Description: This template deploys a VPC, with a pair of public subnets and a pair of private subnets spread across two Availability Zones of your choice. It deploys an Internet Gateway, with a default route on the public subnets. It also creates a SecurityGroup to allow PostgreSQL traffic to the RDS instance. Parameters: EnvironmentName: Description: An environment name that will be prefixed to resource names Type: String Default: SAPCP- Landscape: Description: The SAP Cloud Platform region where the setup will be used Type: String Default: EU10 AllowedValues: - AP10 - AP11 - BR10 - CA10 - EU10 - JP10 - US10 VpcAvailabilityZones: Description: Please select 2 Availability Zone (AZ) for your Subnets [MANDATORY] Type: List VpcCIDR: Description: Please enter the IP range (CIDR notation) for this VPC Type: String Default: 10.1.0.0/16 VpcPrivateSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone - Should be subset of VPC CIDR and unique Type: String Default: 10.1.0.0/24 VpcPrivateSubnet2CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone - Should be subset of VPC CIDR and unique Type: String Default: 10.1.1.0/24 VpcPublicSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone - Should be subset of VPC CIDR and unique Type: String Default: 10.1.2.0/24 VpcPublicSubnet2CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone - Should be subset of VPC CIDR and unique Type: String Default: 10.1.3.0/24 Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCIDR EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} VPC InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} InternetGateway InternetGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC PublicSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [0, !Ref VpcAvailabilityZones] CidrBlock: !Ref VpcPublicSubnet1CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} Public Subnet (AZ1) PublicSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [1, !Ref VpcAvailabilityZones] CidrBlock: !Ref VpcPublicSubnet2CIDR MapPublicIpOnLaunch: true Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} Public Subnet (AZ2) PrivateSubnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [0, !Ref VpcAvailabilityZones] CidrBlock: !Ref VpcPrivateSubnet1CIDR MapPublicIpOnLaunch: false Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} Private Subnet (AZ1) PrivateSubnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC AvailabilityZone: !Select [1, !Ref VpcAvailabilityZones] CidrBlock: !Ref VpcPrivateSubnet2CIDR MapPublicIpOnLaunch: false Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} Private Subnet (AZ2) PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: !Sub ${EnvironmentName}${Landscape} Public Routes DefaultPublicRoute: Type: AWS::EC2::Route DependsOn: InternetGatewayAttachment Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnet1RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet1 PublicSubnet2RouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref PublicRouteTable SubnetId: !Ref PublicSubnet2 PostgresIngressSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: !Sub ${EnvironmentName} postgres-sg GroupDescription: "Security group to allow PostgreSQL connection" VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 5432 ToPort: 5432 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: -1 CidrIp: 0.0.0.0/0 Outputs: VPC: Description: A reference to the created VPC Value: !Ref VPC PublicSubnets: Description: A list of the public subnets Value: !Join [ ",", [ !Ref PublicSubnet1, !Ref PublicSubnet2 ]] PrivateSubnets: Description: A list of the private subnets Value: !Join [ ",", [ !Ref PrivateSubnet1, !Ref PrivateSubnet2 ]] PublicSubnet1: Description: A reference to the public subnet in the 1st Availability Zone Value: !Ref PublicSubnet1 PublicSubnet2: Description: A reference to the public subnet in the 2nd Availability Zone Value: !Ref PublicSubnet2 PrivateSubnet1: Description: A reference to the private subnet in the 1st Availability Zone Value: !Ref PrivateSubnet1 PrivateSubnet2: Description: A reference to the private subnet in the 2nd Availability Zone Value: !Ref PrivateSubnet2 PostgresIngressSecurityGroup: Description: Security group with PostgreSQL ingress rule Value: !Ref PostgresIngressSecurityGroup