2021-03-17 01:45:34 +01:00
|
|
|
package main
|
|
|
|
|
|
|
|
#CFNTemplate: eksControlPlane: {
|
|
|
|
AWSTemplateFormatVersion: "2010-09-09"
|
|
|
|
Description: "Amazon EKS Sample VPC - Private and Public subnets"
|
|
|
|
Parameters: {
|
|
|
|
VpcBlock: {
|
|
|
|
Type: "String"
|
|
|
|
Default: "192.168.0.0/16"
|
|
|
|
Description: "The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range."
|
|
|
|
}
|
|
|
|
PublicSubnet01Block: {
|
|
|
|
Type: "String"
|
|
|
|
Default: "192.168.0.0/18"
|
|
|
|
Description: "CidrBlock for public subnet 01 within the VPC"
|
|
|
|
}
|
|
|
|
PublicSubnet02Block: {
|
|
|
|
Type: "String"
|
|
|
|
Default: "192.168.64.0/18"
|
|
|
|
Description: "CidrBlock for public subnet 02 within the VPC"
|
|
|
|
}
|
|
|
|
PrivateSubnet01Block: {
|
|
|
|
Type: "String"
|
|
|
|
Default: "192.168.128.0/18"
|
|
|
|
Description: "CidrBlock for private subnet 01 within the VPC"
|
|
|
|
}
|
|
|
|
PrivateSubnet02Block: {
|
|
|
|
Type: "String"
|
|
|
|
Default: "192.168.192.0/18"
|
|
|
|
Description: "CidrBlock for private subnet 02 within the VPC"
|
|
|
|
}
|
|
|
|
ClusterName: {
|
|
|
|
Type: "String"
|
|
|
|
Description: "The EKS cluster name"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Metadata: "AWS::CloudFormation::Interface": ParameterGroups: [
|
|
|
|
{
|
|
|
|
Label: default: "Worker Network Configuration"
|
|
|
|
Parameters: [
|
|
|
|
"VpcBlock",
|
|
|
|
"PublicSubnet01Block",
|
|
|
|
"PublicSubnet02Block",
|
|
|
|
"PrivateSubnet01Block",
|
|
|
|
"PrivateSubnet02Block",
|
|
|
|
]
|
|
|
|
},
|
|
|
|
]
|
|
|
|
Resources: {
|
|
|
|
VPC: {
|
|
|
|
Type: "AWS::EC2::VPC"
|
|
|
|
Properties: {
|
|
|
|
CidrBlock: Ref: "VpcBlock"
|
|
|
|
EnableDnsSupport: true
|
|
|
|
EnableDnsHostnames: true
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-VPC"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
InternetGateway: Type: "AWS::EC2::InternetGateway"
|
|
|
|
VPCGatewayAttachment: {
|
|
|
|
Type: "AWS::EC2::VPCGatewayAttachment"
|
|
|
|
Properties: {
|
|
|
|
InternetGatewayId: Ref: "InternetGateway"
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PublicRouteTable: {
|
|
|
|
Type: "AWS::EC2::RouteTable"
|
|
|
|
Properties: {
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Public Subnets"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "Network"
|
|
|
|
Value: "Public"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateRouteTable01: {
|
|
|
|
Type: "AWS::EC2::RouteTable"
|
|
|
|
Properties: {
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Private Subnet AZ1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "Network"
|
|
|
|
Value: "Private01"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateRouteTable02: {
|
|
|
|
Type: "AWS::EC2::RouteTable"
|
|
|
|
Properties: {
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Private Subnet AZ2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "Network"
|
|
|
|
Value: "Private02"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PublicRoute: {
|
|
|
|
DependsOn: "VPCGatewayAttachment"
|
|
|
|
Type: "AWS::EC2::Route"
|
|
|
|
Properties: {
|
|
|
|
RouteTableId: Ref: "PublicRouteTable"
|
|
|
|
DestinationCidrBlock: "0.0.0.0/0"
|
|
|
|
GatewayId: Ref: "InternetGateway"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateRoute01: {
|
|
|
|
DependsOn: [
|
|
|
|
"VPCGatewayAttachment",
|
|
|
|
"NatGateway01",
|
|
|
|
]
|
|
|
|
Type: "AWS::EC2::Route"
|
|
|
|
Properties: {
|
|
|
|
RouteTableId: Ref: "PrivateRouteTable01"
|
|
|
|
DestinationCidrBlock: "0.0.0.0/0"
|
|
|
|
NatGatewayId: Ref: "NatGateway01"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateRoute02: {
|
|
|
|
DependsOn: [
|
|
|
|
"VPCGatewayAttachment",
|
|
|
|
"NatGateway02",
|
|
|
|
]
|
|
|
|
Type: "AWS::EC2::Route"
|
|
|
|
Properties: {
|
|
|
|
RouteTableId: Ref: "PrivateRouteTable02"
|
|
|
|
DestinationCidrBlock: "0.0.0.0/0"
|
|
|
|
NatGatewayId: Ref: "NatGateway02"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
NatGateway01: {
|
|
|
|
DependsOn: [
|
|
|
|
"NatGatewayEIP1",
|
|
|
|
"PublicSubnet01",
|
|
|
|
"VPCGatewayAttachment",
|
|
|
|
]
|
|
|
|
Type: "AWS::EC2::NatGateway"
|
|
|
|
Properties: {
|
|
|
|
AllocationId: "Fn::GetAtt": [
|
|
|
|
"NatGatewayEIP1",
|
|
|
|
"AllocationId",
|
|
|
|
]
|
|
|
|
SubnetId: Ref: "PublicSubnet01"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-NatGatewayAZ1"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
NatGateway02: {
|
|
|
|
DependsOn: [
|
|
|
|
"NatGatewayEIP2",
|
|
|
|
"PublicSubnet02",
|
|
|
|
"VPCGatewayAttachment",
|
|
|
|
]
|
|
|
|
Type: "AWS::EC2::NatGateway"
|
|
|
|
Properties: {
|
|
|
|
AllocationId: "Fn::GetAtt": [
|
|
|
|
"NatGatewayEIP2",
|
|
|
|
"AllocationId",
|
|
|
|
]
|
|
|
|
SubnetId: Ref: "PublicSubnet02"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-NatGatewayAZ2"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
NatGatewayEIP1: {
|
|
|
|
DependsOn: [
|
|
|
|
"VPCGatewayAttachment",
|
|
|
|
]
|
|
|
|
Type: "AWS::EC2::EIP"
|
|
|
|
Properties: Domain: "vpc"
|
|
|
|
}
|
|
|
|
NatGatewayEIP2: {
|
|
|
|
DependsOn: [
|
|
|
|
"VPCGatewayAttachment",
|
|
|
|
]
|
|
|
|
Type: "AWS::EC2::EIP"
|
|
|
|
Properties: Domain: "vpc"
|
|
|
|
}
|
|
|
|
PublicSubnet01: {
|
|
|
|
Type: "AWS::EC2::Subnet"
|
|
|
|
Metadata: Comment: "Subnet 01"
|
|
|
|
Properties: {
|
2021-03-18 18:42:45 +01:00
|
|
|
MapPublicIpOnLaunch: true
|
2021-03-17 01:45:34 +01:00
|
|
|
AvailabilityZone: "Fn::Select": [
|
|
|
|
"0",
|
|
|
|
{
|
|
|
|
"Fn::GetAZs": Ref: "AWS::Region"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
CidrBlock: Ref: "PublicSubnet01Block"
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-PublicSubnet01"
|
|
|
|
},
|
2021-03-18 18:42:45 +01:00
|
|
|
{
|
|
|
|
Key: "Fn::Sub": "kubernetes.io/cluster/${ClusterName}"
|
|
|
|
Value: "shared"
|
|
|
|
},
|
2021-03-17 01:45:34 +01:00
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PublicSubnet02: {
|
|
|
|
Type: "AWS::EC2::Subnet"
|
|
|
|
Metadata: Comment: "Subnet 02"
|
|
|
|
Properties: {
|
2021-03-18 18:42:45 +01:00
|
|
|
MapPublicIpOnLaunch: true
|
2021-03-17 01:45:34 +01:00
|
|
|
AvailabilityZone: "Fn::Select": [
|
|
|
|
"1",
|
|
|
|
{
|
|
|
|
"Fn::GetAZs": Ref: "AWS::Region"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
CidrBlock: Ref: "PublicSubnet02Block"
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-PublicSubnet02"
|
|
|
|
},
|
2021-03-18 18:42:45 +01:00
|
|
|
{
|
|
|
|
Key: "Fn::Sub": "kubernetes.io/cluster/${ClusterName}"
|
|
|
|
Value: "shared"
|
|
|
|
},
|
2021-03-17 01:45:34 +01:00
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateSubnet01: {
|
|
|
|
Type: "AWS::EC2::Subnet"
|
|
|
|
Metadata: Comment: "Subnet 03"
|
|
|
|
Properties: {
|
|
|
|
AvailabilityZone: "Fn::Select": [
|
|
|
|
"0",
|
|
|
|
{
|
|
|
|
"Fn::GetAZs": Ref: "AWS::Region"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
CidrBlock: Ref: "PrivateSubnet01Block"
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-PrivateSubnet01"
|
|
|
|
},
|
2021-03-18 18:42:45 +01:00
|
|
|
{
|
|
|
|
Key: "Fn::Sub": "kubernetes.io/cluster/${ClusterName}"
|
|
|
|
Value: "shared"
|
|
|
|
},
|
2021-03-17 01:45:34 +01:00
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateSubnet02: {
|
|
|
|
Type: "AWS::EC2::Subnet"
|
|
|
|
Metadata: Comment: "Private Subnet 02"
|
|
|
|
Properties: {
|
|
|
|
AvailabilityZone: "Fn::Select": [
|
|
|
|
"1",
|
|
|
|
{
|
|
|
|
"Fn::GetAZs": Ref: "AWS::Region"
|
|
|
|
},
|
|
|
|
]
|
|
|
|
CidrBlock: Ref: "PrivateSubnet02Block"
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
Tags: [
|
|
|
|
{
|
|
|
|
Key: "Name"
|
|
|
|
Value: "Fn::Sub": "${AWS::StackName}-PrivateSubnet02"
|
|
|
|
},
|
2021-03-18 18:42:45 +01:00
|
|
|
{
|
|
|
|
Key: "Fn::Sub": "kubernetes.io/cluster/${ClusterName}"
|
|
|
|
Value: "shared"
|
|
|
|
},
|
2021-03-17 01:45:34 +01:00
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PublicSubnet01RouteTableAssociation: {
|
|
|
|
Type: "AWS::EC2::SubnetRouteTableAssociation"
|
|
|
|
Properties: {
|
|
|
|
SubnetId: Ref: "PublicSubnet01"
|
|
|
|
RouteTableId: Ref: "PublicRouteTable"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PublicSubnet02RouteTableAssociation: {
|
|
|
|
Type: "AWS::EC2::SubnetRouteTableAssociation"
|
|
|
|
Properties: {
|
|
|
|
SubnetId: Ref: "PublicSubnet02"
|
|
|
|
RouteTableId: Ref: "PublicRouteTable"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateSubnet01RouteTableAssociation: {
|
|
|
|
Type: "AWS::EC2::SubnetRouteTableAssociation"
|
|
|
|
Properties: {
|
|
|
|
SubnetId: Ref: "PrivateSubnet01"
|
|
|
|
RouteTableId: Ref: "PrivateRouteTable01"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PrivateSubnet02RouteTableAssociation: {
|
|
|
|
Type: "AWS::EC2::SubnetRouteTableAssociation"
|
|
|
|
Properties: {
|
|
|
|
SubnetId: Ref: "PrivateSubnet02"
|
|
|
|
RouteTableId: Ref: "PrivateRouteTable02"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ControlPlaneSecurityGroup: {
|
|
|
|
Type: "AWS::EC2::SecurityGroup"
|
|
|
|
Properties: {
|
|
|
|
GroupDescription: "Cluster communication with worker nodes"
|
|
|
|
VpcId: Ref: "VPC"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EKSIAMRole: {
|
|
|
|
Type: "AWS::IAM::Role"
|
|
|
|
Properties: {
|
|
|
|
AssumeRolePolicyDocument: Statement: [
|
|
|
|
{
|
|
|
|
Effect: "Allow"
|
|
|
|
Principal: Service: [
|
|
|
|
"eks.amazonaws.com",
|
|
|
|
]
|
|
|
|
Action: [
|
|
|
|
"sts:AssumeRole",
|
|
|
|
]
|
|
|
|
|
|
|
|
},
|
|
|
|
]
|
|
|
|
ManagedPolicyArns: [
|
|
|
|
"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
|
|
|
|
"arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EKSCluster: {
|
|
|
|
Type: "AWS::EKS::Cluster"
|
|
|
|
Properties: {
|
|
|
|
Name: Ref: "ClusterName"
|
2021-03-18 18:42:45 +01:00
|
|
|
Version: "1.19"
|
2021-03-17 01:45:34 +01:00
|
|
|
RoleArn: "Fn::GetAtt": ["EKSIAMRole", "Arn"]
|
|
|
|
ResourcesVpcConfig: {
|
|
|
|
SecurityGroupIds: [{Ref: "ControlPlaneSecurityGroup"}]
|
|
|
|
SubnetIds: [
|
|
|
|
{Ref: "PublicSubnet01"},
|
|
|
|
{Ref: "PublicSubnet02"},
|
|
|
|
{Ref: "PrivateSubnet01"},
|
|
|
|
{Ref: "PrivateSubnet02"},
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
DependsOn: ["EKSIAMRole", "PublicSubnet01", "PublicSubnet02", "PrivateSubnet01", "PrivateSubnet02", "ControlPlaneSecurityGroup"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Outputs: {
|
|
|
|
SubnetIds: {
|
|
|
|
Description: "Subnets IDs in the VPC"
|
|
|
|
Value: "Fn::Join": [
|
|
|
|
",",
|
|
|
|
[
|
|
|
|
{
|
|
|
|
Ref: "PublicSubnet01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Ref: "PublicSubnet02"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Ref: "PrivateSubnet01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Ref: "PrivateSubnet02"
|
|
|
|
},
|
|
|
|
],
|
|
|
|
]
|
|
|
|
}
|
|
|
|
PublicSubnets: {
|
|
|
|
Description: "List of the public subnets"
|
|
|
|
Value: "Fn::Join": [
|
|
|
|
",",
|
|
|
|
[
|
|
|
|
{
|
|
|
|
Ref: "PublicSubnet01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Ref: "PublicSubnet02"
|
|
|
|
},
|
|
|
|
],
|
|
|
|
]
|
|
|
|
}
|
|
|
|
PrivateSubnets: {
|
|
|
|
Description: "List of the private subnets"
|
|
|
|
Value: "Fn::Join": [
|
|
|
|
",",
|
|
|
|
[
|
|
|
|
{
|
|
|
|
Ref: "PrivateSubnet01"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Ref: "PrivateSubnet02"
|
|
|
|
},
|
|
|
|
],
|
|
|
|
]
|
|
|
|
}
|
|
|
|
DefaultSecurityGroup: {
|
|
|
|
Description: "Security group for the cluster control plane communication with worker nodes"
|
|
|
|
Value: "Fn::Join": [
|
|
|
|
",",
|
|
|
|
[
|
|
|
|
{
|
|
|
|
Ref: "ControlPlaneSecurityGroup"
|
|
|
|
},
|
|
|
|
],
|
|
|
|
]
|
|
|
|
}
|
|
|
|
VPC: {
|
|
|
|
Description: "The VPC Id"
|
|
|
|
Value: Ref: "VPC"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|