Created
March 15, 2013 08:48
-
-
Save miyamoto-daisuke/5168418 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Description": "Multiple VPN Connection between VPCs.", | |
| "Parameters" : { | |
| "KeyName" : { | |
| "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the web server", | |
| "Type" : "String" | |
| }, | |
| "SSHFrom": { | |
| "Description": "Lockdown SSH access to the bastion host (default can be accessed from anywhere)", | |
| "Type": "String", | |
| "MinLength": "9", | |
| "MaxLength": "18", | |
| "Default": "0.0.0.0/0", | |
| "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", | |
| "ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x." | |
| } | |
| }, | |
| "Resources": { | |
| "CfnUser" : { | |
| "Type" : "AWS::IAM::User", | |
| "Properties" : { | |
| "Path" : "/", | |
| "Policies" : [{ | |
| "PolicyName" : "Admin", | |
| "PolicyDocument" : { | |
| "Statement" : [{ | |
| "Effect" : "Allow", | |
| "Action" : "*", | |
| "Resource" : "*" | |
| }] | |
| } | |
| }] | |
| } | |
| }, | |
| "HostKeys" : { | |
| "Type" : "AWS::IAM::AccessKey", | |
| "Properties" : { | |
| "UserName" : {"Ref": "CfnUser"} | |
| } | |
| }, | |
| "VpcA" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : "10.0.0.0/16", | |
| "InstanceTenancy" : "default", | |
| "Tags" : [{"Key": "Name", "Value": "vpc-A"}] | |
| } | |
| }, | |
| "IgwA" : { | |
| "Type" : "AWS::EC2::InternetGateway" | |
| }, | |
| "IgwAttachmentA" : { | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : {"Ref": "VpcA"}, | |
| "InternetGatewayId" : {"Ref": "IgwA"} | |
| } | |
| }, | |
| "SubnetAFront" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "CidrBlock" : "10.0.0.0/24", | |
| "Tags" : [{"Key": "Name", "Value": "subnet-A-front"}], | |
| "VpcId" : {"Ref": "VpcA"} | |
| } | |
| }, | |
| "SubnetABack" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "CidrBlock" : "10.0.1.0/24", | |
| "Tags" : [{"Key": "Name", "Value": "subnet-A-back"}], | |
| "VpcId" : {"Ref": "VpcA"} | |
| } | |
| }, | |
| "SgASsh" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable SSH access via port 22 for VPC-A", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "22", | |
| "ToPort" : "22", | |
| "CidrIp" : {"Ref": "SSHFrom"} | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcA"} | |
| } | |
| }, | |
| "SgAOpenvpn" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable OpenVPN connection via port 1194 and 1195 for VPC-A", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "udp", | |
| "FromPort" : "1194", | |
| "ToPort" : "1194", | |
| "CidrIp" : { "Fn::Join" : [ "/", [ { "Ref" : "EipB" }, "32" ] ] } | |
| }, | |
| { | |
| "IpProtocol" : "udp", | |
| "FromPort" : "1195", | |
| "ToPort" : "1195", | |
| "CidrIp" : { "Fn::Join" : [ "/", [ { "Ref" : "EipC" }, "32" ] ] } | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcA"} | |
| } | |
| }, | |
| "SgAIcmp" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable ping for VPC-A", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "icmp", | |
| "FromPort" : "-1", | |
| "ToPort" : "-1", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcA"} | |
| } | |
| }, | |
| "RtbA" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : {"Ref": "VpcA"}, | |
| "Tags" : [] | |
| } | |
| }, | |
| "RouteAToIgw": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "RouteTableId" : {"Ref": "RtbA"}, | |
| "GatewayId" : {"Ref": "IgwA"} | |
| } | |
| }, | |
| "RouteAToB": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "10.1.0.0/16", | |
| "RouteTableId" : {"Ref": "RtbA"}, | |
| "InstanceId" : {"Ref": "Ec2OpenvpnA"} | |
| } | |
| }, | |
| "RouteAToC": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "10.2.0.0/16", | |
| "RouteTableId" : {"Ref": "RtbA"}, | |
| "InstanceId" : {"Ref": "Ec2OpenvpnA"} | |
| } | |
| }, | |
| "RtbassocAFront" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "RouteTableId" : {"Ref": "RtbA"}, | |
| "SubnetId" : {"Ref": "SubnetAFront"} | |
| } | |
| }, | |
| "RtbassocABack" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "RouteTableId" : {"Ref": "RtbA"}, | |
| "SubnetId" : {"Ref": "SubnetABack"} | |
| } | |
| }, | |
| "VpcB" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : "10.1.0.0/16", | |
| "InstanceTenancy" : "default", | |
| "Tags" : [{"Key": "Name", "Value": "vpc-B"}] | |
| } | |
| }, | |
| "IgwB" : { | |
| "Type" : "AWS::EC2::InternetGateway" | |
| }, | |
| "IgwAttachmentB" : { | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : {"Ref": "VpcB"}, | |
| "InternetGatewayId" : {"Ref": "IgwB"} | |
| } | |
| }, | |
| "SubnetBFront" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "CidrBlock" : "10.1.0.0/24", | |
| "Tags" : [{"Key": "Name", "Value": "subnet-B-front"}], | |
| "VpcId" : {"Ref": "VpcB"} | |
| } | |
| }, | |
| "SubnetBBack" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "CidrBlock" : "10.1.1.0/24", | |
| "Tags" : [{"Key": "Name", "Value": "subnet-B-back"}], | |
| "VpcId" : {"Ref": "VpcB"} | |
| } | |
| }, | |
| "SgBSsh" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable SSH access via port 22 for VPC-B", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "22", | |
| "ToPort" : "22", | |
| "CidrIp" : {"Ref": "SSHFrom"} | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcB"} | |
| } | |
| }, | |
| "SgBOpenvpn" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable OpenVPN connection via port 1194 for VPC-B", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "udp", | |
| "FromPort" : "1194", | |
| "ToPort" : "1194", | |
| "CidrIp" : { "Fn::Join" : [ "/", [ { "Ref" : "EipA" }, "32" ] ] } | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcB"} | |
| } | |
| }, | |
| "SgBIcmp" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable ping for VPC-B", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "icmp", | |
| "FromPort" : "-1", | |
| "ToPort" : "-1", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcB"} | |
| } | |
| }, | |
| "RtbB" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : {"Ref": "VpcB"}, | |
| "Tags" : [] | |
| } | |
| }, | |
| "RouteBToIgw": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "RouteTableId" : {"Ref": "RtbB"}, | |
| "GatewayId" : {"Ref": "IgwB"} | |
| } | |
| }, | |
| "RouteBToA": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "10.0.0.0/16", | |
| "RouteTableId" : {"Ref": "RtbB"}, | |
| "InstanceId" : {"Ref": "Ec2OpenvpnB"} | |
| } | |
| }, | |
| "RtbassocBFront" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "RouteTableId" : {"Ref": "RtbB"}, | |
| "SubnetId" : {"Ref": "SubnetBFront"} | |
| } | |
| }, | |
| "RtbassocBBack" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "RouteTableId" : {"Ref": "RtbB"}, | |
| "SubnetId" : {"Ref": "SubnetBBack"} | |
| } | |
| }, | |
| "VpcC" : { | |
| "Type" : "AWS::EC2::VPC", | |
| "Properties" : { | |
| "CidrBlock" : "10.2.0.0/16", | |
| "InstanceTenancy" : "default", | |
| "Tags" : [{"Key": "Name", "Value": "vpc-C"}] | |
| } | |
| }, | |
| "IgwC" : { | |
| "Type" : "AWS::EC2::InternetGateway" | |
| }, | |
| "IgwAttachmentC" : { | |
| "Type" : "AWS::EC2::VPCGatewayAttachment", | |
| "Properties" : { | |
| "VpcId" : {"Ref": "VpcC"}, | |
| "InternetGatewayId" : {"Ref": "IgwC"} | |
| } | |
| }, | |
| "SubnetCFront" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "CidrBlock" : "10.2.0.0/24", | |
| "Tags" : [{"Key": "Name", "Value": "subnet-C-front"}], | |
| "VpcId" : {"Ref": "VpcC"} | |
| } | |
| }, | |
| "SubnetCBack" : { | |
| "Type" : "AWS::EC2::Subnet", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "CidrBlock" : "10.2.1.0/24", | |
| "Tags" : [{"Key": "Name", "Value": "subnet-C-back"}], | |
| "VpcId" : {"Ref": "VpcC"} | |
| } | |
| }, | |
| "SgCSsh" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable SSH access via port 22 for VPC-C", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "tcp", | |
| "FromPort" : "22", | |
| "ToPort" : "22", | |
| "CidrIp" : {"Ref": "SSHFrom"} | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcC"} | |
| } | |
| }, | |
| "SgCOpenvpn" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable OpenVPN connection via port 1195 for VPC-C", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "udp", | |
| "FromPort" : "1195", | |
| "ToPort" : "1195", | |
| "CidrIp": { "Fn::Join" : [ "/", [ { "Ref" : "EipA" }, "32" ] ] } | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcC"} | |
| } | |
| }, | |
| "SgCIcmp" : { | |
| "Type" : "AWS::EC2::SecurityGroup", | |
| "Properties" : { | |
| "GroupDescription" : "Enable ping for VPC-C", | |
| "SecurityGroupIngress": [ | |
| { | |
| "IpProtocol" : "icmp", | |
| "FromPort" : "-1", | |
| "ToPort" : "-1", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "SecurityGroupEgress": [ | |
| { | |
| "IpProtocol" : "-1", | |
| "FromPort" : "0", | |
| "ToPort" : "65536", | |
| "CidrIp" : "0.0.0.0/0" | |
| } | |
| ], | |
| "VpcId" : {"Ref": "VpcC"} | |
| } | |
| }, | |
| "RtbC" : { | |
| "Type" : "AWS::EC2::RouteTable", | |
| "Properties" : { | |
| "VpcId" : {"Ref": "VpcC"}, | |
| "Tags" : [] | |
| } | |
| }, | |
| "RouteCToIgw": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "0.0.0.0/0", | |
| "RouteTableId" : {"Ref": "RtbC"}, | |
| "GatewayId" : {"Ref": "IgwC"} | |
| } | |
| }, | |
| "RouteCToA": { | |
| "Type" : "AWS::EC2::Route", | |
| "Properties" : { | |
| "DestinationCidrBlock" : "10.0.0.0/16", | |
| "RouteTableId" : {"Ref": "RtbC"}, | |
| "InstanceId" : {"Ref": "Ec2OpenvpnC"} | |
| } | |
| }, | |
| "RtbassocCFront" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "RouteTableId" : {"Ref": "RtbC"}, | |
| "SubnetId" : {"Ref": "SubnetCFront"} | |
| } | |
| }, | |
| "RtbassocCBack" : { | |
| "Type" : "AWS::EC2::SubnetRouteTableAssociation", | |
| "Properties" : { | |
| "RouteTableId" : {"Ref": "RtbC"}, | |
| "SubnetId" : {"Ref": "SubnetCBack"} | |
| } | |
| }, | |
| "Ec2OpenvpnA" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Metadata" : { | |
| "AWS::CloudFormation::Init" : { | |
| "config" : { | |
| "sources" : {}, | |
| "packages" : { | |
| "yum" : { | |
| "openvpn" : [] | |
| } | |
| }, | |
| "files" : { | |
| "/etc/openvpn/a-to-b.conf" : { | |
| "content" : { "Fn::Join" :["", [ | |
| "port 1194\n", | |
| "proto udp\n", | |
| "dev tun\n", | |
| "secret \"/etc/openvpn/openvpn-key-ab.txt\"\n", | |
| "\n", | |
| "remote ", { "Ref" : "EipB" }, "\n", | |
| "route 10.1.0.0 255.255.0.0\n", | |
| "\n", | |
| "ifconfig 10.254.0.1 10.254.0.2\n", | |
| "\n", | |
| "status openvpn-status-ab.log\n", | |
| "verb 3" | |
| ]] }, | |
| "mode" : "000644", | |
| "owner" : "root", | |
| "group" : "root" | |
| }, | |
| "/etc/openvpn/a-to-c.conf" : { | |
| "content" : { "Fn::Join" :["", [ | |
| "port 1195\n", | |
| "proto udp\n", | |
| "dev tun\n", | |
| "secret \"/etc/openvpn/openvpn-key-ac.txt\"\n", | |
| "\n", | |
| "remote ", { "Ref" : "EipC" }, "\n", | |
| "route 10.2.0.0 255.255.0.0\n", | |
| "\n", | |
| "ifconfig 10.254.0.3 10.254.0.4\n", | |
| "\n", | |
| "status openvpn-status-ac.log\n", | |
| "verb 3" | |
| ]] }, | |
| "mode" : "000644", | |
| "owner" : "root", | |
| "group" : "root" | |
| } | |
| }, | |
| "services" : {} | |
| } | |
| } | |
| }, | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "ImageId" : "ami-54cf5c3d", | |
| "InstanceType" : "t1.micro", | |
| "KernelId" : "aki-88aa75e1", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "Monitoring" : "False", | |
| "PrivateIpAddress" : "10.0.0.10", | |
| "SecurityGroupIds" : [ | |
| { "Ref" : "SgASsh" }, | |
| { "Ref" : "SgAOpenvpn" }, | |
| { "Ref" : "SgAIcmp" } | |
| ], | |
| "SourceDestCheck" : "False", | |
| "SubnetId" : {"Ref": "SubnetAFront"}, | |
| "Tags" : [{"Key": "Name", "Value": "mvpc-openvpn-A"}], | |
| "Tenancy" : "default", | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "yum -y update\n", | |
| "sed -i -e \"s/^net\\.ipv4\\.ip_forward\\s*=\\s*0/net.ipv4.ip_forward = 1/\" /etc/sysctl.conf\n", | |
| "sysctl -p\n", | |
| "/opt/aws/bin/cfn-init -s ", {"Ref" : "AWS::StackName"}, " -r Ec2OpenvpnA ", | |
| " --access-key ", {"Ref" : "HostKeys"}, | |
| " --secret-key ", {"Fn::GetAtt" : ["HostKeys", "SecretAccessKey"]}, | |
| " --region ", {"Ref" : "AWS::Region"}, "\n", | |
| "openvpn --genkey --secret /etc/openvpn/openvpn-key-ab.txt\n", | |
| "openvpn --genkey --secret /etc/openvpn/openvpn-key-ac.txt\n" | |
| ]]}} | |
| } | |
| }, | |
| "Ec2TerminalA" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "ImageId" : "ami-54cf5c3d", | |
| "InstanceType" : "t1.micro", | |
| "KernelId" : "aki-88aa75e1", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "Monitoring" : "False", | |
| "PrivateIpAddress" : "10.0.1.11", | |
| "SourceDestCheck" : "True", | |
| "SubnetId" : {"Ref": "SubnetABack"}, | |
| "Tags" : [{"Key": "Name", "Value": "mvpc-terminal-A"}], | |
| "Tenancy" : "default", | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "yum -y update\n" | |
| ]]}} | |
| } | |
| }, | |
| "Ec2OpenvpnB" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Metadata" : { | |
| "AWS::CloudFormation::Init" : { | |
| "config" : { | |
| "sources" : {}, | |
| "packages" : { | |
| "yum" : { | |
| "openvpn" : [] | |
| } | |
| }, | |
| "files" : { | |
| "/etc/openvpn/b-to-a.conf" : { | |
| "content" : { "Fn::Join" :["", [ | |
| "port 1194\n", | |
| "proto udp\n", | |
| "dev tun\n", | |
| "secret \"/etc/openvpn/openvpn-key-ab.txt\"\n", | |
| "\n", | |
| "remote ", { "Ref" : "EipA" }, "\n", | |
| "route 10.0.0.0 255.255.0.0\n", | |
| "\n", | |
| "ifconfig 10.254.0.2 10.254.0.1\n", | |
| "\n", | |
| "status openvpn-status-ba.log\n", | |
| "verb 3" | |
| ]] }, | |
| "mode" : "000644", | |
| "owner" : "root", | |
| "group" : "root" | |
| } | |
| }, | |
| "services" : {} | |
| } | |
| } | |
| }, | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "ImageId" : "ami-54cf5c3d", | |
| "InstanceType" : "t1.micro", | |
| "KernelId" : "aki-88aa75e1", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "Monitoring" : "False", | |
| "PrivateIpAddress" : "10.1.0.20", | |
| "SecurityGroupIds" : [ | |
| { "Ref" : "SgBSsh" }, | |
| { "Ref" : "SgBOpenvpn" }, | |
| { "Ref" : "SgBIcmp" } | |
| ], | |
| "SourceDestCheck" : "False", | |
| "SubnetId" : {"Ref": "SubnetBFront"}, | |
| "Tags" : [{"Key": "Name", "Value": "mvpc-openvpn-B"}], | |
| "Tenancy" : "default", | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "yum -y update\n", | |
| "sed -i -e \"s/^net\\.ipv4\\.ip_forward\\s*=\\s*0/net.ipv4.ip_forward = 1/\" /etc/sysctl.conf\n", | |
| "sysctl -p\n", | |
| "/opt/aws/bin/cfn-init -s ", {"Ref" : "AWS::StackName"}, " -r Ec2OpenvpnB ", | |
| " --access-key ", {"Ref" : "HostKeys"}, | |
| " --secret-key ", {"Fn::GetAtt" : ["HostKeys", "SecretAccessKey"]}, | |
| " --region ", {"Ref" : "AWS::Region"}, "\n" | |
| ]]}} | |
| } | |
| }, | |
| "Ec2TerminalB" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "ImageId" : "ami-54cf5c3d", | |
| "InstanceType" : "t1.micro", | |
| "KernelId" : "aki-88aa75e1", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "Monitoring" : "False", | |
| "PrivateIpAddress" : "10.1.1.21", | |
| "SourceDestCheck" : "True", | |
| "SubnetId" : {"Ref": "SubnetBBack"}, | |
| "Tags" : [{"Key": "Name", "Value": "mvpc-terminal-B"}], | |
| "Tenancy" : "default", | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "yum -y update\n" | |
| ]]}} | |
| } | |
| }, | |
| "Ec2OpenvpnC" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Metadata" : { | |
| "AWS::CloudFormation::Init" : { | |
| "config" : { | |
| "sources" : {}, | |
| "packages" : { | |
| "yum" : { | |
| "openvpn" : [] | |
| } | |
| }, | |
| "files" : { | |
| "/etc/openvpn/c-to-a.conf" : { | |
| "content" : { "Fn::Join" :["", [ | |
| "port 1195\n", | |
| "proto udp\n", | |
| "dev tun\n", | |
| "secret \"/etc/openvpn/openvpn-key-ac.txt\"\n", | |
| "\n", | |
| "remote ", { "Ref" : "EipA" }, "\n", | |
| "route 10.0.0.0 255.255.0.0\n", | |
| "\n", | |
| "ifconfig 10.254.0.4 10.254.0.3\n", | |
| "\n", | |
| "status openvpn-status-ca.log\n", | |
| "verb 3" | |
| ]] }, | |
| "mode" : "000644", | |
| "owner" : "root", | |
| "group" : "root" | |
| } | |
| }, | |
| "services" : {} | |
| } | |
| } | |
| }, | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "ImageId" : "ami-54cf5c3d", | |
| "InstanceType" : "t1.micro", | |
| "KernelId" : "aki-88aa75e1", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "Monitoring" : "False", | |
| "PrivateIpAddress" : "10.2.0.30", | |
| "SecurityGroupIds" : [ | |
| { "Ref" : "SgCSsh" }, | |
| { "Ref" : "SgCOpenvpn" }, | |
| { "Ref" : "SgCIcmp" } | |
| ], | |
| "SourceDestCheck" : "False", | |
| "SubnetId" : {"Ref": "SubnetCFront"}, | |
| "Tags" : [{"Key": "Name", "Value": "mvpc-openvpn-C"}], | |
| "Tenancy" : "default", | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "yum -y update\n", | |
| "sed -i -e \"s/^net\\.ipv4\\.ip_forward\\s*=\\s*0/net.ipv4.ip_forward = 1/\" /etc/sysctl.conf\n", | |
| "sysctl -p\n", | |
| "/opt/aws/bin/cfn-init -s ", {"Ref" : "AWS::StackName"}, " -r Ec2OpenvpnC ", | |
| " --access-key ", {"Ref" : "HostKeys"}, | |
| " --secret-key ", {"Fn::GetAtt" : ["HostKeys", "SecretAccessKey"]}, | |
| " --region ", {"Ref" : "AWS::Region"}, "\n" | |
| ]]}} | |
| } | |
| }, | |
| "Ec2TerminalC" : { | |
| "Type" : "AWS::EC2::Instance", | |
| "Properties" : { | |
| "AvailabilityZone" : "us-east-1e", | |
| "ImageId" : "ami-54cf5c3d", | |
| "InstanceType" : "t1.micro", | |
| "KernelId" : "aki-88aa75e1", | |
| "KeyName" : { "Ref" : "KeyName" }, | |
| "Monitoring" : "False", | |
| "PrivateIpAddress" : "10.2.1.31", | |
| "SourceDestCheck" : "True", | |
| "SubnetId" : {"Ref": "SubnetCBack"}, | |
| "Tags" : [{"Key": "Name", "Value": "mvpc-terminal-C"}], | |
| "Tenancy" : "default", | |
| "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ | |
| "#!/bin/bash -v\n", | |
| "yum -y update\n" | |
| ]]}} | |
| } | |
| }, | |
| "EipA": { | |
| "Type": "AWS::EC2::EIP", | |
| "Properties": { | |
| "InstanceId": { "Ref": "Ec2OpenvpnA" }, | |
| "Domain" : "vpc" | |
| } | |
| }, | |
| "EipB": { | |
| "Type": "AWS::EC2::EIP", | |
| "Properties" : { | |
| "Domain" : "vpc" | |
| } | |
| }, | |
| "EipAssocB": { | |
| "Type": "AWS::EC2::EIPAssociation", | |
| "Properties" : { | |
| "AllocationId" : { "Fn::GetAtt" : [ "EipB", "AllocationId" ]}, | |
| "InstanceId" : { "Ref": "Ec2OpenvpnB" } | |
| } | |
| }, | |
| "EipC": { | |
| "Type": "AWS::EC2::EIP", | |
| "Properties" : { | |
| "Domain" : "vpc" | |
| } | |
| }, | |
| "EipAssocC": { | |
| "Type": "AWS::EC2::EIPAssociation", | |
| "Properties" : { | |
| "AllocationId" : { "Fn::GetAtt" : [ "EipC", "AllocationId" ]}, | |
| "InstanceId" : { "Ref": "Ec2OpenvpnC" } | |
| } | |
| } | |
| }, | |
| "Outputs" : { | |
| "SSHToOpenvpnA" : { | |
| "Value" : { "Fn::Join" :["", [ | |
| "ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem", | |
| " ec2-user@", { "Ref" : "EipA" } | |
| ]] }, | |
| "Description" : "SSH command to connect mvpc-openvpn-A" | |
| }, | |
| "SSHToOpenvpnB" : { | |
| "Value" : { "Fn::Join" :["", [ | |
| "ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem", | |
| " ec2-user@", { "Ref" : "EipB" } | |
| ]] }, | |
| "Description" : "SSH command to connect mvpc-openvpn-B" | |
| }, | |
| "SSHToOpenvpnC" : { | |
| "Value" : { "Fn::Join" :["", [ | |
| "ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem", | |
| " ec2-user@", { "Ref" : "EipC" } | |
| ]] }, | |
| "Description" : "SSH command to connect mvpc-openvpn-C" | |
| }, | |
| "SSHToTerminalA" : { | |
| "Value" : { "Fn::Join" :["", [ | |
| "ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem", | |
| " -oProxyCommand='ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem -W %h:%p ec2-user@", { "Ref" : "EipA" }, "'", | |
| " [email protected]" | |
| ]] }, | |
| "Description" : "SSH command to connect mvpc-terminal-A" | |
| }, | |
| "SSHToTerminalB" : { | |
| "Value" : { "Fn::Join" :["", [ | |
| "ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem", | |
| " -oProxyCommand='ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem -W %h:%p ec2-user@", { "Ref" : "EipB" }, "'", | |
| " [email protected]" | |
| ]] }, | |
| "Description" : "SSH command to connect mvpc-terminal-B" | |
| }, | |
| "SSHToTerminalC" : { | |
| "Value" : { "Fn::Join" :["", [ | |
| "ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem", | |
| " -oProxyCommand='ssh -i /path/to/", { "Ref" : "KeyName" }, ".pem -W %h:%p ec2-user@", { "Ref" : "EipC" }, "'", | |
| " [email protected]" | |
| ]] }, | |
| "Description" : "SSH command to connect mvpc-terminal-C" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment