Skip to content

Instantly share code, notes, and snippets.

@y13i

y13i/ssm-ssh-test.cfn.json

Last active August 16, 2019 02:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save y13i/807c68575ca33184564e7da8c853cfba to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save y13i/807c68575ca33184564e7da8c853cfba to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssm-ssh-test.cfn.json
{
"Parameters": {
"VpcCidr": {
"Description": "VPC network range. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing",
"Type": "String",
"Default": "10.0.0.0/16",
"AllowedPattern": "^(10\\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])|172\\.(1[6-9]|2[0-9]|3[01])|192\\.168)\\.0\\.0/(1[6-9]|2[0-8])$"
},
"SubnetCidrBits": {
"Type": "Number",
"Default": 12,
"MinValue": 4,
"MaxValue": 13
},
"NatEnabled": {
"Type": "String",
"AllowedValues": ["true", "false"],
"Default": "false"
},
"ImageId": {
"Type": "AWS::EC2::Image::Id"
},
"KeyName": {
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Conditions": {
"NatEnabledCondition": {
"Fn::Equals": [{ "Ref": "NatEnabled" }, "true"]
}
},
"Resources": {
"Vpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"EnableDnsSupport": true,
"EnableDnsHostnames": true,
"CidrBlock": { "Ref": "VpcCidr" },
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }]
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }]
}
},
"InternetGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": { "Ref": "Vpc" },
"InternetGatewayId": { "Ref": "InternetGateway" }
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Sub": "${AWS::StackName}-public" }
}
]
}
},
"PublicToInternetRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": { "Ref": "PublicRouteTable" },
"GatewayId": { "Ref": "InternetGateway" }
}
},
"PublicSubnet0": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::Select": [
0,
{
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }]
}
]
},
"MapPublicIpOnLaunch": true,
"AvailabilityZone": {
"Fn::Select": [0, { "Fn::GetAZs": { "Ref": "AWS::Region" } }]
},
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-public-0"
}
}
]
}
},
"PublicSubnet0RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PublicRouteTable" },
"SubnetId": { "Ref": "PublicSubnet0" }
}
},
"PublicSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::Select": [
1,
{
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }]
}
]
},
"MapPublicIpOnLaunch": true,
"AvailabilityZone": {
"Fn::Select": [1, { "Fn::GetAZs": { "Ref": "AWS::Region" } }]
},
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-public-1"
}
}
]
}
},
"PublicSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PublicRouteTable" },
"SubnetId": { "Ref": "PublicSubnet1" }
}
},
"PublicSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::Select": [
2,
{
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }]
}
]
},
"MapPublicIpOnLaunch": true,
"AvailabilityZone": {
"Fn::Select": [2, { "Fn::GetAZs": { "Ref": "AWS::Region" } }]
},
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-public-2"
}
}
]
}
},
"PublicSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PublicRouteTable" },
"SubnetId": { "Ref": "PublicSubnet2" }
}
},
"NatGateway0ElasticIp": {
"Type": "AWS::EC2::EIP",
"Condition": "NatEnabledCondition",
"Properties": {
"Domain": "vpc"
}
},
"NatGateway0": {
"Type": "AWS::EC2::NatGateway",
"Condition": "NatEnabledCondition",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["NatGateway0ElasticIp", "AllocationId"]
},
"SubnetId": { "Ref": "PublicSubnet0" },
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }]
}
},
"NatGateway1ElasticIp": {
"Type": "AWS::EC2::EIP",
"Condition": "NatEnabledCondition",
"Properties": {
"Domain": "vpc"
}
},
"NatGateway1": {
"Type": "AWS::EC2::NatGateway",
"Condition": "NatEnabledCondition",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["NatGateway1ElasticIp", "AllocationId"]
},
"SubnetId": { "Ref": "PublicSubnet1" },
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }]
}
},
"NatGateway2ElasticIp": {
"Type": "AWS::EC2::EIP",
"Condition": "NatEnabledCondition",
"Properties": {
"Domain": "vpc"
}
},
"NatGateway2": {
"Type": "AWS::EC2::NatGateway",
"Condition": "NatEnabledCondition",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["NatGateway2ElasticIp", "AllocationId"]
},
"SubnetId": { "Ref": "PublicSubnet2" },
"Tags": [{ "Key": "Name", "Value": { "Ref": "AWS::StackName" } }]
}
},
"PrivateRouteTable0": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Sub": "${AWS::StackName}-private-0" }
}
]
}
},
"PrivateRouteTable0InternetRoute": {
"Type": "AWS::EC2::Route",
"Condition": "NatEnabledCondition",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": { "Ref": "PrivateRouteTable0" },
"NatGatewayId": { "Ref": "NatGateway0" }
}
},
"PrivateSubnet0": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::Select": [
3,
{
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }]
}
]
},
"MapPublicIpOnLaunch": false,
"AvailabilityZone": {
"Fn::Select": [0, { "Fn::GetAZs": { "Ref": "AWS::Region" } }]
},
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-private-0"
}
}
]
}
},
"PrivateSubnet0RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PrivateRouteTable0" },
"SubnetId": { "Ref": "PrivateSubnet0" }
}
},
"PrivateRouteTable1": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Sub": "${AWS::StackName}-private-1" }
}
]
}
},
"PrivateRouteTable1InternetRoute": {
"Type": "AWS::EC2::Route",
"Condition": "NatEnabledCondition",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": { "Ref": "PrivateRouteTable1" },
"NatGatewayId": { "Ref": "NatGateway1" }
}
},
"PrivateSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::Select": [
4,
{
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }]
}
]
},
"MapPublicIpOnLaunch": false,
"AvailabilityZone": {
"Fn::Select": [1, { "Fn::GetAZs": { "Ref": "AWS::Region" } }]
},
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-private-1"
}
}
]
}
},
"PrivateSubnet1RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PrivateRouteTable1" },
"SubnetId": { "Ref": "PrivateSubnet1" }
}
},
"PrivateRouteTable2": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": { "Fn::Sub": "${AWS::StackName}-private-2" }
}
]
}
},
"PrivateRouteTable2InternetRoute": {
"Type": "AWS::EC2::Route",
"Condition": "NatEnabledCondition",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": { "Ref": "PrivateRouteTable2" },
"NatGatewayId": { "Ref": "NatGateway2" }
}
},
"PrivateSubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": {
"Fn::Select": [
5,
{
"Fn::Cidr": [{ "Ref": "VpcCidr" }, 6, { "Ref": "SubnetCidrBits" }]
}
]
},
"MapPublicIpOnLaunch": false,
"AvailabilityZone": {
"Fn::Select": [2, { "Fn::GetAZs": { "Ref": "AWS::Region" } }]
},
"VpcId": { "Ref": "Vpc" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-private-2"
}
}
]
}
},
"PrivateSubnet2RouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": { "Ref": "PrivateRouteTable2" },
"SubnetId": { "Ref": "PrivateSubnet2" }
}
},
"SystemsManagerEndpoint": {
"Type": "AWS::EC2::VPCEndpoint",
"Properties": {
"VpcEndpointType": "Interface",
"PrivateDnsEnabled": true,
"VpcId": { "Ref": "Vpc" },
"SubnetIds": [
{ "Ref": "PrivateSubnet0" },
{ "Ref": "PrivateSubnet1" },
{ "Ref": "PrivateSubnet2" }
],
"SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }],
"ServiceName": {
"Fn::Sub": "com.amazonaws.${AWS::Region}.ssm"
}
}
},
"SystemsManagerMessagesEndpoint": {
"Type": "AWS::EC2::VPCEndpoint",
"Properties": {
"VpcEndpointType": "Interface",
"PrivateDnsEnabled": true,
"VpcId": { "Ref": "Vpc" },
"SubnetIds": [
{ "Ref": "PrivateSubnet0" },
{ "Ref": "PrivateSubnet1" },
{ "Ref": "PrivateSubnet2" }
],
"SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }],
"ServiceName": {
"Fn::Sub": "com.amazonaws.${AWS::Region}.ssmmessages"
}
}
},
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["ec2.amazonaws.com"]
},
"Action": ["sts:AssumeRole"]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
]
}
},
"InstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [{ "Ref": "InstanceRole" }]
}
},
"Instance": {
"Type": "AWS::EC2::Instance",
"DependsOn": "NatGateway0",
"Properties": {
"InstanceType": "t3.nano",
"KeyName": { "Ref": "KeyName" },
"ImageId": { "Ref": "ImageId" },
"SecurityGroupIds": [{ "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }],
"SubnetId": { "Ref": "PrivateSubnet0" },
"IamInstanceProfile": { "Ref": "InstanceProfile" },
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${AWS::StackName}-private"
}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash -xe",
"yum -y update",
"yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm"
]
]
}
}
}
}
},
"Outputs": {
"DefaultSecurityGroup": {
"Value": { "Fn::GetAtt": ["Vpc", "DefaultSecurityGroup"] }
},
"PublicSubnet0": {
"Value": { "Ref": "PublicSubnet0" }
},
"PublicSubnet1": {
"Value": { "Ref": "PublicSubnet1" }
},
"PublicSubnet2": {
"Value": { "Ref": "PublicSubnet2" }
},
"PrivateSubnet0": {
"Value": { "Ref": "PrivateSubnet0" }
},
"PrivateSubnet1": {
"Value": { "Ref": "PrivateSubnet1" }
},
"PrivateSubnet2": {
"Value": { "Ref": "PrivateSubnet2" }
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment