mirror of https://github.com/trailofbits/algo
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
188 lines
4.4 KiB
YAML
188 lines
4.4 KiB
YAML
7 years ago
|
---
|
||
|
AWSTemplateFormatVersion: '2010-09-09'
|
||
|
Description: 'Algo VPN stack'
|
||
6 years ago
|
Parameters:
|
||
|
InstanceTypeParameter:
|
||
|
Type: String
|
||
|
Default: t2.micro
|
||
|
PublicSSHKeyParameter:
|
||
|
Type: String
|
||
|
ImageIdParameter:
|
||
|
Type: String
|
||
6 years ago
|
WireGuardPort:
|
||
|
Type: String
|
||
7 years ago
|
Resources:
|
||
|
VPC:
|
||
|
Type: AWS::EC2::VPC
|
||
|
Properties:
|
||
6 years ago
|
CidrBlock: 172.16.0.0/16
|
||
7 years ago
|
EnableDnsSupport: true
|
||
|
EnableDnsHostnames: true
|
||
|
InstanceTenancy: default
|
||
|
Tags:
|
||
|
- Key: Name
|
||
5 years ago
|
Value: !Ref AWS::StackName
|
||
7 years ago
|
|
||
|
VPCIPv6:
|
||
|
Type: AWS::EC2::VPCCidrBlock
|
||
|
Properties:
|
||
|
AmazonProvidedIpv6CidrBlock: true
|
||
|
VpcId: !Ref VPC
|
||
|
|
||
|
InternetGateway:
|
||
|
Type: AWS::EC2::InternetGateway
|
||
|
Properties:
|
||
|
Tags:
|
||
|
- Key: Name
|
||
5 years ago
|
Value: !Ref AWS::StackName
|
||
7 years ago
|
|
||
|
Subnet:
|
||
|
Type: AWS::EC2::Subnet
|
||
|
Properties:
|
||
6 years ago
|
CidrBlock: 172.16.254.0/23
|
||
7 years ago
|
MapPublicIpOnLaunch: false
|
||
5 years ago
|
VpcId: !Ref VPC
|
||
7 years ago
|
Tags:
|
||
|
- Key: Name
|
||
5 years ago
|
Value: !Ref AWS::StackName
|
||
7 years ago
|
|
||
|
VPCGatewayAttachment:
|
||
|
Type: AWS::EC2::VPCGatewayAttachment
|
||
|
Properties:
|
||
|
VpcId: !Ref VPC
|
||
|
InternetGatewayId: !Ref InternetGateway
|
||
|
|
||
|
RouteTable:
|
||
|
Type: AWS::EC2::RouteTable
|
||
|
Properties:
|
||
|
VpcId: !Ref VPC
|
||
|
Tags:
|
||
|
- Key: Name
|
||
5 years ago
|
Value: !Ref AWS::StackName
|
||
7 years ago
|
|
||
|
Route:
|
||
|
Type: AWS::EC2::Route
|
||
|
DependsOn:
|
||
|
- InternetGateway
|
||
|
- RouteTable
|
||
|
- VPCGatewayAttachment
|
||
|
Properties:
|
||
|
RouteTableId: !Ref RouteTable
|
||
|
DestinationCidrBlock: 0.0.0.0/0
|
||
|
GatewayId: !Ref InternetGateway
|
||
|
|
||
|
RouteIPv6:
|
||
|
Type: AWS::EC2::Route
|
||
|
DependsOn:
|
||
|
- InternetGateway
|
||
|
- RouteTable
|
||
|
- VPCGatewayAttachment
|
||
|
Properties:
|
||
|
RouteTableId: !Ref RouteTable
|
||
|
DestinationIpv6CidrBlock: "::/0"
|
||
|
GatewayId: !Ref InternetGateway
|
||
|
|
||
|
SubnetIPv6:
|
||
|
Type: AWS::EC2::SubnetCidrBlock
|
||
|
DependsOn:
|
||
|
- RouteIPv6
|
||
|
- VPC
|
||
|
- VPCIPv6
|
||
|
Properties:
|
||
|
Ipv6CidrBlock:
|
||
|
"Fn::Join":
|
||
|
- ""
|
||
|
- - !Select [0, !Split [ "::", !Select [0, !GetAtt VPC.Ipv6CidrBlocks] ]]
|
||
|
- "::dead:beef/64"
|
||
|
SubnetId: !Ref Subnet
|
||
|
|
||
|
RouteSubnet:
|
||
|
Type: "AWS::EC2::SubnetRouteTableAssociation"
|
||
|
DependsOn:
|
||
|
- RouteTable
|
||
|
- Subnet
|
||
|
- Route
|
||
|
Properties:
|
||
|
RouteTableId: !Ref RouteTable
|
||
|
SubnetId: !Ref Subnet
|
||
|
|
||
|
InstanceSecurityGroup:
|
||
|
Type: AWS::EC2::SecurityGroup
|
||
|
DependsOn:
|
||
|
- Subnet
|
||
|
Properties:
|
||
|
VpcId: !Ref VPC
|
||
|
GroupDescription: Enable SSH and IPsec
|
||
|
SecurityGroupIngress:
|
||
|
- IpProtocol: tcp
|
||
|
FromPort: '22'
|
||
|
ToPort: '22'
|
||
|
CidrIp: 0.0.0.0/0
|
||
|
- IpProtocol: udp
|
||
|
FromPort: '500'
|
||
|
ToPort: '500'
|
||
|
CidrIp: 0.0.0.0/0
|
||
|
- IpProtocol: udp
|
||
|
FromPort: '4500'
|
||
|
ToPort: '4500'
|
||
|
CidrIp: 0.0.0.0/0
|
||
6 years ago
|
- IpProtocol: udp
|
||
|
FromPort: !Ref WireGuardPort
|
||
|
ToPort: !Ref WireGuardPort
|
||
|
CidrIp: 0.0.0.0/0
|
||
7 years ago
|
Tags:
|
||
|
- Key: Name
|
||
5 years ago
|
Value: !Ref AWS::StackName
|
||
7 years ago
|
|
||
|
EC2Instance:
|
||
|
Type: AWS::EC2::Instance
|
||
|
DependsOn:
|
||
|
- SubnetIPv6
|
||
|
- Subnet
|
||
|
- InstanceSecurityGroup
|
||
|
Metadata:
|
||
|
AWS::CloudFormation::Init:
|
||
|
config:
|
||
|
files:
|
||
|
/home/ubuntu/.ssh/authorized_keys:
|
||
6 years ago
|
content:
|
||
|
Ref: PublicSSHKeyParameter
|
||
7 years ago
|
mode: "000644"
|
||
|
owner: "ubuntu"
|
||
|
group: "ubuntu"
|
||
|
Properties:
|
||
6 years ago
|
InstanceType:
|
||
|
Ref: InstanceTypeParameter
|
||
7 years ago
|
InstanceInitiatedShutdownBehavior: terminate
|
||
|
SecurityGroupIds:
|
||
|
- Ref: InstanceSecurityGroup
|
||
6 years ago
|
ImageId:
|
||
|
Ref: ImageIdParameter
|
||
7 years ago
|
SubnetId: !Ref Subnet
|
||
|
Ipv6AddressCount: 1
|
||
|
UserData:
|
||
|
"Fn::Base64":
|
||
|
!Sub |
|
||
|
#!/bin/bash -xe
|
||
|
apt-get update
|
||
6 years ago
|
apt-get -y install python-pip
|
||
|
pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
|
||
6 years ago
|
cfn-init -v --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
|
||
|
cfn-signal -e $? --stack ${AWS::StackName} --resource EC2Instance --region ${AWS::Region}
|
||
7 years ago
|
Tags:
|
||
|
- Key: Name
|
||
5 years ago
|
Value: !Ref AWS::StackName
|
||
7 years ago
|
|
||
7 years ago
|
ElasticIP:
|
||
|
Type: AWS::EC2::EIP
|
||
|
Properties:
|
||
7 years ago
|
Domain: vpc
|
||
7 years ago
|
InstanceId: !Ref EC2Instance
|
||
|
DependsOn:
|
||
7 years ago
|
- EC2Instance
|
||
7 years ago
|
- VPCGatewayAttachment
|
||
7 years ago
|
|
||
|
Outputs:
|
||
|
ElasticIP:
|
||
|
Value: !Ref ElasticIP
|