From 445aecf33a0a462294afc292a784710fd5b0a434 Mon Sep 17 00:00:00 2001 From: fidelis-ogunsanmi Date: Tue, 12 Jul 2022 09:37:08 -0400 Subject: [PATCH] module 5 changes --- 04-vpcs/exec.sh | 26 +++++ 04-vpcs/params.json | 10 ++ 04-vpcs/vpc-4-1-1.yaml | 56 ++++++++++ 04-vpcs/vpc-4-1-2.yaml | 103 +++++++++++++++++ 04-vpcs/vpc-4-1-4.yaml | 243 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 438 insertions(+) create mode 100755 04-vpcs/exec.sh create mode 100644 04-vpcs/params.json create mode 100644 04-vpcs/vpc-4-1-1.yaml create mode 100644 04-vpcs/vpc-4-1-2.yaml create mode 100644 04-vpcs/vpc-4-1-4.yaml diff --git a/04-vpcs/exec.sh b/04-vpcs/exec.sh new file mode 100755 index 00000000..a81caa37 --- /dev/null +++ b/04-vpcs/exec.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +PROFILE="fidelis" +STACK_NAME="fidelisEc2" +TEMPLATE="vpc-4-1-4.yaml" +PARAMETER="file://params.json" +KEY_NAME="fidelis" +REGION="us-east-1" + +# deploy stack +# aws cloudformation deploy --template-file $TEMPLATE \ +# --stack-name $STACK_NAME --profile $PROFILE \ +# --parameter-overrides $PARAMETER \ +# --region $REGION + +# clean up +aws cloudformation delete-stack \ + --stack-name $STACK_NAME \ + --profile $PROFILE \ + --region $REGION + +# create ec2 keypair +# aws ec2 create-key-pair --key-name $KEY_NAME \ +# --query 'KeyMaterial' \ +# --region $REGION --profile $PROFILE \ +# --output text > fidelis.pem \ No newline at end of file diff --git a/04-vpcs/params.json b/04-vpcs/params.json new file mode 100644 index 00000000..decfbda7 --- /dev/null +++ b/04-vpcs/params.json @@ -0,0 +1,10 @@ +{ + "Parameters": { + "VpcCIDR": "10.0.0.0/16", + "PublicSubnetCIDR": "10.0.0.0/24", + "PrivateSubnetCIDR": "10.0.1.0/24", + "AmiID": "ami-0cff7528ff583bf9a", + "InstanceType": "t2.micro", + "KeypairName": "fidelis" + } +} \ No newline at end of file diff --git a/04-vpcs/vpc-4-1-1.yaml b/04-vpcs/vpc-4-1-1.yaml new file mode 100644 index 00000000..97576ca0 --- /dev/null +++ b/04-vpcs/vpc-4-1-1.yaml @@ -0,0 +1,56 @@ +AWSTemplateFormatVersion: "2010-09-09" + +Description: CFN template to create VPC + +# Metadata: + +Parameters: + VpcCIDR: + Type: String + Description: The VPC CIDR block + + Ec2SubnetCIDR: + Type: String + Description: The Ec2 subnet CIDR block + +Resources: + VPC: + Type: AWS::EC2::VPC + Properties: + CidrBlock: !Ref VpcCIDR + EnableDnsSupport: true + EnableDnsHostnames: true + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-VPC" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-1 + + Ec2Subnet: + Type: AWS::EC2::Subnet + Properties: + VpcId: !Ref VPC + CidrBlock: !Ref Ec2SubnetCIDR + AvailabilityZone: !Select [ 0, !GetAZs ] + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-Ec2Subnet" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-1 + +Outputs: + VpcID: + Description: The VPC ID + Value: !Ref VPC + + Ec2SubnetID: + Description: The Ec2Subnet ID + Value: !Ref Ec2Subnet diff --git a/04-vpcs/vpc-4-1-2.yaml b/04-vpcs/vpc-4-1-2.yaml new file mode 100644 index 00000000..fe85e833 --- /dev/null +++ b/04-vpcs/vpc-4-1-2.yaml @@ -0,0 +1,103 @@ +AWSTemplateFormatVersion: "2010-09-09" + +Description: CFN template to create VPC + +# Metadata: + +Parameters: + VpcCIDR: + Type: String + Description: The VPC CIDR block + + PublicSubnetCIDR: + Type: String + Description: The Ec2 subnet CIDR block + +Resources: +# Create VPC + VPC: + Type: AWS::EC2::VPC + Properties: + CidrBlock: !Ref VpcCIDR + EnableDnsSupport: true + EnableDnsHostnames: true + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-VPC" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-1 + +# Create Internet Gateway + InternetGateway: + Type: AWS::EC2::InternetGateway + Properties: + Tags: + - Key: Name + Value: Test IGW + +# Attach Internet Gateway to VPC + InternetGatewayAttachment: + Type: AWS::EC2::VPCGatewayAttachment + Properties: + InternetGatewayId: !Ref InternetGateway + VpcId: !Ref VPC + +# Create Public Subnet + PublicSubnet: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select [ 0, !GetAZs ] + CidrBlock: !Ref PublicSubnetCIDR + MapPublicIpOnLaunch: true + VpcId: !Ref VPC + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PublicSubnet" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-1 + +# Create Route Table + PublicRouteTable: + Type: AWS::EC2::RouteTable + Properties: + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PublicRouteTable" ]] + VpcId: !Ref VPC + +# Add a Public Route to the Route Table + PublicRoute: + Type: AWS::EC2::Route + Properties: + DestinationCidrBlock: 0.0.0.0/0 + GatewayId: !Ref InternetGateway + RouteTableId: !Ref PublicRouteTable + +# Associate Public Subnet1 with Public Route Table + PublicSubnetRouteTableAssociation: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + RouteTableId: !Ref PublicRouteTable + SubnetId: !Ref PublicSubnet + +Outputs: + VpcID: + Description: The VPC ID + Value: !Ref VPC + Export: + Name: !Join ['', [!Ref "AWS::StackName", "-VPC" ]] + + PublicSubnetID: + Description: The Ec2Subnet ID + Value: !Ref PublicSubnet + Export: + Name: !Join ['', [!Ref "AWS::StackName", "-PublicSubnet" ]] + diff --git a/04-vpcs/vpc-4-1-4.yaml b/04-vpcs/vpc-4-1-4.yaml new file mode 100644 index 00000000..e44529f3 --- /dev/null +++ b/04-vpcs/vpc-4-1-4.yaml @@ -0,0 +1,243 @@ +AWSTemplateFormatVersion: "2010-09-09" + +Description: CFN template to create Ec2 Instance + +Parameters: + AmiID: + Type: String + Description: The AMI ID + + InstanceType: + Type: String + Description: The Instance Type + + KeypairName: + Description: Ec2 KeyPair name + Type: String + +# Conditions: +# EnabledNatGateway: !Equals [ !Ref createNatGateway, 'true' ] + +Resources: + +# Create Security Group for the Bastion Host aka Jump Box + WebAppSecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + VpcId: !ImportValue fidelisVPC-VPC + GroupDescription: "Allow HTTP/HTTPS and SSH inbound and outbound traffic" + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 80 + ToPort: 80 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 443 + ToPort: 443 + CidrIp: 0.0.0.0/0 + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: 0.0.0.0/0 + +# create ec2 instance + FidelisInstance: + Type: AWS::EC2::Instance + Properties: + InstanceType: !Ref InstanceType + ImageId: !Ref AmiID + SubnetId: !ImportValue fidelisVPC-PublicSubnet + KeyName: !Ref KeypairName + SecurityGroupIds: + - !GetAtt WebAppSecurityGroup.GroupId + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-FidelisInstance" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-1 + + MyEIP: + Type: AWS::EC2::EIP + Properties: + Domain: vpc + InstanceId: !Ref FidelisInstance + + MyNATEIP: + Type: AWS::EC2::EIP + Properties: + Domain: vpc + + myNatGW: + Type: AWS::EC2::NatGateway + Properties: + AllocationId: !GetAtt MyEIP.AllocationId + SubnetId: !ImportValue fidelisVPC-PublicSubnet + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-NatGW" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-7 + + PrivateSubnet: + Type: AWS::EC2::Subnet + Properties: + AvailabilityZone: !Select [ 0, !GetAZs '' ] + CidrBlock: !Ref PrivateSubnetCIDR + MapPublicIpOnLaunch: false + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PrivateSubnet" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-7 + VpcId: !ImportValue fidelisVPC-VPC + + PrivateRouteTable: + Type: AWS::EC2::RouteTable + Properties: + VpcId: !ImportValue fidelisVPC-VPC + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PrivateRouteTable" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-7 + + PrivateSubnetRouteTableAssociation: + Type: AWS::EC2::SubnetRouteTableAssociation + Properties: + RouteTableId: !Ref PrivateRouteTable + SubnetId: !Ref PrivateSubnet + + PrivateRoute: + Type: "AWS::EC2::Route" + Properties: + DestinationCidrBlock: "0.0.0.0/0" + RouteTableId: !Ref PrivateRouteTable + NatGatewayId: !Ref myNatGW + + MyPrivateEc2Instance: + Type: AWS::EC2::Instance + Properties: + InstanceType: !Ref InstanceType + ImageId: !Ref AmiID + KeyName: !Ref KeypairName + SubnetId: !Ref PrivateSubnet + SecurityGroupIds: + - !GetAtt PrivateSecurityGroup.GroupId + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PrivateInstance" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-7 + + PrivateSecurityGroup: + Type: 'AWS::EC2::SecurityGroup' + Properties: + GroupDescription: SSH Security Group + SecurityGroupIngress: + - IpProtocol: tcp + FromPort: 22 + ToPort: 22 + CidrIp: !Ref VpcCIDR + Tags: + - Key: Name + Value: SSH Security Group + VpcId: !Ref VPC + + PublicNacl: + Type: AWS::EC2::NetworkAcl + Properties: + VpcId: !ImportValue fidelisVPC-VPC + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PublicNacl" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-8 + VpcId: !ImportValue fidelisVPC-VPC + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PublicNacl" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-8 + + PublicNaclRule: + Type: AWS::EC2::NetworkAclEntry + Properties: + CidrBlock: 71.179.233.61/32 + Egress: false + NetworkAclId: !GetAtt PublicNacl.Id + PortRange: + From: 22 + To: 22 + Protocol: 6 + RuleAction: Allow + RuleNumber: 200 + + PrivateNacl: + Type: AWS::EC2::NetworkAcl + Properties: + VpcId: !ImportValue fidelisVPC-VPC + Tags: + - Key: Name + Value: !Join ['', [!Ref "AWS::StackName", "-PrivateNacl" ]] + - Key: User + Value: fidelis.ogunsanmi.labs + - Key: stelligent-u-lesson + Value: '4' + - Key: stelligent-u-lab + Value: 4-1-8 + + PrivateNaclRule: + Type: AWS::EC2::NetworkAclEntry + Properties: + CidrBlock: 10.0.0.0/24 + Egress: false + NetworkAclId: !GetAtt PrivateNacl.Id + PortRange: + From: 22 + To: 22 + Protocol: 6 + RuleAction: Allow + RuleNumber: 200 + +Outputs: + InstanceID: + Description: The Instance ID + Value: !Ref FidelisInstance + Export: + Name: !Join ['', [!Ref "AWS::StackName", "-InstanceID" ]] + + PrivateIp: + Description: The Private Ip + Value: !GetAtt FidelisInstance.PrivateIp + + PublicIp: + Description: The Private Ip + Value: !GetAtt FidelisInstance.PublicIp \ No newline at end of file