Have ideas to improve npm?Join in the discussion! »

    @104corp/cfn-vpc-module

    1.7.0 • Public • Published

    CloudFormation VPC Module

    Build Status NPM version

    AWS VPC service deployment from CloudFromation Template

    Manage Resources

    • VPC
    • FlowLog
    • InternetGateway
    • NAT Gateway
    • EIP
    • Endpoint
    • DHCPOptions
    • Subnet
    • RouteTable
    • SecurityGroup (Privatelink)
    • S3 Bucket

    Install

    Install Node.js and npm first!

    npm i @104corp/cfn-vpc-module
    

    Usage

    • default
    ---
    AWSTemplateFormatVersion: '2010-09-09'
    Description: 'cfn-vpc-module example'
    Resources:
      Bucket:
        Type: 'AWS::CloudFormation::Stack'
        Properties:
          Parameters:
            VpcCIDR: '10.0.0.0/16'
            PublicSubnetACIDR: '10.0.1.0/24'
            PublicSubnetBCIDR: '10.0.2.0/24'
            PrivateSubnet1ACIDR: '10.0.3.0/24'
            PrivateSubnet1BCIDR: '10.0.4.0/24'
            PrivateSubnet2ACIDR: '10.0.5.0/24'
            PrivateSubnet2BCIDR: '10.0.6.0/24'
            PrivateSubnet3ACIDR: '10.0.7.0/24'
            PrivateSubnet3BCIDR: '10.0.8.0/24'
          TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'
    
    • With NAT Subnet
    ---
    AWSTemplateFormatVersion: '2010-09-09'
    Description: 'cfn-vpc-module example'
    Resources:
      Bucket:
        Type: 'AWS::CloudFormation::Stack'
        Properties:
          Parameters:
            VpcCIDR: '10.152.0.0/21'
            PublicSubnetACIDR: '10.152.0.0/26'
            PublicSubnetBCIDR: '10.152.0.64/26'
            PrivateSubnet1ACIDR: '10.152.1.0/24'
            PrivateSubnet1BCIDR: '10.152.2.0/24'
            PrivateSubnet2ACIDR: '10.152.3.0/24'
            PrivateSubnet2BCIDR: '10.152.4.0/24'
            PrivateSubnet3ACIDR: '10.152.5.0/24'
            PrivateSubnet3BCIDR: '10.152.6.0/24'
            NatSubnetACIDR: '10.152.0.128.0/26'
            NatSubnetBCIDR: '10.152.0.192.0/26'
            NatGatewayMultiAZ: 'true'
          TemplateURL: './node_modules/@104corp/cfn-vpc-module/module.yml'
    

    IAM Policy

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "devops-infra-cfn-vpc-module",
                "Effect": "Allow",
                "Action": [
                    "ec2:TerminateInstances",
                    "ec2:DeleteTags",
                    "s3:*",
                    "ec2:CreateTags",
                    "ec2:RunInstances",
                    "ec2:CreateNatGateway",
                    "ec2:*Address*",
                    "ec2:*FlowLogs",
                    "cloudformation:*",
                    "ec2:*NetworkAcl*",
                    "ec2:*Route*",
                    "ec2:StopInstances",
                    "ec2:Describe*",
                    "ec2:StartInstances",
                    "ec2:*Vpc*",
                    "ec2:*DhcpOptions*",
                    "ec2:*Gateway*",
                    "ec2:*SecurityGroup*",
                    "ec2:*Subnet*",
                    "logs:*"
                ],
                "Resource": "*"
            }
        ]
    }
    

    Package

    $ aws cloudformation package --template-file example.yml --s3-bucket <your cfn template bucket> --output-template-file packaged.yml
    

    Deploy

    $ aws cloudformation deploy --template-file packaged.yml --stack-name <your stack name>
    

    templates/main

    Description

    AWS-HUB-Shared Infrastructure included VPC, Subnet, Security Group ... etc.

    Parameters

    The list of parameters for this template:

    EnvType

    Type: String Default: Dev Description: Environment Type for this Stack.

    StackOwner

    Type: String Default: StackOwnerDefault Description: (Optional) Product Owner Name, default is StackOwnerDefault

    VpcCIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) VPC CIDR

    PublicSubnetACIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1a CIDR

    PublicSubnetBCIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Public Subnet-1b CIDR

    PrivateSubnet1ACIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-1 CIDR

    PrivateSubnet1BCIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-1 CIDR

    PrivateSubnet2ACIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-2 CIDR

    PrivateSubnet2BCIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-2 CIDR

    PrivateSubnet3ACIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1a-3 CIDR

    PrivateSubnet3BCIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) Private Subnet-1b-3 CIDR

    NatSubnetACIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

    NatSubnetBCIDR

    Type: String Default: 0.0.0.0/0 Description: (Require) NAT Subnet CIDR

    NatGatewayMultiAZ

    Type: String Default: true Description: (Optional) Enable Multi-AZ NAT Gateway of Route. default is true

    PublicRoutePropagationVpnGatewayId

    Type: String
    Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

    PrivateRoutePropagationVpnGatewayId

    Type: String
    Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

    NatRouteAPropagationVpnGatewayId

    Type: String
    Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

    NatRouteBPropagationVpnGatewayId

    Type: String
    Description: (Optional) When subnet route need support Propagation then enter VpnGatewayId. default is ``

    FlowLogEnable

    Type: String Default: false Description: (Optional) Enable VPC Flow log

    FlowLogTrafficType

    Type: String Default: ACCEPT

    FlowLogS3Replication

    Type: String
    Description: (Optional) Setting flow log replication to other S3.

    DHCPOptionNtpServers

    Type: CommaDelimitedList Default: 169.254.169.123 Description: (Optional) NTP Servers for instances, default is 169.254.169.123

    DHCPOptionDomainNameServers

    Type: CommaDelimitedList Default: AmazonProvidedDNS Description: (Optional) Domain Name Server for instances, default is AmazonProvidedDNS

    EndpointS3

    Type: String Default: false Description: (Optional) VPC Gateway Endpoint for S3, default is false

    EndpointDynamoDB

    Type: String Default: false Description: (Optional) VPC Gateway Endpoint for DynamoDB, default is false

    EndpointEC2

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2, default is false

    EndpointECS

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS, default is false

    EndpointSTS

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for STS, default is false

    EndpointCloudFormation

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudFormation, default is false

    EndpointEC2Messages

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for EC2 Messages, default is false

    EndpointECRAPI

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR API, default is false

    EndpointECRDKR

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECR DKR, default is false

    EndpointECSAgent

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Agent, default is false

    EndpointECSTelemetry

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for ECS Telemetry, default is false

    EndpointAppstreamAPI

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream API, default is false

    EndpointAppstreamStreaming

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for App stream streaming, default is false

    EndpointAthena

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Athena, default is false

    EndpointCloudTrail

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudTrail, default is false

    EndpointCodeBuild

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeBuild, default is false

    EndpointCodeCommit

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodeCommit, default is false

    EndpointCodePipeline

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CodePipeline, default is false

    EndpointConfig

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Config, default is false

    EndpointDatasync

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Datasync, default is false

    EndpointElasticInferenceRuntime

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic interface runtime, default is false

    EndpointElasticLoadBalancing

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Elastic balancing, default is false

    EndpointEvents

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch events, default is false

    EndpointExecuteAPI

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Execute API, default is false

    EndpointKinesisFirehose

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis Firehose, default is false

    EndpointKinesisStreams

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Kinesis streams, default is false

    EndpointKMS

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for KMS, default is false

    EndpointLogs

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch logs, default is false

    EndpointMonitoring

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for CloudWatch Monitoring, default is false

    EndpointSecretsManager

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for Secrets Manager, default is false

    EndpointSNS

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for SNS, default is false

    EndpointSQS

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for SQS, default is false

    EndpointSSM

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM, default is false

    EndpointSSMMessages

    Type: String Default: false Description: (Optional) VPC Interface Endpoint for SSM Messages, default is false

    NameSuffix

    Type: String
    Description: (Optional) Append with resource and export name with suffix.

    Resources

    The list of resources this template creates:

    VPC

    Type: AWS::EC2::VPC

    DHCPOptionsSetDefault

    Type: AWS::EC2::DHCPOptions

    DHCPOptionsSetAssociationDefault

    Type: AWS::EC2::VPCDHCPOptionsAssociation

    PublicSubnetA

    Type: AWS::EC2::Subnet

    PublicSubnetB

    Type: AWS::EC2::Subnet

    PrivateSubnet1A

    Type: AWS::EC2::Subnet

    PrivateSubnet1B

    Type: AWS::EC2::Subnet

    PrivateSubnet2A

    Type: AWS::EC2::Subnet

    PrivateSubnet2B

    Type: AWS::EC2::Subnet

    PrivateSubnet3A

    Type: AWS::EC2::Subnet

    PrivateSubnet3B

    Type: AWS::EC2::Subnet

    InternetGateway

    Type: AWS::EC2::InternetGateway

    VPCGatewayAttachment

    Type: AWS::EC2::VPCGatewayAttachment

    ProtectedSubnetA

    Type: AWS::EC2::Subnet

    ProtectedSubnetB

    Type: AWS::EC2::Subnet

    ProtectedRouteTableA

    Type: AWS::EC2::RouteTable

    ProtectedRouteTableB

    Type: AWS::EC2::RouteTable

    ProtectedRouteA

    Type: AWS::EC2::Route

    ProtectedRouteB

    Type: AWS::EC2::Route

    ProtectedRouteBMultiAZ

    Type: AWS::EC2::Route

    ProtectedSubnetARouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    ProtectedSubnetBRouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    NatEipA

    Type: AWS::EC2::EIP

    NatEipB

    Type: AWS::EC2::EIP

    NatGatewayA

    Type: AWS::EC2::NatGateway

    NatGatewayB

    Type: AWS::EC2::NatGateway

    PublicRouteTable

    Type: AWS::EC2::RouteTable

    PrivateRouteTable

    Type: AWS::EC2::RouteTable

    PublicRoutePropagation

    Type: AWS::EC2::VPNGatewayRoutePropagation

    PrivateRoutePropagation

    Type: AWS::EC2::VPNGatewayRoutePropagation

    ProtectedRouteAPropagation

    Type: AWS::EC2::VPNGatewayRoutePropagation

    ProtectedRouteBPropagation

    Type: AWS::EC2::VPNGatewayRoutePropagation

    PublicSubnetARouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PublicSubnetBRouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PrivateSubnet1ARouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PrivateSubnet2ARouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PrivateSubnet3ARouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PrivateSubnet1BRouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PrivateSubnet2BRouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PrivateSubnet3BRouteTableAssociation

    Type: AWS::EC2::SubnetRouteTableAssociation

    PublicRoute

    Type: AWS::EC2::Route

    VPCEndpointS3

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointDynamoDB

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointEC2

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointECS

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointSTS

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointCloudFormation

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointEC2Messages

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointECRAPI

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointECRDKR

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointECSAgent

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointECSTelemetry

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointAppstreamAPI

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointAppstreamStreaming

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointAthena

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointCloudTrail

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointCodeBuild

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointCodeCommit

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointCodePipeline

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointConfig

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointDatasync

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointElasticInferenceRuntime

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointElasticLoadBalancing

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointEvents

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointExecuteAPI

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointKinesisFirehose

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointKinesisStreams

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointKMS

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointLogs

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointMonitoring

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointSecretsManager

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointSNS

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointSQS

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointSSM

    Type: AWS::EC2::VPCEndpoint

    VPCEndpointSSMMessages

    Type: AWS::EC2::VPCEndpoint

    VPCPrivatelinkSecurityGroup

    Type: AWS::EC2::SecurityGroup

    VPCFlowLog

    Type: AWS::EC2::FlowLog

    VPCFlowLogS3Bucket

    Type: AWS::S3::Bucket

    Outputs

    The list of outputs this template exposes:

    VPC

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['VPC', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

    InternetGateway

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['IGW', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

    DefaultSecurityGroup

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SG', 'default', {'Ref': 'EnvType'}]]}]}

    PublicSubnetA

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1a', '1', {'Ref': 'EnvType'}]]}]}

    PublicSubnetB

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'public', '1c', '1', {'Ref': 'EnvType'}]]}]}

    PrivateSubnet1A

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '1', {'Ref': 'EnvType'}]]}]}

    PrivateSubnet1B

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '1', {'Ref': 'EnvType'}]]}]}

    PrivateSubnet2A

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '2', {'Ref': 'EnvType'}]]}]}

    PrivateSubnet2B

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '2', {'Ref': 'EnvType'}]]}]}

    PrivateSubnet3A

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1a', '3', {'Ref': 'EnvType'}]]}]}

    PrivateSubnet3B

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'private', '1c', '3', {'Ref': 'EnvType'}]]}]}

    VPCPrivatelinkSecurityGroup

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['SN', 'privatelink', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

    DHCPOptionsSetDefault

    Export name: {'Fn::If': ['HasNameSuffix', {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}, {'Ref': 'NameSuffix'}]]}, {'Fn::Join': ['-', ['DhcpOptionSetDefault', 'hub', 'shared', {'Ref': 'EnvType'}]]}]}

    Maintenance

    Maintainers:

    • 104corp

    Install

    npm i @104corp/cfn-vpc-module

    DownloadsWeekly Downloads

    1

    Version

    1.7.0

    License

    Apache-2.0

    Unpacked Size

    98.1 kB

    Total Files

    18

    Last publish

    Collaborators

    • avatar