giuseppe-trisciuoglio/developer-kit
Comprehensive developer toolkit providing reusable skills for Java/Spring Boot, TypeScript/NestJS/React/Next.js, Python, PHP, AWS CloudFormation, AI/RAG, DevOps, and more.
89
Quality
89%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Risky
Do not use without reviewing
examples.mdplugins/developer-kit-aws/skills/aws-cloudformation/aws-cloudformation-vpc/references/
AWS CloudFormation VPC - Examples
This file contains comprehensive examples for VPC infrastructure patterns with CloudFormation.
Example 1: Multi-AZ VPC with Public/Private Subnets
Complete production-ready VPC with multiple availability zones.
AWSTemplateFormatVersion: 2010-09-09
Description: Production VPC with public and private subnets across 3 AZs
Parameters:
EnvironmentName:
Type: String
Default: production
Description: Environment name for resource tagging
AllowedValues:
- development
- staging
- production
VpcCidr:
Type: String
Default: 10.0.0.0/16
Description: CIDR block for the VPC
AllowedPattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$
NumberOfAZs:
Type: Number
Default: 2
Description: Number of Availability Zones to use
MinValue: 1
MaxValue: 3
CreateNatGateways:
Type: String
Default: true
Description: Whether to create NAT Gateways
AllowedValues:
- true
- false
Conditions:
UseThreeAZs: !Equals [!Ref NumberOfAZs, 3]
ShouldCreateNat: !Equals [!Ref CreateNatGateways, true]
Resources:
# VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-vpc
- Key: Environment
Value: !Ref EnvironmentName
# Internet Gateway
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-igw
- Key: Environment
Value: !Ref EnvironmentName
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
# NAT Gateway EIPs
NatGatewayEIP1:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachment
Condition: ShouldCreateNat
Properties:
Domain: vpc
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-nat-eip-1
NatGatewayEIP2:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachment
Condition: ShouldCreateNat
Properties:
Domain: vpc
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-nat-eip-2
# Public Subnet 1
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-public-1
- Key: SubnetType
Value: Public
# Public Subnet 2
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: !Select [1, !GetAZs '']
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-public-2
- Key: SubnetType
Value: Public
# Public Subnet 3 (conditional)
PublicSubnet3:
Type: AWS::EC2::Subnet
Condition: UseThreeAZs
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.3.0/24
AvailabilityZone: !Select [2, !GetAZs '']
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-public-3
- Key: SubnetType
Value: Public
# Private Subnet 1
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.10.0/24
AvailabilityZone: !Select [0, !GetAZs '']
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-private-1
- Key: SubnetType
Value: Private
# Private Subnet 2
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.11.0/24
AvailabilityZone: !Select [1, !GetAZs '']
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-private-2
- Key: SubnetType
Value: Private
# Private Subnet 3 (conditional)
PrivateSubnet3:
Type: AWS::EC2::Subnet
Condition: UseThreeAZs
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.12.0/24
AvailabilityZone: !Select [2, !GetAZs '']
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-private-3
- Key: SubnetType
Value: Private
# NAT Gateway 1
NatGateway1:
Type: AWS::EC2::NatGateway
Condition: ShouldCreateNat
Properties:
AllocationId: !GetAtt NatGatewayEIP1.AllocationId
SubnetId: !Ref PublicSubnet1
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-nat-1
# NAT Gateway 2
NatGateway2:
Type: AWS::EC2::NatGateway
Condition: ShouldCreateNat
Properties:
AllocationId: !GetAtt NatGatewayEIP2.AllocationId
SubnetId: !Ref PublicSubnet2
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-nat-2
# Public Route Table
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-public-rt
DefaultPublicRoute:
Type: AWS::EC2::Route
DependsOn: InternetGatewayAttachment
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
PublicSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable
PublicSubnetRouteTableAssociation3:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: UseThreeAZs
Properties:
SubnetId: !Ref PublicSubnet3
RouteTableId: !Ref PublicRouteTable
# Private Route Table 1
PrivateRouteTable1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-private-rt-1
DefaultPrivateRoute1:
Type: AWS::EC2::Route
Condition: ShouldCreateNat
Properties:
RouteTableId: !Ref PrivateRouteTable1
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway1
PrivateSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1
RouteTableId: !Ref PrivateRouteTable1
# Private Route Table 2
PrivateRouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-private-rt-2
DefaultPrivateRoute2:
Type: AWS::EC2::Route
Condition: ShouldCreateNat
Properties:
RouteTableId: !Ref PrivateRouteTable2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway2
PrivateSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet2
RouteTableId: !Ref PrivateRouteTable2
# Private Route Table 3 (conditional)
PrivateRouteTable3:
Type: AWS::EC2::RouteTable
Condition: UseThreeAZs
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-private-rt-3
DefaultPrivateRoute3:
Type: AWS::EC2::Route
Condition: ShouldCreateNat
Properties:
RouteTableId: !Ref PrivateRouteTable3
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway2
PrivateSubnetRouteTableAssociation3:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: UseThreeAZs
Properties:
SubnetId: !Ref PrivateSubnet3
RouteTableId: !Ref PrivateRouteTable3
Outputs:
VpcId:
Description: VPC ID
Value: !Ref VPC
Export:
Name: !Sub ${EnvironmentName}-VpcId
InternetGatewayId:
Description: Internet Gateway ID
Value: !Ref InternetGateway
Export:
Name: !Sub ${EnvironmentName}-InternetGatewayId
PublicSubnetIds:
Description: Comma-separated public subnet IDs
Value: !Join
- ","
- - !Ref PublicSubnet1
- !Ref PublicSubnet2
- !If [UseThreeAZs, !Ref PublicSubnet3, !Ref "AWS::NoValue"]
Export:
Name: !Sub ${EnvironmentName}-PublicSubnetIds
PrivateSubnetIds:
Description: Comma-separated private subnet IDs
Value: !Join
- ","
- - !Ref PrivateSubnet1
- !Ref PrivateSubnet2
- !If [UseThreeAZs, !Ref PrivateSubnet3, !Ref "AWS::NoValue"]
Export:
Name: !Sub ${EnvironmentName}-PrivateSubnetIds
AvailabilityZones:
Description: Comma-separated availability zones
Value: !Join
- ","
- - !Select [0, !GetAZs '']
- !Select [1, !GetAZs '']
- !If [UseThreeAZs, !Select [2, !GetAZs ''], !Ref "AWS::NoValue"]Example 2: VPC Peering Configuration
Create VPC peering between two VPCs.
AWSTemplateFormatVersion: 2010-09-09
Description: VPC peering configuration
Parameters:
PeerVpcId:
Type: AWS::EC2::VPC::Id
Description: VPC to peer with
LocalVpcId:
Type: AWS::EC2::VPC::Id
Description: Local VPC ID
Resources:
VPCPeeringConnection:
Type: AWS::EC2::VPCPeeringConnection
Properties:
PeerVpcId: !Ref PeerVpcId
VpcId: !Ref LocalVpcId
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-peering
# Update route tables in local VPC
LocalRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref LocalVpcId
PeerRoute:
Type: AWS::EC2::Route
DependsOn: VPCPeeringConnection
Properties:
RouteTableId: !Ref LocalRouteTable
DestinationCidrBlock: 10.1.0.0/16
VpcPeeringConnectionId: !Ref VPCPeeringConnection
Outputs:
PeeringConnectionId:
Description: VPC Peering Connection ID
Value: !Ref VPCPeeringConnectionExample 3: VPC with VPC Endpoints
Private connectivity to AWS services without internet traversal.
AWSTemplateFormatVersion: 2010-09-09
Description: VPC with Gateway and Interface endpoints
Parameters:
VpcId:
Type: AWS::EC2::VPC::Id
Description: VPC ID
PrivateSubnetIds:
Type: List<AWS::EC2::Subnet::Id>
Description: Private subnet IDs for interface endpoints
Resources:
# Gateway Endpoints (no charge)
S3GatewayEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
RouteTableIds:
- !Ref PrivateRouteTable
DynamoDbGatewayEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.dynamodb
RouteTableIds:
- !Ref PrivateRouteTable
# Interface Endpoints (charge per hour + data)
SecretsManagerEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.secretsmanager
SubnetIds: !Ref PrivateSubnetIds
PrivateDnsEnabled: true
SsmEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.ssm
SubnetIds: !Ref PrivateSubnetIds
PrivateDnsEnabled: true
EcrApiEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.ecr.api
SubnetIds: !Ref PrivateSubnetIds
PrivateDnsEnabled: true
EcrDkrEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.ecr.dkr
SubnetIds: !Ref PrivateSubnetIds
PrivateDnsEnabled: true
CloudWatchLogsEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
VpcId: !Ref VpcId
ServiceName: !Sub com.amazonaws.${AWS::Region}.logs
SubnetIds: !Ref PrivateSubnetIds
PrivateDnsEnabled: true
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcIdExample 4: VPC with Network ACLs
Enhanced security with both Security Groups and NACLs.
AWSTemplateFormatVersion: 2010-09-09
Description: VPC with Network ACLs for additional security
Parameters:
VpcCidr:
Type: String
Default: 10.0.0.0/16
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsHostnames: true
EnableDnsSupport: true
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [0, !GetAZs '']
MapPublicIpOnLaunch: true
PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.10.0/24
AvailabilityZone: !Select [0, !GetAZs '']
# Public NACL - Allow HTTP/HTTPS from anywhere
PublicNetworkAcl:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-public-nacl
PublicInboundNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref PublicNetworkAcl
RuleNumber: 100
Protocol: 6
RuleAction: allow
CidrBlock: 0.0.0.0/0
PortRange:
From: 80
To: 443
PublicInboundNaclEntry2:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref PublicNetworkAcl
RuleNumber: 110
Protocol: 6
RuleAction: allow
CidrBlock: 0.0.0.0/0
PortRange:
From: 1024
To: 65535
PublicOutboundNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref PublicNetworkAcl
RuleNumber: 100
Protocol: 6
RuleAction: allow
Egress: true
CidrBlock: 0.0.0.0/0
PortRange:
From: 1024
To: 65535
PublicSubnetNetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId: !Ref PublicSubnet
NetworkAclId: !Ref PublicNetworkAcl
# Private NACL - Allow only from VPC
PrivateNetworkAcl:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-private-nacl
PrivateInboundNetworkAclEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
NetworkAclId: !Ref PrivateNetworkAcl
RuleNumber: 100
Protocol: 6
RuleAction: allow
CidrBlock: !Ref VpcCidr
PortRange:
From: 5432
To: 5432
PrivateSubnetNetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId: !Ref PrivateSubnet
NetworkAclId: !Ref PrivateNetworkAclExample 5: Modular VPC with Nested Stacks
Use nested stacks for reusable VPC modules.
# vpc-master.yaml - Master stack
AWSTemplateFormatVersion: 2010-09-09
Description: Master VPC stack with nested stacks
Parameters:
EnvironmentName:
Type: String
Default: production
Resources:
# VPC core resources
VPCStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: ./vpc-core.yaml
Parameters:
EnvironmentName: !Ref EnvironmentName
# Public subnets
PublicSubnetsStack:
Type: AWS::CloudFormation::Stack
DependsOn: VPCStack
Properties:
TemplateURL: ./vpc-public-subnets.yaml
Parameters:
EnvironmentName: !Ref EnvironmentName
VpcId: !GetAtt VPCStack.Outputs.VpcId
# Private subnets
PrivateSubnetsStack:
Type: AWS::CloudFormation::Stack
DependsOn: VPCStack
Properties:
TemplateURL: ./vpc-private-subnets.yaml
Parameters:
EnvironmentName: !Ref EnvironmentName
VpcId: !GetAtt VPCStack.Outputs.VpcId
Outputs:
VpcId:
Value: !GetAtt VPCStack.Outputs.VpcId
PublicSubnetIds:
Value: !GetAtt PublicSubnetsStack.Outputs.SubnetIds
PrivateSubnetIds:
Value: !GetAtt PrivateSubnetsStack.Outputs.SubnetIds# vpc-core.yaml - Core VPC with IGW
AWSTemplateFormatVersion: 2010-09-09
Description: Core VPC resources
Parameters:
EnvironmentName:
Type: String
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-vpc
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-igw
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
Outputs:
VpcId:
Value: !Ref VPC
Export:
Name: !Sub ${EnvironmentName}-VpcId
InternetGatewayId:
Value: !Ref InternetGatewayExample 6: VPC with VPN Connection
Site-to-site VPN connection for hybrid connectivity.
AWSTemplateFormatVersion: 2010-09-09
Description: VPC with Site-to-Site VPN connection
Parameters:
VpcId:
Type: AWS::EC2::VPC::Id
Description: VPC ID
CustomerGatewayIp:
Type: String
Description: Public IP address of customer gateway
AllowedPattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}$
CustomerGatewayAsn:
Type: Number
Default: 65001
Description: Customer gateway ASN
Resources:
CustomerGateway:
Type: AWS::EC2::CustomerGateway
Properties:
BgpAsn: !Ref CustomerGatewayAsn
IpAddress: !Ref CustomerGatewayIp
Type: ipsec.1
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-cgw
VPNGateway:
Type: AWS::EC2::VPNGateway
Properties:
Type: ipsec.1
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-vpn-gw
VPNGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VpcId
VpnGatewayId: !Ref VPNGateway
VPNConnection:
Type: AWS::EC2::VPNConnection
DependsOn: VPNGatewayAttachment
Properties:
Type: ipsec.1
CustomerGatewayId: !Ref CustomerGateway
VpnGatewayId: !Ref VPNGateway
StaticRoutesOnly: true
Tags:
- Key: Name
Value: !Sub ${AWS::StackName}-vpn
VPNConnectionRoute:
Type: AWS::EC2::VPNConnectionRoute
DependsOn: VPNConnection
Properties:
DestinationCidrBlock: 192.168.0.0/16
VpnConnectionId: !Ref VPNConnection
Outputs:
VPNConnectionId:
Value: !Ref VPNConnection
Description: VPN Connection ID
CustomerGatewayIP:
Value: !Ref CustomerGatewayIp
Description: Customer gateway public IPExample 7: VPC Flow Logs
Monitor network traffic with Flow Logs.
AWSTemplateFormatVersion: 2010-09-09
Description: VPC with Flow Logs for traffic monitoring
Parameters:
VpcId:
Type: AWS::EC2::VPC::Id
Description: VPC ID
LogDestinationType:
Type: String
Default: cloud-watch-logs
AllowedValues:
- cloud-watch-logs
- s3
- kinesis-data-firehose
Resources:
# Flow Log IAM Role
FlowLogsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: vpc-flow-logs.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: FlowLogsPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogGroups
- logs:DescribeLogStreams
Resource: !GetAtt FlowLogGroup.Arn
# CloudWatch Logs Group
FlowLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub /aws/vpc/${AWS::StackName}-flow-logs
RetentionInDays: 30
# Flow Log
FlowLog:
Type: AWS::EC2::FlowLog
Properties:
ResourceId: !Ref VpcId
ResourceType: VPC
TrafficType: ALL
LogDestinationType: !Ref LogDestinationType
LogGroupName: !Ref FlowLogGroup
DeliverLogsPermissionArn: !GetAtt FlowLogsRole.Arn
Outputs:
FlowLogId:
Value: !Ref FlowLog
Description: Flow Log ID
LogGroupName:
Value: !Ref FlowLogGroup
Description: CloudWatch Logs group nameExample 8: Complete Network Stack with All Components
Full-featured network stack with VPC, subnets, gateways, security groups, and endpoints.
AWSTemplateFormatVersion: 2010-09-09
Description: Complete network stack with all components
Parameters:
EnvironmentName:
Type: String
Default: production
Resources:
# VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-vpc
- Key: Environment
Value: !Ref EnvironmentName
# Internet Gateway
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-igw
InternetGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
# Security Group for Public ALB
PublicAlbSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for public ALB
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-alb-sg
# Security Group for Private Instances
PrivateInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for private instances
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref PublicAlbSecurityGroup
- IpProtocol: tcp
FromPort: 443
ToPort: 443
SourceSecurityGroupId: !Ref PublicAlbSecurityGroup
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-instance-sg
# Security Group for Database
DatabaseSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for database
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
SourceSecurityGroupId: !Ref PrivateInstanceSecurityGroup
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-db-sg
Outputs:
VpcId:
Value: !Ref VPC
Export:
Name: !Sub ${EnvironmentName}-VpcId
PublicAlbSecurityGroupId:
Value: !Ref PublicAlbSecurityGroup
Export:
Name: !Sub ${EnvironmentName}-PublicAlbSecurityGroupId
PrivateInstanceSecurityGroupId:
Value: !Ref PrivateInstanceSecurityGroup
Export:
Name: !Sub ${EnvironmentName}-PrivateInstanceSecurityGroupId
DatabaseSecurityGroupId:
Value: !Ref DatabaseSecurityGroup
Export:
Name: !Sub ${EnvironmentName}-DatabaseSecurityGroupIddocs
plugins
developer-kit-ai
developer-kit-aws
agents
docs
skills
aws
aws-cli-beast
aws-cost-optimization
aws-drawio-architecture-diagrams
aws-sam-bootstrap
aws-cloudformation
aws-cloudformation-auto-scaling
aws-cloudformation-bedrock
aws-cloudformation-cloudfront
aws-cloudformation-cloudwatch
aws-cloudformation-dynamodb
aws-cloudformation-ec2
aws-cloudformation-ecs
aws-cloudformation-elasticache
references
aws-cloudformation-iam
references
aws-cloudformation-lambda
aws-cloudformation-rds
aws-cloudformation-s3
aws-cloudformation-security
aws-cloudformation-task-ecs-deploy-gh
aws-cloudformation-vpc
references
developer-kit-core
agents
commands
skills
developer-kit-devops
developer-kit-java
agents
commands
devkit.java.architect-review.mddevkit.java.code-review.mddevkit.java.dependency-audit.mddevkit.java.generate-crud.mddevkit.java.generate-docs.mddevkit.java.generate-refactoring-tasks.mddevkit.java.refactor-class.mddevkit.java.security-review.mddevkit.java.upgrade-dependencies.mddevkit.java.write-integration-tests.mddevkit.java.write-unit-tests.md
docs
skills
aws-lambda-java-integration
aws-rds-spring-boot-integration
aws-sdk-java-v2-bedrock
aws-sdk-java-v2-core
aws-sdk-java-v2-dynamodb
aws-sdk-java-v2-kms
aws-sdk-java-v2-lambda
aws-sdk-java-v2-messaging
aws-sdk-java-v2-rds
aws-sdk-java-v2-s3
aws-sdk-java-v2-secrets-manager
clean-architecture
graalvm-native-image
langchain4j-ai-services-patterns
references
langchain4j-mcp-server-patterns
references
langchain4j-rag-implementation-patterns
references
langchain4j-spring-boot-integration
langchain4j-testing-strategies
langchain4j-tool-function-calling-patterns
langchain4j-vector-stores-configuration
references
qdrant
references
spring-ai-mcp-server-patterns
spring-boot-actuator
spring-boot-cache
spring-boot-crud-patterns
spring-boot-dependency-injection
spring-boot-event-driven-patterns
spring-boot-openapi-documentation
spring-boot-project-creator
spring-boot-resilience4j
spring-boot-rest-api-standards
spring-boot-saga-pattern
spring-boot-security-jwt
assets
references
authorization-patterns.mdconfiguration.mdexamples.mdjwt-complete-configuration.mdjwt-configuration.mdjwt-quick-reference.mdjwt-testing-guide.mdmicroservices-security.mdmigration-spring-security-6x.mdoauth2-integration.mdperformance-optimization.mdsecurity-hardening.mdstructure.mdtesting-jwt-security.mdtesting.mdtoken-management.mdtroubleshooting.md
scripts
spring-boot-test-patterns
spring-data-jpa
references
spring-data-neo4j
references
unit-test-application-events
unit-test-bean-validation
unit-test-boundary-conditions
unit-test-caching
unit-test-config-properties
references
unit-test-controller-layer
unit-test-exception-handler
references
unit-test-json-serialization
unit-test-mapper-converter
references
unit-test-parameterized
unit-test-scheduled-async
references
unit-test-service-layer
references
unit-test-utility-methods
unit-test-wiremock-rest-api
references
developer-kit-php
developer-kit-project-management
developer-kit-python
developer-kit-specs
commands
docs
hooks
test-templates
tests
skills
developer-kit-tools
developer-kit-typescript
agents
expo-react-native-development-expert.mdnestjs-backend-development-expert.mdnestjs-code-review-expert.mdnestjs-database-expert.mdnestjs-security-expert.mdnestjs-testing-expert.mdnestjs-unit-testing-expert.mdreact-frontend-development-expert.mdreact-software-architect-review.mdtypescript-documentation-expert.mdtypescript-refactor-expert.mdtypescript-security-expert.mdtypescript-software-architect-review.md
docs
hooks
rules
drizzle-orm-conventions.mderror-handling.mdi18n-conventions.mdlambda-conventions.mdlanguage-best-practices.mdnaming-conventions.mdnestjs-api-design.mdnestjs-architecture.mdnestjs-security.mdnestjs-testing.mdnx-monorepo-conventions.mdproject-structure.mdreact-component-conventions.mdreact-data-fetching.mdreact-routing-conventions.mdserver-feature-conventions.mdshared-dto-conventions.mdtailwind-styling-conventions.mdzod-validation-patterns.md
skills
aws-cdk
aws-lambda-typescript-integration
better-auth
clean-architecture
drizzle-orm-patterns
dynamodb-toolbox-patterns
references
nestjs
nestjs-best-practices
nestjs-code-review
nestjs-drizzle-crud-generator
nextjs-app-router
nextjs-authentication
nextjs-code-review
nextjs-data-fetching
nextjs-deployment
nextjs-performance
nx-monorepo
react-code-review
react-patterns
shadcn-ui
tailwind-css-patterns
tailwind-design-system
references
turborepo-monorepo
typescript-docs
typescript-security-review
zod-validation-utilities
references
github-spec-kit