vpc.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Simple VPC template with private and public subnets, optional flow logs.

Parameters:
  EnableFlowLogs:
    Default: false
    Type: String
    AllowedValues: [ true, false ]

Conditions:
  FlowLogsEnabled: !Equals [ !Ref EnableFlowLogs, true ]

Resources:
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.10.0.0/16
      EnableDnsHostnames: true
      EnableDnsSupport: true
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-vpc-1'

  PublicSubnet:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Sub "${AWS::Region}a"
      CidrBlock: 10.10.10.0/24
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-pubsubnet-1'

  PublicSubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Sub "${AWS::Region}b"
      CidrBlock: 10.10.20.0/24
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-pubsubnet-2'

  PrivateSubnet:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Sub "${AWS::Region}a"
      CidrBlock: 10.10.110.0/24
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-privsubnet-1'

  PrivateSubnet2:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Sub "${AWS::Region}a"
      CidrBlock: 10.10.120.0/24
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-privsubnet-2'

  PrivateSubnet3:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Sub "${AWS::Region}b"
      CidrBlock: 10.10.130.0/24
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-privsubnet-3'

  PrivateSubnet4:
    Type: 'AWS::EC2::Subnet'
    Properties:
      AvailabilityZone: !Sub "${AWS::Region}b"
      CidrBlock: 10.10.140.0/24
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-privsubnet-4'

  # Public route table:
  PublicRoute:
    Type: 'AWS::EC2::Route'
    Properties:
      RouteTableId: !Ref PublicRouteTable
      GatewayId: !Ref IGW
      DestinationCidrBlock: 0.0.0.0/0

  PublicRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-public-routetable'

  SubnetRouteTableAssociation1:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet

  SubnetRouteTableAssociation2:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnet2

  # Private route table:
  PrivateRoute1:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      # Route traffic through the NAT Gateway:
      NatGatewayId: !Ref NATGateway

  PrivateRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-private-routetable

  SubnetRouteTableAssociation3:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet

  SubnetRouteTableAssociation4:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet2

  SubnetRouteTableAssociation5:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet3

  SubnetRouteTableAssociation6:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PrivateRouteTable
      SubnetId: !Ref PrivateSubnet4

  IGW:
    Type: 'AWS::EC2::InternetGateway'
    Properties:
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-igw-1'

  VPC1IGW1Attachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      InternetGatewayId: !Ref IGW
      VpcId: !Ref VPC

  NACL:
    Type: 'AWS::EC2::NetworkAcl'
    Properties:
      VpcId: !Ref VPC
      Tags:
      - Key: Name
        Value: !Sub '${AWS::StackName}-nacl-1'

  NACLEntryIngress:
    Type: 'AWS::EC2::NetworkAclEntry'
    Properties:
      NetworkAclId: !Ref NACL
      RuleNumber: 100
      Protocol: -1
      RuleAction: allow
      Egress: false
      CidrBlock: 0.0.0.0/0

  NACLEntryEgress:
    Type: 'AWS::EC2::NetworkAclEntry'
    Properties:
      NetworkAclId: !Ref NACL
      RuleNumber: 100
      Protocol: -1
      RuleAction: allow
      Egress: true
      CidrBlock: 0.0.0.0/0

  SubnetNACL:
    Type: 'AWS::EC2::SubnetNetworkAclAssociation'
    Properties:
      NetworkAclId: !Ref NACL
      SubnetId: !Ref PublicSubnet


  # NAT Gateway:
  NATGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      AllocationId: !GetAtt NatEip.AllocationId
      SubnetId: !Ref PublicSubnet
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-nat
  NatEip:
    Type: AWS::EC2::EIP
    Properties:
      Domain: vpc
      Tags:
      - Key: Name
        Value: !Sub ${AWS::StackName}-eip

  # TODO: Flush out FlowLogs
  FlowLogs:
    Type: AWS::EC2::FlowLog
    Condition: FlowLogsEnabled
    Properties:
      ResourceId: !Ref VPC
      ResourceType: VPC
      TrafficType: ALL

Outputs:
  VpcId:
    Value: !Ref VPC
    Description: VPC Id
    Export:
      Name: !Sub "${AWS::StackName}-VpcId"

  VpcCidr:
    Value: !GetAtt VPC.CidrBlock
    Description: VPC CIDR block
    Export:
      Name: !Sub "${AWS::StackName}-cidr"

  PublicSubnet1:
    Value: !Ref PublicSubnet
    Description: Public Subnet
    Export:
      Name: !Sub "${AWS::StackName}-PublicSubnet1"

  PublicSubnet2:
    Value: !Ref PublicSubnet2
    Description: Public Subnet2
    Export:
      Name: !Sub "${AWS::StackName}-PublicSubnet2"

  PrivateSubnet1:
    Value: !Ref PrivateSubnet
    Description: Private Subnet
    Export:
      Name: !Sub "${AWS::StackName}-PrivateSubnet1"

  PrivateSubnet2:
    Value: !Ref PrivateSubnet2
    Description: Private Subnet2
    Export:
      Name: !Sub "${AWS::StackName}-PrivateSubnet2"

  PrivateSubnet3:
    Value: !Ref PrivateSubnet3
    Description: Private Subnet3
    Export:
      Name: !Sub "${AWS::StackName}-PrivateSubnet3"

  PrivateSubnet4:
    Value: !Ref PrivateSubnet4
    Description: Private Subnet4
    Export:
      Name: !Sub "${AWS::StackName}-PrivateSubnet4"