{ "Resources": { "VPCB9E5F0B4": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", "Tags": [ { "Key": "Name", "Value": "TestStack/VPC" } ] } }, "VPCPublicSubnet1SubnetB4246D30": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.0.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public" }, { "Key": "aws-cdk:subnet-type", "Value": "Public" }, { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet1" } ] } }, "VPCPublicSubnet1RouteTableFEE4B781": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet1" } ] } }, "VPCPublicSubnet1RouteTableAssociation0B0896DC": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "VPCPublicSubnet1RouteTableFEE4B781" }, "SubnetId": { "Ref": "VPCPublicSubnet1SubnetB4246D30" } } }, "VPCPublicSubnet1DefaultRoute91CEF279": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCPublicSubnet1RouteTableFEE4B781" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" } }, "DependsOn": [ "VPCVPCGW99B986DC" ] }, "VPCPublicSubnet1EIP6AD938E8": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet1" } ] } }, "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, "SubnetId": { "Ref": "VPCPublicSubnet1SubnetB4246D30" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet1" } ] } }, "VPCPublicSubnet2Subnet74179F39": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.32.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public" }, { "Key": "aws-cdk:subnet-type", "Value": "Public" }, { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet2" } ] } }, "VPCPublicSubnet2RouteTable6F1A15F1": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet2" } ] } }, "VPCPublicSubnet2RouteTableAssociation5A808732": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" }, "SubnetId": { "Ref": "VPCPublicSubnet2Subnet74179F39" } } }, "VPCPublicSubnet2DefaultRouteB7481BBA": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" } }, "DependsOn": [ "VPCVPCGW99B986DC" ] }, "VPCPublicSubnet2EIP4947BC00": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet2" } ] } }, "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, "SubnetId": { "Ref": "VPCPublicSubnet2Subnet74179F39" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet2" } ] } }, "VPCPublicSubnet3Subnet631C5E25": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.64.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", "MapPublicIpOnLaunch": true, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public" }, { "Key": "aws-cdk:subnet-type", "Value": "Public" }, { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet3" } ] } }, "VPCPublicSubnet3RouteTable98AE0E14": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet3" } ] } }, "VPCPublicSubnet3RouteTableAssociation427FE0C6": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "VPCPublicSubnet3RouteTable98AE0E14" }, "SubnetId": { "Ref": "VPCPublicSubnet3Subnet631C5E25" } } }, "VPCPublicSubnet3DefaultRouteA0D29D46": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCPublicSubnet3RouteTable98AE0E14" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "VPCIGWB7E252D3" } }, "DependsOn": [ "VPCVPCGW99B986DC" ] }, "VPCPublicSubnet3EIPAD4BC883": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet3" } ] } }, "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, "SubnetId": { "Ref": "VPCPublicSubnet3Subnet631C5E25" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PublicSubnet3" } ] } }, "VPCPrivateSubnet1Subnet8BCA10E0": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.96.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1a", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private" }, { "Key": "aws-cdk:subnet-type", "Value": "Private" }, { "Key": "Name", "Value": "TestStack/VPC/PrivateSubnet1" } ] } }, "VPCPrivateSubnet1RouteTableBE8A6027": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PrivateSubnet1" } ] } }, "VPCPrivateSubnet1RouteTableAssociation347902D1": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" }, "SubnetId": { "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" } } }, "VPCPrivateSubnet1DefaultRouteAE1D6490": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet1NATGatewayE0556630" } } }, "VPCPrivateSubnet2SubnetCFCDAA7A": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.128.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1b", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private" }, { "Key": "aws-cdk:subnet-type", "Value": "Private" }, { "Key": "Name", "Value": "TestStack/VPC/PrivateSubnet2" } ] } }, "VPCPrivateSubnet2RouteTable0A19E10E": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PrivateSubnet2" } ] } }, "VPCPrivateSubnet2RouteTableAssociation0C73D413": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" }, "SubnetId": { "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" } } }, "VPCPrivateSubnet2DefaultRouteF4F5CFD2": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet2NATGateway3C070193" } } }, "VPCPrivateSubnet3Subnet3EDCD457": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.160.0/19", "VpcId": { "Ref": "VPCB9E5F0B4" }, "AvailabilityZone": "test-region-1c", "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private" }, { "Key": "aws-cdk:subnet-type", "Value": "Private" }, { "Key": "Name", "Value": "TestStack/VPC/PrivateSubnet3" } ] } }, "VPCPrivateSubnet3RouteTable192186F8": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "Tags": [ { "Key": "Name", "Value": "TestStack/VPC/PrivateSubnet3" } ] } }, "VPCPrivateSubnet3RouteTableAssociationC28D144E": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "VPCPrivateSubnet3RouteTable192186F8" }, "SubnetId": { "Ref": "VPCPrivateSubnet3Subnet3EDCD457" } } }, "VPCPrivateSubnet3DefaultRoute27F311AE": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "VPCPrivateSubnet3RouteTable192186F8" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "VPCPublicSubnet3NATGatewayD3048F5C" } } }, "VPCIGWB7E252D3": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": "TestStack/VPC" } ] } }, "VPCVPCGW99B986DC": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "VPCB9E5F0B4" }, "InternetGatewayId": { "Ref": "VPCIGWB7E252D3" } } }, "BastionHostInstanceSecurityGroupE75D4274": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "TestStack/BastionHost/Resource/InstanceSecurityGroup", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1" } ], "Tags": [ { "Key": "Name", "Value": "BastionHost" } ], "VpcId": { "Ref": "VPCB9E5F0B4" } } }, "BastionHostInstanceRoleDD3FA5F1": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": { "Fn::Join": [ "", [ "ec2.", { "Ref": "AWS::URLSuffix" } ] ] } } } ], "Version": "2012-10-17" }, "Tags": [ { "Key": "Name", "Value": "BastionHost" } ] } }, "BastionHostInstanceRoleDefaultPolicy17347525": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "ssmmessages:*", "ssm:UpdateInstanceInformation", "ec2messages:*" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "BastionHostInstanceRoleDefaultPolicy17347525", "Roles": [ { "Ref": "BastionHostInstanceRoleDD3FA5F1" } ] } }, "BastionHostInstanceProfile770FCA07": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Roles": [ { "Ref": "BastionHostInstanceRoleDD3FA5F1" } ] } }, "BastionHost30F9ED05": { "Type": "AWS::EC2::Instance", "Properties": { "AvailabilityZone": "test-region-1a", "IamInstanceProfile": { "Ref": "BastionHostInstanceProfile770FCA07" }, "ImageId": { "Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter" }, "InstanceType": "t3.nano", "SecurityGroupIds": [ { "Fn::GetAtt": [ "BastionHostInstanceSecurityGroupE75D4274", "GroupId" ] } ], "SubnetId": { "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" }, "Tags": [ { "Key": "Name", "Value": "BastionHost" } ], "UserData": { "Fn::Base64": "#!/bin/bash\nyum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm" } }, "DependsOn": [ "BastionHostInstanceRoleDefaultPolicy17347525", "BastionHostInstanceRoleDD3FA5F1" ] } }, "Outputs": { "BastionHostBastionHostIdC743CBD6": { "Description": "Instance ID of the bastion host. Use this to connect via SSM Session Manager", "Value": { "Ref": "BastionHost30F9ED05" } } }, "Parameters": { "SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", "Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" } } }