Skip to content

Instantly share code, notes, and snippets.

@miyamoto-daisuke

miyamoto-daisuke/multiple-vpn-connection.template

Created March 15, 2013 08:48
Show Gist options
  • Save miyamoto-daisuke/5168418 to your computer and use it in GitHub Desktop.
Save miyamoto-daisuke/5168418 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
multiple-vpn-connection.template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Multiple VPN Connection between VPCs.",
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the web server",
"Type" : "String"
},
"SSHFrom": {
"Description": "Lockdown SSH access to the bastion host (default can be accessed from anywhere)",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
}
},
"Resources": {
"CfnUser" : {
"Type" : "AWS::IAM::User",
"Properties" : {
"Path" : "/",
"Policies" : [{
"PolicyName" : "Admin",
"PolicyDocument" : {
"Statement" : [{
"Effect" : "Allow",
"Action" : "*",
"Resource" : "*"
}]
}
}]
}
},
"HostKeys" : {
"Type" : "AWS::IAM::AccessKey",
"Properties" : {
"UserName" : {"Ref": "CfnUser"}
}
},
"VpcA" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.0.0.0/16",
"InstanceTenancy" : "default",
"Tags" : [{"Key": "Name", "Value": "vpc-A"}]
}
},
"IgwA" : {
"Type" : "AWS::EC2::InternetGateway"
},
"IgwAttachmentA" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : {"Ref": "VpcA"},
"InternetGatewayId" : {"Ref": "IgwA"}
}
},
"SubnetAFront" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"CidrBlock" : "10.0.0.0/24",
"Tags" : [{"Key": "Name", "Value": "subnet-A-front"}],
"VpcId" : {"Ref": "VpcA"}
}
},
"SubnetABack" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"CidrBlock" : "10.0.1.0/24",
"Tags" : [{"Key": "Name", "Value": "subnet-A-back"}],
"VpcId" : {"Ref": "VpcA"}
}
},
"SgASsh" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22 for VPC-A",
"SecurityGroupIngress": [
{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : {"Ref": "SSHFrom"}
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcA"}
}
},
"SgAOpenvpn" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable OpenVPN connection via port 1194 and 1195 for VPC-A",
"SecurityGroupIngress": [
{
"IpProtocol" : "udp",
"FromPort" : "1194",
"ToPort" : "1194",
"CidrIp" : { "Fn::Join" : [ "/", [ { "Ref" : "EipB" }, "32" ] ] }
},
{
"IpProtocol" : "udp",
"FromPort" : "1195",
"ToPort" : "1195",
"CidrIp" : { "Fn::Join" : [ "/", [ { "Ref" : "EipC" }, "32" ] ] }
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcA"}
}
},
"SgAIcmp" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable ping for VPC-A",
"SecurityGroupIngress": [
{
"IpProtocol" : "icmp",
"FromPort" : "-1",
"ToPort" : "-1",
"CidrIp" : "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcA"}
}
},
"RtbA" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref": "VpcA"},
"Tags" : []
}
},
"RouteAToIgw": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "0.0.0.0/0",
"RouteTableId" : {"Ref": "RtbA"},
"GatewayId" : {"Ref": "IgwA"}
}
},
"RouteAToB": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "10.1.0.0/16",
"RouteTableId" : {"Ref": "RtbA"},
"InstanceId" : {"Ref": "Ec2OpenvpnA"}
}
},
"RouteAToC": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "10.2.0.0/16",
"RouteTableId" : {"Ref": "RtbA"},
"InstanceId" : {"Ref": "Ec2OpenvpnA"}
}
},
"RtbassocAFront" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref": "RtbA"},
"SubnetId" : {"Ref": "SubnetAFront"}
}
},
"RtbassocABack" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref": "RtbA"},
"SubnetId" : {"Ref": "SubnetABack"}
}
},
"VpcB" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.1.0.0/16",
"InstanceTenancy" : "default",
"Tags" : [{"Key": "Name", "Value": "vpc-B"}]
}
},
"IgwB" : {
"Type" : "AWS::EC2::InternetGateway"
},
"IgwAttachmentB" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : {"Ref": "VpcB"},
"InternetGatewayId" : {"Ref": "IgwB"}
}
},
"SubnetBFront" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"CidrBlock" : "10.1.0.0/24",
"Tags" : [{"Key": "Name", "Value": "subnet-B-front"}],
"VpcId" : {"Ref": "VpcB"}
}
},
"SubnetBBack" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"CidrBlock" : "10.1.1.0/24",
"Tags" : [{"Key": "Name", "Value": "subnet-B-back"}],
"VpcId" : {"Ref": "VpcB"}
}
},
"SgBSsh" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22 for VPC-B",
"SecurityGroupIngress": [
{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : {"Ref": "SSHFrom"}
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcB"}
}
},
"SgBOpenvpn" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable OpenVPN connection via port 1194 for VPC-B",
"SecurityGroupIngress": [
{
"IpProtocol" : "udp",
"FromPort" : "1194",
"ToPort" : "1194",
"CidrIp" : { "Fn::Join" : [ "/", [ { "Ref" : "EipA" }, "32" ] ] }
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcB"}
}
},
"SgBIcmp" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable ping for VPC-B",
"SecurityGroupIngress": [
{
"IpProtocol" : "icmp",
"FromPort" : "-1",
"ToPort" : "-1",
"CidrIp" : "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcB"}
}
},
"RtbB" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref": "VpcB"},
"Tags" : []
}
},
"RouteBToIgw": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "0.0.0.0/0",
"RouteTableId" : {"Ref": "RtbB"},
"GatewayId" : {"Ref": "IgwB"}
}
},
"RouteBToA": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "10.0.0.0/16",
"RouteTableId" : {"Ref": "RtbB"},
"InstanceId" : {"Ref": "Ec2OpenvpnB"}
}
},
"RtbassocBFront" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref": "RtbB"},
"SubnetId" : {"Ref": "SubnetBFront"}
}
},
"RtbassocBBack" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref": "RtbB"},
"SubnetId" : {"Ref": "SubnetBBack"}
}
},
"VpcC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "10.2.0.0/16",
"InstanceTenancy" : "default",
"Tags" : [{"Key": "Name", "Value": "vpc-C"}]
}
},
"IgwC" : {
"Type" : "AWS::EC2::InternetGateway"
},
"IgwAttachmentC" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : {"Ref": "VpcC"},
"InternetGatewayId" : {"Ref": "IgwC"}
}
},
"SubnetCFront" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"CidrBlock" : "10.2.0.0/24",
"Tags" : [{"Key": "Name", "Value": "subnet-C-front"}],
"VpcId" : {"Ref": "VpcC"}
}
},
"SubnetCBack" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"CidrBlock" : "10.2.1.0/24",
"Tags" : [{"Key": "Name", "Value": "subnet-C-back"}],
"VpcId" : {"Ref": "VpcC"}
}
},
"SgCSsh" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22 for VPC-C",
"SecurityGroupIngress": [
{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : {"Ref": "SSHFrom"}
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcC"}
}
},
"SgCOpenvpn" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable OpenVPN connection via port 1195 for VPC-C",
"SecurityGroupIngress": [
{
"IpProtocol" : "udp",
"FromPort" : "1195",
"ToPort" : "1195",
"CidrIp": { "Fn::Join" : [ "/", [ { "Ref" : "EipA" }, "32" ] ] }
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcC"}
}
},
"SgCIcmp" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable ping for VPC-C",
"SecurityGroupIngress": [
{
"IpProtocol" : "icmp",
"FromPort" : "-1",
"ToPort" : "-1",
"CidrIp" : "0.0.0.0/0"
}
],
"SecurityGroupEgress": [
{
"IpProtocol" : "-1",
"FromPort" : "0",
"ToPort" : "65536",
"CidrIp" : "0.0.0.0/0"
}
],
"VpcId" : {"Ref": "VpcC"}
}
},
"RtbC" : {
"Type" : "AWS::EC2::RouteTable",
"Properties" : {
"VpcId" : {"Ref": "VpcC"},
"Tags" : []
}
},
"RouteCToIgw": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "0.0.0.0/0",
"RouteTableId" : {"Ref": "RtbC"},
"GatewayId" : {"Ref": "IgwC"}
}
},
"RouteCToA": {
"Type" : "AWS::EC2::Route",
"Properties" : {
"DestinationCidrBlock" : "10.0.0.0/16",
"RouteTableId" : {"Ref": "RtbC"},
"InstanceId" : {"Ref": "Ec2OpenvpnC"}
}
},
"RtbassocCFront" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref": "RtbC"},
"SubnetId" : {"Ref": "SubnetCFront"}
}
},
"RtbassocCBack" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"RouteTableId" : {"Ref": "RtbC"},
"SubnetId" : {"Ref": "SubnetCBack"}
}
},
"Ec2OpenvpnA" : {
"Type" : "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"sources" : {},
"packages" : {
"yum" : {
"openvpn" : []
}
},
"files" : {
"/etc/openvpn/a-to-b.conf" : {
"content" : { "Fn::Join" :["", [
"port 1194\n",
"proto udp\n",
"dev tun\n",
"secret \"/etc/openvpn/openvpn-key-ab.txt\"\n",
"\n",
"remote ", { "Ref" : "EipB" }, "\n",
"route 10.1.0.0 255.255.0.0\n",
"\n",
"ifconfig 10.254.0.1 10.254.0.2\n",
"\n",
"status openvpn-status-ab.log\n",
"verb 3"
]] },
"mode" : "000644",
"owner" : "root",
"group" : "root"
},
"/etc/openvpn/a-to-c.conf" : {
"content" : { "Fn::Join" :["", [
"port 1195\n",
"proto udp\n",
"dev tun\n",
"secret \"/etc/openvpn/openvpn-key-ac.txt\"\n",
"\n",
"remote ", { "Ref" : "EipC" }, "\n",
"route 10.2.0.0 255.255.0.0\n",
"\n",
"ifconfig 10.254.0.3 10.254.0.4\n",
"\n",
"status openvpn-status-ac.log\n",
"verb 3"
]] },
"mode" : "000644",
"owner" : "root",
"group" : "root"
}
},
"services" : {}
}
}
},
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"ImageId" : "ami-54cf5c3d",
"InstanceType" : "t1.micro",
"KernelId" : "aki-88aa75e1",
"KeyName" : { "Ref" : "KeyName" },
"Monitoring" : "False",
"PrivateIpAddress" : "10.0.0.10",
"SecurityGroupIds" : [
{ "Ref" : "SgASsh" },
{ "Ref" : "SgAOpenvpn" },
{ "Ref" : "SgAIcmp" }
],
"SourceDestCheck" : "False",
"SubnetId" : {"Ref": "SubnetAFront"},
"Tags" : [{"Key": "Name", "Value": "mvpc-openvpn-A"}],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"yum -y update\n",
"sed -i -e \"s/^net\\.ipv4\\.ip_forward\\s*=\\s*0/net.ipv4.ip_forward = 1/\" /etc/sysctl.conf\n",
"sysctl -p\n",
"/opt/aws/bin/cfn-init -s ", {"Ref" : "AWS::StackName"}, " -r Ec2OpenvpnA ",
" --access-key ", {"Ref" : "HostKeys"},
" --secret-key ", {"Fn::GetAtt" : ["HostKeys", "SecretAccessKey"]},
" --region ", {"Ref" : "AWS::Region"}, "\n",
"openvpn --genkey --secret /etc/openvpn/openvpn-key-ab.txt\n",
"openvpn --genkey --secret /etc/openvpn/openvpn-key-ac.txt\n"
]]}}
}
},
"Ec2TerminalA" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"ImageId" : "ami-54cf5c3d",
"InstanceType" : "t1.micro",
"KernelId" : "aki-88aa75e1",
"KeyName" : { "Ref" : "KeyName" },
"Monitoring" : "False",
"PrivateIpAddress" : "10.0.1.11",
"SourceDestCheck" : "True",
"SubnetId" : {"Ref": "SubnetABack"},
"Tags" : [{"Key": "Name", "Value": "mvpc-terminal-A"}],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"yum -y update\n"
]]}}
}
},
"Ec2OpenvpnB" : {
"Type" : "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"sources" : {},
"packages" : {
"yum" : {
"openvpn" : []
}
},
"files" : {
"/etc/openvpn/b-to-a.conf" : {
"content" : { "Fn::Join" :["", [
"port 1194\n",
"proto udp\n",
"dev tun\n",
"secret \"/etc/openvpn/openvpn-key-ab.txt\"\n",
"\n",
"remote ", { "Ref" : "EipA" }, "\n",
"route 10.0.0.0 255.255.0.0\n",
"\n",
"ifconfig 10.254.0.2 10.254.0.1\n",
"\n",
"status openvpn-status-ba.log\n",
"verb 3"
]] },
"mode" : "000644",
"owner" : "root",
"group" : "root"
}
},
"services" : {}
}
}
},
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"ImageId" : "ami-54cf5c3d",
"InstanceType" : "t1.micro",
"KernelId" : "aki-88aa75e1",
"KeyName" : { "Ref" : "KeyName" },
"Monitoring" : "False",
"PrivateIpAddress" : "10.1.0.20",
"SecurityGroupIds" : [
{ "Ref" : "SgBSsh" },
{ "Ref" : "SgBOpenvpn" },
{ "Ref" : "SgBIcmp" }
],
"SourceDestCheck" : "False",
"SubnetId" : {"Ref": "SubnetBFront"},
"Tags" : [{"Key": "Name", "Value": "mvpc-openvpn-B"}],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"yum -y update\n",
"sed -i -e \"s/^net\\.ipv4\\.ip_forward\\s*=\\s*0/net.ipv4.ip_forward = 1/\" /etc/sysctl.conf\n",
"sysctl -p\n",
"/opt/aws/bin/cfn-init -s ", {"Ref" : "AWS::StackName"}, " -r Ec2OpenvpnB ",
" --access-key ", {"Ref" : "HostKeys"},
" --secret-key ", {"Fn::GetAtt" : ["HostKeys", "SecretAccessKey"]},
" --region ", {"Ref" : "AWS::Region"}, "\n"
]]}}
}
},
"Ec2TerminalB" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"ImageId" : "ami-54cf5c3d",
"InstanceType" : "t1.micro",
"KernelId" : "aki-88aa75e1",
"KeyName" : { "Ref" : "KeyName" },
"Monitoring" : "False",
"PrivateIpAddress" : "10.1.1.21",
"SourceDestCheck" : "True",
"SubnetId" : {"Ref": "SubnetBBack"},
"Tags" : [{"Key": "Name", "Value": "mvpc-terminal-B"}],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"yum -y update\n"
]]}}
}
},
"Ec2OpenvpnC" : {
"Type" : "AWS::EC2::Instance",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"sources" : {},
"packages" : {
"yum" : {
"openvpn" : []
}
},
"files" : {
"/etc/openvpn/c-to-a.conf" : {
"content" : { "Fn::Join" :["", [
"port 1195\n",
"proto udp\n",
"dev tun\n",
"secret \"/etc/openvpn/openvpn-key-ac.txt\"\n",
"\n",
"remote ", { "Ref" : "EipA" }, "\n",
"route 10.0.0.0 255.255.0.0\n",
"\n",
"ifconfig 10.254.0.4 10.254.0.3\n",
"\n",
"status openvpn-status-ca.log\n",
"verb 3"
]] },
"mode" : "000644",
"owner" : "root",
"group" : "root"
}
},
"services" : {}
}
}
},
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"ImageId" : "ami-54cf5c3d",
"InstanceType" : "t1.micro",
"KernelId" : "aki-88aa75e1",
"KeyName" : { "Ref" : "KeyName" },
"Monitoring" : "False",
"PrivateIpAddress" : "10.2.0.30",
"SecurityGroupIds" : [
{ "Ref" : "SgCSsh" },
{ "Ref" : "SgCOpenvpn" },
{ "Ref" : "SgCIcmp" }
],
"SourceDestCheck" : "False",
"SubnetId" : {"Ref": "SubnetCFront"},
"Tags" : [{"Key": "Name", "Value": "mvpc-openvpn-C"}],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"yum -y update\n",
"sed -i -e \"s/^net\\.ipv4\\.ip_forward\\s*=\\s*0/net.ipv4.ip_forward = 1/\" /etc/sysctl.conf\n",
"sysctl -p\n",
"/opt/aws/bin/cfn-init -s ", {"Ref" : "AWS::StackName"}, " -r Ec2OpenvpnC ",
" --access-key ", {"Ref" : "HostKeys"},
" --secret-key ", {"Fn::GetAtt" : ["HostKeys", "SecretAccessKey"]},
" --region ", {"Ref" : "AWS::Region"}, "\n"
]]}}
}
},
"Ec2TerminalC" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "us-east-1e",
"ImageId" : "ami-54cf5c3d",
"InstanceType" : "t1.micro",
"KernelId" : "aki-88aa75e1",
"KeyName" : { "Ref" : "KeyName" },
"Monitoring" : "False",
"PrivateIpAddress" : "10.2.1.31",
"SourceDestCheck" : "True",
"SubnetId" : {"Ref": "SubnetCBack"},
"Tags" : [{"Key": "Name", "Value": "mvpc-terminal-C"}],
"Tenancy" : "default",
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -v\n",
"yum -y update\n"
]]}}
}
},
"EipA": {
"Type": "AWS::EC2::EIP",
"Properties": {
"InstanceId": { "Ref": "Ec2OpenvpnA" },
"Domain" : "vpc"
}
},
"EipB": {
"Type": "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
}
},
"EipAssocB": {
"Type": "AWS::EC2::EIPAssociation",
"Properties" : {
"AllocationId" : { "Fn::GetAtt" : [ "EipB", "AllocationId" ]},
"InstanceId" : { "Ref": "Ec2OpenvpnB" }
}
},
"EipC": {
"Type": "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
}
},
"EipAssocC": {
"Type": "AWS::EC2::EIPAssociation",
"Properties" : {
"AllocationId" : { "Fn::GetAtt" : [ "EipC", "AllocationId" ]},
"InstanceId" : { "Ref": "Ec2OpenvpnC" }
}
}
},
"Outputs" : {
"SSHToOpenvpnA" : {
"Value" : { "Fn::Join" :["", [
"ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem",
" ec2-user@", { "Ref" : "EipA" }
]] },
"Description" : "SSH command to connect mvpc-openvpn-A"
},
"SSHToOpenvpnB" : {
"Value" : { "Fn::Join" :["", [
"ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem",
" ec2-user@", { "Ref" : "EipB" }
]] },
"Description" : "SSH command to connect mvpc-openvpn-B"
},
"SSHToOpenvpnC" : {
"Value" : { "Fn::Join" :["", [
"ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem",
" ec2-user@", { "Ref" : "EipC" }
]] },
"Description" : "SSH command to connect mvpc-openvpn-C"
},
"SSHToTerminalA" : {
"Value" : { "Fn::Join" :["", [
"ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem",
" -oProxyCommand='ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem -W %h:%p ec2-user@", { "Ref" : "EipA" }, "'",
" [email protected]"
]] },
"Description" : "SSH command to connect mvpc-terminal-A"
},
"SSHToTerminalB" : {
"Value" : { "Fn::Join" :["", [
"ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem",
" -oProxyCommand='ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem -W %h:%p ec2-user@", { "Ref" : "EipB" }, "'",
" [email protected]"
]] },
"Description" : "SSH command to connect mvpc-terminal-B"
},
"SSHToTerminalC" : {
"Value" : { "Fn::Join" :["", [
"ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem",
" -oProxyCommand='ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem -W %h:%p ec2-user@", { "Ref" : "EipC" }, "'",
" [email protected]"
]] },
"Description" : "SSH command to connect mvpc-terminal-C"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment