Amazon VPC with static routing to an existing VPN

Creates a private subnet with a VPN connection that uses static routing to an existing VPN endpoint.

3

Votes

{
  "AWSTemplateFormatVersion" : "2010-09-09",

  "Description" : "AWS CloudFormation Sample Template VPC_With_VPN_Connection: Sample template showing how to create a private subnet with a VPN connection using static routing to an existing VPN endpoint. NOTE: The VPNConnection created will define the configuration you need for the tunnels to your VPN endpoint - you can get the VPN Gateway configuration from the AWS Management console. You will be billed for the AWS resources used if you create a stack from this template.",

  "Parameters" : {
    "VPCCIDR" : {
      "Type" : "String",
      "Description" : "IP Address range for the VPN connected VPC",
      "MinLength": "9",
      "MaxLength": "18",
      "Default": "10.1.0.0/16",
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
    },

    "SubnetCIDR" : {
      "Type" : "String",
      "Description" : "IP Address range for the VPN connected Subnet",
      "MinLength": "9",
      "MaxLength": "18",
      "Default": "10.1.0.0/24",
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
    },

    "VPNAddress" : {
      "Type" : "String",
      "Description" : "IP Address of your VPN device",
      "MinLength": "7",
      "MaxLength": "15",
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})",
      "ConstraintDescription": "must be a valid IP address of the form x.x.x.x"
    },

    "OnPremiseCIDR" : {
      "Type" : "String",
      "Description" : "IP Address range for your existing infrastructure",
      "MinLength": "9",
      "MaxLength": "18",
      "Default": "10.0.0.0/16",
      "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
      "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
    }
  },

  "Resources" : {

    "VPC" : {
      "Type" : "AWS::EC2::VPC",
      "Properties" : {
        "EnableDnsSupport" : "true",
        "EnableDnsHostnames" : "true",
        "CidrBlock" : { "Ref" : "VPCCIDR" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "VPN Connected VPC" }
        ]
      }
    },

    "PrivateSubnet" : {
      "Type" : "AWS::EC2::Subnet",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "CidrBlock" : { "Ref" : "SubnetCIDR" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "VPN Connected Subnet" }
        ]
      }
    },

    "VPNGateway" : {
      "Type" : "AWS::EC2::VPNGateway",
      "Properties" : { 
        "Type" : "ipsec.1",
        "Tags" : [{ "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" }}]
      }
    },

    "VPNGatewayAttachment" : {
      "Type" : "AWS::EC2::VPCGatewayAttachment",
      "Properties" : { 
        "VpcId" : {"Ref" : "VPC"},
        "VpnGatewayId" : {"Ref" : "VPNGateway" }
      }
    },

    "CustomerGateway" : {
      "Type" : "AWS::EC2::CustomerGateway",
      "Properties" : {
        "Type" : "ipsec.1",
        "BgpAsn" : "65000", 
        "IpAddress" : { "Ref" : "VPNAddress" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "VPN", "Value" : { "Fn::Join" : ["", ["Gateway to ", {"Ref" : "VPNAddress"}]]}}
        ]
      }
    },

    "VPNConnection" : {
      "Type" : "AWS::EC2::VPNConnection",
      "Properties" : {
        "Type" : "ipsec.1",
        "StaticRoutesOnly" : "true",
        "CustomerGatewayId" : {"Ref" : "CustomerGateway"},
        "VpnGatewayId" : { "Ref" : "VPNGateway" }
      }
    },

    "VPNConnectionRoute" : {
      "Type" : "AWS::EC2::VPNConnectionRoute",
      "Properties" : {
        "VpnConnectionId" : { "Ref" : "VPNConnection" },
        "DestinationCidrBlock" : { "Ref" : "OnPremiseCIDR" }
      }
    },

    "PrivateRouteTable" : {
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "VPN Connected Subnet" }
        ]
      }
    },

    "PrivateSubnetRouteTableAssociation" : {
      "Type" : "AWS::EC2::SubnetRouteTableAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "PrivateSubnet" },
        "RouteTableId" : { "Ref" : "PrivateRouteTable" }
      }
    },

    "PrivateRoute" : {
      "Type" : "AWS::EC2::Route",
      "DependsOn" : "VPNGatewayAttachment",
      "Properties" : {
        "RouteTableId" : { "Ref" : "PrivateRouteTable" },
        "DestinationCidrBlock" : "0.0.0.0/0",
        "GatewayId" : { "Ref" : "VPNGateway" }
      }
    },

    "PrivateNetworkAcl" : {
      "Type" : "AWS::EC2::NetworkAcl",
      "Properties" : {
        "VpcId" : { "Ref" : "VPC" },
        "Tags" : [
          { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } },
          { "Key" : "Network", "Value" : "Private" }
        ]
      }
    },

    "InboundPrivateNetworkAclEntry" : {
      "Type" : "AWS::EC2::NetworkAclEntry",
      "Properties" : {
        "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" },
        "RuleNumber" : "100",
        "Protocol" : "6",
        "RuleAction" : "allow",
        "Egress" : "false",
        "CidrBlock" : "0.0.0.0/0",
        "PortRange" : { "From" : "0", "To" : "65535" }
      }
    },

    "OutBoundPrivateNetworkAclEntry" : {
      "Type" : "AWS::EC2::NetworkAclEntry",
      "Properties" : {
        "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" },
        "RuleNumber" : "100",
        "Protocol" : "6",
        "RuleAction" : "allow",
        "Egress" : "true",
        "CidrBlock" : "0.0.0.0/0",
        "PortRange" : { "From" : "0", "To" : "65535" }
      }
    },

    "PrivateSubnetNetworkAclAssociation" : {
      "Type" : "AWS::EC2::SubnetNetworkAclAssociation",
      "Properties" : {
        "SubnetId" : { "Ref" : "PrivateSubnet" },
        "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" }
      }
    }
  },

  "Outputs" : {
    "VPCId" : {
      "Description" : "VPCId of the newly created VPC",
      "Value" :  { "Ref" : "VPC" }
    },
    "PrivateSubnet" : {
      "Description" : "SubnetId of the VPN connected subnet",
      "Value" :  { "Ref" : "PrivateSubnet" }
    }
  }
}

Vote Here

You must earn at least 1 vote on your snippets to be allowed to vote

Terms Of Use

Privacy Policy

Featured snippets are MIT license

Gears & Masters

Advertise

DevOpsnipp.com © 2020

medium.png