AWS::CDK::Metadata | |
| Properties: | |
| Modules: aws-cdk=1.86.0,@aws-cdk/assets=1.86.0,@aws-cdk/aws-apigateway=1.86.0,@aws-cdk/aws-apigatewayv2=1.86.0,@aws-cdk/aws-applicationautoscaling=1.86.0,@aws-cdk/aws-autoscaling=1.86.0,@aws-cdk/aws-autoscaling-common=1.86.0,@aws-cdk/aws-autoscaling-hooktargets=1.86.0,@aws-cdk/aws-batch=1.86.0,@aws-cdk/aws-certificatemanager=1.86.0,@aws-cdk/aws-cloudformation=1.86.0,@aws-cdk/aws-cloudfront=1.86.0,@aws-cdk/aws-cloudwatch=1.86.0,@aws-cdk/aws-codebuild=1.86.0,@aws-cdk/aws-codecommit=1.86.0,@aws-cdk/aws-codeguruprofiler=1.86.0,@aws-cdk/aws-codepipeline=1.86.0,@aws-cdk/aws-cognito=1.86.0,@aws-cdk/aws-ec2=1.86.0,@aws-cdk/aws-ecr=1.86.0,@aws-cdk/aws-ecr-assets=1.86.0,@aws-cdk/aws-ecs=1.86.0,@aws-cdk/aws-ecs-patterns=1.86.0,@aws-cdk/aws-efs=1.86.0,@aws-cdk/aws-elasticloadbalancing=1.86.0,@aws-cdk/aws-elasticloadbalancingv2=1.86.0,@aws-cdk/aws-events=1.86.0,@aws-cdk/aws-events-targets=1.86.0,@aws-cdk/aws-iam=1.86.0,@aws-cdk/aws-kinesis=1.86.0,@aws-cdk/aws-kinesisfirehose=1.86.0,@aws-cdk/aws-kms=1.86.0,@aws-cdk/aws-lambda=1.86.0,@aws-cdk/aws-logs=1.86.0,@aws-cdk/aws-route53=1.86.0,@aws-cdk/aws-route53-targets=1.86.0,@aws-cdk/aws-s3=1.86.0,@aws-cdk/aws-s3-assets=1.86.0,@aws-cdk/aws-sam=1.86.0,@aws-cdk/aws-secretsmanager=1.86.0,@aws-cdk/aws-servicediscovery=1.86.0,@aws-cdk/aws-sns=1.86.0,@aws-cdk/aws-sns-subscriptions=1.86.0,@aws-cdk/aws-sqs=1.86.0,@aws-cdk/aws-ssm=1.86.0,@aws-cdk/aws-stepfunctions=1.86.0,@aws-cdk/cloud-assembly-schema=1.86.0,@aws-cdk/core=1.86.0,@aws-cdk/custom-resources=1.86.0,@aws-cdk/cx-api=1.86.0,@aws-cdk/region-info=1.86.0,jsii-runtime=Python/3.9.0 | |
| Metadata: | |
| aws:cdk:path: cdksample/CDKMetadata/Default | |
| Condition: CDKMetadataAvailable | |
| Outputs: | |
| BastionBastionHostId8F8CEB82: | |
| Description: Instance ID of the bastion host. Use this to connect via SSM Session Manager | |
| Value: | |
| Ref: Bastion6045F255 | |
| Parameters: | |
| SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter: | |
| Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> | |
| Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 | |
| Conditions: | |
| CDKMetadataAvailable: | |
| Fn::Or: | |
| - Fn::Or: | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ap-east-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ap-northeast-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ap-northeast-2 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ap-south-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ap-southeast-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ap-southeast-2 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - ca-central-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - cn-north-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - cn-northwest-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - eu-central-1 | |
| - Fn::Or: | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - eu-north-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - eu-west-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - eu-west-2 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - eu-west-3 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - me-south-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - sa-east-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - us-east-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - us-east-2 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - us-west-1 | |
| - Fn::Equals: | |
| - Ref: AWS::Region | |
| - us-west-2 |
Author
inoh
commented
Jan 26, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment