This project is a CloudFormation template that creates a new VPC from scratch. The template tries to incorporate best practices, including multi-az public and private subnets. It also uses a consistent tagging strategy so reports can easily be run to track costs.

1. New VPC (10.0.0.0/16)
2. Public subnets in two availability zones (10.0.10.0/24 and 10.0.30.0/24)
3. Private subnets in two availability zones (10.0.20.0/24 and 10.0.40.0/24)
4. Internet Gateway
5. NAT Gateways (one in each availability zone)
6. Elastic IPs (each NAT Gateway requires one)
7. Bastion Servers (one in each availability zone)
8. Security Group that only allows SSH access
9. Security Group that only allows access from instances using the Bastion boxes
10. Security Group that allows unrestricted access (meant for troubleshooting only)

The following tags are applied to assets that allow tagging:

• Project - useful for generating cost reports, defaults to Weapon-X
• Purpose - what role the asset plays in the VPC, eg Bastion Server
• Creator - the entity creating the assets, defaults to CloudFormation
• Environment - the context the assets are a part of, defaults to development
• Freetext - place holder for asset-specific notes, meant to be adjusted in the console if needed

• a working AW CLI
• you have run aws configure, providing the required information

There is noting to build.

There is nothing to install.

There is a convenience Bash script that can be run to create a new VPC. If you just want to test things out run scripts/create-stack.sh. In several moments, your VPC should be created. Check your AWS console for confirmation.

If you want to specify certain aspects of the VPC, try running something like this: scripts/create-stack.sh production-vpc Phoenix production [email protected]. This form provides the following:

• stack name of production-vpc
• project name of Phoenix
• environment name of production
• creator of [email protected]

There is a convenience script for destroying VPCs. run scripts/destroy-stack.sh production-vpc to destroy the VPC we created above.

TODO: need to talk about getting the vpc.yml file into S3 so that the console can see it

By default, your account is only allowed 5 EIPs. If you use this template and build multiple VPCs, you'll have to petition Amazon and get them to raise your limit.

This project is licensed under the Apache License Version 2.0, January 2004.