private static void ConfigureNetworking()
{
var vpc = new Ec2.Vpc($"{baseName}-vpc", new Ec2.VpcArgs()
{
EnableDnsSupport = true,
EnableDnsHostnames = true,
CidrBlock = "10.0.0.0/16",
});
var subnetOne = new Ec2.Subnet($"{baseName}-subnet-one", new Ec2.SubnetArgs()
{
VpcId = vpc.Id,
CidrBlock = "10.0.0.0/24",
MapPublicIpOnLaunch = true,
AvailabilityZone = "eu-west-1a",
});
var subnetTwo = new Ec2.Subnet($"{baseName}-subnet-two", new Ec2.SubnetArgs()
{
VpcId = vpc.Id,
CidrBlock = "10.0.1.0/24",
MapPublicIpOnLaunch = true,
AvailabilityZone = "eu-west-1b",
});
var gateway = new Ec2.InternetGateway($"{baseName}-gateway", new Ec2.InternetGatewayArgs()
{
VpcId = vpc.Id,
});
var routeTable = new Ec2.RouteTable($"{baseName}-routetable", new Ec2.RouteTableArgs()
{
VpcId = vpc.Id,
});
var publicRoute = new Ec2.Route($"{baseName}-publicroute", new Ec2.RouteArgs()
{
RouteTableId = routeTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
GatewayId = gateway.Id,
});
var subnetOneRouteAssociation = new Ec2.RouteTableAssociation($"{baseName}-subnetoneroutes", new Ec2.RouteTableAssociationArgs()
{
SubnetId = subnetOne.Id,
RouteTableId = routeTable.Id,
});
vpcId = vpc.Id;
subnetId = subnetOne.Id;
subnetTwoId = subnetTwo.Id;
}
public MyStack()
{
var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
{
RouteTableId = "rtb-4fbb3ac4",
DestinationCidrBlock = "10.0.1.0/22",
VpcPeeringConnectionId = "pcx-45ff3dc1",
}, new CustomResourceOptions
{
DependsOn =
{
"aws_route_table.testing",
},
});
}
public MyStack()
{
var config = new Config();
var subnetId = config.RequireObject <dynamic>("subnetId");
var selected = Output.Create(Aws.Ec2.GetRouteTable.InvokeAsync(new Aws.Ec2.GetRouteTableArgs
{
SubnetId = subnetId,
}));
var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
{
DestinationCidrBlock = "10.0.1.0/22",
RouteTableId = selected.Apply(selected => selected.Id),
VpcPeeringConnectionId = "pcx-45ff3dc1",
});
}
public MyStack()
{
var pc = Output.Create(Aws.Ec2.GetVpcPeeringConnection.InvokeAsync(new Aws.Ec2.GetVpcPeeringConnectionArgs
{
PeerCidrBlock = "10.0.1.0/22",
VpcId = aws_vpc.Foo.Id,
}));
// Create a route table
var rt = new Aws.Ec2.RouteTable("rt", new Aws.Ec2.RouteTableArgs
{
VpcId = aws_vpc.Foo.Id,
});
// Create a route
var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
{
DestinationCidrBlock = pc.Apply(pc => pc.PeerCidrBlock),
RouteTableId = rt.Id,
VpcPeeringConnectionId = pc.Apply(pc => pc.Id),
});
}
static Task <int> Main()
{
return(Deployment.RunAsync(async() => {
var region = Aws.Config.Region;
var fullProjectStack = $"{Deployment.Instance.ProjectName}-{Deployment.Instance.StackName}";
// Create the VPC.
var vpc = new Ec2.Vpc("VPC", new Ec2.VpcArgs {
CidrBlock = Config.VpcCidr,
InstanceTenancy = Config.VpcTenancy,
EnableDnsSupport = true,
EnableDnsHostnames = true,
Tags = new Dictionary <string, object> {
{ "Name", fullProjectStack }
},
});
// Associate DHCP options with our VPC.
var dhcpOptions = new Ec2.VpcDhcpOptions("DHCPOptions", new Ec2.VpcDhcpOptionsArgs {
DomainName = (region == "us-east-1" ? "ec2.internal" : $"{region}.compute.internal"),
DomainNameServers = { "AmazonProvidedDNS" },
});
var vpcDhcpOptionsAssociation = new Ec2.VpcDhcpOptionsAssociation("VPCDHCPOptionsAssociation", new Ec2.VpcDhcpOptionsAssociationArgs {
VpcId = vpc.Id,
DhcpOptionsId = dhcpOptions.Id,
});
// Create an Internet Gateway for our public subnet to connect to the Internet.
var internetGateway = new Ec2.InternetGateway("InternetGateway", new Ec2.InternetGatewayArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", fullProjectStack }
},
});
// Creat a Route Table for public subnets to use the Internet Gateway for 0.0.0.0/0 traffic.
var publicSubnetRouteTable = new Ec2.RouteTable("PublicSubnetRouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", "Public Subnets" },
{ "Network", "Public" },
},
});
var publicSubnetRoute = new Ec2.Route("PublicSubnetRoute", new Ec2.RouteArgs {
RouteTableId = publicSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
GatewayId = internetGateway.Id,
});
// For each AZ, create the NAT Gateways and public and private subnets. Keep track of various properties
// so that they can be exported as top-level stack exports later on.
var natEips = ImmutableArray.CreateBuilder <Output <string> >();
var publicSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var privateSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var protectedSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var privateSubnetRouteTableIds = ImmutableArray.CreateBuilder <Output <string> >();
var publicSubnetCidrs = await Config.GetPublicSubnetCidrs();
var publicSubnetTags = await Config.GetPublicSubnetTags();
var privateSubnetCidrs = await Config.GetPrivateSubnetCidrs();
var privateSubnetTags = await Config.GetPrivateSubnetTags();
var protectedSubnetCidrs = await Config.GetProtectedSubnetCidrs();
var protectedSubnetTags = await Config.GetProtectedSubnetTags();
var azs = await Config.GetAvailabilityZones();
for (var i = 0; i < azs.Length; i++)
{
var az = azs[i];
// Each AZ gets a public subnet.
var publicSubnet = new Ec2.Subnet($"PublicSubnet{i}", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = publicSubnetCidrs[i],
MapPublicIpOnLaunch = true,
Tags = publicSubnetTags[i].Add("Name", $"Public subnet {i}"),
});
publicSubnetIds.Add(publicSubnet.Id);
var publicSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PublicSubnet{i}RouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = publicSubnet.Id,
RouteTableId = publicSubnetRouteTable.Id,
});
// If desired, create a NAT Gateway and private subnet for each AZ.
if (Config.CreatePrivateSubnets)
{
var natEip = new Ec2.Eip($"NAT{i}EIP", new Ec2.EipArgs {
Vpc = true
}, new CustomResourceOptions {
DependsOn = { internetGateway }
});
var natGateway = new Ec2.NatGateway($"NATGateway{i}", new Ec2.NatGatewayArgs {
SubnetId = publicSubnet.Id,
AllocationId = natEip.Id,
});
natEips.Add(natEip.PublicIp);
var privateSubnet = new Ec2.Subnet($"PrivateSubnet{i}A", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = privateSubnetCidrs[i],
Tags = privateSubnetTags[i].Add("Name", $"Private subnet {i}A"),
});
privateSubnetIds.Add(privateSubnet.Id);
var privateSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}ARouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", $"Private subnet {i}A" },
{ "Network", "Private" },
},
});
var privateSubnetRoute = new Ec2.Route($"PrivateSubnet{i}ARoute", new Ec2.RouteArgs {
RouteTableId = privateSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
NatGatewayId = natGateway.Id,
});
var privateSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}ARouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = privateSubnet.Id,
RouteTableId = privateSubnetRouteTable.Id,
});
// Remember the route table ID for the VPC endpoint later.
privateSubnetRouteTableIds.Add(privateSubnetRouteTable.Id);
// If desired, create additional private subnets with dedicated network ACLs for extra protection.
if (Config.CreateProtectedSubnets)
{
var protectedSubnet = new Ec2.Subnet($"PrivateSubnet{i}B", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = protectedSubnetCidrs[i],
Tags = protectedSubnetTags[i].Add("Name", $"Private subnet ${i}B"),
});
protectedSubnetIds.Add(protectedSubnet.Id);
var protectedSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}BRouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", $"Private subnet {i}B" },
{ "Network", "Private" },
},
});
var protectedSubnetRoute = new Ec2.Route($"PrivateSubnet{i}BRoute", new Ec2.RouteArgs {
RouteTableId = protectedSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
NatGatewayId = natGateway.Id,
});
var protectedSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}BRouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = protectedSubnet.Id,
RouteTableId = protectedSubnetRouteTable.Id,
});
var protectedSubnetNetworkAcl = new Ec2.NetworkAcl($"PrivateSubnet{i}BNetworkAcl", new Ec2.NetworkAclArgs {
VpcId = vpc.Id,
SubnetIds = { protectedSubnet.Id },
Tags = new Dictionary <string, object> {
{ "Name", $"NACL protected subnet {i}" },
{ "Network", "NACL Protected" },
},
});
var protectedSubnetNetworkAclEntryInbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryInbound", new Ec2.NetworkAclRuleArgs {
NetworkAclId = protectedSubnetNetworkAcl.Id,
CidrBlock = "0.0.0.0/0",
Egress = false,
Protocol = "-1",
RuleAction = "allow",
RuleNumber = 100,
});
var protectedSubnetNetworkAclEntryOutbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryOutbound", new Ec2.NetworkAclRuleArgs {
NetworkAclId = protectedSubnetNetworkAcl.Id,
CidrBlock = "0.0.0.0/0",
Egress = true,
Protocol = "-1",
RuleAction = "allow",
RuleNumber = 100,
});
// Remember the route table ID for the VPC endpoint later.
privateSubnetRouteTableIds.Add(protectedSubnetRouteTable.Id);
}
}
}
// If we created private subnets, allocate an S3 VPC Endpoint to simplify access to S3.
Output <string>?s3VpcEndpointId = null;
if (Config.CreatePrivateSubnets)
{
s3VpcEndpointId = new Ec2.VpcEndpoint("S3VPCEndpoint", new Ec2.VpcEndpointArgs {
VpcId = vpc.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Action"": ""*"",
""Effect"": ""Allow"",
""Resource"": ""*"",
""Principal"": ""*""
}]
}
",
RouteTableIds = privateSubnetRouteTableIds.ToImmutable(),
ServiceName = $"com.amazonaws.{region}.s3",
}).Id;
}
// Export all of the resulting properties that upstream stacks may want to consume.
return new Dictionary <string, object?>
{
{ "vpcId", vpc.Id },
{ "vpcCidr", vpc.CidrBlock },
{ "natEips", natEips.ToImmutableArray() },
{ "publicSubnetIds", publicSubnetIds.ToImmutableArray() },
{ "publicSubnetCidrs", publicSubnetCidrs },
{ "publicSubnetRouteTableId", publicSubnetRouteTable.Id },
{ "privateSubnetIds", privateSubnetIds.ToImmutableArray() },
{ "privateSubnetCidrs", privateSubnetCidrs },
{ "protectedSubnetIds", protectedSubnetIds.ToImmutableArray() },
{ "protectedSubnetCidrs", protectedSubnetCidrs },
{ "privateSubnetRouteTableIds", privateSubnetRouteTableIds.ToImmutableArray() },
{ "s3VpcEndpointId", s3VpcEndpointId },
};
}));
}