Code Monkey home page Code Monkey logo

vpc-starter-template's Introduction

1Strategy AWS VPC template

This VPC template is a complete CloudFormation template to build out a VPC network with public and private subnets in three AWS Availability Zones.

"Public" means subnets can receive traffic directly from the Internet. Traffic outbound from a public subnet usually goes through an Internet Gateway. "Private" means that a subnet cannot receive traffic directly from the Internet. Traffic outbound from a private subnet usually goes through a NAT Gateway.

Most of the subnetting ideas come from this excellent AWS blog post on Practical VPC Design.

IP Address Layout

You'll first need to determine your IP Address CIDR block for your VPC. In this example, we are using the 10.0.0.0/8 private address space.

We have carved the example 10.0.0.0/8 address space into four /10 address spaces. A /10 address space is assigned to a given AWS Region. This means we could be in four different AWS Regions. In practice we will use only two Regions, US-West-2 and US-East-1. This will support up to 64 /16 VPCs in each Region.

Location AWS Region IP CIDR Address Range
Oregon us-west-2 10.0.0.0/10 10.0.0.1 - 10.63.255.255
Virginia us-east-1 10.64.0.0/10 10.64.0.1 - 10.127.255.255
reserved 10.128.0.0/10 10.128.0.0 - 10.191.255.255
reserved 10.192.0.0/10 10.192.0.1 - 10.255.255.255

Example VPC CIDR blocks

Here are the example VPC CIDR blocks we'll be using:

Oregon (us-west-2):   10.0.0.0/16
Virginia (us-east-1): 10.64.0.0/16

See the AWS VPC sizing docs for more info.

You are free to use any /16 to /28 CIDR block in the RFC 1918 private address range, but the VPC CIDR range you pick for this template should not overlap with any existing IP CIDR address ranges, either on-prem or in another AWS VPC.

VPC Template Parameters

To deploy this VPC template, you'll need to know the VPC CIDR block, the three public, and three private subnet CIDR blocks.

Parameter Description Example
VpcCidrParam IPv4 CIDR block (/16 to /28) 10.0.0.0/16
PublicAZASubnetBlock AZ A public subnet block 10.0.32.0/20
PublicAZBSubnetBlock AZ B public subnet block ""
PublicAZCSubnetBlock AZ C public subnet block ""
PrivateAZASubnetBlock AZ A private subnet block 10.0.64.0/19
PrivateAZBSubnetBlock AZ B private subnet block ""
PrivateAZCSubnetBlock AZ C private subnet block ""

To make it easier to specify these parameters on the command line, you can use the example Parameters files included in the parameters/ directory.

How to Deploy

Prerequisites

If you'd like to deploy this stack via the command line, you'll need the AWS CLI.

Validate/Lint Stack

aws cloudformation validate-template --template-body file://network.yaml

Deploy Stack

You will need to verify you have the appropriate parameters file for the AWS Region and account/environment you want to deploy to. See ./parameters/<region>/<acct>.json. For example parameters/us-west-2/dev.json.

aws cloudformation create-stack --template-body file://network.yaml --stack-name main-vpc --parameters file://parameters/us-west-2/dev.json

Update Stack

aws cloudformation update-stack --template-body file://network.yaml --stack-name main-vpc --parameters file://parameters/us-west-2/dev.json

Template Outputs/Exports

AWS CloudFormation supports exporting Resource names and properties. You can import these Cross-Stack References in other templates.

This VPC template exports the following values for use in other CloudFormaton templates. Each export is prefixed with the Stack Name. For example, if you name the stack "main-vpc" when you launch it, the VPC's public route table will be exported as "main-vpc-public-rtb"

Export Description Example
main-vpc-VpcId VPC Id vpc-1234abcd
main-vpc-public-rtb Public Route table Id (shared by all public subnets) rtb-1234abcd
main-vpc-public-AZ-A-subnet AZ A public subnet Id subnet-1234abcd
main-vpc-public-AZ-B-subnet AZ B public subnet Id ""
main-vpc-public-AZ-C-subnet AZ C public subnet Id ""
main-vpc-private-AZ-A-subnet AZ A private subnet Id subnet-abcd1234
main-vpc-private-AZ-B-subnet AZ A private subnet Id ""
main-vpc-private-AZ-C-subnet AZ A private subnet Id ""
main-vpc-private-AZ-A-rtb Route table for private subnets in AZ A rtb-abcd1234
main-vpc-private-AZ-B-rtb Route table for private subnets in AZ B ""
main-vpc-private-AZ-C-rtb Route table for private subnets in AZ C ""

License

Licensed under the Apache License, Version 2.0.

vpc-starter-template's People

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.