簡単なVPC実験用CloudFormationテンプレート。
AWSTemplateFormatVersion: 2010-09-09 Resources: # VPC VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 172.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default # Internet Gateway IGW1: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: stack Value: test AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: Ref: IGW1 # Route Table publicRT: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: stack Value: test publicRoute: Type: AWS::EC2::Route Properties: RouteTableId: !Ref publicRT DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref IGW1 # Subnets Subnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 172.0.0.0/24 MapPublicIpOnLaunch: false Subnet2: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: 172.0.1.0/24 MapPublicIpOnLaunch: false Subnet1RT: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref Subnet1 RouteTableId: !Ref publicRT # Security Group SG1: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow https to client host VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 # IAM Role for SSM access ### Create IAM Role SSMRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: ssmAccess PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "ssmmessages:CreateDataChannel" - "ssm:UpdateInstanceInformation" - "ssmmessages:OpenDataChannel" - "ssmmessages:OpenControlChannel" - "ssmmessages:CreateControlChannel" Resource: '*' SSMInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: / Roles: - !Ref SSMRole