-
Notifications
You must be signed in to change notification settings - Fork 581
/
nat-gateway.yml
132 lines (132 loc) · 3.14 KB
/
nat-gateway.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
AWSTemplateFormatVersion: '2010-09-09'
Description: NAT Gateway by Levon Becker v20160405-1100
Parameters:
Owner:
Description: Enter Team or Individual Name Responsible for the Stack.
Type: String
Default: FirstName LastName
Project:
Description: Enter Project Name.
Type: String
Default: NAT Gateway Creation
DeleteAfter:
Description: Enter Date It's Ok to Delete the Stack or 'Never' if meant to be
persistent.
Type: String
Default: 00/00/201x
VPC:
Description: Select VPC.
Type: AWS::EC2::VPC::Id
PublicSubnet:
Description: Public Subnet to Attach NAT Gateway.
Type: AWS::EC2::Subnet::Id
PrivateRouteTable:
Description: Enter Private Route Table ID.
Type: String
Default: rtb-0000000
PublicNetworkAcl:
Description: Enter Public Network ACL ID.
Type: String
Default: acl-0000000
AllowNatRuleNumber:
Description: Enter Public Network ACL Rule Number to Allow Return NAT Traffic.
Type: Number
Default: '120'
Resources:
NatGateway:
Type: AWS::EC2::NatGateway
DependsOn: NatEIP
Properties:
AllocationId:
Fn::GetAtt:
- NatEIP
- AllocationId
SubnetId:
Ref: PublicSubnet
NatEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
NatRoute:
Type: AWS::EC2::Route
DependsOn: NatGateway
Properties:
RouteTableId:
Ref: PrivateRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NatGateway
InboundPublicNetworkAclAllowNat:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId:
Ref: PublicNetworkAcl
RuleNumber:
Ref: AllowNatRuleNumber
Protocol: '6'
RuleAction: allow
Egress: 'false'
CidrBlock: 0.0.0.0/0
PortRange:
From: '1024'
To: '65535'
Outputs:
Owner:
Description: Team or Individual that Owns this Formation.
Value:
Ref: Owner
Project:
Description: The project name
Value:
Ref: Project
VPC:
Description: VPC Used
Value:
Ref: VPC
NatEIP:
Description: NAT Elastic IP Address
Value:
Ref: NatEIP
PublicNetworkACLRuleNumbers:
Description: Public Network ACL Rules Number Created.
Value:
Fn::Join:
- ''
- - Inbound (
- Ref: AllowNatRuleNumber
- ")"
DeleteAfter:
Description: It is ok to delete the Formation after this date
Value:
Ref: DeleteAfter
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Ownership
Parameters:
- Owner
- Project
- DeleteAfter
- Label:
default: Network Configuration
Parameters:
- VPC
- PublicSubnet
- PrivateRouteTable
- PublicNetworkAcl
- AllowNatRuleNumber
ParameterLabels:
Owner:
default: Team or Individual Owner
DeleteAfter:
default: Delete After Date
PublicSubnet:
default: Public Subnet
PrivateRouteTable:
default: Private Route Table
PublicNetworkAcl:
default: Public Network ACL
AllowNatRuleNumber:
default: Public Network ACL Rule Number